diff --git a/code.c b/code.c
new file mode 100644
index 0000000..af8172c
--- /dev/null
+++ b/code.c
@@ -0,0 +1,6907 @@
+/* This file has been generated by the Hex-Rays decompiler.
+   Copyright (c) 2007-2017 Hex-Rays <info@hex-rays.com>
+
+   Detected compiler: Visual C++
+*/
+
+/*
+一些结构:
+struct __unaligned battleye_stack_report
+{
+  __int8  unknown;
+  __int8  report_id;
+  __int8  val0;
+  __int64 caller;
+  __int64 function_dump[4];
+  __int64 allocation_base;
+  __int64 base_address;
+  __int32 region_size;
+  __int32 type_protect_state;
+};
+
+ReportDetection结构:
+sevenzip_report.unknown_1 = 0;
+sevenzip_report.report_id = 0x46;
+sevenzip_report.unknown_2 = 0;
+sevenzip_report.data1 = *(__int64*)(module_handle + 0x1000;
+sevenzip_report.data2 = *(__int64*)(module_handle + 0x1008;
+battleye::report(&sevenzip_report, sizeof(sevenzip_report), false);
+
+反馈信息:
+enum BATTLEYE_REPORT_ID
+{
+    MEMORY_GUARD            = 0x21,
+    MEMORY_SUSPICIOUS       = 0x2F,
+    WINDOW_TITLE            = 0x33,
+    MEMORY                  = 0x35,
+    PROCESS_ANOMALY         = 0x38,
+    DRIVER_BEEP_PRESENCE    = 0x3E,
+    DRIVER_NULL_PRESENCE    = 0x3F,
+    MISCELLANEOUS_ANOMALY   = 0x3B,
+    PROCESS_SUSPICIOUS      = 0x40,
+    LSASS_MEMORY            = 0x42,
+    SLEEP_ANOMALY           = 0x45,
+    MEMORY_MODULE_SPECIFIC  = 0x46,
+    GENERIC_ANOMALY         = 0x48,
+    MEMORY_MODULE_SPECIFIC2 = 0x5B,
+} 
+*/
+#include <defs.h>
+
+
+//-------------------------------------------------------------------------
+// Function declarations
+
+__int64 __fastcall sub_42119(__int64 a1, __int64 a2, __int64 a3, __int64 a4);
+// unsigned __int64 __usercall sub_4D46D@<rax>(unsigned __int64 result@<rax>);
+
+//-------------------------------------------------------------------------
+// Data declarations
+
+_UNKNOWN unk_44DDF; // weak
+__int64 qword_5D720[2] = { 0i64, 0i64 }; // weak
+_UNKNOWN unk_80000; // weak
+__int64 qword_100010[4] = { 4294967296i64, 4294967296i64, 4294967296i64, 0i64 }; // weak
+
+
+//----- (0000000000042119) ----------------------------------------------------
+__int64 __fastcall sub_42119(__int64 a1, __int64 a2, __int64 a3, __int64 a4)
+{
+  void *v4; // rsp
+  __int64 hAdvApi32; // rax
+  __int64 hAdvApi32_1; // rax
+  __int64 hKernel32_1; // rax
+  __int64 hMSVCRT; // rax
+  __int64 hMSVCRT_1; // rax
+  unsigned int hCurrentProcess; // eax
+  __int64 hUser32; // rax
+  __int64 hMSVCRT_2; // rax
+  __int64 hMSVCRT_3; // rax
+  __int64 hMSVCRT_4; // rax
+  __int64 hUser32_1; // rax
+  __int64 hUser32_2; // rax
+  __int64 hUser32_3; // rax
+  __int64 hUser32_4; // rax
+  unsigned int currentProcessId; // eax
+  __int64 hUser32_5; // rax
+  __int64 hUser32_6; // rax
+  __int64 hUser32_7; // rax
+  __int64 hUser32_8; // rax
+  __int64 hKernel32_2; // rax
+  __int64 hMSVCRT_5; // rax
+  __int64 TargetProcessHandle; // rax
+  unsigned int SourceHandle; // ecx
+  __int64 hCurrentProcess_2; // rax
+  __int64 hCurrentProcess_1; // rax
+  int v30; // eax
+  unsigned __int64 v31; // rdx
+  __int64 result; // rax
+  __int64 (__fastcall *v33)(__int64 *, signed __int64, _QWORD); // [rsp-29340h] [rbp-29350h]
+  __int64 v34; // [rsp-28878h] [rbp-28888h]
+  int v35; // [rsp-21874h] [rbp-21884h]
+  __int64 v36; // [rsp-14890h] [rbp-148A0h]
+  char str_kernel32; // [rsp-14390h] [rbp-143A0h]
+  char v38; // [rsp-1438Fh] [rbp-1439Fh]
+  char v39; // [rsp-1438Eh] [rbp-1439Eh]
+  char v40; // [rsp-1438Dh] [rbp-1439Dh]
+  char v41; // [rsp-13E1Fh] [rbp-13E2Fh]
+  signed __int16 v42; // [rsp-13E1Eh] [rbp-13E2Eh]
+  signed int dwDesiredAccess; // [rsp-D8D8h] [rbp-D8E8h]
+  signed int size; // [rsp-D8D0h] [rbp-D8E0h]
+  int dwOptions; // [rsp-D8C8h] [rbp-D8D8h]
+  signed int v46; // [rsp-D8B8h] [rbp-D8C8h]
+  int style; // [rsp-D8B4h] [rbp-D8C4h]
+  unsigned int length; // [rsp-D8B0h] [rbp-D8C0h]
+  unsigned __int8 processInformation; // [rsp-D8ACh] [rbp-D8BCh]
+  char v50; // [rsp-D8ABh] [rbp-D8BBh]
+  unsigned int jj; // [rsp-D8A8h] [rbp-D8B8h]
+  unsigned int v52; // [rsp-D8A4h] [rbp-D8B4h]
+  unsigned int n; // [rsp-D8A0h] [rbp-D8B0h]
+  __int64 pAllocatedBuffer; // [rsp-D898h] [rbp-D8A8h]
+  __int64 hModule; // [rsp-D890h] [rbp-D8A0h]
+  char v56; // [rsp-D888h] [rbp-D898h]
+  bool v57; // [rsp-D887h] [rbp-D897h]
+  __int64 hKernel32; // [rsp-D880h] [rbp-D890h]
+  int k; // [rsp-D878h] [rbp-D888h]
+  int m; // [rsp-D874h] [rbp-D884h]
+  int status_1; // [rsp-D870h] [rbp-D880h]
+  bool v62; // [rsp-D86Ch] [rbp-D87Ch]
+  char v63; // [rsp-D86Bh] [rbp-D87Bh]
+  bool hProcess_2; // [rsp-D86Ah] [rbp-D87Ah]
+  bool result_2; // [rsp-D869h] [rbp-D879h]
+  char v66; // [rsp-D868h] [rbp-D878h]
+  unsigned int l; // [rsp-D864h] [rbp-D874h]
+  int j; // [rsp-D860h] [rbp-D870h]
+  void (__fastcall *CloseHandle)(__int64); // [rsp-D858h] [rbp-D868h]
+  unsigned int *SystemHandleInformation; // [rsp-D850h] [rbp-D860h]
+  unsigned int windowTextW; // [rsp-D848h] [rbp-D858h]
+  unsigned int kk; // [rsp-D844h] [rbp-D854h]
+  unsigned __int64 BaseAddress; // [rsp-D840h] [rbp-D850h]
+  bool v74; // [rsp-D838h] [rbp-D848h]
+  char v75; // [rsp-D837h] [rbp-D847h]
+  signed int (__fastcall *NtReadVirtualMemory)(signed __int64, unsigned __int64, __int64 *, signed __int64, _QWORD); // [rsp-D830h] [rbp-D840h]
+  unsigned int i9; // [rsp-D828h] [rbp-D838h]
+  char *NtGetContextThread; // [rsp-D820h] [rbp-D830h]
+  unsigned int v79; // [rsp-D818h] [rbp-D828h]
+  signed int status; // [rsp-D814h] [rbp-D824h]
+  int i4; // [rsp-D810h] [rbp-D820h]
+  int i3; // [rsp-D80Ch] [rbp-D81Ch]
+  unsigned __int64 MemoryInformation; // [rsp-D808h] [rbp-D818h]
+  __int64 v84; // [rsp-D800h] [rbp-D810h]
+  unsigned __int64 v85; // [rsp-D7F0h] [rbp-D800h]
+  int v86; // [rsp-D7E8h] [rbp-D7F8h]
+  int v87; // [rsp-D7E4h] [rbp-D7F4h]
+  int v88; // [rsp-D7E0h] [rbp-D7F0h]
+  int windowStyle; // [rsp-D7D8h] [rbp-D7E8h]
+  signed int v90; // [rsp-D7D4h] [rbp-D7E4h]
+  __int64 (__fastcall *OpenProcess)(signed __int64, _QWORD, _QWORD); // [rsp-D7D0h] [rbp-D7E0h]
+  __int64 hProcess_5; // [rsp-D7C8h] [rbp-D7D8h]
+  unsigned __int64 i; // [rsp-D7C0h] [rbp-D7D0h]
+  int nn; // [rsp-D7B8h] [rbp-D7C8h]
+  int i7; // [rsp-D7B4h] [rbp-D7C4h]
+  signed int i6; // [rsp-D7B0h] [rbp-D7C0h]
+  char str_user32dll; // [rsp-D7A8h] [rbp-D7B8h]
+  char str_user32dll_2; // [rsp-D7A7h] [rbp-D7B7h]
+  char v99; // [rsp-D7A6h] [rbp-D7B6h]
+  char v100; // [rsp-D7A5h] [rbp-D7B5h]
+  char v101; // [rsp-D7A4h] [rbp-D7B4h]
+  char v102; // [rsp-D7A3h] [rbp-D7B3h]
+  char v103; // [rsp-D7A2h] [rbp-D7B2h]
+  char v104; // [rsp-D7A1h] [rbp-D7B1h]
+  char v105; // [rsp-D7A0h] [rbp-D7B0h]
+  char v106; // [rsp-D79Fh] [rbp-D7AFh]
+  char v107; // [rsp-D79Eh] [rbp-D7AEh]
+  signed int v108; // [rsp-D794h] [rbp-D7A4h]
+  signed int ii; // [rsp-D790h] [rbp-D7A0h]
+  signed int i10; // [rsp-D78Ch] [rbp-D79Ch]
+  unsigned int i2; // [rsp-D788h] [rbp-D798h]
+  char str_msvcrt; // [rsp-D780h] [rbp-D790h]
+  char str_msvcrt_1; // [rsp-D77Fh] [rbp-D78Fh]
+  char v114; // [rsp-D77Eh] [rbp-D78Eh]
+  char v115; // [rsp-D77Dh] [rbp-D78Dh]
+  char v116; // [rsp-D77Ch] [rbp-D78Ch]
+  char v117; // [rsp-D77Bh] [rbp-D78Bh]
+  char v118; // [rsp-D77Ah] [rbp-D78Ah]
+  char v119; // [rsp-D779h] [rbp-D789h]
+  char v120; // [rsp-D778h] [rbp-D788h]
+  char v121; // [rsp-D777h] [rbp-D787h]
+  char v122; // [rsp-D776h] [rbp-D786h]
+  char v123; // [rsp-D770h] [rbp-D780h]
+  char v124; // [rsp-D76Fh] [rbp-D77Fh]
+  char v125; // [rsp-D76Ch] [rbp-D77Ch]
+  char v126; // [rsp-D76Bh] [rbp-D77Bh]
+  char v127; // [rsp-D768h] [rbp-D778h]
+  char v128; // [rsp-D767h] [rbp-D777h]
+  unsigned int informationLength; // [rsp-D760h] [rbp-D770h]
+  unsigned int size_1; // [rsp-D75Ch] [rbp-D76Ch]
+  int i1; // [rsp-D758h] [rbp-D768h]
+  unsigned int v132; // [rsp-D754h] [rbp-D764h]
+  __int64 hWindow; // [rsp-D750h] [rbp-D760h]
+  __int64 (*GetCurrentProcessId)(void); // [rsp-D748h] [rbp-D758h]
+  unsigned __int64 Address; // [rsp-D740h] [rbp-D750h]
+  __int64 hProcess_6; // [rsp-D738h] [rbp-D748h]
+  unsigned int *buffer_2; // [rsp-D730h] [rbp-D740h]
+  char v138; // [rsp-D728h] [rbp-D738h]
+  char v139; // [rsp-D727h] [rbp-D737h]
+  char v140; // [rsp-D726h] [rbp-D736h]
+  __int64 hProcess_7; // [rsp-D718h] [rbp-D728h]
+  __int64 (__fastcall *WideCharToMultiByte)(signed __int64, _QWORD, __int64 *, _QWORD, __int64, _QWORD, _QWORD, _QWORD); // [rsp-D710h] [rbp-D720h]
+  unsigned int v143; // [rsp-D708h] [rbp-D718h]
+  signed int v144; // [rsp-D704h] [rbp-D714h]
+  __int64 str_kernel32dll; // [rsp-D700h] [rbp-D710h]
+  char v146; // [rsp-D6F9h] [rbp-D709h]
+  char v147; // [rsp-D6F8h] [rbp-D708h]
+  char v148; // [rsp-D6F7h] [rbp-D707h]
+  char v149; // [rsp-D6F6h] [rbp-D706h]
+  char v150; // [rsp-D6F5h] [rbp-D705h]
+  char v151; // [rsp-D6F4h] [rbp-D704h]
+  char str_free; // [rsp-D6F0h] [rbp-D700h]
+  char v153; // [rsp-D6EFh] [rbp-D6FFh]
+  char v154; // [rsp-D6EEh] [rbp-D6FEh]
+  char v155; // [rsp-D6EDh] [rbp-D6FDh]
+  char v156; // [rsp-D6ECh] [rbp-D6FCh]
+  char str_sleep; // [rsp-D6E8h] [rbp-D6F8h]
+  char v158; // [rsp-D6E7h] [rbp-D6F7h]
+  char v159; // [rsp-D6E6h] [rbp-D6F6h]
+  char v160; // [rsp-D6E5h] [rbp-D6F5h]
+  char v161; // [rsp-D6E4h] [rbp-D6F4h]
+  char v162; // [rsp-D6E3h] [rbp-D6F3h]
+  char str_advapidll; // [rsp-D6E0h] [rbp-D6F0h]
+  char v164; // [rsp-D6DFh] [rbp-D6EFh]
+  char v165; // [rsp-D6DEh] [rbp-D6EEh]
+  char v166; // [rsp-D6DDh] [rbp-D6EDh]
+  char v167; // [rsp-D6DCh] [rbp-D6ECh]
+  char v168; // [rsp-D6DBh] [rbp-D6EBh]
+  char v169; // [rsp-D6DAh] [rbp-D6EAh]
+  char v170; // [rsp-D6D9h] [rbp-D6E9h]
+  char v171; // [rsp-D6D8h] [rbp-D6E8h]
+  char v172; // [rsp-D6D7h] [rbp-D6E7h]
+  char v173; // [rsp-D6D6h] [rbp-D6E6h]
+  char v174; // [rsp-D6D5h] [rbp-D6E5h]
+  char v175; // [rsp-D6D4h] [rbp-D6E4h]
+  char str_malloc; // [rsp-D6D0h] [rbp-D6E0h]
+  char v177; // [rsp-D6CFh] [rbp-D6DFh]
+  char v178; // [rsp-D6CEh] [rbp-D6DEh]
+  char v179; // [rsp-D6CDh] [rbp-D6DDh]
+  char v180; // [rsp-D6CCh] [rbp-D6DCh]
+  char v181; // [rsp-D6CBh] [rbp-D6DBh]
+  char v182; // [rsp-D6CAh] [rbp-D6DAh]
+  char str_memcmp; // [rsp-D6C8h] [rbp-D6D8h]
+  char v184; // [rsp-D6C7h] [rbp-D6D7h]
+  char v185; // [rsp-D6C6h] [rbp-D6D6h]
+  char v186; // [rsp-D6C5h] [rbp-D6D5h]
+  char v187; // [rsp-D6C4h] [rbp-D6D4h]
+  char v188; // [rsp-D6C3h] [rbp-D6D3h]
+  char v189; // [rsp-D6C2h] [rbp-D6D2h]
+  char str_memcpy; // [rsp-D6C0h] [rbp-D6D0h]
+  char v191; // [rsp-D6BFh] [rbp-D6CFh]
+  char v192; // [rsp-D6BEh] [rbp-D6CEh]
+  char v193; // [rsp-D6BDh] [rbp-D6CDh]
+  char v194; // [rsp-D6BCh] [rbp-D6CCh]
+  char v195; // [rsp-D6BBh] [rbp-D6CBh]
+  char v196; // [rsp-D6BAh] [rbp-D6CAh]
+  __int64 IsBadReadPtr; // [rsp-D6B8h] [rbp-D6C8h]
+  char str_realloc; // [rsp-D6B0h] [rbp-D6C0h]
+  char v199; // [rsp-D6AFh] [rbp-D6BFh]
+  char v200; // [rsp-D6AEh] [rbp-D6BEh]
+  char v201; // [rsp-D6ADh] [rbp-D6BDh]
+  char v202; // [rsp-D6ACh] [rbp-D6BCh]
+  char v203; // [rsp-D6ABh] [rbp-D6BBh]
+  char v204; // [rsp-D6AAh] [rbp-D6BAh]
+  char v205; // [rsp-D6A9h] [rbp-D6B9h]
+  signed int (__fastcall *NtQueryVirtualMemory)(signed __int64, unsigned __int64, _QWORD, __int64 *, signed __int64, __int64 *); // [rsp-D6A8h] [rbp-D6B8h]
+  char v207; // [rsp-D6A0h] [rbp-D6B0h]
+  char v208; // [rsp-D69Fh] [rbp-D6AFh]
+  char v209; // [rsp-D69Eh] [rbp-D6AEh]
+  char v210; // [rsp-D69Dh] [rbp-D6ADh]
+  char v211; // [rsp-D69Ch] [rbp-D6ACh]
+  char v212; // [rsp-D69Bh] [rbp-D6ABh]
+  char v213; // [rsp-D69Ah] [rbp-D6AAh]
+  char v214; // [rsp-D699h] [rbp-D6A9h]
+  char str_wmpdll; // [rsp-D698h] [rbp-D6A8h]
+  char v216; // [rsp-D697h] [rbp-D6A7h]
+  char v217; // [rsp-D696h] [rbp-D6A6h]
+  char v218; // [rsp-D695h] [rbp-D6A5h]
+  char v219; // [rsp-D694h] [rbp-D6A4h]
+  char v220; // [rsp-D693h] [rbp-D6A3h]
+  char v221; // [rsp-D692h] [rbp-D6A2h]
+  char v222; // [rsp-D691h] [rbp-D6A1h]
+  char v223; // [rsp-D690h] [rbp-D6A0h]
+  char v224; // [rsp-D68Fh] [rbp-D69Fh]
+  char v225; // [rsp-D68Eh] [rbp-D69Eh]
+  char v226; // [rsp-D68Dh] [rbp-D69Dh]
+  char v227; // [rsp-D68Ch] [rbp-D69Ch]
+  char v228; // [rsp-D68Bh] [rbp-D69Bh]
+  char v229; // [rsp-D68Ah] [rbp-D69Ah]
+  char v230; // [rsp-D689h] [rbp-D699h]
+  char v231; // [rsp-D688h] [rbp-D698h]
+  char str_beep; // [rsp-D680h] [rbp-D690h]
+  char v233; // [rsp-D67Fh] [rbp-D68Fh]
+  char v234; // [rsp-D67Eh] [rbp-D68Eh]
+  char v235; // [rsp-D67Dh] [rbp-D68Dh]
+  char v236; // [rsp-D67Ch] [rbp-D68Ch]
+  char v237; // [rsp-D67Bh] [rbp-D68Bh]
+  char v238; // [rsp-D67Ah] [rbp-D68Ah]
+  char v239; // [rsp-D679h] [rbp-D689h]
+  char v240; // [rsp-D678h] [rbp-D688h]
+  char str_readfile; // [rsp-D670h] [rbp-D680h]
+  char v242; // [rsp-D66Fh] [rbp-D67Fh]
+  char v243; // [rsp-D66Eh] [rbp-D67Eh]
+  char v244; // [rsp-D66Dh] [rbp-D67Dh]
+  char v245; // [rsp-D66Ch] [rbp-D67Ch]
+  char v246; // [rsp-D66Bh] [rbp-D67Bh]
+  char v247; // [rsp-D66Ah] [rbp-D67Ah]
+  char v248; // [rsp-D669h] [rbp-D679h]
+  char v249; // [rsp-D668h] [rbp-D678h]
+  char str_getwindow; // [rsp-D660h] [rbp-D670h]
+  char v251; // [rsp-D65Fh] [rbp-D66Fh]
+  char v252; // [rsp-D65Eh] [rbp-D66Eh]
+  char v253; // [rsp-D65Dh] [rbp-D66Dh]
+  char v254; // [rsp-D65Ch] [rbp-D66Ch]
+  char v255; // [rsp-D65Bh] [rbp-D66Bh]
+  char v256; // [rsp-D65Ah] [rbp-D66Ah]
+  char v257; // [rsp-D659h] [rbp-D669h]
+  char v258; // [rsp-D658h] [rbp-D668h]
+  char v259; // [rsp-D657h] [rbp-D667h]
+  char v260; // [rsp-D650h] [rbp-D660h]
+  char v261; // [rsp-D64Fh] [rbp-D65Fh]
+  char v262; // [rsp-D64Eh] [rbp-D65Eh]
+  char v263; // [rsp-D64Dh] [rbp-D65Dh]
+  char v264; // [rsp-D64Ch] [rbp-D65Ch]
+  char v265; // [rsp-D64Bh] [rbp-D65Bh]
+  char v266; // [rsp-D64Ah] [rbp-D65Ah]
+  char v267; // [rsp-D649h] [rbp-D659h]
+  char v268; // [rsp-D648h] [rbp-D658h]
+  char v269; // [rsp-D647h] [rbp-D657h]
+  char str_ndlldll; // [rsp-D640h] [rbp-D650h]
+  char v271; // [rsp-D63Fh] [rbp-D64Fh]
+  char v272; // [rsp-D63Eh] [rbp-D64Eh]
+  char v273; // [rsp-D63Dh] [rbp-D64Dh]
+  char v274; // [rsp-D63Ch] [rbp-D64Ch]
+  char v275; // [rsp-D63Bh] [rbp-D64Bh]
+  char v276; // [rsp-D63Ah] [rbp-D64Ah]
+  char v277; // [rsp-D639h] [rbp-D649h]
+  char v278; // [rsp-D638h] [rbp-D648h]
+  char v279; // [rsp-D637h] [rbp-D647h]
+  char str_psapidll; // [rsp-D630h] [rbp-D640h]
+  char v281; // [rsp-D62Fh] [rbp-D63Fh]
+  char v282; // [rsp-D62Eh] [rbp-D63Eh]
+  char v283; // [rsp-D62Dh] [rbp-D63Dh]
+  char v284; // [rsp-D62Ch] [rbp-D63Ch]
+  char v285; // [rsp-D62Bh] [rbp-D63Bh]
+  char v286; // [rsp-D62Ah] [rbp-D63Ah]
+  char v287; // [rsp-D629h] [rbp-D639h]
+  char v288; // [rsp-D628h] [rbp-D638h]
+  char v289; // [rsp-D627h] [rbp-D637h]
+  char str_wcsnicmp; // [rsp-D620h] [rbp-D630h]
+  char v291; // [rsp-D61Fh] [rbp-D62Fh]
+  char v292; // [rsp-D61Eh] [rbp-D62Eh]
+  char v293; // [rsp-D61Dh] [rbp-D62Dh]
+  char v294; // [rsp-D61Ch] [rbp-D62Ch]
+  char v295; // [rsp-D61Bh] [rbp-D62Bh]
+  char v296; // [rsp-D61Ah] [rbp-D62Ah]
+  char v297; // [rsp-D619h] [rbp-D629h]
+  char v298; // [rsp-D618h] [rbp-D628h]
+  char v299; // [rsp-D617h] [rbp-D627h]
+  char v300; // [rsp-D610h] [rbp-D620h]
+  char v301; // [rsp-D60Fh] [rbp-D61Fh]
+  char v302; // [rsp-D60Eh] [rbp-D61Eh]
+  char v303; // [rsp-D60Dh] [rbp-D61Dh]
+  char v304; // [rsp-D60Ch] [rbp-D61Ch]
+  char v305; // [rsp-D60Bh] [rbp-D61Bh]
+  char v306; // [rsp-D60Ah] [rbp-D61Ah]
+  char v307; // [rsp-D609h] [rbp-D619h]
+  char v308; // [rsp-D608h] [rbp-D618h]
+  char v309; // [rsp-D607h] [rbp-D617h]
+  char v310; // [rsp-D606h] [rbp-D616h]
+  char str_openthread; // [rsp-D600h] [rbp-D610h]
+  char v312; // [rsp-D5FFh] [rbp-D60Fh]
+  char v313; // [rsp-D5FEh] [rbp-D60Eh]
+  char v314; // [rsp-D5FDh] [rbp-D60Dh]
+  char v315; // [rsp-D5FCh] [rbp-D60Ch]
+  char v316; // [rsp-D5FBh] [rbp-D60Bh]
+  char v317; // [rsp-D5FAh] [rbp-D60Ah]
+  char v318; // [rsp-D5F9h] [rbp-D609h]
+  char v319; // [rsp-D5F8h] [rbp-D608h]
+  char v320; // [rsp-D5F7h] [rbp-D607h]
+  char v321; // [rsp-D5F6h] [rbp-D606h]
+  char str_be_dlldll; // [rsp-D5F0h] [rbp-D600h]
+  char v323; // [rsp-D5EFh] [rbp-D5FFh]
+  char v324; // [rsp-D5EEh] [rbp-D5FEh]
+  char v325; // [rsp-D5EDh] [rbp-D5FDh]
+  char v326; // [rsp-D5ECh] [rbp-D5FCh]
+  char v327; // [rsp-D5EBh] [rbp-D5FBh]
+  char v328; // [rsp-D5EAh] [rbp-D5FAh]
+  char v329; // [rsp-D5E9h] [rbp-D5F9h]
+  char v330; // [rsp-D5E8h] [rbp-D5F8h]
+  char v331; // [rsp-D5E7h] [rbp-D5F7h]
+  char v332; // [rsp-D5E6h] [rbp-D5F6h]
+  char str_user32dll_1; // [rsp-D5E0h] [rbp-D5F0h]
+  char v334; // [rsp-D5DFh] [rbp-D5EFh]
+  char v335; // [rsp-D5DEh] [rbp-D5EEh]
+  char v336; // [rsp-D5DDh] [rbp-D5EDh]
+  char v337; // [rsp-D5DCh] [rbp-D5ECh]
+  char v338; // [rsp-D5DBh] [rbp-D5EBh]
+  char v339; // [rsp-D5DAh] [rbp-D5EAh]
+  char v340; // [rsp-D5D9h] [rbp-D5E9h]
+  char v341; // [rsp-D5D8h] [rbp-D5E8h]
+  char v342; // [rsp-D5D7h] [rbp-D5E7h]
+  char v343; // [rsp-D5D6h] [rbp-D5E6h]
+  char str_createfilea; // [rsp-D5D0h] [rbp-D5E0h]
+  char v345; // [rsp-D5CFh] [rbp-D5DFh]
+  char v346; // [rsp-D5CEh] [rbp-D5DEh]
+  char v347; // [rsp-D5CDh] [rbp-D5DDh]
+  char v348; // [rsp-D5CCh] [rbp-D5DCh]
+  char v349; // [rsp-D5CBh] [rbp-D5DBh]
+  char v350; // [rsp-D5CAh] [rbp-D5DAh]
+  char v351; // [rsp-D5C9h] [rbp-D5D9h]
+  char v352; // [rsp-D5C8h] [rbp-D5D8h]
+  char v353; // [rsp-D5C7h] [rbp-D5D7h]
+  char v354; // [rsp-D5C6h] [rbp-D5D6h]
+  char v355; // [rsp-D5C5h] [rbp-D5D5h]
+  char str_createfilea_1; // [rsp-D5C0h] [rbp-D5D0h]
+  char v357; // [rsp-D5BFh] [rbp-D5CFh]
+  char v358; // [rsp-D5BEh] [rbp-D5CEh]
+  char v359; // [rsp-D5BDh] [rbp-D5CDh]
+  char v360; // [rsp-D5BCh] [rbp-D5CCh]
+  char v361; // [rsp-D5BBh] [rbp-D5CBh]
+  char v362; // [rsp-D5BAh] [rbp-D5CAh]
+  char v363; // [rsp-D5B9h] [rbp-D5C9h]
+  char v364; // [rsp-D5B8h] [rbp-D5C8h]
+  char v365; // [rsp-D5B7h] [rbp-D5C7h]
+  char v366; // [rsp-D5B6h] [rbp-D5C6h]
+  char v367; // [rsp-D5B5h] [rbp-D5C5h]
+  char str_closehandle; // [rsp-D5B0h] [rbp-D5C0h]
+  char v369; // [rsp-D5AFh] [rbp-D5BFh]
+  char v370; // [rsp-D5AEh] [rbp-D5BEh]
+  char v371; // [rsp-D5ADh] [rbp-D5BDh]
+  char v372; // [rsp-D5ACh] [rbp-D5BCh]
+  char v373; // [rsp-D5ABh] [rbp-D5BBh]
+  char v374; // [rsp-D5AAh] [rbp-D5BAh]
+  char v375; // [rsp-D5A9h] [rbp-D5B9h]
+  char v376; // [rsp-D5A8h] [rbp-D5B8h]
+  char v377; // [rsp-D5A7h] [rbp-D5B7h]
+  char v378; // [rsp-D5A6h] [rbp-D5B6h]
+  char v379; // [rsp-D5A5h] [rbp-D5B5h]
+  char str_openprocess; // [rsp-D5A0h] [rbp-D5B0h]
+  char v381; // [rsp-D59Fh] [rbp-D5AFh]
+  char v382; // [rsp-D59Eh] [rbp-D5AEh]
+  char v383; // [rsp-D59Dh] [rbp-D5ADh]
+  char v384; // [rsp-D59Ch] [rbp-D5ACh]
+  char v385; // [rsp-D59Bh] [rbp-D5ABh]
+  char v386; // [rsp-D59Ah] [rbp-D5AAh]
+  char v387; // [rsp-D599h] [rbp-D5A9h]
+  char v388; // [rsp-D598h] [rbp-D5A8h]
+  char v389; // [rsp-D597h] [rbp-D5A7h]
+  char v390; // [rsp-D596h] [rbp-D5A6h]
+  char v391; // [rsp-D595h] [rbp-D5A5h]
+  char str_resumethread; // [rsp-D590h] [rbp-D5A0h]
+  char v393; // [rsp-D58Fh] [rbp-D59Fh]
+  char v394; // [rsp-D58Eh] [rbp-D59Eh]
+  char v395; // [rsp-D58Dh] [rbp-D59Dh]
+  char v396; // [rsp-D58Ch] [rbp-D59Ch]
+  char v397; // [rsp-D58Bh] [rbp-D59Bh]
+  char v398; // [rsp-D58Ah] [rbp-D59Ah]
+  char v399; // [rsp-D589h] [rbp-D599h]
+  char v400; // [rsp-D588h] [rbp-D598h]
+  char v401; // [rsp-D587h] [rbp-D597h]
+  char v402; // [rsp-D586h] [rbp-D596h]
+  char v403; // [rsp-D585h] [rbp-D595h]
+  char v404; // [rsp-D584h] [rbp-D594h]
+  char str_loadlibrarya; // [rsp-D580h] [rbp-D590h]
+  char v406; // [rsp-D57Fh] [rbp-D58Fh]
+  char v407; // [rsp-D57Eh] [rbp-D58Eh]
+  char v408; // [rsp-D57Dh] [rbp-D58Dh]
+  char v409; // [rsp-D57Ch] [rbp-D58Ch]
+  char v410; // [rsp-D57Bh] [rbp-D58Bh]
+  char v411; // [rsp-D57Ah] [rbp-D58Ah]
+  char v412; // [rsp-D579h] [rbp-D589h]
+  char v413; // [rsp-D578h] [rbp-D588h]
+  char v414; // [rsp-D577h] [rbp-D587h]
+  char v415; // [rsp-D576h] [rbp-D586h]
+  char v416; // [rsp-D575h] [rbp-D585h]
+  char v417; // [rsp-D574h] [rbp-D584h]
+  char str_getlasterror_1; // [rsp-D570h] [rbp-D580h]
+  char v419; // [rsp-D56Fh] [rbp-D57Fh]
+  char v420; // [rsp-D56Eh] [rbp-D57Eh]
+  char v421; // [rsp-D56Dh] [rbp-D57Dh]
+  char v422; // [rsp-D56Ch] [rbp-D57Ch]
+  char v423; // [rsp-D56Bh] [rbp-D57Bh]
+  char v424; // [rsp-D56Ah] [rbp-D57Ah]
+  char v425; // [rsp-D569h] [rbp-D579h]
+  char v426; // [rsp-D568h] [rbp-D578h]
+  char v427; // [rsp-D567h] [rbp-D577h]
+  char v428; // [rsp-D566h] [rbp-D576h]
+  char v429; // [rsp-D565h] [rbp-D575h]
+  char v430; // [rsp-D564h] [rbp-D574h]
+  char str_getprocessid; // [rsp-D560h] [rbp-D570h]
+  char v432; // [rsp-D55Fh] [rbp-D56Fh]
+  char v433; // [rsp-D55Eh] [rbp-D56Eh]
+  char v434; // [rsp-D55Dh] [rbp-D56Dh]
+  char v435; // [rsp-D55Ch] [rbp-D56Ch]
+  char v436; // [rsp-D55Bh] [rbp-D56Bh]
+  char v437; // [rsp-D55Ah] [rbp-D56Ah]
+  char v438; // [rsp-D559h] [rbp-D569h]
+  char v439; // [rsp-D558h] [rbp-D568h]
+  char v440; // [rsp-D557h] [rbp-D567h]
+  char v441; // [rsp-D556h] [rbp-D566h]
+  char v442; // [rsp-D555h] [rbp-D565h]
+  char v443; // [rsp-D554h] [rbp-D564h]
+  char str_getlasterror_3; // [rsp-D550h] [rbp-D560h]
+  char v445; // [rsp-D54Fh] [rbp-D55Fh]
+  char v446; // [rsp-D54Eh] [rbp-D55Eh]
+  char v447; // [rsp-D54Dh] [rbp-D55Dh]
+  char v448; // [rsp-D54Ch] [rbp-D55Ch]
+  char v449; // [rsp-D54Bh] [rbp-D55Bh]
+  char v450; // [rsp-D54Ah] [rbp-D55Ah]
+  char v451; // [rsp-D549h] [rbp-D559h]
+  char v452; // [rsp-D548h] [rbp-D558h]
+  char v453; // [rsp-D547h] [rbp-D557h]
+  char v454; // [rsp-D546h] [rbp-D556h]
+  char v455; // [rsp-D545h] [rbp-D555h]
+  char v456; // [rsp-D544h] [rbp-D554h]
+  char str_iphlpapi; // [rsp-D540h] [rbp-D550h]
+  char v458; // [rsp-D53Fh] [rbp-D54Fh]
+  char v459; // [rsp-D53Eh] [rbp-D54Eh]
+  char v460; // [rsp-D53Dh] [rbp-D54Dh]
+  char v461; // [rsp-D53Ch] [rbp-D54Ch]
+  char v462; // [rsp-D53Bh] [rbp-D54Bh]
+  char v463; // [rsp-D53Ah] [rbp-D54Ah]
+  char v464; // [rsp-D539h] [rbp-D549h]
+  char v465; // [rsp-D538h] [rbp-D548h]
+  char v466; // [rsp-D537h] [rbp-D547h]
+  char v467; // [rsp-D536h] [rbp-D546h]
+  char v468; // [rsp-D535h] [rbp-D545h]
+  char v469; // [rsp-D534h] [rbp-D544h]
+  char str_getlasterror_2; // [rsp-D530h] [rbp-D540h]
+  char v471; // [rsp-D52Fh] [rbp-D53Fh]
+  char v472; // [rsp-D52Eh] [rbp-D53Eh]
+  char v473; // [rsp-D52Dh] [rbp-D53Dh]
+  char v474; // [rsp-D52Ch] [rbp-D53Ch]
+  char v475; // [rsp-D52Bh] [rbp-D53Bh]
+  char v476; // [rsp-D52Ah] [rbp-D53Ah]
+  char v477; // [rsp-D529h] [rbp-D539h]
+  char v478; // [rsp-D528h] [rbp-D538h]
+  char v479; // [rsp-D527h] [rbp-D537h]
+  char v480; // [rsp-D526h] [rbp-D536h]
+  char v481; // [rsp-D525h] [rbp-D535h]
+  char v482; // [rsp-D524h] [rbp-D534h]
+  char str_gettickcount; // [rsp-D520h] [rbp-D530h]
+  char v484; // [rsp-D51Fh] [rbp-D52Fh]
+  char v485; // [rsp-D51Eh] [rbp-D52Eh]
+  char v486; // [rsp-D51Dh] [rbp-D52Dh]
+  char v487; // [rsp-D51Ch] [rbp-D52Ch]
+  char v488; // [rsp-D51Bh] [rbp-D52Bh]
+  char v489; // [rsp-D51Ah] [rbp-D52Ah]
+  char v490; // [rsp-D519h] [rbp-D529h]
+  char v491; // [rsp-D518h] [rbp-D528h]
+  char v492; // [rsp-D517h] [rbp-D527h]
+  char v493; // [rsp-D516h] [rbp-D526h]
+  char v494; // [rsp-D515h] [rbp-D525h]
+  char v495; // [rsp-D514h] [rbp-D524h]
+  char str_isbadreadptr; // [rsp-D510h] [rbp-D520h]
+  char v497; // [rsp-D50Fh] [rbp-D51Fh]
+  char v498; // [rsp-D50Eh] [rbp-D51Eh]
+  char v499; // [rsp-D50Dh] [rbp-D51Dh]
+  char v500; // [rsp-D50Ch] [rbp-D51Ch]
+  char v501; // [rsp-D50Bh] [rbp-D51Bh]
+  char v502; // [rsp-D50Ah] [rbp-D51Ah]
+  char v503; // [rsp-D509h] [rbp-D519h]
+  char v504; // [rsp-D508h] [rbp-D518h]
+  char v505; // [rsp-D507h] [rbp-D517h]
+  char v506; // [rsp-D506h] [rbp-D516h]
+  char v507; // [rsp-D505h] [rbp-D515h]
+  char v508; // [rsp-D504h] [rbp-D514h]
+  char str_gettopwindow; // [rsp-D500h] [rbp-D510h]
+  char v510; // [rsp-D4FFh] [rbp-D50Fh]
+  char v511; // [rsp-D4FEh] [rbp-D50Eh]
+  char v512; // [rsp-D4FDh] [rbp-D50Dh]
+  char v513; // [rsp-D4FCh] [rbp-D50Ch]
+  char v514; // [rsp-D4FBh] [rbp-D50Bh]
+  char v515; // [rsp-D4FAh] [rbp-D50Ah]
+  char v516; // [rsp-D4F9h] [rbp-D509h]
+  char v517; // [rsp-D4F8h] [rbp-D508h]
+  char v518; // [rsp-D4F7h] [rbp-D507h]
+  char v519; // [rsp-D4F6h] [rbp-D506h]
+  char v520; // [rsp-D4F5h] [rbp-D505h]
+  char v521; // [rsp-D4F4h] [rbp-D504h]
+  char str_getlasterror; // [rsp-D4F0h] [rbp-D500h]
+  char v523; // [rsp-D4EFh] [rbp-D4FFh]
+  char v524; // [rsp-D4EEh] [rbp-D4FEh]
+  char v525; // [rsp-D4EDh] [rbp-D4FDh]
+  char v526; // [rsp-D4ECh] [rbp-D4FCh]
+  char v527; // [rsp-D4EBh] [rbp-D4FBh]
+  char v528; // [rsp-D4EAh] [rbp-D4FAh]
+  char v529; // [rsp-D4E9h] [rbp-D4F9h]
+  char v530; // [rsp-D4E8h] [rbp-D4F8h]
+  char v531; // [rsp-D4E7h] [rbp-D4F7h]
+  char v532; // [rsp-D4E6h] [rbp-D4F6h]
+  char v533; // [rsp-D4E5h] [rbp-D4F5h]
+  char v534; // [rsp-D4E4h] [rbp-D4F4h]
+  char str_getlasterror_4; // [rsp-D4E0h] [rbp-D4F0h]
+  char v536; // [rsp-D4DFh] [rbp-D4EFh]
+  char v537; // [rsp-D4DEh] [rbp-D4EEh]
+  char v538; // [rsp-D4DDh] [rbp-D4EDh]
+  char v539; // [rsp-D4DCh] [rbp-D4ECh]
+  char v540; // [rsp-D4DBh] [rbp-D4EBh]
+  char v541; // [rsp-D4DAh] [rbp-D4EAh]
+  char v542; // [rsp-D4D9h] [rbp-D4E9h]
+  char v543; // [rsp-D4D8h] [rbp-D4E8h]
+  char v544; // [rsp-D4D7h] [rbp-D4E7h]
+  char v545; // [rsp-D4D6h] [rbp-D4E6h]
+  char v546; // [rsp-D4D5h] [rbp-D4E5h]
+  char v547; // [rsp-D4D4h] [rbp-D4E4h]
+  char str_module32next; // [rsp-D4D0h] [rbp-D4E0h]
+  char v549; // [rsp-D4CFh] [rbp-D4DFh]
+  char v550; // [rsp-D4CEh] [rbp-D4DEh]
+  char v551; // [rsp-D4CDh] [rbp-D4DDh]
+  char v552; // [rsp-D4CCh] [rbp-D4DCh]
+  char v553; // [rsp-D4CBh] [rbp-D4DBh]
+  char v554; // [rsp-D4CAh] [rbp-D4DAh]
+  char v555; // [rsp-D4C9h] [rbp-D4D9h]
+  char v556; // [rsp-D4C8h] [rbp-D4D8h]
+  char v557; // [rsp-D4C7h] [rbp-D4D7h]
+  char v558; // [rsp-D4C6h] [rbp-D4D6h]
+  char v559; // [rsp-D4C5h] [rbp-D4D5h]
+  char v560; // [rsp-D4C4h] [rbp-D4D4h]
+  char str_thread32next; // [rsp-D4C0h] [rbp-D4D0h]
+  char v562; // [rsp-D4BFh] [rbp-D4CFh]
+  char v563; // [rsp-D4BEh] [rbp-D4CEh]
+  char v564; // [rsp-D4BDh] [rbp-D4CDh]
+  char v565; // [rsp-D4BCh] [rbp-D4CCh]
+  char v566; // [rsp-D4BBh] [rbp-D4CBh]
+  char v567; // [rsp-D4BAh] [rbp-D4CAh]
+  char v568; // [rsp-D4B9h] [rbp-D4C9h]
+  char v569; // [rsp-D4B8h] [rbp-D4C8h]
+  char v570; // [rsp-D4B7h] [rbp-D4C7h]
+  char v571; // [rsp-D4B6h] [rbp-D4C6h]
+  char v572; // [rsp-D4B5h] [rbp-D4C5h]
+  char v573; // [rsp-D4B4h] [rbp-D4C4h]
+  char str_process32next; // [rsp-D4B0h] [rbp-D4C0h]
+  char v575; // [rsp-D4AFh] [rbp-D4BFh]
+  char v576; // [rsp-D4AEh] [rbp-D4BEh]
+  char v577; // [rsp-D4ADh] [rbp-D4BDh]
+  char v578; // [rsp-D4ACh] [rbp-D4BCh]
+  char v579; // [rsp-D4ABh] [rbp-D4BBh]
+  char v580; // [rsp-D4AAh] [rbp-D4BAh]
+  char v581; // [rsp-D4A9h] [rbp-D4B9h]
+  char v582; // [rsp-D4A8h] [rbp-D4B8h]
+  char v583; // [rsp-D4A7h] [rbp-D4B7h]
+  char v584; // [rsp-D4A6h] [rbp-D4B6h]
+  char v585; // [rsp-D4A5h] [rbp-D4B5h]
+  char v586; // [rsp-D4A4h] [rbp-D4B4h]
+  char v587; // [rsp-D4A3h] [rbp-D4B3h]
+  char str_getwindowrect; // [rsp-D4A0h] [rbp-D4B0h]
+  char v589; // [rsp-D49Fh] [rbp-D4AFh]
+  char v590; // [rsp-D49Eh] [rbp-D4AEh]
+  char v591; // [rsp-D49Dh] [rbp-D4ADh]
+  char v592; // [rsp-D49Ch] [rbp-D4ACh]
+  char v593; // [rsp-D49Bh] [rbp-D4ABh]
+  char v594; // [rsp-D49Ah] [rbp-D4AAh]
+  char v595; // [rsp-D499h] [rbp-D4A9h]
+  char v596; // [rsp-D498h] [rbp-D4A8h]
+  char v597; // [rsp-D497h] [rbp-D4A7h]
+  char v598; // [rsp-D496h] [rbp-D4A6h]
+  char v599; // [rsp-D495h] [rbp-D4A5h]
+  char v600; // [rsp-D494h] [rbp-D4A4h]
+  char v601; // [rsp-D493h] [rbp-D4A3h]
+  char str_ntqueryobject; // [rsp-D490h] [rbp-D4A0h]
+  char v603; // [rsp-D48Fh] [rbp-D49Fh]
+  char v604; // [rsp-D48Eh] [rbp-D49Eh]
+  char v605; // [rsp-D48Dh] [rbp-D49Dh]
+  char v606; // [rsp-D48Ch] [rbp-D49Ch]
+  char v607; // [rsp-D48Bh] [rbp-D49Bh]
+  char v608; // [rsp-D48Ah] [rbp-D49Ah]
+  char v609; // [rsp-D489h] [rbp-D499h]
+  char v610; // [rsp-D488h] [rbp-D498h]
+  char v611; // [rsp-D487h] [rbp-D497h]
+  char v612; // [rsp-D486h] [rbp-D496h]
+  char v613; // [rsp-D485h] [rbp-D495h]
+  char v614; // [rsp-D484h] [rbp-D494h]
+  char v615; // [rsp-D483h] [rbp-D493h]
+  char str_getclassnamew; // [rsp-D480h] [rbp-D490h]
+  char v617; // [rsp-D47Fh] [rbp-D48Fh]
+  char v618; // [rsp-D47Eh] [rbp-D48Eh]
+  char v619; // [rsp-D47Dh] [rbp-D48Dh]
+  char v620; // [rsp-D47Ch] [rbp-D48Ch]
+  char v621; // [rsp-D47Bh] [rbp-D48Bh]
+  char v622; // [rsp-D47Ah] [rbp-D48Ah]
+  char v623; // [rsp-D479h] [rbp-D489h]
+  char v624; // [rsp-D478h] [rbp-D488h]
+  char v625; // [rsp-D477h] [rbp-D487h]
+  char v626; // [rsp-D476h] [rbp-D486h]
+  char v627; // [rsp-D475h] [rbp-D485h]
+  char v628; // [rsp-D474h] [rbp-D484h]
+  char v629; // [rsp-D473h] [rbp-D483h]
+  char str_enumprocesses; // [rsp-D470h] [rbp-D480h]
+  char v631; // [rsp-D46Fh] [rbp-D47Fh]
+  char v632; // [rsp-D46Eh] [rbp-D47Eh]
+  char v633; // [rsp-D46Dh] [rbp-D47Dh]
+  char v634; // [rsp-D46Ch] [rbp-D47Ch]
+  char v635; // [rsp-D46Bh] [rbp-D47Bh]
+  char v636; // [rsp-D46Ah] [rbp-D47Ah]
+  char v637; // [rsp-D469h] [rbp-D479h]
+  char v638; // [rsp-D468h] [rbp-D478h]
+  char v639; // [rsp-D467h] [rbp-D477h]
+  char v640; // [rsp-D466h] [rbp-D476h]
+  char v641; // [rsp-D465h] [rbp-D475h]
+  char v642; // [rsp-D464h] [rbp-D474h]
+  char v643; // [rsp-D463h] [rbp-D473h]
+  char str_suspendthread; // [rsp-D460h] [rbp-D470h]
+  char v645; // [rsp-D45Fh] [rbp-D46Fh]
+  char v646; // [rsp-D45Eh] [rbp-D46Eh]
+  char v647; // [rsp-D45Dh] [rbp-D46Dh]
+  char v648; // [rsp-D45Ch] [rbp-D46Ch]
+  char v649; // [rsp-D45Bh] [rbp-D46Bh]
+  char v650; // [rsp-D45Ah] [rbp-D46Ah]
+  char v651; // [rsp-D459h] [rbp-D469h]
+  char v652; // [rsp-D458h] [rbp-D468h]
+  char v653; // [rsp-D457h] [rbp-D467h]
+  char v654; // [rsp-D456h] [rbp-D466h]
+  char v655; // [rsp-D455h] [rbp-D465h]
+  char v656; // [rsp-D454h] [rbp-D464h]
+  char v657; // [rsp-D453h] [rbp-D463h]
+  char str_thread32first; // [rsp-D450h] [rbp-D460h]
+  char v659; // [rsp-D44Fh] [rbp-D45Fh]
+  char v660; // [rsp-D44Eh] [rbp-D45Eh]
+  char v661; // [rsp-D44Dh] [rbp-D45Dh]
+  char v662; // [rsp-D44Ch] [rbp-D45Ch]
+  char v663; // [rsp-D44Bh] [rbp-D45Bh]
+  char v664; // [rsp-D44Ah] [rbp-D45Ah]
+  char v665; // [rsp-D449h] [rbp-D459h]
+  char v666; // [rsp-D448h] [rbp-D458h]
+  char v667; // [rsp-D447h] [rbp-D457h]
+  char v668; // [rsp-D446h] [rbp-D456h]
+  char v669; // [rsp-D445h] [rbp-D455h]
+  char v670; // [rsp-D444h] [rbp-D454h]
+  char v671; // [rsp-D443h] [rbp-D453h]
+  char str_module32first; // [rsp-D440h] [rbp-D450h]
+  char v673; // [rsp-D43Fh] [rbp-D44Fh]
+  char v674; // [rsp-D43Eh] [rbp-D44Eh]
+  char v675; // [rsp-D43Dh] [rbp-D44Dh]
+  char v676; // [rsp-D43Ch] [rbp-D44Ch]
+  char v677; // [rsp-D43Bh] [rbp-D44Bh]
+  char v678; // [rsp-D43Ah] [rbp-D44Ah]
+  char v679; // [rsp-D439h] [rbp-D449h]
+  char v680; // [rsp-D438h] [rbp-D448h]
+  char v681; // [rsp-D437h] [rbp-D447h]
+  char v682; // [rsp-D436h] [rbp-D446h]
+  char v683; // [rsp-D435h] [rbp-D445h]
+  char v684; // [rsp-D434h] [rbp-D444h]
+  char v685; // [rsp-D433h] [rbp-D443h]
+  char str_process32first; // [rsp-D430h] [rbp-D440h]
+  char v687; // [rsp-D42Fh] [rbp-D43Fh]
+  char v688; // [rsp-D42Eh] [rbp-D43Eh]
+  char v689; // [rsp-D42Dh] [rbp-D43Dh]
+  char v690; // [rsp-D42Ch] [rbp-D43Ch]
+  char v691; // [rsp-D42Bh] [rbp-D43Bh]
+  char v692; // [rsp-D42Ah] [rbp-D43Ah]
+  char v693; // [rsp-D429h] [rbp-D439h]
+  char v694; // [rsp-D428h] [rbp-D438h]
+  char v695; // [rsp-D427h] [rbp-D437h]
+  char v696; // [rsp-D426h] [rbp-D436h]
+  char v697; // [rsp-D425h] [rbp-D435h]
+  char v698; // [rsp-D424h] [rbp-D434h]
+  char v699; // [rsp-D423h] [rbp-D433h]
+  char v700; // [rsp-D422h] [rbp-D432h]
+  char str_getwindowtexta; // [rsp-D420h] [rbp-D430h]
+  char v702; // [rsp-D41Fh] [rbp-D42Fh]
+  char v703; // [rsp-D41Eh] [rbp-D42Eh]
+  char v704; // [rsp-D41Dh] [rbp-D42Dh]
+  char v705; // [rsp-D41Ch] [rbp-D42Ch]
+  char v706; // [rsp-D41Bh] [rbp-D42Bh]
+  char v707; // [rsp-D41Ah] [rbp-D42Ah]
+  char v708; // [rsp-D419h] [rbp-D429h]
+  char v709; // [rsp-D418h] [rbp-D428h]
+  char v710; // [rsp-D417h] [rbp-D427h]
+  char v711; // [rsp-D416h] [rbp-D426h]
+  char v712; // [rsp-D415h] [rbp-D425h]
+  char v713; // [rsp-D414h] [rbp-D424h]
+  char v714; // [rsp-D413h] [rbp-D423h]
+  char v715; // [rsp-D412h] [rbp-D422h]
+  char str_nvcompiler; // [rsp-D410h] [rbp-D420h]
+  char v717; // [rsp-D40Fh] [rbp-D41Fh]
+  char v718; // [rsp-D40Eh] [rbp-D41Eh]
+  char v719; // [rsp-D40Dh] [rbp-D41Dh]
+  char v720; // [rsp-D40Ch] [rbp-D41Ch]
+  char v721; // [rsp-D40Bh] [rbp-D41Bh]
+  char v722; // [rsp-D40Ah] [rbp-D41Ah]
+  char v723; // [rsp-D409h] [rbp-D419h]
+  char v724; // [rsp-D408h] [rbp-D418h]
+  char v725; // [rsp-D407h] [rbp-D417h]
+  char v726; // [rsp-D406h] [rbp-D416h]
+  char v727; // [rsp-D405h] [rbp-D415h]
+  char v728; // [rsp-D404h] [rbp-D414h]
+  char v729; // [rsp-D403h] [rbp-D413h]
+  char v730; // [rsp-D402h] [rbp-D412h]
+  char str_getwindowtextw; // [rsp-D400h] [rbp-D410h]
+  char v732; // [rsp-D3FFh] [rbp-D40Fh]
+  char v733; // [rsp-D3FEh] [rbp-D40Eh]
+  char v734; // [rsp-D3FDh] [rbp-D40Dh]
+  char v735; // [rsp-D3FCh] [rbp-D40Ch]
+  char v736; // [rsp-D3FBh] [rbp-D40Bh]
+  char v737; // [rsp-D3FAh] [rbp-D40Ah]
+  char v738; // [rsp-D3F9h] [rbp-D409h]
+  char v739; // [rsp-D3F8h] [rbp-D408h]
+  char v740; // [rsp-D3F7h] [rbp-D407h]
+  char v741; // [rsp-D3F6h] [rbp-D406h]
+  char v742; // [rsp-D3F5h] [rbp-D405h]
+  char v743; // [rsp-D3F4h] [rbp-D404h]
+  char v744; // [rsp-D3F3h] [rbp-D403h]
+  char v745; // [rsp-D3F2h] [rbp-D402h]
+  char str_getwindowlong; // [rsp-D3F0h] [rbp-D400h]
+  char v747; // [rsp-D3EFh] [rbp-D3FFh]
+  char v748; // [rsp-D3EEh] [rbp-D3FEh]
+  char v749; // [rsp-D3EDh] [rbp-D3FDh]
+  char v750; // [rsp-D3ECh] [rbp-D3FCh]
+  char v751; // [rsp-D3EBh] [rbp-D3FBh]
+  char v752; // [rsp-D3EAh] [rbp-D3FAh]
+  char v753; // [rsp-D3E9h] [rbp-D3F9h]
+  char v754; // [rsp-D3E8h] [rbp-D3F8h]
+  char v755; // [rsp-D3E7h] [rbp-D3F7h]
+  char v756; // [rsp-D3E6h] [rbp-D3F6h]
+  char v757; // [rsp-D3E5h] [rbp-D3F5h]
+  char v758; // [rsp-D3E4h] [rbp-D3F4h]
+  char v759; // [rsp-D3E3h] [rbp-D3F3h]
+  char v760; // [rsp-D3E2h] [rbp-D3F2h]
+  char str_getprocesstimes; // [rsp-D3E0h] [rbp-D3F0h]
+  char v762; // [rsp-D3DFh] [rbp-D3EFh]
+  char v763; // [rsp-D3DEh] [rbp-D3EEh]
+  char v764; // [rsp-D3DDh] [rbp-D3EDh]
+  char v765; // [rsp-D3DCh] [rbp-D3ECh]
+  char v766; // [rsp-D3DBh] [rbp-D3EBh]
+  char v767; // [rsp-D3DAh] [rbp-D3EAh]
+  char v768; // [rsp-D3D9h] [rbp-D3E9h]
+  char v769; // [rsp-D3D8h] [rbp-D3E8h]
+  char v770; // [rsp-D3D7h] [rbp-D3E7h]
+  char v771; // [rsp-D3D6h] [rbp-D3E6h]
+  char v772; // [rsp-D3D5h] [rbp-D3E5h]
+  char v773; // [rsp-D3D4h] [rbp-D3E4h]
+  char v774; // [rsp-D3D3h] [rbp-D3E3h]
+  char v775; // [rsp-D3D2h] [rbp-D3E2h]
+  char v776; // [rsp-D3D1h] [rbp-D3E1h]
+  char str_getprocesstimes_2; // [rsp-D3D0h] [rbp-D3E0h]
+  char v778; // [rsp-D3CFh] [rbp-D3DFh]
+  char v779; // [rsp-D3CEh] [rbp-D3DEh]
+  char v780; // [rsp-D3CDh] [rbp-D3DDh]
+  char v781; // [rsp-D3CCh] [rbp-D3DCh]
+  char v782; // [rsp-D3CBh] [rbp-D3DBh]
+  char v783; // [rsp-D3CAh] [rbp-D3DAh]
+  char v784; // [rsp-D3C9h] [rbp-D3D9h]
+  char v785; // [rsp-D3C8h] [rbp-D3D8h]
+  char v786; // [rsp-D3C7h] [rbp-D3D7h]
+  char v787; // [rsp-D3C6h] [rbp-D3D6h]
+  char v788; // [rsp-D3C5h] [rbp-D3D5h]
+  char v789; // [rsp-D3C4h] [rbp-D3D4h]
+  char v790; // [rsp-D3C3h] [rbp-D3D3h]
+  char v791; // [rsp-D3C2h] [rbp-D3D2h]
+  char v792; // [rsp-D3C1h] [rbp-D3D1h]
+  char str_getprocesstimes_3; // [rsp-D3C0h] [rbp-D3D0h]
+  char v794; // [rsp-D3BFh] [rbp-D3CFh]
+  char v795; // [rsp-D3BEh] [rbp-D3CEh]
+  char v796; // [rsp-D3BDh] [rbp-D3CDh]
+  char v797; // [rsp-D3BCh] [rbp-D3CCh]
+  char v798; // [rsp-D3BBh] [rbp-D3CBh]
+  char v799; // [rsp-D3BAh] [rbp-D3CAh]
+  char v800; // [rsp-D3B9h] [rbp-D3C9h]
+  char v801; // [rsp-D3B8h] [rbp-D3C8h]
+  char v802; // [rsp-D3B7h] [rbp-D3C7h]
+  char v803; // [rsp-D3B6h] [rbp-D3C6h]
+  char v804; // [rsp-D3B5h] [rbp-D3C5h]
+  char v805; // [rsp-D3B4h] [rbp-D3C4h]
+  char v806; // [rsp-D3B3h] [rbp-D3C3h]
+  char v807; // [rsp-D3B2h] [rbp-D3C2h]
+  char v808; // [rsp-D3B1h] [rbp-D3C1h]
+  char str_duplicatehandle; // [rsp-D3B0h] [rbp-D3C0h]
+  char v810; // [rsp-D3AFh] [rbp-D3BFh]
+  char v811; // [rsp-D3AEh] [rbp-D3BEh]
+  char v812; // [rsp-D3ADh] [rbp-D3BDh]
+  char v813; // [rsp-D3ACh] [rbp-D3BCh]
+  char v814; // [rsp-D3ABh] [rbp-D3BBh]
+  char v815; // [rsp-D3AAh] [rbp-D3BAh]
+  char v816; // [rsp-D3A9h] [rbp-D3B9h]
+  char v817; // [rsp-D3A8h] [rbp-D3B8h]
+  char v818; // [rsp-D3A7h] [rbp-D3B7h]
+  char v819; // [rsp-D3A6h] [rbp-D3B6h]
+  char v820; // [rsp-D3A5h] [rbp-D3B5h]
+  char v821; // [rsp-D3A4h] [rbp-D3B4h]
+  char v822; // [rsp-D3A3h] [rbp-D3B3h]
+  char v823; // [rsp-D3A2h] [rbp-D3B2h]
+  char v824; // [rsp-D3A1h] [rbp-D3B1h]
+  char str_getprocesstimes_1; // [rsp-D3A0h] [rbp-D3B0h]
+  char v826; // [rsp-D39Fh] [rbp-D3AFh]
+  char v827; // [rsp-D39Eh] [rbp-D3AEh]
+  char v828; // [rsp-D39Dh] [rbp-D3ADh]
+  char v829; // [rsp-D39Ch] [rbp-D3ACh]
+  char v830; // [rsp-D39Bh] [rbp-D3ABh]
+  char v831; // [rsp-D39Ah] [rbp-D3AAh]
+  char v832; // [rsp-D399h] [rbp-D3A9h]
+  char v833; // [rsp-D398h] [rbp-D3A8h]
+  char v834; // [rsp-D397h] [rbp-D3A7h]
+  char v835; // [rsp-D396h] [rbp-D3A6h]
+  char v836; // [rsp-D395h] [rbp-D3A5h]
+  char v837; // [rsp-D394h] [rbp-D3A4h]
+  char v838; // [rsp-D393h] [rbp-D3A3h]
+  char v839; // [rsp-D392h] [rbp-D3A2h]
+  char v840; // [rsp-D391h] [rbp-D3A1h]
+  char str_getthreadcontext; // [rsp-D390h] [rbp-D3A0h]
+  char v842; // [rsp-D38Fh] [rbp-D39Fh]
+  char v843; // [rsp-D38Eh] [rbp-D39Eh]
+  char v844; // [rsp-D38Dh] [rbp-D39Dh]
+  char v845; // [rsp-D38Ch] [rbp-D39Ch]
+  char v846; // [rsp-D38Bh] [rbp-D39Bh]
+  char v847; // [rsp-D38Ah] [rbp-D39Ah]
+  char v848; // [rsp-D389h] [rbp-D399h]
+  char v849; // [rsp-D388h] [rbp-D398h]
+  char v850; // [rsp-D387h] [rbp-D397h]
+  char v851; // [rsp-D386h] [rbp-D396h]
+  char v852; // [rsp-D385h] [rbp-D395h]
+  char v853; // [rsp-D384h] [rbp-D394h]
+  char v854; // [rsp-D383h] [rbp-D393h]
+  char v855; // [rsp-D382h] [rbp-D392h]
+  char v856; // [rsp-D381h] [rbp-D391h]
+  char v857; // [rsp-D380h] [rbp-D390h]
+  char str_nxdetoursdll; // [rsp-D378h] [rbp-D388h]
+  char v859; // [rsp-D377h] [rbp-D387h]
+  char v860; // [rsp-D376h] [rbp-D386h]
+  char v861; // [rsp-D375h] [rbp-D385h]
+  char v862; // [rsp-D374h] [rbp-D384h]
+  char v863; // [rsp-D373h] [rbp-D383h]
+  char v864; // [rsp-D372h] [rbp-D382h]
+  char v865; // [rsp-D371h] [rbp-D381h]
+  char v866; // [rsp-D370h] [rbp-D380h]
+  char v867; // [rsp-D36Fh] [rbp-D37Fh]
+  char v868; // [rsp-D36Eh] [rbp-D37Eh]
+  char v869; // [rsp-D36Dh] [rbp-D37Dh]
+  char v870; // [rsp-D36Ch] [rbp-D37Ch]
+  char v871; // [rsp-D36Bh] [rbp-D37Bh]
+  char v872; // [rsp-D36Ah] [rbp-D37Ah]
+  char v873; // [rsp-D369h] [rbp-D379h]
+  char v874; // [rsp-D368h] [rbp-D378h]
+  char str_debugprivilege; // [rsp-D360h] [rbp-D370h]
+  char v876; // [rsp-D35Fh] [rbp-D36Fh]
+  char v877; // [rsp-D35Eh] [rbp-D36Eh]
+  char v878; // [rsp-D35Dh] [rbp-D36Dh]
+  char v879; // [rsp-D35Ch] [rbp-D36Ch]
+  char v880; // [rsp-D35Bh] [rbp-D36Bh]
+  char v881; // [rsp-D35Ah] [rbp-D36Ah]
+  char v882; // [rsp-D359h] [rbp-D369h]
+  char v883; // [rsp-D358h] [rbp-D368h]
+  char v884; // [rsp-D357h] [rbp-D367h]
+  char v885; // [rsp-D356h] [rbp-D366h]
+  char v886; // [rsp-D355h] [rbp-D365h]
+  char v887; // [rsp-D354h] [rbp-D364h]
+  char v888; // [rsp-D353h] [rbp-D363h]
+  char v889; // [rsp-D352h] [rbp-D362h]
+  char v890; // [rsp-D351h] [rbp-D361h]
+  char v891; // [rsp-D350h] [rbp-D360h]
+  char str_openprocesstoken; // [rsp-D348h] [rbp-D358h]
+  char v893; // [rsp-D347h] [rbp-D357h]
+  char v894; // [rsp-D346h] [rbp-D356h]
+  char v895; // [rsp-D345h] [rbp-D355h]
+  char v896; // [rsp-D344h] [rbp-D354h]
+  char v897; // [rsp-D343h] [rbp-D353h]
+  char v898; // [rsp-D342h] [rbp-D352h]
+  char v899; // [rsp-D341h] [rbp-D351h]
+  char v900; // [rsp-D340h] [rbp-D350h]
+  char v901; // [rsp-D33Fh] [rbp-D34Fh]
+  char v902; // [rsp-D33Eh] [rbp-D34Eh]
+  char v903; // [rsp-D33Dh] [rbp-D34Dh]
+  char v904; // [rsp-D33Ch] [rbp-D34Ch]
+  char v905; // [rsp-D33Bh] [rbp-D34Bh]
+  char v906; // [rsp-D33Ah] [rbp-D34Ah]
+  char v907; // [rsp-D339h] [rbp-D349h]
+  char v908; // [rsp-D338h] [rbp-D348h]
+  char str_getcurrentprocess; // [rsp-D330h] [rbp-D340h]
+  char v910; // [rsp-D32Fh] [rbp-D33Fh]
+  char v911; // [rsp-D32Eh] [rbp-D33Eh]
+  char v912; // [rsp-D32Dh] [rbp-D33Dh]
+  char v913; // [rsp-D32Ch] [rbp-D33Ch]
+  char v914; // [rsp-D32Bh] [rbp-D33Bh]
+  char v915; // [rsp-D32Ah] [rbp-D33Ah]
+  char v916; // [rsp-D329h] [rbp-D339h]
+  char v917; // [rsp-D328h] [rbp-D338h]
+  char v918; // [rsp-D327h] [rbp-D337h]
+  char v919; // [rsp-D326h] [rbp-D336h]
+  char v920; // [rsp-D325h] [rbp-D335h]
+  char v921; // [rsp-D324h] [rbp-D334h]
+  char v922; // [rsp-D323h] [rbp-D333h]
+  char v923; // [rsp-D322h] [rbp-D332h]
+  char v924; // [rsp-D321h] [rbp-D331h]
+  char v925; // [rsp-D320h] [rbp-D330h]
+  char v926; // [rsp-D31Fh] [rbp-D32Fh]
+  char str_networkdllx64; // [rsp-D318h] [rbp-D328h]
+  char v928; // [rsp-D317h] [rbp-D327h]
+  char v929; // [rsp-D316h] [rbp-D326h]
+  char v930; // [rsp-D315h] [rbp-D325h]
+  char v931; // [rsp-D314h] [rbp-D324h]
+  char v932; // [rsp-D313h] [rbp-D323h]
+  char v933; // [rsp-D312h] [rbp-D322h]
+  char v934; // [rsp-D311h] [rbp-D321h]
+  char v935; // [rsp-D310h] [rbp-D320h]
+  char v936; // [rsp-D30Fh] [rbp-D31Fh]
+  char v937; // [rsp-D30Eh] [rbp-D31Eh]
+  char v938; // [rsp-D30Dh] [rbp-D31Dh]
+  char v939; // [rsp-D30Ch] [rbp-D31Ch]
+  char v940; // [rsp-D30Bh] [rbp-D31Bh]
+  char v941; // [rsp-D30Ah] [rbp-D31Ah]
+  char v942; // [rsp-D309h] [rbp-D319h]
+  char v943; // [rsp-D308h] [rbp-D318h]
+  char v944; // [rsp-D307h] [rbp-D317h]
+  char v945; // [rsp-D300h] [rbp-D310h]
+  char v946; // [rsp-D2FFh] [rbp-D30Fh]
+  char v947; // [rsp-D2FEh] [rbp-D30Eh]
+  char v948; // [rsp-D2FDh] [rbp-D30Dh]
+  char v949; // [rsp-D2FCh] [rbp-D30Ch]
+  char v950; // [rsp-D2FBh] [rbp-D30Bh]
+  char v951; // [rsp-D2FAh] [rbp-D30Ah]
+  char v952; // [rsp-D2F9h] [rbp-D309h]
+  char v953; // [rsp-D2F8h] [rbp-D308h]
+  char v954; // [rsp-D2F7h] [rbp-D307h]
+  char v955; // [rsp-D2F6h] [rbp-D306h]
+  char v956; // [rsp-D2F5h] [rbp-D305h]
+  char v957; // [rsp-D2F4h] [rbp-D304h]
+  char v958; // [rsp-D2F3h] [rbp-D303h]
+  char v959; // [rsp-D2F2h] [rbp-D302h]
+  char v960; // [rsp-D2F1h] [rbp-D301h]
+  char v961; // [rsp-D2F0h] [rbp-D300h]
+  char v962; // [rsp-D2EFh] [rbp-D2FFh]
+  char str_ntgetcontextthread; // [rsp-D2E8h] [rbp-D2F8h]
+  char v964; // [rsp-D2E7h] [rbp-D2F7h]
+  char v965; // [rsp-D2E6h] [rbp-D2F6h]
+  char v966; // [rsp-D2E5h] [rbp-D2F5h]
+  char v967; // [rsp-D2E4h] [rbp-D2F4h]
+  char v968; // [rsp-D2E3h] [rbp-D2F3h]
+  char v969; // [rsp-D2E2h] [rbp-D2F2h]
+  char v970; // [rsp-D2E1h] [rbp-D2F1h]
+  char v971; // [rsp-D2E0h] [rbp-D2F0h]
+  char v972; // [rsp-D2DFh] [rbp-D2EFh]
+  char v973; // [rsp-D2DEh] [rbp-D2EEh]
+  char v974; // [rsp-D2DDh] [rbp-D2EDh]
+  char v975; // [rsp-D2DCh] [rbp-D2ECh]
+  char v976; // [rsp-D2DBh] [rbp-D2EBh]
+  char v977; // [rsp-D2DAh] [rbp-D2EAh]
+  char v978; // [rsp-D2D9h] [rbp-D2E9h]
+  char v979; // [rsp-D2D8h] [rbp-D2E8h]
+  char v980; // [rsp-D2D7h] [rbp-D2E7h]
+  char v981; // [rsp-D2D6h] [rbp-D2E6h]
+  char str_getexitcodeprocess; // [rsp-D2D0h] [rbp-D2E0h]
+  char v983; // [rsp-D2CFh] [rbp-D2DFh]
+  char v984; // [rsp-D2CEh] [rbp-D2DEh]
+  char v985; // [rsp-D2CDh] [rbp-D2DDh]
+  char v986; // [rsp-D2CCh] [rbp-D2DCh]
+  char v987; // [rsp-D2CBh] [rbp-D2DBh]
+  char v988; // [rsp-D2CAh] [rbp-D2DAh]
+  char v989; // [rsp-D2C9h] [rbp-D2D9h]
+  char v990; // [rsp-D2C8h] [rbp-D2D8h]
+  char v991; // [rsp-D2C7h] [rbp-D2D7h]
+  char v992; // [rsp-D2C6h] [rbp-D2D6h]
+  char v993; // [rsp-D2C5h] [rbp-D2D5h]
+  char v994; // [rsp-D2C4h] [rbp-D2D4h]
+  char v995; // [rsp-D2C3h] [rbp-D2D3h]
+  char v996; // [rsp-D2C2h] [rbp-D2D2h]
+  char v997; // [rsp-D2C1h] [rbp-D2D1h]
+  char v998; // [rsp-D2C0h] [rbp-D2D0h]
+  char v999; // [rsp-D2BFh] [rbp-D2CFh]
+  char v1000; // [rsp-D2BEh] [rbp-D2CEh]
+  char v1001; // [rsp-D2B8h] [rbp-D2C8h]
+  char v1002; // [rsp-D2B7h] [rbp-D2C7h]
+  char v1003; // [rsp-D2B6h] [rbp-D2C6h]
+  char v1004; // [rsp-D2B5h] [rbp-D2C5h]
+  char v1005; // [rsp-D2B4h] [rbp-D2C4h]
+  char v1006; // [rsp-D2B3h] [rbp-D2C3h]
+  char v1007; // [rsp-D2B2h] [rbp-D2C2h]
+  char v1008; // [rsp-D2B1h] [rbp-D2C1h]
+  char v1009; // [rsp-D2B0h] [rbp-D2C0h]
+  char v1010; // [rsp-D2AFh] [rbp-D2BFh]
+  char v1011; // [rsp-D2AEh] [rbp-D2BEh]
+  char v1012; // [rsp-D2ADh] [rbp-D2BDh]
+  char v1013; // [rsp-D2ACh] [rbp-D2BCh]
+  char v1014; // [rsp-D2ABh] [rbp-D2BBh]
+  char v1015; // [rsp-D2AAh] [rbp-D2BAh]
+  char v1016; // [rsp-D2A9h] [rbp-D2B9h]
+  char v1017; // [rsp-D2A8h] [rbp-D2B8h]
+  char v1018; // [rsp-D2A7h] [rbp-D2B7h]
+  char v1019; // [rsp-D2A6h] [rbp-D2B6h]
+  char str_ntreadvirtualmemory; // [rsp-D2A0h] [rbp-D2B0h]
+  char v1021; // [rsp-D29Fh] [rbp-D2AFh]
+  char v1022; // [rsp-D29Eh] [rbp-D2AEh]
+  char v1023; // [rsp-D29Dh] [rbp-D2ADh]
+  char v1024; // [rsp-D29Ch] [rbp-D2ACh]
+  char v1025; // [rsp-D29Bh] [rbp-D2ABh]
+  char v1026; // [rsp-D29Ah] [rbp-D2AAh]
+  char v1027; // [rsp-D299h] [rbp-D2A9h]
+  char v1028; // [rsp-D298h] [rbp-D2A8h]
+  char v1029; // [rsp-D297h] [rbp-D2A7h]
+  char v1030; // [rsp-D296h] [rbp-D2A6h]
+  char v1031; // [rsp-D295h] [rbp-D2A5h]
+  char v1032; // [rsp-D294h] [rbp-D2A4h]
+  char v1033; // [rsp-D293h] [rbp-D2A3h]
+  char v1034; // [rsp-D292h] [rbp-D2A2h]
+  char v1035; // [rsp-D291h] [rbp-D2A1h]
+  char v1036; // [rsp-D290h] [rbp-D2A0h]
+  char v1037; // [rsp-D28Fh] [rbp-D29Fh]
+  char v1038; // [rsp-D28Eh] [rbp-D29Eh]
+  char v1039; // [rsp-D28Dh] [rbp-D29Dh]
+  char str_widechartomultibyte; // [rsp-D288h] [rbp-D298h]
+  char v1041; // [rsp-D287h] [rbp-D297h]
+  char v1042; // [rsp-D286h] [rbp-D296h]
+  char v1043; // [rsp-D285h] [rbp-D295h]
+  char v1044; // [rsp-D284h] [rbp-D294h]
+  char v1045; // [rsp-D283h] [rbp-D293h]
+  char v1046; // [rsp-D282h] [rbp-D292h]
+  char v1047; // [rsp-D281h] [rbp-D291h]
+  char v1048; // [rsp-D280h] [rbp-D290h]
+  char v1049; // [rsp-D27Fh] [rbp-D28Fh]
+  char v1050; // [rsp-D27Eh] [rbp-D28Eh]
+  char v1051; // [rsp-D27Dh] [rbp-D28Dh]
+  char v1052; // [rsp-D27Ch] [rbp-D28Ch]
+  char v1053; // [rsp-D27Bh] [rbp-D28Bh]
+  char v1054; // [rsp-D27Ah] [rbp-D28Ah]
+  char v1055; // [rsp-D279h] [rbp-D289h]
+  char v1056; // [rsp-D278h] [rbp-D288h]
+  char v1057; // [rsp-D277h] [rbp-D287h]
+  char v1058; // [rsp-D276h] [rbp-D286h]
+  char v1059; // [rsp-D275h] [rbp-D285h]
+  char str_getextendedTcptable; // [rsp-D270h] [rbp-D280h]
+  char v1061; // [rsp-D26Fh] [rbp-D27Fh]
+  char v1062; // [rsp-D26Eh] [rbp-D27Eh]
+  char v1063; // [rsp-D26Dh] [rbp-D27Dh]
+  char v1064; // [rsp-D26Ch] [rbp-D27Ch]
+  char v1065; // [rsp-D26Bh] [rbp-D27Bh]
+  char v1066; // [rsp-D26Ah] [rbp-D27Ah]
+  char v1067; // [rsp-D269h] [rbp-D279h]
+  char v1068; // [rsp-D268h] [rbp-D278h]
+  char v1069; // [rsp-D267h] [rbp-D277h]
+  char v1070; // [rsp-D266h] [rbp-D276h]
+  char v1071; // [rsp-D265h] [rbp-D275h]
+  char v1072; // [rsp-D264h] [rbp-D274h]
+  char v1073; // [rsp-D263h] [rbp-D273h]
+  char v1074; // [rsp-D262h] [rbp-D272h]
+  char v1075; // [rsp-D261h] [rbp-D271h]
+  char v1076; // [rsp-D260h] [rbp-D270h]
+  char v1077; // [rsp-D25Fh] [rbp-D26Fh]
+  char v1078; // [rsp-D25Eh] [rbp-D26Eh]
+  char v1079; // [rsp-D25Dh] [rbp-D26Dh]
+  char str_getcurrentprocessid; // [rsp-D258h] [rbp-D268h]
+  char v1081; // [rsp-D257h] [rbp-D267h]
+  char v1082; // [rsp-D256h] [rbp-D266h]
+  char v1083; // [rsp-D255h] [rbp-D265h]
+  char v1084; // [rsp-D254h] [rbp-D264h]
+  char v1085; // [rsp-D253h] [rbp-D263h]
+  char v1086; // [rsp-D252h] [rbp-D262h]
+  char v1087; // [rsp-D251h] [rbp-D261h]
+  char v1088; // [rsp-D250h] [rbp-D260h]
+  char v1089; // [rsp-D24Fh] [rbp-D25Fh]
+  char v1090; // [rsp-D24Eh] [rbp-D25Eh]
+  char v1091; // [rsp-D24Dh] [rbp-D25Dh]
+  char v1092; // [rsp-D24Ch] [rbp-D25Ch]
+  char v1093; // [rsp-D24Bh] [rbp-D25Bh]
+  char v1094; // [rsp-D24Ah] [rbp-D25Ah]
+  char v1095; // [rsp-D249h] [rbp-D259h]
+  char v1096; // [rsp-D248h] [rbp-D258h]
+  char v1097; // [rsp-D247h] [rbp-D257h]
+  char v1098; // [rsp-D246h] [rbp-D256h]
+  char v1099; // [rsp-D245h] [rbp-D255h]
+  char str_getfileattributesexw; // [rsp-D240h] [rbp-D250h]
+  char v1101; // [rsp-D23Fh] [rbp-D24Fh]
+  char v1102; // [rsp-D23Eh] [rbp-D24Eh]
+  char v1103; // [rsp-D23Dh] [rbp-D24Dh]
+  char v1104; // [rsp-D23Ch] [rbp-D24Ch]
+  char v1105; // [rsp-D23Bh] [rbp-D24Bh]
+  char v1106; // [rsp-D23Ah] [rbp-D24Ah]
+  char v1107; // [rsp-D239h] [rbp-D249h]
+  char v1108; // [rsp-D238h] [rbp-D248h]
+  char v1109; // [rsp-D237h] [rbp-D247h]
+  char v1110; // [rsp-D236h] [rbp-D246h]
+  char v1111; // [rsp-D235h] [rbp-D245h]
+  char v1112; // [rsp-D234h] [rbp-D244h]
+  char v1113; // [rsp-D233h] [rbp-D243h]
+  char v1114; // [rsp-D232h] [rbp-D242h]
+  char v1115; // [rsp-D231h] [rbp-D241h]
+  char v1116; // [rsp-D230h] [rbp-D240h]
+  char v1117; // [rsp-D22Fh] [rbp-D23Fh]
+  char v1118; // [rsp-D22Eh] [rbp-D23Eh]
+  char v1119; // [rsp-D22Dh] [rbp-D23Dh]
+  char v1120; // [rsp-D22Ch] [rbp-D23Ch]
+  char str_getfileattributesexa; // [rsp-D228h] [rbp-D238h]
+  char v1122; // [rsp-D227h] [rbp-D237h]
+  char v1123; // [rsp-D226h] [rbp-D236h]
+  char v1124; // [rsp-D225h] [rbp-D235h]
+  char v1125; // [rsp-D224h] [rbp-D234h]
+  char v1126; // [rsp-D223h] [rbp-D233h]
+  char v1127; // [rsp-D222h] [rbp-D232h]
+  char v1128; // [rsp-D221h] [rbp-D231h]
+  char v1129; // [rsp-D220h] [rbp-D230h]
+  char v1130; // [rsp-D21Fh] [rbp-D22Fh]
+  char v1131; // [rsp-D21Eh] [rbp-D22Eh]
+  char v1132; // [rsp-D21Dh] [rbp-D22Dh]
+  char v1133; // [rsp-D21Ch] [rbp-D22Ch]
+  char v1134; // [rsp-D21Bh] [rbp-D22Bh]
+  char v1135; // [rsp-D21Ah] [rbp-D22Ah]
+  char v1136; // [rsp-D219h] [rbp-D229h]
+  char v1137; // [rsp-D218h] [rbp-D228h]
+  char v1138; // [rsp-D217h] [rbp-D227h]
+  char v1139; // [rsp-D216h] [rbp-D226h]
+  char v1140; // [rsp-D215h] [rbp-D225h]
+  char v1141; // [rsp-D214h] [rbp-D224h]
+  char str_ntqueryvirtualmemory; // [rsp-D210h] [rbp-D220h]
+  char v1143; // [rsp-D20Fh] [rbp-D21Fh]
+  char v1144; // [rsp-D20Eh] [rbp-D21Eh]
+  char v1145; // [rsp-D20Dh] [rbp-D21Dh]
+  char v1146; // [rsp-D20Ch] [rbp-D21Ch]
+  char v1147; // [rsp-D20Bh] [rbp-D21Bh]
+  char v1148; // [rsp-D20Ah] [rbp-D21Ah]
+  char v1149; // [rsp-D209h] [rbp-D219h]
+  char v1150; // [rsp-D208h] [rbp-D218h]
+  char v1151; // [rsp-D207h] [rbp-D217h]
+  char v1152; // [rsp-D206h] [rbp-D216h]
+  char v1153; // [rsp-D205h] [rbp-D215h]
+  char v1154; // [rsp-D204h] [rbp-D214h]
+  char v1155; // [rsp-D203h] [rbp-D213h]
+  char v1156; // [rsp-D202h] [rbp-D212h]
+  char v1157; // [rsp-D201h] [rbp-D211h]
+  char v1158; // [rsp-D200h] [rbp-D210h]
+  char v1159; // [rsp-D1FFh] [rbp-D20Fh]
+  char v1160; // [rsp-D1FEh] [rbp-D20Eh]
+  char v1161; // [rsp-D1FDh] [rbp-D20Dh]
+  char v1162; // [rsp-D1FCh] [rbp-D20Ch]
+  char str_getfileattributesexw_1; // [rsp-D1F8h] [rbp-D208h]
+  char v1164; // [rsp-D1F7h] [rbp-D207h]
+  char v1165; // [rsp-D1F6h] [rbp-D206h]
+  char v1166; // [rsp-D1F5h] [rbp-D205h]
+  char v1167; // [rsp-D1F4h] [rbp-D204h]
+  char v1168; // [rsp-D1F3h] [rbp-D203h]
+  char v1169; // [rsp-D1F2h] [rbp-D202h]
+  char v1170; // [rsp-D1F1h] [rbp-D201h]
+  char v1171; // [rsp-D1F0h] [rbp-D200h]
+  char v1172; // [rsp-D1EFh] [rbp-D1FFh]
+  char v1173; // [rsp-D1EEh] [rbp-D1FEh]
+  char v1174; // [rsp-D1EDh] [rbp-D1FDh]
+  char v1175; // [rsp-D1ECh] [rbp-D1FCh]
+  char v1176; // [rsp-D1EBh] [rbp-D1FBh]
+  char v1177; // [rsp-D1EAh] [rbp-D1FAh]
+  char v1178; // [rsp-D1E9h] [rbp-D1F9h]
+  char v1179; // [rsp-D1E8h] [rbp-D1F8h]
+  char v1180; // [rsp-D1E7h] [rbp-D1F7h]
+  char v1181; // [rsp-D1E6h] [rbp-D1F6h]
+  char v1182; // [rsp-D1E5h] [rbp-D1F5h]
+  char v1183; // [rsp-D1E4h] [rbp-D1F4h]
+  char str_lookupprivilegevaluea; // [rsp-D1E0h] [rbp-D1F0h]
+  char v1185; // [rsp-D1DFh] [rbp-D1EFh]
+  char v1186; // [rsp-D1DEh] [rbp-D1EEh]
+  char v1187; // [rsp-D1DDh] [rbp-D1EDh]
+  char v1188; // [rsp-D1DCh] [rbp-D1ECh]
+  char v1189; // [rsp-D1DBh] [rbp-D1EBh]
+  char v1190; // [rsp-D1DAh] [rbp-D1EAh]
+  char v1191; // [rsp-D1D9h] [rbp-D1E9h]
+  char v1192; // [rsp-D1D8h] [rbp-D1E8h]
+  char v1193; // [rsp-D1D7h] [rbp-D1E7h]
+  char v1194; // [rsp-D1D6h] [rbp-D1E6h]
+  char v1195; // [rsp-D1D5h] [rbp-D1E5h]
+  char v1196; // [rsp-D1D4h] [rbp-D1E4h]
+  char v1197; // [rsp-D1D3h] [rbp-D1E3h]
+  char v1198; // [rsp-D1D2h] [rbp-D1E2h]
+  char v1199; // [rsp-D1D1h] [rbp-D1E1h]
+  char v1200; // [rsp-D1D0h] [rbp-D1E0h]
+  char v1201; // [rsp-D1CFh] [rbp-D1DFh]
+  char v1202; // [rsp-D1CEh] [rbp-D1DEh]
+  char v1203; // [rsp-D1CDh] [rbp-D1DDh]
+  char v1204; // [rsp-D1CCh] [rbp-D1DCh]
+  char v1205; // [rsp-D1CBh] [rbp-D1DBh]
+  char v1206; // [rsp-D1C8h] [rbp-D1D8h]
+  char v1207; // [rsp-D1C7h] [rbp-D1D7h]
+  char v1208; // [rsp-D1C6h] [rbp-D1D6h]
+  char v1209; // [rsp-D1C5h] [rbp-D1D5h]
+  char v1210; // [rsp-D1C4h] [rbp-D1D4h]
+  char v1211; // [rsp-D1C3h] [rbp-D1D3h]
+  char v1212; // [rsp-D1C2h] [rbp-D1D2h]
+  char v1213; // [rsp-D1C1h] [rbp-D1D1h]
+  char v1214; // [rsp-D1C0h] [rbp-D1D0h]
+  char v1215; // [rsp-D1BFh] [rbp-D1CFh]
+  char v1216; // [rsp-D1BEh] [rbp-D1CEh]
+  char v1217; // [rsp-D1BDh] [rbp-D1CDh]
+  char v1218; // [rsp-D1BCh] [rbp-D1CCh]
+  char v1219; // [rsp-D1BBh] [rbp-D1CBh]
+  char v1220; // [rsp-D1BAh] [rbp-D1CAh]
+  char v1221; // [rsp-D1B9h] [rbp-D1C9h]
+  char v1222; // [rsp-D1B8h] [rbp-D1C8h]
+  char v1223; // [rsp-D1B7h] [rbp-D1C7h]
+  char v1224; // [rsp-D1B6h] [rbp-D1C6h]
+  char v1225; // [rsp-D1B5h] [rbp-D1C5h]
+  char v1226; // [rsp-D1B4h] [rbp-D1C4h]
+  char v1227; // [rsp-D1B3h] [rbp-D1C3h]
+  char str_ntprotectvirtualmemory; // [rsp-D1B0h] [rbp-D1C0h]
+  char v1229; // [rsp-D1AFh] [rbp-D1BFh]
+  char v1230; // [rsp-D1AEh] [rbp-D1BEh]
+  char v1231; // [rsp-D1ADh] [rbp-D1BDh]
+  char v1232; // [rsp-D1ACh] [rbp-D1BCh]
+  char v1233; // [rsp-D1ABh] [rbp-D1BBh]
+  char v1234; // [rsp-D1AAh] [rbp-D1BAh]
+  char v1235; // [rsp-D1A9h] [rbp-D1B9h]
+  char v1236; // [rsp-D1A8h] [rbp-D1B8h]
+  char v1237; // [rsp-D1A7h] [rbp-D1B7h]
+  char v1238; // [rsp-D1A6h] [rbp-D1B6h]
+  char v1239; // [rsp-D1A5h] [rbp-D1B5h]
+  char v1240; // [rsp-D1A4h] [rbp-D1B4h]
+  char v1241; // [rsp-D1A3h] [rbp-D1B3h]
+  char v1242; // [rsp-D1A2h] [rbp-D1B2h]
+  char v1243; // [rsp-D1A1h] [rbp-D1B1h]
+  char v1244; // [rsp-D1A0h] [rbp-D1B0h]
+  char v1245; // [rsp-D19Fh] [rbp-D1AFh]
+  char v1246; // [rsp-D19Eh] [rbp-D1AEh]
+  char v1247; // [rsp-D19Dh] [rbp-D1ADh]
+  char v1248; // [rsp-D19Ch] [rbp-D1ACh]
+  char v1249; // [rsp-D19Bh] [rbp-D1ABh]
+  char v1250; // [rsp-D19Ah] [rbp-D1AAh]
+  char str_ntquerysysteminformation; // [rsp-D198h] [rbp-D1A8h]
+  char v1252; // [rsp-D197h] [rbp-D1A7h]
+  char v1253; // [rsp-D196h] [rbp-D1A6h]
+  char v1254; // [rsp-D195h] [rbp-D1A5h]
+  char v1255; // [rsp-D194h] [rbp-D1A4h]
+  char v1256; // [rsp-D193h] [rbp-D1A3h]
+  char v1257; // [rsp-D192h] [rbp-D1A2h]
+  char v1258; // [rsp-D191h] [rbp-D1A1h]
+  char v1259; // [rsp-D190h] [rbp-D1A0h]
+  char v1260; // [rsp-D18Fh] [rbp-D19Fh]
+  char v1261; // [rsp-D18Eh] [rbp-D19Eh]
+  char v1262; // [rsp-D18Dh] [rbp-D19Dh]
+  char v1263; // [rsp-D18Ch] [rbp-D19Ch]
+  char v1264; // [rsp-D18Bh] [rbp-D19Bh]
+  char v1265; // [rsp-D18Ah] [rbp-D19Ah]
+  char v1266; // [rsp-D189h] [rbp-D199h]
+  char v1267; // [rsp-D188h] [rbp-D198h]
+  char v1268; // [rsp-D187h] [rbp-D197h]
+  char v1269; // [rsp-D186h] [rbp-D196h]
+  char v1270; // [rsp-D185h] [rbp-D195h]
+  char v1271; // [rsp-D184h] [rbp-D194h]
+  char v1272; // [rsp-D183h] [rbp-D193h]
+  char v1273; // [rsp-D182h] [rbp-D192h]
+  char v1274; // [rsp-D181h] [rbp-D191h]
+  char v1275; // [rsp-D180h] [rbp-D190h]
+  char str_getwindowthreadprocessid; // [rsp-D178h] [rbp-D188h]
+  char v1277; // [rsp-D177h] [rbp-D187h]
+  char v1278; // [rsp-D176h] [rbp-D186h]
+  char v1279; // [rsp-D175h] [rbp-D185h]
+  char v1280; // [rsp-D174h] [rbp-D184h]
+  char v1281; // [rsp-D173h] [rbp-D183h]
+  char v1282; // [rsp-D172h] [rbp-D182h]
+  char v1283; // [rsp-D171h] [rbp-D181h]
+  char v1284; // [rsp-D170h] [rbp-D180h]
+  char v1285; // [rsp-D16Fh] [rbp-D17Fh]
+  char v1286; // [rsp-D16Eh] [rbp-D17Eh]
+  char v1287; // [rsp-D16Dh] [rbp-D17Dh]
+  char v1288; // [rsp-D16Ch] [rbp-D17Ch]
+  char v1289; // [rsp-D16Bh] [rbp-D17Bh]
+  char v1290; // [rsp-D16Ah] [rbp-D17Ah]
+  char v1291; // [rsp-D169h] [rbp-D179h]
+  char v1292; // [rsp-D168h] [rbp-D178h]
+  char v1293; // [rsp-D167h] [rbp-D177h]
+  char v1294; // [rsp-D166h] [rbp-D176h]
+  char v1295; // [rsp-D165h] [rbp-D175h]
+  char v1296; // [rsp-D164h] [rbp-D174h]
+  char v1297; // [rsp-D163h] [rbp-D173h]
+  char v1298; // [rsp-D162h] [rbp-D172h]
+  char v1299; // [rsp-D161h] [rbp-D171h]
+  char v1300; // [rsp-D160h] [rbp-D170h]
+  char str_createtoolhelp32snapshot; // [rsp-D158h] [rbp-D168h]
+  char v1302; // [rsp-D157h] [rbp-D167h]
+  char v1303; // [rsp-D156h] [rbp-D166h]
+  char v1304; // [rsp-D155h] [rbp-D165h]
+  char v1305; // [rsp-D154h] [rbp-D164h]
+  char v1306; // [rsp-D153h] [rbp-D163h]
+  char v1307; // [rsp-D152h] [rbp-D162h]
+  char v1308; // [rsp-D151h] [rbp-D161h]
+  char v1309; // [rsp-D150h] [rbp-D160h]
+  char v1310; // [rsp-D14Fh] [rbp-D15Fh]
+  char v1311; // [rsp-D14Eh] [rbp-D15Eh]
+  char v1312; // [rsp-D14Dh] [rbp-D15Dh]
+  char v1313; // [rsp-D14Ch] [rbp-D15Ch]
+  char v1314; // [rsp-D14Bh] [rbp-D15Bh]
+  char v1315; // [rsp-D14Ah] [rbp-D15Ah]
+  char v1316; // [rsp-D149h] [rbp-D159h]
+  char v1317; // [rsp-D148h] [rbp-D158h]
+  char v1318; // [rsp-D147h] [rbp-D157h]
+  char v1319; // [rsp-D146h] [rbp-D156h]
+  char v1320; // [rsp-D145h] [rbp-D155h]
+  char v1321; // [rsp-D144h] [rbp-D154h]
+  char v1322; // [rsp-D143h] [rbp-D153h]
+  char v1323; // [rsp-D142h] [rbp-D152h]
+  char v1324; // [rsp-D141h] [rbp-D151h]
+  char v1325; // [rsp-D140h] [rbp-D150h]
+  char str_ntqueryinformationprocess; // [rsp-D138h] [rbp-D148h]
+  char v1327; // [rsp-D137h] [rbp-D147h]
+  char v1328; // [rsp-D136h] [rbp-D146h]
+  char v1329; // [rsp-D135h] [rbp-D145h]
+  char v1330; // [rsp-D134h] [rbp-D144h]
+  char v1331; // [rsp-D133h] [rbp-D143h]
+  char v1332; // [rsp-D132h] [rbp-D142h]
+  char v1333; // [rsp-D131h] [rbp-D141h]
+  char v1334; // [rsp-D130h] [rbp-D140h]
+  char v1335; // [rsp-D12Fh] [rbp-D13Fh]
+  char v1336; // [rsp-D12Eh] [rbp-D13Eh]
+  char v1337; // [rsp-D12Dh] [rbp-D13Dh]
+  char v1338; // [rsp-D12Ch] [rbp-D13Ch]
+  char v1339; // [rsp-D12Bh] [rbp-D13Bh]
+  char v1340; // [rsp-D12Ah] [rbp-D13Ah]
+  char v1341; // [rsp-D129h] [rbp-D139h]
+  char v1342; // [rsp-D128h] [rbp-D138h]
+  char v1343; // [rsp-D127h] [rbp-D137h]
+  char v1344; // [rsp-D126h] [rbp-D136h]
+  char v1345; // [rsp-D125h] [rbp-D135h]
+  char v1346; // [rsp-D124h] [rbp-D134h]
+  char v1347; // [rsp-D123h] [rbp-D133h]
+  char v1348; // [rsp-D122h] [rbp-D132h]
+  char v1349; // [rsp-D121h] [rbp-D131h]
+  char v1350; // [rsp-D120h] [rbp-D130h]
+  char v1351; // [rsp-D11Fh] [rbp-D12Fh]
+  char str_queryfullprocessimagename; // [rsp-D118h] [rbp-D128h]
+  char v1353; // [rsp-D117h] [rbp-D127h]
+  char v1354; // [rsp-D116h] [rbp-D126h]
+  char v1355; // [rsp-D115h] [rbp-D125h]
+  char v1356; // [rsp-D114h] [rbp-D124h]
+  char v1357; // [rsp-D113h] [rbp-D123h]
+  char v1358; // [rsp-D112h] [rbp-D122h]
+  char v1359; // [rsp-D111h] [rbp-D121h]
+  char v1360; // [rsp-D110h] [rbp-D120h]
+  char v1361; // [rsp-D10Fh] [rbp-D11Fh]
+  char v1362; // [rsp-D10Eh] [rbp-D11Eh]
+  char v1363; // [rsp-D10Dh] [rbp-D11Dh]
+  char v1364; // [rsp-D10Ch] [rbp-D11Ch]
+  char v1365; // [rsp-D10Bh] [rbp-D11Bh]
+  char v1366; // [rsp-D10Ah] [rbp-D11Ah]
+  char v1367; // [rsp-D109h] [rbp-D119h]
+  char v1368; // [rsp-D108h] [rbp-D118h]
+  char v1369; // [rsp-D107h] [rbp-D117h]
+  char v1370; // [rsp-D106h] [rbp-D116h]
+  char v1371; // [rsp-D105h] [rbp-D115h]
+  char v1372; // [rsp-D104h] [rbp-D114h]
+  char v1373; // [rsp-D103h] [rbp-D113h]
+  char v1374; // [rsp-D102h] [rbp-D112h]
+  char v1375; // [rsp-D101h] [rbp-D111h]
+  char v1376; // [rsp-D100h] [rbp-D110h]
+  char v1377; // [rsp-D0FFh] [rbp-D10Fh]
+  char v1378; // [rsp-D0FEh] [rbp-D10Eh]
+  char v1379; // [rsp-D0F8h] [rbp-D108h]
+  char v1380; // [rsp-D0F7h] [rbp-D107h]
+  char v1381; // [rsp-D0F6h] [rbp-D106h]
+  char v1382; // [rsp-D0F5h] [rbp-D105h]
+  char v1383; // [rsp-D0F4h] [rbp-D104h]
+  char v1384; // [rsp-D0F3h] [rbp-D103h]
+  char v1385; // [rsp-D0F2h] [rbp-D102h]
+  char v1386; // [rsp-D0F1h] [rbp-D101h]
+  char v1387; // [rsp-D0F0h] [rbp-D100h]
+  char v1388; // [rsp-D0EFh] [rbp-D0FFh]
+  char v1389; // [rsp-D0EEh] [rbp-D0FEh]
+  char v1390; // [rsp-D0EDh] [rbp-D0FDh]
+  char v1391; // [rsp-D0ECh] [rbp-D0FCh]
+  char v1392; // [rsp-D0EBh] [rbp-D0FBh]
+  char v1393; // [rsp-D0EAh] [rbp-D0FAh]
+  char v1394; // [rsp-D0E9h] [rbp-D0F9h]
+  char v1395; // [rsp-D0E8h] [rbp-D0F8h]
+  char v1396; // [rsp-D0E7h] [rbp-D0F7h]
+  char v1397; // [rsp-D0E6h] [rbp-D0F6h]
+  char v1398; // [rsp-D0E5h] [rbp-D0F5h]
+  char v1399; // [rsp-D0E4h] [rbp-D0F4h]
+  char v1400; // [rsp-D0E3h] [rbp-D0F3h]
+  char v1401; // [rsp-D0E2h] [rbp-D0F2h]
+  char v1402; // [rsp-D0E1h] [rbp-D0F1h]
+  char v1403; // [rsp-D0E0h] [rbp-D0F0h]
+  char v1404; // [rsp-D0DFh] [rbp-D0EFh]
+  char v1405; // [rsp-D0DEh] [rbp-D0EEh]
+  char v1406; // [rsp-D0DDh] [rbp-D0EDh]
+  char v1407; // [rsp-D0DCh] [rbp-D0ECh]
+  char v1408; // [rsp-D0DBh] [rbp-D0EBh]
+  char v1409; // [rsp-D0DAh] [rbp-D0EAh]
+  char v1410; // [rsp-D0D9h] [rbp-D0E9h]
+  char v1411; // [rsp-D0D8h] [rbp-D0E8h]
+  char v1412; // [rsp-D0D7h] [rbp-D0E7h]
+  char v1413; // [rsp-D0D6h] [rbp-D0E6h]
+  char v1414; // [rsp-D0D5h] [rbp-D0E5h]
+  char v1415; // [rsp-D0D4h] [rbp-D0E4h]
+  char v1416; // [rsp-D0D3h] [rbp-D0E3h]
+  char v1417; // [rsp-D0D2h] [rbp-D0E2h]
+  char v1418; // [rsp-D0D1h] [rbp-D0E1h]
+  char v1419; // [rsp-D0D0h] [rbp-D0E0h]
+  char v1420; // [rsp-D0CFh] [rbp-D0DFh]
+  char v1421; // [rsp-D0CEh] [rbp-D0DEh]
+  char v1422; // [rsp-D0C8h] [rbp-D0D8h]
+  char v1423; // [rsp-D0C7h] [rbp-D0D7h]
+  char v1424; // [rsp-D0C6h] [rbp-D0D6h]
+  char v1425; // [rsp-D0C5h] [rbp-D0D5h]
+  char v1426; // [rsp-D0C4h] [rbp-D0D4h]
+  char v1427; // [rsp-D0C3h] [rbp-D0D3h]
+  char v1428; // [rsp-D0C2h] [rbp-D0D2h]
+  char v1429; // [rsp-D0C1h] [rbp-D0D1h]
+  char v1430; // [rsp-D0C0h] [rbp-D0D0h]
+  char v1431; // [rsp-D0BFh] [rbp-D0CFh]
+  char v1432; // [rsp-D0BEh] [rbp-D0CEh]
+  char v1433; // [rsp-D0BDh] [rbp-D0CDh]
+  char v1434; // [rsp-D0BCh] [rbp-D0CCh]
+  char v1435; // [rsp-D0BBh] [rbp-D0CBh]
+  char v1436; // [rsp-D0BAh] [rbp-D0CAh]
+  char v1437; // [rsp-D0B9h] [rbp-D0C9h]
+  char v1438; // [rsp-D0B8h] [rbp-D0C8h]
+  char v1439; // [rsp-D0B7h] [rbp-D0C7h]
+  char v1440; // [rsp-D0B6h] [rbp-D0C6h]
+  char v1441; // [rsp-D0B5h] [rbp-D0C5h]
+  char v1442; // [rsp-D0B4h] [rbp-D0C4h]
+  char v1443; // [rsp-D0B3h] [rbp-D0C3h]
+  char v1444; // [rsp-D0B2h] [rbp-D0C2h]
+  char v1445; // [rsp-D0B1h] [rbp-D0C1h]
+  char v1446; // [rsp-D0B0h] [rbp-D0C0h]
+  char v1447; // [rsp-D0AFh] [rbp-D0BFh]
+  char v1448; // [rsp-D0AEh] [rbp-D0BEh]
+  char v1449; // [rsp-D0ADh] [rbp-D0BDh]
+  char v1450; // [rsp-D0ACh] [rbp-D0BCh]
+  char v1451; // [rsp-D0ABh] [rbp-D0BBh]
+  char v1452; // [rsp-D0AAh] [rbp-D0BAh]
+  char v1453; // [rsp-D0A9h] [rbp-D0B9h]
+  char v1454; // [rsp-D0A8h] [rbp-D0B8h]
+  char v1455; // [rsp-D0A7h] [rbp-D0B7h]
+  char v1456; // [rsp-D0A6h] [rbp-D0B6h]
+  char v1457; // [rsp-D0A5h] [rbp-D0B5h]
+  char v1458; // [rsp-D0A4h] [rbp-D0B4h]
+  char v1459; // [rsp-D0A3h] [rbp-D0B3h]
+  char v1460; // [rsp-D0A2h] [rbp-D0B2h]
+  char v1461; // [rsp-D0A1h] [rbp-D0B1h]
+  char v1462; // [rsp-D0A0h] [rbp-D0B0h]
+  char v1463; // [rsp-D09Fh] [rbp-D0AFh]
+  char v1464; // [rsp-D09Eh] [rbp-D0AEh]
+  char v1465; // [rsp-D09Dh] [rbp-D0ADh]
+  char v1466; // [rsp-D09Ch] [rbp-D0ACh]
+  char v1467; // [rsp-D09Bh] [rbp-D0ABh]
+  char v1468; // [rsp-D09Ah] [rbp-D0AAh]
+  char v1469; // [rsp-D099h] [rbp-D0A9h]
+  char v1470; // [rsp-D098h] [rbp-D0A8h]
+  char v1471; // [rsp-D097h] [rbp-D0A7h]
+  char v1472; // [rsp-D090h] [rbp-D0A0h]
+  char v1473; // [rsp-D08Fh] [rbp-D09Fh]
+  char v1474; // [rsp-D08Eh] [rbp-D09Eh]
+  char v1475; // [rsp-D08Dh] [rbp-D09Dh]
+  char v1476; // [rsp-D08Ch] [rbp-D09Ch]
+  char v1477; // [rsp-D08Bh] [rbp-D09Bh]
+  char v1478; // [rsp-D08Ah] [rbp-D09Ah]
+  char v1479; // [rsp-D089h] [rbp-D099h]
+  char v1480; // [rsp-D088h] [rbp-D098h]
+  char v1481; // [rsp-D087h] [rbp-D097h]
+  char v1482; // [rsp-D086h] [rbp-D096h]
+  char v1483; // [rsp-D085h] [rbp-D095h]
+  char v1484; // [rsp-D084h] [rbp-D094h]
+  char v1485; // [rsp-D083h] [rbp-D093h]
+  char v1486; // [rsp-D082h] [rbp-D092h]
+  char v1487; // [rsp-D081h] [rbp-D091h]
+  char v1488; // [rsp-D080h] [rbp-D090h]
+  char v1489; // [rsp-D07Fh] [rbp-D08Fh]
+  char v1490; // [rsp-D07Eh] [rbp-D08Eh]
+  char v1491; // [rsp-D07Dh] [rbp-D08Dh]
+  char v1492; // [rsp-D07Ch] [rbp-D08Ch]
+  char v1493; // [rsp-D07Bh] [rbp-D08Bh]
+  char v1494; // [rsp-D07Ah] [rbp-D08Ah]
+  char v1495; // [rsp-D079h] [rbp-D089h]
+  char v1496; // [rsp-D078h] [rbp-D088h]
+  char v1497; // [rsp-D077h] [rbp-D087h]
+  char v1498; // [rsp-D076h] [rbp-D086h]
+  char v1499; // [rsp-D075h] [rbp-D085h]
+  char v1500; // [rsp-D074h] [rbp-D084h]
+  char v1501; // [rsp-D073h] [rbp-D083h]
+  char v1502; // [rsp-D072h] [rbp-D082h]
+  char v1503; // [rsp-D071h] [rbp-D081h]
+  char v1504; // [rsp-D070h] [rbp-D080h]
+  char v1505; // [rsp-D06Fh] [rbp-D07Fh]
+  char v1506; // [rsp-D06Eh] [rbp-D07Eh]
+  char v1507; // [rsp-D06Dh] [rbp-D07Dh]
+  char v1508; // [rsp-D06Ch] [rbp-D07Ch]
+  char v1509; // [rsp-D06Bh] [rbp-D07Bh]
+  char v1510; // [rsp-D06Ah] [rbp-D07Ah]
+  char v1511; // [rsp-D069h] [rbp-D079h]
+  char v1512; // [rsp-D068h] [rbp-D078h]
+  char v1513; // [rsp-D067h] [rbp-D077h]
+  char v1514; // [rsp-D066h] [rbp-D076h]
+  char v1515; // [rsp-D065h] [rbp-D075h]
+  char v1516; // [rsp-D064h] [rbp-D074h]
+  char v1517; // [rsp-D063h] [rbp-D073h]
+  char v1518; // [rsp-D062h] [rbp-D072h]
+  char v1519; // [rsp-D061h] [rbp-D071h]
+  char v1520; // [rsp-D060h] [rbp-D070h]
+  char v1521; // [rsp-D05Fh] [rbp-D06Fh]
+  char v1522; // [rsp-D05Eh] [rbp-D06Eh]
+  char v1523; // [rsp-D05Dh] [rbp-D06Dh]
+  char v1524; // [rsp-D05Ch] [rbp-D06Ch]
+  char v1525; // [rsp-D058h] [rbp-D068h]
+  char v1526; // [rsp-D057h] [rbp-D067h]
+  char v1527; // [rsp-D056h] [rbp-D066h]
+  char v1528; // [rsp-D055h] [rbp-D065h]
+  char v1529; // [rsp-D054h] [rbp-D064h]
+  char v1530; // [rsp-D053h] [rbp-D063h]
+  char v1531; // [rsp-D052h] [rbp-D062h]
+  char v1532; // [rsp-D051h] [rbp-D061h]
+  char v1533; // [rsp-D050h] [rbp-D060h]
+  char v1534; // [rsp-D04Fh] [rbp-D05Fh]
+  char v1535; // [rsp-D04Eh] [rbp-D05Eh]
+  char v1536; // [rsp-D04Dh] [rbp-D05Dh]
+  char v1537; // [rsp-D04Ch] [rbp-D05Ch]
+  char v1538; // [rsp-D04Bh] [rbp-D05Bh]
+  char v1539; // [rsp-D04Ah] [rbp-D05Ah]
+  char v1540; // [rsp-D049h] [rbp-D059h]
+  char v1541; // [rsp-D048h] [rbp-D058h]
+  char v1542; // [rsp-D047h] [rbp-D057h]
+  char v1543; // [rsp-D046h] [rbp-D056h]
+  char v1544; // [rsp-D045h] [rbp-D055h]
+  char v1545; // [rsp-D044h] [rbp-D054h]
+  char v1546; // [rsp-D043h] [rbp-D053h]
+  char v1547; // [rsp-D042h] [rbp-D052h]
+  char v1548; // [rsp-D041h] [rbp-D051h]
+  char v1549; // [rsp-D040h] [rbp-D050h]
+  char v1550; // [rsp-D03Fh] [rbp-D04Fh]
+  char v1551; // [rsp-D03Eh] [rbp-D04Eh]
+  char v1552; // [rsp-D03Dh] [rbp-D04Dh]
+  char v1553; // [rsp-D03Ch] [rbp-D04Ch]
+  char v1554; // [rsp-D03Bh] [rbp-D04Bh]
+  char v1555; // [rsp-D03Ah] [rbp-D04Ah]
+  char v1556; // [rsp-D039h] [rbp-D049h]
+  char v1557; // [rsp-D038h] [rbp-D048h]
+  char v1558; // [rsp-D037h] [rbp-D047h]
+  char v1559; // [rsp-D036h] [rbp-D046h]
+  char v1560; // [rsp-D035h] [rbp-D045h]
+  char v1561; // [rsp-D034h] [rbp-D044h]
+  char v1562; // [rsp-D033h] [rbp-D043h]
+  char v1563; // [rsp-D032h] [rbp-D042h]
+  char v1564; // [rsp-D031h] [rbp-D041h]
+  char v1565; // [rsp-D030h] [rbp-D040h]
+  char v1566; // [rsp-D02Fh] [rbp-D03Fh]
+  char v1567; // [rsp-D02Eh] [rbp-D03Eh]
+  char v1568; // [rsp-D02Dh] [rbp-D03Dh]
+  char v1569; // [rsp-D02Ch] [rbp-D03Ch]
+  char v1570; // [rsp-D02Bh] [rbp-D03Bh]
+  char v1571; // [rsp-D02Ah] [rbp-D03Ah]
+  char v1572; // [rsp-D029h] [rbp-D039h]
+  char v1573; // [rsp-D028h] [rbp-D038h]
+  char v1574; // [rsp-D027h] [rbp-D037h]
+  char v1575; // [rsp-D026h] [rbp-D036h]
+  char v1576; // [rsp-D025h] [rbp-D035h]
+  char v1577; // [rsp-D024h] [rbp-D034h]
+  char v1578; // [rsp-D023h] [rbp-D033h]
+  char v1579; // [rsp-D022h] [rbp-D032h]
+  char v1580; // [rsp-D021h] [rbp-D031h]
+  char v1581; // [rsp-D020h] [rbp-D030h]
+  char v1582; // [rsp-D01Fh] [rbp-D02Fh]
+  char str_pubgpacks; // [rsp-D018h] [rbp-D028h]
+  char v1584; // [rsp-D017h] [rbp-D027h]
+  char v1585; // [rsp-D016h] [rbp-D026h]
+  char v1586; // [rsp-D015h] [rbp-D025h]
+  char v1587; // [rsp-D014h] [rbp-D024h]
+  char v1588; // [rsp-D013h] [rbp-D023h]
+  char v1589; // [rsp-D012h] [rbp-D022h]
+  char v1590; // [rsp-D011h] [rbp-D021h]
+  char v1591; // [rsp-D010h] [rbp-D020h]
+  char v1592; // [rsp-D00Fh] [rbp-D01Fh]
+  char v1593; // [rsp-D00Eh] [rbp-D01Eh]
+  char v1594; // [rsp-D00Dh] [rbp-D01Dh]
+  char v1595; // [rsp-D00Ch] [rbp-D01Ch]
+  char v1596; // [rsp-D00Bh] [rbp-D01Bh]
+  char v1597; // [rsp-D00Ah] [rbp-D01Ah]
+  char v1598; // [rsp-D009h] [rbp-D019h]
+  char v1599; // [rsp-D008h] [rbp-D018h]
+  char v1600; // [rsp-D007h] [rbp-D017h]
+  char v1601; // [rsp-D006h] [rbp-D016h]
+  char v1602; // [rsp-D005h] [rbp-D015h]
+  char v1603; // [rsp-D004h] [rbp-D014h]
+  char v1604; // [rsp-D003h] [rbp-D013h]
+  char v1605; // [rsp-D002h] [rbp-D012h]
+  char v1606; // [rsp-D001h] [rbp-D011h]
+  char v1607; // [rsp-D000h] [rbp-D010h]
+  char v1608; // [rsp-CFFFh] [rbp-D00Fh]
+  char v1609; // [rsp-CFFEh] [rbp-D00Eh]
+  char v1610; // [rsp-CFFDh] [rbp-D00Dh]
+  char v1611; // [rsp-CFFCh] [rbp-D00Ch]
+  char v1612; // [rsp-CFFBh] [rbp-D00Bh]
+  char v1613; // [rsp-CFFAh] [rbp-D00Ah]
+  char v1614; // [rsp-CFF9h] [rbp-D009h]
+  char v1615; // [rsp-CFF8h] [rbp-D008h]
+  char v1616; // [rsp-CFF7h] [rbp-D007h]
+  char v1617; // [rsp-CFF6h] [rbp-D006h]
+  char v1618; // [rsp-CFF5h] [rbp-D005h]
+  char v1619; // [rsp-CFF4h] [rbp-D004h]
+  char v1620; // [rsp-CFF3h] [rbp-D003h]
+  char v1621; // [rsp-CFF2h] [rbp-D002h]
+  char v1622; // [rsp-CFF1h] [rbp-D001h]
+  char v1623; // [rsp-CFF0h] [rbp-D000h]
+  char v1624; // [rsp-CFEFh] [rbp-CFFFh]
+  char v1625; // [rsp-CFEEh] [rbp-CFFEh]
+  char v1626; // [rsp-CFEDh] [rbp-CFFDh]
+  char v1627; // [rsp-CFECh] [rbp-CFFCh]
+  char v1628; // [rsp-CFEBh] [rbp-CFFBh]
+  char v1629; // [rsp-CFEAh] [rbp-CFFAh]
+  char v1630; // [rsp-CFE9h] [rbp-CFF9h]
+  char v1631; // [rsp-CFE8h] [rbp-CFF8h]
+  char v1632; // [rsp-CFE7h] [rbp-CFF7h]
+  char v1633; // [rsp-CFE6h] [rbp-CFF6h]
+  char v1634; // [rsp-CFE5h] [rbp-CFF5h]
+  char v1635; // [rsp-CFE4h] [rbp-CFF4h]
+  char v1636; // [rsp-CFE3h] [rbp-CFF3h]
+  char v1637; // [rsp-CFE2h] [rbp-CFF2h]
+  char v1638; // [rsp-CFE1h] [rbp-CFF1h]
+  char v1639; // [rsp-CFE0h] [rbp-CFF0h]
+  char v1640; // [rsp-CFDFh] [rbp-CFEFh]
+  char v1641; // [rsp-CFDEh] [rbp-CFEEh]
+  char v1642; // [rsp-CFDDh] [rbp-CFEDh]
+  __int64 currentProcessId_1; // [rsp-CFD8h] [rbp-CFE8h]
+  unsigned int windowTextW_1; // [rsp-CFD0h] [rbp-CFE0h]
+  int windowLong; // [rsp-CFCCh] [rbp-CFDCh]
+  signed int v1646; // [rsp-CFC8h] [rbp-CFD8h]
+  signed int v1647; // [rsp-CFC4h] [rbp-CFD4h]
+  unsigned int v1648; // [rsp-CFC0h] [rbp-CFD0h]
+  unsigned int v1649; // [rsp-CFBCh] [rbp-CFCCh]
+  unsigned int v1650; // [rsp-CFB8h] [rbp-CFC8h]
+  signed int v1651; // [rsp-CFB4h] [rbp-CFC4h]
+  int v1652; // [rsp-CFB0h] [rbp-CFC0h]
+  int v1653; // [rsp-CFACh] [rbp-CFBCh]
+  int v1654; // [rsp-CFA8h] [rbp-CFB8h]
+  signed int i8; // [rsp-CFA4h] [rbp-CFB4h]
+  unsigned int v1656; // [rsp-CFA0h] [rbp-CFB0h]
+  __int64 hNtDLL; // [rsp-CF98h] [rbp-CFA8h]
+  signed int v1658; // [rsp-CF90h] [rbp-CFA0h]
+  __int64 hCurrentProcessHandle; // [rsp-CF88h] [rbp-CF98h]
+  __int64 v1660; // [rsp-CF80h] [rbp-CF90h]
+  signed int v1661; // [rsp-CF78h] [rbp-CF88h]
+  BOOL v83; // [rsp-CF74h] [rbp-CF84h]
+  BOOL v1663; // [rsp-CF70h] [rbp-CF80h]
+  int v1664; // [rsp-CF6Ch] [rbp-CF7Ch]
+  signed int v1665; // [rsp-CF68h] [rbp-CF78h]
+  int windowTextWConvertedToA; // [rsp-CF64h] [rbp-CF74h]
+  int windowTextWConvertedToA_1; // [rsp-CF60h] [rbp-CF70h]
+  BOOL hProcess_1; // [rsp-CF5Ch] [rbp-CF6Ch]
+  int v1669; // [rsp-CF58h] [rbp-CF68h]
+  int v1670; // [rsp-CF54h] [rbp-CF64h]
+  int v1671; // [rsp-CF50h] [rbp-CF60h]
+  int v1672; // [rsp-CF4Ch] [rbp-CF5Ch]
+  signed int v1673; // [rsp-CF48h] [rbp-CF58h]
+  signed int v1674; // [rsp-CF44h] [rbp-CF54h]
+  unsigned int v1675; // [rsp-CF40h] [rbp-CF50h]
+  BOOL result_1; // [rsp-CF3Ch] [rbp-CF4Ch]
+  int v1677; // [rsp-CF38h] [rbp-CF48h]
+  signed int v1678; // [rsp-CF34h] [rbp-CF44h]
+  signed int v1679; // [rsp-CF30h] [rbp-CF40h]
+  BOOL v1680; // [rsp-CF2Ch] [rbp-CF3Ch]
+  __int64 returnLength; // [rsp-CF20h] [rbp-CF30h]
+  unsigned __int64 mm; // [rsp-CF18h] [rbp-CF28h]
+  unsigned int tickDelta; // [rsp-CF10h] [rbp-CF20h]
+  __int64 hThread; // [rsp-CF08h] [rbp-CF18h]
+  __int64 v1685; // [rsp-CF00h] [rbp-CF10h]
+  __int64 v1686; // [rsp-CEF8h] [rbp-CF08h]
+  char v1687; // [rsp-CEF0h] [rbp-CF00h]
+  char v1688; // [rsp-CEEFh] [rbp-CEFFh]
+  int v1689; // [rsp-CEEEh] [rbp-CEFEh]
+  char v1690; // [rsp-CEE8h] [rbp-CEF8h]
+  char v1691; // [rsp-CEE7h] [rbp-CEF7h]
+  int v1692; // [rsp-CEE6h] [rbp-CEF6h]
+  char v1693; // [rsp-CEE0h] [rbp-CEF0h]
+  char v1694; // [rsp-CEDFh] [rbp-CEEFh]
+  signed int v1695; // [rsp-CEDEh] [rbp-CEEEh]
+  char v1696; // [rsp-CED8h] [rbp-CEE8h]
+  char v1697; // [rsp-CED7h] [rbp-CEE7h]
+  unsigned int v1698; // [rsp-CED6h] [rbp-CEE6h]
+  __int64 hSnapshot_2; // [rsp-CED0h] [rbp-CEE0h]
+  __int64 hSnapshot_1; // [rsp-CEC8h] [rbp-CED8h]
+  __int64 hSnapshot; // [rsp-CEC0h] [rbp-CED0h]
+  char v1702; // [rsp-CEB8h] [rbp-CEC8h]
+  char v1703; // [rsp-CEB7h] [rbp-CEC7h]
+  signed __int16 v1704; // [rsp-CEB6h] [rbp-CEC6h]
+  int v1705; // [rsp-CEB4h] [rbp-CEC4h]
+  unsigned int (__fastcall *QueryFullProcessImageName)(__int64, _QWORD, __int64 *, unsigned int *); // [rsp-CEB0h] [rbp-CEC0h]
+  __int64 (__fastcall *NtQuerySystemInformation)(signed __int64, unsigned int *, signed __int64, unsigned int *); // [rsp-CEA8h] [rbp-CEB8h]
+  unsigned int (__fastcall *GetFileAttributesExA)(char *, _QWORD, __int64 *); // [rsp-CEA0h] [rbp-CEB0h]
+  char v1709; // [rsp-CE98h] [rbp-CEA8h]
+  char v1710; // [rsp-CE97h] [rbp-CEA7h]
+  signed __int16 v1711; // [rsp-CE96h] [rbp-CEA6h]
+  int v1712; // [rsp-CE94h] [rbp-CEA4h]
+  char v1713; // [rsp-CE90h] [rbp-CEA0h]
+  char v1714; // [rsp-CE8Fh] [rbp-CE9Fh]
+  signed __int16 v1715; // [rsp-CE8Eh] [rbp-CE9Eh]
+  int v1716; // [rsp-CE8Ch] [rbp-CE9Ch]
+  _QWORD *v1717; // [rsp-CE88h] [rbp-CE98h]
+  char v1718; // [rsp-CE80h] [rbp-CE90h]
+  char v1719; // [rsp-CE7Fh] [rbp-CE8Fh]
+  signed __int16 v1720; // [rsp-CE7Eh] [rbp-CE8Eh]
+  int v1721; // [rsp-CE7Ch] [rbp-CE8Ch]
+  char v1722; // [rsp-CE78h] [rbp-CE88h]
+  char v1723; // [rsp-CE77h] [rbp-CE87h]
+  signed __int16 v1724; // [rsp-CE76h] [rbp-CE86h]
+  int v1725; // [rsp-CE74h] [rbp-CE84h]
+  char v1726; // [rsp-CE70h] [rbp-CE80h]
+  char v1727; // [rsp-CE6Fh] [rbp-CE7Fh]
+  signed __int16 v1728; // [rsp-CE6Eh] [rbp-CE7Eh]
+  int v1729; // [rsp-CE6Ch] [rbp-CE7Ch]
+  char v1730; // [rsp-CE68h] [rbp-CE78h]
+  char v1731; // [rsp-CE67h] [rbp-CE77h]
+  signed __int16 v1732; // [rsp-CE66h] [rbp-CE76h]
+  int v1733; // [rsp-CE64h] [rbp-CE74h]
+  char v1734; // [rsp-CE60h] [rbp-CE70h]
+  char v1735; // [rsp-CE5Fh] [rbp-CE6Fh]
+  signed __int16 v1736; // [rsp-CE5Eh] [rbp-CE6Eh]
+  int v1737; // [rsp-CE5Ch] [rbp-CE6Ch]
+  unsigned int (__fastcall *memcmp)(__int64 *, __int64 *, signed __int64); // [rsp-CE58h] [rbp-CE68h]
+  char v1739; // [rsp-CE50h] [rbp-CE60h]
+  char v1740; // [rsp-CE4Fh] [rbp-CE5Fh]
+  signed __int16 v1741; // [rsp-CE4Eh] [rbp-CE5Eh]
+  int v1742; // [rsp-CE4Ch] [rbp-CE5Ch]
+  char v1743; // [rsp-CE48h] [rbp-CE58h]
+  char v1744; // [rsp-CE47h] [rbp-CE57h]
+  signed __int16 v1745; // [rsp-CE46h] [rbp-CE56h]
+  int v1746; // [rsp-CE44h] [rbp-CE54h]
+  __int64 hProcess; // [rsp-CE40h] [rbp-CE50h]
+  __int64 hProcess_3; // [rsp-CE38h] [rbp-CE48h]
+  __int64 SourceProcessHandle; // [rsp-CE30h] [rbp-CE40h]
+  __int64 (__fastcall *GetWindow)(__int64, signed __int64); // [rsp-CE28h] [rbp-CE38h]
+  char *v1751; // [rsp-CE18h] [rbp-CE28h]
+  __int64 v1752; // [rsp-CE10h] [rbp-CE20h]
+  __int64 hUser32_9; // [rsp-CE08h] [rbp-CE18h]
+  __int64 buffer_1; // [rsp-CE00h] [rbp-CE10h]
+  __int64 v1755; // [rsp-CDF8h] [rbp-CE08h]
+  unsigned int v1756; // [rsp-CDF0h] [rbp-CE00h]
+  unsigned int v1757; // [rsp-CDE8h] [rbp-CDF8h]
+  int v1758; // [rsp-CDE4h] [rbp-CDF4h]
+  signed __int16 v1759; // [rsp-CDD8h] [rbp-CDE8h]
+  signed int v1760; // [rsp-CDD4h] [rbp-CDE4h]
+  char v1761; // [rsp-CDD0h] [rbp-CDE0h]
+  char v1762; // [rsp-CDCFh] [rbp-CDDFh]
+  char v1763; // [rsp-CDCEh] [rbp-CDDEh]
+  char v1764; // [rsp-CDCDh] [rbp-CDDDh]
+  char v1765; // [rsp-CDCCh] [rbp-CDDCh]
+  char v1766; // [rsp-CDCBh] [rbp-CDDBh]
+  char v1767; // [rsp-CDCAh] [rbp-CDDAh]
+  char v1768; // [rsp-CDC9h] [rbp-CDD9h]
+  char v1769; // [rsp-CDC8h] [rbp-CDD8h]
+  char v1770; // [rsp-CDC7h] [rbp-CDD7h]
+  char v1771; // [rsp-CDC6h] [rbp-CDD6h]
+  char v1772; // [rsp-CDC5h] [rbp-CDD5h]
+  char v1773; // [rsp-CDC4h] [rbp-CDD4h]
+  char v1774; // [rsp-CDC3h] [rbp-CDD3h]
+  char v1775; // [rsp-CDC2h] [rbp-CDD2h]
+  char v1776; // [rsp-CDC1h] [rbp-CDD1h]
+  char v1777; // [rsp-CDC0h] [rbp-CDD0h]
+  char v1778; // [rsp-CDBFh] [rbp-CDCFh]
+  _BYTE v1779[6]; // [rsp-CDBEh] [rbp-CDCEh]
+  signed __int16 v1780; // [rsp-CDB0h] [rbp-CDC0h]
+  signed int v1781; // [rsp-CDACh] [rbp-CDBCh]
+  char v1782; // [rsp-CDA8h] [rbp-CDB8h]
+  char v1783; // [rsp-CDA7h] [rbp-CDB7h]
+  char v1784; // [rsp-CDA6h] [rbp-CDB6h]
+  char v1785; // [rsp-CDA5h] [rbp-CDB5h]
+  char v1786; // [rsp-CDA4h] [rbp-CDB4h]
+  char v1787; // [rsp-CDA3h] [rbp-CDB3h]
+  char v1788; // [rsp-CDA2h] [rbp-CDB2h]
+  char v1789; // [rsp-CDA1h] [rbp-CDB1h]
+  char v1790; // [rsp-CDA0h] [rbp-CDB0h]
+  char v1791; // [rsp-CD9Fh] [rbp-CDAFh]
+  char v1792; // [rsp-CD9Eh] [rbp-CDAEh]
+  char v1793; // [rsp-CD9Dh] [rbp-CDADh]
+  char v1794; // [rsp-CD9Ch] [rbp-CDACh]
+  char v1795; // [rsp-CD9Bh] [rbp-CDABh]
+  char v1796; // [rsp-CD9Ah] [rbp-CDAAh]
+  char v1797; // [rsp-CD99h] [rbp-CDA9h]
+  char v1798; // [rsp-CD98h] [rbp-CDA8h]
+  char v1799; // [rsp-CD97h] [rbp-CDA7h]
+  char v1800; // [rsp-CD96h] [rbp-CDA6h]
+  char v1801; // [rsp-CD95h] [rbp-CDA5h]
+  char v1802; // [rsp-CD94h] [rbp-CDA4h]
+  char v1803; // [rsp-CD93h] [rbp-CDA3h]
+  char v1804; // [rsp-CD92h] [rbp-CDA2h]
+  char v1805; // [rsp-CD91h] [rbp-CDA1h]
+  char v1806; // [rsp-CD90h] [rbp-CDA0h]
+  char v1807; // [rsp-CD8Fh] [rbp-CD9Fh]
+  char v1808; // [rsp-CD8Eh] [rbp-CD9Eh]
+  char v1809; // [rsp-CD8Dh] [rbp-CD9Dh]
+  char v1810; // [rsp-CD8Ch] [rbp-CD9Ch]
+  _BYTE v1811[3]; // [rsp-CD8Bh] [rbp-CD9Bh]
+  signed __int16 v1812; // [rsp-CD88h] [rbp-CD98h]
+  signed int v1813; // [rsp-CD84h] [rbp-CD94h]
+  char v1814; // [rsp-CD80h] [rbp-CD90h]
+  char v1815; // [rsp-CD7Fh] [rbp-CD8Fh]
+  char v1816; // [rsp-CD7Eh] [rbp-CD8Eh]
+  char v1817; // [rsp-CD7Dh] [rbp-CD8Dh]
+  char v1818; // [rsp-CD7Ch] [rbp-CD8Ch]
+  char v1819; // [rsp-CD7Bh] [rbp-CD8Bh]
+  char v1820; // [rsp-CD7Ah] [rbp-CD8Ah]
+  char v1821; // [rsp-CD79h] [rbp-CD89h]
+  char v1822; // [rsp-CD78h] [rbp-CD88h]
+  char v1823; // [rsp-CD77h] [rbp-CD87h]
+  char v1824; // [rsp-CD76h] [rbp-CD86h]
+  char v1825; // [rsp-CD75h] [rbp-CD85h]
+  char v1826; // [rsp-CD74h] [rbp-CD84h]
+  char v1827; // [rsp-CD73h] [rbp-CD83h]
+  char v1828; // [rsp-CD72h] [rbp-CD82h]
+  char v1829; // [rsp-CD71h] [rbp-CD81h]
+  char v1830; // [rsp-CD70h] [rbp-CD80h]
+  char v1831; // [rsp-CD6Fh] [rbp-CD7Fh]
+  char v1832; // [rsp-CD6Eh] [rbp-CD7Eh]
+  char v1833; // [rsp-CD6Dh] [rbp-CD7Dh]
+  char v1834; // [rsp-CD6Ch] [rbp-CD7Ch]
+  char v1835; // [rsp-CD6Bh] [rbp-CD7Bh]
+  __int16 v1836; // [rsp-CD6Ah] [rbp-CD7Ah]
+  signed __int16 v1837; // [rsp-CD60h] [rbp-CD70h]
+  signed int v1838; // [rsp-CD5Ch] [rbp-CD6Ch]
+  char v1839; // [rsp-CD58h] [rbp-CD68h]
+  char v1840; // [rsp-CD57h] [rbp-CD67h]
+  char v1841; // [rsp-CD56h] [rbp-CD66h]
+  char v1842; // [rsp-CD55h] [rbp-CD65h]
+  char v1843; // [rsp-CD54h] [rbp-CD64h]
+  char v1844; // [rsp-CD53h] [rbp-CD63h]
+  char v1845; // [rsp-CD52h] [rbp-CD62h]
+  char v1846; // [rsp-CD51h] [rbp-CD61h]
+  char v1847; // [rsp-CD50h] [rbp-CD60h]
+  char v1848; // [rsp-CD4Fh] [rbp-CD5Fh]
+  char v1849; // [rsp-CD4Eh] [rbp-CD5Eh]
+  char v1850; // [rsp-CD4Dh] [rbp-CD5Dh]
+  char v1851; // [rsp-CD4Ch] [rbp-CD5Ch]
+  char v1852; // [rsp-CD4Bh] [rbp-CD5Bh]
+  char v1853; // [rsp-CD4Ah] [rbp-CD5Ah]
+  char v1854; // [rsp-CD49h] [rbp-CD59h]
+  char v1855; // [rsp-CD48h] [rbp-CD58h]
+  char v1856; // [rsp-CD47h] [rbp-CD57h]
+  char v1857; // [rsp-CD46h] [rbp-CD56h]
+  char v1858; // [rsp-CD45h] [rbp-CD55h]
+  char v1859; // [rsp-CD44h] [rbp-CD54h]
+  char v1860; // [rsp-CD43h] [rbp-CD53h]
+  char v1861; // [rsp-CD42h] [rbp-CD52h]
+  char v1862; // [rsp-CD41h] [rbp-CD51h]
+  char v1863; // [rsp-CD40h] [rbp-CD50h]
+  char v1864; // [rsp-CD3Fh] [rbp-CD4Fh]
+  char v1865; // [rsp-CD3Eh] [rbp-CD4Eh]
+  char v1866; // [rsp-CD3Dh] [rbp-CD4Dh]
+  char v1867; // [rsp-CD3Ch] [rbp-CD4Ch]
+  char v1868; // [rsp-CD3Bh] [rbp-CD4Bh]
+  char v1869; // [rsp-CD3Ah] [rbp-CD4Ah]
+  char v1870; // [rsp-CD39h] [rbp-CD49h]
+  signed __int16 v1871; // [rsp-CD38h] [rbp-CD48h]
+  signed int v1872; // [rsp-CD34h] [rbp-CD44h]
+  char v1873; // [rsp-CD30h] [rbp-CD40h]
+  char v1874; // [rsp-CD2Fh] [rbp-CD3Fh]
+  char v1875; // [rsp-CD2Eh] [rbp-CD3Eh]
+  char v1876; // [rsp-CD2Dh] [rbp-CD3Dh]
+  char v1877; // [rsp-CD2Ch] [rbp-CD3Ch]
+  char v1878; // [rsp-CD2Bh] [rbp-CD3Bh]
+  char v1879; // [rsp-CD2Ah] [rbp-CD3Ah]
+  char v1880; // [rsp-CD29h] [rbp-CD39h]
+  char v1881; // [rsp-CD28h] [rbp-CD38h]
+  char v1882; // [rsp-CD27h] [rbp-CD37h]
+  char v1883; // [rsp-CD26h] [rbp-CD36h]
+  char v1884; // [rsp-CD25h] [rbp-CD35h]
+  char v1885; // [rsp-CD24h] [rbp-CD34h]
+  char v1886; // [rsp-CD23h] [rbp-CD33h]
+  char v1887; // [rsp-CD22h] [rbp-CD32h]
+  char v1888; // [rsp-CD21h] [rbp-CD31h]
+  signed __int16 v1889; // [rsp-CD10h] [rbp-CD20h]
+  signed int v1890; // [rsp-CD0Ch] [rbp-CD1Ch]
+  char v1891; // [rsp-CD08h] [rbp-CD18h]
+  char v1892; // [rsp-CD07h] [rbp-CD17h]
+  char v1893; // [rsp-CD06h] [rbp-CD16h]
+  char v1894; // [rsp-CD05h] [rbp-CD15h]
+  char v1895; // [rsp-CD04h] [rbp-CD14h]
+  char v1896; // [rsp-CD03h] [rbp-CD13h]
+  char v1897; // [rsp-CD02h] [rbp-CD12h]
+  char v1898; // [rsp-CD01h] [rbp-CD11h]
+  char v1899; // [rsp-CD00h] [rbp-CD10h]
+  char v1900; // [rsp-CCFFh] [rbp-CD0Fh]
+  char v1901; // [rsp-CCFEh] [rbp-CD0Eh]
+  char v1902; // [rsp-CCFDh] [rbp-CD0Dh]
+  char v1903; // [rsp-CCFCh] [rbp-CD0Ch]
+  char v1904; // [rsp-CCFBh] [rbp-CD0Bh]
+  char v1905; // [rsp-CCFAh] [rbp-CD0Ah]
+  char v1906; // [rsp-CCF9h] [rbp-CD09h]
+  char v1907; // [rsp-CCF8h] [rbp-CD08h]
+  char v1908; // [rsp-CCF7h] [rbp-CD07h]
+  char v1909; // [rsp-CCF6h] [rbp-CD06h]
+  char v1910; // [rsp-CCF5h] [rbp-CD05h]
+  char v1911; // [rsp-CCF4h] [rbp-CD04h]
+  char v1912; // [rsp-CCF3h] [rbp-CD03h]
+  char v1913; // [rsp-CCF2h] [rbp-CD02h]
+  char v1914; // [rsp-CCF1h] [rbp-CD01h]
+  char v1915; // [rsp-CCF0h] [rbp-CD00h]
+  char v1916; // [rsp-CCEFh] [rbp-CCFFh]
+  char v1917; // [rsp-CCEEh] [rbp-CCFEh]
+  char v1918; // [rsp-CCEDh] [rbp-CCFDh]
+  char v1919; // [rsp-CCECh] [rbp-CCFCh]
+  char v1920; // [rsp-CCEBh] [rbp-CCFBh]
+  char v1921; // [rsp-CCEAh] [rbp-CCFAh]
+  char v1922; // [rsp-CCE9h] [rbp-CCF9h]
+  signed __int16 v1923; // [rsp-CCE8h] [rbp-CCF8h]
+  signed int v1924; // [rsp-CCE4h] [rbp-CCF4h]
+  char v1925; // [rsp-CCE0h] [rbp-CCF0h]
+  char v1926; // [rsp-CCDFh] [rbp-CCEFh]
+  char v1927; // [rsp-CCDEh] [rbp-CCEEh]
+  char v1928; // [rsp-CCDDh] [rbp-CCEDh]
+  char v1929; // [rsp-CCDCh] [rbp-CCECh]
+  char v1930; // [rsp-CCDBh] [rbp-CCEBh]
+  char v1931; // [rsp-CCDAh] [rbp-CCEAh]
+  char v1932; // [rsp-CCD9h] [rbp-CCE9h]
+  char v1933; // [rsp-CCD8h] [rbp-CCE8h]
+  char v1934; // [rsp-CCD7h] [rbp-CCE7h]
+  char v1935; // [rsp-CCD6h] [rbp-CCE6h]
+  char v1936; // [rsp-CCD5h] [rbp-CCE5h]
+  int v1937; // [rsp-CCD4h] [rbp-CCE4h]
+  signed __int16 v1938; // [rsp-CCC0h] [rbp-CCD0h]
+  signed int v1939; // [rsp-CCBCh] [rbp-CCCCh]
+  char v1940; // [rsp-CCB8h] [rbp-CCC8h]
+  char v1941; // [rsp-CCB7h] [rbp-CCC7h]
+  char v1942; // [rsp-CCB6h] [rbp-CCC6h]
+  char v1943; // [rsp-CCB5h] [rbp-CCC5h]
+  char v1944; // [rsp-CCB4h] [rbp-CCC4h]
+  char v1945; // [rsp-CCB3h] [rbp-CCC3h]
+  char v1946; // [rsp-CCB2h] [rbp-CCC2h]
+  char v1947; // [rsp-CCB1h] [rbp-CCC1h]
+  char v1948; // [rsp-CCB0h] [rbp-CCC0h]
+  char v1949; // [rsp-CCAFh] [rbp-CCBFh]
+  char v1950; // [rsp-CCAEh] [rbp-CCBEh]
+  char v1951; // [rsp-CCADh] [rbp-CCBDh]
+  char v1952; // [rsp-CCACh] [rbp-CCBCh]
+  char v1953; // [rsp-CCABh] [rbp-CCBBh]
+  char v1954; // [rsp-CCAAh] [rbp-CCBAh]
+  char v1955; // [rsp-CCA9h] [rbp-CCB9h]
+  __int64 v1956; // [rsp-CCA8h] [rbp-CCB8h]
+  signed __int16 v1957; // [rsp-CC98h] [rbp-CCA8h]
+  signed int v1958; // [rsp-CC94h] [rbp-CCA4h]
+  char v1959; // [rsp-CC90h] [rbp-CCA0h]
+  char v1960; // [rsp-CC8Fh] [rbp-CC9Fh]
+  char v1961; // [rsp-CC8Eh] [rbp-CC9Eh]
+  char v1962; // [rsp-CC8Dh] [rbp-CC9Dh]
+  char v1963; // [rsp-CC8Ch] [rbp-CC9Ch]
+  char v1964; // [rsp-CC8Bh] [rbp-CC9Bh]
+  char v1965; // [rsp-CC8Ah] [rbp-CC9Ah]
+  char v1966; // [rsp-CC89h] [rbp-CC99h]
+  char v1967; // [rsp-CC88h] [rbp-CC98h]
+  char v1968; // [rsp-CC87h] [rbp-CC97h]
+  char v1969; // [rsp-CC86h] [rbp-CC96h]
+  char v1970; // [rsp-CC85h] [rbp-CC95h]
+  char v1971; // [rsp-CC84h] [rbp-CC94h]
+  char v1972; // [rsp-CC83h] [rbp-CC93h]
+  char v1973; // [rsp-CC82h] [rbp-CC92h]
+  char v1974; // [rsp-CC81h] [rbp-CC91h]
+  char v1975; // [rsp-CC80h] [rbp-CC90h]
+  char v1976; // [rsp-CC7Fh] [rbp-CC8Fh]
+  char v1977; // [rsp-CC7Eh] [rbp-CC8Eh]
+  char v1978; // [rsp-CC7Dh] [rbp-CC8Dh]
+  char v1979; // [rsp-CC7Ch] [rbp-CC8Ch]
+  char v1980; // [rsp-CC7Bh] [rbp-CC8Bh]
+  char v1981; // [rsp-CC7Ah] [rbp-CC8Ah]
+  char v1982; // [rsp-CC79h] [rbp-CC89h]
+  char v1983; // [rsp-CC78h] [rbp-CC88h]
+  char v1984; // [rsp-CC77h] [rbp-CC87h]
+  char v1985; // [rsp-CC76h] [rbp-CC86h]
+  char v1986; // [rsp-CC75h] [rbp-CC85h]
+  char v1987; // [rsp-CC74h] [rbp-CC84h]
+  char v1988; // [rsp-CC73h] [rbp-CC83h]
+  char v1989; // [rsp-CC72h] [rbp-CC82h]
+  char v1990; // [rsp-CC71h] [rbp-CC81h]
+  signed __int16 v1991; // [rsp-CC70h] [rbp-CC80h]
+  signed int v1992; // [rsp-CC6Ch] [rbp-CC7Ch]
+  char v1993; // [rsp-CC68h] [rbp-CC78h]
+  char v1994; // [rsp-CC67h] [rbp-CC77h]
+  char v1995; // [rsp-CC66h] [rbp-CC76h]
+  char v1996; // [rsp-CC65h] [rbp-CC75h]
+  char v1997; // [rsp-CC64h] [rbp-CC74h]
+  char v1998; // [rsp-CC63h] [rbp-CC73h]
+  char v1999; // [rsp-CC62h] [rbp-CC72h]
+  char v2000; // [rsp-CC61h] [rbp-CC71h]
+  char v2001; // [rsp-CC60h] [rbp-CC70h]
+  char v2002; // [rsp-CC5Fh] [rbp-CC6Fh]
+  char v2003; // [rsp-CC5Eh] [rbp-CC6Eh]
+  char v2004; // [rsp-CC5Dh] [rbp-CC6Dh]
+  char v2005; // [rsp-CC5Ch] [rbp-CC6Ch]
+  char v2006; // [rsp-CC5Bh] [rbp-CC6Bh]
+  char v2007; // [rsp-CC5Ah] [rbp-CC6Ah]
+  char v2008; // [rsp-CC59h] [rbp-CC69h]
+  char v2009; // [rsp-CC58h] [rbp-CC68h]
+  char v2010; // [rsp-CC57h] [rbp-CC67h]
+  char v2011; // [rsp-CC56h] [rbp-CC66h]
+  char v2012; // [rsp-CC55h] [rbp-CC65h]
+  char v2013; // [rsp-CC54h] [rbp-CC64h]
+  char v2014; // [rsp-CC53h] [rbp-CC63h]
+  char v2015; // [rsp-CC52h] [rbp-CC62h]
+  char v2016; // [rsp-CC51h] [rbp-CC61h]
+  char v2017; // [rsp-CC50h] [rbp-CC60h]
+  char v2018; // [rsp-CC4Fh] [rbp-CC5Fh]
+  char v2019; // [rsp-CC4Eh] [rbp-CC5Eh]
+  char v2020; // [rsp-CC4Dh] [rbp-CC5Dh]
+  char v2021; // [rsp-CC4Ch] [rbp-CC5Ch]
+  char v2022; // [rsp-CC4Bh] [rbp-CC5Bh]
+  char v2023; // [rsp-CC4Ah] [rbp-CC5Ah]
+  char v2024; // [rsp-CC49h] [rbp-CC59h]
+  signed __int16 v2025; // [rsp-CC48h] [rbp-CC58h]
+  signed int v2026; // [rsp-CC44h] [rbp-CC54h]
+  char v2027; // [rsp-CC40h] [rbp-CC50h]
+  char v2028; // [rsp-CC3Fh] [rbp-CC4Fh]
+  char v2029; // [rsp-CC3Eh] [rbp-CC4Eh]
+  char v2030; // [rsp-CC3Dh] [rbp-CC4Dh]
+  char v2031; // [rsp-CC3Ch] [rbp-CC4Ch]
+  char v2032; // [rsp-CC3Bh] [rbp-CC4Bh]
+  char v2033; // [rsp-CC3Ah] [rbp-CC4Ah]
+  char v2034; // [rsp-CC39h] [rbp-CC49h]
+  char v2035; // [rsp-CC38h] [rbp-CC48h]
+  char v2036; // [rsp-CC37h] [rbp-CC47h]
+  char v2037; // [rsp-CC36h] [rbp-CC46h]
+  char v2038; // [rsp-CC35h] [rbp-CC45h]
+  char v2039; // [rsp-CC34h] [rbp-CC44h]
+  char v2040; // [rsp-CC33h] [rbp-CC43h]
+  char v2041; // [rsp-CC32h] [rbp-CC42h]
+  char v2042; // [rsp-CC31h] [rbp-CC41h]
+  __int64 v2043; // [rsp-CC30h] [rbp-CC40h]
+  signed __int16 v2044; // [rsp-CC20h] [rbp-CC30h]
+  signed int v2045; // [rsp-CC1Ch] [rbp-CC2Ch]
+  char v2046; // [rsp-CC18h] [rbp-CC28h]
+  char v2047; // [rsp-CC17h] [rbp-CC27h]
+  char v2048; // [rsp-CC16h] [rbp-CC26h]
+  char v2049; // [rsp-CC15h] [rbp-CC25h]
+  char v2050; // [rsp-CC14h] [rbp-CC24h]
+  char v2051; // [rsp-CC13h] [rbp-CC23h]
+  char v2052; // [rsp-CC12h] [rbp-CC22h]
+  char v2053; // [rsp-CC11h] [rbp-CC21h]
+  char v2054; // [rsp-CC10h] [rbp-CC20h]
+  char v2055; // [rsp-CC0Fh] [rbp-CC1Fh]
+  char v2056; // [rsp-CC0Eh] [rbp-CC1Eh]
+  char v2057; // [rsp-CC0Dh] [rbp-CC1Dh]
+  char v2058; // [rsp-CC0Ch] [rbp-CC1Ch]
+  char v2059; // [rsp-CC0Bh] [rbp-CC1Bh]
+  char v2060; // [rsp-CC0Ah] [rbp-CC1Ah]
+  char v2061; // [rsp-CC09h] [rbp-CC19h]
+  char v2062; // [rsp-CC08h] [rbp-CC18h]
+  char v2063; // [rsp-CC07h] [rbp-CC17h]
+  char v2064; // [rsp-CC06h] [rbp-CC16h]
+  char v2065; // [rsp-CC05h] [rbp-CC15h]
+  int v2066; // [rsp-CC04h] [rbp-CC14h]
+  signed __int16 v2067; // [rsp-CBF8h] [rbp-CC08h]
+  signed int v2068; // [rsp-CBF4h] [rbp-CC04h]
+  char v2069; // [rsp-CBF0h] [rbp-CC00h]
+  char v2070; // [rsp-CBEFh] [rbp-CBFFh]
+  char v2071; // [rsp-CBEEh] [rbp-CBFEh]
+  char v2072; // [rsp-CBEDh] [rbp-CBFDh]
+  char v2073; // [rsp-CBECh] [rbp-CBFCh]
+  char v2074; // [rsp-CBEBh] [rbp-CBFBh]
+  char v2075; // [rsp-CBEAh] [rbp-CBFAh]
+  char v2076; // [rsp-CBE9h] [rbp-CBF9h]
+  char v2077; // [rsp-CBE8h] [rbp-CBF8h]
+  char v2078; // [rsp-CBE7h] [rbp-CBF7h]
+  char v2079; // [rsp-CBE6h] [rbp-CBF6h]
+  char v2080; // [rsp-CBE5h] [rbp-CBF5h]
+  char v2081; // [rsp-CBE4h] [rbp-CBF4h]
+  char v2082; // [rsp-CBE3h] [rbp-CBF3h]
+  __int16 v2083; // [rsp-CBE2h] [rbp-CBF2h]
+  signed __int16 v2084; // [rsp-CBD0h] [rbp-CBE0h]
+  signed int v2085; // [rsp-CBCCh] [rbp-CBDCh]
+  char v2086; // [rsp-CBC8h] [rbp-CBD8h]
+  char v2087; // [rsp-CBC7h] [rbp-CBD7h]
+  char v2088; // [rsp-CBC6h] [rbp-CBD6h]
+  char v2089; // [rsp-CBC5h] [rbp-CBD5h]
+  char v2090; // [rsp-CBC4h] [rbp-CBD4h]
+  char v2091; // [rsp-CBC3h] [rbp-CBD3h]
+  char v2092; // [rsp-CBC2h] [rbp-CBD2h]
+  char v2093; // [rsp-CBC1h] [rbp-CBD1h]
+  char v2094; // [rsp-CBC0h] [rbp-CBD0h]
+  char v2095; // [rsp-CBBFh] [rbp-CBCFh]
+  char v2096; // [rsp-CBBEh] [rbp-CBCEh]
+  char v2097; // [rsp-CBBDh] [rbp-CBCDh]
+  char v2098; // [rsp-CBBCh] [rbp-CBCCh]
+  char v2099; // [rsp-CBBBh] [rbp-CBCBh]
+  __int16 v2100; // [rsp-CBBAh] [rbp-CBCAh]
+  signed __int16 v2101; // [rsp-CBA8h] [rbp-CBB8h]
+  signed int v2102; // [rsp-CBA4h] [rbp-CBB4h]
+  char v2103; // [rsp-CBA0h] [rbp-CBB0h]
+  char v2104; // [rsp-CB9Fh] [rbp-CBAFh]
+  char v2105; // [rsp-CB9Eh] [rbp-CBAEh]
+  char v2106; // [rsp-CB9Dh] [rbp-CBADh]
+  char v2107; // [rsp-CB9Ch] [rbp-CBACh]
+  char v2108; // [rsp-CB9Bh] [rbp-CBABh]
+  char v2109; // [rsp-CB9Ah] [rbp-CBAAh]
+  char v2110; // [rsp-CB99h] [rbp-CBA9h]
+  char v2111; // [rsp-CB98h] [rbp-CBA8h]
+  char v2112; // [rsp-CB97h] [rbp-CBA7h]
+  char v2113; // [rsp-CB96h] [rbp-CBA6h]
+  char v2114; // [rsp-CB95h] [rbp-CBA5h]
+  char v2115; // [rsp-CB94h] [rbp-CBA4h]
+  char v2116; // [rsp-CB93h] [rbp-CBA3h]
+  char v2117; // [rsp-CB92h] [rbp-CBA2h]
+  char v2118; // [rsp-CB91h] [rbp-CBA1h]
+  char v2119; // [rsp-CB90h] [rbp-CBA0h]
+  char v2120; // [rsp-CB8Fh] [rbp-CB9Fh]
+  char v2121; // [rsp-CB8Eh] [rbp-CB9Eh]
+  char v2122; // [rsp-CB8Dh] [rbp-CB9Dh]
+  char v2123; // [rsp-CB8Ch] [rbp-CB9Ch]
+  char v2124; // [rsp-CB8Bh] [rbp-CB9Bh]
+  char v2125; // [rsp-CB8Ah] [rbp-CB9Ah]
+  char v2126; // [rsp-CB89h] [rbp-CB99h]
+  char v2127; // [rsp-CB88h] [rbp-CB98h]
+  char v2128; // [rsp-CB87h] [rbp-CB97h]
+  char v2129; // [rsp-CB86h] [rbp-CB96h]
+  char v2130; // [rsp-CB85h] [rbp-CB95h]
+  char v2131; // [rsp-CB84h] [rbp-CB94h]
+  char v2132; // [rsp-CB83h] [rbp-CB93h]
+  char v2133; // [rsp-CB82h] [rbp-CB92h]
+  char v2134; // [rsp-CB81h] [rbp-CB91h]
+  signed __int16 v2135; // [rsp-CB80h] [rbp-CB90h]
+  signed int v2136; // [rsp-CB7Ch] [rbp-CB8Ch]
+  char v2137; // [rsp-CB78h] [rbp-CB88h]
+  char v2138; // [rsp-CB77h] [rbp-CB87h]
+  _BYTE v2139[6]; // [rsp-CB76h] [rbp-CB86h]
+  signed __int16 v2140; // [rsp-CB58h] [rbp-CB68h]
+  signed int v2141; // [rsp-CB54h] [rbp-CB64h]
+  char v2142; // [rsp-CB50h] [rbp-CB60h]
+  char v2143; // [rsp-CB4Fh] [rbp-CB5Fh]
+  _BYTE v2144[6]; // [rsp-CB4Eh] [rbp-CB5Eh]
+  signed __int16 v2145; // [rsp-CB30h] [rbp-CB40h]
+  signed int v2146; // [rsp-CB2Ch] [rbp-CB3Ch]
+  char v2147; // [rsp-CB28h] [rbp-CB38h]
+  char v2148; // [rsp-CB27h] [rbp-CB37h]
+  _BYTE v2149[6]; // [rsp-CB26h] [rbp-CB36h]
+  signed __int16 v2150; // [rsp-CB08h] [rbp-CB18h]
+  signed int v2151; // [rsp-CB04h] [rbp-CB14h]
+  char v2152; // [rsp-CB00h] [rbp-CB10h]
+  char v2153; // [rsp-CAFFh] [rbp-CB0Fh]
+  char v2154; // [rsp-CAFEh] [rbp-CB0Eh]
+  char v2155; // [rsp-CAFDh] [rbp-CB0Dh]
+  char v2156; // [rsp-CAFCh] [rbp-CB0Ch]
+  char v2157; // [rsp-CAFBh] [rbp-CB0Bh]
+  char v2158; // [rsp-CAFAh] [rbp-CB0Ah]
+  char v2159; // [rsp-CAF9h] [rbp-CB09h]
+  char v2160; // [rsp-CAF8h] [rbp-CB08h]
+  char v2161; // [rsp-CAF7h] [rbp-CB07h]
+  char v2162; // [rsp-CAF6h] [rbp-CB06h]
+  char v2163; // [rsp-CAF5h] [rbp-CB05h]
+  char v2164; // [rsp-CAF4h] [rbp-CB04h]
+  char v2165; // [rsp-CAF3h] [rbp-CB03h]
+  char v2166; // [rsp-CAF2h] [rbp-CB02h]
+  char v2167; // [rsp-CAF1h] [rbp-CB01h]
+  char v2168; // [rsp-CAF0h] [rbp-CB00h]
+  char v2169; // [rsp-CAEFh] [rbp-CAFFh]
+  char v2170; // [rsp-CAEEh] [rbp-CAFEh]
+  char v2171; // [rsp-CAEDh] [rbp-CAFDh]
+  char v2172; // [rsp-CAECh] [rbp-CAFCh]
+  char v2173; // [rsp-CAEBh] [rbp-CAFBh]
+  char v2174; // [rsp-CAEAh] [rbp-CAFAh]
+  char v2175; // [rsp-CAE9h] [rbp-CAF9h]
+  char v2176; // [rsp-CAE8h] [rbp-CAF8h]
+  _BYTE v2177[7]; // [rsp-CAE7h] [rbp-CAF7h]
+  signed __int16 v2178; // [rsp-CAE0h] [rbp-CAF0h]
+  signed int v2179; // [rsp-CADCh] [rbp-CAECh]
+  char v2180; // [rsp-CAD8h] [rbp-CAE8h]
+  char v2181; // [rsp-CAD7h] [rbp-CAE7h]
+  char v2182; // [rsp-CAD6h] [rbp-CAE6h]
+  char v2183; // [rsp-CAD5h] [rbp-CAE5h]
+  char v2184; // [rsp-CAD4h] [rbp-CAE4h]
+  char v2185; // [rsp-CAD3h] [rbp-CAE3h]
+  char v2186; // [rsp-CAD2h] [rbp-CAE2h]
+  char v2187; // [rsp-CAD1h] [rbp-CAE1h]
+  char v2188; // [rsp-CAD0h] [rbp-CAE0h]
+  char v2189; // [rsp-CACFh] [rbp-CADFh]
+  _BYTE v2190[6]; // [rsp-CACEh] [rbp-CADEh]
+  signed __int16 v2191; // [rsp-CAB8h] [rbp-CAC8h]
+  signed int v2192; // [rsp-CAB4h] [rbp-CAC4h]
+  char v2193; // [rsp-CAB0h] [rbp-CAC0h]
+  char v2194; // [rsp-CAAFh] [rbp-CABFh]
+  char v2195; // [rsp-CAAEh] [rbp-CABEh]
+  char v2196; // [rsp-CAADh] [rbp-CABDh]
+  char v2197; // [rsp-CAACh] [rbp-CABCh]
+  char v2198; // [rsp-CAABh] [rbp-CABBh]
+  char v2199; // [rsp-CAAAh] [rbp-CABAh]
+  char v2200; // [rsp-CAA9h] [rbp-CAB9h]
+  char v2201; // [rsp-CAA8h] [rbp-CAB8h]
+  char v2202; // [rsp-CAA7h] [rbp-CAB7h]
+  char v2203; // [rsp-CAA6h] [rbp-CAB6h]
+  _BYTE v2204[5]; // [rsp-CAA5h] [rbp-CAB5h]
+  signed __int16 v2205; // [rsp-CA90h] [rbp-CAA0h]
+  signed int v2206; // [rsp-CA8Ch] [rbp-CA9Ch]
+  char v2207; // [rsp-CA88h] [rbp-CA98h]
+  char v2208; // [rsp-CA87h] [rbp-CA97h]
+  char v2209; // [rsp-CA86h] [rbp-CA96h]
+  char v2210; // [rsp-CA85h] [rbp-CA95h]
+  char v2211; // [rsp-CA84h] [rbp-CA94h]
+  char v2212; // [rsp-CA83h] [rbp-CA93h]
+  char v2213; // [rsp-CA82h] [rbp-CA92h]
+  char v2214; // [rsp-CA81h] [rbp-CA91h]
+  char v2215; // [rsp-CA80h] [rbp-CA90h]
+  char v2216; // [rsp-CA7Fh] [rbp-CA8Fh]
+  char v2217; // [rsp-CA7Eh] [rbp-CA8Eh]
+  char v2218; // [rsp-CA7Dh] [rbp-CA8Dh]
+  char v2219; // [rsp-CA7Ch] [rbp-CA8Ch]
+  char v2220; // [rsp-CA7Bh] [rbp-CA8Bh]
+  char v2221; // [rsp-CA7Ah] [rbp-CA8Ah]
+  char v2222; // [rsp-CA79h] [rbp-CA89h]
+  char v2223; // [rsp-CA78h] [rbp-CA88h]
+  char v2224; // [rsp-CA77h] [rbp-CA87h]
+  char v2225; // [rsp-CA76h] [rbp-CA86h]
+  char v2226; // [rsp-CA75h] [rbp-CA85h]
+  char v2227; // [rsp-CA74h] [rbp-CA84h]
+  char v2228; // [rsp-CA73h] [rbp-CA83h]
+  char v2229; // [rsp-CA72h] [rbp-CA82h]
+  char v2230; // [rsp-CA71h] [rbp-CA81h]
+  char v2231; // [rsp-CA70h] [rbp-CA80h]
+  char v2232; // [rsp-CA6Fh] [rbp-CA7Fh]
+  char v2233; // [rsp-CA6Eh] [rbp-CA7Eh]
+  char v2234; // [rsp-CA6Dh] [rbp-CA7Dh]
+  char v2235; // [rsp-CA6Ch] [rbp-CA7Ch]
+  char v2236; // [rsp-CA6Bh] [rbp-CA7Bh]
+  char v2237; // [rsp-CA6Ah] [rbp-CA7Ah]
+  char v2238; // [rsp-CA69h] [rbp-CA79h]
+  signed __int16 v2239; // [rsp-CA68h] [rbp-CA78h]
+  signed int v2240; // [rsp-CA64h] [rbp-CA74h]
+  char v2241; // [rsp-CA60h] [rbp-CA70h]
+  char v2242; // [rsp-CA5Fh] [rbp-CA6Fh]
+  char v2243; // [rsp-CA5Eh] [rbp-CA6Eh]
+  char v2244; // [rsp-CA5Dh] [rbp-CA6Dh]
+  char v2245; // [rsp-CA5Ch] [rbp-CA6Ch]
+  char v2246; // [rsp-CA5Bh] [rbp-CA6Bh]
+  char v2247; // [rsp-CA5Ah] [rbp-CA6Ah]
+  char v2248; // [rsp-CA59h] [rbp-CA69h]
+  char v2249; // [rsp-CA58h] [rbp-CA68h]
+  char v2250; // [rsp-CA57h] [rbp-CA67h]
+  char v2251; // [rsp-CA56h] [rbp-CA66h]
+  char v2252; // [rsp-CA55h] [rbp-CA65h]
+  char v2253; // [rsp-CA54h] [rbp-CA64h]
+  char v2254; // [rsp-CA53h] [rbp-CA63h]
+  char v2255; // [rsp-CA52h] [rbp-CA62h]
+  char v2256; // [rsp-CA51h] [rbp-CA61h]
+  char v2257; // [rsp-CA50h] [rbp-CA60h]
+  char v2258; // [rsp-CA4Fh] [rbp-CA5Fh]
+  char v2259; // [rsp-CA4Eh] [rbp-CA5Eh]
+  char v2260; // [rsp-CA4Dh] [rbp-CA5Dh]
+  char v2261; // [rsp-CA4Ch] [rbp-CA5Ch]
+  char v2262; // [rsp-CA4Bh] [rbp-CA5Bh]
+  char v2263; // [rsp-CA4Ah] [rbp-CA5Ah]
+  char v2264; // [rsp-CA49h] [rbp-CA59h]
+  char v2265; // [rsp-CA48h] [rbp-CA58h]
+  char v2266; // [rsp-CA47h] [rbp-CA57h]
+  char v2267; // [rsp-CA46h] [rbp-CA56h]
+  char v2268; // [rsp-CA45h] [rbp-CA55h]
+  char v2269; // [rsp-CA44h] [rbp-CA54h]
+  char v2270; // [rsp-CA43h] [rbp-CA53h]
+  char v2271; // [rsp-CA42h] [rbp-CA52h]
+  char v2272; // [rsp-CA41h] [rbp-CA51h]
+  signed __int16 v2273; // [rsp-CA40h] [rbp-CA50h]
+  signed int v2274; // [rsp-CA3Ch] [rbp-CA4Ch]
+  char v2275; // [rsp-CA38h] [rbp-CA48h]
+  char v2276; // [rsp-CA37h] [rbp-CA47h]
+  char v2277; // [rsp-CA36h] [rbp-CA46h]
+  char v2278; // [rsp-CA35h] [rbp-CA45h]
+  char v2279; // [rsp-CA34h] [rbp-CA44h]
+  char v2280; // [rsp-CA33h] [rbp-CA43h]
+  char v2281; // [rsp-CA32h] [rbp-CA42h]
+  char v2282; // [rsp-CA31h] [rbp-CA41h]
+  char v2283; // [rsp-CA30h] [rbp-CA40h]
+  char v2284; // [rsp-CA2Fh] [rbp-CA3Fh]
+  char v2285; // [rsp-CA2Eh] [rbp-CA3Eh]
+  char v2286; // [rsp-CA2Dh] [rbp-CA3Dh]
+  char v2287; // [rsp-CA2Ch] [rbp-CA3Ch]
+  char v2288; // [rsp-CA2Bh] [rbp-CA3Bh]
+  char v2289; // [rsp-CA2Ah] [rbp-CA3Ah]
+  char v2290; // [rsp-CA29h] [rbp-CA39h]
+  char v2291; // [rsp-CA28h] [rbp-CA38h]
+  char v2292; // [rsp-CA27h] [rbp-CA37h]
+  char v2293; // [rsp-CA26h] [rbp-CA36h]
+  char v2294; // [rsp-CA25h] [rbp-CA35h]
+  char v2295; // [rsp-CA24h] [rbp-CA34h]
+  char v2296; // [rsp-CA23h] [rbp-CA33h]
+  char v2297; // [rsp-CA22h] [rbp-CA32h]
+  char v2298; // [rsp-CA21h] [rbp-CA31h]
+  char v2299; // [rsp-CA20h] [rbp-CA30h]
+  char v2300; // [rsp-CA1Fh] [rbp-CA2Fh]
+  char v2301; // [rsp-CA1Eh] [rbp-CA2Eh]
+  char v2302; // [rsp-CA1Dh] [rbp-CA2Dh]
+  char v2303; // [rsp-CA1Ch] [rbp-CA2Ch]
+  char v2304; // [rsp-CA1Bh] [rbp-CA2Bh]
+  char v2305; // [rsp-CA1Ah] [rbp-CA2Ah]
+  char v2306; // [rsp-CA19h] [rbp-CA29h]
+  signed __int16 v2307; // [rsp-CA18h] [rbp-CA28h]
+  signed int v2308; // [rsp-CA14h] [rbp-CA24h]
+  char v2309; // [rsp-CA10h] [rbp-CA20h]
+  char v2310; // [rsp-CA0Fh] [rbp-CA1Fh]
+  char v2311; // [rsp-CA0Eh] [rbp-CA1Eh]
+  _BYTE v2312[5]; // [rsp-CA0Dh] [rbp-CA1Dh]
+  signed __int16 v2313; // [rsp-C9F0h] [rbp-CA00h]
+  signed int v2314; // [rsp-C9ECh] [rbp-C9FCh]
+  char v2315; // [rsp-C9E8h] [rbp-C9F8h]
+  char v2316; // [rsp-C9E7h] [rbp-C9F7h]
+  char v2317; // [rsp-C9E6h] [rbp-C9F6h]
+  char v2318; // [rsp-C9E5h] [rbp-C9F5h]
+  char v2319; // [rsp-C9E4h] [rbp-C9F4h]
+  char v2320; // [rsp-C9E3h] [rbp-C9F3h]
+  char v2321; // [rsp-C9E2h] [rbp-C9F2h]
+  char v2322; // [rsp-C9E1h] [rbp-C9F1h]
+  char v2323; // [rsp-C9E0h] [rbp-C9F0h]
+  char v2324; // [rsp-C9DFh] [rbp-C9EFh]
+  char v2325; // [rsp-C9DEh] [rbp-C9EEh]
+  char v2326; // [rsp-C9DDh] [rbp-C9EDh]
+  char v2327; // [rsp-C9DCh] [rbp-C9ECh]
+  char v2328; // [rsp-C9DBh] [rbp-C9EBh]
+  char v2329; // [rsp-C9DAh] [rbp-C9EAh]
+  char v2330; // [rsp-C9D9h] [rbp-C9E9h]
+  char v2331; // [rsp-C9D8h] [rbp-C9E8h]
+  char v2332; // [rsp-C9D7h] [rbp-C9E7h]
+  char v2333; // [rsp-C9D6h] [rbp-C9E6h]
+  char v2334; // [rsp-C9D5h] [rbp-C9E5h]
+  char v2335; // [rsp-C9D4h] [rbp-C9E4h]
+  char v2336; // [rsp-C9D3h] [rbp-C9E3h]
+  char v2337; // [rsp-C9D2h] [rbp-C9E2h]
+  char v2338; // [rsp-C9D1h] [rbp-C9E1h]
+  char v2339; // [rsp-C9D0h] [rbp-C9E0h]
+  char v2340; // [rsp-C9CFh] [rbp-C9DFh]
+  char v2341; // [rsp-C9CEh] [rbp-C9DEh]
+  char v2342; // [rsp-C9CDh] [rbp-C9DDh]
+  char v2343; // [rsp-C9CCh] [rbp-C9DCh]
+  char v2344; // [rsp-C9CBh] [rbp-C9DBh]
+  char v2345; // [rsp-C9CAh] [rbp-C9DAh]
+  char v2346; // [rsp-C9C9h] [rbp-C9D9h]
+  signed __int16 v2347; // [rsp-C9C8h] [rbp-C9D8h]
+  signed int v2348; // [rsp-C9C4h] [rbp-C9D4h]
+  char v2349; // [rsp-C9C0h] [rbp-C9D0h]
+  char v2350; // [rsp-C9BFh] [rbp-C9CFh]
+  char v2351; // [rsp-C9BEh] [rbp-C9CEh]
+  char v2352; // [rsp-C9BDh] [rbp-C9CDh]
+  char v2353; // [rsp-C9BCh] [rbp-C9CCh]
+  char v2354; // [rsp-C9BBh] [rbp-C9CBh]
+  char v2355; // [rsp-C9BAh] [rbp-C9CAh]
+  char v2356; // [rsp-C9B9h] [rbp-C9C9h]
+  char v2357; // [rsp-C9B8h] [rbp-C9C8h]
+  char v2358; // [rsp-C9B7h] [rbp-C9C7h]
+  char v2359; // [rsp-C9B6h] [rbp-C9C6h]
+  char v2360; // [rsp-C9B5h] [rbp-C9C5h]
+  char v2361; // [rsp-C9B4h] [rbp-C9C4h]
+  char v2362; // [rsp-C9B3h] [rbp-C9C3h]
+  char v2363; // [rsp-C9B2h] [rbp-C9C2h]
+  char v2364; // [rsp-C9B1h] [rbp-C9C1h]
+  char v2365; // [rsp-C9B0h] [rbp-C9C0h]
+  char v2366; // [rsp-C9AFh] [rbp-C9BFh]
+  char v2367; // [rsp-C9AEh] [rbp-C9BEh]
+  char v2368; // [rsp-C9ADh] [rbp-C9BDh]
+  char v2369; // [rsp-C9ACh] [rbp-C9BCh]
+  char v2370; // [rsp-C9ABh] [rbp-C9BBh]
+  char v2371; // [rsp-C9AAh] [rbp-C9BAh]
+  char v2372; // [rsp-C9A9h] [rbp-C9B9h]
+  char v2373; // [rsp-C9A8h] [rbp-C9B8h]
+  char v2374; // [rsp-C9A7h] [rbp-C9B7h]
+  char v2375; // [rsp-C9A6h] [rbp-C9B6h]
+  char v2376; // [rsp-C9A5h] [rbp-C9B5h]
+  char v2377; // [rsp-C9A4h] [rbp-C9B4h]
+  char v2378; // [rsp-C9A3h] [rbp-C9B3h]
+  char v2379; // [rsp-C9A2h] [rbp-C9B2h]
+  char v2380; // [rsp-C9A1h] [rbp-C9B1h]
+  signed __int16 v2381; // [rsp-C9A0h] [rbp-C9B0h]
+  signed int v2382; // [rsp-C99Ch] [rbp-C9ACh]
+  char v2383; // [rsp-C998h] [rbp-C9A8h]
+  char v2384; // [rsp-C997h] [rbp-C9A7h]
+  char v2385; // [rsp-C996h] [rbp-C9A6h]
+  char v2386; // [rsp-C995h] [rbp-C9A5h]
+  char v2387; // [rsp-C994h] [rbp-C9A4h]
+  char v2388; // [rsp-C993h] [rbp-C9A3h]
+  char v2389; // [rsp-C992h] [rbp-C9A2h]
+  char v2390; // [rsp-C991h] [rbp-C9A1h]
+  char v2391; // [rsp-C990h] [rbp-C9A0h]
+  char v2392; // [rsp-C98Fh] [rbp-C99Fh]
+  char v2393; // [rsp-C98Eh] [rbp-C99Eh]
+  char v2394; // [rsp-C98Dh] [rbp-C99Dh]
+  char v2395; // [rsp-C98Ch] [rbp-C99Ch]
+  char v2396; // [rsp-C98Bh] [rbp-C99Bh]
+  char v2397; // [rsp-C98Ah] [rbp-C99Ah]
+  char v2398; // [rsp-C989h] [rbp-C999h]
+  char v2399; // [rsp-C988h] [rbp-C998h]
+  char v2400; // [rsp-C987h] [rbp-C997h]
+  char v2401; // [rsp-C986h] [rbp-C996h]
+  char v2402; // [rsp-C985h] [rbp-C995h]
+  char v2403; // [rsp-C984h] [rbp-C994h]
+  char v2404; // [rsp-C983h] [rbp-C993h]
+  char v2405; // [rsp-C982h] [rbp-C992h]
+  char v2406; // [rsp-C981h] [rbp-C991h]
+  char v2407; // [rsp-C980h] [rbp-C990h]
+  char v2408; // [rsp-C97Fh] [rbp-C98Fh]
+  char v2409; // [rsp-C97Eh] [rbp-C98Eh]
+  char v2410; // [rsp-C97Dh] [rbp-C98Dh]
+  char v2411; // [rsp-C97Ch] [rbp-C98Ch]
+  char v2412; // [rsp-C97Bh] [rbp-C98Bh]
+  char v2413; // [rsp-C97Ah] [rbp-C98Ah]
+  char v2414; // [rsp-C979h] [rbp-C989h]
+  signed __int16 v2415; // [rsp-C978h] [rbp-C988h]
+  signed __int16 v2416; // [rsp-C976h] [rbp-C986h]
+  signed __int16 v2417; // [rsp-C974h] [rbp-C984h]
+  signed __int16 v2418; // [rsp-C972h] [rbp-C982h]
+  signed __int16 v2419; // [rsp-C970h] [rbp-C980h]
+  signed __int16 v2420; // [rsp-C96Eh] [rbp-C97Eh]
+  signed __int16 v2421; // [rsp-C96Ch] [rbp-C97Ch]
+  __int16 v2422; // [rsp-C96Ah] [rbp-C97Ah]
+  char v2423; // [rsp-C968h] [rbp-C978h]
+  char v2424; // [rsp-C967h] [rbp-C977h]
+  unsigned __int8 v2425; // [rsp-C966h] [rbp-C976h]
+  unsigned __int64 v2426; // [rsp-C965h] [rbp-C975h]
+  int v2427; // [rsp-C95Dh] [rbp-C96Dh]
+  int v2428; // [rsp-C959h] [rbp-C969h]
+  _BYTE v2429[5]; // [rsp-C955h] [rbp-C965h]
+  __int64 v2430; // [rsp-C940h] [rbp-C950h]
+  unsigned __int64 v2431; // [rsp-C928h] [rbp-C938h]
+  int v2432; // [rsp-C920h] [rbp-C930h]
+  int v2433; // [rsp-C91Ch] [rbp-C92Ch]
+  int v2434; // [rsp-C918h] [rbp-C928h]
+  signed int v2435; // [rsp-C908h] [rbp-C918h]
+  char v2436; // [rsp-C904h] [rbp-C914h]
+  char v2437; // [rsp-C903h] [rbp-C913h]
+  char v2438; // [rsp-C902h] [rbp-C912h]
+  char v2439; // [rsp-C901h] [rbp-C911h]
+  char v2440; // [rsp-C900h] [rbp-C910h]
+  char v2441; // [rsp-C8FFh] [rbp-C90Fh]
+  char v2442; // [rsp-C8FEh] [rbp-C90Eh]
+  char v2443; // [rsp-C8FDh] [rbp-C90Dh]
+  int v2444; // [rsp-C8FCh] [rbp-C90Ch]
+  signed int v2445; // [rsp-C8ECh] [rbp-C8FCh]
+  char v2446; // [rsp-C8E8h] [rbp-C8F8h]
+  char v2447; // [rsp-C8E7h] [rbp-C8F7h]
+  char v2448; // [rsp-C8E6h] [rbp-C8F6h]
+  char v2449; // [rsp-C8E5h] [rbp-C8F5h]
+  int v2450; // [rsp-C8E4h] [rbp-C8F4h]
+  signed int v2451; // [rsp-C8D0h] [rbp-C8E0h]
+  char v2452; // [rsp-C8CCh] [rbp-C8DCh]
+  char v2453; // [rsp-C8CBh] [rbp-C8DBh]
+  char v2454; // [rsp-C8CAh] [rbp-C8DAh]
+  char v2455; // [rsp-C8C9h] [rbp-C8D9h]
+  char v2456; // [rsp-C8C8h] [rbp-C8D8h]
+  char v2457; // [rsp-C8C7h] [rbp-C8D7h]
+  char v2458; // [rsp-C8C6h] [rbp-C8D6h]
+  char v2459; // [rsp-C8C5h] [rbp-C8D5h]
+  char v2460; // [rsp-C8C4h] [rbp-C8D4h]
+  char v2461; // [rsp-C8C3h] [rbp-C8D3h]
+  char v2462; // [rsp-C8C2h] [rbp-C8D2h]
+  char v2463; // [rsp-C8C1h] [rbp-C8D1h]
+  char v2464; // [rsp-C8C0h] [rbp-C8D0h]
+  char v2465; // [rsp-C8BFh] [rbp-C8CFh]
+  char v2466; // [rsp-C8BEh] [rbp-C8CEh]
+  char v2467; // [rsp-C8BDh] [rbp-C8CDh]
+  int v2468; // [rsp-C8BCh] [rbp-C8CCh]
+  signed int v2469; // [rsp-C8B4h] [rbp-C8C4h]
+  char v2470; // [rsp-C8B0h] [rbp-C8C0h]
+  char v2471; // [rsp-C8AFh] [rbp-C8BFh]
+  char v2472; // [rsp-C8AEh] [rbp-C8BEh]
+  char v2473; // [rsp-C8ADh] [rbp-C8BDh]
+  char v2474; // [rsp-C8ACh] [rbp-C8BCh]
+  char v2475; // [rsp-C8ABh] [rbp-C8BBh]
+  char v2476; // [rsp-C8AAh] [rbp-C8BAh]
+  char v2477; // [rsp-C8A9h] [rbp-C8B9h]
+  char v2478; // [rsp-C8A8h] [rbp-C8B8h]
+  char v2479; // [rsp-C8A7h] [rbp-C8B7h]
+  char v2480; // [rsp-C8A6h] [rbp-C8B6h]
+  char v2481; // [rsp-C8A5h] [rbp-C8B5h]
+  char v2482; // [rsp-C8A4h] [rbp-C8B4h]
+  char v2483; // [rsp-C8A3h] [rbp-C8B3h]
+  char v2484; // [rsp-C8A2h] [rbp-C8B2h]
+  char v2485; // [rsp-C8A1h] [rbp-C8B1h]
+  char v2486; // [rsp-C8A0h] [rbp-C8B0h]
+  char v2487; // [rsp-C89Fh] [rbp-C8AFh]
+  char v2488; // [rsp-C89Eh] [rbp-C8AEh]
+  char v2489; // [rsp-C89Dh] [rbp-C8ADh]
+  char v2490; // [rsp-C89Ch] [rbp-C8ACh]
+  char v2491; // [rsp-C89Bh] [rbp-C8ABh]
+  char v2492; // [rsp-C89Ah] [rbp-C8AAh]
+  char v2493; // [rsp-C899h] [rbp-C8A9h]
+  signed int v2494; // [rsp-C898h] [rbp-C8A8h]
+  char v2495; // [rsp-C894h] [rbp-C8A4h]
+  char v2496; // [rsp-C893h] [rbp-C8A3h]
+  char v2497; // [rsp-C892h] [rbp-C8A2h]
+  char v2498; // [rsp-C891h] [rbp-C8A1h]
+  char v2499; // [rsp-C890h] [rbp-C8A0h]
+  char v2500; // [rsp-C88Fh] [rbp-C89Fh]
+  char v2501; // [rsp-C88Eh] [rbp-C89Eh]
+  char v2502; // [rsp-C88Dh] [rbp-C89Dh]
+  char v2503; // [rsp-C88Ch] [rbp-C89Ch]
+  char v2504; // [rsp-C88Bh] [rbp-C89Bh]
+  __int16 v2505; // [rsp-C88Ah] [rbp-C89Ah]
+  signed int v2506; // [rsp-C87Ch] [rbp-C88Ch]
+  char v2507; // [rsp-C878h] [rbp-C888h]
+  char v2508; // [rsp-C877h] [rbp-C887h]
+  char v2509; // [rsp-C876h] [rbp-C886h]
+  char v2510; // [rsp-C875h] [rbp-C885h]
+  char v2511; // [rsp-C874h] [rbp-C884h]
+  char v2512; // [rsp-C873h] [rbp-C883h]
+  char v2513; // [rsp-C872h] [rbp-C882h]
+  char v2514; // [rsp-C871h] [rbp-C881h]
+  __int64 v2515; // [rsp-C870h] [rbp-C880h]
+  void (__fastcall *free)(unsigned int *); // [rsp-C858h] [rbp-C868h]
+  void (__fastcall *Sleep)(signed __int64); // [rsp-C850h] [rbp-C860h]
+  __int64 (__fastcall *CreateFileA)(char *, signed __int64, signed __int64, _QWORD, _QWORD, _QWORD, _QWORD); // [rsp-C848h] [rbp-C858h]
+  __int64 v2519; // [rsp-C840h] [rbp-C850h]
+  __int64 (*GetCurrentProcess)(void); // [rsp-C838h] [rbp-C848h]
+  __int64 time; // [rsp-C830h] [rbp-C840h]
+  signed int v2522; // [rsp-C828h] [rbp-C838h]
+  __int64 TargetHandle; // [rsp-C820h] [rbp-C830h]
+  __int64 v2524; // [rsp-C818h] [rbp-C828h]
+  __int64 (__fastcall *CreateToolhelp32Snapshot)(signed __int64, _QWORD); // [rsp-C810h] [rbp-C820h]
+  __int64 hProcess_9; // [rsp-C808h] [rbp-C818h]
+  unsigned __int64 ll; // [rsp-C800h] [rbp-C810h]
+  __int64 hProcess_8; // [rsp-C7F8h] [rbp-C808h]
+  __int64 v2529; // [rsp-C7F0h] [rbp-C800h]
+  __int64 v2530; // [rsp-C7E8h] [rbp-C7F8h]
+  unsigned int (__fastcall *GetProcessTimes_2)(__int64, __int64 *, __int64 *, __int64 *, char *); // [rsp-C7E0h] [rbp-C7F0h]
+  __int64 v2532; // [rsp-C7D8h] [rbp-C7E8h]
+  signed __int64 v2533; // [rsp-C7D0h] [rbp-C7E0h]
+  int tickCount; // [rsp-C7C8h] [rbp-C7D8h]
+  int exitCode; // [rsp-C7C4h] [rbp-C7D4h]
+  __int64 v2536; // [rsp-C7C0h] [rbp-C7D0h]
+  int processId; // [rsp-C7B8h] [rbp-C7C8h]
+  __int64 v2538; // [rsp-C7B0h] [rbp-C7C0h]
+  signed int v2539; // [rsp-C7A8h] [rbp-C7B8h]
+  unsigned int (__fastcall *GetFileAttributesExW)(__int64 *, _QWORD, __int64 *); // [rsp-C7A0h] [rbp-C7B0h]
+  __int64 (*GetTickCount)(void); // [rsp-C798h] [rbp-C7A8h]
+  __int64 (__fastcall *LoadLibraryA)(char *); // [rsp-C790h] [rbp-C7A0h]
+  __int64 (__fastcall *malloc)(signed __int64); // [rsp-C788h] [rbp-C798h]
+  unsigned int (__fastcall *GetExtendedTcpTable)(unsigned int *, unsigned int *, _QWORD, signed __int64, _QWORD, _QWORD); // [rsp-C780h] [rbp-C790h]
+  __int64 hPsApi; // [rsp-C778h] [rbp-C788h]
+  unsigned __int64 v2546; // [rsp-C770h] [rbp-C780h]
+  __int64 v2547; // [rsp-C768h] [rbp-C778h]
+  unsigned int (__fastcall *GetProcessTimes_1)(__int64, __int64 *, __int64 *, __int64 *, __int64 *); // [rsp-C758h] [rbp-C768h]
+  unsigned __int64 i5; // [rsp-C750h] [rbp-C760h]
+  __int64 hProcess_10; // [rsp-C748h] [rbp-C758h]
+  signed int (__fastcall *NtQueryInformationProcess)(__int64, signed __int64, signed __int64 *, signed __int64, _QWORD); // [rsp-C740h] [rbp-C750h]
+  unsigned int (*GetLastError_4)(void); // [rsp-C738h] [rbp-C748h]
+  __int64 (__fastcall *GetWindowLongA)(__int64, signed __int64); // [rsp-C730h] [rbp-C740h]
+  unsigned __int64 v2554; // [rsp-C728h] [rbp-C738h]
+  __int64 v2555; // [rsp-C720h] [rbp-C730h]
+  void (__fastcall *AdjustTokenPrivilege)(__int64, _QWORD, signed int *, _QWORD, _QWORD, _QWORD); // [rsp-C718h] [rbp-C728h]
+  __int64 hMsHtml; // [rsp-C710h] [rbp-C720h]
+  unsigned int (__fastcall *LookUpPrivilegeValue)(_QWORD, char *, __int64 *); // [rsp-C708h] [rbp-C718h]
+  signed __int64 v2559; // [rsp-C700h] [rbp-C710h]
+  signed __int64 v2560; // [rsp-C6F8h] [rbp-C708h]
+  unsigned int (__fastcall *OpenProcessToken)(signed __int64, signed __int64, __int64 *); // [rsp-C6F0h] [rbp-C700h]
+  __int64 hMMRes; // [rsp-C6E8h] [rbp-C6F8h]
+  __int64 NtProtectVirtualMemory; // [rsp-C6E0h] [rbp-C6F0h]
+  void (__fastcall *memcpy)(__int64 *, unsigned __int64, signed __int64); // [rsp-C6D8h] [rbp-C6E8h]
+  __int64 tokenHandle; // [rsp-C6D0h] [rbp-C6E0h]
+  char v2566; // [rsp-C6C8h] [rbp-C6D8h]
+  char v2567; // [rsp-C6C7h] [rbp-C6D7h]
+  __int64 v2568; // [rsp-C6C6h] [rbp-C6D6h]
+  int v2569; // [rsp-C6BEh] [rbp-C6CEh]
+  int v2570; // [rsp-C6BAh] [rbp-C6CAh]
+  char v2571; // [rsp-C6B0h] [rbp-C6C0h]
+  char v2572; // [rsp-C6AFh] [rbp-C6BFh]
+  __int64 v2573; // [rsp-C6AEh] [rbp-C6BEh]
+  int v2574; // [rsp-C6A6h] [rbp-C6B6h]
+  int v2575; // [rsp-C6A2h] [rbp-C6B2h]
+  char v2576; // [rsp-C698h] [rbp-C6A8h]
+  char v2577; // [rsp-C697h] [rbp-C6A7h]
+  char v2578; // [rsp-C696h] [rbp-C6A6h]
+  __int64 v2579; // [rsp-C695h] [rbp-C6A5h]
+  __int64 v2580; // [rsp-C68Dh] [rbp-C69Dh]
+  char v2581; // [rsp-C680h] [rbp-C690h]
+  char v2582; // [rsp-C67Fh] [rbp-C68Fh]
+  char v2583; // [rsp-C67Eh] [rbp-C68Eh]
+  __int64 v2584; // [rsp-C67Dh] [rbp-C68Dh]
+  __int64 v2585; // [rsp-C675h] [rbp-C685h]
+  char v2586; // [rsp-C668h] [rbp-C678h]
+  char v2587; // [rsp-C667h] [rbp-C677h]
+  char v2588; // [rsp-C666h] [rbp-C676h]
+  __int64 v2589; // [rsp-C665h] [rbp-C675h]
+  __int64 v2590; // [rsp-C65Dh] [rbp-C66Dh]
+  _BYTE v2591[3]; // [rsp-C653h] [rbp-C663h]
+  __int16 v2592; // [rsp-C652h] [rbp-C662h]
+  _BYTE v2593[6]; // [rsp-C64Eh] [rbp-C65Eh]
+  char v2594; // [rsp-C648h] [rbp-C658h]
+  char v2595; // [rsp-C647h] [rbp-C657h]
+  _BYTE v2596[6]; // [rsp-C646h] [rbp-C656h]
+  _BYTE v2597[6]; // [rsp-C63Eh] [rbp-C64Eh]
+  char v2598; // [rsp-C631h] [rbp-C641h]
+  __int64 v2599; // [rsp-C548h] [rbp-C558h]
+  unsigned __int16 v2600; // [rsp-C540h] [rbp-C550h]
+  signed __int16 v2601; // [rsp-C53Eh] [rbp-C54Eh]
+  __int64 *v2602; // [rsp-C538h] [rbp-C548h]
+  char v2603; // [rsp-C530h] [rbp-C540h]
+  char v2604; // [rsp-C52Fh] [rbp-C53Fh]
+  __int16 v2605; // [rsp-C52Eh] [rbp-C53Eh]
+  int v2606; // [rsp-C52Ch] [rbp-C53Ch]
+  unsigned __int8 v2607; // [rsp-C528h] [rbp-C538h]
+  __int64 v2608; // [rsp-C518h] [rbp-C528h]
+  unsigned __int16 v2609; // [rsp-C510h] [rbp-C520h]
+  signed __int16 v2610; // [rsp-C50Eh] [rbp-C51Eh]
+  __int64 *v2611; // [rsp-C508h] [rbp-C518h]
+  char v2612; // [rsp-C500h] [rbp-C510h]
+  char v2613; // [rsp-C4FFh] [rbp-C50Fh]
+  __int16 v2614; // [rsp-C4FEh] [rbp-C50Eh]
+  int v2615; // [rsp-C4FCh] [rbp-C50Ch]
+  unsigned __int8 v2616; // [rsp-C4F8h] [rbp-C508h]
+  __int64 systemInformation; // [rsp-C4E8h] [rbp-C4F8h]
+  unsigned __int16 v2618; // [rsp-C4E0h] [rbp-C4F0h]
+  signed __int16 v2619; // [rsp-C4DEh] [rbp-C4EEh]
+  __int64 *v2620; // [rsp-C4D8h] [rbp-C4E8h]
+  __int64 v2621; // [rsp-C4D0h] [rbp-C4E0h]
+  unsigned __int64 v2622; // [rsp-C4B8h] [rbp-C4C8h]
+  int v2623; // [rsp-C4B0h] [rbp-C4C0h]
+  int v2624; // [rsp-C4ACh] [rbp-C4BCh]
+  int v2625; // [rsp-C4A8h] [rbp-C4B8h]
+  char v2626; // [rsp-C4A0h] [rbp-C4B0h]
+  char v2627; // [rsp-C49Fh] [rbp-C4AFh]
+  signed __int16 v2628; // [rsp-C49Eh] [rbp-C4AEh]
+  __int64 v2629; // [rsp-C49Ch] [rbp-C4ACh]
+  unsigned __int64 v2630; // [rsp-C494h] [rbp-C4A4h]
+  int v2631; // [rsp-C48Ch] [rbp-C49Ch]
+  int v2632; // [rsp-C488h] [rbp-C498h]
+  char v2633; // [rsp-C480h] [rbp-C490h]
+  char v2634; // [rsp-C47Fh] [rbp-C48Fh]
+  signed __int16 v2635; // [rsp-C47Eh] [rbp-C48Eh]
+  unsigned __int64 v2636; // [rsp-C47Ch] [rbp-C48Ch]
+  __int64 v2637; // [rsp-C474h] [rbp-C484h]
+  int v2638; // [rsp-C46Ch] [rbp-C47Ch]
+  int v2639; // [rsp-C468h] [rbp-C478h]
+  char v2640; // [rsp-C460h] [rbp-C470h]
+  char v2641; // [rsp-C45Fh] [rbp-C46Fh]
+  __int16 v2642; // [rsp-C45Eh] [rbp-C46Eh]
+  unsigned __int64 v2643; // [rsp-C45Ch] [rbp-C46Ch]
+  unsigned __int64 v2644; // [rsp-C454h] [rbp-C464h]
+  int v2645; // [rsp-C44Ch] [rbp-C45Ch]
+  int v2646; // [rsp-C448h] [rbp-C458h]
+  char v2647; // [rsp-C440h] [rbp-C450h]
+  char v2648; // [rsp-C43Fh] [rbp-C44Fh]
+  signed __int16 v2649; // [rsp-C43Eh] [rbp-C44Eh]
+  __int64 v2650; // [rsp-C43Ch] [rbp-C44Ch]
+  __int64 v2651; // [rsp-C434h] [rbp-C444h]
+  int v2652; // [rsp-C42Ch] [rbp-C43Ch]
+  int v2653; // [rsp-C428h] [rbp-C438h]
+  unsigned int (__fastcall *Thread32Next)(__int64, signed int *); // [rsp-C420h] [rbp-C430h]
+  unsigned int (__fastcall *GetThreadContext)(__int64, __int64 *); // [rsp-C418h] [rbp-C428h]
+  void (__fastcall *SuspendThread)(__int64); // [rsp-C410h] [rbp-C420h]
+  __int64 (__fastcall *ResumeThread)(__int64); // [rsp-C408h] [rbp-C418h]
+  signed int v2658; // [rsp-C400h] [rbp-C410h]
+  __int64 v2659; // [rsp-C3FCh] [rbp-C40Ch]
+  signed int v2660; // [rsp-C3F4h] [rbp-C404h]
+  __int64 v2661; // [rsp-C3F0h] [rbp-C400h]
+  __int64 (__fastcall *OpenThread)(signed __int64, _QWORD, _QWORD); // [rsp-C3E0h] [rbp-C3F0h]
+  unsigned int (__fastcall *Thread32First)(__int64, signed int *); // [rsp-C3D8h] [rbp-C3E8h]
+  unsigned int (__fastcall *Module32Next)(__int64, signed int *); // [rsp-C3D0h] [rbp-C3E0h]
+  unsigned int (__fastcall *Module32First)(__int64, signed int *); // [rsp-C3C8h] [rbp-C3D8h]
+  unsigned int (*GetLastError_2)(void); // [rsp-C3C0h] [rbp-C3D0h]
+  __int64 v2667; // [rsp-C3B8h] [rbp-C3C8h]
+  __int64 v2668; // [rsp-C3B0h] [rbp-C3C0h]
+  unsigned int (*GetLastError_3)(void); // [rsp-C3A8h] [rbp-C3B8h]
+  unsigned int (__fastcall *GetProcessTimes_3)(__int64, __int64 *, __int64 *, __int64 *, __int64 *); // [rsp-C3A0h] [rbp-C3B0h]
+  _BYTE *v2671; // [rsp-C398h] [rbp-C3A8h]
+  unsigned int (__fastcall *GetFileAttributesExW_1)(__int64 *, _QWORD, __int64 *); // [rsp-C390h] [rbp-C3A0h]
+  unsigned int (__fastcall *Process32First)(__int64, signed int *); // [rsp-C388h] [rbp-C398h]
+  unsigned int (__fastcall *ReadFile)(__int64, __int64 *, signed __int64, char *, _QWORD); // [rsp-C380h] [rbp-C390h]
+  signed __int64 v2675; // [rsp-C378h] [rbp-C388h]
+  signed __int64 v2676; // [rsp-C370h] [rbp-C380h]
+  __int64 (__fastcall *GetProcessId)(__int64); // [rsp-C368h] [rbp-C378h]
+  unsigned int (__fastcall *wcsnicmp)(__int64, signed __int16 *, _QWORD); // [rsp-C360h] [rbp-C370h]
+  __int64 (__fastcall *NtQueryObject)(__int64, signed __int64, unsigned __int16 *, signed __int64, _QWORD); // [rsp-C358h] [rbp-C368h]
+  signed __int64 v2680; // [rsp-C350h] [rbp-C360h]
+  unsigned int (__fastcall *DuplicateHandle)(__int64, _QWORD, __int64, __int64 *, _QWORD, _QWORD, _QWORD); // [rsp-C348h] [rbp-C358h]
+  unsigned int (__fastcall *EnumProcesses)(__int64 *, signed __int64, unsigned int *); // [rsp-C340h] [rbp-C350h]
+  signed __int64 v2683; // [rsp-C338h] [rbp-C348h]
+  signed __int64 v2684; // [rsp-C330h] [rbp-C340h]
+  signed __int64 v2685; // [rsp-C328h] [rbp-C338h]
+  __int64 (__fastcall *realloc)(unsigned int *, _QWORD); // [rsp-C320h] [rbp-C330h]
+  void (__fastcall *GetWindowRect)(__int64, __int64); // [rsp-C318h] [rbp-C328h]
+  __int64 (__fastcall *GetClassNameW)(__int64, __int64 *, signed __int64); // [rsp-C310h] [rbp-C320h]
+  __int64 (__fastcall *GetWindowTextW)(__int64, __int64 *, signed __int64); // [rsp-C308h] [rbp-C318h]
+  unsigned int (__fastcall *Process32Next)(__int64, signed int *); // [rsp-C300h] [rbp-C310h]
+  __int64 (__fastcall *GetWindowTextA)(__int64, char *, signed __int64); // [rsp-C2F8h] [rbp-C308h]
+  char v2692; // [rsp-C2F0h] [rbp-C300h]
+  char v2693; // [rsp-C2EFh] [rbp-C2FFh]
+  __int16 v2694; // [rsp-C2EEh] [rbp-C2FEh]
+  int v2695; // [rsp-C2ECh] [rbp-C2FCh]
+  __int64 v2696; // [rsp-C2E8h] [rbp-C2F8h]
+  __int64 (__fastcall *GetTopWindow)(_QWORD); // [rsp-C2D8h] [rbp-C2E8h]
+  __int64 privelegeValue; // [rsp-C2D0h] [rbp-C2E0h]
+  unsigned int (*GetLastError_1)(void); // [rsp-C2C8h] [rbp-C2D8h]
+  unsigned int (__fastcall *GetProcessTimes)(__int64, __int64 *, __int64 *, __int64 *, __int64 *); // [rsp-C2C0h] [rbp-C2D0h]
+  __int64 (*GetLastError)(void); // [rsp-C2B8h] [rbp-C2C8h]
+  __int64 v2702; // [rsp-C2B0h] [rbp-C2C0h]
+  __int64 v2703; // [rsp-C2A8h] [rbp-C2B8h]
+  __int64 v2704; // [rsp-C2A0h] [rbp-C2B0h]
+  __int64 v2705; // [rsp-C298h] [rbp-C2A8h]
+  void (__fastcall *GetWindowThreadProcessId)(__int64, char *); // [rsp-C290h] [rbp-C2A0h]
+  unsigned int (__fastcall *GetExitCodeProcess)(__int64, int *); // [rsp-C288h] [rbp-C298h]
+  __int64 v2708; // [rsp-C280h] [rbp-C290h]
+  __int64 v2709; // [rsp-C278h] [rbp-C288h]
+  _BYTE *v2710; // [rsp-C270h] [rbp-C280h]
+  __int64 fileInformation; // [rsp-C268h] [rbp-C278h]
+  signed int v2712; // [rsp-C248h] [rbp-C258h]
+  __int64 v2713; // [rsp-C240h] [rbp-C250h]
+  int v2714; // [rsp-C220h] [rbp-C230h]
+  int v2715; // [rsp-C21Ch] [rbp-C22Ch]
+  __int64 v2716; // [rsp-C210h] [rbp-C220h]
+  signed int processEntry; // [rsp-C1F8h] [rbp-C208h]
+  unsigned int processId_1; // [rsp-C1F0h] [rbp-C200h]
+  unsigned int v2719; // [rsp-C1D8h] [rbp-C1E8h]
+  int v2720; // [rsp-C1CCh] [rbp-C1DCh]
+  int v2721; // [rsp-C1C8h] [rbp-C1D8h]
+  int v2722; // [rsp-C1C4h] [rbp-C1D4h]
+  char v2723; // [rsp-C0C8h] [rbp-C0D8h]
+  char v2724; // [rsp-C0C7h] [rbp-C0D7h]
+  unsigned __int64 v2725; // [rsp-C0C6h] [rbp-C0D6h]
+  int v2726; // [rsp-C0BEh] [rbp-C0CEh]
+  int v2727; // [rsp-C0BAh] [rbp-C0CAh]
+  _QWORD *v2728; // [rsp-C0B6h] [rbp-C0C6h]
+  __int64 v2729; // [rsp-C0AEh] [rbp-C0BEh]
+  __int64 v2730; // [rsp-C0A6h] [rbp-C0B6h]
+  __int64 v2731; // [rsp-C09Eh] [rbp-C0AEh]
+  __int64 v2732; // [rsp-C096h] [rbp-C0A6h]
+  signed int v2733; // [rsp-C088h] [rbp-C098h]
+  unsigned int v2734; // [rsp-C080h] [rbp-C090h]
+  int v2735; // [rsp-C07Ch] [rbp-C08Ch]
+  __int64 CreateFileA_1; // [rsp-C068h] [rbp-C078h]
+  __int64 v2737; // [rsp-C060h] [rbp-C070h]
+  __int64 v2738; // [rsp-C058h] [rbp-C068h]
+  signed __int64 v2739; // [rsp-C050h] [rbp-C060h]
+  __int64 v2740; // [rsp-C048h] [rbp-C058h]
+  _BYTE v2741[7]; // [rsp-C03Fh] [rbp-C04Fh]
+  char v2742; // [rsp-C038h] [rbp-C048h]
+  char v2743; // [rsp-C037h] [rbp-C047h]
+  _BYTE v2744[6]; // [rsp-C036h] [rbp-C046h]
+  int v2745; // [rsp-BF48h] [rbp-BF58h]
+  _BYTE v2746[3]; // [rsp-BF43h] [rbp-BF53h]
+  __int16 v2747; // [rsp-BF42h] [rbp-BF52h]
+  __int64 v2748; // [rsp-BE68h] [rbp-BE78h]
+  int v2749; // [rsp-BE48h] [rbp-BE58h]
+  int v2750; // [rsp-BE44h] [rbp-BE54h]
+  __int64 v2751; // [rsp-BE38h] [rbp-BE48h]
+  int v2752; // [rsp-BE18h] [rbp-BE28h]
+  __int64 v2753; // [rsp-BE10h] [rbp-BE20h]
+  int v2754; // [rsp-BDF0h] [rbp-BE00h]
+  __int64 v2755; // [rsp-BDE8h] [rbp-BDF8h]
+  int v2756; // [rsp-BDC8h] [rbp-BDD8h]
+  __int64 fileInformation_1; // [rsp-BDC0h] [rbp-BDD0h]
+  int v2758; // [rsp-BDA0h] [rbp-BDB0h]
+  signed __int64 processInformation_1; // [rsp-BD98h] [rbp-BDA8h]
+  char v2760; // [rsp-BD60h] [rbp-BD70h]
+  signed int moduleEntry; // [rsp-BD28h] [rbp-BD38h]
+  unsigned __int64 v2762; // [rsp-BD10h] [rbp-BD20h]
+  unsigned int v2763; // [rsp-BD08h] [rbp-BD18h]
+  int v2764; // [rsp-BCF8h] [rbp-BD08h]
+  int v2765; // [rsp-BCF4h] [rbp-BD04h]
+  int v2766; // [rsp-BCF0h] [rbp-BD00h]
+  int v2767; // [rsp-BCECh] [rbp-BCFCh]
+  __int64 windowText; // [rsp-BAE8h] [rbp-BAF8h]
+  unsigned int v2769; // [rsp-BA68h] [rbp-BA78h]
+  char v2770; // [rsp-BA60h] [rbp-BA70h]
+  unsigned int v2771; // [rsp-BA5Fh] [rbp-BA6Fh]
+  unsigned __int16 v2772; // [rsp-BA5Ah] [rbp-BA6Ah]
+  __int16 v2773; // [rsp-BA54h] [rbp-BA64h]
+  int v2774; // [rsp-BA4Eh] [rbp-BA5Eh]
+  __int64 v2775; // [rsp-B688h] [rbp-B698h]
+  __int64 processImageName_1; // [rsp-B588h] [rbp-B598h]
+  __int64 v2777; // [rsp-B488h] [rbp-B498h]
+  __int16 processImageName; // [rsp-B388h] [rbp-B398h]
+  __int64 context; // [rsp-B188h] [rbp-B198h]
+  int v2780; // [rsp-B158h] [rbp-B168h]
+  int v2781; // [rsp-B140h] [rbp-B150h]
+  __int64 v2782; // [rsp-B118h] [rbp-B128h]
+  unsigned __int16 HandleInformation; // [rsp-ACB8h] [rbp-ACC8h]
+  __int64 v2784; // [rsp-ACB0h] [rbp-ACC0h]
+  __int64 v2785; // [rsp-A8B8h] [rbp-A8C8h]
+  __int64 v2786; // [rsp-A6B8h] [rbp-A6C8h]
+  __int64 v2787; // [rsp-A4B8h] [rbp-A4C8h]
+  __int64 v2788; // [rsp-A2B8h] [rbp-A2C8h]
+  __int64 buffer; // [rsp-9C78h] [rbp-9C88h]
+  __int64 v2790; // [rsp-7C78h] [rbp-7C88h]
+  __int64 ReportDetection; // [rsp-6C50h] [rbp-6C60h]
+  __int64 (__fastcall *GetModuleHandleA)(__int64 *); // [rsp-6C48h] [rbp-6C58h]
+  __int64 (__fastcall *GetProcAddress)(__int64, char *); // [rsp-6C40h] [rbp-6C50h]
+  char v2794; // [rsp-6A74h] [rbp-6A84h]
+  char v2795; // [rsp-6A73h] [rbp-6A83h]
+  char v2796; // [rsp-6A72h] [rbp-6A82h]
+  char v2797; // [rsp-6050h] [rbp-6060h]
+  int v2798; // [rsp+18h] [rbp+8h]
+  __int64 v2799; // [rsp+20h] [rbp+10h]
+  __int64 v2800; // [rsp+28h] [rbp+18h]
+  __int64 v2801; // [rsp+30h] [rbp+20h]
+
+  v2801 = a4;
+  v2800 = a3;
+  v2799 = a2;
+  v2798 = a1;
+  v4 = alloca(sub_4D46D(0x6C88ui64));
+  str_kernel32 = 'K';
+  v38 = 'E';
+  v39 = 'R';
+  v40 = 'N';
+  v2794 = 'E';
+  v2795 = 'L';
+  v2796 = '3';
+  v146 = '2';
+  v147 = 46;
+  v148 = 'd';
+  v149 = 'l';
+  v150 = 'l';
+  v151 = 0;
+  hKernel32 = GetModuleHandleA(&str_kernel32dll);
+  str_closehandle = 'C';
+  v369 = 'l';
+  v370 = 'o';
+  v371 = 's';
+  v372 = 'e';
+  v373 = 'H';
+  v374 = 'a';
+  v375 = 'n';
+  v376 = 'd';
+  v377 = 'l';
+  v378 = 'e';
+  v379 = '\0';
+  CloseHandle = (void (__fastcall *)(__int64))GetProcAddress(hKernel32, &str_closehandle);
+  str_openprocesstoken = 'O';
+  v893 = 'p';
+  v894 = 'e';
+  v895 = 'n';
+  v896 = 'P';
+  v897 = 'r';
+  v898 = 'o';
+  v899 = 'c';
+  v900 = 'e';
+  v901 = 's';
+  v902 = 's';
+  v903 = 'T';
+  v904 = 'o';
+  v905 = 'k';
+  v906 = 'e';
+  v907 = 'n';
+  v908 = '\0';
+  OpenProcessToken = (unsigned int (__fastcall *)(signed __int64, signed __int64, __int64 *))GetProcAddress(
+                                                                                               hKernel32,
+                                                                                               &str_openprocesstoken);
+  if ( OpenProcessToken && OpenProcessToken(-1i64, 32i64, &tokenHandle) )
+  {
+    str_advapidll = 'a';
+    v164 = 'd';
+    v165 = 'v';
+    v166 = 'a';
+    v167 = 'p';
+    v168 = 'i';
+    v169 = '3';
+    v170 = '2';
+    v171 = '.';
+    v172 = 'd';
+    v173 = 'l';
+    v174 = 'l';
+    v175 = '\0';
+    str_lookupprivilegevaluea = 'L';
+    v1185 = 'o';
+    v1186 = 'o';
+    v1187 = 'k';
+    v1188 = 'u';
+    v1189 = 'p';
+    v1190 = 'P';
+    v1191 = 'r';
+    v1192 = 'i';
+    v1193 = 'v';
+    v1194 = 'i';
+    v1195 = 'l';
+    v1196 = 'e';
+    v1197 = 'g';
+    v1198 = 'e';
+    v1199 = 'V';
+    v1200 = 'a';
+    v1201 = 'l';
+    v1202 = 'u';
+    v1203 = 'e';
+    v1204 = 'A';
+    v1205 = '\0';
+    hAdvApi32 = GetModuleHandleA((__int64 *)&str_advapidll);
+    LookUpPrivilegeValue = (unsigned int (__fastcall *)(_QWORD, char *, __int64 *))GetProcAddress(
+                                                                                     hAdvApi32,
+                                                                                     &str_lookupprivilegevaluea);
+    if ( LookUpPrivilegeValue )
+    {
+      str_debugprivilege = 'S';
+      v876 = 'e';
+      v877 = 'D';
+      v878 = 'e';
+      v879 = 'b';
+      v880 = 'u';
+      v881 = 'g';
+      v882 = 'P';
+      v883 = 'r';
+      v884 = 'i';
+      v885 = 'v';
+      v886 = 'i';
+      v887 = 'l';
+      v888 = 'e';
+      v889 = 'g';
+      v890 = 'e';
+      v891 = '\0';
+      if ( LookUpPrivilegeValue(0i64, &str_debugprivilege, &privelegeValue) )
+      {
+        v2658 = 1;
+        v2659 = privelegeValue;
+        v2660 = 2;
+        v1206 = 'A';
+        v1207 = 'd';
+        v1208 = 'j';
+        v1209 = 'u';
+        v1210 = 's';
+        v1211 = 't';
+        v1212 = 'T';
+        v1213 = 'o';
+        v1214 = 'k';
+        v1215 = 'e';
+        v1216 = 'n';
+        v1217 = 'P';
+        v1218 = 'r';
+        v1219 = 'i';
+        v1220 = 'v';
+        v1221 = 'i';
+        v1222 = 'l';
+        v1223 = 'e';
+        v1224 = 'g';
+        v1225 = 'e';
+        v1226 = 's';
+        v1227 = '\0';
+        hAdvApi32_1 = GetModuleHandleA((__int64 *)&str_advapidll);
+        AdjustTokenPrivilege = (void (__fastcall *)(__int64, _QWORD, signed int *, _QWORD, _QWORD, _QWORD))GetProcAddress(hAdvApi32_1, &v1206);
+        if ( AdjustTokenPrivilege )
+          AdjustTokenPrivilege(tokenHandle, 0i64, &v2658, 0i64, 0i64, 0i64);
+      }
+    }
+    CloseHandle(tokenHandle);
+  }
+  str_ndlldll = 'n';
+  v271 = 't';
+  v272 = 'd';
+  v273 = 'l';
+  v274 = 'l';
+  v275 = '.';
+  v276 = 'd';
+  v277 = 'l';
+  v278 = 'l';
+  v279 = 0;
+  hNtDLL = GetModuleHandleA((__int64 *)&str_ndlldll);
+  str_ntqueryvirtualmemory = 'N';
+  v1143 = 't';
+  v1144 = 'Q';
+  v1145 = 'u';
+  v1146 = 'e';
+  v1147 = 'r';
+  v1148 = 'y';
+  v1149 = 'V';
+  v1150 = 'i';
+  v1151 = 'r';
+  v1152 = 't';
+  v1153 = 'u';
+  v1154 = 'a';
+  v1155 = 'l';
+  v1156 = 'M';
+  v1157 = 'e';
+  v1158 = 'm';
+  v1159 = 'o';
+  v1160 = 114;
+  v1161 = 'y';
+  v1162 = '\0';
+  NtQueryVirtualMemory = (signed int (__fastcall *)(signed __int64, unsigned __int64, _QWORD, __int64 *, signed __int64, __int64 *))GetProcAddress(hNtDLL, &str_ntqueryvirtualmemory);
+  str_ntprotectvirtualmemory = 'N';
+  v1229 = 't';
+  v1230 = 'P';
+  v1231 = 'r';
+  v1232 = 'o';
+  v1233 = 't';
+  v1234 = 'e';
+  v1235 = 'c';
+  v1236 = 't';
+  v1237 = 'V';
+  v1238 = 'i';
+  v1239 = 'r';
+  v1240 = 't';
+  v1241 = 'u';
+  v1242 = 'a';
+  v1243 = 'l';
+  v1244 = 'M';
+  v1245 = 'e';
+  v1246 = 'm';
+  v1247 = 'o';
+  v1248 = 'r';
+  v1249 = 'y';
+  v1250 = '\0';
+  NtProtectVirtualMemory = GetProcAddress(hNtDLL, &str_ntprotectvirtualmemory);
+  str_isbadreadptr = 'I';
+  v497 = 's';
+  v498 = 'B';
+  v499 = 'a';
+  v500 = 'd';
+  v501 = 'R';
+  v502 = 101;
+  v503 = 'a';
+  v504 = 'd';
+  v505 = 'P';
+  v506 = 't';
+  v507 = 'r';
+  v508 = '\0';
+  hKernel32_1 = GetModuleHandleA(&str_kernel32dll);
+  IsBadReadPtr = GetProcAddress(hKernel32_1, &str_isbadreadptr);
+  v2538 = ~IsBadReadPtr;
+  str_ntreadvirtualmemory = 'N';
+  v1021 = 't';
+  v1022 = 'R';
+  v1023 = 'e';
+  v1024 = 'a';
+  v1025 = 'd';
+  v1026 = 'V';
+  v1027 = 'i';
+  v1028 = 'r';
+  v1029 = 't';
+  v1030 = 'u';
+  v1031 = 'a';
+  v1032 = 'l';
+  v1033 = 'M';
+  v1034 = 'e';
+  v1035 = 'm';
+  v1036 = 'o';
+  v1037 = 'r';
+  v1038 = 'y';
+  v1039 = 0;
+  NtReadVirtualMemory = (signed int (__fastcall *)(signed __int64, unsigned __int64, __int64 *, signed __int64, _QWORD))GetProcAddress(hNtDLL, &str_ntreadvirtualmemory);
+  str_msvcrt = 'm';
+  str_msvcrt_1 = 's';
+  v114 = 'v';
+  v115 = 'c';
+  v116 = 'r';
+  v117 = 't';
+  v118 = '.';
+  v119 = 'd';
+  v120 = 'l';
+  v121 = 'l';
+  v122 = '\0';
+  str_memcpy = 'm';
+  v191 = 'e';
+  v192 = 'm';
+  v193 = 'c';
+  v194 = 'p';
+  v195 = 'y';
+  v196 = '\0';
+  hMSVCRT = GetModuleHandleA((__int64 *)&str_msvcrt);
+  memcpy = (void (__fastcall *)(__int64 *, unsigned __int64, signed __int64))GetProcAddress(hMSVCRT, &str_memcpy);
+  str_memcmp = 'm';
+  v184 = 'e';
+  v185 = 'm';
+  v186 = 'c';
+  v187 = 'm';
+  v188 = 'p';
+  v189 = 0;
+  hMSVCRT_1 = GetModuleHandleA((__int64 *)&str_msvcrt);
+  memcmp = (unsigned int (__fastcall *)(__int64 *, __int64 *, signed __int64))GetProcAddress(hMSVCRT_1, &str_memcmp);
+  str_getcurrentprocessid = 'G';
+  v1081 = 'e';
+  v1082 = 't';
+  v1083 = 'C';
+  v1084 = 'u';
+  v1085 = 'r';
+  v1086 = 'r';
+  v1087 = 'e';
+  v1088 = 'n';
+  v1089 = 't';
+  v1090 = 'P';
+  v1091 = 'r';
+  v1092 = 'o';
+  v1093 = 'c';
+  v1094 = 'e';
+  v1095 = 's';
+  v1096 = 's';
+  v1097 = 'I';
+  v1098 = 'd';
+  v1099 = '\0';
+  GetCurrentProcessId = (__int64 (*)(void))GetProcAddress(hKernel32, &str_getcurrentprocessid);
+  str_openprocess = 'O';
+  v381 = 'p';
+  v382 = 'e';
+  v383 = 'n';
+  v384 = 'P';
+  v385 = 'r';
+  v386 = 'o';
+  v387 = 'c';
+  v388 = 'e';
+  v389 = 's';
+  v390 = 's';
+  v391 = '\0';
+  OpenProcess = (__int64 (__fastcall *)(signed __int64, _QWORD, _QWORD))GetProcAddress(hKernel32, &str_openprocess);
+  hCurrentProcess = GetCurrentProcessId();
+  hCurrentProcessHandle = OpenProcess(1048i64, 0i64, hCurrentProcess);
+  str_sleep = 'S';
+  v158 = 'l';
+  v159 = 'e';
+  v160 = 'e';
+  v161 = 'p';
+  v162 = '\0';
+  Sleep = (void (__fastcall *)(signed __int64))GetProcAddress(hKernel32, &str_sleep);
+  v1759 = 1304;
+  v1760 = 18;
+  v1761 = 'o';
+  v1762 = 'j';
+  v1763 = 'e';
+  v1764 = 'c';
+  v1765 = 't';
+  v1766 = 's';
+  v1767 = '\\';
+  v1768 = 'P';
+  v1769 = 'U';
+  v1770 = 'B';
+  v1771 = 'G';
+  v1772 = 'C';
+  v1773 = 'h';
+  v1774 = 'i';
+  v1775 = 'n';
+  v1776 = 'e';
+  v1777 = 's';
+  v1778 = 'e';
+  memset(v1779, 0, 0xEui64);
+  v1780 = '\x05\x17';
+  v1781 = '\x1D';
+  v1782 = 'B';
+  v1783 = 'a';
+  v1784 = 't';
+  v1785 = 't';
+  v1786 = 'l';
+  v1787 = 'e';
+  v1788 = 'G';
+  v1789 = 'r';
+  v1790 = 'o';
+  v1791 = 'u';
+  v1792 = 'n';
+  v1793 = 'd';
+  v1794 = 's';
+  v1795 = 'P';
+  v1796 = 'r';
+  v1797 = 'i';
+  v1798 = 'v';
+  v1799 = 'a';
+  v1800 = 't';
+  v1801 = 'e';
+  v1802 = '_';
+  v1803 = 'C';
+  v1804 = 'h';
+  v1805 = 'e';
+  v1806 = 'a';
+  v1807 = 't';
+  v1808 = 'E';
+  v1809 = 'S';
+  v1810 = 'P';
+  memset(v1811, 0, sizeof(v1811));
+  v1812 = '\x05\x17';
+  v1813 = '\x16';
+  v1814 = '[';
+  v1815 = '\0';
+  v1816 = '%';
+  v1817 = '\0';
+  v1818 = '.';
+  v1819 = '\0';
+  v1820 = '0';
+  v1821 = '\0';
+  v1822 = 'f';
+  v1823 = '\0';
+  v1824 = 'm';
+  v1825 = '\0';
+  v1826 = ']';
+  v1827 = '\0';
+  v1828 = ' ';
+  v1829 = '\0';
+  v1830 = '%';
+  v1831 = '\0';
+  v1832 = 's';
+  v1833 = '\0';
+  v1834 = '\0';
+  v1835 = '\0';
+  memset(&v1836, 0, 0xAui64);
+  v1837 = 1342;
+  v1838 = 32;
+  v1839 = '\0';
+  v1840 = '\0';
+  v1841 = '\0';
+  v1842 = '\0';
+  v1843 = 'N';
+  v1844 = 'e';
+  v1845 = 'c';
+  v1846 = 'k';
+  v1847 = '\0';
+  v1848 = '\0';
+  v1849 = '\0';
+  v1850 = '\0';
+  v1851 = 'C';
+  v1852 = 'h';
+  v1853 = 'e';
+  v1854 = 's';
+  v1855 = 't';
+  v1856 = '\0';
+  v1857 = '\0';
+  v1858 = '\0';
+  v1859 = '\0';
+  v1860 = '\0';
+  v1861 = '\0';
+  v1862 = '\0';
+  v1863 = 'M';
+  v1864 = 'o';
+  v1865 = 'u';
+  v1866 = 's';
+  v1867 = 'e';
+  v1868 = ' ';
+  v1869 = '1';
+  v1870 = '\0';
+  v1871 = 1343;
+  v1872 = 15;
+  v1873 = 'P';
+  v1874 = 'l';
+  v1875 = 'a';
+  v1876 = 'y';
+  v1877 = 'e';
+  v1878 = 'r';
+  v1879 = 'E';
+  v1880 = 'S';
+  v1881 = 'P';
+  v1882 = 'C';
+  v1883 = 'o';
+  v1884 = 'l';
+  v1885 = 'o';
+  v1886 = 'r';
+  v1887 = '\0';
+  memset(&v1888, 0, 0x11ui64);
+  v1889 = 1344;
+  v1890 = 32;
+  v1891 = ' ';
+  v1892 = '\0';
+  v1893 = 'A';
+  v1894 = '\0';
+  v1895 = 'i';
+  v1896 = '\0';
+  v1897 = 'm';
+  v1898 = '\0';
+  v1899 = 'b';
+  v1900 = '\0';
+  v1901 = 'o';
+  v1902 = '\0';
+  v1903 = 't';
+  v1904 = '\0';
+  v1905 = ':';
+  v1906 = '\0';
+  v1907 = ' ';
+  v1908 = '\0';
+  v1909 = '%';
+  v1910 = '\0';
+  v1911 = 'd';
+  v1912 = '\0';
+  v1913 = '\0';
+  v1914 = '\0';
+  v1915 = '-';
+  v1916 = '\0';
+  v1917 = '>';
+  v1918 = '\0';
+  v1919 = ' ';
+  v1920 = '\0';
+  v1921 = 'A';
+  v1922 = '\0';
+  v1923 = 1334;
+  v1924 = 0xC;
+  v1925 = 'H';
+  v1926 = 'a';
+  v1927 = 'c';
+  v1928 = 'k';
+  v1929 = 'M';
+  v1930 = 'a';
+  v1931 = 'c';
+  v1932 = 'h';
+  v1933 = 'i';
+  v1934 = 'n';
+  v1935 = 'e';
+  v1936 = '\0';
+  memset(&v1937, 0, 0x14ui64);
+  v1938 = 1354;
+  v1939 = 16;
+  v1940 = 'V';
+  v1941 = 'i';
+  v1942 = 's';
+  v1943 = 'u';
+  v1944 = 'a';
+  v1945 = 'l';
+  v1946 = 'H';
+  v1947 = 'a';
+  v1948 = 'c';
+  v1949 = 'k';
+  v1950 = 's';
+  v1951 = '.';
+  v1952 = 'n';
+  v1953 = 'e';
+  v1954 = 't';
+  v1955 = '\0';
+  memset(&v1956, 0, 0x10ui64);
+  v1957 = 1360;
+  v1958 = 32;
+  v1959 = '>';
+  v1960 = '#';
+  v1961 = '/';
+  v1962 = 'e';
+  v1963 = '>';
+  v1964 = '1';
+  v1965 = '1';
+  v1966 = 'N';
+  v1967 = 'N';
+  v1968 = 'V';
+  v1969 = '=';
+  v1970 = 'B';
+  v1971 = 'v';
+  v1972 = '(';
+  v1973 = '*';
+  v1974 = ':';
+  v1975 = '.';
+  v1976 = 'F';
+  v1977 = '?';
+  v1978 = 117;
+  v1979 = 'u';
+  v1980 = '#';
+  v1981 = '(';
+  v1982 = 'g';
+  v1983 = 'R';
+  v1984 = 'U';
+  v1985 = '.';
+  v1986 = 'o';
+  v1987 = '0';
+  v1988 = 'X';
+  v1989 = 'G';
+  v1990 = 'H';
+  v1991 = 1359;
+  v1992 = 32;
+  v1993 = 'D';
+  v1994 = 'L';
+  v1995 = 'L';
+  v1996 = 'I';
+  v1997 = 'n';
+  v1998 = 'j';
+  v1999 = 'e';
+  v2000 = 'c';
+  v2001 = 't';
+  v2002 = 'i';
+  v2003 = 'o';
+  v2004 = 'n';
+  v2005 = '-';
+  v2006 = 'm';
+  v2007 = 'a';
+  v2008 = 's';
+  v2009 = 't';
+  v2010 = 'e';
+  v2011 = 'r';
+  v2012 = '\\';
+  v2013 = 'x';
+  v2014 = '6';
+  v2015 = '4';
+  v2016 = '\\';
+  v2017 = 'R';
+  v2018 = 'e';
+  v2019 = 'l';
+  v2020 = 'e';
+  v2021 = 'a';
+  v2022 = 's';
+  v2023 = 'e';
+  v2024 = '\\';
+  v2025 = 1362;
+  v2026 = 16;
+  v2027 = 'N';
+  v2028 = '\0';
+  v2029 = 'a';
+  v2030 = '\0';
+  v2031 = 'm';
+  v2032 = '\0';
+  v2033 = 'e';
+  v2034 = '\0';
+  v2035 = 'E';
+  v2036 = '\0';
+  v2037 = 'S';
+  v2038 = '\0';
+  v2039 = 'P';
+  v2040 = '\0';
+  v2041 = '\0';
+  v2042 = '\0';
+  memset(&v2043, 0, 0x10ui64);
+  v2044 = 1352;
+  v2045 = 20;
+  v2046 = 'S';
+  v2047 = '\0';
+  v2048 = 'k';
+  v2049 = '\0';
+  v2050 = 'u';
+  v2051 = '\0';
+  v2052 = 'l';
+  v2053 = '\0';
+  v2054 = 'l';
+  v2055 = '\0';
+  v2056 = 'h';
+  v2057 = '\0';
+  v2058 = 'a';
+  v2059 = '\0';
+  v2060 = 'c';
+  v2061 = '\0';
+  v2062 = 'k';
+  v2063 = '\0';
+  v2064 = '\0';
+  v2065 = '\0';
+  memset(&v2066, 0, 0xCui64);
+  v2067 = 1365;
+  v2068 = 14;
+  v2069 = '.';
+  v2070 = 'r';
+  v2071 = 'd';
+  v2072 = 'a';
+  v2073 = 't';
+  v2074 = 'a';
+  v2075 = '$';
+  v2076 = 'z';
+  v2077 = 'z';
+  v2078 = 'z';
+  v2079 = 'd';
+  v2080 = 'b';
+  v2081 = 'g';
+  v2082 = '\0';
+  memset(&v2083, 0, 0x12ui64);
+  v2084 = 1337;
+  v2085 = 14;
+  v2086 = 'A';
+  v2087 = 0;
+  v2088 = 'i';
+  v2089 = '\0';
+  v2090 = 'm';
+  v2091 = '\0';
+  v2092 = 'B';
+  v2093 = '\0';
+  v2094 = 'o';
+  v2095 = '\0';
+  v2096 = 't';
+  v2097 = '\0';
+  v2098 = '\0';
+  v2099 = '\0';
+  memset(&v2100, 0, 0x12ui64);
+  v2101 = 1337;
+  v2102 = 32;
+  v2103 = '�';
+  v2104 = 'I';
+  v2105 = 'A';
+  v2106 = '�';
+  v2107 = '<';
+  v2108 = '\x12';
+  v2109 = '?';
+  v2110 = 'u';
+  v2111 = '\x05';
+  v2112 = '�';
+  v2113 = '\x02';
+  v2114 = '?';
+  v2115 = '�';
+  v2116 = '8';
+  v2117 = '�';
+  v2118 = 'A';
+  v2119 = '�';
+  v2120 = '\x0F';
+  v2121 = '�';
+  v2122 = '�';
+  v2123 = '<';
+  v2124 = '\t';
+  v2125 = 'w';
+  v2126 = '\x05';
+  v2127 = '�';
+  v2128 = '�';
+  v2129 = '0';
+  v2130 = '�';
+  v2131 = '\x06';
+  v2132 = -125;
+  v2133 = '�';
+  v2134 = '�';
+  v2135 = 1375;
+  v2136 = 2;
+  v2137 = 'U';
+  v2138 = '�';
+  memset(v2139, 0, 0x1Eui64);
+  v2140 = 1375;
+  v2141 = 2;
+  v2142 = 'W';
+  v2143 = '�';
+  memset(v2144, 0, 0x1Eui64);
+  v2145 = 1375;
+  v2146 = 2;
+  v2147 = '`';
+  v2148 = '�';
+  memset(v2149, 0, 0x1Eui64);
+  v2150 = 1384;
+  v2151 = 25;
+  v2152 = 'D';
+  v2153 = '3';
+  v2154 = 'D';
+  v2155 = '1';
+  v2156 = '1';
+  v2157 = 'P';
+  v2158 = 'r';
+  v2159 = 'e';
+  v2160 = 's';
+  v2161 = 'e';
+  v2162 = 'n';
+  v2163 = 't';
+  v2164 = ' ';
+  v2165 = 'i';
+  v2166 = 'n';
+  v2167 = 'i';
+  v2168 = 't';
+  v2169 = 'i';
+  v2170 = 'a';
+  v2171 = 'l';
+  v2172 = 'i';
+  v2173 = 's';
+  v2174 = 'e';
+  v2175 = 'd';
+  v2176 = '\0';
+  memset(v2177, 0, sizeof(v2177));
+  v2178 = 1390;
+  v2179 = 10;
+  v2180 = '[';
+  v2181 = ' ';
+  v2182 = '%';
+  v2183 = '.';
+  v2184 = '0';
+  v2185 = 'f';
+  v2186 = 'M';
+  v2187 = ' ';
+  v2188 = ']';
+  v2189 = '\0';
+  memset(v2190, 0, 0x16ui64);
+  v2191 = 1396;
+  v2192 = 11;
+  v2193 = '[';
+  v2194 = 'h';
+  v2195 = 'p';
+  v2196 = ':';
+  v2197 = '%';
+  v2198 = 'd';
+  v2199 = ']';
+  v2200 = '%';
+  v2201 = 'd';
+  v2202 = 'm';
+  v2203 = '\0';
+  memset(v2204, 0, 0x15ui64);
+  v2205 = 1334;
+  v2206 = ' ';
+  v2207 = 'H';
+  v2208 = '�';
+  v2209 = 'd';
+  v2210 = '$';
+  v2211 = '8';
+  v2212 = '\0';
+  v2213 = 'H';
+  v2214 = '�';
+  v2215 = 'L';
+  v2216 = 36;
+  v2217 = 'X';
+  v2218 = 'H';
+  v2219 = '�';
+  v2220 = 'T';
+  v2221 = '$';
+  v2222 = 'P';
+  v2223 = 'L';
+  v2224 = '�';
+  v2225 = -56;
+  v2226 = 'H';
+  v2227 = '�';
+  v2228 = 'L';
+  v2229 = '$';
+  v2230 = '0';
+  v2231 = 'L';
+  v2232 = '�';
+  v2233 = '�';
+  v2234 = 'H';
+  v2235 = '�';
+  v2236 = 'L';
+  v2237 = '$';
+  v2238 = '`';
+  v2239 = '\x056';
+  v2240 = ' ';
+  v2241 = 't';
+  v2242 = 31;
+  v2243 = '�';
+  v2244 = '\b';
+  v2245 = '\0';
+  v2246 = '\0';
+  v2247 = '\0';
+  v2248 = '\xFF';
+  v2249 = '\x15';
+  v2250 = '`';
+  v2251 = '~';
+  v2252 = '\0';
+  v2253 = '\0';
+  v2254 = '�';
+  v2255 = -64;
+  v2256 = 'u';
+  v2257 = '\x10';
+  v2258 = '�';
+  v2259 = '\x0F';
+  v2260 = '\x10';
+  v2261 = '�';
+  v2262 = '�';
+  v2263 = '\x01';
+  v2264 = '\0';
+  v2265 = '\0';
+  v2266 = '�';
+  v2267 = '�';
+  v2268 = '�';
+  v2269 = '\x01';
+  v2270 = '\0';
+  v2271 = 0;
+  v2272 = '�';
+  v2273 = '\x056';
+  v2274 = 32;
+  v2275 = '@';
+  v2276 = '�';
+  v2277 = '�';
+  v2278 = '\x15';
+  v2279 = 111;
+  v2280 = '\b';
+  v2281 = '�';
+  v2282 = '�';
+  v2283 = 'N';
+  v2284 = '�';
+  v2285 = '�';
+  v2286 = 'H';
+  v2287 = '�';
+  v2288 = '5';
+  v2289 = -45;
+  v2290 = 'O';
+  v2291 = '�';
+  v2292 = 'P';
+  v2293 = 'O';
+  v2294 = 'S';
+  v2295 = 73;
+  v2296 = 'T';
+  v2297 = 'I';
+  v2298 = 'O';
+  v2299 = 'N';
+  v2300 = '\0';
+  v2301 = '\0';
+  v2302 = 0;
+  v2303 = '\0';
+  v2304 = 'C';
+  v2305 = 'O';
+  v2306 = 76;
+  v2307 = '\x05z';
+  v2308 = '\x03';
+  v2309 = '\xFF';
+  v2310 = '�';
+  v2311 = '�';
+  memset(v2312, 0, 0x1Dui64);
+  v2313 = 1401;
+  v2314 = 32;
+  v2315 = '%';
+  v2316 = 's';
+  v2317 = '\0';
+  v2318 = '\0';
+  v2319 = '%';
+  v2320 = 'd';
+  v2321 = '\0';
+  v2322 = '\0';
+  v2323 = 'P';
+  v2324 = 'O';
+  v2325 = 'S';
+  v2326 = 'I';
+  v2327 = 'T';
+  v2328 = 'I';
+  v2329 = 'O';
+  v2330 = 'N';
+  v2331 = '\0';
+  v2332 = '\0';
+  v2333 = '\0';
+  v2334 = '\0';
+  v2335 = 'C';
+  v2336 = 'O';
+  v2337 = 'L';
+  v2338 = 'O';
+  v2339 = 'R';
+  v2340 = '\0';
+  v2341 = '\0';
+  v2342 = '\0';
+  v2343 = '\0';
+  v2344 = '\0';
+  v2345 = '\0';
+  v2346 = '\0';
+  v2347 = 1334;
+  v2348 = 32;
+  v2349 = '�';
+  v2350 = '�';
+  v2351 = 'v';
+  v2352 = ']';
+  v2353 = '�';
+  v2354 = '�';
+  v2355 = 'E';
+  v2356 = '.';
+  v2357 = 'u';
+  v2358 = '�';
+  v2359 = '\x12';
+  v2360 = -76;
+  v2361 = '�';
+  v2362 = '�';
+  v2363 = 'H';
+  v2364 = 'r';
+  v2365 = '\x11';
+  v2366 = 'm';
+  v2367 = '�';
+  v2368 = 'H';
+  v2369 = '�';
+  v2370 = '�';
+  v2371 = '�';
+  v2372 = '�';
+  v2373 = 'H';
+  v2374 = '�';
+  v2375 = 'g';
+  v2376 = 'k';
+  v2377 = '�';
+  v2378 = 'H';
+  v2379 = '�';
+  v2380 = ',';
+  v2381 = '\x05�';
+  v2382 = ' ';
+  v2383 = '\n';
+  v2384 = '<';
+  v2385 = 'a';
+  v2386 = 's';
+  v2387 = 's';
+  v2388 = 'e';
+  v2389 = 'm';
+  v2390 = 'b';
+  v2391 = 'l';
+  v2392 = 'y';
+  v2393 = ' ';
+  v2394 = 'x';
+  v2395 = 'm';
+  v2396 = 'l';
+  v2397 = 'n';
+  v2398 = 's';
+  v2399 = '=';
+  v2400 = '\'';
+  v2401 = 'u';
+  v2402 = 'r';
+  v2403 = 'n';
+  v2404 = ':';
+  v2405 = 's';
+  v2406 = 'c';
+  v2407 = 'h';
+  v2408 = 'e';
+  v2409 = 'm';
+  v2410 = 'a';
+  v2411 = 's';
+  v2412 = '-';
+  v2413 = 'm';
+  v2414 = 'i';
+  for ( BaseAddress = 0i64;
+        NtQueryVirtualMemory(-1i64, BaseAddress, 0i64, (__int64 *)&MemoryInformation, 48i64, &returnLength) >= 0;
+        BaseAddress = v85 + MemoryInformation )
+  {
+    if ( v86 == 4096
+      && (v87 == 16 || v87 == 32 || v87 == 64)
+      && (MemoryInformation > (unsigned __int64)sub_42119 || v85 + MemoryInformation <= (unsigned __int64)sub_42119)
+      && (v87 != 64 || v85 != 110592) )
+    {
+      if ( v88 == 0x20000 || v88 == 0x40000 )
+      {
+        if ( (v56 = 0, v85 >= 0x11000)
+          || v85 >= 0x4000
+          && (MemoryInformation & 0xFF0000000000i64) != 0x7F0000000000i64
+          && (MemoryInformation & 0xFFF000000000i64) != 0x7F000000000i64
+          && v85 != 0x10000
+          && (MemoryInformation & 0xFFFFF0000000i64) != 0x70000000
+          && (MemoryInformation != 0x3E0000 || v85 != 0xF000)
+          && (MemoryInformation != 0x3F0000 || v85 != 0x4000)
+          || v56 )
+        {
+          v2723 = 0;
+          if ( v56 )
+            v1661 = 52;
+          else
+            v1661 = 47;
+          v2724 = v1661;
+          v2725 = MemoryInformation;
+          v2726 = v85;
+          v2727 = v88 | v87 | v86;
+          if ( v56 )
+          {
+            v2728 = v1717;
+            v2729 = v1717[510];
+            v2730 = v1717[511];
+            v2731 = v1717[512];
+            v2732 = v1717[513];
+          }
+          if ( v56 )
+            v2559 = 58i64;
+          else
+            v2559 = 18i64;
+          ((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2723, (unsigned int)v2559, 0i64);
+        }
+      }
+      str_user32dll_1 = 'u';
+      v334 = 's';
+      v335 = 'e';
+      v336 = 'r';
+      v337 = '3';
+      v338 = '2';
+      v339 = '.';
+      v340 = 'd';
+      v341 = 'l';
+      v342 = 'l';
+      v343 = 0;
+      hUser32 = GetModuleHandleA((__int64 *)&str_user32dll_1);
+      v83 = v84 == hUser32;
+      v62 = v84 == hUser32;
+      if ( v88 == 0x20000 || v62 )
+      {
+        for ( i = BaseAddress; i != v85 + MemoryInformation; i += 4096i64 )
+        {
+          if ( NtReadVirtualMemory(-1i64, i, &buffer, 4096i64, 0i64) >= 0 )
+          {
+            for ( j = 0; (unsigned __int64)j < 0x1C; ++j )
+            {
+              if ( *(&v1759 + 20 * j) != 0x57A || v62 )
+              {
+                for ( k = 0; (unsigned int)(*(&v1760 + 10 * j) + k) <= 0x1000ui64; ++k )
+                {
+                  if ( (char *)(k + i) != &v1761 + 40 * j )
+                  {
+                    for ( l = 0;
+                          l < *(&v1760 + 10 * j)
+                       && *((unsigned __int8 *)&buffer + (signed int)(l + k)) == *((unsigned __int8 *)&v1759
+                                                                                 + 40 * j
+                                                                                 + (signed int)l
+                                                                                 + 8);
+                          ++l )
+                    {
+                      ;
+                    }
+                    if ( l == *(&v1760 + 10 * j)
+                      && (*(&v1759 + 20 * j) != 1365 || *(_WORD *)((char *)&buffer + k + 215) == 16725)
+                      && (*(&v1759 + 20 * j) != 1375
+                       || *(_DWORD *)(i + (signed int)(l + k)) < 0x2000u
+                       && *(_WORD *)((signed int)(l + k) + i + *(unsigned int *)(i + (signed int)(l + k)) + 4) == 21569
+                       || *(_DWORD *)(i + (signed int)(l + k)) < 0x2000u
+                       && *(unsigned __int16 *)((signed int)(l + k) + i + *(unsigned int *)(i + (signed int)(l + k)) + 4) == 33096
+                       || *((_BYTE *)&v1759 + 40 * j + 8) == 96
+                       && *(_DWORD *)(i + (signed int)(l + k)) < 0x2000u
+                       && *(unsigned __int8 *)((signed int)(l + k) + i + *(unsigned int *)(i + (signed int)(l + k)) + 4) == 161)
+                      && (*(&v1759 + 20 * j) != 1402 || *(unsigned __int16 *)((char *)&buffer + k - 10) == 47176) )
+                    {
+                      v2640 = 0;
+                      v2641 = 53;
+                      v2642 = *(&v1759 + 20 * j);
+                      v2643 = k + i;
+                      v2644 = MemoryInformation;
+                      v2645 = v85;
+                      v2646 = v88 | v87 | v86;
+                      ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2640, 28i64, 0i64);
+                      if ( v62 )
+                        goto LABEL_74;
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+LABEL_74:
+    if ( v86 == 4096 && (v87 == 16 || v87 == 32 || v87 == 64) )
+    {
+      v260 = 'm';
+      v261 = 'm';
+      v262 = 'r';
+      v263 = 'e';
+      v264 = 's';
+      v265 = '.';
+      v266 = 'd';
+      v267 = 'l';
+      v268 = 'l';
+      v269 = '\0';
+      hMMRes = GetModuleHandleA((__int64 *)&v260);
+      if ( hMMRes && hMMRes == v84 )
+      {
+        v1730 = 0;
+        v1731 = 'H';
+        v1732 = '\x05�';
+        v1733 = v85;
+        ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1730, 8i64, 0i64);
+      }
+      else if ( v87 == 64 )
+      {
+        v300 = 'm';
+        v301 = 's';
+        v302 = 'h';
+        v303 = 't';
+        v304 = 'm';
+        v305 = 'l';
+        v306 = '.';
+        v307 = 'd';
+        v308 = 'l';
+        v309 = 'l';
+        v310 = 0;
+        hMsHtml = GetModuleHandleA((__int64 *)&v300);
+        if ( hMsHtml )
+        {
+          if ( hMsHtml == v84 )
+          {
+            v1734 = 0;
+            v1735 = 72;
+            v1736 = 1467;
+            v1737 = v85;
+            ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1734, 8i64, 0i64);
+          }
+        }
+      }
+    }
+    v2425 = -1;
+    if ( MemoryInformation == BaseAddress )
+    {
+      if ( v86 == 4096 && v87 == 4 && v88 == 0x20000 )
+      {
+        v2560 = 1i64;
+        JUMPOUT(unk_44DDF);
+      }
+    }
+    else
+    {
+      v2425 = -2;
+    }
+    if ( v86 != 4096 || v88 != 0x20000 && v88 != 0x1000000 || v87 & 0x100 )
+    {
+      if ( v86 == 4096 && (v87 == 1 || !v87) || v86 == 0x10000 || v86 == 0x2000 )
+      {
+        if ( v86 != 4096 || v87 )
+        {
+          for ( Address = BaseAddress;
+                Address < v85 + MemoryInformation && Address < MemoryInformation + 0x1000000;
+                Address += 0x10000i64 )
+          {
+            if ( !((unsigned int (__fastcall *)(unsigned __int64, signed __int64))IsBadReadPtr)(Address, 1i64)
+              && NtQueryVirtualMemory(-1i64, Address, 0i64, &v2713, 48i64, &returnLength) >= 0
+              && v2714 == v86
+              && (v2714 != 4096 || v2715 == v87)
+              && !((unsigned int (__fastcall *)(unsigned __int64, signed __int64))IsBadReadPtr)(Address, 1i64) )
+            {
+              qmemcpy(&MemoryInformation, &v2713, 0x30ui64);
+              v2425 = 0;
+              break;
+            }
+            if ( !((unsigned int (__fastcall *)(unsigned __int64, signed __int64))~v2538)(Address, 1i64)
+              && NtQueryVirtualMemory(-1i64, Address, 0i64, &v2713, 48i64, &returnLength) >= 0
+              && v2714 == v86
+              && (v2714 != 4096 || v2715 == v87)
+              && !((unsigned int (__fastcall *)(unsigned __int64, signed __int64))~v2538)(Address, 1i64) )
+            {
+              qmemcpy(&MemoryInformation, &v2713, 0x30ui64);
+              v2425 = 0;
+              break;
+            }
+          }
+        }
+        else
+        {
+          v2425 = 0;
+        }
+      }
+    }
+    else
+    {
+      v1658 = 0;
+      while ( v1658 < 2 && BaseAddress != v85 + MemoryInformation )
+      {
+        v2739 = 4096i64;
+        if ( v87 != 1 )
+        {
+          if ( NtReadVirtualMemory(-1i64, BaseAddress, &v2661, 16i64, 0i64) < 0
+            || ((unsigned int (__fastcall *)(unsigned __int64, signed __int64))IsBadReadPtr)(BaseAddress, 16i64) )
+          {
+            if ( NtQueryVirtualMemory(-1i64, BaseAddress, 0i64, &v2748, 48i64, &returnLength) >= 0
+              && v2749 == v86
+              && v2750 == v87 )
+            {
+              v2425 = 2;
+            }
+          }
+          else
+          {
+            memcpy(&v2547, BaseAddress, 16i64);
+            if ( memcmp(&v2661, &v2547, 16i64)
+              && !((unsigned int (__fastcall *)(unsigned __int64, signed __int64))IsBadReadPtr)(BaseAddress, 16i64)
+              && !memcmp(&v2547, (__int64 *)BaseAddress, 16i64)
+              && NtReadVirtualMemory(-1i64, BaseAddress, &v2661, 16i64, 0i64) >= 0
+              && memcmp(&v2661, &v2547, 16i64)
+              && !((unsigned int (__fastcall *)(unsigned __int64, signed __int64))IsBadReadPtr)(BaseAddress, 16i64)
+              && !memcmp(&v2547, (__int64 *)BaseAddress, 16i64) )
+            {
+              v2425 = 1;
+              memcpy((__int64 *)v2429, (unsigned __int64)&v2547, 16i64);
+            }
+          }
+        }
+        ++v1658;
+        BaseAddress += 4096i64;
+      }
+    }
+    if ( v2425 != 255 )
+    {
+      v2423 = 0;
+      v2424 = 33;
+      v2426 = MemoryInformation;
+      v2427 = v85;
+      v2428 = v88 | v87 | v86;
+      ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2423, 35i64, 0i64);
+    }
+    if ( v86 == 4096
+      && v88 == 0x1000000
+      && MemoryInformation == v84
+      && NtReadVirtualMemory(-1i64, MemoryInformation + 60, (__int64 *)&v2539, 4i64, 0i64) >= 0
+      && NtReadVirtualMemory(-1i64, MemoryInformation + v2539 + 8, &currentProcessId_1, 4i64, 0i64) >= 0
+      && ((_DWORD)currentProcessId_1 == 1527957760
+       && (NtReadVirtualMemory(-1i64, MemoryInformation + 0x1000, &buffer_1, 16i64, 0i64) >= 0 && !(_DWORD)buffer_1
+        || NtReadVirtualMemory(-1i64, MemoryInformation + 0x501000, &buffer_1, 16i64, 0i64) >= 0
+        && (_DWORD)buffer_1 != 55830784)
+       || (_DWORD)currentProcessId_1 == 1511525429
+       && NtReadVirtualMemory(-1i64, MemoryInformation + 0x1000, &buffer_1, 16i64, 0i64) >= 0
+       && (_DWORD)buffer_1
+       || (_DWORD)currentProcessId_1 == -56913115
+       && NtReadVirtualMemory(-1i64, MemoryInformation + 0x6D3000, &buffer_1, 16i64, 0i64) >= 0
+       && (_DWORD)buffer_1) )
+    {
+      v2586 = 0;
+      v2587 = 70;
+      v2588 = 1;
+      v2589 = buffer_1;
+      v2590 = v1755;
+      ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2586, 19i64, 0i64);
+    }
+  }
+  v2555 = ~v2538;
+  v1663 = NtQueryVirtualMemory(-1i64, ~v2538, 0i64, (__int64 *)&MemoryInformation, 48i64, &returnLength) < 0;
+  v57 = v1663;
+  if ( (_BYTE)v1663 || v86 != 4096 || v88 != 0x1000000 && v88 != 0x40000 )
+  {
+    v2626 = 0;
+    v2627 = 53;
+    v2628 = 1449;
+    v2629 = v2555;
+    if ( v57 )
+      v2554 = 0i64;
+    else
+      v2554 = MemoryInformation;
+    v2630 = v2554;
+    if ( v57 )
+      v2546 = 0i64;
+    else
+      v2546 = v85;
+    v2631 = v2546;
+    if ( v57 )
+      v1664 = 0;
+    else
+      v1664 = v88 | v87 | v86;
+    v2632 = v1664;
+    ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2626, 28i64, 0i64);
+  }
+  str_malloc = 'm';
+  v177 = 'a';
+  v178 = 'l';
+  v179 = 'l';
+  v180 = 'o';
+  v181 = 'c';
+  v182 = '\0';
+  hMSVCRT_2 = GetModuleHandleA((__int64 *)&str_msvcrt);
+  malloc = (__int64 (__fastcall *)(signed __int64))GetProcAddress(hMSVCRT_2, &str_malloc);
+  str_realloc = 'r';
+  v199 = 'e';
+  v200 = 'a';
+  v201 = 'l';
+  v202 = 'l';
+  v203 = 'o';
+  v204 = 'c';
+  v205 = '\0';
+  hMSVCRT_3 = GetModuleHandleA((__int64 *)&str_msvcrt);
+  realloc = (__int64 (__fastcall *)(unsigned int *, _QWORD))GetProcAddress(hMSVCRT_3, &str_realloc);
+  str_free = 'f';
+  v153 = 'r';
+  v154 = 'e';
+  v155 = 'e';
+  v156 = '\0';
+  hMSVCRT_4 = GetModuleHandleA((__int64 *)&str_msvcrt);
+  free = (void (__fastcall *)(unsigned int *))GetProcAddress(hMSVCRT_4, &str_free);
+  str_ntquerysysteminformation = 'N';
+  v1252 = 't';
+  v1253 = 'Q';
+  v1254 = 'u';
+  v1255 = 'e';
+  v1256 = 'r';
+  v1257 = 'y';
+  v1258 = 'S';
+  v1259 = 'y';
+  v1260 = 's';
+  v1261 = 't';
+  v1262 = 'e';
+  v1263 = 'm';
+  v1264 = 'I';
+  v1265 = 'n';
+  v1266 = 'f';
+  v1267 = 'o';
+  v1268 = 'r';
+  v1269 = 'm';
+  v1270 = 'a';
+  v1271 = 't';
+  v1272 = 'i';
+  v1273 = 'o';
+  v1274 = 'n';
+  v1275 = '\0';
+  NtQuerySystemInformation = (__int64 (__fastcall *)(signed __int64, unsigned int *, signed __int64, unsigned int *))GetProcAddress(hNtDLL, &str_ntquerysysteminformation);
+  str_user32dll = 'U';
+  str_user32dll_2 = 'S';
+  v99 = 'E';
+  v100 = 'R';
+  v101 = '3';
+  v102 = '2';
+  v103 = '.';
+  v104 = 'd';
+  v105 = 'l';
+  v106 = 'l';
+  v107 = '\0';
+  str_gettopwindow = 'G';
+  v510 = 'e';
+  v511 = 't';
+  v512 = 'T';
+  v513 = 'o';
+  v514 = 'p';
+  v515 = 'W';
+  v516 = 'i';
+  v517 = 'n';
+  v518 = 'd';
+  v519 = 'o';
+  v520 = 'w';
+  v521 = '\0';
+  hUser32_1 = GetModuleHandleA((__int64 *)&str_user32dll);
+  GetTopWindow = (__int64 (__fastcall *)(_QWORD))GetProcAddress(hUser32_1, &str_gettopwindow);
+  str_getwindow = 'G';
+  v251 = 'e';
+  v252 = 't';
+  v253 = 'W';
+  v254 = 'i';
+  v255 = 'n';
+  v256 = 'd';
+  v257 = 'o';
+  v258 = 'w';
+  v259 = '\0';
+  hUser32_2 = GetModuleHandleA((__int64 *)&str_user32dll);
+  GetWindow = (__int64 (__fastcall *)(__int64, signed __int64))GetProcAddress(hUser32_2, &str_getwindow);
+  str_getwindowthreadprocessid = 'G';
+  v1277 = 'e';
+  v1278 = 't';
+  v1279 = 'W';
+  v1280 = 'i';
+  v1281 = 'n';
+  v1282 = 'd';
+  v1283 = 'o';
+  v1284 = 'w';
+  v1285 = 'T';
+  v1286 = 'h';
+  v1287 = 'r';
+  v1288 = 'e';
+  v1289 = 'a';
+  v1290 = 'd';
+  v1291 = 'P';
+  v1292 = 'r';
+  v1293 = 'o';
+  v1294 = 'c';
+  v1295 = 'e';
+  v1296 = 's';
+  v1297 = 's';
+  v1298 = 'I';
+  v1299 = 'd';
+  v1300 = '\0';
+  hUser32_3 = GetModuleHandleA((__int64 *)&str_user32dll);
+  GetWindowThreadProcessId = (void (__fastcall *)(__int64, char *))GetProcAddress(
+                                                                     hUser32_3,
+                                                                     &str_getwindowthreadprocessid);
+  str_getwindowlong = 'G';
+  v747 = 'e';
+  v748 = 't';
+  v749 = 'W';
+  v750 = 'i';
+  v751 = 'n';
+  v752 = 'd';
+  v753 = 'o';
+  v754 = 'w';
+  v755 = 'L';
+  v756 = 'o';
+  v757 = 'n';
+  v758 = 'g';
+  v759 = 'A';
+  v760 = '\0';
+  hUser32_4 = GetModuleHandleA((__int64 *)&str_user32dll);
+  GetWindowLongA = (__int64 (__fastcall *)(__int64, signed __int64))GetProcAddress(hUser32_4, &str_getwindowlong);
+  CloseHandle(hCurrentProcessHandle);
+  currentProcessId = GetCurrentProcessId();
+  hCurrentProcessHandle = OpenProcess(2035711i64, 0i64, currentProcessId);
+  str_getwindowtexta = 'G';
+  v702 = 'e';
+  v703 = 't';
+  v704 = 'W';
+  v705 = 'i';
+  v706 = 'n';
+  v707 = 'd';
+  v708 = 'o';
+  v709 = 'w';
+  v710 = 'T';
+  v711 = 'e';
+  v712 = 'x';
+  v713 = 't';
+  v714 = 'A';
+  v715 = '\0';
+  hUser32_5 = GetModuleHandleA((__int64 *)&str_user32dll);
+  GetWindowTextA = (__int64 (__fastcall *)(__int64, char *, signed __int64))GetProcAddress(
+                                                                              hUser32_5,
+                                                                              &str_getwindowtexta);
+  str_getwindowtextw = 'G';
+  v732 = 'e';
+  v733 = 't';
+  v734 = 'W';
+  v735 = 'i';
+  v736 = 'n';
+  v737 = 'd';
+  v738 = 'o';
+  v739 = 'w';
+  v740 = 'T';
+  v741 = 'e';
+  v742 = 'x';
+  v743 = 't';
+  v744 = 'W';
+  v745 = '\0';
+  hUser32_6 = GetModuleHandleA((__int64 *)&str_user32dll);
+  GetWindowTextW = (__int64 (__fastcall *)(__int64, __int64 *, signed __int64))GetProcAddress(
+                                                                                 hUser32_6,
+                                                                                 &str_getwindowtextw);
+  str_getclassnamew = 'G';
+  v617 = 'e';
+  v618 = 't';
+  v619 = 'C';
+  v620 = 'l';
+  v621 = 'a';
+  v622 = 's';
+  v623 = 's';
+  v624 = 'N';
+  v625 = 'a';
+  v626 = 'm';
+  v627 = 'e';
+  v628 = 'W';
+  v629 = '\0';
+  hUser32_7 = GetModuleHandleA((__int64 *)&str_user32dll);
+  GetClassNameW = (__int64 (__fastcall *)(__int64, __int64 *, signed __int64))GetProcAddress(
+                                                                                hUser32_7,
+                                                                                &str_getclassnamew);
+  str_getwindowrect = 'G';
+  v589 = 'e';
+  v590 = 't';
+  v591 = 'W';
+  v592 = 'i';
+  v593 = 'n';
+  v594 = 'd';
+  v595 = 'o';
+  v596 = 'w';
+  v597 = 'R';
+  v598 = 'e';
+  v599 = 'c';
+  v600 = 't';
+  v601 = '\0';
+  hUser32_8 = GetModuleHandleA((__int64 *)&str_user32dll);
+  GetWindowRect = (void (__fastcall *)(__int64, __int64))GetProcAddress(hUser32_8, &str_getwindowrect);
+  str_queryfullprocessimagename = 'Q';
+  v1353 = 'u';
+  v1354 = 'e';
+  v1355 = 'r';
+  v1356 = 'y';
+  v1357 = 'F';
+  v1358 = 'u';
+  v1359 = 'l';
+  v1360 = 'l';
+  v1361 = 'P';
+  v1362 = 'r';
+  v1363 = 'o';
+  v1364 = 'c';
+  v1365 = 'e';
+  v1366 = 's';
+  v1367 = 's';
+  v1368 = 'I';
+  v1369 = 'm';
+  v1370 = 'a';
+  v1371 = 'g';
+  v1372 = 'e';
+  v1373 = 'N';
+  v1374 = 'a';
+  v1375 = 'm';
+  v1376 = 'e';
+  v1377 = 'W';
+  v1378 = '\0';
+  hKernel32_2 = GetModuleHandleA(&str_kernel32dll);
+  QueryFullProcessImageName = (unsigned int (__fastcall *)(__int64, _QWORD, __int64 *, unsigned int *))GetProcAddress(hKernel32_2, &str_queryfullprocessimagename);
+  str_widechartomultibyte = 'W';
+  v1041 = 'i';
+  v1042 = 'd';
+  v1043 = 'e';
+  v1044 = 'C';
+  v1045 = 'h';
+  v1046 = 'a';
+  v1047 = 'r';
+  v1048 = 'T';
+  v1049 = 'o';
+  v1050 = 'M';
+  v1051 = 'u';
+  v1052 = 'l';
+  v1053 = 't';
+  v1054 = 'i';
+  v1055 = 'B';
+  v1056 = 'y';
+  v1057 = 't';
+  v1058 = 'e';
+  v1059 = '\0';
+  WideCharToMultiByte = (__int64 (__fastcall *)(signed __int64, _QWORD, __int64 *, _QWORD, __int64, _QWORD, _QWORD, _QWORD))GetProcAddress(hKernel32, &str_widechartomultibyte);
+  str_getfileattributesexa = 'G';
+  v1122 = 'e';
+  v1123 = 't';
+  v1124 = 'F';
+  v1125 = 'i';
+  v1126 = 'l';
+  v1127 = 'e';
+  v1128 = 'A';
+  v1129 = 't';
+  v1130 = 't';
+  v1131 = 'r';
+  v1132 = 'i';
+  v1133 = 'b';
+  v1134 = 'u';
+  v1135 = 't';
+  v1136 = 'e';
+  v1137 = 's';
+  v1138 = 'E';
+  v1139 = 'x';
+  v1140 = 'A';
+  v1141 = '\0';
+  GetFileAttributesExA = (unsigned int (__fastcall *)(char *, _QWORD, __int64 *))GetProcAddress(
+                                                                                   hKernel32,
+                                                                                   &str_getfileattributesexa);
+  str_getfileattributesexw = 'G';
+  v1101 = 'e';
+  v1102 = 't';
+  v1103 = 'F';
+  v1104 = 'i';
+  v1105 = 'l';
+  v1106 = 'e';
+  v1107 = 'A';
+  v1108 = 't';
+  v1109 = 't';
+  v1110 = 'r';
+  v1111 = 'i';
+  v1112 = 'b';
+  v1113 = 'u';
+  v1114 = 't';
+  v1115 = 'e';
+  v1116 = 's';
+  v1117 = 'E';
+  v1118 = 'x';
+  v1119 = 'W';
+  v1120 = '\0';
+  GetFileAttributesExW = (unsigned int (__fastcall *)(__int64 *, _QWORD, __int64 *))GetProcAddress(
+                                                                                      hKernel32,
+                                                                                      &str_getfileattributesexw);
+  pAllocatedBuffer = malloc(0x5000i64);
+  *(_BYTE *)pAllocatedBuffer = 0;
+  *(_BYTE *)(pAllocatedBuffer + 1) = 60;
+  v46 = 4;
+  v144 = 0;
+  hWindow = GetTopWindow(0i64);
+  if ( hWindow )
+  {
+    do
+    {
+      v2745 = 0;
+      v108 = -1;
+      GetWindowThreadProcessId(hWindow, (char *)&currentProcessId_1 + 4);
+      if ( HIDWORD(currentProcessId_1) != (unsigned int)GetCurrentProcessId() )
+      {
+        v108 = GetWindowTextA(hWindow, (char *)&v2745 + 2, 128i64);
+        for ( m = 0; m < v108 - 5; ++m )
+        {
+          if ( *(int *)((char *)&v2745 + m + 2) == 'aehC' && *(_DWORD *)((char *)&v2747 + m) == 'tuAt'
+            || *(int *)((char *)&v2745 + m + 2) == 'gbup' && *(_DWORD *)&v2746[m] == 'kh_g'
+            || *(int *)((char *)&v2745 + m + 2) == 'lnoc' && *(__int16 *)((char *)&v2747 + m) == '- '
+            || *(int *)((char *)&v2745 + m + 2) == 'freP' && *(_DWORD *)((char *)&v2747 + m) == 'Atce'
+            || *(int *)((char *)&v2745 + m + 2) == 'WMIA' && *(__int16 *)((char *)&v2747 + m) == 'RA'
+            || *(int *)((char *)&v2745 + m + 2) == 'GBUP' && *(_DWORD *)((char *)&v2747 + m) == 'MIA '
+            || *(int *)((char *)&v2745 + m + 2) == 'epyH' && *(_DWORD *)((char *)&v2747 + m) == 'ehCr' )
+          {
+            LOWORD(v2745) = 13056;
+            ((void (__fastcall *)(int *, _QWORD, _QWORD))ReportDetection)(&v2745, (unsigned int)(v108 + 2), 0i64);
+            break;
+          }
+        }
+      }
+      ++v144;
+      windowLong = GetWindowLongA(hWindow, 0xFFFFFFF0i64);
+      if ( windowLong & 0x10000000 )            // Is Visible
+                                                // 
+      {
+        if ( (v63 = 0, windowStyle = GetWindowLongA(hWindow, 0xFFFFFFECi64), (unsigned int)&unk_80000 & windowStyle)
+          && windowStyle & 8
+          || (style = windowStyle | windowLong, (windowStyle | windowLong) == 349110528)
+          || style == 0x34CF0100
+          || style == 0x14EF0310
+          || style == 0x34EF0310
+          || style == 0x14EF0110
+          || style == 0x34EF0110
+          || style == 0x17090020
+          || style == 0x17090000
+          || style == 0x16090020
+          || style == 0x94080020
+          || style == 0x94080080
+          || style == 0x9C080080
+          || style == 0x16CF0100 && *(int *)((char *)&v2745 + 2) == 1852399949 && *(_DWORD *)&v2747 == 1684957527
+          || style == 0x17CF0100 && !v108
+          || (style & 0xFFFFF) == 763808
+          || (style & 0xFFFFF) == 525091
+          || (style & 0xFFFFF) == 592421
+          || (style & 0xFFFFF) == 592485
+          || style == 0x160A0080
+          || style == 0x16CA0008
+          || (style & 0xFFFFF) == 917889
+          || (style & 0xFFFFF) == 917632
+          || style == -703987584
+          || style == -704118527
+          || style == 369950752
+          || style == -1811414880
+          || style == 382664961
+          || style == 919535873
+          || style == 369950720
+          || style == -1811415040
+          || style == -1811939328 && !v108
+          || style == 381812992
+          || style == 382206208
+          || style == 369623168
+          || style == 369885184
+          || style == 503906464
+          || style == -1668808672
+          || style == -1677197152
+          || style == -1677197276
+          || style == -1677197280
+          || style == 352913568
+          || style == 369229832
+          || style == -1677197312
+          || style == -737673056
+          || style == -1811939312
+          || style == -1275068400
+          || style == -1803026400
+          || style == 504168488
+          || style == 336068768
+          || style == 336068640
+          || style == 336068736
+          || style == -1668808160
+          || style == -1777663840
+          || style == 336136352
+          || style == 369754112
+          || style == -1777855312
+          || style == -1660420096
+          || style == 382337288
+          || style == 919208200
+          || style == 369623200
+          || style == -1675689673
+          || style == 369754144
+          || style == -1675689545
+          || style == -1811414496
+          || (v108 && HIDWORD(currentProcessId_1) == (unsigned int)GetCurrentProcessId()
+           || !((unsigned int)&unk_80000 & windowStyle)
+           || (windowStyle & 0x80C0388) == windowStyle ? (v1665 = 0) : (v1665 = 1),
+              (v63 = v1665) != 0) )
+        {
+          v2522 = v46;
+          windowTextW = GetWindowTextW(hWindow, &windowText, 64i64);
+          size = 255;
+          windowTextWConvertedToA = WideCharToMultiByte(
+                                      65001i64,
+                                      0i64,
+                                      &windowText,
+                                      windowTextW,
+                                      pAllocatedBuffer + v46 + 1,
+                                      *(_QWORD *)&size,
+                                      0i64,
+                                      0i64);
+          *(_BYTE *)(pAllocatedBuffer + v46) = windowTextWConvertedToA;
+          v46 += (unsigned __int8)windowTextWConvertedToA + 1;
+          windowTextW = GetClassNameW(hWindow, &windowText, 64i64);
+          size = 255;
+          windowTextWConvertedToA_1 = WideCharToMultiByte(
+                                        65001i64,
+                                        0i64,
+                                        &windowText,
+                                        windowTextW,
+                                        pAllocatedBuffer + v46 + 1,
+                                        *(_QWORD *)&size,
+                                        0i64,
+                                        0i64);
+          *(_BYTE *)(pAllocatedBuffer + v46) = windowTextWConvertedToA_1;
+          v46 += (unsigned __int8)windowTextWConvertedToA_1 + 1;
+          hProcess = OpenProcess(4096i64, 0i64, HIDWORD(currentProcessId_1));
+          windowTextW = 128;
+          hProcess_1 = hProcess
+                    && QueryFullProcessImageName(hProcess, 0i64, &v2775, &windowTextW)
+                    && (size = 255,
+                        (windowTextW = WideCharToMultiByte(
+                                         65001i64,
+                                         0i64,
+                                         &v2775,
+                                         windowTextW,
+                                         pAllocatedBuffer + v46 + 1,
+                                         *(_QWORD *)&size,
+                                         0i64,
+                                         0i64)) != 0);
+          hProcess_2 = hProcess_1;
+          if ( hProcess )
+            CloseHandle(hProcess);
+          if ( hProcess_2 )
+          {
+            if ( GetFileAttributesExW(&v2775, 0i64, &v2753) )
+              v1669 = v2754;
+            else
+              v1669 = 0;
+            v1670 = v1669;
+          }
+          else
+          {
+            v1670 = 0;
+          }
+          if ( !v63
+            || hProcess_2
+            && (*(_DWORD *)(v46 + pAllocatedBuffer + windowTextW - 13) == '_pgt'
+             || *(_DWORD *)(v46 + pAllocatedBuffer + windowTextW - 10) == 'nuhT'
+             || *(_DWORD *)(v46 + pAllocatedBuffer + windowTextW - 8) == 'aetS') )
+          {
+            if ( hProcess_2 )
+              windowTextW_1 = windowTextW;
+            else
+              windowTextW_1 = 0;
+            *(_BYTE *)(pAllocatedBuffer + v46) = windowTextW_1;
+            v46 += (unsigned __int8)windowTextW_1 + 1;
+            *(_DWORD *)(pAllocatedBuffer + v46) = v1670;
+            *(_DWORD *)(pAllocatedBuffer + v46 + 4) = windowLong;
+            *(_DWORD *)(pAllocatedBuffer + v46 + 8) = windowStyle;
+            GetWindowRect(hWindow, pAllocatedBuffer + v46 + 12);
+            v46 += 28;
+          }
+          else
+          {
+            v46 = v2522;
+          }
+        }
+      }
+      hWindow = GetWindow(hWindow, 2i64);
+    }
+    while ( hWindow && v46 <= 20120 );
+  }
+  *(_WORD *)(pAllocatedBuffer + 2) = v46 - 4;
+  v46 += 2;
+  if ( v144 <= 1 )
+  {
+    v138 = 0;
+    v139 = 68;
+    v140 = v144;
+    ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v138, 3i64, 0i64);
+  }
+  str_duplicatehandle = 'D';
+  v810 = 'u';
+  v811 = 'p';
+  v812 = 'l';
+  v813 = 'i';
+  v814 = 'c';
+  v815 = 'a';
+  v816 = 't';
+  v817 = 'e';
+  v818 = 'H';
+  v819 = 'a';
+  v820 = 'n';
+  v821 = 'd';
+  v822 = 'l';
+  v823 = 'e';
+  v824 = '\0';
+  DuplicateHandle = (unsigned int (__fastcall *)(__int64, _QWORD, __int64, __int64 *, _QWORD, _QWORD, _QWORD))GetProcAddress(hKernel32, &str_duplicatehandle);
+  str_getcurrentprocess = 'G';
+  v910 = 'e';
+  v911 = 't';
+  v912 = 'C';
+  v913 = 'u';
+  v914 = 'r';
+  v915 = 'r';
+  v916 = 'e';
+  v917 = 'n';
+  v918 = 't';
+  v919 = 'P';
+  v920 = 'r';
+  v921 = 'o';
+  v922 = 'c';
+  v923 = 'e';
+  v924 = 's';
+  v925 = 's';
+  v926 = '\0';
+  GetCurrentProcess = (__int64 (*)(void))GetProcAddress(hKernel32, &str_getcurrentprocess);
+  str_ntqueryobject = 'N';
+  v603 = 't';
+  v604 = 'Q';
+  v605 = 'u';
+  v606 = 'e';
+  v607 = 'r';
+  v608 = 'y';
+  v609 = 'O';
+  v610 = 'b';
+  v611 = 'j';
+  v612 = 'e';
+  v613 = 'c';
+  v614 = 't';
+  v615 = 0;
+  NtQueryObject = (__int64 (__fastcall *)(__int64, signed __int64, unsigned __int16 *, signed __int64, _QWORD))GetProcAddress(hNtDLL, &str_ntqueryobject);
+  str_wcsnicmp = '_';
+  v291 = 'w';
+  v292 = 'c';
+  v293 = 's';
+  v294 = 'n';
+  v295 = 'i';
+  v296 = 'c';
+  v297 = 'm';
+  v298 = 'p';
+  v299 = 0;
+  hMSVCRT_5 = GetModuleHandleA((__int64 *)&str_msvcrt);
+  wcsnicmp = (unsigned int (__fastcall *)(__int64, signed __int16 *, _QWORD))GetProcAddress(hMSVCRT_5, &str_wcsnicmp);
+  str_getprocessid = 'G';
+  v432 = 'e';
+  v433 = 't';
+  v434 = 'P';
+  v435 = 'r';
+  v436 = 'o';
+  v437 = 'c';
+  v438 = 'e';
+  v439 = 's';
+  v440 = 's';
+  v441 = 'I';
+  v442 = 'd';
+  v443 = '\0';
+  GetProcessId = (__int64 (__fastcall *)(__int64))GetProcAddress(hKernel32, &str_getprocessid);
+  status_1 = 0xFFFFFFFF;
+  status = 0xFFFFFFFF;
+  SystemHandleInformation = (unsigned int *)'\0';
+  informationLength = 32;
+  do                                            // 16 = SYSTEM_HANDLE_INFORMATION
+                                                // 
+  {
+    informationLength += 1024;
+    SystemHandleInformation = (unsigned int *)realloc(SystemHandleInformation, informationLength);
+    if ( !SystemHandleInformation )
+      break;
+    status = NtQuerySystemInformation(16i64, SystemHandleInformation, informationLength, &informationLength);
+  }
+  while ( status == 0xC0000004 );
+  if ( SystemHandleInformation && status >= 0 )
+  {
+    v90 = -1;
+    for ( n = 0; n < *SystemHandleInformation && v46 <= 20219; ++n )
+    {
+      if ( HIWORD(SystemHandleInformation[6 * n + 3]) == hCurrentProcessHandle )
+      {
+        v2685 = 24i64 * (signed int)n;
+        if ( SystemHandleInformation[(unsigned __int64)v2685 / 4 + 2] == (unsigned int)GetCurrentProcessId() )
+        {
+          if ( status_1 )
+            status_1 += 1000;
+        }
+      }
+      if ( v90 == -1 || LOBYTE(SystemHandleInformation[6 * n + 3]) == v90 )
+      {
+        v2684 = 24i64 * (signed int)n;
+        if ( SystemHandleInformation[(unsigned __int64)v2684 / 4 + 2] != (unsigned int)GetCurrentProcessId() )
+        {
+          SourceProcessHandle = OpenProcess(64i64, 0i64, SystemHandleInformation[6 * n + 2]);
+          if ( SourceProcessHandle )
+          {
+            TargetProcessHandle = GetCurrentProcess();
+            SourceHandle = HIWORD(SystemHandleInformation[6 * n + 3]);
+            dwOptions = 0;
+            size = 0;
+            dwDesiredAccess = 1024;
+            if ( DuplicateHandle(
+                   SourceProcessHandle,
+                   SourceHandle,
+                   TargetProcessHandle,
+                   &TargetHandle,
+                   *(_QWORD *)&dwDesiredAccess,
+                   *(_QWORD *)&size,
+                   *(_QWORD *)&dwOptions) )
+            {
+              if ( v90 == -1 )
+              {
+                v2415 = 80;
+                v2416 = 114;
+                v2417 = 111;
+                v2418 = 99;
+                v2419 = 101;
+                v2420 = 115;
+                v2421 = 115;
+                v2422 = 0;
+                status = NtQueryObject(TargetHandle, 2i64, &HandleInformation, 1024i64, 0i64);
+                if ( status < 0 || wcsnicmp(v2784, &v2415, HandleInformation / 2) )
+                {
+                  if ( status < 0 && status_1 )
+                    status_1 = status;
+                }
+                else
+                {
+                  v90 = LOBYTE(SystemHandleInformation[6 * n + 3]);
+                }
+              }
+              if ( v90 != -1
+                && (processId = GetProcessId(TargetHandle), processId == (unsigned int)GetCurrentProcessId())
+                && SystemHandleInformation[6 * n + 6] & 0x30 )
+              {
+                hProcess_3 = OpenProcess(4096i64, 0i64, SystemHandleInformation[6 * n + 2]);
+                processImageName = 0;
+                size_1 = 256;
+                if ( hProcess_3
+                  && QueryFullProcessImageName(hProcess_3, 0i64, (__int64 *)&processImageName, &size_1)
+                  && (size = 255,
+                      (size_1 = WideCharToMultiByte(
+                                  65001i64,
+                                  0i64,
+                                  (__int64 *)&processImageName,
+                                  size_1,
+                                  pAllocatedBuffer + v46 + 1,
+                                  *(_QWORD *)&size,
+                                  0i64,
+                                  0i64)) != 0) )
+                {
+                  *(_BYTE *)(pAllocatedBuffer + v46) = size_1;
+                }
+                else
+                {
+                  systemInformation = SystemHandleInformation[6 * n + 2];
+                  v2618 = 0;
+                  v2619 = 512;
+                  v2620 = &v2785;
+                  if ( (signed int)NtQuerySystemInformation(88i64, (unsigned int *)&systemInformation, 24i64, 0i64) < 0 )
+                  {
+                    *(_BYTE *)(pAllocatedBuffer + v46) = 0;
+                  }
+                  else
+                  {
+                    v2676 = pAllocatedBuffer + v46 + 1;
+                    size = 255;
+                    *(_BYTE *)(pAllocatedBuffer + v46) = WideCharToMultiByte(
+                                                           65001i64,
+                                                           0i64,
+                                                           v2620,
+                                                           v2618 / 2,
+                                                           v2676,
+                                                           *(_QWORD *)&size,
+                                                           0i64,
+                                                           0i64);
+                  }
+                }
+                if ( hProcess_3 )
+                  CloseHandle(hProcess_3);
+                if ( *(_BYTE *)(pAllocatedBuffer + v46) )
+                {
+                  if ( GetFileAttributesExW((__int64 *)&processImageName, 0i64, &v2755) )
+                    v1671 = v2756;
+                  else
+                    v1671 = 0;
+                  v1672 = v1671;
+                }
+                else
+                {
+                  v1672 = 0;
+                }
+                v46 += *(unsigned __int8 *)(pAllocatedBuffer + v46) + 1;
+                *(_DWORD *)(pAllocatedBuffer + v46) = v1672;
+                v46 += 4;
+                *(_DWORD *)(pAllocatedBuffer + v46) = SystemHandleInformation[6 * n + 6];
+                v46 += 4;
+                status_1 = 0;
+              }
+              else if ( v90 != -1 && HIWORD(SystemHandleInformation[6 * n + 3]) == hCurrentProcessHandle )
+              {
+                v2675 = 24i64 * (signed int)n;
+                if ( SystemHandleInformation[(unsigned __int64)v2675 / 4 + 2] == (unsigned int)GetCurrentProcessId() )
+                {
+                  if ( status_1 )
+                    status_1 = SystemHandleInformation[6 * n + 6];
+                }
+              }
+              CloseHandle(TargetHandle);
+              CloseHandle(SourceProcessHandle);
+            }
+            else
+            {
+              CloseHandle(SourceProcessHandle);
+              if ( HIWORD(SystemHandleInformation[6 * n + 3]) == hCurrentProcessHandle )
+              {
+                v2680 = 24i64 * (signed int)n;
+                if ( SystemHandleInformation[(unsigned __int64)v2680 / 4 + 2] == (unsigned int)GetCurrentProcessId() )
+                {
+                  if ( status_1 )
+                    status_1 = 2;
+                }
+              }
+            }
+          }
+          else if ( HIWORD(SystemHandleInformation[6 * n + 3]) == hCurrentProcessHandle )
+          {
+            v2683 = 24i64 * (signed int)n;
+            if ( SystemHandleInformation[(unsigned __int64)v2683 / 4 + 2] == (unsigned int)GetCurrentProcessId() )
+              status_1 = status_1 != 0;
+          }
+        }
+      }
+    }
+    if ( v90 == -1 )
+      status_1 += 200;
+  }
+  else
+  {
+    status_1 = status + 100;
+  }
+  if ( status_1 )
+  {
+    *(_DWORD *)(pAllocatedBuffer + v46) = status_1;
+    v46 += 4;
+  }
+  if ( *(_DWORD *)(ReportDetection + 5) == -858993460 && *(_DWORD *)(ReportDetection + 1377994) == -803035 )
+    *(_QWORD *)(ReportDetection + 196656) = *(_QWORD *)(ReportDetection + 1377998);
+  if ( SystemHandleInformation )
+    free(SystemHandleInformation);
+  *(_WORD *)(pAllocatedBuffer + *(unsigned __int16 *)(pAllocatedBuffer + 2) + 4) = v46
+                                                                                 - 4
+                                                                                 - *(_WORD *)(pAllocatedBuffer + 2)
+                                                                                 - 2;
+  str_createfilea = 'C';
+  v345 = 'r';
+  v346 = 'e';
+  v347 = 'a';
+  v348 = 't';
+  v349 = 'e';
+  v350 = 'F';
+  v351 = 'i';
+  v352 = 'l';
+  v353 = 'e';
+  v354 = 'A';
+  v355 = '\0';
+  CreateFileA = (__int64 (__fastcall *)(char *, signed __int64, signed __int64, _QWORD, _QWORD, _QWORD, _QWORD))GetProcAddress(hKernel32, &str_createfilea);
+  str_getlasterror = 'G';
+  v523 = 'e';
+  v524 = 't';
+  v525 = 'L';
+  v526 = 'a';
+  v527 = 's';
+  v528 = 't';
+  v529 = 'E';
+  v530 = 'r';
+  v531 = 'r';
+  v532 = 'o';
+  v533 = 'r';
+  v534 = 0;
+  GetLastError = (__int64 (*)(void))GetProcAddress(hKernel32, &str_getlasterror);
+  str_pubgpacks = '.';
+  v1584 = '.';
+  v1585 = '\\';
+  v1586 = '.';
+  v1587 = '.';
+  v1588 = '\\';
+  v1589 = 'C';
+  v1590 = 'o';
+  v1591 = 'n';
+  v1592 = 't';
+  v1593 = 'e';
+  v1594 = 'n';
+  v1595 = 't';
+  v1596 = '\\';
+  v1597 = 'P';
+  v1598 = 'a';
+  v1599 = 'k';
+  v1600 = 's';
+  v1601 = '\\';
+  v1602 = 'T';
+  v1603 = 's';
+  v1604 = 'l';
+  v1605 = 'G';
+  v1606 = 'a';
+  v1607 = 'm';
+  v1608 = 'e';
+  v1609 = '-';
+  v1610 = 'W';
+  v1611 = 'i';
+  v1612 = 'n';
+  v1613 = 'd';
+  v1614 = 'o';
+  v1615 = 'w';
+  v1616 = 's';
+  v1617 = 'N';
+  v1618 = 'o';
+  v1619 = 'E';
+  v1620 = 'd';
+  v1621 = 'i';
+  v1622 = 't';
+  v1623 = 'o';
+  v1624 = 'r';
+  v1625 = '_';
+  v1626 = 'a';
+  v1627 = 's';
+  v1628 = 's';
+  v1629 = 'e';
+  v1630 = 't';
+  v1631 = 's';
+  v1632 = '_';
+  v1633 = 'w';
+  v1634 = 'o';
+  v1635 = 'r';
+  v1636 = 'l';
+  v1637 = 'd';
+  v1638 = '.';
+  v1639 = 'p';
+  v1640 = 'a';
+  v1641 = 'k';
+  v1642 = '\0';
+  if ( GetFileAttributesExA(&str_pubgpacks, 0i64, &fileInformation) )
+    v1646 = v2712;
+  else
+    v1646 = -2;
+  *(_DWORD *)(pAllocatedBuffer + v46) = v1646;
+  if ( v1646 == -2 )
+  {
+    str_readfile = 'R';
+    v242 = 'e';
+    v243 = 'a';
+    v244 = 'd';
+    v245 = 'F';
+    v246 = 'i';
+    v247 = 'l';
+    v248 = 'e';
+    v249 = '\0';
+    ReadFile = (unsigned int (__fastcall *)(__int64, __int64 *, signed __int64, char *, _QWORD))GetProcAddress(
+                                                                                                  hKernel32,
+                                                                                                  &str_readfile);
+    v1379 = '.';
+    v1380 = '.';
+    v1381 = '\\';
+    v1382 = '.';
+    v1383 = '.';
+    v1384 = '\\';
+    v1385 = 'B';
+    v1386 = 'L';
+    v1387 = 'G';
+    v1388 = 'a';
+    v1389 = 'm';
+    v1390 = 'e';
+    v1391 = '\\';
+    v1392 = 'C';
+    v1393 = 'o';
+    v1394 = 'o';
+    v1395 = 'k';
+    v1396 = 'e';
+    v1397 = 'd';
+    v1398 = 'C';
+    v1399 = 'o';
+    v1400 = 'n';
+    v1401 = 't';
+    v1402 = 'e';
+    v1403 = 'n';
+    v1404 = 't';
+    v1405 = '\\';
+    v1406 = 'S';
+    v1407 = 'c';
+    v1408 = 'r';
+    v1409 = 'i';
+    v1410 = 'p';
+    v1411 = 't';
+    v1412 = '\\';
+    v1413 = 'B';
+    v1414 = 'L';
+    v1415 = 'G';
+    v1416 = 'a';
+    v1417 = 'm';
+    v1418 = 'e';
+    v1419 = '.';
+    v1420 = 'u';
+    v1421 = '\0';
+    size = 128;
+    dwDesiredAccess = 3;
+    v2532 = CreateFileA(&v1379, 0x80000000i64, 7i64, 0i64, *(_QWORD *)&dwDesiredAccess, *(_QWORD *)&size, 0i64);
+    if ( v2532 != -1 )
+    {
+      while ( ReadFile(v2532, &v2536, 4i64, (char *)&v2536 + 4, 0i64) && HIDWORD(v2536) )
+        *(_DWORD *)(pAllocatedBuffer + v46) += v2536;
+      CloseHandle(v2532);
+    }
+  }
+  v1422 = '.';
+  v1423 = '.';
+  v1424 = '\\';
+  v1425 = '.';
+  v1426 = '.';
+  v1427 = '\\';
+  v1428 = 'C';
+  v1429 = 'o';
+  v1430 = 'n';
+  v1431 = 't';
+  v1432 = 'e';
+  v1433 = 'n';
+  v1434 = 't';
+  v1435 = '\\';
+  v1436 = 'P';
+  v1437 = 'a';
+  v1438 = 'k';
+  v1439 = 's';
+  v1440 = '\\';
+  v1441 = 'T';
+  v1442 = 's';
+  v1443 = 'l';
+  v1444 = 'G';
+  v1445 = 'a';
+  v1446 = 'm';
+  v1447 = 'e';
+  v1448 = '-';
+  v1449 = 'W';
+  v1450 = 'i';
+  v1451 = 'n';
+  v1452 = 'd';
+  v1453 = 'o';
+  v1454 = 'w';
+  v1455 = 's';
+  v1456 = 'N';
+  v1457 = 'o';
+  v1458 = 'E';
+  v1459 = 'd';
+  v1460 = 'i';
+  v1461 = 't';
+  v1462 = 'o';
+  v1463 = 'r';
+  v1464 = '_';
+  v1465 = 'u';
+  v1466 = 'i';
+  v1467 = '.';
+  v1468 = 'p';
+  v1469 = 'a';
+  v1470 = 'k';
+  v1471 = '\0';
+  if ( GetFileAttributesExA(&v1422, 0i64, &fileInformation) )
+    v1673 = v2712;
+  else
+    v1673 = -2;
+  *(_DWORD *)(pAllocatedBuffer + v46 + 4) = v1673;
+  v1472 = '.';
+  v1473 = '.';
+  v1474 = '\\';
+  v1475 = '.';
+  v1476 = '.';
+  v1477 = '\\';
+  v1478 = 'C';
+  v1479 = 'o';
+  v1480 = 'n';
+  v1481 = 't';
+  v1482 = 'e';
+  v1483 = 'n';
+  v1484 = 't';
+  v1485 = '\\';
+  v1486 = 'P';
+  v1487 = 'a';
+  v1488 = 'k';
+  v1489 = 's';
+  v1490 = '\\';
+  v1491 = 'T';
+  v1492 = 's';
+  v1493 = 'l';
+  v1494 = 'G';
+  v1495 = 'a';
+  v1496 = 'm';
+  v1497 = 'e';
+  v1498 = '-';
+  v1499 = 'W';
+  v1500 = 'i';
+  v1501 = 'n';
+  v1502 = 'd';
+  v1503 = 'o';
+  v1504 = 'w';
+  v1505 = 's';
+  v1506 = 'N';
+  v1507 = 'o';
+  v1508 = 'E';
+  v1509 = 'd';
+  v1510 = 'i';
+  v1511 = 't';
+  v1512 = 'o';
+  v1513 = 'r';
+  v1514 = '_';
+  v1515 = 's';
+  v1516 = 'o';
+  v1517 = 'u';
+  v1518 = 'n';
+  v1519 = 'd';
+  v1520 = '.';
+  v1521 = 112;
+  v1522 = 'a';
+  v1523 = 'k';
+  v1524 = 0;
+  if ( GetFileAttributesExA(&v1472, 0i64, &fileInformation) )
+    v1674 = v2712;
+  else
+    v1674 = -2;
+  *(_DWORD *)(pAllocatedBuffer + v46 + 8) = v1674;
+  v46 += 12;
+  *(_DWORD *)(pAllocatedBuffer + v46) = 0;
+  v46 += 4;
+  str_ntgetcontextthread = 'N';
+  v964 = 't';
+  v965 = 'G';
+  v966 = 'e';
+  v967 = 't';
+  v968 = 'C';
+  v969 = 'o';
+  v970 = 'n';
+  v971 = 't';
+  v972 = 'e';
+  v973 = 'x';
+  v974 = 't';
+  v975 = 'T';
+  v976 = 'h';
+  v977 = 'r';
+  v978 = 'e';
+  v979 = 'a';
+  v980 = 'd';
+  v981 = 0;
+  for ( NtGetContextThread = (char *)GetProcAddress(hNtDLL, &str_ntgetcontextthread);// BE jumping on whole 0xE9 chain to get original function
+                                                // 
+        ;
+        NtGetContextThread = *(char **)&NtGetContextThread[*(signed int *)(NtGetContextThread + 2) + 6] )
+  {
+    while ( (unsigned __int8)*NtGetContextThread == 0xE9 )
+      NtGetContextThread += *(_DWORD *)(NtGetContextThread + 1) + 5;
+    if ( *(_WORD *)NtGetContextThread != 0x25FF )
+      break;
+  }
+  hUser32_9 = GetModuleHandleA((__int64 *)&str_user32dll);
+  v2533 = hUser32_9 + *(signed int *)(hUser32_9 + 0x3C) + 0x18;
+  for ( ii = 0; ii < 256; ++ii )
+  {
+    if ( *((unsigned __int8 *)GetWindow + ii) == 232 )
+    {
+      v1751 = (char *)GetWindow + ii + *(signed int *)((char *)GetWindow + ii + 1) + 5;
+      if ( (unsigned __int64)v1751 >= (unsigned __int64)*(unsigned int *)(v2533 + 20) + hUser32_9
+        && (unsigned __int64)v1751 < *(unsigned int *)(v2533 + 4)
+                                   + (unsigned __int64)*(unsigned int *)(v2533 + 20)
+                                   + hUser32_9
+        && *(_WORD *)v1751 == 0x25FF )
+      {
+        for ( NtGetContextThread = v1751;
+              ;
+              NtGetContextThread = *(char **)&NtGetContextThread[*(signed int *)(NtGetContextThread + 2) + 6] )
+        {
+          while ( (unsigned __int8)*NtGetContextThread == 0xE9 )
+            NtGetContextThread += *(_DWORD *)(NtGetContextThread + 1) + 5;
+          if ( *(_WORD *)NtGetContextThread != 0x25FF )
+            break;
+        }
+      }
+    }
+  }
+  *(_QWORD *)(pAllocatedBuffer + v46) = NtGetContextThread;
+  *(_QWORD *)(pAllocatedBuffer + v46 + 8) = *(_QWORD *)NtGetContextThread;
+  *(_QWORD *)(pAllocatedBuffer + v46 + 16) = *((_QWORD *)NtGetContextThread + 1);
+  *(_QWORD *)(pAllocatedBuffer + v46 + 24) = *((_QWORD *)NtGetContextThread + 2);
+  v46 += 32;
+  if ( v46 <= 1000 )
+    v1675 = 1000;
+  else
+    v1675 = v46;
+  ((void (__fastcall *)(__int64, _QWORD, _QWORD))ReportDetection)(pAllocatedBuffer, v1675, 0i64);
+  free((unsigned int *)pAllocatedBuffer);
+  CloseHandle(hCurrentProcessHandle);
+  v75 = '\0';
+  str_createtoolhelp32snapshot = 'C';
+  v1302 = 'r';
+  v1303 = 'e';
+  v1304 = 'a';
+  v1305 = 't';
+  v1306 = 'e';
+  v1307 = 'T';
+  v1308 = 'o';
+  v1309 = 'o';
+  v1310 = 'l';
+  v1311 = 'h';
+  v1312 = 'e';
+  v1313 = 'l';
+  v1314 = 'p';
+  v1315 = '3';
+  v1316 = '2';
+  v1317 = 'S';
+  v1318 = 'n';
+  v1319 = 'a';
+  v1320 = 'p';
+  v1321 = 's';
+  v1322 = 'h';
+  v1323 = 'o';
+  v1324 = 't';
+  v1325 = '\0';
+  CreateToolhelp32Snapshot = (__int64 (__fastcall *)(signed __int64, _QWORD))GetProcAddress(
+                                                                               hKernel32,
+                                                                               &str_createtoolhelp32snapshot);
+  hSnapshot = CreateToolhelp32Snapshot(2i64, 0i64);
+  if ( hSnapshot != -1 )
+  {
+    str_process32first = 'P';
+    v687 = 'r';
+    v688 = 'o';
+    v689 = 'c';
+    v690 = 'e';
+    v691 = 's';
+    v692 = 's';
+    v693 = '3';
+    v694 = '2';
+    v695 = 'F';
+    v696 = 'i';
+    v697 = 'r';
+    v698 = 's';
+    v699 = 't';
+    v700 = '\0';
+    Process32First = (unsigned int (__fastcall *)(__int64, signed int *))GetProcAddress(hKernel32, &str_process32first);
+    processEntry = 304;
+    if ( Process32First(hSnapshot, &processEntry) )
+    {
+      str_process32next = 'P';
+      v575 = 'r';
+      v576 = 'o';
+      v577 = 'c';
+      v578 = 'e';
+      v579 = 's';
+      v580 = 's';
+      v581 = '3';
+      v582 = '2';
+      v583 = 'N';
+      v584 = 'e';
+      v585 = 'x';
+      v586 = 't';
+      v587 = '\0';
+      Process32Next = (unsigned int (__fastcall *)(__int64, signed int *))GetProcAddress(hKernel32, &str_process32next);
+      v143 = 0;
+      v1649 = 0;
+      v1648 = 0;
+      v1650 = 0;
+      v1651 = 0;
+      processInformation = 0;
+      do
+      {
+        v2594 = 0;
+        v2595 = 56;
+        hProcess_5 = OpenProcess(4096i64, 0i64, processId_1);
+        length = 128;
+        result_1 = hProcess_5
+                && QueryFullProcessImageName(hProcess_5, 0i64, &processImageName_1, &length)
+                && (size = 255,
+                    (length = WideCharToMultiByte(
+                                65001i64,
+                                0i64,
+                                &processImageName_1,
+                                length,
+                                (__int64)v2596,
+                                *(_QWORD *)&size,
+                                0i64,
+                                0i64)) != 0);
+        result_2 = result_1;
+        if ( (_BYTE)result_1 )
+        {
+          str_getfileattributesexw_1 = 'G';
+          v1164 = 'e';
+          v1165 = 't';
+          v1166 = 'F';
+          v1167 = 'i';
+          v1168 = 'l';
+          v1169 = 'e';
+          v1170 = 'A';
+          v1171 = 't';
+          v1172 = 't';
+          v1173 = 'r';
+          v1174 = 'i';
+          v1175 = 'b';
+          v1176 = 'u';
+          v1177 = 't';
+          v1178 = 'e';
+          v1179 = 's';
+          v1180 = 'E';
+          v1181 = 'x';
+          v1182 = 'W';
+          v1183 = '\0';
+          GetFileAttributesExW_1 = (unsigned int (__fastcall *)(__int64 *, _QWORD, __int64 *))GetProcAddress(
+                                                                                                hKernel32,
+                                                                                                &str_getfileattributesexw_1);
+          if ( GetFileAttributesExW_1(&processImageName_1, 0i64, &fileInformation_1) )
+            v1677 = v2758;
+          else
+            v1677 = 0;
+          v1652 = v1677;
+        }
+        else
+        {
+          v2599 = processId_1;
+          v2600 = 0;
+          v2601 = 512;
+          v2602 = &v2786;
+          if ( (signed int)NtQuerySystemInformation(88i64, (unsigned int *)&v2599, 24i64, 0i64) < 0 )
+          {
+            length = 0;
+          }
+          else
+          {
+            v2671 = v2596;
+            size = 255;
+            length = WideCharToMultiByte(65001i64, 0i64, v2602, v2600 / 2, (__int64)v2596, *(_QWORD *)&size, 0i64, 0i64);
+          }
+          v1652 = 0;
+        }
+        *(_DWORD *)&v2596[length] = v1652;
+        if ( hProcess_5 )
+        {
+          if ( !result_2 )
+          {
+            if ( length )
+            {
+              str_getlasterror_4 = 'G';
+              v536 = 'e';
+              v537 = 't';
+              v538 = 'L';
+              v539 = 'a';
+              v540 = 's';
+              v541 = 't';
+              v542 = 'E';
+              v543 = 'r';
+              v544 = 'r';
+              v545 = 'o';
+              v546 = 'r';
+              v547 = '\0';
+              GetLastError_4 = (unsigned int (*)(void))GetProcAddress(hKernel32, &str_getlasterror_4);
+              if ( GetLastError_4() == 31 )
+              {
+                str_getprocesstimes_3 = 'G';
+                v794 = 'e';
+                v795 = 't';
+                v796 = 'P';
+                v797 = 'r';
+                v798 = 'o';
+                v799 = 'c';
+                v800 = 'e';
+                v801 = 's';
+                v802 = 's';
+                v803 = 'T';
+                v804 = 'i';
+                v805 = 'm';
+                v806 = 'e';
+                v807 = 's';
+                v808 = '\0';
+                GetProcessTimes_3 = (unsigned int (__fastcall *)(__int64, __int64 *, __int64 *, __int64 *, __int64 *))GetProcAddress(hKernel32, &str_getprocesstimes_3);
+                if ( GetProcessTimes_3(hProcess_5, &time, &time, &time, &time) || GetLastError_4() != 31 )
+                {
+                  CloseHandle(hProcess_5);
+                }
+                else
+                {
+                  CloseHandle(hProcess_5);
+                  hProcess_5 = OpenProcess(4096i64, 0i64, processId_1);
+                  if ( hProcess_5 )
+                  {
+                    *(_DWORD *)&v2596[length] = 0;
+                    ((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2594, length + 6, 0i64);
+                  }
+                }
+              }
+            }
+          }
+        }
+        if ( v2720 != 1634038867 || v2721 != 2019896941 )
+        {
+          if ( v2720 != 1935766380 || v2721 != 2019896947 )
+          {
+            if ( v2720 != 1819310181 || v2721 != 1919251055 || v2722 != 1702389038 )
+            {
+              if ( v2720 != 778333539 || (signed __int16)v2721 != 30821 )
+              {
+                if ( v2720 == 1751348851 && v2721 == 779383663 && hProcess_5 && !processInformation )
+                {
+                  str_ntqueryinformationprocess = 'N';
+                  v1327 = 't';
+                  v1328 = 'Q';
+                  v1329 = 'u';
+                  v1330 = 'e';
+                  v1331 = 'r';
+                  v1332 = 'y';
+                  v1333 = 'I';
+                  v1334 = 'n';
+                  v1335 = 'f';
+                  v1336 = 'o';
+                  v1337 = 'r';
+                  v1338 = 'm';
+                  v1339 = 'a';
+                  v1340 = 't';
+                  v1341 = 'i';
+                  v1342 = 'o';
+                  v1343 = 'n';
+                  v1344 = 'P';
+                  v1345 = 'r';
+                  v1346 = 'o';
+                  v1347 = 'c';
+                  v1348 = 'e';
+                  v1349 = 's';
+                  v1350 = 's';
+                  v1351 = '\0';
+                  NtQueryInformationProcess = (signed int (__fastcall *)(__int64, signed __int64, signed __int64 *, signed __int64, _QWORD))GetProcAddress(hNtDLL, &str_ntqueryinformationprocess);
+                  if ( NtQueryInformationProcess(hProcess_5, 61i64, (signed __int64 *)&processInformation, 1i64, 0i64) < 0
+                    || processInformation != 81 )
+                  {
+                    if ( !processInformation )
+                    {
+                      processInformation_1 = 64i64;
+                      if ( NtQueryInformationProcess(hProcess_5, 0i64, &processInformation_1, 64i64, 0i64) >= 0 )
+                      {
+                        if ( v2760 & 1 )
+                          processInformation = 1;
+                      }
+                    }
+                  }
+                  else
+                  {
+                    processInformation = 0;
+                  }
+                }
+              }
+              else
+              {
+                v1650 = processId_1;
+              }
+            }
+            else
+            {
+              v1648 = processId_1;
+            }
+          }
+          else
+          {
+            v1649 = processId_1;
+          }
+        }
+        else
+        {
+          v143 = processId_1;
+        }
+        if ( !length )
+          goto LABEL_573;
+        if ( processId_1 != (unsigned int)GetCurrentProcessId() && v1651 < 10 )
+        {
+          v50 = 0;
+          v66 = 0;
+          v79 = length;
+          v1647 = 0;
+          while ( 1 )
+          {
+            if ( v2596[--v79] == 92 )
+              ++v1647;
+            if ( !v79 )
+              break;
+            if ( v79 < length - 8 )
+            {
+              v1678 = *(_DWORD *)&v2596[v79] != 858666076 || v2596[v79 + 4] == 46 ? 0 : 1;
+              v50 = v1678;
+              if ( (_BYTE)v1678 )
+                goto LABEL_513;
+              v1679 = *(_DWORD *)&v2596[v79] != 1819310181 || *(_DWORD *)&v2596[v79 + 4] != 1919251055 ? 0 : 1;
+              v50 = v1679;
+              v66 = v1679;
+              if ( (_BYTE)v1679 )
+                goto LABEL_513;
+            }
+          }
+          if ( v1647 > 2 )
+          {
+            for ( jj = 0; jj < length - 6; ++jj )
+            {
+              if ( *(_DWORD *)&v2596[jj] == 1936016476 && *(_DWORD *)&v2596[jj + 4] == 1886352491 && v2597[jj] == 92
+                || *(_DWORD *)&v2596[jj] == 1835357276 && *(_WORD *)&v2596[jj + 4] == 23664
+                || *(_DWORD *)&v2596[jj] == 1818838620 && *(_DWORD *)&v2596[jj + 4] == 1667584613
+                || *(_DWORD *)&v2596[jj] == 1668236380
+                && *(_DWORD *)&v2596[jj + 4] == 1852140917
+                && *(_WORD *)&v2597[jj] == 29556
+                && v2597[jj + 2] == 92
+                || *(_DWORD *)&v2596[jj] == 2003780700
+                && *(_DWORD *)&v2596[jj + 4] == 1634692206
+                && *(_WORD *)&v2597[jj] == 29540
+                && v2597[jj + 2] == 92
+                || *(_DWORD *)&v2596[jj] == 1634685532 && *(_DWORD *)&v2596[jj + 4] == 1735289197 && v2597[jj] == 92
+                || *(_DWORD *)&v2596[jj] == 779119988 && *(_WORD *)&v2596[jj + 4] == 30821
+                || *(_DWORD *)&v2596[jj] == 1702129518 && *(_DWORD *)&v2596[jj + 4] == 778330480
+                || *(_DWORD *)&v2596[jj] == 774778460 && *(_WORD *)&v2596[jj + 4] == 23598
+                || *(_DWORD *)&v2596[jj] == 778333539 && *(_WORD *)&v2596[jj + 4] == 30821
+                || !result_2 )
+              {
+                goto LABEL_513;
+              }
+            }
+            goto LABEL_542;
+          }
+LABEL_513:
+          str_getprocesstimes_2 = 'G';
+          v778 = 'e';
+          v779 = 't';
+          v780 = 'P';
+          v781 = 'r';
+          v782 = 'o';
+          v783 = 'c';
+          v784 = 'e';
+          v785 = 's';
+          v786 = 's';
+          v787 = 'T';
+          v788 = 'i';
+          v789 = 'm';
+          v790 = 'e';
+          v791 = 's';
+          v792 = '\0';
+          GetProcessTimes_2 = (unsigned int (__fastcall *)(__int64, __int64 *, __int64 *, __int64 *, char *))GetProcAddress(hKernel32, &str_getprocesstimes_2);
+          if ( GetProcessTimes_2(hProcess_5, &v2530, &v2737, &v2668, (char *)&v2667)
+            && (hCurrentProcess_2 = GetCurrentProcess(),
+                GetProcessTimes_2(hCurrentProcess_2, &v2529, &v1752, &v1752, (char *)&v1752))
+            && v2529 - v2530 <= 900000000
+            && v2529 - v2530 >= -300000000
+            || v50 )
+          {
+            v74 = v143 != 0;
+            v2596[length + 4] = v143 != 0;
+            if ( v1648 && v2719 == v1648 )
+            {
+              v2596[length + 4] |= 2u;
+            }
+            else if ( v1649 && v2719 == v1649 )
+            {
+              v2596[length + 4] |= 8u;
+            }
+            else if ( v1650 && v2719 == v1650 )
+            {
+              v2596[length + 4] |= 0x10u;
+            }
+            else
+            {
+              hProcess_10 = OpenProcess(4096i64, 0i64, v2719);
+              if ( hProcess_10 )
+              {
+                CloseHandle(hProcess_10);
+              }
+              else
+              {
+                str_getlasterror_3 = 'G';
+                v445 = 'e';
+                v446 = 't';
+                v447 = 'L';
+                v448 = 'a';
+                v449 = 's';
+                v450 = 't';
+                v451 = 'E';
+                v452 = 'r';
+                v453 = 'r';
+                v454 = 'o';
+                v455 = 'r';
+                v456 = '\0';
+                GetLastError_3 = (unsigned int (*)(void))GetProcAddress(hKernel32, &str_getlasterror_3);
+                if ( GetLastError_3() != 5 )
+                  v2596[length + 4] |= 4u;
+              }
+            }
+            if ( (signed int)(unsigned __int8)v2596[length + 4] > 1 || v50 )
+            {
+              Sleep(1000i64);
+              ++v1651;
+              if ( GetProcessTimes_2(hProcess_5, &v1752, &v1752, (__int64 *)&v2597[length + 5], &v2598 + length) )
+              {
+                *(_QWORD *)&v2597[length + 5] -= v2668;
+                *(_QWORD *)(&v2598 + length) -= v2667;
+                if ( v2596[length + 4] & 8
+                  || *(_QWORD *)(&v2598 + length) + *(_QWORD *)&v2597[length + 5] >= 500000i64
+                  || v50 && !v66 )
+                {
+                  v2595 = 64;
+                  *(_QWORD *)&v2596[length + 5] = v2529 - v2530;
+                  ((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2594, length + 31, 0i64);
+                  goto LABEL_584;
+                }
+              }
+            }
+          }
+        }
+LABEL_542:
+        if ( !v143
+          || *(_DWORD *)((char *)&v2592 + length) != 1819310181
+          || *(_DWORD *)&v2593[length] != 1919251055
+          || *(_DWORD *)&v2593[length + 4] != 1702389038
+          || v2719 != v143 )
+        {
+          if ( *(_DWORD *)&v2591[length] != 1886217556
+            || *(_DWORD *)&v2593[length + 4] != 1701603654
+            || v2721 != 1702389038
+            || ((char)v2720 < 65 || (char)v2720 > 90)
+            && (SBYTE1(v2720) < 65 || SBYTE1(v2720) > 90)
+            && (SBYTE2(v2720) < 65 || SBYTE2(v2720) > 90)
+            && (SHIBYTE(v2720) < 65 || SHIBYTE(v2720) > 90) )
+          {
+            if ( *(_DWORD *)&v2593[length + 2] != 1700026952 )
+            {
+              for ( kk = 0; kk < length - 4; ++kk )
+              {
+                if ( *(_DWORD *)&v2596[kk] == 543649362
+                  || *(signed __int16 *)&v2596[kk] == 41191
+                  && (unsigned __int8)v2596[kk + 2] == -127
+                  && (signed int)(unsigned __int8)v2596[kk + 3] >= 48
+                  && (signed int)(unsigned __int8)v2596[kk + 3] <= 57
+                  || *(_DWORD *)&v2596[kk] == 541544018
+                  || *(_DWORD *)&v2596[kk] == -1864023211
+                  || *(_DWORD *)&v2596[kk] == 775302706 && *(_WORD *)&v2596[kk + 4] == 30821 )
+                {
+                  goto LABEL_581;
+                }
+              }
+LABEL_573:
+              if ( (v2720 != 1684107084 || v2721 != 1919052140)
+                && v2720 != 543649362
+                && (v1652 != (_DWORD)qword_5D720
+                 || v2720 == 1701667143 && v2721 == 1919252047
+                 || v2720 == 1701667175 && v2721 == 1919252079) )
+              {
+                goto LABEL_582;
+              }
+              goto LABEL_581;
+            }
+          }
+          else
+          {
+            *(_DWORD *)v2596 = v2720;
+            *(_DWORD *)&v2596[4] = v2721;
+            length = 8;
+            *(_DWORD *)v2597 = 255;
+          }
+        }
+LABEL_581:
+        v2595 = 56;
+        ((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2594, length + 6, 0i64);
+LABEL_582:
+        if ( hProcess_5 )
+          CloseHandle(hProcess_5);
+LABEL_584:
+        if ( (v2720 == 1701667143 || v2720 == 1701667175)
+          && (v2721 == 1919252047 || v2721 == 1919252079)
+          && (v2722 == 1434018156 || v2722 == 1970889068) )
+        {
+          v75 = 1;
+          hProcess_9 = OpenProcess(1024i64, 0i64, processId_1);
+          if ( hProcess_9 )
+          {
+            for ( ll = 0i64; NtQueryVirtualMemory(hProcess_9, ll, 0i64, &v2430, 48i64, &v2738) >= 0; ll = v2431 + v2430 )
+            {
+              if ( v2432 == 4096 && v2434 == 0x20000 && (v2433 == 16 || v2433 == 32 || v2433 == 64) )
+              {
+                if ( v2431 > 0x10000 )
+                {
+                  v2571 = 0;
+                  v2572 = 59;
+                  v2573 = v2430;
+                  v2574 = v2431;
+                  v2575 = v2434 | v2433 | v2432;
+                  ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2571, 18i64, 0i64);
+                }
+                if ( processInformation )
+                {
+                  v2647 = 0;
+                  v2648 = 53;
+                  v2649 = 1457;
+                  v2650 = processInformation;
+                  v2651 = v2430;
+                  v2652 = v2431;
+                  v2653 = v2434 | v2433 | v2432;
+                  ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2647, 28i64, 0i64);
+                }
+                hProcess_8 = OpenProcess(16i64, 0i64, processId_1);
+                if ( hProcess_8 )
+                {
+                  v2435 = 8;
+                  v2436 = 'H';
+                  v2437 = '\0';
+                  v2438 = 'o';
+                  v2439 = '\0';
+                  v2440 = 'm';
+                  v2441 = '\0';
+                  v2442 = 'e';
+                  v2443 = '\0';
+                  memset(&v2444, 0, 0x10ui64);
+                  v2445 = 4;
+                  v2446 = 'F';
+                  v2447 = '\0';
+                  v2448 = '1';
+                  v2449 = '\0';
+                  memset(&v2450, 0, 0x14ui64);
+                  v2451 = 0x10;
+                  v2452 = '\xFF';
+                  v2453 = '\xFF';
+                  v2454 = '�';
+                  v2455 = '�';
+                  v2456 = '\b';
+                  v2457 = '�';
+                  v2458 = '\0';
+                  v2459 = '\0';
+                  v2460 = '\0';
+                  v2461 = '\0';
+                  v2462 = '\0';
+                  v2463 = '\0';
+                  v2464 = '\0';
+                  v2465 = '\0';
+                  v2466 = '\0';
+                  v2467 = '\0';
+                  memset(&v2468, 0, 8ui64);
+                  v2469 = 24;
+                  v2470 = 92;
+                  v2471 = 0;
+                  v2472 = 92;
+                  v2473 = 0;
+                  v2474 = 46;
+                  v2475 = 0;
+                  v2476 = 92;
+                  v2477 = 0;
+                  v2478 = 112;
+                  v2479 = 0;
+                  v2480 = 105;
+                  v2481 = 0;
+                  v2482 = 112;
+                  v2483 = 0;
+                  v2484 = 101;
+                  v2485 = 0;
+                  v2486 = 92;
+                  v2487 = 0;
+                  v2488 = 37;
+                  v2489 = 0;
+                  v2490 = 115;
+                  v2491 = 0;
+                  v2492 = 0;
+                  v2493 = 0;
+                  v2494 = 10;
+                  v2495 = -57;
+                  v2496 = 6;
+                  v2497 = 0;
+                  v2498 = 0;
+                  v2499 = 0;
+                  v2500 = 0;
+                  v2501 = -58;
+                  v2502 = 71;
+                  v2503 = 3;
+                  v2504 = 0;
+                  memset(&v2505, 0, 0xEui64);
+                  v2506 = 8;
+                  v2507 = 105;
+                  v2508 = -64;
+                  v2509 = 24;
+                  v2510 = 1;
+                  v2511 = 0;
+                  v2512 = 0;
+                  v2513 = 51;
+                  v2514 = -46;
+                  memset(&v2515, 0, 0x10ui64);
+                  for ( mm = ll; mm != v2431 + v2430; mm += 4096i64 )
+                  {
+                    if ( NtReadVirtualMemory(hProcess_8, mm, &v2790, 4096i64, 0i64) >= 0 )
+                    {
+                      for ( nn = 0; (unsigned __int64)nn < 6; ++nn )
+                      {
+                        for ( i1 = 0; (unsigned int)(*(&v2435 + 7 * nn) + i1) <= 0x1000ui64; ++i1 )
+                        {
+                          for ( i2 = 0;
+                                i2 < *(&v2435 + 7 * nn)
+                             && *((unsigned __int8 *)&v2790 + (signed int)(i2 + i1)) == *((unsigned __int8 *)&v2435
+                                                                                        + 28 * nn
+                                                                                        + (signed int)i2
+                                                                                        + 4);
+                                ++i2 )
+                          {
+                            ;
+                          }
+                          if ( i2 == *(&v2435 + 7 * nn) )
+                          {
+                            v2633 = 0;
+                            v2634 = 53;
+                            v2635 = 1388;
+                            v2636 = i1 + mm;
+                            v2637 = v2430;
+                            v2638 = v2431;
+                            v2639 = v2434 | v2433 | v2432;
+                            ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2633, 28i64, 0i64);
+                            goto LABEL_619;
+                          }
+                        }
+                      }
+                    }
+                  }
+LABEL_619:
+                  CloseHandle(hProcess_8);
+                }
+              }
+            }
+            CloseHandle(hProcess_9);
+          }
+          else
+          {
+            str_getlasterror_2 = 'G';
+            v471 = 'e';
+            v472 = 't';
+            v473 = 'L';
+            v474 = 'a';
+            v475 = 's';
+            v476 = 't';
+            v477 = 'E';
+            v478 = 'r';
+            v479 = 'r';
+            v480 = 'o';
+            v481 = 'r';
+            v482 = '\0';
+            GetLastError_2 = (unsigned int (*)(void))GetProcAddress(hKernel32, &str_getlasterror_2);
+            if ( GetLastError_2() == 5 )
+            {
+              v123 = 0;
+              v124 = 59;
+              ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v123, 2i64, 0i64);
+            }
+          }
+          hSnapshot_2 = CreateToolhelp32Snapshot(24i64, processId_1);
+          if ( hSnapshot_2 != -1 )
+          {
+            str_module32first = 'M';
+            v673 = 'o';
+            v674 = 'd';
+            v675 = 'u';
+            v676 = 'l';
+            v677 = 'e';
+            v678 = '3';
+            v679 = '2';
+            v680 = 'F';
+            v681 = 'i';
+            v682 = 'r';
+            v683 = 's';
+            v684 = 't';
+            v685 = '\0';
+            Module32First = (unsigned int (__fastcall *)(__int64, signed int *))GetProcAddress(
+                                                                                  hKernel32,
+                                                                                  &str_module32first);
+            moduleEntry = 568;
+            if ( Module32First(hSnapshot_2, &moduleEntry) )
+            {
+              str_module32next = 'M';
+              v549 = 'o';
+              v550 = 'd';
+              v551 = 'u';
+              v552 = 'l';
+              v553 = 'e';
+              v554 = '3';
+              v555 = '2';
+              v556 = 'N';
+              v557 = 'e';
+              v558 = 'x';
+              v559 = 't';
+              v560 = '\0';
+              Module32Next = (unsigned int (__fastcall *)(__int64, signed int *))GetProcAddress(
+                                                                                   hKernel32,
+                                                                                   &str_module32next);
+              str_createfilea_1 = 'C';
+              v357 = 'r';
+              v358 = 'e';
+              v359 = 'a';
+              v360 = 't';
+              v361 = 'e';
+              v362 = 'F';
+              v363 = 'i';
+              v364 = 'l';
+              v365 = 'e';
+              v366 = 'A';
+              v367 = '\0';
+              CreateFileA_1 = GetProcAddress(hKernel32, &str_createfilea_1);
+              do
+              {
+                if ( v2764 != 1769301878 || v2765 != 779312946 )
+                {
+                  if ( v2764 == 1701667175 && v2765 == 1919252079 && v2766 == 1970889068 && v2767 == 1818504809 )
+                  {
+                    v1660 = OpenProcess(16i64, 0i64, processId_1);
+                    if ( v1660 )
+                    {
+                      if ( NtReadVirtualMemory(v1660, v2762 + 444281, (__int64 *)&v1756, 16i64, 0i64) >= 0
+                        && *(_QWORD *)&v1756 == -5130500736015824128i64
+                        && v1758 == -858993469
+                        && NtReadVirtualMemory(v1660, v1757, (__int64 *)&v1756, 4i64, 0i64) >= 0
+                        && NtReadVirtualMemory(v1660, v1756, (__int64 *)&v1756, 20i64, 0i64) >= 0 )
+                      {
+                        for ( i3 = 0; (unsigned __int64)i3 < 0x14; i3 += 4 )
+                        {
+                          NtReadVirtualMemory(
+                            v1660,
+                            *(unsigned int *)((char *)&v1756 + i3),
+                            (__int64 *)&v2607,
+                            16i64,
+                            0i64);
+                          if ( *(unsigned int *)((char *)&v1756 + i3) < v2762
+                            || *(unsigned int *)((char *)&v1756 + i3) >= v2763 + v2762
+                            || v2607 == 204 )
+                          {
+                            v2603 = 0;
+                            v2604 = 59;
+                            v2605 = i3;
+                            v2606 = *(unsigned int *)((char *)&v1756 + i3);
+                            ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2603, 24i64, 0i64);
+                          }
+                        }
+                      }
+                      CloseHandle(v1660);
+                    }
+                  }
+                }
+                else
+                {
+                  hProcess_7 = OpenProcess(16i64, 0i64, processId_1);
+                  if ( hProcess_7 )
+                  {
+                    if ( NtReadVirtualMemory(hProcess_7, v2762 + 295766, (__int64 *)&v2769, 30i64, 0i64) >= 0 )
+                    {
+                      if ( *(_QWORD *)&v2769 != -8422761549041827734i64
+                        || v2770 != 13
+                        || v2772 != 38655
+                        || v2773 != 3467
+                        || v2774 != -1862336117 )
+                      {
+                        if ( NtReadVirtualMemory(hProcess_7, v2762 + 295736, (__int64 *)&v2769, 8i64, 0i64) >= 0
+                          && *(_QWORD *)&v2769 == 29839001828066410i64 )
+                        {
+                          v2692 = 0;
+                          v2693 = 59;
+                          v2694 = 0;
+                          v2695 = v2762 + 295800;
+                          NtReadVirtualMemory(hProcess_7, v2762 + 295800, &v2696, 16i64, 0i64);
+                          ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2692, 24i64, 0i64);
+                        }
+                      }
+                      else if ( NtReadVirtualMemory(hProcess_7, v2771, (__int64 *)&v2769, 4i64, 0i64) >= 0
+                             && NtReadVirtualMemory(hProcess_7, v2769, (__int64 *)&v2769, 4i64, 0i64) >= 0
+                             && NtReadVirtualMemory(hProcess_7, v2769, (__int64 *)&v2769, 984i64, 0i64) >= 0 )
+                      {
+                        for ( i4 = 0; (unsigned __int64)i4 < 0x3D8; i4 += 4 )
+                        {
+                          NtReadVirtualMemory(
+                            hProcess_7,
+                            *(unsigned int *)((char *)&v2769 + i4),
+                            (__int64 *)&v2616,
+                            16i64,
+                            0i64);
+                          if ( *(unsigned int *)((char *)&v2769 + i4) < v2762
+                            || *(unsigned int *)((char *)&v2769 + i4) >= v2763 + v2762
+                            || v2616 == 204 )
+                          {
+                            v2612 = 0;
+                            v2613 = 59;
+                            v2614 = i4;
+                            v2615 = *(unsigned int *)((char *)&v2769 + i4);
+                            ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2612, 24i64, 0i64);
+                          }
+                        }
+                      }
+                    }
+                    CloseHandle(hProcess_7);
+                  }
+                }
+              }
+              while ( Module32Next(hSnapshot_2, &moduleEntry) );
+            }
+            CloseHandle(hSnapshot_2);
+          }
+          hSnapshot_1 = CreateToolhelp32Snapshot(4i64, 0i64);
+          if ( hSnapshot_1 != -1 )
+          {
+            str_thread32first = 'T';
+            v659 = 'h';
+            v660 = 'r';
+            v661 = 'e';
+            v662 = 'a';
+            v663 = 'd';
+            v664 = '3';
+            v665 = '2';
+            v666 = 'F';
+            v667 = 'i';
+            v668 = 'r';
+            v669 = 's';
+            v670 = 't';
+            v671 = '\0';
+            Thread32First = (unsigned int (__fastcall *)(__int64, signed int *))GetProcAddress(
+                                                                                  hKernel32,
+                                                                                  &str_thread32first);
+            v2733 = 28;
+            if ( Thread32First(hSnapshot_1, &v2733) )
+            {
+              str_thread32next = 'T';
+              v562 = 'h';
+              v563 = 'r';
+              v564 = 'e';
+              v565 = 'a';
+              v566 = 'd';
+              v567 = '3';
+              v568 = '2';
+              v569 = 'N';
+              v570 = 'e';
+              v571 = 'x';
+              v572 = 't';
+              v573 = '\0';
+              Thread32Next = (unsigned int (__fastcall *)(__int64, signed int *))GetProcAddress(
+                                                                                   hKernel32,
+                                                                                   &str_thread32next);
+              do
+              {
+                if ( v2735 == processId_1 )
+                {
+                  str_openthread = 'O';
+                  v312 = 'p';
+                  v313 = 'e';
+                  v314 = 'n';
+                  v315 = 'T';
+                  v316 = 'h';
+                  v317 = 'r';
+                  v318 = 'e';
+                  v319 = 'a';
+                  v320 = 'd';
+                  v321 = '\0';
+                  OpenThread = (__int64 (__fastcall *)(signed __int64, _QWORD, _QWORD))GetProcAddress(
+                                                                                         hKernel32,
+                                                                                         &str_openthread);
+                  hThread = OpenThread(10i64, 0i64, v2734);
+                  if ( hThread )
+                  {
+                    str_resumethread = 'R';
+                    v393 = 'e';
+                    v394 = 's';
+                    v395 = 'u';
+                    v396 = 'm';
+                    v397 = 'e';
+                    v398 = 'T';
+                    v399 = 'h';
+                    v400 = 'r';
+                    v401 = 'e';
+                    v402 = 'a';
+                    v403 = 'd';
+                    v404 = 0;
+                    ResumeThread = (__int64 (__fastcall *)(__int64))GetProcAddress(hKernel32, &str_resumethread);
+                    v1653 = ResumeThread(hThread);
+                    if ( v1653 && v1653 != -1 )
+                    {
+                      str_suspendthread = 'S';
+                      v645 = 'u';
+                      v646 = 's';
+                      v647 = 'p';
+                      v648 = 'e';
+                      v649 = 'n';
+                      v650 = 'd';
+                      v651 = 'T';
+                      v652 = 'h';
+                      v653 = 'r';
+                      v654 = 'e';
+                      v655 = 'a';
+                      v656 = 'd';
+                      v657 = '\0';
+                      SuspendThread = (void (__fastcall *)(__int64))GetProcAddress(hKernel32, &str_suspendthread);
+                      SuspendThread(hThread);
+                      v1687 = 0;
+                      v1688 = 59;
+                      v1689 = v1653;
+                      ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1687, 6i64, 0i64);
+                    }
+                    v2780 = (signed int)qword_100010;
+                    str_getthreadcontext = 'G';
+                    v842 = 'e';
+                    v843 = 't';
+                    v844 = 'T';
+                    v845 = 'h';
+                    v846 = 'r';
+                    v847 = 'e';
+                    v848 = 'a';
+                    v849 = 'd';
+                    v850 = 'C';
+                    v851 = 'o';
+                    v852 = 'n';
+                    v853 = 't';
+                    v854 = 'e';
+                    v855 = 'x';
+                    v856 = 't';
+                    v857 = '\0';
+                    GetThreadContext = (unsigned int (__fastcall *)(__int64, __int64 *))GetProcAddress(
+                                                                                          hKernel32,
+                                                                                          &str_getthreadcontext);
+                    if ( GetThreadContext(hThread, &context) && v2782 )
+                    {
+                      v1690 = 0;
+                      v1691 = 59;
+                      v1692 = v2781;
+                      ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1690, 6i64, 0i64);
+                    }
+                    CloseHandle(hThread);
+                  }
+                }
+              }
+              while ( Thread32Next(hSnapshot_1, &v2733) );
+            }
+            CloseHandle(hSnapshot_1);
+          }
+        }
+        if ( v2720 == 1935766380 && v2721 == 2019896947 )
+        {
+          v2524 = OpenProcess(1024i64, 0i64, processId_1);
+          if ( v2524 )
+          {
+            for ( i5 = 0i64; NtQueryVirtualMemory(v2524, i5, 0i64, &v2621, 48i64, &v2740) >= 0; i5 = v2622 + v2621 )
+            {
+              if ( v2623 == 4096 && v2625 == 0x20000 && (v2624 == 16 || v2624 == 32 || v2624 == 64) && v2622 > 0x10000 )
+              {
+                v2566 = 0;
+                v2567 = 66;
+                v2568 = v2621;
+                v2569 = v2622;
+                v2570 = v2625 | v2624 | v2623;
+                ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2566, 18i64, 0i64);
+              }
+            }
+            CloseHandle(v2524);
+          }
+        }
+      }
+      while ( Process32Next(hSnapshot, &processEntry) );
+    }
+    CloseHandle(hSnapshot);
+    if ( processInformation )
+    {
+      v1702 = 0;
+      v1703 = 72;
+      v1704 = 1457;
+      v1705 = processInformation;
+      ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1702, 8i64, 0i64);
+    }
+  }
+  str_loadlibrarya = 'L';
+  v406 = 'o';
+  v407 = 'a';
+  v408 = 'd';
+  v409 = 'L';
+  v410 = 'i';
+  v411 = 'b';
+  v412 = 'r';
+  v413 = 'a';
+  v414 = 'r';
+  v415 = 'y';
+  v416 = 'A';
+  v417 = 0;
+  LoadLibraryA = (__int64 (__fastcall *)(char *))GetProcAddress(hKernel32, &str_loadlibrarya);
+  str_psapidll = 'p';
+  v281 = 's';
+  v282 = 'a';
+  v283 = 'p';
+  v284 = 'i';
+  v285 = '.';
+  v286 = 'd';
+  v287 = 'l';
+  v288 = 'l';
+  v289 = 0;
+  hPsApi = LoadLibraryA(&str_psapidll);
+  if ( hPsApi )
+  {
+    str_enumprocesses = 'E';
+    v631 = 'n';
+    v632 = 'u';
+    v633 = 'm';
+    v634 = 'P';
+    v635 = 'r';
+    v636 = 'o';
+    v637 = 'c';
+    v638 = 'e';
+    v639 = 's';
+    v640 = 's';
+    v641 = 'e';
+    v642 = 's';
+    v643 = '\0';
+    EnumProcesses = (unsigned int (__fastcall *)(__int64 *, signed __int64, unsigned int *))GetProcAddress(
+                                                                                              hPsApi,
+                                                                                              &str_enumprocesses);
+    if ( EnumProcesses(&v2788, 1600i64, &v132) )
+    {
+      if ( v132 < 0x640ui64 )
+      {
+        for ( i6 = 0; ; i6 += 4 )
+        {
+          if ( i6 >= 0x10000 )
+            goto LABEL_752;
+          hProcess_6 = OpenProcess(4096i64, 0i64, (unsigned int)i6);
+          if ( hProcess_6 )
+          {
+            v2742 = 0;
+            v2743 = 56;
+            v52 = 128;
+            if ( !QueryFullProcessImageName(hProcess_6, 0i64, &v2777, &v52)
+              || (size = 255,
+                  (v52 = WideCharToMultiByte(65001i64, 0i64, &v2777, v52, (__int64)v2744, *(_QWORD *)&size, 0i64, 0i64)) == 0) )
+            {
+              v2608 = i6;
+              v2609 = 0;
+              v2610 = 512;
+              v2611 = &v2787;
+              if ( (signed int)NtQuerySystemInformation(88i64, (unsigned int *)&v2608, 24i64, 0i64) < 0 )
+              {
+                v52 = 0;
+              }
+              else
+              {
+                v2710 = v2744;
+                size = 255;
+                v52 = WideCharToMultiByte(
+                        65001i64,
+                        0i64,
+                        v2611,
+                        v2609 / 2,
+                        (__int64)v2744,
+                        *(_QWORD *)&size,
+                        0i64,
+                        0i64);
+              }
+            }
+            for ( i7 = 0; ; ++i7 )
+            {
+              v2709 = i7;
+              if ( i7 >= v132 / 4ui64 || *((_DWORD *)&v2788 + i7) == i6 )
+                break;
+            }
+            if ( v52 )
+            {
+              if ( !v75
+                && (*(_DWORD *)((char *)&v2740 + v52 + 1) == 'emaG' || *(_DWORD *)((char *)&v2740 + v52 + 1) == 'emag')
+                && (*(_DWORD *)((char *)&v2740 + v52 + 5) == 'revO' || *(_DWORD *)((char *)&v2740 + v52 + 5) == 'revo')
+                && (*(_DWORD *)&v2741[v52] == 'Uyal' || *(_DWORD *)&v2741[v52] == 'uyal')
+                || (v2708 = i7, i7 == v132 / 4ui64)
+                && *(_DWORD *)((char *)&v2740 + v52) == 'aets'
+                && *(_DWORD *)((char *)&v2740 + v52 + 4) == 'bewm' )
+              {
+                str_getexitcodeprocess = 'G';
+                v983 = 'e';
+                v984 = 't';
+                v985 = 'E';
+                v986 = 'x';
+                v987 = 'i';
+                v988 = 't';
+                v989 = 'C';
+                v990 = 'o';
+                v991 = 'd';
+                v992 = 'e';
+                v993 = 'P';
+                v994 = 'r';
+                v995 = 'o';
+                v996 = 'c';
+                v997 = 'e';
+                v998 = 's';
+                v999 = 's';
+                v1000 = '\0';
+                GetExitCodeProcess = (unsigned int (__fastcall *)(__int64, int *))GetProcAddress(
+                                                                                    hKernel32,
+                                                                                    &str_getexitcodeprocess);
+                if ( GetExitCodeProcess(hProcess_6, &exitCode) )
+                {
+                  if ( exitCode == 259 )
+                  {
+                    str_getprocesstimes_1 = 'G';
+                    v826 = 'e';
+                    v827 = 't';
+                    v828 = 'P';
+                    v829 = 'r';
+                    v830 = 'o';
+                    v831 = 'c';
+                    v832 = 'e';
+                    v833 = 's';
+                    v834 = 's';
+                    v835 = 'T';
+                    v836 = 'i';
+                    v837 = 'm';
+                    v838 = 'e';
+                    v839 = 's';
+                    v840 = '\0';
+                    GetProcessTimes_1 = (unsigned int (__fastcall *)(__int64, __int64 *, __int64 *, __int64 *, __int64 *))GetProcAddress(hKernel32, &str_getprocesstimes_1);
+                    if ( !GetProcessTimes_1(hProcess_6, &v2704, &v1685, &v1685, &v1685) )
+                      goto LABEL_800;
+                    hCurrentProcess_1 = GetCurrentProcess();
+                    if ( GetProcessTimes_1(hCurrentProcess_1, &v2705, &v1685, &v1685, &v1685) )
+                      *(_DWORD *)&v2744[v52] = (v2704 - v2705) / 10000 & 0xFFFFFFFE;
+                    else
+LABEL_800:
+                      *(_DWORD *)&v2744[v52] = 0;
+                    if ( *(_DWORD *)&v2744[v52] >= 0 )
+                    {
+                      v2703 = i7;
+                      v1680 = i7 == v132 / 4ui64;
+                      *(_DWORD *)&v2744[v52] |= v1680;
+                      ((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2742, v52 + 6, 0i64);
+                    }
+                  }
+                }
+                else
+                {
+                  v30 = GetLastError();
+                  *(_DWORD *)&v2744[v52] = v30;
+                  ((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2742, v52 + 6, 0i64);
+                }
+              }
+            }
+            v2702 = i7;
+            v31 = v132 % 4ui64;
+            if ( i7 != v132 / 4ui64 )
+              goto LABEL_750;
+            str_getprocesstimes = 'G';
+            v762 = 'e';
+            v763 = 't';
+            v764 = 'P';
+            v765 = 'r';
+            v766 = 'o';
+            v767 = 'c';
+            v768 = 'e';
+            v769 = 's';
+            v770 = 's';
+            v771 = 'T';
+            v772 = 'i';
+            v773 = 'm';
+            v774 = 'e';
+            v775 = 's';
+            v776 = '\0';
+            GetProcessTimes = (unsigned int (__fastcall *)(__int64, __int64 *, __int64 *, __int64 *, __int64 *))GetProcAddress(hKernel32, &str_getprocesstimes);
+            str_getlasterror_1 = 'G';
+            v419 = 'e';
+            v420 = 't';
+            v421 = 'L';
+            v422 = 'a';
+            v423 = 's';
+            v424 = 't';
+            v425 = 'E';
+            v426 = 'r';
+            v427 = 'r';
+            v428 = 'o';
+            v429 = 'r';
+            v430 = '\0';
+            GetLastError_1 = (unsigned int (*)(void))GetProcAddress(hKernel32, &str_getlasterror_1);
+            if ( GetProcessTimes(hProcess_6, &v2519, &v2519, &v2519, &v2519) || GetLastError_1() != 31 )
+            {
+              CloseHandle(hProcess_6);
+              continue;
+            }
+            CloseHandle(hProcess_6);
+            hProcess_6 = OpenProcess(4096i64, 0i64, (unsigned int)i6);
+            if ( hProcess_6 )
+              break;
+          }
+LABEL_707:
+          ;
+        }
+        if ( v52 )
+        {
+          if ( GetFileAttributesExW(&v2777, 0i64, &v2751) )
+            v1654 = v2752;
+          else
+            v1654 = 0;
+          *(_DWORD *)&v2744[v52] = v1654;
+          ((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2742, v52 + 6, 0i64);
+        }
+LABEL_750:
+        ((void (__fastcall *)(__int64, unsigned __int64))CloseHandle)(hProcess_6, v31);
+        goto LABEL_707;
+      }
+    }
+  }
+LABEL_752:
+  str_be_dlldll = 'B';
+  v323 = 'E';
+  v324 = '_';
+  v325 = 'D';
+  v326 = 'L';
+  v327 = 'L';
+  v328 = '.';
+  v329 = 'd';
+  v330 = 'l';
+  v331 = 'l';
+  v332 = '\0';
+  if ( GetFileAttributesExA(&str_be_dlldll, 0i64, &fileInformation) )
+  {
+    v1693 = 0;
+    v1694 = 61;
+    v1695 = v2712;
+    ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1693, 6i64, 0i64);
+  }
+  str_beep = '\\';
+  v233 = '\\';
+  v234 = '.';
+  v235 = '\\';
+  v236 = 'B';
+  v237 = 'e';
+  v238 = 'e';
+  v239 = 'p';
+  v240 = '\0';
+  size = '\0';
+  dwDesiredAccess = 3;
+  v1686 = CreateFileA(&str_beep, 0x80000000i64, 3i64, 0i64, *(_QWORD *)&dwDesiredAccess, *(_QWORD *)&size, 0i64);
+  if ( v1686 != -1 )
+  {
+    v125 = 0;
+    v126 = 62;
+    ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v125, 2i64, 0i64);
+    CloseHandle(v1686);
+  }
+  v223 = '\\';
+  v224 = '\\';
+  v225 = '.';
+  v226 = '\\';
+  v227 = 'N';
+  v228 = 'u';
+  v229 = 'l';
+  v230 = 'l';
+  v231 = '\0';
+  size = 0;
+  dwDesiredAccess = 3;
+  v1686 = CreateFileA(&v223, 0x80000000i64, 3i64, 0i64, *(_QWORD *)&dwDesiredAccess, *(_QWORD *)&size, 0i64);
+  if ( v1686 != -1 )
+  {
+    v127 = 0;
+    v128 = 63;
+    ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v127, 2i64, 0i64);
+    CloseHandle(v1686);
+  }
+  str_gettickcount = 'G';
+  v484 = 'e';
+  v485 = 't';
+  v486 = 'T';
+  v487 = 'i';
+  v488 = 'c';
+  v489 = 'k';
+  v490 = 'C';
+  v491 = 'o';
+  v492 = 'u';
+  v493 = 'n';
+  v494 = 't';
+  v495 = 0;
+  GetTickCount = (__int64 (*)(void))GetProcAddress(hKernel32, &str_gettickcount);
+  tickCount = GetTickCount();
+  Sleep(1000i64);
+  tickDelta = (unsigned __int64)GetTickCount() - tickCount;
+  if ( tickDelta >= 02260 )
+  {
+    v1696 = 0;
+    v1697 = 69;
+    v1698 = tickDelta;
+    ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1696, 6i64, 0i64);
+  }
+  v1525 = '.';
+  v1526 = '.';
+  v1527 = '\\';
+  v1528 = '.';
+  v1529 = '.';
+  v1530 = '\\';
+  v1531 = 'P';
+  v1532 = 'l';
+  v1533 = 'u';
+  v1534 = 'g';
+  v1535 = 'i';
+  v1536 = 'n';
+  v1537 = 's';
+  v1538 = '\\';
+  v1539 = 'Z';
+  v1540 = 'i';
+  v1541 = 'p';
+  v1542 = 'U';
+  v1543 = 't';
+  v1544 = 'i';
+  v1545 = 'l';
+  v1546 = 'i';
+  v1547 = 't';
+  v1548 = 'y';
+  v1549 = '\\';
+  v1550 = 'T';
+  v1551 = 'h';
+  v1552 = 'i';
+  v1553 = 'r';
+  v1554 = 'd';
+  v1555 = 'P';
+  v1556 = 'a';
+  v1557 = 'r';
+  v1558 = 't';
+  v1559 = 'y';
+  v1560 = '\\';
+  v1561 = '7';
+  v1562 = 'z';
+  v1563 = 'p';
+  v1564 = 'p';
+  v1565 = '\\';
+  v1566 = 'd';
+  v1567 = 'l';
+  v1568 = 'l';
+  v1569 = '\\';
+  v1570 = 'W';
+  v1571 = 'i';
+  v1572 = 'n';
+  v1573 = '6';
+  v1574 = '4';
+  v1575 = '\\';
+  v1576 = '7';
+  v1577 = 'z';
+  v1578 = '.';
+  v1579 = 'd';
+  v1580 = 'l';
+  v1581 = 'l';
+  v1582 = 0;
+  hModule = GetModuleHandleA((__int64 *)&v1525);
+  if ( hModule && *(_DWORD *)(hModule + 4096) != -15449657 )
+  {
+    v2581 = 0;
+    v2582 = 70;
+    v2583 = 0;
+    v2584 = *(_QWORD *)(hModule + 4096);
+    v2585 = *(_QWORD *)(hModule + 4104);
+    ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2581, 19i64, 0i64);
+  }
+  v207 = 'h';
+  v208 = 'a';
+  v209 = 'l';
+  v210 = '.';
+  v211 = 'd';
+  v212 = 'l';
+  v213 = 'l';
+  v214 = 0;
+  hModule = GetModuleHandleA((__int64 *)&v207);
+  if ( hModule )
+  {
+    v2576 = 0;
+    v2577 = 70;
+    v2578 = 2;
+    v2579 = *(_QWORD *)(hModule + 4096);
+    v2580 = *(_QWORD *)(hModule + 4104);
+    ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2576, 19i64, 0i64);
+  }
+  v1001 = 'n';
+  v1002 = 'v';
+  v1003 = 'T';
+  v1004 = 'o';
+  v1005 = 'o';
+  v1006 = 'l';
+  v1007 = 's';
+  v1008 = 'E';
+  v1009 = 'x';
+  v1010 = 't';
+  v1011 = '6';
+  v1012 = '4';
+  v1013 = '_';
+  v1014 = '1';
+  v1015 = '.';
+  v1016 = 'd';
+  v1017 = 'l';
+  v1018 = 'l';
+  v1019 = 0;
+  hModule = GetModuleHandleA((__int64 *)&v1001);
+  if ( hModule )
+  {
+    v1709 = 0;
+    v1710 = 72;
+    v1711 = 1448;
+    v1712 = *(_DWORD *)(hModule + *(signed int *)(hModule + 60) + 80);
+    ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1709, 8i64, 0i64);
+  }
+  v945 = 'w';
+  v946 = 's';
+  v947 = '2';
+  v948 = 'd';
+  v949 = 'e';
+  v950 = 't';
+  v951 = 'o';
+  v952 = 'u';
+  v953 = 'r';
+  v954 = '_';
+  v955 = 'x';
+  v956 = '9';
+  v957 = '6';
+  v958 = '.';
+  v959 = 'd';
+  v960 = 'l';
+  v961 = 'l';
+  v962 = 0;
+  hModule = GetModuleHandleA((__int64 *)&v945);
+  if ( hModule )
+  {
+    v1713 = 0;
+    v1714 = 72;
+    v1715 = 1461;
+    v1716 = *(_DWORD *)(hModule + *(signed int *)(hModule + 60) + 80);
+    ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1713, 8i64, 0i64);
+  }
+  str_networkdllx64 = 'n';
+  v928 = 'e';
+  v929 = 't';
+  v930 = 'w';
+  v931 = 'o';
+  v932 = 'r';
+  v933 = 'k';
+  v934 = 'd';
+  v935 = 'l';
+  v936 = 'l';
+  v937 = 'x';
+  v938 = '6';
+  v939 = '4';
+  v940 = '.';
+  v941 = 'd';
+  v942 = 'l';
+  v943 = 'l';
+  v944 = 0;
+  hModule = GetModuleHandleA((__int64 *)&str_networkdllx64);
+  if ( hModule )
+  {
+    if ( *(_DWORD *)(hModule + *(signed int *)(hModule + 60) + 80) < 0x200000u
+      || *(_DWORD *)(hModule + *(signed int *)(hModule + 60) + 80) >= 0x400000u )
+    {
+      if ( *(_DWORD *)(*(signed int *)(hModule + 60) + hModule + 172) == 6944 )
+      {
+        v1722 = 0;
+        v1723 = 72;
+        v1724 = 1463;
+        v1725 = *(_DWORD *)(hModule + *(signed int *)(hModule + 60) + 8);
+        ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1722, 8i64, 0i64);
+      }
+    }
+    else
+    {
+      v1718 = 0;
+      v1719 = 72;
+      v1720 = 1463;
+      v1721 = *(_DWORD *)(*(signed int *)(hModule + 60) + hModule + 172);
+      ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1718, 8i64, 0i64);
+    }
+  }
+  str_nxdetoursdll = 'n';
+  v859 = 'x';
+  v860 = 'd';
+  v861 = 'e';
+  v862 = 't';
+  v863 = 'o';
+  v864 = 'u';
+  v865 = 'r';
+  v866 = 's';
+  v867 = '_';
+  v868 = '6';
+  v869 = '4';
+  v870 = '.';
+  v871 = 'd';
+  v872 = 'l';
+  v873 = 108;
+  v874 = '\0';
+  hModule = GetModuleHandleA((__int64 *)&str_nxdetoursdll);
+  if ( hModule )
+  {
+    v1726 = 0;
+    v1727 = 72;
+    v1728 = 1464;
+    v1729 = *(_DWORD *)(hModule + *(signed int *)(hModule + 60) + 80);
+    ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1726, 8i64, 0i64);
+  }
+  str_nvcompiler = 'n';
+  v717 = 'v';
+  v718 = 'c';
+  v719 = 'o';
+  v720 = 'm';
+  v721 = 'p';
+  v722 = 'i';
+  v723 = 'l';
+  v724 = 'e';
+  v725 = 'r';
+  v726 = '.';
+  v727 = 'd';
+  v728 = 'l';
+  v729 = 'l';
+  v730 = '\0';
+  hModule = GetModuleHandleA((__int64 *)&str_nvcompiler);
+  if ( hModule )
+  {
+    v1739 = 0;
+    v1740 = 72;
+    v1741 = 1468;
+    v1742 = *(_DWORD *)(hModule + 0x1000);
+    ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1739, 8i64, 0i64);
+  }
+  str_iphlpapi = 'i';
+  v458 = 'p';
+  v459 = 'h';
+  v460 = 'l';
+  v461 = 'p';
+  v462 = 'a';
+  v463 = 'p';
+  v464 = 'i';
+  v465 = '.';
+  v466 = 'd';
+  v467 = 'l';
+  v468 = 'l';
+  v469 = '\0';
+  hModule = LoadLibraryA(&str_iphlpapi);
+  if ( hModule )
+  {
+    str_getextendedTcptable = 'G';
+    v1061 = 'e';
+    v1062 = 't';
+    v1063 = 'E';
+    v1064 = 'x';
+    v1065 = 't';
+    v1066 = 'e';
+    v1067 = 'n';
+    v1068 = 'd';
+    v1069 = 'e';
+    v1070 = 'd';
+    v1071 = 'T';
+    v1072 = 'c';
+    v1073 = 'p';
+    v1074 = 'T';
+    v1075 = 'a';
+    v1076 = 'b';
+    v1077 = 'l';
+    v1078 = 'e';
+    v1079 = '\0';
+    GetExtendedTcpTable = (unsigned int (__fastcall *)(unsigned int *, unsigned int *, _QWORD, signed __int64, _QWORD, _QWORD))GetProcAddress(hModule, &str_getextendedTcptable);
+    memset(&v2716, 0, 0x14ui64);
+    for ( i8 = 0; i8 < 500; ++i8 )
+    {
+      v1656 = 0;
+      size = 0;
+      dwDesiredAccess = 8;
+      GetExtendedTcpTable(0i64, &v1656, 0i64, 2i64, *(_QWORD *)&dwDesiredAccess, *(_QWORD *)&size);
+      buffer_2 = (unsigned int *)malloc(v1656);
+      size = 0;
+      dwDesiredAccess = 8;
+      if ( !GetExtendedTcpTable(buffer_2, &v1656, 0i64, 2i64, *(_QWORD *)&dwDesiredAccess, *(_QWORD *)&size) )
+      {
+        for ( i9 = 0; i9 < *buffer_2; ++i9 )
+        {
+          if ( (buffer_2[40 * i9 + 5] == 0x656B1468 || buffer_2[40 * i9 + 5] == 0x656C1468)
+            && buffer_2[40 * i9 + 6] == 20480 )
+          {
+            for ( i10 = 0; i10 < 10 && buffer_2[40 * i9 + 4] != *((unsigned __int16 *)&v2716 + i10); ++i10 )
+            {
+              if ( !*((_WORD *)&v2716 + i10) )
+              {
+                v1743 = 0;
+                v1744 = 72;
+                v1745 = 1465;
+                v1746 = BYTE1(buffer_2[40 * i9 + 4]) | (LOBYTE(buffer_2[40 * i9 + 4]) << 8);
+                ((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1743, 8i64, 0i64);
+                *((_WORD *)&v2716 + i10) = buffer_2[40 * i9 + 4];
+                break;
+              }
+            }
+          }
+        }
+      }
+      free(buffer_2);
+      Sleep(10i64);
+    }
+  }
+  str_wmpdll = 'w';
+  v216 = 'm';
+  v217 = 'p';
+  v218 = '.';
+  v219 = 'd';
+  v220 = 'l';
+  v221 = 'l';
+  v222 = 0;
+  result = GetModuleHandleA((__int64 *)&str_wmpdll);
+  hModule = result;
+  if ( result )
+  {
+    v2797 = 0;
+    v41 = 72;
+    v42 = 1470;
+    v35 = *(_DWORD *)(v36 + 4096);
+    result = v33(&v34, 8i64, 0i64);
+  }
+  return result;
+}
+// 5D720: using guessed type __int64 qword_5D720[2];
+// 100010: using guessed type __int64 qword_100010[4];
+
+//----- (000000000004D46D) ----------------------------------------------------
+unsigned __int64 __usercall sub_4D46D@<rax>(unsigned __int64 result@<rax>)
+{
+  char *v1; // r10
+  char *v2; // r11
+  char v3; // [rsp+18h] [rbp+8h]
+
+  v1 = &v3 - result;
+  if ( (unsigned __int64)&v3 < result )
+    v1 = 0i64;
+  v2 = (char *)__readgsqword(0x10u);
+  if ( v1 < v2 )
+  {
+    LOWORD(v1) = (unsigned __int16)v1 & 0xF000;
+    do
+    {
+      v2 -= 4096;
+      *v2 = 0;
+    }
+    while ( v1 != v2 );
+  }
+  return result;
+}
+
+// ALL OK, 2 function(s) have been successfully decompiled