admin/battleye
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
battleye/code.c
Huoji's 13f0937070 1 
1
2020-01-10 13:25:07 +08:00

6908 lines
233 KiB
C
Raw Permalink Blame History

/* This file has been generated by the Hex-Rays decompiler.
Copyright (c) 2007-2017 Hex-Rays <info@hex-rays.com>
Detected compiler: Visual C++
*/
/*
一些结构:
struct __unaligned battleye_stack_report
{
__int8 unknown;
__int8 report_id;
__int8 val0;
__int64 caller;
__int64 function_dump[4];
__int64 allocation_base;
__int64 base_address;
__int32 region_size;
__int32 type_protect_state;
};
ReportDetection结构:
sevenzip_report.unknown_1 = 0;
sevenzip_report.report_id = 0x46;
sevenzip_report.unknown_2 = 0;
sevenzip_report.data1 = *(__int64*)(module_handle + 0x1000;
sevenzip_report.data2 = *(__int64*)(module_handle + 0x1008;
battleye::report(&sevenzip_report, sizeof(sevenzip_report), false);
反馈信息:
enum BATTLEYE_REPORT_ID
{
MEMORY_GUARD = 0x21,
MEMORY_SUSPICIOUS = 0x2F,
WINDOW_TITLE = 0x33,
MEMORY = 0x35,
PROCESS_ANOMALY = 0x38,
DRIVER_BEEP_PRESENCE = 0x3E,
DRIVER_NULL_PRESENCE = 0x3F,
MISCELLANEOUS_ANOMALY = 0x3B,
PROCESS_SUSPICIOUS = 0x40,
LSASS_MEMORY = 0x42,
SLEEP_ANOMALY = 0x45,
MEMORY_MODULE_SPECIFIC = 0x46,
GENERIC_ANOMALY = 0x48,
MEMORY_MODULE_SPECIFIC2 = 0x5B,
}
*/
#include <defs.h>
//-------------------------------------------------------------------------
// Function declarations
__int64 __fastcall sub_42119(__int64 a1, __int64 a2, __int64 a3, __int64 a4);
// unsigned __int64 __usercall sub_4D46D@<rax>(unsigned __int64 result@<rax>);
//-------------------------------------------------------------------------
// Data declarations
_UNKNOWN unk_44DDF; // weak
__int64 qword_5D720[2] = { 0i64, 0i64 }; // weak
_UNKNOWN unk_80000; // weak
__int64 qword_100010[4] = { 4294967296i64, 4294967296i64, 4294967296i64, 0i64 }; // weak
//----- (0000000000042119) ----------------------------------------------------
__int64 __fastcall sub_42119(__int64 a1, __int64 a2, __int64 a3, __int64 a4)
{
void *v4; // rsp
__int64 hAdvApi32; // rax
__int64 hAdvApi32_1; // rax
__int64 hKernel32_1; // rax
__int64 hMSVCRT; // rax
__int64 hMSVCRT_1; // rax
unsigned int hCurrentProcess; // eax
__int64 hUser32; // rax
__int64 hMSVCRT_2; // rax
__int64 hMSVCRT_3; // rax
__int64 hMSVCRT_4; // rax
__int64 hUser32_1; // rax
__int64 hUser32_2; // rax
__int64 hUser32_3; // rax
__int64 hUser32_4; // rax
unsigned int currentProcessId; // eax
__int64 hUser32_5; // rax
__int64 hUser32_6; // rax
__int64 hUser32_7; // rax
__int64 hUser32_8; // rax
__int64 hKernel32_2; // rax
__int64 hMSVCRT_5; // rax
__int64 TargetProcessHandle; // rax
unsigned int SourceHandle; // ecx
__int64 hCurrentProcess_2; // rax
__int64 hCurrentProcess_1; // rax
int v30; // eax
unsigned __int64 v31; // rdx
__int64 result; // rax
__int64 (__fastcall *v33)(__int64 *, signed __int64, _QWORD); // [rsp-29340h] [rbp-29350h]
__int64 v34; // [rsp-28878h] [rbp-28888h]
int v35; // [rsp-21874h] [rbp-21884h]
__int64 v36; // [rsp-14890h] [rbp-148A0h]
char str_kernel32; // [rsp-14390h] [rbp-143A0h]
char v38; // [rsp-1438Fh] [rbp-1439Fh]
char v39; // [rsp-1438Eh] [rbp-1439Eh]
char v40; // [rsp-1438Dh] [rbp-1439Dh]
char v41; // [rsp-13E1Fh] [rbp-13E2Fh]
signed __int16 v42; // [rsp-13E1Eh] [rbp-13E2Eh]
signed int dwDesiredAccess; // [rsp-D8D8h] [rbp-D8E8h]
signed int size; // [rsp-D8D0h] [rbp-D8E0h]
int dwOptions; // [rsp-D8C8h] [rbp-D8D8h]
signed int v46; // [rsp-D8B8h] [rbp-D8C8h]
int style; // [rsp-D8B4h] [rbp-D8C4h]
unsigned int length; // [rsp-D8B0h] [rbp-D8C0h]
unsigned __int8 processInformation; // [rsp-D8ACh] [rbp-D8BCh]
char v50; // [rsp-D8ABh] [rbp-D8BBh]
unsigned int jj; // [rsp-D8A8h] [rbp-D8B8h]
unsigned int v52; // [rsp-D8A4h] [rbp-D8B4h]
unsigned int n; // [rsp-D8A0h] [rbp-D8B0h]
__int64 pAllocatedBuffer; // [rsp-D898h] [rbp-D8A8h]
__int64 hModule; // [rsp-D890h] [rbp-D8A0h]
char v56; // [rsp-D888h] [rbp-D898h]
bool v57; // [rsp-D887h] [rbp-D897h]
__int64 hKernel32; // [rsp-D880h] [rbp-D890h]
int k; // [rsp-D878h] [rbp-D888h]
int m; // [rsp-D874h] [rbp-D884h]
int status_1; // [rsp-D870h] [rbp-D880h]
bool v62; // [rsp-D86Ch] [rbp-D87Ch]
char v63; // [rsp-D86Bh] [rbp-D87Bh]
bool hProcess_2; // [rsp-D86Ah] [rbp-D87Ah]
bool result_2; // [rsp-D869h] [rbp-D879h]
char v66; // [rsp-D868h] [rbp-D878h]
unsigned int l; // [rsp-D864h] [rbp-D874h]
int j; // [rsp-D860h] [rbp-D870h]
void (__fastcall *CloseHandle)(__int64); // [rsp-D858h] [rbp-D868h]
unsigned int *SystemHandleInformation; // [rsp-D850h] [rbp-D860h]
unsigned int windowTextW; // [rsp-D848h] [rbp-D858h]
unsigned int kk; // [rsp-D844h] [rbp-D854h]
unsigned __int64 BaseAddress; // [rsp-D840h] [rbp-D850h]
bool v74; // [rsp-D838h] [rbp-D848h]
char v75; // [rsp-D837h] [rbp-D847h]
signed int (__fastcall *NtReadVirtualMemory)(signed __int64, unsigned __int64, __int64 *, signed __int64, _QWORD); // [rsp-D830h] [rbp-D840h]
unsigned int i9; // [rsp-D828h] [rbp-D838h]
char *NtGetContextThread; // [rsp-D820h] [rbp-D830h]
unsigned int v79; // [rsp-D818h] [rbp-D828h]
signed int status; // [rsp-D814h] [rbp-D824h]
int i4; // [rsp-D810h] [rbp-D820h]
int i3; // [rsp-D80Ch] [rbp-D81Ch]
unsigned __int64 MemoryInformation; // [rsp-D808h] [rbp-D818h]
__int64 v84; // [rsp-D800h] [rbp-D810h]
unsigned __int64 v85; // [rsp-D7F0h] [rbp-D800h]
int v86; // [rsp-D7E8h] [rbp-D7F8h]
int v87; // [rsp-D7E4h] [rbp-D7F4h]
int v88; // [rsp-D7E0h] [rbp-D7F0h]
int windowStyle; // [rsp-D7D8h] [rbp-D7E8h]
signed int v90; // [rsp-D7D4h] [rbp-D7E4h]
__int64 (__fastcall *OpenProcess)(signed __int64, _QWORD, _QWORD); // [rsp-D7D0h] [rbp-D7E0h]
__int64 hProcess_5; // [rsp-D7C8h] [rbp-D7D8h]
unsigned __int64 i; // [rsp-D7C0h] [rbp-D7D0h]
int nn; // [rsp-D7B8h] [rbp-D7C8h]
int i7; // [rsp-D7B4h] [rbp-D7C4h]
signed int i6; // [rsp-D7B0h] [rbp-D7C0h]
char str_user32dll; // [rsp-D7A8h] [rbp-D7B8h]
char str_user32dll_2; // [rsp-D7A7h] [rbp-D7B7h]
char v99; // [rsp-D7A6h] [rbp-D7B6h]
char v100; // [rsp-D7A5h] [rbp-D7B5h]
char v101; // [rsp-D7A4h] [rbp-D7B4h]
char v102; // [rsp-D7A3h] [rbp-D7B3h]
char v103; // [rsp-D7A2h] [rbp-D7B2h]
char v104; // [rsp-D7A1h] [rbp-D7B1h]
char v105; // [rsp-D7A0h] [rbp-D7B0h]
char v106; // [rsp-D79Fh] [rbp-D7AFh]
char v107; // [rsp-D79Eh] [rbp-D7AEh]
signed int v108; // [rsp-D794h] [rbp-D7A4h]
signed int ii; // [rsp-D790h] [rbp-D7A0h]
signed int i10; // [rsp-D78Ch] [rbp-D79Ch]
unsigned int i2; // [rsp-D788h] [rbp-D798h]
char str_msvcrt; // [rsp-D780h] [rbp-D790h]
char str_msvcrt_1; // [rsp-D77Fh] [rbp-D78Fh]
char v114; // [rsp-D77Eh] [rbp-D78Eh]
char v115; // [rsp-D77Dh] [rbp-D78Dh]
char v116; // [rsp-D77Ch] [rbp-D78Ch]
char v117; // [rsp-D77Bh] [rbp-D78Bh]
char v118; // [rsp-D77Ah] [rbp-D78Ah]
char v119; // [rsp-D779h] [rbp-D789h]
char v120; // [rsp-D778h] [rbp-D788h]
char v121; // [rsp-D777h] [rbp-D787h]
char v122; // [rsp-D776h] [rbp-D786h]
char v123; // [rsp-D770h] [rbp-D780h]
char v124; // [rsp-D76Fh] [rbp-D77Fh]
char v125; // [rsp-D76Ch] [rbp-D77Ch]
char v126; // [rsp-D76Bh] [rbp-D77Bh]
char v127; // [rsp-D768h] [rbp-D778h]
char v128; // [rsp-D767h] [rbp-D777h]
unsigned int informationLength; // [rsp-D760h] [rbp-D770h]
unsigned int size_1; // [rsp-D75Ch] [rbp-D76Ch]
int i1; // [rsp-D758h] [rbp-D768h]
unsigned int v132; // [rsp-D754h] [rbp-D764h]
__int64 hWindow; // [rsp-D750h] [rbp-D760h]
__int64 (*GetCurrentProcessId)(void); // [rsp-D748h] [rbp-D758h]
unsigned __int64 Address; // [rsp-D740h] [rbp-D750h]
__int64 hProcess_6; // [rsp-D738h] [rbp-D748h]
unsigned int *buffer_2; // [rsp-D730h] [rbp-D740h]
char v138; // [rsp-D728h] [rbp-D738h]
char v139; // [rsp-D727h] [rbp-D737h]
char v140; // [rsp-D726h] [rbp-D736h]
__int64 hProcess_7; // [rsp-D718h] [rbp-D728h]
__int64 (__fastcall *WideCharToMultiByte)(signed __int64, _QWORD, __int64 *, _QWORD, __int64, _QWORD, _QWORD, _QWORD); // [rsp-D710h] [rbp-D720h]
unsigned int v143; // [rsp-D708h] [rbp-D718h]
signed int v144; // [rsp-D704h] [rbp-D714h]
__int64 str_kernel32dll; // [rsp-D700h] [rbp-D710h]
char v146; // [rsp-D6F9h] [rbp-D709h]
char v147; // [rsp-D6F8h] [rbp-D708h]
char v148; // [rsp-D6F7h] [rbp-D707h]
char v149; // [rsp-D6F6h] [rbp-D706h]
char v150; // [rsp-D6F5h] [rbp-D705h]
char v151; // [rsp-D6F4h] [rbp-D704h]
char str_free; // [rsp-D6F0h] [rbp-D700h]
char v153; // [rsp-D6EFh] [rbp-D6FFh]
char v154; // [rsp-D6EEh] [rbp-D6FEh]
char v155; // [rsp-D6EDh] [rbp-D6FDh]
char v156; // [rsp-D6ECh] [rbp-D6FCh]
char str_sleep; // [rsp-D6E8h] [rbp-D6F8h]
char v158; // [rsp-D6E7h] [rbp-D6F7h]
char v159; // [rsp-D6E6h] [rbp-D6F6h]
char v160; // [rsp-D6E5h] [rbp-D6F5h]
char v161; // [rsp-D6E4h] [rbp-D6F4h]
char v162; // [rsp-D6E3h] [rbp-D6F3h]
char str_advapidll; // [rsp-D6E0h] [rbp-D6F0h]
char v164; // [rsp-D6DFh] [rbp-D6EFh]
char v165; // [rsp-D6DEh] [rbp-D6EEh]
char v166; // [rsp-D6DDh] [rbp-D6EDh]
char v167; // [rsp-D6DCh] [rbp-D6ECh]
char v168; // [rsp-D6DBh] [rbp-D6EBh]
char v169; // [rsp-D6DAh] [rbp-D6EAh]
char v170; // [rsp-D6D9h] [rbp-D6E9h]
char v171; // [rsp-D6D8h] [rbp-D6E8h]
char v172; // [rsp-D6D7h] [rbp-D6E7h]
char v173; // [rsp-D6D6h] [rbp-D6E6h]
char v174; // [rsp-D6D5h] [rbp-D6E5h]
char v175; // [rsp-D6D4h] [rbp-D6E4h]
char str_malloc; // [rsp-D6D0h] [rbp-D6E0h]
char v177; // [rsp-D6CFh] [rbp-D6DFh]
char v178; // [rsp-D6CEh] [rbp-D6DEh]
char v179; // [rsp-D6CDh] [rbp-D6DDh]
char v180; // [rsp-D6CCh] [rbp-D6DCh]
char v181; // [rsp-D6CBh] [rbp-D6DBh]
char v182; // [rsp-D6CAh] [rbp-D6DAh]
char str_memcmp; // [rsp-D6C8h] [rbp-D6D8h]
char v184; // [rsp-D6C7h] [rbp-D6D7h]
char v185; // [rsp-D6C6h] [rbp-D6D6h]
char v186; // [rsp-D6C5h] [rbp-D6D5h]
char v187; // [rsp-D6C4h] [rbp-D6D4h]
char v188; // [rsp-D6C3h] [rbp-D6D3h]
char v189; // [rsp-D6C2h] [rbp-D6D2h]
char str_memcpy; // [rsp-D6C0h] [rbp-D6D0h]
char v191; // [rsp-D6BFh] [rbp-D6CFh]
char v192; // [rsp-D6BEh] [rbp-D6CEh]
char v193; // [rsp-D6BDh] [rbp-D6CDh]
char v194; // [rsp-D6BCh] [rbp-D6CCh]
char v195; // [rsp-D6BBh] [rbp-D6CBh]
char v196; // [rsp-D6BAh] [rbp-D6CAh]
__int64 IsBadReadPtr; // [rsp-D6B8h] [rbp-D6C8h]
char str_realloc; // [rsp-D6B0h] [rbp-D6C0h]
char v199; // [rsp-D6AFh] [rbp-D6BFh]
char v200; // [rsp-D6AEh] [rbp-D6BEh]
char v201; // [rsp-D6ADh] [rbp-D6BDh]
char v202; // [rsp-D6ACh] [rbp-D6BCh]
char v203; // [rsp-D6ABh] [rbp-D6BBh]
char v204; // [rsp-D6AAh] [rbp-D6BAh]
char v205; // [rsp-D6A9h] [rbp-D6B9h]
signed int (__fastcall *NtQueryVirtualMemory)(signed __int64, unsigned __int64, _QWORD, __int64 *, signed __int64, __int64 *); // [rsp-D6A8h] [rbp-D6B8h]
char v207; // [rsp-D6A0h] [rbp-D6B0h]
char v208; // [rsp-D69Fh] [rbp-D6AFh]
char v209; // [rsp-D69Eh] [rbp-D6AEh]
char v210; // [rsp-D69Dh] [rbp-D6ADh]
char v211; // [rsp-D69Ch] [rbp-D6ACh]
char v212; // [rsp-D69Bh] [rbp-D6ABh]
char v213; // [rsp-D69Ah] [rbp-D6AAh]
char v214; // [rsp-D699h] [rbp-D6A9h]
char str_wmpdll; // [rsp-D698h] [rbp-D6A8h]
char v216; // [rsp-D697h] [rbp-D6A7h]
char v217; // [rsp-D696h] [rbp-D6A6h]
char v218; // [rsp-D695h] [rbp-D6A5h]
char v219; // [rsp-D694h] [rbp-D6A4h]
char v220; // [rsp-D693h] [rbp-D6A3h]
char v221; // [rsp-D692h] [rbp-D6A2h]
char v222; // [rsp-D691h] [rbp-D6A1h]
char v223; // [rsp-D690h] [rbp-D6A0h]
char v224; // [rsp-D68Fh] [rbp-D69Fh]
char v225; // [rsp-D68Eh] [rbp-D69Eh]
char v226; // [rsp-D68Dh] [rbp-D69Dh]
char v227; // [rsp-D68Ch] [rbp-D69Ch]
char v228; // [rsp-D68Bh] [rbp-D69Bh]
char v229; // [rsp-D68Ah] [rbp-D69Ah]
char v230; // [rsp-D689h] [rbp-D699h]
char v231; // [rsp-D688h] [rbp-D698h]
char str_beep; // [rsp-D680h] [rbp-D690h]
char v233; // [rsp-D67Fh] [rbp-D68Fh]
char v234; // [rsp-D67Eh] [rbp-D68Eh]
char v235; // [rsp-D67Dh] [rbp-D68Dh]
char v236; // [rsp-D67Ch] [rbp-D68Ch]
char v237; // [rsp-D67Bh] [rbp-D68Bh]
char v238; // [rsp-D67Ah] [rbp-D68Ah]
char v239; // [rsp-D679h] [rbp-D689h]
char v240; // [rsp-D678h] [rbp-D688h]
char str_readfile; // [rsp-D670h] [rbp-D680h]
char v242; // [rsp-D66Fh] [rbp-D67Fh]
char v243; // [rsp-D66Eh] [rbp-D67Eh]
char v244; // [rsp-D66Dh] [rbp-D67Dh]
char v245; // [rsp-D66Ch] [rbp-D67Ch]
char v246; // [rsp-D66Bh] [rbp-D67Bh]
char v247; // [rsp-D66Ah] [rbp-D67Ah]
char v248; // [rsp-D669h] [rbp-D679h]
char v249; // [rsp-D668h] [rbp-D678h]
char str_getwindow; // [rsp-D660h] [rbp-D670h]
char v251; // [rsp-D65Fh] [rbp-D66Fh]
char v252; // [rsp-D65Eh] [rbp-D66Eh]
char v253; // [rsp-D65Dh] [rbp-D66Dh]
char v254; // [rsp-D65Ch] [rbp-D66Ch]
char v255; // [rsp-D65Bh] [rbp-D66Bh]
char v256; // [rsp-D65Ah] [rbp-D66Ah]
char v257; // [rsp-D659h] [rbp-D669h]
char v258; // [rsp-D658h] [rbp-D668h]
char v259; // [rsp-D657h] [rbp-D667h]
char v260; // [rsp-D650h] [rbp-D660h]
char v261; // [rsp-D64Fh] [rbp-D65Fh]
char v262; // [rsp-D64Eh] [rbp-D65Eh]
char v263; // [rsp-D64Dh] [rbp-D65Dh]
char v264; // [rsp-D64Ch] [rbp-D65Ch]
char v265; // [rsp-D64Bh] [rbp-D65Bh]
char v266; // [rsp-D64Ah] [rbp-D65Ah]
char v267; // [rsp-D649h] [rbp-D659h]
char v268; // [rsp-D648h] [rbp-D658h]
char v269; // [rsp-D647h] [rbp-D657h]
char str_ndlldll; // [rsp-D640h] [rbp-D650h]
char v271; // [rsp-D63Fh] [rbp-D64Fh]
char v272; // [rsp-D63Eh] [rbp-D64Eh]
char v273; // [rsp-D63Dh] [rbp-D64Dh]
char v274; // [rsp-D63Ch] [rbp-D64Ch]
char v275; // [rsp-D63Bh] [rbp-D64Bh]
char v276; // [rsp-D63Ah] [rbp-D64Ah]
char v277; // [rsp-D639h] [rbp-D649h]
char v278; // [rsp-D638h] [rbp-D648h]
char v279; // [rsp-D637h] [rbp-D647h]
char str_psapidll; // [rsp-D630h] [rbp-D640h]
char v281; // [rsp-D62Fh] [rbp-D63Fh]
char v282; // [rsp-D62Eh] [rbp-D63Eh]
char v283; // [rsp-D62Dh] [rbp-D63Dh]
char v284; // [rsp-D62Ch] [rbp-D63Ch]
char v285; // [rsp-D62Bh] [rbp-D63Bh]
char v286; // [rsp-D62Ah] [rbp-D63Ah]
char v287; // [rsp-D629h] [rbp-D639h]
char v288; // [rsp-D628h] [rbp-D638h]
char v289; // [rsp-D627h] [rbp-D637h]
char str_wcsnicmp; // [rsp-D620h] [rbp-D630h]
char v291; // [rsp-D61Fh] [rbp-D62Fh]
char v292; // [rsp-D61Eh] [rbp-D62Eh]
char v293; // [rsp-D61Dh] [rbp-D62Dh]
char v294; // [rsp-D61Ch] [rbp-D62Ch]
char v295; // [rsp-D61Bh] [rbp-D62Bh]
char v296; // [rsp-D61Ah] [rbp-D62Ah]
char v297; // [rsp-D619h] [rbp-D629h]
char v298; // [rsp-D618h] [rbp-D628h]
char v299; // [rsp-D617h] [rbp-D627h]
char v300; // [rsp-D610h] [rbp-D620h]
char v301; // [rsp-D60Fh] [rbp-D61Fh]
char v302; // [rsp-D60Eh] [rbp-D61Eh]
char v303; // [rsp-D60Dh] [rbp-D61Dh]
char v304; // [rsp-D60Ch] [rbp-D61Ch]
char v305; // [rsp-D60Bh] [rbp-D61Bh]
char v306; // [rsp-D60Ah] [rbp-D61Ah]
char v307; // [rsp-D609h] [rbp-D619h]
char v308; // [rsp-D608h] [rbp-D618h]
char v309; // [rsp-D607h] [rbp-D617h]
char v310; // [rsp-D606h] [rbp-D616h]
char str_openthread; // [rsp-D600h] [rbp-D610h]
char v312; // [rsp-D5FFh] [rbp-D60Fh]
char v313; // [rsp-D5FEh] [rbp-D60Eh]
char v314; // [rsp-D5FDh] [rbp-D60Dh]
char v315; // [rsp-D5FCh] [rbp-D60Ch]
char v316; // [rsp-D5FBh] [rbp-D60Bh]
char v317; // [rsp-D5FAh] [rbp-D60Ah]
char v318; // [rsp-D5F9h] [rbp-D609h]
char v319; // [rsp-D5F8h] [rbp-D608h]
char v320; // [rsp-D5F7h] [rbp-D607h]
char v321; // [rsp-D5F6h] [rbp-D606h]
char str_be_dlldll; // [rsp-D5F0h] [rbp-D600h]
char v323; // [rsp-D5EFh] [rbp-D5FFh]
char v324; // [rsp-D5EEh] [rbp-D5FEh]
char v325; // [rsp-D5EDh] [rbp-D5FDh]
char v326; // [rsp-D5ECh] [rbp-D5FCh]
char v327; // [rsp-D5EBh] [rbp-D5FBh]
char v328; // [rsp-D5EAh] [rbp-D5FAh]
char v329; // [rsp-D5E9h] [rbp-D5F9h]
char v330; // [rsp-D5E8h] [rbp-D5F8h]
char v331; // [rsp-D5E7h] [rbp-D5F7h]
char v332; // [rsp-D5E6h] [rbp-D5F6h]
char str_user32dll_1; // [rsp-D5E0h] [rbp-D5F0h]
char v334; // [rsp-D5DFh] [rbp-D5EFh]
char v335; // [rsp-D5DEh] [rbp-D5EEh]
char v336; // [rsp-D5DDh] [rbp-D5EDh]
char v337; // [rsp-D5DCh] [rbp-D5ECh]
char v338; // [rsp-D5DBh] [rbp-D5EBh]
char v339; // [rsp-D5DAh] [rbp-D5EAh]
char v340; // [rsp-D5D9h] [rbp-D5E9h]
char v341; // [rsp-D5D8h] [rbp-D5E8h]
char v342; // [rsp-D5D7h] [rbp-D5E7h]
char v343; // [rsp-D5D6h] [rbp-D5E6h]
char str_createfilea; // [rsp-D5D0h] [rbp-D5E0h]
char v345; // [rsp-D5CFh] [rbp-D5DFh]
char v346; // [rsp-D5CEh] [rbp-D5DEh]
char v347; // [rsp-D5CDh] [rbp-D5DDh]
char v348; // [rsp-D5CCh] [rbp-D5DCh]
char v349; // [rsp-D5CBh] [rbp-D5DBh]
char v350; // [rsp-D5CAh] [rbp-D5DAh]
char v351; // [rsp-D5C9h] [rbp-D5D9h]
char v352; // [rsp-D5C8h] [rbp-D5D8h]
char v353; // [rsp-D5C7h] [rbp-D5D7h]
char v354; // [rsp-D5C6h] [rbp-D5D6h]
char v355; // [rsp-D5C5h] [rbp-D5D5h]
char str_createfilea_1; // [rsp-D5C0h] [rbp-D5D0h]
char v357; // [rsp-D5BFh] [rbp-D5CFh]
char v358; // [rsp-D5BEh] [rbp-D5CEh]
char v359; // [rsp-D5BDh] [rbp-D5CDh]
char v360; // [rsp-D5BCh] [rbp-D5CCh]
char v361; // [rsp-D5BBh] [rbp-D5CBh]
char v362; // [rsp-D5BAh] [rbp-D5CAh]
char v363; // [rsp-D5B9h] [rbp-D5C9h]
char v364; // [rsp-D5B8h] [rbp-D5C8h]
char v365; // [rsp-D5B7h] [rbp-D5C7h]
char v366; // [rsp-D5B6h] [rbp-D5C6h]
char v367; // [rsp-D5B5h] [rbp-D5C5h]
char str_closehandle; // [rsp-D5B0h] [rbp-D5C0h]
char v369; // [rsp-D5AFh] [rbp-D5BFh]
char v370; // [rsp-D5AEh] [rbp-D5BEh]
char v371; // [rsp-D5ADh] [rbp-D5BDh]
char v372; // [rsp-D5ACh] [rbp-D5BCh]
char v373; // [rsp-D5ABh] [rbp-D5BBh]
char v374; // [rsp-D5AAh] [rbp-D5BAh]
char v375; // [rsp-D5A9h] [rbp-D5B9h]
char v376; // [rsp-D5A8h] [rbp-D5B8h]
char v377; // [rsp-D5A7h] [rbp-D5B7h]
char v378; // [rsp-D5A6h] [rbp-D5B6h]
char v379; // [rsp-D5A5h] [rbp-D5B5h]
char str_openprocess; // [rsp-D5A0h] [rbp-D5B0h]
char v381; // [rsp-D59Fh] [rbp-D5AFh]
char v382; // [rsp-D59Eh] [rbp-D5AEh]
char v383; // [rsp-D59Dh] [rbp-D5ADh]
char v384; // [rsp-D59Ch] [rbp-D5ACh]
char v385; // [rsp-D59Bh] [rbp-D5ABh]
char v386; // [rsp-D59Ah] [rbp-D5AAh]
char v387; // [rsp-D599h] [rbp-D5A9h]
char v388; // [rsp-D598h] [rbp-D5A8h]
char v389; // [rsp-D597h] [rbp-D5A7h]
char v390; // [rsp-D596h] [rbp-D5A6h]
char v391; // [rsp-D595h] [rbp-D5A5h]
char str_resumethread; // [rsp-D590h] [rbp-D5A0h]
char v393; // [rsp-D58Fh] [rbp-D59Fh]
char v394; // [rsp-D58Eh] [rbp-D59Eh]
char v395; // [rsp-D58Dh] [rbp-D59Dh]
char v396; // [rsp-D58Ch] [rbp-D59Ch]
char v397; // [rsp-D58Bh] [rbp-D59Bh]
char v398; // [rsp-D58Ah] [rbp-D59Ah]
char v399; // [rsp-D589h] [rbp-D599h]
char v400; // [rsp-D588h] [rbp-D598h]
char v401; // [rsp-D587h] [rbp-D597h]
char v402; // [rsp-D586h] [rbp-D596h]
char v403; // [rsp-D585h] [rbp-D595h]
char v404; // [rsp-D584h] [rbp-D594h]
char str_loadlibrarya; // [rsp-D580h] [rbp-D590h]
char v406; // [rsp-D57Fh] [rbp-D58Fh]
char v407; // [rsp-D57Eh] [rbp-D58Eh]
char v408; // [rsp-D57Dh] [rbp-D58Dh]
char v409; // [rsp-D57Ch] [rbp-D58Ch]
char v410; // [rsp-D57Bh] [rbp-D58Bh]
char v411; // [rsp-D57Ah] [rbp-D58Ah]
char v412; // [rsp-D579h] [rbp-D589h]
char v413; // [rsp-D578h] [rbp-D588h]
char v414; // [rsp-D577h] [rbp-D587h]
char v415; // [rsp-D576h] [rbp-D586h]
char v416; // [rsp-D575h] [rbp-D585h]
char v417; // [rsp-D574h] [rbp-D584h]
char str_getlasterror_1; // [rsp-D570h] [rbp-D580h]
char v419; // [rsp-D56Fh] [rbp-D57Fh]
char v420; // [rsp-D56Eh] [rbp-D57Eh]
char v421; // [rsp-D56Dh] [rbp-D57Dh]
char v422; // [rsp-D56Ch] [rbp-D57Ch]
char v423; // [rsp-D56Bh] [rbp-D57Bh]
char v424; // [rsp-D56Ah] [rbp-D57Ah]
char v425; // [rsp-D569h] [rbp-D579h]
char v426; // [rsp-D568h] [rbp-D578h]
char v427; // [rsp-D567h] [rbp-D577h]
char v428; // [rsp-D566h] [rbp-D576h]
char v429; // [rsp-D565h] [rbp-D575h]
char v430; // [rsp-D564h] [rbp-D574h]
char str_getprocessid; // [rsp-D560h] [rbp-D570h]
char v432; // [rsp-D55Fh] [rbp-D56Fh]
char v433; // [rsp-D55Eh] [rbp-D56Eh]
char v434; // [rsp-D55Dh] [rbp-D56Dh]
char v435; // [rsp-D55Ch] [rbp-D56Ch]
char v436; // [rsp-D55Bh] [rbp-D56Bh]
char v437; // [rsp-D55Ah] [rbp-D56Ah]
char v438; // [rsp-D559h] [rbp-D569h]
char v439; // [rsp-D558h] [rbp-D568h]
char v440; // [rsp-D557h] [rbp-D567h]
char v441; // [rsp-D556h] [rbp-D566h]
char v442; // [rsp-D555h] [rbp-D565h]
char v443; // [rsp-D554h] [rbp-D564h]
char str_getlasterror_3; // [rsp-D550h] [rbp-D560h]
char v445; // [rsp-D54Fh] [rbp-D55Fh]
char v446; // [rsp-D54Eh] [rbp-D55Eh]
char v447; // [rsp-D54Dh] [rbp-D55Dh]
char v448; // [rsp-D54Ch] [rbp-D55Ch]
char v449; // [rsp-D54Bh] [rbp-D55Bh]
char v450; // [rsp-D54Ah] [rbp-D55Ah]
char v451; // [rsp-D549h] [rbp-D559h]
char v452; // [rsp-D548h] [rbp-D558h]
char v453; // [rsp-D547h] [rbp-D557h]
char v454; // [rsp-D546h] [rbp-D556h]
char v455; // [rsp-D545h] [rbp-D555h]
char v456; // [rsp-D544h] [rbp-D554h]
char str_iphlpapi; // [rsp-D540h] [rbp-D550h]
char v458; // [rsp-D53Fh] [rbp-D54Fh]
char v459; // [rsp-D53Eh] [rbp-D54Eh]
char v460; // [rsp-D53Dh] [rbp-D54Dh]
char v461; // [rsp-D53Ch] [rbp-D54Ch]
char v462; // [rsp-D53Bh] [rbp-D54Bh]
char v463; // [rsp-D53Ah] [rbp-D54Ah]
char v464; // [rsp-D539h] [rbp-D549h]
char v465; // [rsp-D538h] [rbp-D548h]
char v466; // [rsp-D537h] [rbp-D547h]
char v467; // [rsp-D536h] [rbp-D546h]
char v468; // [rsp-D535h] [rbp-D545h]
char v469; // [rsp-D534h] [rbp-D544h]
char str_getlasterror_2; // [rsp-D530h] [rbp-D540h]
char v471; // [rsp-D52Fh] [rbp-D53Fh]
char v472; // [rsp-D52Eh] [rbp-D53Eh]
char v473; // [rsp-D52Dh] [rbp-D53Dh]
char v474; // [rsp-D52Ch] [rbp-D53Ch]
char v475; // [rsp-D52Bh] [rbp-D53Bh]
char v476; // [rsp-D52Ah] [rbp-D53Ah]
char v477; // [rsp-D529h] [rbp-D539h]
char v478; // [rsp-D528h] [rbp-D538h]
char v479; // [rsp-D527h] [rbp-D537h]
char v480; // [rsp-D526h] [rbp-D536h]
char v481; // [rsp-D525h] [rbp-D535h]
char v482; // [rsp-D524h] [rbp-D534h]
char str_gettickcount; // [rsp-D520h] [rbp-D530h]
char v484; // [rsp-D51Fh] [rbp-D52Fh]
char v485; // [rsp-D51Eh] [rbp-D52Eh]
char v486; // [rsp-D51Dh] [rbp-D52Dh]
char v487; // [rsp-D51Ch] [rbp-D52Ch]
char v488; // [rsp-D51Bh] [rbp-D52Bh]
char v489; // [rsp-D51Ah] [rbp-D52Ah]
char v490; // [rsp-D519h] [rbp-D529h]
char v491; // [rsp-D518h] [rbp-D528h]
char v492; // [rsp-D517h] [rbp-D527h]
char v493; // [rsp-D516h] [rbp-D526h]
char v494; // [rsp-D515h] [rbp-D525h]
char v495; // [rsp-D514h] [rbp-D524h]
char str_isbadreadptr; // [rsp-D510h] [rbp-D520h]
char v497; // [rsp-D50Fh] [rbp-D51Fh]
char v498; // [rsp-D50Eh] [rbp-D51Eh]
char v499; // [rsp-D50Dh] [rbp-D51Dh]
char v500; // [rsp-D50Ch] [rbp-D51Ch]
char v501; // [rsp-D50Bh] [rbp-D51Bh]
char v502; // [rsp-D50Ah] [rbp-D51Ah]
char v503; // [rsp-D509h] [rbp-D519h]
char v504; // [rsp-D508h] [rbp-D518h]
char v505; // [rsp-D507h] [rbp-D517h]
char v506; // [rsp-D506h] [rbp-D516h]
char v507; // [rsp-D505h] [rbp-D515h]
char v508; // [rsp-D504h] [rbp-D514h]
char str_gettopwindow; // [rsp-D500h] [rbp-D510h]
char v510; // [rsp-D4FFh] [rbp-D50Fh]
char v511; // [rsp-D4FEh] [rbp-D50Eh]
char v512; // [rsp-D4FDh] [rbp-D50Dh]
char v513; // [rsp-D4FCh] [rbp-D50Ch]
char v514; // [rsp-D4FBh] [rbp-D50Bh]
char v515; // [rsp-D4FAh] [rbp-D50Ah]
char v516; // [rsp-D4F9h] [rbp-D509h]
char v517; // [rsp-D4F8h] [rbp-D508h]
char v518; // [rsp-D4F7h] [rbp-D507h]
char v519; // [rsp-D4F6h] [rbp-D506h]
char v520; // [rsp-D4F5h] [rbp-D505h]
char v521; // [rsp-D4F4h] [rbp-D504h]
char str_getlasterror; // [rsp-D4F0h] [rbp-D500h]
char v523; // [rsp-D4EFh] [rbp-D4FFh]
char v524; // [rsp-D4EEh] [rbp-D4FEh]
char v525; // [rsp-D4EDh] [rbp-D4FDh]
char v526; // [rsp-D4ECh] [rbp-D4FCh]
char v527; // [rsp-D4EBh] [rbp-D4FBh]
char v528; // [rsp-D4EAh] [rbp-D4FAh]
char v529; // [rsp-D4E9h] [rbp-D4F9h]
char v530; // [rsp-D4E8h] [rbp-D4F8h]
char v531; // [rsp-D4E7h] [rbp-D4F7h]
char v532; // [rsp-D4E6h] [rbp-D4F6h]
char v533; // [rsp-D4E5h] [rbp-D4F5h]
char v534; // [rsp-D4E4h] [rbp-D4F4h]
char str_getlasterror_4; // [rsp-D4E0h] [rbp-D4F0h]
char v536; // [rsp-D4DFh] [rbp-D4EFh]
char v537; // [rsp-D4DEh] [rbp-D4EEh]
char v538; // [rsp-D4DDh] [rbp-D4EDh]
char v539; // [rsp-D4DCh] [rbp-D4ECh]
char v540; // [rsp-D4DBh] [rbp-D4EBh]
char v541; // [rsp-D4DAh] [rbp-D4EAh]
char v542; // [rsp-D4D9h] [rbp-D4E9h]
char v543; // [rsp-D4D8h] [rbp-D4E8h]
char v544; // [rsp-D4D7h] [rbp-D4E7h]
char v545; // [rsp-D4D6h] [rbp-D4E6h]
char v546; // [rsp-D4D5h] [rbp-D4E5h]
char v547; // [rsp-D4D4h] [rbp-D4E4h]
char str_module32next; // [rsp-D4D0h] [rbp-D4E0h]
char v549; // [rsp-D4CFh] [rbp-D4DFh]
char v550; // [rsp-D4CEh] [rbp-D4DEh]
char v551; // [rsp-D4CDh] [rbp-D4DDh]
char v552; // [rsp-D4CCh] [rbp-D4DCh]
char v553; // [rsp-D4CBh] [rbp-D4DBh]
char v554; // [rsp-D4CAh] [rbp-D4DAh]
char v555; // [rsp-D4C9h] [rbp-D4D9h]
char v556; // [rsp-D4C8h] [rbp-D4D8h]
char v557; // [rsp-D4C7h] [rbp-D4D7h]
char v558; // [rsp-D4C6h] [rbp-D4D6h]
char v559; // [rsp-D4C5h] [rbp-D4D5h]
char v560; // [rsp-D4C4h] [rbp-D4D4h]
char str_thread32next; // [rsp-D4C0h] [rbp-D4D0h]
char v562; // [rsp-D4BFh] [rbp-D4CFh]
char v563; // [rsp-D4BEh] [rbp-D4CEh]
char v564; // [rsp-D4BDh] [rbp-D4CDh]
char v565; // [rsp-D4BCh] [rbp-D4CCh]
char v566; // [rsp-D4BBh] [rbp-D4CBh]
char v567; // [rsp-D4BAh] [rbp-D4CAh]
char v568; // [rsp-D4B9h] [rbp-D4C9h]
char v569; // [rsp-D4B8h] [rbp-D4C8h]
char v570; // [rsp-D4B7h] [rbp-D4C7h]
char v571; // [rsp-D4B6h] [rbp-D4C6h]
char v572; // [rsp-D4B5h] [rbp-D4C5h]
char v573; // [rsp-D4B4h] [rbp-D4C4h]
char str_process32next; // [rsp-D4B0h] [rbp-D4C0h]
char v575; // [rsp-D4AFh] [rbp-D4BFh]
char v576; // [rsp-D4AEh] [rbp-D4BEh]
char v577; // [rsp-D4ADh] [rbp-D4BDh]
char v578; // [rsp-D4ACh] [rbp-D4BCh]
char v579; // [rsp-D4ABh] [rbp-D4BBh]
char v580; // [rsp-D4AAh] [rbp-D4BAh]
char v581; // [rsp-D4A9h] [rbp-D4B9h]
char v582; // [rsp-D4A8h] [rbp-D4B8h]
char v583; // [rsp-D4A7h] [rbp-D4B7h]
char v584; // [rsp-D4A6h] [rbp-D4B6h]
char v585; // [rsp-D4A5h] [rbp-D4B5h]
char v586; // [rsp-D4A4h] [rbp-D4B4h]
char v587; // [rsp-D4A3h] [rbp-D4B3h]
char str_getwindowrect; // [rsp-D4A0h] [rbp-D4B0h]
char v589; // [rsp-D49Fh] [rbp-D4AFh]
char v590; // [rsp-D49Eh] [rbp-D4AEh]
char v591; // [rsp-D49Dh] [rbp-D4ADh]
char v592; // [rsp-D49Ch] [rbp-D4ACh]
char v593; // [rsp-D49Bh] [rbp-D4ABh]
char v594; // [rsp-D49Ah] [rbp-D4AAh]
char v595; // [rsp-D499h] [rbp-D4A9h]
char v596; // [rsp-D498h] [rbp-D4A8h]
char v597; // [rsp-D497h] [rbp-D4A7h]
char v598; // [rsp-D496h] [rbp-D4A6h]
char v599; // [rsp-D495h] [rbp-D4A5h]
char v600; // [rsp-D494h] [rbp-D4A4h]
char v601; // [rsp-D493h] [rbp-D4A3h]
char str_ntqueryobject; // [rsp-D490h] [rbp-D4A0h]
char v603; // [rsp-D48Fh] [rbp-D49Fh]
char v604; // [rsp-D48Eh] [rbp-D49Eh]
char v605; // [rsp-D48Dh] [rbp-D49Dh]
char v606; // [rsp-D48Ch] [rbp-D49Ch]
char v607; // [rsp-D48Bh] [rbp-D49Bh]
char v608; // [rsp-D48Ah] [rbp-D49Ah]
char v609; // [rsp-D489h] [rbp-D499h]
char v610; // [rsp-D488h] [rbp-D498h]
char v611; // [rsp-D487h] [rbp-D497h]
char v612; // [rsp-D486h] [rbp-D496h]
char v613; // [rsp-D485h] [rbp-D495h]
char v614; // [rsp-D484h] [rbp-D494h]
char v615; // [rsp-D483h] [rbp-D493h]
char str_getclassnamew; // [rsp-D480h] [rbp-D490h]
char v617; // [rsp-D47Fh] [rbp-D48Fh]
char v618; // [rsp-D47Eh] [rbp-D48Eh]
char v619; // [rsp-D47Dh] [rbp-D48Dh]
char v620; // [rsp-D47Ch] [rbp-D48Ch]
char v621; // [rsp-D47Bh] [rbp-D48Bh]
char v622; // [rsp-D47Ah] [rbp-D48Ah]
char v623; // [rsp-D479h] [rbp-D489h]
char v624; // [rsp-D478h] [rbp-D488h]
char v625; // [rsp-D477h] [rbp-D487h]
char v626; // [rsp-D476h] [rbp-D486h]
char v627; // [rsp-D475h] [rbp-D485h]
char v628; // [rsp-D474h] [rbp-D484h]
char v629; // [rsp-D473h] [rbp-D483h]
char str_enumprocesses; // [rsp-D470h] [rbp-D480h]
char v631; // [rsp-D46Fh] [rbp-D47Fh]
char v632; // [rsp-D46Eh] [rbp-D47Eh]
char v633; // [rsp-D46Dh] [rbp-D47Dh]
char v634; // [rsp-D46Ch] [rbp-D47Ch]
char v635; // [rsp-D46Bh] [rbp-D47Bh]
char v636; // [rsp-D46Ah] [rbp-D47Ah]
char v637; // [rsp-D469h] [rbp-D479h]
char v638; // [rsp-D468h] [rbp-D478h]
char v639; // [rsp-D467h] [rbp-D477h]
char v640; // [rsp-D466h] [rbp-D476h]
char v641; // [rsp-D465h] [rbp-D475h]
char v642; // [rsp-D464h] [rbp-D474h]
char v643; // [rsp-D463h] [rbp-D473h]
char str_suspendthread; // [rsp-D460h] [rbp-D470h]
char v645; // [rsp-D45Fh] [rbp-D46Fh]
char v646; // [rsp-D45Eh] [rbp-D46Eh]
char v647; // [rsp-D45Dh] [rbp-D46Dh]
char v648; // [rsp-D45Ch] [rbp-D46Ch]
char v649; // [rsp-D45Bh] [rbp-D46Bh]
char v650; // [rsp-D45Ah] [rbp-D46Ah]
char v651; // [rsp-D459h] [rbp-D469h]
char v652; // [rsp-D458h] [rbp-D468h]
char v653; // [rsp-D457h] [rbp-D467h]
char v654; // [rsp-D456h] [rbp-D466h]
char v655; // [rsp-D455h] [rbp-D465h]
char v656; // [rsp-D454h] [rbp-D464h]
char v657; // [rsp-D453h] [rbp-D463h]
char str_thread32first; // [rsp-D450h] [rbp-D460h]
char v659; // [rsp-D44Fh] [rbp-D45Fh]
char v660; // [rsp-D44Eh] [rbp-D45Eh]
char v661; // [rsp-D44Dh] [rbp-D45Dh]
char v662; // [rsp-D44Ch] [rbp-D45Ch]
char v663; // [rsp-D44Bh] [rbp-D45Bh]
char v664; // [rsp-D44Ah] [rbp-D45Ah]
char v665; // [rsp-D449h] [rbp-D459h]
char v666; // [rsp-D448h] [rbp-D458h]
char v667; // [rsp-D447h] [rbp-D457h]
char v668; // [rsp-D446h] [rbp-D456h]
char v669; // [rsp-D445h] [rbp-D455h]
char v670; // [rsp-D444h] [rbp-D454h]
char v671; // [rsp-D443h] [rbp-D453h]
char str_module32first; // [rsp-D440h] [rbp-D450h]
char v673; // [rsp-D43Fh] [rbp-D44Fh]
char v674; // [rsp-D43Eh] [rbp-D44Eh]
char v675; // [rsp-D43Dh] [rbp-D44Dh]
char v676; // [rsp-D43Ch] [rbp-D44Ch]
char v677; // [rsp-D43Bh] [rbp-D44Bh]
char v678; // [rsp-D43Ah] [rbp-D44Ah]
char v679; // [rsp-D439h] [rbp-D449h]
char v680; // [rsp-D438h] [rbp-D448h]
char v681; // [rsp-D437h] [rbp-D447h]
char v682; // [rsp-D436h] [rbp-D446h]
char v683; // [rsp-D435h] [rbp-D445h]
char v684; // [rsp-D434h] [rbp-D444h]
char v685; // [rsp-D433h] [rbp-D443h]
char str_process32first; // [rsp-D430h] [rbp-D440h]
char v687; // [rsp-D42Fh] [rbp-D43Fh]
char v688; // [rsp-D42Eh] [rbp-D43Eh]
char v689; // [rsp-D42Dh] [rbp-D43Dh]
char v690; // [rsp-D42Ch] [rbp-D43Ch]
char v691; // [rsp-D42Bh] [rbp-D43Bh]
char v692; // [rsp-D42Ah] [rbp-D43Ah]
char v693; // [rsp-D429h] [rbp-D439h]
char v694; // [rsp-D428h] [rbp-D438h]
char v695; // [rsp-D427h] [rbp-D437h]
char v696; // [rsp-D426h] [rbp-D436h]
char v697; // [rsp-D425h] [rbp-D435h]
char v698; // [rsp-D424h] [rbp-D434h]
char v699; // [rsp-D423h] [rbp-D433h]
char v700; // [rsp-D422h] [rbp-D432h]
char str_getwindowtexta; // [rsp-D420h] [rbp-D430h]
char v702; // [rsp-D41Fh] [rbp-D42Fh]
char v703; // [rsp-D41Eh] [rbp-D42Eh]
char v704; // [rsp-D41Dh] [rbp-D42Dh]
char v705; // [rsp-D41Ch] [rbp-D42Ch]
char v706; // [rsp-D41Bh] [rbp-D42Bh]
char v707; // [rsp-D41Ah] [rbp-D42Ah]
char v708; // [rsp-D419h] [rbp-D429h]
char v709; // [rsp-D418h] [rbp-D428h]
char v710; // [rsp-D417h] [rbp-D427h]
char v711; // [rsp-D416h] [rbp-D426h]
char v712; // [rsp-D415h] [rbp-D425h]
char v713; // [rsp-D414h] [rbp-D424h]
char v714; // [rsp-D413h] [rbp-D423h]
char v715; // [rsp-D412h] [rbp-D422h]
char str_nvcompiler; // [rsp-D410h] [rbp-D420h]
char v717; // [rsp-D40Fh] [rbp-D41Fh]
char v718; // [rsp-D40Eh] [rbp-D41Eh]
char v719; // [rsp-D40Dh] [rbp-D41Dh]
char v720; // [rsp-D40Ch] [rbp-D41Ch]
char v721; // [rsp-D40Bh] [rbp-D41Bh]
char v722; // [rsp-D40Ah] [rbp-D41Ah]
char v723; // [rsp-D409h] [rbp-D419h]
char v724; // [rsp-D408h] [rbp-D418h]
char v725; // [rsp-D407h] [rbp-D417h]
char v726; // [rsp-D406h] [rbp-D416h]
char v727; // [rsp-D405h] [rbp-D415h]
char v728; // [rsp-D404h] [rbp-D414h]
char v729; // [rsp-D403h] [rbp-D413h]
char v730; // [rsp-D402h] [rbp-D412h]
char str_getwindowtextw; // [rsp-D400h] [rbp-D410h]
char v732; // [rsp-D3FFh] [rbp-D40Fh]
char v733; // [rsp-D3FEh] [rbp-D40Eh]
char v734; // [rsp-D3FDh] [rbp-D40Dh]
char v735; // [rsp-D3FCh] [rbp-D40Ch]
char v736; // [rsp-D3FBh] [rbp-D40Bh]
char v737; // [rsp-D3FAh] [rbp-D40Ah]
char v738; // [rsp-D3F9h] [rbp-D409h]
char v739; // [rsp-D3F8h] [rbp-D408h]
char v740; // [rsp-D3F7h] [rbp-D407h]
char v741; // [rsp-D3F6h] [rbp-D406h]
char v742; // [rsp-D3F5h] [rbp-D405h]
char v743; // [rsp-D3F4h] [rbp-D404h]
char v744; // [rsp-D3F3h] [rbp-D403h]
char v745; // [rsp-D3F2h] [rbp-D402h]
char str_getwindowlong; // [rsp-D3F0h] [rbp-D400h]
char v747; // [rsp-D3EFh] [rbp-D3FFh]
char v748; // [rsp-D3EEh] [rbp-D3FEh]
char v749; // [rsp-D3EDh] [rbp-D3FDh]
char v750; // [rsp-D3ECh] [rbp-D3FCh]
char v751; // [rsp-D3EBh] [rbp-D3FBh]
char v752; // [rsp-D3EAh] [rbp-D3FAh]
char v753; // [rsp-D3E9h] [rbp-D3F9h]
char v754; // [rsp-D3E8h] [rbp-D3F8h]
char v755; // [rsp-D3E7h] [rbp-D3F7h]
char v756; // [rsp-D3E6h] [rbp-D3F6h]
char v757; // [rsp-D3E5h] [rbp-D3F5h]
char v758; // [rsp-D3E4h] [rbp-D3F4h]
char v759; // [rsp-D3E3h] [rbp-D3F3h]
char v760; // [rsp-D3E2h] [rbp-D3F2h]
char str_getprocesstimes; // [rsp-D3E0h] [rbp-D3F0h]
char v762; // [rsp-D3DFh] [rbp-D3EFh]
char v763; // [rsp-D3DEh] [rbp-D3EEh]
char v764; // [rsp-D3DDh] [rbp-D3EDh]
char v765; // [rsp-D3DCh] [rbp-D3ECh]
char v766; // [rsp-D3DBh] [rbp-D3EBh]
char v767; // [rsp-D3DAh] [rbp-D3EAh]
char v768; // [rsp-D3D9h] [rbp-D3E9h]
char v769; // [rsp-D3D8h] [rbp-D3E8h]
char v770; // [rsp-D3D7h] [rbp-D3E7h]
char v771; // [rsp-D3D6h] [rbp-D3E6h]
char v772; // [rsp-D3D5h] [rbp-D3E5h]
char v773; // [rsp-D3D4h] [rbp-D3E4h]
char v774; // [rsp-D3D3h] [rbp-D3E3h]
char v775; // [rsp-D3D2h] [rbp-D3E2h]
char v776; // [rsp-D3D1h] [rbp-D3E1h]
char str_getprocesstimes_2; // [rsp-D3D0h] [rbp-D3E0h]
char v778; // [rsp-D3CFh] [rbp-D3DFh]
char v779; // [rsp-D3CEh] [rbp-D3DEh]
char v780; // [rsp-D3CDh] [rbp-D3DDh]
char v781; // [rsp-D3CCh] [rbp-D3DCh]
char v782; // [rsp-D3CBh] [rbp-D3DBh]
char v783; // [rsp-D3CAh] [rbp-D3DAh]
char v784; // [rsp-D3C9h] [rbp-D3D9h]
char v785; // [rsp-D3C8h] [rbp-D3D8h]
char v786; // [rsp-D3C7h] [rbp-D3D7h]
char v787; // [rsp-D3C6h] [rbp-D3D6h]
char v788; // [rsp-D3C5h] [rbp-D3D5h]
char v789; // [rsp-D3C4h] [rbp-D3D4h]
char v790; // [rsp-D3C3h] [rbp-D3D3h]
char v791; // [rsp-D3C2h] [rbp-D3D2h]
char v792; // [rsp-D3C1h] [rbp-D3D1h]
char str_getprocesstimes_3; // [rsp-D3C0h] [rbp-D3D0h]
char v794; // [rsp-D3BFh] [rbp-D3CFh]
char v795; // [rsp-D3BEh] [rbp-D3CEh]
char v796; // [rsp-D3BDh] [rbp-D3CDh]
char v797; // [rsp-D3BCh] [rbp-D3CCh]
char v798; // [rsp-D3BBh] [rbp-D3CBh]
char v799; // [rsp-D3BAh] [rbp-D3CAh]
char v800; // [rsp-D3B9h] [rbp-D3C9h]
char v801; // [rsp-D3B8h] [rbp-D3C8h]
char v802; // [rsp-D3B7h] [rbp-D3C7h]
char v803; // [rsp-D3B6h] [rbp-D3C6h]
char v804; // [rsp-D3B5h] [rbp-D3C5h]
char v805; // [rsp-D3B4h] [rbp-D3C4h]
char v806; // [rsp-D3B3h] [rbp-D3C3h]
char v807; // [rsp-D3B2h] [rbp-D3C2h]
char v808; // [rsp-D3B1h] [rbp-D3C1h]
char str_duplicatehandle; // [rsp-D3B0h] [rbp-D3C0h]
char v810; // [rsp-D3AFh] [rbp-D3BFh]
char v811; // [rsp-D3AEh] [rbp-D3BEh]
char v812; // [rsp-D3ADh] [rbp-D3BDh]
char v813; // [rsp-D3ACh] [rbp-D3BCh]
char v814; // [rsp-D3ABh] [rbp-D3BBh]
char v815; // [rsp-D3AAh] [rbp-D3BAh]
char v816; // [rsp-D3A9h] [rbp-D3B9h]
char v817; // [rsp-D3A8h] [rbp-D3B8h]
char v818; // [rsp-D3A7h] [rbp-D3B7h]
char v819; // [rsp-D3A6h] [rbp-D3B6h]
char v820; // [rsp-D3A5h] [rbp-D3B5h]
char v821; // [rsp-D3A4h] [rbp-D3B4h]
char v822; // [rsp-D3A3h] [rbp-D3B3h]
char v823; // [rsp-D3A2h] [rbp-D3B2h]
char v824; // [rsp-D3A1h] [rbp-D3B1h]
char str_getprocesstimes_1; // [rsp-D3A0h] [rbp-D3B0h]
char v826; // [rsp-D39Fh] [rbp-D3AFh]
char v827; // [rsp-D39Eh] [rbp-D3AEh]
char v828; // [rsp-D39Dh] [rbp-D3ADh]
char v829; // [rsp-D39Ch] [rbp-D3ACh]
char v830; // [rsp-D39Bh] [rbp-D3ABh]
char v831; // [rsp-D39Ah] [rbp-D3AAh]
char v832; // [rsp-D399h] [rbp-D3A9h]
char v833; // [rsp-D398h] [rbp-D3A8h]
char v834; // [rsp-D397h] [rbp-D3A7h]
char v835; // [rsp-D396h] [rbp-D3A6h]
char v836; // [rsp-D395h] [rbp-D3A5h]
char v837; // [rsp-D394h] [rbp-D3A4h]
char v838; // [rsp-D393h] [rbp-D3A3h]
char v839; // [rsp-D392h] [rbp-D3A2h]
char v840; // [rsp-D391h] [rbp-D3A1h]
char str_getthreadcontext; // [rsp-D390h] [rbp-D3A0h]
char v842; // [rsp-D38Fh] [rbp-D39Fh]
char v843; // [rsp-D38Eh] [rbp-D39Eh]
char v844; // [rsp-D38Dh] [rbp-D39Dh]
char v845; // [rsp-D38Ch] [rbp-D39Ch]
char v846; // [rsp-D38Bh] [rbp-D39Bh]
char v847; // [rsp-D38Ah] [rbp-D39Ah]
char v848; // [rsp-D389h] [rbp-D399h]
char v849; // [rsp-D388h] [rbp-D398h]
char v850; // [rsp-D387h] [rbp-D397h]
char v851; // [rsp-D386h] [rbp-D396h]
char v852; // [rsp-D385h] [rbp-D395h]
char v853; // [rsp-D384h] [rbp-D394h]
char v854; // [rsp-D383h] [rbp-D393h]
char v855; // [rsp-D382h] [rbp-D392h]
char v856; // [rsp-D381h] [rbp-D391h]
char v857; // [rsp-D380h] [rbp-D390h]
char str_nxdetoursdll; // [rsp-D378h] [rbp-D388h]
char v859; // [rsp-D377h] [rbp-D387h]
char v860; // [rsp-D376h] [rbp-D386h]
char v861; // [rsp-D375h] [rbp-D385h]
char v862; // [rsp-D374h] [rbp-D384h]
char v863; // [rsp-D373h] [rbp-D383h]
char v864; // [rsp-D372h] [rbp-D382h]
char v865; // [rsp-D371h] [rbp-D381h]
char v866; // [rsp-D370h] [rbp-D380h]
char v867; // [rsp-D36Fh] [rbp-D37Fh]
char v868; // [rsp-D36Eh] [rbp-D37Eh]
char v869; // [rsp-D36Dh] [rbp-D37Dh]
char v870; // [rsp-D36Ch] [rbp-D37Ch]
char v871; // [rsp-D36Bh] [rbp-D37Bh]
char v872; // [rsp-D36Ah] [rbp-D37Ah]
char v873; // [rsp-D369h] [rbp-D379h]
char v874; // [rsp-D368h] [rbp-D378h]
char str_debugprivilege; // [rsp-D360h] [rbp-D370h]
char v876; // [rsp-D35Fh] [rbp-D36Fh]
char v877; // [rsp-D35Eh] [rbp-D36Eh]
char v878; // [rsp-D35Dh] [rbp-D36Dh]
char v879; // [rsp-D35Ch] [rbp-D36Ch]
char v880; // [rsp-D35Bh] [rbp-D36Bh]
char v881; // [rsp-D35Ah] [rbp-D36Ah]
char v882; // [rsp-D359h] [rbp-D369h]
char v883; // [rsp-D358h] [rbp-D368h]
char v884; // [rsp-D357h] [rbp-D367h]
char v885; // [rsp-D356h] [rbp-D366h]
char v886; // [rsp-D355h] [rbp-D365h]
char v887; // [rsp-D354h] [rbp-D364h]
char v888; // [rsp-D353h] [rbp-D363h]
char v889; // [rsp-D352h] [rbp-D362h]
char v890; // [rsp-D351h] [rbp-D361h]
char v891; // [rsp-D350h] [rbp-D360h]
char str_openprocesstoken; // [rsp-D348h] [rbp-D358h]
char v893; // [rsp-D347h] [rbp-D357h]
char v894; // [rsp-D346h] [rbp-D356h]
char v895; // [rsp-D345h] [rbp-D355h]
char v896; // [rsp-D344h] [rbp-D354h]
char v897; // [rsp-D343h] [rbp-D353h]
char v898; // [rsp-D342h] [rbp-D352h]
char v899; // [rsp-D341h] [rbp-D351h]
char v900; // [rsp-D340h] [rbp-D350h]
char v901; // [rsp-D33Fh] [rbp-D34Fh]
char v902; // [rsp-D33Eh] [rbp-D34Eh]
char v903; // [rsp-D33Dh] [rbp-D34Dh]
char v904; // [rsp-D33Ch] [rbp-D34Ch]
char v905; // [rsp-D33Bh] [rbp-D34Bh]
char v906; // [rsp-D33Ah] [rbp-D34Ah]
char v907; // [rsp-D339h] [rbp-D349h]
char v908; // [rsp-D338h] [rbp-D348h]
char str_getcurrentprocess; // [rsp-D330h] [rbp-D340h]
char v910; // [rsp-D32Fh] [rbp-D33Fh]
char v911; // [rsp-D32Eh] [rbp-D33Eh]
char v912; // [rsp-D32Dh] [rbp-D33Dh]
char v913; // [rsp-D32Ch] [rbp-D33Ch]
char v914; // [rsp-D32Bh] [rbp-D33Bh]
char v915; // [rsp-D32Ah] [rbp-D33Ah]
char v916; // [rsp-D329h] [rbp-D339h]
char v917; // [rsp-D328h] [rbp-D338h]
char v918; // [rsp-D327h] [rbp-D337h]
char v919; // [rsp-D326h] [rbp-D336h]
char v920; // [rsp-D325h] [rbp-D335h]
char v921; // [rsp-D324h] [rbp-D334h]
char v922; // [rsp-D323h] [rbp-D333h]
char v923; // [rsp-D322h] [rbp-D332h]
char v924; // [rsp-D321h] [rbp-D331h]
char v925; // [rsp-D320h] [rbp-D330h]
char v926; // [rsp-D31Fh] [rbp-D32Fh]
char str_networkdllx64; // [rsp-D318h] [rbp-D328h]
char v928; // [rsp-D317h] [rbp-D327h]
char v929; // [rsp-D316h] [rbp-D326h]
char v930; // [rsp-D315h] [rbp-D325h]
char v931; // [rsp-D314h] [rbp-D324h]
char v932; // [rsp-D313h] [rbp-D323h]
char v933; // [rsp-D312h] [rbp-D322h]
char v934; // [rsp-D311h] [rbp-D321h]
char v935; // [rsp-D310h] [rbp-D320h]
char v936; // [rsp-D30Fh] [rbp-D31Fh]
char v937; // [rsp-D30Eh] [rbp-D31Eh]
char v938; // [rsp-D30Dh] [rbp-D31Dh]
char v939; // [rsp-D30Ch] [rbp-D31Ch]
char v940; // [rsp-D30Bh] [rbp-D31Bh]
char v941; // [rsp-D30Ah] [rbp-D31Ah]
char v942; // [rsp-D309h] [rbp-D319h]
char v943; // [rsp-D308h] [rbp-D318h]
char v944; // [rsp-D307h] [rbp-D317h]
char v945; // [rsp-D300h] [rbp-D310h]
char v946; // [rsp-D2FFh] [rbp-D30Fh]
char v947; // [rsp-D2FEh] [rbp-D30Eh]
char v948; // [rsp-D2FDh] [rbp-D30Dh]
char v949; // [rsp-D2FCh] [rbp-D30Ch]
char v950; // [rsp-D2FBh] [rbp-D30Bh]
char v951; // [rsp-D2FAh] [rbp-D30Ah]
char v952; // [rsp-D2F9h] [rbp-D309h]
char v953; // [rsp-D2F8h] [rbp-D308h]
char v954; // [rsp-D2F7h] [rbp-D307h]
char v955; // [rsp-D2F6h] [rbp-D306h]
char v956; // [rsp-D2F5h] [rbp-D305h]
char v957; // [rsp-D2F4h] [rbp-D304h]
char v958; // [rsp-D2F3h] [rbp-D303h]
char v959; // [rsp-D2F2h] [rbp-D302h]
char v960; // [rsp-D2F1h] [rbp-D301h]
char v961; // [rsp-D2F0h] [rbp-D300h]
char v962; // [rsp-D2EFh] [rbp-D2FFh]
char str_ntgetcontextthread; // [rsp-D2E8h] [rbp-D2F8h]
char v964; // [rsp-D2E7h] [rbp-D2F7h]
char v965; // [rsp-D2E6h] [rbp-D2F6h]
char v966; // [rsp-D2E5h] [rbp-D2F5h]
char v967; // [rsp-D2E4h] [rbp-D2F4h]
char v968; // [rsp-D2E3h] [rbp-D2F3h]
char v969; // [rsp-D2E2h] [rbp-D2F2h]
char v970; // [rsp-D2E1h] [rbp-D2F1h]
char v971; // [rsp-D2E0h] [rbp-D2F0h]
char v972; // [rsp-D2DFh] [rbp-D2EFh]
char v973; // [rsp-D2DEh] [rbp-D2EEh]
char v974; // [rsp-D2DDh] [rbp-D2EDh]
char v975; // [rsp-D2DCh] [rbp-D2ECh]
char v976; // [rsp-D2DBh] [rbp-D2EBh]
char v977; // [rsp-D2DAh] [rbp-D2EAh]
char v978; // [rsp-D2D9h] [rbp-D2E9h]
char v979; // [rsp-D2D8h] [rbp-D2E8h]
char v980; // [rsp-D2D7h] [rbp-D2E7h]
char v981; // [rsp-D2D6h] [rbp-D2E6h]
char str_getexitcodeprocess; // [rsp-D2D0h] [rbp-D2E0h]
char v983; // [rsp-D2CFh] [rbp-D2DFh]
char v984; // [rsp-D2CEh] [rbp-D2DEh]
char v985; // [rsp-D2CDh] [rbp-D2DDh]
char v986; // [rsp-D2CCh] [rbp-D2DCh]
char v987; // [rsp-D2CBh] [rbp-D2DBh]
char v988; // [rsp-D2CAh] [rbp-D2DAh]
char v989; // [rsp-D2C9h] [rbp-D2D9h]
char v990; // [rsp-D2C8h] [rbp-D2D8h]
char v991; // [rsp-D2C7h] [rbp-D2D7h]
char v992; // [rsp-D2C6h] [rbp-D2D6h]
char v993; // [rsp-D2C5h] [rbp-D2D5h]
char v994; // [rsp-D2C4h] [rbp-D2D4h]
char v995; // [rsp-D2C3h] [rbp-D2D3h]
char v996; // [rsp-D2C2h] [rbp-D2D2h]
char v997; // [rsp-D2C1h] [rbp-D2D1h]
char v998; // [rsp-D2C0h] [rbp-D2D0h]
char v999; // [rsp-D2BFh] [rbp-D2CFh]
char v1000; // [rsp-D2BEh] [rbp-D2CEh]
char v1001; // [rsp-D2B8h] [rbp-D2C8h]
char v1002; // [rsp-D2B7h] [rbp-D2C7h]
char v1003; // [rsp-D2B6h] [rbp-D2C6h]
char v1004; // [rsp-D2B5h] [rbp-D2C5h]
char v1005; // [rsp-D2B4h] [rbp-D2C4h]
char v1006; // [rsp-D2B3h] [rbp-D2C3h]
char v1007; // [rsp-D2B2h] [rbp-D2C2h]
char v1008; // [rsp-D2B1h] [rbp-D2C1h]
char v1009; // [rsp-D2B0h] [rbp-D2C0h]
char v1010; // [rsp-D2AFh] [rbp-D2BFh]
char v1011; // [rsp-D2AEh] [rbp-D2BEh]
char v1012; // [rsp-D2ADh] [rbp-D2BDh]
char v1013; // [rsp-D2ACh] [rbp-D2BCh]
char v1014; // [rsp-D2ABh] [rbp-D2BBh]
char v1015; // [rsp-D2AAh] [rbp-D2BAh]
char v1016; // [rsp-D2A9h] [rbp-D2B9h]
char v1017; // [rsp-D2A8h] [rbp-D2B8h]
char v1018; // [rsp-D2A7h] [rbp-D2B7h]
char v1019; // [rsp-D2A6h] [rbp-D2B6h]
char str_ntreadvirtualmemory; // [rsp-D2A0h] [rbp-D2B0h]
char v1021; // [rsp-D29Fh] [rbp-D2AFh]
char v1022; // [rsp-D29Eh] [rbp-D2AEh]
char v1023; // [rsp-D29Dh] [rbp-D2ADh]
char v1024; // [rsp-D29Ch] [rbp-D2ACh]
char v1025; // [rsp-D29Bh] [rbp-D2ABh]
char v1026; // [rsp-D29Ah] [rbp-D2AAh]
char v1027; // [rsp-D299h] [rbp-D2A9h]
char v1028; // [rsp-D298h] [rbp-D2A8h]
char v1029; // [rsp-D297h] [rbp-D2A7h]
char v1030; // [rsp-D296h] [rbp-D2A6h]
char v1031; // [rsp-D295h] [rbp-D2A5h]
char v1032; // [rsp-D294h] [rbp-D2A4h]
char v1033; // [rsp-D293h] [rbp-D2A3h]
char v1034; // [rsp-D292h] [rbp-D2A2h]
char v1035; // [rsp-D291h] [rbp-D2A1h]
char v1036; // [rsp-D290h] [rbp-D2A0h]
char v1037; // [rsp-D28Fh] [rbp-D29Fh]
char v1038; // [rsp-D28Eh] [rbp-D29Eh]
char v1039; // [rsp-D28Dh] [rbp-D29Dh]
char str_widechartomultibyte; // [rsp-D288h] [rbp-D298h]
char v1041; // [rsp-D287h] [rbp-D297h]
char v1042; // [rsp-D286h] [rbp-D296h]
char v1043; // [rsp-D285h] [rbp-D295h]
char v1044; // [rsp-D284h] [rbp-D294h]
char v1045; // [rsp-D283h] [rbp-D293h]
char v1046; // [rsp-D282h] [rbp-D292h]
char v1047; // [rsp-D281h] [rbp-D291h]
char v1048; // [rsp-D280h] [rbp-D290h]
char v1049; // [rsp-D27Fh] [rbp-D28Fh]
char v1050; // [rsp-D27Eh] [rbp-D28Eh]
char v1051; // [rsp-D27Dh] [rbp-D28Dh]
char v1052; // [rsp-D27Ch] [rbp-D28Ch]
char v1053; // [rsp-D27Bh] [rbp-D28Bh]
char v1054; // [rsp-D27Ah] [rbp-D28Ah]
char v1055; // [rsp-D279h] [rbp-D289h]
char v1056; // [rsp-D278h] [rbp-D288h]
char v1057; // [rsp-D277h] [rbp-D287h]
char v1058; // [rsp-D276h] [rbp-D286h]
char v1059; // [rsp-D275h] [rbp-D285h]
char str_getextendedTcptable; // [rsp-D270h] [rbp-D280h]
char v1061; // [rsp-D26Fh] [rbp-D27Fh]
char v1062; // [rsp-D26Eh] [rbp-D27Eh]
char v1063; // [rsp-D26Dh] [rbp-D27Dh]
char v1064; // [rsp-D26Ch] [rbp-D27Ch]
char v1065; // [rsp-D26Bh] [rbp-D27Bh]
char v1066; // [rsp-D26Ah] [rbp-D27Ah]
char v1067; // [rsp-D269h] [rbp-D279h]
char v1068; // [rsp-D268h] [rbp-D278h]
char v1069; // [rsp-D267h] [rbp-D277h]
char v1070; // [rsp-D266h] [rbp-D276h]
char v1071; // [rsp-D265h] [rbp-D275h]
char v1072; // [rsp-D264h] [rbp-D274h]
char v1073; // [rsp-D263h] [rbp-D273h]
char v1074; // [rsp-D262h] [rbp-D272h]
char v1075; // [rsp-D261h] [rbp-D271h]
char v1076; // [rsp-D260h] [rbp-D270h]
char v1077; // [rsp-D25Fh] [rbp-D26Fh]
char v1078; // [rsp-D25Eh] [rbp-D26Eh]
char v1079; // [rsp-D25Dh] [rbp-D26Dh]
char str_getcurrentprocessid; // [rsp-D258h] [rbp-D268h]
char v1081; // [rsp-D257h] [rbp-D267h]
char v1082; // [rsp-D256h] [rbp-D266h]
char v1083; // [rsp-D255h] [rbp-D265h]
char v1084; // [rsp-D254h] [rbp-D264h]
char v1085; // [rsp-D253h] [rbp-D263h]
char v1086; // [rsp-D252h] [rbp-D262h]
char v1087; // [rsp-D251h] [rbp-D261h]
char v1088; // [rsp-D250h] [rbp-D260h]
char v1089; // [rsp-D24Fh] [rbp-D25Fh]
char v1090; // [rsp-D24Eh] [rbp-D25Eh]
char v1091; // [rsp-D24Dh] [rbp-D25Dh]
char v1092; // [rsp-D24Ch] [rbp-D25Ch]
char v1093; // [rsp-D24Bh] [rbp-D25Bh]
char v1094; // [rsp-D24Ah] [rbp-D25Ah]
char v1095; // [rsp-D249h] [rbp-D259h]
char v1096; // [rsp-D248h] [rbp-D258h]
char v1097; // [rsp-D247h] [rbp-D257h]
char v1098; // [rsp-D246h] [rbp-D256h]
char v1099; // [rsp-D245h] [rbp-D255h]
char str_getfileattributesexw; // [rsp-D240h] [rbp-D250h]
char v1101; // [rsp-D23Fh] [rbp-D24Fh]
char v1102; // [rsp-D23Eh] [rbp-D24Eh]
char v1103; // [rsp-D23Dh] [rbp-D24Dh]
char v1104; // [rsp-D23Ch] [rbp-D24Ch]
char v1105; // [rsp-D23Bh] [rbp-D24Bh]
char v1106; // [rsp-D23Ah] [rbp-D24Ah]
char v1107; // [rsp-D239h] [rbp-D249h]
char v1108; // [rsp-D238h] [rbp-D248h]
char v1109; // [rsp-D237h] [rbp-D247h]
char v1110; // [rsp-D236h] [rbp-D246h]
char v1111; // [rsp-D235h] [rbp-D245h]
char v1112; // [rsp-D234h] [rbp-D244h]
char v1113; // [rsp-D233h] [rbp-D243h]
char v1114; // [rsp-D232h] [rbp-D242h]
char v1115; // [rsp-D231h] [rbp-D241h]
char v1116; // [rsp-D230h] [rbp-D240h]
char v1117; // [rsp-D22Fh] [rbp-D23Fh]
char v1118; // [rsp-D22Eh] [rbp-D23Eh]
char v1119; // [rsp-D22Dh] [rbp-D23Dh]
char v1120; // [rsp-D22Ch] [rbp-D23Ch]
char str_getfileattributesexa; // [rsp-D228h] [rbp-D238h]
char v1122; // [rsp-D227h] [rbp-D237h]
char v1123; // [rsp-D226h] [rbp-D236h]
char v1124; // [rsp-D225h] [rbp-D235h]
char v1125; // [rsp-D224h] [rbp-D234h]
char v1126; // [rsp-D223h] [rbp-D233h]
char v1127; // [rsp-D222h] [rbp-D232h]
char v1128; // [rsp-D221h] [rbp-D231h]
char v1129; // [rsp-D220h] [rbp-D230h]
char v1130; // [rsp-D21Fh] [rbp-D22Fh]
char v1131; // [rsp-D21Eh] [rbp-D22Eh]
char v1132; // [rsp-D21Dh] [rbp-D22Dh]
char v1133; // [rsp-D21Ch] [rbp-D22Ch]
char v1134; // [rsp-D21Bh] [rbp-D22Bh]
char v1135; // [rsp-D21Ah] [rbp-D22Ah]
char v1136; // [rsp-D219h] [rbp-D229h]
char v1137; // [rsp-D218h] [rbp-D228h]
char v1138; // [rsp-D217h] [rbp-D227h]
char v1139; // [rsp-D216h] [rbp-D226h]
char v1140; // [rsp-D215h] [rbp-D225h]
char v1141; // [rsp-D214h] [rbp-D224h]
char str_ntqueryvirtualmemory; // [rsp-D210h] [rbp-D220h]
char v1143; // [rsp-D20Fh] [rbp-D21Fh]
char v1144; // [rsp-D20Eh] [rbp-D21Eh]
char v1145; // [rsp-D20Dh] [rbp-D21Dh]
char v1146; // [rsp-D20Ch] [rbp-D21Ch]
char v1147; // [rsp-D20Bh] [rbp-D21Bh]
char v1148; // [rsp-D20Ah] [rbp-D21Ah]
char v1149; // [rsp-D209h] [rbp-D219h]
char v1150; // [rsp-D208h] [rbp-D218h]
char v1151; // [rsp-D207h] [rbp-D217h]
char v1152; // [rsp-D206h] [rbp-D216h]
char v1153; // [rsp-D205h] [rbp-D215h]
char v1154; // [rsp-D204h] [rbp-D214h]
char v1155; // [rsp-D203h] [rbp-D213h]
char v1156; // [rsp-D202h] [rbp-D212h]
char v1157; // [rsp-D201h] [rbp-D211h]
char v1158; // [rsp-D200h] [rbp-D210h]
char v1159; // [rsp-D1FFh] [rbp-D20Fh]
char v1160; // [rsp-D1FEh] [rbp-D20Eh]
char v1161; // [rsp-D1FDh] [rbp-D20Dh]
char v1162; // [rsp-D1FCh] [rbp-D20Ch]
char str_getfileattributesexw_1; // [rsp-D1F8h] [rbp-D208h]
char v1164; // [rsp-D1F7h] [rbp-D207h]
char v1165; // [rsp-D1F6h] [rbp-D206h]
char v1166; // [rsp-D1F5h] [rbp-D205h]
char v1167; // [rsp-D1F4h] [rbp-D204h]
char v1168; // [rsp-D1F3h] [rbp-D203h]
char v1169; // [rsp-D1F2h] [rbp-D202h]
char v1170; // [rsp-D1F1h] [rbp-D201h]
char v1171; // [rsp-D1F0h] [rbp-D200h]
char v1172; // [rsp-D1EFh] [rbp-D1FFh]
char v1173; // [rsp-D1EEh] [rbp-D1FEh]
char v1174; // [rsp-D1EDh] [rbp-D1FDh]
char v1175; // [rsp-D1ECh] [rbp-D1FCh]
char v1176; // [rsp-D1EBh] [rbp-D1FBh]
char v1177; // [rsp-D1EAh] [rbp-D1FAh]
char v1178; // [rsp-D1E9h] [rbp-D1F9h]
char v1179; // [rsp-D1E8h] [rbp-D1F8h]
char v1180; // [rsp-D1E7h] [rbp-D1F7h]
char v1181; // [rsp-D1E6h] [rbp-D1F6h]
char v1182; // [rsp-D1E5h] [rbp-D1F5h]
char v1183; // [rsp-D1E4h] [rbp-D1F4h]
char str_lookupprivilegevaluea; // [rsp-D1E0h] [rbp-D1F0h]
char v1185; // [rsp-D1DFh] [rbp-D1EFh]
char v1186; // [rsp-D1DEh] [rbp-D1EEh]
char v1187; // [rsp-D1DDh] [rbp-D1EDh]
char v1188; // [rsp-D1DCh] [rbp-D1ECh]
char v1189; // [rsp-D1DBh] [rbp-D1EBh]
char v1190; // [rsp-D1DAh] [rbp-D1EAh]
char v1191; // [rsp-D1D9h] [rbp-D1E9h]
char v1192; // [rsp-D1D8h] [rbp-D1E8h]
char v1193; // [rsp-D1D7h] [rbp-D1E7h]
char v1194; // [rsp-D1D6h] [rbp-D1E6h]
char v1195; // [rsp-D1D5h] [rbp-D1E5h]
char v1196; // [rsp-D1D4h] [rbp-D1E4h]
char v1197; // [rsp-D1D3h] [rbp-D1E3h]
char v1198; // [rsp-D1D2h] [rbp-D1E2h]
char v1199; // [rsp-D1D1h] [rbp-D1E1h]
char v1200; // [rsp-D1D0h] [rbp-D1E0h]
char v1201; // [rsp-D1CFh] [rbp-D1DFh]
char v1202; // [rsp-D1CEh] [rbp-D1DEh]
char v1203; // [rsp-D1CDh] [rbp-D1DDh]
char v1204; // [rsp-D1CCh] [rbp-D1DCh]
char v1205; // [rsp-D1CBh] [rbp-D1DBh]
char v1206; // [rsp-D1C8h] [rbp-D1D8h]
char v1207; // [rsp-D1C7h] [rbp-D1D7h]
char v1208; // [rsp-D1C6h] [rbp-D1D6h]
char v1209; // [rsp-D1C5h] [rbp-D1D5h]
char v1210; // [rsp-D1C4h] [rbp-D1D4h]
char v1211; // [rsp-D1C3h] [rbp-D1D3h]
char v1212; // [rsp-D1C2h] [rbp-D1D2h]
char v1213; // [rsp-D1C1h] [rbp-D1D1h]
char v1214; // [rsp-D1C0h] [rbp-D1D0h]
char v1215; // [rsp-D1BFh] [rbp-D1CFh]
char v1216; // [rsp-D1BEh] [rbp-D1CEh]
char v1217; // [rsp-D1BDh] [rbp-D1CDh]
char v1218; // [rsp-D1BCh] [rbp-D1CCh]
char v1219; // [rsp-D1BBh] [rbp-D1CBh]
char v1220; // [rsp-D1BAh] [rbp-D1CAh]
char v1221; // [rsp-D1B9h] [rbp-D1C9h]
char v1222; // [rsp-D1B8h] [rbp-D1C8h]
char v1223; // [rsp-D1B7h] [rbp-D1C7h]
char v1224; // [rsp-D1B6h] [rbp-D1C6h]
char v1225; // [rsp-D1B5h] [rbp-D1C5h]
char v1226; // [rsp-D1B4h] [rbp-D1C4h]
char v1227; // [rsp-D1B3h] [rbp-D1C3h]
char str_ntprotectvirtualmemory; // [rsp-D1B0h] [rbp-D1C0h]
char v1229; // [rsp-D1AFh] [rbp-D1BFh]
char v1230; // [rsp-D1AEh] [rbp-D1BEh]
char v1231; // [rsp-D1ADh] [rbp-D1BDh]
char v1232; // [rsp-D1ACh] [rbp-D1BCh]
char v1233; // [rsp-D1ABh] [rbp-D1BBh]
char v1234; // [rsp-D1AAh] [rbp-D1BAh]
char v1235; // [rsp-D1A9h] [rbp-D1B9h]
char v1236; // [rsp-D1A8h] [rbp-D1B8h]
char v1237; // [rsp-D1A7h] [rbp-D1B7h]
char v1238; // [rsp-D1A6h] [rbp-D1B6h]
char v1239; // [rsp-D1A5h] [rbp-D1B5h]
char v1240; // [rsp-D1A4h] [rbp-D1B4h]
char v1241; // [rsp-D1A3h] [rbp-D1B3h]
char v1242; // [rsp-D1A2h] [rbp-D1B2h]
char v1243; // [rsp-D1A1h] [rbp-D1B1h]
char v1244; // [rsp-D1A0h] [rbp-D1B0h]
char v1245; // [rsp-D19Fh] [rbp-D1AFh]
char v1246; // [rsp-D19Eh] [rbp-D1AEh]
char v1247; // [rsp-D19Dh] [rbp-D1ADh]
char v1248; // [rsp-D19Ch] [rbp-D1ACh]
char v1249; // [rsp-D19Bh] [rbp-D1ABh]
char v1250; // [rsp-D19Ah] [rbp-D1AAh]
char str_ntquerysysteminformation; // [rsp-D198h] [rbp-D1A8h]
char v1252; // [rsp-D197h] [rbp-D1A7h]
char v1253; // [rsp-D196h] [rbp-D1A6h]
char v1254; // [rsp-D195h] [rbp-D1A5h]
char v1255; // [rsp-D194h] [rbp-D1A4h]
char v1256; // [rsp-D193h] [rbp-D1A3h]
char v1257; // [rsp-D192h] [rbp-D1A2h]
char v1258; // [rsp-D191h] [rbp-D1A1h]
char v1259; // [rsp-D190h] [rbp-D1A0h]
char v1260; // [rsp-D18Fh] [rbp-D19Fh]
char v1261; // [rsp-D18Eh] [rbp-D19Eh]
char v1262; // [rsp-D18Dh] [rbp-D19Dh]
char v1263; // [rsp-D18Ch] [rbp-D19Ch]
char v1264; // [rsp-D18Bh] [rbp-D19Bh]
char v1265; // [rsp-D18Ah] [rbp-D19Ah]
char v1266; // [rsp-D189h] [rbp-D199h]
char v1267; // [rsp-D188h] [rbp-D198h]
char v1268; // [rsp-D187h] [rbp-D197h]
char v1269; // [rsp-D186h] [rbp-D196h]
char v1270; // [rsp-D185h] [rbp-D195h]
char v1271; // [rsp-D184h] [rbp-D194h]
char v1272; // [rsp-D183h] [rbp-D193h]
char v1273; // [rsp-D182h] [rbp-D192h]
char v1274; // [rsp-D181h] [rbp-D191h]
char v1275; // [rsp-D180h] [rbp-D190h]
char str_getwindowthreadprocessid; // [rsp-D178h] [rbp-D188h]
char v1277; // [rsp-D177h] [rbp-D187h]
char v1278; // [rsp-D176h] [rbp-D186h]
char v1279; // [rsp-D175h] [rbp-D185h]
char v1280; // [rsp-D174h] [rbp-D184h]
char v1281; // [rsp-D173h] [rbp-D183h]
char v1282; // [rsp-D172h] [rbp-D182h]
char v1283; // [rsp-D171h] [rbp-D181h]
char v1284; // [rsp-D170h] [rbp-D180h]
char v1285; // [rsp-D16Fh] [rbp-D17Fh]
char v1286; // [rsp-D16Eh] [rbp-D17Eh]
char v1287; // [rsp-D16Dh] [rbp-D17Dh]
char v1288; // [rsp-D16Ch] [rbp-D17Ch]
char v1289; // [rsp-D16Bh] [rbp-D17Bh]
char v1290; // [rsp-D16Ah] [rbp-D17Ah]
char v1291; // [rsp-D169h] [rbp-D179h]
char v1292; // [rsp-D168h] [rbp-D178h]
char v1293; // [rsp-D167h] [rbp-D177h]
char v1294; // [rsp-D166h] [rbp-D176h]
char v1295; // [rsp-D165h] [rbp-D175h]
char v1296; // [rsp-D164h] [rbp-D174h]
char v1297; // [rsp-D163h] [rbp-D173h]
char v1298; // [rsp-D162h] [rbp-D172h]
char v1299; // [rsp-D161h] [rbp-D171h]
char v1300; // [rsp-D160h] [rbp-D170h]
char str_createtoolhelp32snapshot; // [rsp-D158h] [rbp-D168h]
char v1302; // [rsp-D157h] [rbp-D167h]
char v1303; // [rsp-D156h] [rbp-D166h]
char v1304; // [rsp-D155h] [rbp-D165h]
char v1305; // [rsp-D154h] [rbp-D164h]
char v1306; // [rsp-D153h] [rbp-D163h]
char v1307; // [rsp-D152h] [rbp-D162h]
char v1308; // [rsp-D151h] [rbp-D161h]
char v1309; // [rsp-D150h] [rbp-D160h]
char v1310; // [rsp-D14Fh] [rbp-D15Fh]
char v1311; // [rsp-D14Eh] [rbp-D15Eh]
char v1312; // [rsp-D14Dh] [rbp-D15Dh]
char v1313; // [rsp-D14Ch] [rbp-D15Ch]
char v1314; // [rsp-D14Bh] [rbp-D15Bh]
char v1315; // [rsp-D14Ah] [rbp-D15Ah]
char v1316; // [rsp-D149h] [rbp-D159h]
char v1317; // [rsp-D148h] [rbp-D158h]
char v1318; // [rsp-D147h] [rbp-D157h]
char v1319; // [rsp-D146h] [rbp-D156h]
char v1320; // [rsp-D145h] [rbp-D155h]
char v1321; // [rsp-D144h] [rbp-D154h]
char v1322; // [rsp-D143h] [rbp-D153h]
char v1323; // [rsp-D142h] [rbp-D152h]
char v1324; // [rsp-D141h] [rbp-D151h]
char v1325; // [rsp-D140h] [rbp-D150h]
char str_ntqueryinformationprocess; // [rsp-D138h] [rbp-D148h]
char v1327; // [rsp-D137h] [rbp-D147h]
char v1328; // [rsp-D136h] [rbp-D146h]
char v1329; // [rsp-D135h] [rbp-D145h]
char v1330; // [rsp-D134h] [rbp-D144h]
char v1331; // [rsp-D133h] [rbp-D143h]
char v1332; // [rsp-D132h] [rbp-D142h]
char v1333; // [rsp-D131h] [rbp-D141h]
char v1334; // [rsp-D130h] [rbp-D140h]
char v1335; // [rsp-D12Fh] [rbp-D13Fh]
char v1336; // [rsp-D12Eh] [rbp-D13Eh]
char v1337; // [rsp-D12Dh] [rbp-D13Dh]
char v1338; // [rsp-D12Ch] [rbp-D13Ch]
char v1339; // [rsp-D12Bh] [rbp-D13Bh]
char v1340; // [rsp-D12Ah] [rbp-D13Ah]
char v1341; // [rsp-D129h] [rbp-D139h]
char v1342; // [rsp-D128h] [rbp-D138h]
char v1343; // [rsp-D127h] [rbp-D137h]
char v1344; // [rsp-D126h] [rbp-D136h]
char v1345; // [rsp-D125h] [rbp-D135h]
char v1346; // [rsp-D124h] [rbp-D134h]
char v1347; // [rsp-D123h] [rbp-D133h]
char v1348; // [rsp-D122h] [rbp-D132h]
char v1349; // [rsp-D121h] [rbp-D131h]
char v1350; // [rsp-D120h] [rbp-D130h]
char v1351; // [rsp-D11Fh] [rbp-D12Fh]
char str_queryfullprocessimagename; // [rsp-D118h] [rbp-D128h]
char v1353; // [rsp-D117h] [rbp-D127h]
char v1354; // [rsp-D116h] [rbp-D126h]
char v1355; // [rsp-D115h] [rbp-D125h]
char v1356; // [rsp-D114h] [rbp-D124h]
char v1357; // [rsp-D113h] [rbp-D123h]
char v1358; // [rsp-D112h] [rbp-D122h]
char v1359; // [rsp-D111h] [rbp-D121h]
char v1360; // [rsp-D110h] [rbp-D120h]
char v1361; // [rsp-D10Fh] [rbp-D11Fh]
char v1362; // [rsp-D10Eh] [rbp-D11Eh]
char v1363; // [rsp-D10Dh] [rbp-D11Dh]
char v1364; // [rsp-D10Ch] [rbp-D11Ch]
char v1365; // [rsp-D10Bh] [rbp-D11Bh]
char v1366; // [rsp-D10Ah] [rbp-D11Ah]
char v1367; // [rsp-D109h] [rbp-D119h]
char v1368; // [rsp-D108h] [rbp-D118h]
char v1369; // [rsp-D107h] [rbp-D117h]
char v1370; // [rsp-D106h] [rbp-D116h]
char v1371; // [rsp-D105h] [rbp-D115h]
char v1372; // [rsp-D104h] [rbp-D114h]
char v1373; // [rsp-D103h] [rbp-D113h]
char v1374; // [rsp-D102h] [rbp-D112h]
char v1375; // [rsp-D101h] [rbp-D111h]
char v1376; // [rsp-D100h] [rbp-D110h]
char v1377; // [rsp-D0FFh] [rbp-D10Fh]
char v1378; // [rsp-D0FEh] [rbp-D10Eh]
char v1379; // [rsp-D0F8h] [rbp-D108h]
char v1380; // [rsp-D0F7h] [rbp-D107h]
char v1381; // [rsp-D0F6h] [rbp-D106h]
char v1382; // [rsp-D0F5h] [rbp-D105h]
char v1383; // [rsp-D0F4h] [rbp-D104h]
char v1384; // [rsp-D0F3h] [rbp-D103h]
char v1385; // [rsp-D0F2h] [rbp-D102h]
char v1386; // [rsp-D0F1h] [rbp-D101h]
char v1387; // [rsp-D0F0h] [rbp-D100h]
char v1388; // [rsp-D0EFh] [rbp-D0FFh]
char v1389; // [rsp-D0EEh] [rbp-D0FEh]
char v1390; // [rsp-D0EDh] [rbp-D0FDh]
char v1391; // [rsp-D0ECh] [rbp-D0FCh]
char v1392; // [rsp-D0EBh] [rbp-D0FBh]
char v1393; // [rsp-D0EAh] [rbp-D0FAh]
char v1394; // [rsp-D0E9h] [rbp-D0F9h]
char v1395; // [rsp-D0E8h] [rbp-D0F8h]
char v1396; // [rsp-D0E7h] [rbp-D0F7h]
char v1397; // [rsp-D0E6h] [rbp-D0F6h]
char v1398; // [rsp-D0E5h] [rbp-D0F5h]
char v1399; // [rsp-D0E4h] [rbp-D0F4h]
char v1400; // [rsp-D0E3h] [rbp-D0F3h]
char v1401; // [rsp-D0E2h] [rbp-D0F2h]
char v1402; // [rsp-D0E1h] [rbp-D0F1h]
char v1403; // [rsp-D0E0h] [rbp-D0F0h]
char v1404; // [rsp-D0DFh] [rbp-D0EFh]
char v1405; // [rsp-D0DEh] [rbp-D0EEh]
char v1406; // [rsp-D0DDh] [rbp-D0EDh]
char v1407; // [rsp-D0DCh] [rbp-D0ECh]
char v1408; // [rsp-D0DBh] [rbp-D0EBh]
char v1409; // [rsp-D0DAh] [rbp-D0EAh]
char v1410; // [rsp-D0D9h] [rbp-D0E9h]
char v1411; // [rsp-D0D8h] [rbp-D0E8h]
char v1412; // [rsp-D0D7h] [rbp-D0E7h]
char v1413; // [rsp-D0D6h] [rbp-D0E6h]
char v1414; // [rsp-D0D5h] [rbp-D0E5h]
char v1415; // [rsp-D0D4h] [rbp-D0E4h]
char v1416; // [rsp-D0D3h] [rbp-D0E3h]
char v1417; // [rsp-D0D2h] [rbp-D0E2h]
char v1418; // [rsp-D0D1h] [rbp-D0E1h]
char v1419; // [rsp-D0D0h] [rbp-D0E0h]
char v1420; // [rsp-D0CFh] [rbp-D0DFh]
char v1421; // [rsp-D0CEh] [rbp-D0DEh]
char v1422; // [rsp-D0C8h] [rbp-D0D8h]
char v1423; // [rsp-D0C7h] [rbp-D0D7h]
char v1424; // [rsp-D0C6h] [rbp-D0D6h]
char v1425; // [rsp-D0C5h] [rbp-D0D5h]
char v1426; // [rsp-D0C4h] [rbp-D0D4h]
char v1427; // [rsp-D0C3h] [rbp-D0D3h]
char v1428; // [rsp-D0C2h] [rbp-D0D2h]
char v1429; // [rsp-D0C1h] [rbp-D0D1h]
char v1430; // [rsp-D0C0h] [rbp-D0D0h]
char v1431; // [rsp-D0BFh] [rbp-D0CFh]
char v1432; // [rsp-D0BEh] [rbp-D0CEh]
char v1433; // [rsp-D0BDh] [rbp-D0CDh]
char v1434; // [rsp-D0BCh] [rbp-D0CCh]
char v1435; // [rsp-D0BBh] [rbp-D0CBh]
char v1436; // [rsp-D0BAh] [rbp-D0CAh]
char v1437; // [rsp-D0B9h] [rbp-D0C9h]
char v1438; // [rsp-D0B8h] [rbp-D0C8h]
char v1439; // [rsp-D0B7h] [rbp-D0C7h]
char v1440; // [rsp-D0B6h] [rbp-D0C6h]
char v1441; // [rsp-D0B5h] [rbp-D0C5h]
char v1442; // [rsp-D0B4h] [rbp-D0C4h]
char v1443; // [rsp-D0B3h] [rbp-D0C3h]
char v1444; // [rsp-D0B2h] [rbp-D0C2h]
char v1445; // [rsp-D0B1h] [rbp-D0C1h]
char v1446; // [rsp-D0B0h] [rbp-D0C0h]
char v1447; // [rsp-D0AFh] [rbp-D0BFh]
char v1448; // [rsp-D0AEh] [rbp-D0BEh]
char v1449; // [rsp-D0ADh] [rbp-D0BDh]
char v1450; // [rsp-D0ACh] [rbp-D0BCh]
char v1451; // [rsp-D0ABh] [rbp-D0BBh]
char v1452; // [rsp-D0AAh] [rbp-D0BAh]
char v1453; // [rsp-D0A9h] [rbp-D0B9h]
char v1454; // [rsp-D0A8h] [rbp-D0B8h]
char v1455; // [rsp-D0A7h] [rbp-D0B7h]
char v1456; // [rsp-D0A6h] [rbp-D0B6h]
char v1457; // [rsp-D0A5h] [rbp-D0B5h]
char v1458; // [rsp-D0A4h] [rbp-D0B4h]
char v1459; // [rsp-D0A3h] [rbp-D0B3h]
char v1460; // [rsp-D0A2h] [rbp-D0B2h]
char v1461; // [rsp-D0A1h] [rbp-D0B1h]
char v1462; // [rsp-D0A0h] [rbp-D0B0h]
char v1463; // [rsp-D09Fh] [rbp-D0AFh]
char v1464; // [rsp-D09Eh] [rbp-D0AEh]
char v1465; // [rsp-D09Dh] [rbp-D0ADh]
char v1466; // [rsp-D09Ch] [rbp-D0ACh]
char v1467; // [rsp-D09Bh] [rbp-D0ABh]
char v1468; // [rsp-D09Ah] [rbp-D0AAh]
char v1469; // [rsp-D099h] [rbp-D0A9h]
char v1470; // [rsp-D098h] [rbp-D0A8h]
char v1471; // [rsp-D097h] [rbp-D0A7h]
char v1472; // [rsp-D090h] [rbp-D0A0h]
char v1473; // [rsp-D08Fh] [rbp-D09Fh]
char v1474; // [rsp-D08Eh] [rbp-D09Eh]
char v1475; // [rsp-D08Dh] [rbp-D09Dh]
char v1476; // [rsp-D08Ch] [rbp-D09Ch]
char v1477; // [rsp-D08Bh] [rbp-D09Bh]
char v1478; // [rsp-D08Ah] [rbp-D09Ah]
char v1479; // [rsp-D089h] [rbp-D099h]
char v1480; // [rsp-D088h] [rbp-D098h]
char v1481; // [rsp-D087h] [rbp-D097h]
char v1482; // [rsp-D086h] [rbp-D096h]
char v1483; // [rsp-D085h] [rbp-D095h]
char v1484; // [rsp-D084h] [rbp-D094h]
char v1485; // [rsp-D083h] [rbp-D093h]
char v1486; // [rsp-D082h] [rbp-D092h]
char v1487; // [rsp-D081h] [rbp-D091h]
char v1488; // [rsp-D080h] [rbp-D090h]
char v1489; // [rsp-D07Fh] [rbp-D08Fh]
char v1490; // [rsp-D07Eh] [rbp-D08Eh]
char v1491; // [rsp-D07Dh] [rbp-D08Dh]
char v1492; // [rsp-D07Ch] [rbp-D08Ch]
char v1493; // [rsp-D07Bh] [rbp-D08Bh]
char v1494; // [rsp-D07Ah] [rbp-D08Ah]
char v1495; // [rsp-D079h] [rbp-D089h]
char v1496; // [rsp-D078h] [rbp-D088h]
char v1497; // [rsp-D077h] [rbp-D087h]
char v1498; // [rsp-D076h] [rbp-D086h]
char v1499; // [rsp-D075h] [rbp-D085h]
char v1500; // [rsp-D074h] [rbp-D084h]
char v1501; // [rsp-D073h] [rbp-D083h]
char v1502; // [rsp-D072h] [rbp-D082h]
char v1503; // [rsp-D071h] [rbp-D081h]
char v1504; // [rsp-D070h] [rbp-D080h]
char v1505; // [rsp-D06Fh] [rbp-D07Fh]
char v1506; // [rsp-D06Eh] [rbp-D07Eh]
char v1507; // [rsp-D06Dh] [rbp-D07Dh]
char v1508; // [rsp-D06Ch] [rbp-D07Ch]
char v1509; // [rsp-D06Bh] [rbp-D07Bh]
char v1510; // [rsp-D06Ah] [rbp-D07Ah]
char v1511; // [rsp-D069h] [rbp-D079h]
char v1512; // [rsp-D068h] [rbp-D078h]
char v1513; // [rsp-D067h] [rbp-D077h]
char v1514; // [rsp-D066h] [rbp-D076h]
char v1515; // [rsp-D065h] [rbp-D075h]
char v1516; // [rsp-D064h] [rbp-D074h]
char v1517; // [rsp-D063h] [rbp-D073h]
char v1518; // [rsp-D062h] [rbp-D072h]
char v1519; // [rsp-D061h] [rbp-D071h]
char v1520; // [rsp-D060h] [rbp-D070h]
char v1521; // [rsp-D05Fh] [rbp-D06Fh]
char v1522; // [rsp-D05Eh] [rbp-D06Eh]
char v1523; // [rsp-D05Dh] [rbp-D06Dh]
char v1524; // [rsp-D05Ch] [rbp-D06Ch]
char v1525; // [rsp-D058h] [rbp-D068h]
char v1526; // [rsp-D057h] [rbp-D067h]
char v1527; // [rsp-D056h] [rbp-D066h]
char v1528; // [rsp-D055h] [rbp-D065h]
char v1529; // [rsp-D054h] [rbp-D064h]
char v1530; // [rsp-D053h] [rbp-D063h]
char v1531; // [rsp-D052h] [rbp-D062h]
char v1532; // [rsp-D051h] [rbp-D061h]
char v1533; // [rsp-D050h] [rbp-D060h]
char v1534; // [rsp-D04Fh] [rbp-D05Fh]
char v1535; // [rsp-D04Eh] [rbp-D05Eh]
char v1536; // [rsp-D04Dh] [rbp-D05Dh]
char v1537; // [rsp-D04Ch] [rbp-D05Ch]
char v1538; // [rsp-D04Bh] [rbp-D05Bh]
char v1539; // [rsp-D04Ah] [rbp-D05Ah]
char v1540; // [rsp-D049h] [rbp-D059h]
char v1541; // [rsp-D048h] [rbp-D058h]
char v1542; // [rsp-D047h] [rbp-D057h]
char v1543; // [rsp-D046h] [rbp-D056h]
char v1544; // [rsp-D045h] [rbp-D055h]
char v1545; // [rsp-D044h] [rbp-D054h]
char v1546; // [rsp-D043h] [rbp-D053h]
char v1547; // [rsp-D042h] [rbp-D052h]
char v1548; // [rsp-D041h] [rbp-D051h]
char v1549; // [rsp-D040h] [rbp-D050h]
char v1550; // [rsp-D03Fh] [rbp-D04Fh]
char v1551; // [rsp-D03Eh] [rbp-D04Eh]
char v1552; // [rsp-D03Dh] [rbp-D04Dh]
char v1553; // [rsp-D03Ch] [rbp-D04Ch]
char v1554; // [rsp-D03Bh] [rbp-D04Bh]
char v1555; // [rsp-D03Ah] [rbp-D04Ah]
char v1556; // [rsp-D039h] [rbp-D049h]
char v1557; // [rsp-D038h] [rbp-D048h]
char v1558; // [rsp-D037h] [rbp-D047h]
char v1559; // [rsp-D036h] [rbp-D046h]
char v1560; // [rsp-D035h] [rbp-D045h]
char v1561; // [rsp-D034h] [rbp-D044h]
char v1562; // [rsp-D033h] [rbp-D043h]
char v1563; // [rsp-D032h] [rbp-D042h]
char v1564; // [rsp-D031h] [rbp-D041h]
char v1565; // [rsp-D030h] [rbp-D040h]
char v1566; // [rsp-D02Fh] [rbp-D03Fh]
char v1567; // [rsp-D02Eh] [rbp-D03Eh]
char v1568; // [rsp-D02Dh] [rbp-D03Dh]
char v1569; // [rsp-D02Ch] [rbp-D03Ch]
char v1570; // [rsp-D02Bh] [rbp-D03Bh]
char v1571; // [rsp-D02Ah] [rbp-D03Ah]
char v1572; // [rsp-D029h] [rbp-D039h]
char v1573; // [rsp-D028h] [rbp-D038h]
char v1574; // [rsp-D027h] [rbp-D037h]
char v1575; // [rsp-D026h] [rbp-D036h]
char v1576; // [rsp-D025h] [rbp-D035h]
char v1577; // [rsp-D024h] [rbp-D034h]
char v1578; // [rsp-D023h] [rbp-D033h]
char v1579; // [rsp-D022h] [rbp-D032h]
char v1580; // [rsp-D021h] [rbp-D031h]
char v1581; // [rsp-D020h] [rbp-D030h]
char v1582; // [rsp-D01Fh] [rbp-D02Fh]
char str_pubgpacks; // [rsp-D018h] [rbp-D028h]
char v1584; // [rsp-D017h] [rbp-D027h]
char v1585; // [rsp-D016h] [rbp-D026h]
char v1586; // [rsp-D015h] [rbp-D025h]
char v1587; // [rsp-D014h] [rbp-D024h]
char v1588; // [rsp-D013h] [rbp-D023h]
char v1589; // [rsp-D012h] [rbp-D022h]
char v1590; // [rsp-D011h] [rbp-D021h]
char v1591; // [rsp-D010h] [rbp-D020h]
char v1592; // [rsp-D00Fh] [rbp-D01Fh]
char v1593; // [rsp-D00Eh] [rbp-D01Eh]
char v1594; // [rsp-D00Dh] [rbp-D01Dh]
char v1595; // [rsp-D00Ch] [rbp-D01Ch]
char v1596; // [rsp-D00Bh] [rbp-D01Bh]
char v1597; // [rsp-D00Ah] [rbp-D01Ah]
char v1598; // [rsp-D009h] [rbp-D019h]
char v1599; // [rsp-D008h] [rbp-D018h]
char v1600; // [rsp-D007h] [rbp-D017h]
char v1601; // [rsp-D006h] [rbp-D016h]
char v1602; // [rsp-D005h] [rbp-D015h]
char v1603; // [rsp-D004h] [rbp-D014h]
char v1604; // [rsp-D003h] [rbp-D013h]
char v1605; // [rsp-D002h] [rbp-D012h]
char v1606; // [rsp-D001h] [rbp-D011h]
char v1607; // [rsp-D000h] [rbp-D010h]
char v1608; // [rsp-CFFFh] [rbp-D00Fh]
char v1609; // [rsp-CFFEh] [rbp-D00Eh]
char v1610; // [rsp-CFFDh] [rbp-D00Dh]
char v1611; // [rsp-CFFCh] [rbp-D00Ch]
char v1612; // [rsp-CFFBh] [rbp-D00Bh]
char v1613; // [rsp-CFFAh] [rbp-D00Ah]
char v1614; // [rsp-CFF9h] [rbp-D009h]
char v1615; // [rsp-CFF8h] [rbp-D008h]
char v1616; // [rsp-CFF7h] [rbp-D007h]
char v1617; // [rsp-CFF6h] [rbp-D006h]
char v1618; // [rsp-CFF5h] [rbp-D005h]
char v1619; // [rsp-CFF4h] [rbp-D004h]
char v1620; // [rsp-CFF3h] [rbp-D003h]
char v1621; // [rsp-CFF2h] [rbp-D002h]
char v1622; // [rsp-CFF1h] [rbp-D001h]
char v1623; // [rsp-CFF0h] [rbp-D000h]
char v1624; // [rsp-CFEFh] [rbp-CFFFh]
char v1625; // [rsp-CFEEh] [rbp-CFFEh]
char v1626; // [rsp-CFEDh] [rbp-CFFDh]
char v1627; // [rsp-CFECh] [rbp-CFFCh]
char v1628; // [rsp-CFEBh] [rbp-CFFBh]
char v1629; // [rsp-CFEAh] [rbp-CFFAh]
char v1630; // [rsp-CFE9h] [rbp-CFF9h]
char v1631; // [rsp-CFE8h] [rbp-CFF8h]
char v1632; // [rsp-CFE7h] [rbp-CFF7h]
char v1633; // [rsp-CFE6h] [rbp-CFF6h]
char v1634; // [rsp-CFE5h] [rbp-CFF5h]
char v1635; // [rsp-CFE4h] [rbp-CFF4h]
char v1636; // [rsp-CFE3h] [rbp-CFF3h]
char v1637; // [rsp-CFE2h] [rbp-CFF2h]
char v1638; // [rsp-CFE1h] [rbp-CFF1h]
char v1639; // [rsp-CFE0h] [rbp-CFF0h]
char v1640; // [rsp-CFDFh] [rbp-CFEFh]
char v1641; // [rsp-CFDEh] [rbp-CFEEh]
char v1642; // [rsp-CFDDh] [rbp-CFEDh]
__int64 currentProcessId_1; // [rsp-CFD8h] [rbp-CFE8h]
unsigned int windowTextW_1; // [rsp-CFD0h] [rbp-CFE0h]
int windowLong; // [rsp-CFCCh] [rbp-CFDCh]
signed int v1646; // [rsp-CFC8h] [rbp-CFD8h]
signed int v1647; // [rsp-CFC4h] [rbp-CFD4h]
unsigned int v1648; // [rsp-CFC0h] [rbp-CFD0h]
unsigned int v1649; // [rsp-CFBCh] [rbp-CFCCh]
unsigned int v1650; // [rsp-CFB8h] [rbp-CFC8h]
signed int v1651; // [rsp-CFB4h] [rbp-CFC4h]
int v1652; // [rsp-CFB0h] [rbp-CFC0h]
int v1653; // [rsp-CFACh] [rbp-CFBCh]
int v1654; // [rsp-CFA8h] [rbp-CFB8h]
signed int i8; // [rsp-CFA4h] [rbp-CFB4h]
unsigned int v1656; // [rsp-CFA0h] [rbp-CFB0h]
__int64 hNtDLL; // [rsp-CF98h] [rbp-CFA8h]
signed int v1658; // [rsp-CF90h] [rbp-CFA0h]
__int64 hCurrentProcessHandle; // [rsp-CF88h] [rbp-CF98h]
__int64 v1660; // [rsp-CF80h] [rbp-CF90h]
signed int v1661; // [rsp-CF78h] [rbp-CF88h]
BOOL v83; // [rsp-CF74h] [rbp-CF84h]
BOOL v1663; // [rsp-CF70h] [rbp-CF80h]
int v1664; // [rsp-CF6Ch] [rbp-CF7Ch]
signed int v1665; // [rsp-CF68h] [rbp-CF78h]
int windowTextWConvertedToA; // [rsp-CF64h] [rbp-CF74h]
int windowTextWConvertedToA_1; // [rsp-CF60h] [rbp-CF70h]
BOOL hProcess_1; // [rsp-CF5Ch] [rbp-CF6Ch]
int v1669; // [rsp-CF58h] [rbp-CF68h]
int v1670; // [rsp-CF54h] [rbp-CF64h]
int v1671; // [rsp-CF50h] [rbp-CF60h]
int v1672; // [rsp-CF4Ch] [rbp-CF5Ch]
signed int v1673; // [rsp-CF48h] [rbp-CF58h]
signed int v1674; // [rsp-CF44h] [rbp-CF54h]
unsigned int v1675; // [rsp-CF40h] [rbp-CF50h]
BOOL result_1; // [rsp-CF3Ch] [rbp-CF4Ch]
int v1677; // [rsp-CF38h] [rbp-CF48h]
signed int v1678; // [rsp-CF34h] [rbp-CF44h]
signed int v1679; // [rsp-CF30h] [rbp-CF40h]
BOOL v1680; // [rsp-CF2Ch] [rbp-CF3Ch]
__int64 returnLength; // [rsp-CF20h] [rbp-CF30h]
unsigned __int64 mm; // [rsp-CF18h] [rbp-CF28h]
unsigned int tickDelta; // [rsp-CF10h] [rbp-CF20h]
__int64 hThread; // [rsp-CF08h] [rbp-CF18h]
__int64 v1685; // [rsp-CF00h] [rbp-CF10h]
__int64 v1686; // [rsp-CEF8h] [rbp-CF08h]
char v1687; // [rsp-CEF0h] [rbp-CF00h]
char v1688; // [rsp-CEEFh] [rbp-CEFFh]
int v1689; // [rsp-CEEEh] [rbp-CEFEh]
char v1690; // [rsp-CEE8h] [rbp-CEF8h]
char v1691; // [rsp-CEE7h] [rbp-CEF7h]
int v1692; // [rsp-CEE6h] [rbp-CEF6h]
char v1693; // [rsp-CEE0h] [rbp-CEF0h]
char v1694; // [rsp-CEDFh] [rbp-CEEFh]
signed int v1695; // [rsp-CEDEh] [rbp-CEEEh]
char v1696; // [rsp-CED8h] [rbp-CEE8h]
char v1697; // [rsp-CED7h] [rbp-CEE7h]
unsigned int v1698; // [rsp-CED6h] [rbp-CEE6h]
__int64 hSnapshot_2; // [rsp-CED0h] [rbp-CEE0h]
__int64 hSnapshot_1; // [rsp-CEC8h] [rbp-CED8h]
__int64 hSnapshot; // [rsp-CEC0h] [rbp-CED0h]
char v1702; // [rsp-CEB8h] [rbp-CEC8h]
char v1703; // [rsp-CEB7h] [rbp-CEC7h]
signed __int16 v1704; // [rsp-CEB6h] [rbp-CEC6h]
int v1705; // [rsp-CEB4h] [rbp-CEC4h]
unsigned int (__fastcall *QueryFullProcessImageName)(__int64, _QWORD, __int64 *, unsigned int *); // [rsp-CEB0h] [rbp-CEC0h]
__int64 (__fastcall *NtQuerySystemInformation)(signed __int64, unsigned int *, signed __int64, unsigned int *); // [rsp-CEA8h] [rbp-CEB8h]
unsigned int (__fastcall *GetFileAttributesExA)(char *, _QWORD, __int64 *); // [rsp-CEA0h] [rbp-CEB0h]
char v1709; // [rsp-CE98h] [rbp-CEA8h]
char v1710; // [rsp-CE97h] [rbp-CEA7h]
signed __int16 v1711; // [rsp-CE96h] [rbp-CEA6h]
int v1712; // [rsp-CE94h] [rbp-CEA4h]
char v1713; // [rsp-CE90h] [rbp-CEA0h]
char v1714; // [rsp-CE8Fh] [rbp-CE9Fh]
signed __int16 v1715; // [rsp-CE8Eh] [rbp-CE9Eh]
int v1716; // [rsp-CE8Ch] [rbp-CE9Ch]
_QWORD *v1717; // [rsp-CE88h] [rbp-CE98h]
char v1718; // [rsp-CE80h] [rbp-CE90h]
char v1719; // [rsp-CE7Fh] [rbp-CE8Fh]
signed __int16 v1720; // [rsp-CE7Eh] [rbp-CE8Eh]
int v1721; // [rsp-CE7Ch] [rbp-CE8Ch]
char v1722; // [rsp-CE78h] [rbp-CE88h]
char v1723; // [rsp-CE77h] [rbp-CE87h]
signed __int16 v1724; // [rsp-CE76h] [rbp-CE86h]
int v1725; // [rsp-CE74h] [rbp-CE84h]
char v1726; // [rsp-CE70h] [rbp-CE80h]
char v1727; // [rsp-CE6Fh] [rbp-CE7Fh]
signed __int16 v1728; // [rsp-CE6Eh] [rbp-CE7Eh]
int v1729; // [rsp-CE6Ch] [rbp-CE7Ch]
char v1730; // [rsp-CE68h] [rbp-CE78h]
char v1731; // [rsp-CE67h] [rbp-CE77h]
signed __int16 v1732; // [rsp-CE66h] [rbp-CE76h]
int v1733; // [rsp-CE64h] [rbp-CE74h]
char v1734; // [rsp-CE60h] [rbp-CE70h]
char v1735; // [rsp-CE5Fh] [rbp-CE6Fh]
signed __int16 v1736; // [rsp-CE5Eh] [rbp-CE6Eh]
int v1737; // [rsp-CE5Ch] [rbp-CE6Ch]
unsigned int (__fastcall *memcmp)(__int64 *, __int64 *, signed __int64); // [rsp-CE58h] [rbp-CE68h]
char v1739; // [rsp-CE50h] [rbp-CE60h]
char v1740; // [rsp-CE4Fh] [rbp-CE5Fh]
signed __int16 v1741; // [rsp-CE4Eh] [rbp-CE5Eh]
int v1742; // [rsp-CE4Ch] [rbp-CE5Ch]
char v1743; // [rsp-CE48h] [rbp-CE58h]
char v1744; // [rsp-CE47h] [rbp-CE57h]
signed __int16 v1745; // [rsp-CE46h] [rbp-CE56h]
int v1746; // [rsp-CE44h] [rbp-CE54h]
__int64 hProcess; // [rsp-CE40h] [rbp-CE50h]
__int64 hProcess_3; // [rsp-CE38h] [rbp-CE48h]
__int64 SourceProcessHandle; // [rsp-CE30h] [rbp-CE40h]
__int64 (__fastcall *GetWindow)(__int64, signed __int64); // [rsp-CE28h] [rbp-CE38h]
char *v1751; // [rsp-CE18h] [rbp-CE28h]
__int64 v1752; // [rsp-CE10h] [rbp-CE20h]
__int64 hUser32_9; // [rsp-CE08h] [rbp-CE18h]
__int64 buffer_1; // [rsp-CE00h] [rbp-CE10h]
__int64 v1755; // [rsp-CDF8h] [rbp-CE08h]
unsigned int v1756; // [rsp-CDF0h] [rbp-CE00h]
unsigned int v1757; // [rsp-CDE8h] [rbp-CDF8h]
int v1758; // [rsp-CDE4h] [rbp-CDF4h]
signed __int16 v1759; // [rsp-CDD8h] [rbp-CDE8h]
signed int v1760; // [rsp-CDD4h] [rbp-CDE4h]
char v1761; // [rsp-CDD0h] [rbp-CDE0h]
char v1762; // [rsp-CDCFh] [rbp-CDDFh]
char v1763; // [rsp-CDCEh] [rbp-CDDEh]
char v1764; // [rsp-CDCDh] [rbp-CDDDh]
char v1765; // [rsp-CDCCh] [rbp-CDDCh]
char v1766; // [rsp-CDCBh] [rbp-CDDBh]
char v1767; // [rsp-CDCAh] [rbp-CDDAh]
char v1768; // [rsp-CDC9h] [rbp-CDD9h]
char v1769; // [rsp-CDC8h] [rbp-CDD8h]
char v1770; // [rsp-CDC7h] [rbp-CDD7h]
char v1771; // [rsp-CDC6h] [rbp-CDD6h]
char v1772; // [rsp-CDC5h] [rbp-CDD5h]
char v1773; // [rsp-CDC4h] [rbp-CDD4h]
char v1774; // [rsp-CDC3h] [rbp-CDD3h]
char v1775; // [rsp-CDC2h] [rbp-CDD2h]
char v1776; // [rsp-CDC1h] [rbp-CDD1h]
char v1777; // [rsp-CDC0h] [rbp-CDD0h]
char v1778; // [rsp-CDBFh] [rbp-CDCFh]
_BYTE v1779[6]; // [rsp-CDBEh] [rbp-CDCEh]
signed __int16 v1780; // [rsp-CDB0h] [rbp-CDC0h]
signed int v1781; // [rsp-CDACh] [rbp-CDBCh]
char v1782; // [rsp-CDA8h] [rbp-CDB8h]
char v1783; // [rsp-CDA7h] [rbp-CDB7h]
char v1784; // [rsp-CDA6h] [rbp-CDB6h]
char v1785; // [rsp-CDA5h] [rbp-CDB5h]
char v1786; // [rsp-CDA4h] [rbp-CDB4h]
char v1787; // [rsp-CDA3h] [rbp-CDB3h]
char v1788; // [rsp-CDA2h] [rbp-CDB2h]
char v1789; // [rsp-CDA1h] [rbp-CDB1h]
char v1790; // [rsp-CDA0h] [rbp-CDB0h]
char v1791; // [rsp-CD9Fh] [rbp-CDAFh]
char v1792; // [rsp-CD9Eh] [rbp-CDAEh]
char v1793; // [rsp-CD9Dh] [rbp-CDADh]
char v1794; // [rsp-CD9Ch] [rbp-CDACh]
char v1795; // [rsp-CD9Bh] [rbp-CDABh]
char v1796; // [rsp-CD9Ah] [rbp-CDAAh]
char v1797; // [rsp-CD99h] [rbp-CDA9h]
char v1798; // [rsp-CD98h] [rbp-CDA8h]
char v1799; // [rsp-CD97h] [rbp-CDA7h]
char v1800; // [rsp-CD96h] [rbp-CDA6h]
char v1801; // [rsp-CD95h] [rbp-CDA5h]
char v1802; // [rsp-CD94h] [rbp-CDA4h]
char v1803; // [rsp-CD93h] [rbp-CDA3h]
char v1804; // [rsp-CD92h] [rbp-CDA2h]
char v1805; // [rsp-CD91h] [rbp-CDA1h]
char v1806; // [rsp-CD90h] [rbp-CDA0h]
char v1807; // [rsp-CD8Fh] [rbp-CD9Fh]
char v1808; // [rsp-CD8Eh] [rbp-CD9Eh]
char v1809; // [rsp-CD8Dh] [rbp-CD9Dh]
char v1810; // [rsp-CD8Ch] [rbp-CD9Ch]
_BYTE v1811[3]; // [rsp-CD8Bh] [rbp-CD9Bh]
signed __int16 v1812; // [rsp-CD88h] [rbp-CD98h]
signed int v1813; // [rsp-CD84h] [rbp-CD94h]
char v1814; // [rsp-CD80h] [rbp-CD90h]
char v1815; // [rsp-CD7Fh] [rbp-CD8Fh]
char v1816; // [rsp-CD7Eh] [rbp-CD8Eh]
char v1817; // [rsp-CD7Dh] [rbp-CD8Dh]
char v1818; // [rsp-CD7Ch] [rbp-CD8Ch]
char v1819; // [rsp-CD7Bh] [rbp-CD8Bh]
char v1820; // [rsp-CD7Ah] [rbp-CD8Ah]
char v1821; // [rsp-CD79h] [rbp-CD89h]
char v1822; // [rsp-CD78h] [rbp-CD88h]
char v1823; // [rsp-CD77h] [rbp-CD87h]
char v1824; // [rsp-CD76h] [rbp-CD86h]
char v1825; // [rsp-CD75h] [rbp-CD85h]
char v1826; // [rsp-CD74h] [rbp-CD84h]
char v1827; // [rsp-CD73h] [rbp-CD83h]
char v1828; // [rsp-CD72h] [rbp-CD82h]
char v1829; // [rsp-CD71h] [rbp-CD81h]
char v1830; // [rsp-CD70h] [rbp-CD80h]
char v1831; // [rsp-CD6Fh] [rbp-CD7Fh]
char v1832; // [rsp-CD6Eh] [rbp-CD7Eh]
char v1833; // [rsp-CD6Dh] [rbp-CD7Dh]
char v1834; // [rsp-CD6Ch] [rbp-CD7Ch]
char v1835; // [rsp-CD6Bh] [rbp-CD7Bh]
__int16 v1836; // [rsp-CD6Ah] [rbp-CD7Ah]
signed __int16 v1837; // [rsp-CD60h] [rbp-CD70h]
signed int v1838; // [rsp-CD5Ch] [rbp-CD6Ch]
char v1839; // [rsp-CD58h] [rbp-CD68h]
char v1840; // [rsp-CD57h] [rbp-CD67h]
char v1841; // [rsp-CD56h] [rbp-CD66h]
char v1842; // [rsp-CD55h] [rbp-CD65h]
char v1843; // [rsp-CD54h] [rbp-CD64h]
char v1844; // [rsp-CD53h] [rbp-CD63h]
char v1845; // [rsp-CD52h] [rbp-CD62h]
char v1846; // [rsp-CD51h] [rbp-CD61h]
char v1847; // [rsp-CD50h] [rbp-CD60h]
char v1848; // [rsp-CD4Fh] [rbp-CD5Fh]
char v1849; // [rsp-CD4Eh] [rbp-CD5Eh]
char v1850; // [rsp-CD4Dh] [rbp-CD5Dh]
char v1851; // [rsp-CD4Ch] [rbp-CD5Ch]
char v1852; // [rsp-CD4Bh] [rbp-CD5Bh]
char v1853; // [rsp-CD4Ah] [rbp-CD5Ah]
char v1854; // [rsp-CD49h] [rbp-CD59h]
char v1855; // [rsp-CD48h] [rbp-CD58h]
char v1856; // [rsp-CD47h] [rbp-CD57h]
char v1857; // [rsp-CD46h] [rbp-CD56h]
char v1858; // [rsp-CD45h] [rbp-CD55h]
char v1859; // [rsp-CD44h] [rbp-CD54h]
char v1860; // [rsp-CD43h] [rbp-CD53h]
char v1861; // [rsp-CD42h] [rbp-CD52h]
char v1862; // [rsp-CD41h] [rbp-CD51h]
char v1863; // [rsp-CD40h] [rbp-CD50h]
char v1864; // [rsp-CD3Fh] [rbp-CD4Fh]
char v1865; // [rsp-CD3Eh] [rbp-CD4Eh]
char v1866; // [rsp-CD3Dh] [rbp-CD4Dh]
char v1867; // [rsp-CD3Ch] [rbp-CD4Ch]
char v1868; // [rsp-CD3Bh] [rbp-CD4Bh]
char v1869; // [rsp-CD3Ah] [rbp-CD4Ah]
char v1870; // [rsp-CD39h] [rbp-CD49h]
signed __int16 v1871; // [rsp-CD38h] [rbp-CD48h]
signed int v1872; // [rsp-CD34h] [rbp-CD44h]
char v1873; // [rsp-CD30h] [rbp-CD40h]
char v1874; // [rsp-CD2Fh] [rbp-CD3Fh]
char v1875; // [rsp-CD2Eh] [rbp-CD3Eh]
char v1876; // [rsp-CD2Dh] [rbp-CD3Dh]
char v1877; // [rsp-CD2Ch] [rbp-CD3Ch]
char v1878; // [rsp-CD2Bh] [rbp-CD3Bh]
char v1879; // [rsp-CD2Ah] [rbp-CD3Ah]
char v1880; // [rsp-CD29h] [rbp-CD39h]
char v1881; // [rsp-CD28h] [rbp-CD38h]
char v1882; // [rsp-CD27h] [rbp-CD37h]
char v1883; // [rsp-CD26h] [rbp-CD36h]
char v1884; // [rsp-CD25h] [rbp-CD35h]
char v1885; // [rsp-CD24h] [rbp-CD34h]
char v1886; // [rsp-CD23h] [rbp-CD33h]
char v1887; // [rsp-CD22h] [rbp-CD32h]
char v1888; // [rsp-CD21h] [rbp-CD31h]
signed __int16 v1889; // [rsp-CD10h] [rbp-CD20h]
signed int v1890; // [rsp-CD0Ch] [rbp-CD1Ch]
char v1891; // [rsp-CD08h] [rbp-CD18h]
char v1892; // [rsp-CD07h] [rbp-CD17h]
char v1893; // [rsp-CD06h] [rbp-CD16h]
char v1894; // [rsp-CD05h] [rbp-CD15h]
char v1895; // [rsp-CD04h] [rbp-CD14h]
char v1896; // [rsp-CD03h] [rbp-CD13h]
char v1897; // [rsp-CD02h] [rbp-CD12h]
char v1898; // [rsp-CD01h] [rbp-CD11h]
char v1899; // [rsp-CD00h] [rbp-CD10h]
char v1900; // [rsp-CCFFh] [rbp-CD0Fh]
char v1901; // [rsp-CCFEh] [rbp-CD0Eh]
char v1902; // [rsp-CCFDh] [rbp-CD0Dh]
char v1903; // [rsp-CCFCh] [rbp-CD0Ch]
char v1904; // [rsp-CCFBh] [rbp-CD0Bh]
char v1905; // [rsp-CCFAh] [rbp-CD0Ah]
char v1906; // [rsp-CCF9h] [rbp-CD09h]
char v1907; // [rsp-CCF8h] [rbp-CD08h]
char v1908; // [rsp-CCF7h] [rbp-CD07h]
char v1909; // [rsp-CCF6h] [rbp-CD06h]
char v1910; // [rsp-CCF5h] [rbp-CD05h]
char v1911; // [rsp-CCF4h] [rbp-CD04h]
char v1912; // [rsp-CCF3h] [rbp-CD03h]
char v1913; // [rsp-CCF2h] [rbp-CD02h]
char v1914; // [rsp-CCF1h] [rbp-CD01h]
char v1915; // [rsp-CCF0h] [rbp-CD00h]
char v1916; // [rsp-CCEFh] [rbp-CCFFh]
char v1917; // [rsp-CCEEh] [rbp-CCFEh]
char v1918; // [rsp-CCEDh] [rbp-CCFDh]
char v1919; // [rsp-CCECh] [rbp-CCFCh]
char v1920; // [rsp-CCEBh] [rbp-CCFBh]
char v1921; // [rsp-CCEAh] [rbp-CCFAh]
char v1922; // [rsp-CCE9h] [rbp-CCF9h]
signed __int16 v1923; // [rsp-CCE8h] [rbp-CCF8h]
signed int v1924; // [rsp-CCE4h] [rbp-CCF4h]
char v1925; // [rsp-CCE0h] [rbp-CCF0h]
char v1926; // [rsp-CCDFh] [rbp-CCEFh]
char v1927; // [rsp-CCDEh] [rbp-CCEEh]
char v1928; // [rsp-CCDDh] [rbp-CCEDh]
char v1929; // [rsp-CCDCh] [rbp-CCECh]
char v1930; // [rsp-CCDBh] [rbp-CCEBh]
char v1931; // [rsp-CCDAh] [rbp-CCEAh]
char v1932; // [rsp-CCD9h] [rbp-CCE9h]
char v1933; // [rsp-CCD8h] [rbp-CCE8h]
char v1934; // [rsp-CCD7h] [rbp-CCE7h]
char v1935; // [rsp-CCD6h] [rbp-CCE6h]
char v1936; // [rsp-CCD5h] [rbp-CCE5h]
int v1937; // [rsp-CCD4h] [rbp-CCE4h]
signed __int16 v1938; // [rsp-CCC0h] [rbp-CCD0h]
signed int v1939; // [rsp-CCBCh] [rbp-CCCCh]
char v1940; // [rsp-CCB8h] [rbp-CCC8h]
char v1941; // [rsp-CCB7h] [rbp-CCC7h]
char v1942; // [rsp-CCB6h] [rbp-CCC6h]
char v1943; // [rsp-CCB5h] [rbp-CCC5h]
char v1944; // [rsp-CCB4h] [rbp-CCC4h]
char v1945; // [rsp-CCB3h] [rbp-CCC3h]
char v1946; // [rsp-CCB2h] [rbp-CCC2h]
char v1947; // [rsp-CCB1h] [rbp-CCC1h]
char v1948; // [rsp-CCB0h] [rbp-CCC0h]
char v1949; // [rsp-CCAFh] [rbp-CCBFh]
char v1950; // [rsp-CCAEh] [rbp-CCBEh]
char v1951; // [rsp-CCADh] [rbp-CCBDh]
char v1952; // [rsp-CCACh] [rbp-CCBCh]
char v1953; // [rsp-CCABh] [rbp-CCBBh]
char v1954; // [rsp-CCAAh] [rbp-CCBAh]
char v1955; // [rsp-CCA9h] [rbp-CCB9h]
__int64 v1956; // [rsp-CCA8h] [rbp-CCB8h]
signed __int16 v1957; // [rsp-CC98h] [rbp-CCA8h]
signed int v1958; // [rsp-CC94h] [rbp-CCA4h]
char v1959; // [rsp-CC90h] [rbp-CCA0h]
char v1960; // [rsp-CC8Fh] [rbp-CC9Fh]
char v1961; // [rsp-CC8Eh] [rbp-CC9Eh]
char v1962; // [rsp-CC8Dh] [rbp-CC9Dh]
char v1963; // [rsp-CC8Ch] [rbp-CC9Ch]
char v1964; // [rsp-CC8Bh] [rbp-CC9Bh]
char v1965; // [rsp-CC8Ah] [rbp-CC9Ah]
char v1966; // [rsp-CC89h] [rbp-CC99h]
char v1967; // [rsp-CC88h] [rbp-CC98h]
char v1968; // [rsp-CC87h] [rbp-CC97h]
char v1969; // [rsp-CC86h] [rbp-CC96h]
char v1970; // [rsp-CC85h] [rbp-CC95h]
char v1971; // [rsp-CC84h] [rbp-CC94h]
char v1972; // [rsp-CC83h] [rbp-CC93h]
char v1973; // [rsp-CC82h] [rbp-CC92h]
char v1974; // [rsp-CC81h] [rbp-CC91h]
char v1975; // [rsp-CC80h] [rbp-CC90h]
char v1976; // [rsp-CC7Fh] [rbp-CC8Fh]
char v1977; // [rsp-CC7Eh] [rbp-CC8Eh]
char v1978; // [rsp-CC7Dh] [rbp-CC8Dh]
char v1979; // [rsp-CC7Ch] [rbp-CC8Ch]
char v1980; // [rsp-CC7Bh] [rbp-CC8Bh]
char v1981; // [rsp-CC7Ah] [rbp-CC8Ah]
char v1982; // [rsp-CC79h] [rbp-CC89h]
char v1983; // [rsp-CC78h] [rbp-CC88h]
char v1984; // [rsp-CC77h] [rbp-CC87h]
char v1985; // [rsp-CC76h] [rbp-CC86h]
char v1986; // [rsp-CC75h] [rbp-CC85h]
char v1987; // [rsp-CC74h] [rbp-CC84h]
char v1988; // [rsp-CC73h] [rbp-CC83h]
char v1989; // [rsp-CC72h] [rbp-CC82h]
char v1990; // [rsp-CC71h] [rbp-CC81h]
signed __int16 v1991; // [rsp-CC70h] [rbp-CC80h]
signed int v1992; // [rsp-CC6Ch] [rbp-CC7Ch]
char v1993; // [rsp-CC68h] [rbp-CC78h]
char v1994; // [rsp-CC67h] [rbp-CC77h]
char v1995; // [rsp-CC66h] [rbp-CC76h]
char v1996; // [rsp-CC65h] [rbp-CC75h]
char v1997; // [rsp-CC64h] [rbp-CC74h]
char v1998; // [rsp-CC63h] [rbp-CC73h]
char v1999; // [rsp-CC62h] [rbp-CC72h]
char v2000; // [rsp-CC61h] [rbp-CC71h]
char v2001; // [rsp-CC60h] [rbp-CC70h]
char v2002; // [rsp-CC5Fh] [rbp-CC6Fh]
char v2003; // [rsp-CC5Eh] [rbp-CC6Eh]
char v2004; // [rsp-CC5Dh] [rbp-CC6Dh]
char v2005; // [rsp-CC5Ch] [rbp-CC6Ch]
char v2006; // [rsp-CC5Bh] [rbp-CC6Bh]
char v2007; // [rsp-CC5Ah] [rbp-CC6Ah]
char v2008; // [rsp-CC59h] [rbp-CC69h]
char v2009; // [rsp-CC58h] [rbp-CC68h]
char v2010; // [rsp-CC57h] [rbp-CC67h]
char v2011; // [rsp-CC56h] [rbp-CC66h]
char v2012; // [rsp-CC55h] [rbp-CC65h]
char v2013; // [rsp-CC54h] [rbp-CC64h]
char v2014; // [rsp-CC53h] [rbp-CC63h]
char v2015; // [rsp-CC52h] [rbp-CC62h]
char v2016; // [rsp-CC51h] [rbp-CC61h]
char v2017; // [rsp-CC50h] [rbp-CC60h]
char v2018; // [rsp-CC4Fh] [rbp-CC5Fh]
char v2019; // [rsp-CC4Eh] [rbp-CC5Eh]
char v2020; // [rsp-CC4Dh] [rbp-CC5Dh]
char v2021; // [rsp-CC4Ch] [rbp-CC5Ch]
char v2022; // [rsp-CC4Bh] [rbp-CC5Bh]
char v2023; // [rsp-CC4Ah] [rbp-CC5Ah]
char v2024; // [rsp-CC49h] [rbp-CC59h]
signed __int16 v2025; // [rsp-CC48h] [rbp-CC58h]
signed int v2026; // [rsp-CC44h] [rbp-CC54h]
char v2027; // [rsp-CC40h] [rbp-CC50h]
char v2028; // [rsp-CC3Fh] [rbp-CC4Fh]
char v2029; // [rsp-CC3Eh] [rbp-CC4Eh]
char v2030; // [rsp-CC3Dh] [rbp-CC4Dh]
char v2031; // [rsp-CC3Ch] [rbp-CC4Ch]
char v2032; // [rsp-CC3Bh] [rbp-CC4Bh]
char v2033; // [rsp-CC3Ah] [rbp-CC4Ah]
char v2034; // [rsp-CC39h] [rbp-CC49h]
char v2035; // [rsp-CC38h] [rbp-CC48h]
char v2036; // [rsp-CC37h] [rbp-CC47h]
char v2037; // [rsp-CC36h] [rbp-CC46h]
char v2038; // [rsp-CC35h] [rbp-CC45h]
char v2039; // [rsp-CC34h] [rbp-CC44h]
char v2040; // [rsp-CC33h] [rbp-CC43h]
char v2041; // [rsp-CC32h] [rbp-CC42h]
char v2042; // [rsp-CC31h] [rbp-CC41h]
__int64 v2043; // [rsp-CC30h] [rbp-CC40h]
signed __int16 v2044; // [rsp-CC20h] [rbp-CC30h]
signed int v2045; // [rsp-CC1Ch] [rbp-CC2Ch]
char v2046; // [rsp-CC18h] [rbp-CC28h]
char v2047; // [rsp-CC17h] [rbp-CC27h]
char v2048; // [rsp-CC16h] [rbp-CC26h]
char v2049; // [rsp-CC15h] [rbp-CC25h]
char v2050; // [rsp-CC14h] [rbp-CC24h]
char v2051; // [rsp-CC13h] [rbp-CC23h]
char v2052; // [rsp-CC12h] [rbp-CC22h]
char v2053; // [rsp-CC11h] [rbp-CC21h]
char v2054; // [rsp-CC10h] [rbp-CC20h]
char v2055; // [rsp-CC0Fh] [rbp-CC1Fh]
char v2056; // [rsp-CC0Eh] [rbp-CC1Eh]
char v2057; // [rsp-CC0Dh] [rbp-CC1Dh]
char v2058; // [rsp-CC0Ch] [rbp-CC1Ch]
char v2059; // [rsp-CC0Bh] [rbp-CC1Bh]
char v2060; // [rsp-CC0Ah] [rbp-CC1Ah]
char v2061; // [rsp-CC09h] [rbp-CC19h]
char v2062; // [rsp-CC08h] [rbp-CC18h]
char v2063; // [rsp-CC07h] [rbp-CC17h]
char v2064; // [rsp-CC06h] [rbp-CC16h]
char v2065; // [rsp-CC05h] [rbp-CC15h]
int v2066; // [rsp-CC04h] [rbp-CC14h]
signed __int16 v2067; // [rsp-CBF8h] [rbp-CC08h]
signed int v2068; // [rsp-CBF4h] [rbp-CC04h]
char v2069; // [rsp-CBF0h] [rbp-CC00h]
char v2070; // [rsp-CBEFh] [rbp-CBFFh]
char v2071; // [rsp-CBEEh] [rbp-CBFEh]
char v2072; // [rsp-CBEDh] [rbp-CBFDh]
char v2073; // [rsp-CBECh] [rbp-CBFCh]
char v2074; // [rsp-CBEBh] [rbp-CBFBh]
char v2075; // [rsp-CBEAh] [rbp-CBFAh]
char v2076; // [rsp-CBE9h] [rbp-CBF9h]
char v2077; // [rsp-CBE8h] [rbp-CBF8h]
char v2078; // [rsp-CBE7h] [rbp-CBF7h]
char v2079; // [rsp-CBE6h] [rbp-CBF6h]
char v2080; // [rsp-CBE5h] [rbp-CBF5h]
char v2081; // [rsp-CBE4h] [rbp-CBF4h]
char v2082; // [rsp-CBE3h] [rbp-CBF3h]
__int16 v2083; // [rsp-CBE2h] [rbp-CBF2h]
signed __int16 v2084; // [rsp-CBD0h] [rbp-CBE0h]
signed int v2085; // [rsp-CBCCh] [rbp-CBDCh]
char v2086; // [rsp-CBC8h] [rbp-CBD8h]
char v2087; // [rsp-CBC7h] [rbp-CBD7h]
char v2088; // [rsp-CBC6h] [rbp-CBD6h]
char v2089; // [rsp-CBC5h] [rbp-CBD5h]
char v2090; // [rsp-CBC4h] [rbp-CBD4h]
char v2091; // [rsp-CBC3h] [rbp-CBD3h]
char v2092; // [rsp-CBC2h] [rbp-CBD2h]
char v2093; // [rsp-CBC1h] [rbp-CBD1h]
char v2094; // [rsp-CBC0h] [rbp-CBD0h]
char v2095; // [rsp-CBBFh] [rbp-CBCFh]
char v2096; // [rsp-CBBEh] [rbp-CBCEh]
char v2097; // [rsp-CBBDh] [rbp-CBCDh]
char v2098; // [rsp-CBBCh] [rbp-CBCCh]
char v2099; // [rsp-CBBBh] [rbp-CBCBh]
__int16 v2100; // [rsp-CBBAh] [rbp-CBCAh]
signed __int16 v2101; // [rsp-CBA8h] [rbp-CBB8h]
signed int v2102; // [rsp-CBA4h] [rbp-CBB4h]
char v2103; // [rsp-CBA0h] [rbp-CBB0h]
char v2104; // [rsp-CB9Fh] [rbp-CBAFh]
char v2105; // [rsp-CB9Eh] [rbp-CBAEh]
char v2106; // [rsp-CB9Dh] [rbp-CBADh]
char v2107; // [rsp-CB9Ch] [rbp-CBACh]
char v2108; // [rsp-CB9Bh] [rbp-CBABh]
char v2109; // [rsp-CB9Ah] [rbp-CBAAh]
char v2110; // [rsp-CB99h] [rbp-CBA9h]
char v2111; // [rsp-CB98h] [rbp-CBA8h]
char v2112; // [rsp-CB97h] [rbp-CBA7h]
char v2113; // [rsp-CB96h] [rbp-CBA6h]
char v2114; // [rsp-CB95h] [rbp-CBA5h]
char v2115; // [rsp-CB94h] [rbp-CBA4h]
char v2116; // [rsp-CB93h] [rbp-CBA3h]
char v2117; // [rsp-CB92h] [rbp-CBA2h]
char v2118; // [rsp-CB91h] [rbp-CBA1h]
char v2119; // [rsp-CB90h] [rbp-CBA0h]
char v2120; // [rsp-CB8Fh] [rbp-CB9Fh]
char v2121; // [rsp-CB8Eh] [rbp-CB9Eh]
char v2122; // [rsp-CB8Dh] [rbp-CB9Dh]
char v2123; // [rsp-CB8Ch] [rbp-CB9Ch]
char v2124; // [rsp-CB8Bh] [rbp-CB9Bh]
char v2125; // [rsp-CB8Ah] [rbp-CB9Ah]
char v2126; // [rsp-CB89h] [rbp-CB99h]
char v2127; // [rsp-CB88h] [rbp-CB98h]
char v2128; // [rsp-CB87h] [rbp-CB97h]
char v2129; // [rsp-CB86h] [rbp-CB96h]
char v2130; // [rsp-CB85h] [rbp-CB95h]
char v2131; // [rsp-CB84h] [rbp-CB94h]
char v2132; // [rsp-CB83h] [rbp-CB93h]
char v2133; // [rsp-CB82h] [rbp-CB92h]
char v2134; // [rsp-CB81h] [rbp-CB91h]
signed __int16 v2135; // [rsp-CB80h] [rbp-CB90h]
signed int v2136; // [rsp-CB7Ch] [rbp-CB8Ch]
char v2137; // [rsp-CB78h] [rbp-CB88h]
char v2138; // [rsp-CB77h] [rbp-CB87h]
_BYTE v2139[6]; // [rsp-CB76h] [rbp-CB86h]
signed __int16 v2140; // [rsp-CB58h] [rbp-CB68h]
signed int v2141; // [rsp-CB54h] [rbp-CB64h]
char v2142; // [rsp-CB50h] [rbp-CB60h]
char v2143; // [rsp-CB4Fh] [rbp-CB5Fh]
_BYTE v2144[6]; // [rsp-CB4Eh] [rbp-CB5Eh]
signed __int16 v2145; // [rsp-CB30h] [rbp-CB40h]
signed int v2146; // [rsp-CB2Ch] [rbp-CB3Ch]
char v2147; // [rsp-CB28h] [rbp-CB38h]
char v2148; // [rsp-CB27h] [rbp-CB37h]
_BYTE v2149[6]; // [rsp-CB26h] [rbp-CB36h]
signed __int16 v2150; // [rsp-CB08h] [rbp-CB18h]
signed int v2151; // [rsp-CB04h] [rbp-CB14h]
char v2152; // [rsp-CB00h] [rbp-CB10h]
char v2153; // [rsp-CAFFh] [rbp-CB0Fh]
char v2154; // [rsp-CAFEh] [rbp-CB0Eh]
char v2155; // [rsp-CAFDh] [rbp-CB0Dh]
char v2156; // [rsp-CAFCh] [rbp-CB0Ch]
char v2157; // [rsp-CAFBh] [rbp-CB0Bh]
char v2158; // [rsp-CAFAh] [rbp-CB0Ah]
char v2159; // [rsp-CAF9h] [rbp-CB09h]
char v2160; // [rsp-CAF8h] [rbp-CB08h]
char v2161; // [rsp-CAF7h] [rbp-CB07h]
char v2162; // [rsp-CAF6h] [rbp-CB06h]
char v2163; // [rsp-CAF5h] [rbp-CB05h]
char v2164; // [rsp-CAF4h] [rbp-CB04h]
char v2165; // [rsp-CAF3h] [rbp-CB03h]
char v2166; // [rsp-CAF2h] [rbp-CB02h]
char v2167; // [rsp-CAF1h] [rbp-CB01h]
char v2168; // [rsp-CAF0h] [rbp-CB00h]
char v2169; // [rsp-CAEFh] [rbp-CAFFh]
char v2170; // [rsp-CAEEh] [rbp-CAFEh]
char v2171; // [rsp-CAEDh] [rbp-CAFDh]
char v2172; // [rsp-CAECh] [rbp-CAFCh]
char v2173; // [rsp-CAEBh] [rbp-CAFBh]
char v2174; // [rsp-CAEAh] [rbp-CAFAh]
char v2175; // [rsp-CAE9h] [rbp-CAF9h]
char v2176; // [rsp-CAE8h] [rbp-CAF8h]
_BYTE v2177[7]; // [rsp-CAE7h] [rbp-CAF7h]
signed __int16 v2178; // [rsp-CAE0h] [rbp-CAF0h]
signed int v2179; // [rsp-CADCh] [rbp-CAECh]
char v2180; // [rsp-CAD8h] [rbp-CAE8h]
char v2181; // [rsp-CAD7h] [rbp-CAE7h]
char v2182; // [rsp-CAD6h] [rbp-CAE6h]
char v2183; // [rsp-CAD5h] [rbp-CAE5h]
char v2184; // [rsp-CAD4h] [rbp-CAE4h]
char v2185; // [rsp-CAD3h] [rbp-CAE3h]
char v2186; // [rsp-CAD2h] [rbp-CAE2h]
char v2187; // [rsp-CAD1h] [rbp-CAE1h]
char v2188; // [rsp-CAD0h] [rbp-CAE0h]
char v2189; // [rsp-CACFh] [rbp-CADFh]
_BYTE v2190[6]; // [rsp-CACEh] [rbp-CADEh]
signed __int16 v2191; // [rsp-CAB8h] [rbp-CAC8h]
signed int v2192; // [rsp-CAB4h] [rbp-CAC4h]
char v2193; // [rsp-CAB0h] [rbp-CAC0h]
char v2194; // [rsp-CAAFh] [rbp-CABFh]
char v2195; // [rsp-CAAEh] [rbp-CABEh]
char v2196; // [rsp-CAADh] [rbp-CABDh]
char v2197; // [rsp-CAACh] [rbp-CABCh]
char v2198; // [rsp-CAABh] [rbp-CABBh]
char v2199; // [rsp-CAAAh] [rbp-CABAh]
char v2200; // [rsp-CAA9h] [rbp-CAB9h]
char v2201; // [rsp-CAA8h] [rbp-CAB8h]
char v2202; // [rsp-CAA7h] [rbp-CAB7h]
char v2203; // [rsp-CAA6h] [rbp-CAB6h]
_BYTE v2204[5]; // [rsp-CAA5h] [rbp-CAB5h]
signed __int16 v2205; // [rsp-CA90h] [rbp-CAA0h]
signed int v2206; // [rsp-CA8Ch] [rbp-CA9Ch]
char v2207; // [rsp-CA88h] [rbp-CA98h]
char v2208; // [rsp-CA87h] [rbp-CA97h]
char v2209; // [rsp-CA86h] [rbp-CA96h]
char v2210; // [rsp-CA85h] [rbp-CA95h]
char v2211; // [rsp-CA84h] [rbp-CA94h]
char v2212; // [rsp-CA83h] [rbp-CA93h]
char v2213; // [rsp-CA82h] [rbp-CA92h]
char v2214; // [rsp-CA81h] [rbp-CA91h]
char v2215; // [rsp-CA80h] [rbp-CA90h]
char v2216; // [rsp-CA7Fh] [rbp-CA8Fh]
char v2217; // [rsp-CA7Eh] [rbp-CA8Eh]
char v2218; // [rsp-CA7Dh] [rbp-CA8Dh]
char v2219; // [rsp-CA7Ch] [rbp-CA8Ch]
char v2220; // [rsp-CA7Bh] [rbp-CA8Bh]
char v2221; // [rsp-CA7Ah] [rbp-CA8Ah]
char v2222; // [rsp-CA79h] [rbp-CA89h]
char v2223; // [rsp-CA78h] [rbp-CA88h]
char v2224; // [rsp-CA77h] [rbp-CA87h]
char v2225; // [rsp-CA76h] [rbp-CA86h]
char v2226; // [rsp-CA75h] [rbp-CA85h]
char v2227; // [rsp-CA74h] [rbp-CA84h]
char v2228; // [rsp-CA73h] [rbp-CA83h]
char v2229; // [rsp-CA72h] [rbp-CA82h]
char v2230; // [rsp-CA71h] [rbp-CA81h]
char v2231; // [rsp-CA70h] [rbp-CA80h]
char v2232; // [rsp-CA6Fh] [rbp-CA7Fh]
char v2233; // [rsp-CA6Eh] [rbp-CA7Eh]
char v2234; // [rsp-CA6Dh] [rbp-CA7Dh]
char v2235; // [rsp-CA6Ch] [rbp-CA7Ch]
char v2236; // [rsp-CA6Bh] [rbp-CA7Bh]
char v2237; // [rsp-CA6Ah] [rbp-CA7Ah]
char v2238; // [rsp-CA69h] [rbp-CA79h]
signed __int16 v2239; // [rsp-CA68h] [rbp-CA78h]
signed int v2240; // [rsp-CA64h] [rbp-CA74h]
char v2241; // [rsp-CA60h] [rbp-CA70h]
char v2242; // [rsp-CA5Fh] [rbp-CA6Fh]
char v2243; // [rsp-CA5Eh] [rbp-CA6Eh]
char v2244; // [rsp-CA5Dh] [rbp-CA6Dh]
char v2245; // [rsp-CA5Ch] [rbp-CA6Ch]
char v2246; // [rsp-CA5Bh] [rbp-CA6Bh]
char v2247; // [rsp-CA5Ah] [rbp-CA6Ah]
char v2248; // [rsp-CA59h] [rbp-CA69h]
char v2249; // [rsp-CA58h] [rbp-CA68h]
char v2250; // [rsp-CA57h] [rbp-CA67h]
char v2251; // [rsp-CA56h] [rbp-CA66h]
char v2252; // [rsp-CA55h] [rbp-CA65h]
char v2253; // [rsp-CA54h] [rbp-CA64h]
char v2254; // [rsp-CA53h] [rbp-CA63h]
char v2255; // [rsp-CA52h] [rbp-CA62h]
char v2256; // [rsp-CA51h] [rbp-CA61h]
char v2257; // [rsp-CA50h] [rbp-CA60h]
char v2258; // [rsp-CA4Fh] [rbp-CA5Fh]
char v2259; // [rsp-CA4Eh] [rbp-CA5Eh]
char v2260; // [rsp-CA4Dh] [rbp-CA5Dh]
char v2261; // [rsp-CA4Ch] [rbp-CA5Ch]
char v2262; // [rsp-CA4Bh] [rbp-CA5Bh]
char v2263; // [rsp-CA4Ah] [rbp-CA5Ah]
char v2264; // [rsp-CA49h] [rbp-CA59h]
char v2265; // [rsp-CA48h] [rbp-CA58h]
char v2266; // [rsp-CA47h] [rbp-CA57h]
char v2267; // [rsp-CA46h] [rbp-CA56h]
char v2268; // [rsp-CA45h] [rbp-CA55h]
char v2269; // [rsp-CA44h] [rbp-CA54h]
char v2270; // [rsp-CA43h] [rbp-CA53h]
char v2271; // [rsp-CA42h] [rbp-CA52h]
char v2272; // [rsp-CA41h] [rbp-CA51h]
signed __int16 v2273; // [rsp-CA40h] [rbp-CA50h]
signed int v2274; // [rsp-CA3Ch] [rbp-CA4Ch]
char v2275; // [rsp-CA38h] [rbp-CA48h]
char v2276; // [rsp-CA37h] [rbp-CA47h]
char v2277; // [rsp-CA36h] [rbp-CA46h]
char v2278; // [rsp-CA35h] [rbp-CA45h]
char v2279; // [rsp-CA34h] [rbp-CA44h]
char v2280; // [rsp-CA33h] [rbp-CA43h]
char v2281; // [rsp-CA32h] [rbp-CA42h]
char v2282; // [rsp-CA31h] [rbp-CA41h]
char v2283; // [rsp-CA30h] [rbp-CA40h]
char v2284; // [rsp-CA2Fh] [rbp-CA3Fh]
char v2285; // [rsp-CA2Eh] [rbp-CA3Eh]
char v2286; // [rsp-CA2Dh] [rbp-CA3Dh]
char v2287; // [rsp-CA2Ch] [rbp-CA3Ch]
char v2288; // [rsp-CA2Bh] [rbp-CA3Bh]
char v2289; // [rsp-CA2Ah] [rbp-CA3Ah]
char v2290; // [rsp-CA29h] [rbp-CA39h]
char v2291; // [rsp-CA28h] [rbp-CA38h]
char v2292; // [rsp-CA27h] [rbp-CA37h]
char v2293; // [rsp-CA26h] [rbp-CA36h]
char v2294; // [rsp-CA25h] [rbp-CA35h]
char v2295; // [rsp-CA24h] [rbp-CA34h]
char v2296; // [rsp-CA23h] [rbp-CA33h]
char v2297; // [rsp-CA22h] [rbp-CA32h]
char v2298; // [rsp-CA21h] [rbp-CA31h]
char v2299; // [rsp-CA20h] [rbp-CA30h]
char v2300; // [rsp-CA1Fh] [rbp-CA2Fh]
char v2301; // [rsp-CA1Eh] [rbp-CA2Eh]
char v2302; // [rsp-CA1Dh] [rbp-CA2Dh]
char v2303; // [rsp-CA1Ch] [rbp-CA2Ch]
char v2304; // [rsp-CA1Bh] [rbp-CA2Bh]
char v2305; // [rsp-CA1Ah] [rbp-CA2Ah]
char v2306; // [rsp-CA19h] [rbp-CA29h]
signed __int16 v2307; // [rsp-CA18h] [rbp-CA28h]
signed int v2308; // [rsp-CA14h] [rbp-CA24h]
char v2309; // [rsp-CA10h] [rbp-CA20h]
char v2310; // [rsp-CA0Fh] [rbp-CA1Fh]
char v2311; // [rsp-CA0Eh] [rbp-CA1Eh]
_BYTE v2312[5]; // [rsp-CA0Dh] [rbp-CA1Dh]
signed __int16 v2313; // [rsp-C9F0h] [rbp-CA00h]
signed int v2314; // [rsp-C9ECh] [rbp-C9FCh]
char v2315; // [rsp-C9E8h] [rbp-C9F8h]
char v2316; // [rsp-C9E7h] [rbp-C9F7h]
char v2317; // [rsp-C9E6h] [rbp-C9F6h]
char v2318; // [rsp-C9E5h] [rbp-C9F5h]
char v2319; // [rsp-C9E4h] [rbp-C9F4h]
char v2320; // [rsp-C9E3h] [rbp-C9F3h]
char v2321; // [rsp-C9E2h] [rbp-C9F2h]
char v2322; // [rsp-C9E1h] [rbp-C9F1h]
char v2323; // [rsp-C9E0h] [rbp-C9F0h]
char v2324; // [rsp-C9DFh] [rbp-C9EFh]
char v2325; // [rsp-C9DEh] [rbp-C9EEh]
char v2326; // [rsp-C9DDh] [rbp-C9EDh]
char v2327; // [rsp-C9DCh] [rbp-C9ECh]
char v2328; // [rsp-C9DBh] [rbp-C9EBh]
char v2329; // [rsp-C9DAh] [rbp-C9EAh]
char v2330; // [rsp-C9D9h] [rbp-C9E9h]
char v2331; // [rsp-C9D8h] [rbp-C9E8h]
char v2332; // [rsp-C9D7h] [rbp-C9E7h]
char v2333; // [rsp-C9D6h] [rbp-C9E6h]
char v2334; // [rsp-C9D5h] [rbp-C9E5h]
char v2335; // [rsp-C9D4h] [rbp-C9E4h]
char v2336; // [rsp-C9D3h] [rbp-C9E3h]
char v2337; // [rsp-C9D2h] [rbp-C9E2h]
char v2338; // [rsp-C9D1h] [rbp-C9E1h]
char v2339; // [rsp-C9D0h] [rbp-C9E0h]
char v2340; // [rsp-C9CFh] [rbp-C9DFh]
char v2341; // [rsp-C9CEh] [rbp-C9DEh]
char v2342; // [rsp-C9CDh] [rbp-C9DDh]
char v2343; // [rsp-C9CCh] [rbp-C9DCh]
char v2344; // [rsp-C9CBh] [rbp-C9DBh]
char v2345; // [rsp-C9CAh] [rbp-C9DAh]
char v2346; // [rsp-C9C9h] [rbp-C9D9h]
signed __int16 v2347; // [rsp-C9C8h] [rbp-C9D8h]
signed int v2348; // [rsp-C9C4h] [rbp-C9D4h]
char v2349; // [rsp-C9C0h] [rbp-C9D0h]
char v2350; // [rsp-C9BFh] [rbp-C9CFh]
char v2351; // [rsp-C9BEh] [rbp-C9CEh]
char v2352; // [rsp-C9BDh] [rbp-C9CDh]
char v2353; // [rsp-C9BCh] [rbp-C9CCh]
char v2354; // [rsp-C9BBh] [rbp-C9CBh]
char v2355; // [rsp-C9BAh] [rbp-C9CAh]
char v2356; // [rsp-C9B9h] [rbp-C9C9h]
char v2357; // [rsp-C9B8h] [rbp-C9C8h]
char v2358; // [rsp-C9B7h] [rbp-C9C7h]
char v2359; // [rsp-C9B6h] [rbp-C9C6h]
char v2360; // [rsp-C9B5h] [rbp-C9C5h]
char v2361; // [rsp-C9B4h] [rbp-C9C4h]
char v2362; // [rsp-C9B3h] [rbp-C9C3h]
char v2363; // [rsp-C9B2h] [rbp-C9C2h]
char v2364; // [rsp-C9B1h] [rbp-C9C1h]
char v2365; // [rsp-C9B0h] [rbp-C9C0h]
char v2366; // [rsp-C9AFh] [rbp-C9BFh]
char v2367; // [rsp-C9AEh] [rbp-C9BEh]
char v2368; // [rsp-C9ADh] [rbp-C9BDh]
char v2369; // [rsp-C9ACh] [rbp-C9BCh]
char v2370; // [rsp-C9ABh] [rbp-C9BBh]
char v2371; // [rsp-C9AAh] [rbp-C9BAh]
char v2372; // [rsp-C9A9h] [rbp-C9B9h]
char v2373; // [rsp-C9A8h] [rbp-C9B8h]
char v2374; // [rsp-C9A7h] [rbp-C9B7h]
char v2375; // [rsp-C9A6h] [rbp-C9B6h]
char v2376; // [rsp-C9A5h] [rbp-C9B5h]
char v2377; // [rsp-C9A4h] [rbp-C9B4h]
char v2378; // [rsp-C9A3h] [rbp-C9B3h]
char v2379; // [rsp-C9A2h] [rbp-C9B2h]
char v2380; // [rsp-C9A1h] [rbp-C9B1h]
signed __int16 v2381; // [rsp-C9A0h] [rbp-C9B0h]
signed int v2382; // [rsp-C99Ch] [rbp-C9ACh]
char v2383; // [rsp-C998h] [rbp-C9A8h]
char v2384; // [rsp-C997h] [rbp-C9A7h]
char v2385; // [rsp-C996h] [rbp-C9A6h]
char v2386; // [rsp-C995h] [rbp-C9A5h]
char v2387; // [rsp-C994h] [rbp-C9A4h]
char v2388; // [rsp-C993h] [rbp-C9A3h]
char v2389; // [rsp-C992h] [rbp-C9A2h]
char v2390; // [rsp-C991h] [rbp-C9A1h]
char v2391; // [rsp-C990h] [rbp-C9A0h]
char v2392; // [rsp-C98Fh] [rbp-C99Fh]
char v2393; // [rsp-C98Eh] [rbp-C99Eh]
char v2394; // [rsp-C98Dh] [rbp-C99Dh]
char v2395; // [rsp-C98Ch] [rbp-C99Ch]
char v2396; // [rsp-C98Bh] [rbp-C99Bh]
char v2397; // [rsp-C98Ah] [rbp-C99Ah]
char v2398; // [rsp-C989h] [rbp-C999h]
char v2399; // [rsp-C988h] [rbp-C998h]
char v2400; // [rsp-C987h] [rbp-C997h]
char v2401; // [rsp-C986h] [rbp-C996h]
char v2402; // [rsp-C985h] [rbp-C995h]
char v2403; // [rsp-C984h] [rbp-C994h]
char v2404; // [rsp-C983h] [rbp-C993h]
char v2405; // [rsp-C982h] [rbp-C992h]
char v2406; // [rsp-C981h] [rbp-C991h]
char v2407; // [rsp-C980h] [rbp-C990h]
char v2408; // [rsp-C97Fh] [rbp-C98Fh]
char v2409; // [rsp-C97Eh] [rbp-C98Eh]
char v2410; // [rsp-C97Dh] [rbp-C98Dh]
char v2411; // [rsp-C97Ch] [rbp-C98Ch]
char v2412; // [rsp-C97Bh] [rbp-C98Bh]
char v2413; // [rsp-C97Ah] [rbp-C98Ah]
char v2414; // [rsp-C979h] [rbp-C989h]
signed __int16 v2415; // [rsp-C978h] [rbp-C988h]
signed __int16 v2416; // [rsp-C976h] [rbp-C986h]
signed __int16 v2417; // [rsp-C974h] [rbp-C984h]
signed __int16 v2418; // [rsp-C972h] [rbp-C982h]
signed __int16 v2419; // [rsp-C970h] [rbp-C980h]
signed __int16 v2420; // [rsp-C96Eh] [rbp-C97Eh]
signed __int16 v2421; // [rsp-C96Ch] [rbp-C97Ch]
__int16 v2422; // [rsp-C96Ah] [rbp-C97Ah]
char v2423; // [rsp-C968h] [rbp-C978h]
char v2424; // [rsp-C967h] [rbp-C977h]
unsigned __int8 v2425; // [rsp-C966h] [rbp-C976h]
unsigned __int64 v2426; // [rsp-C965h] [rbp-C975h]
int v2427; // [rsp-C95Dh] [rbp-C96Dh]
int v2428; // [rsp-C959h] [rbp-C969h]
_BYTE v2429[5]; // [rsp-C955h] [rbp-C965h]
__int64 v2430; // [rsp-C940h] [rbp-C950h]
unsigned __int64 v2431; // [rsp-C928h] [rbp-C938h]
int v2432; // [rsp-C920h] [rbp-C930h]
int v2433; // [rsp-C91Ch] [rbp-C92Ch]
int v2434; // [rsp-C918h] [rbp-C928h]
signed int v2435; // [rsp-C908h] [rbp-C918h]
char v2436; // [rsp-C904h] [rbp-C914h]
char v2437; // [rsp-C903h] [rbp-C913h]
char v2438; // [rsp-C902h] [rbp-C912h]
char v2439; // [rsp-C901h] [rbp-C911h]
char v2440; // [rsp-C900h] [rbp-C910h]
char v2441; // [rsp-C8FFh] [rbp-C90Fh]
char v2442; // [rsp-C8FEh] [rbp-C90Eh]
char v2443; // [rsp-C8FDh] [rbp-C90Dh]
int v2444; // [rsp-C8FCh] [rbp-C90Ch]
signed int v2445; // [rsp-C8ECh] [rbp-C8FCh]
char v2446; // [rsp-C8E8h] [rbp-C8F8h]
char v2447; // [rsp-C8E7h] [rbp-C8F7h]
char v2448; // [rsp-C8E6h] [rbp-C8F6h]
char v2449; // [rsp-C8E5h] [rbp-C8F5h]
int v2450; // [rsp-C8E4h] [rbp-C8F4h]
signed int v2451; // [rsp-C8D0h] [rbp-C8E0h]
char v2452; // [rsp-C8CCh] [rbp-C8DCh]
char v2453; // [rsp-C8CBh] [rbp-C8DBh]
char v2454; // [rsp-C8CAh] [rbp-C8DAh]
char v2455; // [rsp-C8C9h] [rbp-C8D9h]
char v2456; // [rsp-C8C8h] [rbp-C8D8h]
char v2457; // [rsp-C8C7h] [rbp-C8D7h]
char v2458; // [rsp-C8C6h] [rbp-C8D6h]
char v2459; // [rsp-C8C5h] [rbp-C8D5h]
char v2460; // [rsp-C8C4h] [rbp-C8D4h]
char v2461; // [rsp-C8C3h] [rbp-C8D3h]
char v2462; // [rsp-C8C2h] [rbp-C8D2h]
char v2463; // [rsp-C8C1h] [rbp-C8D1h]
char v2464; // [rsp-C8C0h] [rbp-C8D0h]
char v2465; // [rsp-C8BFh] [rbp-C8CFh]
char v2466; // [rsp-C8BEh] [rbp-C8CEh]
char v2467; // [rsp-C8BDh] [rbp-C8CDh]
int v2468; // [rsp-C8BCh] [rbp-C8CCh]
signed int v2469; // [rsp-C8B4h] [rbp-C8C4h]
char v2470; // [rsp-C8B0h] [rbp-C8C0h]
char v2471; // [rsp-C8AFh] [rbp-C8BFh]
char v2472; // [rsp-C8AEh] [rbp-C8BEh]
char v2473; // [rsp-C8ADh] [rbp-C8BDh]
char v2474; // [rsp-C8ACh] [rbp-C8BCh]
char v2475; // [rsp-C8ABh] [rbp-C8BBh]
char v2476; // [rsp-C8AAh] [rbp-C8BAh]
char v2477; // [rsp-C8A9h] [rbp-C8B9h]
char v2478; // [rsp-C8A8h] [rbp-C8B8h]
char v2479; // [rsp-C8A7h] [rbp-C8B7h]
char v2480; // [rsp-C8A6h] [rbp-C8B6h]
char v2481; // [rsp-C8A5h] [rbp-C8B5h]
char v2482; // [rsp-C8A4h] [rbp-C8B4h]
char v2483; // [rsp-C8A3h] [rbp-C8B3h]
char v2484; // [rsp-C8A2h] [rbp-C8B2h]
char v2485; // [rsp-C8A1h] [rbp-C8B1h]
char v2486; // [rsp-C8A0h] [rbp-C8B0h]
char v2487; // [rsp-C89Fh] [rbp-C8AFh]
char v2488; // [rsp-C89Eh] [rbp-C8AEh]
char v2489; // [rsp-C89Dh] [rbp-C8ADh]
char v2490; // [rsp-C89Ch] [rbp-C8ACh]
char v2491; // [rsp-C89Bh] [rbp-C8ABh]
char v2492; // [rsp-C89Ah] [rbp-C8AAh]
char v2493; // [rsp-C899h] [rbp-C8A9h]
signed int v2494; // [rsp-C898h] [rbp-C8A8h]
char v2495; // [rsp-C894h] [rbp-C8A4h]
char v2496; // [rsp-C893h] [rbp-C8A3h]
char v2497; // [rsp-C892h] [rbp-C8A2h]
char v2498; // [rsp-C891h] [rbp-C8A1h]
char v2499; // [rsp-C890h] [rbp-C8A0h]
char v2500; // [rsp-C88Fh] [rbp-C89Fh]
char v2501; // [rsp-C88Eh] [rbp-C89Eh]
char v2502; // [rsp-C88Dh] [rbp-C89Dh]
char v2503; // [rsp-C88Ch] [rbp-C89Ch]
char v2504; // [rsp-C88Bh] [rbp-C89Bh]
__int16 v2505; // [rsp-C88Ah] [rbp-C89Ah]
signed int v2506; // [rsp-C87Ch] [rbp-C88Ch]
char v2507; // [rsp-C878h] [rbp-C888h]
char v2508; // [rsp-C877h] [rbp-C887h]
char v2509; // [rsp-C876h] [rbp-C886h]
char v2510; // [rsp-C875h] [rbp-C885h]
char v2511; // [rsp-C874h] [rbp-C884h]
char v2512; // [rsp-C873h] [rbp-C883h]
char v2513; // [rsp-C872h] [rbp-C882h]
char v2514; // [rsp-C871h] [rbp-C881h]
__int64 v2515; // [rsp-C870h] [rbp-C880h]
void (__fastcall *free)(unsigned int *); // [rsp-C858h] [rbp-C868h]
void (__fastcall *Sleep)(signed __int64); // [rsp-C850h] [rbp-C860h]
__int64 (__fastcall *CreateFileA)(char *, signed __int64, signed __int64, _QWORD, _QWORD, _QWORD, _QWORD); // [rsp-C848h] [rbp-C858h]
__int64 v2519; // [rsp-C840h] [rbp-C850h]
__int64 (*GetCurrentProcess)(void); // [rsp-C838h] [rbp-C848h]
__int64 time; // [rsp-C830h] [rbp-C840h]
signed int v2522; // [rsp-C828h] [rbp-C838h]
__int64 TargetHandle; // [rsp-C820h] [rbp-C830h]
__int64 v2524; // [rsp-C818h] [rbp-C828h]
__int64 (__fastcall *CreateToolhelp32Snapshot)(signed __int64, _QWORD); // [rsp-C810h] [rbp-C820h]
__int64 hProcess_9; // [rsp-C808h] [rbp-C818h]
unsigned __int64 ll; // [rsp-C800h] [rbp-C810h]
__int64 hProcess_8; // [rsp-C7F8h] [rbp-C808h]
__int64 v2529; // [rsp-C7F0h] [rbp-C800h]
__int64 v2530; // [rsp-C7E8h] [rbp-C7F8h]
unsigned int (__fastcall *GetProcessTimes_2)(__int64, __int64 *, __int64 *, __int64 *, char *); // [rsp-C7E0h] [rbp-C7F0h]
__int64 v2532; // [rsp-C7D8h] [rbp-C7E8h]
signed __int64 v2533; // [rsp-C7D0h] [rbp-C7E0h]
int tickCount; // [rsp-C7C8h] [rbp-C7D8h]
int exitCode; // [rsp-C7C4h] [rbp-C7D4h]
__int64 v2536; // [rsp-C7C0h] [rbp-C7D0h]
int processId; // [rsp-C7B8h] [rbp-C7C8h]
__int64 v2538; // [rsp-C7B0h] [rbp-C7C0h]
signed int v2539; // [rsp-C7A8h] [rbp-C7B8h]
unsigned int (__fastcall *GetFileAttributesExW)(__int64 *, _QWORD, __int64 *); // [rsp-C7A0h] [rbp-C7B0h]
__int64 (*GetTickCount)(void); // [rsp-C798h] [rbp-C7A8h]
__int64 (__fastcall *LoadLibraryA)(char *); // [rsp-C790h] [rbp-C7A0h]
__int64 (__fastcall *malloc)(signed __int64); // [rsp-C788h] [rbp-C798h]
unsigned int (__fastcall *GetExtendedTcpTable)(unsigned int *, unsigned int *, _QWORD, signed __int64, _QWORD, _QWORD); // [rsp-C780h] [rbp-C790h]
__int64 hPsApi; // [rsp-C778h] [rbp-C788h]
unsigned __int64 v2546; // [rsp-C770h] [rbp-C780h]
__int64 v2547; // [rsp-C768h] [rbp-C778h]
unsigned int (__fastcall *GetProcessTimes_1)(__int64, __int64 *, __int64 *, __int64 *, __int64 *); // [rsp-C758h] [rbp-C768h]
unsigned __int64 i5; // [rsp-C750h] [rbp-C760h]
__int64 hProcess_10; // [rsp-C748h] [rbp-C758h]
signed int (__fastcall *NtQueryInformationProcess)(__int64, signed __int64, signed __int64 *, signed __int64, _QWORD); // [rsp-C740h] [rbp-C750h]
unsigned int (*GetLastError_4)(void); // [rsp-C738h] [rbp-C748h]
__int64 (__fastcall *GetWindowLongA)(__int64, signed __int64); // [rsp-C730h] [rbp-C740h]
unsigned __int64 v2554; // [rsp-C728h] [rbp-C738h]
__int64 v2555; // [rsp-C720h] [rbp-C730h]
void (__fastcall *AdjustTokenPrivilege)(__int64, _QWORD, signed int *, _QWORD, _QWORD, _QWORD); // [rsp-C718h] [rbp-C728h]
__int64 hMsHtml; // [rsp-C710h] [rbp-C720h]
unsigned int (__fastcall *LookUpPrivilegeValue)(_QWORD, char *, __int64 *); // [rsp-C708h] [rbp-C718h]
signed __int64 v2559; // [rsp-C700h] [rbp-C710h]
signed __int64 v2560; // [rsp-C6F8h] [rbp-C708h]
unsigned int (__fastcall *OpenProcessToken)(signed __int64, signed __int64, __int64 *); // [rsp-C6F0h] [rbp-C700h]
__int64 hMMRes; // [rsp-C6E8h] [rbp-C6F8h]
__int64 NtProtectVirtualMemory; // [rsp-C6E0h] [rbp-C6F0h]
void (__fastcall *memcpy)(__int64 *, unsigned __int64, signed __int64); // [rsp-C6D8h] [rbp-C6E8h]
__int64 tokenHandle; // [rsp-C6D0h] [rbp-C6E0h]
char v2566; // [rsp-C6C8h] [rbp-C6D8h]
char v2567; // [rsp-C6C7h] [rbp-C6D7h]
__int64 v2568; // [rsp-C6C6h] [rbp-C6D6h]
int v2569; // [rsp-C6BEh] [rbp-C6CEh]
int v2570; // [rsp-C6BAh] [rbp-C6CAh]
char v2571; // [rsp-C6B0h] [rbp-C6C0h]
char v2572; // [rsp-C6AFh] [rbp-C6BFh]
__int64 v2573; // [rsp-C6AEh] [rbp-C6BEh]
int v2574; // [rsp-C6A6h] [rbp-C6B6h]
int v2575; // [rsp-C6A2h] [rbp-C6B2h]
char v2576; // [rsp-C698h] [rbp-C6A8h]
char v2577; // [rsp-C697h] [rbp-C6A7h]
char v2578; // [rsp-C696h] [rbp-C6A6h]
__int64 v2579; // [rsp-C695h] [rbp-C6A5h]
__int64 v2580; // [rsp-C68Dh] [rbp-C69Dh]
char v2581; // [rsp-C680h] [rbp-C690h]
char v2582; // [rsp-C67Fh] [rbp-C68Fh]
char v2583; // [rsp-C67Eh] [rbp-C68Eh]
__int64 v2584; // [rsp-C67Dh] [rbp-C68Dh]
__int64 v2585; // [rsp-C675h] [rbp-C685h]
char v2586; // [rsp-C668h] [rbp-C678h]
char v2587; // [rsp-C667h] [rbp-C677h]
char v2588; // [rsp-C666h] [rbp-C676h]
__int64 v2589; // [rsp-C665h] [rbp-C675h]
__int64 v2590; // [rsp-C65Dh] [rbp-C66Dh]
_BYTE v2591[3]; // [rsp-C653h] [rbp-C663h]
__int16 v2592; // [rsp-C652h] [rbp-C662h]
_BYTE v2593[6]; // [rsp-C64Eh] [rbp-C65Eh]
char v2594; // [rsp-C648h] [rbp-C658h]
char v2595; // [rsp-C647h] [rbp-C657h]
_BYTE v2596[6]; // [rsp-C646h] [rbp-C656h]
_BYTE v2597[6]; // [rsp-C63Eh] [rbp-C64Eh]
char v2598; // [rsp-C631h] [rbp-C641h]
__int64 v2599; // [rsp-C548h] [rbp-C558h]
unsigned __int16 v2600; // [rsp-C540h] [rbp-C550h]
signed __int16 v2601; // [rsp-C53Eh] [rbp-C54Eh]
__int64 *v2602; // [rsp-C538h] [rbp-C548h]
char v2603; // [rsp-C530h] [rbp-C540h]
char v2604; // [rsp-C52Fh] [rbp-C53Fh]
__int16 v2605; // [rsp-C52Eh] [rbp-C53Eh]
int v2606; // [rsp-C52Ch] [rbp-C53Ch]
unsigned __int8 v2607; // [rsp-C528h] [rbp-C538h]
__int64 v2608; // [rsp-C518h] [rbp-C528h]
unsigned __int16 v2609; // [rsp-C510h] [rbp-C520h]
signed __int16 v2610; // [rsp-C50Eh] [rbp-C51Eh]
__int64 *v2611; // [rsp-C508h] [rbp-C518h]
char v2612; // [rsp-C500h] [rbp-C510h]
char v2613; // [rsp-C4FFh] [rbp-C50Fh]
__int16 v2614; // [rsp-C4FEh] [rbp-C50Eh]
int v2615; // [rsp-C4FCh] [rbp-C50Ch]
unsigned __int8 v2616; // [rsp-C4F8h] [rbp-C508h]
__int64 systemInformation; // [rsp-C4E8h] [rbp-C4F8h]
unsigned __int16 v2618; // [rsp-C4E0h] [rbp-C4F0h]
signed __int16 v2619; // [rsp-C4DEh] [rbp-C4EEh]
__int64 *v2620; // [rsp-C4D8h] [rbp-C4E8h]
__int64 v2621; // [rsp-C4D0h] [rbp-C4E0h]
unsigned __int64 v2622; // [rsp-C4B8h] [rbp-C4C8h]
int v2623; // [rsp-C4B0h] [rbp-C4C0h]
int v2624; // [rsp-C4ACh] [rbp-C4BCh]
int v2625; // [rsp-C4A8h] [rbp-C4B8h]
char v2626; // [rsp-C4A0h] [rbp-C4B0h]
char v2627; // [rsp-C49Fh] [rbp-C4AFh]
signed __int16 v2628; // [rsp-C49Eh] [rbp-C4AEh]
__int64 v2629; // [rsp-C49Ch] [rbp-C4ACh]
unsigned __int64 v2630; // [rsp-C494h] [rbp-C4A4h]
int v2631; // [rsp-C48Ch] [rbp-C49Ch]
int v2632; // [rsp-C488h] [rbp-C498h]
char v2633; // [rsp-C480h] [rbp-C490h]
char v2634; // [rsp-C47Fh] [rbp-C48Fh]
signed __int16 v2635; // [rsp-C47Eh] [rbp-C48Eh]
unsigned __int64 v2636; // [rsp-C47Ch] [rbp-C48Ch]
__int64 v2637; // [rsp-C474h] [rbp-C484h]
int v2638; // [rsp-C46Ch] [rbp-C47Ch]
int v2639; // [rsp-C468h] [rbp-C478h]
char v2640; // [rsp-C460h] [rbp-C470h]
char v2641; // [rsp-C45Fh] [rbp-C46Fh]
__int16 v2642; // [rsp-C45Eh] [rbp-C46Eh]
unsigned __int64 v2643; // [rsp-C45Ch] [rbp-C46Ch]
unsigned __int64 v2644; // [rsp-C454h] [rbp-C464h]
int v2645; // [rsp-C44Ch] [rbp-C45Ch]
int v2646; // [rsp-C448h] [rbp-C458h]
char v2647; // [rsp-C440h] [rbp-C450h]
char v2648; // [rsp-C43Fh] [rbp-C44Fh]
signed __int16 v2649; // [rsp-C43Eh] [rbp-C44Eh]
__int64 v2650; // [rsp-C43Ch] [rbp-C44Ch]
__int64 v2651; // [rsp-C434h] [rbp-C444h]
int v2652; // [rsp-C42Ch] [rbp-C43Ch]
int v2653; // [rsp-C428h] [rbp-C438h]
unsigned int (__fastcall *Thread32Next)(__int64, signed int *); // [rsp-C420h] [rbp-C430h]
unsigned int (__fastcall *GetThreadContext)(__int64, __int64 *); // [rsp-C418h] [rbp-C428h]
void (__fastcall *SuspendThread)(__int64); // [rsp-C410h] [rbp-C420h]
__int64 (__fastcall *ResumeThread)(__int64); // [rsp-C408h] [rbp-C418h]
signed int v2658; // [rsp-C400h] [rbp-C410h]
__int64 v2659; // [rsp-C3FCh] [rbp-C40Ch]
signed int v2660; // [rsp-C3F4h] [rbp-C404h]
__int64 v2661; // [rsp-C3F0h] [rbp-C400h]
__int64 (__fastcall *OpenThread)(signed __int64, _QWORD, _QWORD); // [rsp-C3E0h] [rbp-C3F0h]
unsigned int (__fastcall *Thread32First)(__int64, signed int *); // [rsp-C3D8h] [rbp-C3E8h]
unsigned int (__fastcall *Module32Next)(__int64, signed int *); // [rsp-C3D0h] [rbp-C3E0h]
unsigned int (__fastcall *Module32First)(__int64, signed int *); // [rsp-C3C8h] [rbp-C3D8h]
unsigned int (*GetLastError_2)(void); // [rsp-C3C0h] [rbp-C3D0h]
__int64 v2667; // [rsp-C3B8h] [rbp-C3C8h]
__int64 v2668; // [rsp-C3B0h] [rbp-C3C0h]
unsigned int (*GetLastError_3)(void); // [rsp-C3A8h] [rbp-C3B8h]
unsigned int (__fastcall *GetProcessTimes_3)(__int64, __int64 *, __int64 *, __int64 *, __int64 *); // [rsp-C3A0h] [rbp-C3B0h]
_BYTE *v2671; // [rsp-C398h] [rbp-C3A8h]
unsigned int (__fastcall *GetFileAttributesExW_1)(__int64 *, _QWORD, __int64 *); // [rsp-C390h] [rbp-C3A0h]
unsigned int (__fastcall *Process32First)(__int64, signed int *); // [rsp-C388h] [rbp-C398h]
unsigned int (__fastcall *ReadFile)(__int64, __int64 *, signed __int64, char *, _QWORD); // [rsp-C380h] [rbp-C390h]
signed __int64 v2675; // [rsp-C378h] [rbp-C388h]
signed __int64 v2676; // [rsp-C370h] [rbp-C380h]
__int64 (__fastcall *GetProcessId)(__int64); // [rsp-C368h] [rbp-C378h]
unsigned int (__fastcall *wcsnicmp)(__int64, signed __int16 *, _QWORD); // [rsp-C360h] [rbp-C370h]
__int64 (__fastcall *NtQueryObject)(__int64, signed __int64, unsigned __int16 *, signed __int64, _QWORD); // [rsp-C358h] [rbp-C368h]
signed __int64 v2680; // [rsp-C350h] [rbp-C360h]
unsigned int (__fastcall *DuplicateHandle)(__int64, _QWORD, __int64, __int64 *, _QWORD, _QWORD, _QWORD); // [rsp-C348h] [rbp-C358h]
unsigned int (__fastcall *EnumProcesses)(__int64 *, signed __int64, unsigned int *); // [rsp-C340h] [rbp-C350h]
signed __int64 v2683; // [rsp-C338h] [rbp-C348h]
signed __int64 v2684; // [rsp-C330h] [rbp-C340h]
signed __int64 v2685; // [rsp-C328h] [rbp-C338h]
__int64 (__fastcall *realloc)(unsigned int *, _QWORD); // [rsp-C320h] [rbp-C330h]
void (__fastcall *GetWindowRect)(__int64, __int64); // [rsp-C318h] [rbp-C328h]
__int64 (__fastcall *GetClassNameW)(__int64, __int64 *, signed __int64); // [rsp-C310h] [rbp-C320h]
__int64 (__fastcall *GetWindowTextW)(__int64, __int64 *, signed __int64); // [rsp-C308h] [rbp-C318h]
unsigned int (__fastcall *Process32Next)(__int64, signed int *); // [rsp-C300h] [rbp-C310h]
__int64 (__fastcall *GetWindowTextA)(__int64, char *, signed __int64); // [rsp-C2F8h] [rbp-C308h]
char v2692; // [rsp-C2F0h] [rbp-C300h]
char v2693; // [rsp-C2EFh] [rbp-C2FFh]
__int16 v2694; // [rsp-C2EEh] [rbp-C2FEh]
int v2695; // [rsp-C2ECh] [rbp-C2FCh]
__int64 v2696; // [rsp-C2E8h] [rbp-C2F8h]
__int64 (__fastcall *GetTopWindow)(_QWORD); // [rsp-C2D8h] [rbp-C2E8h]
__int64 privelegeValue; // [rsp-C2D0h] [rbp-C2E0h]
unsigned int (*GetLastError_1)(void); // [rsp-C2C8h] [rbp-C2D8h]
unsigned int (__fastcall *GetProcessTimes)(__int64, __int64 *, __int64 *, __int64 *, __int64 *); // [rsp-C2C0h] [rbp-C2D0h]
__int64 (*GetLastError)(void); // [rsp-C2B8h] [rbp-C2C8h]
__int64 v2702; // [rsp-C2B0h] [rbp-C2C0h]
__int64 v2703; // [rsp-C2A8h] [rbp-C2B8h]
__int64 v2704; // [rsp-C2A0h] [rbp-C2B0h]
__int64 v2705; // [rsp-C298h] [rbp-C2A8h]
void (__fastcall *GetWindowThreadProcessId)(__int64, char *); // [rsp-C290h] [rbp-C2A0h]
unsigned int (__fastcall *GetExitCodeProcess)(__int64, int *); // [rsp-C288h] [rbp-C298h]
__int64 v2708; // [rsp-C280h] [rbp-C290h]
__int64 v2709; // [rsp-C278h] [rbp-C288h]
_BYTE *v2710; // [rsp-C270h] [rbp-C280h]
__int64 fileInformation; // [rsp-C268h] [rbp-C278h]
signed int v2712; // [rsp-C248h] [rbp-C258h]
__int64 v2713; // [rsp-C240h] [rbp-C250h]
int v2714; // [rsp-C220h] [rbp-C230h]
int v2715; // [rsp-C21Ch] [rbp-C22Ch]
__int64 v2716; // [rsp-C210h] [rbp-C220h]
signed int processEntry; // [rsp-C1F8h] [rbp-C208h]
unsigned int processId_1; // [rsp-C1F0h] [rbp-C200h]
unsigned int v2719; // [rsp-C1D8h] [rbp-C1E8h]
int v2720; // [rsp-C1CCh] [rbp-C1DCh]
int v2721; // [rsp-C1C8h] [rbp-C1D8h]
int v2722; // [rsp-C1C4h] [rbp-C1D4h]
char v2723; // [rsp-C0C8h] [rbp-C0D8h]
char v2724; // [rsp-C0C7h] [rbp-C0D7h]
unsigned __int64 v2725; // [rsp-C0C6h] [rbp-C0D6h]
int v2726; // [rsp-C0BEh] [rbp-C0CEh]
int v2727; // [rsp-C0BAh] [rbp-C0CAh]
_QWORD *v2728; // [rsp-C0B6h] [rbp-C0C6h]
__int64 v2729; // [rsp-C0AEh] [rbp-C0BEh]
__int64 v2730; // [rsp-C0A6h] [rbp-C0B6h]
__int64 v2731; // [rsp-C09Eh] [rbp-C0AEh]
__int64 v2732; // [rsp-C096h] [rbp-C0A6h]
signed int v2733; // [rsp-C088h] [rbp-C098h]
unsigned int v2734; // [rsp-C080h] [rbp-C090h]
int v2735; // [rsp-C07Ch] [rbp-C08Ch]
__int64 CreateFileA_1; // [rsp-C068h] [rbp-C078h]
__int64 v2737; // [rsp-C060h] [rbp-C070h]
__int64 v2738; // [rsp-C058h] [rbp-C068h]
signed __int64 v2739; // [rsp-C050h] [rbp-C060h]
__int64 v2740; // [rsp-C048h] [rbp-C058h]
_BYTE v2741[7]; // [rsp-C03Fh] [rbp-C04Fh]
char v2742; // [rsp-C038h] [rbp-C048h]
char v2743; // [rsp-C037h] [rbp-C047h]
_BYTE v2744[6]; // [rsp-C036h] [rbp-C046h]
int v2745; // [rsp-BF48h] [rbp-BF58h]
_BYTE v2746[3]; // [rsp-BF43h] [rbp-BF53h]
__int16 v2747; // [rsp-BF42h] [rbp-BF52h]
__int64 v2748; // [rsp-BE68h] [rbp-BE78h]
int v2749; // [rsp-BE48h] [rbp-BE58h]
int v2750; // [rsp-BE44h] [rbp-BE54h]
__int64 v2751; // [rsp-BE38h] [rbp-BE48h]
int v2752; // [rsp-BE18h] [rbp-BE28h]
__int64 v2753; // [rsp-BE10h] [rbp-BE20h]
int v2754; // [rsp-BDF0h] [rbp-BE00h]
__int64 v2755; // [rsp-BDE8h] [rbp-BDF8h]
int v2756; // [rsp-BDC8h] [rbp-BDD8h]
__int64 fileInformation_1; // [rsp-BDC0h] [rbp-BDD0h]
int v2758; // [rsp-BDA0h] [rbp-BDB0h]
signed __int64 processInformation_1; // [rsp-BD98h] [rbp-BDA8h]
char v2760; // [rsp-BD60h] [rbp-BD70h]
signed int moduleEntry; // [rsp-BD28h] [rbp-BD38h]
unsigned __int64 v2762; // [rsp-BD10h] [rbp-BD20h]
unsigned int v2763; // [rsp-BD08h] [rbp-BD18h]
int v2764; // [rsp-BCF8h] [rbp-BD08h]
int v2765; // [rsp-BCF4h] [rbp-BD04h]
int v2766; // [rsp-BCF0h] [rbp-BD00h]
int v2767; // [rsp-BCECh] [rbp-BCFCh]
__int64 windowText; // [rsp-BAE8h] [rbp-BAF8h]
unsigned int v2769; // [rsp-BA68h] [rbp-BA78h]
char v2770; // [rsp-BA60h] [rbp-BA70h]
unsigned int v2771; // [rsp-BA5Fh] [rbp-BA6Fh]
unsigned __int16 v2772; // [rsp-BA5Ah] [rbp-BA6Ah]
__int16 v2773; // [rsp-BA54h] [rbp-BA64h]
int v2774; // [rsp-BA4Eh] [rbp-BA5Eh]
__int64 v2775; // [rsp-B688h] [rbp-B698h]
__int64 processImageName_1; // [rsp-B588h] [rbp-B598h]
__int64 v2777; // [rsp-B488h] [rbp-B498h]
__int16 processImageName; // [rsp-B388h] [rbp-B398h]
__int64 context; // [rsp-B188h] [rbp-B198h]
int v2780; // [rsp-B158h] [rbp-B168h]
int v2781; // [rsp-B140h] [rbp-B150h]
__int64 v2782; // [rsp-B118h] [rbp-B128h]
unsigned __int16 HandleInformation; // [rsp-ACB8h] [rbp-ACC8h]
__int64 v2784; // [rsp-ACB0h] [rbp-ACC0h]
__int64 v2785; // [rsp-A8B8h] [rbp-A8C8h]
__int64 v2786; // [rsp-A6B8h] [rbp-A6C8h]
__int64 v2787; // [rsp-A4B8h] [rbp-A4C8h]
__int64 v2788; // [rsp-A2B8h] [rbp-A2C8h]
__int64 buffer; // [rsp-9C78h] [rbp-9C88h]
__int64 v2790; // [rsp-7C78h] [rbp-7C88h]
__int64 ReportDetection; // [rsp-6C50h] [rbp-6C60h]
__int64 (__fastcall *GetModuleHandleA)(__int64 *); // [rsp-6C48h] [rbp-6C58h]
__int64 (__fastcall *GetProcAddress)(__int64, char *); // [rsp-6C40h] [rbp-6C50h]
char v2794; // [rsp-6A74h] [rbp-6A84h]
char v2795; // [rsp-6A73h] [rbp-6A83h]
char v2796; // [rsp-6A72h] [rbp-6A82h]
char v2797; // [rsp-6050h] [rbp-6060h]
int v2798; // [rsp+18h] [rbp+8h]
__int64 v2799; // [rsp+20h] [rbp+10h]
__int64 v2800; // [rsp+28h] [rbp+18h]
__int64 v2801; // [rsp+30h] [rbp+20h]
v2801 = a4;
v2800 = a3;
v2799 = a2;
v2798 = a1;
v4 = alloca(sub_4D46D(0x6C88ui64));
str_kernel32 = 'K';
v38 = 'E';
v39 = 'R';
v40 = 'N';
v2794 = 'E';
v2795 = 'L';
v2796 = '3';
v146 = '2';
v147 = 46;
v148 = 'd';
v149 = 'l';
v150 = 'l';
v151 = 0;
hKernel32 = GetModuleHandleA(&str_kernel32dll);
str_closehandle = 'C';
v369 = 'l';
v370 = 'o';
v371 = 's';
v372 = 'e';
v373 = 'H';
v374 = 'a';
v375 = 'n';
v376 = 'd';
v377 = 'l';
v378 = 'e';
v379 = '\0';
CloseHandle = (void (__fastcall *)(__int64))GetProcAddress(hKernel32, &str_closehandle);
str_openprocesstoken = 'O';
v893 = 'p';
v894 = 'e';
v895 = 'n';
v896 = 'P';
v897 = 'r';
v898 = 'o';
v899 = 'c';
v900 = 'e';
v901 = 's';
v902 = 's';
v903 = 'T';
v904 = 'o';
v905 = 'k';
v906 = 'e';
v907 = 'n';
v908 = '\0';
OpenProcessToken = (unsigned int (__fastcall *)(signed __int64, signed __int64, __int64 *))GetProcAddress(
hKernel32,
&str_openprocesstoken);
if ( OpenProcessToken && OpenProcessToken(-1i64, 32i64, &tokenHandle) )
{
str_advapidll = 'a';
v164 = 'd';
v165 = 'v';
v166 = 'a';
v167 = 'p';
v168 = 'i';
v169 = '3';
v170 = '2';
v171 = '.';
v172 = 'd';
v173 = 'l';
v174 = 'l';
v175 = '\0';
str_lookupprivilegevaluea = 'L';
v1185 = 'o';
v1186 = 'o';
v1187 = 'k';
v1188 = 'u';
v1189 = 'p';
v1190 = 'P';
v1191 = 'r';
v1192 = 'i';
v1193 = 'v';
v1194 = 'i';
v1195 = 'l';
v1196 = 'e';
v1197 = 'g';
v1198 = 'e';
v1199 = 'V';
v1200 = 'a';
v1201 = 'l';
v1202 = 'u';
v1203 = 'e';
v1204 = 'A';
v1205 = '\0';
hAdvApi32 = GetModuleHandleA((__int64 *)&str_advapidll);
LookUpPrivilegeValue = (unsigned int (__fastcall *)(_QWORD, char *, __int64 *))GetProcAddress(
hAdvApi32,
&str_lookupprivilegevaluea);
if ( LookUpPrivilegeValue )
{
str_debugprivilege = 'S';
v876 = 'e';
v877 = 'D';
v878 = 'e';
v879 = 'b';
v880 = 'u';
v881 = 'g';
v882 = 'P';
v883 = 'r';
v884 = 'i';
v885 = 'v';
v886 = 'i';
v887 = 'l';
v888 = 'e';
v889 = 'g';
v890 = 'e';
v891 = '\0';
if ( LookUpPrivilegeValue(0i64, &str_debugprivilege, &privelegeValue) )
{
v2658 = 1;
v2659 = privelegeValue;
v2660 = 2;
v1206 = 'A';
v1207 = 'd';
v1208 = 'j';
v1209 = 'u';
v1210 = 's';
v1211 = 't';
v1212 = 'T';
v1213 = 'o';
v1214 = 'k';
v1215 = 'e';
v1216 = 'n';
v1217 = 'P';
v1218 = 'r';
v1219 = 'i';
v1220 = 'v';
v1221 = 'i';
v1222 = 'l';
v1223 = 'e';
v1224 = 'g';
v1225 = 'e';
v1226 = 's';
v1227 = '\0';
hAdvApi32_1 = GetModuleHandleA((__int64 *)&str_advapidll);
AdjustTokenPrivilege = (void (__fastcall *)(__int64, _QWORD, signed int *, _QWORD, _QWORD, _QWORD))GetProcAddress(hAdvApi32_1, &v1206);
if ( AdjustTokenPrivilege )
AdjustTokenPrivilege(tokenHandle, 0i64, &v2658, 0i64, 0i64, 0i64);
}
}
CloseHandle(tokenHandle);
}
str_ndlldll = 'n';
v271 = 't';
v272 = 'd';
v273 = 'l';
v274 = 'l';
v275 = '.';
v276 = 'd';
v277 = 'l';
v278 = 'l';
v279 = 0;
hNtDLL = GetModuleHandleA((__int64 *)&str_ndlldll);
str_ntqueryvirtualmemory = 'N';
v1143 = 't';
v1144 = 'Q';
v1145 = 'u';
v1146 = 'e';
v1147 = 'r';
v1148 = 'y';
v1149 = 'V';
v1150 = 'i';
v1151 = 'r';
v1152 = 't';
v1153 = 'u';
v1154 = 'a';
v1155 = 'l';
v1156 = 'M';
v1157 = 'e';
v1158 = 'm';
v1159 = 'o';
v1160 = 114;
v1161 = 'y';
v1162 = '\0';
NtQueryVirtualMemory = (signed int (__fastcall *)(signed __int64, unsigned __int64, _QWORD, __int64 *, signed __int64, __int64 *))GetProcAddress(hNtDLL, &str_ntqueryvirtualmemory);
str_ntprotectvirtualmemory = 'N';
v1229 = 't';
v1230 = 'P';
v1231 = 'r';
v1232 = 'o';
v1233 = 't';
v1234 = 'e';
v1235 = 'c';
v1236 = 't';
v1237 = 'V';
v1238 = 'i';
v1239 = 'r';
v1240 = 't';
v1241 = 'u';
v1242 = 'a';
v1243 = 'l';
v1244 = 'M';
v1245 = 'e';
v1246 = 'm';
v1247 = 'o';
v1248 = 'r';
v1249 = 'y';
v1250 = '\0';
NtProtectVirtualMemory = GetProcAddress(hNtDLL, &str_ntprotectvirtualmemory);
str_isbadreadptr = 'I';
v497 = 's';
v498 = 'B';
v499 = 'a';
v500 = 'd';
v501 = 'R';
v502 = 101;
v503 = 'a';
v504 = 'd';
v505 = 'P';
v506 = 't';
v507 = 'r';
v508 = '\0';
hKernel32_1 = GetModuleHandleA(&str_kernel32dll);
IsBadReadPtr = GetProcAddress(hKernel32_1, &str_isbadreadptr);
v2538 = ~IsBadReadPtr;
str_ntreadvirtualmemory = 'N';
v1021 = 't';
v1022 = 'R';
v1023 = 'e';
v1024 = 'a';
v1025 = 'd';
v1026 = 'V';
v1027 = 'i';
v1028 = 'r';
v1029 = 't';
v1030 = 'u';
v1031 = 'a';
v1032 = 'l';
v1033 = 'M';
v1034 = 'e';
v1035 = 'm';
v1036 = 'o';
v1037 = 'r';
v1038 = 'y';
v1039 = 0;
NtReadVirtualMemory = (signed int (__fastcall *)(signed __int64, unsigned __int64, __int64 *, signed __int64, _QWORD))GetProcAddress(hNtDLL, &str_ntreadvirtualmemory);
str_msvcrt = 'm';
str_msvcrt_1 = 's';
v114 = 'v';
v115 = 'c';
v116 = 'r';
v117 = 't';
v118 = '.';
v119 = 'd';
v120 = 'l';
v121 = 'l';
v122 = '\0';
str_memcpy = 'm';
v191 = 'e';
v192 = 'm';
v193 = 'c';
v194 = 'p';
v195 = 'y';
v196 = '\0';
hMSVCRT = GetModuleHandleA((__int64 *)&str_msvcrt);
memcpy = (void (__fastcall *)(__int64 *, unsigned __int64, signed __int64))GetProcAddress(hMSVCRT, &str_memcpy);
str_memcmp = 'm';
v184 = 'e';
v185 = 'm';
v186 = 'c';
v187 = 'm';
v188 = 'p';
v189 = 0;
hMSVCRT_1 = GetModuleHandleA((__int64 *)&str_msvcrt);
memcmp = (unsigned int (__fastcall *)(__int64 *, __int64 *, signed __int64))GetProcAddress(hMSVCRT_1, &str_memcmp);
str_getcurrentprocessid = 'G';
v1081 = 'e';
v1082 = 't';
v1083 = 'C';
v1084 = 'u';
v1085 = 'r';
v1086 = 'r';
v1087 = 'e';
v1088 = 'n';
v1089 = 't';
v1090 = 'P';
v1091 = 'r';
v1092 = 'o';
v1093 = 'c';
v1094 = 'e';
v1095 = 's';
v1096 = 's';
v1097 = 'I';
v1098 = 'd';
v1099 = '\0';
GetCurrentProcessId = (__int64 (*)(void))GetProcAddress(hKernel32, &str_getcurrentprocessid);
str_openprocess = 'O';
v381 = 'p';
v382 = 'e';
v383 = 'n';
v384 = 'P';
v385 = 'r';
v386 = 'o';
v387 = 'c';
v388 = 'e';
v389 = 's';
v390 = 's';
v391 = '\0';
OpenProcess = (__int64 (__fastcall *)(signed __int64, _QWORD, _QWORD))GetProcAddress(hKernel32, &str_openprocess);
hCurrentProcess = GetCurrentProcessId();
hCurrentProcessHandle = OpenProcess(1048i64, 0i64, hCurrentProcess);
str_sleep = 'S';
v158 = 'l';
v159 = 'e';
v160 = 'e';
v161 = 'p';
v162 = '\0';
Sleep = (void (__fastcall *)(signed __int64))GetProcAddress(hKernel32, &str_sleep);
v1759 = 1304;
v1760 = 18;
v1761 = 'o';
v1762 = 'j';
v1763 = 'e';
v1764 = 'c';
v1765 = 't';
v1766 = 's';
v1767 = '\\';
v1768 = 'P';
v1769 = 'U';
v1770 = 'B';
v1771 = 'G';
v1772 = 'C';
v1773 = 'h';
v1774 = 'i';
v1775 = 'n';
v1776 = 'e';
v1777 = 's';
v1778 = 'e';
memset(v1779, 0, 0xEui64);
v1780 = '\x05\x17';
v1781 = '\x1D';
v1782 = 'B';
v1783 = 'a';
v1784 = 't';
v1785 = 't';
v1786 = 'l';
v1787 = 'e';
v1788 = 'G';
v1789 = 'r';
v1790 = 'o';
v1791 = 'u';
v1792 = 'n';
v1793 = 'd';
v1794 = 's';
v1795 = 'P';
v1796 = 'r';
v1797 = 'i';
v1798 = 'v';
v1799 = 'a';
v1800 = 't';
v1801 = 'e';
v1802 = '_';
v1803 = 'C';
v1804 = 'h';
v1805 = 'e';
v1806 = 'a';
v1807 = 't';
v1808 = 'E';
v1809 = 'S';
v1810 = 'P';
memset(v1811, 0, sizeof(v1811));
v1812 = '\x05\x17';
v1813 = '\x16';
v1814 = '[';
v1815 = '\0';
v1816 = '%';
v1817 = '\0';
v1818 = '.';
v1819 = '\0';
v1820 = '0';
v1821 = '\0';
v1822 = 'f';
v1823 = '\0';
v1824 = 'm';
v1825 = '\0';
v1826 = ']';
v1827 = '\0';
v1828 = ' ';
v1829 = '\0';
v1830 = '%';
v1831 = '\0';
v1832 = 's';
v1833 = '\0';
v1834 = '\0';
v1835 = '\0';
memset(&v1836, 0, 0xAui64);
v1837 = 1342;
v1838 = 32;
v1839 = '\0';
v1840 = '\0';
v1841 = '\0';
v1842 = '\0';
v1843 = 'N';
v1844 = 'e';
v1845 = 'c';
v1846 = 'k';
v1847 = '\0';
v1848 = '\0';
v1849 = '\0';
v1850 = '\0';
v1851 = 'C';
v1852 = 'h';
v1853 = 'e';
v1854 = 's';
v1855 = 't';
v1856 = '\0';
v1857 = '\0';
v1858 = '\0';
v1859 = '\0';
v1860 = '\0';
v1861 = '\0';
v1862 = '\0';
v1863 = 'M';
v1864 = 'o';
v1865 = 'u';
v1866 = 's';
v1867 = 'e';
v1868 = ' ';
v1869 = '1';
v1870 = '\0';
v1871 = 1343;
v1872 = 15;
v1873 = 'P';
v1874 = 'l';
v1875 = 'a';
v1876 = 'y';
v1877 = 'e';
v1878 = 'r';
v1879 = 'E';
v1880 = 'S';
v1881 = 'P';
v1882 = 'C';
v1883 = 'o';
v1884 = 'l';
v1885 = 'o';
v1886 = 'r';
v1887 = '\0';
memset(&v1888, 0, 0x11ui64);
v1889 = 1344;
v1890 = 32;
v1891 = ' ';
v1892 = '\0';
v1893 = 'A';
v1894 = '\0';
v1895 = 'i';
v1896 = '\0';
v1897 = 'm';
v1898 = '\0';
v1899 = 'b';
v1900 = '\0';
v1901 = 'o';
v1902 = '\0';
v1903 = 't';
v1904 = '\0';
v1905 = ':';
v1906 = '\0';
v1907 = ' ';
v1908 = '\0';
v1909 = '%';
v1910 = '\0';
v1911 = 'd';
v1912 = '\0';
v1913 = '\0';
v1914 = '\0';
v1915 = '-';
v1916 = '\0';
v1917 = '>';
v1918 = '\0';
v1919 = ' ';
v1920 = '\0';
v1921 = 'A';
v1922 = '\0';
v1923 = 1334;
v1924 = 0xC;
v1925 = 'H';
v1926 = 'a';
v1927 = 'c';
v1928 = 'k';
v1929 = 'M';
v1930 = 'a';
v1931 = 'c';
v1932 = 'h';
v1933 = 'i';
v1934 = 'n';
v1935 = 'e';
v1936 = '\0';
memset(&v1937, 0, 0x14ui64);
v1938 = 1354;
v1939 = 16;
v1940 = 'V';
v1941 = 'i';
v1942 = 's';
v1943 = 'u';
v1944 = 'a';
v1945 = 'l';
v1946 = 'H';
v1947 = 'a';
v1948 = 'c';
v1949 = 'k';
v1950 = 's';
v1951 = '.';
v1952 = 'n';
v1953 = 'e';
v1954 = 't';
v1955 = '\0';
memset(&v1956, 0, 0x10ui64);
v1957 = 1360;
v1958 = 32;
v1959 = '>';
v1960 = '#';
v1961 = '/';
v1962 = 'e';
v1963 = '>';
v1964 = '1';
v1965 = '1';
v1966 = 'N';
v1967 = 'N';
v1968 = 'V';
v1969 = '=';
v1970 = 'B';
v1971 = 'v';
v1972 = '(';
v1973 = '*';
v1974 = ':';
v1975 = '.';
v1976 = 'F';
v1977 = '?';
v1978 = 117;
v1979 = 'u';
v1980 = '#';
v1981 = '(';
v1982 = 'g';
v1983 = 'R';
v1984 = 'U';
v1985 = '.';
v1986 = 'o';
v1987 = '0';
v1988 = 'X';
v1989 = 'G';
v1990 = 'H';
v1991 = 1359;
v1992 = 32;
v1993 = 'D';
v1994 = 'L';
v1995 = 'L';
v1996 = 'I';
v1997 = 'n';
v1998 = 'j';
v1999 = 'e';
v2000 = 'c';
v2001 = 't';
v2002 = 'i';
v2003 = 'o';
v2004 = 'n';
v2005 = '-';
v2006 = 'm';
v2007 = 'a';
v2008 = 's';
v2009 = 't';
v2010 = 'e';
v2011 = 'r';
v2012 = '\\';
v2013 = 'x';
v2014 = '6';
v2015 = '4';
v2016 = '\\';
v2017 = 'R';
v2018 = 'e';
v2019 = 'l';
v2020 = 'e';
v2021 = 'a';
v2022 = 's';
v2023 = 'e';
v2024 = '\\';
v2025 = 1362;
v2026 = 16;
v2027 = 'N';
v2028 = '\0';
v2029 = 'a';
v2030 = '\0';
v2031 = 'm';
v2032 = '\0';
v2033 = 'e';
v2034 = '\0';
v2035 = 'E';
v2036 = '\0';
v2037 = 'S';
v2038 = '\0';
v2039 = 'P';
v2040 = '\0';
v2041 = '\0';
v2042 = '\0';
memset(&v2043, 0, 0x10ui64);
v2044 = 1352;
v2045 = 20;
v2046 = 'S';
v2047 = '\0';
v2048 = 'k';
v2049 = '\0';
v2050 = 'u';
v2051 = '\0';
v2052 = 'l';
v2053 = '\0';
v2054 = 'l';
v2055 = '\0';
v2056 = 'h';
v2057 = '\0';
v2058 = 'a';
v2059 = '\0';
v2060 = 'c';
v2061 = '\0';
v2062 = 'k';
v2063 = '\0';
v2064 = '\0';
v2065 = '\0';
memset(&v2066, 0, 0xCui64);
v2067 = 1365;
v2068 = 14;
v2069 = '.';
v2070 = 'r';
v2071 = 'd';
v2072 = 'a';
v2073 = 't';
v2074 = 'a';
v2075 = '$';
v2076 = 'z';
v2077 = 'z';
v2078 = 'z';
v2079 = 'd';
v2080 = 'b';
v2081 = 'g';
v2082 = '\0';
memset(&v2083, 0, 0x12ui64);
v2084 = 1337;
v2085 = 14;
v2086 = 'A';
v2087 = 0;
v2088 = 'i';
v2089 = '\0';
v2090 = 'm';
v2091 = '\0';
v2092 = 'B';
v2093 = '\0';
v2094 = 'o';
v2095 = '\0';
v2096 = 't';
v2097 = '\0';
v2098 = '\0';
v2099 = '\0';
memset(&v2100, 0, 0x12ui64);
v2101 = 1337;
v2102 = 32;
v2103 = '<EFBFBD>';
v2104 = 'I';
v2105 = 'A';
v2106 = '<EFBFBD>';
v2107 = '<';
v2108 = '\x12';
v2109 = '?';
v2110 = 'u';
v2111 = '\x05';
v2112 = '<EFBFBD>';
v2113 = '\x02';
v2114 = '?';
v2115 = '<EFBFBD>';
v2116 = '8';
v2117 = '<EFBFBD>';
v2118 = 'A';
v2119 = '<EFBFBD>';
v2120 = '\x0F';
v2121 = '<EFBFBD>';
v2122 = '<EFBFBD>';
v2123 = '<';
v2124 = '\t';
v2125 = 'w';
v2126 = '\x05';
v2127 = '<EFBFBD>';
v2128 = '<EFBFBD>';
v2129 = '0';
v2130 = '<EFBFBD>';
v2131 = '\x06';
v2132 = -125;
v2133 = '<EFBFBD>';
v2134 = '<EFBFBD>';
v2135 = 1375;
v2136 = 2;
v2137 = 'U';
v2138 = '<EFBFBD>';
memset(v2139, 0, 0x1Eui64);
v2140 = 1375;
v2141 = 2;
v2142 = 'W';
v2143 = '<EFBFBD>';
memset(v2144, 0, 0x1Eui64);
v2145 = 1375;
v2146 = 2;
v2147 = '`';
v2148 = '<EFBFBD>';
memset(v2149, 0, 0x1Eui64);
v2150 = 1384;
v2151 = 25;
v2152 = 'D';
v2153 = '3';
v2154 = 'D';
v2155 = '1';
v2156 = '1';
v2157 = 'P';
v2158 = 'r';
v2159 = 'e';
v2160 = 's';
v2161 = 'e';
v2162 = 'n';
v2163 = 't';
v2164 = ' ';
v2165 = 'i';
v2166 = 'n';
v2167 = 'i';
v2168 = 't';
v2169 = 'i';
v2170 = 'a';
v2171 = 'l';
v2172 = 'i';
v2173 = 's';
v2174 = 'e';
v2175 = 'd';
v2176 = '\0';
memset(v2177, 0, sizeof(v2177));
v2178 = 1390;
v2179 = 10;
v2180 = '[';
v2181 = ' ';
v2182 = '%';
v2183 = '.';
v2184 = '0';
v2185 = 'f';
v2186 = 'M';
v2187 = ' ';
v2188 = ']';
v2189 = '\0';
memset(v2190, 0, 0x16ui64);
v2191 = 1396;
v2192 = 11;
v2193 = '[';
v2194 = 'h';
v2195 = 'p';
v2196 = ':';
v2197 = '%';
v2198 = 'd';
v2199 = ']';
v2200 = '%';
v2201 = 'd';
v2202 = 'm';
v2203 = '\0';
memset(v2204, 0, 0x15ui64);
v2205 = 1334;
v2206 = ' ';
v2207 = 'H';
v2208 = '<EFBFBD>';
v2209 = 'd';
v2210 = '$';
v2211 = '8';
v2212 = '\0';
v2213 = 'H';
v2214 = '<EFBFBD>';
v2215 = 'L';
v2216 = 36;
v2217 = 'X';
v2218 = 'H';
v2219 = '<EFBFBD>';
v2220 = 'T';
v2221 = '$';
v2222 = 'P';
v2223 = 'L';
v2224 = '<EFBFBD>';
v2225 = -56;
v2226 = 'H';
v2227 = '<EFBFBD>';
v2228 = 'L';
v2229 = '$';
v2230 = '0';
v2231 = 'L';
v2232 = '<EFBFBD>';
v2233 = '<EFBFBD>';
v2234 = 'H';
v2235 = '<EFBFBD>';
v2236 = 'L';
v2237 = '$';
v2238 = '`';
v2239 = '\x056';
v2240 = ' ';
v2241 = 't';
v2242 = 31;
v2243 = '<EFBFBD>';
v2244 = '\b';
v2245 = '\0';
v2246 = '\0';
v2247 = '\0';
v2248 = '\xFF';
v2249 = '\x15';
v2250 = '`';
v2251 = '~';
v2252 = '\0';
v2253 = '\0';
v2254 = '<EFBFBD>';
v2255 = -64;
v2256 = 'u';
v2257 = '\x10';
v2258 = '<EFBFBD>';
v2259 = '\x0F';
v2260 = '\x10';
v2261 = '<EFBFBD>';
v2262 = '<EFBFBD>';
v2263 = '\x01';
v2264 = '\0';
v2265 = '\0';
v2266 = '<EFBFBD>';
v2267 = '<EFBFBD>';
v2268 = '<EFBFBD>';
v2269 = '\x01';
v2270 = '\0';
v2271 = 0;
v2272 = '<EFBFBD>';
v2273 = '\x056';
v2274 = 32;
v2275 = '@';
v2276 = '<EFBFBD>';
v2277 = '<EFBFBD>';
v2278 = '\x15';
v2279 = 111;
v2280 = '\b';
v2281 = '<EFBFBD>';
v2282 = '<EFBFBD>';
v2283 = 'N';
v2284 = '<EFBFBD>';
v2285 = '<EFBFBD>';
v2286 = 'H';
v2287 = '<EFBFBD>';
v2288 = '5';
v2289 = -45;
v2290 = 'O';
v2291 = '<EFBFBD>';
v2292 = 'P';
v2293 = 'O';
v2294 = 'S';
v2295 = 73;
v2296 = 'T';
v2297 = 'I';
v2298 = 'O';
v2299 = 'N';
v2300 = '\0';
v2301 = '\0';
v2302 = 0;
v2303 = '\0';
v2304 = 'C';
v2305 = 'O';
v2306 = 76;
v2307 = '\x05z';
v2308 = '\x03';
v2309 = '\xFF';
v2310 = '<EFBFBD>';
v2311 = '<EFBFBD>';
memset(v2312, 0, 0x1Dui64);
v2313 = 1401;
v2314 = 32;
v2315 = '%';
v2316 = 's';
v2317 = '\0';
v2318 = '\0';
v2319 = '%';
v2320 = 'd';
v2321 = '\0';
v2322 = '\0';
v2323 = 'P';
v2324 = 'O';
v2325 = 'S';
v2326 = 'I';
v2327 = 'T';
v2328 = 'I';
v2329 = 'O';
v2330 = 'N';
v2331 = '\0';
v2332 = '\0';
v2333 = '\0';
v2334 = '\0';
v2335 = 'C';
v2336 = 'O';
v2337 = 'L';
v2338 = 'O';
v2339 = 'R';
v2340 = '\0';
v2341 = '\0';
v2342 = '\0';
v2343 = '\0';
v2344 = '\0';
v2345 = '\0';
v2346 = '\0';
v2347 = 1334;
v2348 = 32;
v2349 = '<EFBFBD>';
v2350 = '<EFBFBD>';
v2351 = 'v';
v2352 = ']';
v2353 = '<EFBFBD>';
v2354 = '<EFBFBD>';
v2355 = 'E';
v2356 = '.';
v2357 = 'u';
v2358 = '<EFBFBD>';
v2359 = '\x12';
v2360 = -76;
v2361 = '<EFBFBD>';
v2362 = '<EFBFBD>';
v2363 = 'H';
v2364 = 'r';
v2365 = '\x11';
v2366 = 'm';
v2367 = '<EFBFBD>';
v2368 = 'H';
v2369 = '<EFBFBD>';
v2370 = '<EFBFBD>';
v2371 = '<EFBFBD>';
v2372 = '<EFBFBD>';
v2373 = 'H';
v2374 = '<EFBFBD>';
v2375 = 'g';
v2376 = 'k';
v2377 = '<EFBFBD>';
v2378 = 'H';
v2379 = '<EFBFBD>';
v2380 = ',';
v2381 = '\x05<EFBFBD>';
v2382 = ' ';
v2383 = '\n';
v2384 = '<';
v2385 = 'a';
v2386 = 's';
v2387 = 's';
v2388 = 'e';
v2389 = 'm';
v2390 = 'b';
v2391 = 'l';
v2392 = 'y';
v2393 = ' ';
v2394 = 'x';
v2395 = 'm';
v2396 = 'l';
v2397 = 'n';
v2398 = 's';
v2399 = '=';
v2400 = '\'';
v2401 = 'u';
v2402 = 'r';
v2403 = 'n';
v2404 = ':';
v2405 = 's';
v2406 = 'c';
v2407 = 'h';
v2408 = 'e';
v2409 = 'm';
v2410 = 'a';
v2411 = 's';
v2412 = '-';
v2413 = 'm';
v2414 = 'i';
for ( BaseAddress = 0i64;
NtQueryVirtualMemory(-1i64, BaseAddress, 0i64, (__int64 *)&MemoryInformation, 48i64, &returnLength) >= 0;
BaseAddress = v85 + MemoryInformation )
{
if ( v86 == 4096
&& (v87 == 16 || v87 == 32 || v87 == 64)
&& (MemoryInformation > (unsigned __int64)sub_42119 || v85 + MemoryInformation <= (unsigned __int64)sub_42119)
&& (v87 != 64 || v85 != 110592) )
{
if ( v88 == 0x20000 || v88 == 0x40000 )
{
if ( (v56 = 0, v85 >= 0x11000)
|| v85 >= 0x4000
&& (MemoryInformation & 0xFF0000000000i64) != 0x7F0000000000i64
&& (MemoryInformation & 0xFFF000000000i64) != 0x7F000000000i64
&& v85 != 0x10000
&& (MemoryInformation & 0xFFFFF0000000i64) != 0x70000000
&& (MemoryInformation != 0x3E0000 || v85 != 0xF000)
&& (MemoryInformation != 0x3F0000 || v85 != 0x4000)
|| v56 )
{
v2723 = 0;
if ( v56 )
v1661 = 52;
else
v1661 = 47;
v2724 = v1661;
v2725 = MemoryInformation;
v2726 = v85;
v2727 = v88 | v87 | v86;
if ( v56 )
{
v2728 = v1717;
v2729 = v1717[510];
v2730 = v1717[511];
v2731 = v1717[512];
v2732 = v1717[513];
}
if ( v56 )
v2559 = 58i64;
else
v2559 = 18i64;
((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2723, (unsigned int)v2559, 0i64);
}
}
str_user32dll_1 = 'u';
v334 = 's';
v335 = 'e';
v336 = 'r';
v337 = '3';
v338 = '2';
v339 = '.';
v340 = 'd';
v341 = 'l';
v342 = 'l';
v343 = 0;
hUser32 = GetModuleHandleA((__int64 *)&str_user32dll_1);
v83 = v84 == hUser32;
v62 = v84 == hUser32;
if ( v88 == 0x20000 || v62 )
{
for ( i = BaseAddress; i != v85 + MemoryInformation; i += 4096i64 )
{
if ( NtReadVirtualMemory(-1i64, i, &buffer, 4096i64, 0i64) >= 0 )
{
for ( j = 0; (unsigned __int64)j < 0x1C; ++j )
{
if ( *(&v1759 + 20 * j) != 0x57A || v62 )
{
for ( k = 0; (unsigned int)(*(&v1760 + 10 * j) + k) <= 0x1000ui64; ++k )
{
if ( (char *)(k + i) != &v1761 + 40 * j )
{
for ( l = 0;
l < *(&v1760 + 10 * j)
&& *((unsigned __int8 *)&buffer + (signed int)(l + k)) == *((unsigned __int8 *)&v1759
+ 40 * j
+ (signed int)l
+ 8);
++l )
{
;
}
if ( l == *(&v1760 + 10 * j)
&& (*(&v1759 + 20 * j) != 1365 || *(_WORD *)((char *)&buffer + k + 215) == 16725)
&& (*(&v1759 + 20 * j) != 1375
|| *(_DWORD *)(i + (signed int)(l + k)) < 0x2000u
&& *(_WORD *)((signed int)(l + k) + i + *(unsigned int *)(i + (signed int)(l + k)) + 4) == 21569
|| *(_DWORD *)(i + (signed int)(l + k)) < 0x2000u
&& *(unsigned __int16 *)((signed int)(l + k) + i + *(unsigned int *)(i + (signed int)(l + k)) + 4) == 33096
|| *((_BYTE *)&v1759 + 40 * j + 8) == 96
&& *(_DWORD *)(i + (signed int)(l + k)) < 0x2000u
&& *(unsigned __int8 *)((signed int)(l + k) + i + *(unsigned int *)(i + (signed int)(l + k)) + 4) == 161)
&& (*(&v1759 + 20 * j) != 1402 || *(unsigned __int16 *)((char *)&buffer + k - 10) == 47176) )
{
v2640 = 0;
v2641 = 53;
v2642 = *(&v1759 + 20 * j);
v2643 = k + i;
v2644 = MemoryInformation;
v2645 = v85;
v2646 = v88 | v87 | v86;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2640, 28i64, 0i64);
if ( v62 )
goto LABEL_74;
}
}
}
}
}
}
}
}
}
LABEL_74:
if ( v86 == 4096 && (v87 == 16 || v87 == 32 || v87 == 64) )
{
v260 = 'm';
v261 = 'm';
v262 = 'r';
v263 = 'e';
v264 = 's';
v265 = '.';
v266 = 'd';
v267 = 'l';
v268 = 'l';
v269 = '\0';
hMMRes = GetModuleHandleA((__int64 *)&v260);
if ( hMMRes && hMMRes == v84 )
{
v1730 = 0;
v1731 = 'H';
v1732 = '\x05<EFBFBD>';
v1733 = v85;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1730, 8i64, 0i64);
}
else if ( v87 == 64 )
{
v300 = 'm';
v301 = 's';
v302 = 'h';
v303 = 't';
v304 = 'm';
v305 = 'l';
v306 = '.';
v307 = 'd';
v308 = 'l';
v309 = 'l';
v310 = 0;
hMsHtml = GetModuleHandleA((__int64 *)&v300);
if ( hMsHtml )
{
if ( hMsHtml == v84 )
{
v1734 = 0;
v1735 = 72;
v1736 = 1467;
v1737 = v85;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1734, 8i64, 0i64);
}
}
}
}
v2425 = -1;
if ( MemoryInformation == BaseAddress )
{
if ( v86 == 4096 && v87 == 4 && v88 == 0x20000 )
{
v2560 = 1i64;
JUMPOUT(unk_44DDF);
}
}
else
{
v2425 = -2;
}
if ( v86 != 4096 || v88 != 0x20000 && v88 != 0x1000000 || v87 & 0x100 )
{
if ( v86 == 4096 && (v87 == 1 || !v87) || v86 == 0x10000 || v86 == 0x2000 )
{
if ( v86 != 4096 || v87 )
{
for ( Address = BaseAddress;
Address < v85 + MemoryInformation && Address < MemoryInformation + 0x1000000;
Address += 0x10000i64 )
{
if ( !((unsigned int (__fastcall *)(unsigned __int64, signed __int64))IsBadReadPtr)(Address, 1i64)
&& NtQueryVirtualMemory(-1i64, Address, 0i64, &v2713, 48i64, &returnLength) >= 0
&& v2714 == v86
&& (v2714 != 4096 || v2715 == v87)
&& !((unsigned int (__fastcall *)(unsigned __int64, signed __int64))IsBadReadPtr)(Address, 1i64) )
{
qmemcpy(&MemoryInformation, &v2713, 0x30ui64);
v2425 = 0;
break;
}
if ( !((unsigned int (__fastcall *)(unsigned __int64, signed __int64))~v2538)(Address, 1i64)
&& NtQueryVirtualMemory(-1i64, Address, 0i64, &v2713, 48i64, &returnLength) >= 0
&& v2714 == v86
&& (v2714 != 4096 || v2715 == v87)
&& !((unsigned int (__fastcall *)(unsigned __int64, signed __int64))~v2538)(Address, 1i64) )
{
qmemcpy(&MemoryInformation, &v2713, 0x30ui64);
v2425 = 0;
break;
}
}
}
else
{
v2425 = 0;
}
}
}
else
{
v1658 = 0;
while ( v1658 < 2 && BaseAddress != v85 + MemoryInformation )
{
v2739 = 4096i64;
if ( v87 != 1 )
{
if ( NtReadVirtualMemory(-1i64, BaseAddress, &v2661, 16i64, 0i64) < 0
|| ((unsigned int (__fastcall *)(unsigned __int64, signed __int64))IsBadReadPtr)(BaseAddress, 16i64) )
{
if ( NtQueryVirtualMemory(-1i64, BaseAddress, 0i64, &v2748, 48i64, &returnLength) >= 0
&& v2749 == v86
&& v2750 == v87 )
{
v2425 = 2;
}
}
else
{
memcpy(&v2547, BaseAddress, 16i64);
if ( memcmp(&v2661, &v2547, 16i64)
&& !((unsigned int (__fastcall *)(unsigned __int64, signed __int64))IsBadReadPtr)(BaseAddress, 16i64)
&& !memcmp(&v2547, (__int64 *)BaseAddress, 16i64)
&& NtReadVirtualMemory(-1i64, BaseAddress, &v2661, 16i64, 0i64) >= 0
&& memcmp(&v2661, &v2547, 16i64)
&& !((unsigned int (__fastcall *)(unsigned __int64, signed __int64))IsBadReadPtr)(BaseAddress, 16i64)
&& !memcmp(&v2547, (__int64 *)BaseAddress, 16i64) )
{
v2425 = 1;
memcpy((__int64 *)v2429, (unsigned __int64)&v2547, 16i64);
}
}
}
++v1658;
BaseAddress += 4096i64;
}
}
if ( v2425 != 255 )
{
v2423 = 0;
v2424 = 33;
v2426 = MemoryInformation;
v2427 = v85;
v2428 = v88 | v87 | v86;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2423, 35i64, 0i64);
}
if ( v86 == 4096
&& v88 == 0x1000000
&& MemoryInformation == v84
&& NtReadVirtualMemory(-1i64, MemoryInformation + 60, (__int64 *)&v2539, 4i64, 0i64) >= 0
&& NtReadVirtualMemory(-1i64, MemoryInformation + v2539 + 8, &currentProcessId_1, 4i64, 0i64) >= 0
&& ((_DWORD)currentProcessId_1 == 1527957760
&& (NtReadVirtualMemory(-1i64, MemoryInformation + 0x1000, &buffer_1, 16i64, 0i64) >= 0 && !(_DWORD)buffer_1
|| NtReadVirtualMemory(-1i64, MemoryInformation + 0x501000, &buffer_1, 16i64, 0i64) >= 0
&& (_DWORD)buffer_1 != 55830784)
|| (_DWORD)currentProcessId_1 == 1511525429
&& NtReadVirtualMemory(-1i64, MemoryInformation + 0x1000, &buffer_1, 16i64, 0i64) >= 0
&& (_DWORD)buffer_1
|| (_DWORD)currentProcessId_1 == -56913115
&& NtReadVirtualMemory(-1i64, MemoryInformation + 0x6D3000, &buffer_1, 16i64, 0i64) >= 0
&& (_DWORD)buffer_1) )
{
v2586 = 0;
v2587 = 70;
v2588 = 1;
v2589 = buffer_1;
v2590 = v1755;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2586, 19i64, 0i64);
}
}
v2555 = ~v2538;
v1663 = NtQueryVirtualMemory(-1i64, ~v2538, 0i64, (__int64 *)&MemoryInformation, 48i64, &returnLength) < 0;
v57 = v1663;
if ( (_BYTE)v1663 || v86 != 4096 || v88 != 0x1000000 && v88 != 0x40000 )
{
v2626 = 0;
v2627 = 53;
v2628 = 1449;
v2629 = v2555;
if ( v57 )
v2554 = 0i64;
else
v2554 = MemoryInformation;
v2630 = v2554;
if ( v57 )
v2546 = 0i64;
else
v2546 = v85;
v2631 = v2546;
if ( v57 )
v1664 = 0;
else
v1664 = v88 | v87 | v86;
v2632 = v1664;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2626, 28i64, 0i64);
}
str_malloc = 'm';
v177 = 'a';
v178 = 'l';
v179 = 'l';
v180 = 'o';
v181 = 'c';
v182 = '\0';
hMSVCRT_2 = GetModuleHandleA((__int64 *)&str_msvcrt);
malloc = (__int64 (__fastcall *)(signed __int64))GetProcAddress(hMSVCRT_2, &str_malloc);
str_realloc = 'r';
v199 = 'e';
v200 = 'a';
v201 = 'l';
v202 = 'l';
v203 = 'o';
v204 = 'c';
v205 = '\0';
hMSVCRT_3 = GetModuleHandleA((__int64 *)&str_msvcrt);
realloc = (__int64 (__fastcall *)(unsigned int *, _QWORD))GetProcAddress(hMSVCRT_3, &str_realloc);
str_free = 'f';
v153 = 'r';
v154 = 'e';
v155 = 'e';
v156 = '\0';
hMSVCRT_4 = GetModuleHandleA((__int64 *)&str_msvcrt);
free = (void (__fastcall *)(unsigned int *))GetProcAddress(hMSVCRT_4, &str_free);
str_ntquerysysteminformation = 'N';
v1252 = 't';
v1253 = 'Q';
v1254 = 'u';
v1255 = 'e';
v1256 = 'r';
v1257 = 'y';
v1258 = 'S';
v1259 = 'y';
v1260 = 's';
v1261 = 't';
v1262 = 'e';
v1263 = 'm';
v1264 = 'I';
v1265 = 'n';
v1266 = 'f';
v1267 = 'o';
v1268 = 'r';
v1269 = 'm';
v1270 = 'a';
v1271 = 't';
v1272 = 'i';
v1273 = 'o';
v1274 = 'n';
v1275 = '\0';
NtQuerySystemInformation = (__int64 (__fastcall *)(signed __int64, unsigned int *, signed __int64, unsigned int *))GetProcAddress(hNtDLL, &str_ntquerysysteminformation);
str_user32dll = 'U';
str_user32dll_2 = 'S';
v99 = 'E';
v100 = 'R';
v101 = '3';
v102 = '2';
v103 = '.';
v104 = 'd';
v105 = 'l';
v106 = 'l';
v107 = '\0';
str_gettopwindow = 'G';
v510 = 'e';
v511 = 't';
v512 = 'T';
v513 = 'o';
v514 = 'p';
v515 = 'W';
v516 = 'i';
v517 = 'n';
v518 = 'd';
v519 = 'o';
v520 = 'w';
v521 = '\0';
hUser32_1 = GetModuleHandleA((__int64 *)&str_user32dll);
GetTopWindow = (__int64 (__fastcall *)(_QWORD))GetProcAddress(hUser32_1, &str_gettopwindow);
str_getwindow = 'G';
v251 = 'e';
v252 = 't';
v253 = 'W';
v254 = 'i';
v255 = 'n';
v256 = 'd';
v257 = 'o';
v258 = 'w';
v259 = '\0';
hUser32_2 = GetModuleHandleA((__int64 *)&str_user32dll);
GetWindow = (__int64 (__fastcall *)(__int64, signed __int64))GetProcAddress(hUser32_2, &str_getwindow);
str_getwindowthreadprocessid = 'G';
v1277 = 'e';
v1278 = 't';
v1279 = 'W';
v1280 = 'i';
v1281 = 'n';
v1282 = 'd';
v1283 = 'o';
v1284 = 'w';
v1285 = 'T';
v1286 = 'h';
v1287 = 'r';
v1288 = 'e';
v1289 = 'a';
v1290 = 'd';
v1291 = 'P';
v1292 = 'r';
v1293 = 'o';
v1294 = 'c';
v1295 = 'e';
v1296 = 's';
v1297 = 's';
v1298 = 'I';
v1299 = 'd';
v1300 = '\0';
hUser32_3 = GetModuleHandleA((__int64 *)&str_user32dll);
GetWindowThreadProcessId = (void (__fastcall *)(__int64, char *))GetProcAddress(
hUser32_3,
&str_getwindowthreadprocessid);
str_getwindowlong = 'G';
v747 = 'e';
v748 = 't';
v749 = 'W';
v750 = 'i';
v751 = 'n';
v752 = 'd';
v753 = 'o';
v754 = 'w';
v755 = 'L';
v756 = 'o';
v757 = 'n';
v758 = 'g';
v759 = 'A';
v760 = '\0';
hUser32_4 = GetModuleHandleA((__int64 *)&str_user32dll);
GetWindowLongA = (__int64 (__fastcall *)(__int64, signed __int64))GetProcAddress(hUser32_4, &str_getwindowlong);
CloseHandle(hCurrentProcessHandle);
currentProcessId = GetCurrentProcessId();
hCurrentProcessHandle = OpenProcess(2035711i64, 0i64, currentProcessId);
str_getwindowtexta = 'G';
v702 = 'e';
v703 = 't';
v704 = 'W';
v705 = 'i';
v706 = 'n';
v707 = 'd';
v708 = 'o';
v709 = 'w';
v710 = 'T';
v711 = 'e';
v712 = 'x';
v713 = 't';
v714 = 'A';
v715 = '\0';
hUser32_5 = GetModuleHandleA((__int64 *)&str_user32dll);
GetWindowTextA = (__int64 (__fastcall *)(__int64, char *, signed __int64))GetProcAddress(
hUser32_5,
&str_getwindowtexta);
str_getwindowtextw = 'G';
v732 = 'e';
v733 = 't';
v734 = 'W';
v735 = 'i';
v736 = 'n';
v737 = 'd';
v738 = 'o';
v739 = 'w';
v740 = 'T';
v741 = 'e';
v742 = 'x';
v743 = 't';
v744 = 'W';
v745 = '\0';
hUser32_6 = GetModuleHandleA((__int64 *)&str_user32dll);
GetWindowTextW = (__int64 (__fastcall *)(__int64, __int64 *, signed __int64))GetProcAddress(
hUser32_6,
&str_getwindowtextw);
str_getclassnamew = 'G';
v617 = 'e';
v618 = 't';
v619 = 'C';
v620 = 'l';
v621 = 'a';
v622 = 's';
v623 = 's';
v624 = 'N';
v625 = 'a';
v626 = 'm';
v627 = 'e';
v628 = 'W';
v629 = '\0';
hUser32_7 = GetModuleHandleA((__int64 *)&str_user32dll);
GetClassNameW = (__int64 (__fastcall *)(__int64, __int64 *, signed __int64))GetProcAddress(
hUser32_7,
&str_getclassnamew);
str_getwindowrect = 'G';
v589 = 'e';
v590 = 't';
v591 = 'W';
v592 = 'i';
v593 = 'n';
v594 = 'd';
v595 = 'o';
v596 = 'w';
v597 = 'R';
v598 = 'e';
v599 = 'c';
v600 = 't';
v601 = '\0';
hUser32_8 = GetModuleHandleA((__int64 *)&str_user32dll);
GetWindowRect = (void (__fastcall *)(__int64, __int64))GetProcAddress(hUser32_8, &str_getwindowrect);
str_queryfullprocessimagename = 'Q';
v1353 = 'u';
v1354 = 'e';
v1355 = 'r';
v1356 = 'y';
v1357 = 'F';
v1358 = 'u';
v1359 = 'l';
v1360 = 'l';
v1361 = 'P';
v1362 = 'r';
v1363 = 'o';
v1364 = 'c';
v1365 = 'e';
v1366 = 's';
v1367 = 's';
v1368 = 'I';
v1369 = 'm';
v1370 = 'a';
v1371 = 'g';
v1372 = 'e';
v1373 = 'N';
v1374 = 'a';
v1375 = 'm';
v1376 = 'e';
v1377 = 'W';
v1378 = '\0';
hKernel32_2 = GetModuleHandleA(&str_kernel32dll);
QueryFullProcessImageName = (unsigned int (__fastcall *)(__int64, _QWORD, __int64 *, unsigned int *))GetProcAddress(hKernel32_2, &str_queryfullprocessimagename);
str_widechartomultibyte = 'W';
v1041 = 'i';
v1042 = 'd';
v1043 = 'e';
v1044 = 'C';
v1045 = 'h';
v1046 = 'a';
v1047 = 'r';
v1048 = 'T';
v1049 = 'o';
v1050 = 'M';
v1051 = 'u';
v1052 = 'l';
v1053 = 't';
v1054 = 'i';
v1055 = 'B';
v1056 = 'y';
v1057 = 't';
v1058 = 'e';
v1059 = '\0';
WideCharToMultiByte = (__int64 (__fastcall *)(signed __int64, _QWORD, __int64 *, _QWORD, __int64, _QWORD, _QWORD, _QWORD))GetProcAddress(hKernel32, &str_widechartomultibyte);
str_getfileattributesexa = 'G';
v1122 = 'e';
v1123 = 't';
v1124 = 'F';
v1125 = 'i';
v1126 = 'l';
v1127 = 'e';
v1128 = 'A';
v1129 = 't';
v1130 = 't';
v1131 = 'r';
v1132 = 'i';
v1133 = 'b';
v1134 = 'u';
v1135 = 't';
v1136 = 'e';
v1137 = 's';
v1138 = 'E';
v1139 = 'x';
v1140 = 'A';
v1141 = '\0';
GetFileAttributesExA = (unsigned int (__fastcall *)(char *, _QWORD, __int64 *))GetProcAddress(
hKernel32,
&str_getfileattributesexa);
str_getfileattributesexw = 'G';
v1101 = 'e';
v1102 = 't';
v1103 = 'F';
v1104 = 'i';
v1105 = 'l';
v1106 = 'e';
v1107 = 'A';
v1108 = 't';
v1109 = 't';
v1110 = 'r';
v1111 = 'i';
v1112 = 'b';
v1113 = 'u';
v1114 = 't';
v1115 = 'e';
v1116 = 's';
v1117 = 'E';
v1118 = 'x';
v1119 = 'W';
v1120 = '\0';
GetFileAttributesExW = (unsigned int (__fastcall *)(__int64 *, _QWORD, __int64 *))GetProcAddress(
hKernel32,
&str_getfileattributesexw);
pAllocatedBuffer = malloc(0x5000i64);
*(_BYTE *)pAllocatedBuffer = 0;
*(_BYTE *)(pAllocatedBuffer + 1) = 60;
v46 = 4;
v144 = 0;
hWindow = GetTopWindow(0i64);
if ( hWindow )
{
do
{
v2745 = 0;
v108 = -1;
GetWindowThreadProcessId(hWindow, (char *)&currentProcessId_1 + 4);
if ( HIDWORD(currentProcessId_1) != (unsigned int)GetCurrentProcessId() )
{
v108 = GetWindowTextA(hWindow, (char *)&v2745 + 2, 128i64);
for ( m = 0; m < v108 - 5; ++m )
{
if ( *(int *)((char *)&v2745 + m + 2) == 'aehC' && *(_DWORD *)((char *)&v2747 + m) == 'tuAt'
|| *(int *)((char *)&v2745 + m + 2) == 'gbup' && *(_DWORD *)&v2746[m] == 'kh_g'
|| *(int *)((char *)&v2745 + m + 2) == 'lnoc' && *(__int16 *)((char *)&v2747 + m) == '- '
|| *(int *)((char *)&v2745 + m + 2) == 'freP' && *(_DWORD *)((char *)&v2747 + m) == 'Atce'
|| *(int *)((char *)&v2745 + m + 2) == 'WMIA' && *(__int16 *)((char *)&v2747 + m) == 'RA'
|| *(int *)((char *)&v2745 + m + 2) == 'GBUP' && *(_DWORD *)((char *)&v2747 + m) == 'MIA '
|| *(int *)((char *)&v2745 + m + 2) == 'epyH' && *(_DWORD *)((char *)&v2747 + m) == 'ehCr' )
{
LOWORD(v2745) = 13056;
((void (__fastcall *)(int *, _QWORD, _QWORD))ReportDetection)(&v2745, (unsigned int)(v108 + 2), 0i64);
break;
}
}
}
++v144;
windowLong = GetWindowLongA(hWindow, 0xFFFFFFF0i64);
if ( windowLong & 0x10000000 ) // Is Visible
//
{
if ( (v63 = 0, windowStyle = GetWindowLongA(hWindow, 0xFFFFFFECi64), (unsigned int)&unk_80000 & windowStyle)
&& windowStyle & 8
|| (style = windowStyle | windowLong, (windowStyle | windowLong) == 349110528)
|| style == 0x34CF0100
|| style == 0x14EF0310
|| style == 0x34EF0310
|| style == 0x14EF0110
|| style == 0x34EF0110
|| style == 0x17090020
|| style == 0x17090000
|| style == 0x16090020
|| style == 0x94080020
|| style == 0x94080080
|| style == 0x9C080080
|| style == 0x16CF0100 && *(int *)((char *)&v2745 + 2) == 1852399949 && *(_DWORD *)&v2747 == 1684957527
|| style == 0x17CF0100 && !v108
|| (style & 0xFFFFF) == 763808
|| (style & 0xFFFFF) == 525091
|| (style & 0xFFFFF) == 592421
|| (style & 0xFFFFF) == 592485
|| style == 0x160A0080
|| style == 0x16CA0008
|| (style & 0xFFFFF) == 917889
|| (style & 0xFFFFF) == 917632
|| style == -703987584
|| style == -704118527
|| style == 369950752
|| style == -1811414880
|| style == 382664961
|| style == 919535873
|| style == 369950720
|| style == -1811415040
|| style == -1811939328 && !v108
|| style == 381812992
|| style == 382206208
|| style == 369623168
|| style == 369885184
|| style == 503906464
|| style == -1668808672
|| style == -1677197152
|| style == -1677197276
|| style == -1677197280
|| style == 352913568
|| style == 369229832
|| style == -1677197312
|| style == -737673056
|| style == -1811939312
|| style == -1275068400
|| style == -1803026400
|| style == 504168488
|| style == 336068768
|| style == 336068640
|| style == 336068736
|| style == -1668808160
|| style == -1777663840
|| style == 336136352
|| style == 369754112
|| style == -1777855312
|| style == -1660420096
|| style == 382337288
|| style == 919208200
|| style == 369623200
|| style == -1675689673
|| style == 369754144
|| style == -1675689545
|| style == -1811414496
|| (v108 && HIDWORD(currentProcessId_1) == (unsigned int)GetCurrentProcessId()
|| !((unsigned int)&unk_80000 & windowStyle)
|| (windowStyle & 0x80C0388) == windowStyle ? (v1665 = 0) : (v1665 = 1),
(v63 = v1665) != 0) )
{
v2522 = v46;
windowTextW = GetWindowTextW(hWindow, &windowText, 64i64);
size = 255;
windowTextWConvertedToA = WideCharToMultiByte(
65001i64,
0i64,
&windowText,
windowTextW,
pAllocatedBuffer + v46 + 1,
*(_QWORD *)&size,
0i64,
0i64);
*(_BYTE *)(pAllocatedBuffer + v46) = windowTextWConvertedToA;
v46 += (unsigned __int8)windowTextWConvertedToA + 1;
windowTextW = GetClassNameW(hWindow, &windowText, 64i64);
size = 255;
windowTextWConvertedToA_1 = WideCharToMultiByte(
65001i64,
0i64,
&windowText,
windowTextW,
pAllocatedBuffer + v46 + 1,
*(_QWORD *)&size,
0i64,
0i64);
*(_BYTE *)(pAllocatedBuffer + v46) = windowTextWConvertedToA_1;
v46 += (unsigned __int8)windowTextWConvertedToA_1 + 1;
hProcess = OpenProcess(4096i64, 0i64, HIDWORD(currentProcessId_1));
windowTextW = 128;
hProcess_1 = hProcess
&& QueryFullProcessImageName(hProcess, 0i64, &v2775, &windowTextW)
&& (size = 255,
(windowTextW = WideCharToMultiByte(
65001i64,
0i64,
&v2775,
windowTextW,
pAllocatedBuffer + v46 + 1,
*(_QWORD *)&size,
0i64,
0i64)) != 0);
hProcess_2 = hProcess_1;
if ( hProcess )
CloseHandle(hProcess);
if ( hProcess_2 )
{
if ( GetFileAttributesExW(&v2775, 0i64, &v2753) )
v1669 = v2754;
else
v1669 = 0;
v1670 = v1669;
}
else
{
v1670 = 0;
}
if ( !v63
|| hProcess_2
&& (*(_DWORD *)(v46 + pAllocatedBuffer + windowTextW - 13) == '_pgt'
|| *(_DWORD *)(v46 + pAllocatedBuffer + windowTextW - 10) == 'nuhT'
|| *(_DWORD *)(v46 + pAllocatedBuffer + windowTextW - 8) == 'aetS') )
{
if ( hProcess_2 )
windowTextW_1 = windowTextW;
else
windowTextW_1 = 0;
*(_BYTE *)(pAllocatedBuffer + v46) = windowTextW_1;
v46 += (unsigned __int8)windowTextW_1 + 1;
*(_DWORD *)(pAllocatedBuffer + v46) = v1670;
*(_DWORD *)(pAllocatedBuffer + v46 + 4) = windowLong;
*(_DWORD *)(pAllocatedBuffer + v46 + 8) = windowStyle;
GetWindowRect(hWindow, pAllocatedBuffer + v46 + 12);
v46 += 28;
}
else
{
v46 = v2522;
}
}
}
hWindow = GetWindow(hWindow, 2i64);
}
while ( hWindow && v46 <= 20120 );
}
*(_WORD *)(pAllocatedBuffer + 2) = v46 - 4;
v46 += 2;
if ( v144 <= 1 )
{
v138 = 0;
v139 = 68;
v140 = v144;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v138, 3i64, 0i64);
}
str_duplicatehandle = 'D';
v810 = 'u';
v811 = 'p';
v812 = 'l';
v813 = 'i';
v814 = 'c';
v815 = 'a';
v816 = 't';
v817 = 'e';
v818 = 'H';
v819 = 'a';
v820 = 'n';
v821 = 'd';
v822 = 'l';
v823 = 'e';
v824 = '\0';
DuplicateHandle = (unsigned int (__fastcall *)(__int64, _QWORD, __int64, __int64 *, _QWORD, _QWORD, _QWORD))GetProcAddress(hKernel32, &str_duplicatehandle);
str_getcurrentprocess = 'G';
v910 = 'e';
v911 = 't';
v912 = 'C';
v913 = 'u';
v914 = 'r';
v915 = 'r';
v916 = 'e';
v917 = 'n';
v918 = 't';
v919 = 'P';
v920 = 'r';
v921 = 'o';
v922 = 'c';
v923 = 'e';
v924 = 's';
v925 = 's';
v926 = '\0';
GetCurrentProcess = (__int64 (*)(void))GetProcAddress(hKernel32, &str_getcurrentprocess);
str_ntqueryobject = 'N';
v603 = 't';
v604 = 'Q';
v605 = 'u';
v606 = 'e';
v607 = 'r';
v608 = 'y';
v609 = 'O';
v610 = 'b';
v611 = 'j';
v612 = 'e';
v613 = 'c';
v614 = 't';
v615 = 0;
NtQueryObject = (__int64 (__fastcall *)(__int64, signed __int64, unsigned __int16 *, signed __int64, _QWORD))GetProcAddress(hNtDLL, &str_ntqueryobject);
str_wcsnicmp = '_';
v291 = 'w';
v292 = 'c';
v293 = 's';
v294 = 'n';
v295 = 'i';
v296 = 'c';
v297 = 'm';
v298 = 'p';
v299 = 0;
hMSVCRT_5 = GetModuleHandleA((__int64 *)&str_msvcrt);
wcsnicmp = (unsigned int (__fastcall *)(__int64, signed __int16 *, _QWORD))GetProcAddress(hMSVCRT_5, &str_wcsnicmp);
str_getprocessid = 'G';
v432 = 'e';
v433 = 't';
v434 = 'P';
v435 = 'r';
v436 = 'o';
v437 = 'c';
v438 = 'e';
v439 = 's';
v440 = 's';
v441 = 'I';
v442 = 'd';
v443 = '\0';
GetProcessId = (__int64 (__fastcall *)(__int64))GetProcAddress(hKernel32, &str_getprocessid);
status_1 = 0xFFFFFFFF;
status = 0xFFFFFFFF;
SystemHandleInformation = (unsigned int *)'\0';
informationLength = 32;
do // 16 = SYSTEM_HANDLE_INFORMATION
//
{
informationLength += 1024;
SystemHandleInformation = (unsigned int *)realloc(SystemHandleInformation, informationLength);
if ( !SystemHandleInformation )
break;
status = NtQuerySystemInformation(16i64, SystemHandleInformation, informationLength, &informationLength);
}
while ( status == 0xC0000004 );
if ( SystemHandleInformation && status >= 0 )
{
v90 = -1;
for ( n = 0; n < *SystemHandleInformation && v46 <= 20219; ++n )
{
if ( HIWORD(SystemHandleInformation[6 * n + 3]) == hCurrentProcessHandle )
{
v2685 = 24i64 * (signed int)n;
if ( SystemHandleInformation[(unsigned __int64)v2685 / 4 + 2] == (unsigned int)GetCurrentProcessId() )
{
if ( status_1 )
status_1 += 1000;
}
}
if ( v90 == -1 || LOBYTE(SystemHandleInformation[6 * n + 3]) == v90 )
{
v2684 = 24i64 * (signed int)n;
if ( SystemHandleInformation[(unsigned __int64)v2684 / 4 + 2] != (unsigned int)GetCurrentProcessId() )
{
SourceProcessHandle = OpenProcess(64i64, 0i64, SystemHandleInformation[6 * n + 2]);
if ( SourceProcessHandle )
{
TargetProcessHandle = GetCurrentProcess();
SourceHandle = HIWORD(SystemHandleInformation[6 * n + 3]);
dwOptions = 0;
size = 0;
dwDesiredAccess = 1024;
if ( DuplicateHandle(
SourceProcessHandle,
SourceHandle,
TargetProcessHandle,
&TargetHandle,
*(_QWORD *)&dwDesiredAccess,
*(_QWORD *)&size,
*(_QWORD *)&dwOptions) )
{
if ( v90 == -1 )
{
v2415 = 80;
v2416 = 114;
v2417 = 111;
v2418 = 99;
v2419 = 101;
v2420 = 115;
v2421 = 115;
v2422 = 0;
status = NtQueryObject(TargetHandle, 2i64, &HandleInformation, 1024i64, 0i64);
if ( status < 0 || wcsnicmp(v2784, &v2415, HandleInformation / 2) )
{
if ( status < 0 && status_1 )
status_1 = status;
}
else
{
v90 = LOBYTE(SystemHandleInformation[6 * n + 3]);
}
}
if ( v90 != -1
&& (processId = GetProcessId(TargetHandle), processId == (unsigned int)GetCurrentProcessId())
&& SystemHandleInformation[6 * n + 6] & 0x30 )
{
hProcess_3 = OpenProcess(4096i64, 0i64, SystemHandleInformation[6 * n + 2]);
processImageName = 0;
size_1 = 256;
if ( hProcess_3
&& QueryFullProcessImageName(hProcess_3, 0i64, (__int64 *)&processImageName, &size_1)
&& (size = 255,
(size_1 = WideCharToMultiByte(
65001i64,
0i64,
(__int64 *)&processImageName,
size_1,
pAllocatedBuffer + v46 + 1,
*(_QWORD *)&size,
0i64,
0i64)) != 0) )
{
*(_BYTE *)(pAllocatedBuffer + v46) = size_1;
}
else
{
systemInformation = SystemHandleInformation[6 * n + 2];
v2618 = 0;
v2619 = 512;
v2620 = &v2785;
if ( (signed int)NtQuerySystemInformation(88i64, (unsigned int *)&systemInformation, 24i64, 0i64) < 0 )
{
*(_BYTE *)(pAllocatedBuffer + v46) = 0;
}
else
{
v2676 = pAllocatedBuffer + v46 + 1;
size = 255;
*(_BYTE *)(pAllocatedBuffer + v46) = WideCharToMultiByte(
65001i64,
0i64,
v2620,
v2618 / 2,
v2676,
*(_QWORD *)&size,
0i64,
0i64);
}
}
if ( hProcess_3 )
CloseHandle(hProcess_3);
if ( *(_BYTE *)(pAllocatedBuffer + v46) )
{
if ( GetFileAttributesExW((__int64 *)&processImageName, 0i64, &v2755) )
v1671 = v2756;
else
v1671 = 0;
v1672 = v1671;
}
else
{
v1672 = 0;
}
v46 += *(unsigned __int8 *)(pAllocatedBuffer + v46) + 1;
*(_DWORD *)(pAllocatedBuffer + v46) = v1672;
v46 += 4;
*(_DWORD *)(pAllocatedBuffer + v46) = SystemHandleInformation[6 * n + 6];
v46 += 4;
status_1 = 0;
}
else if ( v90 != -1 && HIWORD(SystemHandleInformation[6 * n + 3]) == hCurrentProcessHandle )
{
v2675 = 24i64 * (signed int)n;
if ( SystemHandleInformation[(unsigned __int64)v2675 / 4 + 2] == (unsigned int)GetCurrentProcessId() )
{
if ( status_1 )
status_1 = SystemHandleInformation[6 * n + 6];
}
}
CloseHandle(TargetHandle);
CloseHandle(SourceProcessHandle);
}
else
{
CloseHandle(SourceProcessHandle);
if ( HIWORD(SystemHandleInformation[6 * n + 3]) == hCurrentProcessHandle )
{
v2680 = 24i64 * (signed int)n;
if ( SystemHandleInformation[(unsigned __int64)v2680 / 4 + 2] == (unsigned int)GetCurrentProcessId() )
{
if ( status_1 )
status_1 = 2;
}
}
}
}
else if ( HIWORD(SystemHandleInformation[6 * n + 3]) == hCurrentProcessHandle )
{
v2683 = 24i64 * (signed int)n;
if ( SystemHandleInformation[(unsigned __int64)v2683 / 4 + 2] == (unsigned int)GetCurrentProcessId() )
status_1 = status_1 != 0;
}
}
}
}
if ( v90 == -1 )
status_1 += 200;
}
else
{
status_1 = status + 100;
}
if ( status_1 )
{
*(_DWORD *)(pAllocatedBuffer + v46) = status_1;
v46 += 4;
}
if ( *(_DWORD *)(ReportDetection + 5) == -858993460 && *(_DWORD *)(ReportDetection + 1377994) == -803035 )
*(_QWORD *)(ReportDetection + 196656) = *(_QWORD *)(ReportDetection + 1377998);
if ( SystemHandleInformation )
free(SystemHandleInformation);
*(_WORD *)(pAllocatedBuffer + *(unsigned __int16 *)(pAllocatedBuffer + 2) + 4) = v46
- 4
- *(_WORD *)(pAllocatedBuffer + 2)
- 2;
str_createfilea = 'C';
v345 = 'r';
v346 = 'e';
v347 = 'a';
v348 = 't';
v349 = 'e';
v350 = 'F';
v351 = 'i';
v352 = 'l';
v353 = 'e';
v354 = 'A';
v355 = '\0';
CreateFileA = (__int64 (__fastcall *)(char *, signed __int64, signed __int64, _QWORD, _QWORD, _QWORD, _QWORD))GetProcAddress(hKernel32, &str_createfilea);
str_getlasterror = 'G';
v523 = 'e';
v524 = 't';
v525 = 'L';
v526 = 'a';
v527 = 's';
v528 = 't';
v529 = 'E';
v530 = 'r';
v531 = 'r';
v532 = 'o';
v533 = 'r';
v534 = 0;
GetLastError = (__int64 (*)(void))GetProcAddress(hKernel32, &str_getlasterror);
str_pubgpacks = '.';
v1584 = '.';
v1585 = '\\';
v1586 = '.';
v1587 = '.';
v1588 = '\\';
v1589 = 'C';
v1590 = 'o';
v1591 = 'n';
v1592 = 't';
v1593 = 'e';
v1594 = 'n';
v1595 = 't';
v1596 = '\\';
v1597 = 'P';
v1598 = 'a';
v1599 = 'k';
v1600 = 's';
v1601 = '\\';
v1602 = 'T';
v1603 = 's';
v1604 = 'l';
v1605 = 'G';
v1606 = 'a';
v1607 = 'm';
v1608 = 'e';
v1609 = '-';
v1610 = 'W';
v1611 = 'i';
v1612 = 'n';
v1613 = 'd';
v1614 = 'o';
v1615 = 'w';
v1616 = 's';
v1617 = 'N';
v1618 = 'o';
v1619 = 'E';
v1620 = 'd';
v1621 = 'i';
v1622 = 't';
v1623 = 'o';
v1624 = 'r';
v1625 = '_';
v1626 = 'a';
v1627 = 's';
v1628 = 's';
v1629 = 'e';
v1630 = 't';
v1631 = 's';
v1632 = '_';
v1633 = 'w';
v1634 = 'o';
v1635 = 'r';
v1636 = 'l';
v1637 = 'd';
v1638 = '.';
v1639 = 'p';
v1640 = 'a';
v1641 = 'k';
v1642 = '\0';
if ( GetFileAttributesExA(&str_pubgpacks, 0i64, &fileInformation) )
v1646 = v2712;
else
v1646 = -2;
*(_DWORD *)(pAllocatedBuffer + v46) = v1646;
if ( v1646 == -2 )
{
str_readfile = 'R';
v242 = 'e';
v243 = 'a';
v244 = 'd';
v245 = 'F';
v246 = 'i';
v247 = 'l';
v248 = 'e';
v249 = '\0';
ReadFile = (unsigned int (__fastcall *)(__int64, __int64 *, signed __int64, char *, _QWORD))GetProcAddress(
hKernel32,
&str_readfile);
v1379 = '.';
v1380 = '.';
v1381 = '\\';
v1382 = '.';
v1383 = '.';
v1384 = '\\';
v1385 = 'B';
v1386 = 'L';
v1387 = 'G';
v1388 = 'a';
v1389 = 'm';
v1390 = 'e';
v1391 = '\\';
v1392 = 'C';
v1393 = 'o';
v1394 = 'o';
v1395 = 'k';
v1396 = 'e';
v1397 = 'd';
v1398 = 'C';
v1399 = 'o';
v1400 = 'n';
v1401 = 't';
v1402 = 'e';
v1403 = 'n';
v1404 = 't';
v1405 = '\\';
v1406 = 'S';
v1407 = 'c';
v1408 = 'r';
v1409 = 'i';
v1410 = 'p';
v1411 = 't';
v1412 = '\\';
v1413 = 'B';
v1414 = 'L';
v1415 = 'G';
v1416 = 'a';
v1417 = 'm';
v1418 = 'e';
v1419 = '.';
v1420 = 'u';
v1421 = '\0';
size = 128;
dwDesiredAccess = 3;
v2532 = CreateFileA(&v1379, 0x80000000i64, 7i64, 0i64, *(_QWORD *)&dwDesiredAccess, *(_QWORD *)&size, 0i64);
if ( v2532 != -1 )
{
while ( ReadFile(v2532, &v2536, 4i64, (char *)&v2536 + 4, 0i64) && HIDWORD(v2536) )
*(_DWORD *)(pAllocatedBuffer + v46) += v2536;
CloseHandle(v2532);
}
}
v1422 = '.';
v1423 = '.';
v1424 = '\\';
v1425 = '.';
v1426 = '.';
v1427 = '\\';
v1428 = 'C';
v1429 = 'o';
v1430 = 'n';
v1431 = 't';
v1432 = 'e';
v1433 = 'n';
v1434 = 't';
v1435 = '\\';
v1436 = 'P';
v1437 = 'a';
v1438 = 'k';
v1439 = 's';
v1440 = '\\';
v1441 = 'T';
v1442 = 's';
v1443 = 'l';
v1444 = 'G';
v1445 = 'a';
v1446 = 'm';
v1447 = 'e';
v1448 = '-';
v1449 = 'W';
v1450 = 'i';
v1451 = 'n';
v1452 = 'd';
v1453 = 'o';
v1454 = 'w';
v1455 = 's';
v1456 = 'N';
v1457 = 'o';
v1458 = 'E';
v1459 = 'd';
v1460 = 'i';
v1461 = 't';
v1462 = 'o';
v1463 = 'r';
v1464 = '_';
v1465 = 'u';
v1466 = 'i';
v1467 = '.';
v1468 = 'p';
v1469 = 'a';
v1470 = 'k';
v1471 = '\0';
if ( GetFileAttributesExA(&v1422, 0i64, &fileInformation) )
v1673 = v2712;
else
v1673 = -2;
*(_DWORD *)(pAllocatedBuffer + v46 + 4) = v1673;
v1472 = '.';
v1473 = '.';
v1474 = '\\';
v1475 = '.';
v1476 = '.';
v1477 = '\\';
v1478 = 'C';
v1479 = 'o';
v1480 = 'n';
v1481 = 't';
v1482 = 'e';
v1483 = 'n';
v1484 = 't';
v1485 = '\\';
v1486 = 'P';
v1487 = 'a';
v1488 = 'k';
v1489 = 's';
v1490 = '\\';
v1491 = 'T';
v1492 = 's';
v1493 = 'l';
v1494 = 'G';
v1495 = 'a';
v1496 = 'm';
v1497 = 'e';
v1498 = '-';
v1499 = 'W';
v1500 = 'i';
v1501 = 'n';
v1502 = 'd';
v1503 = 'o';
v1504 = 'w';
v1505 = 's';
v1506 = 'N';
v1507 = 'o';
v1508 = 'E';
v1509 = 'd';
v1510 = 'i';
v1511 = 't';
v1512 = 'o';
v1513 = 'r';
v1514 = '_';
v1515 = 's';
v1516 = 'o';
v1517 = 'u';
v1518 = 'n';
v1519 = 'd';
v1520 = '.';
v1521 = 112;
v1522 = 'a';
v1523 = 'k';
v1524 = 0;
if ( GetFileAttributesExA(&v1472, 0i64, &fileInformation) )
v1674 = v2712;
else
v1674 = -2;
*(_DWORD *)(pAllocatedBuffer + v46 + 8) = v1674;
v46 += 12;
*(_DWORD *)(pAllocatedBuffer + v46) = 0;
v46 += 4;
str_ntgetcontextthread = 'N';
v964 = 't';
v965 = 'G';
v966 = 'e';
v967 = 't';
v968 = 'C';
v969 = 'o';
v970 = 'n';
v971 = 't';
v972 = 'e';
v973 = 'x';
v974 = 't';
v975 = 'T';
v976 = 'h';
v977 = 'r';
v978 = 'e';
v979 = 'a';
v980 = 'd';
v981 = 0;
for ( NtGetContextThread = (char *)GetProcAddress(hNtDLL, &str_ntgetcontextthread);// BE jumping on whole 0xE9 chain to get original function
//
;
NtGetContextThread = *(char **)&NtGetContextThread[*(signed int *)(NtGetContextThread + 2) + 6] )
{
while ( (unsigned __int8)*NtGetContextThread == 0xE9 )
NtGetContextThread += *(_DWORD *)(NtGetContextThread + 1) + 5;
if ( *(_WORD *)NtGetContextThread != 0x25FF )
break;
}
hUser32_9 = GetModuleHandleA((__int64 *)&str_user32dll);
v2533 = hUser32_9 + *(signed int *)(hUser32_9 + 0x3C) + 0x18;
for ( ii = 0; ii < 256; ++ii )
{
if ( *((unsigned __int8 *)GetWindow + ii) == 232 )
{
v1751 = (char *)GetWindow + ii + *(signed int *)((char *)GetWindow + ii + 1) + 5;
if ( (unsigned __int64)v1751 >= (unsigned __int64)*(unsigned int *)(v2533 + 20) + hUser32_9
&& (unsigned __int64)v1751 < *(unsigned int *)(v2533 + 4)
+ (unsigned __int64)*(unsigned int *)(v2533 + 20)
+ hUser32_9
&& *(_WORD *)v1751 == 0x25FF )
{
for ( NtGetContextThread = v1751;
;
NtGetContextThread = *(char **)&NtGetContextThread[*(signed int *)(NtGetContextThread + 2) + 6] )
{
while ( (unsigned __int8)*NtGetContextThread == 0xE9 )
NtGetContextThread += *(_DWORD *)(NtGetContextThread + 1) + 5;
if ( *(_WORD *)NtGetContextThread != 0x25FF )
break;
}
}
}
}
*(_QWORD *)(pAllocatedBuffer + v46) = NtGetContextThread;
*(_QWORD *)(pAllocatedBuffer + v46 + 8) = *(_QWORD *)NtGetContextThread;
*(_QWORD *)(pAllocatedBuffer + v46 + 16) = *((_QWORD *)NtGetContextThread + 1);
*(_QWORD *)(pAllocatedBuffer + v46 + 24) = *((_QWORD *)NtGetContextThread + 2);
v46 += 32;
if ( v46 <= 1000 )
v1675 = 1000;
else
v1675 = v46;
((void (__fastcall *)(__int64, _QWORD, _QWORD))ReportDetection)(pAllocatedBuffer, v1675, 0i64);
free((unsigned int *)pAllocatedBuffer);
CloseHandle(hCurrentProcessHandle);
v75 = '\0';
str_createtoolhelp32snapshot = 'C';
v1302 = 'r';
v1303 = 'e';
v1304 = 'a';
v1305 = 't';
v1306 = 'e';
v1307 = 'T';
v1308 = 'o';
v1309 = 'o';
v1310 = 'l';
v1311 = 'h';
v1312 = 'e';
v1313 = 'l';
v1314 = 'p';
v1315 = '3';
v1316 = '2';
v1317 = 'S';
v1318 = 'n';
v1319 = 'a';
v1320 = 'p';
v1321 = 's';
v1322 = 'h';
v1323 = 'o';
v1324 = 't';
v1325 = '\0';
CreateToolhelp32Snapshot = (__int64 (__fastcall *)(signed __int64, _QWORD))GetProcAddress(
hKernel32,
&str_createtoolhelp32snapshot);
hSnapshot = CreateToolhelp32Snapshot(2i64, 0i64);
if ( hSnapshot != -1 )
{
str_process32first = 'P';
v687 = 'r';
v688 = 'o';
v689 = 'c';
v690 = 'e';
v691 = 's';
v692 = 's';
v693 = '3';
v694 = '2';
v695 = 'F';
v696 = 'i';
v697 = 'r';
v698 = 's';
v699 = 't';
v700 = '\0';
Process32First = (unsigned int (__fastcall *)(__int64, signed int *))GetProcAddress(hKernel32, &str_process32first);
processEntry = 304;
if ( Process32First(hSnapshot, &processEntry) )
{
str_process32next = 'P';
v575 = 'r';
v576 = 'o';
v577 = 'c';
v578 = 'e';
v579 = 's';
v580 = 's';
v581 = '3';
v582 = '2';
v583 = 'N';
v584 = 'e';
v585 = 'x';
v586 = 't';
v587 = '\0';
Process32Next = (unsigned int (__fastcall *)(__int64, signed int *))GetProcAddress(hKernel32, &str_process32next);
v143 = 0;
v1649 = 0;
v1648 = 0;
v1650 = 0;
v1651 = 0;
processInformation = 0;
do
{
v2594 = 0;
v2595 = 56;
hProcess_5 = OpenProcess(4096i64, 0i64, processId_1);
length = 128;
result_1 = hProcess_5
&& QueryFullProcessImageName(hProcess_5, 0i64, &processImageName_1, &length)
&& (size = 255,
(length = WideCharToMultiByte(
65001i64,
0i64,
&processImageName_1,
length,
(__int64)v2596,
*(_QWORD *)&size,
0i64,
0i64)) != 0);
result_2 = result_1;
if ( (_BYTE)result_1 )
{
str_getfileattributesexw_1 = 'G';
v1164 = 'e';
v1165 = 't';
v1166 = 'F';
v1167 = 'i';
v1168 = 'l';
v1169 = 'e';
v1170 = 'A';
v1171 = 't';
v1172 = 't';
v1173 = 'r';
v1174 = 'i';
v1175 = 'b';
v1176 = 'u';
v1177 = 't';
v1178 = 'e';
v1179 = 's';
v1180 = 'E';
v1181 = 'x';
v1182 = 'W';
v1183 = '\0';
GetFileAttributesExW_1 = (unsigned int (__fastcall *)(__int64 *, _QWORD, __int64 *))GetProcAddress(
hKernel32,
&str_getfileattributesexw_1);
if ( GetFileAttributesExW_1(&processImageName_1, 0i64, &fileInformation_1) )
v1677 = v2758;
else
v1677 = 0;
v1652 = v1677;
}
else
{
v2599 = processId_1;
v2600 = 0;
v2601 = 512;
v2602 = &v2786;
if ( (signed int)NtQuerySystemInformation(88i64, (unsigned int *)&v2599, 24i64, 0i64) < 0 )
{
length = 0;
}
else
{
v2671 = v2596;
size = 255;
length = WideCharToMultiByte(65001i64, 0i64, v2602, v2600 / 2, (__int64)v2596, *(_QWORD *)&size, 0i64, 0i64);
}
v1652 = 0;
}
*(_DWORD *)&v2596[length] = v1652;
if ( hProcess_5 )
{
if ( !result_2 )
{
if ( length )
{
str_getlasterror_4 = 'G';
v536 = 'e';
v537 = 't';
v538 = 'L';
v539 = 'a';
v540 = 's';
v541 = 't';
v542 = 'E';
v543 = 'r';
v544 = 'r';
v545 = 'o';
v546 = 'r';
v547 = '\0';
GetLastError_4 = (unsigned int (*)(void))GetProcAddress(hKernel32, &str_getlasterror_4);
if ( GetLastError_4() == 31 )
{
str_getprocesstimes_3 = 'G';
v794 = 'e';
v795 = 't';
v796 = 'P';
v797 = 'r';
v798 = 'o';
v799 = 'c';
v800 = 'e';
v801 = 's';
v802 = 's';
v803 = 'T';
v804 = 'i';
v805 = 'm';
v806 = 'e';
v807 = 's';
v808 = '\0';
GetProcessTimes_3 = (unsigned int (__fastcall *)(__int64, __int64 *, __int64 *, __int64 *, __int64 *))GetProcAddress(hKernel32, &str_getprocesstimes_3);
if ( GetProcessTimes_3(hProcess_5, &time, &time, &time, &time) || GetLastError_4() != 31 )
{
CloseHandle(hProcess_5);
}
else
{
CloseHandle(hProcess_5);
hProcess_5 = OpenProcess(4096i64, 0i64, processId_1);
if ( hProcess_5 )
{
*(_DWORD *)&v2596[length] = 0;
((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2594, length + 6, 0i64);
}
}
}
}
}
}
if ( v2720 != 1634038867 || v2721 != 2019896941 )
{
if ( v2720 != 1935766380 || v2721 != 2019896947 )
{
if ( v2720 != 1819310181 || v2721 != 1919251055 || v2722 != 1702389038 )
{
if ( v2720 != 778333539 || (signed __int16)v2721 != 30821 )
{
if ( v2720 == 1751348851 && v2721 == 779383663 && hProcess_5 && !processInformation )
{
str_ntqueryinformationprocess = 'N';
v1327 = 't';
v1328 = 'Q';
v1329 = 'u';
v1330 = 'e';
v1331 = 'r';
v1332 = 'y';
v1333 = 'I';
v1334 = 'n';
v1335 = 'f';
v1336 = 'o';
v1337 = 'r';
v1338 = 'm';
v1339 = 'a';
v1340 = 't';
v1341 = 'i';
v1342 = 'o';
v1343 = 'n';
v1344 = 'P';
v1345 = 'r';
v1346 = 'o';
v1347 = 'c';
v1348 = 'e';
v1349 = 's';
v1350 = 's';
v1351 = '\0';
NtQueryInformationProcess = (signed int (__fastcall *)(__int64, signed __int64, signed __int64 *, signed __int64, _QWORD))GetProcAddress(hNtDLL, &str_ntqueryinformationprocess);
if ( NtQueryInformationProcess(hProcess_5, 61i64, (signed __int64 *)&processInformation, 1i64, 0i64) < 0
|| processInformation != 81 )
{
if ( !processInformation )
{
processInformation_1 = 64i64;
if ( NtQueryInformationProcess(hProcess_5, 0i64, &processInformation_1, 64i64, 0i64) >= 0 )
{
if ( v2760 & 1 )
processInformation = 1;
}
}
}
else
{
processInformation = 0;
}
}
}
else
{
v1650 = processId_1;
}
}
else
{
v1648 = processId_1;
}
}
else
{
v1649 = processId_1;
}
}
else
{
v143 = processId_1;
}
if ( !length )
goto LABEL_573;
if ( processId_1 != (unsigned int)GetCurrentProcessId() && v1651 < 10 )
{
v50 = 0;
v66 = 0;
v79 = length;
v1647 = 0;
while ( 1 )
{
if ( v2596[--v79] == 92 )
++v1647;
if ( !v79 )
break;
if ( v79 < length - 8 )
{
v1678 = *(_DWORD *)&v2596[v79] != 858666076 || v2596[v79 + 4] == 46 ? 0 : 1;
v50 = v1678;
if ( (_BYTE)v1678 )
goto LABEL_513;
v1679 = *(_DWORD *)&v2596[v79] != 1819310181 || *(_DWORD *)&v2596[v79 + 4] != 1919251055 ? 0 : 1;
v50 = v1679;
v66 = v1679;
if ( (_BYTE)v1679 )
goto LABEL_513;
}
}
if ( v1647 > 2 )
{
for ( jj = 0; jj < length - 6; ++jj )
{
if ( *(_DWORD *)&v2596[jj] == 1936016476 && *(_DWORD *)&v2596[jj + 4] == 1886352491 && v2597[jj] == 92
|| *(_DWORD *)&v2596[jj] == 1835357276 && *(_WORD *)&v2596[jj + 4] == 23664
|| *(_DWORD *)&v2596[jj] == 1818838620 && *(_DWORD *)&v2596[jj + 4] == 1667584613
|| *(_DWORD *)&v2596[jj] == 1668236380
&& *(_DWORD *)&v2596[jj + 4] == 1852140917
&& *(_WORD *)&v2597[jj] == 29556
&& v2597[jj + 2] == 92
|| *(_DWORD *)&v2596[jj] == 2003780700
&& *(_DWORD *)&v2596[jj + 4] == 1634692206
&& *(_WORD *)&v2597[jj] == 29540
&& v2597[jj + 2] == 92
|| *(_DWORD *)&v2596[jj] == 1634685532 && *(_DWORD *)&v2596[jj + 4] == 1735289197 && v2597[jj] == 92
|| *(_DWORD *)&v2596[jj] == 779119988 && *(_WORD *)&v2596[jj + 4] == 30821
|| *(_DWORD *)&v2596[jj] == 1702129518 && *(_DWORD *)&v2596[jj + 4] == 778330480
|| *(_DWORD *)&v2596[jj] == 774778460 && *(_WORD *)&v2596[jj + 4] == 23598
|| *(_DWORD *)&v2596[jj] == 778333539 && *(_WORD *)&v2596[jj + 4] == 30821
|| !result_2 )
{
goto LABEL_513;
}
}
goto LABEL_542;
}
LABEL_513:
str_getprocesstimes_2 = 'G';
v778 = 'e';
v779 = 't';
v780 = 'P';
v781 = 'r';
v782 = 'o';
v783 = 'c';
v784 = 'e';
v785 = 's';
v786 = 's';
v787 = 'T';
v788 = 'i';
v789 = 'm';
v790 = 'e';
v791 = 's';
v792 = '\0';
GetProcessTimes_2 = (unsigned int (__fastcall *)(__int64, __int64 *, __int64 *, __int64 *, char *))GetProcAddress(hKernel32, &str_getprocesstimes_2);
if ( GetProcessTimes_2(hProcess_5, &v2530, &v2737, &v2668, (char *)&v2667)
&& (hCurrentProcess_2 = GetCurrentProcess(),
GetProcessTimes_2(hCurrentProcess_2, &v2529, &v1752, &v1752, (char *)&v1752))
&& v2529 - v2530 <= 900000000
&& v2529 - v2530 >= -300000000
|| v50 )
{
v74 = v143 != 0;
v2596[length + 4] = v143 != 0;
if ( v1648 && v2719 == v1648 )
{
v2596[length + 4] |= 2u;
}
else if ( v1649 && v2719 == v1649 )
{
v2596[length + 4] |= 8u;
}
else if ( v1650 && v2719 == v1650 )
{
v2596[length + 4] |= 0x10u;
}
else
{
hProcess_10 = OpenProcess(4096i64, 0i64, v2719);
if ( hProcess_10 )
{
CloseHandle(hProcess_10);
}
else
{
str_getlasterror_3 = 'G';
v445 = 'e';
v446 = 't';
v447 = 'L';
v448 = 'a';
v449 = 's';
v450 = 't';
v451 = 'E';
v452 = 'r';
v453 = 'r';
v454 = 'o';
v455 = 'r';
v456 = '\0';
GetLastError_3 = (unsigned int (*)(void))GetProcAddress(hKernel32, &str_getlasterror_3);
if ( GetLastError_3() != 5 )
v2596[length + 4] |= 4u;
}
}
if ( (signed int)(unsigned __int8)v2596[length + 4] > 1 || v50 )
{
Sleep(1000i64);
++v1651;
if ( GetProcessTimes_2(hProcess_5, &v1752, &v1752, (__int64 *)&v2597[length + 5], &v2598 + length) )
{
*(_QWORD *)&v2597[length + 5] -= v2668;
*(_QWORD *)(&v2598 + length) -= v2667;
if ( v2596[length + 4] & 8
|| *(_QWORD *)(&v2598 + length) + *(_QWORD *)&v2597[length + 5] >= 500000i64
|| v50 && !v66 )
{
v2595 = 64;
*(_QWORD *)&v2596[length + 5] = v2529 - v2530;
((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2594, length + 31, 0i64);
goto LABEL_584;
}
}
}
}
}
LABEL_542:
if ( !v143
|| *(_DWORD *)((char *)&v2592 + length) != 1819310181
|| *(_DWORD *)&v2593[length] != 1919251055
|| *(_DWORD *)&v2593[length + 4] != 1702389038
|| v2719 != v143 )
{
if ( *(_DWORD *)&v2591[length] != 1886217556
|| *(_DWORD *)&v2593[length + 4] != 1701603654
|| v2721 != 1702389038
|| ((char)v2720 < 65 || (char)v2720 > 90)
&& (SBYTE1(v2720) < 65 || SBYTE1(v2720) > 90)
&& (SBYTE2(v2720) < 65 || SBYTE2(v2720) > 90)
&& (SHIBYTE(v2720) < 65 || SHIBYTE(v2720) > 90) )
{
if ( *(_DWORD *)&v2593[length + 2] != 1700026952 )
{
for ( kk = 0; kk < length - 4; ++kk )
{
if ( *(_DWORD *)&v2596[kk] == 543649362
|| *(signed __int16 *)&v2596[kk] == 41191
&& (unsigned __int8)v2596[kk + 2] == -127
&& (signed int)(unsigned __int8)v2596[kk + 3] >= 48
&& (signed int)(unsigned __int8)v2596[kk + 3] <= 57
|| *(_DWORD *)&v2596[kk] == 541544018
|| *(_DWORD *)&v2596[kk] == -1864023211
|| *(_DWORD *)&v2596[kk] == 775302706 && *(_WORD *)&v2596[kk + 4] == 30821 )
{
goto LABEL_581;
}
}
LABEL_573:
if ( (v2720 != 1684107084 || v2721 != 1919052140)
&& v2720 != 543649362
&& (v1652 != (_DWORD)qword_5D720
|| v2720 == 1701667143 && v2721 == 1919252047
|| v2720 == 1701667175 && v2721 == 1919252079) )
{
goto LABEL_582;
}
goto LABEL_581;
}
}
else
{
*(_DWORD *)v2596 = v2720;
*(_DWORD *)&v2596[4] = v2721;
length = 8;
*(_DWORD *)v2597 = 255;
}
}
LABEL_581:
v2595 = 56;
((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2594, length + 6, 0i64);
LABEL_582:
if ( hProcess_5 )
CloseHandle(hProcess_5);
LABEL_584:
if ( (v2720 == 1701667143 || v2720 == 1701667175)
&& (v2721 == 1919252047 || v2721 == 1919252079)
&& (v2722 == 1434018156 || v2722 == 1970889068) )
{
v75 = 1;
hProcess_9 = OpenProcess(1024i64, 0i64, processId_1);
if ( hProcess_9 )
{
for ( ll = 0i64; NtQueryVirtualMemory(hProcess_9, ll, 0i64, &v2430, 48i64, &v2738) >= 0; ll = v2431 + v2430 )
{
if ( v2432 == 4096 && v2434 == 0x20000 && (v2433 == 16 || v2433 == 32 || v2433 == 64) )
{
if ( v2431 > 0x10000 )
{
v2571 = 0;
v2572 = 59;
v2573 = v2430;
v2574 = v2431;
v2575 = v2434 | v2433 | v2432;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2571, 18i64, 0i64);
}
if ( processInformation )
{
v2647 = 0;
v2648 = 53;
v2649 = 1457;
v2650 = processInformation;
v2651 = v2430;
v2652 = v2431;
v2653 = v2434 | v2433 | v2432;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2647, 28i64, 0i64);
}
hProcess_8 = OpenProcess(16i64, 0i64, processId_1);
if ( hProcess_8 )
{
v2435 = 8;
v2436 = 'H';
v2437 = '\0';
v2438 = 'o';
v2439 = '\0';
v2440 = 'm';
v2441 = '\0';
v2442 = 'e';
v2443 = '\0';
memset(&v2444, 0, 0x10ui64);
v2445 = 4;
v2446 = 'F';
v2447 = '\0';
v2448 = '1';
v2449 = '\0';
memset(&v2450, 0, 0x14ui64);
v2451 = 0x10;
v2452 = '\xFF';
v2453 = '\xFF';
v2454 = '<EFBFBD>';
v2455 = '<EFBFBD>';
v2456 = '\b';
v2457 = '<EFBFBD>';
v2458 = '\0';
v2459 = '\0';
v2460 = '\0';
v2461 = '\0';
v2462 = '\0';
v2463 = '\0';
v2464 = '\0';
v2465 = '\0';
v2466 = '\0';
v2467 = '\0';
memset(&v2468, 0, 8ui64);
v2469 = 24;
v2470 = 92;
v2471 = 0;
v2472 = 92;
v2473 = 0;
v2474 = 46;
v2475 = 0;
v2476 = 92;
v2477 = 0;
v2478 = 112;
v2479 = 0;
v2480 = 105;
v2481 = 0;
v2482 = 112;
v2483 = 0;
v2484 = 101;
v2485 = 0;
v2486 = 92;
v2487 = 0;
v2488 = 37;
v2489 = 0;
v2490 = 115;
v2491 = 0;
v2492 = 0;
v2493 = 0;
v2494 = 10;
v2495 = -57;
v2496 = 6;
v2497 = 0;
v2498 = 0;
v2499 = 0;
v2500 = 0;
v2501 = -58;
v2502 = 71;
v2503 = 3;
v2504 = 0;
memset(&v2505, 0, 0xEui64);
v2506 = 8;
v2507 = 105;
v2508 = -64;
v2509 = 24;
v2510 = 1;
v2511 = 0;
v2512 = 0;
v2513 = 51;
v2514 = -46;
memset(&v2515, 0, 0x10ui64);
for ( mm = ll; mm != v2431 + v2430; mm += 4096i64 )
{
if ( NtReadVirtualMemory(hProcess_8, mm, &v2790, 4096i64, 0i64) >= 0 )
{
for ( nn = 0; (unsigned __int64)nn < 6; ++nn )
{
for ( i1 = 0; (unsigned int)(*(&v2435 + 7 * nn) + i1) <= 0x1000ui64; ++i1 )
{
for ( i2 = 0;
i2 < *(&v2435 + 7 * nn)
&& *((unsigned __int8 *)&v2790 + (signed int)(i2 + i1)) == *((unsigned __int8 *)&v2435
+ 28 * nn
+ (signed int)i2
+ 4);
++i2 )
{
;
}
if ( i2 == *(&v2435 + 7 * nn) )
{
v2633 = 0;
v2634 = 53;
v2635 = 1388;
v2636 = i1 + mm;
v2637 = v2430;
v2638 = v2431;
v2639 = v2434 | v2433 | v2432;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2633, 28i64, 0i64);
goto LABEL_619;
}
}
}
}
}
LABEL_619:
CloseHandle(hProcess_8);
}
}
}
CloseHandle(hProcess_9);
}
else
{
str_getlasterror_2 = 'G';
v471 = 'e';
v472 = 't';
v473 = 'L';
v474 = 'a';
v475 = 's';
v476 = 't';
v477 = 'E';
v478 = 'r';
v479 = 'r';
v480 = 'o';
v481 = 'r';
v482 = '\0';
GetLastError_2 = (unsigned int (*)(void))GetProcAddress(hKernel32, &str_getlasterror_2);
if ( GetLastError_2() == 5 )
{
v123 = 0;
v124 = 59;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v123, 2i64, 0i64);
}
}
hSnapshot_2 = CreateToolhelp32Snapshot(24i64, processId_1);
if ( hSnapshot_2 != -1 )
{
str_module32first = 'M';
v673 = 'o';
v674 = 'd';
v675 = 'u';
v676 = 'l';
v677 = 'e';
v678 = '3';
v679 = '2';
v680 = 'F';
v681 = 'i';
v682 = 'r';
v683 = 's';
v684 = 't';
v685 = '\0';
Module32First = (unsigned int (__fastcall *)(__int64, signed int *))GetProcAddress(
hKernel32,
&str_module32first);
moduleEntry = 568;
if ( Module32First(hSnapshot_2, &moduleEntry) )
{
str_module32next = 'M';
v549 = 'o';
v550 = 'd';
v551 = 'u';
v552 = 'l';
v553 = 'e';
v554 = '3';
v555 = '2';
v556 = 'N';
v557 = 'e';
v558 = 'x';
v559 = 't';
v560 = '\0';
Module32Next = (unsigned int (__fastcall *)(__int64, signed int *))GetProcAddress(
hKernel32,
&str_module32next);
str_createfilea_1 = 'C';
v357 = 'r';
v358 = 'e';
v359 = 'a';
v360 = 't';
v361 = 'e';
v362 = 'F';
v363 = 'i';
v364 = 'l';
v365 = 'e';
v366 = 'A';
v367 = '\0';
CreateFileA_1 = GetProcAddress(hKernel32, &str_createfilea_1);
do
{
if ( v2764 != 1769301878 || v2765 != 779312946 )
{
if ( v2764 == 1701667175 && v2765 == 1919252079 && v2766 == 1970889068 && v2767 == 1818504809 )
{
v1660 = OpenProcess(16i64, 0i64, processId_1);
if ( v1660 )
{
if ( NtReadVirtualMemory(v1660, v2762 + 444281, (__int64 *)&v1756, 16i64, 0i64) >= 0
&& *(_QWORD *)&v1756 == -5130500736015824128i64
&& v1758 == -858993469
&& NtReadVirtualMemory(v1660, v1757, (__int64 *)&v1756, 4i64, 0i64) >= 0
&& NtReadVirtualMemory(v1660, v1756, (__int64 *)&v1756, 20i64, 0i64) >= 0 )
{
for ( i3 = 0; (unsigned __int64)i3 < 0x14; i3 += 4 )
{
NtReadVirtualMemory(
v1660,
*(unsigned int *)((char *)&v1756 + i3),
(__int64 *)&v2607,
16i64,
0i64);
if ( *(unsigned int *)((char *)&v1756 + i3) < v2762
|| *(unsigned int *)((char *)&v1756 + i3) >= v2763 + v2762
|| v2607 == 204 )
{
v2603 = 0;
v2604 = 59;
v2605 = i3;
v2606 = *(unsigned int *)((char *)&v1756 + i3);
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2603, 24i64, 0i64);
}
}
}
CloseHandle(v1660);
}
}
}
else
{
hProcess_7 = OpenProcess(16i64, 0i64, processId_1);
if ( hProcess_7 )
{
if ( NtReadVirtualMemory(hProcess_7, v2762 + 295766, (__int64 *)&v2769, 30i64, 0i64) >= 0 )
{
if ( *(_QWORD *)&v2769 != -8422761549041827734i64
|| v2770 != 13
|| v2772 != 38655
|| v2773 != 3467
|| v2774 != -1862336117 )
{
if ( NtReadVirtualMemory(hProcess_7, v2762 + 295736, (__int64 *)&v2769, 8i64, 0i64) >= 0
&& *(_QWORD *)&v2769 == 29839001828066410i64 )
{
v2692 = 0;
v2693 = 59;
v2694 = 0;
v2695 = v2762 + 295800;
NtReadVirtualMemory(hProcess_7, v2762 + 295800, &v2696, 16i64, 0i64);
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2692, 24i64, 0i64);
}
}
else if ( NtReadVirtualMemory(hProcess_7, v2771, (__int64 *)&v2769, 4i64, 0i64) >= 0
&& NtReadVirtualMemory(hProcess_7, v2769, (__int64 *)&v2769, 4i64, 0i64) >= 0
&& NtReadVirtualMemory(hProcess_7, v2769, (__int64 *)&v2769, 984i64, 0i64) >= 0 )
{
for ( i4 = 0; (unsigned __int64)i4 < 0x3D8; i4 += 4 )
{
NtReadVirtualMemory(
hProcess_7,
*(unsigned int *)((char *)&v2769 + i4),
(__int64 *)&v2616,
16i64,
0i64);
if ( *(unsigned int *)((char *)&v2769 + i4) < v2762
|| *(unsigned int *)((char *)&v2769 + i4) >= v2763 + v2762
|| v2616 == 204 )
{
v2612 = 0;
v2613 = 59;
v2614 = i4;
v2615 = *(unsigned int *)((char *)&v2769 + i4);
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2612, 24i64, 0i64);
}
}
}
}
CloseHandle(hProcess_7);
}
}
}
while ( Module32Next(hSnapshot_2, &moduleEntry) );
}
CloseHandle(hSnapshot_2);
}
hSnapshot_1 = CreateToolhelp32Snapshot(4i64, 0i64);
if ( hSnapshot_1 != -1 )
{
str_thread32first = 'T';
v659 = 'h';
v660 = 'r';
v661 = 'e';
v662 = 'a';
v663 = 'd';
v664 = '3';
v665 = '2';
v666 = 'F';
v667 = 'i';
v668 = 'r';
v669 = 's';
v670 = 't';
v671 = '\0';
Thread32First = (unsigned int (__fastcall *)(__int64, signed int *))GetProcAddress(
hKernel32,
&str_thread32first);
v2733 = 28;
if ( Thread32First(hSnapshot_1, &v2733) )
{
str_thread32next = 'T';
v562 = 'h';
v563 = 'r';
v564 = 'e';
v565 = 'a';
v566 = 'd';
v567 = '3';
v568 = '2';
v569 = 'N';
v570 = 'e';
v571 = 'x';
v572 = 't';
v573 = '\0';
Thread32Next = (unsigned int (__fastcall *)(__int64, signed int *))GetProcAddress(
hKernel32,
&str_thread32next);
do
{
if ( v2735 == processId_1 )
{
str_openthread = 'O';
v312 = 'p';
v313 = 'e';
v314 = 'n';
v315 = 'T';
v316 = 'h';
v317 = 'r';
v318 = 'e';
v319 = 'a';
v320 = 'd';
v321 = '\0';
OpenThread = (__int64 (__fastcall *)(signed __int64, _QWORD, _QWORD))GetProcAddress(
hKernel32,
&str_openthread);
hThread = OpenThread(10i64, 0i64, v2734);
if ( hThread )
{
str_resumethread = 'R';
v393 = 'e';
v394 = 's';
v395 = 'u';
v396 = 'm';
v397 = 'e';
v398 = 'T';
v399 = 'h';
v400 = 'r';
v401 = 'e';
v402 = 'a';
v403 = 'd';
v404 = 0;
ResumeThread = (__int64 (__fastcall *)(__int64))GetProcAddress(hKernel32, &str_resumethread);
v1653 = ResumeThread(hThread);
if ( v1653 && v1653 != -1 )
{
str_suspendthread = 'S';
v645 = 'u';
v646 = 's';
v647 = 'p';
v648 = 'e';
v649 = 'n';
v650 = 'd';
v651 = 'T';
v652 = 'h';
v653 = 'r';
v654 = 'e';
v655 = 'a';
v656 = 'd';
v657 = '\0';
SuspendThread = (void (__fastcall *)(__int64))GetProcAddress(hKernel32, &str_suspendthread);
SuspendThread(hThread);
v1687 = 0;
v1688 = 59;
v1689 = v1653;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1687, 6i64, 0i64);
}
v2780 = (signed int)qword_100010;
str_getthreadcontext = 'G';
v842 = 'e';
v843 = 't';
v844 = 'T';
v845 = 'h';
v846 = 'r';
v847 = 'e';
v848 = 'a';
v849 = 'd';
v850 = 'C';
v851 = 'o';
v852 = 'n';
v853 = 't';
v854 = 'e';
v855 = 'x';
v856 = 't';
v857 = '\0';
GetThreadContext = (unsigned int (__fastcall *)(__int64, __int64 *))GetProcAddress(
hKernel32,
&str_getthreadcontext);
if ( GetThreadContext(hThread, &context) && v2782 )
{
v1690 = 0;
v1691 = 59;
v1692 = v2781;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1690, 6i64, 0i64);
}
CloseHandle(hThread);
}
}
}
while ( Thread32Next(hSnapshot_1, &v2733) );
}
CloseHandle(hSnapshot_1);
}
}
if ( v2720 == 1935766380 && v2721 == 2019896947 )
{
v2524 = OpenProcess(1024i64, 0i64, processId_1);
if ( v2524 )
{
for ( i5 = 0i64; NtQueryVirtualMemory(v2524, i5, 0i64, &v2621, 48i64, &v2740) >= 0; i5 = v2622 + v2621 )
{
if ( v2623 == 4096 && v2625 == 0x20000 && (v2624 == 16 || v2624 == 32 || v2624 == 64) && v2622 > 0x10000 )
{
v2566 = 0;
v2567 = 66;
v2568 = v2621;
v2569 = v2622;
v2570 = v2625 | v2624 | v2623;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2566, 18i64, 0i64);
}
}
CloseHandle(v2524);
}
}
}
while ( Process32Next(hSnapshot, &processEntry) );
}
CloseHandle(hSnapshot);
if ( processInformation )
{
v1702 = 0;
v1703 = 72;
v1704 = 1457;
v1705 = processInformation;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1702, 8i64, 0i64);
}
}
str_loadlibrarya = 'L';
v406 = 'o';
v407 = 'a';
v408 = 'd';
v409 = 'L';
v410 = 'i';
v411 = 'b';
v412 = 'r';
v413 = 'a';
v414 = 'r';
v415 = 'y';
v416 = 'A';
v417 = 0;
LoadLibraryA = (__int64 (__fastcall *)(char *))GetProcAddress(hKernel32, &str_loadlibrarya);
str_psapidll = 'p';
v281 = 's';
v282 = 'a';
v283 = 'p';
v284 = 'i';
v285 = '.';
v286 = 'd';
v287 = 'l';
v288 = 'l';
v289 = 0;
hPsApi = LoadLibraryA(&str_psapidll);
if ( hPsApi )
{
str_enumprocesses = 'E';
v631 = 'n';
v632 = 'u';
v633 = 'm';
v634 = 'P';
v635 = 'r';
v636 = 'o';
v637 = 'c';
v638 = 'e';
v639 = 's';
v640 = 's';
v641 = 'e';
v642 = 's';
v643 = '\0';
EnumProcesses = (unsigned int (__fastcall *)(__int64 *, signed __int64, unsigned int *))GetProcAddress(
hPsApi,
&str_enumprocesses);
if ( EnumProcesses(&v2788, 1600i64, &v132) )
{
if ( v132 < 0x640ui64 )
{
for ( i6 = 0; ; i6 += 4 )
{
if ( i6 >= 0x10000 )
goto LABEL_752;
hProcess_6 = OpenProcess(4096i64, 0i64, (unsigned int)i6);
if ( hProcess_6 )
{
v2742 = 0;
v2743 = 56;
v52 = 128;
if ( !QueryFullProcessImageName(hProcess_6, 0i64, &v2777, &v52)
|| (size = 255,
(v52 = WideCharToMultiByte(65001i64, 0i64, &v2777, v52, (__int64)v2744, *(_QWORD *)&size, 0i64, 0i64)) == 0) )
{
v2608 = i6;
v2609 = 0;
v2610 = 512;
v2611 = &v2787;
if ( (signed int)NtQuerySystemInformation(88i64, (unsigned int *)&v2608, 24i64, 0i64) < 0 )
{
v52 = 0;
}
else
{
v2710 = v2744;
size = 255;
v52 = WideCharToMultiByte(
65001i64,
0i64,
v2611,
v2609 / 2,
(__int64)v2744,
*(_QWORD *)&size,
0i64,
0i64);
}
}
for ( i7 = 0; ; ++i7 )
{
v2709 = i7;
if ( i7 >= v132 / 4ui64 || *((_DWORD *)&v2788 + i7) == i6 )
break;
}
if ( v52 )
{
if ( !v75
&& (*(_DWORD *)((char *)&v2740 + v52 + 1) == 'emaG' || *(_DWORD *)((char *)&v2740 + v52 + 1) == 'emag')
&& (*(_DWORD *)((char *)&v2740 + v52 + 5) == 'revO' || *(_DWORD *)((char *)&v2740 + v52 + 5) == 'revo')
&& (*(_DWORD *)&v2741[v52] == 'Uyal' || *(_DWORD *)&v2741[v52] == 'uyal')
|| (v2708 = i7, i7 == v132 / 4ui64)
&& *(_DWORD *)((char *)&v2740 + v52) == 'aets'
&& *(_DWORD *)((char *)&v2740 + v52 + 4) == 'bewm' )
{
str_getexitcodeprocess = 'G';
v983 = 'e';
v984 = 't';
v985 = 'E';
v986 = 'x';
v987 = 'i';
v988 = 't';
v989 = 'C';
v990 = 'o';
v991 = 'd';
v992 = 'e';
v993 = 'P';
v994 = 'r';
v995 = 'o';
v996 = 'c';
v997 = 'e';
v998 = 's';
v999 = 's';
v1000 = '\0';
GetExitCodeProcess = (unsigned int (__fastcall *)(__int64, int *))GetProcAddress(
hKernel32,
&str_getexitcodeprocess);
if ( GetExitCodeProcess(hProcess_6, &exitCode) )
{
if ( exitCode == 259 )
{
str_getprocesstimes_1 = 'G';
v826 = 'e';
v827 = 't';
v828 = 'P';
v829 = 'r';
v830 = 'o';
v831 = 'c';
v832 = 'e';
v833 = 's';
v834 = 's';
v835 = 'T';
v836 = 'i';
v837 = 'm';
v838 = 'e';
v839 = 's';
v840 = '\0';
GetProcessTimes_1 = (unsigned int (__fastcall *)(__int64, __int64 *, __int64 *, __int64 *, __int64 *))GetProcAddress(hKernel32, &str_getprocesstimes_1);
if ( !GetProcessTimes_1(hProcess_6, &v2704, &v1685, &v1685, &v1685) )
goto LABEL_800;
hCurrentProcess_1 = GetCurrentProcess();
if ( GetProcessTimes_1(hCurrentProcess_1, &v2705, &v1685, &v1685, &v1685) )
*(_DWORD *)&v2744[v52] = (v2704 - v2705) / 10000 & 0xFFFFFFFE;
else
LABEL_800:
*(_DWORD *)&v2744[v52] = 0;
if ( *(_DWORD *)&v2744[v52] >= 0 )
{
v2703 = i7;
v1680 = i7 == v132 / 4ui64;
*(_DWORD *)&v2744[v52] |= v1680;
((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2742, v52 + 6, 0i64);
}
}
}
else
{
v30 = GetLastError();
*(_DWORD *)&v2744[v52] = v30;
((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2742, v52 + 6, 0i64);
}
}
}
v2702 = i7;
v31 = v132 % 4ui64;
if ( i7 != v132 / 4ui64 )
goto LABEL_750;
str_getprocesstimes = 'G';
v762 = 'e';
v763 = 't';
v764 = 'P';
v765 = 'r';
v766 = 'o';
v767 = 'c';
v768 = 'e';
v769 = 's';
v770 = 's';
v771 = 'T';
v772 = 'i';
v773 = 'm';
v774 = 'e';
v775 = 's';
v776 = '\0';
GetProcessTimes = (unsigned int (__fastcall *)(__int64, __int64 *, __int64 *, __int64 *, __int64 *))GetProcAddress(hKernel32, &str_getprocesstimes);
str_getlasterror_1 = 'G';
v419 = 'e';
v420 = 't';
v421 = 'L';
v422 = 'a';
v423 = 's';
v424 = 't';
v425 = 'E';
v426 = 'r';
v427 = 'r';
v428 = 'o';
v429 = 'r';
v430 = '\0';
GetLastError_1 = (unsigned int (*)(void))GetProcAddress(hKernel32, &str_getlasterror_1);
if ( GetProcessTimes(hProcess_6, &v2519, &v2519, &v2519, &v2519) || GetLastError_1() != 31 )
{
CloseHandle(hProcess_6);
continue;
}
CloseHandle(hProcess_6);
hProcess_6 = OpenProcess(4096i64, 0i64, (unsigned int)i6);
if ( hProcess_6 )
break;
}
LABEL_707:
;
}
if ( v52 )
{
if ( GetFileAttributesExW(&v2777, 0i64, &v2751) )
v1654 = v2752;
else
v1654 = 0;
*(_DWORD *)&v2744[v52] = v1654;
((void (__fastcall *)(char *, _QWORD, _QWORD))ReportDetection)(&v2742, v52 + 6, 0i64);
}
LABEL_750:
((void (__fastcall *)(__int64, unsigned __int64))CloseHandle)(hProcess_6, v31);
goto LABEL_707;
}
}
}
LABEL_752:
str_be_dlldll = 'B';
v323 = 'E';
v324 = '_';
v325 = 'D';
v326 = 'L';
v327 = 'L';
v328 = '.';
v329 = 'd';
v330 = 'l';
v331 = 'l';
v332 = '\0';
if ( GetFileAttributesExA(&str_be_dlldll, 0i64, &fileInformation) )
{
v1693 = 0;
v1694 = 61;
v1695 = v2712;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1693, 6i64, 0i64);
}
str_beep = '\\';
v233 = '\\';
v234 = '.';
v235 = '\\';
v236 = 'B';
v237 = 'e';
v238 = 'e';
v239 = 'p';
v240 = '\0';
size = '\0';
dwDesiredAccess = 3;
v1686 = CreateFileA(&str_beep, 0x80000000i64, 3i64, 0i64, *(_QWORD *)&dwDesiredAccess, *(_QWORD *)&size, 0i64);
if ( v1686 != -1 )
{
v125 = 0;
v126 = 62;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v125, 2i64, 0i64);
CloseHandle(v1686);
}
v223 = '\\';
v224 = '\\';
v225 = '.';
v226 = '\\';
v227 = 'N';
v228 = 'u';
v229 = 'l';
v230 = 'l';
v231 = '\0';
size = 0;
dwDesiredAccess = 3;
v1686 = CreateFileA(&v223, 0x80000000i64, 3i64, 0i64, *(_QWORD *)&dwDesiredAccess, *(_QWORD *)&size, 0i64);
if ( v1686 != -1 )
{
v127 = 0;
v128 = 63;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v127, 2i64, 0i64);
CloseHandle(v1686);
}
str_gettickcount = 'G';
v484 = 'e';
v485 = 't';
v486 = 'T';
v487 = 'i';
v488 = 'c';
v489 = 'k';
v490 = 'C';
v491 = 'o';
v492 = 'u';
v493 = 'n';
v494 = 't';
v495 = 0;
GetTickCount = (__int64 (*)(void))GetProcAddress(hKernel32, &str_gettickcount);
tickCount = GetTickCount();
Sleep(1000i64);
tickDelta = (unsigned __int64)GetTickCount() - tickCount;
if ( tickDelta >= 02260 )
{
v1696 = 0;
v1697 = 69;
v1698 = tickDelta;
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1696, 6i64, 0i64);
}
v1525 = '.';
v1526 = '.';
v1527 = '\\';
v1528 = '.';
v1529 = '.';
v1530 = '\\';
v1531 = 'P';
v1532 = 'l';
v1533 = 'u';
v1534 = 'g';
v1535 = 'i';
v1536 = 'n';
v1537 = 's';
v1538 = '\\';
v1539 = 'Z';
v1540 = 'i';
v1541 = 'p';
v1542 = 'U';
v1543 = 't';
v1544 = 'i';
v1545 = 'l';
v1546 = 'i';
v1547 = 't';
v1548 = 'y';
v1549 = '\\';
v1550 = 'T';
v1551 = 'h';
v1552 = 'i';
v1553 = 'r';
v1554 = 'd';
v1555 = 'P';
v1556 = 'a';
v1557 = 'r';
v1558 = 't';
v1559 = 'y';
v1560 = '\\';
v1561 = '7';
v1562 = 'z';
v1563 = 'p';
v1564 = 'p';
v1565 = '\\';
v1566 = 'd';
v1567 = 'l';
v1568 = 'l';
v1569 = '\\';
v1570 = 'W';
v1571 = 'i';
v1572 = 'n';
v1573 = '6';
v1574 = '4';
v1575 = '\\';
v1576 = '7';
v1577 = 'z';
v1578 = '.';
v1579 = 'd';
v1580 = 'l';
v1581 = 'l';
v1582 = 0;
hModule = GetModuleHandleA((__int64 *)&v1525);
if ( hModule && *(_DWORD *)(hModule + 4096) != -15449657 )
{
v2581 = 0;
v2582 = 70;
v2583 = 0;
v2584 = *(_QWORD *)(hModule + 4096);
v2585 = *(_QWORD *)(hModule + 4104);
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2581, 19i64, 0i64);
}
v207 = 'h';
v208 = 'a';
v209 = 'l';
v210 = '.';
v211 = 'd';
v212 = 'l';
v213 = 'l';
v214 = 0;
hModule = GetModuleHandleA((__int64 *)&v207);
if ( hModule )
{
v2576 = 0;
v2577 = 70;
v2578 = 2;
v2579 = *(_QWORD *)(hModule + 4096);
v2580 = *(_QWORD *)(hModule + 4104);
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v2576, 19i64, 0i64);
}
v1001 = 'n';
v1002 = 'v';
v1003 = 'T';
v1004 = 'o';
v1005 = 'o';
v1006 = 'l';
v1007 = 's';
v1008 = 'E';
v1009 = 'x';
v1010 = 't';
v1011 = '6';
v1012 = '4';
v1013 = '_';
v1014 = '1';
v1015 = '.';
v1016 = 'd';
v1017 = 'l';
v1018 = 'l';
v1019 = 0;
hModule = GetModuleHandleA((__int64 *)&v1001);
if ( hModule )
{
v1709 = 0;
v1710 = 72;
v1711 = 1448;
v1712 = *(_DWORD *)(hModule + *(signed int *)(hModule + 60) + 80);
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1709, 8i64, 0i64);
}
v945 = 'w';
v946 = 's';
v947 = '2';
v948 = 'd';
v949 = 'e';
v950 = 't';
v951 = 'o';
v952 = 'u';
v953 = 'r';
v954 = '_';
v955 = 'x';
v956 = '9';
v957 = '6';
v958 = '.';
v959 = 'd';
v960 = 'l';
v961 = 'l';
v962 = 0;
hModule = GetModuleHandleA((__int64 *)&v945);
if ( hModule )
{
v1713 = 0;
v1714 = 72;
v1715 = 1461;
v1716 = *(_DWORD *)(hModule + *(signed int *)(hModule + 60) + 80);
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1713, 8i64, 0i64);
}
str_networkdllx64 = 'n';
v928 = 'e';
v929 = 't';
v930 = 'w';
v931 = 'o';
v932 = 'r';
v933 = 'k';
v934 = 'd';
v935 = 'l';
v936 = 'l';
v937 = 'x';
v938 = '6';
v939 = '4';
v940 = '.';
v941 = 'd';
v942 = 'l';
v943 = 'l';
v944 = 0;
hModule = GetModuleHandleA((__int64 *)&str_networkdllx64);
if ( hModule )
{
if ( *(_DWORD *)(hModule + *(signed int *)(hModule + 60) + 80) < 0x200000u
|| *(_DWORD *)(hModule + *(signed int *)(hModule + 60) + 80) >= 0x400000u )
{
if ( *(_DWORD *)(*(signed int *)(hModule + 60) + hModule + 172) == 6944 )
{
v1722 = 0;
v1723 = 72;
v1724 = 1463;
v1725 = *(_DWORD *)(hModule + *(signed int *)(hModule + 60) + 8);
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1722, 8i64, 0i64);
}
}
else
{
v1718 = 0;
v1719 = 72;
v1720 = 1463;
v1721 = *(_DWORD *)(*(signed int *)(hModule + 60) + hModule + 172);
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1718, 8i64, 0i64);
}
}
str_nxdetoursdll = 'n';
v859 = 'x';
v860 = 'd';
v861 = 'e';
v862 = 't';
v863 = 'o';
v864 = 'u';
v865 = 'r';
v866 = 's';
v867 = '_';
v868 = '6';
v869 = '4';
v870 = '.';
v871 = 'd';
v872 = 'l';
v873 = 108;
v874 = '\0';
hModule = GetModuleHandleA((__int64 *)&str_nxdetoursdll);
if ( hModule )
{
v1726 = 0;
v1727 = 72;
v1728 = 1464;
v1729 = *(_DWORD *)(hModule + *(signed int *)(hModule + 60) + 80);
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1726, 8i64, 0i64);
}
str_nvcompiler = 'n';
v717 = 'v';
v718 = 'c';
v719 = 'o';
v720 = 'm';
v721 = 'p';
v722 = 'i';
v723 = 'l';
v724 = 'e';
v725 = 'r';
v726 = '.';
v727 = 'd';
v728 = 'l';
v729 = 'l';
v730 = '\0';
hModule = GetModuleHandleA((__int64 *)&str_nvcompiler);
if ( hModule )
{
v1739 = 0;
v1740 = 72;
v1741 = 1468;
v1742 = *(_DWORD *)(hModule + 0x1000);
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1739, 8i64, 0i64);
}
str_iphlpapi = 'i';
v458 = 'p';
v459 = 'h';
v460 = 'l';
v461 = 'p';
v462 = 'a';
v463 = 'p';
v464 = 'i';
v465 = '.';
v466 = 'd';
v467 = 'l';
v468 = 'l';
v469 = '\0';
hModule = LoadLibraryA(&str_iphlpapi);
if ( hModule )
{
str_getextendedTcptable = 'G';
v1061 = 'e';
v1062 = 't';
v1063 = 'E';
v1064 = 'x';
v1065 = 't';
v1066 = 'e';
v1067 = 'n';
v1068 = 'd';
v1069 = 'e';
v1070 = 'd';
v1071 = 'T';
v1072 = 'c';
v1073 = 'p';
v1074 = 'T';
v1075 = 'a';
v1076 = 'b';
v1077 = 'l';
v1078 = 'e';
v1079 = '\0';
GetExtendedTcpTable = (unsigned int (__fastcall *)(unsigned int *, unsigned int *, _QWORD, signed __int64, _QWORD, _QWORD))GetProcAddress(hModule, &str_getextendedTcptable);
memset(&v2716, 0, 0x14ui64);
for ( i8 = 0; i8 < 500; ++i8 )
{
v1656 = 0;
size = 0;
dwDesiredAccess = 8;
GetExtendedTcpTable(0i64, &v1656, 0i64, 2i64, *(_QWORD *)&dwDesiredAccess, *(_QWORD *)&size);
buffer_2 = (unsigned int *)malloc(v1656);
size = 0;
dwDesiredAccess = 8;
if ( !GetExtendedTcpTable(buffer_2, &v1656, 0i64, 2i64, *(_QWORD *)&dwDesiredAccess, *(_QWORD *)&size) )
{
for ( i9 = 0; i9 < *buffer_2; ++i9 )
{
if ( (buffer_2[40 * i9 + 5] == 0x656B1468 || buffer_2[40 * i9 + 5] == 0x656C1468)
&& buffer_2[40 * i9 + 6] == 20480 )
{
for ( i10 = 0; i10 < 10 && buffer_2[40 * i9 + 4] != *((unsigned __int16 *)&v2716 + i10); ++i10 )
{
if ( !*((_WORD *)&v2716 + i10) )
{
v1743 = 0;
v1744 = 72;
v1745 = 1465;
v1746 = BYTE1(buffer_2[40 * i9 + 4]) | (LOBYTE(buffer_2[40 * i9 + 4]) << 8);
((void (__fastcall *)(char *, signed __int64, _QWORD))ReportDetection)(&v1743, 8i64, 0i64);
*((_WORD *)&v2716 + i10) = buffer_2[40 * i9 + 4];
break;
}
}
}
}
}
free(buffer_2);
Sleep(10i64);
}
}
str_wmpdll = 'w';
v216 = 'm';
v217 = 'p';
v218 = '.';
v219 = 'd';
v220 = 'l';
v221 = 'l';
v222 = 0;
result = GetModuleHandleA((__int64 *)&str_wmpdll);
hModule = result;
if ( result )
{
v2797 = 0;
v41 = 72;
v42 = 1470;
v35 = *(_DWORD *)(v36 + 4096);
result = v33(&v34, 8i64, 0i64);
}
return result;
}
// 5D720: using guessed type __int64 qword_5D720[2];
// 100010: using guessed type __int64 qword_100010[4];
//----- (000000000004D46D) ----------------------------------------------------
unsigned __int64 __usercall sub_4D46D@<rax>(unsigned __int64 result@<rax>)
{
char *v1; // r10
char *v2; // r11
char v3; // [rsp+18h] [rbp+8h]
v1 = &v3 - result;
if ( (unsigned __int64)&v3 < result )
v1 = 0i64;
v2 = (char *)__readgsqword(0x10u);
if ( v1 < v2 )
{
LOWORD(v1) = (unsigned __int16)v1 & 0xF000;
do
{
v2 -= 4096;
*v2 = 0;
}
while ( v1 != v2 );
}
return result;
}
// ALL OK, 2 function(s) have been successfully decompiled
Reference in New Issue View Git Blame Copy Permalink