Skip to content

Instantly share code, notes, and snippets.

@RangeMachine

RangeMachine/shellcode.cpp

Last active November 27, 2023 19:06
Show Gist options
  • Star 10 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save RangeMachine/adf7a857fe6527ee9764cafd0a227b6b to your computer and use it in GitHub Desktop.
Save RangeMachine/adf7a857fe6527ee9764cafd0a227b6b to your computer and use it in GitHub Desktop.
Download ZIP
BattlEye EFT shellcode
Raw
shellcode.cpp
// positive sp value has been detected, the output may be wrong!
__int64 __fastcall sub_119(__int64 a1, __int64 a2, __int64 a3, __int64 a4, char *a5)
{
void *v5; // rsp
__int64 v6; // rax
__int64 v7; // rax
__int64 v8; // rax
__int64 v9; // rax
__int64 v10; // rax
unsigned int v11; // eax
__int64 v12; // rax
__int64 v13; // rax
__int64 v14; // rax
__int64 v15; // rax
__int64 v16; // rax
__int64 v17; // rax
__int64 v18; // rax
__int64 v19; // rax
unsigned int v20; // eax
__int64 v21; // rax
__int64 v22; // rax
__int64 v23; // rax
__int64 v24; // rax
__int64 v25; // rax
__int64 v26; // rax
__int64 v27; // rax
__int64 v28; // rax
__int64 v29; // rax
__int64 v30; // rax
__int64 result; // rax
__int64 v32; // rax
__int64 v33; // rax
__int64 v34; // rax
__int64 v35; // rax
unsigned __int64 v36; // rdx
__int64 v37; // rdx
__int64 v38; // [rsp-B2F8h] [rbp-B308h]
__int64 v39; // [rsp-B2F8h] [rbp-B308h]
__int64 v40; // [rsp-B2F0h] [rbp-B300h]
__int64 v41; // [rsp-B2F0h] [rbp-B300h]
__int64 v42; // [rsp-B2F0h] [rbp-B300h]
__int64 v43; // [rsp-B2E8h] [rbp-B2F8h]
unsigned __int64 v44; // [rsp-B2D8h] [rbp-B2E8h]
int v45; // [rsp-B2D0h] [rbp-B2E0h]
int v46; // [rsp-B2CCh] [rbp-B2DCh]
int v47; // [rsp-B2CCh] [rbp-B2DCh]
int v48; // [rsp-B2CCh] [rbp-B2DCh]
int v49; // [rsp-B2CCh] [rbp-B2DCh]
int v50; // [rsp-B2CCh] [rbp-B2DCh]
int v51; // [rsp-B2CCh] [rbp-B2DCh]
int v52; // [rsp-B2CCh] [rbp-B2DCh]
int v53; // [rsp-B2CCh] [rbp-B2DCh]
int v54; // [rsp-B2CCh] [rbp-B2DCh]
int v55; // [rsp-B2CCh] [rbp-B2DCh]
unsigned int v56; // [rsp-B2C8h] [rbp-B2D8h] BYREF
__int64 v57; // [rsp-B2C0h] [rbp-B2D0h]
__int64 v58; // [rsp-B2B8h] [rbp-B2C8h]
unsigned __int8 v59; // [rsp-B2B0h] [rbp-B2C0h] BYREF
signed int i35; // [rsp-B2ACh] [rbp-B2BCh]
bool v61; // [rsp-B2A8h] [rbp-B2B8h]
unsigned int v62; // [rsp-B2A4h] [rbp-B2B4h] BYREF
unsigned int v63; // [rsp-B2A0h] [rbp-B2B0h] BYREF
char v64; // [rsp-B29Ch] [rbp-B2ACh]
__int64 v65; // [rsp-B298h] [rbp-B2A8h]
char v66; // [rsp-B290h] [rbp-B2A0h] BYREF
bool v67; // [rsp-B28Fh] [rbp-B29Fh]
bool v68; // [rsp-B28Eh] [rbp-B29Eh]
bool v69; // [rsp-B28Dh] [rbp-B29Dh]
bool v70; // [rsp-B28Ch] [rbp-B29Ch]
bool v71; // [rsp-B28Bh] [rbp-B29Bh]
int v72; // [rsp-B288h] [rbp-B298h]
int (__fastcall *NtReadVirtualMemory)(__int64, __int64, _BYTE *, __int64, _QWORD); // [rsp-B280h] [rbp-B290h]
unsigned int kk; // [rsp-B278h] [rbp-B288h]
__int64 v75; // [rsp-B270h] [rbp-B280h]
bool v76; // [rsp-B268h] [rbp-B278h]
bool v77; // [rsp-B267h] [rbp-B277h]
bool v78; // [rsp-B266h] [rbp-B276h]
unsigned __int8 v79; // [rsp-B265h] [rbp-B275h] BYREF
void (__fastcall *CloseHandle)(__int64); // [rsp-B260h] [rbp-B270h]
int v81; // [rsp-B258h] [rbp-B268h]
int i24; // [rsp-B254h] [rbp-B264h]
char *v83; // [rsp-B250h] [rbp-B260h]
char v84; // [rsp-B248h] [rbp-B258h]
char v85; // [rsp-B247h] [rbp-B257h]
bool v86; // [rsp-B246h] [rbp-B256h]
int i11; // [rsp-B244h] [rbp-B254h]
signed int i37; // [rsp-B240h] [rbp-B250h]
_QWORD v89[6]; // [rsp-B238h] [rbp-B248h] BYREF
unsigned int *v90; // [rsp-B208h] [rbp-B218h]
int i45; // [rsp-B200h] [rbp-B210h]
unsigned int i112; // [rsp-B1FCh] [rbp-B20Ch]
unsigned int *v93; // [rsp-B1F8h] [rbp-B208h]
bool v94; // [rsp-B1F0h] [rbp-B200h]
bool v95; // [rsp-B1EFh] [rbp-B1FFh]
char v96; // [rsp-B1EEh] [rbp-B1FEh]
char v97; // [rsp-B1EDh] [rbp-B1FDh]
unsigned __int8 v98; // [rsp-B1ECh] [rbp-B1FCh]
__int64 (__fastcall *OpenProcess)(__int64, _QWORD, _QWORD); // [rsp-B1E8h] [rbp-B1F8h]
int i12; // [rsp-B1E0h] [rbp-B1F0h]
unsigned __int8 *mm; // [rsp-B1D8h] [rbp-B1E8h]
int v102; // [rsp-B1D0h] [rbp-B1E0h]
int i19; // [rsp-B1CCh] [rbp-B1DCh]
unsigned int i13; // [rsp-B1C8h] [rbp-B1D8h]
unsigned int v105; // [rsp-B1C4h] [rbp-B1D4h] BYREF
signed int v106; // [rsp-B1C0h] [rbp-B1D0h]
int j; // [rsp-B1BCh] [rbp-B1CCh]
int v108; // [rsp-B1B8h] [rbp-B1C8h]
unsigned int i92; // [rsp-B1B4h] [rbp-B1C4h]
__int64 v110; // [rsp-B1B0h] [rbp-B1C0h]
__int64 v111; // [rsp-B1A8h] [rbp-B1B8h]
_BYTE *v112; // [rsp-B1A0h] [rbp-B1B0h]
int v113; // [rsp-B198h] [rbp-B1A8h]
__int64 v114; // [rsp-B190h] [rbp-B1A0h]
int i51; // [rsp-B188h] [rbp-B198h]
int i55; // [rsp-B184h] [rbp-B194h]
int i66; // [rsp-B180h] [rbp-B190h]
int i106; // [rsp-B17Ch] [rbp-B18Ch]
unsigned int v119; // [rsp-B178h] [rbp-B188h]
unsigned __int8 *NtQueryVirtualMemory; // [rsp-B170h] [rbp-B180h]
unsigned __int64 i8; // [rsp-B168h] [rbp-B178h]
char v122[16]; // [rsp-B160h] [rbp-B170h] BYREF
char v123; // [rsp-B150h] [rbp-B160h]
char v124; // [rsp-B14Fh] [rbp-B15Fh]
char v125; // [rsp-B14Eh] [rbp-B15Eh] BYREF
__int64 v126; // [rsp-B148h] [rbp-B158h]
bool v127; // [rsp-B140h] [rbp-B150h]
unsigned int *v128; // [rsp-B138h] [rbp-B148h]
unsigned int i75; // [rsp-B130h] [rbp-B140h]
int i76; // [rsp-B12Ch] [rbp-B13Ch]
int v131; // [rsp-B128h] [rbp-B138h]
int v132; // [rsp-B124h] [rbp-B134h]
int v133; // [rsp-B120h] [rbp-B130h]
int v134; // [rsp-B11Ch] [rbp-B12Ch]
signed int i31; // [rsp-B118h] [rbp-B128h]
_QWORD v136[2]; // [rsp-B110h] [rbp-B120h] BYREF
__int64 (*GetCurrentProcessId)(void); // [rsp-B100h] [rbp-B110h]
int i101; // [rsp-B0F8h] [rbp-B108h]
unsigned int i61; // [rsp-B0F4h] [rbp-B104h]
unsigned int v140; // [rsp-B0F0h] [rbp-B100h]
int i104; // [rsp-B0ECh] [rbp-B0FCh]
unsigned int i33; // [rsp-B0E8h] [rbp-B0F8h]
int i107; // [rsp-B0E4h] [rbp-B0F4h]
int i100; // [rsp-B0E0h] [rbp-B0F0h]
unsigned int i43; // [rsp-B0DCh] [rbp-B0ECh]
int v146; // [rsp-B0D8h] [rbp-B0E8h]
int i6; // [rsp-B0D4h] [rbp-B0E4h]
int i4; // [rsp-B0D0h] [rbp-B0E0h]
int i103; // [rsp-B0CCh] [rbp-B0DCh]
__int64 v150; // [rsp-B0C8h] [rbp-B0D8h]
_QWORD *v151; // [rsp-B0C0h] [rbp-B0D0h]
unsigned __int64 v152; // [rsp-B0B8h] [rbp-B0C8h]
int v153; // [rsp-B0B0h] [rbp-B0C0h] BYREF
int v154; // [rsp-B0ACh] [rbp-B0BCh]
char v155[16]; // [rsp-B090h] [rbp-B0A0h] BYREF
int i25; // [rsp-B080h] [rbp-B090h]
int i26; // [rsp-B07Ch] [rbp-B08Ch]
int i27; // [rsp-B078h] [rbp-B088h]
int i28; // [rsp-B074h] [rbp-B084h]
int i29; // [rsp-B070h] [rbp-B080h]
int i30; // [rsp-B06Ch] [rbp-B07Ch]
signed int i32; // [rsp-B068h] [rbp-B078h]
unsigned int v163; // [rsp-B064h] [rbp-B074h] BYREF
signed int i34; // [rsp-B060h] [rbp-B070h]
signed int i36; // [rsp-B05Ch] [rbp-B06Ch]
int i39; // [rsp-B058h] [rbp-B068h]
int i40; // [rsp-B054h] [rbp-B064h]
int i42; // [rsp-B050h] [rbp-B060h]
int i44; // [rsp-B04Ch] [rbp-B05Ch]
int v170; // [rsp-B048h] [rbp-B058h]
int i46; // [rsp-B044h] [rbp-B054h]
int i47; // [rsp-B040h] [rbp-B050h]
int i48; // [rsp-B03Ch] [rbp-B04Ch]
int i49; // [rsp-B038h] [rbp-B048h]
int i50; // [rsp-B034h] [rbp-B044h]
int i52; // [rsp-B030h] [rbp-B040h]
int i54; // [rsp-B02Ch] [rbp-B03Ch]
int i56; // [rsp-B028h] [rbp-B038h]
int i60; // [rsp-B024h] [rbp-B034h]
int i62; // [rsp-B020h] [rbp-B030h]
int i59; // [rsp-B01Ch] [rbp-B02Ch]
unsigned int v182; // [rsp-B018h] [rbp-B028h] BYREF
int i64; // [rsp-B014h] [rbp-B024h]
int i65; // [rsp-B010h] [rbp-B020h]
int i67; // [rsp-B00Ch] [rbp-B01Ch]
int v186; // [rsp-B008h] [rbp-B018h]
int i69; // [rsp-B004h] [rbp-B014h]
unsigned int v188; // [rsp-B000h] [rbp-B010h]
unsigned int i71; // [rsp-AFFCh] [rbp-B00Ch]
int i72; // [rsp-AFF8h] [rbp-B008h]
int i73; // [rsp-AFF4h] [rbp-B004h]
int i74; // [rsp-AFF0h] [rbp-B000h]
unsigned int i77; // [rsp-AFECh] [rbp-AFFCh]
unsigned int i78; // [rsp-AFE8h] [rbp-AFF8h]
unsigned int i79; // [rsp-AFE4h] [rbp-AFF4h]
int i80; // [rsp-AFE0h] [rbp-AFF0h]
int i81; // [rsp-AFDCh] [rbp-AFECh]
int i82; // [rsp-AFD8h] [rbp-AFE8h]
int i83; // [rsp-AFD4h] [rbp-AFE4h]
int i84; // [rsp-AFD0h] [rbp-AFE0h]
int i85; // [rsp-AFCCh] [rbp-AFDCh]
int i86; // [rsp-AFC8h] [rbp-AFD8h]
int i87; // [rsp-AFC4h] [rbp-AFD4h]
int i89; // [rsp-AFC0h] [rbp-AFD0h]
int i88; // [rsp-AFBCh] [rbp-AFCCh]
int i90; // [rsp-AFB8h] [rbp-AFC8h]
int i91; // [rsp-AFB4h] [rbp-AFC4h]
signed int i93; // [rsp-AFB0h] [rbp-AFC0h]
int i94; // [rsp-AFACh] [rbp-AFBCh]
int i95; // [rsp-AFA8h] [rbp-AFB8h]
int i96; // [rsp-AFA4h] [rbp-AFB4h]
int i97; // [rsp-AFA0h] [rbp-AFB0h]
int i98; // [rsp-AF9Ch] [rbp-AFACh]
int i99; // [rsp-AF98h] [rbp-AFA8h]
int i102; // [rsp-AF94h] [rbp-AFA4h]
int i105; // [rsp-AF90h] [rbp-AFA0h]
int i108; // [rsp-AF8Ch] [rbp-AF9Ch]
int i109; // [rsp-AF88h] [rbp-AF98h]
int i110; // [rsp-AF84h] [rbp-AF94h]
unsigned int v220; // [rsp-AF80h] [rbp-AF90h] BYREF
unsigned int v221; // [rsp-AF7Ch] [rbp-AF8Ch] BYREF
int i114; // [rsp-AF78h] [rbp-AF88h]
int i111; // [rsp-AF74h] [rbp-AF84h]
int i115; // [rsp-AF70h] [rbp-AF80h]
int v225; // [rsp-AF6Ch] [rbp-AF7Ch]
int i116; // [rsp-AF68h] [rbp-AF78h]
int i117; // [rsp-AF64h] [rbp-AF74h]
int i118; // [rsp-AF60h] [rbp-AF70h]
int v229; // [rsp-AF5Ch] [rbp-AF6Ch]
int i119; // [rsp-AF58h] [rbp-AF68h]
unsigned int v231; // [rsp-AF54h] [rbp-AF64h] BYREF
__int64 (__fastcall *WideCharToMultiByte)(__int64, _QWORD, __int64 *, _QWORD, __int64, __int64, _QWORD, _QWORD); // [rsp-AF50h] [rbp-AF60h]
_DWORD *v233; // [rsp-AF48h] [rbp-AF58h]
__int64 *v234; // [rsp-AF40h] [rbp-AF50h]
unsigned __int8 *i1; // [rsp-AF38h] [rbp-AF48h]
char v236; // [rsp-AF30h] [rbp-AF40h]
char v237; // [rsp-AF2Fh] [rbp-AF3Fh]
char v238; // [rsp-AF2Ch] [rbp-AF3Ch]
char v239; // [rsp-AF2Bh] [rbp-AF3Bh]
char v240; // [rsp-AF28h] [rbp-AF38h]
char v241; // [rsp-AF27h] [rbp-AF37h]
char v242; // [rsp-AF24h] [rbp-AF34h]
char v243; // [rsp-AF23h] [rbp-AF33h]
int i; // [rsp-AF20h] [rbp-AF30h]
int k; // [rsp-AF1Ch] [rbp-AF2Ch]
int jj; // [rsp-AF18h] [rbp-AF28h]
unsigned int v247; // [rsp-AF14h] [rbp-AF24h] BYREF
unsigned int v248; // [rsp-AF10h] [rbp-AF20h] BYREF
int nn; // [rsp-AF0Ch] [rbp-AF1Ch]
int i3; // [rsp-AF08h] [rbp-AF18h]
int i5; // [rsp-AF04h] [rbp-AF14h]
int i7; // [rsp-AF00h] [rbp-AF10h]
int i9; // [rsp-AEFCh] [rbp-AF0Ch]
int i14; // [rsp-AEF8h] [rbp-AF08h]
int i15; // [rsp-AEF4h] [rbp-AF04h]
int i16; // [rsp-AEF0h] [rbp-AF00h]
int i17; // [rsp-AEECh] [rbp-AEFCh]
int i20; // [rsp-AEE8h] [rbp-AEF8h]
__int64 (__fastcall *NtQuerySystemInformation)(__int64, unsigned int *, __int64, unsigned int *); // [rsp-AEE0h] [rbp-AEF0h]
char v260; // [rsp-AED8h] [rbp-AEE8h]
_BYTE v261[7]; // [rsp-AED7h] [rbp-AEE7h]
unsigned int *v262; // [rsp-AED0h] [rbp-AEE0h]
__int64 v263; // [rsp-AEC8h] [rbp-AED8h]
__int64 (__fastcall *GetWindow)(__int64, __int64); // [rsp-AEC0h] [rbp-AED0h]
__int64 v265; // [rsp-AEB8h] [rbp-AEC8h] BYREF
__int64 v266; // [rsp-AEB0h] [rbp-AEC0h] BYREF
unsigned int *v267; // [rsp-AEA8h] [rbp-AEB8h]
int v268; // [rsp-AEA0h] [rbp-AEB0h]
unsigned int i63; // [rsp-AE9Ch] [rbp-AEACh]
int v270; // [rsp-AE98h] [rbp-AEA8h]
unsigned int v271; // [rsp-AE94h] [rbp-AEA4h]
int v272; // [rsp-AE90h] [rbp-AEA0h]
unsigned int v273; // [rsp-AE8Ch] [rbp-AE9Ch] BYREF
__int64 v274; // [rsp-AE88h] [rbp-AE98h]
char v275[16]; // [rsp-AE80h] [rbp-AE90h] BYREF
char v276[8]; // [rsp-AE70h] [rbp-AE80h] BYREF
char v277[8]; // [rsp-AE68h] [rbp-AE78h] BYREF
char v278[16]; // [rsp-AE60h] [rbp-AE70h] BYREF
char v279[56]; // [rsp-AE50h] [rbp-AE60h] BYREF
_BYTE v280[8]; // [rsp-AE18h] [rbp-AE28h]
char v281[8]; // [rsp-AE10h] [rbp-AE20h] BYREF
char v282[8]; // [rsp-AE08h] [rbp-AE18h] BYREF
char v283[8]; // [rsp-AE00h] [rbp-AE10h] BYREF
char v284[8]; // [rsp-ADF8h] [rbp-AE08h] BYREF
__int64 v285; // [rsp-ADF0h] [rbp-AE00h] BYREF
unsigned __int64 i41; // [rsp-ADE8h] [rbp-ADF8h]
__int64 v287; // [rsp-ADE0h] [rbp-ADF0h]
__int64 v288; // [rsp-ADD8h] [rbp-ADE8h]
__int64 v289; // [rsp-ADD0h] [rbp-ADE0h]
char v290[8]; // [rsp-ADC8h] [rbp-ADD8h] BYREF
__int64 (*GetLastError)(void); // [rsp-ADC0h] [rbp-ADD0h]
void (__fastcall *free)(unsigned int *); // [rsp-ADB8h] [rbp-ADC8h]
char v293[8]; // [rsp-ADB0h] [rbp-ADC0h] BYREF
char v294[8]; // [rsp-ADA8h] [rbp-ADB8h] BYREF
char v295[8]; // [rsp-ADA0h] [rbp-ADB0h] BYREF
char v296[8]; // [rsp-AD98h] [rbp-ADA8h] BYREF
__int64 i10; // [rsp-AD90h] [rbp-ADA0h]
char v298[16]; // [rsp-AD88h] [rbp-AD98h] BYREF
char v299[16]; // [rsp-AD78h] [rbp-AD88h] BYREF
char v300[16]; // [rsp-AD68h] [rbp-AD78h] BYREF
char v301[16]; // [rsp-AD58h] [rbp-AD68h] BYREF
char v302[16]; // [rsp-AD48h] [rbp-AD58h] BYREF
_BYTE v303[16]; // [rsp-AD38h] [rbp-AD48h]
_BYTE v304[16]; // [rsp-AD28h] [rbp-AD38h]
char v305[16]; // [rsp-AD18h] [rbp-AD28h] BYREF
char v306[16]; // [rsp-AD08h] [rbp-AD18h] BYREF
char v307[16]; // [rsp-ACF8h] [rbp-AD08h] BYREF
char v308[16]; // [rsp-ACE8h] [rbp-ACF8h] BYREF
char v309[16]; // [rsp-ACD8h] [rbp-ACE8h] BYREF
char v310[16]; // [rsp-ACC8h] [rbp-ACD8h] BYREF
char v311[16]; // [rsp-ACB8h] [rbp-ACC8h] BYREF
char v312[16]; // [rsp-ACA8h] [rbp-ACB8h] BYREF
char v313[16]; // [rsp-AC98h] [rbp-ACA8h] BYREF
char v314[16]; // [rsp-AC88h] [rbp-AC98h] BYREF
char v315[16]; // [rsp-AC78h] [rbp-AC88h] BYREF
char v316[16]; // [rsp-AC68h] [rbp-AC78h] BYREF
char v317[16]; // [rsp-AC58h] [rbp-AC68h] BYREF
char v318[16]; // [rsp-AC48h] [rbp-AC58h] BYREF
char v319[16]; // [rsp-AC38h] [rbp-AC48h] BYREF
char v320[16]; // [rsp-AC28h] [rbp-AC38h] BYREF
char v321[16]; // [rsp-AC18h] [rbp-AC28h] BYREF
char v322[16]; // [rsp-AC08h] [rbp-AC18h] BYREF
char v323[16]; // [rsp-ABF8h] [rbp-AC08h] BYREF
char v324[16]; // [rsp-ABE8h] [rbp-ABF8h] BYREF
char v325[16]; // [rsp-ABD8h] [rbp-ABE8h] BYREF
char v326[16]; // [rsp-ABC8h] [rbp-ABD8h] BYREF
char v327[16]; // [rsp-ABB8h] [rbp-ABC8h] BYREF
char v328[16]; // [rsp-ABA8h] [rbp-ABB8h] BYREF
char v329[16]; // [rsp-AB98h] [rbp-ABA8h] BYREF
char v330[16]; // [rsp-AB88h] [rbp-AB98h] BYREF
char v331[16]; // [rsp-AB78h] [rbp-AB88h] BYREF
char v332[16]; // [rsp-AB68h] [rbp-AB78h] BYREF
char v333[16]; // [rsp-AB58h] [rbp-AB68h] BYREF
char v334[16]; // [rsp-AB48h] [rbp-AB58h] BYREF
_BYTE v335[16]; // [rsp-AB38h] [rbp-AB48h]
char v336[16]; // [rsp-AB28h] [rbp-AB38h] BYREF
char v337[16]; // [rsp-AB18h] [rbp-AB28h] BYREF
char v338[16]; // [rsp-AB08h] [rbp-AB18h] BYREF
char v339[16]; // [rsp-AAF8h] [rbp-AB08h] BYREF
char v340[16]; // [rsp-AAE8h] [rbp-AAF8h] BYREF
char v341[16]; // [rsp-AAD8h] [rbp-AAE8h] BYREF
char v342[16]; // [rsp-AAC8h] [rbp-AAD8h] BYREF
char v343[16]; // [rsp-AAB8h] [rbp-AAC8h] BYREF
char v344[16]; // [rsp-AAA8h] [rbp-AAB8h] BYREF
char v345[16]; // [rsp-AA98h] [rbp-AAA8h] BYREF
char v346[16]; // [rsp-AA88h] [rbp-AA98h] BYREF
char v347[16]; // [rsp-AA78h] [rbp-AA88h] BYREF
char v348[16]; // [rsp-AA68h] [rbp-AA78h] BYREF
char v349[16]; // [rsp-AA58h] [rbp-AA68h] BYREF
char v350[16]; // [rsp-AA48h] [rbp-AA58h] BYREF
char v351[16]; // [rsp-AA38h] [rbp-AA48h] BYREF
char v352[16]; // [rsp-AA28h] [rbp-AA38h] BYREF
char v353[16]; // [rsp-AA18h] [rbp-AA28h] BYREF
char v354[16]; // [rsp-AA08h] [rbp-AA18h] BYREF
char v355[16]; // [rsp-A9F8h] [rbp-AA08h] BYREF
_BYTE v356[16]; // [rsp-A9E8h] [rbp-A9F8h]
char v357[16]; // [rsp-A9D8h] [rbp-A9E8h] BYREF
char v358[16]; // [rsp-A9C8h] [rbp-A9D8h] BYREF
char v359[16]; // [rsp-A9B8h] [rbp-A9C8h] BYREF
char v360[16]; // [rsp-A9A8h] [rbp-A9B8h] BYREF
char v361[16]; // [rsp-A998h] [rbp-A9A8h] BYREF
char v362[16]; // [rsp-A988h] [rbp-A998h] BYREF
char v363[16]; // [rsp-A978h] [rbp-A988h] BYREF
char v364[16]; // [rsp-A968h] [rbp-A978h] BYREF
char v365[16]; // [rsp-A958h] [rbp-A968h] BYREF
char v366[16]; // [rsp-A948h] [rbp-A958h] BYREF
char v367[24]; // [rsp-A938h] [rbp-A948h] BYREF
char v368[24]; // [rsp-A920h] [rbp-A930h] BYREF
char v369[24]; // [rsp-A908h] [rbp-A918h] BYREF
char v370[24]; // [rsp-A8F0h] [rbp-A900h] BYREF
char v371[24]; // [rsp-A8D8h] [rbp-A8E8h] BYREF
char v372[24]; // [rsp-A8C0h] [rbp-A8D0h] BYREF
char v373[24]; // [rsp-A8A8h] [rbp-A8B8h] BYREF
char v374[24]; // [rsp-A890h] [rbp-A8A0h] BYREF
char v375[24]; // [rsp-A878h] [rbp-A888h] BYREF
char v376[24]; // [rsp-A860h] [rbp-A870h] BYREF
char v377[24]; // [rsp-A848h] [rbp-A858h] BYREF
char v378[24]; // [rsp-A830h] [rbp-A840h] BYREF
char v379[24]; // [rsp-A818h] [rbp-A828h] BYREF
char v380[24]; // [rsp-A800h] [rbp-A810h] BYREF
char v381[24]; // [rsp-A7E8h] [rbp-A7F8h] BYREF
char v382[24]; // [rsp-A7D0h] [rbp-A7E0h] BYREF
char v383[24]; // [rsp-A7B8h] [rbp-A7C8h] BYREF
char v384[24]; // [rsp-A7A0h] [rbp-A7B0h] BYREF
char v385[24]; // [rsp-A788h] [rbp-A798h] BYREF
char v386[24]; // [rsp-A770h] [rbp-A780h] BYREF
char v387[24]; // [rsp-A758h] [rbp-A768h] BYREF
char v388[24]; // [rsp-A740h] [rbp-A750h] BYREF
char v389[24]; // [rsp-A728h] [rbp-A738h] BYREF
char v390[24]; // [rsp-A710h] [rbp-A720h] BYREF
char v391[24]; // [rsp-A6F8h] [rbp-A708h] BYREF
char v392[24]; // [rsp-A6E0h] [rbp-A6F0h] BYREF
char v393[24]; // [rsp-A6C8h] [rbp-A6D8h] BYREF
char v394[24]; // [rsp-A6B0h] [rbp-A6C0h] BYREF
char v395[24]; // [rsp-A698h] [rbp-A6A8h] BYREF
char v396[24]; // [rsp-A680h] [rbp-A690h] BYREF
char v397[24]; // [rsp-A668h] [rbp-A678h] BYREF
char v398[24]; // [rsp-A650h] [rbp-A660h] BYREF
char v399[24]; // [rsp-A638h] [rbp-A648h] BYREF
char v400[24]; // [rsp-A620h] [rbp-A630h] BYREF
char v401[32]; // [rsp-A608h] [rbp-A618h] BYREF
char v402[32]; // [rsp-A5E8h] [rbp-A5F8h] BYREF
char v403[32]; // [rsp-A5C8h] [rbp-A5D8h] BYREF
char v404[32]; // [rsp-A5A8h] [rbp-A5B8h] BYREF
char v405[32]; // [rsp-A588h] [rbp-A598h] BYREF
char v406[32]; // [rsp-A568h] [rbp-A578h] BYREF
char v407[32]; // [rsp-A548h] [rbp-A558h] BYREF
char v408[32]; // [rsp-A528h] [rbp-A538h] BYREF
char v409[32]; // [rsp-A508h] [rbp-A518h] BYREF
char v410[32]; // [rsp-A4E8h] [rbp-A4F8h] BYREF
char v411[32]; // [rsp-A4C8h] [rbp-A4D8h] BYREF
char v412[32]; // [rsp-A4A8h] [rbp-A4B8h] BYREF
char v413[65]; // [rsp-A488h] [rbp-A498h] BYREF
char v414; // [rsp-A447h] [rbp-A457h]
__int16 v415; // [rsp-A446h] [rbp-A456h]
unsigned int v416; // [rsp-A444h] [rbp-A454h] BYREF
__int64 **v417; // [rsp-A440h] [rbp-A450h]
unsigned int v418; // [rsp-A438h] [rbp-A448h]
int v419; // [rsp-A434h] [rbp-A444h]
__int64 v420; // [rsp-A430h] [rbp-A440h]
unsigned int v421; // [rsp-A428h] [rbp-A438h]
unsigned int v422; // [rsp-A424h] [rbp-A434h]
int v423; // [rsp-A420h] [rbp-A430h]
int v424; // [rsp-A41Ch] [rbp-A42Ch]
int v425; // [rsp-A418h] [rbp-A428h]
int v426; // [rsp-A414h] [rbp-A424h]
int v427; // [rsp-A410h] [rbp-A420h]
unsigned int v428; // [rsp-A40Ch] [rbp-A41Ch]
__int64 v429; // [rsp-A408h] [rbp-A418h] BYREF
__int64 (__fastcall *GetWindowLongA)(__int64, __int64); // [rsp-A400h] [rbp-A410h]
__int64 memcpy_1; // [rsp-A3F8h] [rbp-A408h]
char *i22; // [rsp-A3F0h] [rbp-A400h]
unsigned __int64 i21; // [rsp-A3E8h] [rbp-A3F8h]
__int64 IsBadReadPtr; // [rsp-A3E0h] [rbp-A3F0h]
__int64 v435; // [rsp-A3D8h] [rbp-A3E8h]
unsigned int *v436; // [rsp-A3D0h] [rbp-A3E0h]
unsigned int *i113; // [rsp-A3C8h] [rbp-A3D8h]
__int64 (__fastcall *v438)(char *); // [rsp-A3C0h] [rbp-A3D0h] BYREF
unsigned __int8 *v439; // [rsp-A3B8h] [rbp-A3C8h]
__int64 n; // [rsp-A3B0h] [rbp-A3C0h]
__int64 m; // [rsp-A3A8h] [rbp-A3B8h]
__int64 v442; // [rsp-A3A0h] [rbp-A3B0h]
__int64 v443; // [rsp-A398h] [rbp-A3A8h]
__int64 v444; // [rsp-A390h] [rbp-A3A0h]
__int64 v445; // [rsp-A388h] [rbp-A398h]
__int64 v446; // [rsp-A380h] [rbp-A390h]
__int64 v447; // [rsp-A378h] [rbp-A388h]
char v448; // [rsp-A370h] [rbp-A380h]
char v449; // [rsp-A36Fh] [rbp-A37Fh]
__int16 v450; // [rsp-A36Eh] [rbp-A37Eh]
int v451; // [rsp-A36Ch] [rbp-A37Ch]
int (__fastcall *NtProtectVirtualMemory)(__int64, _BYTE **, __int64 *, __int64, unsigned int *); // [rsp-A368h] [rbp-A378h]
__int64 v453; // [rsp-A360h] [rbp-A370h]
__int64 v454; // [rsp-A358h] [rbp-A368h]
__int64 v455; // [rsp-A350h] [rbp-A360h]
int v456; // [rsp-A348h] [rbp-A358h]
int v457; // [rsp-A344h] [rbp-A354h]
int v458; // [rsp-A340h] [rbp-A350h]
int v459; // [rsp-A33Ch] [rbp-A34Ch]
int v460; // [rsp-A338h] [rbp-A348h]
int v461; // [rsp-A334h] [rbp-A344h]
int v462; // [rsp-A330h] [rbp-A340h]
unsigned int v463; // [rsp-A32Ch] [rbp-A33Ch]
BOOL v464; // [rsp-A328h] [rbp-A338h]
int v465; // [rsp-A324h] [rbp-A334h]
unsigned int v466; // [rsp-A320h] [rbp-A330h] BYREF
unsigned int v467; // [rsp-A31Ch] [rbp-A32Ch] BYREF
int v468; // [rsp-A318h] [rbp-A328h]
int v469; // [rsp-A314h] [rbp-A324h]
unsigned int v470; // [rsp-A310h] [rbp-A320h] BYREF
int v471; // [rsp-A30Ch] [rbp-A31Ch]
int v472; // [rsp-A308h] [rbp-A318h]
BOOL v473; // [rsp-A304h] [rbp-A314h]
int v474; // [rsp-A300h] [rbp-A310h]
int v475; // [rsp-A2FCh] [rbp-A30Ch]
BOOL v476; // [rsp-A2F8h] [rbp-A308h]
__int64 (__fastcall *realloc)(unsigned int *, _QWORD); // [rsp-A2F0h] [rbp-A300h]
__int64 v478; // [rsp-A2E8h] [rbp-A2F8h]
__int64 (__fastcall *CreateFileA)(char *, __int64, __int64, _QWORD, __int64, __int64, _QWORD); // [rsp-A2E0h] [rbp-A2F0h]
BOOL v480; // [rsp-A2D8h] [rbp-A2E8h]
int v481; // [rsp-A2D4h] [rbp-A2E4h]
int v482; // [rsp-A2D0h] [rbp-A2E0h]
BOOL v483; // [rsp-A2CCh] [rbp-A2DCh]
int v484; // [rsp-A2C8h] [rbp-A2D8h]
int v485; // [rsp-A2C4h] [rbp-A2D4h]
int v486; // [rsp-A2C0h] [rbp-A2D0h]
int v487; // [rsp-A2BCh] [rbp-A2CCh]
int v488; // [rsp-A2B8h] [rbp-A2C8h]
BOOL v489; // [rsp-A2B4h] [rbp-A2C4h]
int v490; // [rsp-A2B0h] [rbp-A2C0h]
BOOL v491; // [rsp-A2ACh] [rbp-A2BCh]
int v492; // [rsp-A2A8h] [rbp-A2B8h]
int v493; // [rsp-A2A4h] [rbp-A2B4h]
BOOL v494; // [rsp-A2A0h] [rbp-A2B0h]
BOOL v495; // [rsp-A29Ch] [rbp-A2ACh]
BOOL v496; // [rsp-A298h] [rbp-A2A8h]
int v497; // [rsp-A294h] [rbp-A2A4h]
BOOL v498; // [rsp-A290h] [rbp-A2A0h]
BOOL v499; // [rsp-A28Ch] [rbp-A29Ch]
int v500; // [rsp-A288h] [rbp-A298h]
int v501; // [rsp-A284h] [rbp-A294h]
BOOL v502; // [rsp-A280h] [rbp-A290h]
int v503; // [rsp-A27Ch] [rbp-A28Ch]
int v504; // [rsp-A278h] [rbp-A288h]
int v505; // [rsp-A274h] [rbp-A284h]
int v506; // [rsp-A270h] [rbp-A280h]
int v507; // [rsp-A26Ch] [rbp-A27Ch]
int v508; // [rsp-A268h] [rbp-A278h]
int v509; // [rsp-A264h] [rbp-A274h]
int v510; // [rsp-A260h] [rbp-A270h]
BOOL v511; // [rsp-A25Ch] [rbp-A26Ch]
int v512; // [rsp-A258h] [rbp-A268h]
__int64 ii; // [rsp-A250h] [rbp-A260h]
unsigned __int8 *i2; // [rsp-A248h] [rbp-A258h]
unsigned __int64 i23; // [rsp-A240h] [rbp-A250h]
__int64 v516; // [rsp-A238h] [rbp-A248h] BYREF
__int64 i58; // [rsp-A230h] [rbp-A240h]
__int64 v518; // [rsp-A228h] [rbp-A238h]
__int64 v519; // [rsp-A220h] [rbp-A230h] BYREF
__int64 v520; // [rsp-A218h] [rbp-A228h] BYREF
__int64 v521; // [rsp-A210h] [rbp-A220h]
unsigned int v522; // [rsp-A208h] [rbp-A218h]
void (__fastcall *Sleep)(__int64); // [rsp-A200h] [rbp-A210h]
__int64 v524; // [rsp-A1F8h] [rbp-A208h]
unsigned __int64 v525; // [rsp-A1F0h] [rbp-A200h] BYREF
unsigned __int64 v526; // [rsp-A1D8h] [rbp-A1E8h]
int v527; // [rsp-A1D0h] [rbp-A1E0h]
int v528; // [rsp-A1CCh] [rbp-A1DCh]
int v529; // [rsp-A1C8h] [rbp-A1D8h]
char v530; // [rsp-A1C0h] [rbp-A1D0h]
char v531; // [rsp-A1BFh] [rbp-A1CFh]
int v532; // [rsp-A1BEh] [rbp-A1CEh]
char v533; // [rsp-A1B8h] [rbp-A1C8h]
char v534; // [rsp-A1B7h] [rbp-A1C7h]
unsigned int v535; // [rsp-A1B6h] [rbp-A1C6h]
char v536; // [rsp-A1B0h] [rbp-A1C0h]
char v537; // [rsp-A1AFh] [rbp-A1BFh]
int v538; // [rsp-A1AEh] [rbp-A1BEh]
char v539; // [rsp-A1A8h] [rbp-A1B8h]
char v540; // [rsp-A1A7h] [rbp-A1B7h]
int v541; // [rsp-A1A6h] [rbp-A1B6h]
char v542; // [rsp-A1A0h] [rbp-A1B0h]
char v543; // [rsp-A19Fh] [rbp-A1AFh]
int v544; // [rsp-A19Eh] [rbp-A1AEh]
char v545; // [rsp-A198h] [rbp-A1A8h]
char v546; // [rsp-A197h] [rbp-A1A7h]
int v547; // [rsp-A196h] [rbp-A1A6h]
char v548; // [rsp-A190h] [rbp-A1A0h]
char v549; // [rsp-A18Fh] [rbp-A19Fh]
int v550; // [rsp-A18Eh] [rbp-A19Eh]
char v551; // [rsp-A188h] [rbp-A198h]
char v552; // [rsp-A187h] [rbp-A197h]
int v553; // [rsp-A186h] [rbp-A196h]
__int64 v554; // [rsp-A180h] [rbp-A190h] BYREF
__int64 v555; // [rsp-A178h] [rbp-A188h]
unsigned __int64 v556; // [rsp-A170h] [rbp-A180h]
__int64 v557; // [rsp-A168h] [rbp-A178h]
__int64 v558; // [rsp-A160h] [rbp-A170h]
char v559; // [rsp-A158h] [rbp-A168h]
char v560; // [rsp-A157h] [rbp-A167h]
__int16 v561; // [rsp-A156h] [rbp-A166h]
int v562; // [rsp-A154h] [rbp-A164h]
unsigned int (__fastcall *QueryFullProcessImageNameW)(__int64, _QWORD, _BYTE *, unsigned int *); // [rsp-A150h] [rbp-A160h]
__int64 (*GetCurrentProcess)(void); // [rsp-A148h] [rbp-A158h]
unsigned int (__fastcall *GetFileAttributesExW)(_BYTE *, _QWORD, _DWORD *); // [rsp-A140h] [rbp-A150h]
char v566; // [rsp-A138h] [rbp-A148h]
char v567; // [rsp-A137h] [rbp-A147h]
__int16 v568; // [rsp-A136h] [rbp-A146h]
int v569; // [rsp-A134h] [rbp-A144h]
char v570; // [rsp-A130h] [rbp-A140h]
char v571; // [rsp-A12Fh] [rbp-A13Fh]
__int16 v572; // [rsp-A12Eh] [rbp-A13Eh]
int v573; // [rsp-A12Ch] [rbp-A13Ch]
char v574; // [rsp-A128h] [rbp-A138h]
char v575; // [rsp-A127h] [rbp-A137h]
__int16 v576; // [rsp-A126h] [rbp-A136h]
int v577; // [rsp-A124h] [rbp-A134h]
char v578; // [rsp-A120h] [rbp-A130h]
char v579; // [rsp-A11Fh] [rbp-A12Fh]
__int16 v580; // [rsp-A11Eh] [rbp-A12Eh]
int v581; // [rsp-A11Ch] [rbp-A12Ch]
char v582; // [rsp-A118h] [rbp-A128h]
char v583; // [rsp-A117h] [rbp-A127h]
__int16 v584; // [rsp-A116h] [rbp-A126h]
int v585; // [rsp-A114h] [rbp-A124h]
char v586; // [rsp-A110h] [rbp-A120h]
char v587; // [rsp-A10Fh] [rbp-A11Fh]
__int16 v588; // [rsp-A10Eh] [rbp-A11Eh]
int v589; // [rsp-A10Ch] [rbp-A11Ch]
char v590; // [rsp-A108h] [rbp-A118h]
char v591; // [rsp-A107h] [rbp-A117h]
__int16 v592; // [rsp-A106h] [rbp-A116h]
int v593; // [rsp-A104h] [rbp-A114h]
char v594; // [rsp-A100h] [rbp-A110h]
char v595; // [rsp-A0FFh] [rbp-A10Fh]
__int16 v596; // [rsp-A0FEh] [rbp-A10Eh]
int v597; // [rsp-A0FCh] [rbp-A10Ch]
unsigned int *v598; // [rsp-A0F8h] [rbp-A108h]
char v599; // [rsp-A0F0h] [rbp-A100h]
char v600; // [rsp-A0EFh] [rbp-A0FFh]
__int16 v601; // [rsp-A0EEh] [rbp-A0FEh]
int v602; // [rsp-A0ECh] [rbp-A0FCh]
char v603; // [rsp-A0E8h] [rbp-A0F8h]
char v604; // [rsp-A0E7h] [rbp-A0F7h]
__int16 v605; // [rsp-A0E6h] [rbp-A0F6h]
int v606; // [rsp-A0E4h] [rbp-A0F4h]
char v607; // [rsp-A0E0h] [rbp-A0F0h]
char v608; // [rsp-A0DFh] [rbp-A0EFh]
__int16 v609; // [rsp-A0DEh] [rbp-A0EEh]
int v610; // [rsp-A0DCh] [rbp-A0ECh]
__int64 v611; // [rsp-A0D8h] [rbp-A0E8h]
char v612; // [rsp-A0D0h] [rbp-A0E0h]
char v613; // [rsp-A0CFh] [rbp-A0DFh]
__int16 v614; // [rsp-A0CEh] [rbp-A0DEh]
int v615; // [rsp-A0CCh] [rbp-A0DCh]
char v616; // [rsp-A0C8h] [rbp-A0D8h]
char v617; // [rsp-A0C7h] [rbp-A0D7h]
__int16 v618; // [rsp-A0C6h] [rbp-A0D6h]
int v619; // [rsp-A0C4h] [rbp-A0D4h]
__int64 v620; // [rsp-A0C0h] [rbp-A0D0h]
__int64 (__fastcall *GetWindowTextA)(__int64, int *, __int64); // [rsp-A0B8h] [rbp-A0C8h]
__int64 v622; // [rsp-A0B0h] [rbp-A0C0h]
__int64 v623; // [rsp-A0A8h] [rbp-A0B8h]
char v624; // [rsp-A098h] [rbp-A0A8h]
char v625; // [rsp-A097h] [rbp-A0A7h]
__int16 v626; // [rsp-A096h] [rbp-A0A6h]
int v627; // [rsp-A094h] [rbp-A0A4h]
char v628; // [rsp-A090h] [rbp-A0A0h]
char v629; // [rsp-A08Fh] [rbp-A09Fh]
__int16 v630; // [rsp-A08Eh] [rbp-A09Eh]
int v631; // [rsp-A08Ch] [rbp-A09Ch]
__int64 i18; // [rsp-A088h] [rbp-A098h]
__int64 v633; // [rsp-A080h] [rbp-A090h] BYREF
_QWORD v634[2]; // [rsp-A078h] [rbp-A088h] BYREF
_WORD v635[2]; // [rsp-A068h] [rbp-A078h] BYREF
int v636; // [rsp-A064h] [rbp-A074h]
_QWORD v637[4]; // [rsp-A060h] [rbp-A070h] BYREF
__int16 v638; // [rsp-A040h] [rbp-A050h]
int v639; // [rsp-A03Ch] [rbp-A04Ch]
_BYTE v640[32]; // [rsp-A038h] [rbp-A048h] BYREF
__int16 v641; // [rsp-A018h] [rbp-A028h]
int v642; // [rsp-A014h] [rbp-A024h]
char v643; // [rsp-A010h] [rbp-A020h]
char v644; // [rsp-A00Fh] [rbp-A01Fh]
char v645; // [rsp-A00Eh] [rbp-A01Eh]
char v646; // [rsp-A00Dh] [rbp-A01Dh]
char v647; // [rsp-A00Ch] [rbp-A01Ch]
char v648; // [rsp-A00Bh] [rbp-A01Bh]
char v649; // [rsp-A00Ah] [rbp-A01Ah]
char v650; // [rsp-A009h] [rbp-A019h]
char v651; // [rsp-A008h] [rbp-A018h]
char v652; // [rsp-A007h] [rbp-A017h]
char v653; // [rsp-A006h] [rbp-A016h]
char v654; // [rsp-A005h] [rbp-A015h]
char v655; // [rsp-A004h] [rbp-A014h]
char v656; // [rsp-A003h] [rbp-A013h]
char v657; // [rsp-A002h] [rbp-A012h]
char v658; // [rsp-A001h] [rbp-A011h]
char v659; // [rsp-A000h] [rbp-A010h]
char v660; // [rsp-9FFFh] [rbp-A00Fh]
char v661; // [rsp-9FFEh] [rbp-A00Eh]
char v662; // [rsp-9FFDh] [rbp-A00Dh]
char v663; // [rsp-9FFCh] [rbp-A00Ch]
char v664; // [rsp-9FFBh] [rbp-A00Bh]
_BYTE v665[10]; // [rsp-9FFAh] [rbp-A00Ah] BYREF
__int16 v666; // [rsp-9FF0h] [rbp-A000h]
int v667; // [rsp-9FECh] [rbp-9FFCh]
char v668; // [rsp-9FE8h] [rbp-9FF8h]
char v669; // [rsp-9FE7h] [rbp-9FF7h]
char v670; // [rsp-9FE6h] [rbp-9FF6h]
char v671; // [rsp-9FE5h] [rbp-9FF5h]
char v672[8]; // [rsp-9FE4h] [rbp-9FF4h] BYREF
char v673[12]; // [rsp-9FDCh] [rbp-9FECh] BYREF
char v674[8]; // [rsp-9FD0h] [rbp-9FE0h] BYREF
__int16 v675; // [rsp-9FC8h] [rbp-9FD8h]
int v676; // [rsp-9FC4h] [rbp-9FD4h]
char v677[32]; // [rsp-9FC0h] [rbp-9FD0h] BYREF
__int16 v678; // [rsp-9FA0h] [rbp-9FB0h]
int v679; // [rsp-9F9Ch] [rbp-9FACh]
char v680; // [rsp-9F98h] [rbp-9FA8h]
char v681; // [rsp-9F97h] [rbp-9FA7h]
char v682; // [rsp-9F96h] [rbp-9FA6h]
char v683; // [rsp-9F95h] [rbp-9FA5h]
char v684; // [rsp-9F94h] [rbp-9FA4h]
char v685; // [rsp-9F93h] [rbp-9FA3h]
char v686; // [rsp-9F92h] [rbp-9FA2h]
char v687; // [rsp-9F91h] [rbp-9FA1h]
char v688; // [rsp-9F90h] [rbp-9FA0h]
char v689; // [rsp-9F8Fh] [rbp-9F9Fh]
char v690; // [rsp-9F8Eh] [rbp-9F9Eh]
char v691; // [rsp-9F8Dh] [rbp-9F9Dh]
char v692; // [rsp-9F8Ch] [rbp-9F9Ch]
char v693; // [rsp-9F8Bh] [rbp-9F9Bh]
char v694; // [rsp-9F8Ah] [rbp-9F9Ah]
char v695; // [rsp-9F89h] [rbp-9F99h]
char v696; // [rsp-9F88h] [rbp-9F98h]
char v697; // [rsp-9F87h] [rbp-9F97h]
char v698; // [rsp-9F86h] [rbp-9F96h]
char v699; // [rsp-9F85h] [rbp-9F95h]
char v700; // [rsp-9F84h] [rbp-9F94h]
char v701; // [rsp-9F83h] [rbp-9F93h]
char v702; // [rsp-9F82h] [rbp-9F92h]
char v703; // [rsp-9F81h] [rbp-9F91h]
char v704; // [rsp-9F80h] [rbp-9F90h]
char v705; // [rsp-9F7Fh] [rbp-9F8Fh]
char v706; // [rsp-9F7Eh] [rbp-9F8Eh]
char v707; // [rsp-9F7Dh] [rbp-9F8Dh]
char v708; // [rsp-9F7Ch] [rbp-9F8Ch]
char v709; // [rsp-9F7Bh] [rbp-9F8Bh]
char v710; // [rsp-9F7Ah] [rbp-9F8Ah]
char v711; // [rsp-9F79h] [rbp-9F89h]
__int16 v712; // [rsp-9F78h] [rbp-9F88h]
int v713; // [rsp-9F74h] [rbp-9F84h]
char v714[32]; // [rsp-9F70h] [rbp-9F80h] BYREF
__int16 v715; // [rsp-9F50h] [rbp-9F60h]
int v716; // [rsp-9F4Ch] [rbp-9F5Ch]
char v717[32]; // [rsp-9F48h] [rbp-9F58h] BYREF
__int16 v718; // [rsp-9F28h] [rbp-9F38h]
int v719; // [rsp-9F24h] [rbp-9F34h]
char v720; // [rsp-9F20h] [rbp-9F30h]
char v721; // [rsp-9F1Fh] [rbp-9F2Fh]
char v722; // [rsp-9F1Eh] [rbp-9F2Eh]
char v723; // [rsp-9F1Dh] [rbp-9F2Dh]
char v724; // [rsp-9F1Ch] [rbp-9F2Ch]
char v725; // [rsp-9F1Bh] [rbp-9F2Bh]
char v726; // [rsp-9F1Ah] [rbp-9F2Ah]
char v727; // [rsp-9F19h] [rbp-9F29h]
char v728; // [rsp-9F18h] [rbp-9F28h]
char v729; // [rsp-9F17h] [rbp-9F27h]
char v730; // [rsp-9F16h] [rbp-9F26h]
char v731; // [rsp-9F15h] [rbp-9F25h]
char v732; // [rsp-9F14h] [rbp-9F24h]
char v733; // [rsp-9F13h] [rbp-9F23h]
char v734; // [rsp-9F12h] [rbp-9F22h]
char v735; // [rsp-9F11h] [rbp-9F21h]
char v736; // [rsp-9F10h] [rbp-9F20h]
char v737; // [rsp-9F0Fh] [rbp-9F1Fh]
char v738; // [rsp-9F0Eh] [rbp-9F1Eh]
char v739; // [rsp-9F0Dh] [rbp-9F1Dh]
char v740; // [rsp-9F0Ch] [rbp-9F1Ch]
char v741; // [rsp-9F0Bh] [rbp-9F1Bh]
char v742; // [rsp-9F0Ah] [rbp-9F1Ah]
char v743; // [rsp-9F09h] [rbp-9F19h]
char v744; // [rsp-9F08h] [rbp-9F18h]
char v745; // [rsp-9F07h] [rbp-9F17h]
char v746; // [rsp-9F06h] [rbp-9F16h]
char v747; // [rsp-9F05h] [rbp-9F15h]
char v748; // [rsp-9F04h] [rbp-9F14h]
char v749; // [rsp-9F03h] [rbp-9F13h]
char v750; // [rsp-9F02h] [rbp-9F12h]
char v751; // [rsp-9F01h] [rbp-9F11h]
__int16 v752; // [rsp-9F00h] [rbp-9F10h]
int v753; // [rsp-9EFCh] [rbp-9F0Ch]
char v754; // [rsp-9EF8h] [rbp-9F08h]
char v755; // [rsp-9EF7h] [rbp-9F07h]
char v756; // [rsp-9EF6h] [rbp-9F06h]
char v757; // [rsp-9EF5h] [rbp-9F05h]
char v758; // [rsp-9EF4h] [rbp-9F04h]
char v759; // [rsp-9EF3h] [rbp-9F03h]
char v760; // [rsp-9EF2h] [rbp-9F02h]
char v761; // [rsp-9EF1h] [rbp-9F01h]
char v762; // [rsp-9EF0h] [rbp-9F00h]
char v763; // [rsp-9EEFh] [rbp-9EFFh]
char v764; // [rsp-9EEEh] [rbp-9EFEh]
char v765; // [rsp-9EEDh] [rbp-9EFDh]
char v766; // [rsp-9EECh] [rbp-9EFCh]
char v767; // [rsp-9EEBh] [rbp-9EFBh]
char v768; // [rsp-9EEAh] [rbp-9EFAh]
char v769; // [rsp-9EE9h] [rbp-9EF9h]
char v770; // [rsp-9EE8h] [rbp-9EF8h]
char v771; // [rsp-9EE7h] [rbp-9EF7h]
char v772; // [rsp-9EE6h] [rbp-9EF6h]
char v773; // [rsp-9EE5h] [rbp-9EF5h]
char v774; // [rsp-9EE4h] [rbp-9EF4h]
char v775; // [rsp-9EE3h] [rbp-9EF3h]
char v776; // [rsp-9EE2h] [rbp-9EF2h]
char v777; // [rsp-9EE1h] [rbp-9EF1h]
char v778; // [rsp-9EE0h] [rbp-9EF0h]
char v779; // [rsp-9EDFh] [rbp-9EEFh]
char v780; // [rsp-9EDEh] [rbp-9EEEh]
char v781; // [rsp-9EDDh] [rbp-9EEDh]
char v782; // [rsp-9EDCh] [rbp-9EECh]
char v783; // [rsp-9EDBh] [rbp-9EEBh]
char v784; // [rsp-9EDAh] [rbp-9EEAh]
char v785; // [rsp-9ED9h] [rbp-9EE9h]
__int16 v786; // [rsp-9ED8h] [rbp-9EE8h]
int v787; // [rsp-9ED4h] [rbp-9EE4h]
char v788; // [rsp-9ED0h] [rbp-9EE0h]
char v789; // [rsp-9ECFh] [rbp-9EDFh]
char v790; // [rsp-9ECEh] [rbp-9EDEh]
char v791; // [rsp-9ECDh] [rbp-9EDDh]
char v792; // [rsp-9ECCh] [rbp-9EDCh]
char v793; // [rsp-9ECBh] [rbp-9EDBh]
char v794; // [rsp-9ECAh] [rbp-9EDAh]
char v795; // [rsp-9EC9h] [rbp-9ED9h]
char v796; // [rsp-9EC8h] [rbp-9ED8h]
char v797; // [rsp-9EC7h] [rbp-9ED7h]
char v798; // [rsp-9EC6h] [rbp-9ED6h]
char v799; // [rsp-9EC5h] [rbp-9ED5h]
char v800; // [rsp-9EC4h] [rbp-9ED4h]
char v801; // [rsp-9EC3h] [rbp-9ED3h]
char v802; // [rsp-9EC2h] [rbp-9ED2h]
char v803; // [rsp-9EC1h] [rbp-9ED1h]
_BYTE v804[16]; // [rsp-9EC0h] [rbp-9ED0h] BYREF
__int16 v805; // [rsp-9EB0h] [rbp-9EC0h]
int v806; // [rsp-9EACh] [rbp-9EBCh]
char v807; // [rsp-9EA8h] [rbp-9EB8h]
char v808; // [rsp-9EA7h] [rbp-9EB7h]
char v809; // [rsp-9EA6h] [rbp-9EB6h]
char v810; // [rsp-9EA5h] [rbp-9EB5h]
char v811; // [rsp-9EA4h] [rbp-9EB4h]
char v812; // [rsp-9EA3h] [rbp-9EB3h]
char v813; // [rsp-9EA2h] [rbp-9EB2h]
char v814; // [rsp-9EA1h] [rbp-9EB1h]
char v815; // [rsp-9EA0h] [rbp-9EB0h]
char v816; // [rsp-9E9Fh] [rbp-9EAFh]
char v817; // [rsp-9E9Eh] [rbp-9EAEh]
char v818; // [rsp-9E9Dh] [rbp-9EADh]
char v819; // [rsp-9E9Ch] [rbp-9EACh]
char v820; // [rsp-9E9Bh] [rbp-9EABh]
char v821; // [rsp-9E9Ah] [rbp-9EAAh]
char v822; // [rsp-9E99h] [rbp-9EA9h]
char v823; // [rsp-9E98h] [rbp-9EA8h]
char v824; // [rsp-9E97h] [rbp-9EA7h]
char v825; // [rsp-9E96h] [rbp-9EA6h]
char v826; // [rsp-9E95h] [rbp-9EA5h]
_BYTE v827[12]; // [rsp-9E94h] [rbp-9EA4h] BYREF
__int16 v828; // [rsp-9E88h] [rbp-9E98h]
int v829; // [rsp-9E84h] [rbp-9E94h]
char v830[32]; // [rsp-9E80h] [rbp-9E90h] BYREF
__int16 v831; // [rsp-9E60h] [rbp-9E70h]
int v832; // [rsp-9E5Ch] [rbp-9E6Ch]
char v833; // [rsp-9E58h] [rbp-9E68h]
char v834; // [rsp-9E57h] [rbp-9E67h]
char v835; // [rsp-9E56h] [rbp-9E66h]
char v836; // [rsp-9E55h] [rbp-9E65h]
char v837; // [rsp-9E54h] [rbp-9E64h]
char v838; // [rsp-9E53h] [rbp-9E63h]
char v839; // [rsp-9E52h] [rbp-9E62h]
char v840; // [rsp-9E51h] [rbp-9E61h]
char v841; // [rsp-9E50h] [rbp-9E60h]
char v842; // [rsp-9E4Fh] [rbp-9E5Fh]
char v843; // [rsp-9E4Eh] [rbp-9E5Eh]
char v844; // [rsp-9E4Dh] [rbp-9E5Dh]
char v845; // [rsp-9E4Ch] [rbp-9E5Ch]
char v846; // [rsp-9E4Bh] [rbp-9E5Bh]
_BYTE v847[18]; // [rsp-9E4Ah] [rbp-9E5Ah] BYREF
__int16 v848; // [rsp-9E38h] [rbp-9E48h]
int v849; // [rsp-9E34h] [rbp-9E44h]
char v850; // [rsp-9E30h] [rbp-9E40h]
char v851; // [rsp-9E2Fh] [rbp-9E3Fh]
char v852; // [rsp-9E2Eh] [rbp-9E3Eh]
char v853; // [rsp-9E2Dh] [rbp-9E3Dh]
char v854; // [rsp-9E2Ch] [rbp-9E3Ch]
char v855; // [rsp-9E2Bh] [rbp-9E3Bh]
char v856; // [rsp-9E2Ah] [rbp-9E3Ah]
char v857; // [rsp-9E29h] [rbp-9E39h]
char v858; // [rsp-9E28h] [rbp-9E38h]
char v859; // [rsp-9E27h] [rbp-9E37h]
char v860; // [rsp-9E26h] [rbp-9E36h]
char v861; // [rsp-9E25h] [rbp-9E35h]
char v862; // [rsp-9E24h] [rbp-9E34h]
char v863; // [rsp-9E23h] [rbp-9E33h]
char v864; // [rsp-9E22h] [rbp-9E32h]
char v865; // [rsp-9E21h] [rbp-9E31h]
char v866; // [rsp-9E20h] [rbp-9E30h]
char v867; // [rsp-9E1Fh] [rbp-9E2Fh]
char v868; // [rsp-9E1Eh] [rbp-9E2Eh]
char v869; // [rsp-9E1Dh] [rbp-9E2Dh]
char v870; // [rsp-9E1Ch] [rbp-9E2Ch]
char v871; // [rsp-9E1Bh] [rbp-9E2Bh]
char v872; // [rsp-9E1Ah] [rbp-9E2Ah]
char v873; // [rsp-9E19h] [rbp-9E29h]
char v874; // [rsp-9E18h] [rbp-9E28h]
char v875; // [rsp-9E17h] [rbp-9E27h]
char v876; // [rsp-9E16h] [rbp-9E26h]
char v877; // [rsp-9E15h] [rbp-9E25h]
char v878; // [rsp-9E14h] [rbp-9E24h]
char v879; // [rsp-9E13h] [rbp-9E23h]
char v880; // [rsp-9E12h] [rbp-9E22h]
char v881; // [rsp-9E11h] [rbp-9E21h]
__int16 v882; // [rsp-9E10h] [rbp-9E20h]
int v883; // [rsp-9E0Ch] [rbp-9E1Ch]
char v884; // [rsp-9E08h] [rbp-9E18h]
char v885; // [rsp-9E07h] [rbp-9E17h]
_BYTE v886[30]; // [rsp-9E06h] [rbp-9E16h] BYREF
__int16 v887; // [rsp-9DE8h] [rbp-9DF8h]
int v888; // [rsp-9DE4h] [rbp-9DF4h]
char v889; // [rsp-9DE0h] [rbp-9DF0h]
char v890; // [rsp-9DDFh] [rbp-9DEFh]
_BYTE v891[30]; // [rsp-9DDEh] [rbp-9DEEh] BYREF
__int16 v892; // [rsp-9DC0h] [rbp-9DD0h]
int v893; // [rsp-9DBCh] [rbp-9DCCh]
char v894; // [rsp-9DB8h] [rbp-9DC8h]
char v895; // [rsp-9DB7h] [rbp-9DC7h]
_BYTE v896[30]; // [rsp-9DB6h] [rbp-9DC6h] BYREF
__int16 v897; // [rsp-9D98h] [rbp-9DA8h]
int v898; // [rsp-9D94h] [rbp-9DA4h]
char v899[32]; // [rsp-9D90h] [rbp-9DA0h] BYREF
__int16 v900; // [rsp-9D70h] [rbp-9D80h]
int v901; // [rsp-9D6Ch] [rbp-9D7Ch]
char v902[32]; // [rsp-9D68h] [rbp-9D78h] BYREF
__int16 v903; // [rsp-9D48h] [rbp-9D58h]
int v904; // [rsp-9D44h] [rbp-9D54h]
char v905[32]; // [rsp-9D40h] [rbp-9D50h] BYREF
__int16 v906; // [rsp-9D20h] [rbp-9D30h]
int v907; // [rsp-9D1Ch] [rbp-9D2Ch]
char v908; // [rsp-9D18h] [rbp-9D28h]
char v909; // [rsp-9D17h] [rbp-9D27h]
char v910[30]; // [rsp-9D16h] [rbp-9D26h] BYREF
__int16 v911; // [rsp-9CF8h] [rbp-9D08h]
int v912; // [rsp-9CF4h] [rbp-9D04h]
char v913; // [rsp-9CF0h] [rbp-9D00h]
char v914; // [rsp-9CEFh] [rbp-9CFFh]
char v915; // [rsp-9CEEh] [rbp-9CFEh]
char v916; // [rsp-9CEDh] [rbp-9CFDh]
char v917; // [rsp-9CECh] [rbp-9CFCh]
char v918; // [rsp-9CEBh] [rbp-9CFBh]
char v919; // [rsp-9CEAh] [rbp-9CFAh]
char v920; // [rsp-9CE9h] [rbp-9CF9h]
char v921; // [rsp-9CE8h] [rbp-9CF8h]
char v922[23]; // [rsp-9CE7h] [rbp-9CF7h] BYREF
__int16 v923; // [rsp-9CD0h] [rbp-9CE0h]
int v924; // [rsp-9CCCh] [rbp-9CDCh]
char v925; // [rsp-9CC8h] [rbp-9CD8h]
char v926; // [rsp-9CC7h] [rbp-9CD7h]
char v927; // [rsp-9CC6h] [rbp-9CD6h]
char v928; // [rsp-9CC5h] [rbp-9CD5h]
char v929; // [rsp-9CC4h] [rbp-9CD4h]
char v930; // [rsp-9CC3h] [rbp-9CD3h]
char v931; // [rsp-9CC2h] [rbp-9CD2h]
char v932; // [rsp-9CC1h] [rbp-9CD1h]
char v933; // [rsp-9CC0h] [rbp-9CD0h]
char v934; // [rsp-9CBFh] [rbp-9CCFh]
char v935; // [rsp-9CBEh] [rbp-9CCEh]
char v936; // [rsp-9CBDh] [rbp-9CCDh]
char v937; // [rsp-9CBCh] [rbp-9CCCh]
char v938; // [rsp-9CBBh] [rbp-9CCBh]
char v939; // [rsp-9CBAh] [rbp-9CCAh]
char v940; // [rsp-9CB9h] [rbp-9CC9h]
char v941; // [rsp-9CB8h] [rbp-9CC8h]
char v942[15]; // [rsp-9CB7h] [rbp-9CC7h] BYREF
__int16 v943; // [rsp-9CA8h] [rbp-9CB8h]
int v944; // [rsp-9CA4h] [rbp-9CB4h]
char v945; // [rsp-9CA0h] [rbp-9CB0h]
char v946; // [rsp-9C9Fh] [rbp-9CAFh]
char v947; // [rsp-9C9Eh] [rbp-9CAEh]
_BYTE v948[29]; // [rsp-9C9Dh] [rbp-9CADh] BYREF
__int16 v949; // [rsp-9C80h] [rbp-9C90h]
int v950; // [rsp-9C7Ch] [rbp-9C8Ch]
char v951[4]; // [rsp-9C78h] [rbp-9C88h] BYREF
char v952[4]; // [rsp-9C74h] [rbp-9C84h] BYREF
char v953[12]; // [rsp-9C70h] [rbp-9C80h] BYREF
char v954[12]; // [rsp-9C64h] [rbp-9C74h] BYREF
__int16 v955; // [rsp-9C58h] [rbp-9C68h]
int v956; // [rsp-9C54h] [rbp-9C64h]
char v957; // [rsp-9C50h] [rbp-9C60h]
char v958; // [rsp-9C4Fh] [rbp-9C5Fh]
char v959; // [rsp-9C4Eh] [rbp-9C5Eh]
char v960; // [rsp-9C4Dh] [rbp-9C5Dh]
char v961; // [rsp-9C4Ch] [rbp-9C5Ch]
char v962; // [rsp-9C4Bh] [rbp-9C5Bh]
char v963; // [rsp-9C4Ah] [rbp-9C5Ah]
char v964; // [rsp-9C49h] [rbp-9C59h]
char v965; // [rsp-9C48h] [rbp-9C58h]
char v966; // [rsp-9C47h] [rbp-9C57h]
char v967; // [rsp-9C46h] [rbp-9C56h]
char v968; // [rsp-9C45h] [rbp-9C55h]
char v969; // [rsp-9C44h] [rbp-9C54h]
char v970; // [rsp-9C43h] [rbp-9C53h]
char v971; // [rsp-9C42h] [rbp-9C52h]
char v972; // [rsp-9C41h] [rbp-9C51h]
char v973; // [rsp-9C40h] [rbp-9C50h]
char v974; // [rsp-9C3Fh] [rbp-9C4Fh]
char v975; // [rsp-9C3Eh] [rbp-9C4Eh]
char v976; // [rsp-9C3Dh] [rbp-9C4Dh]
char v977; // [rsp-9C3Ch] [rbp-9C4Ch]
char v978; // [rsp-9C3Bh] [rbp-9C4Bh]
char v979; // [rsp-9C3Ah] [rbp-9C4Ah]
char v980; // [rsp-9C39h] [rbp-9C49h]
char v981; // [rsp-9C38h] [rbp-9C48h]
char v982; // [rsp-9C37h] [rbp-9C47h]
char v983; // [rsp-9C36h] [rbp-9C46h]
char v984; // [rsp-9C35h] [rbp-9C45h]
char v985; // [rsp-9C34h] [rbp-9C44h]
char v986; // [rsp-9C33h] [rbp-9C43h]
char v987; // [rsp-9C32h] [rbp-9C42h]
char v988; // [rsp-9C31h] [rbp-9C41h]
__int16 v989; // [rsp-9C30h] [rbp-9C40h]
int v990; // [rsp-9C2Ch] [rbp-9C3Ch]
char v991; // [rsp-9C28h] [rbp-9C38h]
char v992; // [rsp-9C27h] [rbp-9C37h]
char v993; // [rsp-9C26h] [rbp-9C36h]
char v994; // [rsp-9C25h] [rbp-9C35h]
char v995; // [rsp-9C24h] [rbp-9C34h]
char v996; // [rsp-9C23h] [rbp-9C33h]
char v997; // [rsp-9C22h] [rbp-9C32h]
char v998; // [rsp-9C21h] [rbp-9C31h]
char v999; // [rsp-9C20h] [rbp-9C30h]
char v1000; // [rsp-9C1Fh] [rbp-9C2Fh]
char v1001; // [rsp-9C1Eh] [rbp-9C2Eh]
char v1002; // [rsp-9C1Dh] [rbp-9C2Dh]
char v1003; // [rsp-9C1Ch] [rbp-9C2Ch]
char v1004; // [rsp-9C1Bh] [rbp-9C2Bh]
char v1005; // [rsp-9C1Ah] [rbp-9C2Ah]
char v1006; // [rsp-9C19h] [rbp-9C29h]
char v1007; // [rsp-9C18h] [rbp-9C28h]
char v1008; // [rsp-9C17h] [rbp-9C27h]
char v1009; // [rsp-9C16h] [rbp-9C26h]
char v1010; // [rsp-9C15h] [rbp-9C25h]
char v1011; // [rsp-9C14h] [rbp-9C24h]
char v1012; // [rsp-9C13h] [rbp-9C23h]
char v1013; // [rsp-9C12h] [rbp-9C22h]
char v1014; // [rsp-9C11h] [rbp-9C21h]
char v1015; // [rsp-9C10h] [rbp-9C20h]
char v1016; // [rsp-9C0Fh] [rbp-9C1Fh]
char v1017; // [rsp-9C0Eh] [rbp-9C1Eh]
char v1018; // [rsp-9C0Dh] [rbp-9C1Dh]
char v1019; // [rsp-9C0Ch] [rbp-9C1Ch]
char v1020; // [rsp-9C0Bh] [rbp-9C1Bh]
char v1021; // [rsp-9C0Ah] [rbp-9C1Ah]
char v1022; // [rsp-9C09h] [rbp-9C19h]
__int16 v1023; // [rsp-9C08h] [rbp-9C18h]
int v1024; // [rsp-9C04h] [rbp-9C14h]
char v1025; // [rsp-9C00h] [rbp-9C10h]
char v1026; // [rsp-9BFFh] [rbp-9C0Fh]
char v1027; // [rsp-9BFEh] [rbp-9C0Eh]
char v1028; // [rsp-9BFDh] [rbp-9C0Dh]
char v1029; // [rsp-9BFCh] [rbp-9C0Ch]
char v1030; // [rsp-9BFBh] [rbp-9C0Bh]
char v1031; // [rsp-9BFAh] [rbp-9C0Ah]
char v1032; // [rsp-9BF9h] [rbp-9C09h]
char v1033; // [rsp-9BF8h] [rbp-9C08h]
char v1034; // [rsp-9BF7h] [rbp-9C07h]
char v1035; // [rsp-9BF6h] [rbp-9C06h]
char v1036; // [rsp-9BF5h] [rbp-9C05h]
char v1037; // [rsp-9BF4h] [rbp-9C04h]
char v1038; // [rsp-9BF3h] [rbp-9C03h]
char v1039; // [rsp-9BF2h] [rbp-9C02h]
char v1040; // [rsp-9BF1h] [rbp-9C01h]
char v1041; // [rsp-9BF0h] [rbp-9C00h]
_BYTE v1042[15]; // [rsp-9BEFh] [rbp-9BFFh] BYREF
__int64 v1043; // [rsp-9BD8h] [rbp-9BE8h] BYREF
unsigned __int16 v1044; // [rsp-9BD0h] [rbp-9BE0h]
__int16 v1045; // [rsp-9BCEh] [rbp-9BDEh]
__int64 *v1046; // [rsp-9BC8h] [rbp-9BD8h]
_WORD v1047[8]; // [rsp-9BC0h] [rbp-9BD0h] BYREF
_DWORD v1048[6]; // [rsp-9BB0h] [rbp-9BC0h] BYREF
_WORD v1049[22]; // [rsp-9B98h] [rbp-9BA8h] BYREF
unsigned __int16 v1050; // [rsp-9B6Ch] [rbp-9B7Ch]
__int16 v1051; // [rsp-9B6Ah] [rbp-9B7Ah]
__int16 v1052; // [rsp-9B68h] [rbp-9B78h]
__int16 v1053; // [rsp-9B66h] [rbp-9B76h]
__int16 v1054; // [rsp-9B64h] [rbp-9B74h]
__int16 v1055; // [rsp-9B62h] [rbp-9B72h]
__int16 v1056; // [rsp-9B60h] [rbp-9B70h]
__int16 v1057; // [rsp-9B5Eh] [rbp-9B6Eh]
__int16 v1058; // [rsp-9B5Ch] [rbp-9B6Ch]
__int16 v1059; // [rsp-9B5Ah] [rbp-9B6Ah]
__int16 v1060; // [rsp-9B58h] [rbp-9B68h]
__int16 v1061; // [rsp-9B56h] [rbp-9B66h]
__int16 v1062; // [rsp-9B54h] [rbp-9B64h]
__int16 v1063; // [rsp-9B52h] [rbp-9B62h]
__int16 v1064; // [rsp-9B50h] [rbp-9B60h]
__int16 v1065; // [rsp-9B4Eh] [rbp-9B5Eh]
__int16 v1066; // [rsp-9B4Ch] [rbp-9B5Ch]
__int16 v1067; // [rsp-9B4Ah] [rbp-9B5Ah]
__int16 v1068; // [rsp-9B48h] [rbp-9B58h]
__int16 v1069; // [rsp-9B46h] [rbp-9B56h]
__int16 v1070; // [rsp-9B44h] [rbp-9B54h]
__int16 v1071; // [rsp-9B42h] [rbp-9B52h]
__int16 v1072; // [rsp-9B40h] [rbp-9B50h]
__int16 v1073; // [rsp-9B3Eh] [rbp-9B4Eh]
__int16 v1074; // [rsp-9B3Ch] [rbp-9B4Ch]
__int16 v1075; // [rsp-9B3Ah] [rbp-9B4Ah]
__int16 v1076; // [rsp-9B38h] [rbp-9B48h]
__int16 v1077; // [rsp-9B36h] [rbp-9B46h]
__int16 v1078; // [rsp-9B34h] [rbp-9B44h]
__int16 v1079; // [rsp-9B32h] [rbp-9B42h]
__int16 v1080; // [rsp-9B30h] [rbp-9B40h]
__int16 v1081; // [rsp-9B2Eh] [rbp-9B3Eh]
__int16 v1082; // [rsp-9B2Ch] [rbp-9B3Ch]
__int16 v1083; // [rsp-9B2Ah] [rbp-9B3Ah]
int v1084; // [rsp-9B28h] [rbp-9B38h] BYREF
char v1085; // [rsp-9B24h] [rbp-9B34h]
char v1086; // [rsp-9B23h] [rbp-9B33h]
char v1087; // [rsp-9B22h] [rbp-9B32h]
char v1088; // [rsp-9B21h] [rbp-9B31h]
char v1089; // [rsp-9B20h] [rbp-9B30h]
char v1090; // [rsp-9B1Fh] [rbp-9B2Fh]
char v1091; // [rsp-9B1Eh] [rbp-9B2Eh]
char v1092; // [rsp-9B1Dh] [rbp-9B2Dh]
_BYTE v1093[16]; // [rsp-9B1Ch] [rbp-9B2Ch] BYREF
int v1094; // [rsp-9B0Ch] [rbp-9B1Ch]
char v1095; // [rsp-9B08h] [rbp-9B18h]
char v1096; // [rsp-9B07h] [rbp-9B17h]
char v1097; // [rsp-9B06h] [rbp-9B16h]
char v1098; // [rsp-9B05h] [rbp-9B15h]
_BYTE v1099[20]; // [rsp-9B04h] [rbp-9B14h] BYREF
int v1100; // [rsp-9AF0h] [rbp-9B00h]
char v1101; // [rsp-9AECh] [rbp-9AFCh]
char v1102; // [rsp-9AEBh] [rbp-9AFBh]
char v1103; // [rsp-9AEAh] [rbp-9AFAh]
char v1104; // [rsp-9AE9h] [rbp-9AF9h]
char v1105; // [rsp-9AE8h] [rbp-9AF8h]
char v1106; // [rsp-9AE7h] [rbp-9AF7h]
char v1107; // [rsp-9AE6h] [rbp-9AF6h]
char v1108; // [rsp-9AE5h] [rbp-9AF5h]
char v1109; // [rsp-9AE4h] [rbp-9AF4h]
char v1110; // [rsp-9AE3h] [rbp-9AF3h]
char v1111; // [rsp-9AE2h] [rbp-9AF2h]
char v1112; // [rsp-9AE1h] [rbp-9AF1h]
char v1113; // [rsp-9AE0h] [rbp-9AF0h]
char v1114; // [rsp-9ADFh] [rbp-9AEFh]
char v1115; // [rsp-9ADEh] [rbp-9AEEh]
char v1116; // [rsp-9ADDh] [rbp-9AEDh]
_BYTE v1117[8]; // [rsp-9ADCh] [rbp-9AECh] BYREF
int v1118; // [rsp-9AD4h] [rbp-9AE4h]
char v1119; // [rsp-9AD0h] [rbp-9AE0h]
char v1120; // [rsp-9ACFh] [rbp-9ADFh]
char v1121; // [rsp-9ACEh] [rbp-9ADEh]
char v1122; // [rsp-9ACDh] [rbp-9ADDh]
char v1123; // [rsp-9ACCh] [rbp-9ADCh]
char v1124; // [rsp-9ACBh] [rbp-9ADBh]
char v1125; // [rsp-9ACAh] [rbp-9ADAh]
char v1126; // [rsp-9AC9h] [rbp-9AD9h]
char v1127; // [rsp-9AC8h] [rbp-9AD8h]
char v1128; // [rsp-9AC7h] [rbp-9AD7h]
char v1129; // [rsp-9AC6h] [rbp-9AD6h]
char v1130; // [rsp-9AC5h] [rbp-9AD5h]
char v1131; // [rsp-9AC4h] [rbp-9AD4h]
char v1132; // [rsp-9AC3h] [rbp-9AD3h]
char v1133; // [rsp-9AC2h] [rbp-9AD2h]
char v1134; // [rsp-9AC1h] [rbp-9AD1h]
char v1135; // [rsp-9AC0h] [rbp-9AD0h]
char v1136; // [rsp-9ABFh] [rbp-9ACFh]
char v1137; // [rsp-9ABEh] [rbp-9ACEh]
char v1138; // [rsp-9ABDh] [rbp-9ACDh]
char v1139; // [rsp-9ABCh] [rbp-9ACCh]
char v1140; // [rsp-9ABBh] [rbp-9ACBh]
char v1141; // [rsp-9ABAh] [rbp-9ACAh]
char v1142; // [rsp-9AB9h] [rbp-9AC9h]
int v1143; // [rsp-9AB8h] [rbp-9AC8h]
char v1144; // [rsp-9AB4h] [rbp-9AC4h]
char v1145; // [rsp-9AB3h] [rbp-9AC3h]
char v1146; // [rsp-9AB2h] [rbp-9AC2h]
char v1147; // [rsp-9AB1h] [rbp-9AC1h]
char v1148; // [rsp-9AB0h] [rbp-9AC0h]
char v1149; // [rsp-9AAFh] [rbp-9ABFh]
char v1150; // [rsp-9AAEh] [rbp-9ABEh]
char v1151; // [rsp-9AADh] [rbp-9ABDh]
char v1152; // [rsp-9AACh] [rbp-9ABCh]
char v1153; // [rsp-9AABh] [rbp-9ABBh]
_BYTE v1154[14]; // [rsp-9AAAh] [rbp-9ABAh] BYREF
int v1155; // [rsp-9A9Ch] [rbp-9AACh]
char v1156; // [rsp-9A98h] [rbp-9AA8h]
char v1157; // [rsp-9A97h] [rbp-9AA7h]
char v1158; // [rsp-9A96h] [rbp-9AA6h]
char v1159; // [rsp-9A95h] [rbp-9AA5h]
char v1160; // [rsp-9A94h] [rbp-9AA4h]
char v1161; // [rsp-9A93h] [rbp-9AA3h]
char v1162; // [rsp-9A92h] [rbp-9AA2h]
char v1163; // [rsp-9A91h] [rbp-9AA1h]
_BYTE v1164[16]; // [rsp-9A90h] [rbp-9AA0h] BYREF
int v1165; // [rsp-9A78h] [rbp-9A88h]
int v1166; // [rsp-9A74h] [rbp-9A84h] BYREF
_DWORD *KiUserExceptionDispatcher; // [rsp-9A70h] [rbp-9A80h]
__int64 v1168; // [rsp-9A68h] [rbp-9A78h]
__int64 v1169; // [rsp-9A60h] [rbp-9A70h]
__int64 v1170; // [rsp-9A58h] [rbp-9A68h] BYREF
__int64 v1171; // [rsp-9A50h] [rbp-9A60h]
__int64 GetCurrentThreadId; // [rsp-9A48h] [rbp-9A58h]
unsigned __int64 v1173; // [rsp-9A40h] [rbp-9A50h]
__int64 v1174; // [rsp-9A38h] [rbp-9A48h]
__int64 v1175; // [rsp-9A30h] [rbp-9A40h]
__int64 v1176; // [rsp-9A28h] [rbp-9A38h]
__int64 v1177; // [rsp-9A20h] [rbp-9A30h] BYREF
__int64 v1178; // [rsp-9A18h] [rbp-9A28h]
unsigned int (__fastcall *GetProcessTimes_1)(__int64, __int64 *, __int64 *, char *, char *); // [rsp-9A10h] [rbp-9A20h]
__int64 v1180; // [rsp-9A08h] [rbp-9A18h]
unsigned __int64 i57; // [rsp-9A00h] [rbp-9A10h]
unsigned __int64 i53; // [rsp-99F8h] [rbp-9A08h]
__int64 (__fastcall *LoadLibraryA)(char *); // [rsp-99F0h] [rbp-9A00h]
_DWORD v1184[4]; // [rsp-99E8h] [rbp-99F8h] BYREF
__int64 v1185; // [rsp-99D8h] [rbp-99E8h]
__int64 v1186; // [rsp-99D0h] [rbp-99E0h] BYREF
__int64 v1187; // [rsp-99C8h] [rbp-99D8h]
__int64 v1188; // [rsp-99C0h] [rbp-99D0h]
unsigned __int64 v1189; // [rsp-99B8h] [rbp-99C8h]
__int64 v1190; // [rsp-99B0h] [rbp-99C0h]
__int64 (__fastcall *malloc)(__int64); // [rsp-99A8h] [rbp-99B8h]
int v1192; // [rsp-99A0h] [rbp-99B0h] BYREF
int v1193; // [rsp-999Ch] [rbp-99ACh]
int v1194; // [rsp-9998h] [rbp-99A8h] BYREF
int v1195; // [rsp-9994h] [rbp-99A4h] BYREF
unsigned int v1196; // [rsp-9990h] [rbp-99A0h]
int v1198; // [rsp-9988h] [rbp-9998h] BYREF
unsigned int v1199; // [rsp-9984h] [rbp-9994h]
int v1200; // [rsp-9980h] [rbp-9990h]
int v1201; // [rsp-997Ch] [rbp-998Ch] BYREF
int v1202; // [rsp-9978h] [rbp-9988h]
_QWORD v1203[3]; // [rsp-9970h] [rbp-9980h] BYREF
__int64 v1204; // [rsp-9958h] [rbp-9968h]
int v1205; // [rsp-9950h] [rbp-9960h]
int v1206; // [rsp-994Ch] [rbp-995Ch]
int v1207; // [rsp-9948h] [rbp-9958h]
char v1208; // [rsp-9940h] [rbp-9950h]
char v1209; // [rsp-993Fh] [rbp-994Fh]
unsigned __int8 v1210; // [rsp-993Eh] [rbp-994Eh]
__int64 v1211; // [rsp-993Dh] [rbp-994Dh]
int v1212; // [rsp-9935h] [rbp-9945h]
int v1213; // [rsp-9931h] [rbp-9941h]
_BYTE v1214[5]; // [rsp-992Dh] [rbp-993Dh] BYREF
_DWORD v1215[2]; // [rsp-9918h] [rbp-9928h] BYREF
_DWORD v1216[2]; // [rsp-9910h] [rbp-9920h] BYREF
char v1217[24]; // [rsp-9908h] [rbp-9918h] BYREF
char v1218[24]; // [rsp-98F0h] [rbp-9900h] BYREF
__int64 i70; // [rsp-98D8h] [rbp-98E8h]
unsigned int (__fastcall *GetProcessTimes_2)(__int64, __int64 *, __int64 *, __int64 *, __int64 *); // [rsp-98D0h] [rbp-98E0h]
__int64 v1221; // [rsp-98C8h] [rbp-98D8h] BYREF
unsigned int (__fastcall *GetFileAttributesExA)(char *, _QWORD, _BYTE *); // [rsp-98C0h] [rbp-98D0h]
int (__fastcall *NtQueryInformationProcess)(__int64, __int64, __int64 *, __int64, _QWORD); // [rsp-98B8h] [rbp-98C8h]
__int64 v1224; // [rsp-98B0h] [rbp-98C0h]
unsigned int (__fastcall *v1225)(__int64, __int64 *, __int64 *, __int64 *, __int64 *); // [rsp-98A8h] [rbp-98B8h]
unsigned int (__fastcall *GetExitCodeProcess_1)(__int64, int *); // [rsp-98A0h] [rbp-98B0h]
__int64 (*GetTickCount)(void); // [rsp-9898h] [rbp-98A8h]
unsigned int (__fastcall *GetExtendedUdpTable)(unsigned int *, unsigned int *, _QWORD, __int64, int, _DWORD); // [rsp-9890h] [rbp-98A0h]
__int64 v1229; // [rsp-9888h] [rbp-9898h]
__int64 v1230; // [rsp-9880h] [rbp-9890h]
__int64 v1231; // [rsp-9878h] [rbp-9888h]
__int64 v1232; // [rsp-9870h] [rbp-9880h] BYREF
__int64 v1233; // [rsp-9868h] [rbp-9878h] BYREF
__int64 v1234; // [rsp-9860h] [rbp-9870h]
void (__fastcall *GetSystemTimes)(__int64 *, __int64 *, __int64 *); // [rsp-9858h] [rbp-9868h]
int (__fastcall *NtQueryInformationFile_1)(__int64, _BYTE *, __int64 *, __int64, int); // [rsp-9850h] [rbp-9860h]
__int64 v1237; // [rsp-9848h] [rbp-9858h]
unsigned int (__fastcall *OpenProcessToken)(__int64, __int64, __int64 *); // [rsp-9840h] [rbp-9850h]
unsigned int (__fastcall *LookupPrivilegeValueA)(_QWORD, char *, __int64 *); // [rsp-9838h] [rbp-9848h]
void (__fastcall *AdjustTokenPrivileges)(__int64, _QWORD, int *, _QWORD, _QWORD, _QWORD); // [rsp-9830h] [rbp-9840h]
__int64 v1241; // [rsp-9828h] [rbp-9838h] BYREF
void (__fastcall *ClientToScreen)(__int64, _DWORD *); // [rsp-9820h] [rbp-9830h]
unsigned int (__fastcall *GetWindowDisplayAffinity)(__int64, int *); // [rsp-9818h] [rbp-9828h]
__int64 v1244; // [rsp-9810h] [rbp-9820h]
unsigned __int8 *GetTopWindow; // [rsp-9808h] [rbp-9818h]
unsigned __int8 *v1246; // [rsp-9800h] [rbp-9810h]
unsigned __int8 *v1247; // [rsp-97F8h] [rbp-9808h]
__int64 v1248; // [rsp-97F0h] [rbp-9800h]
__int64 v1249; // [rsp-97E8h] [rbp-97F8h] BYREF
_BYTE *v1250; // [rsp-97E0h] [rbp-97F0h] BYREF
__int64 v1251; // [rsp-97D8h] [rbp-97E8h] BYREF
_QWORD v1252[3]; // [rsp-97D0h] [rbp-97E0h] BYREF
__int64 v1253; // [rsp-97B8h] [rbp-97C8h]
__int64 v1254; // [rsp-97B0h] [rbp-97C0h]
__int64 v1255; // [rsp-97A8h] [rbp-97B8h]
__int64 v1256; // [rsp-97A0h] [rbp-97B0h]
unsigned int (__fastcall *memcmp)(_BYTE *, _BYTE *, __int64); // [rsp-9798h] [rbp-97A8h]
void (__fastcall *memcpy)(_BYTE *, unsigned __int64, __int64); // [rsp-9790h] [rbp-97A0h]
__int64 v1259; // [rsp-9788h] [rbp-9798h]
__int64 v1260; // [rsp-9780h] [rbp-9790h]
__int64 v1261; // [rsp-9778h] [rbp-9788h]
int (__fastcall *NtQueryInformationProcess_1)(__int64, __int64, __int64 *, __int64, _QWORD); // [rsp-9770h] [rbp-9780h]
unsigned int (__fastcall *GetThreadTimes)(__int64, __int64 *, __int64 *, char *, char *); // [rsp-9768h] [rbp-9778h]
__int64 (__fastcall *OpenThread)(__int64, _QWORD, _QWORD); // [rsp-9760h] [rbp-9770h]
__int64 v1265; // [rsp-9758h] [rbp-9768h]
unsigned __int64 i38; // [rsp-9750h] [rbp-9760h]
int (__fastcall *NtQueryInformationProcess_2)(__int64, __int64, __int64 *, __int64, _QWORD); // [rsp-9748h] [rbp-9758h]
__int64 (__fastcall *CreateToolhelp32Snapshot)(__int64, _QWORD); // [rsp-9740h] [rbp-9750h]
unsigned __int64 i68; // [rsp-9738h] [rbp-9748h]
int v1270; // [rsp-9730h] [rbp-9740h] BYREF
char v1271; // [rsp-972Ch] [rbp-973Ch]
char v1272; // [rsp-972Bh] [rbp-973Bh]
char v1273; // [rsp-972Ah] [rbp-973Ah]
char v1274; // [rsp-9729h] [rbp-9739h]
_BYTE v1275[25]; // [rsp-9728h] [rbp-9738h] BYREF
char v1276; // [rsp-970Fh] [rbp-971Fh]
__int16 v1277; // [rsp-970Eh] [rbp-971Eh]
unsigned __int64 v1278; // [rsp-970Ch] [rbp-971Ch]
__int64 v1279; // [rsp-9704h] [rbp-9714h]
int v1280; // [rsp-96FCh] [rbp-970Ch]
int v1281; // [rsp-96F8h] [rbp-9708h]
char v1282[32]; // [rsp-96F0h] [rbp-9700h] BYREF
__int64 v1283; // [rsp-96D0h] [rbp-96E0h] BYREF
unsigned __int16 v1284; // [rsp-96C8h] [rbp-96D8h]
__int16 v1285; // [rsp-96C6h] [rbp-96D6h]
__int64 *v1286; // [rsp-96C0h] [rbp-96D0h]
char v1287; // [rsp-96B8h] [rbp-96C8h]
char v1288; // [rsp-96B7h] [rbp-96C7h]
unsigned __int64 v1289; // [rsp-96B6h] [rbp-96C6h]
int v1290; // [rsp-96AEh] [rbp-96BEh]
int v1291; // [rsp-96AAh] [rbp-96BAh]
_BYTE v1292[12]; // [rsp-96A3h] [rbp-96B3h]
char v1293; // [rsp-9697h] [rbp-96A7h]
int v1294; // [rsp-9696h] [rbp-96A6h] BYREF
int v1295; // [rsp-9692h] [rbp-96A2h]
_DWORD v1296[93]; // [rsp-968Eh] [rbp-969Eh] BYREF
char v1297; // [rsp-9518h] [rbp-9528h]
char v1298; // [rsp-9517h] [rbp-9527h]
__int16 v1299; // [rsp-9516h] [rbp-9526h]
__int64 v1300; // [rsp-9514h] [rbp-9524h]
__int64 v1301; // [rsp-950Ch] [rbp-951Ch]
int v1302; // [rsp-9504h] [rbp-9514h]
int v1303; // [rsp-9500h] [rbp-9510h]
char v1304; // [rsp-94F8h] [rbp-9508h]
char v1305; // [rsp-94F7h] [rbp-9507h]
__int16 v1306; // [rsp-94F6h] [rbp-9506h]
_QWORD *v1307; // [rsp-94F4h] [rbp-9504h]
__int64 v1308; // [rsp-94ECh] [rbp-94FCh]
int v1309; // [rsp-94E4h] [rbp-94F4h]
int v1310; // [rsp-94E0h] [rbp-94F0h]
char v1311; // [rsp-94D8h] [rbp-94E8h]
_BYTE v1312[2]; // [rsp-94D7h] [rbp-94E7h]
__int64 v1313; // [rsp-94D5h] [rbp-94E5h]
__int64 v1314; // [rsp-94CDh] [rbp-94DDh]
char v1315; // [rsp-94C0h] [rbp-94D0h]
_BYTE v1316[2]; // [rsp-94BFh] [rbp-94CFh]
__int64 v1317; // [rsp-94BDh] [rbp-94CDh]
__int64 v1318; // [rsp-94B5h] [rbp-94C5h]
char v1319; // [rsp-94A8h] [rbp-94B8h]
_BYTE v1320[2]; // [rsp-94A7h] [rbp-94B7h]
__int64 v1321; // [rsp-94A5h] [rbp-94B5h]
__int64 v1322; // [rsp-949Dh] [rbp-94ADh]
_QWORD v1323[3]; // [rsp-9490h] [rbp-94A0h] BYREF
unsigned __int64 v1324; // [rsp-9478h] [rbp-9488h]
int v1325; // [rsp-9470h] [rbp-9480h]
int v1326; // [rsp-946Ch] [rbp-947Ch]
int v1327; // [rsp-9468h] [rbp-9478h]
_QWORD v1328[3]; // [rsp-9460h] [rbp-9470h] BYREF
__int64 v1329; // [rsp-9448h] [rbp-9458h]
int v1330; // [rsp-9440h] [rbp-9450h]
int v1331; // [rsp-943Ch] [rbp-944Ch]
int v1332; // [rsp-9438h] [rbp-9448h]
char v1333; // [rsp-9430h] [rbp-9440h]
char v1334; // [rsp-942Fh] [rbp-943Fh]
__int16 v1335; // [rsp-942Eh] [rbp-943Eh]
int v1336; // [rsp-942Ch] [rbp-943Ch]
unsigned __int8 v1337; // [rsp-9428h] [rbp-9438h] BYREF
__int64 v1338; // [rsp-9418h] [rbp-9428h] BYREF
unsigned __int16 v1339; // [rsp-9410h] [rbp-9420h]
__int16 v1340; // [rsp-940Eh] [rbp-941Eh]
__int64 *v1341; // [rsp-9408h] [rbp-9418h]
char v1342; // [rsp-9400h] [rbp-9410h]
char v1343; // [rsp-93FFh] [rbp-940Fh]
__int16 v1344; // [rsp-93FEh] [rbp-940Eh]
int v1345; // [rsp-93FCh] [rbp-940Ch]
__int64 v1346; // [rsp-93F8h] [rbp-9408h]
__int64 v1347; // [rsp-93F0h] [rbp-9400h]
char v1348; // [rsp-93E8h] [rbp-93F8h]
char v1349; // [rsp-93E7h] [rbp-93F7h]
__int16 v1350; // [rsp-93E6h] [rbp-93F6h]
int v1351; // [rsp-93E4h] [rbp-93F4h]
unsigned __int8 v1352; // [rsp-93E0h] [rbp-93F0h] BYREF
__int64 v1353; // [rsp-93D0h] [rbp-93E0h] BYREF
unsigned __int16 v1354; // [rsp-93C8h] [rbp-93D8h]
__int16 v1355; // [rsp-93C6h] [rbp-93D6h]
__int64 *v1356; // [rsp-93C0h] [rbp-93D0h]
int v1357; // [rsp-93B8h] [rbp-93C8h] BYREF
unsigned int v1358; // [rsp-93B0h] [rbp-93C0h]
unsigned int v1359; // [rsp-9398h] [rbp-93A8h]
int v1360; // [rsp-938Ch] [rbp-939Ch]
int v1361; // [rsp-9388h] [rbp-9398h]
int v1362; // [rsp-9384h] [rbp-9394h]
char v1363; // [rsp-9288h] [rbp-9298h]
char v1364; // [rsp-9287h] [rbp-9297h]
__int16 v1365; // [rsp-9286h] [rbp-9296h]
__int64 v1366; // [rsp-9284h] [rbp-9294h]
__int64 v1367; // [rsp-927Ch] [rbp-928Ch]
unsigned int v1368; // [rsp-9274h] [rbp-9284h]
unsigned int v1369; // [rsp-9270h] [rbp-9280h]
char v1370; // [rsp-9268h] [rbp-9278h]
char v1371; // [rsp-9267h] [rbp-9277h]
__int16 v1372; // [rsp-9266h] [rbp-9276h]
_QWORD v1373[2]; // [rsp-9264h] [rbp-9274h] BYREF
int v1374; // [rsp-9254h] [rbp-9264h]
int v1375; // [rsp-9250h] [rbp-9260h]
char v1376; // [rsp-9248h] [rbp-9258h]
char v1377; // [rsp-9247h] [rbp-9257h]
__int16 v1378; // [rsp-9246h] [rbp-9256h]
__int64 v1379; // [rsp-9244h] [rbp-9254h]
__int64 v1380; // [rsp-923Ch] [rbp-924Ch]
int v1381; // [rsp-9234h] [rbp-9244h]
int v1382; // [rsp-9230h] [rbp-9240h]
char v1383; // [rsp-9228h] [rbp-9238h]
char v1384; // [rsp-9227h] [rbp-9237h]
__int16 v1385; // [rsp-9226h] [rbp-9236h]
__int64 v1386; // [rsp-9224h] [rbp-9234h]
__int64 v1387; // [rsp-921Ch] [rbp-922Ch]
int v1388; // [rsp-9214h] [rbp-9224h]
int v1389; // [rsp-9210h] [rbp-9220h]
char v1390; // [rsp-9208h] [rbp-9218h]
char v1391; // [rsp-9207h] [rbp-9217h]
__int16 v1392; // [rsp-9206h] [rbp-9216h]
__int64 v1393; // [rsp-9204h] [rbp-9214h]
__int64 v1394; // [rsp-91FCh] [rbp-920Ch]
int v1395; // [rsp-91F4h] [rbp-9204h]
int v1396; // [rsp-91F0h] [rbp-9200h]
char v1397; // [rsp-91E8h] [rbp-91F8h]
char v1398; // [rsp-91E7h] [rbp-91F7h]
__int16 v1399; // [rsp-91E6h] [rbp-91F6h]
__int64 v1400; // [rsp-91E4h] [rbp-91F4h]
__int64 v1401; // [rsp-91DCh] [rbp-91ECh]
int v1402; // [rsp-91D4h] [rbp-91E4h]
int v1403; // [rsp-91D0h] [rbp-91E0h]
char v1404; // [rsp-91C8h] [rbp-91D8h]
char v1405; // [rsp-91C7h] [rbp-91D7h]
__int16 v1406; // [rsp-91C6h] [rbp-91D6h]
unsigned __int64 v1407; // [rsp-91C4h] [rbp-91D4h]
unsigned __int64 v1408; // [rsp-91BCh] [rbp-91CCh]
int v1409; // [rsp-91B4h] [rbp-91C4h]
int v1410; // [rsp-91B0h] [rbp-91C0h]
char v1411; // [rsp-91A8h] [rbp-91B8h]
char v1412; // [rsp-91A7h] [rbp-91B7h]
__int16 v1413; // [rsp-91A6h] [rbp-91B6h]
__int64 v1414; // [rsp-91A4h] [rbp-91B4h]
unsigned __int64 v1415; // [rsp-919Ch] [rbp-91ACh]
int v1416; // [rsp-9194h] [rbp-91A4h]
int v1417; // [rsp-9190h] [rbp-91A0h]
char v1418; // [rsp-9188h] [rbp-9198h]
char v1419; // [rsp-9187h] [rbp-9197h]
__int16 v1420; // [rsp-9186h] [rbp-9196h]
__int64 v1421; // [rsp-9184h] [rbp-9194h]
__int64 v1422; // [rsp-917Ch] [rbp-918Ch]
int v1423; // [rsp-9174h] [rbp-9184h]
int v1424; // [rsp-9170h] [rbp-9180h]
char v1425; // [rsp-9168h] [rbp-9178h]
char v1426; // [rsp-9167h] [rbp-9177h]
__int16 v1427; // [rsp-9166h] [rbp-9176h]
__int64 v1428; // [rsp-9164h] [rbp-9174h]
__int64 v1429; // [rsp-915Ch] [rbp-916Ch]
int v1430; // [rsp-9154h] [rbp-9164h]
int v1431; // [rsp-9150h] [rbp-9160h]
char v1432; // [rsp-9148h] [rbp-9158h]
char v1433; // [rsp-9147h] [rbp-9157h]
__int16 v1434; // [rsp-9146h] [rbp-9156h]
__int64 v1435; // [rsp-9144h] [rbp-9154h]
__int64 v1436; // [rsp-913Ch] [rbp-914Ch]
int v1437; // [rsp-9134h] [rbp-9144h]
int v1438; // [rsp-9130h] [rbp-9140h]
char v1439; // [rsp-9128h] [rbp-9138h]
char v1440; // [rsp-9127h] [rbp-9137h]
__int16 v1441; // [rsp-9126h] [rbp-9136h]
__int64 v1442; // [rsp-9124h] [rbp-9134h]
__int64 v1443; // [rsp-911Ch] [rbp-912Ch]
int v1444; // [rsp-9114h] [rbp-9124h]
int v1445; // [rsp-9110h] [rbp-9120h]
char v1446; // [rsp-9108h] [rbp-9118h]
char v1447; // [rsp-9107h] [rbp-9117h]
__int16 v1448; // [rsp-9106h] [rbp-9116h]
_QWORD v1449[2]; // [rsp-9104h] [rbp-9114h] BYREF
int v1450; // [rsp-90F4h] [rbp-9104h]
int v1451; // [rsp-90F0h] [rbp-9100h]
char v1452; // [rsp-90E8h] [rbp-90F8h]
_BYTE v1453[2]; // [rsp-90E7h] [rbp-90F7h]
__int64 v1454; // [rsp-90E5h] [rbp-90F5h]
__int64 v1455; // [rsp-90DDh] [rbp-90EDh]
__int64 v1456; // [rsp-90D5h] [rbp-90E5h]
__int64 v1457; // [rsp-90CDh] [rbp-90DDh]
__int64 v1458; // [rsp-90C5h] [rbp-90D5h]
__int64 v1459; // [rsp-90BDh] [rbp-90CDh]
__int64 v1460; // [rsp-90B5h] [rbp-90C5h]
int v1461; // [rsp-90ADh] [rbp-90BDh]
int v1462; // [rsp-90A9h] [rbp-90B9h]
char v1463; // [rsp-9098h] [rbp-90A8h]
_BYTE v1464[2]; // [rsp-9097h] [rbp-90A7h]
__int64 v1465; // [rsp-9095h] [rbp-90A5h]
__int64 v1466; // [rsp-908Dh] [rbp-909Dh]
__int64 v1467; // [rsp-9085h] [rbp-9095h]
__int64 v1468; // [rsp-907Dh] [rbp-908Dh]
__int64 v1469; // [rsp-9075h] [rbp-9085h]
__int64 v1470; // [rsp-906Dh] [rbp-907Dh]
__int64 v1471; // [rsp-9065h] [rbp-9075h]
int v1472; // [rsp-905Dh] [rbp-906Dh]
int v1473; // [rsp-9059h] [rbp-9069h]
char v1474; // [rsp-9048h] [rbp-9058h]
_BYTE v1475[2]; // [rsp-9047h] [rbp-9057h]
__int64 *v1476; // [rsp-9045h] [rbp-9055h]
__int64 v1477; // [rsp-903Dh] [rbp-904Dh]
__int64 v1478; // [rsp-9035h] [rbp-9045h]
__int64 v1479; // [rsp-902Dh] [rbp-903Dh]
__int64 v1480; // [rsp-9025h] [rbp-9035h]
__int64 v1481; // [rsp-901Dh] [rbp-902Dh]
__int64 v1482; // [rsp-9015h] [rbp-9025h]
int v1483; // [rsp-900Dh] [rbp-901Dh]
int v1484; // [rsp-9009h] [rbp-9019h]
_WORD v1485[4]; // [rsp-8FF8h] [rbp-9008h] BYREF
_WORD *v1486; // [rsp-8FF0h] [rbp-9000h]
int v1487; // [rsp-8FE8h] [rbp-8FF8h] BYREF
__int64 v1488; // [rsp-8FE4h] [rbp-8FF4h]
int v1489; // [rsp-8FDCh] [rbp-8FECh]
char v1490; // [rsp-8FD8h] [rbp-8FE8h]
char v1491; // [rsp-8FD7h] [rbp-8FE7h]
__int16 v1492; // [rsp-8FD6h] [rbp-8FE6h]
__int64 v1493; // [rsp-8FD4h] [rbp-8FE4h]
__int64 v1494; // [rsp-8FCCh] [rbp-8FDCh]
__int64 v1495; // [rsp-8FC4h] [rbp-8FD4h]
__int64 v1496; // [rsp-8FBCh] [rbp-8FCCh]
int v1497; // [rsp-8FB4h] [rbp-8FC4h]
unsigned __int64 v1498; // [rsp-8FB0h] [rbp-8FC0h]
int v1499; // [rsp-8FA8h] [rbp-8FB8h]
__int64 v1500; // [rsp-8FA4h] [rbp-8FB4h]
__int64 v1501; // [rsp-8F98h] [rbp-8FA8h] BYREF
int v1502; // [rsp-8F90h] [rbp-8FA0h]
__int64 (__fastcall *ResumeThread)(__int64); // [rsp-8F88h] [rbp-8F98h]
unsigned int (__fastcall *GetThreadContext)(__int64, _DWORD *); // [rsp-8F80h] [rbp-8F90h]
__int64 (__fastcall *FindWindowExA)(_QWORD, _QWORD, char *, _QWORD); // [rsp-8F78h] [rbp-8F88h]
void (__fastcall *GetClientRect)(__int64, _DWORD *); // [rsp-8F70h] [rbp-8F80h]
void (__fastcall *GetWindowThreadProcessId)(__int64, unsigned int *); // [rsp-8F68h] [rbp-8F78h]
__int64 (__fastcall *GetWindowTextW)(__int64, _BYTE *, __int64); // [rsp-8F60h] [rbp-8F70h]
__int64 (__fastcall *GetClassNameW)(__int64, _BYTE *, __int64); // [rsp-8F58h] [rbp-8F68h]
void (__fastcall *GetWindowRect)(__int64, _DWORD *); // [rsp-8F50h] [rbp-8F60h]
__int64 v1511; // [rsp-8F48h] [rbp-8F58h]
void (__fastcall *SuspendThread)(__int64); // [rsp-8F40h] [rbp-8F50h]
unsigned int (__fastcall *GetProcessTimes_3)(__int64, __int64 *, __int64 *, __int64 *, __int64 *); // [rsp-8F38h] [rbp-8F48h]
__int64 v1514; // [rsp-8F30h] [rbp-8F40h]
__int64 v1515; // [rsp-8F28h] [rbp-8F38h]
unsigned int (__fastcall *DuplicateHandle)(__int64, _QWORD, __int64, __int64 *, __int64, __int64, __int64); // [rsp-8F20h] [rbp-8F30h]
__int64 v1517; // [rsp-8F18h] [rbp-8F28h]
__int64 (__fastcall *NtQueryObject)(__int64, __int64, unsigned __int16 *, __int64, _QWORD); // [rsp-8F10h] [rbp-8F20h]
unsigned int (__fastcall *_wcsnicmp)(__int64, _WORD *, _QWORD); // [rsp-8F08h] [rbp-8F18h]
__int64 (__fastcall *GetProcessId)(__int64); // [rsp-8F00h] [rbp-8F10h]
__int64 v1521; // [rsp-8EF8h] [rbp-8F08h]
__int64 v1522; // [rsp-8EF0h] [rbp-8F00h]
__int64 (__fastcall *NtOpenFile)(__int64 *, __int64, int *, _BYTE *, __int64, __int64); // [rsp-8EE8h] [rbp-8EF8h]
_BYTE v1524[16]; // [rsp-8EE0h] [rbp-8EF0h] BYREF
_BYTE v1525[16]; // [rsp-8ED0h] [rbp-8EE0h] BYREF
__int64 v1526; // [rsp-8EC0h] [rbp-8ED0h] BYREF
void (__fastcall *GetSystemTimeAsFileTime_1)(__int64 *); // [rsp-8EB8h] [rbp-8EC8h]
void (__fastcall *FreeLibrary)(__int64); // [rsp-8EB0h] [rbp-8EC0h]
int (__fastcall *NtQueryInformationFile)(__int64, _BYTE *, _QWORD *, __int64, int); // [rsp-8EA8h] [rbp-8EB8h]
void (__fastcall *GetSystemTimeAsFileTime)(__int64 *); // [rsp-8EA0h] [rbp-8EB0h]
__int64 (*GetTickCount64)(void); // [rsp-8E98h] [rbp-8EA8h]
__int64 v1532; // [rsp-8E90h] [rbp-8EA0h] BYREF
__int64 v1533; // [rsp-8E88h] [rbp-8E98h]
void (__fastcall *NtClose)(__int64); // [rsp-8E80h] [rbp-8E90h]
unsigned int (__fastcall *Process32First)(__int64, int *); // [rsp-8E78h] [rbp-8E88h]
int *v1536; // [rsp-8E70h] [rbp-8E80h]
int *v1537; // [rsp-8E68h] [rbp-8E78h]
unsigned int (__fastcall *GetProcessTimes)(__int64, __int64 *, __int64 *, __int64 *, __int64 *); // [rsp-8E60h] [rbp-8E70h]
__int64 (__fastcall *v1539)(__int64, _BYTE *); // [rsp-8E58h] [rbp-8E68h]
unsigned int (__fastcall *GetExitCodeProcess)(__int64, int *); // [rsp-8E50h] [rbp-8E60h]
__int64 v1541; // [rsp-8E48h] [rbp-8E58h] BYREF
__int64 v1542; // [rsp-8E40h] [rbp-8E50h] BYREF
__int64 v1543; // [rsp-8E38h] [rbp-8E48h] BYREF
__int64 v1544; // [rsp-8E30h] [rbp-8E40h] BYREF
__int64 v1545; // [rsp-8E28h] [rbp-8E38h] BYREF
__int64 v1546; // [rsp-8E20h] [rbp-8E30h] BYREF
int (__fastcall *NtQueryInformationThread_1)(__int64, __int64, __int64 *, __int64, _QWORD); // [rsp-8E18h] [rbp-8E28h]
__int64 (__fastcall *OpenThread_2)(__int64, _QWORD, _QWORD); // [rsp-8E10h] [rbp-8E20h]
_BYTE *v1549; // [rsp-8E08h] [rbp-8E18h]
unsigned int (__fastcall *GetExitCodeProcess_2)(__int64, int *); // [rsp-8E00h] [rbp-8E10h]
__int64 v1551; // [rsp-8DF8h] [rbp-8E08h]
__int64 v1552; // [rsp-8DF0h] [rbp-8E00h]
__int64 v1553; // [rsp-8DE8h] [rbp-8DF8h] BYREF
_QWORD v1554[4]; // [rsp-8DE0h] [rbp-8DF0h] BYREF
unsigned int (__fastcall *EnumProcesse)(_DWORD *, __int64, unsigned int *); // [rsp-8DC0h] [rbp-8DD0h]
__int64 (__fastcall *NtQueryInformationThread)(__int64, __int64, __int64 *, __int64, _QWORD); // [rsp-8DB8h] [rbp-8DC8h]
unsigned int (__fastcall *Process32Next)(__int64, int *); // [rsp-8DB0h] [rbp-8DC0h]
__int64 v1558; // [rsp-8DA8h] [rbp-8DB8h] BYREF
unsigned int (__fastcall *Module32First)(__int64, _DWORD *); // [rsp-8DA0h] [rbp-8DB0h]
__int64 v1560; // [rsp-8D98h] [rbp-8DA8h] BYREF
__int64 v1561; // [rsp-8D90h] [rbp-8DA0h] BYREF
unsigned __int64 v1562; // [rsp-8D88h] [rbp-8D98h]
unsigned int (__fastcall *Module32Next)(__int64, _DWORD *); // [rsp-8D80h] [rbp-8D90h]
__int64 (__fastcall *OpenThread_1)(__int64, _QWORD, _QWORD); // [rsp-8D78h] [rbp-8D88h]
__int64 v1565; // [rsp-8D70h] [rbp-8D80h] BYREF
int v1566; // [rsp-8D58h] [rbp-8D68h]
int v1567; // [rsp-8D50h] [rbp-8D60h]
int v1568; // [rsp-8D4Ch] [rbp-8D5Ch]
int v1569; // [rsp-8D48h] [rbp-8D58h]
_DWORD v1570[12]; // [rsp-8D40h] [rbp-8D50h] BYREF
char v1571; // [rsp-8D10h] [rbp-8D20h]
char v1572; // [rsp-8D0Fh] [rbp-8D1Fh]
__int64 v1573; // [rsp-8D0Eh] [rbp-8D1Eh]
int v1574; // [rsp-8D06h] [rbp-8D16h]
int v1575; // [rsp-8D02h] [rbp-8D12h]
_BYTE v1576[17]; // [rsp-8CD0h] [rbp-8CE0h] BYREF
char v1577; // [rsp-8CBFh] [rbp-8CCFh]
__int16 v1578; // [rsp-8CBEh] [rbp-8CCEh]
int v1579; // [rsp-8CBCh] [rbp-8CCCh]
__int16 v1580; // [rsp-8CB8h] [rbp-8CC8h] BYREF
_DWORD v1581[8]; // [rsp-8C98h] [rbp-8CA8h] BYREF
int v1582; // [rsp-8C78h] [rbp-8C88h]
int v1583; // [rsp-8C74h] [rbp-8C84h]
int v1584; // [rsp-8C70h] [rbp-8C80h]
__int64 v1585; // [rsp-8C68h] [rbp-8C78h] BYREF
__int64 v1586; // [rsp-8C50h] [rbp-8C60h]
int v1587; // [rsp-8C48h] [rbp-8C58h]
int v1588; // [rsp-8C44h] [rbp-8C54h]
int v1589; // [rsp-8C40h] [rbp-8C50h]
_QWORD v1590[4]; // [rsp-8C38h] [rbp-8C48h] BYREF
int v1591; // [rsp-8C18h] [rbp-8C28h]
int v1592; // [rsp-8C10h] [rbp-8C20h] BYREF
__int64 v1593; // [rsp-8C08h] [rbp-8C18h]
_WORD *v1594; // [rsp-8C00h] [rbp-8C10h]
int v1595; // [rsp-8BF8h] [rbp-8C08h]
__int64 v1596; // [rsp-8BF0h] [rbp-8C00h]
__int64 v1597; // [rsp-8BE8h] [rbp-8BF8h]
__int64 v1598; // [rsp-8BE0h] [rbp-8BF0h] BYREF
__int64 v1599; // [rsp-8BD8h] [rbp-8BE8h] BYREF
__int64 v1600; // [rsp-8BD0h] [rbp-8BE0h] BYREF
__int64 v1601; // [rsp-8BC8h] [rbp-8BD8h] BYREF
__int64 v1602; // [rsp-8BC0h] [rbp-8BD0h] BYREF
__int64 v1603; // [rsp-8BB8h] [rbp-8BC8h] BYREF
__int64 v1604; // [rsp-8BB0h] [rbp-8BC0h] BYREF
__int64 v1605; // [rsp-8BA8h] [rbp-8BB8h] BYREF
_BYTE v1606[32]; // [rsp-8BA0h] [rbp-8BB0h] BYREF
int v1607; // [rsp-8B80h] [rbp-8B90h]
__int64 v1608; // [rsp-8B78h] [rbp-8B88h] BYREF
__int64 v1609; // [rsp-8B60h] [rbp-8B70h]
_BYTE v1610[17]; // [rsp-8B58h] [rbp-8B68h]
char v1611; // [rsp-8B47h] [rbp-8B57h]
_BYTE v1612[286]; // [rsp-8B46h] [rbp-8B56h] BYREF
_BYTE v1613[6]; // [rsp-8A28h] [rbp-8A38h] BYREF
_DWORD v1614[54]; // [rsp-8A22h] [rbp-8A32h]
_DWORD v1615[9]; // [rsp-8948h] [rbp-8958h] BYREF
char v1616; // [rsp-8924h] [rbp-8934h]
_QWORD v1617[6]; // [rsp-8918h] [rbp-8928h] BYREF
_DWORD v1618[10]; // [rsp-88E8h] [rbp-88F8h] BYREF
_DWORD v1619[10]; // [rsp-88C0h] [rbp-88D0h] BYREF
_DWORD v1620[10]; // [rsp-8898h] [rbp-88A8h] BYREF
_DWORD v1621[10]; // [rsp-8870h] [rbp-8880h] BYREF
_QWORD v1622[6]; // [rsp-8848h] [rbp-8858h] BYREF
_DWORD v1623[6]; // [rsp-8818h] [rbp-8828h] BYREF
unsigned __int64 v1624; // [rsp-8800h] [rbp-8810h]
unsigned int v1625; // [rsp-87F8h] [rbp-8808h]
int v1626; // [rsp-87E8h] [rbp-87F8h]
int v1627; // [rsp-87E4h] [rbp-87F4h]
int v1628; // [rsp-87E0h] [rbp-87F0h]
int v1629; // [rsp-87DCh] [rbp-87ECh]
__int64 v1630; // [rsp-85D8h] [rbp-85E8h] BYREF
char v1631; // [rsp-85A0h] [rbp-85B0h]
__int64 v1632; // [rsp-8598h] [rbp-85A8h] BYREF
char v1633; // [rsp-8560h] [rbp-8570h]
__int64 v1634; // [rsp-8558h] [rbp-8568h] BYREF
char v1635; // [rsp-8520h] [rbp-8530h]
char v1636; // [rsp-8518h] [rbp-8528h]
char v1637; // [rsp-8517h] [rbp-8527h]
__int16 v1638; // [rsp-8516h] [rbp-8526h]
int v1639; // [rsp-8514h] [rbp-8524h]
__int16 v1640; // [rsp-8510h] [rbp-8520h]
int v1641; // [rsp-850Eh] [rbp-851Eh]
__int64 v1642; // [rsp-850Ah] [rbp-851Ah]
_BYTE v1643[266]; // [rsp-8502h] [rbp-8512h] BYREF
_BYTE v1644[128]; // [rsp-83F8h] [rbp-8408h] BYREF
_BYTE v1645[288]; // [rsp-8378h] [rbp-8388h] BYREF
_WORD v1646[128]; // [rsp-8258h] [rbp-8268h] BYREF
_DWORD v1647[2]; // [rsp-8158h] [rbp-8168h] BYREF
char v1648; // [rsp-8150h] [rbp-8160h]
unsigned int v1649; // [rsp-814Fh] [rbp-815Fh]
unsigned __int16 v1650; // [rsp-814Ah] [rbp-815Ah]
__int16 v1651; // [rsp-8144h] [rbp-8154h]
int v1652; // [rsp-813Eh] [rbp-814Eh]
_BYTE v1653[256]; // [rsp-7D28h] [rbp-7D38h] BYREF
_BYTE v1654[256]; // [rsp-7C28h] [rbp-7C38h] BYREF
_DWORD v1655[128]; // [rsp-7B28h] [rbp-7B38h] BYREF
_WORD v1656[256]; // [rsp-7928h] [rbp-7938h] BYREF
_WORD v1657[256]; // [rsp-7728h] [rbp-7738h] BYREF
_DWORD v1658[28]; // [rsp-7528h] [rbp-7538h] BYREF
__int64 v1659; // [rsp-74B8h] [rbp-74C8h]
__int64 v1660; // [rsp-7490h] [rbp-74A0h]
_BYTE v1661[512]; // [rsp-7058h] [rbp-7068h] BYREF
_BYTE v1662[4096]; // [rsp-6E58h] [rbp-6E68h] BYREF
_BYTE v1663[60]; // [rsp-5E58h] [rbp-5E68h] BYREF
int v1664; // [rsp-5E1Ch] [rbp-5E2Ch]
__int64 v1665; // [rsp-5B58h] [rbp-5B68h] BYREF
__int64 v1666; // [rsp-4E58h] [rbp-4E68h] BYREF
unsigned __int16 v1667; // [rsp-4E48h] [rbp-4E58h] BYREF
__int64 v1668; // [rsp-4E40h] [rbp-4E50h]
_WORD v1669[2048]; // [rsp-4A48h] [rbp-4A58h] BYREF
__int64 v1670; // [rsp-3A48h] [rbp-3A58h] BYREF
__int64 v1671; // [rsp-3848h] [rbp-3858h] BYREF
_BYTE v1672[4096]; // [rsp-3648h] [rbp-3658h] BYREF
_BYTE v1673[4096]; // [rsp-2648h] [rbp-2658h] BYREF
_DWORD v1674[400]; // [rsp-1648h] [rbp-1658h] BYREF
_BYTE v1675[4120]; // [rsp-1008h] [rbp-1018h] BYREF
int v1676; // [rsp+18h] [rbp+8h]
__int64 v1677; // [rsp+20h] [rbp+10h]
__int64 (__fastcall *GetModuleHandleA)(char *); // [rsp+28h] [rbp+18h]
unsigned __int8 *GetProcAddress; // [rsp+30h] [rbp+20h]
HIDWORD(v43) = HIDWORD(a4);
HIDWORD(v40) = HIDWORD(a3);
HIDWORD(v38) = HIDWORD(a2);
v5 = alloca((sub_15034)(a1, a2, a3));
strcpy(v275, "KERNEL32.dll");
v75 = GetModuleHandleA(v275);
v125 = 1;
strcpy(v367, "BEClient_x64.dll");
v1168 = GetModuleHandleA(v367);
if ( v1168 && *(v1168 + *(v1168 + 60) + 8) >= 0x5D7AA2AFu )
v83 = a5;
else
v83 = &v125;
strcpy(v330, "GetTickCount");
GetTickCount = (GetProcAddress)(v75, v330);
strcpy(v319, "CloseHandle");
CloseHandle = (GetProcAddress)(v75, v319);
strcpy(v368, "OpenProcessToken");
OpenProcessToken = (GetProcAddress)(v75, v368);
if ( OpenProcessToken && OpenProcessToken(-1i64, 32i64, &v1241) )
{
strcpy(v278, "advapi32.dll");
strcpy(v394, "LookupPrivilegeValueA");
v6 = GetModuleHandleA(v278);
LookupPrivilegeValueA = (GetProcAddress)(v6, v394);
if ( LookupPrivilegeValueA )
{
strcpy(v369, "SeDebugPrivilege");
if ( LookupPrivilegeValueA(0i64, v369, &v1501) )
{
v1487 = 1;
v1488 = v1501;
v1489 = 2;
strcpy(v395, "AdjustTokenPrivileges");
v7 = GetModuleHandleA(v278);
AdjustTokenPrivileges = (GetProcAddress)(v7, v395);
if ( AdjustTokenPrivileges )
AdjustTokenPrivileges(v1241, 0i64, &v1487, 0i64, 0i64, 0i64);
}
}
CloseHandle(v1241);
}
strcpy(v300, "ntdll.dll");
v126 = GetModuleHandleA(v300);
strcpy(v391, "NtQueryVirtualMemory");
NtQueryVirtualMemory = (GetProcAddress)(v126, v391);
strcpy(v398, "NtProtectVirtualMemory");
NtProtectVirtualMemory = (GetProcAddress)(v126, v398);
strcpy(v323, "IsBadReadPtr");
v8 = GetModuleHandleA(v275);
IsBadReadPtr = (GetProcAddress)(v8, v323);
v1175 = ~IsBadReadPtr;
strcpy(v388, "NtReadVirtualMemory");
NtReadVirtualMemory = (GetProcAddress)(v126, v388);
strcpy(v155, "msvcrt.dll");
strcpy(v284, "memcpy");
v9 = GetModuleHandleA(v155);
memcpy = (GetProcAddress)(v9, v284);
strcpy(v283, "memcmp");
v10 = GetModuleHandleA(v155);
memcmp = (GetProcAddress)(v10, v283);
strcpy(v389, "GetCurrentProcessId");
GetCurrentProcessId = (GetProcAddress)(v75, v389);
strcpy(v320, "OpenProcess");
OpenProcess = (GetProcAddress)(v75, v320);
v11 = GetCurrentProcessId();
v150 = OpenProcess(1048i64, 0i64, v11);
strcpy(v277, "Sleep");
Sleep = (GetProcAddress)(v75, v277);
strcpy(v282, "malloc");
v12 = GetModuleHandleA(v155);
malloc = (GetProcAddress)(v12, v282);
strcpy(v294, "realloc");
v13 = GetModuleHandleA(v155);
realloc = (GetProcAddress)(v13, v294);
strcpy(v276, "free");
v14 = GetModuleHandleA(v155);
free = (GetProcAddress)(v14, v276);
strcpy(v406, "NtQuerySystemInformation");
NtQuerySystemInformation = (GetProcAddress)(v126, v406);
strcpy(v122, "USER32.dll");
strcpy(v324, "GetTopWindow");
v15 = GetModuleHandleA(v122);
GetTopWindow = (GetProcAddress)(v15, v324);
strcpy(v301, "GetWindow");
v16 = GetModuleHandleA(v122);
GetWindow = (GetProcAddress)(v16, v301);
strcpy(v348, "FindWindowExA");
v17 = GetModuleHandleA(v122);
FindWindowExA = (GetProcAddress)(v17, v348);
strcpy(v401, "GetWindowThreadProcessId");
v18 = GetModuleHandleA(v122);
GetWindowThreadProcessId = (GetProcAddress)(v18, v401);
strcpy(v359, "GetWindowLongA");
v19 = GetModuleHandleA(v122);
GetWindowLongA = (GetProcAddress)(v19, v359);
CloseHandle(v150);
v20 = GetCurrentProcessId();
v150 = OpenProcess(2035711i64, 0i64, v20);
strcpy(v360, "GetWindowTextA");
v21 = GetModuleHandleA(v122);
GetWindowTextA = (GetProcAddress)(v21, v360);
strcpy(v358, "GetWindowTextW");
v22 = GetModuleHandleA(v122);
GetWindowTextW = (GetProcAddress)(v22, v358);
strcpy(v349, "GetClassNameW");
v23 = GetModuleHandleA(v122);
GetClassNameW = (GetProcAddress)(v23, v349);
strcpy(v350, "GetWindowRect");
v24 = GetModuleHandleA(v122);
GetWindowRect = (GetProcAddress)(v24, v350);
strcpy(v411, "QueryFullProcessImageNameW");
v25 = GetModuleHandleA(v275);
QueryFullProcessImageNameW = (GetProcAddress)(v25, v411);
strcpy(v390, "WideCharToMultiByte");
WideCharToMultiByte = (GetProcAddress)(v75, v390);
strcpy(v392, "GetFileAttributesExA");
GetFileAttributesExA = (GetProcAddress)(v75, v392);
strcpy(v393, "GetFileAttributesExW");
GetFileAttributesExW = (GetProcAddress)(v75, v393);
v57 = malloc(21504i64);
*v57 = 0;
*(v57 + 1) = 75;
*(v57 + 2) = v1676;
v65 = malloc(20480i64);
*v65 = 0;
*(v65 + 1) = 60;
v46 = 4;
strcpy(v339, "GetClientRect");
v26 = GetModuleHandleA(v122);
GetClientRect = (GetProcAddress)(v26, v339);
strcpy(v351, "ClientToScreen");
v27 = GetModuleHandleA(v122);
ClientToScreen = (GetProcAddress)(v27, v351);
strcpy(v402, "GetWindowDisplayAffinity");
v28 = GetModuleHandleA(v122);
GetWindowDisplayAffinity = (GetProcAddress)(v28, v402);
strcpy(v340, "UnityWndClass");
v1169 = FindWindowExA(0i64, 0i64, v340, 0i64);
GetClientRect(v1169, v1215);
ClientToScreen(v1169, v1215);
ClientToScreen(v1169, v1216);
*(v57 + 7) = 0;
*(v57 + 8) = 3;
*(v57 + 6) = 5;
for ( i = 0; i < 5; ++i )
*(v57 + i + 8) = *(v57 + i + 8);
v44 = 13i64;
*(v57 + 6) += 6;
v272 = 0;
v123 = 0;
v114 = (GetTopWindow)(0i64);
if ( v114 )
{
v442 = 0i64;
while ( 1 )
{
*v1613 = 0;
v113 = -1;
GetWindowThreadProcessId(v114, &v273);
if ( v273 != GetCurrentProcessId() )
{
v113 = GetWindowTextA(v114, &v1613[2], 128i64);
for ( j = 0; ; ++j )
{
if ( j >= v113 - 5 )
goto LABEL_33;
if ( *&v1613[j + 2] == 'dohC' && *(v1614 + j) == 's\''
|| *&v1613[j + 2] == 'ataS' && *(v1614 + j) == '5n'
|| *&v1613[j + 2] == 'nrek' && *(v1614 + j) == 'hcle' )
{
break;
}
}
v1613[0] = 0;
v1613[1] = 0x33;
if ( v44 + v113 + 1 + 2 <= 0x5400 )
{
*(v44 + v57) = v113 + 1;
for ( k = 0; k < v113 + 1; ++k )
*(v57 + k + v44 + 2) = v1613[k + 1];
v44 += v113 + 3;
}
}
LABEL_33:
v108 = GetWindowLongA(v114, 0xFFFFFFF0i64);
if ( (v108 & 0x10000000) == 0 )
goto LABEL_256;
++v272;
v1165 = v46;
if ( v273 == GetCurrentProcessId() )
{
*(v65 + v46) = 0;
v47 = v46 + 1;
}
else
{
v105 = GetWindowTextW(v114, v1644, 0x40i64);
LODWORD(v40) = 255;
v475 = WideCharToMultiByte(65001i64, 0i64, v1644, v105, v65 + v46 + 1, v40, 0i64, 0i64);
*(v65 + v46) = v475;
v47 = v46 + v475 + 1;
}
v105 = GetClassNameW(v114, v1644, 64i64);
LODWORD(v40) = 255;
v474 = WideCharToMultiByte(65001i64, 0i64, v1644, v105, v65 + v47 + 1, v40, 0i64, 0i64);
*(v65 + v47) = v474;
if ( v474
&& *(v65 + v47) == 7
&& *(v65 + v47 + 1) == 'etoN'
&& *(v65 + v47 + 5) == 'ap'
&& *(v65 + v47 + 7) == 'd' )
{
v123 = 1;
}
v48 = v47 + *(v65 + v47) + 1;
v620 = OpenProcess(4096i64, 0i64, v273);
v105 = 128;
v473 = v620
&& QueryFullProcessImageNameW(v620, 0i64, v1653, &v105)
&& (v105 = WideCharToMultiByte(65001i64, 0i64, v1653, v105, v65 + v48 + 1, 0xFFi64, 0i64, 0i64)) != 0;
v94 = v473;
if ( v620 )
CloseHandle(v620);
v102 = GetWindowLongA(v114, 0xFFFFFFECi64);
GetWindowRect(v114, v1184);
if ( GetWindowDisplayAffinity )
{
if ( GetWindowDisplayAffinity(v114, &v1166)
&& v1166
&& v1184[0] <= v1215[0]
&& v1184[1] <= v1215[1]
&& v1184[2] >= v1216[0]
&& v1184[3] >= v1216[1] )
{
break;
}
}
v131 = 0;
for ( m = GetWindow(v114, 5i64); m; m = GetWindow(m, 2i64) )
{
if ( GetWindowTextA(m, &v153, 0x20i64)
&& ((v153 == 'oceR' || v153 == 'ocer') && v154 == 'li'
|| (v153 == 'R-oN' || v153 == 'r-oN') && v154 == 'ioce'
|| (v153 == 'girT' || v153 == 'girt') && v154 == 'breg'
|| v153 == 'ipaR' && (v154 == 'riFd' || v154 == 'rifd' || v154 == 'iF d' || v154 == 'if d')
|| v153 == 'kard' && v154 == 'aino') )
{
++v131;
}
for ( n = GetWindow(m, 5i64); n; n = GetWindow(n, 2i64) )
{
if ( GetWindowTextA(n, &v153, 0x20i64)
&& ((v153 == 'oceR' || v153 == 'ocer') && v154 == 'li'
|| (v153 == 'R-oN' || v153 == 'r-oN') && v154 == 'ioce'
|| (v153 == 'girT' || v153 == 'girt') && v154 == 'breg'
|| v153 == 'ipaR' && (v154 == 'riFd' || v154 == 'rifd' || v154 == 'iF d' || v154 == 'if d')
|| v153 == 'kard' && v154 == 'aino') )
{
++v131;
}
for ( ii = GetWindow(n, 5i64); ii; ii = GetWindow(ii, 2i64) )
{
if ( GetWindowTextA(ii, &v153, 0x20i64)
&& ((v153 == 'oceR' || v153 == 'ocer') && v154 == 'li'
|| (v153 == 'R-oN' || v153 == 'r-oN') && v154 == 'ioce'
|| (v153 == 'girT' || v153 == 'girt') && v154 == 'breg'
|| v153 == 'ipaR' && (v154 == 'riFd' || v154 == 'rifd' || v154 == 'iF d' || v154 == 'if d')
|| v153 == 'kard' && v154 == 'aino') )
{
++v131;
}
}
}
}
if ( v131 )
{
v108 |= 0x40000000u;
goto LABEL_242;
}
if ( v442 && (v102 & 0x80000) != 0 )
{
v108 |= 0x40000000u;
goto LABEL_242;
}
if ( (v102 & 0x80000) != 0 && (v102 & 8) != 0 )
goto LABEL_242;
v45 = v102 | v108;
if ( (v102 | v108) == 0x14CF0100
|| v45 == 0x34CF0100
|| v45 == 0x14EF0310
|| v45 == 0x34EF0310
|| v45 == 0x14EF0110
|| v45 == 0x34EF0110
|| v45 == 0x17090020
|| v45 == 0x17090000
|| v45 == 0x16090020
|| v45 == 0x94080020
|| v45 == 0x94080080
|| v45 == 0x9C080080 )
{
goto LABEL_242;
}
if ( (v45 == 0x16CF0100 || v45 == 0x36CF0100)
&& (*&v1613[2] == 'niaM' && v1614[0] == 'dniW' || (v102 & 0x80000) != 0) )
{
goto LABEL_242;
}
if ( v45 == 399442176 && !v113
|| (v45 & 0xFFFFF) == 0xBA7A0
|| (v45 & 0xFFFFF) == 0x80323
|| (v45 & 0xFFFFF) == 0x90A25
|| (v45 & 0xFFFFF) == 0x90A65
|| v45 == 0x160A0080
|| v45 == 0x16CA0008
|| (v45 & 0xFFFFF) == 0xE0181
|| (v45 & 0xFFFFF) == 0xE0080
|| v45 == 0xD60A0080
|| v45 == 0xD6080101
|| v45 == 0x160D0020
|| v45 == 0x940800A0
|| v45 == 0x16CF0101
|| v45 == 0x36CF0101
|| v45 == 0x160D0000
|| v45 == 0x94080000
|| v45 == 0x94000000 && !v113
|| v45 == 0x16C20100
|| v45 == 0x16C80100
|| v45 == 0x16080080
|| v45 == 0x160C0000
|| v45 == 0x1E0900A0
|| v45 == 0x9C880020
|| v45 == 0x9C0800A0
|| v45 == 0x9C080024
|| v45 == 0x9C080020
|| v45 == 0x150908A0
|| v45 == 0x16020008
|| v45 == 0x9C080000
|| v45 == 0xD40800A0
|| v45 == 0x94000010
|| v45 == 0xB4000010
|| v45 == 0x94880020
|| v45 == 0x1E0D0028
|| v45 == 0x140800A0
|| v45 == 0x14080020
|| v45 == 0x14080080
|| v45 == 0x9C880220
|| v45 == 0x960B00A0
|| v45 == 0x140908A0
|| v45 == 0x160A0000
|| v45 == 0x960814B0
|| v45 == 0x9D080000
|| v45 == 0x16CA0108
|| v45 == 0x36CA0108
|| v45 == 0x160800A0
|| v45 == 0x9C1F0137
|| v45 == 0x160A0020
|| v45 == 0x9C1F01B7
|| v45 == 0x94080220
|| (v102 & 0x80000) != 0
&& (*(v65 + v48 + 1) == 'MI' && *(v65 + v48 + 3) == 'E'
|| *(v65 + v48 + 1) == 'TCSM'
|| *&v1613[2] == 'ttaB' && v1614[0] == 'eyEl'
|| *(v65 + v48 + 1) == 'kroW' && *(v65 + v48 + 6) == 'Wr' && (v45 & 0xF) != 0
|| v1184[0] == -1 && v1184[1] == 4294967295)
|| v45 == 0x9C0900A0
|| v45 == 0x96080020
|| v45 == 0x960800A0
|| v45 == 0x9C1800A0
|| v45 == 0x9C4800A0
|| v45 == 0xD6080020
|| v102 == 0x5800A0
|| (v102 & 0x80024) == 0x80024
|| v45 == 0x9E1800A0
|| v45 == 0x1C0800A0
|| (v45 & 0x9C090020) == 0x9C090020
|| v45 == 0x94880000
|| v45 == 0x9D080020
|| v45 == 0xDC0A0020
|| v45 == 0x1C0900A0
|| v45 == 0x961900A0
|| v45 == 0x964B00A0
|| v102 == 0xC00A0
|| v45 == 0x9E1840A0
|| v45 == 0x1C480020
|| v45 == 0x9E0C00A0
|| v45 == 0x16CE0101
|| v45 == 0x36CE0101
|| v45 == 0x960904A0
|| v45 == 0x14EC0110
|| v45 == 0x9C0C00A0
|| v45 == 0x948802A0
|| v45 == 0x9C080220
|| v45 == 0x9C0A6060
|| v45 == 0x14CF0108
|| v45 == 0x34CF0108
|| v45 == 0x15080020
|| v45 == 0x14CA0101
|| v45 == 0x34CA0101
|| v45 == 0x16020000 )
{
goto LABEL_242;
}
v46 = v1165;
LABEL_252:
if ( !v442 && v273 == GetCurrentProcessId() && (v1244 = GetWindow(v114, 5i64)) != 0 )
{
v442 = v114;
v114 = v1244;
}
else
{
LABEL_256:
while ( 1 )
{
v114 = GetWindow(v114, 2i64);
if ( v114 )
{
if ( v46 <= 20092 )
break;
}
if ( !v442 )
goto LABEL_260;
v114 = v442;
v442 = 0i64;
}
}
}
v108 |= 0x40000000u;
LABEL_242:
if ( v94 )
{
if ( GetFileAttributesExW(v1653, 0i64, v1620) )
v472 = v1620[8];
else
v472 = 0;
v471 = v472;
}
else
{
v471 = 0;
}
if ( v94 )
v428 = v105;
else
v428 = 0;
*(v65 + v48) = v428;
v49 = v48 + v428 + 1;
*(v65 + v49) = v471;
*(v65 + v49 + 4) = v108;
*(v65 + v49 + 8) = v102;
qmemcpy((v65 + v49 + 12), v1184, 0x10ui64);
v46 = v49 + 28;
goto LABEL_252;
}
LABEL_260:
*(v65 + 2) = v46 - 4;
v50 = v46 + 2;
if ( !v272 )
{
v260 = 0;
v261[0] = 0x44;
v261[1] = 0;
if ( v44 + 4 <= 0x5400 )
{
*(v44 + v57) = 2;
for ( jj = 0; jj < 2; ++jj )
*(v57 + jj + v44 + 2) = v261[jj];
v44 += 4i64;
}
}
strcpy(v361, "DuplicateHandle");
DuplicateHandle = (GetProcAddress)(v75, v361);
strcpy(v376, "GetCurrentProcess");
GetCurrentProcess = (GetProcAddress)(v75, v376);
strcpy(v341, "NtQueryObject");
NtQueryObject = (GetProcAddress)(v126, v341);
strcpy(v302, "_wcsnicmp");
v29 = GetModuleHandleA(v155);
_wcsnicmp = (GetProcAddress)(v29, v302);
strcpy(v325, "GetProcessId");
GetProcessId = (GetProcAddress)(v75, v325);
v81 = -1;
v72 = -1;
v90 = 0i64;
v247 = 32;
do
{
v247 += 0x400;
v90 = realloc(v90, v247);
if ( !v90 )
break;
v72 = NtQuerySystemInformation(0x10i64, v90, v247, &v247);
}
while ( v72 == -1073741820 );
if ( v90 && v72 >= 0 )
{
v133 = -1;
for ( kk = 0; *v83 && kk < *v90 && v50 <= 20191; ++kk )
{
if ( HIWORD(v90[6 * kk + 3]) == v150 )
{
v1511 = 0x18i64 * kk;
if ( v90[v1511 / 4 + 2] == GetCurrentProcessId() && v81 == -1 )
v81 = 0x3E7;
}
if ( v133 == -1 || LOBYTE(v90[6 * kk + 3]) == v133 )
{
v1514 = 0x18i64 * kk;
if ( v90[v1514 / 4 + 2] != GetCurrentProcessId() )
{
v623 = OpenProcess(0x40i64, 0i64, v90[6 * kk + 2]);
if ( v623 )
{
v30 = GetCurrentProcess();
LODWORD(v43) = 0;
LODWORD(v40) = 0;
LODWORD(v38) = 1024;
if ( DuplicateHandle(v623, HIWORD(v90[6 * kk + 3]), v30, &v1170, v38, v40, v43) )
{
if ( v133 == -1 )
{
v1047[0] = 'P';
v1047[1] = 'r';
v1047[2] = 'o';
v1047[3] = 'c';
v1047[4] = 'e';
v1047[5] = 's';
v1047[6] = 's';
v1047[7] = '\0';
v72 = NtQueryObject(v1170, 2i64, &v1667, 0x400i64, 0i64);
if ( v72 < 0 || _wcsnicmp(v1668, v1047, v1667 / 2) )
{
if ( v72 < 0 && v81 )
v81 = v72;
}
else
{
v133 = LOBYTE(v90[6 * kk + 3]);
}
}
if ( v133 != -1
&& (v1202 = GetProcessId(v1170), v1202 == GetCurrentProcessId())
&& (v90[6 * kk + 6] & 0x30) != 0 )
{
v622 = OpenProcess(0x1000i64, 0i64, v90[6 * kk + 2]);
v1656[0] = 0;
v248 = 256;
if ( v622
&& QueryFullProcessImageNameW(v622, 0i64, v1656, &v248)
&& (LODWORD(v40) = 255,
(v248 = WideCharToMultiByte(0xFDE9i64, 0i64, v1656, v248, v65 + v50 + 1, v40, 0i64, 0i64)) != 0) )
{
*(v65 + v50) = v248;
}
else
{
v1338 = v90[6 * kk + 2];
v1339 = 0;
v1340 = 0x200;
v1341 = &v1670;
if ( NtQuerySystemInformation(0x58i64, &v1338, 0x18i64, 0i64) < 0 )
{
*(v65 + v50) = 0;
}
else
{
_mm_lfence();
v1521 = v65 + v50 + 1;
LODWORD(v40) = 255;
*(v65 + v50) = WideCharToMultiByte(0xFDE9i64, 0i64, v1341, v1339 / 2, v1521, v40, 0i64, 0i64);
}
}
if ( v622 )
CloseHandle(v622);
if ( *(v65 + v50) )
{
if ( GetFileAttributesExW(v1656, 0i64, v1621) )
v469 = v1621[8];
else
v469 = 0;
v468 = v469;
}
else
{
v468 = 0;
}
v51 = v50 + *(v65 + v50) + 1;
*(v65 + v51) = v468;
v51 += 4;
*(v65 + v51) = v90[6 * kk + 6];
v50 = v51 + 4;
v81 = 0;
}
else if ( v133 != -1 && HIWORD(v90[6 * kk + 3]) == v150 )
{
v1522 = 24i64 * kk;
if ( v90[v1522 / 4 + 2] == GetCurrentProcessId() )
{
if ( v81 )
v81 = v90[6 * kk + 6];
}
}
CloseHandle(v1170);
CloseHandle(v623);
}
else
{
CloseHandle(v623);
if ( HIWORD(v90[6 * kk + 3]) == v150 )
{
v1517 = 0x18i64 * kk;
if ( v90[v1517 / 4 + 2] == GetCurrentProcessId() )
{
if ( v81 )
v81 = 2;
}
}
}
}
else if ( HIWORD(v90[6 * kk + 3]) == v150 )
{
v1515 = 0x18i64 * kk;
if ( v90[v1515 / 4 + 2] == GetCurrentProcessId() )
v81 = v81 != 0;
}
}
}
}
if ( v133 == -1 )
v81 += 0xC8;
}
else
{
v81 = v72 + 0x64;
}
if ( v81 )
{
*(v65 + v50) = v81;
v50 += 4;
}
if ( *(v1677 + 5) == 0xCCCCCCCC && *(v1677 + 0x1506CA) == 0xFFF3BF25 )
*(v1677 + 0x30030) = *(v1677 + 0x1506CE);
if ( v90 )
free(v90);
if ( *v83 )
{
*(v65 + *(v65 + 2) + 4) = v50 - 4 - *(v65 + 2) - 2;
strcpy(v337, "GetLastError");
GetLastError = (GetProcAddress)(v75, v337);
*(v65 + v50) = 0;
*(v65 + v50 + 4) = 0;
*(v65 + v50 + 8) = 0;
v52 = v50 + 12;
*(v65 + v52) = 0;
v53 = v52 + 4;
for ( mm = NtQueryVirtualMemory; ; mm = *&mm[*(mm + 2) + 6] )
{
while ( *mm == 233 )
mm += *(mm + 1) + 5;
if ( *mm != 9727 )
break;
}
if ( *GetWindowLongA == 0xB8 || *GetWindowLongA == 0xB848 || *GetWindowLongA == 0xC3 )
{
mm = GetWindowLongA;
}
else
{
for ( nn = 0; nn < 3; ++nn )
{
if ( nn )
{
if ( nn == 1 )
v1246 = GetWindow;
else
v1246 = GetWindowLongA;
v1247 = v1246;
}
else
{
v1247 = GetTopWindow;
}
for ( i1 = v1247; ; mm = i1 )
{
while ( *i1 == 0xE9 || *i1 == 0xE8 )
{
i1 += *(i1 + 1) + 5;
mm = i1;
}
if ( *i1 != 0x25FF )
break;
i1 = *&i1[*(i1 + 2) + 6];
}
}
}
strcpy(v375, "vcruntime140.dll");
v1171 = GetModuleHandleA(v375);
if ( v1171 )
{
if ( (strcpy(v281, "memcpy"), strcpy(v295, "memmove"), (memcpy_1 = (GetProcAddress)(v1171, v281)) != 0)
&& *memcpy_1 == 0x25FF
|| (memcpy_1 = (GetProcAddress)(v1171, v295)) != 0 && *memcpy_1 == 0x25FF )
{
mm = *(memcpy_1 + *(memcpy_1 + 2) + 6);
}
}
strcpy(v379, "GetCurrentThreadId");
GetCurrentThreadId = (GetProcAddress)(v75, v379);
if ( *GetCurrentThreadId == 0x25FF )
mm = *(GetCurrentThreadId + *(GetCurrentThreadId + 2) + 6);
if ( *GetProcAddress == 0xCC )
mm = GetProcAddress;
strcpy(v1217, "graphics-hook64.dll");
v443 = GetModuleHandleA(v1217);
if ( v443 )
{
v1248 = *(v443 + 0x3C) + v443 + *(v443 + *(v443 + 0x3C) + 0x14) + 0x18;
for ( i2 = (*(v1248 + 8) + *(v1248 + 0xC) + v443); (i2 & 0xFFF) != 0; ++i2 )
{
if ( *i2 )
{
mm = i2;
break;
}
}
}
strcpy(v407, "KiUserExceptionDispatcher");
KiUserExceptionDispatcher = (GetProcAddress)(v126, v407);
if ( *KiUserExceptionDispatcher == 0x58B48FC )
{
v1173 = *(KiUserExceptionDispatcher + KiUserExceptionDispatcher[1] + 8);
if ( v1173 )
{
if ( (NtQueryVirtualMemory)(-1i64, v1173 & 0xFFFFFFFFFFFFF000ui64, 0i64, v1615, 0x30i64, &v1605) < 0
|| v1615[8] == 0x1000 && (v1616 & 4) != 0 )
{
mm = v1173;
}
}
}
*(v65 + v53) = mm;
if ( mm )
{
*(v65 + v53 + 8) = *mm;
*(v65 + v53 + 0x10) = *(mm + 1);
*(v65 + v53 + 0x18) = *(mm + 2);
}
else
{
*(v65 + v53 + 8) = 0i64;
*(v65 + v53 + 0x10) = 0i64;
*(v65 + v53 + 0x18) = 0i64;
}
v54 = v53 + 32;
strcpy(v1218, "DiscordHook64.dll");
v444 = GetModuleHandleA(v1218);
if ( v444 )
{
*(v65 + v54) = *(v444 + *(v444 + 0x3C) + 8);
v303[0] = 0x48;
v303[1] = 0x89;
v303[2] = 0xD9;
v303[3] = 0x89;
v303[4] = 0xFA;
v303[5] = 0x41;
v303[6] = 0x89;
v303[7] = 0xF0;
v303[8] = 0xFF;
v303[9] = 0x15;
v1174 = v444 + *(v444 + 0x3C) + 0x18;
v112 = (*(v1174 + 0x14) + v444);
for ( i3 = 0; *v83 && i3 + 10i64 <= *(v1174 + 4); ++i3 )
{
for ( i4 = 0; i4 < 0xA && v112[i4 + i3] == v303[i4]; ++i4 )
;
if ( i4 == 0xAi64 )
{
v112 += i3 - 0x37;
if ( *v112 == 0x74 || (v112 += 8, *v112 == 0x74) || (v112 += 18, *v112 == 0x74) )
{
v1249 = 1i64;
v1250 = v112;
if ( NtProtectVirtualMemory(-1i64, &v1250, &v1249, 64i64, &v467) >= 0 )
{
*v112 = 0xEB;
NtProtectVirtualMemory(-1i64, &v1250, &v1249, v467, &v467);
}
}
goto LABEL_419;
}
}
v304[0] = 0x44;
v304[1] = 0x8B;
v304[2] = 0xC7;
v304[3] = 0x8B;
v304[4] = 0xD6;
v304[5] = 0x48;
v304[6] = 0x8B;
v304[7] = 0xCB;
v304[8] = 0xFF;
v304[9] = 0x15;
for ( i5 = 0; *v83 && i5 + 0xAi64 <= *(v1174 + 4); ++i5 )
{
for ( i6 = 0; i6 < 0xA && v112[i6 + i5] == v304[i6]; ++i6 )
;
if ( i6 == 0xAi64 )
{
v112 += i5 - 0x1D;
if ( *v112 == 0x74 )
{
v1251 = 1i64;
v1252[0] = v112;
if ( NtProtectVirtualMemory(-1i64, v1252, &v1251, 0x40i64, &v466) >= 0 )
{
*v112 = -21;
NtProtectVirtualMemory(-1i64, v1252, &v1251, v466, &v466);
}
}
break;
}
}
}
else
{
*(v65 + v54) = 0;
}
LABEL_419:
v55 = v54 + 4;
v1049[0] = '\\';
v1049[1] = 'D';
v1049[2] = 'e';
v1049[3] = 'v';
v1049[4] = 'i';
v1049[5] = 'c';
v1049[6] = 'e';
v1049[7] = '\\';
v1049[8] = 'H';
v1049[9] = 'a';
v1049[10] = 'r';
v1049[11] = 'd';
v1049[12] = 'd';
v1049[13] = 'i';
v1049[14] = 's';
v1049[15] = 'k';
v1049[16] = 'V';
v1049[17] = 'o';
v1049[18] = 'l';
v1049[19] = 'u';
v1049[20] = 'm';
v1049[21] = 'e';
v1050 = '1';
v1051 = '\\';
v1052 = 'E';
v1053 = 'F';
v1054 = 'I';
v1055 = '\\';
v1056 = 'M';
v1057 = 'i';
v1058 = 'c';
v1059 = 'r';
v1060 = 'o';
v1061 = 's';
v1062 = 'o';
v1063 = 'f';
v1064 = 't';
v1065 = '\\';
v1066 = 'B';
v1067 = 'o';
v1068 = 'o';
v1069 = 't';
v1070 = '\\';
v1071 = 'b';
v1072 = 'o';
v1073 = 'o';
v1074 = 't';
v1075 = 'm';
v1076 = 'g';
v1077 = 'f';
v1078 = 'w';
v1079 = '.';
v1080 = 'e';
v1081 = 'f';
v1082 = 'i';
v1083 = '\0';
v1485[0] = 'n';
v1485[1] = 'p';
v1486 = v1049;
v1592 = 0x30;
v1593 = 0i64;
v1595 = 0x40;
v1594 = v1485;
v1596 = 0i64;
v1597 = 0i64;
strcpy(v314, "NtOpenFile");
NtOpenFile = (GetProcAddress)(v126, v314);
while ( v1050 <= 0x39u )
{
LODWORD(v40) = 32;
LODWORD(v38) = 7;
v72 = NtOpenFile(&v265, 0x100080i64, &v1592, v1524, v38, v40);
if ( v72 >= 0 )
{
strcpy(v396, "NtQueryInformationFile");
NtQueryInformationFile = (GetProcAddress)(v126, v396);
if ( NtQueryInformationFile(v265, v1524, v1590, 40i64, 4) >= 0 )
{
strcpy(v399, "GetSystemTimeAsFileTime");
GetSystemTimeAsFileTime = (GetProcAddress)(v75, v399);
GetSystemTimeAsFileTime(&v1532);
strcpy(v352, "GetTickCount64");
GetTickCount64 = (GetProcAddress)(v75, v352);
v1533 = GetTickCount64();
*(v65 + v55) = (v1532 / 10000 - v1533) / 0x3E8ui64;
*(v65 + v55 + 4) = v1590[0] / 10000000i64;
*(v65 + v55 + 8) = v1590[1] / 10000000i64;
*(v65 + v55 + 12) = v1590[2] / 10000000i64;
*(v65 + v55 + 16) = v1590[3] / 10000000i64;
*(v65 + v55 + 20) = v1591;
v55 += 24;
break;
}
strcpy(v293, "NtClose");
NtClose = (GetProcAddress)(v126, v293);
NtClose(v265);
}
++v1050;
}
if ( v44 + v55 - 1 + 2 <= 0x5400 )
{
*(v44 + v57) = v55 - 1;
for ( i7 = 0; i7 < v55 - 1; ++i7 )
*(v57 + i7 + v44 + 2) = *(v65 + i7 + 1);
v44 += v55 + 1;
}
}
free(v65);
CloseHandle(v150);
result = *v83;
if ( *v83 )
{
v635[0] = 1304;
v636 = 18;
qmemcpy(v637, "ojects\\PUBGChinese", 18);
memset(&v637[2] + 2, 0, 0xEui64);
v638 = 1303;
v639 = 29;
qmemcpy(v640, "BattleGroundsPrivate_CheatESP", 29);
memset(&v640[29], 0, 3ui64);
v641 = 1303;
v642 = 22;
v643 = 91;
v644 = 0;
v645 = 37;
v646 = 0;
v647 = 46;
v648 = 0;
v649 = 48;
v650 = 0;
v651 = 102;
v652 = 0;
v653 = 109;
v654 = 0;
v655 = 93;
v656 = 0;
v657 = 32;
v658 = 0;
v659 = 37;
v660 = 0;
v661 = 115;
v662 = 0;
v663 = 0;
v664 = 0;
memset(v665, 0, sizeof(v665));
v666 = 1342;
v667 = 32;
v668 = 0;
v669 = 0;
v670 = 0;
v671 = 0;
strcpy(v672, "Neck");
v672[5] = 0;
v672[6] = 0;
v672[7] = 0;
strcpy(v673, "Chest");
v673[6] = 0;
v673[7] = 0;
v673[8] = 0;
v673[9] = 0;
v673[10] = 0;
v673[11] = 0;
strcpy(v674, "Mouse 1");
v675 = 1343;
v676 = 15;
strcpy(v677, "PlayerESPColor");
memset(&v677[15], 0, 0x11ui64);
v678 = 1344;
v679 = 32;
v680 = 32;
v681 = 0;
v682 = 65;
v683 = 0;
v684 = 105;
v685 = 0;
v686 = 109;
v687 = 0;
v688 = 98;
v689 = 0;
v690 = 111;
v691 = 0;
v692 = 116;
v693 = 0;
v694 = 58;
v695 = 0;
v696 = 32;
v697 = 0;
v698 = 37;
v699 = 0;
v700 = 100;
v701 = 0;
v702 = 0;
v703 = 0;
v704 = 45;
v705 = 0;
v706 = 62;
v707 = 0;
v708 = 32;
v709 = 0;
v710 = 65;
v711 = 0;
v712 = 1334;
v713 = 12;
strcpy(v714, "HackMachine");
memset(&v714[12], 0, 0x14ui64);
v715 = 1354;
v716 = 16;
strcpy(v717, "VisualHacks.net");
memset(&v717[16], 0, 0x10ui64);
v718 = 1360;
v719 = 32;
v720 = 62;
v721 = 35;
v722 = 47;
v723 = 101;
v724 = 62;
v725 = 49;
v726 = 49;
v727 = 78;
v728 = 78;
v729 = 86;
v730 = 61;
v731 = 66;
v732 = 118;
v733 = 40;
v734 = 42;
v735 = 58;
v736 = 46;
v737 = 70;
v738 = 63;
v739 = 117;
v740 = 117;
v741 = 35;
v742 = 40;
v743 = 103;
v744 = 82;
v745 = 85;
v746 = 46;
v747 = 111;
v748 = 48;
v749 = 88;
v750 = 71;
v751 = 72;
v752 = 1359;
v753 = 32;
v754 = 68;
v755 = 76;
v756 = 76;
v757 = 73;
v758 = 110;
v759 = 106;
v760 = 101;
v761 = 99;
v762 = 116;
v763 = 105;
v764 = 111;
v765 = 110;
v766 = 45;
v767 = 109;
v768 = 97;
v769 = 115;
v770 = 116;
v771 = 101;
v772 = 114;
v773 = 92;
v774 = 120;
v775 = 54;
v776 = 52;
v777 = 92;
v778 = 82;
v779 = 101;
v780 = 108;
v781 = 101;
v782 = 97;
v783 = 115;
v784 = 101;
v785 = 92;
v786 = 1362;
v787 = 16;
v788 = 78;
v789 = 0;
v790 = 97;
v791 = 0;
v792 = 109;
v793 = 0;
v794 = 101;
v795 = 0;
v796 = 69;
v797 = 0;
v798 = 83;
v799 = 0;
v800 = 80;
v801 = 0;
v802 = 0;
v803 = 0;
memset(v804, 0, sizeof(v804));
v805 = 1352;
v806 = 20;
v807 = 83;
v808 = 0;
v809 = 107;
v810 = 0;
v811 = 117;
v812 = 0;
v813 = 108;
v814 = 0;
v815 = 108;
v816 = 0;
v817 = 104;
v818 = 0;
v819 = 97;
v820 = 0;
v821 = 99;
v822 = 0;
v823 = 107;
v824 = 0;
v825 = 0;
v826 = 0;
memset(v827, 0, sizeof(v827));
v828 = 1365;
v829 = 14;
strcpy(v830, ".rdata$zzzdbg");
memset(&v830[14], 0, 0x12ui64);
v831 = 1337;
v832 = 14;
v833 = 65;
v834 = 0;
v835 = 105;
v836 = 0;
v837 = 109;
v838 = 0;
v839 = 66;
v840 = 0;
v841 = 111;
v842 = 0;
v843 = 116;
v844 = 0;
v845 = 0;
v846 = 0;
memset(v847, 0, sizeof(v847));
v848 = 1337;
v849 = 32;
v850 = -21;
v851 = 73;
v852 = 65;
v853 = 0x80;
v854 = 60;
v855 = 18;
v856 = 63;
v857 = 117;
v858 = 5;
v859 = -58;
v860 = 2;
v861 = 63;
v862 = -21;
v863 = 56;
v864 = -115;
v865 = 65;
v866 = -48;
v867 = 15;
v868 = -66;
v869 = -55;
v870 = 60;
v871 = 9;
v872 = 119;
v873 = 5;
v874 = -125;
v875 = -23;
v876 = 48;
v877 = -21;
v878 = 6;
v879 = -125;
v880 = -31;
v881 = -33;
v882 = 1375;
v883 = 2;
v884 = 85;
v885 = -23;
memset(v886, 0, sizeof(v886));
v887 = 1375;
v888 = 2;
v889 = 87;
v890 = -23;
memset(v891, 0, sizeof(v891));
v892 = 1375;
v893 = 2;
v894 = 96;
v895 = -23;
memset(v896, 0, sizeof(v896));
v897 = 1384;
v898 = 25;
strcpy(v899, "D3D11Present initialised");
memset(&v899[25], 0, 7ui64);
v900 = 1390;
v901 = 10;
strcpy(v902, "[ %.0fM ]");
memset(&v902[10], 0, 0x16ui64);
v903 = 1396;
v904 = 11;
strcpy(v905, "[hp:%d]%dm");
memset(&v905[11], 0, 0x15ui64);
v906 = 1334;
v907 = 32;
v908 = 72;
v909 = -125;
strcpy(v910, "d$8");
v910[4] = 72;
v910[5] = -115;
v910[6] = 76;
v910[7] = 36;
v910[8] = 88;
v910[9] = 72;
v910[10] = -117;
v910[11] = 84;
v910[12] = 36;
v910[13] = 80;
v910[14] = 76;
v910[15] = -117;
v910[16] = -56;
v910[17] = 72;
v910[18] = -119;
v910[19] = 76;
v910[20] = 36;
v910[21] = 48;
v910[22] = 76;
v910[23] = -117;
v910[24] = -57;
v910[25] = 72;
v910[26] = -115;
v910[27] = 76;
v910[28] = 36;
v910[29] = 96;
v911 = 1334;
v912 = 32;
v913 = 116;
v914 = 31;
v915 = -70;
v916 = 8;
v917 = 0;
v918 = 0;
v919 = 0;
v920 = -1;
v921 = 21;
strcpy(v922, "`~");
v922[3] = 0;
v922[4] = -123;
v922[5] = -64;
v922[6] = 117;
v922[7] = 16;
v922[8] = -14;
v922[9] = 15;
v922[10] = 16;
v922[11] = -121;
v922[12] = 0x80;
v922[13] = 1;
v922[14] = 0;
v922[15] = 0;
v922[16] = -117;
v922[17] = -121;
v922[18] = -120;
v922[19] = 1;
v922[20] = 0;
v922[21] = 0;
v922[22] = -21;
v923 = 1334;
v924 = 32;
v925 = 64;
v926 = -14;
v927 = -86;
v928 = 21;
v929 = 111;
v930 = 8;
v931 = -46;
v932 = -119;
v933 = 78;
v934 = -102;
v935 = -76;
v936 = 72;
v937 = -107;
v938 = 53;
v939 = -45;
v940 = 79;
v941 = -100;
strcpy(v942, "POSITION");
v942[9] = 0;
v942[10] = 0;
v942[11] = 0;
v942[12] = 67;
v942[13] = 79;
v942[14] = 76;
v943 = 1402;
v944 = 3;
v945 = -1;
v946 = -32;
v947 = -112;
memset(v948, 0, sizeof(v948));
v949 = 1401;
v950 = 32;
strcpy(v951, "%s");
v951[3] = 0;
strcpy(v952, "%d");
v952[3] = 0;
strcpy(v953, "POSITION");
v953[9] = 0;
v953[10] = 0;
v953[11] = 0;
strcpy(v954, "COLOR");
v954[6] = 0;
v954[7] = 0;
v954[8] = 0;
v954[9] = 0;
v954[10] = 0;
v954[11] = 0;
v955 = 1334;
v956 = 32;
v957 = -114;
v958 = -123;
v959 = 118;
v960 = 93;
v961 = -51;
v962 = -38;
v963 = 69;
v964 = 46;
v965 = 117;
v966 = -70;
v967 = 18;
v968 = -76;
v969 = -57;
v970 = -71;
v971 = 72;
v972 = 114;
v973 = 17;
v974 = 109;
v975 = -71;
v976 = 72;
v977 = -95;
v978 = -38;
v979 = -90;
v980 = -71;
v981 = 72;
v982 = -89;
v983 = 103;
v984 = 107;
v985 = -71;
v986 = 72;
v987 = -112;
v988 = 44;
v989 = 1418;
v990 = 32;
v991 = 10;
v992 = 60;
v993 = 97;
v994 = 115;
v995 = 115;
v996 = 101;
v997 = 109;
v998 = 98;
v999 = 108;
v1000 = 121;
v1001 = 32;
v1002 = 120;
v1003 = 109;
v1004 = 108;
v1005 = 110;
v1006 = 115;
v1007 = 61;
v1008 = 39;
v1009 = 117;
v1010 = 114;
v1011 = 110;
v1012 = 58;
v1013 = 115;
v1014 = 99;
v1015 = 104;
v1016 = 101;
v1017 = 109;
v1018 = 97;
v1019 = 115;
v1020 = 45;
v1021 = 109;
v1022 = 105;
v1023 = 1337;
v1024 = 17;
v1025 = 72;
v1026 = -125;
v1027 = -20;
v1028 = 40;
v1029 = -24;
v1030 = 15;
v1031 = 0;
v1032 = 0;
v1033 = 0;
v1034 = -80;
v1035 = 1;
v1036 = 72;
v1037 = -125;
v1038 = -60;
v1039 = 40;
v1040 = -61;
v1041 = -23;
memset(v1042, 0, sizeof(v1042));
v418 = 0;
for ( i8 = 0i64; *v83 && (NtQueryVirtualMemory)(-1i64, i8, 0i64, v89, 48i64, &v266) >= 0; i8 = v89[3] + v89[0] )
{
if ( LODWORD(v89[4]) == 0x1000
&& (HIDWORD(v89[4]) == 0x10
|| HIDWORD(v89[4]) == 0x20
|| HIDWORD(v89[4]) == 0x40
&& (LODWORD(v89[5]) != 0x20000
|| v89[3] != 0x10000i64
&& v89[3] != 0x20000i64
&& v89[3] != 0xF0000i64
&& v89[3] != 0x90000i64
&& v89[3] != 0xA0000i64))
&& (v89[0] > sub_119 || v89[3] + v89[0] <= sub_119)
&& (HIDWORD(v89[4]) != 0x40 || v89[3] != 0x1B000i64) )
{
if ( LODWORD(v89[5]) == 0x20000 || LODWORD(v89[5]) == 0x40000 )
{
v64 = 0;
if ( v89[3] >= 0x11000ui64
|| v89[3] >= 0x4000ui64
&& (v89[0] & 0xFF0000000000i64) != 0x7F0000000000i64
&& (v89[0] & 0xFFF000000000i64) != 0x7F000000000i64
&& v89[3] != 0x10000i64
&& (v89[0] & 0xFFFFF0000000i64) != 1879048192
&& (v89[0] != 4063232i64 || v89[3] != 61440i64)
&& (v89[0] != 4128768i64 || v89[3] != 0x4000i64) )
{
v1571 = 0;
v465 = 0x2F;
v1572 = 0x2F;
v1573 = v89[0];
v1574 = v89[3];
v1575 = LODWORD(v89[5]) | HIDWORD(v89[4]) | LODWORD(v89[4]);
v1252[1] = 0x12i64;
if ( v44 + 0x13 <= 0x5400 )
{
v1252[2] = 0x12i64;
*(v44 + v57) = 0x11;
for ( i9 = 0; ; ++i9 )
{
v1253 = v64 ? 0x3Ai64 : 0x12i64;
if ( i9 >= (v1253 - 1) )
break;
*(v57 + i9 + v44 + 2) = *(&v1572 + i9);
}
if ( v64 )
v1254 = 0x3Ai64;
else
v1254 = 0x12i64;
v44 += v1254 + 1;
}
}
}
strcpy(v315, "user32.dll");
v32 = GetModuleHandleA(v315);
v511 = v89[1] == v32;
v76 = v89[1] == v32;
if ( LODWORD(v89[5]) == 0x20000 || v76 )
{
for ( i10 = v89[0]; *v83 && i10 != v89[3] + v89[0]; i10 += 0x1000i64 )
{
if ( NtReadVirtualMemory(-1i64, i10, v1669, 0x1000i64, 0i64) >= 0 )
{
for ( i11 = 0; i11 < 0x1D; ++i11 )
{
if ( v635[20 * i11] != 0x57A || v76 )
{
for ( i12 = 0; (*(&v636 + 10 * i11) + i12) <= 0x1000ui64; ++i12 )
{
if ( (i12 + i10) != &v637[5 * i11] )
{
for ( i13 = 0;
i13 < *(&v636 + 10 * i11) && *(v1669 + (i13 + i12)) == *(&v635[20 * i11 + 4] + i13);
++i13 )
{
;
}
if ( i13 == *(&v636 + 10 * i11)
&& (v635[20 * i11] != 0x555 || *(&v1669[107] + i12 + 1) == 0x4155)
&& (v635[20 * i11] != 0x55F
|| *(i10 + (i13 + i12)) < 0x2000u
&& NtReadVirtualMemory(
-1i64,
(i13 + i12) + i10 + *(v1669 + (i13 + i12)) + 4,
v1669,
2i64,
0i64) >= 0
&& (v1669[0] == 0x5441
|| v1669[0] == 0x8148
|| LOBYTE(v1669[0]) == 161 && LOBYTE(v637[5 * i11]) == 96))
&& (v635[20 * i11] != 1402 || *(&v1669[-5] + i12) == 47176) )
{
v1439 = 0;
v1440 = 0x35;
v1441 = v635[20 * i11];
v1442 = i12 + i10;
v1443 = v89[0];
v1444 = v89[3];
v1445 = LODWORD(v89[5]) | HIDWORD(v89[4]) | LODWORD(v89[4]);
if ( v44 + 29 <= 0x5400 )
{
*(v44 + v57) = 27;
for ( i14 = 0; i14 < 0x1B; ++i14 )
*(v57 + i14 + v44 + 2) = *(&v1440 + i14);
v44 += 29i64;
}
if ( v76 )
goto LABEL_512;
}
}
}
}
}
}
}
}
LABEL_512:
if ( v76
&& v89[0] != v89[1]
&& (NtQueryVirtualMemory)(-1i64, v89[0] - 0x1000i64, 0i64, &v1565, 0x30i64, &v266) >= 0
&& v1565 != v89[1]
&& v1568 != 0x10
&& v1568 != 0x20
&& v1568 != 0x40 )
{
v1432 = 0;
v1433 = 0x35;
v1434 = 0x5D5;
v1435 = v1565 - v89[1];
v1436 = v1565;
v1437 = v1566;
v1438 = v1569 | v1568 | v1567;
if ( v44 + 29 <= 0x5400 )
{
*(v44 + v57) = 0x1B;
for ( i15 = 0; i15 < 0x1B; ++i15 )
*(v57 + i15 + v44 + 2) = *(&v1433 + i15);
v44 += 0x1Di64;
}
}
}
if ( LODWORD(v89[4]) == 0x1000 && (HIDWORD(v89[4]) == 0x10 || HIDWORD(v89[4]) == 0x20 || HIDWORD(v89[4]) == 0x40) )
{
strcpy(v305, "mmres.dll");
v1255 = GetModuleHandleA(v305);
if ( v1255 && v1255 == v89[1] )
{
v624 = 0;
v625 = 0x48;
v626 = 0x5B3;
v627 = v89[3];
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i16 = 0; i16 < 7; ++i16 )
*(v57 + i16 + v44 + 2) = *(&v625 + i16);
v44 += 9i64;
}
}
else if ( HIDWORD(v89[4]) == 0x40 )
{
strcpy(v316, "mshtml.dll");
v1256 = GetModuleHandleA(v316);
if ( v1256 )
{
if ( v1256 == v89[1] )
{
v628 = 0;
v629 = 0x48;
v630 = 0x5BB;
v631 = v89[3];
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i17 = 0; i17 < 7; ++i17 )
*(v57 + i17 + v44 + 2) = *(&v629 + i17);
v44 += 9i64;
}
}
}
}
if ( LODWORD(v89[5]) == 0x20000 )
{
for ( i18 = v89[0]; *v83 && i18 != v89[3] + v89[0]; i18 += 0x1000i64 )
{
if ( NtReadVirtualMemory(-1i64, i18, v1673, 0x1000i64, 0i64) >= 0 )
{
for ( i19 = 0; (i19 + 12) <= 0x1000; ++i19 )
{
if ( *&v1673[i19] == 0xB848 )
{
if ( *&v1673[i19 + 10] == 0xE0FF && (_mm_lfence(), (v151 = *&v1673[i19 + 2]) != 0i64)
|| (i19 + 26) <= 0x1000
&& *&v1673[i19 + 10] == 0x8948C88B48008B48ui64
&& *&v1673[i19 + 18] == 0x458B481850FFF045i64
&& (_mm_lfence(), (v151 = *&v1673[i19 + 2]) != 0i64)
&& !(IsBadReadPtr)(v151, 8i64)
&& (v151 = (*v151 + 0x18i64), !(IsBadReadPtr)(v151, 8i64))
&& (v151 = *v151) != 0i64 )
{
if ( (NtQueryVirtualMemory)(-1i64, v151, 0i64, v1581, 0x30i64, &v266) >= 0
&& v1582 == 4096
&& (v1583 == 4 || v1584 == 0x1000000) )
{
v1304 = 0;
v1305 = 0x35;
v1306 = 0x5D5;
v1307 = v151;
v1308 = *v151;
v1309 = v1581[6];
v1310 = v1584 | v1583 | v1582;
if ( v44 + 29 <= 0x5400 )
{
*(v44 + v57) = 27;
for ( i20 = 0; i20 < 0x1B; ++i20 )
*(v57 + i20 + v44 + 2) = *(&v1305 + i20);
v44 += 0x1Di64;
}
}
}
}
}
}
}
}
}
v1210 = -1;
if ( v89[0] == i8 )
{
if ( LODWORD(v89[4]) == 0x1000 && *(&v89[4] + 4) == 0x2000000000004i64 && v89[3] <= 0x300000ui64 )
{
for ( i21 = i8; *v83; i21 += 0x1000i64 )
{
if ( i21 >= v89[3] + v89[0] )
break;
_mm_lfence();
if ( NtReadVirtualMemory(-1i64, i21, v1663, 0x1000i64, 0i64) < 0 )
break;
for ( i22 = v1663; i22 < &v1666; i22 += 16 )
{
v69 = 0;
if ( *i22 == 23117 )
{
_mm_lfence();
if ( NtReadVirtualMemory(-1i64, i22 - v1663 + i21, v1663, 0x400i64, 0i64) >= 0 )
{
v234 = &v1663[v1664];
if ( v234 < &v1665 && *v234 == 0x4550 )
{
if ( *(v234 + 12) == 267 || (v464 = *(v234 + 12) == 523, v69 = v464) )
{
v1278 = 0i64;
for ( i23 = i22 - v1663 + i21; *v83; i23 += 0x1000i64 )
{
v463 = *(v234 + 0x14);
if ( i23 >= v463 + i22 - v1663 + i21 )
break;
_mm_lfence();
if ( NtReadVirtualMemory(-1i64, i23, v1662, 0x1000i64, 0i64) < 0 )
break;
for ( i24 = 0; (i24 + 6) <= 0x1000; ++i24 )
{
if ( (*&v1662[i24] == 0x626D6941 || *&v1662[i24] == 0x626D6961) && *&v1662[i24 + 4] == 0x746F
|| *&v1662[i24] == 0x616D7548
&& *&v1662[i24 + 4] == 0x68544C6E
&& *&v1662[i24 + 8] == 0x31686769
&& *&v1662[i24 + 12] == 0x4800
|| (*&v1662[i24] == 0x43766F6B || *&v1662[i24] == 0x43746645)
&& *&v1662[i24 + 4] == 0x74616568
|| *&v1662[i24] == 0x5F746567
&& *&v1662[i24 + 4] == 0x726F6F44
&& *&v1662[i24 + 8] == 0x74617453 )
{
v1278 = i24 + i23 - i8;
goto LABEL_612;
}
}
}
if ( v1278 )
{
LABEL_612:
v1275[24] = 0;
v1276 = 0x35;
v1277 = 0x5DD;
v1279 = *(v234 + 2);
v462 = *(v234 + 0x14);
v1280 = v462;
v461 = *(v234 + 0xA);
v1281 = v461;
if ( v44 + 0x1D <= 0x5400 )
{
*(v44 + v57) = 0x1B;
for ( i25 = 0; i25 < 0x1B; ++i25 )
*(v57 + i25 + v44 + 2) = *(&v1276 + i25);
v44 += 0x1Di64;
}
}
}
}
}
}
}
}
}
}
else
{
v1210 = 0xFE;
}
if ( LODWORD(v89[4]) == 0x1000
&& HIDWORD(v89[4]) >= 2
&& (LODWORD(v89[5]) == 0x20000 || LODWORD(v89[5]) == 0x1000000)
&& (v89[4] & 0x10000000000i64) == 0 )
{
v426 = 0;
while ( *v83 && v426 < 2 && i8 != v89[3] + v89[0] )
{
if ( NtReadVirtualMemory(-1i64, i8, v1576, 0x10i64, 0i64) < 0 || (_mm_lfence(), (IsBadReadPtr)(i8, 0x10i64)) )
{
if ( (NtQueryVirtualMemory)(-1i64, i8, 0i64, v1617, 0x30i64, &v266) >= 0 && v1617[4] == v89[4] )
v1210 = 2;
}
else
{
_mm_lfence();
memcpy(v1525, i8, 0x10i64);
v427 = 0;
while ( memcmp(v1576, v1525, 0x10i64) && !(IsBadReadPtr)(i8, 0x10i64) && !memcmp(v1525, i8, 0x10i64) )
{
if ( v427 == 3 )
{
v1210 = 1;
memcpy(v1214, v1525, 0x10i64);
break;
}
if ( NtReadVirtualMemory(-1i64, i8, v1576, 0x10i64, 0i64) < 0 )
break;
++v427;
}
}
++v426;
i8 += 0x1000i64;
}
}
else if ( LODWORD(v89[4]) == 0x1000 && HIDWORD(v89[4]) < 2
|| LODWORD(v89[4]) == 0x10000
|| LODWORD(v89[4]) == 0x2000 )
{
if ( v89[4] != 0x1000i64 )
{
v152 = i8;
LABEL_653:
if ( !*v83 || v152 >= v89[3] + v89[0] || v152 >= v89[0] + 0x1000000i64 )
goto LABEL_670;
while ( 1 )
{
if ( (IsBadReadPtr)(v152, 1i64)
|| (NtQueryVirtualMemory)(-1i64, v152, 0i64, v1570, 0x30i64, &v266) < 0
|| v1570[8] != LODWORD(v89[4])
|| v1570[8] == 4096 && v1570[9] != HIDWORD(v89[4])
|| (_mm_lfence(), (IsBadReadPtr)(v152, 1i64)) )
{
if ( (~v1175)(v152, 1i64)
|| (NtQueryVirtualMemory)(-1i64, v152, 0i64, v1570, 0x30i64, &v266) < 0
|| v1570[8] != LODWORD(v89[4])
|| v1570[8] == 0x1000 && v1570[9] != HIDWORD(v89[4])
|| (_mm_lfence(), (~v1175)(v152, 1i64)) )
{
v152 += 0x10000i64;
goto LABEL_653;
}
}
qmemcpy(v89, v1570, sizeof(v89));
v1210 = 0;
LABEL_670:
if ( !v1210 || v152 > 0x7FFFE1E30000i64 || v89[3] + v89[0] <= 0x7FFFE1E30000ui64 )
goto LABEL_674;
v152 = 0x7FFFE1E30000i64;
}
}
v1210 = 0;
}
LABEL_674:
if ( v1210 != 0xFF && v418 < 3 )
{
v1208 = 0;
v1209 = 0x21;
v1211 = v89[0];
v1212 = v89[3];
v1213 = LODWORD(v89[5]) | HIDWORD(v89[4]) | LODWORD(v89[4]);
if ( v44 + 0x24 <= 0x5400 )
{
*(v44 + v57) = 0x22;
for ( i26 = 0; i26 < 0x22; ++i26 )
*(v57 + i26 + v44 + 2) = *(&v1209 + i26);
v44 += 0x24i64;
}
++v418;
}
if ( LODWORD(v89[4]) == 0x1000
&& LODWORD(v89[5]) == 0x1000000
&& v89[0] == v89[1]
&& NtReadVirtualMemory(-1i64, v89[0] + 0x3Ci64, &v1201, 4i64, 0i64) >= 0
&& NtReadVirtualMemory(-1i64, v89[0] + v1201 + 8i64, &v62, 4i64, 0i64) >= 0 )
{
if ( v62 == 0x5B12C900
&& (NtReadVirtualMemory(-1i64, v89[0] + 0x1000i64, v136, 0x10i64, 0i64) >= 0 && !LODWORD(v136[0])
|| NtReadVirtualMemory(-1i64, v89[0] + 0x501000i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0]) != 0x353E900)
|| v62 == 0x5A180C35
&& NtReadVirtualMemory(-1i64, v89[0] + 0x1000i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0])
|| v62 == 0xFC9B9325
&& NtReadVirtualMemory(-1i64, v89[0] + 0x6D3000i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0])
|| v62 == 0x456CED13
&& NtReadVirtualMemory(-1i64, v89[0] + 0x6B408i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0]) != 686588744
|| v62 == 0x46495AD9
&& NtReadVirtualMemory(-1i64, v89[0] + 0x79488i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0]) != 686588744
|| v62 == 0x47CDEE2B
&& NtReadVirtualMemory(-1i64, v89[0] + 547608i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0]) != 686588744
|| v62 == 0x469FF22E
&& NtReadVirtualMemory(-1i64, v89[0] + 0x7C9A8i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0]) != 686588744
|| v62 == 0x48EC3AD7
&& NtReadVirtualMemory(-1i64, v89[0] + 0xB3350i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0]) != 686588744
|| v62 == 0x5A8E6020
&& NtReadVirtualMemory(-1i64, v89[0] + 0x4B4000i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0])
|| v62 == 0x55C85371
&& NtReadVirtualMemory(-1i64, v89[0] + 0x18000i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0])
|| v62 == 0x5BE196AD
&& NtReadVirtualMemory(-1i64, v89[0] + 0x520000i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0])
|| v62 == 0x5B641AC7 && NtReadVirtualMemory(-1i64, v89[0] + 0x507000i64, v136, 0x10i64, 0i64) >= 0
|| v62 == 0x5FFBE765
&& NtReadVirtualMemory(-1i64, v89[0] + 1206672i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0]) != 0xD95
|| v62 == 0x5459E923
&& NtReadVirtualMemory(-1i64, v89[0] + 0x5D0A70i64, v136, 0x10i64, 0i64) >= 0
&& LODWORD(v136[0]) != 0x20309820 )
{
v1311 = 0;
v1312[0] = 0x46;
if ( v62 == 0x456CED13 )
{
v506 = 3;
}
else
{
if ( v62 == 0x46495AD9 )
{
v507 = 4;
}
else
{
if ( v62 == 0x47CDEE2B )
{
v508 = 5;
}
else
{
if ( v62 == 0x469FF22E )
{
v509 = 6;
}
else
{
if ( v62 == 0x48EC3AD7 )
{
v510 = 7;
}
else
{
if ( v62 == 0xFC9B9325 || v62 == 0x5A8E6020 )
{
v512 = 8;
}
else
{
if ( v62 == 0x55C85371 )
{
v456 = 9;
}
else
{
if ( v62 == 0x5BE196AD )
{
v457 = 0xA;
}
else
{
if ( v62 == 0x5B641AC7 )
{
v458 = 0xB;
}
else
{
if ( v62 == 0x5FFBE765 )
{
v459 = 0xC;
}
else
{
if ( v62 == 0x5459E923 )
v460 = 0xD;
else
v460 = 1;
v459 = v460;
}
v458 = v459;
}
v457 = v458;
}
v456 = v457;
}
v512 = v456;
}
v510 = v512;
}
v509 = v510;
}
v508 = v509;
}
v507 = v508;
}
v506 = v507;
}
v1312[1] = v506;
v1313 = v136[0];
v1314 = v136[1];
if ( v44 + 20 <= 0x5400 )
{
*(v44 + v57) = 0x12;
for ( i27 = 0; i27 < 0x12; ++i27 )
*(v57 + i27 + v44 + 2) = v1312[i27];
v44 += 0x14i64;
}
}
else
{
v233 = (v89[0] + *(v89[0] + 0x3Ci64) + 0x18i64);
if ( v62 == 0x5D728445
|| v62 == 0x5E87A1D2
|| v62 == 0x5E93BF48
|| v62 == 0x5F8D2510
|| v62 == 0x5ABA0821
|| v62 == 0x5C172C60
|| v62 == 0x5CC175C9
|| (v233[37] == 0x1960
|| v233[37] == 0x34C0
|| v233[37] == 0x39F0
|| v233[37] == 0x4650
|| v233[37] == 0x3A78
|| v233[37] == 0x5C70
|| v233[37] == 0x39C0
|| v233[37] == 0x2398)
&& v62 >= 0x62000000
&& v62 < 0x63000000 )
{
v1425 = 0;
v1426 = 0x35;
v1427 = 0x5CA;
v1428 = v62;
v1429 = v233[14];
v1430 = v233[4];
v1431 = v233[37];
if ( v44 + 0x1D <= 0x5400 )
{
*(v44 + v57) = 0x1B;
for ( i28 = 0; i28 < 0x1B; ++i28 )
*(v57 + i28 + v44 + 2) = *(&v1426 + i28);
v44 += 0x1Di64;
}
}
}
}
if ( LODWORD(v89[4]) == 0x1000
&& (HIDWORD(v89[4]) == 4 || HIDWORD(v89[4]) == 2)
&& LODWORD(v89[5]) == 0x20000
&& v89[0] == v89[1]
&& (NtReadVirtualMemory(-1i64, v89[0], &v438, 16i64, 0i64) >= 0
&& (v438 == 0x300900000i64 && v439 == 0xFFFF00000004i64
|| v438 == GetModuleHandleA && v439 == GetProcAddress
|| v438 == 0x5441554156415741i64 && v439 == 0x5041514152415341i64
|| v438 == 0xC900000000100i64)
|| v89[3] > 0x1000ui64
&& NtReadVirtualMemory(-1i64, v89[0] + 0x1000i64, &v438, 16i64, 0i64) >= 0
&& v438 == 0x40B84128EC8348i64
&& v439 == 0x8D480000) )
{
v1446 = 0;
v1447 = 0x35;
v1448 = 0x5D3;
if ( v438 == 0x300900000i64 )
{
v503 = 0x100;
}
else
{
if ( v438 == GetModuleHandleA )
{
v504 = 0x50;
}
else
{
v505 = v438 == 0x5441554156415741i64 ? 23 : 4096;
v504 = v505;
}
v503 = v504;
}
NtReadVirtualMemory(-1i64, v503 + v89[0], v1449, 8i64, 0i64);
v1449[1] = v89[0];
v1450 = v89[3];
v1451 = LODWORD(v89[5]) | HIDWORD(v89[4]) | LODWORD(v89[4]);
if ( v44 + 29 <= 0x5400 )
{
*(v44 + v57) = 0x1B;
for ( i29 = 0; i29 < 0x1B; ++i29 )
*(v57 + i29 + v44 + 2) = *(&v1447 + i29);
v44 += 0x1Di64;
}
}
}
result = *v83;
if ( *v83 )
{
v1259 = ~v1175;
v502 = (NtQueryVirtualMemory)(-1i64, ~v1175, 0i64, v89, 0x30i64, &v266) < 0;
v77 = v502;
if ( v502 || LODWORD(v89[4]) != 4096 || LODWORD(v89[5]) != 0x1000000 && LODWORD(v89[5]) != 0x40000 )
{
v1418 = 0;
v1419 = 0x35;
v1420 = 0x5A9;
v1421 = v1259;
v1260 = v77 ? 0i64 : v89[0];
v1422 = v1260;
v1261 = v77 ? 0i64 : v89[3];
v1423 = v1261;
v501 = v77 ? 0 : LODWORD(v89[5]) | HIDWORD(v89[4]) | LODWORD(v89[4]);
v1424 = v501;
if ( v44 + 29 <= 0x5400 )
{
*(v44 + v57) = 0x1B;
for ( i30 = 0; i30 < 0x1B; ++i30 )
*(v57 + i30 + v44 + 2) = *(&v1419 + i30);
v44 += 0x1Di64;
}
}
v96 = 0;
v1199 = 0;
strcpy(v403, "CreateToolhelp32Snapshot");
CreateToolhelp32Snapshot = (GetProcAddress)(v75, v403);
v558 = CreateToolhelp32Snapshot(2i64, 0i64);
if ( v558 != -1 )
{
strcpy(v353, "Process32First");
Process32First = (GetProcAddress)(v75, v353);
v1357 = 0x130;
if ( Process32First(v558, &v1357) )
{
strcpy(v342, "Process32Next");
Process32Next = (GetProcAddress)(v75, v342);
v271 = 0;
v421 = 0;
v188 = 0;
v422 = 0;
v423 = 0;
v59 = 0;
v124 = 0;
v1502 = 0;
do
{
v1292[11] = 0;
v110 = OpenProcess(0x1000i64, 0i64, v1358);
v56 = 128;
v476 = v110
&& QueryFullProcessImageNameW(v110, 0i64, v1654, &v56)
&& (LODWORD(v41) = 255,
(v56 = WideCharToMultiByte(65001i64, 0i64, v1654, v56, &v1294, v41, 0i64, 0i64)) != 0);
v78 = v476;
if ( v476 )
{
if ( GetFileAttributesExW(v1654, 0i64, v1619) )
v500 = v1619[8];
else
v500 = 0;
v270 = v500;
}
else
{
v1200 = GetLastError();
v1043 = v1358;
v1044 = 0;
v1045 = 0x200;
v1046 = v1661;
if ( NtQuerySystemInformation(0x58i64, &v1043, 0x18i64, 0i64) < 0 )
{
v56 = 0;
}
else
{
v1536 = &v1294;
LODWORD(v41) = 255;
v56 = WideCharToMultiByte(65001i64, 0i64, v1046, v1044 / 2, &v1294, v41, 0i64, 0i64);
}
if ( v110 && !v78 && v56 && *&v1292[v56 + 6] == '.mwd' )
{
*(&v1294 + v56) = v1200;
goto LABEL_1135;
}
if ( !v1360 && !v56 )
{
v1043 = v1359;
v1044 = 0;
v1045 = 0x200;
v1046 = v1661;
if ( NtQuerySystemInformation(88i64, &v1043, 0x18i64, 0i64) >= 0 )
{
v1537 = &v1294;
LODWORD(v41) = 0xFF;
v56 = WideCharToMultiByte(65001i64, 0i64, v1046, v1044 / 2, &v1294, v41, 0i64, 0i64);
}
}
v270 = 0;
}
*(&v1294 + v56) = v270;
v66 = 0;
if ( v110 )
{
if ( !v78 && v56 && GetLastError() == 31 )
{
strcpy(v362, "GetProcessTimes");
GetProcessTimes = (GetProcAddress)(v75, v362);
if ( !GetProcessTimes(v110, &v1177, &v1177, &v1177, &v1177) && GetLastError() == 31 )
{
CloseHandle(v110);
v110 = OpenProcess(4096i64, 0i64, v1358);
if ( v110 )
{
*(&v1294 + v56) = 0;
goto LABEL_1135;
}
}
else
{
CloseHandle(v110);
v110 = 0i64;
}
}
else if ( v56 )
{
strcpy(v410, "NtQueryInformationProcess");
NtQueryInformationProcess = (GetProcAddress)(v126, v410);
if ( NtQueryInformationProcess(v110, 61i64, &v66, 1i64, 0i64) < 0 )
{
_mm_lfence();
v1632 = 64i64;
if ( NtQueryInformationProcess(v110, 0i64, &v1632, 0x40i64, 0i64) >= 0 && (v1633 & 1) != 0 )
v66 = 1;
}
if ( v66 )
{
for ( i31 = 0;
i31 < (v56 - 7)
&& (*(&v1294 + i31) != 'meT\\' || *(&v1296[-1] + i31) != '\\p')
&& *(&v1294 + i31) != 'NUS\\';
++i31 )
{
;
}
if ( i31 == v56 - 7 )
v66 = 0;
}
}
}
if ( v1360 == 'aets' && v1361 == 'xe.m' )
{
v271 = v1358;
}
else if ( v1360 == 'sasl' && v1361 == 'xe.s' )
{
v421 = v1358;
}
else if ( v1360 == 'lpxe' && v1361 == 'rero' && v1362 == 'exe.' && !v188 )
{
v188 = v1358;
}
else if ( v1360 == '.dmc' && v1361 == 'xe' )
{
v422 = v1358;
}
else if ( v1360 == 'hcvs' && v1361 == '.tso' && v110 && !v59 )
{
strcpy(v408, "NtQueryInformationProcess");
NtQueryInformationProcess_1 = (GetProcAddress)(v126, v408);
if ( NtQueryInformationProcess_1(v110, 61i64, &v59, 1i64, 0i64) >= 0 && v59 == 81 )
{
v59 = 0;
}
else if ( !v59 )
{
v1634 = 64i64;
if ( NtQueryInformationProcess_1(v110, 0i64, &v1634, 64i64, 0i64) >= 0 && (v1635 & 1) != 0 )
v59 = 1;
}
}
else if ( v1360 == 'eton' && v1361 == '.dap' )
{
v124 = 1;
}
if ( v1360 == '.mwd' )
{
if ( !v1358 || *&v1292[v56 + 6] != '.mwd' )
goto LABEL_1135;
v1199 = v1358;
}
if ( v56 )
{
if ( v1358 != GetCurrentProcessId() && v423 < 10 )
{
v499 = v66 || !v1360;
v61 = v499;
if ( v499 )
goto LABEL_1003;
v67 = 0;
v68 = 0;
v86 = 0;
v85 = 0;
v106 = v56;
v419 = 0;
while ( 1 )
{
if ( *(&v1294 + --v106) == 92 )
++v419;
if ( !v106 )
break;
if ( v106 < (v56 - 8) )
{
v498 = *(&v1294 + v106) == 'lpxe' && *(&v1296[-1] + v106) == 'rero'
|| *(&v1294 + v106) == '6sbo' && *(&v1296[-1] + v106) == 'xe.4';
v61 = v498;
v67 = v498;
if ( v498 )
goto LABEL_1003;
}
}
if ( v419 <= 2 )
{
LABEL_1003:
strcpy(v363, "GetProcessTimes");
GetProcessTimes_1 = (GetProcAddress)(v75, v363);
if ( GetProcessTimes_1(v110, &v554, &v285, &v633, v634)
&& (v33 = GetCurrentProcess(), GetProcessTimes_1(v33, &v516, &v285, &v285, &v285))
&& v516 - v554 <= 900000000
&& v516 - v554 >= 3994967296
|| v61
|| v86 )
{
v95 = v271 != 0;
*(&v1296[-1] + v56) = v271 != 0;
if ( v188 && v1359 == v188 )
{
*(&v1296[-1] + v56) |= 2u;
}
else if ( v421 && v1359 == v421 )
{
*(&v1296[-1] + v56) |= 8u;
}
else if ( v422 && v1359 == v422 )
{
*(&v1296[-1] + v56) |= 0x10u;
}
else
{
v1178 = OpenProcess(0x1000i64, 0i64, v1359);
if ( v1178 )
{
strcpy(v380, "GetExitCodeProcess");
GetExitCodeProcess = (GetProcAddress)(v75, v380);
if ( GetExitCodeProcess(v1178, &v1198) && v1198 != 0x103 )
*(&v1296[-1] + v56) |= 4u;
CloseHandle(v1178);
}
else if ( GetLastError() != 5 )
{
*(&v1296[-1] + v56) |= 4u;
}
}
if ( v66 )
*(&v1296[-1] + v56) |= 0x20u;
if ( *(&v1296[-1] + v56) > 1u || v61 )
{
Sleep(1000i64);
++v423;
if ( GetProcessTimes_1(v110, &v285, &v285, &v1296[1] + v56 + 1, &v1296[3] + v56 + 1) || v61 )
{
*(&v1296[1] + v56 + 1) -= v633;
*(&v1296[3] + v56 + 1) -= v634[0];
if ( (*(&v1296[-1] + v56) & 8) != 0
|| (*(&v1296[3] + v56 + 1) + *(&v1296[1] + v56 + 1)) >= 500000 && !v67 && !v68
|| v61 && !v67 && !v85 )
{
v1293 = 64;
*(&v1295 + v56 + 1) = v516 - v554;
if ( v44 + v56 + 30 + 2 <= 0x5400 )
{
*(v44 + v57) = v56 + 30;
for ( i32 = 0; i32 < v56 + 30; ++i32 )
*(v57 + i32 + v44 + 2) = *(&v1293 + i32);
v44 += v56 + 32;
}
goto LABEL_1142;
}
if ( v67 && *(&v1296[1] + v56 + 1) >= 1000000
|| v68 && (*(&v1296[3] + v56 + 1) + *(&v1296[1] + v56 + 1)) >= 2500000 )
{
v445 = 0i64;
v163 = 336;
while ( 1 )
{
v163 += 1024;
v445 = realloc(v445, v163);
if ( !v445 )
break;
v72 = NtQuerySystemInformation(5i64, v445, v163, &v163);
if ( v72 != 0xC0000004 )
{
if ( v72 >= 0 )
{
v262 = v445;
while ( *v83 )
{
if ( *(v262 + 10) == v1358 )
{
for ( i33 = 0; *v83 && i33 < v262[1]; ++i33 )
{
_mm_lfence();
strcpy(v317, "OpenThread");
OpenThread = (GetProcAddress)(v75, v317);
v263 = OpenThread(0x800i64, 0i64, v262[20 * i33 + 76]);
if ( v263 )
{
strcpy(v354, "GetThreadTimes");
GetThreadTimes = (GetProcAddress)(v75, v354);
if ( GetThreadTimes(v263, &v1541, &v285, &v633, v634)
&& (v1360 == 913531503 && (*(&v1296[-1] + v56) & 4) != 0
|| v633 >= 1000000 && !v634[0]
|| v68) )
{
Sleep(1000i64);
if ( GetThreadTimes(
v263,
&v285,
&v285,
&v1296[7] + v56 + 1,
&v1296[9] + v56 + 1) )
{
if ( (*(&v1296[7] + v56 + 1) -= v633, *(&v1296[9] + v56 + 1) -= v634[0], v67)
&& *(&v1296[7] + v56 + 1) >= 500000
&& (v1360 == 913531503 || !*(&v1296[9] + v56 + 1))
|| v68 && (*(&v1296[9] + v56 + 1) + *(&v1296[7] + v56 + 1)) >= 2500000 )
{
_mm_lfence();
v1293 = 74;
*(&v1295 + v56 + 1) = v516 - v554;
*(&v1296[5] + v56 + 1) = v516 - v1541;
*(&v1296[11] + v56 + 1) = *&v262[20 * i33 + 72];
CloseHandle(v263);
v263 = OpenThread(0x40i64, 0i64, v262[20 * i33 + 76]);
if ( v263 )
{
strcpy(v404, "NtQueryInformationThread");
NtQueryInformationThread = (GetProcAddress)(v126, v404);
v493 = NtQueryInformationThread(v263, 9i64, &v1558, 8i64, 0i64);
if ( v493 < 0 )
v1265 = v493;
else
v1265 = v1558;
*(&v1296[11] + v56 + 1) = v1265;
}
*(&v1296[13] + v56 + 1) = 0i64;
*(&v1296[15] + v56 + 1) = 0i64;
v1180 = OpenProcess(0x10i64, 0i64, v1358);
if ( v1180 )
{
NtReadVirtualMemory(
v1180,
*(&v1296[11] + v56 + 1),
&v1296[13] + v56 + 1,
0x10i64,
0i64);
CloseHandle(v1180);
}
if ( v44 + v56 + 0x4E + 2 <= 0x5400 )
{
*(v44 + v57) = v56 + 0x4E;
for ( i34 = 0; i34 < v56 + 0x4E; ++i34 )
*(v57 + i34 + v44 + 2) = *(&v1293 + i34);
v44 += v56 + 0x50;
}
}
}
}
if ( v263 )
CloseHandle(v263);
}
}
break;
}
if ( !*v262 )
break;
v262 = (v262 + *v262);
}
}
free(v445);
break;
}
}
}
}
}
}
}
else
{
for ( i35 = 0; i35 < (v56 - 6); ++i35 )
{
if ( *(&v1294 + i35) == 'seD\\' && *(&v1296[-1] + i35) == 'potk' && *(v1296 + i35) == '\\' )
goto LABEL_1003;
v496 = *(&v1294 + i35) == 'niw\\' && *(&v1296[-1] + i35) == '.rev'
|| (*(&v1294 + i35) == 'lnuS' && *(&v1296[-1] + i35) == 'nigo' || *(&v1294 + i35) == 0xE69190E5
? (v497 = 1)
: (v497 = 0),
(v85 = v497) != 0 || *(&v1294 + i35) == 0x5C393133 && v270 == 0x274600);
v61 = v496;
if ( v496 || *(&v1294 + i35) == 'liF\\' && *(&v1296[-1] + i35) == 'ceRe' )
goto LABEL_1003;
if ( *(&v1294 + i35) == 'coD\\'
&& *(&v1296[-1] + i35) == 'nemu'
&& *(v1296 + i35) == 'st'
&& *(v1296 + i35 + 2) == '\\'
|| *(&v1294 + i35) == 'woD\\'
&& *(&v1296[-1] + i35) == 'aoln'
&& *(v1296 + i35) == 'sd'
&& *(v1296 + i35 + 2) == '\\'
|| *(&v1294 + i35) == 'aoR\\' && *(&v1296[-1] + i35) == 'gnim' && *(v1296 + i35) == 92
|| *(&v1294 + i35) == '.pmt' && *(&v1296[-1] + i35) == 'xe'
|| *(&v1294 + i35) == 'eton' && *(&v1296[-1] + i35) == '.dap'
|| *(&v1294 + i35) == '...\\' && *(&v1296[-1] + i35) == '\\.'
|| *(&v1294 + i35) == '.dmc' && *(&v1296[-1] + i35) == 'xe'
|| *(&v1294 + i35) == 'niei' && *(&v1296[-1] + i35) == 'lats' )
{
goto LABEL_1003;
}
v495 = *(&v1294 + i35) == 'iDVN' && *(&v1296[-1] + i35) == 'alps';
v86 = v495;
if ( v495 || *(&v1294 + i35) == 'meT\\' && *(&v1296[-1] + i35) == '\\p' )
goto LABEL_1003;
v494 = *(&v1294 + i35) == 'etsy' && *(&v1296[-1] + i35) == '\\23m';
v68 = v494;
if ( v494 || !v78 )
goto LABEL_1003;
}
}
}
if ( v271
&& *&v1292[v56 + 1] == 'lpxe'
&& *&v1292[v56 + 5] == 'rero'
&& *&v1292[v56 + 9] == 'exe.'
&& v1359 == v271 )
{
goto LABEL_1135;
}
if ( *&v1292[v56] == 'pmeT'
&& *&v1292[v56 + 9] == 'eliF'
&& v1361 == 'exe.'
&& (v1360 >= 'A' && v1360 <= 'Z'
|| SBYTE1(v1360) >= 'A' && SBYTE1(v1360) <= 'Z'
|| SBYTE2(v1360) >= 'A' && SBYTE2(v1360) <= 'Z'
|| SHIBYTE(v1360) >= 'A' && SHIBYTE(v1360) <= 'Z') )
{
v1294 = v1360;
v1295 = v1361;
v56 = 8;
v1296[0] = 0xFF;
LABEL_1135:
v1293 = 0x38;
if ( v44 + v56 + 5 + 2 <= 0x5400 )
{
*(v44 + v57) = v56 + 5;
for ( i36 = 0; i36 < v56 + 5; ++i36 )
*(v57 + i36 + v44 + 2) = *(&v1293 + i36);
v44 += v56 + 7;
}
goto LABEL_1140;
}
if ( *&v1292[v56 + 7] == 'eTZH' )
goto LABEL_1135;
for ( i37 = 0; i37 < (v56 - 4); ++i37 )
{
if ( *(&v1294 + i37) == ' gnR'
|| *(&v1294 + i37) == 0xA0E7
&& *(&v1294 + i37 + 2) == 0xFFFFFF81
&& *(&v1294 + i37 + 3) >= 48u
&& *(&v1294 + i37 + 3) <= 0x39u
|| *(&v1294 + i37) == ' GNR'
|| *(&v1294 + i37) == 2430944085
|| *(&v1294 + i37) == '.6.2' && *(&v1296[-1] + i37) == 'xe'
|| *(&v1294 + i37) == 0xE6A88BE6 && *(&v1296[-1] + i37) == 0xBCE9AAB5 )
{
goto LABEL_1135;
}
}
}
if ( v1360 == 'daoL' && v1361 == 'rbil'
|| v1360 == ' gnR'
|| v270 == 0x5D720 && (v1360 != 'emaG' || v1361 != 'revO') && (v1360 != 'emag' || v1361 != 'revo') )
{
goto LABEL_1135;
}
LABEL_1140:
if ( v110 )
CloseHandle(v110);
LABEL_1142:
if ( (v1360 == 'emaG' || v1360 == 'emag' || v1360 == 'EMAG')
&& (v1361 == 'revO' || v1361 == 'revo' || v1361 == 'REVO')
&& (v1362 == 'Uyal' || v1362 == 'uyal' || v1362 == 'UYAL') )
{
v96 = 1;
v435 = OpenProcess(0x400i64, 0i64, v1358);
if ( v435 )
{
for ( i38 = 0i64; *v83; i38 = v526 + v525 )
{
v492 = (NtQueryVirtualMemory)(v435, i38, 0i64, &v525, 48i64, &v1602);
if ( v492 < 0 )
break;
if ( v527 == 0x1000 && v529 == 0x20000 && (v528 == 16 || v528 == 32 || v528 == 64) )
{
if ( v526 > 0x10000 )
{
v1287 = 0;
v1288 = 0x3B;
v1289 = v525;
v1290 = v526;
v1291 = v529 | v528 | v527;
if ( v44 + 0x13 <= 0x5400 )
{
*(v44 + v57) = 0x11;
for ( i39 = 0; i39 < 0x11; ++i39 )
*(v57 + i39 + v44 + 2) = *(&v1288 + i39);
v44 += 0x13i64;
}
}
if ( v59 )
{
v1411 = 0;
v1412 = 0x35;
v1413 = 0x5B1;
v1414 = v59;
v1415 = v525;
v1416 = v526;
v1417 = v529 | v528 | v527;
if ( v44 + 0x1D <= 0x5400 )
{
*(v44 + v57) = 0x1B;
for ( i40 = 0; i40 < 0x1B; ++i40 )
*(v57 + i40 + v44 + 2) = *(&v1412 + i40);
v44 += 0x1Di64;
}
}
v1188 = OpenProcess(0x10i64, 0i64, v1358);
if ( v1188 )
{
v1084 = 8;
v1085 = 72;
v1086 = 0;
v1087 = 111;
v1088 = 0;
v1089 = 109;
v1090 = 0;
v1091 = 101;
v1092 = 0;
memset(v1093, 0, sizeof(v1093));
v1094 = 4;
v1095 = 70;
v1096 = 0;
v1097 = 49;
v1098 = 0;
memset(v1099, 0, sizeof(v1099));
v1100 = 16;
v1101 = -1;
v1102 = -1;
v1103 = -125;
v1104 = -60;
v1105 = 8;
v1106 = -61;
v1107 = 0;
v1108 = 0;
v1109 = 0;
v1110 = 0;
v1111 = 0;
v1112 = 0;
v1113 = 0;
v1114 = 0;
v1115 = 0;
v1116 = 0;
memset(v1117, 0, sizeof(v1117));
v1118 = 24;
v1119 = 92;
v1120 = 0;
v1121 = 92;
v1122 = 0;
v1123 = 46;
v1124 = 0;
v1125 = 92;
v1126 = 0;
v1127 = 112;
v1128 = 0;
v1129 = 105;
v1130 = 0;
v1131 = 112;
v1132 = 0;
v1133 = 101;
v1134 = 0;
v1135 = 92;
v1136 = 0;
v1137 = 37;
v1138 = 0;
v1139 = 115;
v1140 = 0;
v1141 = 0;
v1142 = 0;
v1143 = 10;
v1144 = -57;
v1145 = 6;
v1146 = 0;
v1147 = 0;
v1148 = 0;
v1149 = 0;
v1150 = -58;
v1151 = 71;
v1152 = 3;
v1153 = 0;
memset(v1154, 0, sizeof(v1154));
v1155 = 8;
v1156 = 'i';
v1157 = 192;
v1158 = 24;
v1159 = 1;
v1160 = 0;
v1161 = 0;
v1162 = 51;
v1163 = -46;
memset(v1164, 0, sizeof(v1164));
v170 = 0;
for ( i41 = v525; *v83 && i41 != v526 + v525; i41 += 0x1000i64 )
{
if ( NtReadVirtualMemory(v1188, i41, v1672, 0x1000i64, 0i64) >= 0 )
{
v134 = 0;
LABEL_1178:
if ( v134 < 6 )
{
for ( i42 = 0; ; ++i42 )
{
if ( (*(&v1084 + 7 * v134) + i42) > 0x1000ui64 )
{
++v134;
goto LABEL_1178;
}
for ( i43 = 0;
i43 < *(&v1084 + 7 * v134) && v1672[i43 + i42] == *(&v1084 + 28 * v134 + i43 + 4);
++i43 )
{
;
}
if ( i43 == *(&v1084 + 7 * v134) )
break;
}
v1404 = 0;
v1405 = 0x35;
v1406 = 0x56C;
v1407 = i42 + i41;
v1408 = v525;
v1409 = v526;
v1410 = v529 | v528 | v527;
if ( v44 + 0x1D <= 0x5400 )
{
*(v44 + v57) = 27;
for ( i44 = 0; i44 < 0x1B; ++i44 )
*(v57 + i44 + v44 + 2) = *(&v1405 + i44);
v44 += 0x1Di64;
}
break;
}
if ( v526 <= 0x10000 )
{
for ( i45 = 0; i45 < 0xFFC; ++i45 )
{
if ( (v1672[i45] == 0xE9 || v1672[i45] == 0x90)
&& i45 + i41 + *&v1672[i45 + 1] + 5 >= v525
&& i45 + i41 + *&v1672[i45 + 1] + 5 < v526 + v525
&& !v170++ )
{
v1345 = i45 + i41 - v525;
v1346 = *&v1672[i45];
v1347 = *&v1672[i45 + 8];
}
}
}
}
}
if ( v170 >= 0x64 )
{
v1342 = 0;
v1343 = 0x3B;
v1344 = v170 + v526;
if ( v44 + 25 <= 0x5400 )
{
*(v44 + v57) = 0x17;
for ( i46 = 0; i46 < 0x17; ++i46 )
*(v57 + i46 + v44 + 2) = *(&v1343 + i46);
v44 += 0x19i64;
}
}
CloseHandle(v1188);
}
}
}
if ( v492 == 0xC0000022 )
{
v551 = 0;
v552 = 0x3B;
v553 = 0xC0000022;
if ( v44 + 7 <= 0x5400 )
{
*(v44 + v57) = 5;
for ( i47 = 0; i47 < 5; ++i47 )
*(v57 + i47 + v44 + 2) = *(&v552 + i47);
v44 += 7i64;
}
}
CloseHandle(v435);
}
else if ( GetLastError() == 5 )
{
v236 = 0;
v237 = 0x3B;
if ( v44 + 3 <= 0x5400 )
{
*(v44 + v57) = 1;
for ( i48 = 0; !i48; ++i48 )
*(v57 + v44 + 2) = v237;
v44 += 3i64;
}
v150 = OpenProcess(0x1000i64, 0i64, v1358);
if ( v150 )
{
strcpy(v409, "NtQueryInformationProcess");
NtQueryInformationProcess_2 = (GetProcAddress)(v126, v409);
v79 = 0;
if ( NtQueryInformationProcess_2(v150, 61i64, &v79, 1i64, 0i64) < 0 )
{
_mm_lfence();
v1630 = 64i64;
if ( NtQueryInformationProcess_2(v150, 0i64, &v1630, 64i64, 0i64) >= 0 && (v1631 & 1) != 0 )
v79 = 1;
}
if ( v79 )
{
v548 = 0;
v549 = 0x3B;
v550 = v79 + 0x1000;
if ( v44 + 7 <= 0x5400 )
{
*(v44 + v57) = 5;
for ( i49 = 0; i49 < 5; ++i49 )
*(v57 + i49 + v44 + 2) = *(&v549 + i49);
v44 += 7i64;
}
}
CloseHandle(v150);
}
}
v435 = OpenProcess(0x10i64, 0i64, v1358);
if ( v435 )
{
if ( NtReadVirtualMemory(v435, 0i64, &v429, 1i64, 0i64) == 0xC0000022 )
{
v545 = 0;
v546 = 0x3B;
v547 = 0xC0000022;
if ( v44 + 7 <= 0x5400 )
{
*(v44 + v57) = 5;
for ( i50 = 0; i50 < 5; ++i50 )
*(v57 + i50 + v44 + 2) = *(&v546 + i50);
v44 += 7i64;
}
}
CloseHandle(v435);
}
v556 = 0i64;
v555 = CreateToolhelp32Snapshot(0x18i64, v1358);
if ( v555 != -1 )
{
strcpy(v343, "Module32First");
Module32First = (GetProcAddress)(v75, v343);
v1623[0] = 0x238;
if ( Module32First(v555, v1623) )
{
strcpy(v326, "Module32Next");
Module32Next = (GetProcAddress)(v75, v326);
do
{
if ( v1626 == 'iugv' && v1627 == '.s_2' || v1626 == 'IUGV' && v1627 == '.S_2' )
{
v287 = OpenProcess(0x410i64, 0i64, v1358);
if ( v287 )
{
if ( NtReadVirtualMemory(v287, v1624 + 0x43E69, v1647, 0x1Ei64, 0i64) >= 0
&& v1647[0] == 0x318B006A
&& v1647[1] == 0x8B1C56FF
&& v1648 == 0xD
&& v1650 == 0x96FF
&& v1651 == 0xD8B
&& v1652 == 0x90FF018B )
{
_mm_lfence();
if ( NtReadVirtualMemory(v287, v1649, v1647, 4i64, 0i64) >= 0 )
{
_mm_lfence();
if ( NtReadVirtualMemory(v287, v1647[0], v1647, 4i64, 0i64) >= 0 )
{
_mm_lfence();
if ( NtReadVirtualMemory(v287, v1647[0], v1647, 0x42Ci64, 0i64) >= 0 )
{
for ( i51 = 0; i51 < 0x42C; i51 += 4 )
{
_mm_lfence();
NtReadVirtualMemory(v287, v1647[i51 / 4u], &v1337, 0x10i64, 0i64);
if ( v1647[i51 / 4u] < v1624 || v1647[i51 / 4u] >= v1625 + v1624 || v1337 == 204 )
{
v1333 = 0;
v1334 = 0x3B;
v1335 = i51;
v1336 = v1647[i51 / 4u];
if ( v44 + 0x19 <= 0x5400 )
{
*(v44 + v57) = 23;
for ( i52 = 0; i52 < 0x17; ++i52 )
*(v57 + i52 + v44 + 2) = *(&v1334 + i52);
v44 += 0x19i64;
}
}
}
}
}
}
}
for ( i53 = v1624; i53 < v1625 + v1624; i53 = v1329 + v1328[0] )
{
_mm_lfence();
if ( (NtQueryVirtualMemory)(v287, i53, 0i64, v1328, 0x30i64, &v1601) < 0 )
break;
if ( (v1331 == 0x10 || v1331 == 0x20 || v1331 == 0x40) && v1329 == 0x1000 )
{
v1397 = 0;
v1398 = 0x35;
v1399 = 0x56C;
v1400 = v1328[0] - v1328[1];
v1401 = v1328[0];
v1402 = 0x1000;
v1403 = v1332 | v1331 | v1330;
if ( v44 + 0x1D <= 0x5400 )
{
*(v44 + v57) = 0x1B;
for ( i54 = 0; i54 < 0x1B; ++i54 )
*(v57 + i54 + v44 + 2) = *(&v1398 + i54);
v44 += 0x1Di64;
}
}
}
CloseHandle(v287);
}
}
else if ( v1626 == 'emag' && v1627 == 'revo' && v1628 == 'uyal' && v1629 == 'ld.i' )
{
v288 = OpenProcess(0x410i64, 0i64, v1358);
if ( v288 )
{
if ( NtReadVirtualMemory(v288, v1624 + 0x94BFD, v1048, 0x10i64, 0i64) >= 0
&& v1048[0] == 0xB8CCCCCC
&& v1048[2] == 0xCCCCCCC3 )
{
_mm_lfence();
if ( NtReadVirtualMemory(v288, v1048[1], v1048, 4i64, 0i64) >= 0 )
{
_mm_lfence();
if ( NtReadVirtualMemory(v288, v1048[0], v1048, 0x14i64, 0i64) >= 0 )
{
for ( i55 = 0; i55 < 0x14; i55 += 4 )
{
_mm_lfence();
NtReadVirtualMemory(v288, v1048[i55 / 4u], &v1352, 0x10i64, 0i64);
if ( v1048[i55 / 4u] < v1624 || v1048[i55 / 4u] >= v1625 + v1624 || v1352 == 204 )
{
v1348 = 0;
v1349 = 0x3B;
v1350 = i55;
v1351 = v1048[i55 / 4u];
if ( v44 + 25 <= 0x5400 )
{
*(v44 + v57) = 0x17;
for ( i56 = 0; i56 < 0x17; ++i56 )
*(v57 + i56 + v44 + 2) = *(&v1349 + i56);
v44 += 25i64;
}
}
}
}
}
}
v1270 = 4;
v1271 = 0xFF;
v1272 = 0x10;
v1273 = 0x84;
v1274 = 0xC0;
memset(v1275, 0, 0x14ui64);
for ( i57 = v1624; *v83; i57 = v1204 + v1203[0] )
{
if ( i57 >= v1625 + v1624 )
break;
_mm_lfence();
if ( (NtQueryVirtualMemory)(v288, i57, 0i64, v1203, 0x30i64, &v1603) < 0 )
break;
if ( v1205 == 0x1000 && (v1206 == 0x10 || v1206 == 0x20 || v1206 == 0x40) )
{
for ( i58 = v1203[0]; ; i58 += 0x1000i64 )
{
if ( !*v83 || i58 == v1204 + v1203[0] )
{
if ( v1204 == 0x2000 )
{
v1383 = 0;
v1384 = 0x35;
v1385 = 0x56C;
v1386 = v1203[1];
v1387 = v1203[0];
v1388 = 0x2000;
v1389 = v1207 | v1206 | v1205;
if ( v44 + 0x1D <= 0x5400 )
{
*(v44 + v57) = 0x1B;
for ( i59 = 0; i59 < 0x1B; ++i59 )
*(v57 + i59 + v44 + 2) = *(&v1384 + i59);
v44 += 0x1Di64;
}
}
goto LABEL_1347;
}
if ( NtReadVirtualMemory(v288, i58, v1675, 0x1000i64, 0i64) >= 0 )
{
v132 = 0;
LABEL_1324:
if ( !v132 )
break;
}
}
for ( i60 = 0; ; ++i60 )
{
if ( (*(&v1270 + 7 * v132) + i60) > 0x1000ui64 )
{
++v132;
goto LABEL_1324;
}
for ( i61 = 0;
i61 < *(&v1270 + 7 * v132) && v1675[i61 + i60] == *(&v1270 + 0x1C * v132 + i61 + 4);
++i61 )
{
;
}
if ( i61 == *(&v1270 + 7 * v132) )
break;
}
v1390 = 0;
v1391 = 0x35;
v1392 = 0x56C;
v1393 = i60 + i58;
v1394 = v1203[0];
v1395 = v1204;
v1396 = v1207 | v1206 | v1205;
if ( v44 + 0x1D <= 0x5400 )
{
*(v44 + v57) = 0x1B;
for ( i62 = 0; i62 < 0x1B; ++i62 )
*(v57 + i62 + v44 + 2) = *(&v1391 + i62);
v44 += 0x1Di64;
}
}
LABEL_1347:
;
}
CloseHandle(v288);
}
v556 = v1624;
v1196 = v1625;
}
}
while ( *v83 && Module32Next(v555, v1623) );
}
CloseHandle(v555);
}
v446 = 0i64;
v182 = 0x150;
while ( 1 )
{
v182 += 0x400;
v446 = realloc(v446, v182);
if ( !v446 )
break;
v72 = NtQuerySystemInformation(5i64, v446, v182, &v182);
if ( v72 != 0xC0000004 )
{
if ( v72 >= 0 )
{
v436 = v446;
while ( *v83 )
{
if ( *(v436 + 0xA) == v1358 )
{
for ( i63 = 0; *v83 && i63 < v436[1]; ++i63 )
{
_mm_lfence();
strcpy(v318, "OpenThread");
OpenThread_1 = (GetProcAddress)(v75, v318);
v518 = OpenThread_1(0xAi64, 0i64, v436[0x14 * i63 + 0x4C]);
if ( v518 )
{
strcpy(v327, "ResumeThread");
ResumeThread = (GetProcAddress)(v75, v327);
v424 = ResumeThread(v518);
if ( v424 )
{
if ( v424 != -1 )
{
strcpy(v344, "SuspendThread");
SuspendThread = (GetProcAddress)(v75, v344);
SuspendThread(v518);
v542 = 0;
v543 = 0x3B;
v544 = v424;
if ( v44 + 7 <= 0x5400 )
{
*(v44 + v57) = 5;
for ( i64 = 0; i64 < 5; ++i64 )
*(v57 + i64 + v44 + 2) = *(&v543 + i64);
v44 += 7i64;
}
}
}
v1658[12] = 0x100011;
strcpy(v373, "GetThreadContext");
GetThreadContext = (GetProcAddress)(v75, v373);
v425 = 0;
v186 = 0;
while ( *v83 && v425 < 100 && v186 < 15 )
{
if ( GetThreadContext(v518, v1658) )
{
if ( v1659 )
{
v539 = 0;
v540 = 0x3B;
v541 = v1658[18];
if ( v44 + 7 <= 0x5400 )
{
*(v44 + v57) = 5;
for ( i65 = 0; i65 < 5; ++i65 )
*(v57 + i65 + v44 + 2) = *(&v540 + i65);
v44 += 7i64;
}
++v186;
}
v557 = OpenProcess(0x410i64, 0i64, v1358);
if ( v557 )
{
if ( NtReadVirtualMemory(v557, v1660, v1655, 0x200i64, 0i64) >= 0 )
{
for ( i66 = 0; i66 < 0x80; ++i66 )
{
if ( v1655[i66] >= v556 && v1655[i66] < v1196 + v556 )
{
_mm_lfence();
if ( NtReadVirtualMemory(v557, v1655[i66], &v1580, 0x10i64, 0i64) >= 0
&& v1580 == 0x23FF )
{
v1576[16] = 0;
v1577 = 0x3B;
v1578 = i66;
v1579 = v1655[i66] - v556;
if ( v44 + 0x19 <= 0x5400 )
{
*(v44 + v57) = 0x17;
for ( i67 = 0; i67 < 0x17; ++i67 )
*(v57 + i67 + v44 + 2) = *(&v1577 + i67);
v44 += 0x19i64;
}
++v186;
}
}
}
}
CloseHandle(v557);
}
}
Sleep(10i64);
++v425;
}
CloseHandle(v518);
}
}
break;
}
if ( !*v436 )
break;
v436 = (v436 + *v436);
}
}
free(v446);
break;
}
}
}
if ( v1360 == '.mwd' )
{
v1176 = OpenProcess(0x400i64, 0i64, v1358);
if ( v1176 )
{
for ( i68 = 0i64;
*v83 && (NtQueryVirtualMemory)(v1176, i68, 0i64, v1323, 0x30i64, &v1604) >= 0;
i68 = v1324 + v1323[0] )
{
if ( v1325 == 0x1000
&& v1327 != 0x1000000
&& (v1326 == 0x10 || v1326 == 0x20 || v1326 == 0x40)
&& v1324 > 0x10000 )
{
v1376 = 0;
v1377 = 0x35;
v1378 = 0x589;
v1379 = v1323[1];
v1380 = v1323[0];
v1381 = v1324;
v1382 = v1327 | v1326 | v1325;
if ( v44 + 0x1D <= 0x5400 )
{
*(v44 + v57) = 0x1B;
for ( i69 = 0; i69 < 0x1B; ++i69 )
*(v57 + i69 + v44 + 2) = *(&v1377 + i69);
v44 += 0x1Di64;
}
}
}
CloseHandle(v1176);
}
}
if ( (v1360 == 'ksaT' || v1360 == 'ksat') && v1361 == '.rgm'
|| v1360 == 'lpxe' && v1361 == 'rero' && v1362 == 'exe.' && v1358 != v188 )
{
v289 = OpenProcess(0x410i64, 0i64, v1358);
if ( v289 )
{
v140 = 0;
for ( i70 = 0i64;
*v83 && (NtQueryVirtualMemory)(v289, i70, 0i64, &v1585, 0x30i64, &v1600) >= 0;
i70 = v1586 + v1585 )
{
if ( v1587 == 0x1000 && v1589 == 0x20000 && v1588 == 0x40 && v1586 == 0x1000 )
{
v1562 = v140++;
if ( v1562 < 5 )
*&v1612[8 * v140 + 230] = v1585;
}
}
if ( v140 == 5i64 )
{
for ( i71 = 0; i71 < v140; ++i71 )
{
_mm_lfence();
v1370 = 0;
v1371 = 0x35;
v1372 = 0x5D8;
NtReadVirtualMemory(v289, *&v1612[8 * i71 + 0xEE], v1373, 8i64, 0i64);
v1373[1] = *&v1612[8 * i71 + 0xEE];
v1374 = 0;
v1375 = 0;
if ( v44 + 0x1D <= 0x5400 )
{
*(v44 + v57) = 0x1B;
for ( i72 = 0; i72 < 0x1B; ++i72 )
*(v57 + i72 + v44 + 2) = *(&v1371 + i72);
v44 += 0x1Di64;
}
}
}
CloseHandle(v289);
}
else if ( v1360 == 0x6C707865 )
{
v1297 = 0;
v1298 = 0x35;
v1299 = 0x5D8;
v1300 = GetLastError();
v1301 = 0i64;
v289 = OpenProcess(0x1000i64, 0i64, v1358);
if ( v289 )
{
strcpy(v364, "GetProcessTimes");
GetProcessTimes_2 = (GetProcAddress)(v75, v364);
if ( GetProcessTimes_2(v289, &v1561, &v519, &v519, &v519) )
{
v34 = GetCurrentProcess();
if ( GetProcessTimes_2(v34, &v1560, &v519, &v519, &v519) )
v1301 = v1560 - v1561;
}
CloseHandle(v289);
}
v1302 = 0;
v1303 = 0;
if ( v44 + 0x1D <= 0x5400 )
{
*(v44 + v57) = 27;
for ( i73 = 0; i73 < 0x1B; ++i73 )
*(v57 + i73 + v44 + 2) = *(&v1298 + i73);
v44 += 0x1Di64;
}
}
}
}
while ( *v83 && Process32Next(v558, &v1357) );
}
CloseHandle(v558);
if ( v59 )
{
v559 = 0;
v560 = 0x48;
v561 = 0x5B1;
v562 = v59;
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i74 = 0; i74 < 7; ++i74 )
*(v57 + i74 + v44 + 2) = *(&v560 + i74);
v44 += 9i64;
}
}
}
result = *v83;
if ( *v83 )
{
strcpy(v328, "LoadLibraryA");
LoadLibraryA = (GetProcAddress)(v75, v328);
strcpy(v306, "psapi.dll");
v1224 = LoadLibraryA(v306);
if ( v1224 )
{
strcpy(v345, "EnumProcesses");
EnumProcesse = (GetProcAddress)(v1224, v345);
if ( EnumProcesse(v1674, 0x640i64, &v231) )
{
if ( v231 < 0x640ui64 )
{
for ( i75 = 0; *v83 && i75 < &loc_FFF9 + 7; i75 += 4 )
{
_mm_lfence();
v274 = OpenProcess(0x1000i64, 0i64, i75);
if ( v274 )
{
_mm_lfence();
v1610[16] = 0;
v1611 = 0x38;
v1646[0] = 0;
v63 = 0x80;
if ( !QueryFullProcessImageNameW(v274, 0i64, v1646, &v63)
|| (LODWORD(v41) = 255,
(v63 = WideCharToMultiByte(0xFDE9i64, 0i64, v1646, v63, v1612, v41, 0i64, 0i64)) == 0) )
{
v1353 = i75;
v1354 = 0;
v1355 = 0x200;
v1356 = &v1671;
if ( NtQuerySystemInformation(0x58i64, &v1353, 0x18i64, 0i64) < 0 )
{
v63 = 0;
}
else
{
v1554[3] = v1612;
LODWORD(v41) = 255;
v63 = WideCharToMultiByte(0xFDE9i64, 0i64, v1356, v1354 / 2, v1612, v41, 0i64, 0i64);
}
}
for ( i76 = 0; ; ++i76 )
{
v1554[2] = i76;
if ( i76 >= v231 / 4ui64 || v1674[i76] == i75 )
break;
}
strcpy(v381, "GetExitCodeProcess");
GetExitCodeProcess_1 = (GetProcAddress)(v75, v381);
if ( v63 )
{
if ( !v96
&& (*&v1610[v63 + 1] == 1701667143 || *&v1610[v63 + 1] == 1701667175)
&& (*&v1610[v63 + 5] == 1919252047 || *&v1610[v63 + 5] == 1919252079)
&& (*&v1610[v63 + 9] == 1434018156 || *&v1610[v63 + 9] == 1970889068)
|| (v1554[1] = i76, i76 == v231 / 4ui64)
&& *&v1610[v63] == 1634038899
&& *&v1610[v63 + 4] == 1650816877 )
{
if ( GetExitCodeProcess_1(v274, &v1195) )
{
if ( v1195 == 259 )
{
strcpy(v365, "GetProcessTimes");
v1225 = (GetProcAddress)(v75, v365);
if ( v1225(v274, &v1553, &v520, &v520, &v520)
&& (v35 = GetCurrentProcess(), v1225(v35, v1554, &v520, &v520, &v520)) )
{
*&v1612[v63] = ((v1553 - v1554[0]) / 10000) & 0xFFFFFFFE;
}
else
{
*&v1612[v63] = 0;
}
if ( *&v1612[v63] >= 0 )
{
v1552 = i76;
v491 = i76 == v231 / 4ui64;
*&v1612[v63] |= v491;
if ( v44 + v63 + 5 + 2 <= 0x5400 )
{
*(v44 + v57) = v63 + 5;
for ( i77 = 0; i77 < v63 + 5; ++i77 )
*(v57 + i77 + v44 + 2) = v1612[i77 - 1];
v44 += v63 + 7;
}
}
}
}
else
{
*&v1612[v63] = GetLastError();
if ( v44 + v63 + 5 + 2 <= 0x5400 )
{
*(v44 + v57) = v63 + 5;
for ( i78 = 0; i78 < v63 + 5; ++i78 )
*(v57 + i78 + v44 + 2) = v1612[i78 - 1];
v44 += v63 + 7;
}
}
}
}
v1551 = i76;
v36 = v231 % 4ui64;
if ( i76 == v231 / 4ui64 && GetExitCodeProcess_1(v274, &v1194) && v1194 == 259 )
{
CloseHandle(v274);
v274 = OpenProcess(4096i64, 0i64, i75);
if ( !v274 )
continue;
if ( v63 )
{
v490 = GetFileAttributesExW(v1646, 0i64, v1618) ? v1618[8] : 0;
*&v1612[v63] = v490;
if ( v44 + v63 + 5 + 2 <= 0x5400 )
{
v36 = v44 + v57;
*(v44 + v57) = v63 + 5;
for ( i79 = 0; i79 < v63 + 5; ++i79 )
{
v36 = v44;
*(v57 + i79 + v44 + 2) = v1612[i79 - 1];
}
v44 += v63 + 7;
}
}
}
(CloseHandle)(v274, v36);
}
}
}
}
}
strcpy(v309, "BE_DLL.dll");
if ( GetFileAttributesExA(v309, 0i64, v1606) )
{
v536 = 0;
v537 = 61;
v538 = v1607;
if ( v44 + 7 <= 0x5400 )
{
*(v44 + v57) = 5;
for ( i80 = 0; i80 < 5; ++i80 )
*(v57 + i80 + v44 + 2) = *(&v537 + i80);
v44 += 7i64;
}
}
strcpy(v299, "\\\\.\\Beep");
strcpy(v321, "CreateFileA");
CreateFileA = (GetProcAddress)(v75, v321);
LODWORD(v41) = 0;
LODWORD(v39) = 3;
v521 = CreateFileA(v299, 0x80000000i64, 3i64, 0i64, v39, v41, 0i64);
if ( v521 != -1 )
{
v238 = 0;
v239 = 0x3E;
if ( v44 + 3 <= 0x5400 )
{
*(v44 + v57) = 1;
for ( i81 = 0; !i81; ++i81 )
*(v57 + v44 + 2) = v239;
v44 += 3i64;
}
CloseHandle(v521);
}
strcpy(v298, "\\\\.\\Null");
v521 = CreateFileA(v298, 0x80000000i64, 3i64, 0i64, 3i64, 0i64, 0i64);
if ( v521 != -1 )
{
v240 = 0;
v241 = 0x3F;
if ( v44 + 3 <= 0x5400 )
{
*(v44 + v57) = 1;
for ( i82 = 0; !i82; ++i82 )
*(v57 + v44 + 2) = v241;
v44 += 3i64;
}
CloseHandle(v521);
}
result = *v83;
if ( *v83 )
{
v1193 = GetTickCount();
Sleep(1000i64);
v522 = GetTickCount() - v1193;
if ( v522 >= 0x4B0 )
{
v533 = 0;
v534 = 0x45;
v535 = v522;
if ( v44 + 7 <= 0x5400 )
{
*(v44 + v57) = 5;
for ( i83 = 0; i83 < 5; ++i83 )
*(v57 + i83 + v44 + 2) = *(&v534 + i83);
v44 += 7i64;
}
}
strcpy(v413, "..\\..\\Plugins\\ZipUtility\\ThirdParty\\7zpp\\dll\\Win64\\7z.dll");
v58 = GetModuleHandleA(v413);
if ( v58 )
{
if ( *(v58 + 4104) != 0x83485348 )
{
v1315 = 0;
v1316[0] = 0x46;
v1316[1] = 0;
v1317 = *(v58 + 0x1008);
v1318 = *(v58 + 0x1010);
if ( v44 + 0x14 <= 0x5400 )
{
*(v44 + v57) = 0x12;
for ( i84 = 0; i84 < 0x12; ++i84 )
*(v57 + i84 + v44 + 2) = v1316[i84];
v44 += 0x14i64;
}
}
}
strcpy(v296, "hal.dll");
v58 = GetModuleHandleA(v296);
if ( v58 )
{
v1319 = 0;
v1320[0] = 0x46;
v1320[1] = 2;
v1321 = *(v58 + 0x1000);
v1322 = *(v58 + 0x1008);
if ( v44 + 0x14 <= 0x5400 )
{
*(v44 + v57) = 18;
for ( i85 = 0; i85 < 0x12; ++i85 )
*(v57 + i85 + v44 + 2) = v1320[i85];
v44 += 0x14i64;
}
}
strcpy(v382, "nvToolsExt64_1.dll");
v58 = GetModuleHandleA(v382);
if ( v58 )
{
v566 = 0;
v567 = 0x48;
v568 = 0x5A8;
v569 = *(v58 + *(v58 + 0x3C) + 0x50);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i86 = 0; i86 < 7; ++i86 )
*(v57 + i86 + v44 + 2) = *(&v567 + i86);
v44 += 9i64;
}
}
strcpy(v378, "ws2detour_x96.dll");
v58 = GetModuleHandleA(v378);
if ( v58 )
{
v570 = 0;
v571 = 0x48;
v572 = 0x5B5;
v573 = *(v58 + *(v58 + 0x3C) + 0x50);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i87 = 0; i87 < 7; ++i87 )
*(v57 + i87 + v44 + 2) = *(&v571 + i87);
v44 += 9i64;
}
}
strcpy(v377, "networkdllx64.dll");
v58 = GetModuleHandleA(v377);
if ( v58 )
{
if ( *(v58 + *(v58 + 0x3C) + 0x50) < 0x200000u || *(v58 + *(v58 + 0x3C) + 0x50) >= 0x400000u )
{
if ( *(*(v58 + 0x3C) + v58 + 0xAC) == 0x1B20 )
{
v578 = 0;
v579 = 0x48;
v580 = 0x5B7;
v581 = *(v58 + *(v58 + 60) + 8);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i88 = 0; i88 < 7; ++i88 )
*(v57 + i88 + v44 + 2) = *(&v579 + i88);
v44 += 9i64;
}
}
}
else
{
v574 = 0;
v575 = 0x48;
v576 = 0x5B7;
v577 = *(*(v58 + 0x3C) + v58 + 0xAC);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i89 = 0; i89 < 7; ++i89 )
*(v57 + i89 + v44 + 2) = *(&v575 + i89);
v44 += 9i64;
}
}
}
strcpy(v374, "nxdetours_64.dll");
v58 = GetModuleHandleA(v374);
if ( v58 )
{
v582 = 0;
v583 = 0x48;
v584 = 0x5B8;
v585 = *(v58 + *(v58 + 0x3C) + 0x50);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i90 = 0; i90 < 7; ++i90 )
*(v57 + i90 + v44 + 2) = *(&v583 + i90);
v44 += 9i64;
}
}
strcpy(v355, "nvcompiler.dll");
v58 = GetModuleHandleA(v355);
if ( v58 )
{
v586 = 0;
v587 = 0x48;
v588 = 0x5BC;
v589 = *(v58 + 0x1000);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i91 = 0; i91 < 7; ++i91 )
*(v57 + i91 + v44 + 2) = *(&v587 + i91);
v44 += 9i64;
}
}
strcpy(v329, "iphlpapi.dll");
v58 = LoadLibraryA(v329);
if ( v58 )
{
strcpy(v384, "GetExtendedUdpTable");
GetExtendedUdpTable = (GetProcAddress)(v58, v384);
v416 = 0;
GetExtendedUdpTable(0i64, &v416, 0i64, 2i64, 2, 0);
v267 = malloc(v416);
if ( !GetExtendedUdpTable(v267, &v416, 0i64, 2i64, 2, 0) )
{
for ( i92 = 0; i92 < *v267; ++i92 )
{
if ( !v267[40 * i92 + 2] )
{
_mm_lfence();
v447 = OpenProcess(0x1000i64, 0i64, v267[40 * i92 + 4]);
if ( v447 )
{
_mm_lfence();
strcpy(v383, "GetExitCodeProcess");
GetExitCodeProcess_2 = (GetProcAddress)(v75, v383);
if ( GetExitCodeProcess_2(v447, &v1192) && v1192 != 259 )
{
_mm_lfence();
CloseHandle(v447);
v447 = OpenProcess(0x1000i64, 0i64, v267[40 * i92 + 4]);
if ( !v447 )
continue;
v1283 = v267[40 * i92 + 4];
v1284 = 0;
v1285 = 0x200;
v1286 = v1657;
if ( NtQuerySystemInformation(0x58i64, &v1283, 0x18i64, 0i64) >= 0 )
{
v146 = v1284 >> 1;
while ( v1657[--v146] != 0x5C && v146 )
{
if ( v1657[v146] >= 0x30u && v1657[v146] <= 0x39u )
{
v1636 = 0;
v1637 = 0x48;
v1638 = 0x5B9;
v1639 = 0;
v1640 = v267[40 * i92 + 3];
v1641 = 0;
v1642 = MEMORY[0x7FFE0014];
v1642 = MEMORY[0x7FFE0014] - *&v267[40 * i92 + 6];
v1549 = v1643;
LODWORD(v42) = 0xFF;
v268 = WideCharToMultiByte(65001i64, 0i64, v1286, v1284 / 2, v1643, v42, 0i64, 0i64);
if ( v44 + (v268 + 0x15) + 2 <= 0x5400 )
{
*(v44 + v57) = v268 + 0x15;
for ( i93 = 0; i93 < (v268 + 0x15); ++i93 )
*(v57 + i93 + v44 + 2) = *(&v1637 + i93);
v44 += (v268 + 0x17);
}
break;
}
}
}
}
CloseHandle(v447);
}
}
}
}
free(v267);
}
strcpy(v290, "wmp.dll");
v58 = GetModuleHandleA(v290);
if ( v58 )
{
v590 = 0;
v591 = 0x48;
v592 = 0x5BE;
v593 = *(v58 + 0x1000);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i94 = 0; i94 < 7; ++i94 )
*(v57 + i94 + v44 + 2) = *(&v591 + i94);
v44 += 9i64;
}
}
strcpy(v338, "Project1.dll");
v58 = GetModuleHandleA(v338);
if ( v58 )
{
v594 = 0;
v595 = 0x48;
v596 = 0x5C8;
v597 = *(v58 + *(v58 + 60) + 8);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i95 = 0; i95 < 7; ++i95 )
*(v57 + i95 + v44 + 2) = *(&v595 + i95);
v44 += 9i64;
}
}
strcpy(v346, "tier0_x64.dll");
strcpy(v331, "TenFact1.dll");
strcpy(v310, "netio1.dll");
strcpy(v347, "QbBridge1.dll");
strcpy(v332, "wcprobe1.dll");
strcpy(v385, "crash_capturer1.dll");
strcpy(v307, "iips1.dll");
strcpy(v370, "AECommonDll1.dll");
strcpy(v311, "wgcore.dll");
strcpy(v386, "AMD_RYZEN_3990X.dll");
strcpy(v312, "NoName.dll");
v58 = GetModuleHandleA(v346);
if ( v58 )
goto LABEL_1918;
v58 = GetModuleHandleA(v331);
if ( v58 )
goto LABEL_1918;
v58 = GetModuleHandleA(v310);
if ( v58 )
goto LABEL_1918;
v58 = GetModuleHandleA(v347);
if ( v58
|| (v58 = GetModuleHandleA(v332)) != 0
|| (v58 = GetModuleHandleA(v385)) != 0
|| (v58 = GetModuleHandleA(v307)) != 0
|| (v58 = GetModuleHandleA(v370)) != 0
|| (v58 = GetModuleHandleA(v311)) != 0
|| (v58 = GetModuleHandleA(v386)) != 0
|| (v58 = GetModuleHandleA(v312)) != 0 )
{
LABEL_1918:
v1363 = 0;
v1364 = 0x35;
v1365 = 0x5CA;
v598 = (*(v58 + 0x3C) + v58);
v1366 = v598[2];
v1367 = v598[20];
v1368 = v598[10];
v1369 = v598[43];
if ( v44 + 0x1D <= 0x5400 )
{
*(v44 + v57) = 0x1B;
for ( i96 = 0; i96 < 0x1B; ++i96 )
*(v57 + i96 + v44 + 2) = *(&v1364 + i96);
v44 += 0x1Di64;
}
}
strcpy(v371, "DxtoryMM_x64.dll");
strcpy(v308, "mslib.dll");
v58 = GetModuleHandleA(v371);
if ( v58 || (v58 = GetModuleHandleA(v308)) != 0 )
{
v448 = 0;
v449 = 0x48;
v450 = 0x5CB;
v451 = *(v58 + *(v58 + 0x3C) + 8);
if ( v451 == 0x5B693A01 )
v451 = *(v58 + 0x43D000);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i97 = 0; i97 < 7; ++i97 )
*(v57 + i97 + v44 + 2) = *(&v449 + i97);
v44 += 9i64;
}
}
strcpy(v412, "C:\\Windows\\mscorlib.ni.dll");
v58 = GetModuleHandleA(v412);
if ( v58 )
{
v599 = 0;
v600 = 0x48;
v601 = 0x587;
v602 = *(v58 + 0x1000);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i98 = 0; i98 < 7; ++i98 )
*(v57 + i98 + v44 + 2) = *(&v600 + i98);
v44 += 9i64;
}
}
strcpy(v333, "frAQBc8W.dll");
v58 = GetModuleHandleA(v333);
if ( v58 )
{
v603 = 0;
v604 = 0x48;
v605 = 0x5D1;
v606 = *(v58 + *(v58 + 0x3C) + 8);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i99 = 0; i99 < 7; ++i99 )
*(v57 + i99 + v44 + 2) = *(&v604 + i99);
v44 += 9i64;
}
}
strcpy(v334, "OWClient.dll");
v58 = GetModuleHandleA(v334);
if ( v58 )
{
v335[0] = 0x4C;
v335[1] = 0x8B;
v335[2] = 0xE0;
v335[3] = 0x48;
v335[4] = 0x85;
v335[5] = 0xC0;
v335[6] = 0x75;
v335[7] = 0x4B;
v335[8] = 0xB2;
v335[9] = 1;
v335[10] = 0x48;
v335[11] = 0x8D;
v335[12] = 0xD;
v1229 = v58 + *(v58 + 0x3C) + 0x18;
v417 = (*(v1229 + 0x14) + v58);
for ( i100 = 0; *v83 && i100 + 0xDi64 <= *(v1229 + 4); ++i100 )
{
for ( i101 = 0; i101 < 0xD && *(v417 + i101 + i100) == v335[i101]; ++i101 )
;
if ( i101 == 0xDi64 )
{
v417 = (v417 + i100 + *(v417 + i100 - 9) + 0x13);
if ( *v417 )
{
if ( (v489 = (NtQueryVirtualMemory)(-1i64, *v417, 0i64, v89, 0x30i64, &v266) < 0, v70 = v489)
|| LODWORD(v89[4]) != 4096
|| LODWORD(v89[5]) != 0x20000 && LODWORD(v89[5]) != 0x1000000
|| HIDWORD(v89[4]) != 0x10 && HIDWORD(v89[4]) != 0x20 && HIDWORD(v89[4]) != 0x40 )
{
v1474 = 0;
v1475[0] = 0x47;
v1475[1] = 4;
v1476 = *v417;
v1477 = *v1476;
v1478 = v1476[1];
v1479 = v1476[2];
v1480 = v1476[3];
v1230 = v70 ? 0i64 : v89[1];
v1481 = v1230;
v1231 = v70 ? 0i64 : v89[0];
v1482 = v1231;
v488 = v70 ? 0 : LODWORD(v89[3]);
v1483 = v488;
v487 = v70 ? 0 : LODWORD(v89[5]) | HIDWORD(v89[4]) | LODWORD(v89[4]);
v1484 = v487;
if ( v44 + 0x44 <= 0x5400 )
{
*(v44 + v57) = 0x42;
for ( i102 = 0; i102 < 0x42; ++i102 )
*(v57 + i102 + v44 + 2) = v1475[i102];
v44 += 0x44i64;
}
}
}
break;
}
}
}
strcpy(v1282, "gameoverlayrenderer64.dll");
v453 = GetModuleHandleA(v1282);
if ( v453 )
{
v524 = v453 + *(v453 + 0x3C) + 0x18;
v356[0] = 0x33;
v356[1] = -10;
v356[2] = -125;
v356[3] = 0xE5;
v356[4] = 0xF7;
v356[5] = 0x44;
v356[6] = 0x8B;
v356[7] = 0xC5;
v356[8] = 0x8B;
v356[9] = 0xD6;
v356[10] = 0x49;
v356[11] = 0x8B;
v356[12] = 0xCE;
v356[13] = 0xFF;
v356[14] = 0x15;
v111 = *(v524 + 0x14) + v453;
for ( i103 = 0; *v83 && i103 + 0xFi64 <= *(v524 + 4); ++i103 )
{
for ( i104 = 0; i104 < 0xF && *(v111 + i104 + i103) == v356[i104]; ++i104 )
;
if ( i104 == 0xFi64 )
{
v111 += i103 - 0x84;
if ( *v111 == 0x1774 )
{
v1232 = 1i64;
v1233 = ++v111;
if ( NtProtectVirtualMemory(-1i64, &v1233, &v1232, 0x40i64, &v470) >= 0 )
{
*v111 = 0;
NtProtectVirtualMemory(-1i64, &v1233, &v1232, v470, &v470);
}
}
break;
}
}
if ( i103 + 0xFi64 > *(v524 + 4) )
{
v1452 = 0;
v1453[0] = 0x47;
v1453[1] = 0xA;
v1454 = v453 + 0x88E20;
v1455 = *(v453 + 0x88E20);
v1456 = *(v453 + 0x88E28);
v1457 = *(v453 + 0x88E30);
v1458 = *(v453 + 0x88E38);
(NtQueryVirtualMemory)(-1i64, v453 + 0x88E20, 0i64, v89, 48i64, &v266);
v1459 = v89[1];
v1460 = v89[0];
v1461 = v89[3];
v1462 = LODWORD(v89[5]) | HIDWORD(v89[4]) | LODWORD(v89[4]);
if ( v44 + 0x44 <= 0x5400 )
{
*(v44 + v57) = 0x42;
for ( i105 = 0; i105 < 0x42; ++i105 )
*(v57 + i105 + v44 + 2) = v1453[i105];
v44 += 0x44i64;
}
}
v280[0] = 0xB9;
v280[1] = 9;
v280[2] = 0;
v280[3] = 0;
v280[4] = 0;
v280[5] = 0xFF;
v280[6] = 0xD0;
v111 = *(v524 + 0x14) + v453;
for ( i106 = 0; *v83 && i106 + 7i64 <= *(v524 + 4); ++i106 )
{
for ( i107 = 0; i107 < 7 && *(v111 + i107 + i106) == v280[i107]; ++i107 )
;
if ( i107 == 7i64 && *(v111 + i106 - 19) == 0x8B48 && *(v111 + i106 - 0x11) == 5 )
{
v111 = *(i106 + v111 + *(v111 + i106 - 0x10) - 0xC);
if ( v111 )
{
v480 = (NtQueryVirtualMemory)(-1i64, v111, 0i64, v89, 0x30i64, &v266) < 0;
v71 = v480;
if ( v480 || LODWORD(v89[4]) != 0x1000 || *(&v89[4] + 4) != 0x2000000000040i64 )
{
v1463 = 0;
v1464[0] = 0x47;
v1464[1] = 4;
v1465 = v111;
v1466 = *v111;
v1467 = *(v111 + 8);
v1468 = *(v111 + 0x10);
v1469 = *(v111 + 0x18);
v1234 = v71 ? 0i64 : v89[1];
v1470 = v1234;
v1237 = v71 ? 0i64 : v89[0];
v1471 = v1237;
v481 = v71 ? 0 : LODWORD(v89[3]);
v1472 = v481;
v482 = v71 ? 0 : LODWORD(v89[5]) | HIDWORD(v89[4]) | LODWORD(v89[4]);
v1473 = v482;
if ( v44 + 0x44 <= 0x5400 )
{
*(v44 + v57) = 0x42;
for ( i108 = 0; i108 < 0x42; ++i108 )
*(v57 + i108 + v44 + 2) = v1464[i108];
v44 += 0x44i64;
}
}
}
break;
}
}
}
strcpy(v387, "PocoInitializer.dll");
if ( GetModuleHandleA(v387) )
{
v413[64] = 0;
v414 = 0x48;
v415 = 0x617;
if ( v44 + 5 <= 0x5400 )
{
*(v44 + v57) = 3;
for ( i109 = 0; i109 < 3; ++i109 )
*(v57 + i109 + v44 + 2) = *(&v414 + i109);
v44 += 5i64;
}
}
strcpy(v372, "shimloader64.dll");
v58 = GetModuleHandleA(v372);
if ( v58 )
{
v607 = 0;
v608 = 0x48;
v609 = 0x619;
v610 = *(v58 + *(v58 + 60) + 8);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i110 = 0; i110 < 7; ++i110 )
*(v57 + i110 + v44 + 2) = *(&v608 + i110);
v44 += 9i64;
}
}
v97 = 0;
v84 = 0;
for ( i111 = 0; *v83 && i111 < 10; ++i111 )
{
v1187 = 0i64;
v420 = 0i64;
v220 = 336;
while ( 1 )
{
v220 += 1024;
v420 = realloc(v420, v220);
if ( !v420 )
break;
v72 = NtQuerySystemInformation(5i64, v420, v220, &v220);
if ( v72 != 0xC0000004 )
{
if ( v72 >= 0 )
{
_mm_lfence();
strcpy(v357, "GetSystemTimes");
GetSystemTimes = (GetProcAddress)(v75, v357);
GetSystemTimes(&v1599, &v1545, &v1543);
Sleep(1000i64);
v455 = 0i64;
v221 = 0x150;
while ( 1 )
{
v221 += 0x400;
v455 = realloc(v455, v221);
if ( !v455 )
break;
v72 = NtQuerySystemInformation(5i64, v455, v221, &v221);
if ( v72 != 0xC0000004 )
{
if ( v72 >= 0 )
{
GetSystemTimes(&v1598, &v1544, &v1542);
LABEL_1800:
v478 = 0i64;
v128 = v455;
while ( *a5 )
{
v93 = v420;
while ( *a5 )
{
if ( *(v128 + 10) == *(v93 + 10) )
{
v611 = *(v128 + 6) - *(v93 + 6) + *(v128 + 5) - *(v93 + 5);
v478 += v611;
if ( !i111 )
{
v483 = *(v93 + 28) == 0x16
&& **(v93 + 8) == 's'
&& *(*(v93 + 8) + 2i64) == 'v'
&& *(*(v93 + 8) + 4i64) == 'c'
&& *(*(v93 + 8) + 6i64) == 'h'
&& *(*(v93 + 8) + 8i64) == 'o';
v127 = v483;
v119 = 0;
LABEL_1816:
if ( *a5 && v119 < v128[1] )
{
for ( i112 = 0; ; ++i112 )
{
if ( !*a5 || i112 >= v93[1] )
{
LABEL_1815:
++v119;
goto LABEL_1816;
}
if ( *&v128[0x14 * v119 + 0x4C] == *&v93[0x14 * i112 + 0x4C] )
break;
}
for ( i113 = v420; ; i113 = (i113 + *i113) )
{
if ( !*a5 )
goto LABEL_1815;
if ( *(i113 + 0xA) == GetCurrentProcessId() )
break;
if ( !*i113 )
goto LABEL_1815;
}
v1496 = *&v93[0x14 * i112 + 0x48];
strcpy(v313, "OpenThread");
OpenThread_2 = (GetProcAddress)(v75, v313);
v1190 = OpenThread_2(0x40i64, 0i64, v93[0x14 * i112 + 0x4C]);
if ( v1190 )
{
strcpy(v405, "NtQueryInformationThread");
NtQueryInformationThread_1 = (GetProcAddress)(v126, v405);
if ( NtQueryInformationThread_1(v1190, 9i64, &v1546, 8i64, 0i64) >= 0 )
v1496 = v1546;
CloseHandle(v1190);
}
v454 = *&v128[0x14 * v119 + 0x40]
- *&v93[0x14 * i112 + 0x40]
+ *&v128[0x14 * v119 + 0x42]
- *&v93[0x14 * i112 + 0x42];
v1189 = *(i113 + 4) - *&v93[20 * i112 + 0x44];
if ( *(v93 + 10) == 4i64
&& (v611 >= 16000000 && v454 >= 8000000 || v454 >= 2500000 && v1189 <= 1200000000) )
{
if ( v454 >= 9000000 )
v97 = 1;
LABEL_1836:
v1490 = 0;
v1491 = 0x48;
v1492 = 0x46B;
v1493 = v611;
v1494 = v454;
v1495 = *&v93[0x14 * i112 + 0x42];
v1497 = v128[0x14 * v119 + 0x51] + 0xA * v128[0x14 * v119 + 0x52];
if ( v84 )
v1497 += 1000;
v1498 = v1189;
v1499 = v93[1] - (i112 + 1);
v1500 = *&v93[20 * i112 + 68] - *(v93 + 4);
if ( v44 + 0x3D <= 0x5400 )
{
*(v44 + v57) = 0x3B;
for ( i114 = 0; i114 < 0x3B; ++i114 )
*(v57 + i114 + v44 + 2) = *(&v1491 + i114);
v44 += 61i64;
}
goto LABEL_1815;
}
if ( !v97 || v611 < 7000000 || !v127 )
goto LABEL_1815;
if ( v84 )
{
if ( v454 < 500000 )
goto LABEL_1815;
goto LABEL_1836;
}
if ( v454 < 2500000 )
goto LABEL_1815;
v84 = 1;
goto LABEL_1800;
}
}
break;
}
if ( !*v93 )
{
v478 += *(v128 + 6) + *(v128 + 5);
break;
}
v93 = (v93 + *v93);
}
if ( !*v128 )
break;
v128 = (v128 + *v128);
}
v1187 = v1542 - v1543 + v1544 - v1545 - v478;
}
free(v455);
break;
}
}
}
free(v420);
break;
}
}
if ( v1187 < 7500000 )
break;
}
if ( i111 == 10 )
{
v612 = 0;
v613 = 0x48;
v614 = 0x46B;
v615 = v1187 / 10000;
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i115 = 0; i115 < 7; ++i115 )
*(v57 + i115 + v44 + 2) = *(&v613 + i115);
v44 += 9i64;
}
}
strcpy(v336, "GetTempPathA");
v1539 = (GetProcAddress)(v75, v336);
v225 = v1539(0x105i64, v1645);
*&v1645[v225] = 'lCEB';
*&v1645[v225 + 4] = 'tnei';
*&v1645[v225 + 8] = 'ld.2';
v1645[v225 + 12] = 'l';
v1645[v225 + 13] = '\0';
v58 = LoadLibraryA(v1645);
if ( v58 )
{
strcpy(v322, "FreeLibrary");
FreeLibrary = (GetProcAddress)(v75, v322);
FreeLibrary(v58);
}
else
{
v485 = GetLastError();
if ( v485 != 0x7E )
{
v616 = 0;
v617 = 0x48;
v618 = 0x5F4;
v484 = GetFileAttributesExA(v1645, 0i64, v1606) ? v1607 : -1;
v619 = v485 | (v484 << 16);
if ( v44 + 9 <= 0x5400 )
{
*(v44 + v57) = 7;
for ( i116 = 0; i116 < 7; ++i116 )
*(v57 + i116 + v44 + 2) = *(&v617 + i116);
v44 += 9i64;
}
}
}
strcpy(v279, "EscapeFromTarkov_Data\\StreamingAssets\\Windows\\shaders");
v265 = CreateFileA(v279, 0x40000000i64, 7i64, 0i64, 3i64, 0x80i64, 0i64);
if ( v265 != -1 )
{
v242 = 0;
v243 = 0x41;
if ( v44 + 3 <= 0x5400 )
{
*(v44 + v57) = 1;
for ( i117 = 0; !i117; ++i117 )
*(v57 + v44 + 2) = v243;
v44 += 3i64;
}
CloseHandle(v265);
}
v265 = CreateFileA(v279, 0x80000000i64, 7i64, 0i64, 3i64, 0x80i64, 0i64);
if ( v265 != -1 )
{
strcpy(v397, "NtQueryInformationFile");
NtQueryInformationFile_1 = (GetProcAddress)(v126, v397);
if ( NtQueryInformationFile_1(v265, v1524, &v1608, 0x28i64, 4) >= 0 )
{
_mm_lfence();
strcpy(v400, "GetSystemTimeAsFileTime");
GetSystemTimeAsFileTime_1 = (GetProcAddress)(v75, v400);
GetSystemTimeAsFileTime_1(&v1526);
strcpy(v366, "GetProcessTimes");
GetProcessTimes_3 = (GetProcAddress)(v75, v366);
if ( GetProcessTimes_3(-1i64, &v1186, &v1221, &v1221, &v1221) )
{
if ( v1609 > v1186 && v1526 >= v1609 )
{
strcpy(&v279[46], "doge");
v1185 = CreateFileA(v279, 0x80000000i64, 7i64, 0i64, 3i64, 0x80i64, 0i64);
if ( v1185 != -1 )
{
_mm_lfence();
if ( NtQueryInformationFile_1(v1185, v1524, v1622, 40i64, 4) >= 0 && v1622[3] <= v1186 )
{
v530 = 0;
v531 = 0x41;
v37 = (v1609 - v1186) % 10000000;
v532 = (v1609 - v1186) / 10000000;
if ( v44 + 7 <= 0x5400 )
{
*(v44 + v57) = 5;
for ( i118 = 0; i118 < 5; ++i118 )
{
v37 = v44;
*(v57 + i118 + v44 + 2) = *(&v531 + i118);
}
v44 += 7i64;
}
}
(CloseHandle)(v1185, v37);
}
}
}
}
CloseHandle(v265);
}
if ( v44 + 1 <= 0x5400 )
{
*(v44 + v57) = -1;
v229 = 0;
++v44;
}
if ( v44 <= 0x3E8 )
v44 = 1000i64;
v98 = *(v57 + 2);
for ( i119 = 6; i119 < v44; ++i119 )
{
v486 = v98 ^ *(v57 + i119);
*(v57 + i119) = v486;
v98 = v486;
}
(v1677)(v57, v44, 0i64);
return (free)(v57);
}
}
}
}
return result;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment