Edit tour

Windows Analysis Report
ts.exe_

Overview

General Information

Sample Name:	ts.exe_ (renamed file extension from exe_ to exe)
Analysis ID:	745562
MD5:	ad57d446c107b5abd83b6180456cd0dd
SHA1:	8e277fb9bc97bedc7f7f4ba4390cc36702d87b7c
SHA256:	58d9d7c2d4a4140bbdc16c9b6ab1b56244ebc8b1c3eaa1fc63386bbce7acdb4c
Infos:

Detection

Emotet

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected Emotet

Malicious sample detected (through community Yara rule)

Antivirus detection for dropped file

Machine Learning detection for sample

PE file does not import any functions

Yara signature match

Drops PE files

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Found dropped PE file which has not been started or loaded

Uses Microsoft's Enhanced Cryptographic Provider

Contains long sleeps (>= 3 min)

Classification

Process Tree

System is w10x64

ts.exe (PID: 3664 cmdline: C:\Users\user\Desktop\ts.exe MD5: AD57D446C107B5ABD83B6180456CD0DD)

conhost.exe (PID: 4724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
ts.exe	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
ts.exe	Windows_Trojan_Emotet_db7d33fa	unknown	unknown	0xa7cfe:$chunk_0: 4C 8D 9C 24 B0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xaa853:$chunk_0: 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xab94f:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xb218d:$chunk_0: 4C 8D 9C 24 A0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xa6601:$chunk_1: 8B C7 41 0F B7 4C 45 00 41 8B 1C 8C 48 03 DD 48 3B DE 72 1B 0xb1a8c:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3 0xaa841:$chunk_3: 48 8B 45 27 BB 01 00 00 00 48 89 07 8B 45 2F 89 47 08 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xab93d:$chunk_3: 48 8B 45 3F BB 01 00 00 00 48 89 07 8B 45 47 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xab3a7:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0xb3d19:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0xa6272:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 D0 01 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3 0xa6615:$chunk_6: 43 8B 84 FE 8C 00 00 00 48 03 C6 48 3B D8 73 0B 0xa3097:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\Desktop\62366813.dll	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
C:\Users\user\Desktop\62366813.dll	Windows_Trojan_Emotet_db7d33fa	unknown	unknown	0x92ea:$chunk_0: 4C 8D 9C 24 B0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xbe3f:$chunk_0: 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xcf3b:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x13779:$chunk_0: 4C 8D 9C 24 A0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x7bed:$chunk_1: 8B C7 41 0F B7 4C 45 00 41 8B 1C 8C 48 03 DD 48 3B DE 72 1B 0x13078:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3 0xbe2d:$chunk_3: 48 8B 45 27 BB 01 00 00 00 48 89 07 8B 45 2F 89 47 08 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xcf29:$chunk_3: 48 8B 45 3F BB 01 00 00 00 48 89 07 8B 45 47 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xc993:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x15305:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x785e:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 D0 01 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3 0x7c01:$chunk_6: 43 8B 84 FE 8C 00 00 00 48 03 C6 48 3B D8 73 0B 0x4683:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp	Windows_Trojan_Emotet_db7d33fa	unknown	unknown	0x8eea:$chunk_0: 4C 8D 9C 24 B0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xba3f:$chunk_0: 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xcb3b:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x13379:$chunk_0: 4C 8D 9C 24 A0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x77ed:$chunk_1: 8B C7 41 0F B7 4C 45 00 41 8B 1C 8C 48 03 DD 48 3B DE 72 1B 0x12c78:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3 0xba2d:$chunk_3: 48 8B 45 27 BB 01 00 00 00 48 89 07 8B 45 2F 89 47 08 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xcb29:$chunk_3: 48 8B 45 3F BB 01 00 00 00 48 89 07 8B 45 47 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xc593:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x14f05:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x745e:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 D0 01 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3 0x7801:$chunk_6: 43 8B 84 FE 8C 00 00 00 48 03 C6 48 3B D8 73 0B 0x4283:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
00000000.00000003.299862162.00000228231C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000000.00000003.299862162.00000228231C0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Emotet_db7d33fa	unknown	unknown	0x92ea:$chunk_0: 4C 8D 9C 24 B0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xbe3f:$chunk_0: 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xcf3b:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x13779:$chunk_0: 4C 8D 9C 24 A0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x7bed:$chunk_1: 8B C7 41 0F B7 4C 45 00 41 8B 1C 8C 48 03 DD 48 3B DE 72 1B 0x13078:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3 0xbe2d:$chunk_3: 48 8B 45 27 BB 01 00 00 00 48 89 07 8B 45 2F 89 47 08 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xcf29:$chunk_3: 48 8B 45 3F BB 01 00 00 00 48 89 07 8B 45 47 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xc993:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x15305:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x785e:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 D0 01 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3 0x7c01:$chunk_6: 43 8B 84 FE 8C 00 00 00 48 03 C6 48 3B D8 73 0B 0x4683:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
00000000.00000003.299383409.0000022823350000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
00000000.00000003.299383409.0000022823350000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Emotet_db7d33fa	unknown	unknown	0xa7cfe:$chunk_0: 4C 8D 9C 24 B0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xaa853:$chunk_0: 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xab94f:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xb218d:$chunk_0: 4C 8D 9C 24 A0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xa6601:$chunk_1: 8B C7 41 0F B7 4C 45 00 41 8B 1C 8C 48 03 DD 48 3B DE 72 1B 0xb1a8c:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3 0xaa841:$chunk_3: 48 8B 45 27 BB 01 00 00 00 48 89 07 8B 45 2F 89 47 08 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xab93d:$chunk_3: 48 8B 45 3F BB 01 00 00 00 48 89 07 8B 45 47 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xab3a7:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0xb3d19:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0xa6272:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 D0 01 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3 0xa6615:$chunk_6: 43 8B 84 FE 8C 00 00 00 48 03 C6 48 3B D8 73 0B 0xa3097:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.3.ts.exe.228231c0000.3.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.3.ts.exe.228231c0000.3.unpack	Windows_Trojan_Emotet_db7d33fa	unknown	unknown	0x86ea:$chunk_0: 4C 8D 9C 24 B0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xb23f:$chunk_0: 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xc33b:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x12b79:$chunk_0: 4C 8D 9C 24 A0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x6fed:$chunk_1: 8B C7 41 0F B7 4C 45 00 41 8B 1C 8C 48 03 DD 48 3B DE 72 1B 0x12478:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3 0xb22d:$chunk_3: 48 8B 45 27 BB 01 00 00 00 48 89 07 8B 45 2F 89 47 08 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xc329:$chunk_3: 48 8B 45 3F BB 01 00 00 00 48 89 07 8B 45 47 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xbd93:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x14705:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x6c5e:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 D0 01 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3 0x7001:$chunk_6: 43 8B 84 FE 8C 00 00 00 48 03 C6 48 3B D8 73 0B 0x3a83:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
0.3.ts.exe.228233eea14.0.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.3.ts.exe.228233eea14.0.unpack	Windows_Trojan_Emotet_db7d33fa	unknown	unknown	0x86ea:$chunk_0: 4C 8D 9C 24 B0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xb23f:$chunk_0: 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xc33b:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x12b79:$chunk_0: 4C 8D 9C 24 A0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x6fed:$chunk_1: 8B C7 41 0F B7 4C 45 00 41 8B 1C 8C 48 03 DD 48 3B DE 72 1B 0x12478:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3 0xb22d:$chunk_3: 48 8B 45 27 BB 01 00 00 00 48 89 07 8B 45 2F 89 47 08 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xc329:$chunk_3: 48 8B 45 3F BB 01 00 00 00 48 89 07 8B 45 47 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xbd93:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x14705:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x6c5e:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 D0 01 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3 0x7001:$chunk_6: 43 8B 84 FE 8C 00 00 00 48 03 C6 48 3B D8 73 0B 0x3a83:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
0.3.ts.exe.228231c0000.3.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.3.ts.exe.228231c0000.3.raw.unpack	Windows_Trojan_Emotet_db7d33fa	unknown	unknown	0x92ea:$chunk_0: 4C 8D 9C 24 B0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xbe3f:$chunk_0: 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xcf3b:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x13779:$chunk_0: 4C 8D 9C 24 A0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x7bed:$chunk_1: 8B C7 41 0F B7 4C 45 00 41 8B 1C 8C 48 03 DD 48 3B DE 72 1B 0x13078:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3 0xbe2d:$chunk_3: 48 8B 45 27 BB 01 00 00 00 48 89 07 8B 45 2F 89 47 08 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xcf29:$chunk_3: 48 8B 45 3F BB 01 00 00 00 48 89 07 8B 45 47 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xc993:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x15305:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x785e:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 D0 01 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3 0x7c01:$chunk_6: 43 8B 84 FE 8C 00 00 00 48 03 C6 48 3B D8 73 0B 0x4683:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
0.2.ts.exe.7ffa0aed0000.2.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.2.ts.exe.7ffa0aed0000.2.unpack	Windows_Trojan_Emotet_db7d33fa	unknown	unknown	0x92ea:$chunk_0: 4C 8D 9C 24 B0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xbe3f:$chunk_0: 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xcf3b:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x13779:$chunk_0: 4C 8D 9C 24 A0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x7bed:$chunk_1: 8B C7 41 0F B7 4C 45 00 41 8B 1C 8C 48 03 DD 48 3B DE 72 1B 0x13078:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3 0xbe2d:$chunk_3: 48 8B 45 27 BB 01 00 00 00 48 89 07 8B 45 2F 89 47 08 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xcf29:$chunk_3: 48 8B 45 3F BB 01 00 00 00 48 89 07 8B 45 47 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xc993:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x15305:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x785e:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 D0 01 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3 0x7c01:$chunk_6: 43 8B 84 FE 8C 00 00 00 48 03 C6 48 3B D8 73 0B 0x4683:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
0.3.ts.exe.228233ca850.1.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.3.ts.exe.228233ca850.1.raw.unpack	Windows_Trojan_Emotet_db7d33fa	unknown	unknown	0x2d4ae:$chunk_0: 4C 8D 9C 24 B0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x30003:$chunk_0: 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x310ff:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x3793d:$chunk_0: 4C 8D 9C 24 A0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x2bdb1:$chunk_1: 8B C7 41 0F B7 4C 45 00 41 8B 1C 8C 48 03 DD 48 3B DE 72 1B 0x3723c:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3 0x2fff1:$chunk_3: 48 8B 45 27 BB 01 00 00 00 48 89 07 8B 45 2F 89 47 08 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x310ed:$chunk_3: 48 8B 45 3F BB 01 00 00 00 48 89 07 8B 45 47 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x30b57:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x394c9:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x2ba22:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 D0 01 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3 0x2bdc5:$chunk_6: 43 8B 84 FE 8C 00 00 00 48 03 C6 48 3B D8 73 0B 0x28847:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
0.3.ts.exe.228233eea14.0.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.3.ts.exe.228233eea14.0.raw.unpack	Windows_Trojan_Emotet_db7d33fa	unknown	unknown	0x92ea:$chunk_0: 4C 8D 9C 24 B0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xbe3f:$chunk_0: 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xcf3b:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x13779:$chunk_0: 4C 8D 9C 24 A0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0x7bed:$chunk_1: 8B C7 41 0F B7 4C 45 00 41 8B 1C 8C 48 03 DD 48 3B DE 72 1B 0x13078:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3 0xbe2d:$chunk_3: 48 8B 45 27 BB 01 00 00 00 48 89 07 8B 45 2F 89 47 08 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xcf29:$chunk_3: 48 8B 45 3F BB 01 00 00 00 48 89 07 8B 45 47 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xc993:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x15305:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0x785e:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 D0 01 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3 0x7c01:$chunk_6: 43 8B 84 FE 8C 00 00 00 48 03 C6 48 3B D8 73 0B 0x4683:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
0.3.ts.exe.22823350000.2.raw.unpack	JoeSecurity_Emotet_1	Yara detected Emotet	Joe Security
0.3.ts.exe.22823350000.2.raw.unpack	Windows_Trojan_Emotet_db7d33fa	unknown	unknown	0xa7cfe:$chunk_0: 4C 8D 9C 24 B0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xaa853:$chunk_0: 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xab94f:$chunk_0: 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xb218d:$chunk_0: 4C 8D 9C 24 A0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xa6601:$chunk_1: 8B C7 41 0F B7 4C 45 00 41 8B 1C 8C 48 03 DD 48 3B DE 72 1B 0xb1a8c:$chunk_2: 48 8B C4 48 89 48 08 48 89 50 10 4C 89 40 18 4C 89 48 20 C3 0xaa841:$chunk_3: 48 8B 45 27 BB 01 00 00 00 48 89 07 8B 45 2F 89 47 08 4C 8D 9C 24 00 01 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xab93d:$chunk_3: 48 8B 45 3F BB 01 00 00 00 48 89 07 8B 45 47 89 47 08 4C 8D 9C 24 C0 00 00 00 8B C3 49 8B 5B 10 49 8B 73 18 49 8B 7B 20 49 8B E3 5D C3 0xab3a7:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0xb3d19:$chunk_4: 48 39 3B 4C 8D 9C 24 90 00 00 00 49 8B 5B 10 49 8B 73 20 40 0F 95 C7 8B C7 49 8B 7B 28 49 8B E3 5D C3 0xa6272:$chunk_5: BE 02 00 00 00 4C 8D 9C 24 D0 01 00 00 8B C6 49 8B 5B 30 49 8B 73 38 49 8B 7B 40 49 8B E3 41 5F 41 5E 41 5D 41 5C 5D C3 0xa6615:$chunk_6: 43 8B 84 FE 8C 00 00 00 48 03 C6 48 3B D8 73 0B 0xa3097:$chunk_7: 88 02 48 FF C2 48 FF C3 8A 03 84 C0 75 EE EB 03
Click to see the 9 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: ts.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\Desktop\62366813.dll

Avira: detection malicious, Label: HEUR/AGEN.1251140

Machine Learning detection for sample

Source: ts.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\ts.exe

Code function: 0_2_00007FF7A58828F0 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptDestroyHash,CryptReleaseContext,

0_2_00007FF7A58828F0

Source: ts.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\ts.exe

Code function: 0_2_00007FFA0AEDF51C FindFirstFileW,

0_2_00007FFA0AEDF51C

E-Banking Fraud

Yara detected Emotet

Source: Yara match	File source: ts.exe, type: SAMPLE
Source: Yara match	File source: 0.3.ts.exe.228231c0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.ts.exe.228233eea14.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.ts.exe.228231c0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ts.exe.7ffa0aed0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.ts.exe.228233ca850.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.ts.exe.228233eea14.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.ts.exe.22823350000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.299862162.00000228231C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.299383409.0000022823350000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\Desktop\62366813.dll, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: ts.exe, type: SAMPLE	Matched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
Source: 0.3.ts.exe.228231c0000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
Source: 0.3.ts.exe.228233eea14.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
Source: 0.3.ts.exe.228231c0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
Source: 0.2.ts.exe.7ffa0aed0000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
Source: 0.3.ts.exe.228233ca850.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
Source: 0.3.ts.exe.228233eea14.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
Source: 0.3.ts.exe.22823350000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
Source: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
Source: 00000000.00000003.299862162.00000228231C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
Source: 00000000.00000003.299383409.0000022823350000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown
Source: C:\Users\user\Desktop\62366813.dll, type: DROPPED	Matched rule: Windows_Trojan_Emotet_db7d33fa Author: unknown

Source: 62366813.dll.0.dr

Static PE information: No import functions for PE file found

Source: ts.exe, type: SAMPLE	Matched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
Source: 0.3.ts.exe.228231c0000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
Source: 0.3.ts.exe.228233eea14.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
Source: 0.3.ts.exe.228231c0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
Source: 0.2.ts.exe.7ffa0aed0000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
Source: 0.3.ts.exe.228233ca850.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
Source: 0.3.ts.exe.228233eea14.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
Source: 0.3.ts.exe.22823350000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
Source: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
Source: 00000000.00000003.299862162.00000228231C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
Source: 00000000.00000003.299383409.0000022823350000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09
Source: C:\Users\user\Desktop\62366813.dll, type: DROPPED	Matched rule: Windows_Trojan_Emotet_db7d33fa reference_sample = 08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Emotet, fingerprint = eac196154ab1ad636654c966e860dcd5763c50d7b8221dbbc7769c879daf02fd, id = db7d33fa-e50c-4c59-ab92-edb74aac87c9, last_modified = 2022-06-09

Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58A46E8	0_2_00007FF7A58A46E8
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A5883DF0	0_2_00007FF7A5883DF0
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58C6D94	0_2_00007FF7A58C6D94
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A5890B06	0_2_00007FF7A5890B06
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58A3A40	0_2_00007FF7A58A3A40
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58DAEB0	0_2_00007FF7A58DAEB0
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A588EEF4	0_2_00007FF7A588EEF4
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58BD668	0_2_00007FF7A58BD668
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58BC5A0	0_2_00007FF7A58BC5A0
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58BCDD0	0_2_00007FF7A58BCDD0
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A588DDE8	0_2_00007FF7A588DDE8
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58CE614	0_2_00007FF7A58CE614
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A5897D18	0_2_00007FF7A5897D18
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58C053C	0_2_00007FF7A58C053C
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58CFD5C	0_2_00007FF7A58CFD5C
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58C6830	0_2_00007FF7A58C6830
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A5890024	0_2_00007FF7A5890024
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58CC854	0_2_00007FF7A58CC854
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58D8848	0_2_00007FF7A58D8848
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A588D7CC	0_2_00007FF7A588D7CC
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A5885FC0	0_2_00007FF7A5885FC0
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58BF7F4	0_2_00007FF7A58BF7F4
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58BC788	0_2_00007FF7A58BC788
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A5882F80	0_2_00007FF7A5882F80
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58CE164	0_2_00007FF7A58CE164
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58BD160	0_2_00007FF7A58BD160
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58CEC94	0_2_00007FF7A58CEC94
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58BC3B8	0_2_00007FF7A58BC3B8
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A5894400	0_2_00007FF7A5894400
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED61F4	0_2_00007FFA0AED61F4
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE5F68	0_2_00007FFA0AEE5F68
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED3750	0_2_00007FFA0AED3750
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDF51C	0_2_00007FFA0AEDF51C
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED3518	0_2_00007FFA0AED3518
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED66AC	0_2_00007FFA0AED66AC
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED765C	0_2_00007FFA0AED765C
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE5B54	0_2_00007FFA0AEE5B54
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED7AF0	0_2_00007FFA0AED7AF0
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE4AE4	0_2_00007FFA0AEE4AE4
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDC480	0_2_00007FFA0AEDC480
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE443C	0_2_00007FFA0AEE443C
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED6428	0_2_00007FFA0AED6428
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED8BDC	0_2_00007FFA0AED8BDC
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE03D8	0_2_00007FFA0AEE03D8
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE1960	0_2_00007FFA0AEE1960
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE415C	0_2_00007FFA0AEE415C
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDB134	0_2_00007FFA0AEDB134
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED1924	0_2_00007FFA0AED1924
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED7908	0_2_00007FFA0AED7908
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDF28C	0_2_00007FFA0AEDF28C
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED525C	0_2_00007FFA0AED525C
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDCA5C	0_2_00007FFA0AEDCA5C
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE5A40	0_2_00007FFA0AEE5A40
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDE234	0_2_00007FFA0AEDE234
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDD1E8	0_2_00007FFA0AEDD1E8
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED49E4	0_2_00007FFA0AED49E4
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED89D0	0_2_00007FFA0AED89D0
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED17A0	0_2_00007FFA0AED17A0
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDBF78	0_2_00007FFA0AEDBF78
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDD710	0_2_00007FFA0AEDD710
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDE090	0_2_00007FFA0AEDE090
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE3858	0_2_00007FFA0AEE3858
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE3050	0_2_00007FFA0AEE3050
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDF028	0_2_00007FFA0AEDF028
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED9FD0	0_2_00007FFA0AED9FD0
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDDDA0	0_2_00007FFA0AEDDDA0
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDCD9C	0_2_00007FFA0AEDCD9C
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED9D68	0_2_00007FFA0AED9D68
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED6548	0_2_00007FFA0AED6548
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE0D2C	0_2_00007FFA0AEE0D2C
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED250C	0_2_00007FFA0AED250C
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED5D08	0_2_00007FFA0AED5D08
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEDB4F0	0_2_00007FFA0AEDB4F0
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE1E88	0_2_00007FFA0AEE1E88
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED5668	0_2_00007FFA0AED5668
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED8648	0_2_00007FFA0AED8648
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AED4604	0_2_00007FFA0AED4604
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE45F0	0_2_00007FFA0AEE45F0
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FFA0AEE05C4	0_2_00007FFA0AEE05C4

Source: C:\Users\user\Desktop\ts.exe

File read: C:\Users\user\Desktop\ts.exe

Jump to behavior

Source: ts.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\ts.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\ts.exe C:\Users\user\Desktop\ts.exe
Source: C:\Users\user\Desktop\ts.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4724:120:WilError_01

Source: C:\Users\user\Desktop\ts.exe

File created: C:\Users\user\Desktop\62366813.dll

Jump to behavior

Source: C:\Users\user\Desktop\ts.exe

File created: C:\Users\user\AppData\Local\Temp\1B9F.tmp

Jump to behavior

Source: classification engine

Classification label: mal76.troj.winEXE@2/3@0/0

Source: ts.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: ts.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: ts.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: ts.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: ts.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: ts.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: ts.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: ts.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: ts.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: ts.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: ts.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: ts.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: ts.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: ts.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A589ACC4 pushfq ; ret	0_2_00007FF7A589ACC5
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A589AD06 push rbp; iretd	0_2_00007FF7A589AD07
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A5899B8E push rbp; iretd	0_2_00007FF7A5899B8F

Source: ts.exe	Static PE information: section name: _RDATA
Source: 06B049A8.dll.0.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\ts.exe	File created: C:\Users\user\Desktop\62366813.dll			Jump to dropped file
Source: C:\Users\user\Desktop\ts.exe	File created: C:\Users\user\Desktop\06B049A8.dll			Jump to dropped file

Source: C:\Users\user\Desktop\ts.exe TID: 5720

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\ts.exe

Dropped PE file which has not been started: C:\Users\user\Desktop\06B049A8.dll

Jump to dropped file

Source: C:\Users\user\Desktop\ts.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\ts.exe

Code function: 0_2_00007FFA0AEDF51C FindFirstFileW,

0_2_00007FFA0AEDF51C

Source: C:\Users\user\Desktop\ts.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\ts.exe

Code function: 0_2_00007FF7A588B568 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7A588B568

Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A588B110 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,	0_2_00007FF7A588B110
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A588B710 SetUnhandledExceptionFilter,	0_2_00007FF7A588B710
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A588B568 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7A588B568
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A588B2BC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF7A588B2BC
Source: C:\Users\user\Desktop\ts.exe	Code function: 0_2_00007FF7A58BE50C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7A58BE50C

Source: C:\Users\user\Desktop\ts.exe	Code function: GetLocaleInfoEx,	0_2_00007FF7A58B4F3C
Source: C:\Users\user\Desktop\ts.exe	Code function: EnumSystemLocalesW,	0_2_00007FF7A58D26B4
Source: C:\Users\user\Desktop\ts.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00007FF7A58D5898
Source: C:\Users\user\Desktop\ts.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF7A58D60F0
Source: C:\Users\user\Desktop\ts.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF7A58D62CC
Source: C:\Users\user\Desktop\ts.exe	Code function: EnumSystemLocalesW,	0_2_00007FF7A58D5CB4
Source: C:\Users\user\Desktop\ts.exe	Code function: EnumSystemLocalesW,	0_2_00007FF7A58D5BE4
Source: C:\Users\user\Desktop\ts.exe	Code function: GetLocaleInfoW,	0_2_00007FF7A58D2BF8

Source: C:\Users\user\Desktop\ts.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\ts.exe

Code function: 0_2_00007FF7A588B978 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF7A588B978

Stealing of Sensitive Information

Yara detected Emotet

Source: Yara match	File source: ts.exe, type: SAMPLE
Source: Yara match	File source: 0.3.ts.exe.228231c0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.ts.exe.228233eea14.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.ts.exe.228231c0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.ts.exe.7ffa0aed0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.ts.exe.228233ca850.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.ts.exe.228233eea14.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.ts.exe.22823350000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.299862162.00000228231C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.299383409.0000022823350000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\Desktop\62366813.dll, type: DROPPED

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	21 Virtualization/Sandbox Evasion	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Obfuscated Files or Information	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	13 System Information Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ts.exe	100%	Avira	HEUR/AGEN.1213146
ts.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\Desktop\62366813.dll	100%	Avira	HEUR/AGEN.1251140

Unpacked PE Files

Source	Detection	Scanner	Label	Download
0.3.ts.exe.228231c0000.3.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
0.3.ts.exe.228233eea14.0.unpack	100%	Avira	HEUR/AGEN.1215461	Download File
0.2.ts.exe.7ffa0aed0000.2.unpack	100%	Avira	HEUR/AGEN.1251140	Download File

Domains and IPs

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	745562
Start date and time:	2022-11-14 14:05:50 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	ts.exe_ (renamed file extension from exe_ to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal76.troj.winEXE@2/3@0/0
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 85% (good quality ratio 77.3%) Quality average: 62.1% Quality standard deviation: 30.2%
HCA Information:	Successful, ratio: 95% Number of executed functions: 36 Number of non-executed functions: 136

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com
Not all processes where analyzed, report is missing behavior information

Joe Sandbox View / Context

Created / dropped Files

C:\Users\user\Desktop\06B049A8.dll

Download File

Process:	C:\Users\user\Desktop\ts.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	121344
Entropy (8bit):	6.020791170598696
Encrypted:	false
SSDEEP:	3072:dvsJ1yYfWqzIcJ6+R8uQyUtjt8F+8uYW5j:R4cYfWqzr4+R8xZCF+dJ
MD5:	726E5AA7D5929BDC85333E966770FF1A
SHA1:	B43E1A8CF31AD480EC2AE01420E2017488993A8F
SHA-256:	89BE65452EA9DC74134F60311D57B84956D149C600C89801FB152BB04420B16B
SHA-512:	1E69593638B9735C3F7E1E0AE49705B8A10F833D65B9D754973FFF4EDB48DBD270C60E7D157D92F0E42E228C91FCFF2B32D1B1C7F8E4119CA2CBDBBFF70F7FE4
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.q.V.".V.".V."3$.#.V."3$.#eV."3$.#.V."3$.#.V.".V.".V."...#.V."...#.V."...#.V."`/.#.V."`/.#.V."`/1".V."`/.#.V."Rich.V."........................PE..d....&rc.........." .........................................................0............`.............................................T...d...(............................ ..l.......8...........................@...@............ ..P............................text............................... ..`.rdata..,.... ......................@..@.data...............................@....pdata..............................@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..l.... ......................@..B........................................................................................................................................................................................

C:\Users\user\Desktop\62366813.dll

Download File

Process:	C:\Users\user\Desktop\ts.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	95232
Entropy (8bit):	6.655206296626177
Encrypted:	false
SSDEEP:	1536:UTPDxXuEznF2kuaKvu0By22/uTjKd0ovxVg0pJvHj4o0iplGnn5A:UbDx+ELlKtG/u69rj4TiplG5
MD5:	5D182B467B4894159F9A4E956A381B67
SHA1:	0A610C6DE3419CE165D05D770637C8084D584FFD
SHA-256:	ED2239E28A20674D772109DB4F302F7240491FBBC1FB3AD8F30071A6A66736BA
SHA-512:	E6067624F570C40FF0EF2B084F60343379BC83400816217496ACB0897FECB9F4A892CDF4087B27B2E3E58BA0A8873E5CEE6CE8C15B414FC590BE69A6B56B55B4
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: C:\Users\user\Desktop\62366813.dll, Author: Joe Security Rule: Windows_Trojan_Emotet_db7d33fa, Description: unknown, Source: C:\Users\user\Desktop\62366813.dll, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3}!.R.r.R.r.R.r.+.r}S.r.+.r.R.rRich.R.r........................PE..d...3q`b.........." .....\...(.......Y....................................................`..........................................................................................................................................................................text...xZ.......\.................. ..`.rdata.......p.......`..............@..@.data................h..............@....pdata...............l..............@..@................................................................................................................................................................................................................................................................................................................................................................................................

\Device\ConDrv

Download File

Process:	C:\Users\user\Desktop\ts.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	619
Entropy (8bit):	5.332868847941536
Encrypted:	false
SSDEEP:	12:RkjUJY/Ux2UA7FrPHOqF9ptE+7i6x6s+0+5v0aYJ4Cjp5KbJzS+Fo6:mjT/cj2POwTql35vNCp5szS6o6
MD5:	DD2DA9843BF632309924DC6CC54B6DDC
SHA1:	471B4075C9C6D86B94CA1DC43413222F925854FD
SHA-256:	B114B49E322D0D6425F9A555C21BF4C0DEC2E423EE4009BB4B4A099901EAC96C
SHA-512:	FBEFB8EC50D8D879D75D3DFD6399F744D3C72316A425758C13D82DA0992B96B1E9BF951220A0149A010A2B84E10D8FB69CA8C71590ABE172989EF82357C12540
Malicious:	false
Reputation:	low
Preview:	The embedded DLL was dropped to 62366813.dll..Running the embedded DLL with the following parameters:..DLL SHA256:.......ED2239E28A20674D772109DB4F302F7240491FBBC1FB3AD8F30071A6A66736BA..Epoch:............5..Computer name:....DESKTOPX53HTF9P (random)..Serial:...........7C904961 (random)..Emotet dummy DLL was dropped to 06B049A8.dll..KERNELBASE.dll!BaseUnicodeCommandLine was patched..Command line was patched to "C:\Windows\System32\regsvr32.exe" "06B049A8.dll"..Loading 62366813.dll.....Calling DllEntryPoint() in custom mode.....DllEntryPoint() returned TRUE..The module may still be running in a separated thread..

Static File Info

General

File type:	PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):	6.442416778819568
TrID:	Win64 Executable Console (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	ts.exe
File size:	744981
MD5:	ad57d446c107b5abd83b6180456cd0dd
SHA1:	8e277fb9bc97bedc7f7f4ba4390cc36702d87b7c
SHA256:	58d9d7c2d4a4140bbdc16c9b6ab1b56244ebc8b1c3eaa1fc63386bbce7acdb4c
SHA512:	35eaa45de9906131f0020640f11eeef46e10244c09c67018a4723cf4932fc3662fbdb61e230f96ce10f47adb12d46e1cf6dc365c79c92c87b1a2679f222a1983
SSDEEP:	12288:LXZ1QgQQ5KLv9Z/QN1MlFuViQic76k0d3hNnC1Pc2lBrxhirous0o3RcYeqzVR8I:LXV2EplBrPZus04p3CBdOj
TLSH:	A8F49E56B2E903F9F5A79134C487560AE7B0784612219B9F47B04AAB1F377726E3F320
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........E........................f...................................................L.......L.n.....L.......Rich...................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x14000b2a8
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x637226A2 [Mon Nov 14 11:29:38 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	d02262cfa0ab12b8c838af1a98da369c

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F53C0C9A0ECh
dec eax
add esp, 28h
jmp 00007F53C0C99897h
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [00056E53h]
dec eax
mov ecx, ebx
call dword ptr [00056E42h]
call dword ptr [00056E4Ch]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [00056E40h]
dec eax
mov dword ptr [esp+08h], ecx
dec eax
sub esp, 38h
mov ecx, 00000017h
call dword ptr [00056E34h]
test eax, eax
je 00007F53C0C99A29h
mov ecx, 00000002h
int 29h
dec eax
lea ecx, dword ptr [0008F83Ah]
call 00007F53C0C99BEEh
dec eax
mov eax, dword ptr [esp+38h]
dec eax
mov dword ptr [0008F921h], eax
dec eax
lea eax, dword ptr [esp+38h]
dec eax
add eax, 08h
dec eax
mov dword ptr [0008F8B1h], eax
dec eax
mov eax, dword ptr [0008F90Ah]
dec eax
mov dword ptr [0008F77Bh], eax
dec eax
mov eax, dword ptr [esp+40h]
dec eax
mov dword ptr [0008F87Fh], eax
mov dword ptr [0008F755h], C0000409h
mov dword ptr [0008F74Fh], 00000001h
mov dword ptr [0008F759h], 00000001h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7a2b4	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa2000	0x288	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x9d000	0x3c9c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa3000	0xd8c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x725a0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x72600	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x72460	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x62000	0x380	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x607b8	0x60800	False	0.4547542908031088	data	6.494863973067288	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x62000	0x18e5e	0x19000	False	0.440009765625	data	5.1869098128532585	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x7b000	0x214dc	0x1fc00	False	0.48175289124015747	data	5.941625434601615	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x9d000	0x3c9c	0x3e00	False	0.4765625	data	5.653230312289686	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0xa1000	0x15c	0x200	False	0.41796875	data	3.3314562870393805	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xa2000	0x288	0x400	False	0.33203125	data	3.8449104178415685	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa3000	0xd8c	0xe00	False	0.46791294642857145	data	5.39595888202804	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_MANIFEST	0xa2060	0x224	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (488), with CRLF line terminators	English	United States

Imports

DLL

Import

ADVAPI32.dll

CryptGetHashParam, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptAcquireContextW, CryptReleaseContext

KERNEL32.dll

ReadFile, VirtualFree, WriteFile, VirtualAlloc, CreateToolhelp32Snapshot, CreateEventW, Sleep, GetLastError, CreateFileA, LoadLibraryA, DeleteFileA, CloseHandle, Module32FirstW, GetFileSize, Module32NextW, GetTickCount, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, SetEvent, ResetEvent, WaitForSingleObjectEx, GetModuleHandleW, GetProcAddress, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, MultiByteToWideChar, WideCharToMultiByte, InitializeCriticalSectionEx, EncodePointer, DecodePointer, GetStringTypeW, LCMapStringEx, GetLocaleInfoEx, CompareStringEx, GetCPInfo, RtlUnwind, RtlUnwindEx, RtlPcToFileHeader, RaiseException, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetCommandLineA, GetCommandLineW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, GetStdHandle, HeapAlloc, HeapFree, GetFileType, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetProcessHeap, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, GetTimeZoneInformation, HeapSize, CreateFileW, WriteConsoleW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: ts.exePID: 3664, Parent PID: 3324

General

Target ID:	0
Start time:	14:06:45
Start date:	14/11/2022
Path:	C:\Users\user\Desktop\ts.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\ts.exe
Imagebase:	0x7ff7a5880000
File size:	744981 bytes
MD5 hash:	AD57D446C107B5ABD83B6180456CD0DD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: Windows_Trojan_Emotet_db7d33fa, Description: unknown, Source: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Author: unknown Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000003.299862162.00000228231C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Emotet_db7d33fa, Description: unknown, Source: 00000000.00000003.299862162.00000228231C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000003.299383409.0000022823350000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Emotet_db7d33fa, Description: unknown, Source: 00000000.00000003.299383409.0000022823350000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4724, Parent PID: 3664

General

Target ID:	1
Start time:	14:06:45
Start date:	14/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: ts.exePID: 3664, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	8.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	42.2%
Total number of Nodes:	1253
Total number of Limit Nodes:	31

Executed Functions

Function 00007FF7A58A46E8 Relevance: 81.8, APIs: 54, Instructions: 808
COMMONCrypto

Download Yara Rule

C-Code - Quality: 61%

			E00007FF77FF7A58A46E8(signed int __edx, void* __eflags, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __r8, void* __r9, void* __r10, long long _a8, char _a16, long long _a24, long long _a32) {
				void* _v40;
				char _v88;
				long long _v120;
				long long _v128;
				signed int _v136;
				void* __rbp;
				intOrPtr _t119;
				intOrPtr _t128;
				intOrPtr _t135;
				intOrPtr _t141;
				intOrPtr _t148;
				intOrPtr _t154;
				intOrPtr _t161;
				intOrPtr _t168;
				intOrPtr _t179;
				intOrPtr _t186;
				intOrPtr _t193;
				intOrPtr _t199;
				intOrPtr _t206;
				intOrPtr _t212;
				intOrPtr _t219;
				intOrPtr _t225;
				intOrPtr _t232;
				intOrPtr _t239;
				intOrPtr _t246;
				intOrPtr _t253;
				intOrPtr _t260;
				intOrPtr _t268;
				intOrPtr _t275;
				intOrPtr _t284;
				intOrPtr _t291;
				intOrPtr _t299;
				void* _t354;
				void* _t357;
				void* _t361;
				void* _t364;
				void* _t367;
				void* _t370;
				void* _t373;
				void* _t376;
				void* _t380;
				void* _t383;
				void* _t387;
				void* _t390;
				void* _t394;
				void* _t397;
				void* _t400;
				void* _t403;
				void* _t406;
				void* _t409;
				void* _t412;
				void* _t415;
				void* _t419;
				void* _t422;
				void* _t425;
				void* _t429;
				void* _t433;
				void* _t436;
				long long _t438;
				long long* _t440;
				long long* _t441;
				long long* _t444;
				long long* _t445;
				long long _t446;
				long long _t453;
				long long* _t456;
				intOrPtr _t458;
				intOrPtr _t459;
				intOrPtr _t460;
				intOrPtr _t461;
				intOrPtr _t462;
				intOrPtr _t463;
				intOrPtr _t464;
				intOrPtr _t465;
				intOrPtr _t468;
				intOrPtr _t469;
				intOrPtr _t472;
				intOrPtr _t473;
				intOrPtr _t474;
				intOrPtr _t475;
				intOrPtr _t476;
				intOrPtr _t477;
				intOrPtr _t478;
				intOrPtr _t479;
				intOrPtr _t480;
				intOrPtr _t481;
				intOrPtr _t482;
				long long* _t483;
				intOrPtr _t487;
				intOrPtr _t488;
				intOrPtr _t493;
				intOrPtr _t494;
				long long* _t495;
				intOrPtr _t497;
				intOrPtr _t498;
				void* _t619;
				intOrPtr _t620;
				intOrPtr _t621;
				intOrPtr _t624;
				intOrPtr _t625;
				intOrPtr _t627;
				intOrPtr _t628;
				intOrPtr _t629;
				long long _t630;
				intOrPtr _t631;
				intOrPtr _t632;
				intOrPtr _t633;
				intOrPtr _t634;
				intOrPtr _t635;
				intOrPtr _t636;
				intOrPtr _t637;
				intOrPtr _t638;
				void* _t643;
				intOrPtr _t670;
				void* _t672;
				long long _t673;
				long long* _t674;
				long long _t675;

				_t668 = __r10;
				_t667 = __r9;
				_t438 = __rax;
				_a8 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t619 = __r9;
				_t673 = __r8;
				r12d = __edx;
				_t672 = __rcx;
				r15d = 0;
				_v136 = __edx & 0x00000002;
				if (__eflags == 0) goto 0xa58a4845;
				if (__r9 != 0) goto 0xa58a47e8;
				_t624 =  *0xa591b2f0; // 0x2
				if (_t624 != 0) goto 0xa58a4777;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t354 =  *0xa591b2f0 - _t674; // 0x2
				if (_t354 != 0) goto 0xa58a4767;
				_t119 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t119 + 1;
				 *0xa591b2f0 = _t438;
				E00007FF77FF7A588BD58(_t438,  &_a16);
				_t625 =  *0xa591b2f0; // 0x2
				E00007FF77FF7A588AD90(_t438,  &_a16);
				_t456 = _t438;
				_v128 = _t438;
				if (_t438 == 0) goto 0xa58a47dd;
				 *((intOrPtr*)(_t438 + 8)) = r15d;
				 *_t456 = 0xa58e2b10;
				E00007FF77FF7A5893D04(0xa58e2b10,  &_v120, __rdx, __r8);
				asm("movups xmm0, [eax]");
				asm("movups [ebx+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebx+0x20], xmm1");
				E00007FF77FF7A5893EF8(0xa58e2b10, _t456,  &_v88, __r10);
				asm("movups xmm0, [eax]");
				asm("movups [ebx+0x30], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebx+0x40], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [ebx+0x50], xmm0");
				 *((intOrPtr*)(_t456 + 0x58)) =  *0x7FF7A58E2B38;
				goto 0xa58a47e0;
				goto 0xa58a483d;
				_t458 =  *0xa591b2f0; // 0x2
				if (_t458 != 0) goto 0xa58a482f;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t357 =  *0xa591b2f0 - _t674; // 0x2
				if (_t357 != 0) goto 0xa58a481f;
				_t128 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t128 + 1;
				 *0xa591b2f0 = 0xa58e2b10;
				E00007FF77FF7A588BD58(0xa58e2b10,  &_a16);
				_t459 =  *0xa591b2f0; // 0x2
				E00007FF77FF7A58924F0(0xa58e2b10, _t619);
				E00007FF77FF7A5890908(_t459, __r8, 0xa58e2b10, _t619, _t625, _t459);
				if ((r12b & 0x00000008) == 0) goto 0xa58a4ad3;
				_t460 =  *0xa591b598; // 0xf
				if (_t619 != 0) goto 0xa58a48c3;
				if (_t460 != 0) goto 0xa58a489b;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t361 =  *0xa591b598 - _t674; // 0xf
				if (_t361 != 0) goto 0xa58a488b;
				_t135 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t135 + 1;
				 *0xa591b598 = 0xa58e2b10;
				E00007FF77FF7A588BD58(0xa58e2b10,  &_a16);
				_t461 =  *0xa591b598; // 0xf
				E00007FF77FF7A588AD90(0xa58e2b10,  &_a16);
				_v128 = 0xa58e2b10;
				if (0xa58e2b10 == 0) goto 0xa58a48be;
				 *0x7FF7A58E2B18 = r15d;
				 *0xa58e2b10 = 0xa58e3e98;
				goto 0xa58a490b;
				_t440 = _t674;
				goto 0xa58a490b;
				if (_t461 != 0) goto 0xa58a4903;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t364 =  *0xa591b598 - _t674; // 0xf
				if (_t364 != 0) goto 0xa58a48f3;
				_t141 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t141 + 1;
				 *0xa591b598 = _t440;
				E00007FF77FF7A588BD58(_t440,  &_a16);
				_t462 =  *0xa591b598; // 0xf
				E00007FF77FF7A5896C04(_t440, _t619);
				E00007FF77FF7A5890908(_t462, __r8, _t440, _t619, __r8, _t462);
				_t463 =  *0xa591b5a0; // 0x10
				if (_t619 != 0) goto 0xa58a4990;
				if (_t463 != 0) goto 0xa58a4968;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t367 =  *0xa591b5a0 - _t674; // 0x10
				if (_t367 != 0) goto 0xa58a4958;
				_t148 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t148 + 1;
				 *0xa591b5a0 = _t440;
				E00007FF77FF7A588BD58(_t440,  &_a16);
				_t464 =  *0xa591b5a0; // 0x10
				E00007FF77FF7A588AD90(_t440,  &_a16);
				_v128 = _t440;
				if (_t440 == 0) goto 0xa58a498b;
				 *((intOrPtr*)(_t440 + 8)) = r15d;
				 *_t440 = 0xa58e3f10;
				goto 0xa58a49d8;
				_t441 = _t674;
				goto 0xa58a49d8;
				if (_t464 != 0) goto 0xa58a49d0;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t370 =  *0xa591b5a0 - _t674; // 0x10
				if (_t370 != 0) goto 0xa58a49c0;
				_t154 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t154 + 1;
				 *0xa591b5a0 = _t441;
				E00007FF77FF7A588BD58(_t441,  &_a16);
				_t465 =  *0xa591b5a0; // 0x10
				E00007FF77FF7A5896E34(_t441, _t619);
				E00007FF77FF7A5890908(_t465, __r8, _t441, _t619, __r8, _t465);
				if (_t619 != 0) goto 0xa58a4a76;
				_t627 =  *0xa591b5a8; // 0x11
				if (_t627 != 0) goto 0xa58a4a36;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t373 =  *0xa591b5a8 - _t674; // 0x11
				if (_t373 != 0) goto 0xa58a4a26;
				_t161 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t161 + 1;
				 *0xa591b5a8 = _t441;
				E00007FF77FF7A588BD58(_t441,  &_a16);
				_t628 =  *0xa591b5a8; // 0x11
				E00007FF77FF7A588AD90(_t441,  &_a16); // executed
				_t466 = _t441;
				_v128 = _t441;
				if (_t441 == 0) goto 0xa58a4a6b;
				 *((intOrPtr*)(_t441 + 8)) = r15d;
				 *_t441 = 0xa58e3f70;
				r8d = 0;
				E00007FF77FF7A58A3070(_t441, _t466, _t672, _t628, _t667, __r10);
				goto 0xa58a4a6e;
				goto 0xa58a4acb;
				_t468 =  *0xa591b5a8; // 0x11
				if (_t468 != 0) goto 0xa58a4abd;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t376 =  *0xa591b5a8 - _t674; // 0x11
				if (_t376 != 0) goto 0xa58a4aad;
				_t168 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t168 + 1;
				 *0xa591b5a8 = 0xa58e3f70;
				E00007FF77FF7A588BD58(0xa58e3f70,  &_a16);
				_t469 =  *0xa591b5a8; // 0x11
				E00007FF77FF7A5897064(0xa58e3f70, _t619);
				E00007FF77FF7A5890908(_t469, _t673, 0xa58e3f70, _t619, _t628, _t469);
				E00007FF77FF7A5898884(0, _t469, _t673, 0xa58e3f70, _t667);
				if ((r12d & 0x00000001 << 0 >> 0x00000001) == 0) goto 0xa58a4be0;
				if (_t619 != 0) goto 0xa58a4b83;
				_t629 =  *0xa591b5b0; // 0x12
				if (_t629 != 0) goto 0xa58a4b41;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t380 =  *0xa591b5b0 - _t674; // 0x12
				if (_t380 != 0) goto 0xa58a4b31;
				_t179 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t179 + 1;
				 *0xa591b5b0 = 0xa58e3f70;
				E00007FF77FF7A588BD58(0xa58e3f70,  &_a16);
				_t630 =  *0xa591b5b0; // 0x12
				E00007FF77FF7A588AD90(0xa58e3f70,  &_a16);
				_v128 = 0xa58e3f70;
				if (0xa58e3f70 == 0) goto 0xa58a4b78;
				 *0x7FF7A58E3F78 = r15d;
				 *0xa58e3f70 = 0xa58e3fb8;
				E00007FF77FF7A58B4E38(0xa58e3fb8,  &_v120);
				asm("movups xmm0, [eax]");
				asm("movdqu [ebx+0x10], xmm0");
				goto 0xa58a4b7b;
				goto 0xa58a4bd8;
				_t472 =  *0xa591b5b0; // 0x12
				if (_t472 != 0) goto 0xa58a4bca;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t383 =  *0xa591b5b0 - _t674; // 0x12
				if (_t383 != 0) goto 0xa58a4bba;
				_t186 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t186 + 1;
				 *0xa591b5b0 = 0xa58e3fb8;
				E00007FF77FF7A588BD58(0xa58e3fb8,  &_a16);
				_t473 =  *0xa591b5b0; // 0x12
				E00007FF77FF7A5895DCC(0xa58e3fb8, _t619);
				E00007FF77FF7A5890908(_t473, _t673, 0xa58e3fb8, _t619, _t630, _t473);
				if ((r12b & 0x00000020) == 0) goto 0xa58a4cb4;
				_t474 =  *0xa591b5b8; // 0x13
				if (_t619 != 0) goto 0xa58a4c5e;
				if (_t474 != 0) goto 0xa58a4c36;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t387 =  *0xa591b5b8 - _t674; // 0x13
				if (_t387 != 0) goto 0xa58a4c26;
				_t193 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t193 + 1;
				 *0xa591b5b8 = 0xa58e3fb8;
				E00007FF77FF7A588BD58(0xa58e3fb8,  &_a16);
				_t475 =  *0xa591b5b8; // 0x13
				E00007FF77FF7A588AD90(0xa58e3fb8,  &_a16);
				_v128 = 0xa58e3fb8;
				if (0xa58e3fb8 == 0) goto 0xa58a4c59;
				 *0x7FF7A58E3FC0 = r15d;
				 *0xa58e3fb8 = 0xa58e3ff0;
				goto 0xa58a4ca6;
				_t444 = _t674;
				goto 0xa58a4ca6;
				if (_t475 != 0) goto 0xa58a4c9e;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t390 =  *0xa591b5b8 - _t674; // 0x13
				if (_t390 != 0) goto 0xa58a4c8e;
				_t199 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t199 + 1;
				 *0xa591b5b8 = _t444;
				E00007FF77FF7A588BD58(_t444,  &_a16);
				_t476 =  *0xa591b5b8; // 0x13
				E00007FF77FF7A5896114(_t444, _t619);
				E00007FF77FF7A5890908(_t476, _t673, _t444, _t619, _t630, _t476);
				if ((r12b & 0x00000004) == 0) goto 0xa58a5044;
				_t477 =  *0xa591b5c0; // 0x14
				if (_t619 != 0) goto 0xa58a4d32;
				if (_t477 != 0) goto 0xa58a4d0a;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t394 =  *0xa591b5c0 - _t674; // 0x14
				if (_t394 != 0) goto 0xa58a4cfa;
				_t206 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t206 + 1;
				 *0xa591b5c0 = _t444;
				E00007FF77FF7A588BD58(_t444,  &_a16);
				_t478 =  *0xa591b5c0; // 0x14
				E00007FF77FF7A588AD90(_t444,  &_a16);
				_v128 = _t444;
				if (_t444 == 0) goto 0xa58a4d2d;
				 *((intOrPtr*)(_t444 + 8)) = r15d;
				 *_t444 = 0xa58e4028;
				goto 0xa58a4d7a;
				_t445 = _t674;
				goto 0xa58a4d7a;
				if (_t478 != 0) goto 0xa58a4d72;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t397 =  *0xa591b5c0 - _t674; // 0x14
				if (_t397 != 0) goto 0xa58a4d62;
				_t212 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t212 + 1;
				 *0xa591b5c0 = _t445;
				E00007FF77FF7A588BD58(_t445,  &_a16);
				_t479 =  *0xa591b5c0; // 0x14
				E00007FF77FF7A5896344(_t445, _t619);
				_t675 = _t673;
				E00007FF77FF7A5890908(_t479, _t673, _t445, _t619, _t630, _t479);
				_t480 =  *0xa591b5c8; // 0x15
				if (_t619 != 0) goto 0xa58a4e00;
				if (_t480 != 0) goto 0xa58a4dd9;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t400 =  *0xa591b5c8 - _t630; // 0x15
				if (_t400 != 0) goto 0xa58a4dc9;
				_t219 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t219 + 1;
				 *0xa591b5c8 = _t445;
				E00007FF77FF7A588BD58(_t445,  &_a16);
				_t481 =  *0xa591b5c8; // 0x15
				E00007FF77FF7A588AD90(_t445,  &_a16);
				_v128 = _t445;
				if (_t445 == 0) goto 0xa58a4dfb;
				 *((intOrPtr*)(_t445 + 8)) = 0;
				 *_t445 = 0xa58e4058;
				goto 0xa58a4e48;
				_t446 = _t630;
				goto 0xa58a4e48;
				if (_t481 != 0) goto 0xa58a4e40;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t403 =  *0xa591b5c8 - _t630; // 0x15
				if (_t403 != 0) goto 0xa58a4e30;
				_t225 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t225 + 1;
				 *0xa591b5c8 = _t446;
				E00007FF77FF7A588BD58(_t446,  &_a16);
				_t482 =  *0xa591b5c8; // 0x15
				E00007FF77FF7A5896574(_t446, _t619);
				E00007FF77FF7A5890908(_t482, _t675, _t446, _t619, _t630, _t482);
				_t631 =  *0xa591b5d0; // 0x16
				if (_t619 != 0) goto 0xa58a4eed;
				if (_t631 != 0) goto 0xa58a4ea6;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t406 =  *0xa591b5d0 - _t619; // 0x16
				if (_t406 != 0) goto 0xa58a4e96;
				_t232 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t232 + 1;
				 *0xa591b5d0 = _t446;
				E00007FF77FF7A588BD58(_t446,  &_a16);
				_t632 =  *0xa591b5d0; // 0x16
				E00007FF77FF7A588AD90(_t446,  &_a16); // executed
				_t483 = _t446;
				_v128 = _t446;
				if (_t446 == 0) goto 0xa58a4ee9;
				 *(_t446 + 8) =  *(_t446 + 8) & 0x00000000;
				 *_t483 = 0xa58e4088;
				 *((char*)(_t483 + 0x44)) = 0;
				r8d = 0;
				E00007FF77FF7A58A2D9C(0xa58e4088, _t483, _t483, _t672, _t643, __r10);
				 *_t483 = 0xa58e40f0;
				goto 0xa58a4eeb;
				goto 0xa58a4f38;
				if (_t632 != 0) goto 0xa58a4f2d;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t409 =  *0xa591b5d0 - _t632; // 0x16
				if (_t409 != 0) goto 0xa58a4f1d;
				_t239 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t239 + 1;
				 *0xa591b5d0 = 0xa58e40f0;
				E00007FF77FF7A588BD58(0xa58e40f0,  &_a16);
				_t633 =  *0xa591b5d0; // 0x16
				E00007FF77FF7A58969D4(0xa58e40f0, _t619);
				E00007FF77FF7A5890908(0xa58e40f0, _t675, 0xa58e40f0, _t619, _t633, _t633);
				r15d = 0;
				if (_t619 != 0) goto 0xa58a4fe7;
				_t634 =  *0xa591b5d8; // 0x17
				if (_t634 != 0) goto 0xa58a4f99;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t412 =  *0xa591b5d8 - _t675; // 0x17
				if (_t412 != 0) goto 0xa58a4f89;
				_t246 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t246 + 1;
				 *0xa591b5d8 = 0xa58e40f0;
				E00007FF77FF7A588BD58(0xa58e40f0,  &_a16);
				_t635 =  *0xa591b5d8; // 0x17
				E00007FF77FF7A588AD90(0xa58e40f0,  &_a16);
				_v128 = 0xa58e40f0;
				if (0xa58e40f0 == 0) goto 0xa58a4fdc;
				 *0x7FF7A58E40F8 = r15d;
				 *0xa58e40f0 = 0xa58e4088;
				 *0x7FF7A58E4134 = 1;
				r8d = 0;
				E00007FF77FF7A58A2D9C(0xa58e4088, 0xa58e40f0, 0xa58e40f0, _t672, _t643, _t668);
				 *0xa58e40f0 = 0xa58e4158;
				goto 0xa58a4fdf;
				goto 0xa58a503c;
				_t487 =  *0xa591b5d8; // 0x17
				if (_t487 != 0) goto 0xa58a502e;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t415 =  *0xa591b5d8 - _t675; // 0x17
				if (_t415 != 0) goto 0xa58a501e;
				_t253 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t253 + 1;
				 *0xa591b5d8 = 0xa58e4158;
				E00007FF77FF7A588BD58(0xa58e4158,  &_a16);
				_t488 =  *0xa591b5d8; // 0x17
				E00007FF77FF7A58968BC(0xa58e4158, _t619);
				E00007FF77FF7A5890908(_t488, _t673, 0xa58e4158, _t619, _t635, _t488);
				if ((r12b & 0x00000010) == 0) goto 0xa58a525c;
				_t636 =  *0xa591b5e0; // 0x18
				if (_t619 != 0) goto 0xa58a50ee;
				if (_t636 != 0) goto 0xa58a509e;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t419 =  *0xa591b5e0 - _t675; // 0x18
				if (_t419 != 0) goto 0xa58a508e;
				_t260 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t260 + 1;
				 *0xa591b5e0 = 0xa58e4158;
				E00007FF77FF7A588BD58(0xa58e4158,  &_a16);
				_t637 =  *0xa591b5e0; // 0x18
				E00007FF77FF7A588AD90(0xa58e4158,  &_a16);
				_v128 = 0xa58e4158;
				if (0xa58e4158 == 0) goto 0xa58a50e9;
				 *0x7FF7A58E4160 = r15d;
				 *0xa58e4158 = 0xa58e41c0;
				 *0x7FF7A58E4168 = _t675;
				 *0x7FF7A58E4170 = _t675;
				 *0x7FF7A58E4178 = _t675;
				_v120 = 0xa58e4158;
				E00007FF77FF7A58950B4(0xa58e4158, 0xa58e4158, _t637, _t672);
				 *0x7FF7A58E4180 = E00007FF77FF7A58B4F3C(0xa58e4158, 0xa58e41c0, _t667);
				goto 0xa58a50ec;
				goto 0xa58a5139;
				if (_t637 != 0) goto 0xa58a512e;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t422 =  *0xa591b5e0 - _t675; // 0x18
				if (_t422 != 0) goto 0xa58a511e;
				_t268 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t268 + 1;
				 *0xa591b5e0 = 0xa58e41c0;
				E00007FF77FF7A588BD58(0xa58e41c0,  &_a16);
				_t638 =  *0xa591b5e0; // 0x18
				E00007FF77FF7A5897294(0xa58e41c0, _t619);
				E00007FF77FF7A5890908(0xa58e41c0, _t673, 0xa58e41c0, _t619, _t638, _t638);
				if (_t619 != 0) goto 0xa58a51ff;
				_t670 =  *0xa591b590; // 0x19
				if (_t670 != 0) goto 0xa58a5197;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t425 =  *0xa591b590 - _t675; // 0x19
				if (_t425 != 0) goto 0xa58a5187;
				_t275 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t275 + 1;
				 *0xa591b590 = 0xa58e41c0;
				E00007FF77FF7A588BD58(0xa58e41c0,  &_a16);
				E00007FF77FF7A588AD90(0xa58e41c0,  &_a16);
				_v120 = 0xa58e41c0;
				if (0xa58e41c0 == 0) goto 0xa58a51f4;
				 *0x7FF7A58E41C8 = r15d;
				 *0xa58e41c0 = 0xa58e3e70;
				 *0x7FF7A58E41D0 =  *0x7FF7A58E41D0 & 0x00000000;
				E00007FF77FF7A58CC854(0xa58e41c0, 0xa58e41c0, 0xa58e41c0, 0xa58e41c0);
				_t453 =  &_v120;
				if (0x7ff7a58e41d0 == _t453) goto 0xa58a51e7;
				E00007FF77FF7A58BE348(0xa58e3e70, 0xa58e41c0, 0xa58e41c0);
				 *0x7FF7A58E41D0 = 0xa58e3e70;
				r15d = 0;
				goto 0xa58a51ea;
				r15d = 0;
				E00007FF77FF7A58BE348(0xa58e3e70, 0xa58e41c0, 0xa58e41c0);
				goto 0xa58a51f7;
				goto 0xa58a5254;
				_t493 =  *0xa591b590; // 0x19
				if (_t493 != 0) goto 0xa58a5246;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t429 =  *0xa591b590 - 0x7ff7a58e41d0; // 0x19
				if (_t429 != 0) goto 0xa58a5236;
				_t284 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t284 + 1;
				 *0xa591b590 = _t453;
				E00007FF77FF7A588BD58(_t453,  &_a16);
				_t494 =  *0xa591b590; // 0x19
				E00007FF77FF7A58974C4(_t453, _t619);
				E00007FF77FF7A5890908(_t494, _t673, _t453, _t619, 0x7ff7a58e41d0, _t494);
				if (_v136 == r15d) goto 0xa58a536c;
				if (_t619 != 0) goto 0xa58a530f;
				_t620 =  *0xa591b320; // 0x1a
				if (_t620 != 0) goto 0xa58a52b6;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t433 =  *0xa591b320 - 0x7ff7a58e41d0; // 0x1a
				if (_t433 != 0) goto 0xa58a52a6;
				_t291 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t291 + 1;
				 *0xa591b320 = _t453;
				E00007FF77FF7A588BD58(_t453,  &_a16);
				_t621 =  *0xa591b320; // 0x1a
				E00007FF77FF7A588AD90(_t453,  &_a16);
				_t495 = _t453;
				_v120 = _t453;
				if (_t453 == 0) goto 0xa58a5304;
				 *((intOrPtr*)(_t453 + 8)) = r15d;
				 *_t495 = 0xa58e2ab8;
				E00007FF77FF7A5893EF8(0xa58e2ab8, _t495,  &_v88, _t668);
				asm("movups xmm0, [eax]");
				asm("movups [ebx+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebx+0x20], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [ebx+0x30], xmm0");
				 *((intOrPtr*)(_t495 + 0x38)) =  *0x7FF7A58E2AE0;
				goto 0xa58a5307;
				goto 0xa58a5364;
				_t497 =  *0xa591b320; // 0x1a
				if (_t497 != 0) goto 0xa58a5356;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t436 =  *0xa591b320 - 0x7ff7a58e41d0; // 0x1a
				if (_t436 != 0) goto 0xa58a5346;
				_t299 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t299 + 1;
				 *0xa591b320 = 0xa58e2ab8;
				E00007FF77FF7A588BD58(0xa58e2ab8,  &_a16);
				_t498 =  *0xa591b320; // 0x1a
				E00007FF77FF7A58923D8(0xa58e2ab8, _t621);
				return E00007FF77FF7A5890908(_t498, _t673, 0xa58e2ab8, _t621, 0x7ff7a58e41d0, _t498);
			}

0x7ff7a58a46e8
0x7ff7a58a46e8
0x7ff7a58a46e8
0x7ff7a58a46e8
0x7ff7a58a46ed
0x7ff7a58a46f2
0x7ff7a58a470a
0x7ff7a58a470d
0x7ff7a58a4710
0x7ff7a58a4713
0x7ff7a58a4716
0x7ff7a58a471e
0x7ff7a58a4721
0x7ff7a58a472a
0x7ff7a58a4730
0x7ff7a58a473a
0x7ff7a58a4742
0x7ff7a58a4747
0x7ff7a58a474e
0x7ff7a58a4750
0x7ff7a58a4758
0x7ff7a58a4760
0x7ff7a58a476b
0x7ff7a58a4770
0x7ff7a58a477c
0x7ff7a58a4781
0x7ff7a58a4784
0x7ff7a58a478b
0x7ff7a58a478d
0x7ff7a58a4798
0x7ff7a58a479f
0x7ff7a58a47a4
0x7ff7a58a47a7
0x7ff7a58a47ab
0x7ff7a58a47af
0x7ff7a58a47b7
0x7ff7a58a47bc
0x7ff7a58a47bf
0x7ff7a58a47c3
0x7ff7a58a47c7
0x7ff7a58a47cb
0x7ff7a58a47d0
0x7ff7a58a47d8
0x7ff7a58a47db
0x7ff7a58a47e6
0x7ff7a58a47e8
0x7ff7a58a47f2
0x7ff7a58a47fa
0x7ff7a58a47ff
0x7ff7a58a4806
0x7ff7a58a4808
0x7ff7a58a4810
0x7ff7a58a4818
0x7ff7a58a4823
0x7ff7a58a4828
0x7ff7a58a4832
0x7ff7a58a4840
0x7ff7a58a4849
0x7ff7a58a484f
0x7ff7a58a4859
0x7ff7a58a485e
0x7ff7a58a4866
0x7ff7a58a486b
0x7ff7a58a4872
0x7ff7a58a4874
0x7ff7a58a487c
0x7ff7a58a4884
0x7ff7a58a488f
0x7ff7a58a4894
0x7ff7a58a48a0
0x7ff7a58a48a5
0x7ff7a58a48ac
0x7ff7a58a48ae
0x7ff7a58a48b9
0x7ff7a58a48bc
0x7ff7a58a48be
0x7ff7a58a48c1
0x7ff7a58a48c6
0x7ff7a58a48ce
0x7ff7a58a48d3
0x7ff7a58a48da
0x7ff7a58a48dc
0x7ff7a58a48e4
0x7ff7a58a48ec
0x7ff7a58a48f7
0x7ff7a58a48fc
0x7ff7a58a4906
0x7ff7a58a4917
0x7ff7a58a491c
0x7ff7a58a4926
0x7ff7a58a492b
0x7ff7a58a4933
0x7ff7a58a4938
0x7ff7a58a493f
0x7ff7a58a4941
0x7ff7a58a4949
0x7ff7a58a4951
0x7ff7a58a495c
0x7ff7a58a4961
0x7ff7a58a496d
0x7ff7a58a4972
0x7ff7a58a4979
0x7ff7a58a497b
0x7ff7a58a4986
0x7ff7a58a4989
0x7ff7a58a498b
0x7ff7a58a498e
0x7ff7a58a4993
0x7ff7a58a499b
0x7ff7a58a49a0
0x7ff7a58a49a7
0x7ff7a58a49a9
0x7ff7a58a49b1
0x7ff7a58a49b9
0x7ff7a58a49c4
0x7ff7a58a49c9
0x7ff7a58a49d3
0x7ff7a58a49e1
0x7ff7a58a49e9
0x7ff7a58a49ef
0x7ff7a58a49f9
0x7ff7a58a4a01
0x7ff7a58a4a06
0x7ff7a58a4a0d
0x7ff7a58a4a0f
0x7ff7a58a4a17
0x7ff7a58a4a1f
0x7ff7a58a4a2a
0x7ff7a58a4a2f
0x7ff7a58a4a3b
0x7ff7a58a4a40
0x7ff7a58a4a43
0x7ff7a58a4a4a
0x7ff7a58a4a4c
0x7ff7a58a4a57
0x7ff7a58a4a5a
0x7ff7a58a4a63
0x7ff7a58a4a69
0x7ff7a58a4a74
0x7ff7a58a4a76
0x7ff7a58a4a80
0x7ff7a58a4a88
0x7ff7a58a4a8d
0x7ff7a58a4a94
0x7ff7a58a4a96
0x7ff7a58a4a9e
0x7ff7a58a4aa6
0x7ff7a58a4ab1
0x7ff7a58a4ab6
0x7ff7a58a4ac0
0x7ff7a58a4ace
0x7ff7a58a4ad7
0x7ff7a58a4aeb
0x7ff7a58a4af4
0x7ff7a58a4afa
0x7ff7a58a4b04
0x7ff7a58a4b0c
0x7ff7a58a4b11
0x7ff7a58a4b18
0x7ff7a58a4b1a
0x7ff7a58a4b22
0x7ff7a58a4b2a
0x7ff7a58a4b35
0x7ff7a58a4b3a
0x7ff7a58a4b46
0x7ff7a58a4b4e
0x7ff7a58a4b55
0x7ff7a58a4b57
0x7ff7a58a4b62
0x7ff7a58a4b69
0x7ff7a58a4b6e
0x7ff7a58a4b71
0x7ff7a58a4b76
0x7ff7a58a4b81
0x7ff7a58a4b83
0x7ff7a58a4b8d
0x7ff7a58a4b95
0x7ff7a58a4b9a
0x7ff7a58a4ba1
0x7ff7a58a4ba3
0x7ff7a58a4bab
0x7ff7a58a4bb3
0x7ff7a58a4bbe
0x7ff7a58a4bc3
0x7ff7a58a4bcd
0x7ff7a58a4bdb
0x7ff7a58a4be4
0x7ff7a58a4bea
0x7ff7a58a4bf4
0x7ff7a58a4bf9
0x7ff7a58a4c01
0x7ff7a58a4c06
0x7ff7a58a4c0d
0x7ff7a58a4c0f
0x7ff7a58a4c17
0x7ff7a58a4c1f
0x7ff7a58a4c2a
0x7ff7a58a4c2f
0x7ff7a58a4c3b
0x7ff7a58a4c40
0x7ff7a58a4c47
0x7ff7a58a4c49
0x7ff7a58a4c54
0x7ff7a58a4c57
0x7ff7a58a4c59
0x7ff7a58a4c5c
0x7ff7a58a4c61
0x7ff7a58a4c69
0x7ff7a58a4c6e
0x7ff7a58a4c75
0x7ff7a58a4c77
0x7ff7a58a4c7f
0x7ff7a58a4c87
0x7ff7a58a4c92
0x7ff7a58a4c97
0x7ff7a58a4ca1
0x7ff7a58a4caf
0x7ff7a58a4cb8
0x7ff7a58a4cbe
0x7ff7a58a4cc8
0x7ff7a58a4ccd
0x7ff7a58a4cd5
0x7ff7a58a4cda
0x7ff7a58a4ce1
0x7ff7a58a4ce3
0x7ff7a58a4ceb
0x7ff7a58a4cf3
0x7ff7a58a4cfe
0x7ff7a58a4d03
0x7ff7a58a4d0f
0x7ff7a58a4d14
0x7ff7a58a4d1b
0x7ff7a58a4d1d
0x7ff7a58a4d28
0x7ff7a58a4d2b
0x7ff7a58a4d2d
0x7ff7a58a4d30
0x7ff7a58a4d35
0x7ff7a58a4d3d
0x7ff7a58a4d42
0x7ff7a58a4d49
0x7ff7a58a4d4b
0x7ff7a58a4d53
0x7ff7a58a4d5b
0x7ff7a58a4d66
0x7ff7a58a4d6b
0x7ff7a58a4d75
0x7ff7a58a4d7a
0x7ff7a58a4d86
0x7ff7a58a4d8d
0x7ff7a58a4d97
0x7ff7a58a4d9c
0x7ff7a58a4da4
0x7ff7a58a4da9
0x7ff7a58a4db0
0x7ff7a58a4db2
0x7ff7a58a4dba
0x7ff7a58a4dc2
0x7ff7a58a4dcd
0x7ff7a58a4dd2
0x7ff7a58a4dde
0x7ff7a58a4de3
0x7ff7a58a4dea
0x7ff7a58a4dec
0x7ff7a58a4df6
0x7ff7a58a4df9
0x7ff7a58a4dfb
0x7ff7a58a4dfe
0x7ff7a58a4e03
0x7ff7a58a4e0b
0x7ff7a58a4e10
0x7ff7a58a4e17
0x7ff7a58a4e19
0x7ff7a58a4e21
0x7ff7a58a4e29
0x7ff7a58a4e34
0x7ff7a58a4e39
0x7ff7a58a4e43
0x7ff7a58a4e51
0x7ff7a58a4e56
0x7ff7a58a4e60
0x7ff7a58a4e69
0x7ff7a58a4e71
0x7ff7a58a4e76
0x7ff7a58a4e7d
0x7ff7a58a4e7f
0x7ff7a58a4e87
0x7ff7a58a4e8f
0x7ff7a58a4e9a
0x7ff7a58a4e9f
0x7ff7a58a4eab
0x7ff7a58a4eb0
0x7ff7a58a4eb3
0x7ff7a58a4eba
0x7ff7a58a4ebc
0x7ff7a58a4ec7
0x7ff7a58a4eca
0x7ff7a58a4ece
0x7ff7a58a4ed7
0x7ff7a58a4ee4
0x7ff7a58a4ee7
0x7ff7a58a4eeb
0x7ff7a58a4ef0
0x7ff7a58a4ef8
0x7ff7a58a4efd
0x7ff7a58a4f04
0x7ff7a58a4f06
0x7ff7a58a4f0e
0x7ff7a58a4f16
0x7ff7a58a4f21
0x7ff7a58a4f26
0x7ff7a58a4f30
0x7ff7a58a4f41
0x7ff7a58a4f46
0x7ff7a58a4f4c
0x7ff7a58a4f52
0x7ff7a58a4f5c
0x7ff7a58a4f64
0x7ff7a58a4f69
0x7ff7a58a4f70
0x7ff7a58a4f72
0x7ff7a58a4f7a
0x7ff7a58a4f82
0x7ff7a58a4f8d
0x7ff7a58a4f92
0x7ff7a58a4f9e
0x7ff7a58a4fa6
0x7ff7a58a4fad
0x7ff7a58a4faf
0x7ff7a58a4fba
0x7ff7a58a4fbd
0x7ff7a58a4fc1
0x7ff7a58a4fca
0x7ff7a58a4fd7
0x7ff7a58a4fda
0x7ff7a58a4fe5
0x7ff7a58a4fe7
0x7ff7a58a4ff1
0x7ff7a58a4ff9
0x7ff7a58a4ffe
0x7ff7a58a5005
0x7ff7a58a5007
0x7ff7a58a500f
0x7ff7a58a5017
0x7ff7a58a5022
0x7ff7a58a5027
0x7ff7a58a5031
0x7ff7a58a503f
0x7ff7a58a5048
0x7ff7a58a504e
0x7ff7a58a5058
0x7ff7a58a5061
0x7ff7a58a5069
0x7ff7a58a506e
0x7ff7a58a5075
0x7ff7a58a5077
0x7ff7a58a507f
0x7ff7a58a5087
0x7ff7a58a5092
0x7ff7a58a5097
0x7ff7a58a50a3
0x7ff7a58a50ab
0x7ff7a58a50b2
0x7ff7a58a50b4
0x7ff7a58a50bf
0x7ff7a58a50c2
0x7ff7a58a50c6
0x7ff7a58a50ca
0x7ff7a58a50ce
0x7ff7a58a50da
0x7ff7a58a50e4
0x7ff7a58a50e7
0x7ff7a58a50ec
0x7ff7a58a50f1
0x7ff7a58a50f9
0x7ff7a58a50fe
0x7ff7a58a5105
0x7ff7a58a5107
0x7ff7a58a510f
0x7ff7a58a5117
0x7ff7a58a5122
0x7ff7a58a5127
0x7ff7a58a5131
0x7ff7a58a5142
0x7ff7a58a514a
0x7ff7a58a5150
0x7ff7a58a515a
0x7ff7a58a5162
0x7ff7a58a5167
0x7ff7a58a516e
0x7ff7a58a5170
0x7ff7a58a5178
0x7ff7a58a5180
0x7ff7a58a518b
0x7ff7a58a519c
0x7ff7a58a51a4
0x7ff7a58a51ab
0x7ff7a58a51ad
0x7ff7a58a51b8
0x7ff7a58a51bf
0x7ff7a58a51c3
0x7ff7a58a51cb
0x7ff7a58a51d2
0x7ff7a58a51d7
0x7ff7a58a51dc
0x7ff7a58a51df
0x7ff7a58a51e5
0x7ff7a58a51e7
0x7ff7a58a51ed
0x7ff7a58a51f2
0x7ff7a58a51fd
0x7ff7a58a51ff
0x7ff7a58a5209
0x7ff7a58a5211
0x7ff7a58a5216
0x7ff7a58a521d
0x7ff7a58a521f
0x7ff7a58a5227
0x7ff7a58a522f
0x7ff7a58a523a
0x7ff7a58a523f
0x7ff7a58a5249
0x7ff7a58a5257
0x7ff7a58a5260
0x7ff7a58a5269
0x7ff7a58a526f
0x7ff7a58a5279
0x7ff7a58a5281
0x7ff7a58a5286
0x7ff7a58a528d
0x7ff7a58a528f
0x7ff7a58a5297
0x7ff7a58a529f
0x7ff7a58a52aa
0x7ff7a58a52af
0x7ff7a58a52bb
0x7ff7a58a52c0
0x7ff7a58a52c3
0x7ff7a58a52ca
0x7ff7a58a52cc
0x7ff7a58a52d7
0x7ff7a58a52de
0x7ff7a58a52e3
0x7ff7a58a52e6
0x7ff7a58a52ea
0x7ff7a58a52ee
0x7ff7a58a52f2
0x7ff7a58a52f7
0x7ff7a58a52ff
0x7ff7a58a5302
0x7ff7a58a530d
0x7ff7a58a530f
0x7ff7a58a5319
0x7ff7a58a5321
0x7ff7a58a5326
0x7ff7a58a532d
0x7ff7a58a532f
0x7ff7a58a5337
0x7ff7a58a533f
0x7ff7a58a534a
0x7ff7a58a534f
0x7ff7a58a5359
0x7ff7a58a538c

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4742
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A476B
_Getctype.LIBCPMT ref: 00007FF7A58A479F
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A47FA
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4823
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4866
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A488F
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A48CE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A48F7
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4933
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A495C
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A499B
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A49C4
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4A01
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4A2A
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4A88
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4AB1
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4B0C
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4B35
_Getcoll.LIBCPMT ref: 00007FF7A58A4B69
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4B95
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4BBE
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4C01
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4C2A
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4CD5
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4CFE
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4DA4
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4DCD
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4E71
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4E9A
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4EF8
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4F21
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4F64
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4F8D
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4FF9
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A5022
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A5069
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A5092

Part of subcall function 00007FF7A58A2D9C: _Getvals.LIBCPMT ref: 00007FF7A58A2E18

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A50F9
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A5122
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A5162
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A518B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A5211
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A523A
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A5281
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A52AA
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A5321
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A534A

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$GetcollGetctypeGetvals
String ID:
API String ID: 553569086-0
Opcode ID: 05e775ad44b450364015bdaee1b73591395b6770013d27c1086b9351397dacbf
Instruction ID: 0b753d57d4740279c303084e5023b075e65f020b08884d4b3a3565327cba7c8a
Opcode Fuzzy Hash: 05e775ad44b450364015bdaee1b73591395b6770013d27c1086b9351397dacbf
Instruction Fuzzy Hash: 6C823221A0B65688EB81FB11D8411B9A3A2FF56F84FC74575EA0E4B7B5DF3CE4618320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58A3A40 Relevance: 81.8, APIs: 54, Instructions: 808
COMMONCrypto

Download Yara Rule

C-Code - Quality: 61%

			E00007FF77FF7A58A3A40(signed int __edx, void* __eflags, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __r8, void* __r9, void* __r10, long long _a8, char _a16, long long _a24, long long _a32) {
				void* _v40;
				char _v88;
				long long _v120;
				long long _v128;
				signed int _v136;
				void* __rbp;
				intOrPtr _t119;
				intOrPtr _t128;
				intOrPtr _t135;
				intOrPtr _t141;
				intOrPtr _t148;
				intOrPtr _t154;
				intOrPtr _t161;
				intOrPtr _t168;
				intOrPtr _t179;
				intOrPtr _t186;
				intOrPtr _t193;
				intOrPtr _t199;
				intOrPtr _t206;
				intOrPtr _t212;
				intOrPtr _t219;
				intOrPtr _t225;
				intOrPtr _t232;
				intOrPtr _t239;
				intOrPtr _t246;
				intOrPtr _t253;
				intOrPtr _t260;
				intOrPtr _t268;
				intOrPtr _t275;
				intOrPtr _t284;
				intOrPtr _t291;
				intOrPtr _t299;
				void* _t354;
				void* _t357;
				void* _t361;
				void* _t364;
				void* _t367;
				void* _t370;
				void* _t373;
				void* _t376;
				void* _t380;
				void* _t383;
				void* _t387;
				void* _t390;
				void* _t394;
				void* _t397;
				void* _t400;
				void* _t403;
				void* _t406;
				void* _t409;
				void* _t412;
				void* _t415;
				void* _t419;
				void* _t422;
				void* _t425;
				void* _t429;
				void* _t433;
				void* _t436;
				long long _t438;
				long long* _t440;
				long long* _t441;
				long long* _t444;
				long long* _t445;
				long long _t446;
				long long _t453;
				long long* _t456;
				intOrPtr _t458;
				intOrPtr _t459;
				intOrPtr _t460;
				intOrPtr _t461;
				intOrPtr _t462;
				intOrPtr _t463;
				intOrPtr _t464;
				intOrPtr _t465;
				intOrPtr _t468;
				intOrPtr _t469;
				intOrPtr _t472;
				intOrPtr _t473;
				intOrPtr _t474;
				intOrPtr _t475;
				intOrPtr _t476;
				intOrPtr _t477;
				intOrPtr _t478;
				intOrPtr _t479;
				intOrPtr _t480;
				intOrPtr _t481;
				intOrPtr _t482;
				long long* _t483;
				intOrPtr _t487;
				intOrPtr _t488;
				intOrPtr _t493;
				intOrPtr _t494;
				long long* _t495;
				intOrPtr _t497;
				intOrPtr _t498;
				void* _t619;
				intOrPtr _t620;
				intOrPtr _t621;
				intOrPtr _t624;
				intOrPtr _t625;
				intOrPtr _t627;
				intOrPtr _t628;
				intOrPtr _t629;
				long long _t630;
				intOrPtr _t631;
				intOrPtr _t632;
				intOrPtr _t633;
				intOrPtr _t634;
				intOrPtr _t635;
				intOrPtr _t636;
				intOrPtr _t637;
				intOrPtr _t638;
				void* _t643;
				intOrPtr _t670;
				void* _t672;
				long long _t673;
				long long* _t674;
				long long _t675;

				_t668 = __r10;
				_t667 = __r9;
				_t438 = __rax;
				_a8 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t619 = __r9;
				_t673 = __r8;
				r12d = __edx;
				_t672 = __rcx;
				r15d = 0;
				_v136 = __edx & 0x00000002;
				if (__eflags == 0) goto 0xa58a3b9d;
				if (__r9 != 0) goto 0xa58a3b40;
				_t624 =  *0xa591b308; // 0x1b
				if (_t624 != 0) goto 0xa58a3acf;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t354 =  *0xa591b308 - _t674; // 0x1b
				if (_t354 != 0) goto 0xa58a3abf;
				_t119 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t119 + 1;
				 *0xa591b308 = _t438;
				E00007FF77FF7A588BD58(_t438,  &_a16);
				_t625 =  *0xa591b308; // 0x1b
				E00007FF77FF7A588AD90(_t438,  &_a16);
				_t456 = _t438;
				_v128 = _t438;
				if (_t438 == 0) goto 0xa58a3b35;
				 *((intOrPtr*)(_t438 + 8)) = r15d;
				 *_t456 = 0xa58e3df0;
				E00007FF77FF7A5893D04(0xa58e3df0,  &_v120, __rdx, __r8); // executed
				asm("movups xmm0, [eax]");
				asm("movups [ebx+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebx+0x20], xmm1");
				E00007FF77FF7A5893EF8(0xa58e3df0, _t456,  &_v88, __r10);
				asm("movups xmm0, [eax]");
				asm("movups [ebx+0x30], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebx+0x40], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [ebx+0x50], xmm0");
				 *((intOrPtr*)(_t456 + 0x58)) =  *0x7FF7A58E3E18;
				goto 0xa58a3b38;
				goto 0xa58a3b95;
				_t458 =  *0xa591b308; // 0x1b
				if (_t458 != 0) goto 0xa58a3b87;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t357 =  *0xa591b308 - _t674; // 0x1b
				if (_t357 != 0) goto 0xa58a3b77;
				_t128 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t128 + 1;
				 *0xa591b308 = 0xa58e3df0;
				E00007FF77FF7A588BD58(0xa58e3df0,  &_a16);
				_t459 =  *0xa591b308; // 0x1b
				E00007FF77FF7A5895EE4(0xa58e3df0, _t619);
				E00007FF77FF7A5890908(_t459, __r8, 0xa58e3df0, _t619, _t625, _t459);
				if ((r12b & 0x00000008) == 0) goto 0xa58a3e2b;
				_t460 =  *0xa591b5e8; // 0x1c
				if (_t619 != 0) goto 0xa58a3c1b;
				if (_t460 != 0) goto 0xa58a3bf3;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t361 =  *0xa591b5e8 - _t674; // 0x1c
				if (_t361 != 0) goto 0xa58a3be3;
				_t135 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t135 + 1;
				 *0xa591b5e8 = 0xa58e3df0;
				E00007FF77FF7A588BD58(0xa58e3df0,  &_a16);
				_t461 =  *0xa591b5e8; // 0x1c
				E00007FF77FF7A588AD90(0xa58e3df0,  &_a16);
				_v128 = 0xa58e3df0;
				if (0xa58e3df0 == 0) goto 0xa58a3c16;
				 *0x7FF7A58E3DF8 = r15d;
				 *0xa58e3df0 = 0xa58e4218;
				goto 0xa58a3c63;
				_t440 = _t674;
				goto 0xa58a3c63;
				if (_t461 != 0) goto 0xa58a3c5b;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t364 =  *0xa591b5e8 - _t674; // 0x1c
				if (_t364 != 0) goto 0xa58a3c4b;
				_t141 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t141 + 1;
				 *0xa591b5e8 = _t440;
				E00007FF77FF7A588BD58(_t440,  &_a16);
				_t462 =  *0xa591b5e8; // 0x1c
				E00007FF77FF7A5896AEC(_t440, _t619);
				E00007FF77FF7A5890908(_t462, __r8, _t440, _t619, __r8, _t462);
				_t463 =  *0xa591b5f0; // 0x1d
				if (_t619 != 0) goto 0xa58a3ce8;
				if (_t463 != 0) goto 0xa58a3cc0;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t367 =  *0xa591b5f0 - _t674; // 0x1d
				if (_t367 != 0) goto 0xa58a3cb0;
				_t148 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t148 + 1;
				 *0xa591b5f0 = _t440;
				E00007FF77FF7A588BD58(_t440,  &_a16);
				_t464 =  *0xa591b5f0; // 0x1d
				E00007FF77FF7A588AD90(_t440,  &_a16);
				_v128 = _t440;
				if (_t440 == 0) goto 0xa58a3ce3;
				 *((intOrPtr*)(_t440 + 8)) = r15d;
				 *_t440 = 0xa58e4290;
				goto 0xa58a3d30;
				_t441 = _t674;
				goto 0xa58a3d30;
				if (_t464 != 0) goto 0xa58a3d28;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t370 =  *0xa591b5f0 - _t674; // 0x1d
				if (_t370 != 0) goto 0xa58a3d18;
				_t154 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t154 + 1;
				 *0xa591b5f0 = _t441;
				E00007FF77FF7A588BD58(_t441,  &_a16);
				_t465 =  *0xa591b5f0; // 0x1d
				E00007FF77FF7A5896D1C(_t441, _t619);
				E00007FF77FF7A5890908(_t465, __r8, _t441, _t619, __r8, _t465);
				if (_t619 != 0) goto 0xa58a3dce;
				_t627 =  *0xa591b5f8; // 0x1e
				if (_t627 != 0) goto 0xa58a3d8e;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t373 =  *0xa591b5f8 - _t674; // 0x1e
				if (_t373 != 0) goto 0xa58a3d7e;
				_t161 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t161 + 1;
				 *0xa591b5f8 = _t441;
				E00007FF77FF7A588BD58(_t441,  &_a16);
				_t628 =  *0xa591b5f8; // 0x1e
				E00007FF77FF7A588AD90(_t441,  &_a16);
				_t466 = _t441;
				_v128 = _t441;
				if (_t441 == 0) goto 0xa58a3dc3;
				 *((intOrPtr*)(_t441 + 8)) = r15d;
				 *_t441 = 0xa58e42f0;
				r8d = 0;
				E00007FF77FF7A58A2EE4(_t441, _t466, _t672, _t628, _t667, __r10);
				goto 0xa58a3dc6;
				goto 0xa58a3e23;
				_t468 =  *0xa591b5f8; // 0x1e
				if (_t468 != 0) goto 0xa58a3e15;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t376 =  *0xa591b5f8 - _t674; // 0x1e
				if (_t376 != 0) goto 0xa58a3e05;
				_t168 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t168 + 1;
				 *0xa591b5f8 = 0xa58e42f0;
				E00007FF77FF7A588BD58(0xa58e42f0,  &_a16);
				_t469 =  *0xa591b5f8; // 0x1e
				E00007FF77FF7A5896F4C(0xa58e42f0, _t619);
				E00007FF77FF7A5890908(_t469, _t673, 0xa58e42f0, _t619, _t628, _t469);
				E00007FF77FF7A589874C(0, _t469, _t673, 0xa58e42f0, _t667);
				if ((r12d & 0x00000001 << 0 >> 0x00000001) == 0) goto 0xa58a3f38;
				if (_t619 != 0) goto 0xa58a3edb;
				_t629 =  *0xa591b600; // 0x1f
				if (_t629 != 0) goto 0xa58a3e99;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t380 =  *0xa591b600 - _t674; // 0x1f
				if (_t380 != 0) goto 0xa58a3e89;
				_t179 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t179 + 1;
				 *0xa591b600 = 0xa58e42f0;
				E00007FF77FF7A588BD58(0xa58e42f0,  &_a16);
				_t630 =  *0xa591b600; // 0x1f
				E00007FF77FF7A588AD90(0xa58e42f0,  &_a16);
				_v128 = 0xa58e42f0;
				if (0xa58e42f0 == 0) goto 0xa58a3ed0;
				 *0x7FF7A58E42F8 = r15d;
				 *0xa58e42f0 = 0xa58e4338;
				E00007FF77FF7A58B4E38(0xa58e4338,  &_v120);
				asm("movups xmm0, [eax]");
				asm("movdqu [ebx+0x10], xmm0");
				goto 0xa58a3ed3;
				goto 0xa58a3f30;
				_t472 =  *0xa591b600; // 0x1f
				if (_t472 != 0) goto 0xa58a3f22;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t383 =  *0xa591b600 - _t674; // 0x1f
				if (_t383 != 0) goto 0xa58a3f12;
				_t186 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t186 + 1;
				 *0xa591b600 = 0xa58e4338;
				E00007FF77FF7A588BD58(0xa58e4338,  &_a16);
				_t473 =  *0xa591b600; // 0x1f
				E00007FF77FF7A5895CB4(0xa58e4338, _t619);
				E00007FF77FF7A5890908(_t473, _t673, 0xa58e4338, _t619, _t630, _t473);
				if ((r12b & 0x00000020) == 0) goto 0xa58a400c;
				_t474 =  *0xa591b608; // 0x20
				if (_t619 != 0) goto 0xa58a3fb6;
				if (_t474 != 0) goto 0xa58a3f8e;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t387 =  *0xa591b608 - _t674; // 0x20
				if (_t387 != 0) goto 0xa58a3f7e;
				_t193 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t193 + 1;
				 *0xa591b608 = 0xa58e4338;
				E00007FF77FF7A588BD58(0xa58e4338,  &_a16);
				_t475 =  *0xa591b608; // 0x20
				E00007FF77FF7A588AD90(0xa58e4338,  &_a16);
				_v128 = 0xa58e4338;
				if (0xa58e4338 == 0) goto 0xa58a3fb1;
				 *0x7FF7A58E4340 = r15d;
				 *0xa58e4338 = 0xa58e4370;
				goto 0xa58a3ffe;
				_t444 = _t674;
				goto 0xa58a3ffe;
				if (_t475 != 0) goto 0xa58a3ff6;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t390 =  *0xa591b608 - _t674; // 0x20
				if (_t390 != 0) goto 0xa58a3fe6;
				_t199 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t199 + 1;
				 *0xa591b608 = _t444;
				E00007FF77FF7A588BD58(_t444,  &_a16);
				_t476 =  *0xa591b608; // 0x20
				E00007FF77FF7A5895FFC(_t444, _t619);
				E00007FF77FF7A5890908(_t476, _t673, _t444, _t619, _t630, _t476);
				if ((r12b & 0x00000004) == 0) goto 0xa58a439c;
				_t477 =  *0xa591b610; // 0x21
				if (_t619 != 0) goto 0xa58a408a;
				if (_t477 != 0) goto 0xa58a4062;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t394 =  *0xa591b610 - _t674; // 0x21
				if (_t394 != 0) goto 0xa58a4052;
				_t206 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t206 + 1;
				 *0xa591b610 = _t444;
				E00007FF77FF7A588BD58(_t444,  &_a16);
				_t478 =  *0xa591b610; // 0x21
				E00007FF77FF7A588AD90(_t444,  &_a16);
				_v128 = _t444;
				if (_t444 == 0) goto 0xa58a4085;
				 *((intOrPtr*)(_t444 + 8)) = r15d;
				 *_t444 = 0xa58e43a8;
				goto 0xa58a40d2;
				_t445 = _t674;
				goto 0xa58a40d2;
				if (_t478 != 0) goto 0xa58a40ca;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t397 =  *0xa591b610 - _t674; // 0x21
				if (_t397 != 0) goto 0xa58a40ba;
				_t212 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t212 + 1;
				 *0xa591b610 = _t445;
				E00007FF77FF7A588BD58(_t445,  &_a16);
				_t479 =  *0xa591b610; // 0x21
				E00007FF77FF7A589622C(_t445, _t619);
				_t675 = _t673;
				E00007FF77FF7A5890908(_t479, _t673, _t445, _t619, _t630, _t479);
				_t480 =  *0xa591b618; // 0x22
				if (_t619 != 0) goto 0xa58a4158;
				if (_t480 != 0) goto 0xa58a4131;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t400 =  *0xa591b618 - _t630; // 0x22
				if (_t400 != 0) goto 0xa58a4121;
				_t219 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t219 + 1;
				 *0xa591b618 = _t445;
				E00007FF77FF7A588BD58(_t445,  &_a16);
				_t481 =  *0xa591b618; // 0x22
				E00007FF77FF7A588AD90(_t445,  &_a16);
				_v128 = _t445;
				if (_t445 == 0) goto 0xa58a4153;
				 *((intOrPtr*)(_t445 + 8)) = 0;
				 *_t445 = 0xa58e43d8;
				goto 0xa58a41a0;
				_t446 = _t630;
				goto 0xa58a41a0;
				if (_t481 != 0) goto 0xa58a4198;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t403 =  *0xa591b618 - _t630; // 0x22
				if (_t403 != 0) goto 0xa58a4188;
				_t225 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t225 + 1;
				 *0xa591b618 = _t446;
				E00007FF77FF7A588BD58(_t446,  &_a16);
				_t482 =  *0xa591b618; // 0x22
				E00007FF77FF7A589645C(_t446, _t619);
				E00007FF77FF7A5890908(_t482, _t675, _t446, _t619, _t630, _t482);
				_t631 =  *0xa591b620; // 0x23
				if (_t619 != 0) goto 0xa58a4245;
				if (_t631 != 0) goto 0xa58a41fe;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t406 =  *0xa591b620 - _t619; // 0x23
				if (_t406 != 0) goto 0xa58a41ee;
				_t232 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t232 + 1;
				 *0xa591b620 = _t446;
				E00007FF77FF7A588BD58(_t446,  &_a16);
				_t632 =  *0xa591b620; // 0x23
				E00007FF77FF7A588AD90(_t446,  &_a16);
				_t483 = _t446;
				_v128 = _t446;
				if (_t446 == 0) goto 0xa58a4241;
				 *(_t446 + 8) =  *(_t446 + 8) & 0x00000000;
				 *_t483 = 0xa58e4408;
				 *((char*)(_t483 + 0x44)) = 0;
				r8d = 0;
				E00007FF77FF7A58A2C54(_t446, 0xa58e4408, _t483, _t483, _t672, _t643, _t667, __r10);
				 *_t483 = 0xa58e4470;
				goto 0xa58a4243;
				goto 0xa58a4290;
				if (_t632 != 0) goto 0xa58a4285;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t409 =  *0xa591b620 - _t632; // 0x23
				if (_t409 != 0) goto 0xa58a4275;
				_t239 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t239 + 1;
				 *0xa591b620 = 0xa58e4470;
				E00007FF77FF7A588BD58(0xa58e4470,  &_a16);
				_t633 =  *0xa591b620; // 0x23
				E00007FF77FF7A58967A4(0xa58e4470, _t619);
				E00007FF77FF7A5890908(0xa58e4470, _t675, 0xa58e4470, _t619, _t633, _t633);
				r15d = 0;
				if (_t619 != 0) goto 0xa58a433f;
				_t634 =  *0xa591b628; // 0x24
				if (_t634 != 0) goto 0xa58a42f1;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t412 =  *0xa591b628 - _t675; // 0x24
				if (_t412 != 0) goto 0xa58a42e1;
				_t246 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t246 + 1;
				 *0xa591b628 = 0xa58e4470;
				E00007FF77FF7A588BD58(0xa58e4470,  &_a16);
				_t635 =  *0xa591b628; // 0x24
				E00007FF77FF7A588AD90(0xa58e4470,  &_a16);
				_v128 = 0xa58e4470;
				if (0xa58e4470 == 0) goto 0xa58a4334;
				 *0x7FF7A58E4478 = r15d;
				 *0xa58e4470 = 0xa58e4408;
				 *0x7FF7A58E44B4 = 1;
				r8d = 0;
				E00007FF77FF7A58A2C54(0xa58e4470, 0xa58e4408, 0xa58e4470, 0xa58e4470, _t672, _t643, _t667, _t668);
				 *0xa58e4470 = 0xa58e44d8;
				goto 0xa58a4337;
				goto 0xa58a4394;
				_t487 =  *0xa591b628; // 0x24
				if (_t487 != 0) goto 0xa58a4386;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t415 =  *0xa591b628 - _t675; // 0x24
				if (_t415 != 0) goto 0xa58a4376;
				_t253 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t253 + 1;
				 *0xa591b628 = 0xa58e44d8;
				E00007FF77FF7A588BD58(0xa58e44d8,  &_a16);
				_t488 =  *0xa591b628; // 0x24
				E00007FF77FF7A589668C(0xa58e44d8, _t619);
				E00007FF77FF7A5890908(_t488, _t673, 0xa58e44d8, _t619, _t635, _t488);
				if ((r12b & 0x00000010) == 0) goto 0xa58a45b4;
				_t636 =  *0xa591b630; // 0x25
				if (_t619 != 0) goto 0xa58a4446;
				if (_t636 != 0) goto 0xa58a43f6;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t419 =  *0xa591b630 - _t675; // 0x25
				if (_t419 != 0) goto 0xa58a43e6;
				_t260 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t260 + 1;
				 *0xa591b630 = 0xa58e44d8;
				E00007FF77FF7A588BD58(0xa58e44d8,  &_a16);
				_t637 =  *0xa591b630; // 0x25
				E00007FF77FF7A588AD90(0xa58e44d8,  &_a16);
				_v128 = 0xa58e44d8;
				if (0xa58e44d8 == 0) goto 0xa58a4441;
				 *0x7FF7A58E44E0 = r15d;
				 *0xa58e44d8 = 0xa58e4540;
				 *0x7FF7A58E44E8 = _t675;
				 *0x7FF7A58E44F0 = _t675;
				 *0x7FF7A58E44F8 = _t675;
				_v120 = 0xa58e44d8;
				E00007FF77FF7A5894FB4(0xa58e44d8, 0xa58e44d8, _t619, _t637, _t672, _t668);
				 *0x7FF7A58E4500 = E00007FF77FF7A58B4F3C(0xa58e44d8, 0xa58e4540, _t667);
				goto 0xa58a4444;
				goto 0xa58a4491;
				if (_t637 != 0) goto 0xa58a4486;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t422 =  *0xa591b630 - _t675; // 0x25
				if (_t422 != 0) goto 0xa58a4476;
				_t268 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t268 + 1;
				 *0xa591b630 = 0xa58e4540;
				E00007FF77FF7A588BD58(0xa58e4540,  &_a16);
				_t638 =  *0xa591b630; // 0x25
				E00007FF77FF7A589717C(0xa58e4540, _t619);
				E00007FF77FF7A5890908(0xa58e4540, _t673, 0xa58e4540, _t619, _t638, _t638);
				if (_t619 != 0) goto 0xa58a4557;
				_t670 =  *0xa591b638; // 0x26
				if (_t670 != 0) goto 0xa58a44ef;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t425 =  *0xa591b638 - _t675; // 0x26
				if (_t425 != 0) goto 0xa58a44df;
				_t275 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t275 + 1;
				 *0xa591b638 = 0xa58e4540;
				E00007FF77FF7A588BD58(0xa58e4540,  &_a16);
				E00007FF77FF7A588AD90(0xa58e4540,  &_a16);
				_v120 = 0xa58e4540;
				if (0xa58e4540 == 0) goto 0xa58a454c;
				 *0x7FF7A58E4548 = r15d;
				 *0xa58e4540 = 0xa58e4598;
				 *0x7FF7A58E4550 =  *0x7FF7A58E4550 & 0x00000000;
				E00007FF77FF7A58CC854(0xa58e4540, 0xa58e4540, 0xa58e4540, 0xa58e4540);
				_t453 =  &_v120;
				if (0x7ff7a58e4550 == _t453) goto 0xa58a453f;
				E00007FF77FF7A58BE348(0xa58e4598, 0xa58e4540, 0xa58e4540);
				 *0x7FF7A58E4550 = 0xa58e4598;
				r15d = 0;
				goto 0xa58a4542;
				r15d = 0;
				E00007FF77FF7A58BE348(0xa58e4598, 0xa58e4540, 0xa58e4540);
				goto 0xa58a454f;
				goto 0xa58a45ac;
				_t493 =  *0xa591b638; // 0x26
				if (_t493 != 0) goto 0xa58a459e;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t429 =  *0xa591b638 - 0x7ff7a58e4550; // 0x26
				if (_t429 != 0) goto 0xa58a458e;
				_t284 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t284 + 1;
				 *0xa591b638 = _t453;
				E00007FF77FF7A588BD58(_t453,  &_a16);
				_t494 =  *0xa591b638; // 0x26
				E00007FF77FF7A58973AC(_t453, _t619);
				E00007FF77FF7A5890908(_t494, _t673, _t453, _t619, 0x7ff7a58e4550, _t494);
				if (_v136 == r15d) goto 0xa58a46c4;
				if (_t619 != 0) goto 0xa58a4667;
				_t620 =  *0xa591b300; // 0x27
				if (_t620 != 0) goto 0xa58a460e;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t433 =  *0xa591b300 - 0x7ff7a58e4550; // 0x27
				if (_t433 != 0) goto 0xa58a45fe;
				_t291 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t291 + 1;
				 *0xa591b300 = _t453;
				E00007FF77FF7A588BD58(_t453,  &_a16);
				_t621 =  *0xa591b300; // 0x27
				E00007FF77FF7A588AD90(_t453,  &_a16);
				_t495 = _t453;
				_v120 = _t453;
				if (_t453 == 0) goto 0xa58a465c;
				 *((intOrPtr*)(_t453 + 8)) = r15d;
				 *_t495 = 0xa58e3d98;
				E00007FF77FF7A5893EF8(0xa58e3d98, _t495,  &_v88, _t668);
				asm("movups xmm0, [eax]");
				asm("movups [ebx+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebx+0x20], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [ebx+0x30], xmm0");
				 *((intOrPtr*)(_t495 + 0x38)) =  *0x7FF7A58E3DC0;
				goto 0xa58a465f;
				goto 0xa58a46bc;
				_t497 =  *0xa591b300; // 0x27
				if (_t497 != 0) goto 0xa58a46ae;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t436 =  *0xa591b300 - 0x7ff7a58e4550; // 0x27
				if (_t436 != 0) goto 0xa58a469e;
				_t299 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t299 + 1;
				 *0xa591b300 = 0xa58e3d98;
				E00007FF77FF7A588BD58(0xa58e3d98,  &_a16);
				_t498 =  *0xa591b300; // 0x27
				E00007FF77FF7A5895B9C(0xa58e3d98, _t621);
				return E00007FF77FF7A5890908(_t498, _t673, 0xa58e3d98, _t621, 0x7ff7a58e4550, _t498);
			}

0x7ff7a58a3a40
0x7ff7a58a3a40
0x7ff7a58a3a40
0x7ff7a58a3a40
0x7ff7a58a3a45
0x7ff7a58a3a4a
0x7ff7a58a3a62
0x7ff7a58a3a65
0x7ff7a58a3a68
0x7ff7a58a3a6b
0x7ff7a58a3a6e
0x7ff7a58a3a76
0x7ff7a58a3a79
0x7ff7a58a3a82
0x7ff7a58a3a88
0x7ff7a58a3a92
0x7ff7a58a3a9a
0x7ff7a58a3a9f
0x7ff7a58a3aa6
0x7ff7a58a3aa8
0x7ff7a58a3ab0
0x7ff7a58a3ab8
0x7ff7a58a3ac3
0x7ff7a58a3ac8
0x7ff7a58a3ad4
0x7ff7a58a3ad9
0x7ff7a58a3adc
0x7ff7a58a3ae3
0x7ff7a58a3ae5
0x7ff7a58a3af0
0x7ff7a58a3af7
0x7ff7a58a3afc
0x7ff7a58a3aff
0x7ff7a58a3b03
0x7ff7a58a3b07
0x7ff7a58a3b0f
0x7ff7a58a3b14
0x7ff7a58a3b17
0x7ff7a58a3b1b
0x7ff7a58a3b1f
0x7ff7a58a3b23
0x7ff7a58a3b28
0x7ff7a58a3b30
0x7ff7a58a3b33
0x7ff7a58a3b3e
0x7ff7a58a3b40
0x7ff7a58a3b4a
0x7ff7a58a3b52
0x7ff7a58a3b57
0x7ff7a58a3b5e
0x7ff7a58a3b60
0x7ff7a58a3b68
0x7ff7a58a3b70
0x7ff7a58a3b7b
0x7ff7a58a3b80
0x7ff7a58a3b8a
0x7ff7a58a3b98
0x7ff7a58a3ba1
0x7ff7a58a3ba7
0x7ff7a58a3bb1
0x7ff7a58a3bb6
0x7ff7a58a3bbe
0x7ff7a58a3bc3
0x7ff7a58a3bca
0x7ff7a58a3bcc
0x7ff7a58a3bd4
0x7ff7a58a3bdc
0x7ff7a58a3be7
0x7ff7a58a3bec
0x7ff7a58a3bf8
0x7ff7a58a3bfd
0x7ff7a58a3c04
0x7ff7a58a3c06
0x7ff7a58a3c11
0x7ff7a58a3c14
0x7ff7a58a3c16
0x7ff7a58a3c19
0x7ff7a58a3c1e
0x7ff7a58a3c26
0x7ff7a58a3c2b
0x7ff7a58a3c32
0x7ff7a58a3c34
0x7ff7a58a3c3c
0x7ff7a58a3c44
0x7ff7a58a3c4f
0x7ff7a58a3c54
0x7ff7a58a3c5e
0x7ff7a58a3c6f
0x7ff7a58a3c74
0x7ff7a58a3c7e
0x7ff7a58a3c83
0x7ff7a58a3c8b
0x7ff7a58a3c90
0x7ff7a58a3c97
0x7ff7a58a3c99
0x7ff7a58a3ca1
0x7ff7a58a3ca9
0x7ff7a58a3cb4
0x7ff7a58a3cb9
0x7ff7a58a3cc5
0x7ff7a58a3cca
0x7ff7a58a3cd1
0x7ff7a58a3cd3
0x7ff7a58a3cde
0x7ff7a58a3ce1
0x7ff7a58a3ce3
0x7ff7a58a3ce6
0x7ff7a58a3ceb
0x7ff7a58a3cf3
0x7ff7a58a3cf8
0x7ff7a58a3cff
0x7ff7a58a3d01
0x7ff7a58a3d09
0x7ff7a58a3d11
0x7ff7a58a3d1c
0x7ff7a58a3d21
0x7ff7a58a3d2b
0x7ff7a58a3d39
0x7ff7a58a3d41
0x7ff7a58a3d47
0x7ff7a58a3d51
0x7ff7a58a3d59
0x7ff7a58a3d5e
0x7ff7a58a3d65
0x7ff7a58a3d67
0x7ff7a58a3d6f
0x7ff7a58a3d77
0x7ff7a58a3d82
0x7ff7a58a3d87
0x7ff7a58a3d93
0x7ff7a58a3d98
0x7ff7a58a3d9b
0x7ff7a58a3da2
0x7ff7a58a3da4
0x7ff7a58a3daf
0x7ff7a58a3db2
0x7ff7a58a3dbb
0x7ff7a58a3dc1
0x7ff7a58a3dcc
0x7ff7a58a3dce
0x7ff7a58a3dd8
0x7ff7a58a3de0
0x7ff7a58a3de5
0x7ff7a58a3dec
0x7ff7a58a3dee
0x7ff7a58a3df6
0x7ff7a58a3dfe
0x7ff7a58a3e09
0x7ff7a58a3e0e
0x7ff7a58a3e18
0x7ff7a58a3e26
0x7ff7a58a3e2f
0x7ff7a58a3e43
0x7ff7a58a3e4c
0x7ff7a58a3e52
0x7ff7a58a3e5c
0x7ff7a58a3e64
0x7ff7a58a3e69
0x7ff7a58a3e70
0x7ff7a58a3e72
0x7ff7a58a3e7a
0x7ff7a58a3e82
0x7ff7a58a3e8d
0x7ff7a58a3e92
0x7ff7a58a3e9e
0x7ff7a58a3ea6
0x7ff7a58a3ead
0x7ff7a58a3eaf
0x7ff7a58a3eba
0x7ff7a58a3ec1
0x7ff7a58a3ec6
0x7ff7a58a3ec9
0x7ff7a58a3ece
0x7ff7a58a3ed9
0x7ff7a58a3edb
0x7ff7a58a3ee5
0x7ff7a58a3eed
0x7ff7a58a3ef2
0x7ff7a58a3ef9
0x7ff7a58a3efb
0x7ff7a58a3f03
0x7ff7a58a3f0b
0x7ff7a58a3f16
0x7ff7a58a3f1b
0x7ff7a58a3f25
0x7ff7a58a3f33
0x7ff7a58a3f3c
0x7ff7a58a3f42
0x7ff7a58a3f4c
0x7ff7a58a3f51
0x7ff7a58a3f59
0x7ff7a58a3f5e
0x7ff7a58a3f65
0x7ff7a58a3f67
0x7ff7a58a3f6f
0x7ff7a58a3f77
0x7ff7a58a3f82
0x7ff7a58a3f87
0x7ff7a58a3f93
0x7ff7a58a3f98
0x7ff7a58a3f9f
0x7ff7a58a3fa1
0x7ff7a58a3fac
0x7ff7a58a3faf
0x7ff7a58a3fb1
0x7ff7a58a3fb4
0x7ff7a58a3fb9
0x7ff7a58a3fc1
0x7ff7a58a3fc6
0x7ff7a58a3fcd
0x7ff7a58a3fcf
0x7ff7a58a3fd7
0x7ff7a58a3fdf
0x7ff7a58a3fea
0x7ff7a58a3fef
0x7ff7a58a3ff9
0x7ff7a58a4007
0x7ff7a58a4010
0x7ff7a58a4016
0x7ff7a58a4020
0x7ff7a58a4025
0x7ff7a58a402d
0x7ff7a58a4032
0x7ff7a58a4039
0x7ff7a58a403b
0x7ff7a58a4043
0x7ff7a58a404b
0x7ff7a58a4056
0x7ff7a58a405b
0x7ff7a58a4067
0x7ff7a58a406c
0x7ff7a58a4073
0x7ff7a58a4075
0x7ff7a58a4080
0x7ff7a58a4083
0x7ff7a58a4085
0x7ff7a58a4088
0x7ff7a58a408d
0x7ff7a58a4095
0x7ff7a58a409a
0x7ff7a58a40a1
0x7ff7a58a40a3
0x7ff7a58a40ab
0x7ff7a58a40b3
0x7ff7a58a40be
0x7ff7a58a40c3
0x7ff7a58a40cd
0x7ff7a58a40d2
0x7ff7a58a40de
0x7ff7a58a40e5
0x7ff7a58a40ef
0x7ff7a58a40f4
0x7ff7a58a40fc
0x7ff7a58a4101
0x7ff7a58a4108
0x7ff7a58a410a
0x7ff7a58a4112
0x7ff7a58a411a
0x7ff7a58a4125
0x7ff7a58a412a
0x7ff7a58a4136
0x7ff7a58a413b
0x7ff7a58a4142
0x7ff7a58a4144
0x7ff7a58a414e
0x7ff7a58a4151
0x7ff7a58a4153
0x7ff7a58a4156
0x7ff7a58a415b
0x7ff7a58a4163
0x7ff7a58a4168
0x7ff7a58a416f
0x7ff7a58a4171
0x7ff7a58a4179
0x7ff7a58a4181
0x7ff7a58a418c
0x7ff7a58a4191
0x7ff7a58a419b
0x7ff7a58a41a9
0x7ff7a58a41ae
0x7ff7a58a41b8
0x7ff7a58a41c1
0x7ff7a58a41c9
0x7ff7a58a41ce
0x7ff7a58a41d5
0x7ff7a58a41d7
0x7ff7a58a41df
0x7ff7a58a41e7
0x7ff7a58a41f2
0x7ff7a58a41f7
0x7ff7a58a4203
0x7ff7a58a4208
0x7ff7a58a420b
0x7ff7a58a4212
0x7ff7a58a4214
0x7ff7a58a421f
0x7ff7a58a4222
0x7ff7a58a4226
0x7ff7a58a422f
0x7ff7a58a423c
0x7ff7a58a423f
0x7ff7a58a4243
0x7ff7a58a4248
0x7ff7a58a4250
0x7ff7a58a4255
0x7ff7a58a425c
0x7ff7a58a425e
0x7ff7a58a4266
0x7ff7a58a426e
0x7ff7a58a4279
0x7ff7a58a427e
0x7ff7a58a4288
0x7ff7a58a4299
0x7ff7a58a429e
0x7ff7a58a42a4
0x7ff7a58a42aa
0x7ff7a58a42b4
0x7ff7a58a42bc
0x7ff7a58a42c1
0x7ff7a58a42c8
0x7ff7a58a42ca
0x7ff7a58a42d2
0x7ff7a58a42da
0x7ff7a58a42e5
0x7ff7a58a42ea
0x7ff7a58a42f6
0x7ff7a58a42fe
0x7ff7a58a4305
0x7ff7a58a4307
0x7ff7a58a4312
0x7ff7a58a4315
0x7ff7a58a4319
0x7ff7a58a4322
0x7ff7a58a432f
0x7ff7a58a4332
0x7ff7a58a433d
0x7ff7a58a433f
0x7ff7a58a4349
0x7ff7a58a4351
0x7ff7a58a4356
0x7ff7a58a435d
0x7ff7a58a435f
0x7ff7a58a4367
0x7ff7a58a436f
0x7ff7a58a437a
0x7ff7a58a437f
0x7ff7a58a4389
0x7ff7a58a4397
0x7ff7a58a43a0
0x7ff7a58a43a6
0x7ff7a58a43b0
0x7ff7a58a43b9
0x7ff7a58a43c1
0x7ff7a58a43c6
0x7ff7a58a43cd
0x7ff7a58a43cf
0x7ff7a58a43d7
0x7ff7a58a43df
0x7ff7a58a43ea
0x7ff7a58a43ef
0x7ff7a58a43fb
0x7ff7a58a4403
0x7ff7a58a440a
0x7ff7a58a440c
0x7ff7a58a4417
0x7ff7a58a441a
0x7ff7a58a441e
0x7ff7a58a4422
0x7ff7a58a4426
0x7ff7a58a4432
0x7ff7a58a443c
0x7ff7a58a443f
0x7ff7a58a4444
0x7ff7a58a4449
0x7ff7a58a4451
0x7ff7a58a4456
0x7ff7a58a445d
0x7ff7a58a445f
0x7ff7a58a4467
0x7ff7a58a446f
0x7ff7a58a447a
0x7ff7a58a447f
0x7ff7a58a4489
0x7ff7a58a449a
0x7ff7a58a44a2
0x7ff7a58a44a8
0x7ff7a58a44b2
0x7ff7a58a44ba
0x7ff7a58a44bf
0x7ff7a58a44c6
0x7ff7a58a44c8
0x7ff7a58a44d0
0x7ff7a58a44d8
0x7ff7a58a44e3
0x7ff7a58a44f4
0x7ff7a58a44fc
0x7ff7a58a4503
0x7ff7a58a4505
0x7ff7a58a4510
0x7ff7a58a4517
0x7ff7a58a451b
0x7ff7a58a4523
0x7ff7a58a452a
0x7ff7a58a452f
0x7ff7a58a4534
0x7ff7a58a4537
0x7ff7a58a453d
0x7ff7a58a453f
0x7ff7a58a4545
0x7ff7a58a454a
0x7ff7a58a4555
0x7ff7a58a4557
0x7ff7a58a4561
0x7ff7a58a4569
0x7ff7a58a456e
0x7ff7a58a4575
0x7ff7a58a4577
0x7ff7a58a457f
0x7ff7a58a4587
0x7ff7a58a4592
0x7ff7a58a4597
0x7ff7a58a45a1
0x7ff7a58a45af
0x7ff7a58a45b8
0x7ff7a58a45c1
0x7ff7a58a45c7
0x7ff7a58a45d1
0x7ff7a58a45d9
0x7ff7a58a45de
0x7ff7a58a45e5
0x7ff7a58a45e7
0x7ff7a58a45ef
0x7ff7a58a45f7
0x7ff7a58a4602
0x7ff7a58a4607
0x7ff7a58a4613
0x7ff7a58a4618
0x7ff7a58a461b
0x7ff7a58a4622
0x7ff7a58a4624
0x7ff7a58a462f
0x7ff7a58a4636
0x7ff7a58a463b
0x7ff7a58a463e
0x7ff7a58a4642
0x7ff7a58a4646
0x7ff7a58a464a
0x7ff7a58a464f
0x7ff7a58a4657
0x7ff7a58a465a
0x7ff7a58a4665
0x7ff7a58a4667
0x7ff7a58a4671
0x7ff7a58a4679
0x7ff7a58a467e
0x7ff7a58a4685
0x7ff7a58a4687
0x7ff7a58a468f
0x7ff7a58a4697
0x7ff7a58a46a2
0x7ff7a58a46a7
0x7ff7a58a46b1
0x7ff7a58a46e4

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A3A9A
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A3AC3
_Getctype.LIBCPMT ref: 00007FF7A58A3AF7
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A3B52
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A3B7B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A3BBE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A3BE7
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A3C26
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A3C4F
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A3C8B
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A3CB4
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A3CF3
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A3D1C
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A3D59
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A3D82
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A3DE0
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A3E09
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A3E64
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A3E8D
_Getcoll.LIBCPMT ref: 00007FF7A58A3EC1
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A3EED
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A3F16
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A3F59
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A3F82
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A402D
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4056
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A40FC
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4125
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A41C9
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A41F2
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4250
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4279
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A42BC
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A42E5
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4351
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A437A
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A43C1
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A43EA
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4451
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A447A
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A44BA
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A44E3
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4569
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4592
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A45D9
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A4602
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58A4679
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58A46A2

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$GetcollGetctype
String ID:
API String ID: 19648113-0
Opcode ID: 3d6699f4dbf6a753905a992b45ec0fdabc92fa933db295723be358de21158583
Instruction ID: 46090c564762ae7100402fe63373c3d780e509f7aed965fc5b2e1c7ff3af16e4
Opcode Fuzzy Hash: 3d6699f4dbf6a753905a992b45ec0fdabc92fa933db295723be358de21158583
Instruction Fuzzy Hash: A9825121A0B65689FB81BB11D8411B9A3A2FF56FC4F874075EA4E4B7B5DF3CE4618320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5883DF0 Relevance: 70.6, APIs: 15, Strings: 25, Instructions: 563
libraryCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 49%

			E00007FF77FF7A5883DF0(intOrPtr __edx, long long __rcx, unsigned int __rdx, long long __r8, void* __r9) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				signed int _t149;
				void* _t153;
				long _t179;
				long _t193;
				signed long long _t292;
				intOrPtr _t299;
				long long _t307;
				long long _t315;
				long long _t321;
				void* _t326;
				char* _t333;
				long long _t338;
				void* _t339;
				long long* _t340;
				void* _t342;
				void* _t377;
				long long _t379;
				intOrPtr _t426;
				intOrPtr _t430;
				intOrPtr _t437;
				intOrPtr _t458;
				intOrPtr _t461;
				intOrPtr _t464;
				intOrPtr _t479;
				intOrPtr _t482;
				intOrPtr _t485;
				long long _t490;
				char* _t491;
				signed long long _t493;
				char* _t495;
				void* _t496;
				void* _t497;
				signed long long _t498;
				intOrPtr _t501;
				void* _t518;
				char* _t519;
				char* _t525;

				_t518 = __r9;
				_t496 = _t497 - 0x458;
				_t498 = _t497 - 0x558;
				_t292 =  *0xa58fb008; // 0x485f0d1bb70c
				 *(_t496 + 0x440) = _t292 ^ _t498;
				 *(_t498 + 0x20) = r9d;
				_t495 = __r8;
				r13d = __edx;
				 *((intOrPtr*)(_t496 - 0x68)) = __edx;
				 *((long long*)(_t498 + 0x28)) = __rcx;
				 *((long long*)(_t496 - 0x60)) = __rcx;
				 *((long long*)(_t496 - 0x58)) = __r8;
				r12d = r9d;
				 *((long long*)(_t498 + 0x30)) =  *((intOrPtr*)(__r8 + 0x10));
				 *((intOrPtr*)(_t496 - 0x28)) = 0;
				r8d = 0x410;
				_t342 = _t496 - 0x20;
				E00007FF77FF7A58B68A0();
				 *((long long*)(_t496 - 0x40)) = 0x48;
				 *((long long*)(_t496 - 0x30)) = 0x48;
				if (r13d != 4) goto 0xa5883e87;
				 *((long long*)(_t496 - 0x48)) = 0xa59196a0;
				goto 0xa5883e99;
				 *((long long*)(_t496 - 0x48)) = 0xa5919740;
				 *((long long*)(_t496 - 0x38)) = 0xa59196f0;
				E00007FF77FF7A58BAC7C(GetTickCount(), 0xa59196f0);
				_t299 =  *((intOrPtr*)(__r8 + 0x10));
				if (_t299 == 0) goto 0xa5883f09;
				if (_t299 == 0) goto 0xa5883fad;
				asm("o16 nop [eax+eax]");
				_t501 =  *((intOrPtr*)(__r8 + 0x18));
				if (_t501 - 0x10 < 0) goto 0xa5883ee0;
				if ( *((char*)(_t342 +  *((intOrPtr*)(__r8)))) != 0x2d) goto 0xa5883ef6;
				if (_t501 - 0x10 < 0) goto 0xa5883ef2;
				 *((char*)(_t342 +  *((intOrPtr*)(__r8)))) = 0x58;
				if (1 -  *((intOrPtr*)(__r8 + 0x10)) < 0) goto 0xa5883ed0;
				goto 0xa5883fad;
				asm("movsd xmm0, [0x6deaf]");
				asm("movsd [ebp+0x410], xmm0");
				 *((char*)(_t496 + 0x418)) =  *0xa58f1dc8 & 0x000000ff;
				 *((intOrPtr*)(_t496 + 0x419)) = 0;
				 *((short*)(_t496 + 0x41d)) = 0;
				 *((char*)(_t496 + 0x41f)) = 0;
				 *((char*)(_t496 + 0x418)) =  *(E00007FF77FF7A58BAC50(1) - (__rdx >> 4) * 0x1e + "0123456789ABCDEFGHZKLMNPORSTWXH") & 0x000000ff;
				if (0xa - 0xf < 0) goto 0xa5883f56;
				_t34 = _t496 + 0x410; // -8608480567731123047
				_t307 = _t34;
				_t525 =  *((intOrPtr*)(_t498 + 0x28));
				r13d =  *((intOrPtr*)(_t496 - 0x68));
				if ( *((char*)(_t307 + 0xffffffff)) != 0) goto 0xa5883f94;
				_t38 = _t496 + 0x410; // -8608480567731123047
				E00007FF77FF7A5887430(__r8, _t38, 0);
				 *((long long*)(_t496 + 0x430)) = _t307;
				 *((char*)(_t496 + 0x438)) = 0;
				if (r12d != 0) goto 0xa5883fd7;
				_t149 = E00007FF77FF7A58BAC50(_t307);
				r12d = E00007FF77FF7A58BAC50(_t307) & 0x0000ffff;
				r12d = r12d | _t149 << 0x00000010;
				r9d = r12d;
				_t41 = _t496 + 0x430; // -8608480567731123015
				E00007FF77FF7A5881290(_t307, _t41, _t38, "%08X", __r9);
				0xa5885e00();
				_t333 = _t307;
				 *((long long*)(_t498 + 0x28)) = _t307;
				 *((intOrPtr*)(_t496 - 0x68)) = 0;
				0xa5885e00();
				_t46 = _t496 - 0x68; // -8608480567731124191
				E00007FF77FF7A58824E0(_t307, _t46, _t495, _t496); // executed
				_t490 = _t307;
				if (_t307 != 0) goto 0xa5884087;
				 *((long long*)(_t498 + 0x38)) = _t307;
				 *((long long*)(_t498 + 0x48)) = _t307;
				 *((long long*)(_t498 + 0x50)) = 0xf;
				 *((intOrPtr*)(_t498 + 0x38)) = dil;
				_t426 =  *((intOrPtr*)(_t333 + 0x18));
				if (_t426 - 0x10 < 0) goto 0xa58840ff;
				if (_t426 + 1 - 0x1000 < 0) goto 0xa5884080;
				if ( *_t333 -  *((intOrPtr*)( *_t333 - 8)) - 8 - 0x1f > 0) goto 0xa5884748;
				_t153 = E00007FF77FF7A588AAF0( *_t333 -  *((intOrPtr*)( *_t333 - 8)) - 8, _t333, _t518);
				goto 0xa58840ff;
				r8d =  *((intOrPtr*)(_t496 - 0x68));
				_t55 = _t496 + 0x410; // -8608480567731123047, executed
				E00007FF77FF7A58828F0(_t153, _t55, _t490); // executed
				r8d = 0x8000;
				VirtualFree(??, ??, ??); // executed
				asm("movups xmm0, [ebp+0x410]");
				asm("movups [esp+0x38], xmm0");
				asm("movups xmm1, [ebp+0x420]");
				asm("movups [esp+0x48], xmm1");
				_t430 =  *((intOrPtr*)(_t333 + 0x18));
				if (_t430 - 0x10 < 0) goto 0xa58840fd;
				if (_t430 + 1 - 0x1000 < 0) goto 0xa58840f8;
				if ( *_t333 -  *((intOrPtr*)( *_t333 - 8)) - 8 - 0x1f > 0) goto 0xa5884748;
				E00007FF77FF7A588AAF0( *_t333 -  *((intOrPtr*)( *_t333 - 8)) - 8, _t333, _t518);
				 *((long long*)(_t333 + 0x10)) = _t490;
				 *((long long*)(_t333 + 0x18)) = 0xf;
				 *_t333 = 0;
				E00007FF77FF7A5888D50(_t333, 0xa591b1b0, "DLL SHA256:.......", _t495); // executed
				_t435 =  >=  ?  *((void*)(_t498 + 0x38)) : _t498 + 0x38;
				E00007FF77FF7A588A5F0(_t333,  >=  ?  *((void*)(_t498 + 0x38)) : _t498 + 0x38,  *((intOrPtr*)(_t498 + 0x48))); // executed
				E00007FF77FF7A5888D50(_t333, _t333, "\n", _t495); // executed
				_t437 =  *((intOrPtr*)(_t498 + 0x50));
				if (_t437 - 0x10 < 0) goto 0xa588418f;
				_t362 =  *((intOrPtr*)(_t498 + 0x38));
				if (_t437 + 1 - 0x1000 < 0) goto 0xa588418a;
				_t313 =  *((intOrPtr*)(_t498 + 0x38)) -  *((intOrPtr*)(_t362 - 8)) + 0xfffffff8;
				if ( *((intOrPtr*)(_t498 + 0x38)) -  *((intOrPtr*)(_t362 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa5884742;
				E00007FF77FF7A588AAF0( *((intOrPtr*)(_t498 + 0x38)) -  *((intOrPtr*)(_t362 - 8)) + 0xfffffff8, _t333, _t518);
				E00007FF77FF7A5888D50(_t333, 0xa591b1b0, "Epoch:............", _t495); // executed
				E00007FF77FF7A58858A0(r13d, _t333,  *((intOrPtr*)(_t498 + 0x38)) -  *((intOrPtr*)(_t362 - 8)) + 0xfffffff8, _t495); // executed
				E00007FF77FF7A5888D50(_t333,  *((intOrPtr*)(_t498 + 0x38)) -  *((intOrPtr*)(_t362 - 8)) + 0xfffffff8, "\n", _t495); // executed
				E00007FF77FF7A5888D50(_t333, 0xa591b1b0, "Computer name:....", _t495); // executed
				if ( *((long long*)(_t495 + 0x18)) - 0x10 < 0) goto 0xa58841dc;
				E00007FF77FF7A588A5F0( *((intOrPtr*)(_t498 + 0x38)) -  *((intOrPtr*)(_t362 - 8)) + 0xfffffff8,  *_t495,  *((intOrPtr*)(_t495 + 0x10))); // executed
				_t519 = "static";
				_t491 = "random";
				_t335 =  !=  ? _t519 : _t491;
				E00007FF77FF7A5888D50( !=  ? _t519 : _t491, _t313, " (", _t495); // executed
				E00007FF77FF7A5888D50( !=  ? _t519 : _t491, _t313,  !=  ? _t519 : _t491, _t495); // executed
				E00007FF77FF7A5888D50( !=  ? _t519 : _t491, _t313, ")\n", _t495); // executed
				_t492 =  !=  ? _t519 : _t491;
				E00007FF77FF7A5888D50( !=  ? _t519 : _t491, 0xa591b1b0, "Serial:...........", _t495); // executed
				_t72 = _t496 + 0x430; // -8608480567731123015, executed
				E00007FF77FF7A5888D50(_t335, _t313, _t72, _t495); // executed
				E00007FF77FF7A5888D50(_t335, _t313, " (", _t495); // executed
				_t451 =  !=  ? _t519 : _t491; // executed
				E00007FF77FF7A5888D50(_t335, _t313,  !=  ? _t519 : _t491, _t495); // executed
				E00007FF77FF7A5888D50(_t335, _t313, ")\n", _t495); // executed
				r13d = 0;
				 *((long long*)(_t496 + 0x3f0)) = 0x88888889;
				 *(_t496 + 0x400) = 0x88888889;
				 *((long long*)(_t496 + 0x408)) = 0x88888889;
				_t493 =  *((intOrPtr*)(_t495 + 0x10));
				if ( *((long long*)(_t495 + 0x18)) - 0x10 < 0) goto 0xa58842a9;
				if (_t493 - 0x10 >= 0) goto 0xa58842cb;
				asm("inc ecx");
				asm("movups [ebp+0x3f0], xmm0");
				 *((long long*)(_t496 + 0x408)) = 0xf;
				goto 0xa588434b;
				_t338 =  >  ? 0xffffffff : _t493 | 0x0000000f;
				_t377 = _t338 + 1;
				if (_t377 - 0x1000 < 0) goto 0xa588431f;
				_t315 = _t377 + 0x27;
				if (_t315 - _t377 <= 0) goto 0xa588474e;
				E00007FF77FF7A588AD90(_t315, _t315);
				_t379 = _t315;
				if (_t315 == 0) goto 0xa5884754;
				 *((long long*)((_t315 + 0x00000027 & 0xffffffe0) - 8)) = _t379;
				goto 0xa588432e;
				if (_t379 == 0) goto 0xa588432b;
				E00007FF77FF7A588AD90(_t315 + 0x00000027 & 0xffffffe0, _t379);
				goto 0xa588432e;
				 *((long long*)(_t496 + 0x3f0)) = 0x88888889;
				E00007FF77FF7A58B6D20();
				 *((long long*)(_t496 + 0x408)) = _t338;
				 *(_t496 + 0x400) = _t493;
				r8d = 1;
				_t86 = _t496 + 0x3f0; // -8608480567731123079
				E00007FF77FF7A5887620(_t338, _t86, _t495, _t493 + 1);
				_t87 = _t496 + 0x430; // -8608480567731123015
				if ( *((char*)(_t87 + 0xffffffff)) != 0) goto 0xa5884372;
				_t90 = _t496 + 0x3f0; // -8608480567731123079
				E00007FF77FF7A5887620(_t338, _t90, _t495, 0);
				_t91 = _t496 + 0x3f0; // -8608480567731123079
				_t321 =  >=  ?  *((void*)(_t496 + 0x3f0)) : _t91;
				 *((long long*)(_t496 - 0x50)) = _t321;
				 *((intOrPtr*)(_t496 - 0x24)) = 0x45c;
				r9d = 0;
				r8d = 0;
				CreateEventW(??, ??, ??, ??);
				 *((long long*)(_t496 - 0x18)) = _t321;
				if (_t321 != 0) goto 0xa58844ed;
				_t179 = GetLastError();
				E00007FF77FF7A5888D50(_t338, 0xa591b1b0, "CreateEventW failed with error ", _t495);
				E00007FF77FF7A58858A0(_t179, _t338, _t321, _t495);
				E00007FF77FF7A5888D50(_t338, _t321, "\n", _t495);
				_t458 =  *((intOrPtr*)(_t496 + 0x408));
				if (_t458 - 0x10 < 0) goto 0xa5884449;
				if (_t458 + 1 - 0x1000 < 0) goto 0xa5884444;
				if ( *((intOrPtr*)(_t496 + 0x3f0)) -  *((intOrPtr*)( *((intOrPtr*)(_t496 + 0x3f0)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa5884754;
				E00007FF77FF7A588AAF0( *((intOrPtr*)(_t496 + 0x3f0)) -  *((intOrPtr*)( *((intOrPtr*)(_t496 + 0x3f0)) - 8)) + 0xfffffff8, _t338, _t518);
				 *(_t496 + 0x400) = 0x88888889;
				 *((long long*)(_t496 + 0x408)) = 0xf;
				 *((char*)(_t496 + 0x3f0)) = 0;
				_t461 =  *((intOrPtr*)(_t525 + 0x18));
				if (_t461 - 0x10 < 0) goto 0xa588449c;
				if (_t461 + 1 - 0x1000 < 0) goto 0xa5884497;
				if ( *_t525 -  *((intOrPtr*)( *_t525 - 8)) - 8 - 0x1f > 0) goto 0xa5884736;
				E00007FF77FF7A588AAF0( *_t525 -  *((intOrPtr*)( *_t525 - 8)) - 8, _t338, _t518);
				 *((long long*)(_t525 + 0x10)) = 0x88888889;
				 *((long long*)(_t525 + 0x18)) = 0xf;
				 *_t525 = 0;
				_t464 =  *((intOrPtr*)(_t495 + 0x18));
				if (_t464 - 0x10 < 0) goto 0xa58844e6;
				if (_t464 + 1 - 0x1000 < 0) goto 0xa58844e1;
				_t326 =  *_t495 -  *((intOrPtr*)( *_t495 - 8)) - 8;
				if (_t326 - 0x1f > 0) goto 0xa588473c;
				E00007FF77FF7A588AAF0(_t326, _t338, _t518);
				goto 0xa5884704; // executed
				0xa5883870(); // executed
				if (0 != 0) goto 0xa5884505;
				CloseHandle(??);
				goto 0xa5884408;
				E00007FF77FF7A5888D50(_t338, 0xa591b1b0, "Loading ", _t495); // executed
				if ( *((long long*)(_t525 + 0x18)) - 0x10 < 0) goto 0xa5884525;
				E00007FF77FF7A588A5F0(_t326,  *_t525,  *((intOrPtr*)(_t525 + 0x10))); // executed
				E00007FF77FF7A5888D50(_t338, _t326, "...\n", _t495); // executed
				if ( *((long long*)(_t525 + 0x18)) - 0x10 < 0) goto 0xa588454d;
				LoadLibraryA(??); // executed
				if (_t326 != 0) goto 0xa58845ba;
				if ( *((long long*)(_t525 + 0x18)) - 0x10 < 0) goto 0xa5884568;
				E00007FF77FF7A588A5F0(0xa591b1b0,  *_t525,  *((intOrPtr*)(_t525 + 0x10)));
				_t339 = _t326;
				_t193 = GetLastError();
				E00007FF77FF7A5888D50(_t339, _t339, " failed to load, last error: ", _t495);
				E00007FF77FF7A58858A0(_t193, _t339, _t326, _t495);
				E00007FF77FF7A5888D50(_t339, _t326, "\n", _t495);
				CloseHandle(??);
				goto 0xa5884408;
				_t340 = _t339 + _t326;
				E00007FF77FF7A5888D50(_t340, 0xa591b1b0, "Calling DllEntryPoint() in custom mode...\n", _t495);
				 *_t340(); // executed
				_t477 =  ==  ? "DllEntryPoint() returned FALSE\n" : "DllEntryPoint() returned TRUE\n";
				E00007FF77FF7A5888D50(_t340, 0xa591b1b0,  ==  ? "DllEntryPoint() returned FALSE\n" : "DllEntryPoint() returned TRUE\n", _t495); // executed
				E00007FF77FF7A5888D50(_t340, 0xa591b1b0, "The module may still be running in a separated thread\n", _t495); // executed
				SleepEx(??, ??); // executed
				_t479 =  *((intOrPtr*)(_t496 + 0x408));
				if (_t479 - 0x10 < 0) goto 0xa5884666;
				if (_t479 + 1 - 0x1000 < 0) goto 0xa5884661;
				if ( *((intOrPtr*)(_t496 + 0x3f0)) -  *((intOrPtr*)( *((intOrPtr*)(_t496 + 0x3f0)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa5884754;
				E00007FF77FF7A588AAF0( *((intOrPtr*)(_t496 + 0x3f0)) -  *((intOrPtr*)( *((intOrPtr*)(_t496 + 0x3f0)) - 8)) + 0xfffffff8, _t340, _t518);
				 *(_t496 + 0x400) = 0x88888889;
				 *((long long*)(_t496 + 0x408)) = 0xf;
				 *((char*)(_t496 + 0x3f0)) = 0;
				_t482 =  *((intOrPtr*)(_t525 + 0x18));
				if (_t482 - 0x10 < 0) goto 0xa58846b9;
				if (_t482 + 1 - 0x1000 < 0) goto 0xa58846b4;
				if ( *_t525 -  *((intOrPtr*)( *_t525 - 8)) - 8 - 0x1f > 0) goto 0xa5884736;
				E00007FF77FF7A588AAF0( *_t525 -  *((intOrPtr*)( *_t525 - 8)) - 8, _t340, _t518);
				 *((long long*)(_t525 + 0x10)) = 0x88888889;
				 *((long long*)(_t525 + 0x18)) = 0xf;
				 *_t525 = 0;
				_t485 =  *((intOrPtr*)(_t495 + 0x18));
				if (_t485 - 0x10 < 0) goto 0xa58846ff;
				if (_t485 + 1 - 0x1000 < 0) goto 0xa58846fa;
				if ( *_t495 -  *((intOrPtr*)( *_t495 - 8)) - 8 - 0x1f > 0) goto 0xa588473c;
				E00007FF77FF7A588AAF0( *_t495 -  *((intOrPtr*)( *_t495 - 8)) - 8, _t340, _t518);
				 *((long long*)(_t495 + 0x10)) = 0x88888889;
				 *((long long*)(_t495 + 0x18)) = 0xf;
				 *_t495 = 0;
				return E00007FF77FF7A588AAD0(1, 0xffffffff,  *(_t496 + 0x440) ^ _t498);
			}

0x7ff7a5883df0
0x7ff7a5883dfd
0x7ff7a5883e05
0x7ff7a5883e0c
0x7ff7a5883e16
0x7ff7a5883e1d
0x7ff7a5883e22
0x7ff7a5883e25
0x7ff7a5883e28
0x7ff7a5883e2e
0x7ff7a5883e33
0x7ff7a5883e37
0x7ff7a5883e3b
0x7ff7a5883e42
0x7ff7a5883e49
0x7ff7a5883e4e
0x7ff7a5883e54
0x7ff7a5883e58
0x7ff7a5883e5d
0x7ff7a5883e65
0x7ff7a5883e71
0x7ff7a5883e7a
0x7ff7a5883e85
0x7ff7a5883e8e
0x7ff7a5883e99
0x7ff7a5883ea5
0x7ff7a5883eaa
0x7ff7a5883eb8
0x7ff7a5883ebf
0x7ff7a5883ec7
0x7ff7a5883ed3
0x7ff7a5883edb
0x7ff7a5883ee4
0x7ff7a5883eed
0x7ff7a5883ef2
0x7ff7a5883f02
0x7ff7a5883f04
0x7ff7a5883f09
0x7ff7a5883f11
0x7ff7a5883f20
0x7ff7a5883f28
0x7ff7a5883f2e
0x7ff7a5883f35
0x7ff7a5883f74
0x7ff7a5883f7f
0x7ff7a5883f81
0x7ff7a5883f81
0x7ff7a5883f8b
0x7ff7a5883f90
0x7ff7a5883f9c
0x7ff7a5883f9e
0x7ff7a5883fa8
0x7ff7a5883faf
0x7ff7a5883fb6
0x7ff7a5883fbf
0x7ff7a5883fc1
0x7ff7a5883fd0
0x7ff7a5883fd4
0x7ff7a5883fd7
0x7ff7a5883fe6
0x7ff7a5883fed
0x7ff7a5883ffa
0x7ff7a5883fff
0x7ff7a5884002
0x7ff7a5884007
0x7ff7a5884016
0x7ff7a588401b
0x7ff7a5884022
0x7ff7a5884027
0x7ff7a588402d
0x7ff7a588402f
0x7ff7a5884034
0x7ff7a5884039
0x7ff7a5884042
0x7ff7a5884047
0x7ff7a588404f
0x7ff7a5884062
0x7ff7a5884077
0x7ff7a5884080
0x7ff7a5884085
0x7ff7a5884087
0x7ff7a588408e
0x7ff7a5884095
0x7ff7a588409c
0x7ff7a58840a5
0x7ff7a58840ab
0x7ff7a58840b2
0x7ff7a58840b7
0x7ff7a58840be
0x7ff7a58840c3
0x7ff7a58840cb
0x7ff7a58840da
0x7ff7a58840ef
0x7ff7a58840f8
0x7ff7a5884102
0x7ff7a5884106
0x7ff7a588410e
0x7ff7a588411f
0x7ff7a588412f
0x7ff7a588413d
0x7ff7a588414c
0x7ff7a5884152
0x7ff7a588415b
0x7ff7a5884160
0x7ff7a588416f
0x7ff7a588417c
0x7ff7a5884184
0x7ff7a588418a
0x7ff7a588419d
0x7ff7a58841a8
0x7ff7a58841b7
0x7ff7a58841ca
0x7ff7a58841d7
0x7ff7a58841e3
0x7ff7a58841e8
0x7ff7a58841ef
0x7ff7a58841ff
0x7ff7a588420d
0x7ff7a5884218
0x7ff7a5884227
0x7ff7a5884231
0x7ff7a5884243
0x7ff7a588424b
0x7ff7a5884252
0x7ff7a5884261
0x7ff7a5884269
0x7ff7a588426c
0x7ff7a588427b
0x7ff7a5884280
0x7ff7a5884283
0x7ff7a588428a
0x7ff7a5884291
0x7ff7a5884298
0x7ff7a58842a4
0x7ff7a58842ad
0x7ff7a58842af
0x7ff7a58842b4
0x7ff7a58842bb
0x7ff7a58842c6
0x7ff7a58842df
0x7ff7a58842e3
0x7ff7a58842ee
0x7ff7a58842f0
0x7ff7a58842f7
0x7ff7a5884300
0x7ff7a5884305
0x7ff7a588430b
0x7ff7a5884319
0x7ff7a588431d
0x7ff7a5884322
0x7ff7a5884324
0x7ff7a5884329
0x7ff7a588432e
0x7ff7a588433f
0x7ff7a5884344
0x7ff7a588434b
0x7ff7a5884352
0x7ff7a588435f
0x7ff7a5884366
0x7ff7a588436b
0x7ff7a588437a
0x7ff7a5884386
0x7ff7a588438d
0x7ff7a5884392
0x7ff7a58843a1
0x7ff7a58843a9
0x7ff7a58843ad
0x7ff7a58843b4
0x7ff7a58843b7
0x7ff7a58843c0
0x7ff7a58843c6
0x7ff7a58843cd
0x7ff7a58843d3
0x7ff7a58843e9
0x7ff7a58843f3
0x7ff7a5884402
0x7ff7a5884408
0x7ff7a5884413
0x7ff7a5884429
0x7ff7a588443e
0x7ff7a5884444
0x7ff7a5884449
0x7ff7a5884450
0x7ff7a588445b
0x7ff7a5884462
0x7ff7a588446a
0x7ff7a5884479
0x7ff7a588448e
0x7ff7a5884497
0x7ff7a588449c
0x7ff7a58844a0
0x7ff7a58844a8
0x7ff7a58844ac
0x7ff7a58844b4
0x7ff7a58844c3
0x7ff7a58844d0
0x7ff7a58844d8
0x7ff7a58844e1
0x7ff7a58844e8
0x7ff7a58844ed
0x7ff7a58844f4
0x7ff7a58844fa
0x7ff7a5884500
0x7ff7a5884513
0x7ff7a5884520
0x7ff7a588452c
0x7ff7a588453b
0x7ff7a5884548
0x7ff7a588454d
0x7ff7a5884559
0x7ff7a5884563
0x7ff7a5884573
0x7ff7a5884578
0x7ff7a588457b
0x7ff7a588458d
0x7ff7a5884597
0x7ff7a58845a6
0x7ff7a58845af
0x7ff7a58845b5
0x7ff7a58845c2
0x7ff7a58845d3
0x7ff7a58845e4
0x7ff7a58845f6
0x7ff7a5884601
0x7ff7a5884614
0x7ff7a588461e
0x7ff7a5884625
0x7ff7a5884630
0x7ff7a5884646
0x7ff7a588465b
0x7ff7a5884661
0x7ff7a5884666
0x7ff7a588466d
0x7ff7a5884678
0x7ff7a588467f
0x7ff7a5884687
0x7ff7a5884696
0x7ff7a58846ab
0x7ff7a58846b4
0x7ff7a58846b9
0x7ff7a58846bd
0x7ff7a58846c5
0x7ff7a58846c9
0x7ff7a58846d1
0x7ff7a58846e0
0x7ff7a58846f5
0x7ff7a58846fa
0x7ff7a5884704
0x7ff7a5884708
0x7ff7a5884710
0x7ff7a5884735

APIs

GetTickCount.KERNEL32 ref: 00007FF7A5883E9D
VirtualFree.KERNELBASE ref: 00007FF7A58840A5
CreateEventW.KERNEL32 ref: 00007FF7A58843C0
GetLastError.KERNEL32 ref: 00007FF7A58843D3
CloseHandle.KERNEL32 ref: 00007FF7A58844FA
LoadLibraryA.KERNELBASE ref: 00007FF7A588454D
GetLastError.KERNEL32 ref: 00007FF7A588457B
CloseHandle.KERNEL32 ref: 00007FF7A58845AF
SleepEx.KERNEL32 ref: 00007FF7A588461E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5884736
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A588473C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5884742
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5884748
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A588474E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5884754

Strings

C:\Windows\System32\regsvr32.exe, xrefs: 00007FF7A5883963
static, xrefs: 00007FF7A58841E8
Command line was patched to , xrefs: 00007FF7A5883D8C
DllEntryPoint() returned FALSE, xrefs: 00007FF7A58845ED
ECS1 , xrefs: 00007FF7A5883E92
DllEntryPoint() returned TRUE, xrefs: 00007FF7A58845E6
Epoch:............, xrefs: 00007FF7A588418F
DLL SHA256:......., xrefs: 00007FF7A5884111
Serial:..........., xrefs: 00007FF7A5884235
Emotet dummy DLL was dropped to , xrefs: 00007FF7A58838D2
%08X, xrefs: 00007FF7A5883FDA
ECK1 , xrefs: 00007FF7A5883E73
ECS1 , xrefs: 00007FF7A5883E7E
Couldn't find kernelbase.dll!BaseUnicodeCommandLine, xrefs: 00007FF7A5883CDA
CreateEventW failed with error , xrefs: 00007FF7A58843DB
"C:\Windows\System32\regsvr32.exe" ", xrefs: 00007FF7A58839D2
failed to load, last error: , xrefs: 00007FF7A5884583
The module may still be running in a separated thread, xrefs: 00007FF7A5884606
0123456789ABCDEFGHZKLMNPORSTWXH, xrefs: 00007FF7A5883F4F
ECK1 , xrefs: 00007FF7A5883E87
Computer name:...., xrefs: 00007FF7A58841BC
Calling DllEntryPoint() in custom mode..., xrefs: 00007FF7A58845C5
Loading , xrefs: 00007FF7A5884505
random, xrefs: 00007FF7A58841EF
..., xrefs: 00007FF7A5884534

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseErrorHandleLast$Concurrency::cancel_current_taskCountCreateEventFreeLibraryLoadSleepTickVirtual
String ID: failed to load, last error: $"C:\Windows\System32\regsvr32.exe" "$%08X$...$0123456789ABCDEFGHZKLMNPORSTWXH$C:\Windows\System32\regsvr32.exe$Calling DllEntryPoint() in custom mode...$Command line was patched to $Computer name:....$Couldn't find kernelbase.dll!BaseUnicodeCommandLine$CreateEventW failed with error $DLL SHA256:.......$DllEntryPoint() returned FALSE$DllEntryPoint() returned TRUE$ECK1 $ECK1 $ECS1 $ECS1 $Emotet dummy DLL was dropped to $Epoch:............$Loading $Serial:...........$The module may still be running in a separated thread$random$static
API String ID: 1724921164-2438694562
Opcode ID: 058bc91aa9d76f36fb7e59135dd10686d4d101d4ceecc7b45e8d2398c01fd72d
Instruction ID: f615ebe6de7cff9c5c616f1cbe0874a1bd178c39ed69a0ec290452830763a7a0
Opcode Fuzzy Hash: 058bc91aa9d76f36fb7e59135dd10686d4d101d4ceecc7b45e8d2398c01fd72d
Instruction Fuzzy Hash: 2B42D462A0AA8284EB14EB24D4443BDA361EF56FC9FC24171DA5D076F6EF7CD194C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5890B06 Relevance: 31.8, APIs: 21, Instructions: 306
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 60%

			E00007FF77FF7A5890B06(long long* __rax, void* __rdi, void* __r9, void* __r13, void* __r14) {
				intOrPtr _t45;
				intOrPtr _t53;
				intOrPtr _t60;
				intOrPtr _t66;
				intOrPtr _t73;
				intOrPtr _t79;
				intOrPtr _t86;
				intOrPtr _t93;
				intOrPtr _t100;
				intOrPtr _t106;
				void* _t138;
				void* _t141;
				void* _t145;
				void* _t148;
				void* _t151;
				void* _t154;
				void* _t157;
				void* _t160;
				void* _t164;
				void* _t167;
				long long* _t169;
				long long* _t171;
				intOrPtr _t175;
				intOrPtr _t176;
				intOrPtr _t177;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr _t180;
				intOrPtr _t181;
				intOrPtr _t182;
				intOrPtr _t184;
				intOrPtr _t185;
				intOrPtr _t186;
				intOrPtr _t187;
				intOrPtr _t188;
				void* _t230;
				void* _t241;
				intOrPtr _t243;
				long long* _t244;
				intOrPtr _t246;
				intOrPtr _t247;
				void* _t249;
				void* _t253;
				void* _t268;

				_t272 = __r14;
				_t241 = __rdi;
				_t169 = __rax;
				if (__r9 != 0) goto 0xa5890ba8;
				_t243 =  *0xa591b2f8; // 0x1
				if (_t243 != 0) goto 0xa5890b56;
				E00007FF77FF7A588BCE0(0, _t249 + 0x48);
				_t138 =  *0xa591b2f8 - _t243; // 0x1
				if (_t138 != 0) goto 0xa5890b46;
				_t45 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t45 + 1;
				 *0xa591b2f8 = _t169;
				E00007FF77FF7A588BD58(_t169, _t249 + 0x48);
				_t244 =  *0xa591b2f8; // 0x1
				E00007FF77FF7A588AD90(_t169, _t249 + 0x48);
				_t174 = _t169;
				 *((long long*)(_t249 + 0x40)) = _t169;
				if (_t169 == 0) goto 0xa5890b94;
				 *(_t169 + 8) =  *(_t169 + 8) & 0x00000000;
				 *_t169 = 0xa58e2710;
				E00007FF77FF7A5893D04(0xa58e2710, _t249 - 0x20, _t230, _t253);
				asm("movups xmm0, [eax]");
				asm("movups [ebx+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebx+0x20], xmm1");
				goto 0xa5890b96;
				E00007FF77FF7A5890908(_t169, __rdi, _t174, __rdi, _t244, _t244);
				goto 0xa5890c05;
				_t175 =  *0xa591b2f8; // 0x1
				if (_t175 != 0) goto 0xa5890bef;
				E00007FF77FF7A588BCE0(0, _t249 + 0x48);
				_t141 =  *0xa591b2f8 - _t244; // 0x1
				if (_t141 != 0) goto 0xa5890bdf;
				_t53 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t53 + 1;
				 *0xa591b2f8 = 0xa58e2710;
				E00007FF77FF7A588BD58(0xa58e2710, _t249 + 0x48);
				_t176 =  *0xa591b2f8; // 0x1
				E00007FF77FF7A5888C10(_t176, __r14, _t249);
				E00007FF77FF7A5890908(_t176, _t241, 0xa58e2710, _t241, _t244, _t176);
				if ((r12b & 0x00000008) == 0) goto 0xa5890e8c;
				_t177 =  *0xa591b2d0; // 0x5
				if (__r14 != 0) goto 0xa5890c82;
				if (_t177 != 0) goto 0xa5890c5b;
				E00007FF77FF7A588BCE0(0, _t249 + 0x48);
				_t145 =  *0xa591b2d0 - _t244; // 0x5
				if (_t145 != 0) goto 0xa5890c4b;
				_t60 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t60 + 1;
				 *0xa591b2d0 = 0xa58e2710;
				E00007FF77FF7A588BD58(0xa58e2710, _t249 + 0x48);
				_t178 =  *0xa591b2d0; // 0x5
				E00007FF77FF7A588AD90(0xa58e2710, _t249 + 0x48);
				 *((long long*)(_t249 + 0x40)) = 0xa58e2710;
				if (0xa58e2710 == 0) goto 0xa5890c7d;
				 *0x7FF7A58E2718 = 0;
				 *0xa58e2710 = 0xa58e2918;
				goto 0xa5890cca;
				_t171 = _t244;
				goto 0xa5890cca;
				if (_t178 != 0) goto 0xa5890cc2;
				E00007FF77FF7A588BCE0(0, _t249 + 0x48);
				_t148 =  *0xa591b2d0 - _t244; // 0x5
				if (_t148 != 0) goto 0xa5890cb2;
				_t66 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t66 + 1;
				 *0xa591b2d0 = _t171;
				E00007FF77FF7A588BD58(_t171, _t249 + 0x48);
				_t179 =  *0xa591b2d0; // 0x5
				E00007FF77FF7A588DC14(_t171, __r14);
				_t245 = _t241;
				E00007FF77FF7A5890908(_t179, _t241, _t171, _t241, _t241, _t179);
				_t180 =  *0xa591c470; // 0x3
				if (__r14 != 0) goto 0xa5890d4a;
				if (_t180 != 0) goto 0xa5890d27;
				E00007FF77FF7A588BCE0(0, _t249 + 0x48);
				_t151 =  *0xa591c470 - _t272; // 0x3
				if (_t151 != 0) goto 0xa5890d17;
				_t73 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t73 + 1;
				 *0xa591c470 = _t171;
				E00007FF77FF7A588BD58(_t171, _t249 + 0x48);
				_t181 =  *0xa591c470; // 0x3
				E00007FF77FF7A588AD90(_t171, _t249 + 0x48);
				 *((long long*)(_t249 + 0x40)) = _t171;
				if (_t171 == 0) goto 0xa5890d92;
				 *(_t171 + 8) =  *(_t171 + 8) & 0x00000000;
				 *_t171 = 0xa58e2990;
				goto 0xa5890d92;
				if (_t181 != 0) goto 0xa5890d8a;
				E00007FF77FF7A588BCE0(0, _t249 + 0x48);
				_t154 =  *0xa591c470 - _t181; // 0x3
				if (_t154 != 0) goto 0xa5890d7a;
				_t79 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t79 + 1;
				 *0xa591c470 = _t171;
				E00007FF77FF7A588BD58(_t171, _t249 + 0x48);
				_t182 =  *0xa591c470; // 0x3
				E00007FF77FF7A5889210(_t182, __r14, _t249);
				E00007FF77FF7A5890908(_t182, _t241, _t171, _t241, _t245, _t182);
				if (__r14 != 0) goto 0xa5890e2f;
				_t246 =  *0xa591c4a0; // 0x4
				if (_t246 != 0) goto 0xa5890df0;
				E00007FF77FF7A588BCE0(0, _t249 + 0x48);
				_t157 =  *0xa591c4a0 - _t246; // 0x4
				if (_t157 != 0) goto 0xa5890de0;
				_t86 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t86 + 1;
				 *0xa591c4a0 = _t171;
				E00007FF77FF7A588BD58(_t171, _t249 + 0x48);
				_t247 =  *0xa591c4a0; // 0x4
				E00007FF77FF7A588AD90(_t171, _t249 + 0x48);
				_t183 = _t171;
				 *((long long*)(_t249 + 0x40)) = _t171;
				if (_t171 == 0) goto 0xa5890e25;
				 *(_t171 + 8) =  *(_t171 + 8) & 0x00000000;
				 *_t171 = 0xa58e29f0;
				r8d = 0;
				E00007FF77FF7A588A3E0(0xa58e29f0, _t171, _t183, _t249);
				goto 0xa5890e27;
				goto 0xa5890e84;
				_t184 =  *0xa591c4a0; // 0x4
				if (_t184 != 0) goto 0xa5890e76;
				E00007FF77FF7A588BCE0(0, _t249 + 0x48);
				_t160 =  *0xa591c4a0 - _t184; // 0x4
				if (_t160 != 0) goto 0xa5890e66;
				_t93 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t93 + 1;
				 *0xa591c4a0 = 0xa58e29f0;
				E00007FF77FF7A588BD58(0xa58e29f0, _t249 + 0x48);
				_t185 =  *0xa591c4a0; // 0x4
				E00007FF77FF7A5889350(_t185, __r14, _t249);
				E00007FF77FF7A5890908(_t185, _t241, 0xa58e29f0, _t241, _t247, _t185);
				if (r15d == 0) goto 0xa5890f5a;
				_t186 =  *0xa591b2b8; // 0x6
				if (__r14 != 0) goto 0xa5890f04;
				if (_t186 != 0) goto 0xa5890ee1;
				E00007FF77FF7A588BCE0(0, _t249 + 0x48);
				_t164 =  *0xa591b2b8 - _t272; // 0x6
				if (_t164 != 0) goto 0xa5890ed1;
				_t100 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t100 + 1;
				 *0xa591b2b8 = 0xa58e29f0;
				E00007FF77FF7A588BD58(0xa58e29f0, _t249 + 0x48);
				_t187 =  *0xa591b2b8; // 0x6
				E00007FF77FF7A588AD90(0xa58e29f0, _t249 + 0x48);
				 *((long long*)(_t249 + 0x40)) = 0xa58e29f0;
				if (0xa58e29f0 == 0) goto 0xa5890f4c;
				 *0x7FF7A58E29F8 =  *0x7FF7A58E29F8 & 0x00000000;
				 *0xa58e29f0 = 0xa58e28c0;
				goto 0xa5890f4c;
				if (_t187 != 0) goto 0xa5890f44;
				E00007FF77FF7A588BCE0(0, _t249 + 0x48);
				_t167 =  *0xa591b2b8 - _t187; // 0x6
				if (_t167 != 0) goto 0xa5890f34;
				_t106 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t106 + 1;
				 *0xa591b2b8 = 0xa58e29f0;
				E00007FF77FF7A588BD58(0xa58e29f0, _t249 + 0x48);
				_t188 =  *0xa591b2b8; // 0x6
				E00007FF77FF7A588C188(0xa58e29f0, __r14);
				E00007FF77FF7A5890908(_t188, _t241, 0xa58e29f0, _t241, _t247, _t188);
				0xa58b143c(); // executed
				E00007FF77FF7A58A46E8(r12d, _t167, 0xa58e29f0, _t188, __r13, 0xa58e29f0, _t241, _t247, _t241, __r14, _t268); // executed
				E00007FF77FF7A58A3A40(r12d, _t167, 0xa58e29f0, _t188, __r13, 0xa58e29f0, _t241, _t247, _t241, __r14, _t268); // executed
				 *(_t241 + 0x20) =  *(_t241 + 0x20) | r12d;
				if ( *((intOrPtr*)(__r13 + 0x58)) != 0) goto 0xa5890f9e;
				return E00007FF77FF7A5885B80(0xa58e29f0, _t188, _t241 + 0x28, __r13 + 0x60, _t247);
			}

0x7ff7a5890b06
0x7ff7a5890b06
0x7ff7a5890b06
0x7ff7a5890b09
0x7ff7a5890b0f
0x7ff7a5890b19
0x7ff7a5890b21
0x7ff7a5890b26
0x7ff7a5890b2d
0x7ff7a5890b2f
0x7ff7a5890b37
0x7ff7a5890b3f
0x7ff7a5890b4a
0x7ff7a5890b4f
0x7ff7a5890b5b
0x7ff7a5890b60
0x7ff7a5890b63
0x7ff7a5890b6a
0x7ff7a5890b6c
0x7ff7a5890b77
0x7ff7a5890b7e
0x7ff7a5890b83
0x7ff7a5890b86
0x7ff7a5890b8a
0x7ff7a5890b8e
0x7ff7a5890b92
0x7ff7a5890b9f
0x7ff7a5890ba6
0x7ff7a5890ba8
0x7ff7a5890bb2
0x7ff7a5890bba
0x7ff7a5890bbf
0x7ff7a5890bc6
0x7ff7a5890bc8
0x7ff7a5890bd0
0x7ff7a5890bd8
0x7ff7a5890be3
0x7ff7a5890be8
0x7ff7a5890bf2
0x7ff7a5890c00
0x7ff7a5890c09
0x7ff7a5890c0f
0x7ff7a5890c19
0x7ff7a5890c1e
0x7ff7a5890c26
0x7ff7a5890c2b
0x7ff7a5890c32
0x7ff7a5890c34
0x7ff7a5890c3c
0x7ff7a5890c44
0x7ff7a5890c4f
0x7ff7a5890c54
0x7ff7a5890c60
0x7ff7a5890c65
0x7ff7a5890c6c
0x7ff7a5890c6e
0x7ff7a5890c78
0x7ff7a5890c7b
0x7ff7a5890c7d
0x7ff7a5890c80
0x7ff7a5890c85
0x7ff7a5890c8d
0x7ff7a5890c92
0x7ff7a5890c99
0x7ff7a5890c9b
0x7ff7a5890ca3
0x7ff7a5890cab
0x7ff7a5890cb6
0x7ff7a5890cbb
0x7ff7a5890cc5
0x7ff7a5890cca
0x7ff7a5890cd6
0x7ff7a5890cdb
0x7ff7a5890ce5
0x7ff7a5890cea
0x7ff7a5890cf2
0x7ff7a5890cf7
0x7ff7a5890cfe
0x7ff7a5890d00
0x7ff7a5890d08
0x7ff7a5890d10
0x7ff7a5890d1b
0x7ff7a5890d20
0x7ff7a5890d2c
0x7ff7a5890d31
0x7ff7a5890d38
0x7ff7a5890d3a
0x7ff7a5890d45
0x7ff7a5890d48
0x7ff7a5890d4d
0x7ff7a5890d55
0x7ff7a5890d5a
0x7ff7a5890d61
0x7ff7a5890d63
0x7ff7a5890d6b
0x7ff7a5890d73
0x7ff7a5890d7e
0x7ff7a5890d83
0x7ff7a5890d8d
0x7ff7a5890d9b
0x7ff7a5890da3
0x7ff7a5890da9
0x7ff7a5890db3
0x7ff7a5890dbb
0x7ff7a5890dc0
0x7ff7a5890dc7
0x7ff7a5890dc9
0x7ff7a5890dd1
0x7ff7a5890dd9
0x7ff7a5890de4
0x7ff7a5890de9
0x7ff7a5890df5
0x7ff7a5890dfa
0x7ff7a5890dfd
0x7ff7a5890e04
0x7ff7a5890e06
0x7ff7a5890e11
0x7ff7a5890e14
0x7ff7a5890e1d
0x7ff7a5890e23
0x7ff7a5890e2d
0x7ff7a5890e2f
0x7ff7a5890e39
0x7ff7a5890e41
0x7ff7a5890e46
0x7ff7a5890e4d
0x7ff7a5890e4f
0x7ff7a5890e57
0x7ff7a5890e5f
0x7ff7a5890e6a
0x7ff7a5890e6f
0x7ff7a5890e79
0x7ff7a5890e87
0x7ff7a5890e8f
0x7ff7a5890e95
0x7ff7a5890e9f
0x7ff7a5890ea4
0x7ff7a5890eac
0x7ff7a5890eb1
0x7ff7a5890eb8
0x7ff7a5890eba
0x7ff7a5890ec2
0x7ff7a5890eca
0x7ff7a5890ed5
0x7ff7a5890eda
0x7ff7a5890ee6
0x7ff7a5890eeb
0x7ff7a5890ef2
0x7ff7a5890ef4
0x7ff7a5890eff
0x7ff7a5890f02
0x7ff7a5890f07
0x7ff7a5890f0f
0x7ff7a5890f14
0x7ff7a5890f1b
0x7ff7a5890f1d
0x7ff7a5890f25
0x7ff7a5890f2d
0x7ff7a5890f38
0x7ff7a5890f3d
0x7ff7a5890f47
0x7ff7a5890f55
0x7ff7a5890f66
0x7ff7a5890f77
0x7ff7a5890f88
0x7ff7a5890f8d
0x7ff7a5890f98
0x7ff7a5890fc1

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5890B21
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5890B4A
_Getctype.LIBCPMT ref: 00007FF7A5890B7E
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5890BBA
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5890BE3
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5890C26
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5890C4F
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5890C8D
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5890CB6
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5890CF2
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5890D1B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5890D55
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5890D7E
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5890DBB
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5890DE4
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5890E41
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5890E6A
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5890EAC
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5890ED5
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5890F0F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5890F38

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Getctype
String ID:
API String ID: 3087743877-0
Opcode ID: 207fc408bb53d49443b7a97cf0e779d796434894cf91c15fcde72e8d76e51a80
Instruction ID: 1def633873a9906aa392c0611323d05e3e393f179700b44fefc7e8a71331b90d
Opcode Fuzzy Hash: 207fc408bb53d49443b7a97cf0e779d796434894cf91c15fcde72e8d76e51a80
Instruction Fuzzy Hash: 35D18E21A0B612C9FA85BB61D8401B9B2A2FF56FC4FC64575E90D4B2B2DF3CF4658320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58828F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 128
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CryptAcquireContextW.ADVAPI32 ref: 00007FF7A5882938
CryptCreateHash.ADVAPI32 ref: 00007FF7A5882962
CryptHashData.ADVAPI32 ref: 00007FF7A588297D
CryptGetHashParam.ADVAPI32 ref: 00007FF7A58829AB
CryptGetHashParam.ADVAPI32 ref: 00007FF7A58829EB
CryptDestroyHash.ADVAPI32 ref: 00007FF7A58829F7
CryptReleaseContext.ADVAPI32 ref: 00007FF7A5882A03
CryptDestroyHash.ADVAPI32 ref: 00007FF7A5882AAB
CryptReleaseContext.ADVAPI32 ref: 00007FF7A5882AB7

Strings

%02X, xrefs: 00007FF7A5882A47

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Crypt$Hash$Context$DestroyParamRelease$AcquireCreateData
String ID: %02X
API String ID: 1965076391-436463671
Opcode ID: 53887bf9ca3a3263e729076d93a41bb56a7280d2b832ea95c8d5f378596fd544
Instruction ID: f1349282d017800ddea40d9fee37afd73d83ee801e0250f397eba4e65b634d7b
Opcode Fuzzy Hash: 53887bf9ca3a3263e729076d93a41bb56a7280d2b832ea95c8d5f378596fd544
Instruction Fuzzy Hash: 43518D22F05A5189F711EB70D8407AC77B4FF95B98F4641B5EE0E63AA8CF389556C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED66AC Relevance: 9.3, Strings: 7, Instructions: 584
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 23%

			E00007FFA7FFA0AED66AC(long long __rbx, void* __rdx, long long __rdi, long long __rsi, long long __r14) {
				void* _v8;
				intOrPtr _v212;
				intOrPtr _v216;
				void* _v220;
				signed int _v228;
				signed int _v232;
				void* _t33;
				void* _t51;
				void* _t54;
				void* _t64;
				void* _t67;
				void* _t68;

				_t51 = _t64;
				 *((long long*)(_t51 + 8)) = __rbx;
				 *((long long*)(_t51 + 0x10)) = __rsi;
				 *((long long*)(_t51 + 0x18)) = __rdi;
				 *((long long*)(_t51 + 0x20)) = __r14;
				E00007FFA7FFA0AEE3C78(_t33, _t54, __rdx, _t67, _t68);
				_v216 = 0x4fcdd;
				_v212 = 0;
				if (0xaea18 - 0xaea18 > 0) goto 0xaed6b26;
				if (0xaea18 == 0xaea18) goto 0xaed6aea;
				if (0xaea18 == 0xd18a) goto 0xaed6a61;
				if (0xaea18 == 0x106f2) goto 0xaed6993;
				if (0xaea18 == 0x15ac3) goto 0xaed6927;
				if (0xaea18 == 0x2a176) goto 0xaed6917;
				if (0xaea18 == 0x46536) goto 0xaed6907;
				if (0xaea18 == 0x5b839) goto 0xaed6890;
				if (0xaea18 == 0x5fa4c) goto 0xaed681e;
				if (0xaea18 == 0x7c098) goto 0xaed67d8;
				if (0xaea18 != 0x863db) goto 0xaed72c8;
				_v232 = 0x6fa30;
				_v232 = _v232 + 0xd465;
				_v232 = _v232 | 0xb7a7fe7b;
				_v232 = _v232 ^ 0xb7a15634;
				_v228 = 0xf5f;
				_v228 = _v228 << 4;
				_v228 = _v228 ^ 0x4efb847e;
				_v228 = _v228 | 0x55a62daa;
				_v228 = _v228 ^ 0x5ffafc3d;
				E00007FFA7FFA0AED61F4(); // executed
				return _v232;
			}

0x7ffa0aed66ac
0x7ffa0aed66af
0x7ffa0aed66b3
0x7ffa0aed66b7
0x7ffa0aed66bb
0x7ffa0aed66ce
0x7ffa0aed66d9
0x7ffa0aed66e6
0x7ffa0aed66f5
0x7ffa0aed66fb
0x7ffa0aed6707
0x7ffa0aed6713
0x7ffa0aed671f
0x7ffa0aed672b
0x7ffa0aed6737
0x7ffa0aed6743
0x7ffa0aed674f
0x7ffa0aed675b
0x7ffa0aed6763
0x7ffa0aed6769
0x7ffa0aed6771
0x7ffa0aed6779
0x7ffa0aed6781
0x7ffa0aed6789
0x7ffa0aed6791
0x7ffa0aed6796
0x7ffa0aed679e
0x7ffa0aed67a6
0x7ffa0aed67b6
0x7ffa0aed67d7

Strings

d"i #, xrefs: 00007FFA0AED6FB8
?, xrefs: 00007FFA0AED718F
{1_, xrefs: 00007FFA0AED71D4
#, xrefs: 00007FFA0AED6F67
?, xrefs: 00007FFA0AED6B4A
/%, xrefs: 00007FFA0AED6C02
?, xrefs: 00007FFA0AED6BB1

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: #$/%$d"i #${1_$?$?$?
API String ID: 0-3639213099
Opcode ID: dae4b9be2191d134fa5d0c1b567923ca8d2ae8525ce17a13fef48289566cf685
Instruction ID: e025bef48a9b2868aa508ada24c7a9c5cadd9691f1e3313b913a382a7a858ce7
Opcode Fuzzy Hash: dae4b9be2191d134fa5d0c1b567923ca8d2ae8525ce17a13fef48289566cf685
Instruction Fuzzy Hash: CB62F47351C7518BD368DF24F18541EBBB1F786B44F208129EB9A8AA68DB7ED844CF01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDF51C Relevance: 6.6, Strings: 5, Instructions: 395
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 31%

			E00007FFA7FFA0AEDF51C(long long __rbx, long long __rcx, signed int __rdx, void* __r11) {
				void* __rsi;
				void* __rbp;
				signed int _t468;
				signed int _t490;
				void* _t555;
				signed int _t556;
				signed int _t559;
				void* _t575;
				void* _t579;
				signed int _t580;
				void* _t582;
				intOrPtr* _t583;
				void* _t585;
				void* _t586;
				void* _t588;
				void* _t594;

				_t566 = __rcx;
				_t555 = _t585;
				 *((long long*)(_t555 + 0x10)) = __rbx;
				 *(_t555 + 0x18) = r8d;
				 *((long long*)(_t555 + 8)) = __rcx;
				_t583 = _t555 - 0x658;
				_t586 = _t585 - 0x740;
				_t556 =  *((intOrPtr*)(_t583 + 0x698));
				_t580 = __rdx;
				 *(_t586 + 0x38) = _t556;
				 *(_t586 + 0x30) =  *(_t583 + 0x690);
				 *(_t586 + 0x28) =  *(_t583 + 0x688);
				 *(_t586 + 0x20) =  *(_t583 + 0x680);
				E00007FFA7FFA0AEE3C78( *(_t583 + 0x680), __rcx, __rdx, _t588, _t594);
				 *(_t586 + 0x60) = 0x1f60;
				if (0xa759e == 0xa759e) goto 0xaedfca5;
				if (0xa759e == 0xa9dd3) goto 0xaedf97d;
				if (0xa759e == 0xaf907) goto 0xaedf8b8;
				if (0xa759e == 0xd2576) goto 0xaedf800;
				if (0xa759e == 0xe288e) goto 0xaedfcbe;
				if (0xa759e != 0xf2b7a) goto 0xaedfcae;
				 *(_t586 + 0x58) = 0xab4726;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) >> 1;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) >> 0x10;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0x000a15bc;
				 *(_t586 + 0x50) = 0x1a2ded;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) + 0xffffcd92;
				 *(_t586 + 0x50) = 0x4ec4ec4f *  *(_t586 + 0x50) >> 0x20 >> 2;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) ^ 0x0009b8e7;
				 *(_t586 + 0x60) = 0x4c1e45;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) + 0x52e;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0x004f1cf4;
				 *(_t586 + 0x54) = 0x7ae1d6;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) * 0x2f;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) + 0xffff40e8;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) ^ 0x1686463b;
				r9d =  *(_t586 + 0x60);
				r8d =  *(_t586 + 0x50);
				 *(_t586 + 0x20) =  *(_t586 + 0x54);
				E00007FFA7FFA0AEDE090(_t556, __rbx, __rcx, 0x7ffa0aed1020, _t583, __r11, _t575, _t579);
				 *(_t586 + 0x60) = 0x26e843;
				 *(_t586 + 0x60) = 0x76b981db *  *(_t586 + 0x60) >> 0x20 >> 5;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0xf5667217;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0xf5682bcb;
				 *(_t586 + 0x50) = 0xcca4ce;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) | 0x56868ecc;
				 *(_t586 + 0x50) = 0xcccccccd *  *(_t586 + 0x50) >> 0x20 >> 3;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) ^ 0x08a43f52;
				 *(_t586 + 0x58) = 0xbc452f;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) * 0x21;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) >> 0xa;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) * 0x57;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0x0200d0a9;
				 *(_t586 + 0x54) = 0x71b152;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) + 0x819d;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) << 0xf;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) ^ 0x1979b1cb;
				r9d =  *(_t586 + 0x58);
				r8d =  *(_t586 + 0x50);
				 *(_t586 + 0x38) =  *(_t586 + 0x54);
				 *(_t586 + 0x30) = _t556;
				 *(_t586 + 0x28) = __rdx;
				 *(_t586 + 0x20) = _t583 + 0x220;
				E00007FFA7FFA0AED9CEC();
				 *(_t586 + 0x54) = 0xf1af0a;
				 *(_t586 + 0x54) = 0x3e0f83e1 *  *(_t586 + 0x54) >> 0x20 >> 3;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) ^ 0x00084be3;
				 *(_t586 + 0x60) = 0x56c8e7;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) << 4;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0x056dfacd;
				 *(_t586 + 0x50) = 0x9046d9;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) | 0xb8b6b40d;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) >> 0xd;
				 *(_t586 + 0x50) = ( *(_t586 + 0x50) - (0x24924925 *  *(_t586 + 0x50) >> 0x20) >> 1) + (0x24924925 *  *(_t586 + 0x50) >> 0x20) >> 4;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) ^ 0x000f657a;
				 *(_t586 + 0x58) = 0xafddff;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) + 0x9c7c;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0x5c9d3017;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) | 0x43f0de3c;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0x5ff89191;
				r9d =  *(_t586 + 0x50);
				 *(_t586 + 0x20) =  *(_t586 + 0x58);
				E00007FFA7FFA0AED4448( *(_t586 + 0x60), _t583 + 0x220, _t556, __rdx, _t556);
				r8d =  *(_t583 + 0x670);
				goto 0xaedf583;
				 *(_t586 + 0x58) = 0xbf153a;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) >> 2;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0x002c834d;
				 *(_t586 + 0x54) = 0xd4d19a;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) | 0x196910bd;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) >> 0xc;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) ^ 0x000ccca5;
				 *(_t586 + 0x50) = 0x68ff6d;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) << 0x10;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) * 0x1a;
				 *(_t586 + 0x50) = 0x3159721f *  *(_t586 + 0x50) >> 0x20 >> 4;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) ^ 0x02eceeba;
				 *(_t586 + 0x60) = 0x4d095f;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) + 0x17ca;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) >> 0xe;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0x000f3226;
				r8d =  *(_t586 + 0x50);
				 *(_t586 + 0x28) =  *(_t586 + 0x60);
				 *(_t586 + 0x20) = _t583 - 0x30;
				E00007FFA7FFA0AEDDCF4();
				asm("sbb eax, eax");
				goto 0xaedf7ed;
				 *(_t586 + 0x54) = 0xd6f94f;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) + 0xffff2e8e;
				 *(_t586 + 0x54) = 0xb21642c9 *  *(_t586 + 0x54) >> 0x20 >> 5;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) ^ 0x00015333;
				 *(_t586 + 0x60) = 0x6417c9;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0xb9a5857b;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) | 0x438c1f61;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0xfbcf367f;
				 *(_t586 + 0x58) = 0x6eccab;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) | 0xff96a722;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0xfff5316f;
				 *(_t586 + 0x50) = 0x49a878;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) | 0xb21c21a2;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) << 7;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) << 0xd;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) ^ 0x9fad7b26;
				r9d =  *(_t586 + 0x58);
				 *(_t586 + 0x28) =  *(_t586 + 0x50);
				_t559 = _t583 + 0x220;
				 *(_t586 + 0x20) = _t559;
				E00007FFA7FFA0AED5ACC(); // executed
				if (_t559 == 0xffffffff) goto 0xaedfd75;
				goto 0xaedf7ed;
				 *(_t586 + 0x60) = 0xbc50f1;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) << 7;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0x5e287890;
				if (( *(_t583 - 0x30) &  *(_t586 + 0x60)) == 0) goto 0xaedfc8b;
				if ( *((short*)(_t583 - 4)) != 0x2e) goto 0xaedf9c5;
				_t468 =  *(_t583 - 2) & 0x0000ffff;
				if (_t468 == 0) goto 0xaedf9bb;
				if (_t468 != 0x2e) goto 0xaedf9c5;
				if ( *_t583 !=  *(_t586 + 0x54)) goto 0xaedf9c5;
				goto 0xaedf585;
				if (r8d == 0) goto 0xaedf9bb;
				 *(_t586 + 0x54) = 0xae2982;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) | 0x8e6332ba;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) << 0xc;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) ^ 0xf3b89ac8;
				 *(_t586 + 0x60) = 0x90321;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0xd04d4a30;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) + 0xffff7e61;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0xd04b7175;
				 *(_t586 + 0x50) = 0xb8cdb9;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) << 0xc;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) | 0x253c9844;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) + 0xffff14e5;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) ^ 0xadfca745;
				 *(_t586 + 0x58) = 0xdc9d6;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) + 0xffffb9ba;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0x000e5d40;
				r9d =  *(_t586 + 0x50);
				r8d =  *(_t586 + 0x60);
				 *(_t586 + 0x20) =  *(_t586 + 0x58);
				E00007FFA7FFA0AEDE090(_t559, _t556, _t566, 0x7ffa0aed1000, _t583, __r11);
				 *(_t586 + 0x54) = 0xbad2dc;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) >> 5;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) + 0xffff55ff;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) ^ 0x0001dbae;
				 *(_t586 + 0x58) = 0xeb60c;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) >> 0xa;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0x0005ce3a;
				 *(_t586 + 0x60) = 0x7d046b;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) + 0x3145;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) << 7;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0x3e90a229;
				 *(_t586 + 0x50) = 0xbb8429;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) * 0xb;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) ^ 0x080b87fe;
				 *(_t586 + 0x40) =  *(_t586 + 0x50);
				 *(_t586 + 0x38) =  *(_t586 + 0x60);
				 *(_t586 + 0x30) = _t583 - 4;
				r9d =  *(_t586 + 0x54);
				 *(_t586 + 0x28) = _t580;
				 *(_t586 + 0x20) =  *(_t586 + 0x58);
				E00007FFA7FFA0AEE54A0();
				r8d =  *(_t583 + 0x670);
				 *(_t586 + 0x54) = 0x779fb6;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) + 0xffff4cfd;
				 *(_t586 + 0x38) =  *((intOrPtr*)(_t583 + 0x698));
				 *(_t586 + 0x54) =  *(_t586 + 0x54) | 0xe9c1463d;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) + 0x9cb0;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) ^ 0xe9f2750d;
				 *(_t586 + 0x58) = 0xa78b5d;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) << 9;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) + 0xffffea03;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0xc930e3d6;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0x86291a4c;
				 *(_t586 + 0x60) = 0xa8e4a6;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0xfd035859;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) + 0xb658;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0xfda55775;
				 *(_t586 + 0x50) = 0x2d3746;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) + 0xffffbe35;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) >> 0xb;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) + 0xffffb34a;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) ^ 0xffff7bf4;
				 *(_t586 + 0x30) =  *(_t586 + 0x50);
				 *(_t586 + 0x28) =  *(_t586 + 0x60);
				r9d =  *(_t586 + 0x54);
				 *(_t586 + 0x20) =  *(_t586 + 0x58);
				E00007FFA7FFA0AEDF51C(_t559,  *((intOrPtr*)(_t583 + 0x660)), _t583 + 0x430, __r11);
				 *(_t586 + 0x58) = 0xadf1d7;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) >> 8;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0x000bfb8f;
				 *(_t586 + 0x50) = 0x2a4928;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) ^ 0x189f1657;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) ^ 0x18bdfbf3;
				 *(_t586 + 0x54) = 0xbda2e8;
				 *(_t586 + 0x54) = 0xf0f0f0f1 *  *(_t586 + 0x54) >> 0x20 >> 4;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) + 0xffff295f;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) >> 4;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) ^ 0x00023a59;
				 *(_t586 + 0x60) = 0x4e919e;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) | 0x50566ccd;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) >> 0xc;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0x000f108c;
				r9d =  *(_t586 + 0x54);
				 *(_t586 + 0x20) =  *(_t586 + 0x60);
				E00007FFA7FFA0AED4448( *(_t586 + 0x50),  *((intOrPtr*)(_t583 + 0x698)), _t559, _t580, _t559);
				r8d =  *(_t583 + 0x670);
				goto 0xaedf9bb;
				 *((long long*)( *((intOrPtr*)(_t583 + 0x660))))(_t582);
				asm("sbb eax, eax");
				goto 0xaedf8ae;
				 *(_t583 - 0x68) = _t580;
				if (0xf2b7a == 0x7f1bb) goto 0xaedfd75;
				goto 0xaedf585;
				 *(_t586 + 0x60) = 0xb5c880;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) >> 0xa;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) + 0x7bbc;
				 *(_t586 + 0x60) =  *(_t586 + 0x60) ^ 0x000305ca;
				 *(_t586 + 0x58) = 0x8c6b26;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0x2277a142;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) >> 4;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) * 0x66;
				 *(_t586 + 0x58) =  *(_t586 + 0x58) ^ 0xdf066ece;
				 *(_t586 + 0x50) = 0x17e25;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) | 0xb9f736f4;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) + 0xffff6ede;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) >> 0xb;
				 *(_t586 + 0x50) =  *(_t586 + 0x50) ^ 0x001608c5;
				 *(_t586 + 0x54) = 0x22aea5;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) << 4;
				 *(_t586 + 0x54) = ( *(_t586 + 0x54) - (0x21fb7813 *  *(_t586 + 0x54) >> 0x20) >> 1) + (0x21fb7813 *  *(_t586 + 0x54) >> 0x20) >> 6;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) >> 5;
				 *(_t586 + 0x54) =  *(_t586 + 0x54) ^ 0x00086e0e;
				_t490 =  *(_t586 + 0x54);
				r9d =  *(_t586 + 0x50);
				 *(_t586 + 0x20) = _t490;
				E00007FFA7FFA0AED64B4();
				return _t490;
			}

0x7ffa0aedf51c
0x7ffa0aedf51c
0x7ffa0aedf51f
0x7ffa0aedf523
0x7ffa0aedf527
0x7ffa0aedf52e
0x7ffa0aedf535
0x7ffa0aedf53c
0x7ffa0aedf543
0x7ffa0aedf549
0x7ffa0aedf554
0x7ffa0aedf55e
0x7ffa0aedf568
0x7ffa0aedf56c
0x7ffa0aedf571
0x7ffa0aedf58a
0x7ffa0aedf595
0x7ffa0aedf5a0
0x7ffa0aedf5ab
0x7ffa0aedf5b6
0x7ffa0aedf5c1
0x7ffa0aedf5c7
0x7ffa0aedf5d4
0x7ffa0aedf5d8
0x7ffa0aedf5dd
0x7ffa0aedf5e5
0x7ffa0aedf5ed
0x7ffa0aedf5fe
0x7ffa0aedf609
0x7ffa0aedf611
0x7ffa0aedf619
0x7ffa0aedf621
0x7ffa0aedf629
0x7ffa0aedf636
0x7ffa0aedf63a
0x7ffa0aedf642
0x7ffa0aedf64e
0x7ffa0aedf653
0x7ffa0aedf65c
0x7ffa0aedf660
0x7ffa0aedf665
0x7ffa0aedf683
0x7ffa0aedf687
0x7ffa0aedf68f
0x7ffa0aedf697
0x7ffa0aedf69f
0x7ffa0aedf6b0
0x7ffa0aedf6b4
0x7ffa0aedf6bc
0x7ffa0aedf6c9
0x7ffa0aedf6cd
0x7ffa0aedf6d7
0x7ffa0aedf6db
0x7ffa0aedf6e3
0x7ffa0aedf6eb
0x7ffa0aedf6f3
0x7ffa0aedf6f8
0x7ffa0aedf704
0x7ffa0aedf709
0x7ffa0aedf712
0x7ffa0aedf71d
0x7ffa0aedf722
0x7ffa0aedf727
0x7ffa0aedf72c
0x7ffa0aedf731
0x7ffa0aedf747
0x7ffa0aedf74b
0x7ffa0aedf753
0x7ffa0aedf762
0x7ffa0aedf766
0x7ffa0aedf76e
0x7ffa0aedf776
0x7ffa0aedf77e
0x7ffa0aedf79a
0x7ffa0aedf79e
0x7ffa0aedf7a6
0x7ffa0aedf7ae
0x7ffa0aedf7b6
0x7ffa0aedf7be
0x7ffa0aedf7c6
0x7ffa0aedf7d2
0x7ffa0aedf7df
0x7ffa0aedf7e3
0x7ffa0aedf7ed
0x7ffa0aedf7fb
0x7ffa0aedf800
0x7ffa0aedf80b
0x7ffa0aedf810
0x7ffa0aedf818
0x7ffa0aedf820
0x7ffa0aedf828
0x7ffa0aedf82d
0x7ffa0aedf835
0x7ffa0aedf83d
0x7ffa0aedf847
0x7ffa0aedf859
0x7ffa0aedf85d
0x7ffa0aedf865
0x7ffa0aedf86d
0x7ffa0aedf875
0x7ffa0aedf87a
0x7ffa0aedf886
0x7ffa0aedf893
0x7ffa0aedf89b
0x7ffa0aedf8a0
0x7ffa0aedf8a7
0x7ffa0aedf8b3
0x7ffa0aedf8b8
0x7ffa0aedf8c9
0x7ffa0aedf8da
0x7ffa0aedf8de
0x7ffa0aedf8e6
0x7ffa0aedf8ee
0x7ffa0aedf8f6
0x7ffa0aedf8fe
0x7ffa0aedf906
0x7ffa0aedf90e
0x7ffa0aedf916
0x7ffa0aedf91e
0x7ffa0aedf926
0x7ffa0aedf92e
0x7ffa0aedf933
0x7ffa0aedf938
0x7ffa0aedf944
0x7ffa0aedf951
0x7ffa0aedf955
0x7ffa0aedf95c
0x7ffa0aedf961
0x7ffa0aedf96d
0x7ffa0aedf978
0x7ffa0aedf97d
0x7ffa0aedf985
0x7ffa0aedf98a
0x7ffa0aedf999
0x7ffa0aedf9a4
0x7ffa0aedf9a6
0x7ffa0aedf9ad
0x7ffa0aedf9b3
0x7ffa0aedf9b9
0x7ffa0aedf9c0
0x7ffa0aedf9c8
0x7ffa0aedf9ca
0x7ffa0aedf9d9
0x7ffa0aedf9e1
0x7ffa0aedf9e6
0x7ffa0aedf9ee
0x7ffa0aedf9f6
0x7ffa0aedf9fe
0x7ffa0aedfa06
0x7ffa0aedfa0e
0x7ffa0aedfa16
0x7ffa0aedfa1b
0x7ffa0aedfa23
0x7ffa0aedfa2b
0x7ffa0aedfa33
0x7ffa0aedfa3b
0x7ffa0aedfa43
0x7ffa0aedfa4f
0x7ffa0aedfa54
0x7ffa0aedfa5d
0x7ffa0aedfa61
0x7ffa0aedfa66
0x7ffa0aedfa75
0x7ffa0aedfa7d
0x7ffa0aedfa88
0x7ffa0aedfa90
0x7ffa0aedfa98
0x7ffa0aedfa9d
0x7ffa0aedfaa5
0x7ffa0aedfaad
0x7ffa0aedfab5
0x7ffa0aedfaba
0x7ffa0aedfac2
0x7ffa0aedfacf
0x7ffa0aedfad3
0x7ffa0aedfadf
0x7ffa0aedfae7
0x7ffa0aedfaef
0x7ffa0aedfaf8
0x7ffa0aedfafd
0x7ffa0aedfb02
0x7ffa0aedfb06
0x7ffa0aedfb12
0x7ffa0aedfb19
0x7ffa0aedfb21
0x7ffa0aedfb29
0x7ffa0aedfb2e
0x7ffa0aedfb36
0x7ffa0aedfb3e
0x7ffa0aedfb46
0x7ffa0aedfb4e
0x7ffa0aedfb53
0x7ffa0aedfb5b
0x7ffa0aedfb63
0x7ffa0aedfb6b
0x7ffa0aedfb73
0x7ffa0aedfb7b
0x7ffa0aedfb83
0x7ffa0aedfb8b
0x7ffa0aedfb93
0x7ffa0aedfb9b
0x7ffa0aedfba0
0x7ffa0aedfba8
0x7ffa0aedfbb4
0x7ffa0aedfbbc
0x7ffa0aedfbc4
0x7ffa0aedfbc9
0x7ffa0aedfbdb
0x7ffa0aedfbe0
0x7ffa0aedfbed
0x7ffa0aedfbf5
0x7ffa0aedfbfd
0x7ffa0aedfc05
0x7ffa0aedfc0d
0x7ffa0aedfc15
0x7ffa0aedfc26
0x7ffa0aedfc2a
0x7ffa0aedfc32
0x7ffa0aedfc37
0x7ffa0aedfc3f
0x7ffa0aedfc47
0x7ffa0aedfc4f
0x7ffa0aedfc54
0x7ffa0aedfc60
0x7ffa0aedfc6d
0x7ffa0aedfc71
0x7ffa0aedfc76
0x7ffa0aedfc86
0x7ffa0aedfc94
0x7ffa0aedfc99
0x7ffa0aedfca0
0x7ffa0aedfca5
0x7ffa0aedfcb3
0x7ffa0aedfcb9
0x7ffa0aedfcbe
0x7ffa0aedfcc9
0x7ffa0aedfcce
0x7ffa0aedfcd6
0x7ffa0aedfcde
0x7ffa0aedfce6
0x7ffa0aedfcee
0x7ffa0aedfcf8
0x7ffa0aedfd01
0x7ffa0aedfd09
0x7ffa0aedfd11
0x7ffa0aedfd19
0x7ffa0aedfd21
0x7ffa0aedfd26
0x7ffa0aedfd2e
0x7ffa0aedfd36
0x7ffa0aedfd4a
0x7ffa0aedfd4e
0x7ffa0aedfd53
0x7ffa0aedfd5b
0x7ffa0aedfd5f
0x7ffa0aedfd6c
0x7ffa0aedfd70
0x7ffa0aedfd87

Strings

v%, xrefs: 00007FFA0AEDF5A6
(I*, xrefs: 00007FFA0AEDFBFD
E1, xrefs: 00007FFA0AEDFAAD
_M, xrefs: 00007FFA0AEDF865
v%, xrefs: 00007FFA0AEDF9BB

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: (I*$E1$_M$v%$v%
API String ID: 0-2023641189
Opcode ID: 530c92fd63cf590c4233cee8d94f2ee3aa3a03dbc56889fe2fef00f6bbb21984
Instruction ID: 491fe3d1f9d47e736a0122cbf2501d38789b5ed267bdaf997898af4a194e91eb
Opcode Fuzzy Hash: 530c92fd63cf590c4233cee8d94f2ee3aa3a03dbc56889fe2fef00f6bbb21984
Instruction Fuzzy Hash: DD22E4775087C58BD358DFA5F14955AFBA1F385B68F008229E68687E68D7BCE848CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED3750 Relevance: 4.3, Strings: 3, Instructions: 562
COMMONCrypto

Download Yara Rule

C-Code - Quality: 79%

			E00007FFA7FFA0AED3750(long long __rbx, void* __rcx, long long __rdi, long long __rsi) {
				void* _t91;
				signed int _t104;
				signed long long _t136;
				void* _t140;
				void* _t148;
				signed long long _t150;
				void* _t151;
				void* _t153;
				void* _t154;

				_t136 = _t150;
				 *((long long*)(_t136 + 8)) = __rbx;
				 *((long long*)(_t136 + 0x10)) = __rsi;
				 *((long long*)(_t136 + 0x18)) = __rdi;
				_t148 = _t136 - 0x5c8;
				_t151 = _t150 - 0x6c0;
				E00007FFA7FFA0AEE3C78(_t91, __rcx, _t140, _t153, _t154);
				 *(_t148 + 0x5e8) = 0x5dc39;
				if (0x6c49c == 0x652d) goto 0xaed43bd;
				if (0x6c49c == 0x10ef3) goto 0xaed40b7;
				if (0x6c49c == 0x12fd0) goto 0xaed3d5f;
				if (0x6c49c == 0x1d02c) goto 0xaed3b20;
				if (0x6c49c == 0x44f6d) goto 0xaed3abf;
				if (0x6c49c == 0x5aca3) goto 0xaed3a86;
				if (0x6c49c == 0x6c49c) goto 0xaed3a4e;
				if (0x6c49c == 0xbf97d) goto 0xaed396c;
				if (0x6c49c != 0xd558c) goto 0xaed4435;
				 *(_t151 + 0x60) = 0xa7a1fe;
				 *(_t151 + 0x60) =  *(_t151 + 0x60) >> 0xe;
				 *(_t151 + 0x60) =  *(_t151 + 0x60) >> 3;
				 *(_t151 + 0x60) =  *(_t151 + 0x60) ^ 0x0003a79c;
				 *(_t148 + 0x5e8) = 0x1519de;
				 *(_t148 + 0x5e8) =  *(_t148 + 0x5e8) + 0xffff9d4c;
				 *(_t148 + 0x5e8) = _t136 + _t136 * 2 << 2;
				 *(_t148 + 0x5e8) =  *(_t148 + 0x5e8) ^ 0x00f1073d;
				 *(_t151 + 0x6c) = 0x5f399a;
				 *(_t151 + 0x6c) =  *(_t151 + 0x6c) * 0x15;
				 *(_t151 + 0x6c) =  *(_t151 + 0x6c) ^ 0x07c564c8;
				r8d =  *(_t151 + 0x6c);
				E00007FFA7FFA0AED5A28(); // executed
				 *(_t151 + 0x68) = 0x947582;
				 *(_t151 + 0x68) =  *(_t151 + 0x68) >> 7;
				 *(_t151 + 0x68) = 0xa0a0a0a1 *  *(_t151 + 0x68) >> 0x20 >> 5;
				 *(_t151 + 0x68) =  *(_t151 + 0x68) + 0xffff2e23;
				 *(_t151 + 0x68) =  *(_t151 + 0x68) ^ 0xfffc75e1;
				 *(_t151 + 0x60) = 0x128048;
				 *(_t151 + 0x60) = 0x3e0f83e1 *  *(_t151 + 0x60) >> 0x20 >> 4;
				 *(_t151 + 0x60) = ( *(_t151 + 0x60) - (0x51d07eaf *  *(_t151 + 0x60) >> 0x20) >> 1) + (0x51d07eaf *  *(_t151 + 0x60) >> 0x20) >> 6;
				 *(_t151 + 0x60) =  *(_t151 + 0x60) ^ 0x000bcaab;
				 *(_t151 + 0x64) = 0xcbbed1;
				 *(_t151 + 0x64) =  *(_t151 + 0x64) + 0xffff5440;
				 *(_t151 + 0x64) = 0x38e38e39 *  *(_t151 + 0x64) >> 0x20 >> 3;
				 *(_t151 + 0x64) =  *(_t151 + 0x64) ^ 0x6e1eab82;
				 *(_t151 + 0x64) =  *(_t151 + 0x64) ^ 0x6e1e4acd;
				 *(_t148 + 0x5e8) = 0xbef29c;
				 *(_t148 + 0x5e8) =  *(_t148 + 0x5e8) + 0xffff8750;
				 *(_t148 + 0x5e8) =  *(_t148 + 0x5e8) | 0xd31772e6;
				 *(_t148 + 0x5e8) =  *(_t148 + 0x5e8) << 0xf;
				 *(_t148 + 0x5e8) =  *(_t148 + 0x5e8) ^ 0xbdfdc750;
				_t104 =  *(_t148 + 0x5e8);
				r8d =  *(_t151 + 0x64);
				 *(_t151 + 0x20) = _t104;
				E00007FFA7FFA0AEE6704(); // executed
				return _t104;
			}

0x7ffa0aed3750
0x7ffa0aed3753
0x7ffa0aed3757
0x7ffa0aed375b
0x7ffa0aed3760
0x7ffa0aed3767
0x7ffa0aed3771
0x7ffa0aed3776
0x7ffa0aed3791
0x7ffa0aed379c
0x7ffa0aed37a7
0x7ffa0aed37b2
0x7ffa0aed37bd
0x7ffa0aed37c8
0x7ffa0aed37d3
0x7ffa0aed37de
0x7ffa0aed37e9
0x7ffa0aed37ef
0x7ffa0aed37fa
0x7ffa0aed37ff
0x7ffa0aed3804
0x7ffa0aed380c
0x7ffa0aed3816
0x7ffa0aed382c
0x7ffa0aed3832
0x7ffa0aed383c
0x7ffa0aed3849
0x7ffa0aed384d
0x7ffa0aed3855
0x7ffa0aed3864
0x7ffa0aed3869
0x7ffa0aed3876
0x7ffa0aed388d
0x7ffa0aed3891
0x7ffa0aed3899
0x7ffa0aed38a1
0x7ffa0aed38b7
0x7ffa0aed38cf
0x7ffa0aed38d3
0x7ffa0aed38db
0x7ffa0aed38e3
0x7ffa0aed38f4
0x7ffa0aed38f8
0x7ffa0aed3900
0x7ffa0aed3908
0x7ffa0aed3912
0x7ffa0aed391c
0x7ffa0aed3926
0x7ffa0aed392d
0x7ffa0aed3937
0x7ffa0aed393d
0x7ffa0aed394a
0x7ffa0aed394e
0x7ffa0aed396b

Strings

Irq, xrefs: 00007FFA0AED4324
an, xrefs: 00007FFA0AED40C6
ooQ<, xrefs: 00007FFA0AED3F65

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: Irq$an$ooQ<
API String ID: 0-698721148
Opcode ID: 02c113f7ed80805c9f80fb1655b3cfdc2da9c32e9c49e0b6de24b8b0e73b3561
Instruction ID: fae776f0c9f7b6b2ea1a609a9da3732bea09adf1f4e8d36f66099ec75597cf1a
Opcode Fuzzy Hash: 02c113f7ed80805c9f80fb1655b3cfdc2da9c32e9c49e0b6de24b8b0e73b3561
Instruction Fuzzy Hash: C96209735087C18FD368DF35E9895AFBBA1F385748F104119E79A8AA68DB78E644CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE5F68 Relevance: 4.1, Strings: 3, Instructions: 337
COMMONCrypto

Download Yara Rule

C-Code - Quality: 26%

			E00007FFA7FFA0AEE5F68(void* __ebx, signed int __ecx, void* __rax, void* __rcx, void* __r9, void* __r11, signed int _a8, signed int _a16, signed int _a24, signed int _a32) {
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				void* _v64;
				signed int _v72;
				signed long long _v80;
				signed int _v88;
				signed int _v96;
				signed int _v104;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				signed int _t365;
				void* _t465;
				void* _t480;
				signed long long _t481;
				signed int _t482;
				signed long long _t483;
				long long _t484;
				signed long long _t485;
				void* _t486;
				signed int _t489;
				signed int _t494;
				signed int _t495;
				signed int _t497;
				void* _t498;
				void* _t500;

				_t480 = __rax;
				_a8 = __ecx;
				_v56 = 0x99bd9;
				_v52 = 0xd696;
				_v48 = 0x47092;
				_v44 = 0x5f143;
				if (0x11457 == 0x11457) goto 0xaee62c8;
				if (0x11457 == 0x84e0d) goto 0xaee64ab;
				if (0x11457 == 0xa32f6) goto 0xaee61d9;
				if (0x11457 == 0xbe97f) goto 0xaee6406;
				if (0x11457 != 0xddc28) goto 0xaee63f5;
				_a32 = 0xf3b410;
				_a32 = _a32 ^ 0x0a9a4119;
				_a32 = _a32 ^ 0x0a6ce7fd;
				_a24 = 0xef96a3;
				_a24 = _a24 >> 4;
				_a24 = _a24 + 0xd054;
				_a24 = _a24 ^ 0x0009432e;
				_a16 = 0x462d44;
				_a16 = _a16 + 0x7379;
				_a16 = _a16 | 0xc457bfb8;
				_a16 = _a16 ^ 0xc453888b;
				_a8 = 0x450470;
				_a8 = _a8 >> 5;
				_a8 = _a8 >> 0xb;
				_a8 = _a8 ^ 0x000d62cf;
				r9d = _a16;
				r8d = _a24;
				_v104 = _a8;
				E00007FFA7FFA0AEDE090(__rax, _t486, __rcx, 0x7ffa0aed1648, _t500, __r11);
				_a24 = 0x102108;
				_a24 = _a24 << 7;
				_a24 = _a24 ^ 0x08108400;
				_a16 = 0x31b24a;
				_a16 = _a16 ^ 0x404ce8a8;
				_a16 = _a16 * 0x74;
				_a16 = _a16 ^ 0x38cf5d67;
				_v72 = 0xa04e4a;
				_v72 = _v72 + 0xffff68a7;
				_v72 = _v72 ^ 0x00921740;
				_a32 = 0xf99791;
				_a32 = _a32 << 0xc;
				_a32 = _a32 ^ 0x99797cf8;
				_a8 = 0x591d4c;
				_t400 = _a8;
				_t481 =  &_v64;
				_v80 = _t481;
				_v88 = _v88 & 0x00000000;
				_a8 = (_a8 - (0x24924925 * _t400 >> 0x20) >> 1) + (0x24924925 * _t400 >> 0x20) >> 4;
				_a8 = _a8 + 0x8c05;
				_a8 = _a8 ^ 0x00039825;
				_v96 = _a24;
				r9d = _a32;
				_v104 = _a8;
				E00007FFA7FFA0AEE3D14(); // executed
				_a8 = 0xae0131;
				_a8 = _a8 + 0x88b7;
				_a8 = _a8 ^ 0x00ae89e8;
				_a16 = 0x350717;
				_t465 =  ==  ? 0xa32f6 : 0xbe97f;
				_a16 = _a16 << 0xc;
				_a16 = _t481 + _t481 * 8 + _t481 + _t481 * 8;
				_a16 = _a16 + 0xfffffa29;
				_a16 = _a16 ^ 0xa7f0d73a;
				_a8 = 0x8640ac;
				_a8 = _a8 ^ 0xde9ec8d9;
				_a8 = (_a8 - (0x3521cfb3 * _a8 >> 0x20) >> 1) + (0x3521cfb3 * _a8 >> 0x20) >> 5;
				_a8 = _t481 + _t481 * 8 + _t481 + _t481 * 8;
				_a8 = _a8 ^ 0x4b6704fc;
				_a32 = 0xd07b3b;
				_a32 = _a32 + 0x11fd;
				_a32 = _a32 ^ 0x00d363a1;
				_a24 = 0x5954ad;
				_a24 = _a24 + 0xffff8cdb;
				_a24 = _a24 * 0x3f;
				_a24 = _a24 ^ 0x15dca036;
				r9d = _a32;
				_v104 = _a24;
				E00007FFA7FFA0AED4448(_a8, _t481, _t480, _t498, _t480);
				goto 0xaee63f0;
				_a24 = 0x85018e;
				_a24 = _a24 + 0x16cc;
				_a24 = (_a24 - (0x3521cfb3 * _a24 >> 0x20) >> 1) + (0x3521cfb3 * _a24 >> 0x20) >> 6;
				_a24 = _a24 ^ 0x0001416f;
				_a8 = 0xeb35fb;
				_a8 = _a8 + 0x3c5e;
				_a8 = _a8 + 0xe8eb;
				_a8 = _a8 ^ 0x854cfa33;
				_a8 = _a8 ^ 0x85acd449;
				_a32 = 0x8565d0;
				_a32 = _a32 * 0x58;
				_a32 = _a32 ^ 0x2dd49630;
				_a16 = 0x68129b;
				_a16 = _a16 + 0x5fcd;
				_a16 = _a16 + 0xffff626e;
				_a16 = _a16 ^ 0x006be372;
				_v88 = _a16;
				_t365 = _a32;
				r9d = _a8;
				r8d = _a24;
				_t489 =  *0xaee8228; // 0x228232698f0
				_v96 = _t365;
				_t482 = _v64;
				_v104 = _t482;
				E00007FFA7FFA0AEDBCE8();
				_a8 = 0xab8c82;
				_a8 = _a8 ^ 0x7bd540d2;
				_a8 = _a8 | 0x367dd5b3;
				_a8 = _a8 ^ 0x7f7fddf3;
				if (_t365 != _a8) goto 0xaee62be;
				goto 0xaee5f9a;
				goto 0xaee5f9a;
				_a16 = 0xb7a51c;
				_a16 = _a16 * 0x58;
				_a16 = _a16 | 0xaf04adeb;
				_a16 = _a16 ^ 0xbf29ea13;
				_a8 = 0x256c7b;
				_a8 = _a8 + 0xffffcd5e;
				_a8 = _a8 + 0xffffaad7;
				_a8 = _a8 ^ 0x0029416e;
				_a24 = 0xf976bb;
				_a24 = _a24 * 0x3c;
				_a24 = _a24 ^ 0x3a7e2ebe;
				E00007FFA7FFA0AEDDE9C(0x78,  *((intOrPtr*)(_t489 + 0x50)), _t482);
				 *0xaee8228 = _t482;
				_a8 = 0xcf0411;
				_a8 = _a8 | 0x8517a516;
				_a8 = _a8 ^ 0x85dfe517;
				_t483 =  *0xaee8228; // 0x228232698f0
				 *((intOrPtr*)(_t483 + 0x50)) = _a8;
				_a8 = 0x3ca268;
				_a8 = _a8 << 1;
				_a8 = _a8 << 3;
				_a8 = _a8 | 0x1922e93c;
				_a8 = _a8 ^ 0x1beba78c;
				_a24 = 0xa4c4ad;
				_a24 = _t483 + _t483 * 4 << 4;
				_a24 = _a24 + 0xffffd56e;
				_a24 = _a24 ^ 0x337d2e59;
				_a16 = 0x80fd2f;
				_a16 = _a16 + 0x6375;
				_a16 = 0xa0a0a0a1 * _a16 >> 0x20 >> 6;
				_a16 = _a16 ^ 0x000b7a39;
				_t484 =  *0xaee8228; // 0x228232698f0
				E00007FFA7FFA0AEDDE9C( *((intOrPtr*)(_t484 + 0x50)), 0xa0a0a0a1 * _a16 >> 0x20 >> 6, _t484);
				_t494 =  *0xaee8228; // 0x228232698f0
				 *((long long*)(_t494 + 0x48)) = _t484;
				 *((long long*)(_t494 + 0x68)) = _t484;
				 *((long long*)(_t494 + 0x10)) = _t484;
				_t485 = _t484 + _t484;
				 *(_t494 + 0x58) = _t485;
				if (0xddc28 == 0x3270e) goto 0xaee657c;
				goto 0xaee5f9f;
				_a8 = 0xafb4b;
				_a8 = _a8 >> 9;
				_a8 = _a8 * 0x5d;
				_a8 = _a8 ^ 0x0007f48b;
				_a16 = 0x2275c6;
				_a16 = _a16 + 0x2a03;
				_a16 = _a16 ^ 0x0023d15e;
				r8d = _a16;
				_t495 =  *0xaee8228; // 0x228232698f0
				E00007FFA7FFA0AED89D0(_t485,  *((intOrPtr*)(_t495 + 0x48)));
				_a8 = 0xd2283f;
				_a8 = _a8 ^ 0x8ec29e8b;
				_a8 = (_a8 - (0x24924925 * _a8 >> 0x20) >> 1) + (0x24924925 * _a8 >> 0x20) >> 5;
				_a8 = _a8 | 0x21d17376;
				_a8 = _a8 ^ 0x23d81f1f;
				_a16 = 0x658bc8;
				_a16 = _a16 << 7;
				_a16 = _a16 << 8;
				_a16 = _a16 ^ 0xc5ed27a8;
				r8d = _a16;
				_t497 =  *0xaee8228; // 0x228232698f0
				E00007FFA7FFA0AED89D0(_t485, _t497);
				goto 0xaee657c;
				_a32 = 0x357dbf;
				_a32 = _a32 | 0x811d63ea;
				_a32 = _a32 << 1;
				_a32 = _a32 ^ 0x027afffe;
				_v72 = 0x29d5ab;
				_v72 = _t485 + _t485 * 2 << 3;
				_v72 = _v72 ^ 0x03e5e94b;
				_a16 = 0xd90a0;
				_a16 = (_a16 - (0x4104105 * _a16 >> 0x20) >> 1) + (0x4104105 * _a16 >> 0x20) >> 5;
				_a16 = _a16 * 0x16;
				_a16 = _a16 * 0x65;
				_a16 = _a16 ^ 0x01d47361;
				_a24 = 0x72639a;
				_a24 = 0x4ec4ec4f * _a24 >> 0x20 >> 3;
				_a24 = 0xa0a0a0a1 * _a24 >> 0x20 >> 6;
				_a24 = _a24 ^ 0x000885ea;
				_a8 = 0xa2470b;
				_a8 = _a8 << 0xd;
				_a8 = _a8 * 0x5c;
				_a8 = _a8 >> 3;
				_a8 = _a8 ^ 0x0617a9dd;
				_v96 = _a8;
				r9d = _a16;
				r8d = _a32;
				_v104 = _a24;
				E00007FFA7FFA0AEDBE3C();
				return 1;
			}

0x7ffa0aee5f68
0x7ffa0aee5f68
0x7ffa0aee5f77
0x7ffa0aee5f7e
0x7ffa0aee5f85
0x7ffa0aee5f8c
0x7ffa0aee5fa5
0x7ffa0aee5fb1
0x7ffa0aee5fb9
0x7ffa0aee5fc5
0x7ffa0aee5fd1
0x7ffa0aee5fd7
0x7ffa0aee5fe5
0x7ffa0aee5fec
0x7ffa0aee5ff3
0x7ffa0aee5ffa
0x7ffa0aee5ffe
0x7ffa0aee6005
0x7ffa0aee600c
0x7ffa0aee6013
0x7ffa0aee601a
0x7ffa0aee6021
0x7ffa0aee6028
0x7ffa0aee602f
0x7ffa0aee6033
0x7ffa0aee6037
0x7ffa0aee6041
0x7ffa0aee6045
0x7ffa0aee604c
0x7ffa0aee6050
0x7ffa0aee6055
0x7ffa0aee605c
0x7ffa0aee6063
0x7ffa0aee606a
0x7ffa0aee6074
0x7ffa0aee607f
0x7ffa0aee6087
0x7ffa0aee608e
0x7ffa0aee6095
0x7ffa0aee609c
0x7ffa0aee60a3
0x7ffa0aee60aa
0x7ffa0aee60ae
0x7ffa0aee60b5
0x7ffa0aee60bc
0x7ffa0aee60c3
0x7ffa0aee60c7
0x7ffa0aee60cc
0x7ffa0aee60d9
0x7ffa0aee60dc
0x7ffa0aee60e3
0x7ffa0aee60ed
0x7ffa0aee60f4
0x7ffa0aee60fe
0x7ffa0aee6102
0x7ffa0aee6107
0x7ffa0aee610e
0x7ffa0aee6115
0x7ffa0aee6123
0x7ffa0aee6134
0x7ffa0aee6137
0x7ffa0aee6148
0x7ffa0aee614b
0x7ffa0aee6152
0x7ffa0aee6159
0x7ffa0aee6160
0x7ffa0aee6178
0x7ffa0aee6183
0x7ffa0aee6186
0x7ffa0aee618d
0x7ffa0aee6194
0x7ffa0aee619b
0x7ffa0aee61a2
0x7ffa0aee61a9
0x7ffa0aee61b4
0x7ffa0aee61b7
0x7ffa0aee61c1
0x7ffa0aee61cb
0x7ffa0aee61cf
0x7ffa0aee61d4
0x7ffa0aee61d9
0x7ffa0aee61e5
0x7ffa0aee61fa
0x7ffa0aee61fd
0x7ffa0aee6204
0x7ffa0aee620b
0x7ffa0aee6212
0x7ffa0aee6219
0x7ffa0aee6220
0x7ffa0aee6227
0x7ffa0aee6232
0x7ffa0aee6235
0x7ffa0aee623c
0x7ffa0aee6243
0x7ffa0aee624a
0x7ffa0aee6251
0x7ffa0aee625b
0x7ffa0aee625f
0x7ffa0aee6262
0x7ffa0aee6266
0x7ffa0aee626a
0x7ffa0aee6271
0x7ffa0aee6278
0x7ffa0aee6280
0x7ffa0aee6285
0x7ffa0aee628a
0x7ffa0aee6291
0x7ffa0aee6298
0x7ffa0aee629f
0x7ffa0aee62ad
0x7ffa0aee62b9
0x7ffa0aee62c3
0x7ffa0aee62c8
0x7ffa0aee62d8
0x7ffa0aee62db
0x7ffa0aee62e2
0x7ffa0aee62e9
0x7ffa0aee62f0
0x7ffa0aee62f7
0x7ffa0aee62fe
0x7ffa0aee6305
0x7ffa0aee6310
0x7ffa0aee6313
0x7ffa0aee6323
0x7ffa0aee6328
0x7ffa0aee632f
0x7ffa0aee6336
0x7ffa0aee633d
0x7ffa0aee6347
0x7ffa0aee634e
0x7ffa0aee6351
0x7ffa0aee6358
0x7ffa0aee635b
0x7ffa0aee635f
0x7ffa0aee6366
0x7ffa0aee636d
0x7ffa0aee6382
0x7ffa0aee6385
0x7ffa0aee638c
0x7ffa0aee6393
0x7ffa0aee639a
0x7ffa0aee63a9
0x7ffa0aee63ac
0x7ffa0aee63bc
0x7ffa0aee63c6
0x7ffa0aee63cb
0x7ffa0aee63d7
0x7ffa0aee63db
0x7ffa0aee63df
0x7ffa0aee63e9
0x7ffa0aee63ec
0x7ffa0aee63fb
0x7ffa0aee6401
0x7ffa0aee6406
0x7ffa0aee640d
0x7ffa0aee6415
0x7ffa0aee6418
0x7ffa0aee641f
0x7ffa0aee6426
0x7ffa0aee642d
0x7ffa0aee6434
0x7ffa0aee6438
0x7ffa0aee6446
0x7ffa0aee644b
0x7ffa0aee6452
0x7ffa0aee646c
0x7ffa0aee646f
0x7ffa0aee6476
0x7ffa0aee647d
0x7ffa0aee6484
0x7ffa0aee6488
0x7ffa0aee648c
0x7ffa0aee6493
0x7ffa0aee6497
0x7ffa0aee64a1
0x7ffa0aee64a6
0x7ffa0aee64ab
0x7ffa0aee64b2
0x7ffa0aee64b9
0x7ffa0aee64bc
0x7ffa0aee64c3
0x7ffa0aee64d8
0x7ffa0aee64db
0x7ffa0aee64e2
0x7ffa0aee64f7
0x7ffa0aee64fe
0x7ffa0aee6505
0x7ffa0aee650d
0x7ffa0aee6514
0x7ffa0aee6528
0x7ffa0aee6533
0x7ffa0aee6536
0x7ffa0aee653d
0x7ffa0aee6544
0x7ffa0aee654c
0x7ffa0aee654f
0x7ffa0aee6553
0x7ffa0aee655d
0x7ffa0aee6564
0x7ffa0aee6568
0x7ffa0aee656f
0x7ffa0aee6577
0x7ffa0aee6586

Strings

rk, xrefs: 00007FFA0AEE6251
Y.}3, xrefs: 00007FFA0AEE638C
nA), xrefs: 00007FFA0AEE62FE

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: Y.}3$nA)$rk
API String ID: 0-2737607697
Opcode ID: af2f0843674da30db0e0bf25e45e38ccaace8a4e28bf7e159958af3962fddf60
Instruction ID: 400b735785340f3d76d5a48865bd4e3686891da66fff34b4155d368fbadfc6ef
Opcode Fuzzy Hash: af2f0843674da30db0e0bf25e45e38ccaace8a4e28bf7e159958af3962fddf60
Instruction Fuzzy Hash: 0802F3736146608FD3A8DF34D89989D3FB0F3487AC7256229FA0A87B58D774D884CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588B110 Relevance: 3.0, APIs: 2, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00007FF77FF7A588B110(void* __edx, void* __eflags, intOrPtr* __rax, long long __rbx, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16) {
				char _v24;
				void* __rdi;
				void* _t12;
				void* _t21;
				void* _t24;
				void* _t28;
				void* _t32;
				intOrPtr _t37;
				intOrPtr* _t58;
				intOrPtr* _t59;
				void* _t73;
				void* _t83;

				_t83 = __r8;
				_t60 = __rbx;
				_t58 = __rax;
				E00007FF77FF7A588B710(); // executed
				SetUnhandledExceptionFilter(??);
				goto 0xa58c1768;
				asm("int3");
				asm("int3");
				asm("int3");
				_a8 = __rbx;
				_a16 = __rsi;
				if (E00007FF77FF7A588AE08(1) == 0) goto 0xa588b283;
				sil = 0;
				_v24 = sil;
				_t32 = E00007FF77FF7A588ADCC();
				_t37 =  *0xa591aa68;
				if (_t37 == 1) goto 0xa588b28e;
				if (_t37 != 0) goto 0xa588b1b9;
				 *0xa591aa68 = 1;
				_t12 = E00007FF77FF7A58BFDDC(__rbx, 0xa58e2438, 0xa58e2480); // executed
				if (_t12 == 0) goto 0xa588b19a;
				goto 0xa588b273;
				E00007FF77FF7A58BFD98(_t60, 0xa58e23b8, 0xa58e2430); // executed
				 *0xa591aa68 = 2;
				goto 0xa588b1c1;
				sil = 1;
				_v24 = sil;
				E00007FF77FF7A588BA70(E00007FF77FF7A588AF78(_t32, 0xa58e2430));
				if ( *_t58 == 0) goto 0xa588b1f4;
				if (E00007FF77FF7A588AEE0(_t58, _t58) == 0) goto 0xa588b1f4;
				r8d = 0;
				_t5 = _t83 + 2; // 0x2
				_t59 =  *_t58;
				E00007FF77FF7A588BA78( *0xa58e2390(_t73));
				if ( *_t59 == 0) goto 0xa588b216;
				if (E00007FF77FF7A588AEE0(_t59, _t59) == 0) goto 0xa588b216;
				_t69 =  *_t59;
				_t21 = E00007FF77FF7A58BED4C( *_t59);
				0xa58bf724();
				E00007FF77FF7A58BACBC(E00007FF77FF7A58BACC4(_t21));
				_t84 = _t59;
				_t72 =  *_t59;
				_t24 = E00007FF77FF7A5884C00( *_t59, _t5, E00007FF77FF7A588AEE0(_t59, _t59),  *_t59,  *_t59, _t59, __rsi); // executed
				if (E00007FF77FF7A588B6BC(_t59) == 0) goto 0xa588b298;
				if (sil != 0) goto 0xa588b24d;
				E00007FF77FF7A58BED30( *_t59,  *_t59, _t59);
				E00007FF77FF7A588AF9C(1, 0);
				_t28 = _t24;
				if (E00007FF77FF7A588B6BC(_t59) == 0) goto 0xa588b2a0;
				if (_v24 != 0) goto 0xa588b271;
				E00007FF77FF7A58BED20(_t69, _t72, _t84);
				return _t28;
			}

0x7ff7a588b110
0x7ff7a588b110
0x7ff7a588b110
0x7ff7a588b114
0x7ff7a588b119
0x7ff7a588b124
0x7ff7a588b129
0x7ff7a588b12a
0x7ff7a588b12b
0x7ff7a588b12c
0x7ff7a588b131
0x7ff7a588b147
0x7ff7a588b14d
0x7ff7a588b150
0x7ff7a588b15a
0x7ff7a588b15c
0x7ff7a588b165
0x7ff7a588b16d
0x7ff7a588b16f
0x7ff7a588b187
0x7ff7a588b18e
0x7ff7a588b195
0x7ff7a588b1a8
0x7ff7a588b1ad
0x7ff7a588b1b7
0x7ff7a588b1b9
0x7ff7a588b1bc
0x7ff7a588b1c8
0x7ff7a588b1d4
0x7ff7a588b1e0
0x7ff7a588b1e2
0x7ff7a588b1e5
0x7ff7a588b1eb
0x7ff7a588b1f4
0x7ff7a588b200
0x7ff7a588b20c
0x7ff7a588b20e
0x7ff7a588b211
0x7ff7a588b216
0x7ff7a588b226
0x7ff7a588b22b
0x7ff7a588b22e
0x7ff7a588b233
0x7ff7a588b241
0x7ff7a588b246
0x7ff7a588b248
0x7ff7a588b251
0x7ff7a588b256
0x7ff7a588b263
0x7ff7a588b26a
0x7ff7a588b26c
0x7ff7a588b282

APIs

SetUnhandledExceptionFilter.KERNELBASE ref: 00007FF7A588B119
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7A58C177C

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
String ID:
API String ID: 59578552-0
Opcode ID: 258f37a7ec6a33e7a3e24ee00bebda445e8e6290dc64813470d9d4a68dd4c8ab
Instruction ID: f33bcddbafd114478a82e95896c32fdecb0b0fa267b4eaa5fe5b2f43f147b638
Opcode Fuzzy Hash: 258f37a7ec6a33e7a3e24ee00bebda445e8e6290dc64813470d9d4a68dd4c8ab
Instruction Fuzzy Hash: 40E0EC30E0F3028AF62837650C921BC9091AF47B21FE202B5E11D456F2CE1D68B28B72

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED765C Relevance: 2.6, Strings: 2, Instructions: 90
COMMONCrypto

Download Yara Rule

C-Code - Quality: 43%

			E00007FFA7FFA0AED765C(void* __edx, signed int __rax, void* __rcx, signed int _a16, signed int _a24, signed int _a32) {
				long long _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				unsigned int _v56;
				signed int _v72;
				void* __rbx;
				void* __rbp;
				signed int _t129;
				signed long long _t130;
				void* _t135;
				void* _t137;
				void* _t142;

				_t129 = __rax;
				_v48 = 0x5fc0f;
				_v44 = 0x13c7e;
				_v40 = __rax;
				_v56 = 0x2de29;
				_v56 = _v56 + 0xffff6937;
				_v56 = _v56 ^ 0x00084142;
				_a32 = 0xd57bda;
				_a32 = _a32 + 0xffff90f8;
				_a32 = _a32 ^ 0x00da683d;
				_a24 = 0xaad57;
				_a24 = _a24 | 0x667155ff;
				_a24 = _a24 ^ 0x6675c0b8;
				_a16 = 0xcb97d9;
				_a16 = __rax + __rax * 4 << 2;
				_a16 = _a16 + 0xffff365d;
				_a16 = _a16 ^ 0x0feb377b;
				r9d = _a24;
				r8d = _a32;
				_v72 = _a16;
				E00007FFA7FFA0AEDE090(__rax, _t130, __rcx, __rcx, _t137, _t142);
				_a16 = 0x360af;
				_a16 = _a16 | 0x97fd9398;
				_a16 = _a16 >> 3;
				_a16 = _a16 >> 3;
				_a16 = _a16 ^ 0x02504ac1;
				_a32 = 0x64736b;
				_a32 = _a32 ^ 0x290c97f1;
				_a32 = _a32 << 0xe;
				_a32 = _a32 ^ 0x3925d440;
				_a24 = 0xd018e1;
				_a24 = _a24 >> 7;
				_a24 = _a24 + 0xffffbec4;
				_a24 = _a24 ^ 0x0008b6d5;
				r9d = _a24;
				E00007FFA7FFA0AEE1704(); // executed
				 *( *0xaee8218 + 0x18 + _t130 * 8) = _t129;
				_v56 = 0xfc44c6;
				_v56 = _v56 >> 0x10;
				_v56 = _v56 ^ 0x0000e7ab;
				_a16 = 0x6662fd;
				_a16 = _a16 ^ 0xfb5bce4e;
				_a16 = _a16 >> 6;
				_a16 = _a16 >> 8;
				_a16 = _a16 ^ 0x0006d3e1;
				_a32 = 0x2d1452;
				_a32 = _a32 + 0x5798;
				_a32 = _a32 + 0xffff4692;
				_a32 = _a32 ^ 0x00250455;
				_a24 = 0x44ef45;
				_a24 = 0x51eb851f * _a24 >> 0x20 >> 5;
				_a24 = 0x5397829d * _a24 >> 0x20 >> 5;
				_a24 = _a24 ^ 0x000bf0f0;
				r9d = _a32;
				_v72 = _a24;
				return E00007FFA7FFA0AED4448(_a16, _t129, _t130, _t135, _t129);
			}

0x7ffa0aed765c
0x7ffa0aed7667
0x7ffa0aed766e
0x7ffa0aed7677
0x7ffa0aed767b
0x7ffa0aed7684
0x7ffa0aed768e
0x7ffa0aed7695
0x7ffa0aed769c
0x7ffa0aed76a3
0x7ffa0aed76aa
0x7ffa0aed76b1
0x7ffa0aed76b8
0x7ffa0aed76bf
0x7ffa0aed76cf
0x7ffa0aed76d2
0x7ffa0aed76d9
0x7ffa0aed76e3
0x7ffa0aed76e7
0x7ffa0aed76ee
0x7ffa0aed76f2
0x7ffa0aed76f7
0x7ffa0aed76fe
0x7ffa0aed770b
0x7ffa0aed770f
0x7ffa0aed7713
0x7ffa0aed771a
0x7ffa0aed7721
0x7ffa0aed7728
0x7ffa0aed772c
0x7ffa0aed7733
0x7ffa0aed773a
0x7ffa0aed773e
0x7ffa0aed7745
0x7ffa0aed774c
0x7ffa0aed7756
0x7ffa0aed7765
0x7ffa0aed776a
0x7ffa0aed7776
0x7ffa0aed777a
0x7ffa0aed7781
0x7ffa0aed7788
0x7ffa0aed778f
0x7ffa0aed7793
0x7ffa0aed7797
0x7ffa0aed779e
0x7ffa0aed77a5
0x7ffa0aed77ac
0x7ffa0aed77b3
0x7ffa0aed77ba
0x7ffa0aed77ce
0x7ffa0aed77d9
0x7ffa0aed77dc
0x7ffa0aed77e6
0x7ffa0aed77f0
0x7ffa0aed7800

Strings

ED, xrefs: 00007FFA0AED77BA
ksd, xrefs: 00007FFA0AED771A

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: ED$ksd
API String ID: 0-3505993628
Opcode ID: a417d6f4c436d49905a8462127dfac2f1f32a094018e7e6b2f3aee53b5f23917
Instruction ID: b324e9f8af85da9a8eb81aef46e12b325f7d888048a90e0be4f96529b9a2884e
Opcode Fuzzy Hash: a417d6f4c436d49905a8462127dfac2f1f32a094018e7e6b2f3aee53b5f23917
Instruction Fuzzy Hash: 1841E0B36107608FD398CF74D88A89D3FA1F3187AC7252218FA0B56A58D77895C9CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58B4F3C Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNELBASE ref: 00007FF7A58B4F5D

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: c0e2fb1bdeac346ca25b553b2878af4ac7978cbbbd2e19d09d1ba8342fc00c7e
Instruction ID: 9aaca0fb84f3d9390dacf3022c13956451f47c77815a913b8d89fdeabb107656
Opcode Fuzzy Hash: c0e2fb1bdeac346ca25b553b2878af4ac7978cbbbd2e19d09d1ba8342fc00c7e
Instruction Fuzzy Hash: AAF0822292E042C2E2647614C456B7C9369EB42F01F830175E20B473B5CA1CE9648761

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED3518 Relevance: 1.4, Strings: 1, Instructions: 101
COMMONCrypto

Download Yara Rule

C-Code - Quality: 44%

			E00007FFA7FFA0AED3518(long long __rbx, void* __rdx) {
				void* _t48;
				signed int _t53;
				void* _t64;
				void* _t70;
				void* _t71;
				void* _t73;
				void* _t74;

				 *((long long*)(_t70 + 8)) = __rbx;
				_t71 = _t70 - 0x2a0;
				E00007FFA7FFA0AEE3C78(_t48, _t64, __rdx, _t73, _t74);
				 *((intOrPtr*)(_t71 + 0x58)) = 0x4df10;
				 *((intOrPtr*)(_t71 + 0x5c)) = 0xb0ac1;
				 *((intOrPtr*)(_t71 + 0x64)) = 0;
				 *((intOrPtr*)(_t71 + 0x60)) = 0x4be54;
				if (0x29877 == 0x29877) goto 0xaed36ac;
				if (0x29877 == 0x50eff) goto 0xaed3643;
				if (0x29877 != 0x78f69) goto 0xaed373f;
				 *(_t71 + 0x40) = 0xe72dac;
				 *(_t71 + 0x40) =  *(_t71 + 0x40) << 6;
				 *(_t71 + 0x40) =  *(_t71 + 0x40) | 0x39fdede9;
				 *(_t71 + 0x40) =  *(_t71 + 0x40) ^ 0x39ffefe9;
				 *(_t71 + 0x48) = 0xb435a9;
				 *(_t71 + 0x48) =  *(_t71 + 0x48) | 0xedbf7d4f;
				 *(_t71 + 0x48) =  *(_t71 + 0x48) ^ 0xedbe5bcc;
				 *(_t71 + 0x50) = 0xce925c;
				 *(_t71 + 0x50) =  *(_t71 + 0x50) ^ 0xae42defc;
				 *(_t71 + 0x50) =  *(_t71 + 0x50) ^ 0xae89f4f3;
				 *(_t71 + 0x4c) = 0x9fba71;
				 *(_t71 + 0x4c) =  *(_t71 + 0x4c) + 0xeb07;
				 *(_t71 + 0x4c) =  *(_t71 + 0x4c) ^ 0x00ace774;
				 *(_t71 + 0x44) = 0xfe0bef;
				 *(_t71 + 0x44) =  *(_t71 + 0x44) ^ 0xbd072c94;
				 *(_t71 + 0x44) =  *(_t71 + 0x44) >> 0xb;
				 *(_t71 + 0x44) =  *(_t71 + 0x44) ^ 0x00141ed1;
				 *(_t71 + 0x38) =  *(_t71 + 0x44);
				 *(_t71 + 0x30) =  *(_t71 + 0x4c);
				_t53 =  *(_t71 + 0x40);
				r8d =  *(_t71 + 0x50);
				 *(_t71 + 0x28) = _t53;
				 *((long long*)(_t71 + 0x20)) = _t71 + 0x68;
				E00007FFA7FFA0AED4C54(); // executed
				return _t53;
			}

0x7ffa0aed3518
0x7ffa0aed3526
0x7ffa0aed3530
0x7ffa0aed3535
0x7ffa0aed353f
0x7ffa0aed354c
0x7ffa0aed3550
0x7ffa0aed355d
0x7ffa0aed3568
0x7ffa0aed3573
0x7ffa0aed3579
0x7ffa0aed3588
0x7ffa0aed358d
0x7ffa0aed3595
0x7ffa0aed359d
0x7ffa0aed35a5
0x7ffa0aed35ad
0x7ffa0aed35b5
0x7ffa0aed35bd
0x7ffa0aed35c5
0x7ffa0aed35cd
0x7ffa0aed35d5
0x7ffa0aed35dd
0x7ffa0aed35e5
0x7ffa0aed35ed
0x7ffa0aed35f5
0x7ffa0aed35fa
0x7ffa0aed3606
0x7ffa0aed360e
0x7ffa0aed3612
0x7ffa0aed3616
0x7ffa0aed361f
0x7ffa0aed3628
0x7ffa0aed362d
0x7ffa0aed3642

Strings

0C, xrefs: 00007FFA0AED3643

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: 0C
API String ID: 0-3567432261
Opcode ID: 6e17f574454e69098dcfa898eaabc19d50e03f7c9f3bf46ae8495e3c1bac8fff
Instruction ID: 4fa9507c620f713eb04ddb23f47fa9df57a31e8a6febf1e46c4a2d521174a3d6
Opcode Fuzzy Hash: 6e17f574454e69098dcfa898eaabc19d50e03f7c9f3bf46ae8495e3c1bac8fff
Instruction Fuzzy Hash: 4A51E5736083818BC768DF28F14915FBBB0F386744F604129E79A96A68DB7ED848CF01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED61F4 Relevance: 1.3, Strings: 1, Instructions: 62
COMMONCrypto

Download Yara Rule

C-Code - Quality: 47%

			E00007FFA7FFA0AED61F4(signed int _a8, signed int _a16, intOrPtr _a24, intOrPtr _a28, signed int _a32, intOrPtr _a40, intOrPtr _a48, intOrPtr _a56) {
				long long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v40;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr _t109;
				signed int _t110;
				signed int _t127;
				void* _t137;
				long long _t138;
				signed int _t139;
				signed int _t142;
				void* _t144;
				signed long long _t146;
				intOrPtr _t147;
				signed int _t153;
				intOrPtr _t160;
				intOrPtr _t161;
				signed int _t162;

				_a32 = _t139;
				_a16 = _t127;
				_a8 = _t110;
				_a24 = 0x19978;
				_a28 = 0x68f4e;
				_a16 = 0xede4ad;
				_a16 = _a16 ^ 0xac659f50;
				_a16 = _a16 + 0xdcca;
				_a16 = _a16 ^ 0xac8958c7;
				_t137 = _a16 - 9;
				if (_t137 >= 0) goto 0xaed62df;
				_a8 = 0x987d8d;
				_a8 = _a8 ^ 0x1ca22978;
				_a8 = 0x38e38e39 * _a8 >> 0x20 >> 3;
				_a8 = _a8 + 0xbfff;
				_a8 = _a8 ^ 0x00c6bd89;
				_a16 = 0x205c38;
				_a16 = _a16 ^ 0xddcb04ce;
				_a16 = (_a16 - (0x68168169 * _a16 >> 0x20) >> 1) + (0x68168169 * _a16 >> 0x20) >> 6;
				_a16 = _a16 << 0xa;
				_a16 = _a16 ^ 0xc131611b;
				_t160 =  *0xaee8218; // 0x22823265560
				_t161 =  *((intOrPtr*)(0x18 + _t146 * 8 + _t160));
				E00007FFA7FFA0AEDE008(); // executed
				if (_t137 != 0) goto 0xaed6253;
				_a16 = 0x2ed9f1;
				_a16 = _a16 + 0xffff1315;
				_a16 = _a16 >> 5;
				_a16 = _a16 << 6;
				_a16 = _a16 ^ 0x00556213;
				_a8 = 0x8d426b;
				_a8 = _a8 | 0xaf6c7379;
				_a8 = _a8 ^ 0xafee3468;
				r8d = _a8;
				_t147 =  *0xaee8218; // 0x22823265560
				_t142 = _a32;
				_pop(_t150);
				_a8 = _t142;
				_a16 = _t153;
				_a32 = _t162;
				_t109 = _a40;
				r9d = 0;
				_v56 = _a56;
				_v64 = _a48;
				_v72 = _t109;
				E00007FFA7FFA0AEE3C78(_a48, _t144, _t147, _t161, _t162);
				_v32 = 0x259fb;
				_v28 = 0x5fc85;
				r9d = 0xb67c69ef;
				r8d = 0x248;
				_v24 = _t138;
				_v40 = 0xe5118d;
				_v40 = _v40 * 0x45;
				_v40 = _v40 ^ 0x3db5cfce;
				_a32 = 0x2f7256;
				_a32 = _a32 << 0xd;
				_a32 = (_a32 - (0x24924925 * _a32 >> 0x20) >> 1) + (0x24924925 * _a32 >> 0x20) >> 3;
				_a32 = _a32 ^ 0x11008c00;
				E00007FFA7FFA0AED44C4(0x9efd3df1, 0x24924925 * _a32 >> 0x20, _t142, _t153);
				r9d = _t109;
				r8d = 0;
				goto __rax;
			}

0x7ffa0aed61f4
0x7ffa0aed61f9
0x7ffa0aed61fd
0x7ffa0aed6206
0x7ffa0aed620e
0x7ffa0aed6216
0x7ffa0aed621e
0x7ffa0aed6226
0x7ffa0aed622e
0x7ffa0aed623f
0x7ffa0aed6241
0x7ffa0aed6253
0x7ffa0aed625b
0x7ffa0aed6276
0x7ffa0aed627a
0x7ffa0aed6282
0x7ffa0aed628a
0x7ffa0aed6292
0x7ffa0aed62a9
0x7ffa0aed62ad
0x7ffa0aed62b2
0x7ffa0aed62ba
0x7ffa0aed62c9
0x7ffa0aed62cd
0x7ffa0aed62d9
0x7ffa0aed62df
0x7ffa0aed62e7
0x7ffa0aed62ef
0x7ffa0aed62f4
0x7ffa0aed62f9
0x7ffa0aed6301
0x7ffa0aed6309
0x7ffa0aed6311
0x7ffa0aed6319
0x7ffa0aed631e
0x7ffa0aed6329
0x7ffa0aed6332
0x7ffa0aed6338
0x7ffa0aed633d
0x7ffa0aed6342
0x7ffa0aed6353
0x7ffa0aed635a
0x7ffa0aed635d
0x7ffa0aed636b
0x7ffa0aed636f
0x7ffa0aed6376
0x7ffa0aed637b
0x7ffa0aed6383
0x7ffa0aed638d
0x7ffa0aed6393
0x7ffa0aed6399
0x7ffa0aed639e
0x7ffa0aed63ab
0x7ffa0aed63b4
0x7ffa0aed63bc
0x7ffa0aed63c7
0x7ffa0aed63e1
0x7ffa0aed63e8
0x7ffa0aed6403
0x7ffa0aed6408
0x7ffa0aed640b
0x7ffa0aed6422

Strings

8\ , xrefs: 00007FFA0AED628A

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: 8\
API String ID: 0-4166606762
Opcode ID: 8a97d89607ccf53b6e6748aa72b7c53914052ac3ca552519f06aceaad4864a00
Instruction ID: 11ca8e6e3d3edd9d02a42de8c5b9b68a7d0138995d6f74382454257c2f9fd3cf
Opcode Fuzzy Hash: 8a97d89607ccf53b6e6748aa72b7c53914052ac3ca552519f06aceaad4864a00
Instruction Fuzzy Hash: 553106729386908BD398DF25F0D941ABB61F3853A4F606229FA8B56A68D77CC484CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58C6D94 Relevance: .2, Instructions: 207
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 60%

			E00007FF77FF7A58C6D94(long long __rbx, intOrPtr* __rcx, long long __rsi, void* __r9, char _a16, long long _a24, long long _a32) {
				void* _v40;
				long long _v72;
				void* __rdi;
				void* _t11;
				intOrPtr* _t25;
				long long _t32;
				intOrPtr** _t33;
				void* _t41;
				void* _t44;

				_a24 = __rbx;
				_a32 = __rsi;
				_t33 = __rcx;
				_t35 =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 8))));
				_t25 =  *((intOrPtr*)(__rcx));
				r14d =  *_t25;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 8)))) != 0) goto 0xa58c6dd4;
				E00007FF77FF7A58C0A24(r14d, _t25, _t32);
				goto 0xa58c6e7c;
				_v72 = 0x7fffffff;
				r8d = 0;
				_t11 = E00007FF77FF7A58D9400(__rbx,  &_a16, _t33, _t35, _t41, _t35);
				if (_t11 == 0x16) goto 0xa58c7002;
				if (_t11 == 0x22) goto 0xa58c7002;
				E00007FF77FF7A58CD72C(_t11, _a16, _t32, _t44);
				if (_t25 != 0) goto 0xa58c6e36;
				E00007FF77FF7A58CE0C8(_t25, _a16);
				return 0;
			}

0x7ff7a58c6d94
0x7ff7a58c6d99
0x7ff7a58c6db3
0x7ff7a58c6db6
0x7ff7a58c6db9
0x7ff7a58c6dbc
0x7ff7a58c6dc2
0x7ff7a58c6dc7
0x7ff7a58c6dcf
0x7ff7a58c6dd7
0x7ff7a58c6de0
0x7ff7a58c6de7
0x7ff7a58c6def
0x7ff7a58c6df8
0x7ff7a58c6e07
0x7ff7a58c6e14
0x7ff7a58c6e16
0x7ff7a58c6e35

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c80bc14ef4f5f6f5739b007c9c70a83025759a7e47ebb3cbb7e85ce119224772
Instruction ID: f63dd754bbb264e3fc4db45f85763beaabd5a7d0eb947f522d2fd75c72367e48
Opcode Fuzzy Hash: c80bc14ef4f5f6f5739b007c9c70a83025759a7e47ebb3cbb7e85ce119224772
Instruction Fuzzy Hash: 7881D572A06B5186EB60EE2AD08137C6360FB46F98F914676DE5D877A5CF3CD061C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5884C00 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 299
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 53%

			E00007FF77FF7A5884C00(void* __ecx, void* __edx, void* __eflags, long long __rbx, void* __rdx, long long __rdi, signed long long __rsi) {
				void* __rbp;
				void* _t100;
				void* _t102;
				signed long long _t160;
				long long _t169;
				long long _t173;
				signed long long _t191;
				void* _t202;
				long long _t204;
				void* _t206;
				long long _t208;
				void* _t233;
				intOrPtr _t239;
				intOrPtr _t244;
				void* _t248;
				signed long long _t253;
				signed long long _t254;
				signed long long _t256;
				void* _t258;
				intOrPtr* _t259;
				void* _t261;
				signed long long _t262;
				void* _t274;
				void* _t277;
				signed long long _t278;
				void* _t280;
				intOrPtr _t282;
				void* _t284;

				_t256 = __rsi;
				 *((long long*)(_t261 + 8)) = __rbx;
				 *((long long*)(_t261 + 0x18)) = __rsi;
				 *((long long*)(_t261 + 0x20)) = __rdi;
				_t259 = _t261 - 0x30;
				_t262 = _t261 - 0x130;
				_t160 =  *0xa58fb008; // 0x485f0d1bb70c
				 *(_t259 + 0x20) = _t160 ^ _t262;
				_t248 = __rdx;
				r14d = __ecx;
				 *((long long*)(_t259 - 0x20)) = __rsi;
				 *((long long*)(_t259 - 0x10)) = __rsi;
				 *((long long*)(_t259 - 8)) = __rbx;
				 *((intOrPtr*)(_t259 - 0x20)) = sil;
				 *((long long*)(_t259 - 0x40)) = __rsi;
				 *((long long*)(_t259 - 0x30)) = __rsi;
				 *((long long*)(_t259 - 0x28)) = __rbx;
				 *((intOrPtr*)(_t259 - 0x40)) = sil;
				 *_t259 = __rsi;
				 *((long long*)(_t259 + 0x10)) = __rsi;
				 *((long long*)(_t259 + 0x18)) = __rbx;
				 *_t259 = sil;
				 *((intOrPtr*)(_t262 + 0x44)) = 0;
				 *((intOrPtr*)(_t262 + 0x40)) = 0;
				E00007FF77FF7A58BAC7C(GetTickCount(), _t160 ^ _t262);
				_t100 = E00007FF77FF7A5884760(__edx, _t259 - 0x20, _t262 + 0x44, __rdx, _t259, _t259 - 0x40, _t262 + 0x40); // executed
				if (_t100 == 0) goto 0xa5884cfa;
				E00007FF77FF7A5888D50(__rbx, 0xa591b1b0, "Running the embedded DLL with the following parameters:\n", __rsi, _t284); // executed
				 *((long long*)(_t259 - 0x70)) = _t262 + 0x68;
				0xa5885e00();
				0xa5885e00();
				r9d =  *((intOrPtr*)(_t262 + 0x40));
				_t102 = E00007FF77FF7A5883DF0( *((intOrPtr*)(_t262 + 0x44)), _t262 + 0x68, _t259 - 0x20, _t262 + 0x68, _t262 + 0x40); // executed
				sil = _t102 == 0;
				goto 0xa5884f6e;
				 *((long long*)(_t262 + 0x30)) = _t259;
				 *((long long*)(_t262 + 0x28)) = _t262 + 0x40;
				 *((long long*)(_t262 + 0x20)) = _t259 - 0x40;
				if (E00007FF77FF7A58849E0(r14d, _t262 + 0x68, _t248, _t248, _t259, _t259 - 0x20, _t262 + 0x44, _t280, _t277, _t274) == 0) goto 0xa5884f29;
				if ( *((long long*)(_t259 + 0x10)) == 0) goto 0xa5884da0;
				 *((long long*)(_t259 - 0x78)) = _t262 + 0x68;
				_t167 = _t262 + 0x48;
				 *((long long*)(_t259 - 0x70)) = _t262 + 0x48;
				0xa5885e00();
				0xa5885e00();
				0xa5885e00();
				 *((intOrPtr*)(_t262 + 0x20)) =  *((intOrPtr*)(_t262 + 0x40));
				r8d =  *((intOrPtr*)(_t262 + 0x44));
				sil = E00007FF77FF7A5882F80(r14d,  *((intOrPtr*)(_t262 + 0x44)),  *((long long*)(_t259 + 0x10)), _t262 + 0x48, _t167, _t167) == 0;
				goto 0xa5884f6e;
				 *((long long*)(_t259 - 0x68)) = _t262 + 0x48;
				 *(_t262 + 0x48) = _t256;
				 *(_t262 + 0x58) = _t256;
				 *(_t262 + 0x60) = _t256;
				_t286 =  >=  ?  *((void*)(_t259 - 0x40)) : _t259 - 0x40;
				_t278 =  *((intOrPtr*)(_t259 - 0x30));
				if (_t278 - 0x10 >= 0) goto 0xa5884deb;
				asm("inc ecx");
				asm("movups [esp+0x48], xmm0");
				goto 0xa5884e58;
				_t253 =  >  ? 0xffffffff : _t278 | 0x0000000f;
				_t202 = _t253 + 1;
				if (_t202 - 0x1000 < 0) goto 0xa5884e35;
				_t169 = _t202 + 0x27;
				if (_t169 - _t202 <= 0) goto 0xa5885053;
				E00007FF77FF7A588AD90(_t169, _t169);
				_t204 = _t169;
				if (_t169 == 0) goto 0xa5885059;
				 *((long long*)((_t169 + 0x00000027 & 0xffffffe0) - 8)) = _t204;
				goto 0xa5884e44;
				if (_t204 == 0) goto 0xa5884e41;
				E00007FF77FF7A588AD90(_t169 + 0x00000027 & 0xffffffe0, _t204);
				goto 0xa5884e44;
				 *(_t262 + 0x48) = _t256;
				_t233 =  >=  ?  *((void*)(_t259 - 0x40)) : _t259 - 0x40;
				E00007FF77FF7A58B6D20();
				 *(_t262 + 0x58) = _t278;
				 *(_t262 + 0x60) = _t253;
				 *(_t262 + 0x68) = _t256;
				 *(_t262 + 0x78) = _t256;
				 *(_t259 - 0x80) = _t256;
				_t254 =  *((intOrPtr*)(_t259 - 0x10));
				_t288 =  >=  ?  *((void*)(_t259 - 0x20)) : _t259 - 0x20;
				if (_t254 - 0x10 >= 0) goto 0xa5884e93;
				asm("inc ecx");
				asm("movups [esp+0x68], xmm0");
				goto 0xa5884f00;
				_t191 =  >  ? 0xffffffff : _t254 | 0x0000000f;
				_t206 = _t191 + 1;
				if (_t206 - 0x1000 < 0) goto 0xa5884edd;
				_t173 = _t206 + 0x27;
				if (_t173 - _t206 <= 0) goto 0xa588505f;
				E00007FF77FF7A588AD90(_t173, _t173);
				_t208 = _t173;
				if (_t173 == 0) goto 0xa5885065;
				 *((long long*)((_t173 + 0x00000027 & 0xffffffe0) - 8)) = _t208;
				goto 0xa5884eec;
				if (_t208 == 0) goto 0xa5884ee9;
				E00007FF77FF7A588AD90(_t173 + 0x00000027 & 0xffffffe0, _t208);
				goto 0xa5884eec;
				 *(_t262 + 0x68) = _t256;
				_t234 =  >=  ?  *((void*)(_t259 - 0x20)) : _t259 - 0x20;
				E00007FF77FF7A58B6D20();
				 *(_t262 + 0x78) = _t254;
				 *(_t259 - 0x80) = _t191;
				r9d =  *((intOrPtr*)(_t262 + 0x40));
				_t81 = _t262 + 0x48; // 0x8000000000000047
				_t83 = _t262 + 0x68; // 0x8000000000000067
				sil = E00007FF77FF7A5883DF0( *((intOrPtr*)(_t262 + 0x44)), _t83,  >=  ?  *((void*)(_t259 - 0x20)) : _t259 - 0x20, _t81, _t167) == 0;
				goto 0xa5884f72;
				E00007FF77FF7A5888D50(_t191, 0xa591b1b0, "Usage: ", _t256, _t258);
				E00007FF77FF7A5888D50(_t191, _t256,  *_t254, _t256);
				E00007FF77FF7A5888D50(_t191, _t256, " -d ${dll_path} -e ${epoch} [-c ${computer_name}] [-s ${root_serial}] [-o ${output_path}]\n", _t256);
				E00007FF77FF7A5888D50(_t191, 0xa591b1b0, "Where: \n\t${dll_path} is the path to the Emotet module to be loaded (mandatory parameter).\n\n\t${epoch} is the identifier of the epoch (i.e., a specific Emotet botnet) that the\n\tmodule belongs to; only identifiers to currently online botnets are supported,\n\ti.e., either 4 or 5 (mandatory parameter).\n\n\t${computer_name} specifies the computer name; the tool generates a random computer name\n\tif this parameter is not specified.\n\n\t${root_serial} specifies the C: volume serial number, which is a 32-bit hexadecimal number;\n\tthe tool will generate a random serial number if this parameter is not specified.\n\n\t${output_path} is the output file path when using the \"-o\" option; this option\n\tbuilds a standalone executable containing the module. When started, the build will\n\tautomatically drop the module on disk and load it.", _t256);
				_t282 =  *((intOrPtr*)(_t259 - 0x28));
				_t239 =  *((intOrPtr*)(_t259 + 0x18));
				if (_t239 - 0x10 < 0) goto 0xa5884fae;
				if (_t239 + 1 - 0x1000 < 0) goto 0xa5884fa8;
				if ( *_t259 -  *((intOrPtr*)( *_t259 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa588506b;
				E00007FF77FF7A588AAF0( *_t259 -  *((intOrPtr*)( *_t259 - 8)) + 0xfffffff8, _t191, _t167);
				if (_t282 - 0x10 < 0) goto 0xa5884fe7;
				if (_t282 + 1 - 0x1000 < 0) goto 0xa5884fe1;
				if ( *((intOrPtr*)(_t259 - 0x40)) -  *((intOrPtr*)( *((intOrPtr*)(_t259 - 0x40)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa5885071;
				E00007FF77FF7A588AAF0( *((intOrPtr*)(_t259 - 0x40)) -  *((intOrPtr*)( *((intOrPtr*)(_t259 - 0x40)) - 8)) + 0xfffffff8, _t191, _t167);
				_t244 =  *((intOrPtr*)(_t259 - 8));
				if (_t244 - 0x10 < 0) goto 0xa588501e;
				if (_t244 + 1 - 0x1000 < 0) goto 0xa5885019;
				if ( *((intOrPtr*)(_t259 - 0x20)) -  *((intOrPtr*)( *((intOrPtr*)(_t259 - 0x20)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa588504d;
				E00007FF77FF7A588AAF0( *((intOrPtr*)(_t259 - 0x20)) -  *((intOrPtr*)( *((intOrPtr*)(_t259 - 0x20)) - 8)) + 0xfffffff8, _t191, _t167);
				return E00007FF77FF7A588AAD0(1, r14d,  *(_t259 + 0x20) ^ _t262);
			}

0x7ff7a5884c00
0x7ff7a5884c00
0x7ff7a5884c05
0x7ff7a5884c0a
0x7ff7a5884c18
0x7ff7a5884c1d
0x7ff7a5884c24
0x7ff7a5884c2e
0x7ff7a5884c32
0x7ff7a5884c35
0x7ff7a5884c3a
0x7ff7a5884c3e
0x7ff7a5884c47
0x7ff7a5884c4b
0x7ff7a5884c4f
0x7ff7a5884c53
0x7ff7a5884c57
0x7ff7a5884c5b
0x7ff7a5884c5f
0x7ff7a5884c63
0x7ff7a5884c67
0x7ff7a5884c6b
0x7ff7a5884c6f
0x7ff7a5884c73
0x7ff7a5884c7f
0x7ff7a5884c96
0x7ff7a5884c9d
0x7ff7a5884cad
0x7ff7a5884cb7
0x7ff7a5884cc4
0x7ff7a5884cd5
0x7ff7a5884cdb
0x7ff7a5884cea
0x7ff7a5884cf1
0x7ff7a5884cf5
0x7ff7a5884cfe
0x7ff7a5884d08
0x7ff7a5884d11
0x7ff7a5884d2c
0x7ff7a5884d37
0x7ff7a5884d3e
0x7ff7a5884d42
0x7ff7a5884d47
0x7ff7a5884d54
0x7ff7a5884d65
0x7ff7a5884d75
0x7ff7a5884d81
0x7ff7a5884d88
0x7ff7a5884d97
0x7ff7a5884d9b
0x7ff7a5884da5
0x7ff7a5884da9
0x7ff7a5884dae
0x7ff7a5884db3
0x7ff7a5884dc4
0x7ff7a5884dd3
0x7ff7a5884ddb
0x7ff7a5884ddd
0x7ff7a5884de1
0x7ff7a5884de9
0x7ff7a5884df5
0x7ff7a5884df9
0x7ff7a5884e04
0x7ff7a5884e06
0x7ff7a5884e0d
0x7ff7a5884e16
0x7ff7a5884e1b
0x7ff7a5884e21
0x7ff7a5884e2f
0x7ff7a5884e33
0x7ff7a5884e38
0x7ff7a5884e3a
0x7ff7a5884e3f
0x7ff7a5884e44
0x7ff7a5884e4d
0x7ff7a5884e53
0x7ff7a5884e58
0x7ff7a5884e5d
0x7ff7a5884e62
0x7ff7a5884e67
0x7ff7a5884e6c
0x7ff7a5884e70
0x7ff7a5884e7d
0x7ff7a5884e86
0x7ff7a5884e88
0x7ff7a5884e8c
0x7ff7a5884e91
0x7ff7a5884e9d
0x7ff7a5884ea1
0x7ff7a5884eac
0x7ff7a5884eae
0x7ff7a5884eb5
0x7ff7a5884ebe
0x7ff7a5884ec3
0x7ff7a5884ec9
0x7ff7a5884ed7
0x7ff7a5884edb
0x7ff7a5884ee0
0x7ff7a5884ee2
0x7ff7a5884ee7
0x7ff7a5884eec
0x7ff7a5884ef5
0x7ff7a5884efb
0x7ff7a5884f00
0x7ff7a5884f05
0x7ff7a5884f09
0x7ff7a5884f0e
0x7ff7a5884f17
0x7ff7a5884f23
0x7ff7a5884f27
0x7ff7a5884f37
0x7ff7a5884f42
0x7ff7a5884f51
0x7ff7a5884f64
0x7ff7a5884f6e
0x7ff7a5884f72
0x7ff7a5884f7a
0x7ff7a5884f8d
0x7ff7a5884fa2
0x7ff7a5884fa8
0x7ff7a5884fb2
0x7ff7a5884fc6
0x7ff7a5884fdb
0x7ff7a5884fe1
0x7ff7a5884fe7
0x7ff7a5884fef
0x7ff7a5885002
0x7ff7a5885017
0x7ff7a5885019
0x7ff7a588504c

APIs

GetTickCount.KERNEL32 ref: 00007FF7A5884C77

Part of subcall function 00007FF7A5884760: _get_pgmptr.LIBCMT ref: 00007FF7A58847DB
Part of subcall function 00007FF7A5884760: VirtualFree.KERNEL32 ref: 00007FF7A58848A6

Part of subcall function 00007FF7A5883DF0: GetTickCount.KERNEL32 ref: 00007FF7A5883E9D

Strings

-d ${dll_path} -e ${epoch} [-c ${computer_name}] [-s ${root_serial}] [-o ${output_path}], xrefs: 00007FF7A5884F4A
Usage: , xrefs: 00007FF7A5884F29
Where: ${dll_path} is the path to the Emotet module to be loaded (mandatory parameter).${epoch} is the identifier of the epoch (i.e., a specific Emotet botnet) that themodule belongs to; only identifiers to currently online botnets are supported,i.e.,, xrefs: 00007FF7A5884F56
Running the embedded DLL with the following parameters:, xrefs: 00007FF7A5884C9F

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: CountTick$FreeVirtual_get_pgmptr
String ID: -d ${dll_path} -e ${epoch} [-c ${computer_name}] [-s ${root_serial}] [-o ${output_path}]$Running the embedded DLL with the following parameters:$Usage: $Where: ${dll_path} is the path to the Emotet module to be loaded (mandatory parameter).${epoch} is the identifier of the epoch (i.e., a specific Emotet botnet) that themodule belongs to; only identifiers to currently online botnets are supported,i.e.,
API String ID: 4157490408-3466327283
Opcode ID: 383713d65ad0bd884ef9f8c9e422cf6215c782a906a06aed98a056e92c4d7ead
Instruction ID: 7421d2915791bc37b7c81fc170833f9fee1f0306ee54c3869ac238409bc7d4fc
Opcode Fuzzy Hash: 383713d65ad0bd884ef9f8c9e422cf6215c782a906a06aed98a056e92c4d7ead
Instruction Fuzzy Hash: 1EC1B133B1AB4295EB00EB64D8402ADA365FB46BD9F910276EA5D03AF9DF3CD461C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588AAF8 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 23%

			E00007FF77FF7A588AAF8(long long __rax, struct _CRITICAL_SECTION* __rbx, void* __r9, void* _a8) {

				InitializeCriticalSectionAndSpinCount(__rbx);
				GetModuleHandleW(??); // executed
				if (__rax != 0) goto 0xa588ab3e;
				GetModuleHandleW(??);
				if (__rax == 0) goto 0xa588abbd;
				GetProcAddress(??, ??);
				GetProcAddress(??, ??);
				if (__rax == 0) goto 0xa588ab7b;
				if (__rax == 0) goto 0xa588ab7b;
				 *0xa591aa58 = __rax;
				 *0xa591aa60 = __rax;
				goto 0xa588ab99;
				r9d = 0;
				r8d = 0;
				CreateEventW(??, ??, ??, ??);
				 *0xa591aa28 = __rax;
				if (__rax == 0) goto 0xa588abbd;
				if (E00007FF77FF7A588AE54(0, __rax) == 0) goto 0xa588abbd;
				E00007FF77FF7A588B004(E00007FF77FF7A588AE54(0, __rax), __rax);
				return 0;
			}

0x7ff7a588ab0e
0x7ff7a588ab1b
0x7ff7a588ab27
0x7ff7a588ab30
0x7ff7a588ab3c
0x7ff7a588ab48
0x7ff7a588ab5b
0x7ff7a588ab64
0x7ff7a588ab69
0x7ff7a588ab6b
0x7ff7a588ab72
0x7ff7a588ab79
0x7ff7a588ab7b
0x7ff7a588ab7e
0x7ff7a588ab87
0x7ff7a588ab8d
0x7ff7a588ab97
0x7ff7a588aba2
0x7ff7a588abab
0x7ff7a588abbc

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FF7A588AB0E
GetModuleHandleW.KERNELBASE ref: 00007FF7A588AB1B
GetModuleHandleW.KERNEL32 ref: 00007FF7A588AB30
GetProcAddress.KERNEL32 ref: 00007FF7A588AB48
GetProcAddress.KERNEL32 ref: 00007FF7A588AB5B
CreateEventW.KERNEL32 ref: 00007FF7A588AB87
DeleteCriticalSection.KERNEL32 ref: 00007FF7A588ABD3
CloseHandle.KERNEL32 ref: 00007FF7A588ABE5

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 00007FF7A588AB14
WakeAllConditionVariable, xrefs: 00007FF7A588AB4E
kernel32.dll, xrefs: 00007FF7A588AB29
SleepConditionVariableCS, xrefs: 00007FF7A588AB3E

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: bc21d41253cce04b51d1f810a8a0b1dead1bd20c8ec99c06c8de36167e766654
Instruction ID: de9d81d00b6b36519dd10588451d5e7398221b6b47ed75450b64babbb360a42c
Opcode Fuzzy Hash: bc21d41253cce04b51d1f810a8a0b1dead1bd20c8ec99c06c8de36167e766654
Instruction Fuzzy Hash: 5C211020A1BA47C1FA55FB10E954174A3A2BF46F91FCA04B5D90F066F0EF2CE569C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58824E0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 120
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNELBASE ref: 00007FF7A5882538
GetFileSize.KERNEL32 ref: 00007FF7A5882558
VirtualAlloc.KERNELBASE ref: 00007FF7A5882582
ReadFile.KERNELBASE ref: 00007FF7A58825A4
FindCloseChangeNotification.KERNELBASE ref: 00007FF7A58825B6
VirtualFree.KERNEL32 ref: 00007FF7A5882606
CloseHandle.KERNEL32 ref: 00007FF7A588260F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5882681

Strings

%08X.dll, xrefs: 00007FF7A588282E

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: File$CloseVirtual$AllocChangeCreateFindFreeHandleNotificationReadSize_invalid_parameter_noinfo_noreturn
String ID: %08X.dll
API String ID: 383838959-518170090
Opcode ID: 52651734049c8fe336d005ea08e99ed78e1fec6af6651a225521d525384572c7
Instruction ID: b9b004126087ae0cfa7cb38b25db4a2521b13a5277b2ceda1f161cbbe4f445b1
Opcode Fuzzy Hash: 52651734049c8fe336d005ea08e99ed78e1fec6af6651a225521d525384572c7
Instruction Fuzzy Hash: 8E41E16270A68186EB14EB25E418329B3A1FB56FD5F824170EE4F03BA4DF3CD4A48310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58858A0 Relevance: 9.2, APIs: 6, Instructions: 199
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 71%

			E00007FF77FF7A58858A0(intOrPtr __edx, long long __rbx, long long __rcx, long long __rsi, long long _a24, long long _a32) {
				void* _v40;
				signed int _v48;
				char _v52;
				char _v56;
				long long _v64;
				char _v72;
				long long _v80;
				char _v88;
				char _v96;
				long long _v104;
				void* _v112;
				intOrPtr _v116;
				signed int _v120;
				intOrPtr _v128;
				char _v136;
				intOrPtr _t82;
				void* _t85;
				void* _t89;
				void* _t94;
				void* _t95;
				void* _t122;
				signed long long _t136;
				intOrPtr _t140;
				intOrPtr _t141;
				intOrPtr _t145;
				intOrPtr _t146;
				intOrPtr _t147;
				intOrPtr* _t149;
				intOrPtr* _t156;
				intOrPtr* _t157;
				intOrPtr* _t161;
				intOrPtr* _t180;
				intOrPtr* _t190;
				void* _t193;
				signed int _t201;
				long long _t202;
				intOrPtr* _t203;
				intOrPtr _t204;
				signed long long _t205;

				_t191 = __rsi;
				_a24 = __rbx;
				_a32 = __rsi;
				_t194 = _t193 - 0x80;
				_t136 =  *0xa58fb008; // 0x485f0d1bb70c
				_v48 = _t136 ^ _t193 - 0x00000080;
				_v116 = __edx;
				_t156 = __rcx;
				_v112 = __rcx;
				_v120 = 0;
				_v104 = __rcx;
				_t161 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__rcx)) + 4)) + __rcx + 0x48));
				if (_t161 == 0) goto 0xa58858fa;
				 *((intOrPtr*)( *_t161 + 8))();
				_t140 =  *((intOrPtr*)( *((intOrPtr*)(__rcx)) + 4));
				if ( *((intOrPtr*)(_t140 + __rcx + 0x10)) == 0) goto 0xa588590c;
				goto 0xa5885936;
				_t141 =  *((intOrPtr*)(_t140 + __rcx + 0x50));
				if (_t141 == 0) goto 0xa5885934;
				if (_t141 == __rcx) goto 0xa5885934;
				E00007FF77FF7A5888630(__rcx, _t141, __rsi);
				goto 0xa5885936;
				_v96 = 1;
				if (1 == 0) goto 0xa5885ace;
				_t203 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__rcx)) + 4)) + __rcx + 0x40)) + 8));
				_v80 = _t203;
				_t145 =  *_t203;
				 *((intOrPtr*)(_t145 + 8))();
				E00007FF77FF7A588BCE0(0,  &_v52);
				_t202 =  *0xa591c458; // 0x2282325fdc0
				_v72 = _t202;
				_t204 =  *0xa591c470; // 0x3
				if (_t204 != 0) goto 0xa58859c0;
				E00007FF77FF7A588BCE0(0,  &_v56);
				_t122 =  *0xa591c470 - _t204; // 0x3
				if (_t122 != 0) goto 0xa58859af;
				_t82 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t82 + 1;
				 *0xa591c470 = _t145;
				_t85 = E00007FF77FF7A588BD58(_t145,  &_v56);
				_t205 =  *0xa591c470; // 0x3
				_t201 = _t205 * 8;
				if (_t205 -  *((intOrPtr*)(_t203 + 0x18)) >= 0) goto 0xa58859db;
				_t146 =  *((intOrPtr*)(_t203 + 0x10));
				if ( *((intOrPtr*)(_t201 + _t146)) != 0) goto 0xa5885a3f;
				if ( *((char*)(_t203 + 0x24)) == 0) goto 0xa58859f5;
				E00007FF77FF7A58920C4(_t85);
				if (_t205 -  *((intOrPtr*)(_t146 + 0x18)) >= 0) goto 0xa58859fa;
				_t147 =  *((intOrPtr*)(_t146 + 0x10));
				if ( *((intOrPtr*)(_t201 + _t147)) != 0) goto 0xa5885a3f;
				if (_t202 == 0) goto 0xa5885a04;
				goto 0xa5885a3f;
				E00007FF77FF7A588A260(_t147, _t156,  &_v72,  &_v88, _t191);
				if (_t147 == 0xffffffff) goto 0xa5885b4a;
				_t190 = _v72;
				_v72 = _t190;
				E00007FF77FF7A589208C(_t147, _t190);
				_t89 =  *((intOrPtr*)( *_t190 + 8))();
				 *0xa591c458 = _t190;
				E00007FF77FF7A588BD58(_t89,  &_v52);
				_t149 =  *_t203;
				 *((intOrPtr*)(_t149 + 0x10))();
				if (_t149 == 0) goto 0xa5885a66;
				 *((intOrPtr*)( *_t149))();
				_v72 = 0;
				_v64 =  *((intOrPtr*)( *((intOrPtr*)( *_t156 + 4)) + _t156 + 0x48));
				asm("movaps xmm0, [esp+0x60]");
				asm("movdqa [esp+0x50], xmm0");
				_t99 = _v116;
				_v128 = _v116;
				_v136 = 1;
				_t94 =  *((intOrPtr*)( *_t190 + 0x40))();
				_t112 =  !=  ? 4 : 0;
				_v120 =  !=  ? 4 : 0;
				_t157 = _v112;
				_t106 =  !=  ? 0 : 4;
				_t107 = ( !=  ? 0 : 4) | _v120 |  *( *((intOrPtr*)( *_t157 + 4)) + _t157 + 0x10);
				r8d = 0;
				_t95 = E00007FF77FF7A58823F0(_t94, ( !=  ? 0 : 4) | _v120 |  *( *((intOrPtr*)( *_t157 + 4)) + _t157 + 0x10),  *((long long*)( *((intOrPtr*)( *_t157 + 4)) + _t157 + 0x48)),  *((intOrPtr*)( *_t157 + 4)) + _t157);
				0xa58923d0();
				if (_t95 != 0) goto 0xa5885b05;
				E00007FF77FF7A5888730(_t157);
				_t180 =  *((intOrPtr*)( *((intOrPtr*)( *_t157 + 4)) + _t157 + 0x48));
				if (_t180 == 0) goto 0xa5885b1d;
				return E00007FF77FF7A588AAD0( *((intOrPtr*)( *_t180 + 0x10))(), _t99, _v48 ^ _t194);
			}

0x7ff7a58858a0
0x7ff7a58858a0
0x7ff7a58858a5
0x7ff7a58858b3
0x7ff7a58858ba
0x7ff7a58858c4
0x7ff7a58858c9
0x7ff7a58858cd
0x7ff7a58858d0
0x7ff7a58858d9
0x7ff7a58858dd
0x7ff7a58858e9
0x7ff7a58858f1
0x7ff7a58858f6
0x7ff7a58858fd
0x7ff7a5885906
0x7ff7a588590a
0x7ff7a588590c
0x7ff7a5885914
0x7ff7a5885919
0x7ff7a588591e
0x7ff7a5885932
0x7ff7a5885936
0x7ff7a588593c
0x7ff7a588594b
0x7ff7a588594f
0x7ff7a5885954
0x7ff7a588595a
0x7ff7a5885965
0x7ff7a588596b
0x7ff7a5885972
0x7ff7a5885977
0x7ff7a5885981
0x7ff7a588598a
0x7ff7a588598f
0x7ff7a5885996
0x7ff7a5885998
0x7ff7a58859a0
0x7ff7a58859a8
0x7ff7a58859b4
0x7ff7a58859b9
0x7ff7a58859c0
0x7ff7a58859cc
0x7ff7a58859ce
0x7ff7a58859d9
0x7ff7a58859e0
0x7ff7a58859e2
0x7ff7a58859eb
0x7ff7a58859ed
0x7ff7a58859f8
0x7ff7a58859fd
0x7ff7a5885a02
0x7ff7a5885a0e
0x7ff7a5885a17
0x7ff7a5885a1d
0x7ff7a5885a22
0x7ff7a5885a2a
0x7ff7a5885a35
0x7ff7a5885a38
0x7ff7a5885a44
0x7ff7a5885a4a
0x7ff7a5885a50
0x7ff7a5885a59
0x7ff7a5885a63
0x7ff7a5885a74
0x7ff7a5885a79
0x7ff7a5885a83
0x7ff7a5885a88
0x7ff7a5885a91
0x7ff7a5885a95
0x7ff7a5885a99
0x7ff7a5885aaa
0x7ff7a5885ab8
0x7ff7a5885abb
0x7ff7a5885ac9
0x7ff7a5885ae5
0x7ff7a5885ae8
0x7ff7a5885aea
0x7ff7a5885aed
0x7ff7a5885af3
0x7ff7a5885afa
0x7ff7a5885aff
0x7ff7a5885b0c
0x7ff7a5885b14
0x7ff7a5885b49

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5885965
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A588598A
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58859B4
std::_Facet_Register.LIBCPMT ref: 00007FF7A5885A2A
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5885A44

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 7a8fcb2102c32299b8e0bdc026328b27abc5934feffa19ffbc7a0fc2ccddaa3c
Instruction ID: 6a5d618484bacbf1465c60089c426ef571a7e4c713bb153e0d6e3d9d9dc57d6b
Opcode Fuzzy Hash: 7a8fcb2102c32299b8e0bdc026328b27abc5934feffa19ffbc7a0fc2ccddaa3c
Instruction Fuzzy Hash: 27819D2260AB8592EB10EF25E480279B7A1FF96FD1F864172DA8E037A5CF3CD455C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58924F0 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E00007FF77FF7A58924F0(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b478; // 0x2282325b960
				_a24 = _t65;
				_t63 =  *0xa591b2f0; // 0x2
				if (_t63 != 0) goto 0xa5892560;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b2f0 - _t63; // 0x2
				if (_t35 != 0) goto 0xa589254f;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b2f0 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b2f0; // 0x2
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5892581;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa58925e7;
				goto 0xa5892583;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa589259c;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa58925a1;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa58925e7;
				if (_t65 == 0) goto 0xa58925ab;
				goto 0xa58925e7;
				E00007FF77FF7A5892BB4(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66); // executed
				if (_t45 == 0xffffffff) goto 0xa58925ff;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b478 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a58924f0
0x7ff7a58924fb
0x7ff7a5892505
0x7ff7a589250b
0x7ff7a5892512
0x7ff7a5892517
0x7ff7a5892521
0x7ff7a589252a
0x7ff7a589252f
0x7ff7a5892536
0x7ff7a5892538
0x7ff7a5892540
0x7ff7a5892548
0x7ff7a5892554
0x7ff7a5892559
0x7ff7a5892560
0x7ff7a5892564
0x7ff7a5892570
0x7ff7a5892572
0x7ff7a589257d
0x7ff7a589257f
0x7ff7a5892587
0x7ff7a5892589
0x7ff7a5892592
0x7ff7a5892594
0x7ff7a589259f
0x7ff7a58925a4
0x7ff7a58925a9
0x7ff7a58925b3
0x7ff7a58925bc
0x7ff7a58925be
0x7ff7a58925c3
0x7ff7a58925cb
0x7ff7a58925da
0x7ff7a58925e0
0x7ff7a58925fe

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5892505
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A589252A
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5892554
std::_Facet_Register.LIBCPMT ref: 00007FF7A58925CB
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58925EC
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A58925FF

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: abdce0dd964abf7c6970fd264637e1586270a21c0d4674ffdd099311e5ace51f
Instruction ID: 91c0f71a8bfebbc476508028bae90fe17724df3506d237b708466befbffec71f
Opcode Fuzzy Hash: abdce0dd964abf7c6970fd264637e1586270a21c0d4674ffdd099311e5ace51f
Instruction Fuzzy Hash: 87318F21A0AA46C4FB45BB16D450179F362FB96FA0F8A0171FA1E4B6B5DF3CF4568320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5884760 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 178
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 65%

			E00007FF77FF7A5884760(void* __edx, long long __rcx, intOrPtr* __rdx, long long __rdi, long long __rbp, intOrPtr* __r8, intOrPtr* __r9) {
				long long _v56;
				long long _v64;
				signed int _v80;
				void* _v88;
				char _v96;
				long long _v144;
				void* _v152;
				char _v168;
				void* __rsi;
				void* _t43;
				intOrPtr _t45;
				signed long long _t62;
				intOrPtr* _t67;
				long long _t68;
				intOrPtr* _t69;
				long long _t86;
				intOrPtr* _t94;

				_t94 = __r9;
				_t62 =  *0xa58fb008; // 0x485f0d1bb70c
				_v80 = _t62 ^  &_v152;
				 *((long long*)(__rcx + 0x10)) = _t68;
				_t86 = __rcx;
				if ( *((long long*)(__rcx + 0x18)) - 0x10 < 0) goto 0xa58847a3;
				 *((char*)( *((intOrPtr*)(__rcx)))) = 0;
				 *__rdx = 0;
				 *((long long*)(__r8 + 0x10)) = _t68;
				if ( *((long long*)(__r8 + 0x18)) - 0x10 < 0) goto 0xa58847b8;
				_t67 =  *((intOrPtr*)(__r8));
				 *_t67 = 0;
				_v56 = __rbp;
				_v64 = __rdi;
				 *__r9 = 0;
				_v96 = 0;
				_v88 = _t68;
				if (E00007FF77FF7A58BACCC(_t67,  &_v88) != 0) goto 0xa58848ac;
				_v168 = _t68;
				_v152 = _t68;
				_v144 = 0xf;
				asm("o16 nop [eax+eax]");
				if ( *_v88 != 0) goto 0xa5884810;
				E00007FF77FF7A5887430( &_v168, _v88, 0);
				E00007FF77FF7A58824E0( &_v168,  &_v96, _t86, __rbp); // executed
				if (_t67 == 0) goto 0xa58848ac;
				_t45 = _v96;
				_t69 = _t67;
				if (_t45 - 0x14 <= 0) goto 0xa588489b;
				r10d = 0x5a4d;
				if ( *_t69 != 0xdeadbeef) goto 0xa5884891;
				if ( *((intOrPtr*)(_t69 + 4)) - 4 - 1 > 0) goto 0xa5884891;
				r8d =  *((intOrPtr*)(_t69 + 0xc));
				r9d =  *((intOrPtr*)(_t69 + 0x10));
				if (_t67 - 0x14 + _t94 < 0) goto 0xa5884891;
				if (r8d == 0) goto 0xa5884889;
				if ( *((char*)(_t67 + _t69 + 0x14)) != 0) goto 0xa5884891;
				if ( *((intOrPtr*)(0 + _t69 + 0x14)) == r10w) goto 0xa58848dd;
				if (_t45 - 1 - 0x14 > 0) goto 0xa5884850;
				r8d = 0x8000;
				VirtualFree(??, ??, ??);
				return E00007FF77FF7A588AAD0(0, _t43, _v80 ^  &_v152);
			}

0x7ff7a5884760
0x7ff7a5884772
0x7ff7a588477c
0x7ff7a5884787
0x7ff7a5884798
0x7ff7a588479e
0x7ff7a58847a3
0x7ff7a58847a8
0x7ff7a58847aa
0x7ff7a58847b3
0x7ff7a58847b5
0x7ff7a58847b8
0x7ff7a58847bf
0x7ff7a58847c7
0x7ff7a58847cf
0x7ff7a58847d2
0x7ff7a58847d6
0x7ff7a58847e2
0x7ff7a58847f7
0x7ff7a58847fc
0x7ff7a5884801
0x7ff7a588480a
0x7ff7a5884817
0x7ff7a588481e
0x7ff7a588482d
0x7ff7a5884838
0x7ff7a588483a
0x7ff7a588483e
0x7ff7a5884844
0x7ff7a5884846
0x7ff7a5884856
0x7ff7a5884861
0x7ff7a5884863
0x7ff7a5884867
0x7ff7a5884877
0x7ff7a588487c
0x7ff7a5884887
0x7ff7a588488f
0x7ff7a5884899
0x7ff7a588489d
0x7ff7a58848a6
0x7ff7a58848dc

APIs

_get_pgmptr.LIBCMT ref: 00007FF7A58847DB
VirtualFree.KERNEL32 ref: 00007FF7A58848A6
VirtualFree.KERNELBASE ref: 00007FF7A58849BD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A58849CD

Strings

The embedded DLL was dropped to , xrefs: 00007FF7A5884946

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: FreeVirtual$_get_pgmptr_invalid_parameter_noinfo_noreturn
String ID: The embedded DLL was dropped to
API String ID: 227635827-1279087144
Opcode ID: c5154b9d54d08cc434ce9719ac609fc7708aca2ae0f61c0f3c4fa525921a8d16
Instruction ID: c8011076ac75c0850876fbd54f88ab3f031842fc23e2d2d2fc63fa6588720bd5
Opcode Fuzzy Hash: c5154b9d54d08cc434ce9719ac609fc7708aca2ae0f61c0f3c4fa525921a8d16
Instruction Fuzzy Hash: DC61C032A0AA8186EB10EF29E440369B7A0FB46FD9F868171DA5D477F5DE3CE454C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D72CC Relevance: 6.2, APIs: 4, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 21%

			E00007FF77FF7A58D72CC(void* __ebx, signed int __ecx, void* __ebp, void* __rax, void* __rcx, signed short* __rdx, void* __r8, signed int __r9, void* __r10) {
				signed short _v80;
				void* _v92;
				signed int _v96;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				signed int _v120;
				long long _v128;
				signed int _v136;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t106;
				long _t115;
				signed int _t116;
				void* _t121;
				signed int _t127;
				intOrPtr _t145;
				intOrPtr _t146;
				void* _t167;
				signed long long _t180;
				signed long long _t184;
				signed long long _t187;
				signed long long _t206;
				signed int _t207;
				void* _t208;
				void* _t210;
				void* _t226;
				signed long long _t227;
				signed short* _t228;
				void* _t229;
				signed short* _t230;

				_t121 = __ebx;
				r15d = r8d;
				_t184 = __r9;
				_t228 = __rdx;
				if (r8d == 0) goto 0xa58d75c9;
				if (__rdx != 0) goto 0xa58d7333;
				 *((char*)(__r9 + 0x38)) = 1;
				r8d = 0;
				 *((intOrPtr*)(__r9 + 0x34)) = 0;
				 *((char*)(__r9 + 0x30)) = 1;
				 *((intOrPtr*)(__r9 + 0x2c)) = 0x16;
				r9d = 0;
				_v128 = __r9;
				_v136 = _t207;
				E00007FF77FF7A58BE70C(__rax, __r9, __rcx, __rdx, _t208, _t210, __r8);
				goto 0xa58d75cb;
				_t187 = __ecx >> 6;
				_v120 = _t187;
				_t227 = __ecx + __ecx * 8;
				if (_t208 - 1 - 1 > 0) goto 0xa58d7369;
				if (( !r15d & 0x00000001) == 0) goto 0xa58d72fc;
				if (( *( *((intOrPtr*)(0xa591bd50 + _t187 * 8)) + 0x38 + _t227 * 8) & 0x00000020) == 0) goto 0xa58d737f;
				r8d = 0x7ff7a591bd52;
				0xa58d8fa8();
				_v96 = _t207;
				if (E00007FF77FF7A58DC37C(r12d, __ecx) == 0) goto 0xa58d74b5;
				if ( *((intOrPtr*)( *((intOrPtr*)(0xa591bd50 + _v120 * 8)) + 0x38 + _t227 * 8)) - dil >= 0) goto 0xa58d74b5;
				if ( *((intOrPtr*)(__r9 + 0x28)) != dil) goto 0xa58d73c6;
				0xa58bb7e0();
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x18)) + 0x138)) != _t207) goto 0xa58d73e2;
				_t180 =  *((intOrPtr*)(0xa591bd50 + _v120 * 8));
				if ( *((intOrPtr*)(_t180 + 0x39 + _t227 * 8)) == dil) goto 0xa58d74b5;
				if (GetConsoleMode(??, ??) == 0) goto 0xa58d74aa;
				if (sil == 0) goto 0xa58d7487;
				sil = sil - 1;
				if (sil - 1 > 0) goto 0xa58d754e;
				_t226 = _t228 + _t229;
				_v112 = _t207;
				_t230 = _t228;
				if (_t228 - _t226 >= 0) goto 0xa58d7544;
				_v80 =  *_t230 & 0x0000ffff;
				_t106 = E00007FF77FF7A58DD79C( *_t230 & 0xffff);
				_t127 = _v80 & 0x0000ffff;
				if (_t106 != _t127) goto 0xa58d7479;
				_t145 = _v108 + 2;
				_v108 = _t145;
				if (_t127 != 0xa) goto 0xa58d746a;
				if (E00007FF77FF7A58DD79C(0xd) != 0xd) goto 0xa58d7479;
				_t146 = _t145 + 1;
				_v108 = _t146;
				if ( &(_t230[1]) - _t226 >= 0) goto 0xa58d7544;
				goto 0xa58d742a;
				_v112 = GetLastError();
				goto 0xa58d7544;
				r9d = r15d;
				_v136 = __r9;
				E00007FF77FF7A58D6988(0xd, r12d, _t146, __ebp, __r9,  &_v112, _t228);
				asm("movsd xmm0, [eax]");
				goto 0xa58d7549;
				if ( *((intOrPtr*)( *((intOrPtr*)(0xa591bd50 + _v120 * 8)) + 0x38 + _t227 * 8)) - dil >= 0) goto 0xa58d7511;
				_t167 = sil;
				if (_t167 == 0) goto 0xa58d74fd;
				if (_t167 == 0) goto 0xa58d74e9;
				if (_t146 - 1 != 1) goto 0xa58d7559;
				r9d = r15d;
				E00007FF77FF7A58D6F18(_t121, r12d, _t180, _t184,  &_v112, _t210, _t228);
				goto 0xa58d749e;
				r9d = r15d;
				E00007FF77FF7A58D7034(r12d,  *((intOrPtr*)(_t180 + 8)), _t180, _t184,  &_v112, _t210, _t228);
				goto 0xa58d749e;
				r9d = r15d;
				E00007FF77FF7A58D6E14(_t121, r12d, _t180, _t184,  &_v112, _t210, _t228); // executed
				goto 0xa58d749e;
				r8d = r15d;
				_v136 = _v136 & _t180;
				_v112 = _t180;
				_v104 = 0;
				if (WriteFile(??, ??, ??, ??, ??) != 0) goto 0xa58d7541;
				_t115 = GetLastError();
				_v112 = _t115;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				if (_t115 != 0) goto 0xa58d75c2;
				_t116 = _v96;
				if (_t116 == 0) goto 0xa58d7598;
				if (_t116 != 5) goto 0xa58d7588;
				 *((char*)(_t184 + 0x30)) = 1;
				 *((intOrPtr*)(_t184 + 0x2c)) = 9;
				 *((char*)(_t184 + 0x38)) = 1;
				 *(_t184 + 0x34) = _t116;
				goto 0xa58d732b;
				_t206 = _t184;
				E00007FF77FF7A58C1858(_v96, _t206);
				goto 0xa58d732b;
				if (( *( *((intOrPtr*)(0xa591bd50 + _t206 * 8)) + 0x38 + _t227 * 8) & 0x00000040) == 0) goto 0xa58d75aa;
				if ( *_t228 == 0x1a) goto 0xa58d75c9;
				 *(_t184 + 0x34) =  *(_t184 + 0x34) & 0x00000000;
				 *((char*)(_t184 + 0x30)) = 1;
				 *((intOrPtr*)(_t184 + 0x2c)) = 0x1c;
				 *((char*)(_t184 + 0x38)) = 1;
				goto 0xa58d732b;
				goto 0xa58d75cb;
				return 0;
			}

0x7ff7a58d72cc
0x7ff7a58d72e2
0x7ff7a58d72e8
0x7ff7a58d72eb
0x7ff7a58d72f1
0x7ff7a58d72fa
0x7ff7a58d72fc
0x7ff7a58d7301
0x7ff7a58d7304
0x7ff7a58d730a
0x7ff7a58d7311
0x7ff7a58d7319
0x7ff7a58d731c
0x7ff7a58d7321
0x7ff7a58d7326
0x7ff7a58d732e
0x7ff7a58d7343
0x7ff7a58d7347
0x7ff7a58d734b
0x7ff7a58d735e
0x7ff7a58d7367
0x7ff7a58d736f
0x7ff7a58d7376
0x7ff7a58d737a
0x7ff7a58d7382
0x7ff7a58d7398
0x7ff7a58d73a7
0x7ff7a58d73b1
0x7ff7a58d73b6
0x7ff7a58d73d1
0x7ff7a58d73d3
0x7ff7a58d73dc
0x7ff7a58d73f7
0x7ff7a58d7400
0x7ff7a58d7406
0x7ff7a58d740d
0x7ff7a58d7413
0x7ff7a58d7417
0x7ff7a58d741b
0x7ff7a58d7421
0x7ff7a58d7431
0x7ff7a58d7435
0x7ff7a58d743a
0x7ff7a58d7441
0x7ff7a58d7443
0x7ff7a58d7446
0x7ff7a58d744d
0x7ff7a58d7461
0x7ff7a58d7463
0x7ff7a58d7465
0x7ff7a58d7471
0x7ff7a58d7477
0x7ff7a58d747f
0x7ff7a58d7482
0x7ff7a58d7487
0x7ff7a58d748a
0x7ff7a58d7499
0x7ff7a58d749e
0x7ff7a58d74a5
0x7ff7a58d74be
0x7ff7a58d74c2
0x7ff7a58d74c5
0x7ff7a58d74ca
0x7ff7a58d74cf
0x7ff7a58d74d5
0x7ff7a58d74e2
0x7ff7a58d74e7
0x7ff7a58d74e9
0x7ff7a58d74f6
0x7ff7a58d74fb
0x7ff7a58d74fd
0x7ff7a58d750a
0x7ff7a58d750f
0x7ff7a58d751c
0x7ff7a58d751f
0x7ff7a58d7527
0x7ff7a58d752b
0x7ff7a58d7536
0x7ff7a58d7538
0x7ff7a58d753e
0x7ff7a58d7544
0x7ff7a58d7549
0x7ff7a58d7563
0x7ff7a58d7565
0x7ff7a58d756a
0x7ff7a58d756f
0x7ff7a58d7571
0x7ff7a58d7575
0x7ff7a58d757c
0x7ff7a58d7580
0x7ff7a58d7583
0x7ff7a58d758b
0x7ff7a58d758e
0x7ff7a58d7593
0x7ff7a58d75a2
0x7ff7a58d75a8
0x7ff7a58d75aa
0x7ff7a58d75ae
0x7ff7a58d75b2
0x7ff7a58d75b9
0x7ff7a58d75bd
0x7ff7a58d75c7
0x7ff7a58d75db

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A58D726C), ref: 00007FF7A58D73EF
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A58D726C), ref: 00007FF7A58D7479

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 73f4a51c0331130a516503621fd4ff9bb75154de385e332aab4ffaafd61e185b
Instruction ID: 0354a046bb2f24e3e520bd1a06d9f36b914bf66dd904662ad2188f8a270a0939
Opcode Fuzzy Hash: 73f4a51c0331130a516503621fd4ff9bb75154de385e332aab4ffaafd61e185b
Instruction Fuzzy Hash: 3491D363A1B65289FB50EB6594403BCABF1BB06F98F860175DE0E976A4CF3CD461C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5881AF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00007FF77FF7A5881AF0(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long _a8, long long _a16) {
				void* _t18;
				long long _t21;
				long long _t24;

				_t21 = __rax;
				_a16 = __rbx;
				_a8 = __rcx;
				_t24 = __rcx;
				E00007FF77FF7A588BCE0(0, __rcx);
				 *((long long*)(_t24 + 8)) = _t21;
				 *((char*)(_t24 + 0x10)) = 0;
				 *((long long*)(_t24 + 0x18)) = _t21;
				 *((char*)(_t24 + 0x20)) = 0;
				 *((long long*)(_t24 + 0x28)) = _t21;
				 *((short*)(_t24 + 0x30)) = 0;
				 *((long long*)(_t24 + 0x38)) = _t21;
				 *((short*)(_t24 + 0x40)) = 0;
				 *((long long*)(_t24 + 0x48)) = _t21;
				 *((char*)(_t24 + 0x50)) = 0;
				 *((long long*)(_t24 + 0x58)) = _t21;
				 *((char*)(_t24 + 0x60)) = 0;
				if (__rdx == 0) goto 0xa5881b5a;
				_t18 = E00007FF77FF7A5892240(_t21, _t24, _t24, __rdx); // executed
				return _t18;
			}

0x7ff7a5881af0
0x7ff7a5881af0
0x7ff7a5881af5
0x7ff7a5881b02
0x7ff7a5881b07
0x7ff7a5881b0f
0x7ff7a5881b13
0x7ff7a5881b16
0x7ff7a5881b1a
0x7ff7a5881b1d
0x7ff7a5881b21
0x7ff7a5881b25
0x7ff7a5881b29
0x7ff7a5881b2d
0x7ff7a5881b31
0x7ff7a5881b34
0x7ff7a5881b38
0x7ff7a5881b3e
0x7ff7a5881b46
0x7ff7a5881b59

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5881B07
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF7A5881B46

Strings

bad locale name, xrefs: 00007FF7A5881B5A

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: dbd65e157ad59af8e7b95f118f720a1d599bfdb006aa25942acf47310692793f
Instruction ID: b702fa3421277976a57969434da7cfcd5903e80fae7720e69d1a88f6a23a4292
Opcode Fuzzy Hash: dbd65e157ad59af8e7b95f118f720a1d599bfdb006aa25942acf47310692793f
Instruction Fuzzy Hash: EE01A223106B8189D344EF75A840158B7A5FB69F84B585178DB8C8372AEF38C4A0C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58856E8 Relevance: 4.6, APIs: 3, Instructions: 119
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 23%

			E00007FF77FF7A58856E8(long long __rbx, void* __rsi, long long __r14) {
				void* _t38;
				void* _t40;
				void* _t48;
				intOrPtr _t50;
				long long _t51;
				long long _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				long long _t75;
				intOrPtr _t91;
				intOrPtr* _t94;
				void* _t101;
				void* _t106;
				void* _t108;
				signed long long _t110;
				intOrPtr _t112;
				intOrPtr _t113;
				char* _t121;

				_t106 = __rsi;
				_t75 = __rbx;
				E00007FF77FF7A58BE348(__rbx, _t101, __rsi);
				 *((long long*)(_t108 + 0x1f)) = __r14;
				if ( *((intOrPtr*)(_t108 + 0xf)) == 0) goto 0xa58856ff;
				E00007FF77FF7A58BE348(_t75, _t101, _t106);
				 *((long long*)(_t108 + 0xf)) = __r14;
				if ( *((intOrPtr*)(_t108 - 1)) == 0) goto 0xa5885711;
				E00007FF77FF7A58BE348(_t75, _t101, _t106);
				 *((long long*)(_t108 - 1)) = __r14;
				if ( *((intOrPtr*)(_t108 - 0x11)) == 0) goto 0xa5885723;
				E00007FF77FF7A58BE348(_t75, _t101, _t106);
				 *((long long*)(_t108 - 0x11)) = __r14;
				if ( *((intOrPtr*)(_t108 - 0x21)) == 0) goto 0xa5885735;
				E00007FF77FF7A58BE348(_t75, _t101, _t106);
				 *((long long*)(_t108 - 0x21)) = __r14;
				if ( *((intOrPtr*)(_t108 - 0x31)) == 0) goto 0xa5885747;
				_t38 = E00007FF77FF7A58BE348(_t75, _t101, _t106);
				 *((long long*)(_t108 - 0x31)) = __r14;
				E00007FF77FF7A588BD58(_t38, _t108 - 0x39);
				 *_t75 = 0xa58f23c8;
				 *((long long*)(_t106 + 0x60)) = __r14;
				 *((long long*)(_t106 + 8)) = _t75;
				0xa58922c8(); // executed
				_t112 =  *0xa591b320; // 0x1a
				if (_t112 != 0) goto 0xa58857bc;
				_t40 = E00007FF77FF7A588BCE0(0, _t108 - 0x49);
				if ( *0xa591b320 != 0) goto 0xa58857ac;
				_t50 =  *0xa591b2e0; // 0x27
				_t51 = _t50 + 1;
				 *0xa591b2e0 = _t51;
				_t71 = _t51;
				 *0xa591b320 = _t71;
				E00007FF77FF7A588BD58(_t40, _t108 - 0x49);
				_t113 =  *0xa591b320; // 0x1a
				E00007FF77FF7A5890908(_t75, 0xa58f23c8, _t75, 0xa58f23c8, _t106, _t113);
				 *0x7FF7A58F23E8 = r14d;
				_t91 =  *((intOrPtr*)(0x7ff7a58f23f0));
				_t121 = "*";
				if (_t91 == _t121) goto 0xa588581d;
				if (_t91 == 0) goto 0xa58857e5;
				E00007FF77FF7A58BE348(_t75, _t75, _t106);
				 *((long long*)(0x7ff7a58f23f0)) = __r14;
				if ( *((char*)(_t121 + 1)) != 0) goto 0xa58857f0;
				0xa58be874();
				 *((long long*)(0x7ff7a58f23f0)) = _t71;
				if (_t71 == 0) goto 0xa588581d;
				E00007FF77FF7A58B6D20();
				_t94 =  *((intOrPtr*)(_t106 + 0x18));
				if (_t94 == 0xa58f23c8) goto 0xa588584c;
				_t72 =  *_t94;
				 *((intOrPtr*)(_t72 + 0x10))();
				if (_t72 == 0) goto 0xa588583f;
				 *((intOrPtr*)( *_t72))();
				 *((long long*)(_t106 + 0x18)) = 0xa58f23c8;
				_t73 =  *0xa58f23c8;
				 *((intOrPtr*)(_t73 + 8))();
				 *((intOrPtr*)( *0xa58f23c8 + 0x10))();
				if (_t73 == 0) goto 0xa5885869;
				_t48 =  *((intOrPtr*)( *_t73))();
				 *((long long*)(_t106 + 0x70)) = __r14;
				return E00007FF77FF7A588AAD0(_t48, _t51,  *(_t108 + 0x37) ^ _t110);
			}

0x7ff7a58856e8
0x7ff7a58856e8
0x7ff7a58856e8
0x7ff7a58856ed
0x7ff7a58856f8
0x7ff7a58856fa
0x7ff7a58856ff
0x7ff7a588570a
0x7ff7a588570c
0x7ff7a5885711
0x7ff7a588571c
0x7ff7a588571e
0x7ff7a5885723
0x7ff7a588572e
0x7ff7a5885730
0x7ff7a5885735
0x7ff7a5885740
0x7ff7a5885742
0x7ff7a5885747
0x7ff7a588574f
0x7ff7a588575c
0x7ff7a588575f
0x7ff7a5885763
0x7ff7a588576b
0x7ff7a5885773
0x7ff7a588577d
0x7ff7a5885785
0x7ff7a5885792
0x7ff7a5885794
0x7ff7a588579a
0x7ff7a588579c
0x7ff7a58857a2
0x7ff7a58857a5
0x7ff7a58857b0
0x7ff7a58857b5
0x7ff7a58857c2
0x7ff7a58857c7
0x7ff7a58857cb
0x7ff7a58857cf
0x7ff7a58857d9
0x7ff7a58857de
0x7ff7a58857e0
0x7ff7a58857e5
0x7ff7a58857f6
0x7ff7a5885801
0x7ff7a5885806
0x7ff7a588580d
0x7ff7a5885818
0x7ff7a588581d
0x7ff7a5885824
0x7ff7a5885826
0x7ff7a5885829
0x7ff7a588582f
0x7ff7a588583c
0x7ff7a588583f
0x7ff7a5885843
0x7ff7a5885849
0x7ff7a5885852
0x7ff7a5885859
0x7ff7a5885866
0x7ff7a5885869
0x7ff7a5885898

APIs

std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A588574F
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5885785
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58857B0

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Lockitstd::_$Lockit::~_$Lockit::_
String ID:
API String ID: 214967623-0
Opcode ID: c41c8a649bc6f98459875819f32ff8f2c59c8598c4fe5c4c3af06cdf89e01e31
Instruction ID: a2c7e6c6fb3796042ab7b2420db5e6b5d6c34066e0799a53a7d9d395088c2d5b
Opcode Fuzzy Hash: c41c8a649bc6f98459875819f32ff8f2c59c8598c4fe5c4c3af06cdf89e01e31
Instruction Fuzzy Hash: 44516E22A0BB4695EA55FF61D4512BCB3A5FF4AFC0B864075DA0E17B61CF3CE4258320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58855A0 Relevance: 4.6, APIs: 3, Instructions: 110
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 24%

			E00007FF77FF7A58855A0(long long __rbx, long long __rcx, long long __rdi, long long __rsi) {
				void* __rbp;
				void* _t86;
				void* _t88;
				void* _t96;
				intOrPtr _t100;
				long long _t101;
				signed long long _t122;
				long long _t127;
				intOrPtr* _t128;
				intOrPtr* _t129;
				intOrPtr _t154;
				intOrPtr* _t157;
				long long _t171;
				void* _t173;
				void* _t174;
				void* _t176;
				signed long long _t177;
				intOrPtr _t179;
				intOrPtr _t180;
				void* _t185;
				long long _t187;
				void* _t189;
				char* _t190;

				_t138 = __rcx;
				 *((long long*)(_t176 + 0x10)) = __rbx;
				 *((long long*)(_t176 + 0x18)) = __rsi;
				 *((long long*)(_t176 + 0x20)) = __rdi;
				_t174 = _t176 - 0x47;
				_t177 = _t176 - 0xf0;
				_t122 =  *0xa58fb008; // 0x485f0d1bb70c
				 *(_t174 + 0x37) = _t122 ^ _t177;
				_t171 = __rcx;
				 *((long long*)(_t177 + 0x20)) = __rcx;
				 *((long long*)(__rcx)) = 0xa58f2440;
				E00007FF77FF7A58920CC(1, __rbx, __rcx, _t174, _t189, _t187);
				 *((long long*)(_t171 + 0x18)) = 0xa58f2440;
				r14d = 0;
				 *((long long*)(_t171 + 0x20)) = _t187;
				 *((long long*)(_t171 + 0x30)) = _t187;
				 *((long long*)(_t171 + 0x38)) = 0xf;
				 *((intOrPtr*)(_t171 + 0x20)) = r14b;
				 *((long long*)(_t171 + 0x40)) = _t187;
				 *((long long*)(_t171 + 0x50)) = _t187;
				 *((long long*)(_t171 + 0x58)) = 7;
				 *((intOrPtr*)(_t171 + 0x40)) = r14w;
				 *((intOrPtr*)(_t171 + 0x68)) = r14w;
				 *((intOrPtr*)(_t171 + 0x6a)) = r14b;
				E00007FF77FF7A588AD90(0xa58f2440, _t138);
				 *((long long*)(_t174 - 0x49)) = 0xa58f2440;
				 *0x7FF7A58F2448 = r14d;
				 *0xa58f2440 = 0xa58e2ab8;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp-0x39], xmm0");
				asm("movups [ebp-0x29], xmm0");
				asm("movups [ebp-0x19], xmm0");
				asm("movups [ebp-0x9], xmm0");
				asm("movups [ebp+0x7], xmm0");
				asm("movups [ebp+0x17], xmm0");
				 *((long long*)(_t174 + 0x27)) = 0xa58e2ab8;
				E00007FF77FF7A588BCE0(0, _t174 - 0x39);
				 *((long long*)(_t174 - 0x31)) = _t187;
				 *((intOrPtr*)(_t174 - 0x29)) = r14b;
				 *((long long*)(_t174 - 0x21)) = _t187;
				 *((intOrPtr*)(_t174 - 0x19)) = r14b;
				 *((long long*)(_t174 - 0x11)) = _t187;
				 *((intOrPtr*)(_t174 - 9)) = r14w;
				 *((long long*)(_t174 - 1)) = _t187;
				 *((intOrPtr*)(_t174 + 7)) = r14w;
				 *((long long*)(_t174 + 0xf)) = _t187;
				 *((intOrPtr*)(_t174 + 0x17)) = r14b;
				 *((long long*)(_t174 + 0x1f)) = _t187;
				 *((intOrPtr*)(_t174 + 0x27)) = r14b;
				_t164 = "C";
				E00007FF77FF7A5892240(0xa58e2ab8, 0xa58f2440, _t174 - 0x39, "C");
				E00007FF77FF7A5893EF8(0xa58e2ab8, 0xa58f2440, _t174 - 0x79, _t185);
				asm("movups xmm0, [eax]");
				asm("movups [ebx+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebx+0x20], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [ebx+0x30], xmm0");
				 *0x7FF7A58F2478 =  *0x7FF7A58E2AE0;
				E00007FF77FF7A58922AC(_t174 - 0x39);
				if ( *((intOrPtr*)(_t174 + 0x1f)) == 0) goto 0xa58856ed;
				E00007FF77FF7A58BE348(0xa58f2440, "C", _t171);
				 *((long long*)(_t174 + 0x1f)) = _t187;
				if ( *((intOrPtr*)(_t174 + 0xf)) == 0) goto 0xa58856ff;
				E00007FF77FF7A58BE348(0xa58f2440, "C", _t171);
				 *((long long*)(_t174 + 0xf)) = _t187;
				if ( *((intOrPtr*)(_t174 - 1)) == 0) goto 0xa5885711;
				E00007FF77FF7A58BE348(0xa58f2440, "C", _t171);
				 *((long long*)(_t174 - 1)) = _t187;
				if ( *((intOrPtr*)(_t174 - 0x11)) == 0) goto 0xa5885723;
				E00007FF77FF7A58BE348(0xa58f2440, _t164, _t171);
				 *((long long*)(_t174 - 0x11)) = _t187;
				if ( *((intOrPtr*)(_t174 - 0x21)) == 0) goto 0xa5885735;
				E00007FF77FF7A58BE348(0xa58f2440, _t164, _t171);
				 *((long long*)(_t174 - 0x21)) = _t187;
				if ( *((intOrPtr*)(_t174 - 0x31)) == 0) goto 0xa5885747;
				_t86 = E00007FF77FF7A58BE348(0xa58f2440, _t164, _t171);
				 *((long long*)(_t174 - 0x31)) = _t187;
				E00007FF77FF7A588BD58(_t86, _t174 - 0x39);
				 *0xa58f2440 = 0xa58f23c8;
				 *((long long*)(_t171 + 0x60)) = _t187;
				 *((long long*)(_t171 + 8)) = 0xa58f2440;
				0xa58922c8(_t173); // executed
				_t179 =  *0xa591b320; // 0x1a
				if (_t179 != 0) goto 0xa58857bc;
				_t88 = E00007FF77FF7A588BCE0(0, _t174 - 0x49);
				if ( *0xa591b320 != 0) goto 0xa58857ac;
				_t100 =  *0xa591b2e0; // 0x27
				_t101 = _t100 + 1;
				 *0xa591b2e0 = _t101;
				_t127 = _t101;
				 *0xa591b320 = _t127;
				E00007FF77FF7A588BD58(_t88, _t174 - 0x49);
				_t180 =  *0xa591b320; // 0x1a
				E00007FF77FF7A5890908(0xa58f2440, 0xa58f23c8, 0xa58f2440, 0xa58f23c8, _t171, _t180);
				 *0x7FF7A58F23E8 = r14d;
				_t154 =  *((intOrPtr*)(0x7ff7a58f23f0));
				_t190 = "*";
				if (_t154 == _t190) goto 0xa588581d;
				if (_t154 == 0) goto 0xa58857e5;
				E00007FF77FF7A58BE348(0xa58f2440, 0xa58f2440, _t171);
				 *((long long*)(0x7ff7a58f23f0)) = _t187;
				if ( *((char*)(_t190 + 1)) != 0) goto 0xa58857f0;
				0xa58be874();
				 *((long long*)(0x7ff7a58f23f0)) = _t127;
				if (_t127 == 0) goto 0xa588581d;
				E00007FF77FF7A58B6D20();
				_t157 =  *((intOrPtr*)(_t171 + 0x18));
				if (_t157 == 0xa58f23c8) goto 0xa588584c;
				_t128 =  *_t157;
				 *((intOrPtr*)(_t128 + 0x10))();
				if (_t128 == 0) goto 0xa588583f;
				 *((intOrPtr*)( *_t128))();
				 *((long long*)(_t171 + 0x18)) = 0xa58f23c8;
				_t129 =  *0xa58f23c8;
				 *((intOrPtr*)(_t129 + 8))();
				 *((intOrPtr*)( *0xa58f23c8 + 0x10))();
				if (_t129 == 0) goto 0xa5885869;
				_t96 =  *((intOrPtr*)( *_t129))();
				 *((long long*)(_t171 + 0x70)) = _t187;
				return E00007FF77FF7A588AAD0(_t96, _t101,  *(_t174 + 0x37) ^ _t177);
			}

0x7ff7a58855a0
0x7ff7a58855a0
0x7ff7a58855a5
0x7ff7a58855aa
0x7ff7a58855b4
0x7ff7a58855b9
0x7ff7a58855c0
0x7ff7a58855ca
0x7ff7a58855ce
0x7ff7a58855d1
0x7ff7a58855dd
0x7ff7a58855e2
0x7ff7a58855e7
0x7ff7a58855eb
0x7ff7a58855ee
0x7ff7a58855f2
0x7ff7a58855f6
0x7ff7a58855fe
0x7ff7a5885602
0x7ff7a5885606
0x7ff7a588560a
0x7ff7a5885612
0x7ff7a5885617
0x7ff7a588561c
0x7ff7a5885624
0x7ff7a588562c
0x7ff7a5885630
0x7ff7a588563b
0x7ff7a588563e
0x7ff7a5885643
0x7ff7a5885647
0x7ff7a588564b
0x7ff7a588564f
0x7ff7a5885653
0x7ff7a5885657
0x7ff7a588565b
0x7ff7a5885665
0x7ff7a588566b
0x7ff7a588566f
0x7ff7a5885673
0x7ff7a5885677
0x7ff7a588567b
0x7ff7a588567f
0x7ff7a5885684
0x7ff7a5885688
0x7ff7a588568d
0x7ff7a5885691
0x7ff7a5885695
0x7ff7a5885699
0x7ff7a588569d
0x7ff7a58856a8
0x7ff7a58856b2
0x7ff7a58856b7
0x7ff7a58856ba
0x7ff7a58856be
0x7ff7a58856c2
0x7ff7a58856c6
0x7ff7a58856cb
0x7ff7a58856d3
0x7ff7a58856da
0x7ff7a58856e6
0x7ff7a58856e8
0x7ff7a58856ed
0x7ff7a58856f8
0x7ff7a58856fa
0x7ff7a58856ff
0x7ff7a588570a
0x7ff7a588570c
0x7ff7a5885711
0x7ff7a588571c
0x7ff7a588571e
0x7ff7a5885723
0x7ff7a588572e
0x7ff7a5885730
0x7ff7a5885735
0x7ff7a5885740
0x7ff7a5885742
0x7ff7a5885747
0x7ff7a588574f
0x7ff7a588575c
0x7ff7a588575f
0x7ff7a5885763
0x7ff7a588576b
0x7ff7a5885773
0x7ff7a588577d
0x7ff7a5885785
0x7ff7a5885792
0x7ff7a5885794
0x7ff7a588579a
0x7ff7a588579c
0x7ff7a58857a2
0x7ff7a58857a5
0x7ff7a58857b0
0x7ff7a58857b5
0x7ff7a58857c2
0x7ff7a58857c7
0x7ff7a58857cb
0x7ff7a58857cf
0x7ff7a58857d9
0x7ff7a58857de
0x7ff7a58857e0
0x7ff7a58857e5
0x7ff7a58857f6
0x7ff7a5885801
0x7ff7a5885806
0x7ff7a588580d
0x7ff7a5885818
0x7ff7a588581d
0x7ff7a5885824
0x7ff7a5885826
0x7ff7a5885829
0x7ff7a588582f
0x7ff7a588583c
0x7ff7a588583f
0x7ff7a5885843
0x7ff7a5885849
0x7ff7a5885852
0x7ff7a5885859
0x7ff7a5885866
0x7ff7a5885869
0x7ff7a5885898

APIs

Part of subcall function 00007FF7A58920CC: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58920E9
Part of subcall function 00007FF7A58920CC: std::locale::_Setgloballocale.LIBCPMT ref: 00007FF7A589210C
Part of subcall function 00007FF7A58920CC: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58921A7

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5885665
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF7A58856A8

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_$Locinfo::_Locinfo_ctorLockit::~_Setgloballocalestd::locale::_
String ID:
API String ID: 1816957271-0
Opcode ID: 411e84c4c1725dad54908a908565732aaf5e4ceafb2a1155414bf1b3db5c1760
Instruction ID: 6b665e31c3bdb47233d5e90b7a5c49d4c80190ecb0208ced8b957ac27cca00bc
Opcode Fuzzy Hash: 411e84c4c1725dad54908a908565732aaf5e4ceafb2a1155414bf1b3db5c1760
Instruction Fuzzy Hash: CF514B33A1AB81CAE710DF70E8902ADB3B4FF55748B415168EB8A23E25DF38E165D354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5890908 Relevance: 4.6, APIs: 3, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E00007FF77FF7A5890908(long long __rbx, void* __rcx, long long __rdx, long long __rdi, long long __rsi, signed int __r8, char _a8, void* _a16, void* _a24, void* _a32) {
				void* _t34;
				long long _t44;
				void* _t54;
				signed int _t61;
				intOrPtr* _t63;
				signed int _t74;
				long long _t76;
				void* _t81;

				_t44 = _t76;
				 *((long long*)(_t44 + 0x10)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rsi;
				 *((long long*)(_t44 + 0x20)) = __rdi;
				_t74 = __r8;
				_t54 = __rcx;
				E00007FF77FF7A588BCE0(0, _t44 + 8);
				if ( *(_t54 + 0x18) - __r8 > 0) goto 0xa5890985;
				_t6 = _t74 + 1; // 0x1b
				_t71 =  <  ? _t44 : _t6;
				0xa58c3478(_t81);
				if (_t44 == 0) goto 0xa58909f3;
				 *((long long*)(_t54 + 0x10)) = _t44;
				goto 0xa5890980;
				 *( *((intOrPtr*)(_t54 + 0x10)) +  *(_t54 + 0x18) * 8) =  *( *((intOrPtr*)(_t54 + 0x10)) +  *(_t54 + 0x18) * 8) & 0x00000000;
				_t61 =  *(_t54 + 0x18) + 1;
				 *(_t54 + 0x18) = _t61;
				if (_t61 - ( <  ? _t44 : _t6) < 0) goto 0xa589096c;
				 *0xa58e2390();
				_t63 =  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x10)) + __r8 * 8));
				if (_t63 == 0) goto 0xa58909cb;
				 *0xa58e2390();
				if ( *((intOrPtr*)( *_t63 + 0x10)) == 0) goto 0xa58909cb;
				_t34 =  *0xa58e2390();
				 *((long long*)( *((intOrPtr*)(_t54 + 0x10)) + __r8 * 8)) = __rdx;
				return E00007FF77FF7A588BD58(_t34,  &_a8);
			}

0x7ff7a5890908
0x7ff7a589090b
0x7ff7a589090f
0x7ff7a5890913
0x7ff7a589091d
0x7ff7a5890923
0x7ff7a589092c
0x7ff7a5890936
0x7ff7a5890938
0x7ff7a5890944
0x7ff7a5890954
0x7ff7a589095c
0x7ff7a5890962
0x7ff7a589096a
0x7ff7a5890970
0x7ff7a5890979
0x7ff7a589097c
0x7ff7a5890983
0x7ff7a589098f
0x7ff7a5890999
0x7ff7a58909a0
0x7ff7a58909a9
0x7ff7a58909b5
0x7ff7a58909c5
0x7ff7a58909cf
0x7ff7a58909f2

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A589092C
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58909D8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A58909F3

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
String ID:
API String ID: 2115809835-0
Opcode ID: 404702d020586d7e059547c53bf596ad325c0a403afaa1491ed634a0f0dc33ee
Instruction ID: ccb5a3703cb77cf199d896480ad75e7db3e9cf48a9fda569273dbb67e19ca703
Opcode Fuzzy Hash: 404702d020586d7e059547c53bf596ad325c0a403afaa1491ed634a0f0dc33ee
Instruction Fuzzy Hash: CE416C22A1AB45C2EB14EB55E480269B361FB86FC4F854471EE4E47B79DE3CE861C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE0060 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69
fileCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E00007FFA7FFA0AEE0060(intOrPtr __ecx, void* __eflags, long long __rbx, void* __rcx, long long __rdx, long long __rbp, void* __r9, signed int _a16, intOrPtr _a40, intOrPtr _a48, signed int _a56, intOrPtr _a64, intOrPtr _a72, intOrPtr _a80, intOrPtr _a88, intOrPtr _a96) {
				void* _v24;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr _v80;
				signed long long _v88;
				intOrPtr _v96;
				intOrPtr _v104;
				void* __rsi;
				void* _t67;
				intOrPtr _t68;
				long _t86;
				long _t88;
				void* _t92;
				void* _t95;
				void* _t97;
				WCHAR* _t99;

				_t97 = _t92;
				 *((long long*)(_t97 + 8)) = __rbx;
				 *((long long*)(_t97 + 0x18)) = __rbp;
				 *((long long*)(_t97 + 0x10)) = __rdx;
				_t68 = _a48;
				_v48 = _a96;
				_v56 = _a88;
				_v64 = _a80;
				_v72 = _a72;
				_v80 = _a64;
				 *(_t97 - 0x58) =  *(_t97 - 0x58) & 0x00000000;
				_v96 = _t68;
				_v104 = _a40;
				E00007FFA7FFA0AEE3C78(_a40, __rcx, __rdx, _t95, __r9);
				_v40 = 0xde62b;
				r9d = 0xb67c69ef;
				r8d = 0x27f;
				_v36 = 0;
				_a56 = 0xba840e;
				_a56 = _a56 << 0xc;
				_a56 = _a56 >> 0xf;
				_a56 = 0xae4c415d * _a56 >> 0x20 >> 6;
				_a56 = _a56 ^ 0x00063f27;
				_a16 = 0xe692f0;
				_a16 = _a16 << 1;
				_a16 = _a16 + _a16;
				_a16 = _a16 | 0x68b960c2;
				_a16 = _a16 ^ 0x6bbede24;
				E00007FFA7FFA0AED44C4(0x9df687f1, 0xae4c415d * _a56 >> 0x20 >> 6, __rbx, _t88);
				_v88 = _v88 & 0x00000000;
				r9d = 0;
				r8d = __ecx;
				_v96 = _t68;
				_v104 = r8d;
				_t67 = CreateFileW(_t99, _t86, _t88, ??); // executed
				return _t67;
			}

0x7ffa0aee0060
0x7ffa0aee0063
0x7ffa0aee0067
0x7ffa0aee006b
0x7ffa0aee0085
0x7ffa0aee008c
0x7ffa0aee0099
0x7ffa0aee00a7
0x7ffa0aee00b2
0x7ffa0aee00b6
0x7ffa0aee00c1
0x7ffa0aee00c6
0x7ffa0aee00cf
0x7ffa0aee00d3
0x7ffa0aee00d8
0x7ffa0aee00e2
0x7ffa0aee00e8
0x7ffa0aee00ee
0x7ffa0aee00f2
0x7ffa0aee0102
0x7ffa0aee010a
0x7ffa0aee0123
0x7ffa0aee012a
0x7ffa0aee0135
0x7ffa0aee0140
0x7ffa0aee0150
0x7ffa0aee0157
0x7ffa0aee0162
0x7ffa0aee017b
0x7ffa0aee0180
0x7ffa0aee0186
0x7ffa0aee0189
0x7ffa0aee0191
0x7ffa0aee0195
0x7ffa0aee0199
0x7ffa0aee01af

APIs

CreateFileW.KERNELBASE ref: 00007FFA0AEE0199

Strings

+, xrefs: 00007FFA0AEE00D8

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID: +
API String ID: 823142352-536325379
Opcode ID: d477e1a2148cc8fd6a0c615aca58c02267d268e49866dd708e35cae499866158
Instruction ID: 6179481970e49bb0bb81fed5f96757fd2898792c6265ef4ce216ca26c6580172
Opcode Fuzzy Hash: d477e1a2148cc8fd6a0c615aca58c02267d268e49866dd708e35cae499866158
Instruction Fuzzy Hash: B831BC736182C08BD3B0DF25F485B8ABBA1F3D9794F104129EA8987B19DB79D845CF44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58878D0 Relevance: 3.5, APIs: 2, Instructions: 494
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00007FF77FF7A58878D0(long long __rbx, long long __rdx, long long __r8, long long __r9) {
				void* __rdi;
				void* __rbp;
				void* __r12;
				void* __r13;
				signed int _t162;
				signed int _t167;
				intOrPtr _t168;
				intOrPtr _t172;
				intOrPtr _t176;
				intOrPtr _t180;
				intOrPtr _t184;
				intOrPtr _t188;
				intOrPtr _t192;
				void* _t199;
				void* _t242;
				void* _t248;
				void* _t254;
				void* _t259;
				void* _t265;
				void* _t270;
				void* _t275;
				signed long long _t283;
				intOrPtr* _t286;
				intOrPtr* _t287;
				long long _t288;
				intOrPtr* _t291;
				intOrPtr* _t292;
				signed char* _t301;
				intOrPtr _t302;
				signed char* _t334;
				intOrPtr* _t335;
				intOrPtr* _t339;
				intOrPtr* _t340;
				intOrPtr* _t341;
				intOrPtr* _t342;
				intOrPtr* _t343;
				intOrPtr* _t344;
				intOrPtr* _t345;
				void* _t348;
				intOrPtr* _t349;
				intOrPtr* _t351;
				intOrPtr* _t355;
				intOrPtr* _t357;
				signed int _t361;
				intOrPtr* _t365;
				long long* _t366;
				intOrPtr* _t368;
				long long* _t369;
				intOrPtr* _t371;
				long long* _t372;
				intOrPtr* _t374;
				long long* _t375;
				intOrPtr* _t377;
				long long* _t378;
				intOrPtr* _t380;
				long long* _t381;
				intOrPtr* _t383;
				long long* _t384;
				intOrPtr* _t397;
				intOrPtr* _t398;
				intOrPtr* _t399;
				intOrPtr* _t400;
				intOrPtr* _t401;
				intOrPtr* _t402;
				intOrPtr* _t403;
				intOrPtr _t404;
				intOrPtr _t407;
				void* _t410;
				intOrPtr _t411;
				void* _t412;
				intOrPtr _t413;
				void* _t414;
				void* _t415;
				void* _t419;
				signed char* _t422;
				void* _t438;
				void* _t439;
				void* _t441;
				signed long long _t442;
				intOrPtr _t446;
				void* _t451;
				void* _t453;
				intOrPtr _t455;
				void* _t459;
				void* _t460;
				void* _t462;
				void* _t464;

				 *((long long*)(_t441 + 8)) = __rbx;
				_t439 = _t441 - 0xf;
				_t442 = _t441 - 0xb0;
				_t283 =  *0xa58fb008; // 0x485f0d1bb70c
				 *(_t439 - 1) = _t283 ^ _t442;
				 *((long long*)(_t439 - 0x59)) = __r9;
				 *((long long*)(_t439 - 0x61)) = __r8;
				 *((long long*)(_t439 - 0x49)) = __rdx;
				r14d =  *(_t439 + 0x6f) & 0x000000ff;
				_t334 =  *((intOrPtr*)(_t439 + 0x77));
				_t411 =  *((intOrPtr*)(_t439 + 0x7f));
				if (_t411 == 0) goto 0xa588792f;
				if ((( *_t334 & 0x000000ff) - 0x0000002b & 0x000000fd) != 0) goto 0xa588792f;
				r13d = 1;
				goto 0xa5887932;
				r13d = 0;
				if (( *(__r9 + 0x18) & 0x00000e00) != 0x800) goto 0xa5887960;
				_t13 = _t459 + 2; // 0x2
				_t348 = _t13;
				if (_t348 - _t411 > 0) goto 0xa5887960;
				if (_t334[_t459] != 0x30) goto 0xa5887960;
				_t460 =  ==  ? _t348 : _t459;
				_t349 =  *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x40)) + 8));
				 *((long long*)(_t439 - 0x69)) = _t349;
				_t286 =  *_t349;
				 *((intOrPtr*)(_t286 + 8))(_t459, _t453, _t410, _t419, _t438);
				E00007FF77FF7A5888C10(_t334, _t439 - 0x71, _t439, _t464);
				_t351 =  *((intOrPtr*)(_t439 - 0x69));
				if (_t351 == 0) goto 0xa58879a0;
				_t287 =  *_t351;
				 *((intOrPtr*)(_t287 + 0x10))();
				if (_t287 == 0) goto 0xa58879a0;
				_t288 =  *_t287;
				 *_t288();
				 *((long long*)(_t439 - 0x41)) = _t288;
				 *((long long*)(_t439 - 0x31)) = _t288;
				 *((long long*)(_t439 - 0x29)) = 0xf;
				 *((char*)(_t439 - 0x41)) = 0;
				r8d = 0;
				E00007FF77FF7A58872A0(_t439 - 0x41, _t411);
				_t451 =  >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41;
				 *((intOrPtr*)( *_t286 + 0x38))();
				_t355 =  *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x40)) + 8));
				 *((long long*)(_t439 - 0x69)) = _t355;
				_t291 =  *_t355;
				 *((intOrPtr*)(_t291 + 8))();
				E00007FF77FF7A5889350(_t334, _t439 - 0x71, _t439, _t462);
				_t335 = _t291;
				_t357 =  *((intOrPtr*)(_t439 - 0x69));
				if (_t357 == 0) goto 0xa5887a24;
				_t292 =  *_t357;
				 *((intOrPtr*)(_t292 + 0x10))();
				if (_t292 == 0) goto 0xa5887a24;
				 *((intOrPtr*)( *_t292))();
				 *((intOrPtr*)( *_t335 + 0x28))();
				_t422 =  >=  ?  *((void*)(_t439 - 0x21)) : _t439 - 0x21;
				if (( *_t422 & 0x000000ff) - 1 - 0x7d > 0) goto 0xa5887b0b;
				r15d =  *((intOrPtr*)( *_t335 + 0x20))();
				_t162 =  *_t422 & 0x000000ff;
				if (_t162 == 0x7f) goto 0xa5887b07;
				if (_t162 <= 0) goto 0xa5887b07;
				_t361 = _t162;
				if (_t361 - _t411 - _t460 >= 0) goto 0xa5887b07;
				_t412 = _t411 - _t361;
				_t446 =  *((intOrPtr*)(_t439 - 0x31));
				if (_t446 - _t412 < 0) goto 0xa5887f21;
				if ( *((intOrPtr*)(_t439 - 0x29)) - _t446 - 1 < 0) goto 0xa5887ad2;
				 *((long long*)(_t439 - 0x31)) = _t446 + 1;
				_t337 =  >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41;
				_t338 =  &(( >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41)[_t412]);
				E00007FF77FF7A58B6D20();
				( >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41)[_t412] = r15b & 0xffffffff;
				goto 0xa5887af1;
				 *(_t442 + 0x28) = r15b;
				 *((long long*)(_t442 + 0x20)) = 1;
				E00007FF77FF7A5889E40(_t439 - 0x41,  &(( >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41)[_t412]), _t412, _t412, __r9, _t460);
				_t301 =  &(_t422[1]);
				_t423 =  >  ? _t301 : _t422;
				_t165 =  *( >  ? _t301 : _t422) & 0x000000ff;
				_t233 = ( *( >  ? _t301 : _t422) & 0x000000ff) - 0x7f;
				if (( *( >  ? _t301 : _t422) & 0x000000ff) != 0x7f) goto 0xa5887a65;
				_t455 =  *((intOrPtr*)(_t439 - 0x31));
				_t302 =  *((intOrPtr*)(_t439 - 0x59));
				_t413 =  *((intOrPtr*)(_t302 + 0x28));
				if (_t413 <= 0) goto 0xa5887b26;
				if (_t413 - _t455 <= 0) goto 0xa5887b26;
				_t414 = _t413 - _t455;
				goto 0xa5887b28;
				_t167 =  *(_t302 + 0x18) & 0x000001c0;
				asm("inc ecx");
				asm("movaps [ebp-0x71], xmm0");
				if (_t167 == 0x40) goto 0xa5887d06;
				if (_t167 == 0x100) goto 0xa5887c29;
				if (_t414 == 0) goto 0xa5887ba7;
				_t339 =  *((intOrPtr*)(_t439 - 0x69));
				if (_t339 == 0) goto 0xa5887b99;
				if ( *((long long*)( *((intOrPtr*)(_t339 + 0x40)))) == 0) goto 0xa5887b88;
				_t365 =  *((intOrPtr*)(_t339 + 0x58));
				_t168 =  *_t365;
				if (_t168 <= 0) goto 0xa5887b88;
				 *_t365 = _t168 - 1;
				_t366 =  *((intOrPtr*)(_t339 + 0x40));
				_t397 =  *_t366;
				 *_t366 = _t397 + 1;
				 *_t397 = r14b;
				goto 0xa5887b94;
				_t242 =  *((intOrPtr*)( *_t339 + 0x18))() - 0xffffffff;
				if (_t242 != 0) goto 0xa5887b9d;
				 *((char*)(_t439 - 0x71)) = 1;
				_t415 = _t414 - 1;
				if (_t242 != 0) goto 0xa5887b55;
				asm("movaps xmm0, [ebp-0x71]");
				asm("movaps [ebp-0x71], xmm0");
				_t425 =  >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41;
				if (_t460 == 0) goto 0xa5887d79;
				_t340 =  *((intOrPtr*)(_t439 - 0x69));
				r8d =  *( >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41) & 0x000000ff;
				if (_t340 == 0) goto 0xa5887c17;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t340 + 0x40)))) == _t415) goto 0xa5887c06;
				_t368 =  *((intOrPtr*)(_t340 + 0x58));
				_t172 =  *_t368;
				if (_t172 <= 0) goto 0xa5887c06;
				 *_t368 = _t172 - 1;
				_t369 =  *((intOrPtr*)(_t340 + 0x40));
				_t398 =  *_t369;
				 *_t369 = _t398 + 1;
				 *_t398 = r8b;
				goto 0xa5887c12;
				_t248 =  *((intOrPtr*)( *_t340 + 0x18))() - 0xffffffff;
				if (_t248 != 0) goto 0xa5887c1b;
				 *((char*)(_t439 - 0x71)) = 1;
				if (_t248 != 0) goto 0xa5887bd0;
				goto 0xa5887d75;
				_t428 =  >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41;
				if (_t460 == 0) goto 0xa5887c9c;
				_t341 =  *((intOrPtr*)(_t439 - 0x69));
				r8d =  *( >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41) & 0x000000ff;
				if (_t341 == 0) goto 0xa5887c8b;
				if ( *((long long*)( *((intOrPtr*)(_t341 + 0x40)))) == 0) goto 0xa5887c7a;
				_t371 =  *((intOrPtr*)(_t341 + 0x58));
				_t176 =  *_t371;
				if (_t176 <= 0) goto 0xa5887c7a;
				 *_t371 = _t176 - 1;
				_t372 =  *((intOrPtr*)(_t341 + 0x40));
				_t399 =  *_t372;
				 *_t372 = _t399 + 1;
				 *_t399 = r8b;
				goto 0xa5887c86;
				_t254 =  *((intOrPtr*)( *_t341 + 0x18))() - 0xffffffff;
				if (_t254 != 0) goto 0xa5887c8f;
				 *((char*)(_t439 - 0x71)) = 1;
				if (_t254 != 0) goto 0xa5887c43;
				asm("movaps xmm0, [ebp-0x71]");
				asm("movaps [ebp-0x71], xmm0");
				if (_t415 == 0) goto 0xa5887d02;
				_t342 =  *((intOrPtr*)(_t439 - 0x69));
				if (_t342 == 0) goto 0xa5887cf4;
				if ( *((long long*)( *((intOrPtr*)(_t342 + 0x40)))) == 0) goto 0xa5887ce3;
				_t374 =  *((intOrPtr*)(_t342 + 0x58));
				_t180 =  *_t374;
				if (_t180 <= 0) goto 0xa5887ce3;
				 *_t374 = _t180 - 1;
				_t375 =  *((intOrPtr*)(_t342 + 0x40));
				_t400 =  *_t375;
				 *_t375 = _t400 + 1;
				 *_t400 = r14b;
				goto 0xa5887cef;
				_t259 =  *((intOrPtr*)( *_t342 + 0x18))() - 0xffffffff;
				if (_t259 != 0) goto 0xa5887cf8;
				 *((char*)(_t439 - 0x71)) = 1;
				if (_t259 != 0) goto 0xa5887cb0;
				asm("movaps xmm0, [ebp-0x71]");
				goto 0xa5887d79;
				_t431 =  >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41;
				if (_t460 == 0) goto 0xa5887d79;
				_t343 =  *((intOrPtr*)(_t439 - 0x69));
				r8d =  *( >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41) & 0x000000ff;
				if (_t343 == 0) goto 0xa5887d68;
				if ( *((long long*)( *((intOrPtr*)(_t343 + 0x40)))) == 0) goto 0xa5887d57;
				_t377 =  *((intOrPtr*)(_t343 + 0x58));
				_t184 =  *_t377;
				if (_t184 <= 0) goto 0xa5887d57;
				 *_t377 = _t184 - 1;
				_t378 =  *((intOrPtr*)(_t343 + 0x40));
				_t401 =  *_t378;
				 *_t378 = _t401 + 1;
				 *_t401 = r8b;
				goto 0xa5887d63;
				_t265 =  *((intOrPtr*)( *_t343 + 0x18))() - 0xffffffff;
				if (_t265 != 0) goto 0xa5887d6c;
				 *((char*)(_t439 - 0x71)) = 1;
				if (_t265 != 0) goto 0xa5887d20;
				asm("movaps xmm0, [ebp-0x71]");
				asm("movups [eax], xmm0");
				asm("movaps [ebp-0x71], xmm0");
				_t434 =  >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41;
				_t435 =  &(( >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41)[_t460]);
				if ( *((long long*)(_t439 - 0x29)) == 0x10) goto 0xa5887df9;
				_t344 =  *((intOrPtr*)(_t439 - 0x69));
				r8d = ( >=  ?  *((void*)(_t439 - 0x41)) : _t439 - 0x41)[_t460] & 0x000000ff;
				if (_t344 == 0) goto 0xa5887de8;
				if ( *((long long*)( *((intOrPtr*)(_t344 + 0x40)))) == 0) goto 0xa5887dd7;
				_t380 =  *((intOrPtr*)(_t344 + 0x58));
				_t188 =  *_t380;
				if (_t188 <= 0) goto 0xa5887dd7;
				 *_t380 = _t188 - 1;
				_t381 =  *((intOrPtr*)(_t344 + 0x40));
				_t402 =  *_t381;
				 *_t381 = _t402 + 1;
				 *_t402 = r8b;
				goto 0xa5887de3;
				_t270 =  *((intOrPtr*)( *_t344 + 0x18))() - 0xffffffff;
				if (_t270 != 0) goto 0xa5887dec;
				 *((char*)(_t439 - 0x71)) = 1;
				if (_t270 != 0) goto 0xa5887da0;
				asm("movaps xmm0, [ebp-0x71]");
				 *((long long*)( *((intOrPtr*)(_t439 - 0x59)) + 0x28)) = 0;
				asm("movaps [ebp-0x71], xmm0");
				if (_t415 - 1 == 0) goto 0xa5887e64;
				_t345 =  *((intOrPtr*)(_t439 - 0x69));
				if (_t345 == 0) goto 0xa5887e56;
				if ( *((long long*)( *((intOrPtr*)(_t345 + 0x40)))) == 0) goto 0xa5887e45;
				_t383 =  *((intOrPtr*)(_t345 + 0x58));
				_t192 =  *_t383;
				if (_t192 <= 0) goto 0xa5887e45;
				 *_t383 = _t192 - 1;
				_t384 =  *((intOrPtr*)(_t345 + 0x40));
				_t403 =  *_t384;
				 *_t384 = _t403 + 1;
				 *_t403 = r14b;
				goto 0xa5887e51;
				_t275 =  *((intOrPtr*)( *_t345 + 0x18))() - 0xffffffff;
				if (_t275 != 0) goto 0xa5887e5a;
				 *((char*)(_t439 - 0x71)) = 1;
				if (_t275 != 0) goto 0xa5887e12;
				asm("movaps xmm0, [ebp-0x71]");
				asm("movups [ebx], xmm0");
				_t404 =  *((intOrPtr*)(_t439 - 9));
				if (_t404 - 0x10 < 0) goto 0xa5887ea6;
				if (_t404 + 1 - 0x1000 < 0) goto 0xa5887ea1;
				if ( *((intOrPtr*)(_t439 - 0x21)) -  *((intOrPtr*)( *((intOrPtr*)(_t439 - 0x21)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa5887f27;
				E00007FF77FF7A588AAF0( *((intOrPtr*)(_t439 - 0x21)) -  *((intOrPtr*)( *((intOrPtr*)(_t439 - 0x21)) - 8)) + 0xfffffff8,  *((intOrPtr*)(_t439 - 0x49)), _t412);
				 *((long long*)(_t439 - 0x11)) = 0;
				 *((long long*)(_t439 - 9)) = 0xf;
				 *((char*)(_t439 - 0x21)) = 0;
				_t407 =  *((intOrPtr*)(_t439 - 0x29));
				if (_t407 - 0x10 < 0) goto 0xa5887ef1;
				if (_t407 + 1 - 0x1000 < 0) goto 0xa5887eec;
				if ( *((intOrPtr*)(_t439 - 0x41)) -  *((intOrPtr*)( *((intOrPtr*)(_t439 - 0x41)) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa5887f1b;
				return E00007FF77FF7A588AAD0(E00007FF77FF7A588AAF0( *((intOrPtr*)(_t439 - 0x41)) -  *((intOrPtr*)( *((intOrPtr*)(_t439 - 0x41)) - 8)) + 0xfffffff8,  *((intOrPtr*)(_t439 - 0x49)), _t412), _t199,  *(_t439 - 1) ^ _t442);
			}

0x7ff7a58878d0
0x7ff7a58878e0
0x7ff7a58878e5
0x7ff7a58878ec
0x7ff7a58878f6
0x7ff7a58878fd
0x7ff7a5887904
0x7ff7a5887908
0x7ff7a588790c
0x7ff7a5887911
0x7ff7a5887915
0x7ff7a588791c
0x7ff7a5887925
0x7ff7a5887927
0x7ff7a588792d
0x7ff7a588792f
0x7ff7a5887940
0x7ff7a5887942
0x7ff7a5887942
0x7ff7a5887949
0x7ff7a5887950
0x7ff7a588795c
0x7ff7a5887964
0x7ff7a5887968
0x7ff7a588796c
0x7ff7a588796f
0x7ff7a5887977
0x7ff7a588797f
0x7ff7a5887986
0x7ff7a5887988
0x7ff7a588798b
0x7ff7a5887994
0x7ff7a5887996
0x7ff7a588799e
0x7ff7a58879a2
0x7ff7a58879a6
0x7ff7a58879aa
0x7ff7a58879b2
0x7ff7a58879b5
0x7ff7a58879bf
0x7ff7a58879ce
0x7ff7a58879e0
0x7ff7a58879e8
0x7ff7a58879ec
0x7ff7a58879f0
0x7ff7a58879f3
0x7ff7a58879fb
0x7ff7a5887a00
0x7ff7a5887a03
0x7ff7a5887a0a
0x7ff7a5887a0c
0x7ff7a5887a0f
0x7ff7a5887a18
0x7ff7a5887a22
0x7ff7a5887a2e
0x7ff7a5887a3b
0x7ff7a5887a47
0x7ff7a5887a56
0x7ff7a5887a5a
0x7ff7a5887a5f
0x7ff7a5887a67
0x7ff7a5887a6d
0x7ff7a5887a7a
0x7ff7a5887a80
0x7ff7a5887a83
0x7ff7a5887a8a
0x7ff7a5887a9e
0x7ff7a5887aa4
0x7ff7a5887ab0
0x7ff7a5887ab5
0x7ff7a5887ac5
0x7ff7a5887ace
0x7ff7a5887ad0
0x7ff7a5887ad2
0x7ff7a5887ad7
0x7ff7a5887aec
0x7ff7a5887af1
0x7ff7a5887af8
0x7ff7a5887afc
0x7ff7a5887aff
0x7ff7a5887b01
0x7ff7a5887b0b
0x7ff7a5887b0f
0x7ff7a5887b13
0x7ff7a5887b1a
0x7ff7a5887b1f
0x7ff7a5887b21
0x7ff7a5887b24
0x7ff7a5887b2b
0x7ff7a5887b30
0x7ff7a5887b34
0x7ff7a5887b3b
0x7ff7a5887b46
0x7ff7a5887b4f
0x7ff7a5887b51
0x7ff7a5887b58
0x7ff7a5887b62
0x7ff7a5887b64
0x7ff7a5887b68
0x7ff7a5887b6c
0x7ff7a5887b70
0x7ff7a5887b72
0x7ff7a5887b76
0x7ff7a5887b7d
0x7ff7a5887b80
0x7ff7a5887b86
0x7ff7a5887b94
0x7ff7a5887b97
0x7ff7a5887b99
0x7ff7a5887b9d
0x7ff7a5887ba1
0x7ff7a5887ba3
0x7ff7a5887ba9
0x7ff7a5887bb6
0x7ff7a5887bc1
0x7ff7a5887bc7
0x7ff7a5887bd0
0x7ff7a5887bd7
0x7ff7a5887be0
0x7ff7a5887be2
0x7ff7a5887be6
0x7ff7a5887bea
0x7ff7a5887bee
0x7ff7a5887bf0
0x7ff7a5887bf4
0x7ff7a5887bfb
0x7ff7a5887bfe
0x7ff7a5887c04
0x7ff7a5887c12
0x7ff7a5887c15
0x7ff7a5887c17
0x7ff7a5887c22
0x7ff7a5887c24
0x7ff7a5887c32
0x7ff7a5887c3d
0x7ff7a5887c3f
0x7ff7a5887c43
0x7ff7a5887c4a
0x7ff7a5887c54
0x7ff7a5887c56
0x7ff7a5887c5a
0x7ff7a5887c5e
0x7ff7a5887c62
0x7ff7a5887c64
0x7ff7a5887c68
0x7ff7a5887c6f
0x7ff7a5887c72
0x7ff7a5887c78
0x7ff7a5887c86
0x7ff7a5887c89
0x7ff7a5887c8b
0x7ff7a5887c96
0x7ff7a5887c98
0x7ff7a5887c9c
0x7ff7a5887ca3
0x7ff7a5887ca5
0x7ff7a5887cb3
0x7ff7a5887cbd
0x7ff7a5887cbf
0x7ff7a5887cc3
0x7ff7a5887cc7
0x7ff7a5887ccb
0x7ff7a5887ccd
0x7ff7a5887cd1
0x7ff7a5887cd8
0x7ff7a5887cdb
0x7ff7a5887ce1
0x7ff7a5887cef
0x7ff7a5887cf2
0x7ff7a5887cf4
0x7ff7a5887cfc
0x7ff7a5887cfe
0x7ff7a5887d04
0x7ff7a5887d0f
0x7ff7a5887d1a
0x7ff7a5887d1c
0x7ff7a5887d20
0x7ff7a5887d27
0x7ff7a5887d31
0x7ff7a5887d33
0x7ff7a5887d37
0x7ff7a5887d3b
0x7ff7a5887d3f
0x7ff7a5887d41
0x7ff7a5887d45
0x7ff7a5887d4c
0x7ff7a5887d4f
0x7ff7a5887d55
0x7ff7a5887d63
0x7ff7a5887d66
0x7ff7a5887d68
0x7ff7a5887d73
0x7ff7a5887d75
0x7ff7a5887d7d
0x7ff7a5887d80
0x7ff7a5887d8d
0x7ff7a5887d92
0x7ff7a5887d98
0x7ff7a5887d9a
0x7ff7a5887da0
0x7ff7a5887da7
0x7ff7a5887db1
0x7ff7a5887db3
0x7ff7a5887db7
0x7ff7a5887dbb
0x7ff7a5887dbf
0x7ff7a5887dc1
0x7ff7a5887dc5
0x7ff7a5887dcc
0x7ff7a5887dcf
0x7ff7a5887dd5
0x7ff7a5887de3
0x7ff7a5887de6
0x7ff7a5887de8
0x7ff7a5887df3
0x7ff7a5887df5
0x7ff7a5887dfd
0x7ff7a5887e05
0x7ff7a5887e0c
0x7ff7a5887e0e
0x7ff7a5887e15
0x7ff7a5887e1f
0x7ff7a5887e21
0x7ff7a5887e25
0x7ff7a5887e29
0x7ff7a5887e2d
0x7ff7a5887e2f
0x7ff7a5887e33
0x7ff7a5887e3a
0x7ff7a5887e3d
0x7ff7a5887e43
0x7ff7a5887e51
0x7ff7a5887e54
0x7ff7a5887e56
0x7ff7a5887e5e
0x7ff7a5887e60
0x7ff7a5887e68
0x7ff7a5887e6b
0x7ff7a5887e73
0x7ff7a5887e86
0x7ff7a5887e9b
0x7ff7a5887ea1
0x7ff7a5887ea6
0x7ff7a5887eae
0x7ff7a5887eb6
0x7ff7a5887eba
0x7ff7a5887ec2
0x7ff7a5887ed5
0x7ff7a5887eea
0x7ff7a5887f1a

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5887F1B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5887F27

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: d6126659d0f78d0bcdb70324273cf21880aff88828747d0f421e26e1f9330a96
Instruction ID: a47b27d9f9aead04a71efdc3287bb0d479fa7dfc4dfd30932c298f02615161fd
Opcode Fuzzy Hash: d6126659d0f78d0bcdb70324273cf21880aff88828747d0f421e26e1f9330a96
Instruction Fuzzy Hash: 4422AF22B0AA8589EB119F39C0403BCA7B2EB46F89F954171CE4D977A8DF3DD855C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D6E14 Relevance: 3.1, APIs: 2, Instructions: 74
fileCOMMON

Download Yara Rule

C-Code - Quality: 42%

			E00007FF77FF7A58D6E14(void* __ebx, signed int __edx, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, intOrPtr* __r8, signed long long _a8, long long _a24, char _a40, char _a5159, signed int _a5160, void* _a5176) {
				char _t31;
				int _t32;
				intOrPtr _t33;
				void* _t37;
				void* _t38;
				signed long long _t50;
				char* _t59;
				char* _t60;
				void* _t74;
				void* _t76;
				void* _t81;
				void* _t83;

				_a8 = __rbx;
				_a24 = __rbp;
				E00007FF77FF7A58DF970(0x1450, __rax, _t81, _t83);
				_t50 =  *0xa58fb008; // 0x485f0d1bb70c
				_a5160 = _t50 ^ _t76 - __rax;
				r10d = r10d & 0x0000003f;
				_t74 = __rbp + __r8;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(0xa591bd50 + (__edx >> 6) * 8));
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t74 >= 0) goto 0xa58d6eeb;
				_t59 =  &_a40;
				if (__r8 - _t74 >= 0) goto 0xa58d6eaa;
				_t31 =  *((intOrPtr*)(__r8));
				if (_t31 != 0xa) goto 0xa58d6e98;
				 *((intOrPtr*)(__rcx + 8)) =  *((intOrPtr*)(__rcx + 8)) + 1;
				 *_t59 = 0xd;
				_t60 = _t59 + 1;
				 *_t60 = _t31;
				if (_t60 + 1 -  &_a5159 < 0) goto 0xa58d6e81;
				_a8 = _a8 & 0x00000000;
				_t37 = __ebx;
				r8d = _t37;
				_t32 = WriteFile(??, ??, ??, ??, ??); // executed
				if (_t32 == 0) goto 0xa58d6ee3;
				_t33 = _a24;
				 *((intOrPtr*)(__rcx + 4)) =  *((intOrPtr*)(__rcx + 4)) + _t33;
				if (_t33 - _t37 < 0) goto 0xa58d6eeb;
				if (__r8 + 1 - _t74 < 0) goto 0xa58d6e7c;
				goto 0xa58d6eeb;
				 *((intOrPtr*)(__rcx)) = GetLastError();
				return E00007FF77FF7A588AAD0(_t34, _t38, _a5160 ^ _t76 - __rax);
			}

0x7ff7a58d6e14
0x7ff7a58d6e19
0x7ff7a58d6e27
0x7ff7a58d6e2f
0x7ff7a58d6e39
0x7ff7a58d6e58
0x7ff7a58d6e5c
0x7ff7a58d6e71
0x7ff7a58d6e74
0x7ff7a58d6e7a
0x7ff7a58d6e7c
0x7ff7a58d6e84
0x7ff7a58d6e86
0x7ff7a58d6e8d
0x7ff7a58d6e8f
0x7ff7a58d6e92
0x7ff7a58d6e95
0x7ff7a58d6e98
0x7ff7a58d6ea8
0x7ff7a58d6eaa
0x7ff7a58d6eb5
0x7ff7a58d6ebc
0x7ff7a58d6ec7
0x7ff7a58d6ecf
0x7ff7a58d6ed1
0x7ff7a58d6ed5
0x7ff7a58d6eda
0x7ff7a58d6edf
0x7ff7a58d6ee1
0x7ff7a58d6ee9
0x7ff7a58d6f15

APIs

WriteFile.KERNELBASE ref: 00007FF7A58D6EC7
GetLastError.KERNEL32 ref: 00007FF7A58D6EE3

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: bdf35de7da0fe9738e658added52828c715cb454154cb50a2b4d779208d78752
Instruction ID: af48fa4d293e5e04679813189653ea096f5fd36261bca9cf26a658820466d338
Opcode Fuzzy Hash: bdf35de7da0fe9738e658added52828c715cb454154cb50a2b4d779208d78752
Instruction Fuzzy Hash: CA31F933A1A74596DB10AF16E440299B7A0FB59B80F954072DF8E43765DF3CD425C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588AD90 Relevance: 3.0, APIs: 2, Instructions: 21
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FF77FF7A588AD90(void* __rax, void* __rcx) {
				void* _t1;

				goto 0xa588adaa;
				_t1 = E00007FF77FF7A58BE884(__rax, __rcx);
				if (_t1 == 0) goto 0xa588adba;
				0xa58be874(); // executed
				if (__rax == 0) goto 0xa588ad9b;
				return _t1;
			}

0x7ff7a588ad99
0x7ff7a588ad9e
0x7ff7a588ada5
0x7ff7a588adaa
0x7ff7a588adb2
0x7ff7a588adb9

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A588ADC0

Part of subcall function 00007FF7A588B7A0: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7A588B7A9

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A588ADC6

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: 7c25d7624aeae4a733d52923e3b1c3ed67b8cdb0de9fb267a074ce0daa15308a
Instruction ID: 84ef3179c59ee520de1b06f011e8ea9c1e68f6db9126a434982447a33e9d92b3
Opcode Fuzzy Hash: 7c25d7624aeae4a733d52923e3b1c3ed67b8cdb0de9fb267a074ce0daa15308a
Instruction Fuzzy Hash: 15E0B600E1B50709F969316115560B880448F57BF3E9E1BB0D93D442F3AD1CA4728171

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58C22DC Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00007FF77FF7A58C22DC(void* __ecx, long long __rbx, signed int __rdx, long long __rsi, long long __r8, void* _a8, void* _a24) {
				long long _v24;
				void* _t19;
				void* _t23;
				void* _t30;
				void* _t31;

				_t19 = _t31;
				 *((long long*)(_t19 + 8)) = __rbx;
				 *((long long*)(_t19 + 0x18)) = __rsi;
				 *((long long*)(_t19 + 0x10)) = __rdx;
				_v24 = _t31 - 0x40;
				if (__rdx != 0) goto 0xa58c2337;
				 *((char*)(__r8 + 0x30)) = 1;
				 *((intOrPtr*)(__r8 + 0x2c)) = 0x16;
				 *((long long*)(_t19 - 0x20)) = __r8;
				 *(_t19 - 0x28) =  *(_t19 - 0x28) & __rdx;
				r9d = 0;
				r8d = 0;
				return E00007FF77FF7A58BE70C(_t19, __rdx, _t23, __rdx, __rsi, _t30, __r8) | 0xffffffff;
			}

0x7ff7a58c22dc
0x7ff7a58c22df
0x7ff7a58c22e3
0x7ff7a58c22e7
0x7ff7a58c22f0
0x7ff7a58c2300
0x7ff7a58c2302
0x7ff7a58c2307
0x7ff7a58c230f
0x7ff7a58c2313
0x7ff7a58c2317
0x7ff7a58c231a
0x7ff7a58c2336

APIs

_local_unwind.LIBVCRUNTIME ref: 00007FF7A58C23F5

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _local_unwind
String ID:
API String ID: 2437496627-0
Opcode ID: 2b53e33083fa640d4dba6dd24b5c2f2abbc1607aca38375ee2094fddb401ea58
Instruction ID: d61567fd08237867a71d74b608e3183f9a63069588fef3a5f7e39d1783796bb1
Opcode Fuzzy Hash: 2b53e33083fa640d4dba6dd24b5c2f2abbc1607aca38375ee2094fddb401ea58
Instruction Fuzzy Hash: FB41F232A2974582EB14EB25D45426CB3A1FB96FC4F864175EA4E077F2CF3DE0258720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588B16F Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00007FF77FF7A588B16F(void* __ebx, void* __edx, intOrPtr* __rax, void* __rsi, void* __r8, void* __r9, char _a32, void* _a64, void* _a72) {
				void* _t6;
				void* _t15;
				void* _t18;
				void* _t22;
				intOrPtr* _t45;
				intOrPtr* _t46;
				void* _t47;
				void* _t66;

				_t66 = __r8;
				_t45 = __rax;
				 *0xa591aa68 = 1;
				_t6 = E00007FF77FF7A58BFDDC(_t47, 0xa58e2438, 0xa58e2480); // executed
				if (_t6 == 0) goto 0xa588b19a;
				goto 0xa588b273;
				E00007FF77FF7A58BFD98(_t47, 0xa58e23b8, 0xa58e2430); // executed
				 *0xa591aa68 = 2;
				goto 0xa588b1c1;
				sil = 1;
				_a32 = sil;
				E00007FF77FF7A588BA70(E00007FF77FF7A588AF78(__ebx, 0xa58e2430));
				if ( *_t45 == 0) goto 0xa588b1f4;
				if (E00007FF77FF7A588AEE0(_t45, _t45) == 0) goto 0xa588b1f4;
				r8d = 0;
				_t2 = _t66 + 2; // 0x2
				_t46 =  *_t45;
				E00007FF77FF7A588BA78( *0xa58e2390());
				if ( *_t46 == 0) goto 0xa588b216;
				if (E00007FF77FF7A588AEE0(_t46, _t46) == 0) goto 0xa588b216;
				_t56 =  *_t46;
				_t15 = E00007FF77FF7A58BED4C( *_t46);
				0xa58bf724();
				E00007FF77FF7A58BACBC(E00007FF77FF7A58BACC4(_t15));
				_t67 = _t46;
				_t59 =  *_t46;
				_t18 = E00007FF77FF7A5884C00( *_t46, _t2, E00007FF77FF7A588AEE0(_t46, _t46),  *_t46,  *_t46, _t46, __rsi); // executed
				if (E00007FF77FF7A588B6BC(_t46) == 0) goto 0xa588b298;
				if (sil != 0) goto 0xa588b24d;
				E00007FF77FF7A58BED30( *_t46,  *_t46, _t46);
				E00007FF77FF7A588AF9C(1, 0);
				_t22 = _t18;
				if (E00007FF77FF7A588B6BC(_t46) == 0) goto 0xa588b2a0;
				if (_a32 != 0) goto 0xa588b271;
				E00007FF77FF7A58BED20(_t56, _t59, _t67);
				return _t22;
			}

0x7ff7a588b16f
0x7ff7a588b16f
0x7ff7a588b16f
0x7ff7a588b187
0x7ff7a588b18e
0x7ff7a588b195
0x7ff7a588b1a8
0x7ff7a588b1ad
0x7ff7a588b1b7
0x7ff7a588b1b9
0x7ff7a588b1bc
0x7ff7a588b1c8
0x7ff7a588b1d4
0x7ff7a588b1e0
0x7ff7a588b1e2
0x7ff7a588b1e5
0x7ff7a588b1eb
0x7ff7a588b1f4
0x7ff7a588b200
0x7ff7a588b20c
0x7ff7a588b20e
0x7ff7a588b211
0x7ff7a588b216
0x7ff7a588b226
0x7ff7a588b22b
0x7ff7a588b22e
0x7ff7a588b233
0x7ff7a588b241
0x7ff7a588b246
0x7ff7a588b248
0x7ff7a588b251
0x7ff7a588b256
0x7ff7a588b263
0x7ff7a588b26a
0x7ff7a588b26c
0x7ff7a588b282

APIs

__scrt_release_startup_lock.LIBCMT ref: 00007FF7A588B1C3

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: __scrt_release_startup_lock
String ID:
API String ID: 2859049428-0
Opcode ID: 0e35e4132cf2b38f6cada4f4ffa2ecb93965c66bcc23d392eaa010e83f94785f
Instruction ID: 5ddbc120761c6fcea30d6d0d099bd25a8d29cda966c322803b16565cd2fee3fb
Opcode Fuzzy Hash: 0e35e4132cf2b38f6cada4f4ffa2ecb93965c66bcc23d392eaa010e83f94785f
Instruction Fuzzy Hash: 8E211820A0B10385EA50BB2594513BD93A1EF87FC6FCA44B5E90D4B2F3DE6CE824C260

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5892BB4 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E00007FF77FF7A5892BB4(void* __edx, void* __edi, long long __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24, long long _a32) {
				void* _v8;
				char _v120;
				char _v168;
				char _v200;
				long long _t44;
				long long _t47;
				long long* _t58;
				void* _t67;
				void* _t68;

				_a16 = __rbx;
				_a24 = __rbp;
				_a32 = __rsi;
				_t58 = __rcx;
				_a8 = 0;
				if (__rcx == 0) goto 0xa5892c9d;
				if ( *((intOrPtr*)(__rcx)) != __rsi) goto 0xa5892c9d;
				E00007FF77FF7A588AD90(__rax, __rcx);
				_t47 = __rax;
				_a8 = __rax;
				if (__rax == 0) goto 0xa5892c88;
				_t44 = _a8;
				if (_t44 == 0) goto 0xa5892c20;
				if ( *((intOrPtr*)(_t44 + 0x28)) != 0) goto 0xa5892c27;
				goto 0xa5892c27;
				E00007FF77FF7A5881AF0(_t44, __rax,  &_v120, 0xa58f1aab); // executed
				 *(_t47 + 8) =  *(_t47 + 8) & 0x00000000;
				 *_t47 = 0xa58e2b10;
				E00007FF77FF7A5893D04(0xa58e2b10,  &_v200, 0xa58f1aab, _t67);
				asm("movups xmm0, [eax]");
				asm("movups [ebx+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebx+0x20], xmm1");
				E00007FF77FF7A5893EF8(0xa58e2b10, _t47,  &_v168, _t68);
				asm("movups xmm0, [eax]");
				asm("movups [ebx+0x30], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebx+0x40], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [ebx+0x50], xmm0");
				 *((intOrPtr*)(_t47 + 0x58)) =  *0x7FF7A58E2B38;
				goto 0xa5892c8a;
				 *_t58 = _t47;
				if ((sil & 0x00000001) == 0) goto 0xa5892c9d;
				E00007FF77FF7A5881B70(_t47,  &_v120);
				return 2;
			}

0x7ff7a5892bb4
0x7ff7a5892bb9
0x7ff7a5892bbe
0x7ff7a5892bce
0x7ff7a5892bd3
0x7ff7a5892bdd
0x7ff7a5892be6
0x7ff7a5892bef
0x7ff7a5892bf4
0x7ff7a5892bf7
0x7ff7a5892c02
0x7ff7a5892c08
0x7ff7a5892c0f
0x7ff7a5892c18
0x7ff7a5892c1e
0x7ff7a5892c2c
0x7ff7a5892c36
0x7ff7a5892c41
0x7ff7a5892c49
0x7ff7a5892c4e
0x7ff7a5892c51
0x7ff7a5892c55
0x7ff7a5892c59
0x7ff7a5892c62
0x7ff7a5892c67
0x7ff7a5892c6a
0x7ff7a5892c6e
0x7ff7a5892c72
0x7ff7a5892c76
0x7ff7a5892c7b
0x7ff7a5892c83
0x7ff7a5892c86
0x7ff7a5892c8a
0x7ff7a5892c91
0x7ff7a5892c98
0x7ff7a5892cba

APIs

_Getctype.LIBCPMT ref: 00007FF7A5892C49

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Getctype
String ID:
API String ID: 2085600672-0
Opcode ID: e01211acad678512e8c9f9a7d41c11ef9c86504ab5f13e5c51d5a7af03b10bef
Instruction ID: 5f535b296d2c01f6a238e3f2473cdf76d3763bd88adb3fa08438972a6eb7d68d
Opcode Fuzzy Hash: e01211acad678512e8c9f9a7d41c11ef9c86504ab5f13e5c51d5a7af03b10bef
Instruction Fuzzy Hash: 47319422909B81C2E711EF24D0403BDB370FB59F84F859675EA4D13666EF38E990C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58C0A24 Relevance: 1.5, APIs: 1, Instructions: 41
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 70%

			E00007FF77FF7A58C0A24(char __ecx, long long __rax, long long __rdx, char _a8, char _a16, void* _a24, char _a32) {
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				char _v48;
				char _v56;
				signed long long _v64;
				signed long long _v72;
				void* _t34;
				void* _t36;
				void* _t37;
				long long _t40;
				void* _t49;
				void* _t50;
				void* _t54;
				void* _t55;
				void* _t61;
				void* _t63;

				_t52 = __rdx;
				_t40 = __rax;
				_t35 = __ecx;
				_a16 = __rdx;
				_a8 = __ecx;
				_v72 = _v72 & 0x00000000;
				_v64 = _v64 & 0x00000000;
				if (__ecx - 5 <= 0) goto 0xa58c0a58;
				E00007FF77FF7A58C189C(__rax);
				 *((intOrPtr*)(__rax)) = 0x16;
				E00007FF77FF7A58BE7DC();
				goto 0xa58c0abf;
				E00007FF77FF7A58CDB1C(__rax, _t49, _t50, __rdx, _t55, _t61, _t63);
				_a32 = _t40;
				E00007FF77FF7A58D307C(_t36, _t37, _t40, _t54);
				E00007FF77FF7A58D500C(_t35, _t40, _t49, _t50, _t52);
				 *(_a32 + 0x3a8) =  *(_a32 + 0x3a8) | 0x00000010;
				_v56 =  &_a32;
				_v48 =  &_v64;
				_v40 =  &_a32;
				_v32 =  &_v72;
				_v24 =  &_a8;
				_v16 =  &_a16;
				_t34 = E00007FF77FF7A58C0010( &_v48,  &_v56); // executed
				return _t34;
			}

0x7ff7a58c0a24
0x7ff7a58c0a24
0x7ff7a58c0a24
0x7ff7a58c0a24
0x7ff7a58c0a29
0x7ff7a58c0a35
0x7ff7a58c0a3a
0x7ff7a58c0a42
0x7ff7a58c0a44
0x7ff7a58c0a49
0x7ff7a58c0a4f
0x7ff7a58c0a56
0x7ff7a58c0a58
0x7ff7a58c0a5d
0x7ff7a58c0a61
0x7ff7a58c0a66
0x7ff7a58c0a7f
0x7ff7a58c0a8a
0x7ff7a58c0a92
0x7ff7a58c0a9a
0x7ff7a58c0aa2
0x7ff7a58c0aaa
0x7ff7a58c0ab2
0x7ff7a58c0ab6
0x7ff7a58c0ac4

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7A58C0A4F

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: e9d168d1777d844d69f54d3b368b4ad818abfd1f93f553ef224eb87772d6a040
Instruction ID: 7ff30451dcffe8e9293d28bf4a45fd3d51418f55bae24bfe100034534fbac1ba
Opcode Fuzzy Hash: e9d168d1777d844d69f54d3b368b4ad818abfd1f93f553ef224eb87772d6a040
Instruction Fuzzy Hash: FA111732A06B55DDEB10EFA0D4812EC37B4FB08758F910536EA4D12B69DF38C1A4C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58CD72C Relevance: 1.5, APIs: 1, Instructions: 36
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FF77FF7A58CD72C(void* __eax, signed int __rcx, signed int __rdx, void* __r10) {
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0xa58cd74b;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0xa58cd78e;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0xa58cd772;
				if (E00007FF77FF7A58C1760() == 0) goto 0xa58cd78e;
				if (E00007FF77FF7A58BE884(_t22,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0xa58cd78e;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0xa58cd75d;
				goto 0xa58cd79b;
				E00007FF77FF7A58C189C(_t22);
				 *_t22 = 0xc;
				return 0;
			}

0x7ff7a58cd72c
0x7ff7a58cd73b
0x7ff7a58cd73f
0x7ff7a58cd73f
0x7ff7a58cd749
0x7ff7a58cd757
0x7ff7a58cd75b
0x7ff7a58cd764
0x7ff7a58cd770
0x7ff7a58cd781
0x7ff7a58cd78a
0x7ff7a58cd78c
0x7ff7a58cd78e
0x7ff7a58cd793
0x7ff7a58cd7a0

APIs

RtlAllocateHeap.NTDLL(?,?,00000000,00007FF7A58CDCF6,?,?,?,00007FF7A58C18A5,?,?,?,?,00007FF7A58D9086,?,?,00000000), ref: 00007FF7A58CD781

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 968c845ed87d4b321e52bc9102041eed65099201d445c8c0aae46e598f6e45d5
Instruction ID: 1eb7c211c940f4ecc7441dc89940fd5a74101e203930733708768a39b00f03cf
Opcode Fuzzy Hash: 968c845ed87d4b321e52bc9102041eed65099201d445c8c0aae46e598f6e45d5
Instruction Fuzzy Hash: 96F06D54F0B34241FE65776259412B5D2845F8BF80F8E84B0DD0E8A6EAEE2CE8B142B1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58CE104 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E00007FF77FF7A58CE104(intOrPtr* __rax, void* __rcx, void* __r10) {

				if (__rcx - 0xffffffe0 > 0) goto 0xa58ce14f;
				_t16 =  ==  ? __rax : __rcx;
				goto 0xa58ce136;
				if (E00007FF77FF7A58C1760() == 0) goto 0xa58ce14f;
				if (E00007FF77FF7A58BE884(__rax,  ==  ? __rax : __rcx) == 0) goto 0xa58ce14f;
				RtlAllocateHeap(??, ??, ??); // executed
				if (__rax == 0) goto 0xa58ce121;
				goto 0xa58ce15c;
				E00007FF77FF7A58C189C(__rax);
				 *__rax = 0xc;
				return 0;
			}

0x7ff7a58ce111
0x7ff7a58ce11b
0x7ff7a58ce11f
0x7ff7a58ce128
0x7ff7a58ce134
0x7ff7a58ce142
0x7ff7a58ce14b
0x7ff7a58ce14d
0x7ff7a58ce14f
0x7ff7a58ce154
0x7ff7a58ce161

APIs

RtlAllocateHeap.NTDLL(?,?,?,00007FF7A58D906D,?,?,00000000,00007FF7A58D2647,?,?,?,00007FF7A58BF8AB,?,?,?,00007FF7A58BF7A1), ref: 00007FF7A58CE142

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e794aedb5bcc5608c2dcb883dda77c82c5eeae722e571f8254be60416ba6598f
Instruction ID: e0f18908854fc629a55b43734422ab78c78a813bb22dc7d33abd87cb02dfae73
Opcode Fuzzy Hash: e794aedb5bcc5608c2dcb883dda77c82c5eeae722e571f8254be60416ba6598f
Instruction Fuzzy Hash: DEF05E21F0F30684FA667661594227591905F4AFB1F8A46B1DD2E493E2DE1CE4704131

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF7A5882F80 Relevance: 42.5, APIs: 15, Strings: 9, Instructions: 523
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 39%

			E00007FF77FF7A5882F80(void* __ecx, void* __edx, void* __eflags, intOrPtr* __rcx, signed long long __rdx, signed long long __r9) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t151;
				signed long long _t171;
				intOrPtr _t174;
				signed long long _t268;
				signed long long _t269;
				signed long long _t274;
				signed long long _t275;
				long long _t277;
				signed long long _t279;
				signed long long _t283;
				void* _t287;
				char* _t301;
				void* _t319;
				long long _t321;
				void* _t331;
				intOrPtr _t379;
				intOrPtr _t382;
				intOrPtr _t385;
				void* _t390;
				intOrPtr _t394;
				intOrPtr _t401;
				intOrPtr _t417;
				intOrPtr _t420;
				intOrPtr _t423;
				intOrPtr _t428;
				intOrPtr _t431;
				intOrPtr _t434;
				char* _t437;
				char* _t438;
				signed long long* _t439;
				void* _t440;
				signed long long _t441;
				signed long long _t466;
				signed long long _t467;
				signed long long _t468;
				signed long long _t469;
				signed long long _t470;
				signed long long _t474;
				intOrPtr* _t476;
				signed long long _t477;

				_t461 = __r9;
				_t439 = _t440 - 0x58;
				_t441 = _t440 - 0x158;
				_t268 =  *0xa58fb008; // 0x485f0d1bb70c
				_t269 = _t268 ^ _t441;
				_t439[8] = _t269;
				_t437 = __r9;
				 *((intOrPtr*)(_t441 + 0x34)) = r8d;
				_t438 = __rdx;
				_t301 = __rcx;
				_t439[1] = __rcx;
				_t439[2] = __rdx;
				_t439[3] = __r9;
				 *(_t441 + 0x38) = _t439[0x18];
				r14d = 0;
				 *((intOrPtr*)(_t439 - 8)) = r14d;
				0xa5885e00();
				E00007FF77FF7A58824E0(_t269, _t439 - 8, __rdx, _t439);
				 *(_t441 + 0x40) = _t269;
				if (_t269 != 0) goto 0xa5883106;
				E00007FF77FF7A5888D50(__rcx, 0xa591b1b0, "Failed to read ", __rdx);
				if ( *((long long*)(__rdx + 0x18)) - 0x10 < 0) goto 0xa5883015;
				E00007FF77FF7A588A5F0(_t269,  *((intOrPtr*)(__rdx)),  *((intOrPtr*)(__rdx + 0x10)));
				E00007FF77FF7A5888D50(__rcx, _t269, "\n", __rdx);
				_t379 =  *((intOrPtr*)(__rcx + 0x18));
				if (_t379 - 0x10 < 0) goto 0xa588306b;
				if (_t379 + 1 - 0x1000 < 0) goto 0xa5883066;
				if ( *__rcx -  *((intOrPtr*)( *__rcx - 8)) - 8 - 0x1f > 0) goto 0xa5883766;
				E00007FF77FF7A588AAF0( *__rcx -  *((intOrPtr*)( *__rcx - 8)) - 8, __rcx, _t461);
				 *(_t301 + 0x10) = _t467;
				 *((long long*)(_t301 + 0x18)) = 0xf;
				 *_t301 = 0;
				_t382 =  *((intOrPtr*)(_t438 + 0x18));
				if (_t382 - 0x10 < 0) goto 0xa58830b4;
				if (_t382 + 1 - 0x1000 < 0) goto 0xa58830af;
				if ( *_t438 -  *((intOrPtr*)( *_t438 - 8)) - 8 - 0x1f > 0) goto 0xa5883742;
				E00007FF77FF7A588AAF0( *_t438 -  *((intOrPtr*)( *_t438 - 8)) - 8, _t301, _t461);
				 *(_t438 + 0x10) = _t467;
				 *((long long*)(_t438 + 0x18)) = 0xf;
				 *_t438 = 0;
				_t385 =  *((intOrPtr*)(_t437 + 0x18));
				if (_t385 - 0x10 < 0) goto 0xa58830fd;
				if (_t385 + 1 - 0x1000 < 0) goto 0xa58830f8;
				if ( *_t437 -  *((intOrPtr*)( *_t437 - 8)) - 8 - 0x1f > 0) goto 0xa5883748;
				_t151 = E00007FF77FF7A588AAF0( *_t437 -  *((intOrPtr*)( *_t437 - 8)) - 8, _t301, _t461);
				 *(_t437 + 0x10) = _t467;
				goto 0xa5883715;
				r8d =  *((intOrPtr*)(_t439 - 8));
				E00007FF77FF7A58828F0(_t151,  &(_t439[4]),  *_t437 -  *((intOrPtr*)( *_t437 - 8)) - 8);
				 *(_t441 + 0x48) = _t439 - 0x28;
				_t274 = _t441 + 0x58;
				 *(_t441 + 0x50) = _t274;
				0xa5885e00();
				 *_t439 = _t274;
				 *(_t441 + 0x58) = _t467;
				 *(_t441 + 0x68) = _t467;
				 *(_t441 + 0x70) = _t467;
				_t468 = _t439[4];
				_t466 = _t439[7];
				_t463 =  >=  ? _t468 :  &(_t439[4]);
				_t275 = _t439[6];
				if (_t275 - 0x10 >= 0) goto 0xa5883179;
				asm("inc ecx");
				asm("movups [esp+0x58], xmm0");
				r15d = 0xf;
				goto 0xa58831f6;
				_t474 =  >  ? 0xffffffff : _t275 | 0x0000000f;
				_t319 = _t474 + 1;
				if (_t319 - 0x1000 < 0) goto 0xa58831cd;
				_t277 = _t319 + 0x27;
				if (_t277 - _t319 <= 0) goto 0xa588374e;
				E00007FF77FF7A588AD90(_t277, _t277);
				_t321 = _t277;
				if (_t277 == 0) goto 0xa5883754;
				_t279 = _t277 + 0x00000027 & 0xffffffe0;
				 *((long long*)(_t279 - 8)) = _t321;
				goto 0xa58831db;
				if (_t321 == 0) goto 0xa58831d9;
				E00007FF77FF7A588AD90(_t279, _t321);
				goto 0xa58831db;
				 *(_t441 + 0x58) = _t279;
				_t390 =  >=  ? _t468 :  &(_t439[4]);
				E00007FF77FF7A58B6D20();
				 *(_t441 + 0x68) = _t439[6];
				 *(_t441 + 0x70) = _t474;
				0xa5885e00();
				 *(_t441 + 0x28) =  *(_t441 + 0x38);
				 *((long long*)(_t441 + 0x20)) =  *_t439;
				r9d =  *((intOrPtr*)(_t441 + 0x34));
				0xa5882af0();
				E00007FF77FF7A5885D70(_t301, _t301, _t439[6]);
				_t394 =  *((intOrPtr*)(_t439 - 0x70));
				if (_t394 - 0x10 < 0) goto 0xa588327c;
				if (_t394 + 1 - 0x1000 < 0) goto 0xa5883277;
				_t283 =  *(_t441 + 0x78) -  *((intOrPtr*)( *(_t441 + 0x78) - 8)) + 0xfffffff8;
				if (_t283 - 0x1f > 0) goto 0xa588375a;
				E00007FF77FF7A588AAF0(_t283, _t301, _t461);
				r15d = 0;
				 *((intOrPtr*)(_t439 - 4)) = r15d;
				 *_t439 = _t474;
				if (E00007FF77FF7A58BACCC(_t283, _t439) != 0) goto 0xa5883601;
				 *(_t441 + 0x78) = _t474;
				 *(_t439 - 0x78) = _t474;
				 *((long long*)(_t439 - 0x70)) = 0xf;
				if ( *((intOrPtr*)( *_t439 + 0xffffffff)) != r15b) goto 0xa58832b4;
				E00007FF77FF7A5887430(_t441 + 0x78,  *_t439, 0);
				_t331 = _t441 + 0x78;
				E00007FF77FF7A58824E0(_t331, _t439 - 4, _t438, _t439);
				 *(_t441 + 0x48) = _t283;
				if (_t283 == 0) goto 0xa5883601;
				 *((intOrPtr*)(_t441 + 0x30)) =  *((intOrPtr*)(_t439 - 8)) + 0x15 +  *(_t437 + 0x10) +  *((intOrPtr*)(_t439 - 4));
				_t74 = _t331 + 4; // 0x4
				r9d = _t74;
				r8d = 0x3000;
				VirtualAlloc(??, ??, ??, ??);
				 *(_t441 + 0x50) = _t283;
				if (_t283 != 0) goto 0xa58833cb;
				r8d = 0x8000;
				VirtualFree(??, ??, ??);
				r8d = 0x8000;
				VirtualFree(??, ??, ??);
				if (_t466 - 0x10 < 0) goto 0xa588337a;
				if (_t466 + 1 - 0x1000 < 0) goto 0xa5883371;
				_t469 =  *((intOrPtr*)(_t468 - 8));
				if (_t468 - _t469 + 0xfffffff8 - 0x1f > 0) goto 0xa5883760;
				E00007FF77FF7A588AAF0(_t468 - _t469 + 0xfffffff8, _t301, _t461);
				_t401 =  *((intOrPtr*)(_t301 + 0x18));
				if (_t401 - 0x10 < 0) goto 0xa58833b4;
				if (_t401 + 1 - 0x1000 < 0) goto 0xa58833af;
				_t287 =  *_t301 -  *((intOrPtr*)( *_t301 - 8)) - 8;
				if (_t287 - 0x1f > 0) goto 0xa5883766;
				E00007FF77FF7A588AAF0(_t287, _t301, _t461);
				r14d = 0;
				 *(_t301 + 0x10) = _t469;
				 *((long long*)(_t301 + 0x18)) = 0xf;
				 *_t301 = r14b;
				goto 0xa588307a;
				r8d =  *((intOrPtr*)(_t439 - 4));
				E00007FF77FF7A58B6D20();
				_t476 = _t283 + _t287;
				 *((long long*)(_t476 + 0xc)) = 0;
				 *_t476 = 0xdeadbeef;
				 *((intOrPtr*)(_t476 + 4)) =  *((intOrPtr*)(_t441 + 0x34));
				_t171 =  *(_t441 + 0x38);
				 *(_t476 + 8) = _t171;
				if ( *(_t437 + 0x10) == 0) goto 0xa5883429;
				 *((intOrPtr*)(_t476 + 0xc)) = _t171 + 1;
				if ( *((long long*)(_t437 + 0x18)) - 0x10 < 0) goto 0xa588341d;
				E00007FF77FF7A58B6D20();
				 *((intOrPtr*)(_t476 + 0x10)) =  *((intOrPtr*)(_t439 - 8));
				r8d =  *((intOrPtr*)(_t439 - 8));
				_t174 =  *((intOrPtr*)(_t476 + 0xc));
				E00007FF77FF7A58B6D20();
				0xa5885e00();
				r8d =  *((intOrPtr*)(_t441 + 0x30));
				_t477 =  *(_t441 + 0x50);
				0xa5882690();
				 *((intOrPtr*)(_t441 + 0x30)) = _t174;
				if (_t174 != 0) goto 0xa588348a;
				E00007FF77FF7A5888D50(_t301, 0xa591b1b0, "Failed to drop the Emotet loader bundle to ", _t438);
				if ( *((long long*)(_t301 + 0x18)) - 0x10 < 0) goto 0xa588349c;
				E00007FF77FF7A588A5F0( *(_t437 + 0x10),  *_t301,  *(_t301 + 0x10));
				E00007FF77FF7A5888D50(_t301,  *(_t437 + 0x10), "\n", _t438);
				r8d = 0x8000;
				VirtualFree(??, ??, ??);
				r8d = 0x8000;
				VirtualFree(??, ??, ??);
				r8d = 0x8000;
				VirtualFree(??, ??, ??);
				if (_t466 - 0x10 < 0) goto 0xa5883525;
				if (_t466 + 1 - 0x1000 < 0) goto 0xa588351c;
				_t470 =  *((intOrPtr*)(_t469 - 8));
				if (_t469 - _t470 + 0xfffffff8 - 0x1f > 0) goto 0xa5883760;
				E00007FF77FF7A588AAF0(_t469 - _t470 + 0xfffffff8, _t301, _t461);
				_t417 =  *((intOrPtr*)(_t301 + 0x18));
				if (_t417 - 0x10 < 0) goto 0xa588355f;
				if (_t417 + 1 - 0x1000 < 0) goto 0xa588355a;
				if ( *_t301 -  *((intOrPtr*)( *_t301 - 8)) - 8 - 0x1f > 0) goto 0xa5883766;
				E00007FF77FF7A588AAF0( *_t301 -  *((intOrPtr*)( *_t301 - 8)) - 8, _t301, _t461);
				r14d = 0;
				 *(_t301 + 0x10) = _t470;
				 *((long long*)(_t301 + 0x18)) = 0xf;
				 *_t301 = r14b;
				_t420 =  *((intOrPtr*)(_t438 + 0x18));
				if (_t420 - 0x10 < 0) goto 0xa58835ab;
				if (_t420 + 1 - 0x1000 < 0) goto 0xa58835a6;
				if ( *_t438 -  *((intOrPtr*)( *_t438 - 8)) - 8 - 0x1f > 0) goto 0xa5883742;
				E00007FF77FF7A588AAF0( *_t438 -  *((intOrPtr*)( *_t438 - 8)) - 8, _t301, _t461);
				 *(_t438 + 0x10) = _t470;
				 *((long long*)(_t438 + 0x18)) = 0xf;
				 *_t438 = 0;
				_t423 =  *((intOrPtr*)(_t437 + 0x18));
				if (_t423 - 0x10 < 0) goto 0xa58835f4;
				if (_t423 + 1 - 0x1000 < 0) goto 0xa58835ef;
				if ( *_t437 -  *((intOrPtr*)( *_t437 - 8)) - 8 - 0x1f > 0) goto 0xa5883748;
				E00007FF77FF7A588AAF0( *_t437 -  *((intOrPtr*)( *_t437 - 8)) - 8, _t301, _t461);
				 *(_t437 + 0x10) = _t470;
				goto 0xa5883717;
				r8d = 0x8000;
				VirtualFree(??, ??, ??);
				if (_t466 - 0x10 < 0) goto 0xa588364d;
				if (_t466 + 1 - 0x1000 < 0) goto 0xa5883644;
				if (_t470 -  *((intOrPtr*)(_t470 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa5883760;
				E00007FF77FF7A588AAF0(_t470 -  *((intOrPtr*)(_t470 - 8)) + 0xfffffff8, _t301, _t461);
				_t428 =  *((intOrPtr*)(_t301 + 0x18));
				if (_t428 - 0x10 < 0) goto 0xa5883687;
				if (_t428 + 1 - 0x1000 < 0) goto 0xa5883682;
				if ( *_t301 -  *((intOrPtr*)( *_t301 - 8)) - 8 - 0x1f > 0) goto 0xa5883766;
				E00007FF77FF7A588AAF0( *_t301 -  *((intOrPtr*)( *_t301 - 8)) - 8, _t301, _t461);
				 *(_t301 + 0x10) = _t477;
				 *((long long*)(_t301 + 0x18)) = 0xf;
				 *_t301 = 0;
				_t431 =  *((intOrPtr*)(_t438 + 0x18));
				if (_t431 - 0x10 < 0) goto 0xa58836cc;
				if (_t431 + 1 - 0x1000 < 0) goto 0xa58836c7;
				if ( *_t438 -  *((intOrPtr*)( *_t438 - 8)) - 8 - 0x1f > 0) goto 0xa5883742;
				E00007FF77FF7A588AAF0( *_t438 -  *((intOrPtr*)( *_t438 - 8)) - 8, _t301, _t461);
				 *(_t438 + 0x10) = _t477;
				 *((long long*)(_t438 + 0x18)) = 0xf;
				 *_t438 = 0;
				_t434 =  *((intOrPtr*)(_t437 + 0x18));
				if (_t434 - 0x10 < 0) goto 0xa5883711;
				if (_t434 + 1 - 0x1000 < 0) goto 0xa588370c;
				if ( *_t437 -  *((intOrPtr*)( *_t437 - 8)) - 8 - 0x1f > 0) goto 0xa5883748;
				E00007FF77FF7A588AAF0( *_t437 -  *((intOrPtr*)( *_t437 - 8)) - 8, _t301, _t461);
				 *(_t437 + 0x10) = _t477;
				 *((long long*)(_t437 + 0x18)) = 0xf;
				 *_t437 = 0;
				return E00007FF77FF7A588AAD0(0, _t171 + 1, _t439[8] ^ _t441);
			}

0x7ff7a5882f80
0x7ff7a5882f8d
0x7ff7a5882f92
0x7ff7a5882f99
0x7ff7a5882fa0
0x7ff7a5882fa3
0x7ff7a5882fa7
0x7ff7a5882faa
0x7ff7a5882faf
0x7ff7a5882fb2
0x7ff7a5882fb5
0x7ff7a5882fb9
0x7ff7a5882fbd
0x7ff7a5882fc7
0x7ff7a5882fcb
0x7ff7a5882fce
0x7ff7a5882fd6
0x7ff7a5882fe2
0x7ff7a5882fe7
0x7ff7a5882fef
0x7ff7a5883003
0x7ff7a5883010
0x7ff7a588301c
0x7ff7a588302b
0x7ff7a5883031
0x7ff7a5883039
0x7ff7a5883048
0x7ff7a588305d
0x7ff7a5883066
0x7ff7a588306b
0x7ff7a588306f
0x7ff7a5883077
0x7ff7a588307a
0x7ff7a5883082
0x7ff7a5883091
0x7ff7a58830a6
0x7ff7a58830af
0x7ff7a58830b4
0x7ff7a58830b8
0x7ff7a58830c0
0x7ff7a58830c3
0x7ff7a58830cb
0x7ff7a58830da
0x7ff7a58830ef
0x7ff7a58830f8
0x7ff7a58830fd
0x7ff7a5883101
0x7ff7a5883106
0x7ff7a5883111
0x7ff7a588311b
0x7ff7a5883120
0x7ff7a5883125
0x7ff7a5883131
0x7ff7a5883136
0x7ff7a588313a
0x7ff7a588313f
0x7ff7a5883144
0x7ff7a588314d
0x7ff7a5883151
0x7ff7a5883159
0x7ff7a588315d
0x7ff7a5883165
0x7ff7a5883167
0x7ff7a588316c
0x7ff7a5883171
0x7ff7a5883177
0x7ff7a588318d
0x7ff7a5883191
0x7ff7a588319c
0x7ff7a588319e
0x7ff7a58831a5
0x7ff7a58831ae
0x7ff7a58831b3
0x7ff7a58831b9
0x7ff7a58831c3
0x7ff7a58831c7
0x7ff7a58831cb
0x7ff7a58831d0
0x7ff7a58831d2
0x7ff7a58831d7
0x7ff7a58831db
0x7ff7a58831e7
0x7ff7a58831ed
0x7ff7a58831f6
0x7ff7a58831fb
0x7ff7a5883207
0x7ff7a5883211
0x7ff7a5883219
0x7ff7a588321e
0x7ff7a5883230
0x7ff7a588323b
0x7ff7a5883240
0x7ff7a5883248
0x7ff7a588325c
0x7ff7a5883269
0x7ff7a5883271
0x7ff7a5883277
0x7ff7a588327c
0x7ff7a588327f
0x7ff7a5883283
0x7ff7a5883292
0x7ff7a5883298
0x7ff7a588329d
0x7ff7a58832a1
0x7ff7a58832bb
0x7ff7a58832c2
0x7ff7a58832cb
0x7ff7a58832d0
0x7ff7a58832d8
0x7ff7a58832e0
0x7ff7a58832f4
0x7ff7a58832fc
0x7ff7a58832fc
0x7ff7a5883300
0x7ff7a5883306
0x7ff7a588330f
0x7ff7a5883317
0x7ff7a588331f
0x7ff7a588332a
0x7ff7a5883332
0x7ff7a588333b
0x7ff7a5883346
0x7ff7a5883356
0x7ff7a588335c
0x7ff7a588336b
0x7ff7a5883374
0x7ff7a588337a
0x7ff7a5883382
0x7ff7a5883391
0x7ff7a588339e
0x7ff7a58833a6
0x7ff7a58833af
0x7ff7a58833b4
0x7ff7a58833b7
0x7ff7a58833bb
0x7ff7a58833c3
0x7ff7a58833c6
0x7ff7a58833cb
0x7ff7a58833d5
0x7ff7a58833dd
0x7ff7a58833e0
0x7ff7a58833e8
0x7ff7a58833f3
0x7ff7a58833f7
0x7ff7a58833fb
0x7ff7a5883406
0x7ff7a588340c
0x7ff7a5883418
0x7ff7a5883424
0x7ff7a588342c
0x7ff7a5883430
0x7ff7a5883434
0x7ff7a5883447
0x7ff7a5883453
0x7ff7a5883458
0x7ff7a588345d
0x7ff7a5883468
0x7ff7a588346d
0x7ff7a5883481
0x7ff7a588348a
0x7ff7a5883497
0x7ff7a58834a3
0x7ff7a58834b2
0x7ff7a58834b9
0x7ff7a58834c2
0x7ff7a58834ca
0x7ff7a58834d3
0x7ff7a58834db
0x7ff7a58834e6
0x7ff7a58834f1
0x7ff7a5883501
0x7ff7a5883507
0x7ff7a5883516
0x7ff7a588351f
0x7ff7a5883525
0x7ff7a588352d
0x7ff7a588353c
0x7ff7a5883551
0x7ff7a588355a
0x7ff7a588355f
0x7ff7a5883562
0x7ff7a5883566
0x7ff7a588356e
0x7ff7a5883571
0x7ff7a5883579
0x7ff7a5883588
0x7ff7a588359d
0x7ff7a58835a6
0x7ff7a58835ab
0x7ff7a58835af
0x7ff7a58835b7
0x7ff7a58835ba
0x7ff7a58835c2
0x7ff7a58835d1
0x7ff7a58835e6
0x7ff7a58835ef
0x7ff7a58835f4
0x7ff7a58835fc
0x7ff7a5883603
0x7ff7a588360e
0x7ff7a5883619
0x7ff7a5883629
0x7ff7a588363e
0x7ff7a5883647
0x7ff7a588364d
0x7ff7a5883655
0x7ff7a5883664
0x7ff7a5883679
0x7ff7a5883682
0x7ff7a5883687
0x7ff7a588368b
0x7ff7a5883693
0x7ff7a5883696
0x7ff7a588369e
0x7ff7a58836ad
0x7ff7a58836c2
0x7ff7a58836c7
0x7ff7a58836cc
0x7ff7a58836d0
0x7ff7a58836d8
0x7ff7a58836db
0x7ff7a58836e3
0x7ff7a58836f2
0x7ff7a5883707
0x7ff7a588370c
0x7ff7a5883711
0x7ff7a5883717
0x7ff7a588371f
0x7ff7a5883741

APIs

Part of subcall function 00007FF7A58824E0: CreateFileA.KERNELBASE ref: 00007FF7A5882538
Part of subcall function 00007FF7A58824E0: GetFileSize.KERNEL32 ref: 00007FF7A5882558
Part of subcall function 00007FF7A58824E0: VirtualAlloc.KERNELBASE ref: 00007FF7A5882582
Part of subcall function 00007FF7A58824E0: ReadFile.KERNELBASE ref: 00007FF7A58825A4
Part of subcall function 00007FF7A58824E0: FindCloseChangeNotification.KERNELBASE ref: 00007FF7A58825B6

_get_pgmptr.LIBCMT ref: 00007FF7A588328B
VirtualAlloc.KERNEL32 ref: 00007FF7A5883306
VirtualFree.KERNEL32 ref: 00007FF7A588332A
VirtualFree.KERNEL32 ref: 00007FF7A588333B
VirtualFree.KERNEL32 ref: 00007FF7A58834C2
VirtualFree.KERNEL32 ref: 00007FF7A58834D3
VirtualFree.KERNEL32 ref: 00007FF7A58834E6
VirtualFree.KERNEL32 ref: 00007FF7A588360E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5883742
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5883748
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A588374E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5883754
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A588375A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5883760
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5883766

Strings

_computer_name_, xrefs: 00007FF7A5882D57
Emotet loader bundle was dropped to , xrefs: 00007FF7A588347A
Failed to drop the Emotet loader bundle to , xrefs: 00007FF7A5883483
_epoch_, xrefs: 00007FF7A5882C65
%08X, xrefs: 00007FF7A5882DB3
_serial_random, xrefs: 00007FF7A5882DEB
_serial_, xrefs: 00007FF7A5882D9B
_computer_name_random, xrefs: 00007FF7A5882D7F
Failed to read , xrefs: 00007FF7A5882FF5

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Virtual$Free_invalid_parameter_noinfo_noreturn$File$Alloc$ChangeCloseConcurrency::cancel_current_taskCreateFindNotificationReadSize_get_pgmptr
String ID: %08X$Emotet loader bundle was dropped to $Failed to drop the Emotet loader bundle to $Failed to read $_computer_name_$_computer_name_random$_epoch_$_serial_$_serial_random
API String ID: 1153325498-1774043173
Opcode ID: 467b5edd5df38d3ea601695aecbc1d52f605d0373bc45ae67833c05d6145a926
Instruction ID: 426b25f0f1bc289a7db62391d2112c74f292cc218038b82900b1c8e1596c4d6d
Opcode Fuzzy Hash: 467b5edd5df38d3ea601695aecbc1d52f605d0373bc45ae67833c05d6145a926
Instruction Fuzzy Hash: 7C22E472B0AA8186EB04EB29E85436DA361FB06FD5F814171DA5D07BF6DF7CE4A08350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58DAEB0 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203
COMMONCrypto

Download Yara Rule

C-Code - Quality: 80%

			E00007FF77FF7A58DAEB0(void* __edx, void* __rbx, unsigned int __rcx, void* __rdi, void* __rsi, long long __r9, signed int __r10, void* __r12, void* __r14, void* __r15) {
				void* _t29;
				signed long long _t33;
				void* _t44;
				void* _t45;
				void* _t47;
				void* _t48;
				signed long long _t49;
				long long _t56;

				_t45 = __rdi;
				_t47 = _t48 - 0x6e0;
				_t49 = _t48 - 0x7e0;
				_t33 =  *0xa58fb008; // 0x485f0d1bb70c
				 *(_t47 + 0x6d0) = _t33 ^ _t49;
				_t56 =  *((intOrPtr*)(_t47 + 0x740));
				 *(_t49 + 0x30) = __rcx;
				 *((long long*)(_t49 + 0x78)) = _t56;
				 *((long long*)(_t47 - 0x78)) = __r9;
				 *((intOrPtr*)(_t49 + 0x74)) = r8d;
				E00007FF77FF7A58DE2C4(_t29, _t49 + 0x60, _t44, __rdi, __r10);
				r15d = 1;
				if (( *(_t49 + 0x60) & 0x0000001f) != 0x1f) goto 0xa58daf1c;
				 *((char*)(_t49 + 0x68)) = 0;
				goto 0xa58daf2b;
				E00007FF77FF7A58DE330(( *(_t49 + 0x60) & 0x0000001f) - 0x1f, _t49 + 0x60, __rsi);
				 *((intOrPtr*)(_t49 + 0x68)) = r15b;
				 *((long long*)(__r9 + 8)) = _t56;
				_t15 = _t45 + 0xd; // 0x2d
				_t22 =  <  ? _t15 : 0x20;
				r8d = 0;
				 *((intOrPtr*)(__r9)) =  <  ? _t15 : 0x20;
				E00007FF77FF7A58DE260(0, _t33 ^ _t49, _t49 + 0x70);
				r10d = 0x7ff;
				if (( *(_t49 + 0x30) >> 0x00000034 & __r10) != 0) goto 0xa58daf96;
			}

0x7ff7a58daeb0
0x7ff7a58daebb
0x7ff7a58daec3
0x7ff7a58daeca
0x7ff7a58daed4
0x7ff7a58daedb
0x7ff7a58daee5
0x7ff7a58daef1
0x7ff7a58daef6
0x7ff7a58daefa
0x7ff7a58daeff
0x7ff7a58daf08
0x7ff7a58daf13
0x7ff7a58daf15
0x7ff7a58daf1a
0x7ff7a58daf21
0x7ff7a58daf26
0x7ff7a58daf37
0x7ff7a58daf3f
0x7ff7a58daf42
0x7ff7a58daf45
0x7ff7a58daf4a
0x7ff7a58daf53
0x7ff7a58daf5b
0x7ff7a58daf72

APIs

fegetenv.LIBCMT ref: 00007FF7A58DAEFF
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7A58DB532
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7A58DB6A8
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7A58DB964
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7A58DBB84
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7A58DBDBF
memcpy_s.LIBCPMT ref: 00007FF7A58DBE9A
memcpy_s.LIBCPMT ref: 00007FF7A58DBF45
memcpy_s.LIBCPMT ref: 00007FF7A58DC015

Part of subcall function 00007FF7A58C6CBC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A58C6CEE

Strings

1#SNAN, xrefs: 00007FF7A58DB012
1#IND, xrefs: 00007FF7A58DAFEF
1#QNAN, xrefs: 00007FF7A58DB01B
1#INF, xrefs: 00007FF7A58DB02B

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 7a875299fce6eb7c2984cdaf00c8e15cfe16ae5232e0c5270b01bc0c33c34fc6
Instruction ID: 7017633b2b99eb04145994b146ac591b79b29294a3a0dbee586590ed6079682c
Opcode Fuzzy Hash: 7a875299fce6eb7c2984cdaf00c8e15cfe16ae5232e0c5270b01bc0c33c34fc6
Instruction Fuzzy Hash: 4EB23273A1B2828BF7649F24D440BFDB2E1FB46B89F910175DA0957AA4DF38A910CF10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED1924 Relevance: 13.1, Strings: 10, Instructions: 649
COMMONCrypto

Download Yara Rule

C-Code - Quality: 34%

			E00007FFA7FFA0AED1924(long long __rbx, void* __rcx, signed int __rdx, long long __rdi, long long __rsi) {
				void* __rbp;
				signed int _t717;
				void* _t925;
				void* _t927;
				void* _t929;
				void* _t932;
				long long _t955;
				signed long long _t957;
				signed long long _t958;
				signed long long _t959;
				signed long long _t961;
				void* _t981;
				long long _t983;
				void* _t984;
				void* _t986;
				void* _t993;
				void* _t996;
				void* _t998;
				void* _t1001;
				void* _t1004;
				void* _t1006;

				_t978 = __rsi;
				_t966 = __rcx;
				_t962 = __rbx;
				_t955 = _t983;
				 *((long long*)(_t955 + 8)) = __rbx;
				 *((long long*)(_t955 + 0x10)) = __rsi;
				 *((long long*)(_t955 + 0x18)) = __rdi;
				_t981 = _t955 - 0x3f;
				_t984 = _t983 - 0xd0;
				 *(_t984 + 0x38) = 0x20;
				r15d = r8d;
				 *(_t984 + 0x30) =  *(_t981 + 0x77);
				 *(_t984 + 0x28) =  *(_t981 + 0x6f);
				 *(_t984 + 0x20) =  *(_t981 + 0x67);
				E00007FFA7FFA0AEE3C78( *(_t981 + 0x67), __rcx, __rdx, _t986, _t993);
				r14d = 0;
				 *((intOrPtr*)(_t981 - 1)) = 0x68f4f;
				 *((long long*)(_t981 + 3)) = _t955;
				 *((intOrPtr*)(_t981 + 0xb)) = 0;
				if (0xc0d2 - 0x4f81f > 0) goto 0xaed220e;
				if (0xc0d2 == 0x4f81f) goto 0xaed21bb;
				if (0xc0d2 == 0x1401) goto 0xaed1fc2;
				if (0xc0d2 == 0xc0d2) goto 0xaed1fb8;
				if (0xc0d2 == 0x11c92) goto 0xaed1c6d;
				if (0xc0d2 == 0x1ff82) goto 0xaed1ac3;
				if (0xc0d2 != 0x24b89) goto 0xaed23f0;
				 *(_t981 - 0x41) = 0x6166f0;
				r9d = r15d;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) | 0x3375e4b6;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0x3375e6f6;
				 *(_t981 - 0x35) = 0x3d8f51;
				 *(_t981 - 0x35) =  *(_t981 - 0x35) << 2;
				 *(_t981 - 0x35) =  *(_t981 - 0x35) + 0x43b3;
				 *(_t981 - 0x35) =  *(_t981 - 0x35) * 0x6e;
				 *(_t981 - 0x35) =  *(_t981 - 0x35) ^ 0x69e98686;
				 *(_t981 - 0x45) = 0xfdd7dc;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) >> 0xd;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0x00092152;
				 *(_t981 - 0x49) = 0x32ed17;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) * 0x6d;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x15ab036e;
				 *(_t981 + 0x7f) = 0x186d2b;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) << 0xe;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) + 0xffff5795;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) << 0xd;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x42fd398f;
				 *(_t984 + 0x38) =  *(_t981 + 0x7f);
				 *(_t984 + 0x30) =  *(_t981 - 0x49);
				_t717 =  *(_t981 - 0x41);
				r8d =  *(_t981 - 0x45);
				 *(_t984 + 0x28) = _t717;
				 *(_t984 + 0x20) = __rdx;
				E00007FFA7FFA0AED8838(_t1006, _t1004);
				 *(_t981 + 0x7f) = 0x7ac1b9;
				r8d = _t717;
				 *(_t981 + 0x7f) = 0xcccccccd *  *(_t981 + 0x7f) >> 0x20 >> 3;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x000c4692;
				_t925 =  ==  ? 0x87910 : 0x68228;
				goto 0xaed1994;
				 *(_t981 - 0x45) = 0x92340f;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) >> 0xc;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) >> 6;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) * 0x63;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0x00000dec;
				 *(_t981 - 0x2d) = 0x447984;
				 *(_t981 - 0x2d) =  *(_t981 - 0x2d) << 4;
				 *(_t981 - 0x2d) =  *(_t981 - 0x2d) * 0x7d;
				 *(_t981 - 0x2d) =  *(_t981 - 0x2d) << 0x10;
				 *(_t981 - 0x2d) =  *(_t981 - 0x2d) ^ 0x57400000;
				 *(_t981 - 0x3d) = 0x591705;
				 *(_t981 - 0x3d) =  *(_t981 - 0x3d) + 0x5aa2;
				 *(_t981 - 0x3d) =  *(_t981 - 0x3d) + 0x245d;
				 *(_t981 - 0x3d) =  *(_t981 - 0x3d) ^ 0x005485be;
				 *(_t981 - 0x39) = 0xa306eb;
				 *(_t981 - 0x39) =  *(_t981 - 0x39) | 0xc4b10017;
				 *(_t981 - 0x39) =  *(_t981 - 0x39) ^ 0x85b0d678;
				 *(_t981 - 0x39) =  *(_t981 - 0x39) | 0xdc41bb4e;
				 *(_t981 - 0x39) =  *(_t981 - 0x39) ^ 0xdd46a47d;
				 *(_t981 - 0x31) = 0xa417e5;
				 *(_t981 - 0x31) =  *(_t981 - 0x31) >> 7;
				 *(_t981 - 0x31) =  *(_t981 - 0x31) | 0xa96d6457;
				 *(_t981 - 0x31) =  *(_t981 - 0x31) ^ 0xd00b6d06;
				 *(_t981 - 0x31) =  *(_t981 - 0x31) ^ 0x796ab5d9;
				 *(_t981 - 0x49) = 0x9c9c71;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) << 0xa;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) << 5;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x4e3587c6;
				 *(_t981 - 0x41) = 0xc6009d;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) | 0x0f19d0be;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) + 0xf7a8;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0x0fe847f7;
				 *(_t981 - 0x35) = 0x533095;
				 *(_t981 - 0x35) =  *(_t981 - 0x35) >> 0xf;
				 *(_t981 - 0x35) =  *(_t981 - 0x35) | 0x1e6c415a;
				 *(_t981 - 0x35) =  *(_t981 - 0x35) ^ 0x8979c5b2;
				 *(_t981 - 0x35) =  *(_t981 - 0x35) ^ 0x971eae19;
				 *(_t981 + 0x7f) = 0x95c269;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) * 0x76;
				 *(_t981 + 0x7f) = 0xb21642c9 *  *(_t981 + 0x7f) >> 0x20 >> 4;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) + 0xffffea8f;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x03039a75;
				 *(_t984 + 0x68) =  *(_t981 + 0x7f);
				 *(_t984 + 0x60) =  *(_t981 - 0x35);
				 *(_t984 + 0x58) =  *(_t981 - 0x2d);
				 *(_t984 + 0x50) =  *(_t981 - 0x41);
				 *(_t984 + 0x48) =  *((intOrPtr*)(_t981 - 0x21));
				 *((intOrPtr*)(_t984 + 0x40)) =  *((intOrPtr*)(_t981 - 0x11));
				 *(_t984 + 0x38) =  *(_t981 - 0x49);
				_t957 = _t981 - 0x29;
				 *(_t984 + 0x30) = _t957;
				 *(_t984 + 0x28) =  *(_t981 - 0x31);
				r9d =  *(_t981 - 0x3d);
				 *(_t984 + 0x20) =  *(_t981 - 0x39);
				E00007FFA7FFA0AED74FC( *(_t981 - 0x45), r8d -  *(_t981 + 0x7f), _t957, __rbx, __rcx,  *((intOrPtr*)(_t981 - 0x29)), __rsi, _t981,  *(_t981 - 0x19));
				 *(_t981 + 0x7f) = 0xa7b64a;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) * 0x2f;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x1eca7796;
				_t927 =  ==  ? 0x24b89 : 0x4f81f;
				goto 0xaed1999;
				 *(_t981 - 0x45) = 0x773f;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) | 0xfe4ae5ff;
				 *(_t981 - 0x45) = 0xf0f0f0f1 *  *(_t981 - 0x45) >> 0x20 >> 6;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0x03b3fcb0;
				 *(_t981 - 0x41) = 0x42b7c0;
				 *(_t981 - 0x41) = ( *(_t981 - 0x41) - (0xaf286bcb *  *(_t981 - 0x41) >> 0x20) >> 1) + (0xaf286bcb *  *(_t981 - 0x41) >> 0x20) >> 4;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0x5f50442e;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0x5f594f83;
				 *(_t981 + 0x7f) = 0xb522e7;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) >> 0xc;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) + 0xffff3621;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) << 7;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0xffad8f3d;
				 *(_t981 - 0x49) = 0x2e2569;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) >> 7;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x6bbc05e7;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x6bb34186;
				r9d =  *(_t981 + 0x7f);
				r8d =  *(_t981 - 0x41);
				 *(_t984 + 0x20) =  *(_t981 - 0x49);
				E00007FFA7FFA0AEDE090(_t957, _t962, _t966, 0x7ffa0aed1558, _t981, _t996, _t1001, _t998);
				 *(_t981 + 0x7f) = 0xcd8ad5;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) * 0x34;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) << 2;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0xa70590ab;
				 *(_t981 - 0x45) = 0x1cea8b;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) + 0xffff35e7;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0x00148d7d;
				 *(_t981 - 0x41) = 0xdf82a5;
				 *(_t981 - 0x41) = 0x4ec4ec4f *  *(_t981 - 0x41) >> 0x20 >> 2;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0x0013c51a;
				 *(_t981 - 0x49) = 0x85433c;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) << 8;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x85472892;
				r9d =  *(_t981 - 0x41);
				r8d =  *(_t981 - 0x45);
				 *(_t984 + 0x20) =  *(_t981 - 0x49);
				E00007FFA7FFA0AEDE090(_t957, _t962, _t966, 0x7ffa0aed14c8, _t981, _t996);
				 *(_t981 + 0x7f) = 0x7735f0;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) << 5;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) >> 7;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) << 3;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x00ee6be0;
				 *(_t981 - 0x45) = 0x64cc9d;
				 *(_t981 - 0x45) = 0xe6c2b449 *  *(_t981 - 0x45) >> 0x20 >> 6;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) << 0xa;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) | 0xa2667395;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0xa7e9754d;
				 *(_t981 - 0x3d) = 0xdff554;
				 *(_t981 - 0x3d) =  *(_t981 - 0x3d) + 0x3379;
				 *(_t981 - 0x3d) = ( *(_t981 - 0x3d) - (0x24924925 *  *(_t981 - 0x3d) >> 0x20) >> 1) + (0x24924925 *  *(_t981 - 0x3d) >> 0x20) >> 4;
				 *(_t981 - 0x3d) =  *(_t981 - 0x3d) ^ 0x000d7ee2;
				 *(_t981 - 0x41) = 0x287a74;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) + 0xa58b;
				_t958 = _t981 - 0x21;
				 *(_t984 + 0x38) = _t958;
				 *(_t984 + 0x30) = _t957;
				 *(_t981 - 0x41) = 0xcccccccd *  *(_t981 - 0x41) >> 0x20 >> 5;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0x000da73e;
				 *(_t981 - 0x49) = 0x6d6d73;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) + 0x1510;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) + 0x49de;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x006c397d;
				 *(_t984 + 0x28) =  *(_t981 + 0x7f);
				r9d =  *(_t981 - 0x41);
				 *(_t984 + 0x20) =  *(_t981 - 0x49);
				E00007FFA7FFA0AEE3D14();
				 *(_t981 + 0x7f) = 0x137c32;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) >> 0xe;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x0000004d;
				 *(_t981 - 0x45) = 0x691161;
				_t929 =  ==  ? 0x1401 : 0x4e298;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0xa188dca0;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) + 0xffffb676;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) << 0xb;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0x0c2084bd;
				 *(_t981 + 0x7f) = 0x835f13;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) | 0x642baf63;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) * 0x78;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) * 0x46;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x4ba30240;
				 *(_t981 - 0x41) = 0x6b21b1;
				 *(_t981 - 0x41) = ( *(_t981 - 0x41) - (0x1f7047dd *  *(_t981 - 0x41) >> 0x20) >> 1) + (0x1f7047dd *  *(_t981 - 0x41) >> 0x20) >> 5;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0x000c924d;
				 *(_t981 - 0x49) = 0xfa352e;
				 *(_t981 - 0x49) = 0xf0f0f0f1 *  *(_t981 - 0x49) >> 0x20 >> 5;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x000400e5;
				r9d =  *(_t981 - 0x41);
				 *(_t984 + 0x20) =  *(_t981 - 0x49);
				E00007FFA7FFA0AED4448( *(_t981 + 0x7f), _t958, _t957, _t978, _t957);
				 *(_t981 - 0x45) = 0xedb1a4;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) + 0xaccf;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0x00e4d2c7;
				 *(_t981 - 0x41) = 0xb6fe83;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) << 4;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0x0b6db0d9;
				 *(_t981 + 0x7f) = 0x9ab47b;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) * 0x7e;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) + 0xffffb941;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) + 0xffff5abe;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x4c246ee4;
				 *(_t981 - 0x49) = 0xa7c70;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) + 0x4311;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x000bb9fe;
				r9d =  *(_t981 + 0x7f);
				 *(_t984 + 0x20) =  *(_t981 - 0x49);
				E00007FFA7FFA0AED4448( *(_t981 - 0x41), _t958, _t957, _t978, _t957);
				goto 0xaed23e1;
				goto 0xaed19a3;
				 *(_t981 - 0x45) = 0x59c829;
				 *(_t981 - 0x45) = _t958 + _t958 * 2 << 2;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0x043e9098;
				 *(_t981 - 0x41) = 0xfa79d8;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) | 0xdfcf96a5;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) * 0x6d;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0x5ff853fd;
				 *(_t981 - 0x49) = 0xa22512;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x354b1d8c;
				 *(_t981 - 0x49) = 0x22b63cbf *  *(_t981 - 0x49) >> 0x20 >> 4;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x007c3bcc;
				 *(_t981 + 0x7f) = 0xb66b6d;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) | 0x680dc061;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) >> 0xc;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x000e4f4c;
				r9d =  *(_t981 - 0x49);
				r8d =  *(_t981 - 0x41);
				 *(_t984 + 0x20) =  *(_t981 + 0x7f);
				E00007FFA7FFA0AEDE090(_t958, _t957, _t966, 0x7ffa0aed1508, _t981, _t996);
				 *(_t981 - 0x49) = 0xc15e5c;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0xd1b538d6;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) + 0xaf16;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0xd17515a0;
				 *(_t981 - 0x45) = 0xde7436;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) >> 1;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) + 0xbbf6;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) << 4;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0x06ffbbd2;
				 *(_t981 + 0x7f) = 0x62c674;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) << 0xe;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) << 6;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) + 0xffffb9d6;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x673c5260;
				 *(_t981 - 0x3d) = 0x283b5c;
				 *(_t981 - 0x3d) =  *(_t981 - 0x3d) * 0x5a;
				 *(_t981 - 0x3d) =  *(_t981 - 0x3d) ^ 0x0e2cb29c;
				 *(_t981 - 0x41) = 0x57027c;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) | 0xc11fd5b7;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0xc151a87f;
				 *(_t984 + 0x48) =  *(_t981 - 0x49);
				_t959 = _t981 - 0x11;
				 *(_t984 + 0x38) = _t959;
				 *(_t984 + 0x30) =  *(_t981 - 0x41);
				r8d =  *(_t981 + 0x7f);
				 *(_t984 + 0x28) = _t958;
				 *(_t984 + 0x20) =  *(_t981 - 0x3d);
				E00007FFA7FFA0AEDF40C();
				 *(_t981 + 0x7f) = 0x77ae39;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x8a47dc21;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) + 0xdff;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x8a308017;
				 *(_t981 + 0x7f) = 0xf61043;
				_t932 =  ==  ? 0xdc2a1 : 0xc884e;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) >> 0xf;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) + 0xb0cf;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) >> 0x10;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x000bb1e9;
				 *(_t981 - 0x45) = 0x86d3c;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) + 0xffff501b;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0x000695aa;
				 *(_t981 - 0x49) = 0x70225b;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) + 0x5f14;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x5f2799ce;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x5f53f1bb;
				 *(_t981 - 0x41) = 0x82ee89;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) + 0xffff635d;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0x008563c4;
				r9d =  *(_t981 - 0x49);
				 *(_t984 + 0x20) =  *(_t981 - 0x41);
				E00007FFA7FFA0AED4448( *(_t981 - 0x45), _t959, _t958, _t978, _t958);
				goto 0xaed1fae;
				 *(_t981 + 0x7f) = 0x995f2e;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) + 0x2dbb;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) << 3;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x26182e39;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x22ddb0c2;
				 *(_t981 - 0x49) = 0xae61ae;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) + 0xcf69;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) * 0x5e;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x405d11ab;
				r8d =  *(_t981 - 0x49);
				E00007FFA7FFA0AED89D0(_t959,  *(_t981 - 0x19));
				goto 0xaed1994;
				if (0xc884e == 0x68228) goto 0xaed2397;
				if (0xc884e == 0x87910) goto 0xaed22b8;
				if (0xc884e == 0xc884e) goto 0xaed2401;
				if (0xc884e !=  *(_t981 + 0x7f)) goto 0xaed23f0;
				 *(_t981 - 0x41) = 0x4ca127;
				 *(_t981 - 0x41) = 0xca4587e7 *  *(_t981 - 0x41) >> 0x20 >> 6;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0x000c94fa;
				 *(_t981 - 0x49) = 0x912588;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) + 0x6a62;
				 *(_t981 - 0x49) = 0x8d3dcb09 *  *(_t981 - 0x49) >> 0x20 >> 4;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x0009778a;
				 *(_t981 + 0x7f) = 0x4a3cc1;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) * 0x23;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) + 0xffffce33;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x0a224a6d;
				E00007FFA7FFA0AEDDE9C( *((intOrPtr*)(_t981 - 0x11)), 0x8d3dcb09 *  *(_t981 - 0x49) >> 0x20 >> 4, _t959);
				 *(_t981 - 0x19) = _t959;
				asm("sbb esi, esi");
				goto 0xaed1994;
				 *(_t981 - 0x49) = 0x72a691;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) + 0xffff4b1a;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) | 0xd0139ece;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0xd073ffef;
				 *(_t981 - 0x45) = 0xbf23f;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) << 4;
				 *(_t981 - 0x45) = ( *(_t981 - 0x45) - (0x24924925 *  *(_t981 - 0x45) >> 0x20) >> 1) + (0x24924925 *  *(_t981 - 0x45) >> 0x20) >> 6;
				 *(_t981 - 0x45) = 0xf0f0f0f1 *  *(_t981 - 0x45) >> 0x20 >> 4;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0x000dd5ba;
				 *(_t981 + 0x7f) = 0x9dbfdc;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) | 0x019a6615;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) >> 8;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) >> 7;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x000b0328;
				 *(_t981 - 0x41) = 0xbe217b;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) + 0x70e4;
				 *(_t981 - 0x41) =  *(_t981 - 0x41) ^ 0x00b5bcc4;
				_t961 =  *((intOrPtr*)(_t981 - 0x29));
				 *(_t984 + 0x30) = _t961;
				r8d =  *(_t981 + 0x7f);
				 *(_t984 + 0x28) = 0x20;
				 *(_t984 + 0x20) =  *(_t981 - 0x41);
				E00007FFA7FFA0AED4E60();
				 *(_t981 + 0x7f) = 0xb8e8ce;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) + 0xae9b;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x00b99769;
				r14d =  ==  ? 1 : r14d;
				goto 0xaed1994;
				 *(_t981 + 0x7f) = 0x3eb04b;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) << 0x10;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) + 0xdeff;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) >> 4;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x0b0d81a5;
				 *(_t981 - 0x49) = 0x15fcdc;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0xfaf1906c;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) >> 0xd;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0x000fb216;
				E00007FFA7FFA0AEE40D4();
				if (0x4f81f == 0x4e298) goto 0xaed24e6;
				goto 0xaed19a3;
				 *(_t981 - 0x39) = 0xaaab4c;
				 *(_t981 - 0x39) =  *(_t981 - 0x39) + 0xcb5f;
				 *(_t981 - 0x39) =  *(_t981 - 0x39) + 0xc10a;
				 *(_t981 - 0x39) =  *(_t981 - 0x39) * 0x62;
				 *(_t981 - 0x39) =  *(_t981 - 0x39) ^ 0x41ed534a;
				 *(_t981 - 0x49) = 0x7031cc;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) + 0xffff4183;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) << 0xd;
				 *(_t981 - 0x49) =  *(_t981 - 0x49) ^ 0xee647636;
				 *(_t981 - 0x3d) = 0x561651;
				 *(_t981 - 0x3d) =  *(_t981 - 0x3d) ^ 0xd9c5804e;
				 *(_t981 - 0x3d) =  *(_t981 - 0x3d) | 0xac317b74;
				 *(_t981 - 0x3d) =  *(_t981 - 0x3d) << 9;
				 *(_t981 - 0x3d) =  *(_t981 - 0x3d) ^ 0x67ffa2cf;
				 *(_t981 - 0x45) = 0xf7f94;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) << 8;
				 *(_t981 - 0x45) = _t961 + _t961 * 8 + _t961 + _t961 * 8;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) + 0x1d7;
				 *(_t981 - 0x45) =  *(_t981 - 0x45) ^ 0x16ffe9ba;
				 *(_t981 + 0x7f) = 0xe96344;
				 *(_t981 + 0x7f) = 0x7a44c6b *  *(_t981 + 0x7f) >> 0x20 >> 1;
				 *(_t981 + 0x7f) = ( *(_t981 + 0x7f) - (0x27350b89 *  *(_t981 + 0x7f) >> 0x20) >> 1) + (0x27350b89 *  *(_t981 + 0x7f) >> 0x20) >> 6;
				 *(_t981 + 0x7f) = 0xaaaaaaab *  *(_t981 + 0x7f) >> 0x20 >> 5;
				 *(_t981 + 0x7f) =  *(_t981 + 0x7f) ^ 0x00070db5;
				 *(_t984 + 0x28) =  *(_t981 + 0x7f);
				r9d =  *(_t981 - 0x3d);
				r8d =  *(_t981 - 0x39);
				 *(_t984 + 0x20) =  *(_t981 - 0x45);
				E00007FFA7FFA0AEDBE3C();
				return r14d;
			}

0x7ffa0aed1924
0x7ffa0aed1924
0x7ffa0aed1924
0x7ffa0aed1924
0x7ffa0aed1927
0x7ffa0aed192b
0x7ffa0aed192f
0x7ffa0aed193c
0x7ffa0aed1940
0x7ffa0aed194a
0x7ffa0aed1952
0x7ffa0aed1955
0x7ffa0aed195f
0x7ffa0aed1969
0x7ffa0aed196d
0x7ffa0aed1972
0x7ffa0aed197c
0x7ffa0aed198d
0x7ffa0aed1991
0x7ffa0aed19a9
0x7ffa0aed19af
0x7ffa0aed19b7
0x7ffa0aed19c3
0x7ffa0aed19cf
0x7ffa0aed19db
0x7ffa0aed19e3
0x7ffa0aed19e9
0x7ffa0aed19f0
0x7ffa0aed19f3
0x7ffa0aed19fa
0x7ffa0aed1a01
0x7ffa0aed1a08
0x7ffa0aed1a0c
0x7ffa0aed1a17
0x7ffa0aed1a1a
0x7ffa0aed1a21
0x7ffa0aed1a28
0x7ffa0aed1a2c
0x7ffa0aed1a33
0x7ffa0aed1a3e
0x7ffa0aed1a41
0x7ffa0aed1a48
0x7ffa0aed1a4f
0x7ffa0aed1a53
0x7ffa0aed1a5a
0x7ffa0aed1a5e
0x7ffa0aed1a68
0x7ffa0aed1a6f
0x7ffa0aed1a73
0x7ffa0aed1a76
0x7ffa0aed1a81
0x7ffa0aed1a85
0x7ffa0aed1a8a
0x7ffa0aed1a8f
0x7ffa0aed1a99
0x7ffa0aed1aab
0x7ffa0aed1aae
0x7ffa0aed1abb
0x7ffa0aed1abe
0x7ffa0aed1ac3
0x7ffa0aed1aca
0x7ffa0aed1ace
0x7ffa0aed1ad6
0x7ffa0aed1ad9
0x7ffa0aed1ae0
0x7ffa0aed1ae7
0x7ffa0aed1aef
0x7ffa0aed1af2
0x7ffa0aed1af6
0x7ffa0aed1afd
0x7ffa0aed1b0a
0x7ffa0aed1b11
0x7ffa0aed1b18
0x7ffa0aed1b1f
0x7ffa0aed1b26
0x7ffa0aed1b2d
0x7ffa0aed1b34
0x7ffa0aed1b3b
0x7ffa0aed1b42
0x7ffa0aed1b49
0x7ffa0aed1b4d
0x7ffa0aed1b54
0x7ffa0aed1b5b
0x7ffa0aed1b62
0x7ffa0aed1b69
0x7ffa0aed1b73
0x7ffa0aed1b76
0x7ffa0aed1b7d
0x7ffa0aed1b84
0x7ffa0aed1b8b
0x7ffa0aed1b92
0x7ffa0aed1b99
0x7ffa0aed1ba0
0x7ffa0aed1ba4
0x7ffa0aed1bab
0x7ffa0aed1bb2
0x7ffa0aed1bb9
0x7ffa0aed1bc4
0x7ffa0aed1bd4
0x7ffa0aed1bd7
0x7ffa0aed1bde
0x7ffa0aed1be8
0x7ffa0aed1bef
0x7ffa0aed1bf6
0x7ffa0aed1bfd
0x7ffa0aed1c05
0x7ffa0aed1c0d
0x7ffa0aed1c14
0x7ffa0aed1c18
0x7ffa0aed1c1c
0x7ffa0aed1c24
0x7ffa0aed1c2b
0x7ffa0aed1c36
0x7ffa0aed1c3a
0x7ffa0aed1c3f
0x7ffa0aed1c4c
0x7ffa0aed1c4f
0x7ffa0aed1c65
0x7ffa0aed1c68
0x7ffa0aed1c6d
0x7ffa0aed1c79
0x7ffa0aed1c8d
0x7ffa0aed1c90
0x7ffa0aed1c97
0x7ffa0aed1cb3
0x7ffa0aed1cb6
0x7ffa0aed1cbd
0x7ffa0aed1cc4
0x7ffa0aed1ccb
0x7ffa0aed1ccf
0x7ffa0aed1cd6
0x7ffa0aed1cda
0x7ffa0aed1ce1
0x7ffa0aed1ce8
0x7ffa0aed1cec
0x7ffa0aed1cf3
0x7ffa0aed1cfd
0x7ffa0aed1d01
0x7ffa0aed1d08
0x7ffa0aed1d0c
0x7ffa0aed1d11
0x7ffa0aed1d1f
0x7ffa0aed1d27
0x7ffa0aed1d2b
0x7ffa0aed1d32
0x7ffa0aed1d39
0x7ffa0aed1d40
0x7ffa0aed1d47
0x7ffa0aed1d56
0x7ffa0aed1d60
0x7ffa0aed1d67
0x7ffa0aed1d6e
0x7ffa0aed1d72
0x7ffa0aed1d7c
0x7ffa0aed1d80
0x7ffa0aed1d87
0x7ffa0aed1d8b
0x7ffa0aed1d90
0x7ffa0aed1d97
0x7ffa0aed1da3
0x7ffa0aed1da7
0x7ffa0aed1dab
0x7ffa0aed1db2
0x7ffa0aed1dc6
0x7ffa0aed1dc9
0x7ffa0aed1dcd
0x7ffa0aed1dd4
0x7ffa0aed1ddb
0x7ffa0aed1de2
0x7ffa0aed1dff
0x7ffa0aed1e02
0x7ffa0aed1e09
0x7ffa0aed1e10
0x7ffa0aed1e1c
0x7ffa0aed1e20
0x7ffa0aed1e28
0x7ffa0aed1e2d
0x7ffa0aed1e30
0x7ffa0aed1e37
0x7ffa0aed1e3e
0x7ffa0aed1e45
0x7ffa0aed1e4c
0x7ffa0aed1e56
0x7ffa0aed1e5d
0x7ffa0aed1e67
0x7ffa0aed1e6b
0x7ffa0aed1e70
0x7ffa0aed1e7c
0x7ffa0aed1e85
0x7ffa0aed1e8c
0x7ffa0aed1e9a
0x7ffa0aed1e9d
0x7ffa0aed1ea4
0x7ffa0aed1eab
0x7ffa0aed1eaf
0x7ffa0aed1eb6
0x7ffa0aed1ebd
0x7ffa0aed1ec8
0x7ffa0aed1ecf
0x7ffa0aed1ed7
0x7ffa0aed1ede
0x7ffa0aed1ef8
0x7ffa0aed1efb
0x7ffa0aed1f02
0x7ffa0aed1f11
0x7ffa0aed1f14
0x7ffa0aed1f1e
0x7ffa0aed1f28
0x7ffa0aed1f2c
0x7ffa0aed1f31
0x7ffa0aed1f38
0x7ffa0aed1f3f
0x7ffa0aed1f46
0x7ffa0aed1f4d
0x7ffa0aed1f51
0x7ffa0aed1f58
0x7ffa0aed1f66
0x7ffa0aed1f69
0x7ffa0aed1f70
0x7ffa0aed1f77
0x7ffa0aed1f7e
0x7ffa0aed1f85
0x7ffa0aed1f8c
0x7ffa0aed1f96
0x7ffa0aed1fa0
0x7ffa0aed1fa4
0x7ffa0aed1fb3
0x7ffa0aed1fbd
0x7ffa0aed1fc2
0x7ffa0aed1fd2
0x7ffa0aed1fd5
0x7ffa0aed1fdc
0x7ffa0aed1fe3
0x7ffa0aed1fee
0x7ffa0aed1ff6
0x7ffa0aed1ffd
0x7ffa0aed2004
0x7ffa0aed2013
0x7ffa0aed201d
0x7ffa0aed2024
0x7ffa0aed202b
0x7ffa0aed2032
0x7ffa0aed2036
0x7ffa0aed2040
0x7ffa0aed2044
0x7ffa0aed204b
0x7ffa0aed204f
0x7ffa0aed2054
0x7ffa0aed205f
0x7ffa0aed2069
0x7ffa0aed2070
0x7ffa0aed2077
0x7ffa0aed207e
0x7ffa0aed2081
0x7ffa0aed2088
0x7ffa0aed208c
0x7ffa0aed2093
0x7ffa0aed209a
0x7ffa0aed209e
0x7ffa0aed20a2
0x7ffa0aed20a9
0x7ffa0aed20b0
0x7ffa0aed20bb
0x7ffa0aed20be
0x7ffa0aed20c5
0x7ffa0aed20cc
0x7ffa0aed20d3
0x7ffa0aed20dd
0x7ffa0aed20e1
0x7ffa0aed20e5
0x7ffa0aed20ed
0x7ffa0aed20f4
0x7ffa0aed20ff
0x7ffa0aed2104
0x7ffa0aed2108
0x7ffa0aed210d
0x7ffa0aed2114
0x7ffa0aed211f
0x7ffa0aed2126
0x7ffa0aed2130
0x7ffa0aed213e
0x7ffa0aed2141
0x7ffa0aed2145
0x7ffa0aed214c
0x7ffa0aed2150
0x7ffa0aed2157
0x7ffa0aed2161
0x7ffa0aed2168
0x7ffa0aed216f
0x7ffa0aed2176
0x7ffa0aed217d
0x7ffa0aed2184
0x7ffa0aed218b
0x7ffa0aed2192
0x7ffa0aed2199
0x7ffa0aed21a3
0x7ffa0aed21ad
0x7ffa0aed21b1
0x7ffa0aed21b6
0x7ffa0aed21bb
0x7ffa0aed21c2
0x7ffa0aed21c9
0x7ffa0aed21cd
0x7ffa0aed21d4
0x7ffa0aed21db
0x7ffa0aed21e2
0x7ffa0aed21ed
0x7ffa0aed21f0
0x7ffa0aed21f7
0x7ffa0aed2202
0x7ffa0aed2209
0x7ffa0aed2214
0x7ffa0aed221c
0x7ffa0aed2224
0x7ffa0aed222c
0x7ffa0aed2232
0x7ffa0aed224b
0x7ffa0aed224e
0x7ffa0aed2255
0x7ffa0aed225c
0x7ffa0aed226b
0x7ffa0aed226e
0x7ffa0aed2275
0x7ffa0aed2280
0x7ffa0aed2283
0x7ffa0aed228a
0x7ffa0aed229d
0x7ffa0aed22a2
0x7ffa0aed22a9
0x7ffa0aed22b3
0x7ffa0aed22b8
0x7ffa0aed22c7
0x7ffa0aed22ce
0x7ffa0aed22d5
0x7ffa0aed22dc
0x7ffa0aed22e3
0x7ffa0aed22fa
0x7ffa0aed2305
0x7ffa0aed2308
0x7ffa0aed230f
0x7ffa0aed2316
0x7ffa0aed231d
0x7ffa0aed2321
0x7ffa0aed2325
0x7ffa0aed232c
0x7ffa0aed2333
0x7ffa0aed233a
0x7ffa0aed2341
0x7ffa0aed2345
0x7ffa0aed234d
0x7ffa0aed2357
0x7ffa0aed235f
0x7ffa0aed2363
0x7ffa0aed2368
0x7ffa0aed236f
0x7ffa0aed237d
0x7ffa0aed238e
0x7ffa0aed2392
0x7ffa0aed2397
0x7ffa0aed239e
0x7ffa0aed23a2
0x7ffa0aed23a9
0x7ffa0aed23ad
0x7ffa0aed23b4
0x7ffa0aed23bb
0x7ffa0aed23c2
0x7ffa0aed23c6
0x7ffa0aed23d7
0x7ffa0aed23f6
0x7ffa0aed23fc
0x7ffa0aed2401
0x7ffa0aed2408
0x7ffa0aed240f
0x7ffa0aed241a
0x7ffa0aed241d
0x7ffa0aed2424
0x7ffa0aed242b
0x7ffa0aed2432
0x7ffa0aed2436
0x7ffa0aed243d
0x7ffa0aed2444
0x7ffa0aed244b
0x7ffa0aed2452
0x7ffa0aed2456
0x7ffa0aed245d
0x7ffa0aed2464
0x7ffa0aed2475
0x7ffa0aed2478
0x7ffa0aed247f
0x7ffa0aed2486
0x7ffa0aed2499
0x7ffa0aed24af
0x7ffa0aed24ba
0x7ffa0aed24bd
0x7ffa0aed24c7
0x7ffa0aed24ce
0x7ffa0aed24d2
0x7ffa0aed24d9
0x7ffa0aed24e1
0x7ffa0aed2509

Strings

mJ", xrefs: 00007FFA0AED228A
tz(, xrefs: 00007FFA0AED1E09
6vd, xrefs: 00007FFA0AED2436
.DP_, xrefs: 00007FFA0AED1CB6
Dc, xrefs: 00007FFA0AED2486
\;(, xrefs: 00007FFA0AED20B0
, xrefs: 00007FFA0AED194A
R!, xrefs: 00007FFA0AED1A2C
JSA, xrefs: 00007FFA0AED241D
, xrefs: 00007FFA0AED2357

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: $ $.DP_$6vd$Dc$JSA$R!$\;($mJ"$tz(
API String ID: 0-219259320
Opcode ID: 2fcebe21e9f5ab69df9e1b385883422c08e272d42f916081dadf8396b860cbb2
Instruction ID: 686df591fa406f3e572e976b93715fb8e7fb136052ff65049b4b1fbedef6c96b
Opcode Fuzzy Hash: 2fcebe21e9f5ab69df9e1b385883422c08e272d42f916081dadf8396b860cbb2
Instruction Fuzzy Hash: 3072D477B06611CFE368DFB8D08A49D3BF2E75474C720412DEE06A7A68D7B8941ACB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D8848 Relevance: 10.8, APIs: 7, Instructions: 286
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 59%

			E00007FF77FF7A58D8848(signed int __ecx, void* __esi, signed int* __rax, void* __rcx, long long __rdx, long long __r8, char _a8, long long _a16, intOrPtr _a32) {
				signed int* _v72;
				char _v80;
				signed int _v88;
				signed int* _v96;
				void* _v104;
				signed int _v120;
				void* __rbx;
				void* __rdi;
				signed char _t127;
				signed int _t141;
				void* _t151;
				void* _t155;
				char _t169;
				char _t170;
				signed int _t174;
				void* _t178;
				void* _t193;
				void* _t194;
				void* _t195;
				unsigned int _t197;
				void* _t200;
				long long _t205;
				signed int* _t241;
				signed long long _t248;
				signed short* _t252;
				signed int* _t254;
				void* _t255;
				signed int* _t256;
				intOrPtr _t265;
				intOrPtr _t266;
				signed long long _t272;
				void* _t279;
				long long _t284;
				unsigned long long _t285;
				signed short* _t287;
				signed long long _t290;
				signed long long _t291;
				signed short* _t295;
				signed short* _t297;
				unsigned long long _t299;
				signed long long _t300;
				signed int* _t302;
				char* _t303;
				char* _t304;

				_t284 = __r8;
				_a16 = __rdx;
				r13d = r8d;
				if (r12d != 0xfffffffe) goto 0xa58d8883;
				E00007FF77FF7A58C187C(__rax);
				 *__rax =  *__rax & 0x00000000;
				E00007FF77FF7A58C189C(__rax);
				 *__rax = 9;
				goto 0xa58d8c7f;
				if (__ecx < 0) goto 0xa58d8c67;
				_t200 = r12d -  *0xa591c150; // 0x40
				if (_t200 >= 0) goto 0xa58d8c67;
				r8d = 1;
				_v80 = __r8;
				_t290 = __ecx >> 6;
				_v88 = _t290;
				_t300 = __ecx + __ecx * 8;
				_t265 =  *((intOrPtr*)(0xa591bd50 + _t290 * 8));
				if ((r8b &  *(_t265 + 0x38 + _t300 * 8)) == 0) goto 0xa58d8c67;
				if (r13d - 0x7fffffff <= 0) goto 0xa58d88f3;
				E00007FF77FF7A58C187C(__ecx);
				 *__ecx =  *__ecx & 0x00000000;
				_t127 = E00007FF77FF7A58C189C(__ecx);
				 *__ecx = 0x16;
				goto 0xa58d8c7a;
				if (r13d == 0) goto 0xa58d8c63;
				if ((_t127 & 0x00000002) != 0) goto 0xa58d8c63;
				_t205 = __rdx;
				if (_t205 == 0) goto 0xa58d88db;
				r11d =  *((char*)(_t265 + 0x39 + _t300 * 8));
				_t241 =  *((intOrPtr*)(_t265 + 0x28 + _t300 * 8));
				_v96 = _t241;
				_a8 = r11b;
				_t23 = _t255 + 4; // 0x4
				r15d = _t23;
				if (_t205 == 0) goto 0xa58d8962;
				if (r11d - r8d != r8d) goto 0xa58d895a;
				if ((r8b &  !r13d) != 0) goto 0xa58d895a;
				E00007FF77FF7A58C187C(_t241);
				 *_t241 =  *_t241 & 0;
				E00007FF77FF7A58C189C(_t241);
				 *_t241 = 0x16;
				E00007FF77FF7A58BE7DC();
				goto 0xa58d8af1;
				goto 0xa58d89e1;
				if ((r8b &  !r13d) == 0) goto 0xa58d893e;
				_t193 =  <  ? r15d : r13d >> 1;
				E00007FF77FF7A58CE104(_t241, __rcx, __rdx);
				_t256 = _t241;
				E00007FF77FF7A58CE0C8(_t241, __rcx);
				E00007FF77FF7A58CE0C8(_t241, __rcx);
				_t302 = _t256;
				if (_t256 != 0) goto 0xa58d89b3;
				E00007FF77FF7A58C189C(_t241);
				 *_t241 = 0xc;
				E00007FF77FF7A58C187C(_t241);
				 *_t241 = 8;
				goto 0xa58d8af1;
				_t28 = _t265 + 1; // 0x1
				r8d = _t28;
				E00007FF77FF7A58D8F0C(_t178, _t241, _t256, 0xa591bd50, _t279);
				_t291 = _v88;
				r8d = 1;
				r11b = _a8;
				 *( *((intOrPtr*)(0xa591bd50 + _t291 * 8)) + 0x30 + _t300 * 8) = _t241;
				_t266 =  *((intOrPtr*)(0xa591bd50 + _t291 * 8));
				_v72 = _t302;
				r10d = 0x7ff7a591bd5a;
				if (( *(_t266 + 0x38 + _t300 * 8) & 0x00000048) == 0) goto 0xa58d8a79;
				_t141 =  *((intOrPtr*)(_t266 + 0x3a + _t300 * 8));
				if (_t141 == r10b) goto 0xa58d8a79;
				if (_t193 == 0) goto 0xa58d8a79;
				 *_t302 = _t141;
				_t303 = _t302 + _t284;
				_t194 = _t193 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0xa591bd50 + _t291 * 8)) + 0x3a + _t300 * 8)) = r10b;
				if (r11b == 0) goto 0xa58d8a79;
				_t169 =  *((intOrPtr*)( *((intOrPtr*)(0xa591bd50 + _t291 * 8)) + 0x3b + _t300 * 8));
				if (_t169 == r10b) goto 0xa58d8a79;
				if (_t194 == 0) goto 0xa58d8a79;
				 *_t303 = _t169;
				_t304 = _t303 + _t284;
				_t195 = _t194 - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0xa591bd50 + _t291 * 8)) + 0x3b + _t300 * 8)) = r10b;
				if (r11b != r8b) goto 0xa58d8a79;
				_t170 =  *((intOrPtr*)( *((intOrPtr*)(0xa591bd50 + _t291 * 8)) + 0x3c + _t300 * 8));
				if (_t170 == r10b) goto 0xa58d8a79;
				if (_t195 == 0) goto 0xa58d8a79;
				 *_t304 = _t170;
				 *((intOrPtr*)( *((intOrPtr*)(0xa591bd50 + _t291 * 8)) + 0x3c + _t300 * 8)) = r10b;
				if (E00007FF77FF7A58DC37C(r12d,  *((intOrPtr*)(0xa591bd50 + _t291 * 8))) == 0) goto 0xa58d8b0f;
				_t248 =  *((intOrPtr*)(0xa591bd50 + _v88 * 8));
				if ( *((char*)(_t248 + 0x38 + _t300 * 8)) >= 0) goto 0xa58d8b0f;
				if (GetConsoleMode(??, ??) == 0) goto 0xa58d8b0f;
				if (_a8 != 2) goto 0xa58d8b14;
				_v120 = _v120 & 0x00000000;
				_t197 = _t195 - 1 >> 1;
				r8d = _t197;
				if (ReadConsoleW(??, ??, ??, ??, ??) != 0) goto 0xa58d8b03;
				E00007FF77FF7A58C1810(GetLastError(), _t248, _v96);
				E00007FF77FF7A58CE0C8(_t248, _t256);
				goto 0xa58d8c82;
				goto 0xa58d8b50;
				_v80 = 0;
				_v120 = _v120 & 0x00000000;
				r8d = _t197;
				if (ReadFile(??, ??, ??, ??, ??) == 0) goto 0xa58d8c2d;
				if (_a32 - r13d > 0) goto 0xa58d8c2d;
				if ( *((char*)( *((intOrPtr*)(0xa591bd50 + _v88 * 8)) + 0x38 + _t300 * 8)) >= 0) goto 0xa58d8af4;
				_t285 = 0xa591bd50 + _t248 * 2 + _a32;
				if (_a8 == 2) goto 0xa58d8b9b;
				_t272 = _t304 + _t284;
				_v120 = _t299 >> 1;
				_t151 = E00007FF77FF7A58D8458(_t150, 0, r12d, __esi, _t256, _t272, _t285, _a16);
				goto 0xa58d8af4;
				if (_v80 == 0) goto 0xa58d8c1b;
				_t297 = _v72;
				_t252 = _t297;
				_t295 =  &(_t297[_t285 >> 1]);
				if (_t297 - _t295 >= 0) goto 0xa58d8c0e;
				r11d = 0xa;
				_t174 =  *_t252 & 0x0000ffff;
				if (_t174 == 0x1a) goto 0xa58d8c03;
				if (_t174 != 0xd) goto 0xa58d8be9;
				_t287 =  &(_t252[1]);
				if (_t287 - _t295 >= 0) goto 0xa58d8be9;
				if ( *_t287 != r11w) goto 0xa58d8be9;
				r8d = 4;
				goto 0xa58d8bef;
				r8d = 2;
				 *_t297 = r11w & 0xffffffff;
				if (_t252 + _t287 - _t295 < 0) goto 0xa58d8bbf;
				goto 0xa58d8c0e;
				_t254 =  *((intOrPtr*)(0xa591bd50 + _t272 * 8));
				 *(_t254 + 0x38 + _t300 * 8) =  *(_t254 + 0x38 + _t300 * 8) | 0x00000002;
				goto 0xa58d8af4;
				E00007FF77FF7A58D8280(_t151, r12d, _t197, _v72,  &(_t297[1]));
				goto 0xa58d8b94;
				if (GetLastError() != 5) goto 0xa58d8c53;
				E00007FF77FF7A58C189C(_t254);
				 *_t254 = 9;
				_t155 = E00007FF77FF7A58C187C(_t254);
				 *_t254 = 5;
				goto 0xa58d8af1;
				if (_t155 != 0x6d) goto 0xa58d8aea;
				goto 0xa58d8af4;
				goto 0xa58d8c82;
				E00007FF77FF7A58C187C(_t254);
				 *_t254 =  *_t254 & 0x00000000;
				E00007FF77FF7A58C189C(_t254);
				 *_t254 = 9;
				return E00007FF77FF7A58BE7DC() | 0xffffffff;
			}

0x7ff7a58d8848
0x7ff7a58d8848
0x7ff7a58d8862
0x7ff7a58d8869
0x7ff7a58d886b
0x7ff7a58d8870
0x7ff7a58d8873
0x7ff7a58d8878
0x7ff7a58d887e
0x7ff7a58d8885
0x7ff7a58d888b
0x7ff7a58d8892
0x7ff7a58d88a5
0x7ff7a58d88ae
0x7ff7a58d88b3
0x7ff7a58d88b7
0x7ff7a58d88bc
0x7ff7a58d88c0
0x7ff7a58d88cc
0x7ff7a58d88d9
0x7ff7a58d88db
0x7ff7a58d88e0
0x7ff7a58d88e3
0x7ff7a58d88e8
0x7ff7a58d88ee
0x7ff7a58d88f6
0x7ff7a58d88fe
0x7ff7a58d8904
0x7ff7a58d8907
0x7ff7a58d8909
0x7ff7a58d8911
0x7ff7a58d8919
0x7ff7a58d891e
0x7ff7a58d8926
0x7ff7a58d8926
0x7ff7a58d892d
0x7ff7a58d8932
0x7ff7a58d893c
0x7ff7a58d893e
0x7ff7a58d8943
0x7ff7a58d8945
0x7ff7a58d894a
0x7ff7a58d8950
0x7ff7a58d8955
0x7ff7a58d8960
0x7ff7a58d896a
0x7ff7a58d8974
0x7ff7a58d897a
0x7ff7a58d8981
0x7ff7a58d8984
0x7ff7a58d898b
0x7ff7a58d8990
0x7ff7a58d8996
0x7ff7a58d8998
0x7ff7a58d899d
0x7ff7a58d89a3
0x7ff7a58d89a8
0x7ff7a58d89ae
0x7ff7a58d89b8
0x7ff7a58d89b8
0x7ff7a58d89bc
0x7ff7a58d89c1
0x7ff7a58d89c6
0x7ff7a58d89cc
0x7ff7a58d89d8
0x7ff7a58d89dd
0x7ff7a58d89e3
0x7ff7a58d89ee
0x7ff7a58d89f2
0x7ff7a58d89f8
0x7ff7a58d8a00
0x7ff7a58d8a04
0x7ff7a58d8a06
0x7ff7a58d8a14
0x7ff7a58d8a17
0x7ff7a58d8a1c
0x7ff7a58d8a24
0x7ff7a58d8a2a
0x7ff7a58d8a32
0x7ff7a58d8a36
0x7ff7a58d8a38
0x7ff7a58d8a43
0x7ff7a58d8a46
0x7ff7a58d8a48
0x7ff7a58d8a50
0x7ff7a58d8a56
0x7ff7a58d8a5e
0x7ff7a58d8a62
0x7ff7a58d8a64
0x7ff7a58d8a74
0x7ff7a58d8a83
0x7ff7a58d8a95
0x7ff7a58d8a9f
0x7ff7a58d8ab3
0x7ff7a58d8abd
0x7ff7a58d8acc
0x7ff7a58d8ad5
0x7ff7a58d8ad7
0x7ff7a58d8ae2
0x7ff7a58d8aec
0x7ff7a58d8af7
0x7ff7a58d8afe
0x7ff7a58d8b0d
0x7ff7a58d8b0f
0x7ff7a58d8b21
0x7ff7a58d8b27
0x7ff7a58d8b35
0x7ff7a58d8b43
0x7ff7a58d8b67
0x7ff7a58d8b71
0x7ff7a58d8b74
0x7ff7a58d8b84
0x7ff7a58d8b8a
0x7ff7a58d8b8f
0x7ff7a58d8b96
0x7ff7a58d8ba3
0x7ff7a58d8ba5
0x7ff7a58d8baa
0x7ff7a58d8bb0
0x7ff7a58d8bb7
0x7ff7a58d8bb9
0x7ff7a58d8bbf
0x7ff7a58d8bc6
0x7ff7a58d8bcc
0x7ff7a58d8bce
0x7ff7a58d8bd5
0x7ff7a58d8bdb
0x7ff7a58d8be1
0x7ff7a58d8be7
0x7ff7a58d8be9
0x7ff7a58d8bf2
0x7ff7a58d8bff
0x7ff7a58d8c01
0x7ff7a58d8c03
0x7ff7a58d8c08
0x7ff7a58d8c16
0x7ff7a58d8c23
0x7ff7a58d8c28
0x7ff7a58d8c36
0x7ff7a58d8c38
0x7ff7a58d8c3d
0x7ff7a58d8c43
0x7ff7a58d8c48
0x7ff7a58d8c4e
0x7ff7a58d8c56
0x7ff7a58d8c5e
0x7ff7a58d8c65
0x7ff7a58d8c67
0x7ff7a58d8c6c
0x7ff7a58d8c6f
0x7ff7a58d8c74
0x7ff7a58d8c91

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7A58D8C7A

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 18170bb92ce8a0ff203e04c0ae3abc8a02fcde7659d4eec91e5d15cbd2fa0518
Instruction ID: dfc10bb9f9432678d74c3e773bb84570eb16bbc30f2bc5fad7711f716e4bc8ba
Opcode Fuzzy Hash: 18170bb92ce8a0ff203e04c0ae3abc8a02fcde7659d4eec91e5d15cbd2fa0518
Instruction Fuzzy Hash: 5EC1B363A0F646A6E761BB159441379A7E0FB42F80F860171EA4E077B1CF7CE4758B21

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDE234 Relevance: 10.7, Strings: 8, Instructions: 738
COMMONCrypto

Download Yara Rule

C-Code - Quality: 79%

			E00007FFA7FFA0AEDE234(long long __rbx, long long __rdx, long long __r10) {
				void* _t83;
				void* _t87;
				void* _t96;
				void* _t98;
				void* _t99;
				void* _t101;
				void* _t102;

				_t83 = _t98;
				 *((long long*)(_t83 + 8)) = __rbx;
				 *((intOrPtr*)(_t83 + 0x20)) = r9d;
				 *(_t83 + 0x18) = r8w;
				 *((long long*)(_t83 + 0x10)) = __rdx;
				_t96 = _t83 - 0x3f;
				_t99 = _t98 - 0xd0;
				 *((intOrPtr*)(_t99 + 0x68)) =  *((intOrPtr*)(_t96 + 0xaf));
				 *((intOrPtr*)(_t99 + 0x60)) =  *((intOrPtr*)(_t96 + 0xa7));
				 *((long long*)(_t99 + 0x58)) =  *((intOrPtr*)(_t96 + 0x9f));
				 *((long long*)(_t99 + 0x50)) =  *((intOrPtr*)(_t96 + 0x97));
				 *((long long*)(_t99 + 0x48)) =  *((intOrPtr*)(_t96 + 0x8f));
				 *((intOrPtr*)(_t99 + 0x40)) =  *((intOrPtr*)(_t96 + 0x87));
				r8d = r8w & 0xffffffff;
				 *((intOrPtr*)(_t99 + 0x38)) =  *((intOrPtr*)(_t96 + 0x7f));
				 *((long long*)(_t99 + 0x30)) =  *((intOrPtr*)(_t96 + 0x77));
				 *((intOrPtr*)(_t99 + 0x28)) =  *((intOrPtr*)(_t96 + 0x6f));
				 *((intOrPtr*)(_t99 + 0x20)) =  *((intOrPtr*)(_t96 + 0x67));
				E00007FFA7FFA0AEE3C78( *((intOrPtr*)(_t96 + 0x67)), _t87, __rdx, _t101, _t102);
				 *((intOrPtr*)(_t96 - 0x11)) = 0xaa5fd;
				r10d = 0;
				 *((intOrPtr*)(_t96 - 0xd)) = 0;
				 *((long long*)(_t96 - 0x21)) = __r10;
				if (0x4f693 - 0xb646f > 0) goto 0xaedecca;
				if (0x4f693 == 0xb646f) goto 0xaedec89;
				if (0x4f693 == 0x1aa24) goto 0xaede6d5;
				if (0x4f693 == 0x482fc) goto 0xaede5b7;
				if (0x4f693 == 0x4f693) goto 0xaede576;
				if (0x4f693 == 0x726f8) goto 0xaede3b7;
				if (0x4f693 != 0x7a5e8) goto 0xaedf016;
				 *(_t96 + 0x57) = 0x2a0184;
				 *(_t96 + 0x57) =  *(_t96 + 0x57) + 0xb4a;
				 *(_t96 + 0x57) =  *(_t96 + 0x57) ^ 0xec5c8fc5;
				 *(_t96 + 0x57) =  *(_t96 + 0x57) ^ 0xecf6d829;
				 *(_t96 + 0x57) =  *(_t96 + 0x57) ^ 0x008473ef;
				 *(_t96 - 0x49) = 0x443a5b;
				 *(_t96 - 0x49) =  *(_t96 - 0x49) << 0xd;
				 *(_t96 - 0x49) = ( *(_t96 - 0x49) - (0xaf286bcb *  *(_t96 - 0x49) >> 0x20) >> 1) + (0xaf286bcb *  *(_t96 - 0x49) >> 0x20) >> 6;
				 *(_t96 - 0x49) =  *(_t96 - 0x49) ^ 0x01c1f210;
				r8d =  *(_t96 - 0x49);
				E00007FFA7FFA0AEE01E0();
				return 0;
			}

0x7ffa0aede234
0x7ffa0aede237
0x7ffa0aede23b
0x7ffa0aede23f
0x7ffa0aede244
0x7ffa0aede253
0x7ffa0aede257
0x7ffa0aede276
0x7ffa0aede280
0x7ffa0aede28b
0x7ffa0aede290
0x7ffa0aede295
0x7ffa0aede2a0
0x7ffa0aede2a7
0x7ffa0aede2ab
0x7ffa0aede2b2
0x7ffa0aede2b7
0x7ffa0aede2be
0x7ffa0aede2c2
0x7ffa0aede2c7
0x7ffa0aede2ce
0x7ffa0aede2d5
0x7ffa0aede2e4
0x7ffa0aede2f8
0x7ffa0aede2fe
0x7ffa0aede30a
0x7ffa0aede316
0x7ffa0aede322
0x7ffa0aede32e
0x7ffa0aede33a
0x7ffa0aede340
0x7ffa0aede347
0x7ffa0aede34e
0x7ffa0aede355
0x7ffa0aede35c
0x7ffa0aede363
0x7ffa0aede36a
0x7ffa0aede381
0x7ffa0aede387
0x7ffa0aede38e
0x7ffa0aede395
0x7ffa0aede3b6

Strings

>n-, xrefs: 00007FFA0AEDEAAC
|h^, xrefs: 00007FFA0AEDE902
#, xrefs: 00007FFA0AEDEB54
cZ=, xrefs: 00007FFA0AEDEC05
H&, xrefs: 00007FFA0AEDEE55
=yH, xrefs: 00007FFA0AEDEE9E
Zc, xrefs: 00007FFA0AEDE576
K+v, xrefs: 00007FFA0AEDEE71

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: #$=yH$>n-$H&$K+v$Zc$cZ=$|h^
API String ID: 0-1427886459
Opcode ID: b7044bf5bda7a92f26a918ee2c9508a53d92232eb846b3fee58329d7d71387fd
Instruction ID: 59969dc54d3ff49cd484bf750586306c99682591badf8897f1dd3d90c252aa35
Opcode Fuzzy Hash: b7044bf5bda7a92f26a918ee2c9508a53d92232eb846b3fee58329d7d71387fd
Instruction Fuzzy Hash: F492B777F146618FE368DFB4E08A59D3BF2E34474C710411DEE0AA7A98D7B8941ACB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D5898 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 77%

			E00007FF77FF7A58D5898(void* __ecx, void* __edx, long long __rbx, intOrPtr* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, void* __r8, signed int __r9, void* __r10) {
				intOrPtr _t37;
				intOrPtr _t49;
				void* _t50;
				void* _t87;
				intOrPtr* _t88;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t114;
				intOrPtr* _t118;
				long long _t121;
				void* _t122;
				void* _t124;
				signed long long _t137;
				void* _t138;
				void* _t140;
				int _t142;
				intOrPtr* _t143;
				void* _t145;
				intOrPtr* _t146;

				_t110 = __rdx;
				_t50 = __ecx;
				_t87 = _t124;
				 *((long long*)(_t87 + 8)) = __rbx;
				 *((long long*)(_t87 + 0x10)) = _t121;
				 *((long long*)(_t87 + 0x18)) = __rsi;
				 *((long long*)(_t87 + 0x20)) = __rdi;
				_t122 = __r8;
				_t143 = __rdx;
				_t114 = __rcx;
				E00007FF77FF7A58CDB1C(_t87, __rbx, __rcx, __rdx, __rsi, __r9, __r10, _t145);
				r12d = 0;
				_t5 = _t87 + 0x98; // 0x98
				_t93 = _t5;
				_t88 = _t114 + 0x80;
				 *((intOrPtr*)(_t93 + 0x10)) = r12d;
				_t8 = _t93 + 0x258; // 0x2f0
				_t146 = _t8;
				 *_t93 = _t114;
				_t9 = _t93 + 8; // 0xa0
				_t118 = _t9;
				 *_t146 = r12w;
				 *_t118 = _t88;
				if ( *_t88 == r12w) goto 0xa58d590d;
				_t10 = _t140 + 0x16; // 0x16
				E00007FF77FF7A58D57FC(_t10, _t93, 0xa58eaa60, _t114, _t118, _t118);
				if ( *((intOrPtr*)( *_t93)) == r12w) goto 0xa58d5963;
				if ( *((intOrPtr*)( *_t118)) == r12w) goto 0xa58d5926;
				E00007FF77FF7A58D518C(_t93, _t93, _t118, __r9);
				goto 0xa58d592b;
				E00007FF77FF7A58D525C(_t93, _t93, _t118, __r9);
				if ( *((intOrPtr*)(_t93 + 0x10)) != r12d) goto 0xa58d5972;
				if (E00007FF77FF7A58D57FC(0x40, _t93, 0xa58ea640, _t114, _t118, _t93) == 0) goto 0xa58d5968;
				_t90 =  *_t118;
				if ( *_t90 == r12w) goto 0xa58d595c;
				E00007FF77FF7A58D518C(_t93, _t93, _t93, __r9);
				goto 0xa58d5968;
				E00007FF77FF7A58D525C(_t93, _t93, _t93, __r9);
				goto 0xa58d5968;
				E00007FF77FF7A58D50E4(_t50,  *_t90 - r12w, _t93, _t93, _t110, _t118, _t93, __r9, __r10);
				if ( *((intOrPtr*)(_t93 + 0x10)) == r12d) goto 0xa58d5ac5;
				if ( *_t114 != r12w) goto 0xa58d598d;
				if ( *((intOrPtr*)(_t114 + 0x100)) != r12w) goto 0xa58d598d;
				GetACP();
				goto 0xa58d5995;
				_t37 = E00007FF77FF7A58D56CC(_t93, _t114 + 0x100, _t93, _t118);
				_t49 = _t37;
				if (_t37 == 0) goto 0xa58d5ac5;
				if (_t37 == 0xfde8) goto 0xa58d5ac5;
				if (IsValidCodePage(_t142) == 0) goto 0xa58d5ac5;
				if (_t143 == 0) goto 0xa58d59c3;
				 *_t143 = _t49;
				if (_t122 == 0) goto 0xa58d5abe;
				_t119 = _t122 + 0x120;
				 *((intOrPtr*)(_t122 + 0x120)) = r12w;
				_t137 = (__r9 | 0xffffffff) + 1;
				if ( *((intOrPtr*)(_t146 + _t137 * 2)) != r12w) goto 0xa58d59db;
				_t138 = _t137 + 1;
				if (E00007FF77FF7A58D36E0(_t90, _t93, _t122 + 0x120, _t93, _t122 + 0x120, _t146, _t138, _t140) != 0) goto 0xa58d5ae6;
				_t17 = _t90 + 0x40; // 0x40
				r9d = _t17;
				if (E00007FF77FF7A58D2BF8(0x1001, E00007FF77FF7A58D36E0(_t90, _t93, _t122 + 0x120, _t93, _t122 + 0x120, _t146, _t138, _t140), _t90, _t93, _t122 + 0x120, _t122 + 0x120, _t122, _t122) == 0) goto 0xa58d5ac5;
				r9d = 0x40;
				if (E00007FF77FF7A58D2BF8(0x1002, E00007FF77FF7A58D2BF8(0x1001, E00007FF77FF7A58D36E0(_t90, _t93, _t122 + 0x120, _t93, _t122 + 0x120, _t146, _t138, _t140), _t90, _t93, _t122 + 0x120, _t122 + 0x120, _t122, _t122), _t90, _t93, _t119, _t119, _t122, _t122 + 0x80) == 0) goto 0xa58d5ac5;
				E00007FF77FF7A58DFDC8(0x5f, _t122 + 0x80, _t138);
				if (_t90 != 0) goto 0xa58d5a63;
				_t19 = _t90 + 0x2e; // 0x2e
				E00007FF77FF7A58DFDC8(_t19, _t122 + 0x80, _t138);
				if (_t90 == 0) goto 0xa58d5a7c;
				r9d = 0x40;
				_t20 = _t138 - 0x39; // 0x7
				if (E00007FF77FF7A58D2BF8(_t20, _t90, _t90, _t93, _t119, _t119, _t122, _t122 + 0x80) == 0) goto 0xa58d5ac5;
				if (_t49 != 0xfde9) goto 0xa58d5aaa;
				r9d = 5;
				if (E00007FF77FF7A58D36E0(_t122 + 0x100, _t93, _t122 + 0x100, _t93, _t119, L"utf8", _t138) != 0) goto 0xa58d5ae6;
				goto 0xa58d5abe;
				r9d = 0xa;
				_t23 = _t138 + 6; // 0x46
				r8d = _t23;
				E00007FF77FF7A58DD560(_t49);
				goto 0xa58d5ac7;
				return 0;
			}

0x7ff7a58d5898
0x7ff7a58d5898
0x7ff7a58d5898
0x7ff7a58d589b
0x7ff7a58d589f
0x7ff7a58d58a3
0x7ff7a58d58a7
0x7ff7a58d58b5
0x7ff7a58d58b8
0x7ff7a58d58bb
0x7ff7a58d58be
0x7ff7a58d58c3
0x7ff7a58d58c9
0x7ff7a58d58c9
0x7ff7a58d58d0
0x7ff7a58d58d7
0x7ff7a58d58db
0x7ff7a58d58db
0x7ff7a58d58e2
0x7ff7a58d58e5
0x7ff7a58d58e5
0x7ff7a58d58e9
0x7ff7a58d58ed
0x7ff7a58d58f4
0x7ff7a58d58f9
0x7ff7a58d5905
0x7ff7a58d5914
0x7ff7a58d591d
0x7ff7a58d591f
0x7ff7a58d5924
0x7ff7a58d5926
0x7ff7a58d592f
0x7ff7a58d5947
0x7ff7a58d5949
0x7ff7a58d5953
0x7ff7a58d5955
0x7ff7a58d595a
0x7ff7a58d595c
0x7ff7a58d5961
0x7ff7a58d5963
0x7ff7a58d596c
0x7ff7a58d597d
0x7ff7a58d5983
0x7ff7a58d5985
0x7ff7a58d598b
0x7ff7a58d5990
0x7ff7a58d5995
0x7ff7a58d5999
0x7ff7a58d59a4
0x7ff7a58d59b5
0x7ff7a58d59be
0x7ff7a58d59c0
0x7ff7a58d59c6
0x7ff7a58d59cc
0x7ff7a58d59d7
0x7ff7a58d59db
0x7ff7a58d59e3
0x7ff7a58d59e5
0x7ff7a58d59fa
0x7ff7a58d5a00
0x7ff7a58d5a00
0x7ff7a58d5a16
0x7ff7a58d5a23
0x7ff7a58d5a3b
0x7ff7a58d5a49
0x7ff7a58d5a51
0x7ff7a58d5a53
0x7ff7a58d5a59
0x7ff7a58d5a61
0x7ff7a58d5a63
0x7ff7a58d5a6f
0x7ff7a58d5a7a
0x7ff7a58d5a89
0x7ff7a58d5a8b
0x7ff7a58d5aa6
0x7ff7a58d5aa8
0x7ff7a58d5aaa
0x7ff7a58d5ab5
0x7ff7a58d5ab5
0x7ff7a58d5ab9
0x7ff7a58d5ac3
0x7ff7a58d5ae5

APIs

Part of subcall function 00007FF7A58CDB1C: GetLastError.KERNEL32 ref: 00007FF7A58CDB2B
Part of subcall function 00007FF7A58CDB1C: FlsGetValue.KERNEL32 ref: 00007FF7A58CDB40
Part of subcall function 00007FF7A58CDB1C: SetLastError.KERNEL32 ref: 00007FF7A58CDBCB

TranslateName.LIBCMT ref: 00007FF7A58D5905
TranslateName.LIBCMT ref: 00007FF7A58D5940
GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF7A58C06F4), ref: 00007FF7A58D5985
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF7A58C06F4), ref: 00007FF7A58D59AD

Strings

utf8, xrefs: 00007FF7A58D5A91

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue
String ID: utf8
API String ID: 1791977518-905460609
Opcode ID: 30b2ba2e6b7202b10f1e1a7f0dbf1747fece93fabb2d3ae1bbc34e31a7be1604
Instruction ID: 3a5ae69a57e0c5e0ad3a7b940ef8e54f53086f90f6b04dd0a7a3de8bf6c46964
Opcode Fuzzy Hash: 30b2ba2e6b7202b10f1e1a7f0dbf1747fece93fabb2d3ae1bbc34e31a7be1604
Instruction Fuzzy Hash: 94918D33B0B74286EB20BF21A4502B9A3E4EF56F80F864172DA4D476A5DF3CE561C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D62CC Relevance: 10.7, APIs: 7, Instructions: 171
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 60%

			E00007FF77FF7A58D62CC(void* __ecx, void* __edx, long long __rcx, intOrPtr* __rdx, void* __r8, void* __r9, void* __r10) {
				signed int _v72;
				int _v80;
				int _v84;
				signed int _v88;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				int _t60;
				intOrPtr _t61;
				void* _t73;
				intOrPtr _t82;
				intOrPtr _t84;
				void* _t90;
				signed long long _t116;
				signed long long _t117;
				intOrPtr* _t118;
				intOrPtr* _t119;
				intOrPtr* _t120;
				intOrPtr* _t121;
				intOrPtr* _t122;
				void* _t125;
				intOrPtr* _t126;
				signed long long _t134;
				signed long long _t136;
				void* _t147;
				void* _t148;
				signed long long _t149;
				void* _t151;
				void* _t159;
				long long _t161;
				intOrPtr* _t163;

				_t159 = __r9;
				_t141 = __rdx;
				_t127 = __rcx;
				_t73 = __ecx;
				_t116 =  *0xa58fb008; // 0x485f0d1bb70c
				_t117 = _t116 ^ _t151 - 0x00000040;
				_v72 = _t117;
				_t147 = __r8;
				_t163 = __rdx;
				_t161 = __rcx;
				E00007FF77FF7A58CDB1C(_t117, _t125, __rcx, __rdx, _t148, __r9, __r10);
				_t149 = _t117;
				_v88 = _t117;
				_v80 = 0;
				E00007FF77FF7A58CDB1C(_t117, _t125, _t127, _t141, _t149, __r9, __r10);
				r12d = 0;
				_t5 = _t149 + 0xa0; // 0xa0
				_t126 = _t5;
				 *((long long*)(_t117 + 0x3a0)) =  &_v88;
				_t118 = _t161 + 0x80;
				 *((long long*)(_t149 + 0x98)) = _t161;
				 *_t126 = _t118;
				if (_t118 == 0) goto 0xa58d6353;
				if ( *_t118 == r12w) goto 0xa58d6353;
				_t82 =  *0xa58eabd0; // 0x17
				E00007FF77FF7A58D624C(_t82 - 1, _t126, 0xa58eaa60, _t149, _t151, _t126);
				_v88 = r12d;
				_t119 =  *((intOrPtr*)(_t149 + 0x98));
				if (_t119 == 0) goto 0xa58d63dc;
				if ( *_t119 == r12w) goto 0xa58d63dc;
				_t120 =  *_t126;
				if (_t120 == 0) goto 0xa58d6382;
				if ( *_t120 == r12w) goto 0xa58d6382;
				E00007FF77FF7A58D5BE4(_t73, _t82 - 1, _t120, _t126,  &_v88, _t141, _t126, __r9);
				goto 0xa58d638b;
				E00007FF77FF7A58D5CB4(_t73, _t82 - 1, _t120, _t126,  &_v88, _t141, _t126, __r10);
				if (_v88 != r12d) goto 0xa58d6452;
				_t84 =  *0xa58eaa50; // 0x41
				_t14 = _t149 + 0x98; // 0x98
				if (E00007FF77FF7A58D624C(_t84 - 1, _t126, 0xa58ea640, _t149, _t151, _t14) == 0) goto 0xa58d6448;
				_t121 =  *_t126;
				if (_t121 == 0) goto 0xa58d63d1;
				if ( *_t121 == r12w) goto 0xa58d63d1;
				E00007FF77FF7A58D5BE4(_t73, _t84 - 1, _t121, _t126,  &_v88, _t141, _t14, __r9);
				goto 0xa58d6448;
				_t134 =  &_v88;
				E00007FF77FF7A58D5CB4(_t73, _t84 - 1, _t121, _t126, _t134, _t141, _t14, __r10);
				goto 0xa58d6448;
				_t122 =  *_t126;
				if (_t122 == 0) goto 0xa58d6435;
				if ( *_t122 == r12w) goto 0xa58d6435;
				E00007FF77FF7A58CDB1C(_t122, _t126, _t134, _t141, _t149, __r9, __r10);
				_t136 = (_t134 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t122 + 0xa0)) + _t136 * 2)) != r12w) goto 0xa58d63fd;
				 *(_t122 + 0xb4) = r12d & 0xffffff00 | _t136 == 0x00000003;
				EnumSystemLocalesW(??, ??);
				if ((_v88 & 0x00000004) != 0) goto 0xa58d6448;
				_v88 = r12d;
				goto 0xa58d6448;
				_v88 = 0x104;
				_t60 = GetUserDefaultLCID();
				_v80 = _t60;
				_v84 = _t60;
				if (_v88 == r12d) goto 0xa58d652d;
				asm("dec eax");
				_t61 = E00007FF77FF7A58D60F0(_t126, 0x7ff7a58d5afc & _t161 + 0x00000100,  &_v88, _t149);
				if (_t61 == 0) goto 0xa58d652d;
				if (IsValidCodePage(??) == 0) goto 0xa58d652d;
				if (IsValidLocale(??, ??) == 0) goto 0xa58d652d;
				if (_t163 == 0) goto 0xa58d64a4;
				 *_t163 = _t61;
				_t36 = _t149 + 0x2f0; // 0x2f0
				r9d = 0;
				_t37 = _t159 + 0x55; // 0x55
				_t90 = _t37;
				r8d = _t90;
				E00007FF77FF7A58D2E7C(_v84, _t163, _t161 + 0x100, _t126, _t36, _t149, _t151);
				if (_t147 == 0) goto 0xa58d6526;
				r9d = 0;
				r8d = _t90;
				E00007FF77FF7A58D2E7C(_v84, _t147, _t161 + 0x100, _t126, _t147 + 0x120, _t149, _t151);
				r9d = 0x40;
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0xa58d652d;
				r9d = 0x40;
				if (GetLocaleInfoW(??, ??, ??, ??) == 0) goto 0xa58d652d;
				_t44 = _t149 - 0x36; // 0xa
				r9d = _t44;
				_t45 = _t149 - 0x30; // 0x10
				r8d = _t45;
				E00007FF77FF7A58DD560(_t61);
				goto 0xa58d652f;
				return E00007FF77FF7A588AAD0(0, _t61, _v72 ^ _t151 - 0x00000040);
			}

0x7ff7a58d62cc
0x7ff7a58d62cc
0x7ff7a58d62cc
0x7ff7a58d62cc
0x7ff7a58d62de
0x7ff7a58d62e5
0x7ff7a58d62e8
0x7ff7a58d62ec
0x7ff7a58d62ef
0x7ff7a58d62f2
0x7ff7a58d62f5
0x7ff7a58d62fa
0x7ff7a58d62ff
0x7ff7a58d6303
0x7ff7a58d6306
0x7ff7a58d630f
0x7ff7a58d6312
0x7ff7a58d6312
0x7ff7a58d6319
0x7ff7a58d6320
0x7ff7a58d6327
0x7ff7a58d632e
0x7ff7a58d6334
0x7ff7a58d633a
0x7ff7a58d633c
0x7ff7a58d634e
0x7ff7a58d6353
0x7ff7a58d6357
0x7ff7a58d6361
0x7ff7a58d6367
0x7ff7a58d6369
0x7ff7a58d636f
0x7ff7a58d6375
0x7ff7a58d637b
0x7ff7a58d6380
0x7ff7a58d6386
0x7ff7a58d638f
0x7ff7a58d6395
0x7ff7a58d639b
0x7ff7a58d63b2
0x7ff7a58d63b8
0x7ff7a58d63be
0x7ff7a58d63c4
0x7ff7a58d63ca
0x7ff7a58d63cf
0x7ff7a58d63d1
0x7ff7a58d63d5
0x7ff7a58d63da
0x7ff7a58d63dc
0x7ff7a58d63e2
0x7ff7a58d63e8
0x7ff7a58d63ea
0x7ff7a58d63fd
0x7ff7a58d6405
0x7ff7a58d6418
0x7ff7a58d6423
0x7ff7a58d642d
0x7ff7a58d642f
0x7ff7a58d6433
0x7ff7a58d6435
0x7ff7a58d643c
0x7ff7a58d6442
0x7ff7a58d6445
0x7ff7a58d644c
0x7ff7a58d6460
0x7ff7a58d6466
0x7ff7a58d646f
0x7ff7a58d6480
0x7ff7a58d6496
0x7ff7a58d649f
0x7ff7a58d64a1
0x7ff7a58d64a7
0x7ff7a58d64ae
0x7ff7a58d64b1
0x7ff7a58d64b1
0x7ff7a58d64b5
0x7ff7a58d64b8
0x7ff7a58d64c0
0x7ff7a58d64cc
0x7ff7a58d64cf
0x7ff7a58d64d2
0x7ff7a58d64df
0x7ff7a58d64f2
0x7ff7a58d64fe
0x7ff7a58d650e
0x7ff7a58d6519
0x7ff7a58d6519
0x7ff7a58d651d
0x7ff7a58d651d
0x7ff7a58d6521
0x7ff7a58d652b
0x7ff7a58d6549

APIs

Part of subcall function 00007FF7A58CDB1C: GetLastError.KERNEL32 ref: 00007FF7A58CDB2B
Part of subcall function 00007FF7A58CDB1C: FlsGetValue.KERNEL32 ref: 00007FF7A58CDB40
Part of subcall function 00007FF7A58CDB1C: SetLastError.KERNEL32 ref: 00007FF7A58CDBCB

Part of subcall function 00007FF7A58CDB1C: FlsSetValue.KERNEL32 ref: 00007FF7A58CDB61

GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF7A58D643C

Part of subcall function 00007FF7A58CDB1C: FlsSetValue.KERNEL32 ref: 00007FF7A58CDB8E
Part of subcall function 00007FF7A58CDB1C: FlsSetValue.KERNEL32 ref: 00007FF7A58CDB9F
Part of subcall function 00007FF7A58CDB1C: FlsSetValue.KERNEL32 ref: 00007FF7A58CDBB0

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF7A58C06ED), ref: 00007FF7A58D6423
ProcessCodePage.LIBCMT ref: 00007FF7A58D6466
IsValidCodePage.KERNEL32 ref: 00007FF7A58D6478
IsValidLocale.KERNEL32 ref: 00007FF7A58D648E
GetLocaleInfoW.KERNEL32 ref: 00007FF7A58D64EA
GetLocaleInfoW.KERNEL32 ref: 00007FF7A58D6506

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 3c47f31fbe4baec17c44b72484a209448ee0a9c667b7cc6fa8827aa5624e3cf6
Instruction ID: 33fdef83c3139406313800b391f5eced6f5607ac56b1760850b66943c00b0d82
Opcode Fuzzy Hash: 3c47f31fbe4baec17c44b72484a209448ee0a9c667b7cc6fa8827aa5624e3cf6
Instruction Fuzzy Hash: 43717B23B0B6168AFF54AB62D4502B8A3F4AF4AF44F864075CE1E176A5DF3CE465C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588B568 Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF7A588B584
RtlCaptureContext.KERNEL32 ref: 00007FF7A588B5B1
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7A588B5CB
RtlVirtualUnwind.KERNEL32 ref: 00007FF7A588B60C
IsDebuggerPresent.KERNEL32 ref: 00007FF7A588B660
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7A588B681
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7A588B68C

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: b745f0e6b0f8366df021df362607deb2d154a2bcfafccd2bb7da7003d5df850a
Instruction ID: 03e17b43a988c6a25064bb417e6294361f176207528a13c7ca38b7e100968ec5
Opcode Fuzzy Hash: b745f0e6b0f8366df021df362607deb2d154a2bcfafccd2bb7da7003d5df850a
Instruction Fuzzy Hash: 0A318272609A8185EB60EF60E8407EDB370FB85B45F854039DB4E43AA4DF3CD658C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDBF78 Relevance: 10.3, Strings: 8, Instructions: 281
COMMONCrypto

Download Yara Rule

C-Code - Quality: 38%

			E00007FFA7FFA0AEDBF78(void* __ebx, signed long long __rax, intOrPtr* __rcx, void* __r11) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t295;
				signed long long _t385;
				signed long long _t386;
				void* _t388;
				void* _t397;
				void* _t398;
				void* _t399;
				intOrPtr* _t406;

				_t385 = __rax;
				_t397 = _t398 - 0x27;
				_t399 = _t398 - 0xc0;
				 *(_t397 + 0x6f) = 0x84521;
				_t406 = __rcx;
				r15d =  *(_t397 + 0x6f);
				if (0x1a002 == 0x1a002) goto 0xaedc3f8;
				if (0x1a002 == 0x33ed1) goto 0xaedc409;
				if (0x1a002 == 0x39e0d) goto 0xaedc36b;
				if (0x1a002 == 0x94683) goto 0xaedc2be;
				if (0x1a002 == 0xcb751) goto 0xaedc108;
				if (0x1a002 != 0xd9652) goto 0xaedc3fd;
				 *(_t397 - 0x69) = 0x321efc;
				 *(_t397 - 0x69) =  *(_t397 - 0x69) ^ 0x6d069da9;
				 *(_t397 - 0x69) =  *(_t397 - 0x69) ^ 0x6d313336;
				 *(_t397 + 0x7f) = 0x4cb7f9;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) << 0xe;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) ^ 0x2df1280f;
				 *(_t397 + 0x77) = 0x69f3ca;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) + 0x482c;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) ^ 0x006b22e7;
				 *(_t397 + 0x6f) = 0x78c13d;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) * 0x45;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) + 0x5c0b;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) ^ 0x208c1f6b;
				r9d =  *(_t397 + 0x77);
				r8d =  *(_t397 + 0x7f);
				 *(_t399 + 0x20) =  *(_t397 + 0x6f);
				E00007FFA7FFA0AEDE090(__rax, _t388, __rcx, 0x7ffa0aed1394, _t397, __r11);
				r8d = 0x204;
				E00007FFA7FFA0AED8B70( *(_t397 - 0x69), 0x91ea2e78, _t385);
				 *(_t399 + 0x20) =  *(_t397 + 0x6f);
				 *_t385();
				 *(_t397 - 0x69) = 0xf14e7e;
				 *(_t397 - 0x69) =  *(_t397 - 0x69) + 0xffff024e;
				 *(_t397 - 0x69) =  *(_t397 - 0x69) ^ 0x00f26fe8;
				 *(_t397 + 0x7f) = 0xd7802f;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) + 0xffffe5b1;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) ^ 0x00d81a70;
				 *(_t397 + 0x77) = 0x5f795a;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) << 0xa;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) ^ 0x7dea2c91;
				 *(_t397 + 0x6f) = 0xebbfd9;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) >> 6;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) * 0x70;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) + 0xffff298e;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) ^ 0x019ae9f5;
				r9d =  *(_t397 + 0x77);
				 *(_t399 + 0x20) =  *(_t397 + 0x6f);
				E00007FFA7FFA0AED4448( *(_t397 + 0x7f), _t385, _t388,  *(_t397 + 0x6f), _t385);
				goto 0xaedbfaa;
				 *(_t397 - 0x69) = 0x67a33a;
				 *(_t397 - 0x69) =  *(_t397 - 0x69) >> 0xc;
				 *(_t397 - 0x69) =  *(_t397 - 0x69) | 0xb5f71566;
				 *(_t397 - 0x69) =  *(_t397 - 0x69) ^ 0xb5f7176e;
				 *(_t397 + 0x7f) = 0x4060d8;
				 *(_t397 + 0x7f) = 0xba2e8ba3 *  *(_t397 + 0x7f) >> 0x20 >> 4;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) ^ 0x6db4d680;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) >> 1;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) ^ 0x36db1dd1;
				 *(_t397 + 0x77) = 0xb5e4a8;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) << 0xc;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) >> 0xf;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) >> 0xd;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) ^ 0x0000b9c5;
				 *(_t397 - 0x65) = 0xa9c432;
				 *(_t397 - 0x65) =  *(_t397 - 0x65) ^ 0x52ac0eba;
				 *(_t397 - 0x65) =  *(_t397 - 0x65) + 0xe5ab;
				 *(_t397 - 0x65) =  *(_t397 - 0x65) ^ 0x5200f45b;
				 *(_t397 - 0x61) = 0x46ede2;
				 *(_t397 - 0x61) =  *(_t397 - 0x61) >> 0xb;
				 *(_t397 - 0x61) = 0xaaaaaaab *  *(_t397 - 0x61) >> 0x20 >> 5;
				 *(_t397 - 0x61) =  *(_t397 - 0x61) ^ 0x000f6f67;
				 *(_t397 + 0x6f) = 0x53bae0;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) ^ 0xa489a6ef;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) >> 0x10;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) << 0xe;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) ^ 0x2937665e;
				 *(_t399 + 0x20) =  *(_t397 + 0x7f);
				_t295 = E00007FFA7FFA0AEE5608( *(_t397 - 0x69), 0x7ffa0aed1394);
				 *(_t397 - 0x69) = 0xd3c3ff;
				 *(_t397 - 0x69) =  *(_t397 - 0x69) << 0xd;
				r15d = _t295;
				 *(_t397 - 0x69) =  *(_t397 - 0x69) >> 0xb;
				 *(_t397 - 0x69) =  *(_t397 - 0x69) ^ 0x000b1c9b;
				 *(_t397 + 0x7f) = 0x94a9d3;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) | 0xb9699a00;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) + 0x3714;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) | 0x528ba2e3;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) ^ 0xfbf885ea;
				 *(_t397 - 0x65) = 0xa3b75;
				 *(_t397 - 0x65) =  *(_t397 - 0x65) | 0x796490e7;
				 *(_t397 - 0x65) =  *(_t397 - 0x65) ^ 0x796ebbff;
				 *(_t397 + 0x77) = 0x55d0c2;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) | 0x21753062;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) + 0xffffef3b;
				 *(_t397 + 0x77) = ( *(_t397 + 0x77) - (0x1cf06adb *  *(_t397 + 0x77) >> 0x20) >> 1) + (0x1cf06adb *  *(_t397 + 0x77) >> 0x20) >> 6;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) ^ 0x004a7c63;
				 *(_t397 + 0x6f) = 0x432532;
				 *(_t397 + 0x6f) = ( *(_t397 + 0x6f) - (0x8421085 *  *(_t397 + 0x6f) >> 0x20) >> 1) + (0x8421085 *  *(_t397 + 0x6f) >> 0x20) >> 4;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) + 0x3582;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) | 0x2598326e;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) ^ 0x259a7ffd;
				r8d =  *(_t397 + 0x6f);
				r8d = r8d |  *(_t397 + 0x77);
				r8d = r8d |  *(_t397 - 0x65);
				 *(_t399 + 0x20) =  *(_t397 + 0x7f);
				E00007FFA7FFA0AED7908(r15d, _t385, _t388,  *(_t397 + 0x6f), 0x7ffa0aed1394,  *(_t397 + 0x6f), _t397 - 0x59, __r11);
				goto 0xaedbfaa;
				 *(_t397 + 0x6f) = 0xc228f7;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) + 0x4402;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) | 0x0b7da742;
				 *(_t397 + 0x6f) = _t385 + _t385 * 4 << 3;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) ^ 0xdffd3f38;
				r15d =  *(_t397 + 0x6f);
				 *(_t397 + 0x6f) = 0x877615;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) << 4;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) * 0xd;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) ^ 0x9e165975;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) ^ 0xf01af053;
				 *(_t397 + 0x7f) = 0x3f6f13;
				 *(_t397 + 0x7f) = ( *(_t397 + 0x7f) - (0x58ed2309 *  *(_t397 + 0x7f) >> 0x20) >> 1) + (0x58ed2309 *  *(_t397 + 0x7f) >> 0x20) >> 6;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) ^ 0x00013ec2;
				 *(_t397 + 0x77) = 0x8f5770;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) ^ 0x75ba9102;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) ^ 0x753c9611;
				E00007FFA7FFA0AEDDE9C(r15d, 0x58ed2309 *  *(_t397 + 0x7f) >> 0x20, _t385);
				_t386 =  ~_t385;
				asm("sbb eax, eax");
				goto 0xaedbfaa;
				 *(_t397 + 0x6f) = 0xc6a131;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) + 0x53a6;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) << 5;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) << 5;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) ^ 0x1bdbbd1a;
				 *(_t397 + 0x7f) = 0xcf55d;
				 *(_t397 + 0x7f) = 0x2f149903 *  *(_t397 + 0x7f) >> 0x20 >> 4;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) | 0x0ec09e19;
				 *(_t397 + 0x7f) =  *(_t397 + 0x7f) ^ 0x0ec8df50;
				 *(_t397 + 0x77) = 0xfd7af;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) ^ 0x931534c2;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) | 0xd47ce1c9;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) ^ 0xd7785629;
				r9d =  *(_t397 + 0x7f);
				r8d =  *(_t397 + 0x6f);
				 *(_t399 + 0x20) =  *(_t397 + 0x77);
				E00007FFA7FFA0AED5668( *((intOrPtr*)(_t406 + 8)), _t386, _t388,  *_t406, _t385,  *(_t397 + 0x6f));
				if (_t386 == 0) goto 0xaedc468;
				goto 0xaedbfaa;
				if (0xcb751 == 0x8c683) goto 0xaedc468;
				goto 0xaedbfaa;
				 *(_t397 + 0x6f) = 0x25b10e;
				 *(_t397 + 0x6f) = 0xa0a0a0a1 *  *(_t397 + 0x6f) >> 0x20 >> 6;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) | 0xf24d8b27;
				 *(_t397 + 0x6f) = ( *(_t397 + 0x6f) - (0x3e22cbcf *  *(_t397 + 0x6f) >> 0x20) >> 1) + (0x3e22cbcf *  *(_t397 + 0x6f) >> 0x20) >> 6;
				 *(_t397 + 0x6f) =  *(_t397 + 0x6f) ^ 0x025d3541;
				 *(_t397 + 0x77) = 0x398bb1;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) + 0x1160;
				 *(_t397 + 0x77) =  *(_t397 + 0x77) ^ 0x0031496e;
				r8d =  *(_t397 + 0x77);
				return E00007FFA7FFA0AED89D0(_t386, _t386);
			}

0x7ffa0aedbf78
0x7ffa0aedbf83
0x7ffa0aedbf88
0x7ffa0aedbf8f
0x7ffa0aedbf96
0x7ffa0aedbfa2
0x7ffa0aedbfaf
0x7ffa0aedbfba
0x7ffa0aedbfc5
0x7ffa0aedbfd0
0x7ffa0aedbfdb
0x7ffa0aedbfe6
0x7ffa0aedbfec
0x7ffa0aedbffa
0x7ffa0aedc001
0x7ffa0aedc008
0x7ffa0aedc00f
0x7ffa0aedc013
0x7ffa0aedc01a
0x7ffa0aedc021
0x7ffa0aedc028
0x7ffa0aedc02f
0x7ffa0aedc03a
0x7ffa0aedc03d
0x7ffa0aedc044
0x7ffa0aedc04e
0x7ffa0aedc052
0x7ffa0aedc059
0x7ffa0aedc05d
0x7ffa0aedc067
0x7ffa0aedc070
0x7ffa0aedc082
0x7ffa0aedc087
0x7ffa0aedc089
0x7ffa0aedc090
0x7ffa0aedc09a
0x7ffa0aedc0a1
0x7ffa0aedc0a8
0x7ffa0aedc0af
0x7ffa0aedc0b6
0x7ffa0aedc0bd
0x7ffa0aedc0c1
0x7ffa0aedc0c8
0x7ffa0aedc0cf
0x7ffa0aedc0d7
0x7ffa0aedc0da
0x7ffa0aedc0e1
0x7ffa0aedc0eb
0x7ffa0aedc0f5
0x7ffa0aedc0f9
0x7ffa0aedc103
0x7ffa0aedc108
0x7ffa0aedc114
0x7ffa0aedc118
0x7ffa0aedc11f
0x7ffa0aedc126
0x7ffa0aedc13a
0x7ffa0aedc13d
0x7ffa0aedc144
0x7ffa0aedc147
0x7ffa0aedc14e
0x7ffa0aedc155
0x7ffa0aedc159
0x7ffa0aedc15d
0x7ffa0aedc161
0x7ffa0aedc168
0x7ffa0aedc16f
0x7ffa0aedc176
0x7ffa0aedc17d
0x7ffa0aedc184
0x7ffa0aedc18b
0x7ffa0aedc197
0x7ffa0aedc19a
0x7ffa0aedc1a1
0x7ffa0aedc1a8
0x7ffa0aedc1af
0x7ffa0aedc1b3
0x7ffa0aedc1b7
0x7ffa0aedc1d0
0x7ffa0aedc1d4
0x7ffa0aedc1d9
0x7ffa0aedc1e0
0x7ffa0aedc1e4
0x7ffa0aedc1ec
0x7ffa0aedc1f0
0x7ffa0aedc1f7
0x7ffa0aedc1fe
0x7ffa0aedc205
0x7ffa0aedc20c
0x7ffa0aedc213
0x7ffa0aedc21a
0x7ffa0aedc221
0x7ffa0aedc228
0x7ffa0aedc22f
0x7ffa0aedc236
0x7ffa0aedc23d
0x7ffa0aedc257
0x7ffa0aedc25a
0x7ffa0aedc261
0x7ffa0aedc276
0x7ffa0aedc279
0x7ffa0aedc280
0x7ffa0aedc287
0x7ffa0aedc28e
0x7ffa0aedc29c
0x7ffa0aedc2a2
0x7ffa0aedc2ab
0x7ffa0aedc2af
0x7ffa0aedc2b9
0x7ffa0aedc2be
0x7ffa0aedc2c5
0x7ffa0aedc2cc
0x7ffa0aedc2dc
0x7ffa0aedc2df
0x7ffa0aedc2e6
0x7ffa0aedc2ea
0x7ffa0aedc2f1
0x7ffa0aedc2f9
0x7ffa0aedc301
0x7ffa0aedc308
0x7ffa0aedc30f
0x7ffa0aedc324
0x7ffa0aedc32a
0x7ffa0aedc331
0x7ffa0aedc338
0x7ffa0aedc33f
0x7ffa0aedc34f
0x7ffa0aedc357
0x7ffa0aedc35a
0x7ffa0aedc366
0x7ffa0aedc36b
0x7ffa0aedc377
0x7ffa0aedc37e
0x7ffa0aedc382
0x7ffa0aedc386
0x7ffa0aedc38d
0x7ffa0aedc39c
0x7ffa0aedc39f
0x7ffa0aedc3a6
0x7ffa0aedc3ad
0x7ffa0aedc3b4
0x7ffa0aedc3bb
0x7ffa0aedc3c2
0x7ffa0aedc3cc
0x7ffa0aedc3d0
0x7ffa0aedc3dd
0x7ffa0aedc3e1
0x7ffa0aedc3ec
0x7ffa0aedc3f3
0x7ffa0aedc402
0x7ffa0aedc404
0x7ffa0aedc409
0x7ffa0aedc422
0x7ffa0aedc425
0x7ffa0aedc43d
0x7ffa0aedc440
0x7ffa0aedc447
0x7ffa0aedc44e
0x7ffa0aedc455
0x7ffa0aedc45c
0x7ffa0aedc47c

Strings

^f7), xrefs: 00007FFA0AEDC1B7
u;, xrefs: 00007FFA0AEDC21A
nI1, xrefs: 00007FFA0AEDC455
b0u!, xrefs: 00007FFA0AEDC236
2%C, xrefs: 00007FFA0AEDC261
631m, xrefs: 00007FFA0AEDC001
F, xrefs: 00007FFA0AEDC184
#X, xrefs: 00007FFA0AEDC2FC

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: #X$2%C$631m$^f7)$b0u!$nI1$u;$F
API String ID: 0-4003127874
Opcode ID: 722fbe78358598eb3549c0de45be0097b51a3c4a78852360a651088c1c1ec48e
Instruction ID: b076a4e8b38886b4ada437dd3562a581e2e8351ac226f87ae58e88f4bc8e5831
Opcode Fuzzy Hash: 722fbe78358598eb3549c0de45be0097b51a3c4a78852360a651088c1c1ec48e
Instruction Fuzzy Hash: 14E13477A06304CFD358DF78D18A49D3BF1F75574CB2041A8EA0A9AA6CD778E419CB48

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDD710 Relevance: 10.2, Strings: 8, Instructions: 231
COMMONCrypto

Download Yara Rule

C-Code - Quality: 33%

			E00007FFA7FFA0AEDD710(void* __edx, long long __rbx, void* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, long long* __r9) {
				void* __rbp;
				void* _t240;
				void* _t258;
				void* _t282;
				void* _t318;
				long long _t319;
				long long* _t331;
				intOrPtr* _t334;
				void* _t337;
				void* _t339;
				void* _t340;
				void* _t342;
				intOrPtr _t343;
				intOrPtr _t345;

				_t325 = __rcx;
				_t323 = __rbx;
				_t318 = _t339;
				 *((long long*)(_t318 + 8)) = __rbx;
				 *((long long*)(_t318 + 0x10)) = __rsi;
				 *((long long*)(_t318 + 0x18)) = __rdi;
				_t337 = _t318 - 0x5f;
				_t340 = _t339 - 0xc0;
				_t331 = __r9;
				_t334 = __rdx;
				E00007FFA7FFA0AEE3C78(_t240, __rcx, __rdx, _t342, __r9);
				 *(_t337 + 0x1f) = 0x19dd2;
				if (0x4e820 == 0xb947) goto 0xaedd9d7;
				if (0x4e820 == 0x1e56f) goto 0xaedd952;
				if (0x4e820 == 0x4e820) goto 0xaedd948;
				if (0x4e820 == 0xded9e) goto 0xaedd7bd;
				if (0x4e820 != 0xfa5c4) goto 0xaeddb1d;
				 *(_t337 + 0x1f) = 0x68cb9d;
				 *(_t337 + 0x1f) =  *(_t337 + 0x1f) + 0xffffcb9f;
				 *(_t337 + 0x1f) =  *(_t337 + 0x1f) ^ 0x006231c3;
				 *(_t337 + 0x17) = 0xf9a452;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) + 0x89eb;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) + 0xc4c6;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) ^ 0x00f49d1c;
				_t18 = _t337 + 0x17; // 0x24448d4800000020
				r8d =  *_t18;
				_t19 = _t337 + 0x3f; // 0xc70000dc69502474
				E00007FFA7FFA0AED89D0(_t318,  *_t19);
				goto 0xaeddb3b;
				 *(_t337 + 0x1b) = 0xe73a58;
				 *(_t337 + 0x1b) =  *(_t337 + 0x1b) << 0xf;
				_t24 = _t337 + 0x1b; // 0x4589487824448d48
				 *(_t337 + 0x1b) = 0xb21642c9 *  *_t24 >> 0x20 >> 4;
				 *(_t337 + 0x1b) =  *(_t337 + 0x1b) << 1;
				 *(_t337 + 0x1b) =  *(_t337 + 0x1b) ^ 0x0daac858;
				 *(_t337 + 0x37) = 0xa33b51;
				 *(_t337 + 0x37) =  *(_t337 + 0x37) ^ 0x74e1aa59;
				 *(_t337 + 0x37) =  *(_t337 + 0x37) + 0x4c1d;
				 *(_t337 + 0x37) =  *(_t337 + 0x37) ^ 0x6b98c4d2;
				 *(_t337 + 0x37) =  *(_t337 + 0x37) ^ 0x1fda19f7;
				 *(_t337 + 0x27) = 0xa3963f;
				 *(_t337 + 0x27) =  *(_t337 + 0x27) ^ 0xdf664e86;
				 *(_t337 + 0x27) =  *(_t337 + 0x27) ^ 0x62534d46;
				 *(_t337 + 0x27) =  *(_t337 + 0x27) << 2;
				 *(_t337 + 0x27) =  *(_t337 + 0x27) ^ 0xf65a57fd;
				 *(_t337 + 0x17) = 0x3695cb;
				_t53 = _t337 + 0x17; // 0x24448d4800000020
				 *(_t337 + 0x17) =  *_t53 * 0x33;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) << 8;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) ^ 0xdfd2acbe;
				 *(_t337 + 0x1f) = 0x7141de;
				 *(_t337 + 0x1f) =  *(_t337 + 0x1f) >> 0xf;
				 *(_t337 + 0x1f) =  *(_t337 + 0x1f) ^ 0x000802d5;
				 *(_t337 + 0x33) = 0x2e2d08;
				 *(_t337 + 0x33) =  *(_t337 + 0x33) << 7;
				 *(_t337 + 0x33) =  *(_t337 + 0x33) ^ 0x171acb48;
				 *(_t337 + 0x23) = 0xfd5627;
				 *(_t337 + 0x23) =  *(_t337 + 0x23) << 1;
				 *(_t337 + 0x23) =  *(_t337 + 0x23) << 5;
				 *(_t337 + 0x23) =  *(_t337 + 0x23) ^ 0x3f562765;
				 *(_t337 + 0x2f) = 0xe2e896;
				 *(_t337 + 0x2f) =  *(_t337 + 0x2f) >> 2;
				 *(_t337 + 0x2f) =  *(_t337 + 0x2f) ^ 0x0036ca58;
				 *(_t337 + 0x2b) = 0xd1bcdb;
				 *(_t337 + 0x2b) =  *(_t337 + 0x2b) + 0xffff89f3;
				_t84 = _t337 + 0x2b; // 0x44c7b0458908478b
				_t291 =  *_t84;
				_t89 = _t337 + 0x47; // 0x7ffa0aee373e
				 *(_t337 + 0x2b) = ( *_t84 - (0x58ed2309 * _t291 >> 0x20) >> 1) + (0x58ed2309 * _t291 >> 0x20) >> 6;
				 *(_t337 + 0x2b) =  *(_t337 + 0x2b) ^ 0x000946f1;
				_t93 = _t337 + 0x2b; // 0x44c7b0458908478b
				 *((intOrPtr*)(_t340 + 0x78)) =  *_t93;
				_t95 = _t337 + 0x2f; // 0xc52502444c7b045
				 *((intOrPtr*)(_t340 + 0x70)) =  *_t95;
				_t97 = _t337 + 0x23; // 0xa8458948078b48e0
				 *((long long*)(_t340 + 0x60)) = __rbx;
				 *((intOrPtr*)(_t340 + 0x58)) =  *_t97;
				_t100 = _t337 + 0x33; // 0x6cc1004a0c525024
				 *((intOrPtr*)(_t340 + 0x50)) =  *_t100;
				_t102 = _t337 + 0x37; // 0x810d50246cc1004a
				 *((intOrPtr*)(_t340 + 0x48)) =  *_t102;
				_t104 = _t337 + 0x1f; // 0x78b48e045894878
				 *((intOrPtr*)(_t340 + 0x40)) =  *_t104;
				_t106 = _t337 + 0x27; // 0x8908478ba8458948
				 *((intOrPtr*)(_t340 + 0x38)) =  *_t106;
				_t108 = _t337 + 0x17; // 0x24448d4800000020
				_t109 = _t337 + 0x1b; // 0x4589487824448d48
				r9d =  *_t109;
				_t343 =  *0xaee8210; // 0x0
				 *((intOrPtr*)(_t340 + 0x30)) =  *_t108;
				 *((intOrPtr*)(_t340 + 0x28)) =  *((intOrPtr*)(__rdx + 8));
				_t319 =  *__rdx;
				 *((long long*)(_t340 + 0x20)) = _t319;
				_t258 = E00007FFA7FFA0AED5034(0x4e820 - 0xfa5c4, _t319, __rbx, __rcx, _t89, __rdx, _t337,  *((intOrPtr*)(_t343 + 0x40)));
				 *(_t337 + 0x17) = 0xec2031;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) << 0xe;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) + 0xfffffc38;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) ^ 0x080c3c38;
				_t122 = _t337 + 0x17; // 0x24448d4800000020
				if (_t258 !=  *_t122) goto 0xaeddb3b;
				goto 0xaedd744;
				goto 0xaedd744;
				 *(_t337 + 0x23) = 0x66cc59;
				_t124 = _t337 + 0x23; // 0xa8458948078b48e0
				 *(_t337 + 0x23) =  *_t124 * 0x57;
				_t126 = _t337 + 0x23; // 0xa8458948078b48e0
				 *(_t337 + 0x23) = 0xaaaaaaab *  *_t126 >> 0x20 >> 2;
				 *(_t337 + 0x23) =  *(_t337 + 0x23) ^ 0x05d2deff;
				 *(_t337 + 0x17) = 0x17ab76;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) | 0xf78cb8bf;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) ^ 0xf7965300;
				 *(_t337 + 0x1b) = 0xea6780;
				_t140 = _t337 + 0x1b; // 0x4589487824448d48
				 *(_t337 + 0x1b) =  *_t140 * 0x32;
				 *(_t337 + 0x1b) =  *(_t337 + 0x1b) + 0x574c;
				 *(_t337 + 0x1b) =  *(_t337 + 0x1b) ^ 0xfc49ce06;
				 *(_t337 + 0x1b) =  *(_t337 + 0x1b) ^ 0xd1803837;
				_t151 = _t337 + 0x47; // 0x6b0031a9a3402444
				E00007FFA7FFA0AEDDE9C( *_t151, 0xaaaaaaab *  *_t126 >> 0x20 >> 2, _t319);
				 *((long long*)(_t337 + 0x3f)) = _t319;
				if (_t319 == 0) goto 0xaeddb3b;
				goto 0xaedd744;
				 *(_t337 + 0x23) = 0x9aa90;
				 *(_t337 + 0x23) =  *(_t337 + 0x23) + 0xffffe410;
				 *(_t337 + 0x23) =  *(_t337 + 0x23) ^ 0x00098ea0;
				 *(_t337 + 0x27) = 0x4d5b79;
				 *(_t337 + 0x27) =  *(_t337 + 0x27) | 0x20b72a1f;
				 *(_t337 + 0x27) =  *(_t337 + 0x27) ^ 0x20ff7b7e;
				 *(_t337 + 0x17) = 0xb0bb62;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) + 0xffffa618;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) + 0xa92d;
				 *(_t337 + 0x17) =  *(_t337 + 0x17) ^ 0x00baf207;
				 *(_t337 + 0x2b) = 0x35c935;
				 *(_t337 + 0x2b) =  *(_t337 + 0x2b) << 1;
				 *(_t337 + 0x2b) =  *(_t337 + 0x2b) ^ 0x0066eb84;
				 *(_t337 + 0x1b) = 0x5667bc;
				 *(_t337 + 0x1b) =  *(_t337 + 0x1b) >> 1;
				 *(_t337 + 0x1b) =  *(_t337 + 0x1b) ^ 0x374de4d9;
				_t180 = _t337 + 0x1b; // 0x4589487824448d48
				 *(_t337 + 0x1b) = 0xa0a0a0a1 *  *_t180 >> 0x20 >> 5;
				_t186 = _t337 + 0x47; // 0x7ffa0aee373e
				 *(_t337 + 0x1b) =  *(_t337 + 0x1b) ^ 0x011f5083;
				 *(_t337 + 0x2f) = 0x99d9ae;
				 *(_t337 + 0x2f) =  *(_t337 + 0x2f) | 0xf7bcfc15;
				 *(_t337 + 0x2f) =  *(_t337 + 0x2f) ^ 0xf7bd46b7;
				 *(_t337 + 0x33) = 0xb22243;
				 *(_t337 + 0x33) =  *(_t337 + 0x33) + 0xffff5cda;
				 *(_t337 + 0x33) =  *(_t337 + 0x33) ^ 0x00bf2cb8;
				 *(_t337 + 0x1f) = 0x968f99;
				 *(_t337 + 0x1f) =  *(_t337 + 0x1f) << 7;
				 *(_t337 + 0x1f) =  *(_t337 + 0x1f) ^ 0x4b48463b;
				_t204 = _t337 + 0x1f; // 0x78b48e045894878
				 *((intOrPtr*)(_t340 + 0x78)) =  *_t204;
				_t206 = _t337 + 0x33; // 0x6cc1004a0c525024
				 *((intOrPtr*)(_t340 + 0x70)) =  *_t206;
				_t208 = _t337 + 0x3f; // 0xc70000dc69502474
				 *((long long*)(_t340 + 0x60)) =  *_t208;
				_t210 = _t337 + 0x2f; // 0xc52502444c7b045
				 *((intOrPtr*)(_t340 + 0x58)) =  *_t210;
				_t212 = _t337 + 0x1b; // 0x4589487824448d48
				 *((intOrPtr*)(_t340 + 0x50)) =  *_t212;
				_t214 = _t337 + 0x23; // 0xa8458948078b48e0
				 *((intOrPtr*)(_t340 + 0x48)) =  *_t214;
				_t216 = _t337 + 0x2b; // 0x44c7b0458908478b
				 *((intOrPtr*)(_t340 + 0x40)) =  *_t216;
				_t218 = _t337 + 0x27; // 0x8908478ba8458948
				 *((intOrPtr*)(_t340 + 0x38)) =  *_t218;
				_t220 = _t337 + 0x17; // 0x24448d4800000020
				_t345 =  *0xaee8210; // 0x0
				_t221 = _t337 + 0x47; // 0x6b0031a9a3402444
				r9d =  *_t221;
				 *((intOrPtr*)(_t340 + 0x30)) =  *_t220;
				 *((intOrPtr*)(_t340 + 0x28)) =  *((intOrPtr*)(_t334 + 8));
				 *((long long*)(_t340 + 0x20)) =  *_t334;
				_t282 = E00007FFA7FFA0AED5034(_t319,  *_t334, _t323, _t325, _t186, _t334, _t337,  *((intOrPtr*)(_t345 + 0x40)));
				 *(_t337 + 0x1f) = 0x64acbb;
				 *(_t337 + 0x1f) =  *(_t337 + 0x1f) + 0xffff937a;
				 *(_t337 + 0x1f) =  *(_t337 + 0x1f) ^ 0x00644035;
				_t232 = _t337 + 0x1f; // 0x78b48e045894878
				if (_t282 ==  *_t232) goto 0xaeddb29;
				if (0xfa5c4 == 0x6b888) goto 0xaeddb3b;
				goto 0xaedd744;
				_t233 = _t337 + 0x3f; // 0xc70000dc69502474
				 *_t331 =  *_t233;
				_t234 = _t337 + 0x47; // 0x6b0031a9a3402444
				 *((intOrPtr*)(_t331 + 8)) =  *_t234;
				return 1;
			}

0x7ffa0aedd710
0x7ffa0aedd710
0x7ffa0aedd710
0x7ffa0aedd713
0x7ffa0aedd717
0x7ffa0aedd71b
0x7ffa0aedd720
0x7ffa0aedd724
0x7ffa0aedd72b
0x7ffa0aedd72e
0x7ffa0aedd731
0x7ffa0aedd736
0x7ffa0aedd749
0x7ffa0aedd754
0x7ffa0aedd75f
0x7ffa0aedd76a
0x7ffa0aedd771
0x7ffa0aedd777
0x7ffa0aedd77e
0x7ffa0aedd785
0x7ffa0aedd78c
0x7ffa0aedd793
0x7ffa0aedd79a
0x7ffa0aedd7a1
0x7ffa0aedd7a8
0x7ffa0aedd7a8
0x7ffa0aedd7ac
0x7ffa0aedd7b3
0x7ffa0aedd7b8
0x7ffa0aedd7bd
0x7ffa0aedd7c9
0x7ffa0aedd7cd
0x7ffa0aedd7d5
0x7ffa0aedd7d8
0x7ffa0aedd7db
0x7ffa0aedd7e2
0x7ffa0aedd7e9
0x7ffa0aedd7f0
0x7ffa0aedd7f7
0x7ffa0aedd7fe
0x7ffa0aedd805
0x7ffa0aedd80c
0x7ffa0aedd813
0x7ffa0aedd81a
0x7ffa0aedd81e
0x7ffa0aedd825
0x7ffa0aedd82c
0x7ffa0aedd830
0x7ffa0aedd838
0x7ffa0aedd83c
0x7ffa0aedd843
0x7ffa0aedd84a
0x7ffa0aedd84e
0x7ffa0aedd855
0x7ffa0aedd85c
0x7ffa0aedd860
0x7ffa0aedd867
0x7ffa0aedd86e
0x7ffa0aedd871
0x7ffa0aedd875
0x7ffa0aedd87c
0x7ffa0aedd883
0x7ffa0aedd887
0x7ffa0aedd88e
0x7ffa0aedd895
0x7ffa0aedd89c
0x7ffa0aedd89c
0x7ffa0aedd8a7
0x7ffa0aedd8ae
0x7ffa0aedd8b1
0x7ffa0aedd8b8
0x7ffa0aedd8bb
0x7ffa0aedd8bf
0x7ffa0aedd8c2
0x7ffa0aedd8c6
0x7ffa0aedd8c9
0x7ffa0aedd8ce
0x7ffa0aedd8d2
0x7ffa0aedd8d5
0x7ffa0aedd8d9
0x7ffa0aedd8dc
0x7ffa0aedd8e0
0x7ffa0aedd8e3
0x7ffa0aedd8e7
0x7ffa0aedd8ea
0x7ffa0aedd8ee
0x7ffa0aedd8f1
0x7ffa0aedd8f1
0x7ffa0aedd8f5
0x7ffa0aedd8fc
0x7ffa0aedd907
0x7ffa0aedd90b
0x7ffa0aedd90e
0x7ffa0aedd913
0x7ffa0aedd918
0x7ffa0aedd91f
0x7ffa0aedd925
0x7ffa0aedd92c
0x7ffa0aedd933
0x7ffa0aedd938
0x7ffa0aedd943
0x7ffa0aedd94d
0x7ffa0aedd952
0x7ffa0aedd959
0x7ffa0aedd95d
0x7ffa0aedd965
0x7ffa0aedd96d
0x7ffa0aedd970
0x7ffa0aedd977
0x7ffa0aedd97e
0x7ffa0aedd985
0x7ffa0aedd98c
0x7ffa0aedd993
0x7ffa0aedd997
0x7ffa0aedd99a
0x7ffa0aedd9a1
0x7ffa0aedd9a8
0x7ffa0aedd9b8
0x7ffa0aedd9bb
0x7ffa0aedd9c0
0x7ffa0aedd9c7
0x7ffa0aedd9d2
0x7ffa0aedd9d7
0x7ffa0aedd9e3
0x7ffa0aedd9ea
0x7ffa0aedd9f1
0x7ffa0aedd9f8
0x7ffa0aedd9ff
0x7ffa0aedda06
0x7ffa0aedda0d
0x7ffa0aedda14
0x7ffa0aedda1b
0x7ffa0aedda22
0x7ffa0aedda29
0x7ffa0aedda2c
0x7ffa0aedda33
0x7ffa0aedda3a
0x7ffa0aedda3d
0x7ffa0aedda44
0x7ffa0aedda4c
0x7ffa0aedda4f
0x7ffa0aedda53
0x7ffa0aedda5a
0x7ffa0aedda61
0x7ffa0aedda68
0x7ffa0aedda6f
0x7ffa0aedda76
0x7ffa0aedda7d
0x7ffa0aedda84
0x7ffa0aedda8b
0x7ffa0aedda8f
0x7ffa0aedda96
0x7ffa0aedda99
0x7ffa0aedda9d
0x7ffa0aeddaa0
0x7ffa0aeddaa4
0x7ffa0aeddaa8
0x7ffa0aeddaad
0x7ffa0aeddab0
0x7ffa0aeddab4
0x7ffa0aeddab7
0x7ffa0aeddabb
0x7ffa0aeddabe
0x7ffa0aeddac2
0x7ffa0aeddac5
0x7ffa0aeddac9
0x7ffa0aeddacc
0x7ffa0aeddad0
0x7ffa0aeddad3
0x7ffa0aeddada
0x7ffa0aeddada
0x7ffa0aeddae2
0x7ffa0aeddae9
0x7ffa0aeddaf0
0x7ffa0aeddaf5
0x7ffa0aeddafa
0x7ffa0aeddb01
0x7ffa0aeddb0a
0x7ffa0aeddb11
0x7ffa0aeddb16
0x7ffa0aeddb22
0x7ffa0aeddb24
0x7ffa0aeddb29
0x7ffa0aeddb32
0x7ffa0aeddb35
0x7ffa0aeddb38
0x7ffa0aeddb55

Strings

y[M, xrefs: 00007FFA0AEDD9F1
#X, xrefs: 00007FFA0AEDD833
e'V?, xrefs: 00007FFA0AEDD875
X:, xrefs: 00007FFA0AEDD7BD
;FHK, xrefs: 00007FFA0AEDDA8F
1 , xrefs: 00007FFA0AEDD918
FMSb, xrefs: 00007FFA0AEDD813
5@d, xrefs: 00007FFA0AEDDB0A

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: #X$1 $5@d$;FHK$FMSb$X:$e'V?$y[M
API String ID: 0-2641518567
Opcode ID: 9aa702b7cb89aac2271ad607259d5d7628d7246e32efcfdf2df93c8e02102998
Instruction ID: 6953e0fe804d3a0fc5679ef9a7a3ab0147f35bffa7c2d3d37f3b53d55768bf7a
Opcode Fuzzy Hash: 9aa702b7cb89aac2271ad607259d5d7628d7246e32efcfdf2df93c8e02102998
Instruction Fuzzy Hash: 8ED1FFB3601640CFC3A8DF38D48999D3BA0F34975C741452AF74A87B58D7B8DAA9CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE1E88 Relevance: 9.5, Strings: 7, Instructions: 739
COMMONCrypto

Download Yara Rule

C-Code - Quality: 45%

			E00007FFA7FFA0AEE1E88(void* __ebx, void* __edi, void* __esp, signed long long __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, void* __r9, void* __r11) {
				void* __rsi;
				void* __rbp;
				void* _t803;
				signed int _t823;
				void* _t825;
				void* _t836;
				void* _t876;
				signed int _t891;
				signed int _t910;
				void* _t930;
				signed int _t984;
				void* _t1058;
				signed int _t1065;
				signed long long _t1083;
				signed long long _t1084;
				signed long long _t1086;
				signed long long _t1089;
				signed long long* _t1091;
				void* _t1103;
				void* _t1111;
				void* _t1113;
				void* _t1114;
				void* _t1116;
				void* _t1117;
				void* _t1133;
				intOrPtr* _t1134;
				void* _t1136;
				signed long long _t1138;
				void* _t1140;
				void* _t1147;

				_t1132 = __r11;
				_t1093 = __rcx;
				_t1088 = __rbx;
				_t1083 = __rax;
				_t1058 = __edi;
				 *((long long*)(_t1116 + 8)) = __rbx;
				 *((long long*)(_t1116 + 0x10)) = __rdx;
				_t1114 = _t1116 - 0xb0;
				_t1117 = _t1116 - 0x1b0;
				 *((intOrPtr*)(_t1117 + 0x78)) = 0x479d0;
				 *((intOrPtr*)(_t1114 - 0x7c)) = 0;
				 *((intOrPtr*)(_t1117 + 0x7c)) = 0xd8a1c;
				_t1134 = __rcx;
				 *((intOrPtr*)(_t1114 - 0x80)) = 0xb482;
				if (0x1a3ca - 0x72c42 > 0) goto 0xaee2309;
				if (0x1a3ca == 0x72c42) goto 0xaee226d;
				if (0x1a3ca == 0x1a3ca) goto 0xaee2263;
				if (0x1a3ca == 0x1afef) goto 0xaee21c0;
				if (0x1a3ca == 0x313d8) goto 0xaee1fb2;
				if (0x1a3ca == 0x6546f) goto 0xaee2d6a;
				if (0x1a3ca != 0x66d35) goto 0xaee2d5a;
				 *(_t1114 + 0x100) = 0xeba0c4;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0xfffffb30;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0xffff43ae;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) | 0x7c43d9f7;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x7ceb784a;
				 *(_t1114 + 0x108) = 0x5ebab;
				_t933 =  *(_t1114 + 0x108);
				_t1099 =  *(_t1114 + 0x100);
				 *(_t1114 + 0x108) = ( *(_t1114 + 0x108) - (0x29e4129f * _t933 >> 0x20) >> 1) + (0x29e4129f * _t933 >> 0x20) >> 6;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x0008e635;
				r8d =  *(_t1114 + 0x108);
				E00007FFA7FFA0AED89D0(__rax,  *(_t1114 + 0x100));
				r15d = 0;
				goto 0xaee2f95;
				 *(_t1114 + 0x108) = 0x1f22c4;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) * 0x21;
				 *(_t1114 + 0x108) = ( *(_t1114 + 0x108) - (0x2f684bdb *  *(_t1114 + 0x108) >> 0x20) >> 1) + (0x2f684bdb *  *(_t1114 + 0x108) >> 0x20) >> 6;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) * 0x61;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x039ad4b3;
				 *(_t1117 + 0x60) = 0x6af7b5;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) << 1;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) + 0xffff815f;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x00d570cd;
				 *(_t1117 + 0x68) = 0x6c1014;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) ^ 0x31043137;
				 *(_t1117 + 0x68) = ( *(_t1117 + 0x68) - (0x1f7047dd *  *(_t1117 + 0x68) >> 0x20) >> 1) + (0x1f7047dd *  *(_t1117 + 0x68) >> 0x20) >> 5;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) ^ 0x00d8c3a0;
				 *(_t1114 + 0x100) = 0x621d6f;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x109269d1;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0x9d26;
				 *(_t1114 + 0x100) = ( *(_t1114 + 0x100) - (0xaf286bcb *  *(_t1114 + 0x100) >> 0x20) >> 1) + (0xaf286bcb *  *(_t1114 + 0x100) >> 0x20) >> 5;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x0071adc1;
				 *(_t1117 + 0x64) = 0xf8f8f0;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) >> 4;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0x0003aba6;
				 *(_t1117 + 0x6c) = 0x2a1dc1;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) << 3;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) ^ 0x999f10fb;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) ^ 0x98c7509c;
				 *(_t1117 + 0x20) =  *(_t1117 + 0x60);
				_t803 = E00007FFA7FFA0AEE5608( *(_t1114 + 0x108),  *(_t1114 + 0x100), _t1147);
				 *(_t1117 + 0x68) = 0x2c5940;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) >> 0xe;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) + 0x82ce;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) ^ 0x0000b709;
				 *(_t1117 + 0x60) = 0x12a239;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) >> 0xe;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) * 0x21;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x000897e1;
				 *(_t1117 + 0x64) = 0xb37ab5;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0xec572e07;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0xece454ba;
				 *(_t1114 + 0x108) = 0x15d5b4;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) * 0x3b;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) >> 7;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x000a1081;
				 *(_t1114 + 0x100) = 0x8553c6;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) | 0x45680f23;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x8c7573e6;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0xc9982c03;
				r8d =  *(_t1114 + 0x100);
				r8d = r8d |  *(_t1114 + 0x108);
				r8d = r8d |  *(_t1117 + 0x64);
				 *(_t1117 + 0x20) =  *(_t1117 + 0x60);
				E00007FFA7FFA0AED7908(_t803, _t1083, __rbx, _t1093,  *(_t1114 + 0x100), _t1111, _t1114 + 0x30, __r11);
				goto 0xaee1eeb;
				 *(_t1114 + 0x108) = 0x93135;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) | 0xd78627b1;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) + 0x755e;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0xd7851373;
				 *(_t1117 + 0x64) = 0x3f2d52;
				_t143 = _t1117 + 0x64; // 0x3f2d52
				 *(_t1117 + 0x64) = 0xe6c2b449 *  *_t143 >> 0x20 >> 6;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0x000508f0;
				 *(_t1114 + 0x100) = 0xa8c030;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) | 0xfbffee5f;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0xfbfc0be1;
				 *(_t1117 + 0x28) =  *(_t1114 + 0x100);
				 *(_t1117 + 0x20) =  *(_t1117 + 0x64);
				E00007FFA7FFA0AEE5544( *((intOrPtr*)(_t1134 + 8)), _t1093,  *(_t1114 + 0x100),  *(_t1114 + 0x100),  *_t1134, _t1140, _t1136);
				goto 0xaee1eeb;
				goto 0xaee1eeb;
				 *(_t1117 + 0x64) = 0xd28ce7;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) << 9;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0xa517cf08;
				 *(_t1114 + 0x100) = 0xc9ef53;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0xf01c;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) >> 7;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) >> 4;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x0005906d;
				 *(_t1114 + 0x108) = 0xd4f4d3;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) * 0x3e;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) << 0xe;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0xd2c5617e;
				_t823 = E00007FFA7FFA0AEDDE9C(_t803 +  *((intOrPtr*)(_t1134 + 8)),  *(_t1114 + 0x108), _t1083);
				_t1138 = _t1083;
				_t1084 =  ~_t1083;
				asm("sbb eax, eax");
				_t825 = (_t823 & 0x00042977) + 0x66d35;
				goto 0xaee1eeb;
				if (_t825 == 0xa96ac) goto 0xaee2aef;
				if (_t825 == 0xaafd6) goto 0xaee279b;
				if (_t825 == 0xbedad) goto 0xaee2606;
				if (_t825 == 0xbfc47) goto 0xaee252e;
				if (_t825 != 0xed505) goto 0xaee2d5a;
				 *(_t1117 + 0x6c) = 0xd4a7a4;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) ^ 0x3549acd5;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) ^ 0x359d0b79;
				 *(_t1114 + 0x108) = 0xba7d0f;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) * 0x6e;
				 *(_t1114 + 0x108) = 0x38e38e39 *  *(_t1114 + 0x108) >> 0x20 >> 4;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) | 0xb8215c3c;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0xb93dfdbf;
				 *(_t1117 + 0x68) = 0x94692;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) >> 0xa;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) ^ 0x000b7353;
				 *(_t1117 + 0x60) = 0x73f952;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) | 0x276ea2f5;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x277b1090;
				 *(_t1114 + 0x100) = 0xd48e80;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) << 5;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) * 0x2f;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) * 0x61;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x2abc7728;
				 *(_t1117 + 0x64) = 0xba49fb;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0xd1f8606e;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0xd14bb20f;
				 *(_t1117 + 0x20) =  *(_t1114 + 0x108);
				_t836 = E00007FFA7FFA0AEE5608( *(_t1117 + 0x6c), _t1099, _t1133);
				 *(_t1117 + 0x68) = 0x4abfe7;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) | 0x5ea97ed0;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) ^ 0xd3c4c930;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) ^ 0x8d20fc5c;
				 *(_t1114 + 0x108) = 0x643b02;
				 *(_t1114 + 0x108) = ( *(_t1114 + 0x108) - (0x2f684bdb *  *(_t1114 + 0x108) >> 0x20) >> 1) + (0x2f684bdb *  *(_t1114 + 0x108) >> 0x20) >> 6;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) >> 9;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) | 0xc08d94b8;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0xc08f2112;
				 *(_t1114 + 0x100) = 0xc8f756;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0xffffe50a;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) << 0xb;
				 *(_t1114 + 0x100) = ( *(_t1114 + 0x100) - (0x58ed2309 *  *(_t1114 + 0x100) >> 0x20) >> 1) + (0x58ed2309 *  *(_t1114 + 0x100) >> 0x20) >> 6;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x00bf056b;
				 *(_t1117 + 0x60) = 0x1e3d4d;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) * 0x1a;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) | 0x53f5d905;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x53f7f9d6;
				r8d =  *(_t1117 + 0x60);
				r8d = r8d |  *(_t1114 + 0x100);
				 *(_t1117 + 0x20) =  *(_t1114 + 0x108);
				E00007FFA7FFA0AED7908(_t836, _t1084, _t1088, _t1093, _t1099, _t1111, _t1114 - 0x78, _t1132);
				goto 0xaee1eeb;
				 *(_t1114 + 0x100) = 0xdfc7ae;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) >> 2;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) >> 0xf;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) | 0xdbc0e3af;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0xdbc0a3ef;
				 *(_t1114 + 0x100) = 0x73cbb8;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0x7784;
				 *(_t1114 + 0x100) = _t1084 + _t1084 * 4 << 4;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0xffff0645;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x2455491b;
				 *(_t1117 + 0x64) = 0x84c375;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) << 8;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0x84cd918b;
				 *(_t1114 + 0x108) = 0x1fe37a;
				 *(_t1114 + 0x108) = 0x4ec4ec4f *  *(_t1114 + 0x108) >> 0x20 >> 5;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x000696b5;
				E00007FFA7FFA0AEDDE9C( *(_t1114 + 0x100), 0x4ec4ec4f *  *(_t1114 + 0x108) >> 0x20 >> 5, _t1084);
				if (_t1084 == 0) goto 0xaee2f95;
				goto 0xaee1eeb;
				 *(_t1114 + 0x108) = 0xedbc9c;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x9e31da19;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x775f710f;
				 *(_t1114 + 0x108) = 0xba2e8ba3 *  *(_t1114 + 0x108) >> 0x20 >> 6;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x02a6f10b;
				 *(_t1114 + 0x100) = 0xd83dd8;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) << 0xc;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) * 0x31;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0xd1b32d2f;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0xecddd39e;
				 *(_t1117 + 0x60) = 0xf5d1b7;
				 *(_t1117 + 0x60) = 0xa0a0a0a1 *  *(_t1117 + 0x60) >> 0x20 >> 6;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x0000ba78;
				 *(_t1117 + 0x64) = 0xa49325;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) >> 4;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0x0005fc9a;
				r9d =  *(_t1117 + 0x60);
				r8d =  *(_t1114 + 0x100);
				 *(_t1117 + 0x20) =  *(_t1117 + 0x64);
				E00007FFA7FFA0AEDE090(_t1084, _t1088, _t1093, 0x7ffa0aed13d4, _t1114, _t1132, _t1103, _t1111);
				r8d = 0x204;
				_t1089 = _t1084;
				E00007FFA7FFA0AED8B70( *(_t1114 + 0x108), 0x91ea2e78, _t1084, _t1113);
				 *_t1084();
				 *(_t1114 + 0x100) = 0xa244a8;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0xb69c8db1;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0x3102;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0xb638d3d2;
				 *(_t1117 + 0x60) = 0x4a5851;
				 *(_t1117 + 0x60) = _t1084 + _t1084 * 8 << 3;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x14e3a00f;
				 *(_t1117 + 0x64) = 0x990ab5;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) | 0x872d9169;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0x87b8db2c;
				 *(_t1114 + 0x108) = 0x5eb3f1;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x40c55d1c;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x409c0a53;
				r9d =  *(_t1117 + 0x64);
				 *(_t1117 + 0x20) =  *(_t1114 + 0x108);
				E00007FFA7FFA0AED4448( *(_t1117 + 0x60), _t1084, _t1089, _t1111, _t1089);
				goto 0xaee1eeb;
				 *(_t1117 + 0x64) = 0xbb8c3d;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) * 0x1d;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0x153ee2f9;
				 *(_t1117 + 0x6c) = 0xb9fcb3;
				 *(_t1117 + 0x6c) = 0xf0f0f0f1 *  *(_t1117 + 0x6c) >> 0x20 >> 5;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) * 0x2d;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) ^ 0x00f628bb;
				 *(_t1117 + 0x68) = 0xa3a817;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) << 5;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) >> 0xe;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) ^ 0x0009c3e3;
				 *(_t1114 + 0x100) = 0x3f7fee;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) | 0x71ea3142;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x82b1ee72;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0xffff5dd5;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0xf3406eb7;
				 *(_t1117 + 0x60) = 0x92ce66;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) | 0x932e34b2;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) >> 1;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x49d27fe4;
				 *(_t1114 + 0x108) = 0xc42da2;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0xe061cd65;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) | 0x343232d4;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0xf4b390b3;
				 *(_t1117 + 0x20) =  *(_t1117 + 0x6c);
				_t876 = E00007FFA7FFA0AEE5608( *(_t1117 + 0x64), 0x7ffa0aed13d4);
				 *(_t1114 + 0x100) = 0xaacf88;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) << 0x10;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0x7925;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) | 0x3c35a9f6;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0xffbdf9f7;
				_t984 =  *(_t1114 + 0x100);
				if (_t984 - _t876 >= 0) goto 0xaee28ee;
				memset(_t1058, 0x2d, _t876 - _t984);
				 *(_t1117 + 0x6c) = 0xf41cc3;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) + 0x6883;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) + 0x148a;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) << 0xf;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) ^ 0x4ce80010;
				 *(_t1117 + 0x68) = 0x231b97;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) ^ 0x2cd0d1a7;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) ^ 0x2cf3ca38;
				 *(_t1117 + 0x60) = 0x71dd08;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) + 0xffff3664;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) >> 7;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x00068d08;
				 *(_t1114 + 0x108) = 0x71f1a7;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) + 0xffff8874;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) + 0xffff6177;
				 *(_t1114 + 0x108) = 0xba2e8ba3 *  *(_t1114 + 0x108) >> 0x20 >> 6;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x0004a2a5;
				 *(_t1114 + 0x100) = 0x7fa2e1;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) | 0x2eb3f68e;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) << 1;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) * 0x73;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x39f8f4f2;
				 *(_t1117 + 0x64) = 0xc7fde9;
				 *(_t1117 + 0x64) = ( *(_t1117 + 0x64) - (0x1cf06adb *  *(_t1117 + 0x64) >> 0x20) >> 1) + (0x1cf06adb *  *(_t1117 + 0x64) >> 0x20) >> 6;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0x00023a50;
				 *(_t1117 + 0x20) =  *(_t1117 + 0x68);
				_t891 = E00007FFA7FFA0AEE5608( *(_t1117 + 0x6c), 0x7ffa0aed13d4);
				 *(_t1117 + 0x68) = 0x95fc79;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) >> 0xd;
				_t1065 = _t891;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) ^ 0x000737f4;
				 *(_t1117 + 0x64) = 0xda7653;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) << 5;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0x1b4128df;
				 *(_t1117 + 0x60) = 0xf37adf;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) * 0x75;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) + 0xed0f;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x6f4814f2;
				 *(_t1114 + 0x108) = 0xec9aae;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) << 0xf;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) * 0x2b;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x33641f1e;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0xcef91f1f;
				 *(_t1114 + 0x100) = 0xb27df8;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) | 0xb80ff888;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0xffffe4f3;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) * 0x25;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0xb3bbcbf5;
				r8d =  *(_t1114 + 0x100);
				r8d = r8d |  *(_t1114 + 0x108);
				r8d = r8d |  *(_t1117 + 0x60);
				 *(_t1117 + 0x20) =  *(_t1117 + 0x64);
				E00007FFA7FFA0AED7908(_t1065, _t1084, _t1089, _t1084, 0x7ffa0aed13d4, _t1111, _t1114 - 0x50 + 0xfff415da27a8, _t1132);
				goto 0xaee1eeb;
				 *(_t1114 + 0x100) = 0x814c32;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) >> 0xc;
				_t1090 = _t1089 + _t1138;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x31e6edac;
				 *((long long*)(_t1117 + 0x70)) = _t1089 + _t1138;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0xfa1fc990;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0xcbfe260e;
				 *(_t1114 + 0x108) = 0xaa9a3;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) * 0x25;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x0183b8be;
				r8d =  *(_t1114 + 0x108);
				E00007FFA7FFA0AED17A0(_t1084, _t1089 + _t1138, 0x7ffa0aed1424, _t1114, _t1132);
				 *(_t1117 + 0x68) = 0xf82906;
				r9d = _t1065;
				r9d = r9d - r13d;
				 *(_t1117 + 0x68) = 0x51eb851f *  *(_t1117 + 0x68) >> 0x20 >> 3;
				 *(_t1117 + 0x68) = ( *(_t1117 + 0x68) - (0x6c16c16d *  *(_t1117 + 0x68) >> 0x20) >> 1) + (0x6c16c16d *  *(_t1117 + 0x68) >> 0x20) >> 5;
				 *(_t1117 + 0x68) =  *(_t1117 + 0x68) ^ 0x000522b0;
				 *(_t1117 + 0x60) = 0x6de69;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) << 7;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) + 0xffffa17c;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x03679431;
				 *(_t1114 + 0x100) = 0x439eb9;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) * 0x29;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0xa19c;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) >> 7;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x0013451e;
				 *(_t1114 + 0x108) = 0xe3f80b;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) << 0xe;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) | 0xb297c4b3;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0xfe9157fe;
				 *(_t1117 + 0x64) = 0xea99cd;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0xae9c2c7d;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0xae714d4a;
				 *(_t1117 + 0x50) =  *(_t1117 + 0x64);
				 *(_t1117 + 0x48) =  *(_t1114 + 0x108);
				 *((long long*)(_t1117 + 0x40)) = _t1114 + 0x30;
				 *(_t1117 + 0x38) =  *(_t1114 + 0x100);
				_t910 =  *(_t1117 + 0x60);
				 *(_t1117 + 0x30) = _t910;
				_t1086 = _t1114 - 0x78;
				 *(_t1117 + 0x28) = _t1086;
				 *(_t1117 + 0x20) = _t1138;
				E00007FFA7FFA0AED4B8C();
				 *(_t1117 + 0x6c) = 0xe4f974;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) | 0x47826850;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) + 0x30cc;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) ^ 0xf4f013a2;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) ^ 0xb3154b19;
				 *(_t1114 + 0x108) = 0x6512db;
				 *(_t1114 + 0x108) = ( *(_t1114 + 0x108) - (0x446f8657 *  *(_t1114 + 0x108) >> 0x20) >> 1) + (0x446f8657 *  *(_t1114 + 0x108) >> 0x20) >> 6;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) >> 0xa;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) << 4;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x000df150;
				 *(_t1117 + 0x60) = 0xa27759;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) << 7;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) << 3;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x89dc0b2b;
				 *(_t1114 + 0x100) = 0x9ac4f2;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0xc8b6;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) | 0x755e36c4;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0x65ec;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x75e5f4b8;
				r9d =  *(_t1117 + 0x60);
				 *(_t1117 + 0x20) =  *(_t1114 + 0x100);
				E00007FFA7FFA0AED4448( *(_t1114 + 0x108), _t1086, _t1089 + _t1138, _t1111, _t1084);
				if (0x1afef == 0xcf325) goto 0xaee2f95;
				goto 0xaee1eeb;
				 *(_t1114 + 0x108) = 0xd6ed;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) << 0xf;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) >> 0xe;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x000098ed;
				 *(_t1114 + 0x100) = 0xe59bac;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) * 0x4a;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) >> 3;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0xffff0bf9;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x084844a1;
				r8d =  *(_t1114 + 0x100);
				E00007FFA7FFA0AED17A0(_t1086, _t1089 + _t1138, 0x7ffa0aed1344, _t1114, _t1132);
				 *(_t1117 + 0x6c) = 0x277b24;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) + 0x6dd2;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) * 0x4d;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) ^ 0x428ef496;
				 *(_t1117 + 0x6c) =  *(_t1117 + 0x6c) ^ 0x4e8881d2;
				 *(_t1114 + 0x108) = 0x709da3;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) * 0x7f;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) + 0x193d;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) * 0x5d;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x4bc8ac0b;
				 *(_t1117 + 0x60) = 0xda9034;
				 *(_t1117 + 0x60) = 0xae4c415d *  *(_t1117 + 0x60) >> 0x20 >> 5;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) * 0x2c;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x00c64378;
				 *(_t1114 + 0x100) = 0x607a08;
				 *(_t1114 + 0x100) = _t1086 + _t1086 * 4;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) + 0xffff714d;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x9b2bcc6e;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x9ac96da5;
				 *(_t1117 + 0x38) =  *(_t1114 + 0x100);
				r9d =  *(_t1114 + 0x108);
				 *(_t1117 + 0x30) = _t1086;
				 *(_t1117 + 0x28) =  *(_t1117 + 0x60);
				 *(_t1117 + 0x20) = _t910 + _t1138;
				E00007FFA7FFA0AED51DC();
				 *(_t1117 + 0x60) = 0x26e079;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) >> 8;
				 *(_t1117 + 0x60) =  *(_t1117 + 0x60) ^ 0x0001bddb;
				 *(_t1117 + 0x64) = 0x381b4;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) + 0xd2a8;
				 *(_t1117 + 0x64) =  *(_t1117 + 0x64) ^ 0x000800f5;
				 *(_t1114 + 0x108) = 0xae0340;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) << 6;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) | 0x79c41ded;
				 *(_t1114 + 0x108) =  *(_t1114 + 0x108) ^ 0x7bca5adb;
				 *(_t1114 + 0x100) = 0xa76a58;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) << 1;
				 *(_t1114 + 0x100) = ( *(_t1114 + 0x100) - (0x2f684bdb *  *(_t1114 + 0x100) >> 0x20) >> 1) + (0x2f684bdb *  *(_t1114 + 0x100) >> 0x20) >> 6;
				 *(_t1114 + 0x100) =  *(_t1114 + 0x100) ^ 0x000bb4e2;
				 *(_t1117 + 0x20) =  *(_t1114 + 0x100);
				r9d =  *(_t1114 + 0x108);
				_t930 = E00007FFA7FFA0AED4448( *(_t1117 + 0x64), _t1086, _t1090, _t1111, _t1086);
				_t1091 =  *((intOrPtr*)(_t1114 + 0xf8));
				r14d = r14d - r13d;
				 *_t1091 = _t1138;
				_t1091[1] = r14d;
				return _t930;
			}

0x7ffa0aee1e88
0x7ffa0aee1e88
0x7ffa0aee1e88
0x7ffa0aee1e88
0x7ffa0aee1e88
0x7ffa0aee1e88
0x7ffa0aee1e8d
0x7ffa0aee1e9d
0x7ffa0aee1ea5
0x7ffa0aee1ec9
0x7ffa0aee1ed1
0x7ffa0aee1ed4
0x7ffa0aee1edc
0x7ffa0aee1ee4
0x7ffa0aee1ef0
0x7ffa0aee1ef6
0x7ffa0aee1f01
0x7ffa0aee1f0c
0x7ffa0aee1f17
0x7ffa0aee1f22
0x7ffa0aee1f2d
0x7ffa0aee1f33
0x7ffa0aee1f42
0x7ffa0aee1f4c
0x7ffa0aee1f56
0x7ffa0aee1f60
0x7ffa0aee1f6a
0x7ffa0aee1f74
0x7ffa0aee1f82
0x7ffa0aee1f88
0x7ffa0aee1f8e
0x7ffa0aee1f98
0x7ffa0aee1fa5
0x7ffa0aee1faa
0x7ffa0aee1fad
0x7ffa0aee1fb2
0x7ffa0aee1fc3
0x7ffa0aee1fdf
0x7ffa0aee1fec
0x7ffa0aee1ff7
0x7ffa0aee2001
0x7ffa0aee2009
0x7ffa0aee200d
0x7ffa0aee2015
0x7ffa0aee201d
0x7ffa0aee2025
0x7ffa0aee2041
0x7ffa0aee2045
0x7ffa0aee204d
0x7ffa0aee2057
0x7ffa0aee2061
0x7ffa0aee207c
0x7ffa0aee2082
0x7ffa0aee208c
0x7ffa0aee2094
0x7ffa0aee2099
0x7ffa0aee20a1
0x7ffa0aee20a9
0x7ffa0aee20ae
0x7ffa0aee20b6
0x7ffa0aee20da
0x7ffa0aee20de
0x7ffa0aee20e3
0x7ffa0aee20eb
0x7ffa0aee20f2
0x7ffa0aee20fa
0x7ffa0aee2102
0x7ffa0aee210a
0x7ffa0aee2114
0x7ffa0aee2118
0x7ffa0aee2120
0x7ffa0aee2128
0x7ffa0aee2130
0x7ffa0aee2138
0x7ffa0aee2149
0x7ffa0aee214f
0x7ffa0aee2156
0x7ffa0aee2160
0x7ffa0aee216a
0x7ffa0aee2174
0x7ffa0aee217e
0x7ffa0aee2188
0x7ffa0aee2195
0x7ffa0aee21a2
0x7ffa0aee21ad
0x7ffa0aee21b1
0x7ffa0aee21bb
0x7ffa0aee21c0
0x7ffa0aee21d2
0x7ffa0aee21dc
0x7ffa0aee21e6
0x7ffa0aee21f0
0x7ffa0aee21f8
0x7ffa0aee2201
0x7ffa0aee2205
0x7ffa0aee220d
0x7ffa0aee2217
0x7ffa0aee2221
0x7ffa0aee2231
0x7ffa0aee2248
0x7ffa0aee224c
0x7ffa0aee225e
0x7ffa0aee2268
0x7ffa0aee2272
0x7ffa0aee227a
0x7ffa0aee2281
0x7ffa0aee2289
0x7ffa0aee2293
0x7ffa0aee229d
0x7ffa0aee22a4
0x7ffa0aee22ab
0x7ffa0aee22b5
0x7ffa0aee22c6
0x7ffa0aee22cc
0x7ffa0aee22d3
0x7ffa0aee22ed
0x7ffa0aee22f2
0x7ffa0aee22f5
0x7ffa0aee22f8
0x7ffa0aee22ff
0x7ffa0aee2304
0x7ffa0aee230e
0x7ffa0aee2319
0x7ffa0aee2324
0x7ffa0aee232f
0x7ffa0aee233a
0x7ffa0aee2340
0x7ffa0aee2348
0x7ffa0aee2350
0x7ffa0aee2358
0x7ffa0aee2369
0x7ffa0aee237f
0x7ffa0aee2385
0x7ffa0aee238f
0x7ffa0aee2399
0x7ffa0aee23a1
0x7ffa0aee23a6
0x7ffa0aee23ae
0x7ffa0aee23b6
0x7ffa0aee23be
0x7ffa0aee23c6
0x7ffa0aee23d0
0x7ffa0aee23de
0x7ffa0aee23eb
0x7ffa0aee23f1
0x7ffa0aee23fb
0x7ffa0aee2403
0x7ffa0aee240b
0x7ffa0aee242f
0x7ffa0aee2433
0x7ffa0aee2438
0x7ffa0aee2440
0x7ffa0aee244f
0x7ffa0aee245b
0x7ffa0aee2463
0x7ffa0aee2483
0x7ffa0aee2489
0x7ffa0aee2490
0x7ffa0aee249a
0x7ffa0aee24a4
0x7ffa0aee24ae
0x7ffa0aee24b8
0x7ffa0aee24d2
0x7ffa0aee24d8
0x7ffa0aee24e2
0x7ffa0aee24ef
0x7ffa0aee24f3
0x7ffa0aee24fb
0x7ffa0aee2503
0x7ffa0aee250e
0x7ffa0aee251b
0x7ffa0aee251f
0x7ffa0aee2529
0x7ffa0aee252e
0x7ffa0aee2538
0x7ffa0aee253f
0x7ffa0aee2546
0x7ffa0aee2550
0x7ffa0aee2560
0x7ffa0aee256a
0x7ffa0aee2585
0x7ffa0aee258b
0x7ffa0aee2595
0x7ffa0aee259f
0x7ffa0aee25a7
0x7ffa0aee25ac
0x7ffa0aee25b4
0x7ffa0aee25cb
0x7ffa0aee25d1
0x7ffa0aee25eb
0x7ffa0aee25f6
0x7ffa0aee2601
0x7ffa0aee2606
0x7ffa0aee2615
0x7ffa0aee261f
0x7ffa0aee2634
0x7ffa0aee263a
0x7ffa0aee2644
0x7ffa0aee264e
0x7ffa0aee265c
0x7ffa0aee2667
0x7ffa0aee2671
0x7ffa0aee267b
0x7ffa0aee268c
0x7ffa0aee2697
0x7ffa0aee269f
0x7ffa0aee26a7
0x7ffa0aee26ac
0x7ffa0aee26b8
0x7ffa0aee26bd
0x7ffa0aee26ca
0x7ffa0aee26ce
0x7ffa0aee26d8
0x7ffa0aee26de
0x7ffa0aee26e1
0x7ffa0aee26f2
0x7ffa0aee26f4
0x7ffa0aee2701
0x7ffa0aee270b
0x7ffa0aee2715
0x7ffa0aee271f
0x7ffa0aee2731
0x7ffa0aee2735
0x7ffa0aee273d
0x7ffa0aee2745
0x7ffa0aee274d
0x7ffa0aee2755
0x7ffa0aee275f
0x7ffa0aee2769
0x7ffa0aee2779
0x7ffa0aee2788
0x7ffa0aee278c
0x7ffa0aee2796
0x7ffa0aee279b
0x7ffa0aee27ac
0x7ffa0aee27b5
0x7ffa0aee27bd
0x7ffa0aee27ce
0x7ffa0aee27d7
0x7ffa0aee27db
0x7ffa0aee27e3
0x7ffa0aee27eb
0x7ffa0aee27f0
0x7ffa0aee27f5
0x7ffa0aee27fd
0x7ffa0aee2807
0x7ffa0aee2811
0x7ffa0aee281b
0x7ffa0aee2825
0x7ffa0aee282f
0x7ffa0aee2837
0x7ffa0aee283f
0x7ffa0aee2843
0x7ffa0aee284b
0x7ffa0aee2855
0x7ffa0aee285f
0x7ffa0aee2869
0x7ffa0aee288f
0x7ffa0aee2893
0x7ffa0aee2898
0x7ffa0aee28a2
0x7ffa0aee28a9
0x7ffa0aee28b3
0x7ffa0aee28bd
0x7ffa0aee28c7
0x7ffa0aee28cf
0x7ffa0aee28e3
0x7ffa0aee28ee
0x7ffa0aee28fb
0x7ffa0aee2903
0x7ffa0aee290b
0x7ffa0aee2910
0x7ffa0aee2918
0x7ffa0aee2920
0x7ffa0aee2928
0x7ffa0aee2930
0x7ffa0aee2938
0x7ffa0aee2940
0x7ffa0aee2945
0x7ffa0aee294d
0x7ffa0aee2957
0x7ffa0aee2961
0x7ffa0aee2976
0x7ffa0aee297c
0x7ffa0aee2986
0x7ffa0aee2990
0x7ffa0aee299a
0x7ffa0aee29a7
0x7ffa0aee29b2
0x7ffa0aee29bc
0x7ffa0aee29d3
0x7ffa0aee29d7
0x7ffa0aee29fb
0x7ffa0aee29ff
0x7ffa0aee2a04
0x7ffa0aee2a0c
0x7ffa0aee2a11
0x7ffa0aee2a16
0x7ffa0aee2a1e
0x7ffa0aee2a28
0x7ffa0aee2a2d
0x7ffa0aee2a35
0x7ffa0aee2a42
0x7ffa0aee2a46
0x7ffa0aee2a4e
0x7ffa0aee2a56
0x7ffa0aee2a60
0x7ffa0aee2a6e
0x7ffa0aee2a74
0x7ffa0aee2a7e
0x7ffa0aee2a88
0x7ffa0aee2a92
0x7ffa0aee2a9c
0x7ffa0aee2aad
0x7ffa0aee2ab3
0x7ffa0aee2abd
0x7ffa0aee2aca
0x7ffa0aee2ad1
0x7ffa0aee2adc
0x7ffa0aee2ae0
0x7ffa0aee2aea
0x7ffa0aee2aef
0x7ffa0aee2b02
0x7ffa0aee2b09
0x7ffa0aee2b0c
0x7ffa0aee2b16
0x7ffa0aee2b1b
0x7ffa0aee2b25
0x7ffa0aee2b2f
0x7ffa0aee2b40
0x7ffa0aee2b46
0x7ffa0aee2b50
0x7ffa0aee2b5d
0x7ffa0aee2b62
0x7ffa0aee2b6a
0x7ffa0aee2b79
0x7ffa0aee2b89
0x7ffa0aee2ba0
0x7ffa0aee2ba4
0x7ffa0aee2bac
0x7ffa0aee2bb4
0x7ffa0aee2bb9
0x7ffa0aee2bc1
0x7ffa0aee2bc9
0x7ffa0aee2bda
0x7ffa0aee2be0
0x7ffa0aee2bea
0x7ffa0aee2bf1
0x7ffa0aee2bfb
0x7ffa0aee2c05
0x7ffa0aee2c0c
0x7ffa0aee2c16
0x7ffa0aee2c20
0x7ffa0aee2c28
0x7ffa0aee2c30
0x7ffa0aee2c3c
0x7ffa0aee2c46
0x7ffa0aee2c4e
0x7ffa0aee2c59
0x7ffa0aee2c5d
0x7ffa0aee2c65
0x7ffa0aee2c69
0x7ffa0aee2c6d
0x7ffa0aee2c72
0x7ffa0aee2c77
0x7ffa0aee2c7c
0x7ffa0aee2c8c
0x7ffa0aee2c97
0x7ffa0aee2c9f
0x7ffa0aee2ca7
0x7ffa0aee2caf
0x7ffa0aee2ccd
0x7ffa0aee2cd3
0x7ffa0aee2cda
0x7ffa0aee2ce1
0x7ffa0aee2ceb
0x7ffa0aee2cf3
0x7ffa0aee2cf8
0x7ffa0aee2cfd
0x7ffa0aee2d05
0x7ffa0aee2d0f
0x7ffa0aee2d19
0x7ffa0aee2d23
0x7ffa0aee2d2d
0x7ffa0aee2d3d
0x7ffa0aee2d4c
0x7ffa0aee2d50
0x7ffa0aee2d5f
0x7ffa0aee2d65
0x7ffa0aee2d6a
0x7ffa0aee2d7b
0x7ffa0aee2d82
0x7ffa0aee2d89
0x7ffa0aee2d93
0x7ffa0aee2da4
0x7ffa0aee2daa
0x7ffa0aee2db1
0x7ffa0aee2dbb
0x7ffa0aee2dc5
0x7ffa0aee2dd2
0x7ffa0aee2dd7
0x7ffa0aee2de3
0x7ffa0aee2df3
0x7ffa0aee2df7
0x7ffa0aee2dff
0x7ffa0aee2e07
0x7ffa0aee2e18
0x7ffa0aee2e1e
0x7ffa0aee2e2f
0x7ffa0aee2e3a
0x7ffa0aee2e44
0x7ffa0aee2e55
0x7ffa0aee2e66
0x7ffa0aee2e6a
0x7ffa0aee2e72
0x7ffa0aee2e85
0x7ffa0aee2e8b
0x7ffa0aee2e95
0x7ffa0aee2e9f
0x7ffa0aee2eaf
0x7ffa0aee2eb7
0x7ffa0aee2ec2
0x7ffa0aee2ec7
0x7ffa0aee2ecb
0x7ffa0aee2ed0
0x7ffa0aee2ed5
0x7ffa0aee2edd
0x7ffa0aee2eea
0x7ffa0aee2ef2
0x7ffa0aee2efd
0x7ffa0aee2f05
0x7ffa0aee2f0d
0x7ffa0aee2f17
0x7ffa0aee2f1e
0x7ffa0aee2f28
0x7ffa0aee2f32
0x7ffa0aee2f3c
0x7ffa0aee2f53
0x7ffa0aee2f59
0x7ffa0aee2f69
0x7ffa0aee2f6d
0x7ffa0aee2f7f
0x7ffa0aee2f84
0x7ffa0aee2f8b
0x7ffa0aee2f8e
0x7ffa0aee2f91
0x7ffa0aee2fb2

Strings

#X, xrefs: 00007FFA0AEE2475
51, xrefs: 00007FFA0AEE21C0
${', xrefs: 00007FFA0AEE2DD7
@Y,, xrefs: 00007FFA0AEE20E3
B1q, xrefs: 00007FFA0AEE2807
R-?, xrefs: 00007FFA0AEE21F8
QXJ, xrefs: 00007FFA0AEE2727

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: #X$${'$51$@Y,$B1q$QXJ$R-?
API String ID: 0-3848596738
Opcode ID: c7c4747ea2bf34c958e5db17680486e085a4b90ce65dda4f6b98c81b0bf7c25e
Instruction ID: 7919ab5a226b8399df2c7101530eb4b559db564ee37ff5ec850fe8506cd34fb5
Opcode Fuzzy Hash: c7c4747ea2bf34c958e5db17680486e085a4b90ce65dda4f6b98c81b0bf7c25e
Instruction Fuzzy Hash: A692C7735083C18FC379DF35E8456DA7BA1F3A5748F108119E6C68AA68DBB8E684CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58BE50C Relevance: 9.1, APIs: 6, Instructions: 83
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E00007FF77FF7A58BE50C(void* __ecx, intOrPtr __edx, long long __rbx, long long __rsi) {
				void* _t36;
				int _t38;
				signed long long _t60;
				long long _t63;
				_Unknown_base(*)()* _t82;
				void* _t86;
				void* _t87;
				void* _t89;
				signed long long _t90;
				struct _EXCEPTION_POINTERS* _t95;

				 *((long long*)(_t89 + 0x10)) = __rbx;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t87 = _t89 - 0x4f0;
				_t90 = _t89 - 0x5f0;
				_t60 =  *0xa58fb008; // 0x485f0d1bb70c
				 *(_t87 + 0x4e0) = _t60 ^ _t90;
				if (__ecx == 0xffffffff) goto 0xa58be54b;
				E00007FF77FF7A588B560(_t36);
				r8d = 0x98;
				E00007FF77FF7A58B68A0();
				r8d = 0x4d0;
				E00007FF77FF7A58B68A0();
				 *((long long*)(_t90 + 0x48)) = _t90 + 0x70;
				_t63 = _t87 + 0x10;
				 *((long long*)(_t90 + 0x50)) = _t63;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t63 == 0) goto 0xa58be5de;
				 *(_t90 + 0x38) =  *(_t90 + 0x38) & 0x00000000;
				 *((long long*)(_t90 + 0x30)) = _t90 + 0x58;
				 *((long long*)(_t90 + 0x28)) = _t90 + 0x60;
				 *((long long*)(_t90 + 0x20)) = _t87 + 0x10;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t87 + 0x108)) =  *((intOrPtr*)(_t87 + 0x508));
				 *((intOrPtr*)(_t90 + 0x70)) = __edx;
				 *((long long*)(_t87 + 0xa8)) = _t87 + 0x510;
				 *((long long*)(_t87 - 0x80)) =  *((intOrPtr*)(_t87 + 0x508));
				 *((intOrPtr*)(_t90 + 0x74)) = r8d;
				_t38 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t82, _t86);
				if (UnhandledExceptionFilter(_t95) != 0) goto 0xa58be640;
				if (_t38 != 0) goto 0xa58be640;
				if (__ecx == 0xffffffff) goto 0xa58be640;
				return E00007FF77FF7A588AAD0(E00007FF77FF7A588B560(_t40), __ecx,  *(_t87 + 0x4e0) ^ _t90);
			}

0x7ff7a58be50c
0x7ff7a58be511
0x7ff7a58be51a
0x7ff7a58be522
0x7ff7a58be529
0x7ff7a58be533
0x7ff7a58be544
0x7ff7a58be546
0x7ff7a58be552
0x7ff7a58be558
0x7ff7a58be563
0x7ff7a58be569
0x7ff7a58be573
0x7ff7a58be57c
0x7ff7a58be580
0x7ff7a58be585
0x7ff7a58be59a
0x7ff7a58be59d
0x7ff7a58be5a6
0x7ff7a58be5a8
0x7ff7a58be5bb
0x7ff7a58be5c8
0x7ff7a58be5d1
0x7ff7a58be5d8
0x7ff7a58be5e5
0x7ff7a58be5f7
0x7ff7a58be5fb
0x7ff7a58be609
0x7ff7a58be60d
0x7ff7a58be611
0x7ff7a58be61b
0x7ff7a58be62e
0x7ff7a58be632
0x7ff7a58be637
0x7ff7a58be666

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF7A58BE585
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7A58BE59D
RtlVirtualUnwind.KERNEL32 ref: 00007FF7A58BE5D8
IsDebuggerPresent.KERNEL32 ref: 00007FF7A58BE611
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7A58BE61B
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7A58BE626

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: db83d2a2d63e62af5497dd7ee1a67d90bf0523f390a7ee49e3740f230fd28456
Instruction ID: 1c2ed5907ae5b64a540f328532d491feb5d2ce37dd58e350cba1419465b4727a
Opcode Fuzzy Hash: db83d2a2d63e62af5497dd7ee1a67d90bf0523f390a7ee49e3740f230fd28456
Instruction Fuzzy Hash: 9731A332609B8185DB60EF25E8402AEB3A4FB8AB54F850175EE8E43B64DF3CD155CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588EEF4 Relevance: 8.3, APIs: 2, Strings: 2, Instructions: 1327COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7A5889350: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A588937B
Part of subcall function 00007FF7A5889350: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58893A0
Part of subcall function 00007FF7A5889350: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58893CA
Part of subcall function 00007FF7A5889350: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A588945B

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5890015
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A589001B

Strings

$, xrefs: 00007FF7A588F36E
0123456789ABCDEFabcdef-+XxPp, xrefs: 00007FF7A588F019, 00007FF7A588F4BC, 00007FF7A588F82B, 00007FF7A588FAD5, 00007FF7A588FF21

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn
String ID: $$0123456789ABCDEFabcdef-+XxPp
API String ID: 4156930308-3344005635
Opcode ID: 96cc6ed31351ded2304c281336baf6e4706619fe95f74ed2879616fd12abeecd
Instruction ID: 2a3201b3683a0ffa15ab2024078053e89c66c2c5c2789a4c34b6cc179745e19c
Opcode Fuzzy Hash: 96cc6ed31351ded2304c281336baf6e4706619fe95f74ed2879616fd12abeecd
Instruction Fuzzy Hash: 78D2802260AA8589EB51AF29D15027CB761FB42FC5F9580B1DE5E077B5CF3DE862C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED9FD0 Relevance: 8.3, Strings: 6, Instructions: 751
COMMONCrypto

Download Yara Rule

C-Code - Quality: 20%

			E00007FFA7FFA0AED9FD0(void* __rcx) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				signed int _t850;
				signed long long _t868;
				signed int _t908;
				void* _t1050;
				void* _t1053;
				void* _t1055;
				void* _t1057;
				void* _t1061;
				signed long long _t1089;
				signed long long _t1090;
				signed int _t1093;
				signed long long _t1095;
				void* _t1097;
				void* _t1114;
				void* _t1115;
				void* _t1116;
				void* _t1117;
				intOrPtr _t1120;
				void* _t1129;
				void* _t1130;

				_t1115 = _t1116 - 0x27;
				_t1117 = _t1116 - 0x100;
				_t1130 = __rcx;
				 *(_t1115 + 0x6f) = 0x99ae6;
				r14d = 0;
				r12d = 0xcd738;
				if (0x3263e - 0xb1760 > 0) goto 0xaeda3f8;
				if (0x3263e == 0xb1760) goto 0xaeda37e;
				if (0x3263e == 0x3263e) goto 0xaeda374;
				if (0x3263e == 0x34d64) goto 0xaeda28e;
				if (0x3263e == 0x3bfb3) goto 0xaeda1a7;
				if (0x3263e == 0x3d299) goto 0xaedad68;
				if (0x3263e == 0x53f93) goto 0xaeda10a;
				if (0x3263e != 0x85b8a) goto 0xaedad57;
				 *(_t1115 + 0x7f) = 0x619f57;
				 *(_t1115 + 0x7f) = ( *(_t1115 + 0x7f) - (0xa6810a7 *  *(_t1115 + 0x7f) >> 0x20) >> 1) + (0xa6810a7 *  *(_t1115 + 0x7f) >> 0x20) >> 6;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x0000cb2e;
				 *(_t1115 + 0x77) = 0x827749;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x914370af;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x7888be9d;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0xe9400e88;
				 *(_t1115 + 0x6f) = 0x4df587;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xb89ba02d;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xe109;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xb8d735b2;
				r9d =  *(_t1115 + 0x6f);
				E00007FFA7FFA0AEE4DA8();
				 *(_t1115 + 0x6f) = 0xcfcc2f;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0xf9a92562;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) * 0x5f;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0xdcf7e1e0;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xdcfffdf1;
				_t1050 =  ==  ? 0xe79dd : r12d;
				goto 0xaeda009;
				 *(_t1115 + 0x77) = 0xf4fb34;
				 *(_t1115 + 0x77) = ( *(_t1115 + 0x77) - (0x24924925 *  *(_t1115 + 0x77) >> 0x20) >> 1) + (0x24924925 *  *(_t1115 + 0x77) >> 0x20) >> 6;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xf147;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x000e85d7;
				 *(_t1115 - 0x65) = 0x2ae7b0;
				 *(_t1115 - 0x65) =  *(_t1115 - 0x65) + 0xffff54a3;
				 *(_t1115 - 0x65) =  *(_t1115 - 0x65) ^ 0x002353c8;
				 *(_t1115 + 0x7f) = 0x2e7268;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x57b08565;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x579e2cd5;
				 *(_t1115 + 0x6f) = 0x7e3b44;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xaf15;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) * 0x6b;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0x92200ae1;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xb723f7c7;
				r9d =  *(_t1115 + 0x7f);
				r8d =  *(_t1115 - 0x65);
				 *(_t1117 + 0x20) =  *(_t1115 + 0x6f);
				E00007FFA7FFA0AEDCC90();
				goto 0xaeda009;
				 *(_t1115 + 0x6f) = 0x1c4b85;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) * 0x67;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x0b626383;
				 *(_t1115 - 0x59) =  *(_t1115 + 0x6f);
				 *(_t1115 - 0x65) = 0xbcda8e;
				 *(_t1115 - 0x65) =  *(_t1115 - 0x65) ^ 0x669cc3c9;
				 *(_t1115 - 0x65) =  *(_t1115 - 0x65) ^ 0x66201947;
				 *(_t1115 + 0x7f) = 0x21e1f1;
				 *(_t1115 + 0x7f) = 0xfc0fc0fd *  *(_t1115 + 0x7f) >> 0x20 >> 6;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) >> 3;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x0005e321;
				 *(_t1115 + 0x77) = 0x3f8856;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0x25b9;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) >> 0xc;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) * 0x37;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x0001deec;
				 *(_t1115 + 0x6f) = 0x4ecbff;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xe6cb;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) * 0xf;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0x6004;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x04a508dc;
				 *(_t1117 + 0x30) =  *(_t1115 - 0x65);
				 *(_t1117 + 0x28) =  *(_t1115 + 0x6f);
				r8d =  *(_t1115 - 0x59);
				 *(_t1117 + 0x20) =  *(_t1115 + 0x77);
				E00007FFA7FFA0AEE5308();
				 *(_t1115 + 0x6f) = 0x16720e;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) << 0xf;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) << 1;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x720e0000;
				_t1053 =  ==  ? 0x85b8a : 0x3d299;
				goto 0xaeda009;
				 *(_t1115 - 0x65) = 0xadbc7;
				 *(_t1115 - 0x65) = 0x4ec4ec4f *  *(_t1115 - 0x65) >> 0x20 >> 2;
				 *(_t1115 - 0x65) =  *(_t1115 - 0x65) ^ 0x0000d5d4;
				 *(_t1115 + 0x6f) = 0xae393c;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xc3dc1ee7;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0xf0e0a208;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xf95a87a8;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x0aa4638f;
				 *(_t1115 + 0x7f) = 0xb5f575;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) | 0xbba552ef;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0xd8b82b6c;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x630d8ad8;
				 *(_t1115 + 0x77) = 0x6938ee;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) | 0x960bd7a7;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xffffa7f9;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x9664a6f7;
				_t850 =  *(_t1115 + 0x77);
				r9d =  *(_t1115 - 0x65);
				r8d =  *(_t1115 + 0x7f);
				 *(_t1117 + 0x30) = _t850;
				 *(_t1117 + 0x28) =  *((intOrPtr*)(_t1115 - 0x41));
				_t1089 =  *((intOrPtr*)(_t1115 - 0x51));
				 *(_t1117 + 0x20) = _t1089;
				E00007FFA7FFA0AEE51C8();
				 *(_t1115 + 0x6f) = 0x231312;
				r8d = _t850;
				 *(_t1115 + 0x6f) = 0x2fa0be83 *  *(_t1115 + 0x6f) >> 0x20 >> 3;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xd19fd4e0;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xd19f0430;
				_t1055 =  ==  ? 0xbb689 : 0xb1760;
				goto 0xaeda00e;
				goto 0xaeda018;
				 *(_t1115 + 0x6f) = 0x264a28;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0x675dfffb;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x6776b83d;
				 *(_t1115 - 0x65) = 0x647387;
				 *(_t1115 - 0x65) = _t1089 + _t1089 * 2;
				 *(_t1115 - 0x65) =  *(_t1115 - 0x65) ^ 0x0123402f;
				 *(_t1115 + 0x7f) = 0x77c567;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) + 0x3754;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x0072136d;
				 *(_t1115 + 0x77) = 0xd79d5d;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x94f8482c;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x94230664;
				_t1090 =  *((intOrPtr*)(_t1115 - 0x41));
				r9d =  *(_t1115 + 0x77);
				r8d =  *(_t1115 + 0x7f);
				 *(_t1117 + 0x20) = _t1090;
				E00007FFA7FFA0AEE1664();
				_t1057 = r12d;
				goto 0xaeda009;
				if (_t1057 == 0xb5e97) goto 0xaeda9f0;
				if (_t1057 ==  *(_t1115 - 0x65)) goto 0xaeda9d2;
				if (_t1057 == r12d) goto 0xaeda950;
				if (_t1057 == 0xd99dc) goto 0xaeda72b;
				if (_t1057 != 0xe79dd) goto 0xaedad57;
				 *(_t1115 + 0x77) = 0xfce2c;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xbbfb;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) << 0xa;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xffffad90;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x42269f7f;
				 *(_t1115 + 0x6f) = 0xec6512;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xa0b4;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0xbf5bdffb;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xbff4b370;
				 *(_t1115 - 0x61) = 0x9b28d3;
				 *(_t1115 - 0x61) =  *(_t1115 - 0x61) + 0xe424;
				 *(_t1115 - 0x61) =  *(_t1115 - 0x61) ^ 0x6b3791f2;
				 *(_t1115 - 0x61) =  *(_t1115 - 0x61) ^ 0x6ba30a4c;
				 *(_t1115 + 0x7f) = 0x4a0c46;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) >> 0xa;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) + 0xbcf4;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x000019b9;
				r9d =  *(_t1115 - 0x61);
				r8d =  *(_t1115 + 0x6f);
				 *(_t1117 + 0x20) =  *(_t1115 + 0x7f);
				E00007FFA7FFA0AEDE090(_t1090, _t1097, _t1115 - 0x39, 0x7ffa0aed14a8, _t1115, _t1129);
				 *(_t1115 + 0x6f) = 0x80756e;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xffffe704;
				_t1098 = _t1090;
				 *(_t1115 + 0x6f) = 0x3531dec1 *  *(_t1115 + 0x6f) >> 0x20 >> 4;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0xa7f78c17;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xa7f7ae9f;
				 *(_t1115 - 0x59) =  *(_t1115 + 0x6f);
				 *(_t1115 + 0x77) = 0x99b7aa;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) >> 4;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xffff5533;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) | 0xce79f392;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0xce79f3bf;
				 *(_t1115 + 0x7f) = 0xe17694;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) >> 3;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) + 0xffffd2ed;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x001c2199;
				 *(_t1115 - 0x69) = 0xe947f;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) << 0xa;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) ^ 0x3a512abb;
				 *(_t1115 - 0x5d) = 0x1eb39b;
				 *(_t1115 - 0x5d) =  *(_t1115 - 0x5d) * 0x57;
				 *(_t1115 - 0x5d) =  *(_t1115 - 0x5d) ^ 0x0a66714b;
				 *(_t1115 - 0x61) = 0x4c607;
				 *(_t1115 - 0x61) =  *(_t1115 - 0x61) + 0xffff6210;
				 *(_t1115 - 0x61) =  *(_t1115 - 0x61) ^ 0x00011b78;
				 *(_t1115 + 0x6f) = 0xfdb087;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x728a7e8b;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) >> 1;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0x48554ddc;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x7977fbbd;
				 *(_t1115 - 0x65) = 0x16314f;
				 *(_t1115 - 0x65) = 0x5397829d *  *(_t1115 - 0x65) >> 0x20 >> 4;
				 *(_t1115 - 0x65) =  *(_t1115 - 0x65) ^ 0x000d8afa;
				 *(_t1117 + 0x60) =  *(_t1115 - 0x65);
				 *(_t1117 + 0x58) =  *(_t1115 + 0x6f);
				 *(_t1117 + 0x48) =  *(_t1115 + 0x77);
				 *(_t1117 + 0x40) = _t1115 - 0x59;
				 *(_t1117 + 0x38) =  *(_t1115 - 0x59);
				 *(_t1117 + 0x30) = _t1115 - 0x29;
				_t1093 =  *((intOrPtr*)(_t1115 - 0x51));
				 *(_t1117 + 0x28) = _t1093;
				_t868 =  *(_t1115 - 0x61);
				r9d =  *(_t1115 - 0x5d);
				r8d =  *(_t1115 - 0x69);
				 *(_t1117 + 0x20) = _t868;
				E00007FFA7FFA0AEDD5B8();
				 *(_t1115 + 0x6f) = 0xa0ee6d;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0xf1d31bdc;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xf1f3fffd;
				if (_t868 !=  *(_t1115 + 0x6f)) goto 0xaeda6ab;
				 *(_t1115 + 0x77) = 0x417f65;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) | 0xe7a1231a;
				 *(_t1115 + 0x77) = 0x4325c53f *  *(_t1115 + 0x77) >> 0x20 >> 4;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xf026;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x03c69b45;
				 *(_t1115 + 0x7f) = 0x7a2490;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) << 4;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) + 0xcd1f;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x07a8e201;
				 *(_t1115 + 0x6f) = 0x2d2e76;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xffff6b2b;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xd71f8441;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) * 0x4d;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xba5b0379;
				_t1120 =  *0xaee8210; // 0x0
				 *(_t1117 + 0x28) =  *(_t1115 + 0x6f);
				 *(_t1117 + 0x20) =  *(_t1115 + 0x7f);
				E00007FFA7FFA0AEE5544(0x40, _t1090, 0x7ffa0aed14a8, _t1120 + 0x50, _t1115 - 0x21);
				goto 0xaeda6ae;
				 *(_t1115 - 0x69) = 0xbcac82;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) ^ 0x8258d3ec;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) ^ 0x82e8ee61;
				 *(_t1115 + 0x6f) = 0x1667cc;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x5493a7a4;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xffffc265;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0x19824e71;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x5d8594ad;
				 *(_t1115 + 0x7f) = 0x1b5d0d;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) << 6;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x06d5af44;
				 *(_t1115 + 0x77) = 0x4bf2aa;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xffff9898;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x004a0a68;
				r9d =  *(_t1115 + 0x7f);
				 *(_t1117 + 0x20) =  *(_t1115 + 0x77);
				E00007FFA7FFA0AED4448( *(_t1115 + 0x6f), _t1093, _t1090, _t1114, _t1098);
				goto 0xaedad43;
				 *(_t1115 + 0x77) = 0x41ab6d;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) | 0x13b52711;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xdef4;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x13fdadbd;
				 *(_t1115 - 0x69) = 0x2184e;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) | 0x1d2a7887;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) ^ 0x1d2faaa0;
				 *(_t1115 + 0x6f) = 0x6e053a;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0x74eeb96d;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xee3147f1;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xffff204c;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x9ad63a94;
				 *(_t1115 + 0x7f) = 0xb8475a;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x118582f5;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x11378a04;
				r9d =  *(_t1115 + 0x6f);
				r8d =  *(_t1115 - 0x69);
				 *(_t1117 + 0x20) =  *(_t1115 + 0x7f);
				E00007FFA7FFA0AEDE090(_t1093, _t1098, _t1090, 0x7ffa0aed14a8, _t1115, _t1129);
				 *(_t1115 + 0x77) = 0x834721;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xffff8219;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xffffb4ca;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x00827e04;
				 *(_t1115 - 0x65) = 0x1947f6;
				 *(_t1115 - 0x65) =  *(_t1115 - 0x65) + 0xb796;
				 *(_t1115 - 0x65) =  *(_t1115 - 0x65) ^ 0x001480ad;
				 *(_t1115 - 0x5d) = 0x6b1971;
				 *(_t1115 - 0x5d) =  *(_t1115 - 0x5d) | 0x6b1ea919;
				 *(_t1115 - 0x5d) =  *(_t1115 - 0x5d) ^ 0x6b78f792;
				 *(_t1115 - 0x69) = 0xceec13;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) ^ 0x5a1ec81a;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) ^ 0x5ad16342;
				 *(_t1115 + 0x6f) = 0x6cd4e0;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) * 0x43;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0x2980872d;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xffff4594;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x3df105f6;
				 *(_t1115 + 0x7f) = 0xb7c04f;
				 *(_t1115 + 0x7f) = 0x3e0f83e1 *  *(_t1115 + 0x7f) >> 0x20 >> 4;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x000275cd;
				 *(_t1117 + 0x58) =  *(_t1115 + 0x7f);
				 *(_t1117 + 0x50) =  *(_t1115 + 0x77);
				 *(_t1117 + 0x48) =  *(_t1115 + 0x6f);
				r9d =  *(_t1115 - 0x5d);
				 *(_t1117 + 0x40) =  *(_t1115 - 0x69);
				 *(_t1117 + 0x38) =  *(_t1130 + 8);
				 *(_t1117 + 0x30) =  *((intOrPtr*)(_t1115 - 0x49));
				 *(_t1117 + 0x28) = _t1093;
				E00007FFA7FFA0AEE0EEC();
				 *(_t1115 + 0x6f) = 0xfab951;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) | 0x118b22d1;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x6128c135;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x70d37ae4;
				 *(_t1115 - 0x61) = 0xe8a9c1;
				_t1061 =  ==  ? 0x34d64 : r12d;
				 *(_t1115 - 0x61) =  *(_t1115 - 0x61) + 0xffff64f8;
				 *(_t1115 - 0x61) =  *(_t1115 - 0x61) >> 4;
				 *(_t1115 - 0x61) =  *(_t1115 - 0x61) ^ 0x000e2808;
				 *(_t1115 + 0x7f) = 0x1f8bbc;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) | 0x8a97ab84;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) + 0x7acc;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x8aa9ca11;
				 *(_t1115 + 0x77) = 0x809877;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) >> 0xd;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xffff9942;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0xfff76a06;
				 *(_t1115 + 0x6f) = 0xc5c47e;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xffff9d65;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xe77663a0;
				 *(_t1115 + 0x6f) = 0x22b63cbf *  *(_t1115 + 0x6f) >> 0x20 >> 3;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x03ebdf93;
				r9d =  *(_t1115 + 0x77);
				goto 0xaeda71a;
				 *(_t1115 - 0x69) = 0xb0b58d;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) + 0xfb02;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) ^ 0x00b06de9;
				 *(_t1115 + 0x77) = 0x638b15;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x070656d4;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) << 0xb;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x2ee293fc;
				 *(_t1115 + 0x7f) = 0x852218;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) * 0x49;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x25f6b0d3;
				 *(_t1115 + 0x6f) = 0x7dd58c;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xc92c;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) >> 4;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x0001f9a6;
				_t1095 =  *((intOrPtr*)(_t1115 - 0x51));
				r9d =  *(_t1115 + 0x6f);
				r8d =  *(_t1115 + 0x7f);
				 *(_t1117 + 0x20) = _t1095;
				E00007FFA7FFA0AEE1664();
				goto 0xaeda009;
				E00007FFA7FFA0AED250C( *((intOrPtr*)(_t1115 - 0x39)));
				r14d =  !=  ? 1 : r14d;
				goto 0xaeda009;
				 *(_t1115 - 0x69) = 0xe61f5d;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) + 0xffff676a;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) ^ 0x00e98047;
				 *(_t1115 + 0x7f) = 0xd9d4ce;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) << 0xd;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x3a98cb56;
				 *(_t1115 + 0x77) = 0xf2a75;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) << 2;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x00345617;
				 *(_t1115 + 0x6f) = 0xb8785b;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xffffc8da;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xffff44c3;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x00bacff1;
				r9d =  *(_t1115 + 0x77);
				r8d =  *(_t1115 + 0x7f);
				 *(_t1117 + 0x20) =  *(_t1115 + 0x6f);
				E00007FFA7FFA0AEDE090(_t1095, _t1093,  *((intOrPtr*)(_t1115 - 0x39)), 0x7ffa0aed15e8, _t1115, _t1129);
				 *(_t1115 + 0x77) = 0xba9ebf;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0xba1f5447;
				_t1100 = _t1095;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0xed5922e4;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xc7fc;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x57fb19ef;
				 *(_t1115 + 0x7f) = 0xeeb0ed;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) << 1;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) >> 1;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x00e8b37f;
				 *(_t1115 + 0x6f) = 0x8d96b1;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) >> 0xd;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) >> 5;
				 *(_t1115 + 0x6f) = ( *(_t1115 + 0x6f) - (0x8421085 *  *(_t1115 + 0x6f) >> 0x20) >> 1) + (0x8421085 *  *(_t1115 + 0x6f) >> 0x20) >> 6;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x000ec468;
				 *(_t1115 - 0x69) = 0x84d1bf;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) + 0xffff8f2c;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) ^ 0x008def79;
				r9d =  *(_t1115 + 0x6f);
				r8d =  *(_t1115 + 0x7f);
				 *(_t1117 + 0x20) =  *(_t1115 - 0x69);
				E00007FFA7FFA0AEDE090(_t1095, _t1095,  *((intOrPtr*)(_t1115 - 0x39)), 0x7ffa0aed14c8, _t1115, _t1129);
				 *(_t1115 + 0x7f) = 0x2e051c;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) + 0xffff54b6;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) * 0x6a;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x12c730f4;
				 *(_t1115 - 0x65) = 0xef59b0;
				 *(_t1115 - 0x65) =  *(_t1115 - 0x65) >> 4;
				 *(_t1115 - 0x65) =  *(_t1115 - 0x65) ^ 0x65220c38;
				 *(_t1115 - 0x65) =  *(_t1115 - 0x65) ^ 0x65250fe1;
				 *(_t1115 + 0x77) = 0x8ac8fe;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) | 0x14488d72;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) * 0x61;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0xffff2fee;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0xe0d545d4;
				 *(_t1115 - 0x61) = 0x923cab;
				 *(_t1115 - 0x61) = ( *(_t1115 - 0x61) - (0xa41a41a5 *  *(_t1115 - 0x61) >> 0x20) >> 1) + (0xa41a41a5 *  *(_t1115 - 0x61) >> 0x20) >> 5;
				 *(_t1115 - 0x61) =  *(_t1115 - 0x61) * 0x3c;
				 *(_t1115 - 0x61) =  *(_t1115 - 0x61) ^ 0x00edaa10;
				 *(_t1115 + 0x6f) = 0x821f18;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) << 6;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) * 0x3d;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x3f1df538;
				 *(_t1117 + 0x38) = _t1115 - 0x49;
				 *(_t1117 + 0x30) = _t1095;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0xff4d6314;
				 *(_t1117 + 0x28) =  *(_t1115 + 0x7f);
				_t908 =  *(_t1115 + 0x6f);
				r9d =  *(_t1115 - 0x61);
				 *(_t1117 + 0x20) = _t908;
				E00007FFA7FFA0AEE3D14();
				 *(_t1115 + 0x6f) = 0x96ad5e;
				_t980 =  *(_t1115 + 0x6f);
				r8d = _t908;
				 *(_t1115 + 0x6f) = ( *(_t1115 + 0x6f) - (0x8421085 * _t980 >> 0x20) >> 1) + (0x8421085 * _t980 >> 0x20) >> 5;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) >> 8;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) << 0xa;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x0009b800;
				 *(_t1115 + 0x7f) = 0x803388;
				_t1066 =  ==  ? 0x3bfb3 : 0xe91a9;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) | 0x847b9b40;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) + 0xecb8;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x84f3c5d9;
				 *(_t1115 + 0x77) = 0x1ae7ca;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) + 0x33c;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) << 0xc;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0xaeb3bc7a;
				 *(_t1115 - 0x69) = 0x7d658d;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) << 0xa;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) ^ 0xf592e4df;
				 *(_t1115 + 0x6f) = 0x3096c2;
				 *(_t1115 + 0x6f) = ( *(_t1115 + 0x6f) - (0x18118119 *  *(_t1115 + 0x6f) >> 0x20) >> 1) + (0x18118119 *  *(_t1115 + 0x6f) >> 0x20) >> 6;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0xffffd537;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x0000ac7f;
				r9d =  *(_t1115 - 0x69);
				 *(_t1117 + 0x20) =  *(_t1115 + 0x6f);
				E00007FFA7FFA0AED4448( *(_t1115 + 0x77), _t1115 - 0x49, _t1095, _t1114, _t1095);
				 *(_t1115 - 0x69) = 0xbb092;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) + 0xffff1775;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) ^ 0x000be4ad;
				 *(_t1115 + 0x77) = 0x71ed7e;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) << 0x10;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) << 5;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) | 0x98d13a3f;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0xbfdb4377;
				 *(_t1115 + 0x7f) = 0x8285f5;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) * 0xb;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) + 0x11c4;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x05951b4e;
				 *(_t1115 + 0x6f) = 0xbb98d3;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) + 0x28ba;
				 *(_t1115 + 0x6f) = 0xfc0fc0fd *  *(_t1115 + 0x6f) >> 0x20 >> 6;
				 *(_t1115 + 0x6f) = ( *(_t1115 + 0x6f) - (0x323e34a3 *  *(_t1115 + 0x6f) >> 0x20) >> 1) + (0x323e34a3 *  *(_t1115 + 0x6f) >> 0x20) >> 6;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x0008dbba;
				r9d =  *(_t1115 + 0x7f);
				 *(_t1117 + 0x20) =  *(_t1115 + 0x6f);
				E00007FFA7FFA0AED4448( *(_t1115 + 0x77), _t1115 - 0x49, _t1100, _t1114, _t1095);
				_t1086 = ( ==  ? 0x3bfb3 : 0xe91a9) - 0xe91a9;
				if (( ==  ? 0x3bfb3 : 0xe91a9) == 0xe91a9) goto 0xaedae15;
				goto 0xaeda018;
				 *(_t1115 - 0x69) = 0x637387;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) | 0xc1b36b56;
				 *(_t1115 - 0x69) =  *(_t1115 - 0x69) ^ 0xc1f37bd7;
				 *(_t1115 - 0x5d) = 0x3d2b45;
				 *(_t1115 - 0x5d) =  *(_t1115 - 0x5d) << 0x10;
				 *(_t1115 - 0x5d) =  *(_t1115 - 0x5d) ^ 0x2b4ffd26;
				 *(_t1115 + 0x77) = 0x491753;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) * 0x42;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) >> 7;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) | 0x42bd5a6e;
				 *(_t1115 + 0x77) =  *(_t1115 + 0x77) ^ 0x42bf3f1e;
				 *(_t1115 + 0x7f) = 0x514fc;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) + 0xffff9b7d;
				 *(_t1115 + 0x7f) =  *(_t1115 + 0x7f) ^ 0x00065f30;
				 *(_t1115 + 0x6f) = 0x734ebe;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) << 6;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x492047e7;
				 *(_t1115 + 0x6f) = ( *(_t1115 + 0x6f) - (0x2f684bdb *  *(_t1115 + 0x6f) >> 0x20) >> 1) + (0x2f684bdb *  *(_t1115 + 0x6f) >> 0x20) >> 5;
				 *(_t1115 + 0x6f) =  *(_t1115 + 0x6f) ^ 0x01922003;
				 *(_t1117 + 0x28) =  *(_t1115 + 0x6f);
				r9d =  *(_t1115 + 0x77);
				r8d =  *(_t1115 - 0x69);
				 *(_t1117 + 0x20) =  *(_t1115 + 0x7f);
				E00007FFA7FFA0AEDBE3C();
				return r14d;
			}

0x7ffa0aed9fdb
0x7ffa0aed9fe0
0x7ffa0aed9fe7
0x7ffa0aed9fea
0x7ffa0aed9ff1
0x7ffa0aeda003
0x7ffa0aeda01e
0x7ffa0aeda024
0x7ffa0aeda030
0x7ffa0aeda038
0x7ffa0aeda040
0x7ffa0aeda04c
0x7ffa0aeda058
0x7ffa0aeda060
0x7ffa0aeda066
0x7ffa0aeda080
0x7ffa0aeda083
0x7ffa0aeda08a
0x7ffa0aeda091
0x7ffa0aeda098
0x7ffa0aeda09f
0x7ffa0aeda0a6
0x7ffa0aeda0ad
0x7ffa0aeda0b4
0x7ffa0aeda0bb
0x7ffa0aeda0c2
0x7ffa0aeda0d0
0x7ffa0aeda0d5
0x7ffa0aeda0df
0x7ffa0aeda0ec
0x7ffa0aeda0ef
0x7ffa0aeda0f6
0x7ffa0aeda102
0x7ffa0aeda105
0x7ffa0aeda10a
0x7ffa0aeda124
0x7ffa0aeda127
0x7ffa0aeda12e
0x7ffa0aeda135
0x7ffa0aeda13c
0x7ffa0aeda143
0x7ffa0aeda14a
0x7ffa0aeda151
0x7ffa0aeda158
0x7ffa0aeda15f
0x7ffa0aeda166
0x7ffa0aeda171
0x7ffa0aeda174
0x7ffa0aeda17b
0x7ffa0aeda185
0x7ffa0aeda189
0x7ffa0aeda194
0x7ffa0aeda198
0x7ffa0aeda1a2
0x7ffa0aeda1a7
0x7ffa0aeda1b2
0x7ffa0aeda1b5
0x7ffa0aeda1bf
0x7ffa0aeda1c2
0x7ffa0aeda1ce
0x7ffa0aeda1d5
0x7ffa0aeda1dc
0x7ffa0aeda1eb
0x7ffa0aeda1f2
0x7ffa0aeda1f6
0x7ffa0aeda1fd
0x7ffa0aeda204
0x7ffa0aeda20b
0x7ffa0aeda213
0x7ffa0aeda216
0x7ffa0aeda21d
0x7ffa0aeda224
0x7ffa0aeda22f
0x7ffa0aeda232
0x7ffa0aeda239
0x7ffa0aeda243
0x7ffa0aeda24a
0x7ffa0aeda258
0x7ffa0aeda25c
0x7ffa0aeda260
0x7ffa0aeda265
0x7ffa0aeda271
0x7ffa0aeda277
0x7ffa0aeda27a
0x7ffa0aeda286
0x7ffa0aeda289
0x7ffa0aeda28e
0x7ffa0aeda2a6
0x7ffa0aeda2a9
0x7ffa0aeda2b0
0x7ffa0aeda2b7
0x7ffa0aeda2be
0x7ffa0aeda2c5
0x7ffa0aeda2cc
0x7ffa0aeda2d3
0x7ffa0aeda2da
0x7ffa0aeda2e1
0x7ffa0aeda2e8
0x7ffa0aeda2ef
0x7ffa0aeda2f6
0x7ffa0aeda2fd
0x7ffa0aeda304
0x7ffa0aeda30b
0x7ffa0aeda30e
0x7ffa0aeda312
0x7ffa0aeda319
0x7ffa0aeda321
0x7ffa0aeda326
0x7ffa0aeda32a
0x7ffa0aeda32f
0x7ffa0aeda334
0x7ffa0aeda33e
0x7ffa0aeda350
0x7ffa0aeda353
0x7ffa0aeda35a
0x7ffa0aeda36c
0x7ffa0aeda36f
0x7ffa0aeda379
0x7ffa0aeda37e
0x7ffa0aeda385
0x7ffa0aeda38c
0x7ffa0aeda393
0x7ffa0aeda3a0
0x7ffa0aeda3a3
0x7ffa0aeda3aa
0x7ffa0aeda3b1
0x7ffa0aeda3b8
0x7ffa0aeda3bf
0x7ffa0aeda3c6
0x7ffa0aeda3cd
0x7ffa0aeda3d4
0x7ffa0aeda3d8
0x7ffa0aeda3dc
0x7ffa0aeda3e6
0x7ffa0aeda3eb
0x7ffa0aeda3f0
0x7ffa0aeda3f3
0x7ffa0aeda3fe
0x7ffa0aeda406
0x7ffa0aeda40f
0x7ffa0aeda41b
0x7ffa0aeda423
0x7ffa0aeda429
0x7ffa0aeda437
0x7ffa0aeda43e
0x7ffa0aeda442
0x7ffa0aeda449
0x7ffa0aeda450
0x7ffa0aeda457
0x7ffa0aeda45e
0x7ffa0aeda465
0x7ffa0aeda46c
0x7ffa0aeda473
0x7ffa0aeda47a
0x7ffa0aeda481
0x7ffa0aeda488
0x7ffa0aeda48f
0x7ffa0aeda493
0x7ffa0aeda49a
0x7ffa0aeda4a4
0x7ffa0aeda4a8
0x7ffa0aeda4af
0x7ffa0aeda4b3
0x7ffa0aeda4b8
0x7ffa0aeda4bf
0x7ffa0aeda4c6
0x7ffa0aeda4d6
0x7ffa0aeda4d9
0x7ffa0aeda4e0
0x7ffa0aeda4ea
0x7ffa0aeda4ed
0x7ffa0aeda4f4
0x7ffa0aeda4f8
0x7ffa0aeda4ff
0x7ffa0aeda506
0x7ffa0aeda50d
0x7ffa0aeda514
0x7ffa0aeda518
0x7ffa0aeda51f
0x7ffa0aeda526
0x7ffa0aeda52d
0x7ffa0aeda531
0x7ffa0aeda538
0x7ffa0aeda543
0x7ffa0aeda54b
0x7ffa0aeda552
0x7ffa0aeda559
0x7ffa0aeda560
0x7ffa0aeda567
0x7ffa0aeda56e
0x7ffa0aeda575
0x7ffa0aeda578
0x7ffa0aeda57f
0x7ffa0aeda586
0x7ffa0aeda595
0x7ffa0aeda598
0x7ffa0aeda5a2
0x7ffa0aeda5a9
0x7ffa0aeda5b0
0x7ffa0aeda5b8
0x7ffa0aeda5c0
0x7ffa0aeda5c8
0x7ffa0aeda5cd
0x7ffa0aeda5d1
0x7ffa0aeda5d6
0x7ffa0aeda5d9
0x7ffa0aeda5dd
0x7ffa0aeda5e7
0x7ffa0aeda5eb
0x7ffa0aeda5f0
0x7ffa0aeda5f7
0x7ffa0aeda600
0x7ffa0aeda60c
0x7ffa0aeda612
0x7ffa0aeda622
0x7ffa0aeda636
0x7ffa0aeda639
0x7ffa0aeda640
0x7ffa0aeda647
0x7ffa0aeda64e
0x7ffa0aeda652
0x7ffa0aeda659
0x7ffa0aeda660
0x7ffa0aeda667
0x7ffa0aeda66e
0x7ffa0aeda679
0x7ffa0aeda67c
0x7ffa0aeda683
0x7ffa0aeda691
0x7ffa0aeda69b
0x7ffa0aeda69f
0x7ffa0aeda6a9
0x7ffa0aeda6ae
0x7ffa0aeda6b5
0x7ffa0aeda6bc
0x7ffa0aeda6c3
0x7ffa0aeda6ca
0x7ffa0aeda6d1
0x7ffa0aeda6d8
0x7ffa0aeda6df
0x7ffa0aeda6e6
0x7ffa0aeda6ed
0x7ffa0aeda6f1
0x7ffa0aeda6f8
0x7ffa0aeda6ff
0x7ffa0aeda706
0x7ffa0aeda710
0x7ffa0aeda71d
0x7ffa0aeda721
0x7ffa0aeda726
0x7ffa0aeda72b
0x7ffa0aeda739
0x7ffa0aeda740
0x7ffa0aeda747
0x7ffa0aeda74e
0x7ffa0aeda755
0x7ffa0aeda75c
0x7ffa0aeda763
0x7ffa0aeda76a
0x7ffa0aeda771
0x7ffa0aeda778
0x7ffa0aeda77f
0x7ffa0aeda786
0x7ffa0aeda78d
0x7ffa0aeda794
0x7ffa0aeda79e
0x7ffa0aeda7a2
0x7ffa0aeda7a9
0x7ffa0aeda7ad
0x7ffa0aeda7b2
0x7ffa0aeda7b9
0x7ffa0aeda7c3
0x7ffa0aeda7ca
0x7ffa0aeda7d1
0x7ffa0aeda7d8
0x7ffa0aeda7df
0x7ffa0aeda7e6
0x7ffa0aeda7ed
0x7ffa0aeda7f4
0x7ffa0aeda7fb
0x7ffa0aeda802
0x7ffa0aeda809
0x7ffa0aeda810
0x7ffa0aeda81b
0x7ffa0aeda823
0x7ffa0aeda82a
0x7ffa0aeda831
0x7ffa0aeda838
0x7ffa0aeda847
0x7ffa0aeda84e
0x7ffa0aeda858
0x7ffa0aeda85f
0x7ffa0aeda866
0x7ffa0aeda86d
0x7ffa0aeda877
0x7ffa0aeda87f
0x7ffa0aeda887
0x7ffa0aeda88c
0x7ffa0aeda891
0x7ffa0aeda896
0x7ffa0aeda8a2
0x7ffa0aeda8a9
0x7ffa0aeda8b0
0x7ffa0aeda8ba
0x7ffa0aeda8c8
0x7ffa0aeda8cb
0x7ffa0aeda8d2
0x7ffa0aeda8d6
0x7ffa0aeda8dd
0x7ffa0aeda8e9
0x7ffa0aeda8f0
0x7ffa0aeda8f7
0x7ffa0aeda8fe
0x7ffa0aeda905
0x7ffa0aeda909
0x7ffa0aeda910
0x7ffa0aeda917
0x7ffa0aeda91e
0x7ffa0aeda925
0x7ffa0aeda934
0x7ffa0aeda937
0x7ffa0aeda941
0x7ffa0aeda94b
0x7ffa0aeda950
0x7ffa0aeda957
0x7ffa0aeda95e
0x7ffa0aeda965
0x7ffa0aeda96c
0x7ffa0aeda973
0x7ffa0aeda977
0x7ffa0aeda97e
0x7ffa0aeda989
0x7ffa0aeda98c
0x7ffa0aeda993
0x7ffa0aeda99a
0x7ffa0aeda9a1
0x7ffa0aeda9a5
0x7ffa0aeda9ac
0x7ffa0aeda9b0
0x7ffa0aeda9b4
0x7ffa0aeda9be
0x7ffa0aeda9c3
0x7ffa0aeda9cd
0x7ffa0aeda9d6
0x7ffa0aeda9e7
0x7ffa0aeda9eb
0x7ffa0aeda9f0
0x7ffa0aeda9fe
0x7ffa0aedaa05
0x7ffa0aedaa0c
0x7ffa0aedaa13
0x7ffa0aedaa17
0x7ffa0aedaa1e
0x7ffa0aedaa25
0x7ffa0aedaa29
0x7ffa0aedaa30
0x7ffa0aedaa37
0x7ffa0aedaa3e
0x7ffa0aedaa45
0x7ffa0aedaa4f
0x7ffa0aedaa53
0x7ffa0aedaa5a
0x7ffa0aedaa5e
0x7ffa0aedaa63
0x7ffa0aedaa6f
0x7ffa0aedaa76
0x7ffa0aedaa7b
0x7ffa0aedaa82
0x7ffa0aedaa89
0x7ffa0aedaa90
0x7ffa0aedaa97
0x7ffa0aedaa9a
0x7ffa0aedaa9d
0x7ffa0aedaaa4
0x7ffa0aedaaab
0x7ffa0aedaaaf
0x7ffa0aedaac8
0x7ffa0aedaacb
0x7ffa0aedaad2
0x7ffa0aedaad9
0x7ffa0aedaae0
0x7ffa0aedaaea
0x7ffa0aedaaee
0x7ffa0aedaaf5
0x7ffa0aedaaf9
0x7ffa0aedaafe
0x7ffa0aedab05
0x7ffa0aedab13
0x7ffa0aedab16
0x7ffa0aedab1d
0x7ffa0aedab24
0x7ffa0aedab28
0x7ffa0aedab2f
0x7ffa0aedab36
0x7ffa0aedab3d
0x7ffa0aedab48
0x7ffa0aedab50
0x7ffa0aedab57
0x7ffa0aedab5e
0x7ffa0aedab73
0x7ffa0aedab7a
0x7ffa0aedab7d
0x7ffa0aedab84
0x7ffa0aedab8e
0x7ffa0aedab96
0x7ffa0aedab9d
0x7ffa0aedaba4
0x7ffa0aedaba9
0x7ffa0aedabae
0x7ffa0aedabb8
0x7ffa0aedabbc
0x7ffa0aedabbf
0x7ffa0aedabc9
0x7ffa0aedabcd
0x7ffa0aedabd2
0x7ffa0aedabd9
0x7ffa0aedabdc
0x7ffa0aedabf1
0x7ffa0aedabf4
0x7ffa0aedabf8
0x7ffa0aedabfc
0x7ffa0aedac06
0x7ffa0aedac18
0x7ffa0aedac1b
0x7ffa0aedac27
0x7ffa0aedac2e
0x7ffa0aedac35
0x7ffa0aedac3c
0x7ffa0aedac43
0x7ffa0aedac47
0x7ffa0aedac4e
0x7ffa0aedac55
0x7ffa0aedac59
0x7ffa0aedac60
0x7ffa0aedac75
0x7ffa0aedac78
0x7ffa0aedac7f
0x7ffa0aedac89
0x7ffa0aedac93
0x7ffa0aedac97
0x7ffa0aedac9c
0x7ffa0aedaca3
0x7ffa0aedacaa
0x7ffa0aedacb1
0x7ffa0aedacb8
0x7ffa0aedacbc
0x7ffa0aedacc0
0x7ffa0aedacc7
0x7ffa0aedacce
0x7ffa0aedacd9
0x7ffa0aedacdc
0x7ffa0aedace3
0x7ffa0aedacea
0x7ffa0aedacf1
0x7ffa0aedad0d
0x7ffa0aedad1e
0x7ffa0aedad21
0x7ffa0aedad2b
0x7ffa0aedad35
0x7ffa0aedad39
0x7ffa0aedad57
0x7ffa0aedad5d
0x7ffa0aedad63
0x7ffa0aedad68
0x7ffa0aedad6f
0x7ffa0aedad76
0x7ffa0aedad7d
0x7ffa0aedad84
0x7ffa0aedad88
0x7ffa0aedad8f
0x7ffa0aedad9a
0x7ffa0aedada2
0x7ffa0aedada6
0x7ffa0aedadad
0x7ffa0aedadb4
0x7ffa0aedadbb
0x7ffa0aedadc2
0x7ffa0aedadc9
0x7ffa0aedadd0
0x7ffa0aedadd4
0x7ffa0aedade9
0x7ffa0aedadec
0x7ffa0aedadf6
0x7ffa0aedadfd
0x7ffa0aedae01
0x7ffa0aedae08
0x7ffa0aedae10
0x7ffa0aedae29

Strings

hr., xrefs: 00007FFA0AEDA14A
Kqf, xrefs: 00007FFA0AEDA54B
"Y, xrefs: 00007FFA0AEDAA7B
E+=, xrefs: 00007FFA0AEDAD7D
G I, xrefs: 00007FFA0AEDADD4
~q, xrefs: 00007FFA0AEDACB1

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: E+=$Kqf$hr.$~q$"Y$G I
API String ID: 0-2742558688
Opcode ID: b85ff3bf1686a4d8a94328c59c0b615ddad87730a04084ce455a5c071a41a20f
Instruction ID: 43a0420168d10f8b39e5f8f48ed13387402c2943a10e9aabe4f7c691e81421a1
Opcode Fuzzy Hash: b85ff3bf1686a4d8a94328c59c0b615ddad87730a04084ce455a5c071a41a20f
Instruction Fuzzy Hash: 49920277A06344CFD358DF78D18A49D3BF1F75534C71041A9EA0AABA68D778E428CB88

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED8BDC Relevance: 8.2, Strings: 6, Instructions: 714
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00007FFA7FFA0AED8BDC(signed int __rax, long long __rcx) {
				void* _t67;
				void* _t69;

				 *((long long*)(_t69 + 8)) = __rcx;
				_t67 = _t69 - 0x148;
				r13d =  *(_t67 + 0x198);
				 *((intOrPtr*)(_t67 - 0x78)) = 0x20a01;
				 *((intOrPtr*)(_t67 - 0x70)) = 0;
				 *((intOrPtr*)(_t67 - 0x74)) = 0x6485a;
				r12d =  *(_t67 + 0x198);
				if (0xb59be == 0x437c) goto 0xaed9b2e;
				if (0xb59be == 0x44d11) goto 0xaed9a3e;
				if (0xb59be == 0x5022e) goto 0xaed99cd;
				if (0xb59be == 0xb0aac) goto 0xaed9907;
				if (0xb59be == 0xb59be) goto 0xaed98a7;
				if (0xb59be == 0xc5a2c) goto 0xaed8fa4;
				if (0xb59be == 0xd8598) goto 0xaed8d4b;
				if (0xb59be != 0xe8fad) goto 0xaed9cdc;
				 *(_t67 + 0x198) = 0x479ce7;
				 *(_t67 + 0x198) =  *(_t67 + 0x198) * 0x55;
				 *(_t67 + 0x198) =  *(_t67 + 0x198) + 0xffff9c22;
				 *(_t67 + 0x198) =  *(_t67 + 0x198) << 1;
				 *(_t67 + 0x198) =  *(_t67 + 0x198) ^ 0x2f835e55;
				 *(_t67 + 0x1a8) = 0x3de375;
				 *(_t67 + 0x1a8) = __rax + __rax * 8;
				 *(_t67 + 0x1a8) =  *(_t67 + 0x1a8) + 0x293f;
				 *(_t67 + 0x1a8) =  *(_t67 + 0x1a8) ^ 0x0223f337;
				 *(_t67 + 0x1a0) = 0x7e8841;
				 *(_t67 + 0x1a0) =  *(_t67 + 0x1a0) | 0xba80bf86;
				 *(_t67 + 0x1a0) =  *(_t67 + 0x1a0) ^ 0x0bd382eb;
				 *(_t67 + 0x1a0) =  *(_t67 + 0x1a0) ^ 0xb12f0e1c;
				r8d =  *(_t67 + 0x1a0);
				E00007FFA7FFA0AED5A28();
				return  *(_t67 + 0x1a8);
			}

0x7ffa0aed8bdc
0x7ffa0aed8bed
0x7ffa0aed8c11
0x7ffa0aed8c1d
0x7ffa0aed8c2e
0x7ffa0aed8c36
0x7ffa0aed8c3d
0x7ffa0aed8c49
0x7ffa0aed8c54
0x7ffa0aed8c5c
0x7ffa0aed8c67
0x7ffa0aed8c72
0x7ffa0aed8c7d
0x7ffa0aed8c88
0x7ffa0aed8c90
0x7ffa0aed8c96
0x7ffa0aed8caa
0x7ffa0aed8cb0
0x7ffa0aed8cba
0x7ffa0aed8cc0
0x7ffa0aed8cca
0x7ffa0aed8cdd
0x7ffa0aed8ce3
0x7ffa0aed8ced
0x7ffa0aed8cf7
0x7ffa0aed8d01
0x7ffa0aed8d0b
0x7ffa0aed8d15
0x7ffa0aed8d1f
0x7ffa0aed8d32
0x7ffa0aed8d4a

Strings

u=, xrefs: 00007FFA0AED8CCA
`VCT, xrefs: 00007FFA0AED9C45
ylLq, xrefs: 00007FFA0AED9BDB
gs, xrefs: 00007FFA0AED9C00
{s/, xrefs: 00007FFA0AED9447
Dm=, xrefs: 00007FFA0AED936D

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: Dm=$`VCT$gs$u=$ylLq${s/
API String ID: 0-2282469125
Opcode ID: 3e8b1d9274a0be9a1cc3e12fec9567d7d580dedc21b539f878d9533db48501fc
Instruction ID: f860e4133be42bb3ec9512e0844e2a2f5ba5a52cf5d6018a3294c3932156f5f4
Opcode Fuzzy Hash: 3e8b1d9274a0be9a1cc3e12fec9567d7d580dedc21b539f878d9533db48501fc
Instruction Fuzzy Hash: 2D92F8736053C08FD3B8DF35E8966DE7BA1F386748F504119E7898AA68DB78A644CF01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE3050 Relevance: 7.9, Strings: 6, Instructions: 405
COMMONCrypto

Download Yara Rule

C-Code - Quality: 73%

			E00007FFA7FFA0AEE3050(void* __ebx, intOrPtr __ecx, long long __rbx, long long __rdi, long long __rsi, intOrPtr* __r8, signed long long* __r9, long long __r12) {
				signed int _t399;
				signed long long _t550;
				signed long long* _t555;
				void* _t557;
				char* _t559;
				void* _t560;
				void* _t561;
				char* _t565;
				void* _t566;
				intOrPtr* _t571;
				signed long long _t574;
				void* _t575;
				char* _t576;
				void* _t578;
				void* _t579;
				signed long long _t581;
				void* _t582;
				void* _t592;
				void* _t594;

				_t550 = _t581;
				 *((long long*)(_t550 + 8)) = __rbx;
				 *((long long*)(_t550 + 0x10)) = __rsi;
				 *((long long*)(_t550 + 0x18)) = __rdi;
				 *((long long*)(_t550 + 0x20)) = __r12;
				_t579 = _t550 - 0x48;
				_t582 = _t581 - 0x130;
				_t555 = __r9;
				_t571 = __r8;
				 *(_t582 + 0x30) =  *(_t579 + 0x80);
				r12d = __ecx;
				 *(_t582 + 0x28) =  *(_t579 + 0x78);
				 *(_t582 + 0x20) =  *(_t579 + 0x70);
				E00007FFA7FFA0AEE3C78( *(_t579 + 0x70), _t557, _t561, __r8, __r9);
				 *(_t582 + 0x44) = 0xaa34;
				r15d =  *(_t582 + 0x44);
				r14d = 0;
				if (0x83cad == 0xb20a) goto 0xaee3707;
				if (0x83cad == 0x30093) goto 0xaee368e;
				if (0x83cad == 0x33d57) goto 0xaee37e6;
				if (0x83cad == 0x623a4) goto 0xaee33d8;
				if (0x83cad == 0x72f0d) goto 0xaee3351;
				if (0x83cad == 0x83cad) goto 0xaee3347;
				if (0x83cad == 0x86995) goto 0xaee32e0;
				if (0x83cad == 0x88cb8) goto 0xaee320c;
				if (0x83cad != 0xe74c4) goto 0xaee37da;
				 *(_t582 + 0x50) = 0x203772;
				 *(_t582 + 0x50) =  *(_t582 + 0x50) ^ 0xe5030919;
				 *(_t582 + 0x50) =  *(_t582 + 0x50) ^ 0xe5286fc3;
				 *(_t582 + 0x40) = 0xe5ec14;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) << 9;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) ^ 0xcbd4b537;
				 *(_t582 + 0x54) = 0xc88d26;
				 *(_t582 + 0x54) =  *(_t582 + 0x54) + 0x491a;
				 *(_t582 + 0x54) =  *(_t582 + 0x54) ^ 0x00cd6739;
				 *(_t582 + 0x4c) = 0x839c3a;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) >> 0xd;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) * 0xb;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) << 0xa;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) ^ 0x00b0ffef;
				 *(_t582 + 0x44) = 0x30fe2f;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) ^ 0x1aee8c83;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) ^ 0x1ade722c;
				 *(_t582 + 0x48) = 0x6b3c03;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) >> 7;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) + 0xffff3824;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) ^ 0xfc47c8bc;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) ^ 0xfc47c630;
				 *(_t582 + 0x20) =  *(_t582 + 0x48);
				_t399 = E00007FFA7FFA0AEE5608( *(_t582 + 0x44), _t561, _t594);
				 *(_t582 + 0x44) = 0xaabb5c;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) + 0xffff14ff;
				r15d = _t399;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) ^ 0x00a9d01b;
				_t555[1] =  *(_t582 + 0x44) +  *((intOrPtr*)(_t582 + 0x60)) + r15d;
				goto 0xaee30b3;
				 *(_t582 + 0x40) = 0xd3020e;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) + 0xffff59b1;
				 *(_t582 + 0x40) = 0xca4587e7 *  *(_t582 + 0x40) >> 0x20 >> 6;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) * 0x39;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) ^ 0x009b813b;
				 *(_t582 + 0x44) = 0xce1a93;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) | 0x53247f36;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) ^ 0x53e11139;
				 *(_t582 + 0x4c) = 0x34d563;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) << 0x10;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) << 3;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) >> 0xa;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) ^ 0x00226f68;
				 *(_t582 + 0x48) = 0xfebb53;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) | 0x97302d65;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) +  *(_t582 + 0x48);
				 *(_t582 + 0x48) =  *(_t582 + 0x48) | 0x01490cfa;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) ^ 0x2ff6fa7b;
				 *(_t582 + 0x30) =  *(_t582 + 0x48);
				 *(_t582 + 0x28) =  *(_t582 + 0x4c);
				r9d =  *(_t582 + 0x40);
				r8d =  *(_t571 + 8);
				 *(_t582 + 0x20) =  *(_t582 + 0x44);
				if (E00007FFA7FFA0AED1924(_t555, _t582 + 0x78,  *_t571, _t571, __rsi) == 0) goto 0xaee3832;
				goto 0xaee30b3;
				 *(_t582 + 0x44) = 0x40e8d0;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) + 0xffff423c;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) ^ 0x004fd797;
				 *(_t582 + 0x40) = 0xc68851;
				 *(_t582 + 0x40) = _t550 + _t550 * 2 + _t550 + _t550 * 2;
				 *(_t582 + 0x40) = ( *(_t582 + 0x40) - (0x2f684bdb *  *(_t582 + 0x40) >> 0x20) >> 1) + (0x2f684bdb *  *(_t582 + 0x40) >> 0x20) >> 6;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) ^ 0x00061400;
				r8d =  *(_t582 + 0x40);
				E00007FFA7FFA0AED89D0(_t550,  *((intOrPtr*)(_t582 + 0x58)));
				goto 0xaee30b3;
				goto 0xaee30b3;
				 *(_t582 + 0x50) = 0x2f76bf;
				 *(_t582 + 0x50) =  *(_t582 + 0x50) + 0x62d9;
				 *(_t582 + 0x50) =  *(_t582 + 0x50) ^ 0x002a5e42;
				 *(_t582 + 0x44) = 0xe2cda1;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) | 0x66015e33;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) ^ 0x66eb965b;
				 *(_t582 + 0x40) = 0x32337a;
				_t144 = _t582 + 0x40; // 0x32337a
				 *(_t582 + 0x40) =  *_t144 * 0x65;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) | 0x58eeaf88;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) ^ 0x5be8c2fa;
				E00007FFA7FFA0AEDDE9C(_t555[1], 0x2f684bdb *  *(_t582 + 0x40) >> 0x20, _t550);
				 *_t555 = _t550;
				if (_t550 == 0) goto 0xaee33ce;
				r14d = 1;
				goto 0xaee30b3;
				goto 0xaee30b3;
				_t574 =  *_t555;
				 *(_t582 + 0x50) = 0x9e6e27;
				 *(_t582 + 0x50) =  *(_t582 + 0x50) >> 5;
				 *(_t582 + 0x50) =  *(_t582 + 0x50) ^ 0x000725c1;
				 *(_t582 + 0x44) = 0x2c8833;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) * 0x17;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) ^ 0x0406f444;
				r8d =  *(_t582 + 0x44);
				E00007FFA7FFA0AEDDDA0(_t550, _t574);
				 *(_t582 + 0x40) = 0xbd2aa7;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) >> 0xa;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) | 0x500d01b4;
				 *(_t582 + 0x40) = ( *(_t582 + 0x40) - (0x3e22cbcf *  *(_t582 + 0x40) >> 0x20) >> 1) + (0x3e22cbcf *  *(_t582 + 0x40) >> 0x20) >> 6;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) ^ 0x00c6f6c6;
				 *(_t582 + 0x4c) = 0x1e13e;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) | 0x1cf685ed;
				_t575 = _t574 + _t550;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) + 0xb61e;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) ^ 0x1cf279c7;
				 *(_t582 + 0x40) = 0x686aa6;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) + 0x907c;
				 *(_t582 + 0x40) = 0xaaaaaaab *  *(_t582 + 0x40) >> 0x20 >> 6;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) << 2;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) ^ 0x0004a51c;
				 *(_t582 + 0x48) = 0xc93f28;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) >> 0xe;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) >> 2;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) ^ 0x000a9f52;
				 *(_t582 + 0x28) =  *(_t582 + 0x48);
				 *(_t582 + 0x20) =  *(_t582 + 0x40);
				E00007FFA7FFA0AEE5544( *((intOrPtr*)(_t582 + 0x60)), _t582 + 0x78, _t574, _t575,  *((intOrPtr*)(_t582 + 0x58)), _t592, _t578);
				 *(_t582 + 0x48) = 0xe93c54;
				_t216 = _t582 + 0x48; // 0xe93c54
				_t576 = _t575 + _t550;
				r8d = r15d;
				 *(_t582 + 0x48) = 0xae4c415d *  *_t216 >> 0x20 >> 6;
				_t565 = _t576;
				_t222 = _t582 + 0x48; // 0xe93c54
				 *(_t582 + 0x48) =  *_t222 * 0x39;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) + 0xffff8bce;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) ^ 0x00852cfd;
				 *(_t582 + 0x40) = 0xec280c;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) >> 0xb;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) + 0xa242;
				 *(_t582 + 0x40) = _t550 + _t550 * 8;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) ^ 0x00070e97;
				r9d =  *(_t582 + 0x40);
				E00007FFA7FFA0AED4604(_t550, _t565,  *((intOrPtr*)(_t582 + 0x58)));
				_t559 = _t576;
				_t566 = _t565 + _t576;
				if (_t576 - _t566 >= 0) goto 0xaee3594;
				if ( *_t559 != 0) goto 0xaee358c;
				 *(_t582 + 0x44) = 0x9bfc4b;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) * 0xd;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) ^ 0x07ebcf0c;
				 *_t559 =  *(_t582 + 0x44);
				_t560 = _t559 + 1;
				if (_t560 - _t566 < 0) goto 0xaee3568;
				 *(_t582 + 0x54) = 0x265aef;
				 *(_t582 + 0x54) =  *(_t582 + 0x54) | 0x40ccdc38;
				 *(_t582 + 0x54) =  *(_t582 + 0x54) + 0xffff43f7;
				 *(_t582 + 0x54) =  *(_t582 + 0x54) ^ 0x40ee22f8;
				 *(_t582 + 0x40) = 0x5d5377;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) | 0x568b812f;
				 *(_t582 + 0x40) = 0xba2e8ba3 *  *(_t582 + 0x40) >> 0x20 >> 6;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) << 9;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) ^ 0xf9735a00;
				 *(_t582 + 0x4c) = 0x2b05b8;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) << 0xe;
				 *(_t582 + 0x4c) = ( *(_t582 + 0x4c) - (0x21fb7813 *  *(_t582 + 0x4c) >> 0x20) >> 1) + (0x21fb7813 *  *(_t582 + 0x4c) >> 0x20) >> 6;
				 *(_t582 + 0x4c) =  *(_t582 + 0x4c) ^ 0x01bcf8d6;
				 *(_t582 + 0x50) = 0x410826;
				 *(_t582 + 0x50) =  *(_t582 + 0x50) | 0xd00f00b4;
				 *(_t582 + 0x50) =  *(_t582 + 0x50) ^ 0xd04f70c7;
				 *(_t582 + 0x48) = 0xf66d27;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) << 2;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) + 0x2779;
				 *(_t582 + 0x48) =  *(_t582 + 0x48) ^ 0x03de151b;
				 *(_t582 + 0x44) = 0xe359e9;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) | 0x8918bb54;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) ^ 0x89f4881d;
				 *(_t582 + 0x20) =  *(_t582 + 0x40);
				E00007FFA7FFA0AEE5608( *(_t582 + 0x54), _t566);
				 *((char*)(_t560 + _t576)) = 0;
				goto 0xaee30ae;
				 *(_t582 + 0x40) = 0xef7be;
				 *(_t582 + 0x40) = ( *(_t582 + 0x40) - (0x1cf06adb *  *(_t582 + 0x40) >> 0x20) >> 1) + (0x1cf06adb *  *(_t582 + 0x40) >> 0x20) >> 6;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) | 0x3db71688;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) ^ 0x906a4419;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) ^ 0xaddc322d;
				 *(_t582 + 0x44) = 0x6178e8;
				_t319 = _t582 + 0x44; // 0x6178e8
				 *(_t582 + 0x44) =  *_t319 * 0x69;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) ^ 0x27f75800;
				r8d =  *(_t582 + 0x44);
				E00007FFA7FFA0AEDD710(0x1cf06adb *  *(_t582 + 0x40) >> 0x20, _t555, _t560, _t582 + 0x68, _t571, _t576, _t582 + 0x58);
				asm("sbb eax, eax");
				goto 0xaee30b3;
				 *((intOrPtr*)(_t579 - 0x38)) = r12d;
				 *((intOrPtr*)(_t579 - 0x18)) = 0x20;
				 *((long long*)(_t579 - 0x20)) = _t582 + 0x78;
				 *((long long*)(_t579 - 0x58)) =  *_t571;
				 *(_t579 - 0x50) =  *(_t571 + 8);
				 *(_t582 + 0x50) = 0x4a0c52;
				 *(_t582 + 0x50) =  *(_t582 + 0x50) >> 0xd;
				 *(_t582 + 0x50) =  *(_t582 + 0x50) ^ 0x0000dc69;
				 *(_t582 + 0x40) = 0x31a9a3;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) * 0x43;
				 *(_t582 + 0x40) = 0x38e38e39 *  *(_t582 + 0x40) >> 0x20 >> 3;
				 *(_t582 + 0x40) =  *(_t582 + 0x40) ^ 0x00548275;
				 *(_t582 + 0x54) = 0x15ad07;
				 *(_t582 + 0x54) =  *(_t582 + 0x54) * 0x78;
				 *(_t582 + 0x54) =  *(_t582 + 0x54) << 0xc;
				 *(_t582 + 0x54) =  *(_t582 + 0x54) ^ 0x91bd37a7;
				 *(_t582 + 0x44) = 0x9e8080;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) + 0x6a27;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) ^ 0x009071d4;
				r9d =  *(_t582 + 0x54);
				r8d =  *(_t582 + 0x40);
				 *(_t582 + 0x28) =  *(_t582 + 0x44);
				 *(_t582 + 0x20) = _t579 - 0x60;
				if (E00007FFA7FFA0AEDD1E8(_t555, _t582 + 0x68, _t571, _t576) == 0) goto 0xaee37d5;
				goto 0xaee30b3;
				if (0xe39bf == 0xe39bf) goto 0xaee3832;
				goto 0xaee30b3;
				 *(_t582 + 0x44) = 0x54b3a1;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) * 0x4e;
				 *(_t582 + 0x44) =  *(_t582 + 0x44) ^ 0x19c9f2ce;
				 *(_t582 + 0x54) = 0x6f7381;
				 *(_t582 + 0x54) =  *(_t582 + 0x54) ^ 0xd53060df;
				 *(_t582 + 0x54) =  *(_t582 + 0x54) ^ 0x9c5d7414;
				 *(_t582 + 0x54) =  *(_t582 + 0x54) ^ 0x49060fee;
				r8d =  *(_t582 + 0x54);
				E00007FFA7FFA0AED89D0(_t579 - 0x60,  *((intOrPtr*)(_t582 + 0x68)));
				return r14d;
			}

0x7ffa0aee3050
0x7ffa0aee3053
0x7ffa0aee3057
0x7ffa0aee305b
0x7ffa0aee305f
0x7ffa0aee3068
0x7ffa0aee306c
0x7ffa0aee3079
0x7ffa0aee307c
0x7ffa0aee307f
0x7ffa0aee3086
0x7ffa0aee3089
0x7ffa0aee3090
0x7ffa0aee3094
0x7ffa0aee3099
0x7ffa0aee30a1
0x7ffa0aee30ab
0x7ffa0aee30b8
0x7ffa0aee30c3
0x7ffa0aee30cb
0x7ffa0aee30d6
0x7ffa0aee30e1
0x7ffa0aee30ec
0x7ffa0aee30f7
0x7ffa0aee3102
0x7ffa0aee310d
0x7ffa0aee3113
0x7ffa0aee311b
0x7ffa0aee3123
0x7ffa0aee312b
0x7ffa0aee3133
0x7ffa0aee3138
0x7ffa0aee3140
0x7ffa0aee3148
0x7ffa0aee3150
0x7ffa0aee3158
0x7ffa0aee3160
0x7ffa0aee316a
0x7ffa0aee316e
0x7ffa0aee3173
0x7ffa0aee317b
0x7ffa0aee3183
0x7ffa0aee318b
0x7ffa0aee3193
0x7ffa0aee319b
0x7ffa0aee31a0
0x7ffa0aee31a8
0x7ffa0aee31b0
0x7ffa0aee31d0
0x7ffa0aee31d4
0x7ffa0aee31d9
0x7ffa0aee31e1
0x7ffa0aee31e9
0x7ffa0aee31ec
0x7ffa0aee31ff
0x7ffa0aee3207
0x7ffa0aee320c
0x7ffa0aee3219
0x7ffa0aee322f
0x7ffa0aee3238
0x7ffa0aee323c
0x7ffa0aee3244
0x7ffa0aee324c
0x7ffa0aee3254
0x7ffa0aee325c
0x7ffa0aee3264
0x7ffa0aee3269
0x7ffa0aee326e
0x7ffa0aee3273
0x7ffa0aee327b
0x7ffa0aee3283
0x7ffa0aee3291
0x7ffa0aee3295
0x7ffa0aee329d
0x7ffa0aee32a9
0x7ffa0aee32b1
0x7ffa0aee32b9
0x7ffa0aee32be
0x7ffa0aee32c5
0x7ffa0aee32d0
0x7ffa0aee32db
0x7ffa0aee32e0
0x7ffa0aee32e8
0x7ffa0aee32f0
0x7ffa0aee32f8
0x7ffa0aee330e
0x7ffa0aee3321
0x7ffa0aee3325
0x7ffa0aee332d
0x7ffa0aee333b
0x7ffa0aee3342
0x7ffa0aee334c
0x7ffa0aee3351
0x7ffa0aee3359
0x7ffa0aee3361
0x7ffa0aee3369
0x7ffa0aee3371
0x7ffa0aee3379
0x7ffa0aee3381
0x7ffa0aee3389
0x7ffa0aee338e
0x7ffa0aee3392
0x7ffa0aee339a
0x7ffa0aee33b1
0x7ffa0aee33b6
0x7ffa0aee33bc
0x7ffa0aee33c3
0x7ffa0aee33c9
0x7ffa0aee33d3
0x7ffa0aee33d8
0x7ffa0aee33db
0x7ffa0aee33e3
0x7ffa0aee33eb
0x7ffa0aee33f3
0x7ffa0aee3400
0x7ffa0aee3404
0x7ffa0aee340c
0x7ffa0aee3415
0x7ffa0aee341a
0x7ffa0aee3427
0x7ffa0aee342c
0x7ffa0aee3443
0x7ffa0aee3447
0x7ffa0aee3453
0x7ffa0aee345b
0x7ffa0aee3463
0x7ffa0aee346b
0x7ffa0aee3476
0x7ffa0aee347e
0x7ffa0aee3486
0x7ffa0aee3497
0x7ffa0aee349b
0x7ffa0aee34a0
0x7ffa0aee34a8
0x7ffa0aee34b0
0x7ffa0aee34b5
0x7ffa0aee34ba
0x7ffa0aee34c6
0x7ffa0aee34db
0x7ffa0aee34df
0x7ffa0aee34e8
0x7ffa0aee34f0
0x7ffa0aee34f4
0x7ffa0aee34fc
0x7ffa0aee3504
0x7ffa0aee3508
0x7ffa0aee350b
0x7ffa0aee3510
0x7ffa0aee3514
0x7ffa0aee351c
0x7ffa0aee3524
0x7ffa0aee352c
0x7ffa0aee3531
0x7ffa0aee3540
0x7ffa0aee3544
0x7ffa0aee354c
0x7ffa0aee3555
0x7ffa0aee355d
0x7ffa0aee3560
0x7ffa0aee3566
0x7ffa0aee356b
0x7ffa0aee356d
0x7ffa0aee357a
0x7ffa0aee357e
0x7ffa0aee358a
0x7ffa0aee358c
0x7ffa0aee3592
0x7ffa0aee3594
0x7ffa0aee35a1
0x7ffa0aee35a9
0x7ffa0aee35b1
0x7ffa0aee35b9
0x7ffa0aee35c1
0x7ffa0aee35d7
0x7ffa0aee35db
0x7ffa0aee35e0
0x7ffa0aee35e8
0x7ffa0aee35f0
0x7ffa0aee3604
0x7ffa0aee3608
0x7ffa0aee3610
0x7ffa0aee3618
0x7ffa0aee3620
0x7ffa0aee3628
0x7ffa0aee3630
0x7ffa0aee3635
0x7ffa0aee363d
0x7ffa0aee3645
0x7ffa0aee364d
0x7ffa0aee3655
0x7ffa0aee3675
0x7ffa0aee3679
0x7ffa0aee3685
0x7ffa0aee3689
0x7ffa0aee368e
0x7ffa0aee36b4
0x7ffa0aee36b8
0x7ffa0aee36c0
0x7ffa0aee36c8
0x7ffa0aee36d0
0x7ffa0aee36d8
0x7ffa0aee36dd
0x7ffa0aee36e1
0x7ffa0aee36e9
0x7ffa0aee36f2
0x7ffa0aee36f9
0x7ffa0aee3702
0x7ffa0aee3707
0x7ffa0aee370b
0x7ffa0aee3717
0x7ffa0aee371e
0x7ffa0aee3725
0x7ffa0aee3728
0x7ffa0aee3730
0x7ffa0aee3735
0x7ffa0aee373d
0x7ffa0aee374a
0x7ffa0aee375c
0x7ffa0aee3765
0x7ffa0aee376d
0x7ffa0aee377a
0x7ffa0aee377e
0x7ffa0aee3783
0x7ffa0aee378b
0x7ffa0aee3793
0x7ffa0aee379b
0x7ffa0aee37a7
0x7ffa0aee37ac
0x7ffa0aee37b5
0x7ffa0aee37bd
0x7ffa0aee37c9
0x7ffa0aee37d0
0x7ffa0aee37df
0x7ffa0aee37e1
0x7ffa0aee37e6
0x7ffa0aee37f3
0x7ffa0aee37f7
0x7ffa0aee37ff
0x7ffa0aee3807
0x7ffa0aee380f
0x7ffa0aee3817
0x7ffa0aee381f
0x7ffa0aee382d
0x7ffa0aee3855

Strings

B^*, xrefs: 00007FFA0AEE33AA
ho", xrefs: 00007FFA0AEE3273
Z&, xrefs: 00007FFA0AEE3594
z32, xrefs: 00007FFA0AEE3389
xa, xrefs: 00007FFA0AEE36D8
T<, xrefs: 00007FFA0AEE34F0

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: B^*$T<$ho"$z32$Z&$xa
API String ID: 0-3258080005
Opcode ID: 29aa7c00937a4bd87e40086f406728e3d8e1a506e65d0d1a9489486a0b34380c
Instruction ID: ed3c9db200083cebc696108b49bbb2cf8bfee89e2d1c10f057db49e5022066b4
Opcode Fuzzy Hash: 29aa7c00937a4bd87e40086f406728e3d8e1a506e65d0d1a9489486a0b34380c
Instruction Fuzzy Hash: 4A22E4736092918BC768DF69E15551EFBB0F386754F208129E79A8BB68D7BED804CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58C6830 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329
COMMONCrypto

Download Yara Rule

C-Code - Quality: 69%

			E00007FF77FF7A58C6830(signed int __ecx, signed int __rax, signed int* __rcx, unsigned int __rdx, signed int __r9, void* __r10, long long __r13, signed int _a8, long long _a16, signed int _a24, signed int _a32) {
				long long _v64;
				char _v532;
				intOrPtr _v536;
				signed long long _v552;
				signed int _v560;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				intOrPtr _v584;
				void* __rbx;
				void* __rsi;
				void* _t132;
				signed int _t148;
				intOrPtr _t161;
				signed int _t163;
				intOrPtr _t164;
				signed int _t180;
				signed int _t191;
				signed int _t192;
				signed int _t213;
				void* _t230;
				signed long long _t241;
				signed int _t244;
				void* _t252;
				signed int* _t255;
				intOrPtr* _t262;
				signed long long _t267;
				signed long long _t269;
				signed long long _t271;
				signed long long _t273;
				signed long long _t277;
				signed long long _t279;
				char* _t285;
				signed int _t288;
				signed long long _t289;
				signed long long _t297;
				signed long long _t298;
				void* _t306;
				signed long long _t327;

				_a16 = __rdx;
				r10d =  *__rcx;
				if (r10d == 0) goto 0xa58c6ca5;
				_t161 =  *__rdx;
				_v584 = _t161;
				if (_t161 == 0) goto 0xa58c6ca5;
				r10d = r10d - 1;
				if (_t252 - 1 != 0) goto 0xa58c6961;
				r12d =  *(__rdx + 4);
				if (r12d != 1) goto 0xa58c68a6;
				_t255 =  &(__rcx[1]);
				 *__rcx = 0;
				r9d = 0;
				_v536 = 0;
				E00007FF77FF7A58C6CBC(__rax, _t252, _t255, __rdx, __rcx,  &_v532, __r9);
				goto 0xa58c6ca7;
				if (r10d != 0) goto 0xa58c68e1;
				_t163 = _t255[1];
				 *_t255 = 0;
				r9d = 0;
				_v536 = 0;
				E00007FF77FF7A58C6CBC(__rax, _t252,  &(_t255[1]), __rdx, __rcx,  &_v532, __r9);
				_t180 = _t163 % r12d;
				__rcx[1] = _t180;
				bpl = _t180 != 0;
				 *__rcx = 0;
				goto 0xa58c6ca7;
				r15d = 0xffffffff;
				if (r10d == r15d) goto 0xa58c6925;
				asm("o16 nop [eax+eax]");
				r10d = r10d + r15d;
				if (r10d != r15d) goto 0xa58c6900;
				r9d = 0;
				_v536 = 0;
				_t285 =  &_v532;
				 *__rcx = 0;
				_t132 = E00007FF77FF7A58C6CBC(__rax | _t279 << 0x00000020, _t252,  &(__rcx[1]), __rdx, __rcx, _t285, __r9);
				__rcx[1] = r14d;
				__rcx[2] = __ecx;
				bpl = __ecx != 0;
				 *__rcx = 1;
				goto 0xa58c6ca7;
				if (_t132 - r10d > 0) goto 0xa58c6ca5;
				r8d = r10d;
				_t269 = r10d;
				r8d = r8d - _t132;
				r9d = r10d;
				_t277 = r8d;
				if (_t269 - _t277 < 0) goto 0xa58c69c7;
				_t262 = (__rdx >> 0x20) + 4 + _t269 * 4;
				if ( *((intOrPtr*)(__rdx - _t277 * 4 - __rcx + _t262)) !=  *_t262) goto 0xa58c69b0;
				r9d = r9d - 1;
				if (_t269 - 1 - _t277 >= 0) goto 0xa58c6997;
				goto 0xa58c69c7;
				_t271 = r9d - r8d;
				_t241 = r9d;
				if ( *((intOrPtr*)(__rdx + 4 + _t271 * 4)) -  *(__rcx + 4 + _t241 * 4) >= 0) goto 0xa58c69ca;
				r8d = r8d + 1;
				_t213 = r8d;
				if (_t213 == 0) goto 0xa58c6ca5;
				r9d =  *(__rdx + 4 + _t241 * 4);
				r11d =  *(__rdx + 4 + _t241 * 4);
				asm("inc ecx");
				_a24 = r11d;
				if (_t213 == 0) goto 0xa58c6a11;
				r12d = 0x20;
				r12d = r12d - 0x1f;
				_a8 = r12d;
				if (0x1f - _t252 - 2 == 0) goto 0xa58c6a5d;
				goto 0xa58c6a20;
				_a8 = 0;
				r12d = 0;
				r9d = r11d >> r12d;
				r11d = r11d << 0x20;
				r9d = r9d | r9d << 0x00000020;
				_a24 = r11d;
				if (_t163 - 2 <= 0) goto 0xa58c6a5d;
				r11d = r11d |  *(__rdx + 4 + _t241 * 4) >> r12d;
				_a24 = r11d;
				r14d = _t285 - 1;
				_v560 = _t279;
				if (r14d < 0) goto 0xa58c6c6e;
				r15d = 0xffffffff;
				_v64 = __r13;
				r13d = __rdx + _t252;
				_v552 = _t241;
				_v568 = __r9;
				if (r13d - r10d > 0) goto 0xa58c6a9d;
				goto 0xa58c6a9f;
				_a32 = 0;
				r11d =  *(__rcx + 4 + _t241 * 4);
				_v576 = _t262 - 4;
				_v572 = 0;
				if (0x20 == 0) goto 0xa58c6af7;
				r8d = r11d;
				r11d = r11d << 0x20;
				if (r13d - 3 < 0) goto 0xa58c6afc;
				_t148 =  *(__rcx + 4 + (_v576 << 0x20) * 4) >> r12d;
				r11d = r11d | _t148;
				goto 0xa58c6afc;
				_t288 = _v576;
				_t244 = _t288;
				r8d = _t148 % __r9;
				if (_t244 - _t327 <= 0) goto 0xa58c6b28;
				_t297 = _t327;
				_t289 = _t288 + 0x1;
				if (_t289 - _t327 > 0) goto 0xa58c6b61;
				_t267 = _t289 << 0x00000020 | _t279;
				if (0x1 - _t267 <= 0) goto 0xa58c6b5d;
				_t298 = _t297 - 1;
				if (_t289 + _v568 - _t327 <= 0) goto 0xa58c6b40;
				_t164 = _v584;
				if (_t298 == 0) goto 0xa58c6c40;
				r11d = 0;
				if (_t164 == 0) goto 0xa58c6be3;
				r15d = _a8;
				r8d = r10d;
				_t306 =  >=  ? _t279 + 0x1 >> 0x20 : (_t279 + 0x1 >> 0x20) + 1;
				r11d = r11d + 1;
				 *((intOrPtr*)(__rcx + 4 + _t267 * 4)) = __rcx[0xffffffff00000002] - r8d;
				if (r11d - _t164 < 0) goto 0xa58c6b90;
				_a8 = r15d;
				r15d = 0xffffffff;
				r12d = _a8;
				if (0x1 - _t306 >= 0) goto 0xa58c6c3c;
				r10d = 0;
				if (_t164 == 0) goto 0xa58c6c39;
				asm("o16 nop [eax+eax]");
				r10d = r10d + 1;
				_t273 =  &(__rcx[0xffffffff00000001]);
				 *(_t273 + 4) = r8d;
				_t230 = r10d - _t164;
				if (_t230 < 0) goto 0xa58c6c10;
				r10d = __r13 - 1;
				r13d = r13d - 1;
				r14d = r14d - 1;
				_v560 = (_v560 << 0x20) + 0x1;
				if (_t230 >= 0) goto 0xa58c6a91;
				_t191 = _t306 + 1;
				if (_t191 -  *__rcx >= 0) goto 0xa58c6c8c;
				 *((intOrPtr*)(__rcx + 4 + ((0x1 + _t244) * _v568 * _t297 - _t271) * _t298 * 4)) = 0;
				if (_t191 + 1 -  *__rcx < 0) goto 0xa58c6c80;
				 *__rcx = _t191;
				if (_t191 == 0) goto 0xa58c6ca0;
				_t192 = _t191 - 1;
				if ( *((intOrPtr*)(__rcx + 4 + _t273 * 4)) != 0) goto 0xa58c6ca0;
				 *__rcx = _t192;
				if (_t192 != 0) goto 0xa58c6c92;
				goto 0xa58c6ca7;
				return 0;
			}

0x7ff7a58c6830
0x7ff7a58c6846
0x7ff7a58c6852
0x7ff7a58c6858
0x7ff7a58c685a
0x7ff7a58c6860
0x7ff7a58c6866
0x7ff7a58c686e
0x7ff7a58c6874
0x7ff7a58c687e
0x7ff7a58c6888
0x7ff7a58c688c
0x7ff7a58c688e
0x7ff7a58c6891
0x7ff7a58c689a
0x7ff7a58c68a1
0x7ff7a58c68a9
0x7ff7a58c68ab
0x7ff7a58c68b3
0x7ff7a58c68b5
0x7ff7a58c68bc
0x7ff7a58c68c5
0x7ff7a58c68ce
0x7ff7a58c68d3
0x7ff7a58c68d6
0x7ff7a58c68da
0x7ff7a58c68dc
0x7ff7a58c68e1
0x7ff7a58c68f0
0x7ff7a58c68f5
0x7ff7a58c690b
0x7ff7a58c6923
0x7ff7a58c6925
0x7ff7a58c6928
0x7ff7a58c692c
0x7ff7a58c6931
0x7ff7a58c693c
0x7ff7a58c6944
0x7ff7a58c6951
0x7ff7a58c6954
0x7ff7a58c695a
0x7ff7a58c695c
0x7ff7a58c6964
0x7ff7a58c696a
0x7ff7a58c696d
0x7ff7a58c6970
0x7ff7a58c6973
0x7ff7a58c6976
0x7ff7a58c697c
0x7ff7a58c6993
0x7ff7a58c699d
0x7ff7a58c699f
0x7ff7a58c69ac
0x7ff7a58c69ae
0x7ff7a58c69b6
0x7ff7a58c69b9
0x7ff7a58c69c5
0x7ff7a58c69c7
0x7ff7a58c69ca
0x7ff7a58c69cd
0x7ff7a58c69d8
0x7ff7a58c69e0
0x7ff7a58c69e5
0x7ff7a58c69e9
0x7ff7a58c69f1
0x7ff7a58c69f8
0x7ff7a58c6a00
0x7ff7a58c6a03
0x7ff7a58c6a0d
0x7ff7a58c6a0f
0x7ff7a58c6a16
0x7ff7a58c6a1d
0x7ff7a58c6a2f
0x7ff7a58c6a32
0x7ff7a58c6a35
0x7ff7a58c6a38
0x7ff7a58c6a43
0x7ff7a58c6a52
0x7ff7a58c6a55
0x7ff7a58c6a5d
0x7ff7a58c6a61
0x7ff7a58c6a6c
0x7ff7a58c6a75
0x7ff7a58c6a7b
0x7ff7a58c6a83
0x7ff7a58c6a87
0x7ff7a58c6a8c
0x7ff7a58c6a94
0x7ff7a58c6a9b
0x7ff7a58c6a9f
0x7ff7a58c6ab2
0x7ff7a58c6ab7
0x7ff7a58c6abc
0x7ff7a58c6ac2
0x7ff7a58c6ac9
0x7ff7a58c6adc
0x7ff7a58c6ae3
0x7ff7a58c6af0
0x7ff7a58c6af2
0x7ff7a58c6af5
0x7ff7a58c6af7
0x7ff7a58c6afe
0x7ff7a58c6b04
0x7ff7a58c6b0d
0x7ff7a58c6b1c
0x7ff7a58c6b25
0x7ff7a58c6b2b
0x7ff7a58c6b47
0x7ff7a58c6b4d
0x7ff7a58c6b4f
0x7ff7a58c6b5b
0x7ff7a58c6b5d
0x7ff7a58c6b64
0x7ff7a58c6b6d
0x7ff7a58c6b72
0x7ff7a58c6b7c
0x7ff7a58c6ba4
0x7ff7a58c6bba
0x7ff7a58c6bc1
0x7ff7a58c6bc4
0x7ff7a58c6bcb
0x7ff7a58c6bcd
0x7ff7a58c6bd5
0x7ff7a58c6bdb
0x7ff7a58c6bed
0x7ff7a58c6bef
0x7ff7a58c6bf4
0x7ff7a58c6c05
0x7ff7a58c6c14
0x7ff7a58c6c1b
0x7ff7a58c6c2c
0x7ff7a58c6c34
0x7ff7a58c6c37
0x7ff7a58c6c3c
0x7ff7a58c6c45
0x7ff7a58c6c57
0x7ff7a58c6c5b
0x7ff7a58c6c60
0x7ff7a58c6c6e
0x7ff7a58c6c76
0x7ff7a58c6c84
0x7ff7a58c6c8a
0x7ff7a58c6c8c
0x7ff7a58c6c90
0x7ff7a58c6c92
0x7ff7a58c6c98
0x7ff7a58c6c9a
0x7ff7a58c6c9e
0x7ff7a58c6ca3
0x7ff7a58c6cb8

APIs

memcpy_s.LIBCPMT ref: 00007FF7A58C689A
memcpy_s.LIBCPMT ref: 00007FF7A58C68C5

Strings

, xrefs: 00007FF7A58C69F8

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-3916222277
Opcode ID: e651cfc954b10ab2e73076095242a98f58bd3bb75f7a4954a277f9f35aa0372f
Instruction ID: fb1480b5ce3a6fc0cd364539ef573a3d3b82f0c5ebcb64be61ae05b3594c9c45
Opcode Fuzzy Hash: e651cfc954b10ab2e73076095242a98f58bd3bb75f7a4954a277f9f35aa0372f
Instruction Fuzzy Hash: 6CC12872B1A78687EB20DF1EE048A6AF791F785B84F858135DB4A47B54DB3CE815CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED250C Relevance: 7.1, Strings: 5, Instructions: 859
COMMONCrypto

Download Yara Rule

C-Code - Quality: 26%

			E00007FFA7FFA0AED250C(void* __rcx, signed int _a16, signed int _a24, signed int _a32) {
				void* _v100;
				signed int _v104;
				signed int _v108;
				char _v112;
				long long _v120;
				signed int _v124;
				char _v128;
				signed long long _v136;
				signed int _v140;
				char _v144;
				char _v152;
				signed long long _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed long long _v200;
				signed int _v208;
				signed int _v216;
				long long _v224;
				signed int _v232;
				signed int _v240;
				signed int _v248;
				signed long long _v256;
				signed int _v264;
				signed long long _v272;
				signed long long _v280;
				signed int _v288;
				signed int _v296;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				signed int _t1015;
				signed int _t1088;
				signed int _t1107;
				void* _t1275;
				void* _t1277;
				signed long long _t1297;
				signed long long _t1298;
				signed long long _t1301;
				intOrPtr _t1302;
				intOrPtr _t1303;
				signed long long _t1305;
				void* _t1307;
				signed long long _t1308;
				intOrPtr _t1317;
				intOrPtr _t1320;
				intOrPtr _t1327;
				void* _t1335;
				void* _t1337;
				void* _t1348;
				void* _t1349;

				_t1349 = __rcx;
				r14d = 0;
				_a16 = 0x8b3d6;
				r12d = 0x62441;
				if (0xf9eaf == 0x1d15d) goto 0xaed30bc;
				if (0xf9eaf == r12d) goto 0xaed3440;
				if (0xf9eaf == 0x6f121) goto 0xaed2d75;
				if (0xf9eaf == 0x88f39) goto 0xaed2d19;
				if (0xf9eaf == 0xa5ab2) goto 0xaed2b07;
				if (0xf9eaf == 0xd52dd) goto 0xaed264c;
				if (0xf9eaf == 0xd9526) goto 0xaed259c;
				if (0xf9eaf != 0xf9eaf) goto 0xaed342f;
				goto 0xaed2548;
				_a32 = 0xda4555;
				_a32 = _a32 * 0x7c;
				_a32 = _a32 ^ 0x2edeb968;
				_a32 = _a32 ^ 0x476deedb;
				_a24 = 0xce90ea;
				_a24 = _a24 >> 8;
				_a24 = _a24 + 0x6e85;
				_a24 = _a24 | 0xbd1ad70d;
				_a24 = _a24 ^ 0xbd14c7c6;
				_a16 = 0x9ac0e9;
				_a16 = _a16 + 0xffff0b74;
				_a16 = 0x2fa0be83 * _a16 >> 0x20 >> 3;
				_a16 = (_a16 - (0xa41a41a5 * _a16 >> 0x20) >> 1) + (0xa41a41a5 * _a16 >> 0x20) >> 5;
				_a16 = _a16 ^ 0x0007dd61;
				_t1297 =  *0xaee8210; // 0x0
				E00007FFA7FFA0AEDDE9C( *((intOrPtr*)(_t1297 + 0x30)), 0xa41a41a5 * _a16 >> 0x20, _t1297);
				_t1298 =  *0xaee8210; // 0x0
				 *(_t1298 + 0x28) = _t1297;
				asm("sbb esi, esi");
				goto 0xaed253e;
				_v184 = 0x44e3fe;
				_v184 = _v184 + 0xffff53f9;
				_v184 = _v184 ^ 0x0041b8b1;
				_a32 = 0x489a61;
				_a32 = _a32 ^ 0xecfc6510;
				_a32 = _t1298 + _t1298 * 2;
				_a32 = _a32 ^ 0xc61b3b98;
				_a16 = 0xd7c0bc;
				_a16 = _a16 ^ 0xe06937a3;
				_a16 = _a16 ^ 0xfc5207a6;
				_a16 = _a16 << 0xe;
				_a16 = _a16 ^ 0x3c24d4da;
				_a24 = 0x92ad14;
				_a24 = _a24 + 0xffffdd97;
				_a24 = 0xa57eb503 * _a24 >> 0x20 >> 6;
				_a24 = _a24 ^ 0x0003545c;
				r9d = _a16;
				r8d = _a32;
				_v296 = _a24;
				E00007FFA7FFA0AEDE090(_t1298, _t1307,  ~_t1297, 0x7ffa0aed1558, _t1337, _t1348);
				_a16 = 0x293c12;
				_a16 = _a16 << 2;
				_t1308 = _t1298;
				_a16 = _a16 ^ 0xd499ba69;
				_a16 = _a16 * 0x33;
				_a16 = _a16 ^ 0x483216d2;
				_v184 = 0xf5b1d8;
				_v184 = _v184 << 0xe;
				_v184 = _v184 ^ 0x6c7ca637;
				_a24 = 0x813873;
				_a24 = _a24 + 0xffffa566;
				_a24 = _a24 >> 0xb;
				_a24 = _a24 ^ 0x000a6824;
				_a32 = 0x67623;
				_a32 = _a32 * 0x47;
				_a32 = _a32 ^ 0x01c8690a;
				r9d = _a24;
				r8d = _v184;
				_v296 = _a32;
				E00007FFA7FFA0AEDE090(_t1298, _t1308,  ~_t1297, 0x7ffa0aed1538, _t1337, _t1348);
				_a16 = 0x617f5;
				_a16 = _a16 + 0xffff2225;
				_a16 = _a16 << 0xa;
				_a16 = _a16 << 0xc;
				_a16 = _a16 ^ 0x86800000;
				_v140 = _a16;
				_a16 = 0x184b2f;
				_a16 = 0xcccccccd * _a16 >> 0x20 >> 5;
				_a16 = _a16 | 0xc3dfffa7;
				_a16 = _a16 ^ 0xc3dffffe;
				_a32 = 0x62f67;
				_a32 = _a32 + 0xf1f6;
				_a32 = _a32 ^ 0x0002481b;
				_a24 = 0x717d21;
				_t1015 = _a24 * 0x4e;
				_a24 = _t1015;
				_a24 = _a24 ^ 0x22977ff6;
				r8d = _a24;
				E00007FFA7FFA0AED8AE0();
				_v136 = _t1308;
				_v144 = _t1015 + _a16 + _t1015 + _a16;
				_a16 = 0x23d17d;
				_a16 = _a16 | 0x50b50ff7;
				_a16 = _a16 << 7;
				_a16 = _a16 << 5;
				_a16 = _a16 ^ 0x7dfff000;
				_v128 = _a16;
				_a16 = 0x592bb3;
				_a16 = _a16 * 0x31;
				_a16 = (_a16 - (0x24924925 * _a16 >> 0x20) >> 1) + (0x24924925 * _a16 >> 0x20) >> 4;
				_a16 = _a16 | 0xf94e15df;
				_a16 = _a16 ^ 0xf9de1dfe;
				_v124 = _a16;
				_t175 =  &_v144; // 0xcd6a0
				_v120 = _t175;
				_a16 = 0x3547cf;
				_a16 = _a16 ^ 0xe40b51ee;
				_a16 = _a16 + 0xffffc78d;
				_a16 = _a16 ^ 0xd32eae14;
				_a16 = _a16 ^ 0x3713739a;
				_v160 = _a16;
				_v176 = 0x855953;
				_v176 = _v176 * 0x21;
				_v176 = 0x2f149903 * _v176 >> 0x20 >> 4;
				_v176 = _v176 ^ 0x003294a3;
				_v172 = 0xd6fbde;
				_v172 = _v172 ^ 0xae7d9dfe;
				_v172 = _v172 << 1;
				_v172 = _v172 << 0x10;
				_v172 = _v172 ^ 0xcc49387d;
				_v184 = 0xd24508;
				_v184 = _v184 + 0xffff4951;
				_v184 = _v184 | 0xbb4a43a8;
				_v184 = _v184 ^ 0xbbd271c0;
				_v168 = 0x428e26;
				_v168 = _v168 | 0x78da4bfd;
				_v168 = _v168 << 4;
				_v168 = _v168 + 0xffff032d;
				_v168 = _v168 ^ 0x8da31676;
				_a32 = 0x75ad0;
				_a32 = _a32 + 0xffff7c2d;
				_a32 = _a32 | 0x9a235555;
				_a32 = _a32 >> 0xe;
				_a32 = _a32 ^ 0x000392bd;
				_a24 = 0xd766cd;
				_a24 = _a24 + 0x3e1d;
				_a24 = _a24 * 0x7b;
				_a24 = _a24 * 0x4b;
				_a24 = _a24 ^ 0x5acc913a;
				_a16 = 0x3c4b74;
				_a16 = _a16 << 0xe;
				_a16 = _a16 + 0xffff83bf;
				_a16 = _a16 ^ 0x16a6cd33;
				_a16 = _a16 ^ 0x047c3592;
				_v232 = _a16;
				_v240 = _a24;
				_t255 =  &_v160; // 0xcd690
				_v248 = _t255;
				_t258 =  &_v128; // 0xcd6b0
				_t1301 = _t258;
				_v256 = _t1301;
				_v264 = _a32;
				_v272 = _v160;
				_v280 = _v168;
				_v288 = _v176;
				r9d = _v172;
				_v296 = _v184;
				E00007FFA7FFA0AEE3F7C();
				_a16 = 0x4e189;
				_a16 = _a16 ^ 0x0a2671b6;
				_a16 = _a16 ^ 0x0a22903f;
				_v184 = 0xcc4ffa;
				_t1275 =  ==  ? 0xa5ab2 : r12d;
				_v184 = _t1301 + _t1301 * 4 << 3;
				_v184 = _v184 ^ 0x1fe9eee2;
				_a32 = 0x9dc2ec;
				_a32 = _a32 * 0x6a;
				_a32 = _a32 ^ 0x4154586d;
				_a24 = 0x71ffa0;
				_a24 = _a24 + 0x9f0d;
				_a24 = _a24 * 0x6c;
				_a24 = _a24 ^ 0x30563db0;
				_a16 = 0x7314f9;
				_a16 = _a16 + 0xffff3569;
				_a16 = _a16 + 0xffff8737;
				_a16 = _a16 ^ 0x007b7d62;
				r9d = _a24;
				_v296 = _a16;
				E00007FFA7FFA0AED4448(_a32, _t1301, _t1308, _t1335, _t1308);
				_a32 = 0x565e56;
				_a32 = _a32 << 0xf;
				_a32 = (_a32 - (0xd41d41d5 * _a32 >> 0x20) >> 1) + (0xd41d41d5 * _a32 >> 0x20) >> 6;
				_a32 = _a32 ^ 0xe708fc97;
				_a32 = _a32 ^ 0xe7ac2a5c;
				_a24 = 0x9445cc;
				_a24 = _a24 << 9;
				_a24 = _a24 >> 0xd;
				_a24 = _a24 >> 6;
				_a24 = _a24 ^ 0x000aa82a;
				_a16 = 0x1b4df3;
				_a16 = _a16 << 4;
				_a16 = (_a16 - (0x2f684bdb * _a16 >> 0x20) >> 1) + (0x2f684bdb * _a16 >> 0x20) >> 6;
				_a16 = _a16 + 0xffffdd9e;
				_a16 = _a16 ^ 0x000fd771;
				_v184 = 0xee0435;
				_v184 = _v184 | 0xa69f92f3;
				_v184 = _v184 >> 1;
				_v184 = _v184 ^ 0x5378a401;
				r9d = _a16;
				goto 0xaed3414;
				_v184 = 0x61fdd7;
				_v184 = _v184 >> 2;
				_v184 = _v184 + 0xffffc943;
				_v184 = _v184 ^ 0x001ecac4;
				_a32 = 0x81f224;
				_a32 = _a32 + 0xcfce;
				_a32 = _a32 ^ 0x798833cd;
				_a32 = _a32 ^ 0x7900b437;
				_a24 = 0xd03113;
				_a24 = _a24 >> 3;
				_a24 = _a24 + 0x778f;
				_a24 = _a24 ^ 0x00102436;
				_a16 = 0x86024f;
				_a16 = _a16 >> 0xc;
				_a16 = _a16 | 0xa7f03249;
				_a16 = _a16 ^ 0x479801de;
				_a16 = _a16 ^ 0xe0613e58;
				r9d = _a24;
				r8d = _a32;
				_v296 = _a16;
				E00007FFA7FFA0AEDE090(_t1301, _t1308, _t1349, 0x7ffa0aed1508, _t1337, _t1348);
				_a16 = 0xffa901;
				_a16 = 0x2fa0be83 * _a16 >> 0x20 >> 4;
				_a16 = _t1301 + _t1301 * 8 << 3;
				_a16 = _a16 ^ 0x00d60a40;
				_v176 = 0x952372;
				_v176 = _v176 + 0xffff018c;
				_v176 = _v176 ^ 0x009fc018;
				_a32 = 0x850d6c;
				_a32 = _a32 * 0x4a;
				_a32 = (_a32 - (0x29e4129f * _a32 >> 0x20) >> 1) + (0x29e4129f * _a32 >> 0x20) >> 6;
				_a32 = _a32 ^ 0x005c51df;
				_v184 = 0xd3fa96;
				_v184 = _v184 ^ 0x177b2385;
				_v184 = _v184 ^ 0x17a179a3;
				_a24 = 0x1ac591;
				_a24 = _a24 >> 3;
				_a24 = _a24 >> 1;
				_a24 = _a24 ^ 0x0007c5d1;
				_t1317 =  *0xaee8210; // 0x0
				_v256 = _a16;
				_v272 = _t1317 + 0x30;
				_v280 = _a24;
				r8d = _a32;
				_v288 = _t1301;
				_v296 = _v184;
				E00007FFA7FFA0AEDF40C();
				_a16 = 0x633e58;
				_a16 = _a16 + 0xffffbdb9;
				_a16 = _a16 >> 0xc;
				_a16 = _a16 ^ 0x0000062f;
				_a24 = 0x82887d;
				_t1277 =  ==  ? 0xd9526 : r12d;
				_a24 = _a24 ^ 0x07481833;
				_a24 = _a24 + 0x4180;
				_a24 = _a24 | 0x8d510182;
				_a24 = _a24 ^ 0x8fd15ade;
				_a16 = 0xf212dc;
				_a16 = _a16 ^ 0xb904cb6c;
				_a16 = _a16 | 0xefc37842;
				_a16 = _a16 + 0x871a;
				_a16 = _a16 ^ 0xfffd0e95;
				_v184 = 0x17dc92;
				_v184 = _v184 << 4;
				_v184 = _v184 ^ 0x017a2267;
				_a32 = 0x57eac8;
				_a32 = _a32 | 0xc4538713;
				_a32 = _a32 ^ 0xc4553eb3;
				r9d = _v184;
				_v296 = _a32;
				E00007FFA7FFA0AED4448(_a16, _t1301, _t1301, _t1335, _t1301);
				goto 0xaed3425;
				_a24 = 0xb30fa9;
				_a24 = (_a24 - (0x1f7047dd * _a24 >> 0x20) >> 1) + (0x1f7047dd * _a24 >> 0x20) >> 5;
				_a24 = _a24 ^ 0x000caecb;
				_a16 = 0x45b9f;
				_a16 = _a16 >> 0xe;
				_a16 = _a16 << 0xb;
				_a16 = _a16 << 1;
				_a16 = _a16 ^ 0x0007c672;
				r8d = _a16;
				_t1327 =  *0xaee8210; // 0x0
				E00007FFA7FFA0AED89D0(_t1301,  *((intOrPtr*)(_t1327 + 0x28)));
				goto 0xaed253e;
				_v184 = 0x976f46;
				_v184 = _v184 + 0x16d8;
				_v184 = _v184 >> 0xf;
				_v184 = _v184 ^ 0x000bd2b3;
				_a32 = 0xf1b272;
				_a32 = _a32 | 0xc427f354;
				_a32 = _a32 >> 0xc;
				_a32 = _a32 ^ 0x00084430;
				_a16 = 0xda8c96;
				_a16 = _a16 ^ 0x27b1c561;
				_a16 = (_a16 - (0x2c9fb4d9 * _a16 >> 0x20) >> 1) + (0x2c9fb4d9 * _a16 >> 0x20) >> 6;
				_a16 = _a16 + 0xffff7a3f;
				_a16 = _a16 ^ 0x00509612;
				_a24 = 0x4bcfa2;
				_a24 = _a24 >> 2;
				_a24 = _a24 ^ 0x04aa1fff;
				_a24 = _a24 ^ 0x04bd1c6a;
				r9d = _a16;
				r8d = _a32;
				_v296 = _a24;
				E00007FFA7FFA0AEDE090(_t1301, _t1301, _v152, 0x7ffa0aed1618, _t1337, _t1348);
				_a16 = 0xb7934e;
				_a16 = 0x51eb851f * _a16 >> 0x20 >> 5;
				_a16 = _a16 ^ 0x4d4391b8;
				_v112 = _a16;
				_a16 = 0xf62e8f;
				_a16 = _a16 ^ 0x4574927f;
				_a16 = _a16 << 0xa;
				_a16 = 0xc7ce0c7d * _a16 >> 0x20 >> 5;
				_a16 = _a16 ^ 0x00446256;
				_v108 = _a16;
				_a16 = 0x72f69d;
				_a16 = _a16 + 0x6000;
				_a16 = (_a16 - (0xbacf914d * _a16 >> 0x20) >> 1) + (0xbacf914d * _a16 >> 0x20) >> 5;
				_a16 = _a16 >> 0xf;
				_a16 = _a16 ^ 0x00000026;
				_v104 = _a16;
				_v180 = 0xe8c7ad;
				_v180 = _v180 >> 0xf;
				_v180 = _v180 ^ 0x000001d1;
				_v184 = 0x760fa4;
				_v184 = _v184 >> 0xc;
				_v184 = _v184 | 0x08f20319;
				_v184 = _v184 ^ 0x08fb2a62;
				_a24 = 0x1f12bc;
				_a24 = _a24 | 0x70a4297d;
				_a24 = _a24 + 0xe9e4;
				_a24 = _a24 + 0x7a4d;
				_a24 = _a24 ^ 0x70c78211;
				_v164 = 0x519e4d;
				_v164 = _v164 + 0xa61e;
				_v164 = _v164 ^ 0x005e6b3b;
				_a16 = 0x352c2f;
				_v200 = _t1301;
				_a16 = _a16 ^ 0x3878f6cd;
				_a16 = _a16 ^ 0x24513d72;
				_a16 = _a16 + 0xffff9a3d;
				_a16 = _a16 ^ 0x1c155c5b;
				_v168 = 0xb73eea;
				_v168 = _v168 | 0x28d90b59;
				_v168 = _v168 ^ 0x28faa6dc;
				_a32 = 0x5132b8;
				_a32 = 0xcccccccd * _a32 >> 0x20 >> 3;
				_a32 = _a32 + 0x9832;
				_a32 = _a32 ^ 0x000d5351;
				_v172 = 0xa8a3c3;
				_v172 = _v172 + 0xc889;
				_v172 = _v172 ^ 0x00ad4596;
				_v176 = 0xd39d9a;
				_v176 = _v176 << 3;
				_v176 = _v176 ^ 0x06995403;
				_t1320 =  *0xaee8210; // 0x0
				_v208 = _v176;
				_v216 = _v172;
				_t1302 =  *0xaee8210; // 0x0
				_v224 =  *((intOrPtr*)(_t1302 + 0x28));
				_v232 = _a32;
				_t1303 =  *0xaee8210; // 0x0
				_v240 =  *((intOrPtr*)(_t1303 + 0x30));
				_v248 = _v168;
				_t659 =  &_v112; // 0xcd6c0
				_v256 = _t659;
				_v264 = _a16;
				_t1305 = _v152;
				_v272 = _t1305;
				_v280 = _v164;
				_v288 = _a24;
				_t1088 = _v184;
				r9d = _v180;
				_v296 = _t1088;
				E00007FFA7FFA0AED47BC();
				_a16 = 0x503500;
				_a16 = _a16 + 0x3ef7;
				_a16 = _a16 + 0xffffa114;
				_a16 = _a16 ^ 0x0050150b;
				if (_t1088 != _a16) goto 0xaed3033;
				r14d = 1;
				goto 0xaed3038;
				_a24 = 0x4c1c5b;
				_a24 = _a24 + 0xffff6df5;
				_a24 = (_a24 - (0x2f684bdb * _a24 >> 0x20) >> 1) + (0x2f684bdb * _a24 >> 0x20) >> 4;
				_a24 = _a24 << 0xd;
				_a24 = _a24 ^ 0x5984d900;
				_v180 = 0x2e3ced;
				_v180 = _v180 * 0x52;
				_v180 = _v180 ^ 0x0ec2e67f;
				_a16 = 0x8af932;
				_a16 = _a16 << 8;
				_a16 = _a16 >> 1;
				_a16 = _a16 | 0x5b6549f8;
				_a16 = _a16 ^ 0x5f7b129f;
				_a32 = 0xce9902;
				_a32 = _a32 + 0xbf3f;
				_a32 = _a32 ^ 0x00c2dd48;
				r9d = _a16;
				goto 0xaed2d05;
				_a24 = 0xe4d289;
				_a24 = _a24 + 0xffffc5d8;
				_a24 = _a24 + 0xc6d9;
				_a24 = _a24 >> 3;
				_a24 = _a24 ^ 0x001bc8ed;
				_a32 = 0x67e24b;
				_a32 = _a32 + 0x6b92;
				_a32 = _a32 + 0xffff4946;
				_a32 = _a32 ^ 0x00664cf8;
				_a16 = 0xa913e4;
				_a16 = _a16 + 0xf608;
				_a16 = _a16 + 0x712c;
				_a16 = _a16 >> 3;
				_a16 = _a16 ^ 0x00158915;
				_v180 = 0x5bbfb1;
				_v180 = _v180 >> 4;
				_v180 = _v180 ^ 0x0000dc40;
				r9d = _a16;
				r8d = _a32;
				_v296 = _v180;
				E00007FFA7FFA0AEDE090(_t1305, _t1301, _t1320 + 0x40, 0x7ffa0aed15b8, _t1337, _t1348);
				_v180 = 0xcea9c7;
				_v180 = _v180 >> 7;
				_v180 = _v180 ^ 0x0009ae70;
				_a24 = 0x601a35;
				_a24 = _a24 + 0x8029;
				_a24 = _a24 << 8;
				_a24 = _a24 + 0xffff09ec;
				_a24 = _a24 ^ 0x60942dc4;
				_a16 = 0xac2805;
				_a16 = _a16 << 0x10;
				_a16 = 0x22b63cbf * _a16 >> 0x20 >> 4;
				_a16 = 0xcccccccd * _a16 >> 0x20 >> 3;
				_a16 = _a16 ^ 0x0007874c;
				_a32 = 0xc0b588;
				_a32 = _a32 >> 7;
				_a32 = _t1305 + _t1305 * 2 << 2;
				_a32 = _a32 ^ 0x00137c44;
				r9d = _a16;
				r8d = _a24;
				_v296 = _a32;
				E00007FFA7FFA0AEDE090(_t1305, _t1301, _t1320 + 0x40, 0x7ffa0aed14c8, _t1337, _t1348);
				_a16 = 0x5e0bd4;
				_a16 = _a16 << 6;
				_a16 = _a16 + 0xffff5104;
				_a16 = _a16 + 0xffff4105;
				_a16 = _a16 ^ 0x17818709;
				_v184 = 0x5ea0a9;
				_v184 = _v184 + 0xed17;
				_v184 = _v184 >> 0xa;
				_v184 = _v184 ^ 0x00066e5f;
				_v172 = 0x1d6c88;
				_v172 = _v172 << 1;
				_v172 = _v172 + 0x325b;
				_v172 = _v172 * 0x11;
				_v172 = _v172 ^ 0x03e440e1;
				_a32 = 0x50ea43;
				_a32 = _a32 ^ 0x11054396;
				_a32 = _a32 | 0xe4d191e0;
				_a32 = _a32 >> 8;
				_a32 = _a32 ^ 0x00fd1f6c;
				_a24 = 0x14d026;
				_t837 =  &_v152; // 0xcd698
				_v272 = _t837;
				_v280 = _t1305;
				_a24 = (_a24 - (0x2c9fb4d9 * _a24 >> 0x20) >> 1) + (0x2c9fb4d9 * _a24 >> 0x20) >> 6;
				_a24 = _a24 + 0xbe47;
				_a24 = _a24 ^ 0x98cb0f96;
				_a24 = _a24 ^ 0x98cbc55e;
				_v288 = _a16;
				_t1107 = _a24;
				r9d = _a32;
				_v296 = _t1107;
				E00007FFA7FFA0AEE3D14();
				_a16 = 0x9f9340;
				_a16 = _a16 + 0xffff0de4;
				r8d = _t1107;
				_a16 = _a16 ^ 0xdc46c476;
				_a16 = 0x8d3dcb09 * _a16 >> 0x20 >> 5;
				_a16 = _a16 ^ 0x03cec3f4;
				_a32 = 0x6e10c4;
				_t1282 =  ==  ? 0xd52dd : 0x31055;
				_a32 = _a32 << 0xc;
				_a32 = _a32 | 0x4b1db3ed;
				_a32 = _a32 ^ 0xeb1f8608;
				_a16 = 0x6cc330;
				_a16 = _a16 | 0x14df29a3;
				_a16 = _a16 >> 4;
				_a16 = _a16 + 0xffff5f1d;
				_a16 = _a16 ^ 0x014ea14a;
				_v180 = 0x5e6752;
				_v180 = _v180 << 0xc;
				_v180 = _v180 ^ 0xe67de7d2;
				_a24 = 0xc8c3eb;
				_a24 = _a24 + 0xe6c4;
				_a24 = 0x38e38e39 * _a24 >> 0x20 >> 3;
				_a24 = _a24 ^ 0x000266eb;
				r9d = _v180;
				_v296 = _a24;
				E00007FFA7FFA0AED4448(_a16, _t837, _t1305, _t1335, _t1305);
				_a32 = 0x626fdf;
				_a32 = _a32 + 0x1457;
				_a32 = 0xfc0fc0fd * _a32 >> 0x20 >> 6;
				_a32 = _a32 ^ 0x000a89f3;
				_v180 = 0x87f6a8;
				_v180 = _v180 >> 0xf;
				_v180 = _v180 ^ 0x00089e5d;
				_a24 = 0xf066da;
				_a24 = _a24 + 0xffff2305;
				_a24 = _a24 + 0xffffbe9c;
				_a24 = _a24 ^ 0x00e42f99;
				_a16 = 0x6f88e6;
				_a16 = _a16 + 0x8c55;
				_a16 = _a16 + 0xfffffcb7;
				_a16 = _a16 * 0x43;
				_a16 = _a16 ^ 0x1d53dcb1;
				r9d = _a24;
				_v296 = _a16;
				E00007FFA7FFA0AED4448(_v180, _t837, _t1305, _t1335, _t1305);
				_t1295 = ( ==  ? 0xd52dd : 0x31055) - 0x31055;
				if (( ==  ? 0xd52dd : 0x31055) == 0x31055) goto 0xaed3502;
				goto 0xaed2548;
				_v176 = 0x91243e;
				_v176 = _v176 | 0x4f7bfd8a;
				_v176 = _v176 + 0xffff161a;
				_v176 = _v176 ^ 0x4ffb13d8;
				_a24 = 0x2a6f4a;
				_a24 = _a24 | 0x8a22a662;
				_a24 = _a24 ^ 0x0d498d5d;
				_a24 = _a24 | 0x1068dc97;
				_a24 = _a24 ^ 0x976aead9;
				_v184 = 0xe89b5;
				_v184 = _v184 << 7;
				_v184 = 0xaaaaaaab * _v184 >> 0x20 >> 5;
				_v184 = _v184 ^ 0x002e23b0;
				_a32 = 0x9db68b;
				_a32 = _a32 | 0xe76e6135;
				_a32 = _a32 + 0xffffd04d;
				_a32 = _a32 ^ 0xe7ff8118;
				_a16 = 0x99f065;
				_a16 = _a16 + 0xffffcf88;
				_a16 = _a16 + 0xffff232c;
				_a16 = _a16 + 0xffff5905;
				_a16 = _a16 ^ 0x009fa3ee;
				_v288 = _a16;
				r9d = _v184;
				r8d = _v176;
				_v296 = _a32;
				E00007FFA7FFA0AEDBE3C();
				return r14d;
			}

0x7ffa0aed2521
0x7ffa0aed2524
0x7ffa0aed2527
0x7ffa0aed2533
0x7ffa0aed254e
0x7ffa0aed2557
0x7ffa0aed2563
0x7ffa0aed256f
0x7ffa0aed2577
0x7ffa0aed257f
0x7ffa0aed2587
0x7ffa0aed258f
0x7ffa0aed259a
0x7ffa0aed259c
0x7ffa0aed25a7
0x7ffa0aed25af
0x7ffa0aed25b6
0x7ffa0aed25bd
0x7ffa0aed25c4
0x7ffa0aed25c8
0x7ffa0aed25cf
0x7ffa0aed25d6
0x7ffa0aed25dd
0x7ffa0aed25e4
0x7ffa0aed25f8
0x7ffa0aed2609
0x7ffa0aed260c
0x7ffa0aed261c
0x7ffa0aed2626
0x7ffa0aed262e
0x7ffa0aed2635
0x7ffa0aed263c
0x7ffa0aed2647
0x7ffa0aed264c
0x7ffa0aed2653
0x7ffa0aed265a
0x7ffa0aed2661
0x7ffa0aed2668
0x7ffa0aed267a
0x7ffa0aed267d
0x7ffa0aed2684
0x7ffa0aed268b
0x7ffa0aed2692
0x7ffa0aed2699
0x7ffa0aed269d
0x7ffa0aed26a4
0x7ffa0aed26ab
0x7ffa0aed26ba
0x7ffa0aed26c4
0x7ffa0aed26ce
0x7ffa0aed26d2
0x7ffa0aed26d9
0x7ffa0aed26dd
0x7ffa0aed26e2
0x7ffa0aed26f0
0x7ffa0aed26f4
0x7ffa0aed26f7
0x7ffa0aed2702
0x7ffa0aed2705
0x7ffa0aed270c
0x7ffa0aed2713
0x7ffa0aed2717
0x7ffa0aed271e
0x7ffa0aed2725
0x7ffa0aed272c
0x7ffa0aed2730
0x7ffa0aed2737
0x7ffa0aed2742
0x7ffa0aed2745
0x7ffa0aed274f
0x7ffa0aed2753
0x7ffa0aed275a
0x7ffa0aed275e
0x7ffa0aed2763
0x7ffa0aed276a
0x7ffa0aed2774
0x7ffa0aed2778
0x7ffa0aed277c
0x7ffa0aed2786
0x7ffa0aed2789
0x7ffa0aed27a0
0x7ffa0aed27a3
0x7ffa0aed27aa
0x7ffa0aed27b1
0x7ffa0aed27b8
0x7ffa0aed27bf
0x7ffa0aed27c6
0x7ffa0aed27cd
0x7ffa0aed27d1
0x7ffa0aed27d4
0x7ffa0aed27db
0x7ffa0aed27e2
0x7ffa0aed27ec
0x7ffa0aed27f4
0x7ffa0aed27f7
0x7ffa0aed27fe
0x7ffa0aed2805
0x7ffa0aed2809
0x7ffa0aed280d
0x7ffa0aed2817
0x7ffa0aed281a
0x7ffa0aed2825
0x7ffa0aed283b
0x7ffa0aed283e
0x7ffa0aed2845
0x7ffa0aed284f
0x7ffa0aed2852
0x7ffa0aed2856
0x7ffa0aed285a
0x7ffa0aed2861
0x7ffa0aed2868
0x7ffa0aed286f
0x7ffa0aed2876
0x7ffa0aed2880
0x7ffa0aed2883
0x7ffa0aed288e
0x7ffa0aed289e
0x7ffa0aed28a1
0x7ffa0aed28a8
0x7ffa0aed28af
0x7ffa0aed28b6
0x7ffa0aed28b9
0x7ffa0aed28bd
0x7ffa0aed28c4
0x7ffa0aed28cb
0x7ffa0aed28d2
0x7ffa0aed28d9
0x7ffa0aed28e0
0x7ffa0aed28e7
0x7ffa0aed28ee
0x7ffa0aed28f2
0x7ffa0aed28f9
0x7ffa0aed2900
0x7ffa0aed2907
0x7ffa0aed290e
0x7ffa0aed2915
0x7ffa0aed2919
0x7ffa0aed2920
0x7ffa0aed2927
0x7ffa0aed2932
0x7ffa0aed2939
0x7ffa0aed293c
0x7ffa0aed2943
0x7ffa0aed294a
0x7ffa0aed294e
0x7ffa0aed2955
0x7ffa0aed295c
0x7ffa0aed2966
0x7ffa0aed296d
0x7ffa0aed2971
0x7ffa0aed297c
0x7ffa0aed2981
0x7ffa0aed2981
0x7ffa0aed2988
0x7ffa0aed2990
0x7ffa0aed2997
0x7ffa0aed299e
0x7ffa0aed29a5
0x7ffa0aed29ac
0x7ffa0aed29b0
0x7ffa0aed29b4
0x7ffa0aed29b9
0x7ffa0aed29c0
0x7ffa0aed29cc
0x7ffa0aed29d9
0x7ffa0aed29e7
0x7ffa0aed29f3
0x7ffa0aed29f6
0x7ffa0aed29fd
0x7ffa0aed2a08
0x7ffa0aed2a0b
0x7ffa0aed2a12
0x7ffa0aed2a19
0x7ffa0aed2a24
0x7ffa0aed2a27
0x7ffa0aed2a2e
0x7ffa0aed2a35
0x7ffa0aed2a3c
0x7ffa0aed2a43
0x7ffa0aed2a4d
0x7ffa0aed2a57
0x7ffa0aed2a5b
0x7ffa0aed2a60
0x7ffa0aed2a6c
0x7ffa0aed2a7e
0x7ffa0aed2a81
0x7ffa0aed2a88
0x7ffa0aed2a8f
0x7ffa0aed2a96
0x7ffa0aed2a9a
0x7ffa0aed2a9e
0x7ffa0aed2aa2
0x7ffa0aed2aa9
0x7ffa0aed2ab6
0x7ffa0aed2acf
0x7ffa0aed2ad2
0x7ffa0aed2ad9
0x7ffa0aed2ae0
0x7ffa0aed2ae7
0x7ffa0aed2aee
0x7ffa0aed2af1
0x7ffa0aed2afb
0x7ffa0aed2b02
0x7ffa0aed2b07
0x7ffa0aed2b15
0x7ffa0aed2b19
0x7ffa0aed2b20
0x7ffa0aed2b27
0x7ffa0aed2b2e
0x7ffa0aed2b35
0x7ffa0aed2b3c
0x7ffa0aed2b43
0x7ffa0aed2b4a
0x7ffa0aed2b4e
0x7ffa0aed2b55
0x7ffa0aed2b5c
0x7ffa0aed2b63
0x7ffa0aed2b67
0x7ffa0aed2b6e
0x7ffa0aed2b75
0x7ffa0aed2b7f
0x7ffa0aed2b83
0x7ffa0aed2b8a
0x7ffa0aed2b8e
0x7ffa0aed2b93
0x7ffa0aed2bae
0x7ffa0aed2bba
0x7ffa0aed2bbd
0x7ffa0aed2bc4
0x7ffa0aed2bcb
0x7ffa0aed2bd2
0x7ffa0aed2bd9
0x7ffa0aed2be4
0x7ffa0aed2bfa
0x7ffa0aed2bfd
0x7ffa0aed2c04
0x7ffa0aed2c0b
0x7ffa0aed2c12
0x7ffa0aed2c19
0x7ffa0aed2c20
0x7ffa0aed2c24
0x7ffa0aed2c27
0x7ffa0aed2c31
0x7ffa0aed2c38
0x7ffa0aed2c43
0x7ffa0aed2c48
0x7ffa0aed2c4f
0x7ffa0aed2c5a
0x7ffa0aed2c5f
0x7ffa0aed2c63
0x7ffa0aed2c68
0x7ffa0aed2c74
0x7ffa0aed2c7b
0x7ffa0aed2c7f
0x7ffa0aed2c8b
0x7ffa0aed2c92
0x7ffa0aed2c95
0x7ffa0aed2c9c
0x7ffa0aed2ca3
0x7ffa0aed2caa
0x7ffa0aed2cb1
0x7ffa0aed2cb8
0x7ffa0aed2cbf
0x7ffa0aed2cc6
0x7ffa0aed2ccd
0x7ffa0aed2cd4
0x7ffa0aed2cdb
0x7ffa0aed2cdf
0x7ffa0aed2ce6
0x7ffa0aed2ced
0x7ffa0aed2cf4
0x7ffa0aed2cfe
0x7ffa0aed2d0b
0x7ffa0aed2d0f
0x7ffa0aed2d14
0x7ffa0aed2d19
0x7ffa0aed2d33
0x7ffa0aed2d36
0x7ffa0aed2d3d
0x7ffa0aed2d44
0x7ffa0aed2d48
0x7ffa0aed2d4c
0x7ffa0aed2d4f
0x7ffa0aed2d56
0x7ffa0aed2d5a
0x7ffa0aed2d68
0x7ffa0aed2d70
0x7ffa0aed2d75
0x7ffa0aed2d81
0x7ffa0aed2d88
0x7ffa0aed2d8c
0x7ffa0aed2d93
0x7ffa0aed2d9a
0x7ffa0aed2da1
0x7ffa0aed2da5
0x7ffa0aed2dac
0x7ffa0aed2db3
0x7ffa0aed2dcf
0x7ffa0aed2dd2
0x7ffa0aed2dd9
0x7ffa0aed2de0
0x7ffa0aed2de7
0x7ffa0aed2deb
0x7ffa0aed2df2
0x7ffa0aed2dfc
0x7ffa0aed2e00
0x7ffa0aed2e07
0x7ffa0aed2e0b
0x7ffa0aed2e10
0x7ffa0aed2e27
0x7ffa0aed2e2a
0x7ffa0aed2e34
0x7ffa0aed2e37
0x7ffa0aed2e43
0x7ffa0aed2e4a
0x7ffa0aed2e56
0x7ffa0aed2e59
0x7ffa0aed2e63
0x7ffa0aed2e66
0x7ffa0aed2e72
0x7ffa0aed2e87
0x7ffa0aed2e8a
0x7ffa0aed2e8e
0x7ffa0aed2e95
0x7ffa0aed2e98
0x7ffa0aed2e9f
0x7ffa0aed2ea3
0x7ffa0aed2eaa
0x7ffa0aed2eb1
0x7ffa0aed2eb5
0x7ffa0aed2ebc
0x7ffa0aed2ec3
0x7ffa0aed2eca
0x7ffa0aed2ed1
0x7ffa0aed2ed8
0x7ffa0aed2edf
0x7ffa0aed2ee6
0x7ffa0aed2eed
0x7ffa0aed2ef4
0x7ffa0aed2efb
0x7ffa0aed2f02
0x7ffa0aed2f0f
0x7ffa0aed2f16
0x7ffa0aed2f1d
0x7ffa0aed2f24
0x7ffa0aed2f2b
0x7ffa0aed2f32
0x7ffa0aed2f39
0x7ffa0aed2f40
0x7ffa0aed2f4f
0x7ffa0aed2f52
0x7ffa0aed2f59
0x7ffa0aed2f60
0x7ffa0aed2f67
0x7ffa0aed2f6e
0x7ffa0aed2f75
0x7ffa0aed2f7c
0x7ffa0aed2f80
0x7ffa0aed2f87
0x7ffa0aed2f95
0x7ffa0aed2f9c
0x7ffa0aed2fa0
0x7ffa0aed2fae
0x7ffa0aed2fb3
0x7ffa0aed2fb7
0x7ffa0aed2fc4
0x7ffa0aed2fc8
0x7ffa0aed2fcc
0x7ffa0aed2fd0
0x7ffa0aed2fd8
0x7ffa0aed2fdc
0x7ffa0aed2fe0
0x7ffa0aed2fe8
0x7ffa0aed2fef
0x7ffa0aed2ff3
0x7ffa0aed2ff6
0x7ffa0aed2ffa
0x7ffa0aed2ffe
0x7ffa0aed3003
0x7ffa0aed300a
0x7ffa0aed3013
0x7ffa0aed301a
0x7ffa0aed3026
0x7ffa0aed3028
0x7ffa0aed3031
0x7ffa0aed3038
0x7ffa0aed3044
0x7ffa0aed3059
0x7ffa0aed305c
0x7ffa0aed3060
0x7ffa0aed3067
0x7ffa0aed3072
0x7ffa0aed3075
0x7ffa0aed307c
0x7ffa0aed3083
0x7ffa0aed3087
0x7ffa0aed308a
0x7ffa0aed3091
0x7ffa0aed3098
0x7ffa0aed309f
0x7ffa0aed30a6
0x7ffa0aed30b0
0x7ffa0aed30b7
0x7ffa0aed30bc
0x7ffa0aed30ca
0x7ffa0aed30d1
0x7ffa0aed30d8
0x7ffa0aed30dc
0x7ffa0aed30e3
0x7ffa0aed30ea
0x7ffa0aed30f1
0x7ffa0aed30f8
0x7ffa0aed30ff
0x7ffa0aed3106
0x7ffa0aed310d
0x7ffa0aed3114
0x7ffa0aed3118
0x7ffa0aed311f
0x7ffa0aed3126
0x7ffa0aed312a
0x7ffa0aed3134
0x7ffa0aed3138
0x7ffa0aed313f
0x7ffa0aed3143
0x7ffa0aed3148
0x7ffa0aed314f
0x7ffa0aed315b
0x7ffa0aed3162
0x7ffa0aed3169
0x7ffa0aed3170
0x7ffa0aed3174
0x7ffa0aed317b
0x7ffa0aed3182
0x7ffa0aed3189
0x7ffa0aed319a
0x7ffa0aed31a5
0x7ffa0aed31af
0x7ffa0aed31b6
0x7ffa0aed31bd
0x7ffa0aed31ca
0x7ffa0aed31cd
0x7ffa0aed31d7
0x7ffa0aed31db
0x7ffa0aed31e2
0x7ffa0aed31e6
0x7ffa0aed31eb
0x7ffa0aed31f2
0x7ffa0aed31f9
0x7ffa0aed3200
0x7ffa0aed3207
0x7ffa0aed320e
0x7ffa0aed3215
0x7ffa0aed321c
0x7ffa0aed3220
0x7ffa0aed3227
0x7ffa0aed322e
0x7ffa0aed3231
0x7ffa0aed323c
0x7ffa0aed323f
0x7ffa0aed3246
0x7ffa0aed324d
0x7ffa0aed3254
0x7ffa0aed325b
0x7ffa0aed325f
0x7ffa0aed3266
0x7ffa0aed327a
0x7ffa0aed3280
0x7ffa0aed3285
0x7ffa0aed3291
0x7ffa0aed3294
0x7ffa0aed329b
0x7ffa0aed32a2
0x7ffa0aed32ac
0x7ffa0aed32b0
0x7ffa0aed32b3
0x7ffa0aed32bd
0x7ffa0aed32c1
0x7ffa0aed32c6
0x7ffa0aed32d2
0x7ffa0aed32d9
0x7ffa0aed32e1
0x7ffa0aed32f0
0x7ffa0aed32f3
0x7ffa0aed32fd
0x7ffa0aed330f
0x7ffa0aed3312
0x7ffa0aed331b
0x7ffa0aed3322
0x7ffa0aed3329
0x7ffa0aed3330
0x7ffa0aed3337
0x7ffa0aed333b
0x7ffa0aed3342
0x7ffa0aed3349
0x7ffa0aed3350
0x7ffa0aed3354
0x7ffa0aed335b
0x7ffa0aed3362
0x7ffa0aed3371
0x7ffa0aed3374
0x7ffa0aed337e
0x7ffa0aed3388
0x7ffa0aed338c
0x7ffa0aed3391
0x7ffa0aed339d
0x7ffa0aed33ac
0x7ffa0aed33af
0x7ffa0aed33b6
0x7ffa0aed33bd
0x7ffa0aed33c1
0x7ffa0aed33c8
0x7ffa0aed33cf
0x7ffa0aed33d6
0x7ffa0aed33dd
0x7ffa0aed33e4
0x7ffa0aed33ee
0x7ffa0aed33f5
0x7ffa0aed3400
0x7ffa0aed3403
0x7ffa0aed340d
0x7ffa0aed3417
0x7ffa0aed341b
0x7ffa0aed342f
0x7ffa0aed3435
0x7ffa0aed343b
0x7ffa0aed3440
0x7ffa0aed344c
0x7ffa0aed3453
0x7ffa0aed345a
0x7ffa0aed3461
0x7ffa0aed3468
0x7ffa0aed346f
0x7ffa0aed3476
0x7ffa0aed347d
0x7ffa0aed3484
0x7ffa0aed348b
0x7ffa0aed3497
0x7ffa0aed349a
0x7ffa0aed34a1
0x7ffa0aed34a8
0x7ffa0aed34af
0x7ffa0aed34b6
0x7ffa0aed34bd
0x7ffa0aed34c4
0x7ffa0aed34cb
0x7ffa0aed34d2
0x7ffa0aed34d9
0x7ffa0aed34e3
0x7ffa0aed34ea
0x7ffa0aed34ee
0x7ffa0aed34f5
0x7ffa0aed34fd
0x7ffa0aed3516

Strings

Jo*, xrefs: 00007FFA0AED3461
r=Q$, xrefs: 00007FFA0AED2F16
5an, xrefs: 00007FFA0AED34A8
;k^, xrefs: 00007FFA0AED2EF4
Rg^, xrefs: 00007FFA0AED3349

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: 5an$;k^$Jo*$Rg^$r=Q$
API String ID: 0-3072258058
Opcode ID: 7ad495413e6d7baef80995d205617e01745579cef814960f3a3944c655b2a8a5
Instruction ID: b8a524fdb0e1db0413eca621a9aa0b7e1c7ac220f62ab564d9650e44cf175d9c
Opcode Fuzzy Hash: 7ad495413e6d7baef80995d205617e01745579cef814960f3a3944c655b2a8a5
Instruction Fuzzy Hash: 1BA2B073A047908FD368DFB9D48949D3FB2F7447AC7204229EA169BE58D7B59488CF80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED7AF0 Relevance: 6.8, Strings: 5, Instructions: 504
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E00007FFA7FFA0AED7AF0(long long __rbx, void* __rdx, long long __rdi, long long __rsi, void* __r11) {
				void* __r12;
				void* _t562;
				signed int _t584;
				signed int _t664;
				void* _t709;
				void* _t714;
				signed long long _t729;
				signed long long _t730;
				intOrPtr _t731;
				signed long long _t734;
				intOrPtr _t737;
				void* _t740;
				intOrPtr _t743;
				intOrPtr _t744;
				long long _t754;
				signed long long _t757;
				void* _t762;
				signed long long _t764;
				void* _t765;
				void* _t767;
				void* _t770;
				long long _t773;
				void* _t777;
				void* _t782;
				void* _t785;

				_t774 = __r11;
				_t759 = __rsi;
				_t738 = __rbx;
				_t729 = _t764;
				 *((long long*)(_t729 + 8)) = __rbx;
				 *((long long*)(_t729 + 0x10)) = __rsi;
				 *((long long*)(_t729 + 0x18)) = __rdi;
				_t762 = _t729 - 0xf8;
				_t765 = _t764 - 0x1d0;
				 *(_t765 + 0x30) =  *((intOrPtr*)(_t762 + 0x130));
				 *(_t765 + 0x28) =  *(_t762 + 0x128);
				r15d = r8d;
				 *(_t765 + 0x20) =  *((intOrPtr*)(_t762 + 0x120));
				_t777 = __rdx;
				E00007FFA7FFA0AEE3C78( *(_t762 + 0x128), _t740, __rdx, _t767, _t770);
				 *(_t762 - 0x78) = 0x88a7e;
				if (0x5bef0 == 0x4222d) goto 0xaed8394;
				if (0x5bef0 == 0x5bef0) goto 0xaed82d8;
				if (0x5bef0 == 0x87bc9) goto 0xaed8117;
				if (0x5bef0 == 0x8e8f9) goto 0xaed7f84;
				if (0x5bef0 == 0x958d9) goto 0xaed7d6b;
				if (0x5bef0 == 0x9fef8) goto 0xaed7c81;
				if (0x5bef0 != 0xb520a) goto 0xaed8451;
				 *(_t765 + 0x78) = 0x416103;
				 *(_t765 + 0x78) = ( *(_t765 + 0x78) - (0x446f8657 *  *(_t765 + 0x78) >> 0x20) >> 1) + (0x446f8657 *  *(_t765 + 0x78) >> 0x20) >> 6;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) << 0xf;
				 *(_t765 + 0x78) = 0x4ec4ec4f *  *(_t765 + 0x78) >> 0x20 >> 2;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) ^ 0x065f9989;
				if ( *((intOrPtr*)(_t762 - 0x60)) -  *(_t765 + 0x78) >= 0) goto 0xaed7bff;
				E00007FFA7FFA0AEDBF78(0x5bef0, _t729, _t762 - 0x68, __r11);
				goto 0xaed7c08;
				E00007FFA7FFA0AEE1E88(0x5bef0, _t709, _t714, _t729, __rbx, _t762 - 0x68, _t762 - 0x58, _t770, __r11);
				 *(_t765 + 0x70) = 0xdfad41;
				_t757 = _t729;
				_t730 =  ~_t729;
				asm("sbb ebx, ebx");
				 *(_t765 + 0x70) =  *(_t765 + 0x70) << 0xa;
				 *(_t765 + 0x70) = ( *(_t765 + 0x70) - (0x1f7047dd *  *(_t765 + 0x70) >> 0x20) >> 1) + (0x1f7047dd *  *(_t765 + 0x70) >> 0x20) >> 5;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0x02342b10;
				 *(_t765 + 0x78) = 0x980fe;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) ^ 0xf0717ab5;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) * 0x2c;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) >> 8;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) ^ 0x0057e7b1;
				r8d =  *(_t765 + 0x78);
				goto 0xaed7d61;
				 *(_t765 + 0x78) = 0x4766ad;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) | 0x0862c4c7;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) >> 7;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) | 0x51d1af42;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) ^ 0x51df4fa2;
				 *(_t765 + 0x74) = 0x8b3d16;
				 *(_t765 + 0x74) = 0xaaaaaaab *  *(_t765 + 0x74) >> 0x20 >> 6;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) ^ 0x000b3daf;
				 *(_t765 + 0x70) = 0x844226;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) >> 5;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) >> 0xe;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0x00096d56;
				_t83 = _t765 + 0x70; // 0x96d56
				r9d =  *(_t765 + 0x74);
				r8d =  *(_t765 + 0x78);
				 *(_t765 + 0x20) =  *_t83;
				if (E00007FFA7FFA0AEE3858(_t738,  *((intOrPtr*)(_t762 + 0x130)), _t762 - 0x48, _t757, __rsi) == 0) goto 0xaed7d0d;
				goto 0xaed7d12;
				 *(_t765 + 0x78) = 0x7e44a9;
				 *(_t765 + 0x78) = _t730 + _t730 * 8;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) + 0x42c1;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) << 0xe;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) ^ 0x2b24e30a;
				 *(_t765 + 0x70) = 0xf3e977;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) >> 0xe;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) >> 7;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0x0004825a;
				r8d =  *(_t765 + 0x70);
				E00007FFA7FFA0AED89D0(_t730,  *((intOrPtr*)(_t762 - 0x48)));
				goto 0xaed8451;
				 *(_t762 - 0x78) = 0xff7027;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) >> 0xa;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) ^ 0x00005ad2;
				 *(_t765 + 0x74) = 0xb4404a;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) + 0xffff61c3;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) << 3;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) ^ 0x059d8b7e;
				 *(_t765 + 0x7c) = 0x319b71;
				 *(_t765 + 0x7c) =  *(_t765 + 0x7c) * 0x49;
				 *(_t765 + 0x7c) =  *(_t765 + 0x7c) | 0x0048a25f;
				 *(_t765 + 0x7c) =  *(_t765 + 0x7c) ^ 0x0e6a0e1f;
				 *(_t765 + 0x70) = 0x2d1628;
				 *(_t765 + 0x70) = _t730 + _t730 * 2 + _t730 + _t730 * 2;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) * 0x57;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) * 0x1b;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0xb23d27f9;
				 *(_t762 - 0x80) = 0xb024e0;
				 *(_t762 - 0x80) =  *(_t762 - 0x80) + 0xffff51fc;
				 *(_t762 - 0x80) =  *(_t762 - 0x80) + 0xffffe105;
				 *(_t762 - 0x80) =  *(_t762 - 0x80) | 0x958a795f;
				 *(_t762 - 0x80) =  *(_t762 - 0x80) ^ 0x95ae378d;
				 *(_t762 - 0x70) = 0x7a5e4b;
				 *(_t762 - 0x70) = 0x3531dec1 *  *(_t762 - 0x70) >> 0x20 >> 4;
				 *(_t762 - 0x70) =  *(_t762 - 0x70) << 6;
				 *(_t762 - 0x70) =  *(_t762 - 0x70) + 0xffff3f68;
				 *(_t762 - 0x70) =  *(_t762 - 0x70) ^ 0x006c7b26;
				 *(_t765 + 0x78) = 0x7b740b;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) << 1;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) * 0x65;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) << 6;
				 *(_t765 + 0x78) =  *(_t765 + 0x78) ^ 0x5a6bf226;
				_t731 =  *0xaee8230; // 0x0
				_t743 =  *((intOrPtr*)(_t731 + 0x40));
				r9d =  *(_t743 + 0x50) & 0x0000ffff;
				 *(_t765 + 0x68) =  *(_t765 + 0x78);
				 *(_t765 + 0x60) =  *(_t762 - 0x70);
				 *((long long*)(_t765 + 0x58)) = _t762 - 0x48;
				 *(_t765 + 0x50) = _t757;
				 *((long long*)(_t765 + 0x48)) = _t762 - 0x30;
				 *(_t765 + 0x40) =  *(_t762 - 0x80);
				 *(_t765 + 0x38) =  *(_t765 + 0x70);
				_t734 = _t762 - 0x58;
				 *(_t765 + 0x30) = _t734;
				 *(_t765 + 0x28) =  *(_t765 + 0x7c);
				r8d =  *(_t743 + 8) & 0x0000ffff;
				 *(_t765 + 0x20) =  *(_t765 + 0x74);
				E00007FFA7FFA0AEDE234(_t738, _t743 + 0x18, _t773);
				 *(_t765 + 0x70) = 0x7b276d;
				asm("sbb ebx, ebx");
				 *(_t765 + 0x70) =  *(_t765 + 0x70) + 0x3e5f;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) + 0xffffa0ff;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) * 0x31;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0x178766f3;
				 *(_t765 + 0x74) = 0x8fe40;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) >> 8;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) * 0x78;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) ^ 0x000e385d;
				r8d =  *(_t765 + 0x74);
				E00007FFA7FFA0AED89D0(_t734, _t757);
				 *(_t762 - 0x78) = 0x30c81;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) << 0xd;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) ^ 0x61980810;
				 *(_t765 + 0x70) = 0x9f8cf;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) + 0x9af1;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) + 0x5643;
				 *(_t765 + 0x70) = 0x88888889 *  *(_t765 + 0x70) >> 0x20 >> 3;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0x0001eb1d;
				r8d =  *(_t765 + 0x70);
				goto 0xaed7d61;
				 *(_t765 + 0x70) = 0xbfa735;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) + 0xf4e3;
				 *(_t765 + 0x70) = _t734 + _t734 * 4 << 4;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0x3c30c7c0;
				 *(_t762 - 0x70) = 0xeed1b9;
				 *(_t762 - 0x70) =  *(_t762 - 0x70) ^ 0x931530ec;
				 *(_t762 - 0x70) =  *(_t762 - 0x70) ^ 0x93fbe151;
				 *(_t765 + 0x7c) = 0xc77f22;
				 *(_t765 + 0x7c) =  *(_t765 + 0x7c) ^ 0x06dc4e4e;
				 *(_t765 + 0x7c) =  *(_t765 + 0x7c) << 4;
				 *(_t765 + 0x7c) =  *(_t765 + 0x7c) ^ 0x61ba2099;
				 *(_t762 - 0x80) = 0x23326e;
				 *(_t762 - 0x80) =  *(_t762 - 0x80) ^ 0xc8abaff2;
				 *(_t762 - 0x80) =  *(_t762 - 0x80) ^ 0xc88d629e;
				 *(_t762 - 0x78) = 0x838808;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) + 0x1d0d;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) ^ 0x008d8d6b;
				 *(_t765 + 0x74) = 0xaf121;
				 *(_t765 + 0x74) = ( *(_t765 + 0x74) - (0x3e22cbcf *  *(_t765 + 0x74) >> 0x20) >> 1) + (0x3e22cbcf *  *(_t765 + 0x74) >> 0x20) >> 6;
				 *(_t765 + 0x74) = 0x44d72045 *  *(_t765 + 0x74) >> 0x20 >> 5;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) ^ 0x000ab97e;
				 *(_t765 + 0x20) =  *(_t762 - 0x70);
				_t562 = E00007FFA7FFA0AEE5608( *(_t765 + 0x70),  *(_t762 - 0x58), _t785);
				 *(_t765 + 0x74) = 0xe95ba8;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) + 0xffffc11d;
				r11d = _t562;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) + 0x3a49;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) ^ 0x00eb47a7;
				 *(_t762 - 0x80) = 0x975683;
				 *(_t762 - 0x80) =  *(_t762 - 0x80) * 0x25;
				 *(_t762 - 0x80) =  *(_t762 - 0x80) ^ 0x15de943c;
				 *(_t765 + 0x70) = 0x80b22a;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) + 0xcf2a;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0x0081815c;
				 *(_t765 + 0x7c) = 0xf0443d;
				 *(_t765 + 0x7c) =  *(_t765 + 0x7c) | 0xc2aad451;
				 *(_t765 + 0x7c) =  *(_t765 + 0x7c) ^ 0xc2fad47c;
				 *(_t762 - 0x78) = 0xa70b56;
				 *(_t762 - 0x78) = 0xcf6474a9 *  *(_t762 - 0x78) >> 0x20 >> 6;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) ^ 0x00021d4c;
				r8d =  *(_t762 - 0x78);
				r8d = r8d |  *(_t765 + 0x7c);
				r8d = r8d |  *(_t765 + 0x70);
				 *(_t765 + 0x20) =  *(_t762 - 0x80);
				E00007FFA7FFA0AED7908(r11d, _t734, _t738, _t743,  *(_t762 - 0x58), _t759, _t762 - 0x30, _t774);
				goto 0xaed7b58;
				 *(_t765 + 0x7c) = 0x7f223d;
				 *(_t765 + 0x7c) =  *(_t765 + 0x7c) ^ 0xc391fce6;
				 *(_t765 + 0x7c) =  *(_t765 + 0x7c) | 0xebbf8e97;
				 *(_t765 + 0x7c) =  *(_t765 + 0x7c) ^ 0xebffd90f;
				 *(_t765 + 0x74) = 0xf23bd5;
				 *(_t765 + 0x74) = 0xae4c415d *  *(_t765 + 0x74) >> 0x20 >> 5;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) * 0x29;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) ^ 0x00d34f56;
				 *(_t762 - 0x80) = 0x91d083;
				 *(_t762 - 0x80) =  *(_t762 - 0x80) >> 0x10;
				 *(_t762 - 0x80) =  *(_t762 - 0x80) << 0xc;
				 *(_t762 - 0x80) = 0xba2e8ba3 *  *(_t762 - 0x80) >> 0x20 >> 6;
				 *(_t762 - 0x80) =  *(_t762 - 0x80) ^ 0x000e3469;
				 *(_t765 + 0x70) = 0x4fa19a;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) << 4;
				 *(_t765 + 0x70) = 0xb21642c9 *  *(_t765 + 0x70) >> 0x20 >> 5;
				 *(_t765 + 0x70) = ( *(_t765 + 0x70) - (0x68168169 *  *(_t765 + 0x70) >> 0x20) >> 1) + (0x68168169 *  *(_t765 + 0x70) >> 0x20) >> 6;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0x000a5543;
				 *(_t762 - 0x70) = 0x889d8c;
				 *(_t762 - 0x70) =  *(_t762 - 0x70) << 0xa;
				 *(_t762 - 0x70) =  *(_t762 - 0x70) ^ 0x22794514;
				 *(_t762 - 0x78) = 0x3f230;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) ^ 0x74a6fa63;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) ^ 0x74aba917;
				 *(_t765 + 0x20) =  *(_t765 + 0x74);
				_t584 = E00007FFA7FFA0AEE5608( *(_t765 + 0x7c),  *(_t762 - 0x58), _t782);
				 *(_t765 + 0x70) = 0x8ed4ac;
				r8d = _t584;
				 *(_t765 + 0x70) = 0x88888889 *  *(_t765 + 0x70) >> 0x20 >> 4;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) | 0xe6ea23b1;
				 *(_t765 + 0x70) = ( *(_t765 + 0x70) - (0x18118119 *  *(_t765 + 0x70) >> 0x20) >> 1) + (0x18118119 *  *(_t765 + 0x70) >> 0x20) >> 6;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0x01f94b25;
				 *(_t765 + 0x74) = 0x635b9d;
				_t664 =  *(_t765 + 0x74);
				 *(_t765 + 0x74) = 0xaaaaaaab * _t664 >> 0x20 >> 3;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) ^ 0x0001f290;
				 *(_t762 - 0x78) = 0xabb6d9;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) >> 1;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) ^ 0x0050dd0f;
				r9d =  *(_t762 - 0x78);
				E00007FFA7FFA0AEDDB58();
				if (0xaaaaaaab * _t664 !=  *(_t765 + 0x70)) goto 0xaed845e;
				_t744 =  *0xaee8230; // 0x0
				_t754 =  *((intOrPtr*)( *((intOrPtr*)(_t744 + 0x40)) + 0x10));
				if (_t754 == 0) goto 0xaed82bc;
				 *((long long*)(_t744 + 0x40)) = _t754;
				goto 0xaed82c4;
				 *((long long*)(_t744 + 0x40)) =  *((intOrPtr*)(_t744 + 0x50));
				 *((intOrPtr*)(_t744 + 8)) =  *((intOrPtr*)(_t744 + 8)) + 1;
				if ( *((intOrPtr*)(_t744 + 8)) -  *((intOrPtr*)(_t744 + 0x18)) >= 0) goto 0xaed8463;
				goto 0xaed7b53;
				 *(_t765 + 0x74) = 0x82ffaf;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) | 0x91aa2c23;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) ^ 0x173c9a5b;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) ^ 0x86989faf;
				 *(_t762 - 0x78) = 0x58f5ae;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) >> 4;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) ^ 0x0001900f;
				r9d =  *(_t762 - 0x78);
				E00007FFA7FFA0AED4F54(0x100,  *((intOrPtr*)(_t744 + 0x50)), _t762 - 0x30);
				 *(_t762 - 0x58) =  *(_t762 - 0x58) & _t757;
				 *(_t765 + 0x70) = 0x987bcf;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) + 0xabe4;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) | 0xa330089d;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) + 0xa9c7;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0xa3b9d986;
				 *(_t762 - 0x50) =  *(_t765 + 0x70);
				 *(_t765 + 0x74) = 0xcc7ec2;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) >> 4;
				 *(_t765 + 0x74) = 0x51eb851f *  *(_t765 + 0x74) >> 0x20 >> 3;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) ^ 0x000082e0;
				_t737 =  *0xaee8230; // 0x0
				 *(_t737 + 8) =  *(_t765 + 0x74);
				goto 0xaed7b58;
				 *(_t765 + 0x7c) = 0x21a4c6;
				 *(_t765 + 0x7c) = ( *(_t765 + 0x7c) - (0x2f684bdb *  *(_t765 + 0x7c) >> 0x20) >> 1) + (0x2f684bdb *  *(_t765 + 0x7c) >> 0x20) >> 4;
				 *(_t765 + 0x7c) =  *(_t765 + 0x7c) ^ 0x0005881d;
				 *(_t765 + 0x70) = 0x47f902;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) + 0xbcc8;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0xb0799690;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) << 0xb;
				 *(_t765 + 0x70) =  *(_t765 + 0x70) ^ 0x89126ed8;
				 *(_t765 + 0x74) = 0xfc6808;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) * 0x6c;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) << 2;
				 *(_t765 + 0x74) =  *(_t765 + 0x74) ^ 0xa9e61fd1;
				 *(_t762 - 0x78) = 0x1b6983;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) + 0x274b;
				 *(_t762 - 0x78) =  *(_t762 - 0x78) ^ 0x00193bca;
				 *(_t765 + 0x30) =  *(_t762 - 0x78);
				 *(_t765 + 0x28) =  *(_t765 + 0x74);
				 *(_t765 + 0x20) =  *(_t765 + 0x70);
				if (E00007FFA7FFA0AEE3050(0x4222d, r15d, _t738, _t757, _t759, _t777, _t762 - 0x68, _t777) == 0) goto 0xaed844c;
				goto 0xaed7b58;
				if (0x9a2d9 == 0x9a2d9) goto 0xaed8463;
				goto 0xaed7b58;
				return 2;
			}

0x7ffa0aed7af0
0x7ffa0aed7af0
0x7ffa0aed7af0
0x7ffa0aed7af0
0x7ffa0aed7af3
0x7ffa0aed7af7
0x7ffa0aed7afb
0x7ffa0aed7b08
0x7ffa0aed7b0f
0x7ffa0aed7b2a
0x7ffa0aed7b2f
0x7ffa0aed7b33
0x7ffa0aed7b36
0x7ffa0aed7b3b
0x7ffa0aed7b3e
0x7ffa0aed7b43
0x7ffa0aed7b5e
0x7ffa0aed7b6a
0x7ffa0aed7b76
0x7ffa0aed7b82
0x7ffa0aed7b8e
0x7ffa0aed7b9a
0x7ffa0aed7ba6
0x7ffa0aed7bac
0x7ffa0aed7bcd
0x7ffa0aed7bd1
0x7ffa0aed7be3
0x7ffa0aed7be7
0x7ffa0aed7bf6
0x7ffa0aed7bf8
0x7ffa0aed7bfd
0x7ffa0aed7c03
0x7ffa0aed7c08
0x7ffa0aed7c10
0x7ffa0aed7c13
0x7ffa0aed7c16
0x7ffa0aed7c18
0x7ffa0aed7c3d
0x7ffa0aed7c41
0x7ffa0aed7c49
0x7ffa0aed7c51
0x7ffa0aed7c5e
0x7ffa0aed7c62
0x7ffa0aed7c67
0x7ffa0aed7c6f
0x7ffa0aed7c7c
0x7ffa0aed7c81
0x7ffa0aed7c8e
0x7ffa0aed7c96
0x7ffa0aed7c9b
0x7ffa0aed7ca3
0x7ffa0aed7cab
0x7ffa0aed7cbf
0x7ffa0aed7cc7
0x7ffa0aed7ccf
0x7ffa0aed7cd7
0x7ffa0aed7cdc
0x7ffa0aed7ce1
0x7ffa0aed7ce9
0x7ffa0aed7ced
0x7ffa0aed7cf2
0x7ffa0aed7cf7
0x7ffa0aed7d02
0x7ffa0aed7d0b
0x7ffa0aed7d12
0x7ffa0aed7d21
0x7ffa0aed7d25
0x7ffa0aed7d2d
0x7ffa0aed7d32
0x7ffa0aed7d3a
0x7ffa0aed7d42
0x7ffa0aed7d47
0x7ffa0aed7d4c
0x7ffa0aed7d54
0x7ffa0aed7d61
0x7ffa0aed7d66
0x7ffa0aed7d6b
0x7ffa0aed7d72
0x7ffa0aed7d76
0x7ffa0aed7d7d
0x7ffa0aed7d85
0x7ffa0aed7d8d
0x7ffa0aed7d92
0x7ffa0aed7d9a
0x7ffa0aed7da7
0x7ffa0aed7dab
0x7ffa0aed7db3
0x7ffa0aed7dbb
0x7ffa0aed7dcc
0x7ffa0aed7dd5
0x7ffa0aed7dde
0x7ffa0aed7de7
0x7ffa0aed7def
0x7ffa0aed7df6
0x7ffa0aed7dfd
0x7ffa0aed7e04
0x7ffa0aed7e0b
0x7ffa0aed7e12
0x7ffa0aed7e21
0x7ffa0aed7e24
0x7ffa0aed7e28
0x7ffa0aed7e2f
0x7ffa0aed7e36
0x7ffa0aed7e3e
0x7ffa0aed7e47
0x7ffa0aed7e4b
0x7ffa0aed7e50
0x7ffa0aed7e58
0x7ffa0aed7e5f
0x7ffa0aed7e67
0x7ffa0aed7e6c
0x7ffa0aed7e73
0x7ffa0aed7e7f
0x7ffa0aed7e84
0x7ffa0aed7e8d
0x7ffa0aed7e95
0x7ffa0aed7e9d
0x7ffa0aed7ea1
0x7ffa0aed7ea5
0x7ffa0aed7eae
0x7ffa0aed7eb6
0x7ffa0aed7ebe
0x7ffa0aed7ec2
0x7ffa0aed7ec7
0x7ffa0aed7ed1
0x7ffa0aed7ed3
0x7ffa0aed7edb
0x7ffa0aed7ef4
0x7ffa0aed7ef8
0x7ffa0aed7f00
0x7ffa0aed7f08
0x7ffa0aed7f12
0x7ffa0aed7f19
0x7ffa0aed7f21
0x7ffa0aed7f2a
0x7ffa0aed7f2f
0x7ffa0aed7f3b
0x7ffa0aed7f3f
0x7ffa0aed7f46
0x7ffa0aed7f4e
0x7ffa0aed7f56
0x7ffa0aed7f67
0x7ffa0aed7f6b
0x7ffa0aed7f73
0x7ffa0aed7f7f
0x7ffa0aed7f84
0x7ffa0aed7f8c
0x7ffa0aed7fa3
0x7ffa0aed7fa7
0x7ffa0aed7faf
0x7ffa0aed7fb6
0x7ffa0aed7fbd
0x7ffa0aed7fc4
0x7ffa0aed7fcc
0x7ffa0aed7fd4
0x7ffa0aed7fd9
0x7ffa0aed7fe1
0x7ffa0aed7fe8
0x7ffa0aed7fef
0x7ffa0aed7ff6
0x7ffa0aed7ffd
0x7ffa0aed8004
0x7ffa0aed800b
0x7ffa0aed8027
0x7ffa0aed8034
0x7ffa0aed8038
0x7ffa0aed8055
0x7ffa0aed8059
0x7ffa0aed805e
0x7ffa0aed8066
0x7ffa0aed806e
0x7ffa0aed8075
0x7ffa0aed807d
0x7ffa0aed8085
0x7ffa0aed8090
0x7ffa0aed8098
0x7ffa0aed809f
0x7ffa0aed80a7
0x7ffa0aed80af
0x7ffa0aed80b7
0x7ffa0aed80bf
0x7ffa0aed80c7
0x7ffa0aed80cf
0x7ffa0aed80de
0x7ffa0aed80e4
0x7ffa0aed80eb
0x7ffa0aed80f3
0x7ffa0aed80fa
0x7ffa0aed8104
0x7ffa0aed8108
0x7ffa0aed8112
0x7ffa0aed8117
0x7ffa0aed8124
0x7ffa0aed812c
0x7ffa0aed8134
0x7ffa0aed813c
0x7ffa0aed814d
0x7ffa0aed8156
0x7ffa0aed815f
0x7ffa0aed8167
0x7ffa0aed816e
0x7ffa0aed8172
0x7ffa0aed8183
0x7ffa0aed8186
0x7ffa0aed818d
0x7ffa0aed8195
0x7ffa0aed81a8
0x7ffa0aed81bb
0x7ffa0aed81bf
0x7ffa0aed81c7
0x7ffa0aed81ce
0x7ffa0aed81d2
0x7ffa0aed81d9
0x7ffa0aed81e0
0x7ffa0aed81e7
0x7ffa0aed8203
0x7ffa0aed8207
0x7ffa0aed820c
0x7ffa0aed8218
0x7ffa0aed822a
0x7ffa0aed822e
0x7ffa0aed824a
0x7ffa0aed824e
0x7ffa0aed8256
0x7ffa0aed825e
0x7ffa0aed8267
0x7ffa0aed826e
0x7ffa0aed8276
0x7ffa0aed827d
0x7ffa0aed8280
0x7ffa0aed8287
0x7ffa0aed828f
0x7ffa0aed829c
0x7ffa0aed82a2
0x7ffa0aed82ad
0x7ffa0aed82b4
0x7ffa0aed82b6
0x7ffa0aed82ba
0x7ffa0aed82c0
0x7ffa0aed82c4
0x7ffa0aed82cd
0x7ffa0aed82d3
0x7ffa0aed82d8
0x7ffa0aed82e9
0x7ffa0aed82f1
0x7ffa0aed82f9
0x7ffa0aed8301
0x7ffa0aed8308
0x7ffa0aed830c
0x7ffa0aed8313
0x7ffa0aed831b
0x7ffa0aed8327
0x7ffa0aed832b
0x7ffa0aed8333
0x7ffa0aed833b
0x7ffa0aed8343
0x7ffa0aed834b
0x7ffa0aed8357
0x7ffa0aed835a
0x7ffa0aed8367
0x7ffa0aed8375
0x7ffa0aed8379
0x7ffa0aed8385
0x7ffa0aed838c
0x7ffa0aed838f
0x7ffa0aed8394
0x7ffa0aed83b7
0x7ffa0aed83be
0x7ffa0aed83c6
0x7ffa0aed83ce
0x7ffa0aed83d6
0x7ffa0aed83de
0x7ffa0aed83e3
0x7ffa0aed83eb
0x7ffa0aed83f8
0x7ffa0aed83fc
0x7ffa0aed8401
0x7ffa0aed8409
0x7ffa0aed8410
0x7ffa0aed8417
0x7ffa0aed8421
0x7ffa0aed8429
0x7ffa0aed8435
0x7ffa0aed8440
0x7ffa0aed8447
0x7ffa0aed8457
0x7ffa0aed8459
0x7ffa0aed8485

Strings

&{l, xrefs: 00007FFA0AED7E2F
n2#, xrefs: 00007FFA0AED7FE1
Vm, xrefs: 00007FFA0AED7CE9
I:, xrefs: 00007FFA0AED8075
$+, xrefs: 00007FFA0AED7D32

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: $+$&{l$I:$Vm$n2#
API String ID: 0-1689822077
Opcode ID: a8e69e65b72f01b9ded3c978b0e7fcfd437ce6b53e53ae06511eb9a8e699fd0f
Instruction ID: 8b71a48379ce7d3551901365a27b17f154c637e23cbbf4a76cc12de94751cd10
Opcode Fuzzy Hash: a8e69e65b72f01b9ded3c978b0e7fcfd437ce6b53e53ae06511eb9a8e699fd0f
Instruction Fuzzy Hash: F6420773A08651CFE348DF79E54545EBBF1F384B48B204229EB9A97A68DB78D845CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5897D18 Relevance: 6.6, APIs: 4, Instructions: 650COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A58981AF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A58981B5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5898653
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5898659

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 2e6c561015e8d137c4b28d804439fec8fdc580b074e04c302cc7c233b09a84b7
Instruction ID: 08dce8f1ada4edbfc2cc23058bf3a8109322d90b30ef09709281dcaada04a67c
Opcode Fuzzy Hash: 2e6c561015e8d137c4b28d804439fec8fdc580b074e04c302cc7c233b09a84b7
Instruction Fuzzy Hash: 52527F22B0AB46D5EB00EB65D4401ACB371FB4AF88B924175EE4D17BA9DF3CE45AC710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588DDE8 Relevance: 6.5, APIs: 2, Strings: 1, Instructions: 1276COMMON

Download Yara Rule

Strings

0123456789-+Ee, xrefs: 00007FF7A588DF43, 00007FF7A588E242, 00007FF7A588E5DE, 00007FF7A588E8EF, 00007FF7A588EDF5

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID:
String ID: 0123456789-+Ee
API String ID: 0-1347306980
Opcode ID: 22b55213ac397b2017d5a27bcc98eedb1b0e79608c94e2260f8bc9a843623241
Instruction ID: 65ef9e53aa51d95d336941a9883aaf58e35a192a2013004357fc15b68073fb03
Opcode Fuzzy Hash: 22b55213ac397b2017d5a27bcc98eedb1b0e79608c94e2260f8bc9a843623241
Instruction Fuzzy Hash: 35C27D22A0BA8585EB51AF29C15027CB761FB42FC5F9580B1DA5E077B5CF3DE865C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE443C Relevance: 6.4, Strings: 5, Instructions: 111
COMMONCrypto

Download Yara Rule

C-Code - Quality: 64%

			E00007FFA7FFA0AEE443C(signed int _a8, signed int _a16, intOrPtr _a40, intOrPtr _a48, intOrPtr _a56) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				long long _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				void* _t72;
				signed int _t84;
				signed int _t87;
				long long _t89;
				signed int _t90;
				void* _t92;
				void* _t94;
				intOrPtr _t95;
				signed int _t99;
				void* _t108;
				void* _t109;
				void* _t111;

				E00007FFA7FFA0AEE3C78(_t72, _t92, _t94, _t108, _t111);
				_v32 = 0xaf677;
				_v28 = _t89;
				_v20 = 0;
				_v40 = 0xfd88c9;
				_v40 = _v40 << 4;
				_t109 = _t94;
				_v40 = _v40 + 0x78ac;
				_v40 = _v40 >> 0xb;
				_v40 = _v40 ^ 0x000507fd;
				_v36 = 0xcfc95d;
				_v36 = _v36 >> 0xc;
				_v36 = _v36 ^ 0x0002f3f3;
				r9d = _v36;
				_t87 = _v40;
				_a16 = _t87;
				_a8 = _t84;
				_v24 = 0xea8c5;
				_v20 = 0xd8605;
				_v16 = 0x44e3c;
				_v12 = 0x82280;
				_a8 = 0x29d2f9;
				_a8 = _a8 * 0x3e;
				_a8 = _a8 ^ 0x520bda6e;
				_a8 = _a8 ^ 0x58213ba9;
				_a16 = 0x9efdf6;
				_a16 = _a16 + 0xfffffc7e;
				_a16 = _a16 + 0x9dd6;
				_a16 = _a16 << 0xe;
				_a16 = _a16 ^ 0xe61ed990;
				r8d = _a16;
				_t95 =  *0xaee8220; // 0x22823270990
				goto E00007FFA7FFA0AED89D0;
				asm("int3");
				_a8 = _t90;
				_a16 = _t99;
				_v56 = _a56;
				_v64 = _a48;
				_v72 = _a40;
				E00007FFA7FFA0AEE3C78(_a40, _t92, _t95, _t109, _t111);
				_v32 = 0x1c800;
				_v28 = _t89;
				_v36 = 0xefd74c;
				r9d = 0xeb2caf89;
				_v36 = _v36 << 9;
				r8d = 0xa2;
				_v36 = _v36 ^ 0xdfa4ca0b;
				_v40 = 0x5c3fa8;
				_v40 = _v40 ^ 0xd01a18b0;
				_v40 = _v40 + 0xffffa9e1;
				_v40 = _v40 + 0xfffff40e;
				_v40 = _v40 ^ 0xd049cea7;
				E00007FFA7FFA0AED44C4(0x55911623, _t87, _t90, _t95);
				goto __rax;
			}

0x7ffa0aee4440
0x7ffa0aee4445
0x7ffa0aee444f
0x7ffa0aee4454
0x7ffa0aee4458
0x7ffa0aee4460
0x7ffa0aee4465
0x7ffa0aee4468
0x7ffa0aee4470
0x7ffa0aee4475
0x7ffa0aee447d
0x7ffa0aee4485
0x7ffa0aee448a
0x7ffa0aee4492
0x7ffa0aee4497
0x7ffa0aee44a4
0x7ffa0aee44a8
0x7ffa0aee44b0
0x7ffa0aee44b8
0x7ffa0aee44c0
0x7ffa0aee44c8
0x7ffa0aee44d0
0x7ffa0aee44dd
0x7ffa0aee44e1
0x7ffa0aee44e9
0x7ffa0aee44f1
0x7ffa0aee44f9
0x7ffa0aee4501
0x7ffa0aee4509
0x7ffa0aee450e
0x7ffa0aee4516
0x7ffa0aee451b
0x7ffa0aee452a
0x7ffa0aee452f
0x7ffa0aee4530
0x7ffa0aee4535
0x7ffa0aee4550
0x7ffa0aee455b
0x7ffa0aee455f
0x7ffa0aee4566
0x7ffa0aee456b
0x7ffa0aee457a
0x7ffa0aee457f
0x7ffa0aee4587
0x7ffa0aee458d
0x7ffa0aee4592
0x7ffa0aee4598
0x7ffa0aee45a0
0x7ffa0aee45a8
0x7ffa0aee45b0
0x7ffa0aee45b8
0x7ffa0aee45c0
0x7ffa0aee45d0
0x7ffa0aee45ec

Strings

K, xrefs: 00007FFA0AEE693D
5, xrefs: 00007FFA0AEE68AD
K, xrefs: 00007FFA0AEE67FF
K, xrefs: 00007FFA0AEE6866
)A0|, xrefs: 00007FFA0AEE683F

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: 5$)A0|$K$K$K
API String ID: 0-1338687562
Opcode ID: 6bc85315bd35b6ce1fc6ea1c1879206012b53393c08b0a3e02172e8aa78f4980
Instruction ID: 8f54178afce5267b0399111d8c7ccf6c921ee5641c53b58613f448989e0565f2
Opcode Fuzzy Hash: 6bc85315bd35b6ce1fc6ea1c1879206012b53393c08b0a3e02172e8aa78f4980
Instruction Fuzzy Hash: 6651C373A0C2518BD374EB25F05502EBBA0F79A748F104279E6CD86B58EB7CDA018F05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5890024 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 644COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7A5889350: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A588937B
Part of subcall function 00007FF7A5889350: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58893A0
Part of subcall function 00007FF7A5889350: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58893CA
Part of subcall function 00007FF7A5889350: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A588945B

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5890895
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A589089B

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 00007FF7A58900C4, 00007FF7A589058C

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 4156930308-2799312399
Opcode ID: 1d664fd4ba87c94626d44a3d231fc838330497ae9f49ba1e9c46edfb4b04def6
Instruction ID: 733338f0bb7f29ae9e2e1cdb6b9695cf590826cdfefd83012a006b85bd94cb8c
Opcode Fuzzy Hash: 1d664fd4ba87c94626d44a3d231fc838330497ae9f49ba1e9c46edfb4b04def6
Instruction Fuzzy Hash: 3352A122A0AA85C9EB51AFA9C05017CB761BB42F88B955071EE5E177B5CF3DF472C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5885FC0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 492
COMMONCrypto

Download Yara Rule

C-Code - Quality: 62%

			E00007FF77FF7A5885FC0(void* __esi, long long __rbx, void* __rcx, long long __rdx, void* __r8, long long __r9) {
				void* __rdi;
				void* __rsi;
				void* __r12;
				void* __r14;
				void* __r15;
				signed int _t64;
				void* _t84;
				long long _t85;
				void* _t89;
				signed int _t97;
				void* _t103;
				intOrPtr _t105;
				void* _t107;
				signed long long _t125;
				signed long long _t126;
				void* _t131;
				long long _t142;
				long long _t158;
				intOrPtr _t160;
				char* _t163;
				short* _t164;
				intOrPtr _t167;
				void* _t173;
				void* _t180;
				void* _t182;
				signed long long _t183;
				void* _t194;
				void* _t199;
				long long _t200;
				void* _t202;
				long long _t203;

				_t158 = __rdx;
				_t103 = __esi;
				 *((long long*)(_t182 + 8)) = __rbx;
				_t180 = _t182 - 0x17;
				_t183 = _t182 - 0xa0;
				asm("movaps [esp+0x90], xmm6");
				_t125 =  *0xa58fb008; // 0x485f0d1bb70c
				_t126 = _t125 ^ _t183;
				 *(_t180 - 9) = _t126;
				_t200 = __r9;
				_t203 = __rdx;
				_t194 = __rcx;
				 *((long long*)(_t180 - 0x39)) = __rdx;
				 *((long long*)(_t180 - 0x29)) = __rdx;
				r9d = 0xf;
				 *((long long*)(_t180 - 0x21)) = __r9;
				 *((char*)(_t180 - 0x39)) = 0;
				_t64 =  *(__r9 + 0x18) & 0x00003000;
				_t9 = _t158 - 1; // -1
				asm("movsd xmm6, [ebp+0x7f]");
				if (_t64 != 0x3000) goto 0xa5886036;
				goto 0xa58860ad;
				_t105 =  *((intOrPtr*)(__r9 + 0x20));
				if (_t105 <= 0) goto 0xa5886043;
				goto 0xa5886057;
				if (_t105 != 0) goto 0xa5886052;
				if (_t64 != 0) goto 0xa588604e;
				goto 0xa58860ad;
				goto 0xa5886057;
				_t107 = _t64 - 0x2000;
				if (_t107 != 0) goto 0xa58860ad;
				asm("movaps xmm0, xmm6");
				asm("andps xmm0, [0x6c3e5]");
				asm("comisd xmm0, [0x6c3d5]");
				if (_t107 <= 0) goto 0xa58860ad;
				asm("movaps xmm0, xmm6");
				E00007FF77FF7A58BE35C(6, _t180 - 0x19,  *((intOrPtr*)(__r9 + 0x20)));
				asm("cdq");
				_t160 =  *((intOrPtr*)(_t180 - 0x29));
				_t142 =  <  ? _t9 : 6 + _t126 + 0x32;
				if (_t142 - _t160 > 0) goto 0xa58860d1;
				 *((long long*)(_t180 - 0x29)) = _t142;
				_t128 =  >=  ?  *((void*)(_t180 - 0x39)) : _t180 - 0x39;
				 *((char*)(( >=  ?  *((void*)(_t180 - 0x39)) : _t180 - 0x39) + _t142)) = 0;
				goto 0xa588611d;
				_t173 = _t142 - _t160;
				if (_t173 -  *((intOrPtr*)(_t180 - 0x21)) - _t160 > 0) goto 0xa5886109;
				 *((long long*)(_t180 - 0x29)) = _t142;
				_t144 =  >=  ?  *((void*)(_t180 - 0x39)) : _t180 - 0x39;
				_t145 = ( >=  ?  *((void*)(_t180 - 0x39)) : _t180 - 0x39) + _t160;
				E00007FF77FF7A58B68A0();
				 *((char*)(( >=  ?  *((void*)(_t180 - 0x39)) : _t180 - 0x39) + _t160 + _t173)) = 0;
				goto 0xa588611d;
				 *((char*)(_t183 + 0x20)) = 0;
				E00007FF77FF7A58895F0(_t180 - 0x39, _t173, _t173, _t173, _t194, __r9, _t203, _t202);
				r8d =  *(__r9 + 0x18);
				 *((char*)(_t180 - 0x11)) = 0x25;
				asm("inc ecx");
				_t77 =  <  ? 0x2b :  *(_t180 - 0x10) & 0x000000ff;
				 *(_t180 - 0x10) =  <  ? 0x2b :  *(_t180 - 0x10) & 0x000000ff;
				_t131 = _t180 - 0xf;
				_t163 =  <  ? _t131 : _t180 - 0x10;
				if ((r8b & 0x00000010) == 0) goto 0xa5886151;
				 *_t163 = 0x23;
				_t164 = _t163 + 1;
				 *_t164 = 0x2a2e;
				 *((char*)(_t164 + 2)) = 0x4c;
				_t97 = r8d & 0x00003000;
				if ((r8b & 0x00000004) == 0) goto 0xa588618c;
				if (_t97 != 0x2000) goto 0xa5886175;
				goto 0xa58861b9;
				if (_t97 != 0x3000) goto 0xa5886181;
				goto 0xa58861b9;
				_t42 = _t131 - 2; // 0x45
				r8d = _t42;
				goto 0xa58861af;
				if (_t97 != 0x2000) goto 0xa5886198;
				goto 0xa58861b9;
				if (_t97 != 0x3000) goto 0xa58861a4;
				goto 0xa58861b9;
				r8d = 0x65;
				_t84 =  ==  ? r8d : 0x67;
				 *((char*)(_t164 + 3)) = 0x61;
				 *((char*)(_t164 + 4)) = 0;
				_t151 =  >=  ?  *((void*)(_t180 - 0x39)) : _t180 - 0x39;
				asm("movsd [esp+0x20], xmm6");
				r9d = _t103;
				_t85 = E00007FF77FF7A5881230(_t131,  >=  ?  *((void*)(_t180 - 0x39)) : _t180 - 0x39,  *((intOrPtr*)(_t180 - 0x29)), _t180 - 0x11, _t173, _t199);
				asm("inc ecx");
				asm("movaps [ebp-0x49], xmm0");
				_t133 =  >=  ?  *((void*)(_t180 - 0x39)) : _t180 - 0x39;
				 *((long long*)(_t183 + 0x30)) = _t85;
				 *((long long*)(_t183 + 0x28)) =  >=  ?  *((void*)(_t180 - 0x39)) : _t180 - 0x39;
				 *((char*)(_t183 + 0x20)) =  *(_t180 + 0x77) & 0x000000ff;
				E00007FF77FF7A5887F30(( >=  ?  *((void*)(_t180 - 0x39)) : _t180 - 0x39) + _t160, _t203, _t180 - 0x49, _t200);
				_t167 =  *((intOrPtr*)(_t180 - 0x21));
				if (_t167 - 0x10 < 0) goto 0xa588625a;
				_t154 =  *((intOrPtr*)(_t180 - 0x39));
				if (_t167 + 1 - 0x1000 < 0) goto 0xa5886255;
				if ( *((intOrPtr*)(_t180 - 0x39)) -  *((intOrPtr*)(_t154 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa588628c;
				_t89 = E00007FF77FF7A588AAD0(E00007FF77FF7A588AAF0( *((intOrPtr*)(_t180 - 0x39)) -  *((intOrPtr*)(_t154 - 8)) + 0xfffffff8, _t145, _t200), _t97,  *(_t180 - 9) ^ _t183);
				asm("movaps xmm6, [esp+0x90]");
				return _t89;
			}

0x7ff7a5885fc0
0x7ff7a5885fc0
0x7ff7a5885fc0
0x7ff7a5885fd0
0x7ff7a5885fd5
0x7ff7a5885fdc
0x7ff7a5885fe4
0x7ff7a5885feb
0x7ff7a5885fee
0x7ff7a5885ff2
0x7ff7a5885ff8
0x7ff7a5885ffb
0x7ff7a5886000
0x7ff7a5886004
0x7ff7a5886008
0x7ff7a588600e
0x7ff7a5886012
0x7ff7a5886019
0x7ff7a588601e
0x7ff7a5886022
0x7ff7a588602c
0x7ff7a5886034
0x7ff7a588603a
0x7ff7a588603d
0x7ff7a5886041
0x7ff7a5886043
0x7ff7a5886047
0x7ff7a588604c
0x7ff7a5886050
0x7ff7a588605a
0x7ff7a588605f
0x7ff7a5886061
0x7ff7a5886064
0x7ff7a588606b
0x7ff7a5886073
0x7ff7a5886079
0x7ff7a588607c
0x7ff7a5886084
0x7ff7a58860a9
0x7ff7a58860b1
0x7ff7a58860b8
0x7ff7a58860ba
0x7ff7a58860c6
0x7ff7a58860cb
0x7ff7a58860cf
0x7ff7a58860d4
0x7ff7a58860e0
0x7ff7a58860e2
0x7ff7a58860ee
0x7ff7a58860f3
0x7ff7a58860fe
0x7ff7a5886103
0x7ff7a5886107
0x7ff7a5886109
0x7ff7a5886118
0x7ff7a588611d
0x7ff7a5886121
0x7ff7a5886125
0x7ff7a5886133
0x7ff7a5886136
0x7ff7a588613d
0x7ff7a5886141
0x7ff7a5886149
0x7ff7a588614b
0x7ff7a588614e
0x7ff7a5886151
0x7ff7a5886156
0x7ff7a588615d
0x7ff7a5886167
0x7ff7a588616f
0x7ff7a5886173
0x7ff7a588617b
0x7ff7a588617f
0x7ff7a5886186
0x7ff7a5886186
0x7ff7a588618a
0x7ff7a5886192
0x7ff7a5886196
0x7ff7a588619e
0x7ff7a58861a2
0x7ff7a58861a9
0x7ff7a58861b5
0x7ff7a58861b9
0x7ff7a58861bc
0x7ff7a58861c9
0x7ff7a58861ce
0x7ff7a58861d4
0x7ff7a58861df
0x7ff7a58861e7
0x7ff7a58861ec
0x7ff7a58861f9
0x7ff7a58861fe
0x7ff7a5886203
0x7ff7a588620c
0x7ff7a588621d
0x7ff7a5886223
0x7ff7a588622b
0x7ff7a5886230
0x7ff7a588623e
0x7ff7a5886253
0x7ff7a5886264
0x7ff7a5886271
0x7ff7a588628b

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A588628C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5886568

Strings

%, xrefs: 00007FF7A58865A7

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: %
API String ID: 3668304517-2567322570
Opcode ID: ba8280fe98136841ed60a0304db950d30e84fd28d7923f71e6f681663df3e580
Instruction ID: fcb64ecfb73f53e3a85fc2873fab37a6d36ec2f9e3d57a1ec3fc5d2e692621bd
Opcode Fuzzy Hash: ba8280fe98136841ed60a0304db950d30e84fd28d7923f71e6f681663df3e580
Instruction Fuzzy Hash: E1123012B0968589FB259B66D4003FDA361EB6ABC9F854171DE4D27BAADF3CE4508320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDB4F0 Relevance: 5.4, Strings: 4, Instructions: 376COMMON

Download Yara Rule

Strings

rY=, xrefs: 00007FFA0AEDB5B9
DOu, xrefs: 00007FFA0AEDB9CC
=:i, xrefs: 00007FFA0AEDBA35
&5uM, xrefs: 00007FFA0AEDB98E

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: &5uM$=:i$DOu$rY=
API String ID: 0-4260392290
Opcode ID: 5cb085587bdcc2898dd9e476f9e2289c28022e1fc0782cf688003dd5e0fa8190
Instruction ID: 9105f53743544a31ae868435237e3acf31082718555168a51eb402ad965f9037
Opcode Fuzzy Hash: 5cb085587bdcc2898dd9e476f9e2289c28022e1fc0782cf688003dd5e0fa8190
Instruction Fuzzy Hash: 9C12DF77A002508FD7A8DF78D48A4AD3FB1F34439C7209129FA16ABA58D7799985CF80

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5894400 Relevance: 5.3, APIs: 3, Instructions: 761
COMMONCrypto

Download Yara Rule

C-Code - Quality: 27%

			E00007FF77FF7A5894400(void* __ecx, void* __rcx, long long __rdx, void* __r8, intOrPtr* __r9) {
				signed int _v80;
				long long _v88;
				long long _v96;
				char _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				long long _v144;
				intOrPtr _v148;
				intOrPtr _v151;
				char _v152;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				signed long long _t54;
				long long _t57;
				long long _t64;
				long long _t81;
				intOrPtr* _t82;
				void* _t87;
				long long _t96;
				intOrPtr _t97;

				_t54 =  *0xa58fb008; // 0x485f0d1bb70c
				_v80 = _t54 ^ _t87 - 0x00000078;
				_v136 = __rdx;
				_t85 = __rcx;
				_t3 = _t81 + 1; // 0x1
				r15d = _t3;
				if ( *__r9 == dil) goto 0xa5894457;
				_t57 =  !=  ? __r8 : __r8 + 1;
				_t64 = _t57;
				if ( *((intOrPtr*)(__r9 + _t96)) != 0) goto 0xa5894440;
				_v112 = _t81;
				_v96 = _t81;
				_v88 = 0xf;
				_v112 = dil;
				if (_t64 - 0xf > 0) goto 0xa589448a;
				_v96 = _t64;
				E00007FF77FF7A58B68A0();
				 *((intOrPtr*)(_t87 + _t64 - 0x30)) = dil;
				goto 0xa589449a;
				r9d = 0;
				r8b = _v151;
				E00007FF77FF7A588DB08(__ecx, _t64,  &_v112, _t64, __rcx, _t87, __r9);
				E00007FF77FF7A58920CC(r15b, _t64, _t85, _t87);
				_t82 = _t57;
				_v120 = _t57;
				E00007FF77FF7A5888C10(_t64,  &_v128, _t87);
				_v128 = _t57;
				if (_t82 == 0) goto 0xa58944e5;
				 *0xa58e2390();
				if ( *((intOrPtr*)( *_t82 + 0x10)) == 0) goto 0xa58944e5;
				 *0xa58e2390();
				_v152 = 0;
				r14d = 0;
				r12d = 0;
				_v148 = 0xfffffffe;
				_v144 = _t96;
				_t97 = _v88;
				if (_t64 != 0) goto 0xa589456b;
				if (_t97 - 0x10 < 0) goto 0xa5894542;
				_t23 = _t97 + 1; // 0x10
				if (_t23 - 0x1000 < 0) goto 0xa589453a;
				if (_v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa5894749;
				E00007FF77FF7A588AAF0(_v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8, _t64, __r9);
				return E00007FF77FF7A588AAD0(_v148, 0, _v80 ^ _t87 - 0x00000078);
			}

0x7ff7a5894414
0x7ff7a589441e
0x7ff7a5894428
0x7ff7a589442c
0x7ff7a5894431
0x7ff7a5894431
0x7ff7a5894438
0x7ff7a5894447
0x7ff7a589444b
0x7ff7a5894455
0x7ff7a5894457
0x7ff7a589445b
0x7ff7a589445f
0x7ff7a5894467
0x7ff7a5894473
0x7ff7a5894475
0x7ff7a589447e
0x7ff7a5894483
0x7ff7a5894488
0x7ff7a589448a
0x7ff7a589448d
0x7ff7a5894494
0x7ff7a589449d
0x7ff7a58944a2
0x7ff7a58944a5
0x7ff7a58944ad
0x7ff7a58944b2
0x7ff7a58944b9
0x7ff7a58944c5
0x7ff7a58944d1
0x7ff7a58944df
0x7ff7a58944e7
0x7ff7a58944ea
0x7ff7a58944ed
0x7ff7a58944f0
0x7ff7a58944fa
0x7ff7a58944fe
0x7ff7a5894509
0x7ff7a589450f
0x7ff7a5894511
0x7ff7a589451f
0x7ff7a5894534
0x7ff7a589453d
0x7ff7a5894561

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5894749
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5894ABE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5894E32

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 981fd597a981934d56b45a2f8e72051c50a797bbc667ffcc71aea152ca3826a2
Instruction ID: e55297d5895637ae5ed2ad176c78761f4fd4bf25fc55f3d2b1a4539c4a293e40
Opcode Fuzzy Hash: 981fd597a981934d56b45a2f8e72051c50a797bbc667ffcc71aea152ca3826a2
Instruction Fuzzy Hash: AB62F662B0A692C9FB10AB6594502BC77B1BB42F88F964075EE4E17BB5CF3CE450C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED6428 Relevance: 5.1, Strings: 4, Instructions: 53
COMMONCrypto

Download Yara Rule

C-Code - Quality: 63%

			E00007FFA7FFA0AED6428(signed int _a40) {
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v56;
				signed int _t57;
				void* _t62;
				void* _t64;
				void* _t65;
				void* _t70;
				void* _t71;
				void* _t72;

				_v40 = _a40;
				E00007FFA7FFA0AEE3C78(_a40, _t62, _t64, _t70, _t72);
				_v16 = 0xdd79e;
				_v20 = 0x477322;
				_t71 = _t64;
				_t5 =  &_v20; // 0x477322
				_v20 =  *_t5 * 0x4c;
				_v20 = _v20 ^ 0xd9afd933;
				_v20 = _v20 ^ 0xcc99ff19;
				_v16 = 0x58c935;
				_v16 = _v16 | 0x5e10be78;
				_v16 = _v16 ^ 0x5e5c6dfe;
				_v24 = 0x3cf2d;
				_v24 = _v24 + 0xd761;
				_v24 = _v24 ^ 0x0d66120a;
				_v24 = _v24 ^ 0x0d69376b;
				_t23 =  &_v24; // 0xd69376b
				r9d =  *_t23;
				_t57 = _v16;
				goto 0xaee3c8c;
				asm("int3");
				_v56 = _a40;
				E00007FFA7FFA0AEE3C78(_a40, _t62, _t64, _t71, _t72);
				_v32 = 0xc4a18;
				_v28 = 0x9a74d;
				_v24 = 0xf188d;
				_v20 = 0;
				_v40 = 0xa85ec0;
				_v40 = _v40 << 0x10;
				r9d = 0xb67c69ef;
				r8d = 0x54;
				_v40 = _v40 + 0xffff0b28;
				_v40 = _v40 ^ 0x5ebbc865;
				_v36 = 0x24e3d7;
				_v36 = _v36 << 0xd;
				_v36 = _v36 ^ 0x9c7fce53;
				E00007FFA7FFA0AED44C4(0xf9efd5f1, _t57, _t71, _t65);
				goto __rax;
			}

0x7ffa0aed6430
0x7ffa0aed6434
0x7ffa0aed6439
0x7ffa0aed6441
0x7ffa0aed6449
0x7ffa0aed644c
0x7ffa0aed6451
0x7ffa0aed6455
0x7ffa0aed645d
0x7ffa0aed6465
0x7ffa0aed646d
0x7ffa0aed6475
0x7ffa0aed647d
0x7ffa0aed6485
0x7ffa0aed648d
0x7ffa0aed6495
0x7ffa0aed649d
0x7ffa0aed649d
0x7ffa0aed64a2
0x7ffa0aed64ae
0x7ffa0aed64b3
0x7ffa0aed64c4
0x7ffa0aed64c8
0x7ffa0aed64cd
0x7ffa0aed64d5
0x7ffa0aed64dd
0x7ffa0aed64e7
0x7ffa0aed64eb
0x7ffa0aed64f8
0x7ffa0aed64fd
0x7ffa0aed6503
0x7ffa0aed6509
0x7ffa0aed6511
0x7ffa0aed6519
0x7ffa0aed6521
0x7ffa0aed6526
0x7ffa0aed6536
0x7ffa0aed6543

Strings

x, xrefs: 00007FFA0AEE3CA0
"sG, xrefs: 00007FFA0AED644C
K U, xrefs: 00007FFA0AEE3CDD
k7i, xrefs: 00007FFA0AED649D

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: "sG$K U$k7i$x
API String ID: 0-480684533
Opcode ID: 3e97d4424d5899e7f2e76632cc6d5683ee15469bb5c482ad8139a274f42ae952
Instruction ID: 2f8c6bd43a6eb8953ef56a84211e41dddcb68a39d66004f689edc46d83ab8a63
Opcode Fuzzy Hash: 3e97d4424d5899e7f2e76632cc6d5683ee15469bb5c482ad8139a274f42ae952
Instruction Fuzzy Hash: F521B97352D3418BC368DF25E19941FBAA1F389B48B105229FA8B5AB68D77CD505CF04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDC480 Relevance: 4.1, Strings: 3, Instructions: 308
COMMONCrypto

Download Yara Rule

C-Code - Quality: 24%

			E00007FFA7FFA0AEDC480(long long __rbx, long long __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi) {
				void* __rbp;
				void* _t339;
				void* _t360;
				signed int _t392;
				void* _t449;
				intOrPtr _t450;
				signed long long _t452;
				intOrPtr _t453;
				signed long long _t454;
				long long _t456;
				long long* _t464;
				intOrPtr* _t467;
				void* _t470;
				void* _t472;
				void* _t473;
				void* _t475;
				void* _t476;

				_t461 = __rdx;
				_t456 = __rbx;
				_t449 = _t472;
				 *((long long*)(_t449 + 8)) = __rbx;
				 *((long long*)(_t449 + 0x10)) = __rsi;
				 *((long long*)(_t449 + 0x18)) = __rdi;
				_t470 = _t449 - 0x57;
				_t473 = _t472 - 0x100;
				_t464 =  *((intOrPtr*)(_t470 + 0x7f));
				_t467 = __rdx;
				 *((long long*)(_t473 + 0x20)) = _t464;
				E00007FFA7FFA0AEE3C78(_t339, __rcx, __rdx, _t475, _t476);
				 *((intOrPtr*)(_t470 + 0x37)) = 0xb71de;
				 *((long long*)(_t470 + 0x3b)) = __rcx;
				if (0xda111 == 0x66349) goto 0xaedc9e2;
				if (0xda111 == 0xa95bb) goto 0xaedc790;
				if (0xda111 == 0xc2a05) goto 0xaedc71c;
				if (0xda111 == 0xda111) goto 0xaedc712;
				if (0xda111 != 0xef577) goto 0xaedca21;
				 *(_t470 + 3) = 0x875e15;
				 *(_t470 + 3) =  *(_t470 + 3) + 0x1ecd;
				 *(_t470 + 3) =  *(_t470 + 3) ^ 0x7997fbca;
				 *(_t470 + 3) = 0xa0a0a0a1 *  *(_t470 + 3) >> 0x20 >> 6;
				 *(_t470 + 3) =  *(_t470 + 3) ^ 0x012fd92b;
				 *(_t470 + 0x1b) = 0x95ad5;
				 *(_t470 + 0x1b) =  *(_t470 + 0x1b) * 0x59;
				 *(_t470 + 0x1b) =  *(_t470 + 0x1b) ^ 0x0340940c;
				 *(_t470 - 9) = 0xd84521;
				 *(_t470 - 9) =  *(_t470 - 9) << 0xa;
				 *(_t470 - 9) =  *(_t470 - 9) | 0xd57eeaa8;
				 *(_t470 - 9) =  *(_t470 - 9) ^ 0xf5745d31;
				 *(_t470 - 0x11) = 0x6d619f;
				 *(_t470 - 0x11) = 0xaaaaaaab *  *(_t470 - 0x11) >> 0x20 >> 2;
				 *(_t470 - 0x11) =  *(_t470 - 0x11) + 0x5086;
				 *(_t470 - 0x11) =  *(_t470 - 0x11) ^ 0x7b8d65cd;
				 *(_t470 - 0x11) =  *(_t470 - 0x11) ^ 0x7b91af07;
				 *(_t470 - 1) = 0xc51c44;
				 *(_t470 - 1) =  *(_t470 - 1) >> 0xd;
				 *(_t470 - 1) =  *(_t470 - 1) | 0x58260111;
				 *(_t470 - 1) =  *(_t470 - 1) + 0xe81e;
				 *(_t470 - 1) =  *(_t470 - 1) ^ 0x582bffad;
				 *(_t470 - 0xd) = 0xadc192;
				 *(_t470 - 0xd) =  *(_t470 - 0xd) << 7;
				 *(_t470 - 0xd) =  *(_t470 - 0xd) ^ 0x56e702b9;
				 *(_t470 + 0x1f) = 0xeb274a;
				 *(_t470 + 0x1f) =  *(_t470 + 0x1f) >> 3;
				 *(_t470 + 0x1f) =  *(_t470 + 0x1f) ^ 0x001d3773;
				 *(_t470 + 7) = 0x73c3f3;
				 *(_t470 + 7) =  *(_t470 + 7) | 0x82701a5f;
				 *(_t470 + 7) =  *(_t470 + 7) * 0x38;
				 *(_t470 + 7) =  *(_t470 + 7) + 0x3593;
				 *(_t470 + 7) =  *(_t470 + 7) ^ 0x8951761f;
				 *(_t470 + 0x13) = 0xdde1b1;
				 *(_t470 + 0x13) =  *(_t470 + 0x13) ^ 0x793e0c29;
				 *(_t470 + 0x13) =  *(_t470 + 0x13) ^ 0x79edf1f0;
				 *(_t470 - 5) = 0xf34fbe;
				 *(_t470 - 5) =  *(_t470 - 5) + 0xffffcda6;
				 *(_t470 - 5) =  *(_t470 - 5) + 0x1931;
				 *(_t470 - 5) =  *(_t470 - 5) ^ 0x00f9717e;
				 *(_t470 + 0xb) = 0x8a4f2b;
				 *(_t470 + 0xb) =  *(_t470 + 0xb) << 0xc;
				 *(_t470 + 0xb) =  *(_t470 + 0xb) | 0x22ecc0b6;
				 *(_t470 + 0xb) =  *(_t470 + 0xb) + 0xc1be;
				 *(_t470 + 0xb) =  *(_t470 + 0xb) ^ 0xa6f0c04c;
				 *(_t470 + 0xf) = 0x6ea936;
				 *(_t470 + 0xf) =  *(_t470 + 0xf) ^ 0xc93c9acd;
				 *(_t470 + 0xf) =  *(_t470 + 0xf) ^ 0xc9593a2b;
				 *(_t473 + 0x98) =  *(_t470 + 0xf);
				 *(_t473 + 0x90) =  *(_t470 + 0xb);
				 *(_t473 + 0x88) =  *(_t470 + 0x2f);
				 *(_t473 + 0x80) =  *(_t470 - 5);
				 *(_t473 + 0x78) =  *(_t470 + 0x13);
				 *(_t473 + 0x70) =  *(_t470 + 7);
				 *(_t473 + 0x68) =  *(_t470 + 0x1f);
				 *(_t473 + 0x60) =  *(_t470 + 0x1b);
				 *(_t473 + 0x58) =  *(_t470 - 0xd);
				 *((intOrPtr*)(_t473 + 0x50)) =  *((intOrPtr*)(__rdx + 8));
				 *(_t473 + 0x48) =  *(_t470 + 3);
				_t450 =  *0xaee8210; // 0x0
				r8d =  *(_t470 - 0x11);
				 *((long long*)(_t473 + 0x40)) =  *((intOrPtr*)(_t450 + 0x40));
				 *(_t473 + 0x38) =  *(_t470 - 1);
				 *((long long*)(_t473 + 0x30)) =  *(_t470 + 0x27);
				_t452 =  *__rdx;
				 *(_t473 + 0x28) = _t452;
				_t360 = E00007FFA7FFA0AED8488(0xda111 - 0xef577, _t452, __rbx,  *((intOrPtr*)(_t450 + 0x40)), __rdx, __rdx, _t470, _t470 + 0x2f);
				 *(_t470 - 0x11) = 0xcce3a1;
				 *(_t470 - 0x11) =  *(_t470 - 0x11) + 0xffff5ad6;
				 *(_t470 - 0x11) =  *(_t470 - 0x11) >> 4;
				 *(_t470 - 0x11) =  *(_t470 - 0x11) | 0x8ffcd9ec;
				 *(_t470 - 0x11) =  *(_t470 - 0x11) ^ 0x8ffcdbef;
				if (_t360 ==  *(_t470 - 0x11)) goto 0xaedca2d;
				goto 0xaedc4c0;
				goto 0xaedc4c0;
				 *(_t470 - 5) = 0x9c9dcf;
				 *(_t470 - 5) =  *(_t470 - 5) << 0xb;
				 *(_t470 - 5) =  *(_t470 - 5) + 0xffffb069;
				 *(_t470 - 5) =  *(_t470 - 5) ^ 0xe4e5d495;
				 *(_t470 - 9) = 0x551a73;
				 *(_t470 - 9) =  *(_t470 - 9) ^ 0xb0051db7;
				 *(_t470 - 9) =  *(_t470 - 9) >> 9;
				 *(_t470 - 9) =  *(_t470 - 9) ^ 0x0051342a;
				 *(_t470 - 0xd) = 0x8ac065;
				 *(_t470 - 0xd) = _t452 + _t452 * 4 << 2;
				 *(_t470 - 0xd) =  *(_t470 - 0xd) ^ 0x0ad9d070;
				E00007FFA7FFA0AEDDE9C( *(_t470 + 0x2f), 0xaaaaaaab *  *(_t470 - 0x11) >> 0x20 >> 2, _t452);
				 *(_t470 + 0x27) = _t452;
				if (_t452 == 0) goto 0xaedca3f;
				goto 0xaedc4c0;
				 *(_t470 + 0x17) = 0x477f08;
				 *(_t470 + 0x17) = 0xf0f0f0f1 *  *(_t470 + 0x17) >> 0x20 >> 4;
				 *(_t470 + 0x17) =  *(_t470 + 0x17) ^ 0x000434a6;
				 *(_t470 - 0x11) = 0x88dd7b;
				 *(_t470 - 0x11) =  *(_t470 - 0x11) + 0xbc25;
				 *(_t470 - 0x11) =  *(_t470 - 0x11) ^ 0x21eff5f5;
				 *(_t470 - 0x11) =  *(_t470 - 0x11) ^ 0x42bf87d8;
				 *(_t470 - 0x11) =  *(_t470 - 0x11) ^ 0x63d9eb8d;
				 *(_t470 + 0x13) = 0xda8e7c;
				 *(_t470 + 0x13) =  *(_t470 + 0x13) | 0xb4108c79;
				 *(_t470 + 0x13) =  *(_t470 + 0x13) ^ 0xb4da8e7c;
				 *(_t470 + 0xb) = 0x471cc8;
				 *(_t470 + 0xb) =  *(_t470 + 0xb) >> 0xa;
				 *(_t470 + 0xb) =  *(_t470 + 0xb) >> 0xa;
				 *(_t470 + 0xb) =  *(_t470 + 0xb) ^ 0x0002e313;
				 *(_t470 + 7) = 0xcf6734;
				 *(_t470 + 7) =  *(_t470 + 7) ^ 0x2b589111;
				 *(_t470 + 7) =  *(_t470 + 7) ^ 0xd3f56ce3;
				 *(_t470 + 7) =  *(_t470 + 7) ^ 0x34bcc6b0;
				 *(_t470 + 7) =  *(_t470 + 7) ^ 0xccdecc53;
				 *(_t470 - 5) = 0xd0b79f;
				 *(_t470 - 5) =  *(_t470 - 5) + 0x5dc2;
				 *(_t470 - 5) =  *(_t470 - 5) ^ 0x6c00007c;
				 *(_t470 - 5) =  *(_t470 - 5) ^ 0x6cd79f7f;
				 *(_t470 + 0xf) = 0xc53342;
				 *(_t470 + 0xf) = 0xc0c0c0c1 *  *(_t470 + 0xf) >> 0x20 >> 6;
				 *(_t470 + 0xf) =  *(_t470 + 0xf) ^ 0x000f0de6;
				 *(_t470 + 0x1f) = 0x3390f4;
				 *(_t470 + 0x1f) =  *(_t470 + 0x1f) + 0xffff948d;
				 *(_t470 + 0x1f) =  *(_t470 + 0x1f) ^ 0x003e64bf;
				 *(_t470 + 3) = 0x79383e;
				 *(_t470 + 3) =  *(_t470 + 3) ^ 0x1727ae5e;
				 *(_t470 + 3) =  *(_t470 + 3) << 7;
				 *(_t470 + 3) =  *(_t470 + 3) ^ 0x8f849f4f;
				 *(_t470 + 3) =  *(_t470 + 3) ^ 0x20c32408;
				 *(_t470 + 0x1b) = 0xa01dd;
				 *(_t470 + 0x1b) = ( *(_t470 + 0x1b) - (0xaf286bcb *  *(_t470 + 0x1b) >> 0x20) >> 1) + (0xaf286bcb *  *(_t470 + 0x1b) >> 0x20) >> 5;
				 *(_t470 + 0x1b) =  *(_t470 + 0x1b) ^ 0x000087a6;
				 *(_t470 - 1) = 0xea76d3;
				 *(_t470 - 1) =  *(_t470 - 1) ^ 0xdab209b5;
				 *(_t470 - 1) =  *(_t470 - 1) * 0xe;
				 *(_t470 - 1) =  *(_t470 - 1) * 0x5e;
				 *(_t470 - 1) =  *(_t470 - 1) ^ 0x6ee551b5;
				 *(_t470 - 9) = 0x25e1ee;
				 *(_t470 - 9) =  *(_t470 - 9) + 0x10c;
				 *(_t470 - 9) =  *(_t470 - 9) * 0x4d;
				 *(_t470 - 9) =  *(_t470 - 9) ^ 0x0b6d64f4;
				 *(_t470 - 0xd) = 0x15397f;
				 *(_t470 - 0xd) =  *(_t470 - 0xd) * 0xf;
				 *(_t470 - 0xd) =  *(_t470 - 0xd) ^ 0x0138fccb;
				 *(_t473 + 0x98) =  *(_t470 - 0xd);
				 *(_t473 + 0x90) =  *(_t470 - 9);
				 *(_t473 + 0x88) =  *(_t470 - 0x11);
				 *(_t473 + 0x80) =  *(_t470 - 1);
				 *(_t473 + 0x78) =  *(_t470 + 0x1b);
				 *(_t473 + 0x70) =  *(_t470 + 3);
				 *(_t473 + 0x68) =  *(_t470 + 0x1f);
				 *(_t473 + 0x60) =  *(_t470 + 0x13);
				 *(_t473 + 0x58) =  *(_t470 + 0xf);
				 *((intOrPtr*)(_t473 + 0x50)) =  *((intOrPtr*)(_t467 + 8));
				 *(_t473 + 0x48) =  *(_t470 + 0x17);
				_t453 =  *0xaee8210; // 0x0
				r8d =  *(_t470 + 7);
				 *((long long*)(_t473 + 0x40)) =  *((intOrPtr*)(_t453 + 0x40));
				 *(_t473 + 0x38) =  *(_t470 - 5);
				_t454 =  *_t467;
				 *((long long*)(_t473 + 0x30)) = _t456;
				 *(_t473 + 0x28) = _t454;
				_t392 = E00007FFA7FFA0AED8488(_t452, _t454, _t456,  *((intOrPtr*)(_t453 + 0x40)), _t461, _t467, _t470, _t470 + 0x2f);
				 *(_t470 - 0x11) = 0x9e64e1;
				r8d = _t392;
				 *(_t470 - 0x11) = _t454 + _t454 * 2 << 4;
				 *(_t470 - 0x11) = 0xa0a0a0a1 *  *(_t470 - 0x11) >> 0x20 >> 6;
				 *(_t470 - 0x11) = 0x5397829d *  *(_t470 - 0x11) >> 0x20 >> 4;
				 *(_t470 - 0x11) =  *(_t470 - 0x11) ^ 0x0001856c;
				if (r8d !=  *(_t470 - 0x11)) goto 0xaedca3f;
				goto 0xaedc4c0;
				 *(_t470 - 0xd) = 0xdf630e;
				 *(_t470 - 0xd) =  *(_t470 - 0xd) | 0x2cbfa323;
				 *(_t470 - 0xd) =  *(_t470 - 0xd) ^ 0x2cf055ac;
				 *(_t470 + 0x17) = 0x951256;
				 *(_t470 + 0x17) =  *(_t470 + 0x17) + 0xffff1c60;
				 *(_t470 + 0x17) =  *(_t470 + 0x17) ^ 0x009d83aa;
				r8d =  *(_t470 + 0x17);
				E00007FFA7FFA0AED89D0(_t454,  *(_t470 + 0x27));
				if (0x2df35 == 0x2df35) goto 0xaedca3f;
				goto 0xaedc4c0;
				 *_t464 =  *(_t470 + 0x27);
				 *(_t464 + 8) =  *(_t470 + 0x2f);
				return 1;
			}

0x7ffa0aedc480
0x7ffa0aedc480
0x7ffa0aedc480
0x7ffa0aedc483
0x7ffa0aedc487
0x7ffa0aedc48b
0x7ffa0aedc490
0x7ffa0aedc494
0x7ffa0aedc49b
0x7ffa0aedc49f
0x7ffa0aedc4a2
0x7ffa0aedc4a7
0x7ffa0aedc4b5
0x7ffa0aedc4bc
0x7ffa0aedc4c5
0x7ffa0aedc4d0
0x7ffa0aedc4db
0x7ffa0aedc4e6
0x7ffa0aedc4f1
0x7ffa0aedc4f7
0x7ffa0aedc503
0x7ffa0aedc50a
0x7ffa0aedc519
0x7ffa0aedc51c
0x7ffa0aedc523
0x7ffa0aedc52e
0x7ffa0aedc536
0x7ffa0aedc53d
0x7ffa0aedc544
0x7ffa0aedc548
0x7ffa0aedc54f
0x7ffa0aedc556
0x7ffa0aedc565
0x7ffa0aedc568
0x7ffa0aedc56f
0x7ffa0aedc576
0x7ffa0aedc57d
0x7ffa0aedc584
0x7ffa0aedc588
0x7ffa0aedc58f
0x7ffa0aedc596
0x7ffa0aedc59d
0x7ffa0aedc5a4
0x7ffa0aedc5a8
0x7ffa0aedc5af
0x7ffa0aedc5b6
0x7ffa0aedc5ba
0x7ffa0aedc5c1
0x7ffa0aedc5c8
0x7ffa0aedc5d3
0x7ffa0aedc5d6
0x7ffa0aedc5dd
0x7ffa0aedc5e4
0x7ffa0aedc5eb
0x7ffa0aedc5f2
0x7ffa0aedc5f9
0x7ffa0aedc600
0x7ffa0aedc607
0x7ffa0aedc60e
0x7ffa0aedc615
0x7ffa0aedc61c
0x7ffa0aedc620
0x7ffa0aedc627
0x7ffa0aedc62e
0x7ffa0aedc635
0x7ffa0aedc63c
0x7ffa0aedc643
0x7ffa0aedc64d
0x7ffa0aedc657
0x7ffa0aedc661
0x7ffa0aedc66b
0x7ffa0aedc675
0x7ffa0aedc67c
0x7ffa0aedc683
0x7ffa0aedc68a
0x7ffa0aedc691
0x7ffa0aedc698
0x7ffa0aedc69f
0x7ffa0aedc6a3
0x7ffa0aedc6b1
0x7ffa0aedc6b5
0x7ffa0aedc6bd
0x7ffa0aedc6c9
0x7ffa0aedc6ce
0x7ffa0aedc6d1
0x7ffa0aedc6d6
0x7ffa0aedc6db
0x7ffa0aedc6e2
0x7ffa0aedc6eb
0x7ffa0aedc6ef
0x7ffa0aedc6f6
0x7ffa0aedc702
0x7ffa0aedc70d
0x7ffa0aedc717
0x7ffa0aedc71c
0x7ffa0aedc723
0x7ffa0aedc727
0x7ffa0aedc72e
0x7ffa0aedc735
0x7ffa0aedc73c
0x7ffa0aedc743
0x7ffa0aedc747
0x7ffa0aedc74e
0x7ffa0aedc75e
0x7ffa0aedc761
0x7ffa0aedc774
0x7ffa0aedc779
0x7ffa0aedc780
0x7ffa0aedc78b
0x7ffa0aedc790
0x7ffa0aedc7a9
0x7ffa0aedc7ac
0x7ffa0aedc7b3
0x7ffa0aedc7ba
0x7ffa0aedc7c1
0x7ffa0aedc7c8
0x7ffa0aedc7cf
0x7ffa0aedc7d6
0x7ffa0aedc7dd
0x7ffa0aedc7e4
0x7ffa0aedc7eb
0x7ffa0aedc7f2
0x7ffa0aedc7f6
0x7ffa0aedc7fa
0x7ffa0aedc801
0x7ffa0aedc808
0x7ffa0aedc80f
0x7ffa0aedc816
0x7ffa0aedc81d
0x7ffa0aedc824
0x7ffa0aedc82b
0x7ffa0aedc832
0x7ffa0aedc839
0x7ffa0aedc840
0x7ffa0aedc854
0x7ffa0aedc857
0x7ffa0aedc85e
0x7ffa0aedc865
0x7ffa0aedc86c
0x7ffa0aedc873
0x7ffa0aedc87a
0x7ffa0aedc881
0x7ffa0aedc885
0x7ffa0aedc88c
0x7ffa0aedc893
0x7ffa0aedc8a8
0x7ffa0aedc8ab
0x7ffa0aedc8b2
0x7ffa0aedc8b9
0x7ffa0aedc8c4
0x7ffa0aedc8cb
0x7ffa0aedc8ce
0x7ffa0aedc8d5
0x7ffa0aedc8dc
0x7ffa0aedc8e7
0x7ffa0aedc8ea
0x7ffa0aedc8f1
0x7ffa0aedc8fc
0x7ffa0aedc8ff
0x7ffa0aedc909
0x7ffa0aedc913
0x7ffa0aedc91d
0x7ffa0aedc927
0x7ffa0aedc931
0x7ffa0aedc938
0x7ffa0aedc943
0x7ffa0aedc94a
0x7ffa0aedc951
0x7ffa0aedc958
0x7ffa0aedc95f
0x7ffa0aedc963
0x7ffa0aedc971
0x7ffa0aedc975
0x7ffa0aedc97d
0x7ffa0aedc981
0x7ffa0aedc984
0x7ffa0aedc989
0x7ffa0aedc98e
0x7ffa0aedc993
0x7ffa0aedc99a
0x7ffa0aedc9ab
0x7ffa0aedc9bb
0x7ffa0aedc9c6
0x7ffa0aedc9c9
0x7ffa0aedc9d6
0x7ffa0aedc9dd
0x7ffa0aedc9e2
0x7ffa0aedc9e9
0x7ffa0aedc9f0
0x7ffa0aedc9f7
0x7ffa0aedc9fe
0x7ffa0aedca05
0x7ffa0aedca0c
0x7ffa0aedca17
0x7ffa0aedca26
0x7ffa0aedca28
0x7ffa0aedca36
0x7ffa0aedca3c
0x7ffa0aedca59

Strings

>8y, xrefs: 00007FFA0AEDC873
%, xrefs: 00007FFA0AEDC8D5
J', xrefs: 00007FFA0AEDC5AF

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: >8y$J'$%
API String ID: 0-3755613251
Opcode ID: 4edc595fb37b9a43459600234dde8a0ce8c52f7157a6c17156ee70c00a93dce0
Instruction ID: ca08007569f4ddac9d8ff88181999cec9629ecadb77bc8253afaafcdb7dd9be6
Opcode Fuzzy Hash: 4edc595fb37b9a43459600234dde8a0ce8c52f7157a6c17156ee70c00a93dce0
Instruction Fuzzy Hash: D3020173A08340DFE358DFB8D49659D7BB1F34434CB008469EB4AABB68DB749A59CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE3858 Relevance: 4.0, Strings: 3, Instructions: 234
COMMONCrypto

Download Yara Rule

C-Code - Quality: 84%

			E00007FFA7FFA0AEE3858(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi) {
				void* _t61;
				void* _t74;
				void* _t76;
				void* _t79;
				void* _t80;

				_t61 = _t76;
				 *((long long*)(_t61 + 8)) = __rbx;
				 *((long long*)(_t61 + 0x10)) = __rsi;
				 *((long long*)(_t61 + 0x18)) = __rdi;
				_t74 = _t61 - 0x57;
				 *((intOrPtr*)(_t76 - 0xd0 + 0x20)) =  *((intOrPtr*)(_t74 + 0x7f));
				E00007FFA7FFA0AEE3C78( *((intOrPtr*)(_t74 + 0x7f)), __rcx, __rdx, _t79, _t80);
				 *((intOrPtr*)(_t74 - 0x41)) = 0x3e463;
				 *((intOrPtr*)(_t74 - 0x3d)) = 0xe5548;
				if (0x627d9 == 0x627d9) goto 0xaee3c62;
				if (0x627d9 == 0x6cadf) goto 0xaee3bc3;
				if (0x627d9 == 0x8d97e) goto 0xaee3a7e;
				if (0x627d9 == 0xd97fb) goto 0xaee39da;
				if (0x627d9 == 0xe120b) goto 0xaee3956;
				if (0x627d9 != 0xf2d92) goto 0xaee3c67;
				 *(_t74 - 0x4d) = 0x89c57a;
				 *(_t74 - 0x4d) =  *(_t74 - 0x4d) << 7;
				 *(_t74 - 0x4d) =  *(_t74 - 0x4d) + 0xdec5;
				 *(_t74 - 0x4d) = ( *(_t74 - 0x4d) - (0x8421085 *  *(_t74 - 0x4d) >> 0x20) >> 1) + (0x8421085 *  *(_t74 - 0x4d) >> 0x20) >> 5;
				 *(_t74 - 0x4d) =  *(_t74 - 0x4d) ^ 0x011bb00a;
				 *(_t74 - 0x51) = 0xdecafd;
				 *(_t74 - 0x51) =  *(_t74 - 0x51) + 0x1a4f;
				 *(_t74 - 0x51) =  *(_t74 - 0x51) >> 0x10;
				 *(_t74 - 0x51) =  *(_t74 - 0x51) * 0x3d;
				 *(_t74 - 0x51) =  *(_t74 - 0x51) ^ 0x00085b44;
				r8d =  *(_t74 - 0x51);
				E00007FFA7FFA0AED89D0(_t61,  *((intOrPtr*)(_t74 - 0x29)));
				return 0;
			}

0x7ffa0aee3858
0x7ffa0aee385b
0x7ffa0aee385f
0x7ffa0aee3863
0x7ffa0aee3868
0x7ffa0aee387c
0x7ffa0aee3880
0x7ffa0aee3885
0x7ffa0aee388c
0x7ffa0aee389f
0x7ffa0aee38aa
0x7ffa0aee38b5
0x7ffa0aee38c0
0x7ffa0aee38cb
0x7ffa0aee38d6
0x7ffa0aee38dc
0x7ffa0aee38e8
0x7ffa0aee38ec
0x7ffa0aee3901
0x7ffa0aee3904
0x7ffa0aee390b
0x7ffa0aee3912
0x7ffa0aee3919
0x7ffa0aee3921
0x7ffa0aee3924
0x7ffa0aee392b
0x7ffa0aee3936
0x7ffa0aee3955

Strings

p2C, xrefs: 00007FFA0AEE3B44
<2, xrefs: 00007FFA0AEE3B72
I , xrefs: 00007FFA0AEE3A7E

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: I $p2C$<2
API String ID: 0-3165036293
Opcode ID: 5c055cc6ff17040a96a7bffda7647cd963540e583c536fd939da3aaef2191dbc
Instruction ID: e6aa2cdcef3ccce5c4e07d95db378e0e2a2746727646c119d307090c2953f02a
Opcode Fuzzy Hash: 5c055cc6ff17040a96a7bffda7647cd963540e583c536fd939da3aaef2191dbc
Instruction Fuzzy Hash: 81C1C173F487518FE368DFB9D45949C3BB2E74431C7618129DE09ABA9CDB78980ACB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE5B54 Relevance: 3.9, Strings: 3, Instructions: 195
COMMONCrypto

Download Yara Rule

C-Code - Quality: 48%

			E00007FFA7FFA0AEE5B54(void* __ebx, void* __edx, long long __rbx, void* __rcx, intOrPtr* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9) {
				void* _t189;
				void* _t226;
				intOrPtr _t246;
				intOrPtr* _t253;
				void* _t264;
				void* _t266;
				void* _t267;
				intOrPtr _t269;
				void* _t270;

				_t273 = __r9;
				_t272 = __r8;
				_t260 = __rdx;
				_t226 = __edx;
				_t246 = _t269;
				 *((long long*)(_t246 + 8)) = __rbx;
				 *((long long*)(_t246 + 0x18)) = __rsi;
				 *((long long*)(_t246 + 0x20)) = __rdi;
				_t267 = _t246 - 0x5f;
				_t270 = _t269 - 0x90;
				_t264 = __r9;
				_t253 = __rdx;
				E00007FFA7FFA0AEE3C78(_t189, __rcx, __rdx, __r8, __r9);
				 *(_t267 + 0x6f) = 0xbfb7a;
				if (0xb7b0a == 0x15ad6) goto 0xaee5e14;
				if (0xb7b0a == 0x68952) goto 0xaee5d92;
				if (0xb7b0a == 0x6fc5d) goto 0xaee5ea1;
				if (0xb7b0a == 0xa0957) goto 0xaee5d10;
				if (0xb7b0a == 0xa638a) goto 0xaee5c8b;
				if (0xb7b0a == 0xb7b0a) goto 0xaee5c66;
				if (0xb7b0a == 0xd123a) goto 0xaee5bee;
				if (0xb7b0a != 0xf38b0) goto 0xaee5e95;
				 *((intOrPtr*)(_t253 + 8)) = E00007FFA7FFA0AEDCA5C(__r9);
				goto 0xaee5b88;
				 *(_t267 - 5) = 0x716ff8;
				 *(_t267 - 5) =  *(_t267 - 5) ^ 0x31828662;
				_t10 = _t267 - 5; // 0x2444c70000eedbe8
				 *(_t267 - 5) =  *_t10 * 0x2c;
				 *(_t267 - 5) =  *(_t267 - 5) ^ 0x95e23736;
				 *(_t267 + 0x6f) = 0x6bf994;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) >> 9;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) | 0x969ecf54;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) >> 1;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) ^ 0x4b4320a4;
				 *(_t267 - 9) = 0xb7bde0;
				 *(_t267 - 9) =  *(_t267 - 9) << 0x10;
				 *(_t267 - 9) =  *(_t267 - 9) + 0x29d2;
				 *(_t267 - 9) =  *(_t267 - 9) ^ 0xbde1b944;
				E00007FFA7FFA0AEDDE9C( *((intOrPtr*)(_t253 + 8)), _t226, _t246);
				 *_t253 = _t246;
				if (_t246 == 0) goto 0xaee5f05;
				goto 0xaee5b88;
				 *_t253 = __rdi;
				 *(_t267 + 0x6f) = 0xc7db31;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) << 2;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) ^ 0x031f6cc4;
				_t39 = _t267 + 0x6f; // 0x340246cc10060f8
				 *((intOrPtr*)(_t253 + 8)) =  *_t39;
				goto 0xaee5b88;
				 *(_t267 - 1) = 0xbe6f50;
				_t42 = _t267 + 7; // 0x7ffa0aed6c80
				 *(_t267 - 1) =  *(_t267 - 1) + 0x620d;
				 *((long long*)(_t270 + 0x28)) = _t42;
				 *(_t267 - 1) =  *(_t267 - 1) ^ 0x00bca27d;
				 *(_t267 + 0x6f) = 0x4a588c;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) + 0xe218;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) + 0xffffb023;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) ^ 0x004dffa1;
				 *(_t267 - 9) = 0xcc4524;
				 *(_t267 - 9) =  *(_t267 - 9) >> 2;
				 *(_t267 - 9) =  *(_t267 - 9) ^ 0x003f41ac;
				 *(_t267 - 5) = 0x92f40b;
				 *(_t267 - 5) =  *(_t267 - 5) + 0xdf98;
				 *(_t267 - 5) =  *(_t267 - 5) ^ 0x0090ddac;
				_t65 = _t267 - 5; // 0x2444c70000eedbe8
				_t66 = _t267 - 9; // 0xeedbe844244c8b
				r8d =  *_t66;
				r9d =  *((intOrPtr*)(__r9 + 0x30));
				 *((intOrPtr*)(_t270 + 0x20)) =  *_t65;
				E00007FFA7FFA0AEDB108(_t266);
				goto 0xaee5b88;
				 *(_t267 - 9) = 0xf63865;
				_t72 = _t267 + 7; // 0x7ffa0aed6c80
				_t73 = _t264 + 0x20; // 0xc299f
				 *(_t267 - 9) =  *(_t267 - 9) + 0xffffbf04;
				 *((long long*)(_t270 + 0x20)) = _t72;
				 *(_t267 - 9) =  *(_t267 - 9) + 0xa1dc;
				 *(_t267 - 9) =  *(_t267 - 9) ^ 0x00f0c0c5;
				 *(_t267 + 0x6f) = 0xd66e5a;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) ^ 0x8f1a7ad2;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) | 0x7f534253;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) + 0xffff9732;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) ^ 0xffd9ee19;
				 *(_t267 - 5) = 0xdd911c;
				 *(_t267 - 5) =  *(_t267 - 5) | 0x6a7efac8;
				 *(_t267 - 5) =  *(_t267 - 5) + 0xffff7667;
				 *(_t267 - 5) =  *(_t267 - 5) ^ 0x6afc674e;
				_t97 = _t267 - 5; // 0x2444c70000eedbe8
				r9d =  *_t97;
				_t98 = _t267 + 0x6f; // 0x340246cc10060f8
				r8d =  *_t98;
				E00007FFA7FFA0AEE6588(_t246, _t72, _t253, _t73, _t260, __r8, __r9);
				goto 0xaee5b88;
				 *(_t267 - 9) = 0xb24801;
				_t101 = _t267 + 7; // 0x7ffa0aed6c80
				 *(_t267 - 9) =  *(_t267 - 9) << 0xc;
				 *((long long*)(_t270 + 0x28)) = _t101;
				 *(_t267 - 9) =  *(_t267 - 9) ^ 0x24882b4c;
				 *(_t267 - 5) = 0x4a5773;
				 *(_t267 - 5) =  *(_t267 - 5) ^ 0xcbd14c73;
				 *(_t267 - 5) =  *(_t267 - 5) ^ 0xcb91e759;
				 *(_t267 - 1) = 0x9fbb41;
				 *(_t267 - 1) =  *(_t267 - 1) + 0xffff3575;
				 *(_t267 - 1) =  *(_t267 - 1) ^ 0x009458e0;
				 *(_t267 + 0x6f) = 0xd92cc;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) ^ 0x432645a7;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) << 2;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) ^ 0x0ca7dc74;
				_t124 = _t267 + 0x6f; // 0x340246cc10060f8
				_t125 = _t267 - 1; // 0x97eb12442444c700
				r8d =  *_t125;
				r9d =  *((intOrPtr*)(_t264 + 8));
				 *((intOrPtr*)(_t270 + 0x20)) =  *_t124;
				E00007FFA7FFA0AEDB108();
				goto 0xaee5b88;
				 *(_t267 + 0x6f) = 0x755fdc;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) ^ 0x831c5195;
				_t133 = _t267 + 0x6f; // 0x340246cc10060f8
				 *(_t267 + 0x6f) = ( *_t133 - (0xa6810a7 *  *_t133 >> 0x20) >> 1) + (0xa6810a7 *  *_t133 >> 0x20) >> 6;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) >> 0xa;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) ^ 0x000d1f49;
				 *(_t267 - 1) = 0xeb7511;
				_t144 = _t267 - 1; // 0x97eb12442444c700
				 *(_t267 - 1) =  *_t144 * 0x4b;
				_t146 = _t267 + 7; // 0x7ffa0aed6c80
				 *(_t267 - 1) =  *(_t267 - 1) ^ 0x44fdb190;
				 *(_t267 - 5) = 0xfbdbba;
				 *((long long*)(_t270 + 0x20)) = _t146;
				 *(_t267 - 5) =  *(_t267 - 5) + 0xffff5685;
				 *(_t267 - 5) =  *(_t267 - 5) + 0xffffeb3d;
				 *(_t267 - 5) =  *(_t267 - 5) ^ 0x00f32706;
				_t157 = _t267 - 5; // 0x2444c70000eedbe8
				r9d =  *_t157;
				_t158 = _t267 - 1; // 0x97eb12442444c700
				r8d =  *_t158;
				E00007FFA7FFA0AEDDBDC(_t146, _t253);
				if (0x68952 == 0xca1cf) goto 0xaee5f05;
				goto 0xaee5b88;
				 *(_t267 - 5) = 0x584a91;
				_t161 = _t267 + 7; // 0x7ffa0aed6c80
				_t162 = _t264 + 0x38; // 0xc29b7
				 *(_t267 - 5) =  *(_t267 - 5) + 0xfffffeb3;
				 *((long long*)(_t270 + 0x20)) = _t161;
				 *(_t267 - 5) =  *(_t267 - 5) ^ 0x0051b27a;
				 *(_t267 + 0x6f) = 0x14d75c;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) | 0xb277afe0;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) + 0xffffbd12;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) >> 9;
				 *(_t267 + 0x6f) =  *(_t267 + 0x6f) ^ 0x005cc36a;
				 *(_t267 - 1) = 0x3d8fac;
				 *(_t267 - 1) =  *(_t267 - 1) >> 0xd;
				 *(_t267 - 1) =  *(_t267 - 1) ^ 0x00060d84;
				_t182 = _t267 - 1; // 0x97eb12442444c700
				r9d =  *_t182;
				_t183 = _t267 + 0x6f; // 0x340246cc10060f8
				r8d =  *_t183;
				E00007FFA7FFA0AEE6588(0x68952 - 0xca1cf, _t161, _t253, _t162, _t260, _t272, _t273);
				dil =  *_t253 != __rdi;
				return 0;
			}

0x7ffa0aee5b54
0x7ffa0aee5b54
0x7ffa0aee5b54
0x7ffa0aee5b54
0x7ffa0aee5b54
0x7ffa0aee5b57
0x7ffa0aee5b5b
0x7ffa0aee5b5f
0x7ffa0aee5b64
0x7ffa0aee5b68
0x7ffa0aee5b6f
0x7ffa0aee5b72
0x7ffa0aee5b75
0x7ffa0aee5b7f
0x7ffa0aee5b8d
0x7ffa0aee5b98
0x7ffa0aee5ba3
0x7ffa0aee5bae
0x7ffa0aee5bb9
0x7ffa0aee5bc4
0x7ffa0aee5bcf
0x7ffa0aee5bd6
0x7ffa0aee5be4
0x7ffa0aee5bec
0x7ffa0aee5bee
0x7ffa0aee5bf5
0x7ffa0aee5bfc
0x7ffa0aee5c00
0x7ffa0aee5c03
0x7ffa0aee5c0a
0x7ffa0aee5c11
0x7ffa0aee5c15
0x7ffa0aee5c1c
0x7ffa0aee5c1f
0x7ffa0aee5c26
0x7ffa0aee5c2d
0x7ffa0aee5c31
0x7ffa0aee5c38
0x7ffa0aee5c4b
0x7ffa0aee5c50
0x7ffa0aee5c56
0x7ffa0aee5c61
0x7ffa0aee5c66
0x7ffa0aee5c69
0x7ffa0aee5c70
0x7ffa0aee5c74
0x7ffa0aee5c7b
0x7ffa0aee5c7e
0x7ffa0aee5c86
0x7ffa0aee5c8b
0x7ffa0aee5c92
0x7ffa0aee5c96
0x7ffa0aee5c9d
0x7ffa0aee5ca2
0x7ffa0aee5ca9
0x7ffa0aee5cb0
0x7ffa0aee5cb7
0x7ffa0aee5cbe
0x7ffa0aee5cc5
0x7ffa0aee5ccc
0x7ffa0aee5cd0
0x7ffa0aee5cd7
0x7ffa0aee5cde
0x7ffa0aee5ce5
0x7ffa0aee5cec
0x7ffa0aee5cef
0x7ffa0aee5cef
0x7ffa0aee5cf9
0x7ffa0aee5cfd
0x7ffa0aee5d01
0x7ffa0aee5d0b
0x7ffa0aee5d10
0x7ffa0aee5d17
0x7ffa0aee5d1b
0x7ffa0aee5d1f
0x7ffa0aee5d26
0x7ffa0aee5d2b
0x7ffa0aee5d32
0x7ffa0aee5d39
0x7ffa0aee5d40
0x7ffa0aee5d47
0x7ffa0aee5d4e
0x7ffa0aee5d55
0x7ffa0aee5d5c
0x7ffa0aee5d63
0x7ffa0aee5d6a
0x7ffa0aee5d71
0x7ffa0aee5d78
0x7ffa0aee5d78
0x7ffa0aee5d7c
0x7ffa0aee5d7c
0x7ffa0aee5d83
0x7ffa0aee5d8d
0x7ffa0aee5d92
0x7ffa0aee5d99
0x7ffa0aee5d9d
0x7ffa0aee5da1
0x7ffa0aee5da6
0x7ffa0aee5dad
0x7ffa0aee5db4
0x7ffa0aee5dbb
0x7ffa0aee5dc2
0x7ffa0aee5dc9
0x7ffa0aee5dd0
0x7ffa0aee5dd7
0x7ffa0aee5dde
0x7ffa0aee5de5
0x7ffa0aee5de9
0x7ffa0aee5df0
0x7ffa0aee5df3
0x7ffa0aee5df3
0x7ffa0aee5dfd
0x7ffa0aee5e01
0x7ffa0aee5e05
0x7ffa0aee5e0f
0x7ffa0aee5e14
0x7ffa0aee5e20
0x7ffa0aee5e27
0x7ffa0aee5e35
0x7ffa0aee5e3b
0x7ffa0aee5e3f
0x7ffa0aee5e46
0x7ffa0aee5e4d
0x7ffa0aee5e51
0x7ffa0aee5e54
0x7ffa0aee5e58
0x7ffa0aee5e5f
0x7ffa0aee5e66
0x7ffa0aee5e6b
0x7ffa0aee5e72
0x7ffa0aee5e79
0x7ffa0aee5e80
0x7ffa0aee5e80
0x7ffa0aee5e84
0x7ffa0aee5e84
0x7ffa0aee5e8b
0x7ffa0aee5e9a
0x7ffa0aee5e9c
0x7ffa0aee5ea1
0x7ffa0aee5ea8
0x7ffa0aee5eac
0x7ffa0aee5eb0
0x7ffa0aee5eb7
0x7ffa0aee5ebc
0x7ffa0aee5ec3
0x7ffa0aee5eca
0x7ffa0aee5ed1
0x7ffa0aee5ed8
0x7ffa0aee5edc
0x7ffa0aee5ee3
0x7ffa0aee5eea
0x7ffa0aee5eee
0x7ffa0aee5ef5
0x7ffa0aee5ef5
0x7ffa0aee5ef9
0x7ffa0aee5ef9
0x7ffa0aee5f00
0x7ffa0aee5f18
0x7ffa0aee5f26

Strings

W, xrefs: 00007FFA0AEE5BA9
sWJ, xrefs: 00007FFA0AEE5DAD
W, xrefs: 00007FFA0AEE5D06

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: W$W$sWJ
API String ID: 0-3218909086
Opcode ID: cbf1bf790bc1acc0508352f0c0367d7efca533d558239a5c831380d391c33a50
Instruction ID: 5170b0a14c6cef5c3071bdf913fc7bdeb4860868762257c8bfac073b1a8120b3
Opcode Fuzzy Hash: cbf1bf790bc1acc0508352f0c0367d7efca533d558239a5c831380d391c33a50
Instruction Fuzzy Hash: 46B16973B05301DFE364DFB0D18659D3BF2F70134CB0180A9EE09A6A68EB79A619CB05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED5668 Relevance: 3.9, Strings: 3, Instructions: 156
COMMONCrypto

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AED5668(void* __ecx, signed long long __rax, long long __rbx, long long __rdx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24, long long _a40) {
				void* _v8;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v72;
				long long _v80;
				signed int _v88;
				signed int _v96;
				long long _v104;
				signed int _t78;
				signed long long _t92;
				void* _t97;
				void* _t108;
				void* _t110;

				_t92 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_v104 = _a40;
				E00007FFA7FFA0AEE3C78(_a40, _t97, __rdx, _t108, _t110);
				_v20 = 0;
				_v24 = 0x92d9e;
				if (0x7c356 == 0xd1a0) goto 0xaed58c0;
				if (0x7c356 == 0x7c356) goto 0xaed58b6;
				if (0x7c356 == 0xbb2b3) goto 0xaed57cf;
				if (0x7c356 != 0xe50d6) goto 0xaed593f;
				_v52 = 0x9c49b8;
				_v52 = _v52 ^ 0x05bc3f84;
				_v52 = _v52 ^ 0xf6c0683b;
				_v52 = _v52 + 0x3a37;
				_v52 = _v52 ^ 0xf3e0583f;
				_v56 = 0x19fad6;
				_v56 = _v56 ^ 0x4a7e8fe9;
				_v56 = _v56 + 0xae87;
				_v56 = _t92 + _t92 * 2 << 2;
				_v56 = _v56 ^ 0x3ce1ad48;
				_v40 = 0x44914d;
				_v40 = _v40 + 0xaa0a;
				_v40 = _v40 ^ 0x00414196;
				_v48 = 0x381a8b;
				_v48 = _v48 | 0x18b8fcb8;
				_v48 = _v48 << 6;
				_v48 = _v48 + 0xba8b;
				_v48 = _v48 ^ 0x2e464e0b;
				_v44 = 0x467ef4;
				_v44 = _v44 >> 7;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x00072b01;
				_v36 = 0xa07a92;
				_v36 = _v36 << 9;
				_v36 = _v36 ^ 0x40f02dcc;
				_v72 = _v36;
				_v80 = __rdx;
				_v88 = _v44;
				_t78 = _v48;
				r9d = _v40;
				_v96 = _t78;
				_v104 =  &_v32;
				E00007FFA7FFA0AEDBBB0();
				return _t78;
			}

0x7ffa0aed5668
0x7ffa0aed5668
0x7ffa0aed566d
0x7ffa0aed5672
0x7ffa0aed568a
0x7ffa0aed568e
0x7ffa0aed5695
0x7ffa0aed5698
0x7ffa0aed56ab
0x7ffa0aed56b6
0x7ffa0aed56c1
0x7ffa0aed56cc
0x7ffa0aed56d2
0x7ffa0aed56de
0x7ffa0aed56e5
0x7ffa0aed56ec
0x7ffa0aed56f3
0x7ffa0aed56fa
0x7ffa0aed5701
0x7ffa0aed5708
0x7ffa0aed5718
0x7ffa0aed571b
0x7ffa0aed5722
0x7ffa0aed5729
0x7ffa0aed5730
0x7ffa0aed5737
0x7ffa0aed573e
0x7ffa0aed5745
0x7ffa0aed5749
0x7ffa0aed5750
0x7ffa0aed5757
0x7ffa0aed575e
0x7ffa0aed5762
0x7ffa0aed5766
0x7ffa0aed576d
0x7ffa0aed5774
0x7ffa0aed5778
0x7ffa0aed578a
0x7ffa0aed5791
0x7ffa0aed5796
0x7ffa0aed579a
0x7ffa0aed579d
0x7ffa0aed57a1
0x7ffa0aed57a9
0x7ffa0aed57ae
0x7ffa0aed57ce

Strings

PY>, xrefs: 00007FFA0AED58C0
Uf, xrefs: 00007FFA0AED58FC
-.:, xrefs: 00007FFA0AED58F5

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: -.:$PY>$Uf
API String ID: 0-2600594324
Opcode ID: 381ebf14c5ac615bd1a8b0d0693cd270f66afc77be5b049045fa6e13fb4a8681
Instruction ID: 19043c743954c94a27d191c305eb76e1e8738e77a6b11af8f8a21b3a96dbedca
Opcode Fuzzy Hash: 381ebf14c5ac615bd1a8b0d0693cd270f66afc77be5b049045fa6e13fb4a8681
Instruction Fuzzy Hash: E881F073F242208FE758CFB4E58959D3BF0F30874CB548169EE5AA2A58D77899448F28

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE45F0 Relevance: 3.9, Strings: 3, Instructions: 102
COMMONCrypto

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AEE45F0(void* __eflags, long long __rcx, void* __rdx, char _a16, signed int _a24, intOrPtr _a28, signed int _a32) {
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v56;
				long long _v64;
				long long _v72;
				signed int _v80;
				signed int _v88;
				void* __rbx;
				void* __rbp;
				char _t121;
				long long _t143;
				void* _t148;
				void* _t149;
				void* _t151;

				_t147 = __rdx;
				_a24 = 0xb72fa;
				_a28 = 0xa3e6d;
				_a16 = 0x3b;
				_t143 = __rcx;
				_t148 = __rdx;
				r9d = 1;
				_v32 = r9d;
				_v36 = 0xf6241b;
				_v36 = _v36 + 0xb580;
				_v36 = _v36 << 0xa;
				_v36 = _v36 ^ 0xdb624801;
				_v40 = 0xf1ff0e;
				_v40 = _v40 + 0x7c71;
				_v40 = _v40 | 0xa5ec7683;
				_v40 = _v40 ^ 0xa5f0e476;
				_a32 = 0x7b1213;
				_a32 = _a32 >> 4;
				_a32 = _a32 ^ 0x10a99944;
				_a32 = _a32 ^ 0xb3a51e77;
				_a32 = _a32 ^ 0xa305061d;
				_a24 = 0x75734a;
				_a24 = (_a24 - (0xaf286bcb * _a24 >> 0x20) >> 1) + (0xaf286bcb * _a24 >> 0x20) >> 5;
				_a24 = 0x8d3dcb09 * _a24 >> 0x20 >> 5;
				_a24 = _a24 ^ 0xa1d584c6;
				_a24 = _a24 ^ 0xa1df8650;
				_v56 = _a24;
				_v64 =  &_v32;
				_v72 = __rcx;
				_v80 = _a32;
				r8d = _v36;
				_v88 = _v40;
				_t121 = E00007FFA7FFA0AED4D38(__eflags,  &_v32, __rcx,  &_a16, __rdx, _t149, _t151);
				_a32 = 0x5a723b;
				_a32 = _a32 >> 8;
				_a32 = _a32 | 0x3e568443;
				_a32 = _a32 ^ 0x3e57e70c;
				_a24 = 0xd24fcf;
				_a24 = _a24 + 0xffff917b;
				_a24 = _a24 >> 2;
				_a24 = _a24 ^ 0x0030cef5;
				E00007FFA7FFA0AED5C2C();
				_v32 = _t121;
				_v36 = 0xdad49c;
				_v36 = _v36 >> 1;
				_v36 = _v36 >> 3;
				_v36 = _v36 ^ 0x000cfb17;
				_a32 = 0x100b7f;
				_a32 = _a32 * 0x1f;
				_a32 = _a32 >> 2;
				_a32 = _a32 ^ 0x007ccfe2;
				_v40 = 0x7dc379;
				_v40 = _v40 ^ 0xafe5f5b6;
				_v40 = _v40 ^ 0xaf922897;
				_a24 = 0xac68ae;
				_a24 = _a24 >> 1;
				_a24 = _a24 | 0x0a2122e6;
				_a24 = _a24 * 0x43;
				_a24 = _a24 ^ 0xbd356d92;
				_v56 = _a24;
				_v64 =  &_v32;
				_v72 = _t143;
				_v80 = _v40;
				r8d = _v36;
				r9d = _v32;
				_v88 = _a32;
				return E00007FFA7FFA0AED4D38(_a24,  &_v32, _t143,  *((intOrPtr*)(_t148 + 0x80)), _t147, _t149, _t151);
			}

0x7ffa0aee45f0
0x7ffa0aee45fb
0x7ffa0aee4602
0x7ffa0aee4609
0x7ffa0aee460d
0x7ffa0aee4610
0x7ffa0aee4613
0x7ffa0aee4619
0x7ffa0aee461d
0x7ffa0aee4629
0x7ffa0aee4630
0x7ffa0aee4634
0x7ffa0aee463b
0x7ffa0aee4642
0x7ffa0aee4649
0x7ffa0aee4650
0x7ffa0aee4657
0x7ffa0aee465e
0x7ffa0aee4662
0x7ffa0aee4669
0x7ffa0aee4670
0x7ffa0aee4677
0x7ffa0aee4691
0x7ffa0aee46a0
0x7ffa0aee46a3
0x7ffa0aee46aa
0x7ffa0aee46b4
0x7ffa0aee46bc
0x7ffa0aee46c4
0x7ffa0aee46c9
0x7ffa0aee46d0
0x7ffa0aee46d4
0x7ffa0aee46d8
0x7ffa0aee46dd
0x7ffa0aee46e4
0x7ffa0aee46e8
0x7ffa0aee46ef
0x7ffa0aee46f6
0x7ffa0aee46fd
0x7ffa0aee4704
0x7ffa0aee4708
0x7ffa0aee471c
0x7ffa0aee4721
0x7ffa0aee4724
0x7ffa0aee472b
0x7ffa0aee472e
0x7ffa0aee4732
0x7ffa0aee4739
0x7ffa0aee4744
0x7ffa0aee4747
0x7ffa0aee474b
0x7ffa0aee4752
0x7ffa0aee4759
0x7ffa0aee4760
0x7ffa0aee4767
0x7ffa0aee476e
0x7ffa0aee4771
0x7ffa0aee477c
0x7ffa0aee477f
0x7ffa0aee4789
0x7ffa0aee4791
0x7ffa0aee4799
0x7ffa0aee479e
0x7ffa0aee47a5
0x7ffa0aee47b0
0x7ffa0aee47b4
0x7ffa0aee47c4

Strings

;rZ, xrefs: 00007FFA0AEE46DD
m>, xrefs: 00007FFA0AEE4602
"!, xrefs: 00007FFA0AEE4771

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: ;rZ$m>$"!
API String ID: 0-2855459336
Opcode ID: bdbe6e1d82bb632704f2b101e9a928159ee6ca7133674330e3974aac11c94159
Instruction ID: b2082c60c650fa9dcc525d34ffe09dbcc4026d7687e71aa4f9d45ced4124218f
Opcode Fuzzy Hash: bdbe6e1d82bb632704f2b101e9a928159ee6ca7133674330e3974aac11c94159
Instruction Fuzzy Hash: 2651EF77A246A08FE398CF74D88999D3BB0F34439CB10A618FA5B96A5CD774D684CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDF28C Relevance: 3.8, Strings: 3, Instructions: 90
COMMONCrypto

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AEDF28C(signed int __ecx, signed int __edx, long long __rax, signed int _a8, signed int _a16, signed int _a24, signed int _a32) {
				long long _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v56;
				signed int _v72;
				void* _t86;
				signed int _t87;
				signed int _t97;
				intOrPtr _t103;
				long long _t106;
				long long _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				long long* _t110;
				intOrPtr _t111;
				void* _t112;
				intOrPtr _t117;
				long long _t119;

				_a16 = __edx;
				_a8 = __ecx;
				_v48 = 0x5d4ec;
				_v44 = 0x7f418;
				_v40 = __rax;
				_a16 = 0x2a6ce7;
				_a16 = _a16 * 0x6b;
				_a16 = _a16 ^ 0x11bb848d;
				_t97 = _a16;
				_t108 =  *0xaee8230; // 0x0
				goto 0xaedf3f1;
				_t117 =  *((intOrPtr*)(_t108 + 0x50));
				_v56 = 0x534e8;
				_v56 = _v56 | 0x1b7c7c75;
				_v56 = _v56 ^ 0x1b7d7cfd;
				_a24 = 0xf40dfe;
				_a24 = _a24 << 0xc;
				_a24 = _a24 * 0x4f;
				_a24 = _a24 ^ 0x05121c45;
				_a16 = 0x12dd48;
				_a16 = _a16 + 0xac61;
				_a16 = _a16 ^ 0xea6e46f5;
				_a16 = _a16 + 0xc4a0;
				_a16 = _a16 ^ 0xea7a5f4f;
				_a8 = 0x28dae;
				_a8 = _a8 >> 1;
				_a8 = _a8 << 3;
				_a8 = _a8 ^ 0x00097e26;
				_a32 = 0xee5e24;
				_a32 = _a32 << 0xe;
				_a32 = _a32 ^ 0x97849b54;
				_t103 =  *0xaee8230; // 0x0
				_v72 = _v56;
				_t86 = E00007FFA7FFA0AEE5608( *((intOrPtr*)(_t103 + 0x18)) - _t97, _t112);
				_a16 = 0xef6cd7;
				_a16 = _a16 * 0x7d;
				_a16 = _a16 << 0xb;
				_a16 = _a16 ^ 0x95473e39;
				_a16 = _a16 ^ 0xd460e639;
				if (_t86 != _a16) goto 0xaedf3b2;
				_t109 =  *0xaee8230; // 0x0
				 *((long long*)(_t109 + 0x50)) =  *((intOrPtr*)(_t117 + 0x10));
				goto 0xaedf3e8;
				_a16 = 0xad0ab1;
				_a16 = _a16 >> 2;
				_a16 = _a16 ^ 0x002b42ad;
				goto 0xaedf3cc;
				_t87 = _a16;
				if (_t86 - 1 - _t87 > 0) goto 0xaedf3c6;
				_t110 =  *((intOrPtr*)(_t117 + 0x10)) + 0x10;
				_t119 =  *_t110;
				 *_t110 =  *((intOrPtr*)(_t119 + 0x10));
				_t111 =  *0xaee8230; // 0x0
				 *((long long*)(_t119 + 0x10)) = _t106;
				_t107 = _t119;
				if (_t97 + 1 -  *((intOrPtr*)(_t111 + 0x18)) < 0) goto 0xaedf2d8;
				 *((long long*)(_t111 + 0x50)) = _t107;
				 *((long long*)(_t111 + 0x40)) = _t107;
				return _t87;
			}

0x7ffa0aedf28c
0x7ffa0aedf290
0x7ffa0aedf29e
0x7ffa0aedf2a5
0x7ffa0aedf2ae
0x7ffa0aedf2b2
0x7ffa0aedf2bf
0x7ffa0aedf2c2
0x7ffa0aedf2c9
0x7ffa0aedf2cc
0x7ffa0aedf2d3
0x7ffa0aedf2d8
0x7ffa0aedf2dc
0x7ffa0aedf2e3
0x7ffa0aedf2ea
0x7ffa0aedf2f1
0x7ffa0aedf2f8
0x7ffa0aedf300
0x7ffa0aedf303
0x7ffa0aedf30a
0x7ffa0aedf311
0x7ffa0aedf318
0x7ffa0aedf31f
0x7ffa0aedf326
0x7ffa0aedf32d
0x7ffa0aedf334
0x7ffa0aedf337
0x7ffa0aedf33b
0x7ffa0aedf342
0x7ffa0aedf349
0x7ffa0aedf34d
0x7ffa0aedf360
0x7ffa0aedf36f
0x7ffa0aedf373
0x7ffa0aedf378
0x7ffa0aedf383
0x7ffa0aedf386
0x7ffa0aedf38a
0x7ffa0aedf391
0x7ffa0aedf39f
0x7ffa0aedf3a1
0x7ffa0aedf3ac
0x7ffa0aedf3b0
0x7ffa0aedf3b2
0x7ffa0aedf3b9
0x7ffa0aedf3bd
0x7ffa0aedf3c4
0x7ffa0aedf3cc
0x7ffa0aedf3d1
0x7ffa0aedf3d3
0x7ffa0aedf3d7
0x7ffa0aedf3de
0x7ffa0aedf3e1
0x7ffa0aedf3e8
0x7ffa0aedf3ee
0x7ffa0aedf3f4
0x7ffa0aedf3fa
0x7ffa0aedf3fe
0x7ffa0aedf409

Strings

$^, xrefs: 00007FFA0AEDF342
O_z, xrefs: 00007FFA0AEDF326
&~, xrefs: 00007FFA0AEDF33B

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: $^$&~$O_z
API String ID: 0-593611379
Opcode ID: 83dd168e8a4988be9ba19ff6dc0b381314261cadca09ea6167948e9e0377b613
Instruction ID: f49e33029ceb0f90934ea50477b3435d37c478a246fbc9044f65e663cd766295
Opcode Fuzzy Hash: 83dd168e8a4988be9ba19ff6dc0b381314261cadca09ea6167948e9e0377b613
Instruction Fuzzy Hash: 3A4124736007508FD364DF34E49949C3BB4F3487AC7266629EA1E87B68DB78D484CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED49E4 Relevance: 3.8, Strings: 3, Instructions: 88
COMMONCrypto

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AED49E4(void* __rax, long long __rbx, long long __rdi, void* __r8, long long _a8, long long _a16, signed int _a40) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v32;
				signed int _v40;
				signed int _t95;
				signed int _t106;
				signed int _t109;
				void* _t123;
				void* _t128;
				void* _t129;
				void* _t139;

				_t123 = __rax;
				_a8 = __rbx;
				_a16 = __rdi;
				_v40 = _a40;
				_t95 = E00007FFA7FFA0AEE3C78(_a40, _t128, _t129, __r8, _t139);
				_v12 = 0xbafe9;
				_v20 = 0x39c741;
				_v20 = _v20 << 0xc;
				_v20 = _v20 + 0x56be;
				_v20 = _v20 ^ 0x9c7109ea;
				_v16 = 0x9c65da;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 ^ 0x00022b90;
				E00007FFA7FFA0AED5C2C();
				_v20 = 0xc5c70d;
				_v20 = _v20 | 0x3bef4801;
				r8d = _t95;
				_v20 = 0x44d72045 * _v20 >> 0x20 >> 5;
				_v20 = _v20 ^ 0x7e7670e0;
				_v20 = _v20 ^ 0x7ef68066;
				_v16 = 0xfa60d4;
				_t109 = _v16;
				_t120 = 0x21fb7813 * _t109 >> 0x20;
				_v16 = (_t109 - (0x21fb7813 * _t109 >> 0x20) >> 1) + (0x21fb7813 * _t109 >> 0x20) >> 6;
				_v16 = _v16 + 0xffff6838;
				_v16 = _v16 ^ 0x00000d30;
				_v12 = 0xbf4714;
				_v12 = _v12 + 0x9feb;
				_v12 = _v12 ^ 0x00bce86b;
				_v24 = 0x80887e;
				_v24 = _v24 + 0xc437;
				_v24 = _v24 + 0xffff3955;
				_v24 = _v24 * 0x5d;
				_v24 = _v24 ^ 0x2eb996c3;
				E00007FFA7FFA0AEDDE9C(_v20 + r8d, _t120, _t123);
				if (_t123 == 0) goto 0xaed4b76;
				_v20 = 0x55976f;
				_v20 = _v20 + 0xffff2fc8;
				_v20 = _v20 | 0xd09804ee;
				_v20 = _v20 + 0xfffff052;
				_v20 = _v20 ^ 0xd0d79afa;
				_v24 = 0x7718;
				_v24 = _v24 | 0xe4c34a1d;
				_v24 = _v24 ^ 0xe4cce351;
				_v12 = 0x455853;
				_v12 = _v12 + 0x1f9f;
				_v12 = _v12 ^ 0x004b2faa;
				_v16 = 0x65db82;
				_v16 = _v16 | 0xffd7d9f1;
				_v16 = _v16 ^ 0xffffa2ed;
				_v32 = _v16;
				_t106 = _v12;
				r8d = _v24;
				_v40 = _t106;
				E00007FFA7FFA0AEDDF7C();
				return _t106;
			}

0x7ffa0aed49e4
0x7ffa0aed49e4
0x7ffa0aed49e9
0x7ffa0aed49fc
0x7ffa0aed4a00
0x7ffa0aed4a05
0x7ffa0aed4a0c
0x7ffa0aed4a13
0x7ffa0aed4a17
0x7ffa0aed4a1e
0x7ffa0aed4a25
0x7ffa0aed4a2c
0x7ffa0aed4a30
0x7ffa0aed4a3d
0x7ffa0aed4a42
0x7ffa0aed4a49
0x7ffa0aed4a50
0x7ffa0aed4a65
0x7ffa0aed4a68
0x7ffa0aed4a6f
0x7ffa0aed4a76
0x7ffa0aed4a7d
0x7ffa0aed4a80
0x7ffa0aed4a8b
0x7ffa0aed4a8e
0x7ffa0aed4a95
0x7ffa0aed4a9c
0x7ffa0aed4aa3
0x7ffa0aed4aaa
0x7ffa0aed4ab1
0x7ffa0aed4ab8
0x7ffa0aed4abf
0x7ffa0aed4aca
0x7ffa0aed4acd
0x7ffa0aed4ae3
0x7ffa0aed4aee
0x7ffa0aed4af4
0x7ffa0aed4b01
0x7ffa0aed4b08
0x7ffa0aed4b0f
0x7ffa0aed4b16
0x7ffa0aed4b1d
0x7ffa0aed4b24
0x7ffa0aed4b2b
0x7ffa0aed4b32
0x7ffa0aed4b39
0x7ffa0aed4b40
0x7ffa0aed4b47
0x7ffa0aed4b4e
0x7ffa0aed4b55
0x7ffa0aed4b5f
0x7ffa0aed4b63
0x7ffa0aed4b66
0x7ffa0aed4b6d
0x7ffa0aed4b71
0x7ffa0aed4b88

Strings

SXE, xrefs: 00007FFA0AED4B32
pv~, xrefs: 00007FFA0AED4A68
0, xrefs: 00007FFA0AED4A95

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: 0$SXE$pv~
API String ID: 0-1635062779
Opcode ID: 0385726ca8ac33273349cdf55f5bd0fb3c5354324d71d904fc73aea272a34837
Instruction ID: 501824d75c442675726c9b47ee15f0eacbfebc16ef89c29a9ca6a9778fafd11c
Opcode Fuzzy Hash: 0385726ca8ac33273349cdf55f5bd0fb3c5354324d71d904fc73aea272a34837
Instruction Fuzzy Hash: 6441DF73F00310AFE348DFB6D5854AD3BB1B34475CB108598DE66AAA68D7B89B44CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D2BF8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 29%

			E00007FF77FF7A58D2BF8(void* __edx, void* __eflags, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, long long _a8, long long _a16, long long _a24) {
				void* _t11;
				void* _t22;
				void* _t33;

				_t23 = __rbx;
				_t22 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t11 = r9d;
				_t33 = __rcx;
				E00007FF77FF7A58D2730(7, __rbx, "GetLocaleInfoEx", __rsi, 0xa58ea540, "GetLocaleInfoEx");
				if (_t22 == 0) goto 0xa58d2c58;
				r9d = _t11;
				 *0xa58e2398();
				goto 0xa58d2c72;
				E00007FF77FF7A58D2FEC(0, 0, _t22, _t23, _t33);
				r9d = _t11;
				return GetLocaleInfoW(??, ??, ??, ??);
			}

0x7ff7a58d2bf8
0x7ff7a58d2bf8
0x7ff7a58d2bf8
0x7ff7a58d2bfd
0x7ff7a58d2c02
0x7ff7a58d2c0c
0x7ff7a58d2c1b
0x7ff7a58d2c31
0x7ff7a58d2c39
0x7ff7a58d2c45
0x7ff7a58d2c50
0x7ff7a58d2c56
0x7ff7a58d2c5d
0x7ff7a58d2c64
0x7ff7a58d2c86

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF7A58C08C6), ref: 00007FF7A58D2C6C

Strings

GetLocaleInfoEx, xrefs: 00007FF7A58D2C14, 00007FF7A58D2C25

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: c70aceb7a952ede4ad79d295d1251391c40ef71c91b4762f62818d9a92763951
Instruction ID: db1aa6731c85277d873b6c0255840529bae4ab418d6a3b2c897485692fcacea6
Opcode Fuzzy Hash: c70aceb7a952ede4ad79d295d1251391c40ef71c91b4762f62818d9a92763951
Instruction Fuzzy Hash: 2A01A221B0AB81C5E744AB46B4005AAE3B0BF96FC0F994075EE0E13B79CE3CD9618350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58CFD5C Relevance: 3.2, APIs: 2, Instructions: 232COMMON

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF7A58CFFAB
RaiseException.KERNEL32 ref: 00007FF7A58CFFBC

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: c0f2a80f895b13ce6a9ac58059971ae20db0d7c464d13ed2458738f08f4c7a14
Instruction ID: c28d64dd2c263dc053ae067f1cb25263f7e1a51c42b3cf2cb5fb710f55e8b583
Opcode Fuzzy Hash: c0f2a80f895b13ce6a9ac58059971ae20db0d7c464d13ed2458738f08f4c7a14
Instruction Fuzzy Hash: D8B16A73612B848BEB15DF29C88236C77A0F785F48F5A8821DA5D877B4CB39D821C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE05C4 Relevance: 2.7, Strings: 2, Instructions: 225
COMMONCrypto

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AEE05C4(signed int __rax, long long __rbx, long long __rcx, long long __rdx, long long _a8, void* _a16, signed int _a24, signed int _a32) {
				signed int _v60;
				void* _v64;
				long long _v68;
				intOrPtr _v72;
				long long _v80;
				char _v84;
				signed int _v88;
				long long _v104;
				signed int _v112;
				void* _v120;
				signed int _t203;
				signed int _t221;
				signed int _t259;
				char _t265;
				signed long long _t271;
				signed int _t281;
				long long _t282;
				long long _t289;
				long long* _t290;

				_t271 = __rax;
				_a8 = __rbx;
				_a16 = __rdx;
				_t289 = __rcx;
				_v72 = 0xc4af8;
				_v68 = __rcx;
				_v60 = 0;
				r15d = 0;
				if (0x6c63b == 0x24572) goto 0xaee06d4;
				if (0x6c63b == 0x6c63b) goto 0xaee06ca;
				if (0x6c63b != 0xe8b46) goto 0xaee08f4;
				_a24 = 0x45f1f1;
				_a24 = (_a24 - (0xaf286bcb * _a24 >> 0x20) >> 1) + (0xaf286bcb * _a24 >> 0x20) >> 5;
				_a24 = _a24 ^ 0x0000d735;
				_t221 = _a24;
				_v88 = 0x5e30bf;
				_v88 = _v88 >> 4;
				_v88 = _v88 ^ 0x000950c6;
				_a32 = 0x13ba70;
				_a32 = __rax + __rax * 2 + __rax + __rax * 2;
				_a32 = _a32 ^ 0x007bf56b;
				_a24 = 0xd4719b;
				_a24 = _a24 | 0xfdfa6a1d;
				_a24 = _a24 ^ 0xb9e5b7fe;
				_a24 = _a24 ^ 0x643845e8;
				_a24 = _a24 ^ 0x202cd41a;
				E00007FFA7FFA0AEDDE9C(_t221, 0xaf286bcb * _a24 >> 0x20, __rax);
				_t281 = __rax;
				if (__rax == 0) goto 0xaee08ff;
				goto 0xaee0609;
				goto 0xaee0609;
				_v88 = 0x160acd;
				_v104 = __rax;
				r9d = _t221;
				_v88 = (_v88 - (0xd41d41d5 * _v88 >> 0x20) >> 1) + (0xd41d41d5 * _v88 >> 0x20) >> 6;
				_v88 = _v88 ^ 0x00017c47;
				_a32 = 0xeee281;
				_a32 = _a32 + 0x139d;
				_a32 = _a32 + 0xffff2278;
				_a32 = _a32 ^ 0x00edd5a5;
				_a24 = 0x425f03;
				_a24 = _a24 >> 4;
				_a24 = _a24 ^ 0x41195f7a;
				_a24 = _a24 * 0x6f;
				_a24 = _a24 ^ 0x3bca1a11;
				_t203 = _a24;
				r8d = _a32;
				_v112 = _t203;
				_v120 = _t289;
				E00007FFA7FFA0AEE4CC4();
				r15d = _t203;
				if (_t203 == 0) goto 0xaee08ef;
				_t265 = _v84;
				if (_t265 == 0) goto 0xaee08ef;
				if (_t265 != 0) goto 0xaee06c0;
				_a24 = 0xc48836;
				_a24 = _a24 ^ 0x364b4cb3;
				_a24 = _a24 ^ 0x24365076;
				_a24 = _a24 ^ 0x12b994f1;
				r12d = _a24;
				_a32 = 0xf3ccc1;
				_a32 = _a32 * 0x35;
				_a32 = _a32 | 0xec7d6d7e;
				r12d = r12d * _t221;
				_a32 = _a32 ^ 0xfe7e6438;
				_a24 = 0xa7fc52;
				_a24 = _a24 | 0x193b7351;
				_a24 = _a24 << 4;
				_a24 = _a24 ^ 0x9bfe2520;
				_v88 = 0xbbd1e3;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x0001d998;
				E00007FFA7FFA0AEDDE9C(r12d, _v84, __rax);
				_v80 = __rax;
				if (__rax == 0) goto 0xaee08ff;
				_v88 = 0x1cf460;
				_v88 = _v88 << 6;
				_v88 = _v88 | 0xc76df445;
				_v88 = _v88 * 0x66;
				_v88 = _v88 ^ 0x7c33bcb8;
				_a32 = 0x207983;
				_a32 = _a32 + 0xffffa9c0;
				_a32 = _a32 + 0xfca9;
				_a32 = _a32 >> 0xa;
				_a32 = _a32 ^ 0x00059fd1;
				_a24 = 0x75ef6;
				_a24 = _a24 << 5;
				_a24 = _a24 ^ 0x87eec559;
				_a24 = _a24 + 0xda79;
				_a24 = _a24 ^ 0x8705059e;
				_v112 = _a24;
				_v120 = _a32;
				E00007FFA7FFA0AEE5544(_t221,  &_v84, __rax, __rax, __rax);
				_a24 = 0x93e1a1;
				_a24 = (_a24 - (0x6c16c16d * _a24 >> 0x20) >> 1) + (0x6c16c16d * _a24 >> 0x20) >> 5;
				_a24 = _a24 >> 7;
				_a24 = _a24 + 0xffff47f3;
				_a24 = _a24 ^ 0xfff87455;
				_a32 = 0x5002ef;
				_a32 = _a32 >> 5;
				_a32 = _a32 >> 6;
				_a32 = _a32 ^ 0x00019a0b;
				r8d = _a32;
				E00007FFA7FFA0AED89D0(_t271, _t281);
				_t282 = _v80;
				r14d = _t221;
				_t259 = _t221;
				if (_t259 == 0) goto 0xaee08ff;
				goto 0xaee06c0;
				if (0x9c600 != 0x9c600) goto 0xaee0609;
				_t290 = _a16;
				if (r15d != 0) goto 0xaee0968;
				_a32 = 0xff4c61;
				_a32 = _a32 >> 0xf;
				_a32 = _a32 << 7;
				_a32 = _a32 ^ 0x00018cb1;
				_a24 = 0xf8be5;
				_a24 = _a24 ^ 0xfc2254c3;
				_a24 = _a24 ^ 0x4d4a371b;
				_a24 = _a24 ^ 0xb16696c5;
				r8d = _a24;
				E00007FFA7FFA0AED89D0(_t271, _t282);
				_a24 = 0x1c79ea;
				_a24 = _t271 + _t271 * 2 << 5;
				_a24 = _a24 ^ 0x0aadb7c0;
				goto 0xaee0972;
				 *_t290 = _t282;
				 *((intOrPtr*)(_t290 + 8)) = r12d - _t259;
				return r15d;
			}

0x7ffa0aee05c4
0x7ffa0aee05c4
0x7ffa0aee05c9
0x7ffa0aee05e7
0x7ffa0aee05ec
0x7ffa0aee05f8
0x7ffa0aee0603
0x7ffa0aee0606
0x7ffa0aee060e
0x7ffa0aee0619
0x7ffa0aee0624
0x7ffa0aee062a
0x7ffa0aee0644
0x7ffa0aee0647
0x7ffa0aee064e
0x7ffa0aee0651
0x7ffa0aee0658
0x7ffa0aee065c
0x7ffa0aee0663
0x7ffa0aee0672
0x7ffa0aee0677
0x7ffa0aee067e
0x7ffa0aee0685
0x7ffa0aee068c
0x7ffa0aee0693
0x7ffa0aee069a
0x7ffa0aee06aa
0x7ffa0aee06af
0x7ffa0aee06b5
0x7ffa0aee06c5
0x7ffa0aee06cf
0x7ffa0aee06d4
0x7ffa0aee06e0
0x7ffa0aee06e8
0x7ffa0aee06f6
0x7ffa0aee06fd
0x7ffa0aee0704
0x7ffa0aee070b
0x7ffa0aee0712
0x7ffa0aee0719
0x7ffa0aee0720
0x7ffa0aee0727
0x7ffa0aee072b
0x7ffa0aee0736
0x7ffa0aee0739
0x7ffa0aee0740
0x7ffa0aee0743
0x7ffa0aee074a
0x7ffa0aee074e
0x7ffa0aee0753
0x7ffa0aee0758
0x7ffa0aee075d
0x7ffa0aee0766
0x7ffa0aee0768
0x7ffa0aee0773
0x7ffa0aee0779
0x7ffa0aee0780
0x7ffa0aee0787
0x7ffa0aee078e
0x7ffa0aee0795
0x7ffa0aee0799
0x7ffa0aee07a4
0x7ffa0aee07a7
0x7ffa0aee07ae
0x7ffa0aee07b2
0x7ffa0aee07b9
0x7ffa0aee07c3
0x7ffa0aee07ca
0x7ffa0aee07ce
0x7ffa0aee07d5
0x7ffa0aee07dc
0x7ffa0aee07e0
0x7ffa0aee07f0
0x7ffa0aee07f8
0x7ffa0aee07ff
0x7ffa0aee0805
0x7ffa0aee0812
0x7ffa0aee0816
0x7ffa0aee0821
0x7ffa0aee0826
0x7ffa0aee082d
0x7ffa0aee0834
0x7ffa0aee083b
0x7ffa0aee0842
0x7ffa0aee0846
0x7ffa0aee084d
0x7ffa0aee0854
0x7ffa0aee0858
0x7ffa0aee085f
0x7ffa0aee0866
0x7ffa0aee0870
0x7ffa0aee087a
0x7ffa0aee087e
0x7ffa0aee0883
0x7ffa0aee08a0
0x7ffa0aee08a3
0x7ffa0aee08a7
0x7ffa0aee08ae
0x7ffa0aee08b5
0x7ffa0aee08bc
0x7ffa0aee08c0
0x7ffa0aee08c4
0x7ffa0aee08cb
0x7ffa0aee08d2
0x7ffa0aee08d7
0x7ffa0aee08db
0x7ffa0aee08de
0x7ffa0aee08e8
0x7ffa0aee08ea
0x7ffa0aee08f9
0x7ffa0aee08ff
0x7ffa0aee0906
0x7ffa0aee0908
0x7ffa0aee0912
0x7ffa0aee0916
0x7ffa0aee091a
0x7ffa0aee0921
0x7ffa0aee0928
0x7ffa0aee092f
0x7ffa0aee0936
0x7ffa0aee093d
0x7ffa0aee0944
0x7ffa0aee0949
0x7ffa0aee0959
0x7ffa0aee095c
0x7ffa0aee0966
0x7ffa0aee096a
0x7ffa0aee096e
0x7ffa0aee098c

Strings

~m}, xrefs: 00007FFA0AEE07A7
vP6$, xrefs: 00007FFA0AEE0787

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: vP6$$~m}
API String ID: 0-1645030072
Opcode ID: 517194ed585154f2f8b6ca297c843bdaefdc6c033420e761d93174f6d96bc45a
Instruction ID: e175996ddef467bba532600470c7546cd2f128efbf939b3a710787a79945b698
Opcode Fuzzy Hash: 517194ed585154f2f8b6ca297c843bdaefdc6c033420e761d93174f6d96bc45a
Instruction Fuzzy Hash: 1CB14673A046D18FE758DFB4D8994AD3BB2F74436C7104228EA0A97F58D7B8D845CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED5D08 Relevance: 2.7, Strings: 2, Instructions: 218COMMON

Download Yara Rule

Strings

ERv, xrefs: 00007FFA0AED5D9D
r7, xrefs: 00007FFA0AED608C

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: ERv$r7
API String ID: 0-706241005
Opcode ID: eb0ef837f184cbec06b577f35dfc067b75d00121bf652046c5176a31b4c06c70
Instruction ID: d52e46737726c3c0c31d53e1b7103d80446cc658a3d20647d51c7cc94f88e769
Opcode Fuzzy Hash: eb0ef837f184cbec06b577f35dfc067b75d00121bf652046c5176a31b4c06c70
Instruction Fuzzy Hash: 6FC116735452D0CFE37ADF75E849BD97BA0F34871CF00422ADA499AA58EBB9D644CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDD1E8 Relevance: 2.7, Strings: 2, Instructions: 217
COMMONCrypto

Download Yara Rule

C-Code - Quality: 54%

			E00007FFA7FFA0AEDD1E8(long long __rbx, intOrPtr* __rdx, long long __rdi, long long __rsi) {
				long long _t296;
				intOrPtr* _t299;
				void* _t301;
				long long _t310;
				void* _t312;
				void* _t313;
				void* _t315;
				void* _t316;
				void* _t318;
				void* _t319;
				void* _t320;

				_t306 = __rdx;
				_t320 = _t315;
				 *((long long*)(_t320 + 8)) = __rbx;
				 *((long long*)(_t320 + 0x18)) = __rsi;
				 *((long long*)(_t320 + 0x20)) = __rdi;
				_t313 = _t320 - 0x4f;
				_t316 = _t315 - 0x90;
				_t310 =  *((intOrPtr*)(_t313 + 0x77));
				_t299 = __rdx;
				 *((intOrPtr*)(_t316 + 0x28)) =  *((intOrPtr*)(_t313 + 0x7f));
				 *((long long*)(_t320 - 0x78)) = _t310;
				E00007FFA7FFA0AEE3C78( *((intOrPtr*)(_t313 + 0x7f)), _t301, __rdx, _t318, _t319);
				 *(_t313 + 0x5f) = 0xaa75a;
				if (0xb5edc == 0x15664) goto 0xaedd48a;
				if (0xb5edc == 0x1728b) goto 0xaedd3dd;
				if (0xb5edc == 0x2776e) goto 0xaedd352;
				if (0xb5edc == 0x3c057) goto 0xaedd2b7;
				if (0xb5edc == 0x99034) goto 0xaedd51f;
				if (0xb5edc == 0xb5edc) goto 0xaedd27f;
				if (0xb5edc != 0xe30f0) goto 0xaedd513;
				 *(_t299 + 8) = E00007FFA7FFA0AEE0D2C(_t310);
				goto 0xaedd228;
				 *_t299 = __rdi;
				 *(_t313 + 0x5f) = 0x6c5f3f;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) * 0x3f;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) * 0x37;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) << 2;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) ^ 0xeb54aedc;
				 *(_t299 + 8) =  *(_t313 + 0x5f);
				goto 0xaedd228;
				 *(_t313 - 0x15) = 0x52892c;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) + 0xffff75f9;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) ^ 0x75e173f4;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) + 0xffffb3ae;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) ^ 0x75befe47;
				 *(_t313 - 0x19) = 0x1c4879;
				 *(_t313 - 0x19) = 0x38e38e39 *  *(_t313 - 0x19) >> 0x20 >> 4;
				 *(_t313 - 0x19) =  *(_t313 - 0x19) >> 5;
				 *(_t313 - 0x19) =  *(_t313 - 0x19) + 0x12c3;
				 *(_t313 - 0x19) =  *(_t313 - 0x19) ^ 0x0007bb04;
				 *(_t313 + 0x5f) = 0xa762ff;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) << 0xb;
				 *(_t313 + 0x5f) = 0xcccccccd *  *(_t313 + 0x5f) >> 0x20 >> 2;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) * 0x29;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) ^ 0xe49a18c1;
				 *(_t316 + 0x20) = _t313 - 9;
				r9d =  *(_t313 + 0x5f);
				r8d =  *(_t313 - 0x19);
				E00007FFA7FFA0AEDDBDC(_t313 - 9, _t299);
				goto 0xaedd228;
				 *(_t313 - 0x19) = 0x302e9e;
				_t251 =  *(_t313 - 0x19);
				 *(_t316 + 0x20) = _t313 - 9;
				 *(_t313 - 0x19) = ( *(_t313 - 0x19) - (0x86186187 * _t251 >> 0x20) >> 1) + (0x86186187 * _t251 >> 0x20) >> 5;
				 *(_t313 - 0x19) =  *(_t313 - 0x19) >> 9;
				 *(_t313 - 0x19) =  *(_t313 - 0x19) ^ 0x000c455d;
				 *(_t313 - 0x15) = 0x79999f;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) ^ 0x5259d5fb;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) + 0xa4b1;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) ^ 0x522f151a;
				 *(_t313 + 0x5f) = 0x7352fb;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) | 0x1b641600;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) << 8;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) ^ 0x6cc00070;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) ^ 0x1b92f3a2;
				r9d =  *(_t313 + 0x5f);
				r8d =  *(_t313 - 0x15);
				E00007FFA7FFA0AEE6588(0xb5edc - 0xe30f0, _t313 - 9, _t299, _t310 + 0x40, _t306, _t318, _t319);
				goto 0xaedd228;
				 *(_t313 + 0x5f) = 0xd470b;
				 *(_t313 + 0x5f) = ( *(_t313 + 0x5f) - (0x323e34a3 *  *(_t313 + 0x5f) >> 0x20) >> 1) + (0x323e34a3 *  *(_t313 + 0x5f) >> 0x20) >> 6;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) << 4;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) << 7;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) ^ 0x00fd18b3;
				 *(_t313 - 0x19) = 0xb65073;
				 *(_t313 - 0x19) =  *(_t313 - 0x19) + 0x293a;
				_t296 = _t313 - 9;
				 *((long long*)(_t316 + 0x28)) = _t296;
				 *(_t313 - 0x19) = 0xba2e8ba3 *  *(_t313 - 0x19) >> 0x20 >> 6;
				 *(_t313 - 0x19) =  *(_t313 - 0x19) ^ 0x00089daa;
				 *(_t313 - 0x11) = 0x635f74;
				 *(_t313 - 0x11) =  *(_t313 - 0x11) | 0xc300ece1;
				 *(_t313 - 0x11) =  *(_t313 - 0x11) ^ 0xc3614a70;
				 *(_t313 - 0x15) = 0xa7a139;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) | 0xfd7e6dcf;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) ^ 0xfdf8f6c5;
				r8d =  *(_t313 - 0x11);
				r9d =  *(_t310 + 0x28);
				 *(_t316 + 0x20) =  *(_t313 - 0x15);
				E00007FFA7FFA0AEDB108(_t312);
				goto 0xaedd228;
				 *(_t313 - 0x15) = 0x1d9338;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) >> 8;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) + 0xffff010b;
				 *(_t313 - 0x15) = 0x4ec4ec4f *  *(_t313 - 0x15) >> 0x20 >> 5;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) ^ 0x027c892f;
				 *(_t313 - 0x19) = 0x99da82;
				 *(_t313 - 0x19) =  *(_t313 - 0x19) * 0x68;
				 *(_t313 - 0x19) =  *(_t313 - 0x19) + 0xffffac2a;
				 *(_t313 - 0x19) =  *(_t313 - 0x19) ^ 0x3e89e2d4;
				 *(_t313 + 0x5f) = 0xf89c37;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) * 0x37;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) | 0xbeffcfcf;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) ^ 0xbffc9740;
				E00007FFA7FFA0AEDDE9C( *(_t299 + 8), 0x4ec4ec4f *  *(_t313 - 0x15) >> 0x20 >> 5, _t296);
				 *_t299 = _t296;
				if (_t296 == 0) goto 0xaedd50e;
				goto 0xaedd228;
				if (0x4623f == 0x4623f) goto 0xaedd593;
				goto 0xaedd228;
				 *(_t313 - 0x15) = 0xd85aac;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) + 0x665b;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) << 6;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) << 0xd;
				 *(_t313 - 0x15) =  *(_t313 - 0x15) ^ 0x08310800;
				 *(_t313 + 0x5f) = 0x9eb24a;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) | 0xf5fbfeff;
				 *(_t313 + 0x5f) =  *(_t313 + 0x5f) ^ 0xf5fee964;
				 *(_t313 - 0x19) = 0xb3a94c;
				 *(_t313 - 0x19) =  *(_t313 - 0x19) * 0x7b;
				 *(_t316 + 0x20) = _t313 - 9;
				 *(_t313 - 0x19) = 0xe6c2b449 *  *(_t313 - 0x19) >> 0x20 >> 6;
				 *(_t313 - 0x19) =  *(_t313 - 0x19) ^ 0x01342aee;
				r9d =  *(_t313 - 0x19);
				r8d =  *(_t313 + 0x5f);
				E00007FFA7FFA0AEE6588(0x4623f - 0x4623f, _t313 - 9, _t299, _t310 + 8, _t306, _t318, _t319);
				dil =  *_t299 != __rdi;
				return 0;
			}

0x7ffa0aedd1e8
0x7ffa0aedd1e8
0x7ffa0aedd1eb
0x7ffa0aedd1ef
0x7ffa0aedd1f3
0x7ffa0aedd1f8
0x7ffa0aedd1fc
0x7ffa0aedd206
0x7ffa0aedd20a
0x7ffa0aedd20d
0x7ffa0aedd211
0x7ffa0aedd215
0x7ffa0aedd21f
0x7ffa0aedd22d
0x7ffa0aedd238
0x7ffa0aedd243
0x7ffa0aedd24e
0x7ffa0aedd255
0x7ffa0aedd260
0x7ffa0aedd267
0x7ffa0aedd275
0x7ffa0aedd27d
0x7ffa0aedd27f
0x7ffa0aedd282
0x7ffa0aedd28d
0x7ffa0aedd294
0x7ffa0aedd29d
0x7ffa0aedd2a0
0x7ffa0aedd2aa
0x7ffa0aedd2b2
0x7ffa0aedd2b7
0x7ffa0aedd2c3
0x7ffa0aedd2ca
0x7ffa0aedd2d1
0x7ffa0aedd2d8
0x7ffa0aedd2df
0x7ffa0aedd2f3
0x7ffa0aedd2f6
0x7ffa0aedd2fa
0x7ffa0aedd301
0x7ffa0aedd308
0x7ffa0aedd30f
0x7ffa0aedd31e
0x7ffa0aedd325
0x7ffa0aedd32c
0x7ffa0aedd333
0x7ffa0aedd338
0x7ffa0aedd33c
0x7ffa0aedd343
0x7ffa0aedd34d
0x7ffa0aedd352
0x7ffa0aedd35e
0x7ffa0aedd369
0x7ffa0aedd375
0x7ffa0aedd37c
0x7ffa0aedd380
0x7ffa0aedd387
0x7ffa0aedd38e
0x7ffa0aedd395
0x7ffa0aedd39c
0x7ffa0aedd3a3
0x7ffa0aedd3aa
0x7ffa0aedd3b1
0x7ffa0aedd3b5
0x7ffa0aedd3bc
0x7ffa0aedd3c3
0x7ffa0aedd3c7
0x7ffa0aedd3ce
0x7ffa0aedd3d8
0x7ffa0aedd3dd
0x7ffa0aedd3f7
0x7ffa0aedd400
0x7ffa0aedd408
0x7ffa0aedd40c
0x7ffa0aedd413
0x7ffa0aedd41a
0x7ffa0aedd426
0x7ffa0aedd42d
0x7ffa0aedd432
0x7ffa0aedd435
0x7ffa0aedd43c
0x7ffa0aedd443
0x7ffa0aedd44a
0x7ffa0aedd451
0x7ffa0aedd458
0x7ffa0aedd45f
0x7ffa0aedd469
0x7ffa0aedd473
0x7ffa0aedd477
0x7ffa0aedd47b
0x7ffa0aedd485
0x7ffa0aedd48a
0x7ffa0aedd496
0x7ffa0aedd49a
0x7ffa0aedd4a9
0x7ffa0aedd4ac
0x7ffa0aedd4b3
0x7ffa0aedd4be
0x7ffa0aedd4c1
0x7ffa0aedd4c8
0x7ffa0aedd4cf
0x7ffa0aedd4da
0x7ffa0aedd4dd
0x7ffa0aedd4e4
0x7ffa0aedd4f7
0x7ffa0aedd4fc
0x7ffa0aedd502
0x7ffa0aedd509
0x7ffa0aedd518
0x7ffa0aedd51a
0x7ffa0aedd51f
0x7ffa0aedd526
0x7ffa0aedd52d
0x7ffa0aedd531
0x7ffa0aedd535
0x7ffa0aedd53c
0x7ffa0aedd543
0x7ffa0aedd54a
0x7ffa0aedd551
0x7ffa0aedd55c
0x7ffa0aedd574
0x7ffa0aedd579
0x7ffa0aedd57c
0x7ffa0aedd583
0x7ffa0aedd587
0x7ffa0aedd58e
0x7ffa0aedd5a6
0x7ffa0aedd5b4

Strings

t_c, xrefs: 00007FFA0AEDD43C
?_l, xrefs: 00007FFA0AEDD282

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: ?_l$t_c
API String ID: 0-4151157559
Opcode ID: c15021385ec3d8b6fc79c28d43be331ab3ce4ee59829a6113f6a42c79383bcbc
Instruction ID: 97864c539c9c0f3a552debd891e9351d3ee4a9e5261b9d3bdb7fc6425071f0c0
Opcode Fuzzy Hash: c15021385ec3d8b6fc79c28d43be331ab3ce4ee59829a6113f6a42c79383bcbc
Instruction Fuzzy Hash: CCB17977B05640CFE318DFB8E4868AD3BB2F70439C7004929EA09ABB59D774DA15CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58CE614 Relevance: 2.6, Strings: 2, Instructions: 144
COMMONCrypto

Download Yara Rule

C-Code - Quality: 47%

			E00007FF77FF7A58CE614(void* __ebp, void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32, long long _a64) {
				void* _t17;
				long long _t32;
				void* _t42;
				void* _t45;
				void* _t46;

				_t46 = _t42;
				 *((long long*)(_t46 + 8)) = __rbx;
				 *((long long*)(_t46 + 0x10)) = __rbp;
				 *((long long*)(_t46 + 0x18)) = __rsi;
				 *((long long*)(_t46 + 0x20)) = __rdi;
				r13b = r9b;
				_t16 =  >  ? __ebp : 0;
				_t17 = ( >  ? __ebp : 0) + 9;
				if (__rdx - __rax > 0) goto 0xa58ce69c;
				_t32 = _a64;
				 *((long long*)(_t46 - 0x20)) = _t32;
				r9d = 0;
				 *(_t46 - 0x28) =  *(_t46 - 0x28) & 0x00000000;
				r8d = 0;
				 *((char*)(_t32 + 0x30)) = 1;
				 *((intOrPtr*)(_t32 + 0x2c)) = 0x22;
				E00007FF77FF7A58BE70C(__rax, __rbx, _t32, __rdx, __rsi, r8d, _t45);
				return 0x22;
			}

0x7ff7a58ce614
0x7ff7a58ce617
0x7ff7a58ce61b
0x7ff7a58ce61f
0x7ff7a58ce623
0x7ff7a58ce639
0x7ff7a58ce642
0x7ff7a58ce645
0x7ff7a58ce64d
0x7ff7a58ce64f
0x7ff7a58ce65c
0x7ff7a58ce660
0x7ff7a58ce663
0x7ff7a58ce668
0x7ff7a58ce66d
0x7ff7a58ce671
0x7ff7a58ce676
0x7ff7a58ce69b

Strings

e+000, xrefs: 00007FF7A58CE721
gfff, xrefs: 00007FF7A58CE79E

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: 35153115070499f8c0e64454a369b60cd33759bf3e88cf93a8740f4413b37650
Instruction ID: 8ee87508d23233900afd542061a0977e3fa6bc9c9ca07f78b523bdc374078405
Opcode Fuzzy Hash: 35153115070499f8c0e64454a369b60cd33759bf3e88cf93a8740f4413b37650
Instruction Fuzzy Hash: 5A517962B1A3C586E7259E35D801769BB91E746F94F8A82B1CBA84BAE1CF3DD010C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED525C Relevance: 2.6, Strings: 2, Instructions: 136
COMMONCrypto

Download Yara Rule

C-Code - Quality: 21%

			E00007FFA7FFA0AED525C(intOrPtr* __rcx, void* __r9) {
				void* __rbx;
				char _t136;
				signed int _t143;
				signed int _t175;
				char* _t181;
				void* _t185;
				void* _t186;
				void* _t187;

				_t185 = _t186 - 0x50;
				_t187 = _t186 - 0x150;
				_t136 =  *((intOrPtr*)(__rcx));
				 *(_t185 + 0x70) = 0x30c19;
				_t181 = _t187 + 0x40;
				goto 0xaed528d;
				if (_t136 == 0x2e) goto 0xaed5293;
				 *_t181 = _t136;
				_t177 = __rcx + 1;
				if ( *((intOrPtr*)(__rcx + 1)) != 0) goto 0xaed527f;
				goto 0xaed5296;
				 *((char*)(_t181 + 1)) = 0;
				 *(_t185 + 0x88) = 0x66d2c0;
				 *(_t185 + 0x88) =  *(_t185 + 0x88) >> 6;
				 *(_t185 + 0x88) =  *(_t185 + 0x88) ^ 0x000a8b72;
				 *(_t185 + 0x80) = 0xce591b;
				 *(_t185 + 0x80) =  *(_t185 + 0x80) | 0x5bdfd94e;
				 *(_t185 + 0x80) =  *(_t185 + 0x80) ^ 0x5bdb350f;
				 *(_t185 + 0x78) = 0x718671;
				 *(_t185 + 0x78) =  *(_t185 + 0x78) + 0xffff9ff2;
				 *(_t185 + 0x78) =  *(_t185 + 0x78) ^ 0x007d0db3;
				 *(_t185 + 0x70) = 0x4d4d6f;
				 *(_t185 + 0x70) =  *(_t185 + 0x70) * 0x67;
				_t175 = _t187 + 0x40;
				 *(_t185 + 0x70) =  *(_t185 + 0x70) ^ 0x1f1656e8;
				 *(_t187 + 0x20) = _t175;
				r9d =  *(_t185 + 0x70);
				r8d =  *(_t185 + 0x78);
				E00007FFA7FFA0AED891C();
				if (_t175 != 0) goto 0xaed536f;
				 *(_t185 + 0x78) = 0xd6faf;
				 *(_t185 + 0x78) =  *(_t185 + 0x78) >> 4;
				 *(_t185 + 0x78) =  *(_t185 + 0x78) ^ 0x0003c294;
				 *(_t185 + 0x70) = 0xe6758d;
				 *(_t185 + 0x70) =  *(_t185 + 0x70) * 0x52;
				 *(_t185 + 0x70) =  *(_t185 + 0x70) + 0xffffe1fe;
				 *(_t185 + 0x70) =  *(_t185 + 0x70) ^ 0x49d3029f;
				r8d =  *(_t185 + 0x70);
				E00007FFA7FFA0AEDBEF0();
				if (_t175 == 0) goto 0xaed5519;
				 *(_t185 + 0x78) = 0xf97c97;
				 *(_t185 + 0x78) =  *(_t185 + 0x78) | 0xf87ed973;
				 *(_t185 + 0x78) =  *(_t185 + 0x78) ^ 0xf8fffdf6;
				 *(_t185 + 0x70) = 0xfcba7d;
				 *(_t185 + 0x70) =  *(_t185 + 0x70) << 7;
				 *(_t185 + 0x70) =  *(_t185 + 0x70) + 0x7016;
				 *(_t185 + 0x70) = 0xc7ce0c7d *  *(_t185 + 0x70) >> 0x20 >> 6;
				 *(_t185 + 0x70) =  *(_t185 + 0x70) ^ 0x018114e4;
				 *(_t185 + 0x88) = 0x9693e0;
				 *(_t185 + 0x88) =  *(_t185 + 0x88) ^ 0x4a733a8d;
				 *(_t185 + 0x88) =  *(_t185 + 0x88) << 3;
				 *(_t185 + 0x88) =  *(_t185 + 0x88) ^ 0x5723ad3d;
				 *(_t185 + 0x80) = 0xeefdc3;
				 *(_t185 + 0x80) =  *(_t185 + 0x80) >> 3;
				 *(_t185 + 0x80) =  *(_t185 + 0x80) ^ 0xe5d3170d;
				 *(_t185 + 0x80) =  *(_t185 + 0x80) ^ 0xe5cf22e6;
				 *(_t187 + 0x30) = 0x9913ed;
				 *(_t187 + 0x30) =  *(_t187 + 0x30) + 0xffff6490;
				 *(_t187 + 0x30) =  *(_t187 + 0x30) ^ 0x0091df6e;
				r9d =  *(_t185 + 0x78);
				r8d =  *(_t185 + 0x80);
				 *(_t187 + 0x20) =  *(_t187 + 0x30);
				_t143 = E00007FFA7FFA0AED7410(__r9 + __rcx + 1);
				 *(_t185 + 0x80) = 0x28e616;
				 *(_t185 + 0x80) =  *(_t185 + 0x80) + 0xffff2781;
				r10d = _t143;
				_t155 =  *(_t185 + 0x80);
				r10d = r10d ^ 0x1002c2ee;
				 *(_t185 + 0x80) = ( *(_t185 + 0x80) - (0x3521cfb3 * _t155 >> 0x20) >> 1) + (0x3521cfb3 * _t155 >> 0x20) >> 6;
				 *(_t185 + 0x80) =  *(_t185 + 0x80) >> 0xa;
				 *(_t185 + 0x80) =  *(_t185 + 0x80) ^ 0x00011e54;
				 *(_t185 + 0x88) = 0x1864eb;
				 *(_t185 + 0x88) =  *(_t185 + 0x88) | 0xe07bf29b;
				 *(_t185 + 0x88) =  *(_t185 + 0x88) ^ 0x795368f3;
				 *(_t185 + 0x88) =  *(_t185 + 0x88) ^ 0x992a0dcc;
				 *(_t185 + 0x78) = 0xc88473;
				 *(_t185 + 0x78) =  *(_t185 + 0x78) << 0xd;
				 *(_t185 + 0x78) =  *(_t185 + 0x78) + 0x5543;
				 *(_t185 + 0x78) = 0xb21642c9 *  *(_t185 + 0x78) >> 0x20 >> 6;
				 *(_t185 + 0x78) =  *(_t185 + 0x78) ^ 0x002a4b24;
				 *(_t185 + 0x70) = 0x4f426f;
				 *(_t185 + 0x70) =  *(_t185 + 0x70) ^ 0x39b162f0;
				 *(_t185 + 0x70) =  *(_t185 + 0x70) | 0x07c0243c;
				 *(_t185 + 0x70) =  *(_t185 + 0x70) * 0x23;
				 *(_t185 + 0x70) =  *(_t185 + 0x70) ^ 0xbfb09910;
				 *(_t187 + 0x28) =  *(_t185 + 0x70);
				r9d =  *(_t185 + 0x88);
				r8d =  *(_t185 + 0x80);
				 *(_t187 + 0x20) =  *(_t185 + 0x78);
				return E00007FFA7FFA0AED8648(r10d, _t175, _t177, _t175, __r9 + __rcx + 1);
			}

0x7ffa0aed5260
0x7ffa0aed5265
0x7ffa0aed526c
0x7ffa0aed5271
0x7ffa0aed5278
0x7ffa0aed527d
0x7ffa0aed5281
0x7ffa0aed5283
0x7ffa0aed5288
0x7ffa0aed528f
0x7ffa0aed5291
0x7ffa0aed5293
0x7ffa0aed5296
0x7ffa0aed52a0
0x7ffa0aed52a7
0x7ffa0aed52b1
0x7ffa0aed52bb
0x7ffa0aed52c5
0x7ffa0aed52cf
0x7ffa0aed52d6
0x7ffa0aed52dd
0x7ffa0aed52e4
0x7ffa0aed52ef
0x7ffa0aed52f2
0x7ffa0aed52f7
0x7ffa0aed52fe
0x7ffa0aed5303
0x7ffa0aed5307
0x7ffa0aed5317
0x7ffa0aed5322
0x7ffa0aed5324
0x7ffa0aed5330
0x7ffa0aed5334
0x7ffa0aed533b
0x7ffa0aed5346
0x7ffa0aed5349
0x7ffa0aed5350
0x7ffa0aed5357
0x7ffa0aed535e
0x7ffa0aed5369
0x7ffa0aed536f
0x7ffa0aed537b
0x7ffa0aed5382
0x7ffa0aed5389
0x7ffa0aed5390
0x7ffa0aed5394
0x7ffa0aed53a3
0x7ffa0aed53a6
0x7ffa0aed53ad
0x7ffa0aed53b7
0x7ffa0aed53c1
0x7ffa0aed53c8
0x7ffa0aed53d2
0x7ffa0aed53dc
0x7ffa0aed53e3
0x7ffa0aed53ed
0x7ffa0aed53f7
0x7ffa0aed53ff
0x7ffa0aed5407
0x7ffa0aed540f
0x7ffa0aed5417
0x7ffa0aed542a
0x7ffa0aed542e
0x7ffa0aed5433
0x7ffa0aed543d
0x7ffa0aed5447
0x7ffa0aed544f
0x7ffa0aed5455
0x7ffa0aed546c
0x7ffa0aed5472
0x7ffa0aed5479
0x7ffa0aed5483
0x7ffa0aed548d
0x7ffa0aed5497
0x7ffa0aed54a1
0x7ffa0aed54ab
0x7ffa0aed54b2
0x7ffa0aed54b6
0x7ffa0aed54c8
0x7ffa0aed54ce
0x7ffa0aed54d5
0x7ffa0aed54dc
0x7ffa0aed54e3
0x7ffa0aed54ee
0x7ffa0aed54f1
0x7ffa0aed54fb
0x7ffa0aed5502
0x7ffa0aed5509
0x7ffa0aed5510
0x7ffa0aed5523

Strings

oBO, xrefs: 00007FFA0AED54D5
$K*, xrefs: 00007FFA0AED54CE

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: $K*$oBO
API String ID: 0-8899081
Opcode ID: 6f01d41164e06dacd2dd3a2fd5ab55caeaca007b2bcb6e4525fd5f9040045415
Instruction ID: 6b1d3b8c90a882939373ccaa3870162b67d8e374da5d36e4edffb34f0bf32ebb
Opcode Fuzzy Hash: 6f01d41164e06dacd2dd3a2fd5ab55caeaca007b2bcb6e4525fd5f9040045415
Instruction Fuzzy Hash: 9471F7739043C18FD3A8DF78D8497D93BE1F35574CF608229E6898AE68DB749649CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDCA5C Relevance: 2.6, Strings: 2, Instructions: 119COMMON

Download Yara Rule

Strings

lt$, xrefs: 00007FFA0AEDCC6F
(, xrefs: 00007FFA0AEDCA6A

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: ($lt$
API String ID: 0-2480456012
Opcode ID: 1680d3bc8638a33a4959f50e433b2a94c7f9c7da498b2207ee7e651335b79b2a
Instruction ID: ebe0806fe4577d3c54b41d3ec2cb12ec2812701dd0e783eb71e6f1f30500aca4
Opcode Fuzzy Hash: 1680d3bc8638a33a4959f50e433b2a94c7f9c7da498b2207ee7e651335b79b2a
Instruction Fuzzy Hash: 8D514DB39042408FD368DF34D48A49C3FA0F76479C7658628F74A8AA68D778D995CFC4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDF028 Relevance: 2.6, Strings: 2, Instructions: 103
COMMONCrypto

Download Yara Rule

C-Code - Quality: 45%

			E00007FFA7FFA0AEDF028(void* __ecx, intOrPtr __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r9, long long _a8, long long _a16, long long _a40, intOrPtr _a48) {
				signed int _v16;
				signed int _v20;
				unsigned int _v24;
				intOrPtr _v32;
				long long _v40;
				void* _t107;
				intOrPtr _t119;
				intOrPtr _t126;
				void* _t134;
				void* _t136;

				_t119 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_v32 = _a48;
				_v40 = _a40;
				E00007FFA7FFA0AEE3C78(_a48, __rcx, __rdx, _t134, __r9);
				_v16 = 0x41517;
				if (0x721f1 == 0x8b13) goto 0xaedf151;
				if (0x721f1 == 0x56ba9) goto 0xaedf1ad;
				if (0x721f1 == 0x721f1) goto 0xaedf0af;
				if (0x721f1 == 0x8ff59) goto 0xaedf0a3;
				if (0x721f1 != 0xffb5a) goto 0xaedf1a1;
				if (E00007FFA7FFA0AEE1960(0, _t107, _t119, _t136) == 0) goto 0xaedf207;
				goto 0xaedf060;
				E00007FFA7FFA0AED1708();
				goto 0xaedf060;
				_v20 = 0x4a7d41;
				_v20 = _v20 + 0x9930;
				_v20 = (_v20 - (0x2f684bdb * _v20 >> 0x20) >> 1) + (0x2f684bdb * _v20 >> 0x20) >> 5;
				_v20 = _v20 ^ 0x1bdbad49;
				_v20 = _v20 ^ 0x1bd2bcab;
				_v24 = 0x767848;
				_t22 =  &_v24; // 0x767848
				_v24 =  *_t22 * 0x51;
				_v24 = _v24 + 0x2020;
				_v24 = _v24 >> 3;
				_v24 = _v24 ^ 0x04af18b5;
				_v16 = 0xf03553;
				_v16 = _v16 << 0xb;
				_v16 = _v16 + 0xffffa731;
				_v16 = _v16 ^ 0x81aa7827;
				E00007FFA7FFA0AEDDE9C(0x70, 0x2f684bdb * _v20 >> 0x20, _t119);
				 *0xaee8230 = _t119;
				goto 0xaedf060;
				_v20 = 0xf423a6;
				_v20 = _v20 + 0x670e;
				_v20 = _v20 ^ 0x00f4e083;
				_v16 = 0x54fbba;
				_v16 = _v16 | 0xe9ddd8d7;
				_v16 = _v16 ^ 0xe9d00d5d;
				r9d = _v16;
				r8d = _v20;
				E00007FFA7FFA0AEE443C();
				if (0xffb5a != 0) goto 0xaedf207;
				if (0x8ff59 == 0x30ac9) goto 0xaedf207;
				goto 0xaedf060;
				_v16 = 0x8cd789;
				_v16 = _v16 + 0xb9ca;
				_v16 = (_v16 - (0x24924925 * _v16 >> 0x20) >> 1) + (0x24924925 * _v16 >> 0x20) >> 3;
				_v16 = _v16 ^ 0x00090ebd;
				_v20 = 0xbf0d3d;
				_v20 = _v20 >> 3;
				_v20 = _v20 ^ 0x001ff66b;
				r8d = _v20;
				_t126 =  *0xaee8230; // 0x0
				E00007FFA7FFA0AED89D0(_t119, _t126);
				return 0xffb5a;
			}

0x7ffa0aedf028
0x7ffa0aedf028
0x7ffa0aedf02d
0x7ffa0aedf043
0x7ffa0aedf047
0x7ffa0aedf04c
0x7ffa0aedf058
0x7ffa0aedf065
0x7ffa0aedf070
0x7ffa0aedf07b
0x7ffa0aedf082
0x7ffa0aedf089
0x7ffa0aedf096
0x7ffa0aedf0a1
0x7ffa0aedf0a3
0x7ffa0aedf0ad
0x7ffa0aedf0af
0x7ffa0aedf0bc
0x7ffa0aedf0d3
0x7ffa0aedf0dc
0x7ffa0aedf0e4
0x7ffa0aedf0ec
0x7ffa0aedf0f4
0x7ffa0aedf0f9
0x7ffa0aedf0fd
0x7ffa0aedf105
0x7ffa0aedf10a
0x7ffa0aedf112
0x7ffa0aedf11a
0x7ffa0aedf11f
0x7ffa0aedf127
0x7ffa0aedf13b
0x7ffa0aedf140
0x7ffa0aedf14c
0x7ffa0aedf151
0x7ffa0aedf15f
0x7ffa0aedf167
0x7ffa0aedf16f
0x7ffa0aedf177
0x7ffa0aedf17f
0x7ffa0aedf187
0x7ffa0aedf18c
0x7ffa0aedf191
0x7ffa0aedf19a
0x7ffa0aedf1a6
0x7ffa0aedf1a8
0x7ffa0aedf1ad
0x7ffa0aedf1ba
0x7ffa0aedf1d1
0x7ffa0aedf1d5
0x7ffa0aedf1dd
0x7ffa0aedf1e5
0x7ffa0aedf1ea
0x7ffa0aedf1f2
0x7ffa0aedf1f7
0x7ffa0aedf202
0x7ffa0aedf218

Strings

A}J, xrefs: 00007FFA0AEDF0AF
Hxv, xrefs: 00007FFA0AEDF0F4

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: A}J$Hxv
API String ID: 0-3585490082
Opcode ID: 69cddfaca5a8b69280e58ba446cc316f3e347de8cb847cec75ff7fe347c05967
Instruction ID: 3b74dc537a79426e4a7c501bd78c3fbe85cce0852b2d130d1cce7dd7fa143fe1
Opcode Fuzzy Hash: 69cddfaca5a8b69280e58ba446cc316f3e347de8cb847cec75ff7fe347c05967
Instruction Fuzzy Hash: 0C41933362D24187D798DB24F19502EBAA0FB81B94F14A078F68B87B68DB7CD8448F00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE4AE4 Relevance: 2.6, Strings: 2, Instructions: 100
COMMONCrypto

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AEE4AE4(void* __eflags, void* __rax, long long __rcx, void* __rdx, char _a16, signed int _a24, signed int _a32) {
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v72;
				long long _v80;
				long long _v88;
				signed int _v96;
				signed int _v104;
				void* __rbx;
				void* __rbp;
				char _t119;
				void* _t135;
				long long _t138;
				void* _t143;
				void* _t144;
				void* _t146;

				_t142 = __rdx;
				_t135 = __rax;
				_v40 = 0xd6f67;
				_v36 = 0xbe89f;
				_v32 = 0x347;
				_a16 = 0xa0d;
				_t138 = __rcx;
				_v28 = 0;
				_t6 = _t135 + 2; // 0x2
				r9d = _t6;
				_v48 = r9d;
				_v56 = 0x74d22b;
				_t143 = __rdx;
				_v56 = _v56 + 0x52a0;
				_v56 = _v56 ^ 0x513223b7;
				_v56 = _v56 + 0x9fa3;
				_v56 = _v56 ^ 0x5147d244;
				_v52 = 0xd982e4;
				_v52 = _v52 + 0xffffb783;
				_v52 = _v52 + 0x47be;
				_v52 = _v52 ^ 0x00ded769;
				_a32 = 0x337035;
				_a32 = (_a32 - (0x24924925 * _a32 >> 0x20) >> 1) + (0x24924925 * _a32 >> 0x20) >> 6;
				_a32 = _a32 >> 0xb;
				_a32 = _a32 >> 0xd;
				_a32 = _a32 ^ 0x00029386;
				_a24 = 0x7c53dd;
				_a24 = _a24 + 0xffffde32;
				_a24 = _a24 + 0xffff7e4e;
				_a24 = _a24 | 0xa1a8827f;
				_a24 = _a24 ^ 0xa1f43899;
				_v72 = _a24;
				_v80 =  &_v48;
				_v88 = __rcx;
				_v96 = _a32;
				r8d = _v56;
				_v104 = _v52;
				_t119 = E00007FFA7FFA0AED4D38(__eflags,  &_v48, __rcx,  &_a16, __rdx, _t144, _t146);
				_a32 = 0x178103;
				_a32 = _a32 ^ 0xf99dda35;
				_a32 = _a32 + 0x5ab0;
				_a32 = _a32 ^ 0xf98f2854;
				_a24 = 0xd483dd;
				_a24 = _a24 | 0x68833619;
				_a24 = _a24 >> 3;
				_a24 = _a24 | 0x29ebf7c4;
				_a24 = _a24 ^ 0x2df7601e;
				E00007FFA7FFA0AED5C2C();
				_v48 = _t119;
				_v56 = 0x3574c7;
				_v56 = _v56 << 0xf;
				_v56 = _v56 ^ 0xba677b96;
				_v52 = 0x5fcc41;
				_v52 = _v52 << 7;
				_v52 = _v52 ^ 0x2fe0e912;
				_a32 = 0x9d43df;
				_a32 = _a32 >> 5;
				_a32 = _a32 ^ 0x000b68ac;
				_a24 = 0x85f737;
				_a24 = _a24 | 0x1a33007c;
				_a24 = _a24 << 3;
				_a24 = _a24 * 0x7d;
				_a24 = _a24 ^ 0x5e9bc43d;
				_v72 = _a24;
				_v80 =  &_v48;
				_v88 = _t138;
				_v96 = _a32;
				r8d = _v56;
				r9d = _v48;
				_v104 = _v52;
				return E00007FFA7FFA0AED4D38(_a24,  &_v48, _t138,  *((intOrPtr*)(_t143 + 0x80)), _t142, _t144, _t146);
			}

0x7ffa0aee4ae4
0x7ffa0aee4ae4
0x7ffa0aee4aef
0x7ffa0aee4af6
0x7ffa0aee4afd
0x7ffa0aee4b04
0x7ffa0aee4b0c
0x7ffa0aee4b0f
0x7ffa0aee4b12
0x7ffa0aee4b12
0x7ffa0aee4b1b
0x7ffa0aee4b1f
0x7ffa0aee4b26
0x7ffa0aee4b29
0x7ffa0aee4b30
0x7ffa0aee4b37
0x7ffa0aee4b3e
0x7ffa0aee4b45
0x7ffa0aee4b4c
0x7ffa0aee4b53
0x7ffa0aee4b5a
0x7ffa0aee4b61
0x7ffa0aee4b76
0x7ffa0aee4b7d
0x7ffa0aee4b81
0x7ffa0aee4b85
0x7ffa0aee4b8c
0x7ffa0aee4b93
0x7ffa0aee4b9a
0x7ffa0aee4ba1
0x7ffa0aee4ba8
0x7ffa0aee4bb2
0x7ffa0aee4bba
0x7ffa0aee4bc2
0x7ffa0aee4bc7
0x7ffa0aee4bce
0x7ffa0aee4bd2
0x7ffa0aee4bd6
0x7ffa0aee4bdb
0x7ffa0aee4be2
0x7ffa0aee4be9
0x7ffa0aee4bf0
0x7ffa0aee4bf7
0x7ffa0aee4bfe
0x7ffa0aee4c05
0x7ffa0aee4c09
0x7ffa0aee4c10
0x7ffa0aee4c24
0x7ffa0aee4c29
0x7ffa0aee4c2c
0x7ffa0aee4c33
0x7ffa0aee4c37
0x7ffa0aee4c3e
0x7ffa0aee4c45
0x7ffa0aee4c49
0x7ffa0aee4c50
0x7ffa0aee4c57
0x7ffa0aee4c5b
0x7ffa0aee4c62
0x7ffa0aee4c69
0x7ffa0aee4c70
0x7ffa0aee4c78
0x7ffa0aee4c7b
0x7ffa0aee4c85
0x7ffa0aee4c8d
0x7ffa0aee4c95
0x7ffa0aee4c9a
0x7ffa0aee4ca1
0x7ffa0aee4cac
0x7ffa0aee4cb0
0x7ffa0aee4cc0

Strings

5p3, xrefs: 00007FFA0AEE4B61
go, xrefs: 00007FFA0AEE4AEF

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: 5p3$go
API String ID: 0-1955099653
Opcode ID: 795c7b457bc35a663b37d42eae0bbdb90460155c7285e06ee7450ed23983df8a
Instruction ID: 70d4cf93e93905c153c37d616862013274a92fd357df9531c9a4ad58fdf36447
Opcode Fuzzy Hash: 795c7b457bc35a663b37d42eae0bbdb90460155c7285e06ee7450ed23983df8a
Instruction Fuzzy Hash: 4951F2B3A207608FD388CFB0D88949D7BB0F30479CB106619FB5796A18D7789585CF84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE5A40 Relevance: 2.6, Strings: 2, Instructions: 53
COMMONCrypto

Download Yara Rule

C-Code - Quality: 47%

			E00007FFA7FFA0AEE5A40(void* __ebx, long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __r8, void* __r9) {
				signed int _t250;
				signed int _t285;
				intOrPtr _t320;
				intOrPtr* _t327;
				intOrPtr _t336;
				intOrPtr* _t337;
				void* _t341;
				void* _t343;
				void* _t344;
				void* _t346;
				void* _t347;
				intOrPtr _t348;
				void* _t349;

				_t352 = __r9;
				_t351 = __r8;
				_t347 = _t346 - 0x38;
				 *(_t347 + 0x40) = 0x94967;
				 *(_t347 + 0x58) = 0x879a11;
				 *(_t347 + 0x58) =  *(_t347 + 0x58) | 0x7b811668;
				 *(_t347 + 0x58) =  *(_t347 + 0x58) ^ 0x7b8ab6c0;
				 *(_t347 + 0x40) = 0xd4202e;
				 *(_t347 + 0x40) =  *(_t347 + 0x40) << 0x10;
				 *(_t347 + 0x40) =  *(_t347 + 0x40) << 0xd;
				 *(_t347 + 0x40) = ( *(_t347 + 0x40) - (0x4104105 *  *(_t347 + 0x40) >> 0x20) >> 1) + (0x4104105 *  *(_t347 + 0x40) >> 0x20) >> 5;
				 *(_t347 + 0x40) =  *(_t347 + 0x40) ^ 0x030f5c06;
				 *(_t347 + 0x50) = 0x9af2d0;
				 *(_t347 + 0x50) =  *(_t347 + 0x50) * 0x68;
				 *(_t347 + 0x50) =  *(_t347 + 0x50) ^ 0x3efc2c73;
				 *(_t347 + 0x48) = 0x49aa56;
				 *(_t347 + 0x48) =  *(_t347 + 0x48) >> 0xa;
				 *(_t347 + 0x48) =  *(_t347 + 0x48) ^ 0x000f6336;
				r9d =  *(_t347 + 0x50);
				r8d =  *(_t347 + 0x40);
				 *(_t347 + 0x20) =  *(_t347 + 0x48);
				E00007FFA7FFA0AEDCC90();
				 *(_t347 + 0x48) = 0x394edd;
				 *(_t347 + 0x48) =  *(_t347 + 0x48) ^ 0x7dc2b474;
				 *(_t347 + 0x48) =  *(_t347 + 0x48) ^ 0x2c2a736a;
				 *(_t347 + 0x48) =  *(_t347 + 0x48) ^ 0x51de24f7;
				 *(_t347 + 0x40) = 0x95fd08;
				_t285 =  *(_t347 + 0x40);
				_t300 = 0xaf286bcb * _t285 >> 0x20;
				_t250 = 0xaf286bcb * _t285;
				 *(_t347 + 0x40) = (_t285 - (0xaf286bcb * _t285 >> 0x20) >> 1) + (0xaf286bcb * _t285 >> 0x20) >> 5;
				 *(_t347 + 0x40) =  *(_t347 + 0x40) << 8;
				 *(_t347 + 0x40) =  *(_t347 + 0x40) ^ 0x03f67814;
				r8d =  *(_t347 + 0x40);
				_t336 =  *0xaee8210; // 0x0
				_t337 =  *((intOrPtr*)(_t336 + 0x28));
				_t348 = _t347 + 0x38;
				_t320 = _t348;
				 *((long long*)(_t320 + 8)) = __rbx;
				 *((long long*)(_t320 + 0x18)) = __rsi;
				 *((long long*)(_t320 + 0x20)) = __rdi;
				_t344 = _t320 - 0x5f;
				_t349 = _t348 - 0x90;
				_t341 = __r9;
				_t327 = _t337;
				E00007FFA7FFA0AEE3C78(_t250, __rcx, _t337, __r8, __r9);
				 *(_t344 + 0x6f) = 0xbfb7a;
				if (0xb7b0a == 0x15ad6) goto 0xaee5e14;
				if (0xb7b0a == 0x68952) goto 0xaee5d92;
				if (0xb7b0a == 0x6fc5d) goto 0xaee5ea1;
				if (0xb7b0a == 0xa0957) goto 0xaee5d10;
				if (0xb7b0a == 0xa638a) goto 0xaee5c8b;
				if (0xb7b0a == 0xb7b0a) goto 0xaee5c66;
				if (0xb7b0a == 0xd123a) goto 0xaee5bee;
				if (0xb7b0a != 0xf38b0) goto 0xaee5e95;
				 *((intOrPtr*)(_t327 + 8)) = E00007FFA7FFA0AEDCA5C(__r9);
				goto 0xaee5b88;
				 *(_t344 - 5) = 0x716ff8;
				 *(_t344 - 5) =  *(_t344 - 5) ^ 0x31828662;
				_t66 = _t344 - 5; // 0x2444c70000eedbe8
				 *(_t344 - 5) =  *_t66 * 0x2c;
				 *(_t344 - 5) =  *(_t344 - 5) ^ 0x95e23736;
				 *(_t344 + 0x6f) = 0x6bf994;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) >> 9;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) | 0x969ecf54;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) >> 1;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) ^ 0x4b4320a4;
				 *(_t344 - 9) = 0xb7bde0;
				 *(_t344 - 9) =  *(_t344 - 9) << 0x10;
				 *(_t344 - 9) =  *(_t344 - 9) + 0x29d2;
				 *(_t344 - 9) =  *(_t344 - 9) ^ 0xbde1b944;
				E00007FFA7FFA0AEDDE9C( *((intOrPtr*)(_t327 + 8)), _t300, _t320);
				 *_t327 = _t320;
				if (_t320 == 0) goto 0xaee5f05;
				goto 0xaee5b88;
				 *_t327 = __rdi;
				 *(_t344 + 0x6f) = 0xc7db31;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) << 2;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) ^ 0x031f6cc4;
				_t95 = _t344 + 0x6f; // 0x340246cc10060f8
				 *((intOrPtr*)(_t327 + 8)) =  *_t95;
				goto 0xaee5b88;
				 *(_t344 - 1) = 0xbe6f50;
				_t98 = _t344 + 7; // 0x7ffa0aed6c80
				 *(_t344 - 1) =  *(_t344 - 1) + 0x620d;
				 *((long long*)(_t349 + 0x28)) = _t98;
				 *(_t344 - 1) =  *(_t344 - 1) ^ 0x00bca27d;
				 *(_t344 + 0x6f) = 0x4a588c;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) + 0xe218;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) + 0xffffb023;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) ^ 0x004dffa1;
				 *(_t344 - 9) = 0xcc4524;
				 *(_t344 - 9) =  *(_t344 - 9) >> 2;
				 *(_t344 - 9) =  *(_t344 - 9) ^ 0x003f41ac;
				 *(_t344 - 5) = 0x92f40b;
				 *(_t344 - 5) =  *(_t344 - 5) + 0xdf98;
				 *(_t344 - 5) =  *(_t344 - 5) ^ 0x0090ddac;
				_t121 = _t344 - 5; // 0x2444c70000eedbe8
				_t122 = _t344 - 9; // 0xeedbe844244c8b
				r8d =  *_t122;
				r9d =  *(__r9 + 0x30);
				 *((intOrPtr*)(_t349 + 0x20)) =  *_t121;
				E00007FFA7FFA0AEDB108(_t343);
				goto 0xaee5b88;
				 *(_t344 - 9) = 0xf63865;
				_t128 = _t344 + 7; // 0x7ffa0aed6c80
				_t129 = _t341 + 0x20; // 0xc299f
				 *(_t344 - 9) =  *(_t344 - 9) + 0xffffbf04;
				 *((long long*)(_t349 + 0x20)) = _t128;
				 *(_t344 - 9) =  *(_t344 - 9) + 0xa1dc;
				 *(_t344 - 9) =  *(_t344 - 9) ^ 0x00f0c0c5;
				 *(_t344 + 0x6f) = 0xd66e5a;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) ^ 0x8f1a7ad2;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) | 0x7f534253;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) + 0xffff9732;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) ^ 0xffd9ee19;
				 *(_t344 - 5) = 0xdd911c;
				 *(_t344 - 5) =  *(_t344 - 5) | 0x6a7efac8;
				 *(_t344 - 5) =  *(_t344 - 5) + 0xffff7667;
				 *(_t344 - 5) =  *(_t344 - 5) ^ 0x6afc674e;
				_t153 = _t344 - 5; // 0x2444c70000eedbe8
				r9d =  *_t153;
				_t154 = _t344 + 0x6f; // 0x340246cc10060f8
				r8d =  *_t154;
				E00007FFA7FFA0AEE6588(_t320, _t128, _t327, _t129, _t337, __r8, __r9);
				goto 0xaee5b88;
				 *(_t344 - 9) = 0xb24801;
				_t157 = _t344 + 7; // 0x7ffa0aed6c80
				 *(_t344 - 9) =  *(_t344 - 9) << 0xc;
				 *((long long*)(_t349 + 0x28)) = _t157;
				 *(_t344 - 9) =  *(_t344 - 9) ^ 0x24882b4c;
				 *(_t344 - 5) = 0x4a5773;
				 *(_t344 - 5) =  *(_t344 - 5) ^ 0xcbd14c73;
				 *(_t344 - 5) =  *(_t344 - 5) ^ 0xcb91e759;
				 *(_t344 - 1) = 0x9fbb41;
				 *(_t344 - 1) =  *(_t344 - 1) + 0xffff3575;
				 *(_t344 - 1) =  *(_t344 - 1) ^ 0x009458e0;
				 *(_t344 + 0x6f) = 0xd92cc;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) ^ 0x432645a7;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) << 2;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) ^ 0x0ca7dc74;
				_t180 = _t344 + 0x6f; // 0x340246cc10060f8
				_t181 = _t344 - 1; // 0x97eb12442444c700
				r8d =  *_t181;
				r9d =  *(_t341 + 8);
				 *((intOrPtr*)(_t349 + 0x20)) =  *_t180;
				E00007FFA7FFA0AEDB108();
				goto 0xaee5b88;
				 *(_t344 + 0x6f) = 0x755fdc;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) ^ 0x831c5195;
				_t189 = _t344 + 0x6f; // 0x340246cc10060f8
				 *(_t344 + 0x6f) = ( *_t189 - (0xa6810a7 *  *_t189 >> 0x20) >> 1) + (0xa6810a7 *  *_t189 >> 0x20) >> 6;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) >> 0xa;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) ^ 0x000d1f49;
				 *(_t344 - 1) = 0xeb7511;
				_t200 = _t344 - 1; // 0x97eb12442444c700
				 *(_t344 - 1) =  *_t200 * 0x4b;
				_t202 = _t344 + 7; // 0x7ffa0aed6c80
				 *(_t344 - 1) =  *(_t344 - 1) ^ 0x44fdb190;
				 *(_t344 - 5) = 0xfbdbba;
				 *((long long*)(_t349 + 0x20)) = _t202;
				 *(_t344 - 5) =  *(_t344 - 5) + 0xffff5685;
				 *(_t344 - 5) =  *(_t344 - 5) + 0xffffeb3d;
				 *(_t344 - 5) =  *(_t344 - 5) ^ 0x00f32706;
				_t213 = _t344 - 5; // 0x2444c70000eedbe8
				r9d =  *_t213;
				_t214 = _t344 - 1; // 0x97eb12442444c700
				r8d =  *_t214;
				E00007FFA7FFA0AEDDBDC(_t202, _t327);
				if (0x68952 == 0xca1cf) goto 0xaee5f05;
				goto 0xaee5b88;
				 *(_t344 - 5) = 0x584a91;
				_t217 = _t344 + 7; // 0x7ffa0aed6c80
				_t218 = _t341 + 0x38; // 0xc29b7
				 *(_t344 - 5) =  *(_t344 - 5) + 0xfffffeb3;
				 *((long long*)(_t349 + 0x20)) = _t217;
				 *(_t344 - 5) =  *(_t344 - 5) ^ 0x0051b27a;
				 *(_t344 + 0x6f) = 0x14d75c;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) | 0xb277afe0;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) + 0xffffbd12;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) >> 9;
				 *(_t344 + 0x6f) =  *(_t344 + 0x6f) ^ 0x005cc36a;
				 *(_t344 - 1) = 0x3d8fac;
				 *(_t344 - 1) =  *(_t344 - 1) >> 0xd;
				 *(_t344 - 1) =  *(_t344 - 1) ^ 0x00060d84;
				_t238 = _t344 - 1; // 0x97eb12442444c700
				r9d =  *_t238;
				_t239 = _t344 + 0x6f; // 0x340246cc10060f8
				r8d =  *_t239;
				E00007FFA7FFA0AEE6588(0x68952 - 0xca1cf, _t217, _t327, _t218, _t337, _t351, _t352);
				dil =  *_t327 != __rdi;
				return 0;
			}

0x7ffa0aee5a40
0x7ffa0aee5a40
0x7ffa0aee5a40
0x7ffa0aee5a44
0x7ffa0aee5a4c
0x7ffa0aee5a59
0x7ffa0aee5a61
0x7ffa0aee5a69
0x7ffa0aee5a71
0x7ffa0aee5a76
0x7ffa0aee5a8a
0x7ffa0aee5a8e
0x7ffa0aee5a96
0x7ffa0aee5aa3
0x7ffa0aee5aa7
0x7ffa0aee5aaf
0x7ffa0aee5ab7
0x7ffa0aee5abc
0x7ffa0aee5ac8
0x7ffa0aee5acd
0x7ffa0aee5add
0x7ffa0aee5ae5
0x7ffa0aee5aea
0x7ffa0aee5af7
0x7ffa0aee5aff
0x7ffa0aee5b07
0x7ffa0aee5b0f
0x7ffa0aee5b17
0x7ffa0aee5b1b
0x7ffa0aee5b1b
0x7ffa0aee5b26
0x7ffa0aee5b2a
0x7ffa0aee5b2f
0x7ffa0aee5b37
0x7ffa0aee5b3c
0x7ffa0aee5b47
0x7ffa0aee5b4b
0x7ffa0aee5b54
0x7ffa0aee5b57
0x7ffa0aee5b5b
0x7ffa0aee5b5f
0x7ffa0aee5b64
0x7ffa0aee5b68
0x7ffa0aee5b6f
0x7ffa0aee5b72
0x7ffa0aee5b75
0x7ffa0aee5b7f
0x7ffa0aee5b8d
0x7ffa0aee5b98
0x7ffa0aee5ba3
0x7ffa0aee5bae
0x7ffa0aee5bb9
0x7ffa0aee5bc4
0x7ffa0aee5bcf
0x7ffa0aee5bd6
0x7ffa0aee5be4
0x7ffa0aee5bec
0x7ffa0aee5bee
0x7ffa0aee5bf5
0x7ffa0aee5bfc
0x7ffa0aee5c00
0x7ffa0aee5c03
0x7ffa0aee5c0a
0x7ffa0aee5c11
0x7ffa0aee5c15
0x7ffa0aee5c1c
0x7ffa0aee5c1f
0x7ffa0aee5c26
0x7ffa0aee5c2d
0x7ffa0aee5c31
0x7ffa0aee5c38
0x7ffa0aee5c4b
0x7ffa0aee5c50
0x7ffa0aee5c56
0x7ffa0aee5c61
0x7ffa0aee5c66
0x7ffa0aee5c69
0x7ffa0aee5c70
0x7ffa0aee5c74
0x7ffa0aee5c7b
0x7ffa0aee5c7e
0x7ffa0aee5c86
0x7ffa0aee5c8b
0x7ffa0aee5c92
0x7ffa0aee5c96
0x7ffa0aee5c9d
0x7ffa0aee5ca2
0x7ffa0aee5ca9
0x7ffa0aee5cb0
0x7ffa0aee5cb7
0x7ffa0aee5cbe
0x7ffa0aee5cc5
0x7ffa0aee5ccc
0x7ffa0aee5cd0
0x7ffa0aee5cd7
0x7ffa0aee5cde
0x7ffa0aee5ce5
0x7ffa0aee5cec
0x7ffa0aee5cef
0x7ffa0aee5cef
0x7ffa0aee5cf9
0x7ffa0aee5cfd
0x7ffa0aee5d01
0x7ffa0aee5d0b
0x7ffa0aee5d10
0x7ffa0aee5d17
0x7ffa0aee5d1b
0x7ffa0aee5d1f
0x7ffa0aee5d26
0x7ffa0aee5d2b
0x7ffa0aee5d32
0x7ffa0aee5d39
0x7ffa0aee5d40
0x7ffa0aee5d47
0x7ffa0aee5d4e
0x7ffa0aee5d55
0x7ffa0aee5d5c
0x7ffa0aee5d63
0x7ffa0aee5d6a
0x7ffa0aee5d71
0x7ffa0aee5d78
0x7ffa0aee5d78
0x7ffa0aee5d7c
0x7ffa0aee5d7c
0x7ffa0aee5d83
0x7ffa0aee5d8d
0x7ffa0aee5d92
0x7ffa0aee5d99
0x7ffa0aee5d9d
0x7ffa0aee5da1
0x7ffa0aee5da6
0x7ffa0aee5dad
0x7ffa0aee5db4
0x7ffa0aee5dbb
0x7ffa0aee5dc2
0x7ffa0aee5dc9
0x7ffa0aee5dd0
0x7ffa0aee5dd7
0x7ffa0aee5dde
0x7ffa0aee5de5
0x7ffa0aee5de9
0x7ffa0aee5df0
0x7ffa0aee5df3
0x7ffa0aee5df3
0x7ffa0aee5dfd
0x7ffa0aee5e01
0x7ffa0aee5e05
0x7ffa0aee5e0f
0x7ffa0aee5e14
0x7ffa0aee5e20
0x7ffa0aee5e27
0x7ffa0aee5e35
0x7ffa0aee5e3b
0x7ffa0aee5e3f
0x7ffa0aee5e46
0x7ffa0aee5e4d
0x7ffa0aee5e51
0x7ffa0aee5e54
0x7ffa0aee5e58
0x7ffa0aee5e5f
0x7ffa0aee5e66
0x7ffa0aee5e6b
0x7ffa0aee5e72
0x7ffa0aee5e79
0x7ffa0aee5e80
0x7ffa0aee5e80
0x7ffa0aee5e84
0x7ffa0aee5e84
0x7ffa0aee5e8b
0x7ffa0aee5e9a
0x7ffa0aee5e9c
0x7ffa0aee5ea1
0x7ffa0aee5ea8
0x7ffa0aee5eac
0x7ffa0aee5eb0
0x7ffa0aee5eb7
0x7ffa0aee5ebc
0x7ffa0aee5ec3
0x7ffa0aee5eca
0x7ffa0aee5ed1
0x7ffa0aee5ed8
0x7ffa0aee5edc
0x7ffa0aee5ee3
0x7ffa0aee5eea
0x7ffa0aee5eee
0x7ffa0aee5ef5
0x7ffa0aee5ef5
0x7ffa0aee5ef9
0x7ffa0aee5ef9
0x7ffa0aee5f00
0x7ffa0aee5f18
0x7ffa0aee5f26

Strings

js*,, xrefs: 00007FFA0AEE5AFF
gI, xrefs: 00007FFA0AEE5A44

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: gI$js*,
API String ID: 0-575602632
Opcode ID: 9831b90da6fd786854e0ee8c02f31e7a1e96600a772a7ff548ea33045338988a
Instruction ID: d211e1a410e40fdaaa47a9527a1fa7b011eaf3aa55a45f5f4d9654f2f83d3e02
Opcode Fuzzy Hash: 9831b90da6fd786854e0ee8c02f31e7a1e96600a772a7ff548ea33045338988a
Instruction Fuzzy Hash: BE21A3765086808BC728DF29E49541FBB71F386798B604218EB865BB68D7BED854CF04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588D7CC Relevance: 1.7, APIs: 1, Instructions: 247
COMMONCrypto

Download Yara Rule

C-Code - Quality: 27%

			E00007FF77FF7A588D7CC(void* __rcx, long long __rdx, void* __r8, intOrPtr* __r9) {
				signed int _v80;
				long long _v88;
				long long _v96;
				char _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				long long _v144;
				intOrPtr _v148;
				intOrPtr _v151;
				char _v152;
				void* __rbx;
				void* __rsi;
				void* __rbp;
				void* _t35;
				signed long long _t54;
				long long _t57;
				long long _t64;
				long long _t81;
				intOrPtr* _t82;
				void* _t87;
				long long _t96;
				intOrPtr _t97;

				_t54 =  *0xa58fb008; // 0x485f0d1bb70c
				_v80 = _t54 ^ _t87 - 0x00000078;
				_v136 = __rdx;
				_t85 = __rcx;
				_t3 = _t81 + 1; // 0x1
				r15d = _t3;
				if ( *__r9 == dil) goto 0xa588d823;
				_t57 =  !=  ? __r8 : __r8 + 1;
				_t64 = _t57;
				if ( *((intOrPtr*)(__r9 + _t96)) != 0) goto 0xa588d80c;
				_v112 = _t81;
				_v96 = _t81;
				_v88 = 0xf;
				_v112 = dil;
				if (_t64 - 0xf > 0) goto 0xa588d856;
				_v96 = _t64;
				E00007FF77FF7A58B68A0();
				 *((intOrPtr*)(_t87 + _t64 - 0x30)) = dil;
				goto 0xa588d866;
				r9d = 0;
				r8b = _v151;
				E00007FF77FF7A588DB08(_t35, _t64,  &_v112, _t64, __rcx, _t87, __r9);
				E00007FF77FF7A58920CC(r15b, _t64, _t85, _t87);
				_t82 = _t57;
				_v120 = _t57;
				E00007FF77FF7A5888C10(_t64,  &_v128, _t87);
				_v128 = _t57;
				if (_t82 == 0) goto 0xa588d8b1;
				 *0xa58e2390();
				if ( *((intOrPtr*)( *_t82 + 0x10)) == 0) goto 0xa588d8b1;
				 *0xa58e2390();
				_v152 = 0;
				r14d = 0;
				r12d = 0;
				_v148 = 0xfffffffe;
				_v144 = _t96;
				_t97 = _v88;
				if (_t64 != 0) goto 0xa588d937;
				if (_t97 - 0x10 < 0) goto 0xa588d90e;
				_t23 = _t97 + 1; // 0x10
				if (_t23 - 0x1000 < 0) goto 0xa588d906;
				if (_v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa588db02;
				E00007FF77FF7A588AAF0(_v112 -  *((intOrPtr*)(_v112 - 8)) + 0xfffffff8, _t64, __r9);
				return E00007FF77FF7A588AAD0(_v148, 0, _v80 ^ _t87 - 0x00000078);
			}

0x7ff7a588d7e0
0x7ff7a588d7ea
0x7ff7a588d7f4
0x7ff7a588d7f8
0x7ff7a588d7fd
0x7ff7a588d7fd
0x7ff7a588d804
0x7ff7a588d813
0x7ff7a588d817
0x7ff7a588d821
0x7ff7a588d823
0x7ff7a588d827
0x7ff7a588d82b
0x7ff7a588d833
0x7ff7a588d83f
0x7ff7a588d841
0x7ff7a588d84a
0x7ff7a588d84f
0x7ff7a588d854
0x7ff7a588d856
0x7ff7a588d859
0x7ff7a588d860
0x7ff7a588d869
0x7ff7a588d86e
0x7ff7a588d871
0x7ff7a588d879
0x7ff7a588d87e
0x7ff7a588d885
0x7ff7a588d891
0x7ff7a588d89d
0x7ff7a588d8ab
0x7ff7a588d8b3
0x7ff7a588d8b6
0x7ff7a588d8b9
0x7ff7a588d8bc
0x7ff7a588d8c6
0x7ff7a588d8ca
0x7ff7a588d8d5
0x7ff7a588d8db
0x7ff7a588d8dd
0x7ff7a588d8eb
0x7ff7a588d900
0x7ff7a588d909
0x7ff7a588d92d

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A588DB02

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 2f266b44ec2159352020d06fcb6f0a6ce89a1654ce7f3d27a8cd7aa5696738af
Instruction ID: fcc8873272eb4721ecd118e187c77d0c6f227a35b82fe9e42f793a306f2253b8
Opcode Fuzzy Hash: 2f266b44ec2159352020d06fcb6f0a6ce89a1654ce7f3d27a8cd7aa5696738af
Instruction Fuzzy Hash: A4A1C622B0B68189FB109B6594502BC7BF2EB06FD5F9A40B5DE9E177A9CE2CD451C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D5BE4 Relevance: 1.6, APIs: 1, Instructions: 61
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 47%

			E00007FF77FF7A58D5BE4(void* __ecx, void* __edx, void* __rax, long long __rbx, signed int* __rcx, void* __rdx, signed int __r8, void* __r9, long long _a8) {
				signed int _t35;
				signed char _t36;
				signed char _t37;
				signed int _t52;
				void* _t54;
				signed int* _t58;
				signed short** _t65;
				void* _t66;
				signed long long _t71;
				signed long long _t72;
				signed long long _t75;
				void* _t76;

				_t54 = __rax;
				_a8 = __rbx;
				_t58 = __rcx;
				E00007FF77FF7A58CDB1C(__rax, __rcx, __rcx, __rdx, _t66, __r9, _t76);
				_t71 = __r8 | 0xffffffff;
				_t2 = _t54 + 0x98; // 0x98
				_t65 = _t2;
				_t75 = _t71 + 1;
				if (( *_t65)[_t75] != 0) goto 0xa58d5c09;
				_t65[3] = 0 | _t75 == 0x00000003;
				_t72 = _t71 + 1;
				if (_t65[1][_t72] != 0) goto 0xa58d5c23;
				r8d = 2;
				_t65[3] = 0 | _t72 == 0x00000003;
				_t58[1] = 0;
				if (_t65[3] != 0) goto 0xa58d5c72;
				r10d = 0;
				r9d =  *( *_t65) & 0x0000ffff;
				_t16 = _t75 - 0x41; // 0x58
				if (_t16 - 0x19 <= 0) goto 0xa58d5c6a;
				r9w = r9w - 0x61;
				if (r9w - 0x19 > 0) goto 0xa58d5c6f;
				r10d =  &(r10d[0]);
				goto 0xa58d5c4d;
				r8d = r10d;
				_t65[2] = r8d;
				_t35 = EnumSystemLocalesW(??, ??);
				_t52 =  *_t58 & 0x00000007;
				asm("bt ecx, 0x9");
				_t36 = _t35 & 0xffffff00 | _t52 > 0x00000000;
				asm("bt ecx, 0x8");
				_t37 = _t36 & 0xffffff00 | _t52 > 0x00000000;
				if ((_t37 & (0 | _t52 != 0x00000000) & _t36) != 0) goto 0xa58d5ca6;
				 *_t58 = 0;
				return _t37;
			}

0x7ff7a58d5be4
0x7ff7a58d5be4
0x7ff7a58d5bee
0x7ff7a58d5bf1
0x7ff7a58d5bf6
0x7ff7a58d5bff
0x7ff7a58d5bff
0x7ff7a58d5c09
0x7ff7a58d5c11
0x7ff7a58d5c1c
0x7ff7a58d5c23
0x7ff7a58d5c2b
0x7ff7a58d5c33
0x7ff7a58d5c3c
0x7ff7a58d5c3f
0x7ff7a58d5c45
0x7ff7a58d5c4a
0x7ff7a58d5c4d
0x7ff7a58d5c54
0x7ff7a58d5c5c
0x7ff7a58d5c5e
0x7ff7a58d5c68
0x7ff7a58d5c6a
0x7ff7a58d5c6d
0x7ff7a58d5c6f
0x7ff7a58d5c72
0x7ff7a58d5c82
0x7ff7a58d5c8a
0x7ff7a58d5c90
0x7ff7a58d5c94
0x7ff7a58d5c99
0x7ff7a58d5c9d
0x7ff7a58d5ca2
0x7ff7a58d5ca4
0x7ff7a58d5cb0

APIs

Part of subcall function 00007FF7A58CDB1C: GetLastError.KERNEL32 ref: 00007FF7A58CDB2B
Part of subcall function 00007FF7A58CDB1C: FlsGetValue.KERNEL32 ref: 00007FF7A58CDB40
Part of subcall function 00007FF7A58CDB1C: SetLastError.KERNEL32 ref: 00007FF7A58CDBCB

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7A58D63CF,?,00000000,00000092,?,?,00000000,?,00007FF7A58C06ED), ref: 00007FF7A58D5C82

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: e63c91d6f04908589f60d4c7e60d45abae9e32542605d18ba6e8a09227b87bf2
Instruction ID: 7596c36454ad2d474268f56a10e3cb9ec35c768cc58a46fa03a1bf4b35cac2c2
Opcode Fuzzy Hash: e63c91d6f04908589f60d4c7e60d45abae9e32542605d18ba6e8a09227b87bf2
Instruction Fuzzy Hash: 1611D563E0A64986EB14AF15D0406A8B7E0EBA1FA0F854136C669433E0DA38D6E1C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D5CB4 Relevance: 1.5, APIs: 1, Instructions: 41
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 54%

			E00007FF77FF7A58D5CB4(void* __ecx, void* __edx, void* __rax, long long __rbx, signed char* __rcx, void* __rdx, signed int __r8, void* __r10, long long _a8) {
				int _t17;
				void* _t25;
				void* _t29;
				signed char* _t31;
				signed short* _t36;
				void* _t38;
				signed long long _t44;
				void* _t45;
				void* _t47;

				_t29 = __rax;
				_a8 = __rbx;
				_t31 = __rcx;
				E00007FF77FF7A58CDB1C(__rax, __rcx, __rcx, __rdx, _t38, _t45, __r10);
				_t47 = _t29;
				_t36 =  *((intOrPtr*)(_t29 + 0x98));
				_t44 = (__r8 | 0xffffffff) + 1;
				if (_t36[_t44] != 0) goto 0xa58d5cd6;
				_t25 = _t44 - 3;
				 *(_t47 + 0xb0) = 0 | _t25 == 0x00000000;
				if (_t25 == 0) goto 0xa58d5d1f;
				r9d = 0;
				r8d =  *_t36 & 0x0000ffff;
				if (_t44 - 0x41 - 0x19 <= 0) goto 0xa58d5d17;
				r8w = r8w - 0x61;
				if (r8w - 0x19 > 0) goto 0xa58d5d1c;
				r9d = r9d + 1;
				goto 0xa58d5cfa;
				 *((intOrPtr*)(_t47 + 0xac)) = r9d;
				_t17 = EnumSystemLocalesW(??, ??);
				if (( *_t31 & 0x00000004) != 0) goto 0xa58d5d3f;
				 *_t31 = 0;
				return _t17;
			}

0x7ff7a58d5cb4
0x7ff7a58d5cb4
0x7ff7a58d5cbe
0x7ff7a58d5cc1
0x7ff7a58d5cca
0x7ff7a58d5ccf
0x7ff7a58d5cd6
0x7ff7a58d5cde
0x7ff7a58d5ce2
0x7ff7a58d5cee
0x7ff7a58d5cf5
0x7ff7a58d5cf7
0x7ff7a58d5cfa
0x7ff7a58d5d09
0x7ff7a58d5d0b
0x7ff7a58d5d15
0x7ff7a58d5d17
0x7ff7a58d5d1a
0x7ff7a58d5d1f
0x7ff7a58d5d32
0x7ff7a58d5d3b
0x7ff7a58d5d3d
0x7ff7a58d5d49

APIs

Part of subcall function 00007FF7A58CDB1C: GetLastError.KERNEL32 ref: 00007FF7A58CDB2B
Part of subcall function 00007FF7A58CDB1C: FlsGetValue.KERNEL32 ref: 00007FF7A58CDB40
Part of subcall function 00007FF7A58CDB1C: SetLastError.KERNEL32 ref: 00007FF7A58CDBCB

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7A58D638B,?,00000000,00000092,?,?,00000000,?,00007FF7A58C06ED), ref: 00007FF7A58D5D32

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 06efeffac692214e1684a29fb1d222ac9e47d46d64441fe834d6e2ab7fbc7e6b
Instruction ID: ad6e7f3843aa7a97b5956d6348785c4a3b9e3ca6acdeeb7443c263d574e78c51
Opcode Fuzzy Hash: 06efeffac692214e1684a29fb1d222ac9e47d46d64441fe834d6e2ab7fbc7e6b
Instruction Fuzzy Hash: A501F973F0B28547E7106B15E440B79F2E1EF61F60F968272D629476E5CF6C94A18720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D26B4 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF7A58D2B07,?,?,?,?,?,?,?,?,00000000,00007FF7A58D5230), ref: 00007FF7A58D2703

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 5fc5592323a45a6914ce763115e74fdcb73fe0310b0decf6ab9b07272c9b323a
Instruction ID: 554517294561d18df6c6b7cfa01466ffe4e0391dd551d9b07eedbd8844eb7f46
Opcode Fuzzy Hash: 5fc5592323a45a6914ce763115e74fdcb73fe0310b0decf6ab9b07272c9b323a
Instruction Fuzzy Hash: 95F08C72B09B4583E700EB15F8905A9A361FB9AFC0F868035EA5E87375CF3CD9A58310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE1960 Relevance: 1.5, Strings: 1, Instructions: 275
COMMONCrypto

Download Yara Rule

C-Code - Quality: 29%

			E00007FFA7FFA0AEE1960(void* __ebx, void* __edx, signed int __rax, void* __r11) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t355;
				intOrPtr _t356;
				long long _t358;
				void* _t360;
				intOrPtr _t363;
				intOrPtr _t367;
				intOrPtr _t370;
				void* _t371;
				long long _t372;
				void* _t373;
				void* _t374;
				void* _t375;
				signed int _t380;
				long long _t384;

				_t355 = __rax;
				_t373 = _t374 - 0x1f;
				_t375 = _t374 - 0xa8;
				 *(_t373 + 0x67) = 0x4c4cc;
				_t380 =  *(_t373 + 0x67);
				if (0x8c519 == 0x4363d) goto 0xaee1d35;
				if (0x8c519 == 0x8a419) goto 0xaee1d21;
				if (0x8c519 == 0x8c519) goto 0xaee1d08;
				if (0x8c519 == 0xb6aa6) goto 0xaee1ce9;
				if (0x8c519 == 0xdc5d0) goto 0xaee1df9;
				if (0x8c519 == 0xee095) goto 0xaee1a52;
				if (0x8c519 != 0xfbde8) goto 0xaee1ded;
				 *(_t373 + 0x77) = 0xe51e09;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) + 0xfffff25f;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) | 0xfb2be829;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) ^ 0xfbed8a71;
				 *(_t373 + 0x6f) = 0x43c626;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) >> 8;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) >> 0xf;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) ^ 0x000bd21c;
				 *(_t373 + 0x67) = 0x7f5cda;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) << 0x10;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) + 0x6a0c;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) ^ 0x5cd6c221;
				E00007FFA7FFA0AEDDE9C(0x58, __edx, __rax);
				_t384 = __rax;
				if (__rax == 0) goto 0xaee1e3b;
				goto 0xaee198d;
				r14d =  *(_t380 + 1) & 0x000000ff;
				 *(_t373 + 0x77) = 0xa791b4;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) | 0x84703023;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) + 0x7522;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) ^ 0x84ff3043;
				 *(_t373 + 0x7f) = 0x826487;
				 *(_t373 + 0x7f) =  *(_t373 + 0x7f) ^ 0x757aa51e;
				 *(_t373 + 0x7f) =  *(_t373 + 0x7f) ^ 0x75fe07aa;
				 *(_t373 + 0x6f) = 0xebbc7;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) + 0xffffbf0d;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) | 0x9a198d94;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) ^ 0x9a17eb8b;
				 *(_t373 + 0x67) = 0xc98186;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) + 0xdb79;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) + 0x3ae0;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) ^ 0x00c326b4;
				r9d =  *(_t373 + 0x6f);
				r8d =  *(_t373 + 0x7f);
				 *(_t375 + 0x20) =  *(_t373 + 0x67);
				E00007FFA7FFA0AEDE090(__rax, _t358,  *((intOrPtr*)(_t373 - 1)), 0x7ffa0aed1364, _t373, __r11);
				 *(_t373 - 0x11) = 0x16fa96;
				r9d =  *(_t380 + 2) & 0x000000ff;
				 *(_t373 - 0x11) =  *(_t373 - 0x11) ^ 0x3ab36e4b;
				r8d = r14d;
				 *(_t373 - 0x11) =  *(_t373 - 0x11) ^ 0x3aa44cec;
				 *(_t373 - 0x15) = 0x28055f;
				 *(_t373 - 0x15) =  *(_t373 - 0x15) + 0xfffffb50;
				 *(_t373 - 0x15) =  *(_t373 - 0x15) ^ 0x00261078;
				 *(_t373 - 0x19) = 0x3d7455;
				 *(_t373 - 0x19) =  *(_t373 - 0x19) + 0xffff9922;
				 *(_t373 - 0x19) =  *(_t373 - 0x19) +  *(_t373 - 0x19);
				 *(_t373 - 0x19) =  *(_t373 - 0x19) ^ 0x007c04f4;
				 *(_t373 + 0x6f) = 0x227c0f;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) + 0x7a2b;
				 *(_t373 + 0x6f) = 0xc7ce0c7d *  *(_t373 + 0x6f) >> 0x20 >> 6;
				 *(_t373 + 0x6f) = 0xf0f0f0f1 *  *(_t373 + 0x6f) >> 0x20 >> 6;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) ^ 0x000552cc;
				 *(_t373 + 0x67) = 0x2907c;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) | 0xda6aa922;
				 *(_t373 + 0x67) = ( *(_t373 + 0x67) - (0x21fb7813 *  *(_t373 + 0x67) >> 0x20) >> 1) + (0x21fb7813 *  *(_t373 + 0x67) >> 0x20) >> 6;
				_t109 = _t384 + 0x18; // 0x4c4e4
				_t360 = _t109;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) ^ 0x94160cf9;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) ^ 0x95feca69;
				 *(_t373 + 0x7f) = 0xe63fba;
				 *(_t373 + 0x7f) =  *(_t373 + 0x7f) ^ 0xa4dccc10;
				 *(_t373 + 0x7f) =  *(_t373 + 0x7f) + 0xd8f9;
				 *(_t373 + 0x7f) =  *(_t373 + 0x7f) ^ 0xa4311077;
				 *(_t373 + 0x77) = 0x3573bc;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) + 0xffffac4b;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) * 0x44;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) ^ 0x0e1cf06b;
				 *(_t375 + 0x68) =  *(_t373 + 0x77);
				 *((long long*)(_t375 + 0x60)) = _t372;
				 *(_t375 + 0x58) =  *(_t373 + 0x7f);
				 *(_t375 + 0x50) =  *(_t373 + 0x67);
				 *((long long*)(_t375 + 0x48)) = _t358;
				 *(_t375 + 0x40) =  *(_t373 + 0x6f);
				 *(_t375 + 0x38) =  *(_t373 - 0x19);
				 *(_t375 + 0x30) =  *(_t373 - 0x15);
				 *(_t375 + 0x20) = _t355;
				E00007FFA7FFA0AEE5688();
				 *(_t373 + 0x6f) = 0x2734c8;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) ^ 0x7e5a9080;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) >> 3;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) << 0xa;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) ^ 0x3ed908a0;
				 *(_t373 + 0x77) = 0xe27188;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) << 0xf;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) + 0xffff322e;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) ^ 0x38c5ec6c;
				 *(_t373 + 0x7f) = 0x6253ae;
				 *(_t373 + 0x7f) =  *(_t373 + 0x7f) | 0x3d26b6ac;
				 *(_t373 + 0x7f) =  *(_t373 + 0x7f) ^ 0x3d609e08;
				 *(_t373 + 0x67) = 0xa194d0;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) * 0x44;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) + 0xffff5275;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) + 0xffff70bb;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) ^ 0x2ae9c909;
				r9d =  *(_t373 + 0x7f);
				 *(_t375 + 0x20) =  *(_t373 + 0x67);
				E00007FFA7FFA0AED4448( *(_t373 + 0x77), _t355, _t358, _t372, _t355);
				 *(_t384 + 8) = ( *(_t380 + 4) & 0x000000ff) << 0x00000008 |  *(_t380 + 5) & 0x000000ff;
				 *(_t384 + 0x50) = ( *(_t380 + 8 - 2) & 0x000000ff) << 0x00000008 |  *(_t380 + 8 - 1) & 0x000000ff;
				goto 0xaee198d;
				_t356 =  *0xaee8230; // 0x0
				 *((long long*)(0x7ffa0aed1364)) = _t384;
				_t185 = _t384 + 0x10; // 0x4c4dc
				 *((intOrPtr*)(_t356 + 0x18)) =  *((intOrPtr*)(_t356 + 0x18)) + 1;
				 *((long long*)(_t373 - 9)) = _t185;
				goto 0xaee1995;
				_t367 =  *0xaee8230; // 0x0
				 *((long long*)(_t373 - 9)) = _t367 + 0x50;
				goto 0xaee1995;
				asm("sbb eax, eax");
				goto 0xaee1995;
				 *(_t373 + 0x67) = 0xe8f124;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) * 0x5f;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) | 0x2c6ea761;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) << 0xe;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) ^ 0xffdd85c8;
				 *(_t373 + 0x77) = 0x137c90;
				 *(_t373 + 0x77) = 0x88888889 *  *(_t373 + 0x77) >> 0x20 >> 4;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) >> 2;
				 *(_t373 + 0x77) =  *(_t373 + 0x77) ^ 0x0000771b;
				 *(_t373 + 0x7f) = 0xea3b7;
				 *(_t373 + 0x7f) =  *(_t373 + 0x7f) + 0xb467;
				 *(_t373 + 0x7f) =  *(_t373 + 0x7f) ^ 0x000fc29e;
				 *(_t373 + 0x6f) = 0x9b46e9;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) + 0xffff0a8f;
				 *(_t373 + 0x6f) = 0x88888889 *  *(_t373 + 0x6f) >> 0x20 >> 3;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) ^ 0x00004d5a;
				r8d =  *(_t373 + 0x7f);
				 *(_t375 + 0x28) =  *(_t373 + 0x6f);
				 *(_t375 + 0x20) = 0xaee8000;
				E00007FFA7FFA0AEDB340(0xaee8000, _t358, _t360, _t371, _t372, _t373, _t373 - 0xd);
				 *((long long*)(_t373 + 7)) = 0xaee8000;
				 *((long long*)(_t373 - 1)) = _t360 + 0xaee8000;
				if (0xfbde8 == 0xb0a93) goto 0xaee1e3b;
				goto 0xaee1991;
				 *(_t373 + 0x6f) = 0x3cb258;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) << 4;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) + 0xd927;
				 *(_t373 + 0x6f) =  *(_t373 + 0x6f) ^ 0x03c936e0;
				 *(_t373 + 0x67) = 0x8ad495;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) + 0x16af;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) >> 0xe;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) ^ 0x00015519;
				r8d =  *(_t373 + 0x67);
				E00007FFA7FFA0AED89D0(0xaee8000,  *((intOrPtr*)(_t373 + 7)));
				_t370 =  *0xaee8230; // 0x0
				 *((long long*)(_t370 + 0x40)) =  *((intOrPtr*)(_t370 + 0x50));
				 *(_t373 + 0x67) = 0x651054;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) | 0xb4c9cf35;
				 *(_t373 + 0x67) =  *(_t373 + 0x67) ^ 0xb4eddf75;
				_t363 =  *0xaee8230; // 0x0
				 *(_t363 + 8) =  *(_t373 + 0x67);
				return 1;
			}

0x7ffa0aee1960
0x7ffa0aee196d
0x7ffa0aee1972
0x7ffa0aee1979
0x7ffa0aee1985
0x7ffa0aee199a
0x7ffa0aee19a5
0x7ffa0aee19b0
0x7ffa0aee19bb
0x7ffa0aee19c6
0x7ffa0aee19d1
0x7ffa0aee19d8
0x7ffa0aee19de
0x7ffa0aee19ea
0x7ffa0aee19f1
0x7ffa0aee19f8
0x7ffa0aee19ff
0x7ffa0aee1a06
0x7ffa0aee1a0a
0x7ffa0aee1a0e
0x7ffa0aee1a15
0x7ffa0aee1a1c
0x7ffa0aee1a20
0x7ffa0aee1a27
0x7ffa0aee1a37
0x7ffa0aee1a3c
0x7ffa0aee1a42
0x7ffa0aee1a4d
0x7ffa0aee1a57
0x7ffa0aee1a69
0x7ffa0aee1a77
0x7ffa0aee1a7e
0x7ffa0aee1a85
0x7ffa0aee1a8c
0x7ffa0aee1a93
0x7ffa0aee1a9a
0x7ffa0aee1aa1
0x7ffa0aee1aa8
0x7ffa0aee1aaf
0x7ffa0aee1ab6
0x7ffa0aee1abd
0x7ffa0aee1ac4
0x7ffa0aee1acb
0x7ffa0aee1ad2
0x7ffa0aee1adc
0x7ffa0aee1ae0
0x7ffa0aee1ae7
0x7ffa0aee1aeb
0x7ffa0aee1af0
0x7ffa0aee1af7
0x7ffa0aee1afa
0x7ffa0aee1b04
0x7ffa0aee1b07
0x7ffa0aee1b0e
0x7ffa0aee1b15
0x7ffa0aee1b1c
0x7ffa0aee1b23
0x7ffa0aee1b2a
0x7ffa0aee1b36
0x7ffa0aee1b3e
0x7ffa0aee1b45
0x7ffa0aee1b4c
0x7ffa0aee1b60
0x7ffa0aee1b70
0x7ffa0aee1b73
0x7ffa0aee1b7a
0x7ffa0aee1b81
0x7ffa0aee1b96
0x7ffa0aee1b99
0x7ffa0aee1b99
0x7ffa0aee1b9d
0x7ffa0aee1ba4
0x7ffa0aee1bab
0x7ffa0aee1bb2
0x7ffa0aee1bb9
0x7ffa0aee1bc0
0x7ffa0aee1bc7
0x7ffa0aee1bce
0x7ffa0aee1bd9
0x7ffa0aee1bdc
0x7ffa0aee1be6
0x7ffa0aee1bed
0x7ffa0aee1bf2
0x7ffa0aee1bf9
0x7ffa0aee1c00
0x7ffa0aee1c05
0x7ffa0aee1c0c
0x7ffa0aee1c16
0x7ffa0aee1c1a
0x7ffa0aee1c1f
0x7ffa0aee1c24
0x7ffa0aee1c2e
0x7ffa0aee1c35
0x7ffa0aee1c39
0x7ffa0aee1c3d
0x7ffa0aee1c44
0x7ffa0aee1c4b
0x7ffa0aee1c4f
0x7ffa0aee1c56
0x7ffa0aee1c5d
0x7ffa0aee1c64
0x7ffa0aee1c6b
0x7ffa0aee1c72
0x7ffa0aee1c7d
0x7ffa0aee1c80
0x7ffa0aee1c87
0x7ffa0aee1c8e
0x7ffa0aee1c98
0x7ffa0aee1ca2
0x7ffa0aee1ca6
0x7ffa0aee1cc7
0x7ffa0aee1cdf
0x7ffa0aee1ce4
0x7ffa0aee1ce9
0x7ffa0aee1cf0
0x7ffa0aee1cf3
0x7ffa0aee1cf7
0x7ffa0aee1cff
0x7ffa0aee1d03
0x7ffa0aee1d08
0x7ffa0aee1d18
0x7ffa0aee1d1c
0x7ffa0aee1d24
0x7ffa0aee1d30
0x7ffa0aee1d35
0x7ffa0aee1d44
0x7ffa0aee1d4c
0x7ffa0aee1d53
0x7ffa0aee1d57
0x7ffa0aee1d5e
0x7ffa0aee1d72
0x7ffa0aee1d75
0x7ffa0aee1d79
0x7ffa0aee1d80
0x7ffa0aee1d87
0x7ffa0aee1d8e
0x7ffa0aee1d95
0x7ffa0aee1d9c
0x7ffa0aee1dab
0x7ffa0aee1dae
0x7ffa0aee1db8
0x7ffa0aee1dc2
0x7ffa0aee1dcd
0x7ffa0aee1dd2
0x7ffa0aee1ddd
0x7ffa0aee1de4
0x7ffa0aee1df2
0x7ffa0aee1df4
0x7ffa0aee1dfd
0x7ffa0aee1e04
0x7ffa0aee1e08
0x7ffa0aee1e0f
0x7ffa0aee1e16
0x7ffa0aee1e1d
0x7ffa0aee1e24
0x7ffa0aee1e28
0x7ffa0aee1e2f
0x7ffa0aee1e36
0x7ffa0aee1e3b
0x7ffa0aee1e4b
0x7ffa0aee1e4f
0x7ffa0aee1e56
0x7ffa0aee1e5d
0x7ffa0aee1e67
0x7ffa0aee1e6e
0x7ffa0aee1e84

Strings

Ut=, xrefs: 00007FFA0AEE1B23

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: Ut=
API String ID: 0-2249049514
Opcode ID: a38c2064bf9ac3d8b790a78a24746095914af0956acd645327f9c30b78be73f6
Instruction ID: ec0cb4eefa03ee616c00a0a38b530ce022f8eca11457cec2b2cb46ee3e050fd2
Opcode Fuzzy Hash: a38c2064bf9ac3d8b790a78a24746095914af0956acd645327f9c30b78be73f6
Instruction Fuzzy Hash: EFE161B7A05740CFD358DF38E0994AD3BF5FB5534CB1041A9EA4E8AA68D778E818CB05

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58CE164 Relevance: 1.5, Strings: 1, Instructions: 260
COMMONCrypto

Download Yara Rule

C-Code - Quality: 46%

			E00007FF77FF7A58CE164(void* __rax, long long __rbx, unsigned int* __rcx, signed long long __rdx, long long __rsi, long long __rbp, void* __r8, void* __r9, long long __r11, long long _a8, long long _a16, long long _a24, char* _a40, signed int _a48, signed int _a56, intOrPtr _a64, intOrPtr _a72, long long _a80) {
				void* _v40;
				long long _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				signed int _v72;
				unsigned int* _v80;
				long long _v88;
				void* __rdi;
				intOrPtr _t82;
				void* _t83;
				void* _t85;
				unsigned int* _t119;
				signed int _t120;
				void* _t138;
				char* _t157;
				unsigned long long _t169;
				char* _t183;
				char* _t184;
				intOrPtr _t185;
				unsigned int* _t188;
				char* _t191;
				intOrPtr* _t196;
				intOrPtr* _t197;
				void* _t201;
				void* _t202;
				signed long long _t205;
				signed long long _t210;
				signed long long _t213;
				void* _t216;
				char* _t218;
				void* _t219;
				signed int* _t221;
				signed int* _t230;
				signed int* _t231;
				signed int* _t232;
				signed int* _t238;
				long long _t242;
				void* _t244;
				intOrPtr* _t245;
				unsigned int* _t246;

				_t242 = __r11;
				_t228 = __r8;
				_t223 = __rbp;
				_t217 = __rsi;
				_t205 = __rdx;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				r11d = 0;
				 *__rdx = r11b;
				_t119 =  >=  ? _a48 : r11d;
				_t183 = __rdx;
				_t246 = __rcx;
				_t5 = _t216 + 0xb; // 0xb
				if (__r8 - _t5 > 0) goto 0xa58ce1dc;
				_t188 = _a80;
				_t7 = _t242 + 0x22; // 0x22
				_v80 = _t188;
				r9d = 0;
				r8d = 0;
				_v88 = __r11;
				_t188[0xc] = 1;
				_t188[0xb] = _t7;
				E00007FF77FF7A58BE70C(__rax, __rdx, _t188, __rdx, __rsi, __rbp, __r8);
				goto 0xa58ce4fa;
				if (( *_t188 >> 0x00000034 & _t205) != _t205) goto 0xa58ce27b;
				_t235 = __r9;
				_v48 = _a80;
				_v56 = _a72;
				_v64 = _a64;
				_t157 = _a40;
				_v72 = r11b;
				_v80 = _t119;
				_v88 = _t157;
				if (E00007FF77FF7A58CE518(_t183, _t246, _t183, _t216, _t217, _t228, __r9) == 0) goto 0xa58ce24a;
				 *_t183 = 0;
				goto 0xa58ce4fa;
				_t191 = _t183;
				E00007FF77FF7A58DFC0C(_t76, _t7, 0x65, _t157, _t183, _t191, _t235);
				if (_t157 == 0) goto 0xa58ce4f8;
				 *_t157 = ((_a56 ^ 0x00000001) << 5) + 0x50;
				 *((char*)(_t157 + 3)) = 0;
				goto 0xa58ce4f8;
				if (_t191 >= 0) goto 0xa58ce28d;
				 *_t183 = 0x2d;
				_t184 = _t183 + 1;
				_t245 = _t184 + 1;
				r12d = 0x3ff;
				r15d = (_a56 ^ 0x00000001) & 0x000000ff;
				r8d = 0x30;
				_a48 = r15d;
				if ((0x00000000 &  *_t246) != 0) goto 0xa58ce2ec;
				 *_t184 = r8b;
				asm("dec ebp");
				r12d = r12d & 0x000003fe;
				goto 0xa58ce2ef;
				 *_t184 = 0x31;
				_t218 = _t245 + 1;
				if (_t119 != 0) goto 0xa58ce2fc;
				goto 0xa58ce333;
				_t185 = _a80;
				if ( *((intOrPtr*)(_t185 + 0x28)) != r11b) goto 0xa58ce323;
				0xa58bb7e0();
				r11d = 0;
				_t32 = _t242 + 0x30; // 0x30
				r8d = _t32;
				_t82 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x18)) + 0xf8))))));
				 *_t245 = _t82;
				if (( *_t246 & 0xffffffff) <= 0) goto 0xa58ce3d7;
				if (_t119 <= 0) goto 0xa58ce381;
				_t83 = _t82 + r8w;
				_t138 = _t83 - 0x39;
				if (_t138 <= 0) goto 0xa58ce36e;
				 *_t218 = _t83 + (r15d << 5) + 7;
				_t120 = _t119 - 1;
				_t219 = _t218 + 1;
				if (_t138 >= 0) goto 0xa58ce34e;
				goto 0xa58ce3cf;
				r9d = _a72;
				r8d = r8w & 0xffff;
				_t85 = E00007FF77FF7A58CEB7C(_t83 + (r15d << 5) + 7, _t7, _t185, _t246, 0 >> 4, _t216, _t219, _t223);
				r11d = 0;
				if (_t85 == 0) goto 0xa58ce3cf;
				_t196 = _t219 - 1;
				if (0x47 != 0) goto 0xa58ce3b4;
				 *_t196 = 0x30;
				_t197 = _t196 - 1;
				goto 0xa58ce3a3;
				if (_t197 == _t245) goto 0xa58ce3cc;
				if ( *_t196 != 0x39) goto 0xa58ce3c4;
				bpl = bpl + 0x3a;
				goto 0xa58ce3c7;
				 *_t197 = bpl;
				goto 0xa58ce3cf;
				 *((char*)(_t197 - 1)) =  *((char*)(_t197 - 1)) + 1;
				r15d = _a48;
				if (_t120 <= 0) goto 0xa58ce3f8;
				r8d = _t120;
				E00007FF77FF7A58B68A0();
				r11d = 0;
				goto 0xa58ce3fd;
				_t221 =  ==  ? _t245 : _t219 + _t185;
				r15b = r15b << 5;
				r15b = r15b + 0x50;
				 *_t221 = r15b;
				_t238 =  &(_t221[0]);
				_t169 =  *_t246 >> 0x34;
				if ( *_t245 - r11b >= 0) goto 0xa58ce430;
				_t201 = _t244 - _t169;
				_t47 = _t169 + 2; // 0x2d
				_t89 =  <  ? _t47 : 0x2b;
				_t221[0] =  <  ? _t47 : 0x2b;
				 *_t238 = dil;
				if (_t201 - 0x3e8 < 0) goto 0xa58ce484;
				_t230 =  &(_t238[0]);
				_t210 = (_t219 - _t244 >> 7) + (_t219 - _t244 >> 7 >> 0x3f);
				 *_t238 = _t216 + _t210;
				_t202 = _t201 + _t210 * 0xfffffc18;
				if (_t230 != _t238) goto 0xa58ce48a;
				if (_t202 - 0x64 < 0) goto 0xa58ce4bd;
				_t213 = (_t210 + _t202 >> 6) + (_t210 + _t202 >> 6 >> 0x3f);
				 *_t230 = _t216 + _t213;
				_t231 =  &(_t230[0]);
				if (_t231 != _t238) goto 0xa58ce4c3;
				if (_t202 + _t213 * 0xffffff9c - 0xa < 0) goto 0xa58ce4ee;
				 *_t231 = _t216 + (_t213 >> 2) + (_t213 >> 2 >> 0x3f);
				_t232 =  &(_t231[0]);
				 *_t232 = 0x367 + dil;
				_t232[0] = r11b;
				return 0;
			}

0x7ff7a58ce164
0x7ff7a58ce164
0x7ff7a58ce164
0x7ff7a58ce164
0x7ff7a58ce164
0x7ff7a58ce164
0x7ff7a58ce169
0x7ff7a58ce16e
0x7ff7a58ce187
0x7ff7a58ce18c
0x7ff7a58ce195
0x7ff7a58ce198
0x7ff7a58ce19b
0x7ff7a58ce19e
0x7ff7a58ce1a7
0x7ff7a58ce1a9
0x7ff7a58ce1b1
0x7ff7a58ce1b5
0x7ff7a58ce1ba
0x7ff7a58ce1bd
0x7ff7a58ce1c0
0x7ff7a58ce1c7
0x7ff7a58ce1cb
0x7ff7a58ce1d0
0x7ff7a58ce1d7
0x7ff7a58ce1f1
0x7ff7a58ce1ff
0x7ff7a58ce202
0x7ff7a58ce214
0x7ff7a58ce21f
0x7ff7a58ce223
0x7ff7a58ce22b
0x7ff7a58ce230
0x7ff7a58ce234
0x7ff7a58ce240
0x7ff7a58ce242
0x7ff7a58ce245
0x7ff7a58ce24f
0x7ff7a58ce252
0x7ff7a58ce25a
0x7ff7a58ce270
0x7ff7a58ce272
0x7ff7a58ce276
0x7ff7a58ce283
0x7ff7a58ce285
0x7ff7a58ce287
0x7ff7a58ce294
0x7ff7a58ce29a
0x7ff7a58ce2a0
0x7ff7a58ce2a4
0x7ff7a58ce2ad
0x7ff7a58ce2d2
0x7ff7a58ce2d4
0x7ff7a58ce2e0
0x7ff7a58ce2e3
0x7ff7a58ce2ea
0x7ff7a58ce2ec
0x7ff7a58ce2ef
0x7ff7a58ce2f5
0x7ff7a58ce2fa
0x7ff7a58ce2fc
0x7ff7a58ce308
0x7ff7a58ce30d
0x7ff7a58ce312
0x7ff7a58ce31f
0x7ff7a58ce31f
0x7ff7a58ce331
0x7ff7a58ce333
0x7ff7a58ce33a
0x7ff7a58ce353
0x7ff7a58ce361
0x7ff7a58ce365
0x7ff7a58ce369
0x7ff7a58ce36e
0x7ff7a58ce370
0x7ff7a58ce372
0x7ff7a58ce37d
0x7ff7a58ce37f
0x7ff7a58ce381
0x7ff7a58ce389
0x7ff7a58ce393
0x7ff7a58ce398
0x7ff7a58ce39d
0x7ff7a58ce39f
0x7ff7a58ce3aa
0x7ff7a58ce3ac
0x7ff7a58ce3af
0x7ff7a58ce3b2
0x7ff7a58ce3b7
0x7ff7a58ce3bc
0x7ff7a58ce3be
0x7ff7a58ce3c2
0x7ff7a58ce3c7
0x7ff7a58ce3ca
0x7ff7a58ce3cc
0x7ff7a58ce3cf
0x7ff7a58ce3d9
0x7ff7a58ce3db
0x7ff7a58ce3eb
0x7ff7a58ce3f3
0x7ff7a58ce3f6
0x7ff7a58ce401
0x7ff7a58ce405
0x7ff7a58ce409
0x7ff7a58ce40d
0x7ff7a58ce410
0x7ff7a58ce417
0x7ff7a58ce428
0x7ff7a58ce42d
0x7ff7a58ce43b
0x7ff7a58ce43e
0x7ff7a58ce441
0x7ff7a58ce444
0x7ff7a58ce44e
0x7ff7a58ce45a
0x7ff7a58ce46c
0x7ff7a58ce472
0x7ff7a58ce47c
0x7ff7a58ce482
0x7ff7a58ce488
0x7ff7a58ce4a5
0x7ff7a58ce4ab
0x7ff7a58ce4ae
0x7ff7a58ce4bb
0x7ff7a58ce4c1
0x7ff7a58ce4e1
0x7ff7a58ce4e4
0x7ff7a58ce4f1
0x7ff7a58ce4f4
0x7ff7a58ce517

Strings

gfffffff, xrefs: 00007FF7A58CE4C3

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: 9fda8642d977ea989157d7d89c5470a11d353acc75fddbb52340485c1127e0ee
Instruction ID: e867660969cd95240bb3588d3b9a306842b3e957bc0309a953181327790daa65
Opcode Fuzzy Hash: 9fda8642d977ea989157d7d89c5470a11d353acc75fddbb52340485c1127e0ee
Instruction Fuzzy Hash: 3AA18962B0B7C686EB22DF2990007AEB791EB52F84F468171DE8D477A5DA3CE411C311

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58BCDD0 Relevance: 1.5, Strings: 1, Instructions: 250
COMMONCrypto

Download Yara Rule

C-Code - Quality: 31%

			E00007FF77FF7A58BCDD0(signed int __esi, long long __rbx, void* __rcx, signed int __rbp, void* __r8, long long _a16, long long _a24) {
				long long _v32;
				long long _v40;
				void* __rdi;
				void* __rsi;
				signed int _t115;
				signed int _t122;
				signed int _t135;
				signed int _t137;
				void* _t140;
				signed int _t142;
				signed int _t151;
				void* _t164;
				intOrPtr _t174;
				intOrPtr* _t176;
				intOrPtr* _t187;
				intOrPtr* _t192;
				void* _t195;
				void* _t197;
				intOrPtr _t205;
				intOrPtr _t207;
				void* _t209;
				void* _t213;
				void* _t215;
				signed int _t216;
				void* _t221;

				_t221 = __r8;
				_t216 = __rbp;
				_t197 = __rcx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t174 =  *((intOrPtr*)(__rcx + 8));
				_t142 = __esi | 0xffffffff;
				_t195 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x460)) != __rbp) goto 0xa58bce07;
				 *((char*)(_t174 + 0x30)) = 1;
				 *((intOrPtr*)(_t174 + 0x2c)) = 0x16;
				goto 0xa58bd143;
				if ( *((intOrPtr*)(__rcx + 0x10)) != __rbp) goto 0xa58bce3d;
				 *((char*)(_t174 + 0x30)) = 1;
				r9d = 0;
				 *((intOrPtr*)(_t174 + 0x2c)) = 0x16;
				r8d = 0;
				_v32 =  *((intOrPtr*)(__rcx + 8));
				_v40 = __rbp;
				E00007FF77FF7A58BE70C( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t209, _t215, __rbp, __r8);
				goto 0xa58bd0f1;
				 *((intOrPtr*)(_t197 + 0x468)) =  *((intOrPtr*)(_t197 + 0x468)) + 1;
				if ( *((intOrPtr*)(_t197 + 0x468)) == 2) goto 0xa58bd0ee;
				_t176 =  *((intOrPtr*)(_t195 + 0x10));
				 *((intOrPtr*)(_t195 + 0x48)) = 0;
				 *(_t195 + 0x24) = bpl;
				r8b =  *_t176;
				 *((long long*)(_t195 + 0x10)) = _t176 + 1;
				 *((intOrPtr*)(_t195 + 0x39)) = r8b;
				if (r8b == 0) goto 0xa58bd0db;
				r9b = r8b;
				if ( *(_t195 + 0x20) < 0) goto 0xa58bd0d0;
				if (_t221 - 0x20 - 0x5a > 0) goto 0xa58bce9f;
				goto 0xa58bcea2;
				_t115 =  *(0xa58e5df0 + (r8b - 0x20 + (r8b - 0x20) * 8 + r8b - 0x20) * 2) & 0x000000ff;
				 *(_t195 + 0x24) = _t115;
				if (_t115 - 8 >= 0) goto 0xa58bd130;
				_t151 = _t115;
				if (_t151 == 0) goto 0xa58bcfdf;
				if (_t151 == 0) goto 0xa58bcfc8;
				if (_t151 == 0) goto 0xa58bcf79;
				if (_t151 == 0) goto 0xa58bcf42;
				if (_t151 == 0) goto 0xa58bcf3a;
				if (_t151 == 0) goto 0xa58bcf10;
				if (_t151 == 0) goto 0xa58bcf06;
				if (_t115 - 0xfffffffffffffffc != 1) goto 0xa58bd15c;
				E00007FF77FF7A58BD668(_t140, _t195, _t195, _t209, _t213, _t215, _t221);
				goto 0xa58bcf6c;
				E00007FF77FF7A58BD4E4(_t195);
				goto 0xa58bcf6c;
				if (r8b == 0x2a) goto 0xa58bcf24;
				E00007FF77FF7A58BCD40(_t195, _t195, _t195 + 0x30, _t215);
				goto 0xa58bcf6c;
				 *((long long*)(_t195 + 0x18)) =  *((long long*)(_t195 + 0x18)) + 8;
				_t135 =  *( *((intOrPtr*)(_t195 + 0x18)) - 8);
				_t136 =  <  ? _t142 : _t135;
				 *(_t195 + 0x30) =  <  ? _t142 : _t135;
				goto 0xa58bcf6a;
				 *(_t195 + 0x30) = 0;
				goto 0xa58bd0b2;
				if (r8b == 0x2a) goto 0xa58bcf4e;
				goto 0xa58bcf1a;
				 *((long long*)(_t195 + 0x18)) =  *((long long*)(_t195 + 0x18)) + 8;
				_t137 =  *( *((intOrPtr*)(_t195 + 0x18)) - 8);
				 *(_t195 + 0x2c) = _t137;
				if (_t137 >= 0) goto 0xa58bcf6a;
				 *(_t195 + 0x28) =  *(_t195 + 0x28) | 0x00000004;
				 *(_t195 + 0x2c) =  ~_t137;
				if (1 == 0) goto 0xa58bd15c;
				goto 0xa58bd0b2;
				if (r8b == 0x20) goto 0xa58bcfbf;
				if (r8b == 0x23) goto 0xa58bcfb6;
				if (r8b == 0x2b) goto 0xa58bcfad;
				if (r8b == 0x2d) goto 0xa58bcfa4;
				if (r8b != 0x30) goto 0xa58bd0b2;
				 *(_t195 + 0x28) =  *(_t195 + 0x28) | 0x00000008;
				goto 0xa58bd0b2;
				 *(_t195 + 0x28) =  *(_t195 + 0x28) | 0x00000004;
				goto 0xa58bd0b2;
				 *(_t195 + 0x28) =  *(_t195 + 0x28) | 0x00000001;
				goto 0xa58bd0b2;
				 *(_t195 + 0x28) =  *(_t195 + 0x28) | 0x00000020;
				goto 0xa58bd0b2;
				 *(_t195 + 0x28) =  *(_t195 + 0x28) | 0x00000002;
				goto 0xa58bd0b2;
				 *(_t195 + 0x28) = _t216;
				 *(_t195 + 0x38) = bpl;
				 *(_t195 + 0x30) = _t142;
				 *((intOrPtr*)(_t195 + 0x34)) = 0;
				 *(_t195 + 0x4c) = bpl;
				goto 0xa58bd0b2;
				 *(_t195 + 0x4c) = bpl;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t195 + 8)) + 0x28)) != bpl) goto 0xa58bcffc;
				0xa58bb7e0();
				r8b =  *((intOrPtr*)(_t195 + 0x39));
				r9b = r8b;
				_t164 = 1 - _t142;
				if (_t164 < 0) goto 0xa58bd073;
				if (_t164 == 0) goto 0xa58bd073;
				_t205 =  *((intOrPtr*)(_t195 + 0x460));
				if ( *((intOrPtr*)(_t205 + 0x10)) !=  *((intOrPtr*)(_t205 + 8))) goto 0xa58bd03a;
				if ( *((intOrPtr*)(_t205 + 0x18)) == bpl) goto 0xa58bd035;
				 *(_t195 + 0x20) =  *(_t195 + 0x20) + 1;
				goto 0xa58bd058;
				 *(_t195 + 0x20) = _t142;
				goto 0xa58bd058;
				 *(_t195 + 0x20) =  *(_t195 + 0x20) + 1;
				 *((long long*)(_t205 + 0x10)) =  *((long long*)(_t205 + 0x10)) + 1;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t195 + 0x460)))))) = r8b;
				 *((long long*)( *((intOrPtr*)(_t195 + 0x460)))) =  *((long long*)( *((intOrPtr*)(_t195 + 0x460)))) + 1;
				_t187 =  *((intOrPtr*)(_t195 + 0x10));
				r9b =  *_t187;
				 *((long long*)(_t195 + 0x10)) = _t187 + 1;
				 *((intOrPtr*)(_t195 + 0x39)) = r9b;
				if (r9b == 0) goto 0xa58bd104;
				_t207 =  *((intOrPtr*)(_t195 + 0x460));
				if ( *((intOrPtr*)(_t207 + 0x10)) !=  *((intOrPtr*)(_t207 + 8))) goto 0xa58bd094;
				if ( *((intOrPtr*)(_t207 + 0x18)) == bpl) goto 0xa58bd08f;
				 *(_t195 + 0x20) =  *(_t195 + 0x20) + 1;
				goto 0xa58bd0b2;
				 *(_t195 + 0x20) = _t142;
				goto 0xa58bd0b2;
				 *(_t195 + 0x20) =  *(_t195 + 0x20) + 1;
				 *((long long*)(_t207 + 0x10)) =  *((long long*)(_t207 + 0x10)) + 1;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t195 + 0x460)))))) = r9b;
				 *((long long*)( *((intOrPtr*)(_t195 + 0x460)))) =  *((long long*)( *((intOrPtr*)(_t195 + 0x460)))) + 1;
				_t192 =  *((intOrPtr*)(_t195 + 0x10));
				r8b =  *_t192;
				 *((long long*)(_t195 + 0x10)) = _t192 + 1;
				r9b = r8b;
				 *((intOrPtr*)(_t195 + 0x39)) = r8b;
				if (r8b != 0) goto 0xa58bce7c;
				_t122 =  *(_t195 + 0x24);
				if (_t122 == 0) goto 0xa58bd0db;
				if (_t122 != 7) goto 0xa58bd130;
				 *((intOrPtr*)(_t195 + 0x468)) =  *((intOrPtr*)(_t195 + 0x468)) + 1;
				if ( *((intOrPtr*)(_t195 + 0x468)) != 2) goto 0xa58bce57;
				return  *(_t195 + 0x20);
			}

0x7ff7a58bcdd0
0x7ff7a58bcdd0
0x7ff7a58bcdd0
0x7ff7a58bcdd0
0x7ff7a58bcdd5
0x7ff7a58bcde2
0x7ff7a58bcde6
0x7ff7a58bcdeb
0x7ff7a58bcdf5
0x7ff7a58bcdf7
0x7ff7a58bcdfb
0x7ff7a58bce02
0x7ff7a58bce0b
0x7ff7a58bce0d
0x7ff7a58bce11
0x7ff7a58bce14
0x7ff7a58bce1b
0x7ff7a58bce24
0x7ff7a58bce2b
0x7ff7a58bce30
0x7ff7a58bce38
0x7ff7a58bce3d
0x7ff7a58bce4a
0x7ff7a58bce57
0x7ff7a58bce5b
0x7ff7a58bce5e
0x7ff7a58bce62
0x7ff7a58bce68
0x7ff7a58bce6c
0x7ff7a58bce73
0x7ff7a58bce79
0x7ff7a58bce7f
0x7ff7a58bce8b
0x7ff7a58bce9d
0x7ff7a58bceb3
0x7ff7a58bceb8
0x7ff7a58bcebd
0x7ff7a58bcec5
0x7ff7a58bcec7
0x7ff7a58bced0
0x7ff7a58bced9
0x7ff7a58bcee2
0x7ff7a58bcee7
0x7ff7a58bceec
0x7ff7a58bcef1
0x7ff7a58bcef6
0x7ff7a58bceff
0x7ff7a58bcf04
0x7ff7a58bcf09
0x7ff7a58bcf0e
0x7ff7a58bcf14
0x7ff7a58bcf1d
0x7ff7a58bcf22
0x7ff7a58bcf24
0x7ff7a58bcf2d
0x7ff7a58bcf32
0x7ff7a58bcf35
0x7ff7a58bcf38
0x7ff7a58bcf3a
0x7ff7a58bcf3d
0x7ff7a58bcf46
0x7ff7a58bcf4c
0x7ff7a58bcf4e
0x7ff7a58bcf57
0x7ff7a58bcf5a
0x7ff7a58bcf5f
0x7ff7a58bcf61
0x7ff7a58bcf67
0x7ff7a58bcf6e
0x7ff7a58bcf74
0x7ff7a58bcf7d
0x7ff7a58bcf83
0x7ff7a58bcf89
0x7ff7a58bcf8f
0x7ff7a58bcf95
0x7ff7a58bcf9b
0x7ff7a58bcf9f
0x7ff7a58bcfa4
0x7ff7a58bcfa8
0x7ff7a58bcfad
0x7ff7a58bcfb1
0x7ff7a58bcfb6
0x7ff7a58bcfba
0x7ff7a58bcfbf
0x7ff7a58bcfc3
0x7ff7a58bcfc8
0x7ff7a58bcfcc
0x7ff7a58bcfd0
0x7ff7a58bcfd3
0x7ff7a58bcfd6
0x7ff7a58bcfda
0x7ff7a58bcfe3
0x7ff7a58bcfeb
0x7ff7a58bcff0
0x7ff7a58bcff5
0x7ff7a58bcff9
0x7ff7a58bd000
0x7ff7a58bd002
0x7ff7a58bd017
0x7ff7a58bd019
0x7ff7a58bd028
0x7ff7a58bd02e
0x7ff7a58bd030
0x7ff7a58bd033
0x7ff7a58bd035
0x7ff7a58bd038
0x7ff7a58bd03a
0x7ff7a58bd03d
0x7ff7a58bd04b
0x7ff7a58bd055
0x7ff7a58bd058
0x7ff7a58bd05c
0x7ff7a58bd062
0x7ff7a58bd066
0x7ff7a58bd06d
0x7ff7a58bd073
0x7ff7a58bd082
0x7ff7a58bd088
0x7ff7a58bd08a
0x7ff7a58bd08d
0x7ff7a58bd08f
0x7ff7a58bd092
0x7ff7a58bd094
0x7ff7a58bd097
0x7ff7a58bd0a5
0x7ff7a58bd0af
0x7ff7a58bd0b2
0x7ff7a58bd0b6
0x7ff7a58bd0bc
0x7ff7a58bd0c0
0x7ff7a58bd0c3
0x7ff7a58bd0ca
0x7ff7a58bd0d0
0x7ff7a58bd0d5
0x7ff7a58bd0d9
0x7ff7a58bd0db
0x7ff7a58bd0e8
0x7ff7a58bd103

Strings

, xrefs: 00007FF7A58BCFB6

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 1dc322bc2809447d9d419cc4a34386202929e0026a172bc20c784d48cc04640a
Instruction ID: a0a7d65e19c93134b8e35c18cfa39b08e1e0f1ddac4efdcf29a2f85b2c408776
Opcode Fuzzy Hash: 1dc322bc2809447d9d419cc4a34386202929e0026a172bc20c784d48cc04640a
Instruction Fuzzy Hash: 19B1C572A0A74695E7649F39C05023CBBA8E706F48FA701B5CE4D073AACF79D462C725

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58BD160 Relevance: 1.5, Strings: 1, Instructions: 244
COMMONCrypto

Download Yara Rule

C-Code - Quality: 31%

			E00007FF77FF7A58BD160(signed int __esi, long long __rbx, signed long long __rcx, signed int __rbp, void* __r8, long long _a16, long long _a24) {
				long long _v32;
				long long _v40;
				void* __rdi;
				void* __rsi;
				signed int _t113;
				signed int _t132;
				signed int _t134;
				void* _t138;
				signed int _t140;
				signed int _t149;
				void* _t162;
				intOrPtr _t170;
				intOrPtr* _t172;
				intOrPtr* _t183;
				intOrPtr* _t188;
				signed long long _t191;
				signed long long _t193;
				intOrPtr _t199;
				intOrPtr _t201;
				void* _t203;
				void* _t208;
				void* _t210;
				signed int _t211;
				void* _t216;

				_t216 = __r8;
				_t211 = __rbp;
				_t193 = __rcx;
				_a16 = __rbx;
				_a24 = __rbp;
				_t170 =  *((intOrPtr*)(__rcx + 8));
				_t140 = __esi | 0xffffffff;
				_t191 = __rcx;
				if ( *((intOrPtr*)(__rcx + 0x460)) != __rbp) goto 0xa58bd197;
				 *((char*)(_t170 + 0x30)) = 1;
				 *((intOrPtr*)(_t170 + 0x2c)) = 0x16;
				goto 0xa58bd4c5;
				if ( *((intOrPtr*)(__rcx + 0x10)) != __rbp) goto 0xa58bd1cd;
				 *((char*)(_t170 + 0x30)) = 1;
				r9d = 0;
				 *((intOrPtr*)(_t170 + 0x2c)) = 0x16;
				r8d = 0;
				_v32 =  *((intOrPtr*)(__rcx + 8));
				_v40 = __rbp;
				E00007FF77FF7A58BE70C( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t203, _t210, __rbp, __r8);
				goto 0xa58bd473;
				 *((intOrPtr*)(_t193 + 0x468)) =  *((intOrPtr*)(_t193 + 0x468)) + 1;
				if ( *((intOrPtr*)(_t193 + 0x468)) == 2) goto 0xa58bd470;
				_t172 =  *((intOrPtr*)(_t191 + 0x10));
				 *((intOrPtr*)(_t191 + 0x48)) = 0;
				 *(_t191 + 0x24) = bpl;
				r8b =  *_t172;
				 *((long long*)(_t191 + 0x10)) = _t172 + 1;
				 *((intOrPtr*)(_t191 + 0x39)) = r8b;
				if (r8b == 0) goto 0xa58bd45d;
				r9b = r8b;
				if ( *(_t191 + 0x20) < 0) goto 0xa58bd45d;
				if (_t216 - 0x20 - 0x5a > 0) goto 0xa58bd22f;
				goto 0xa58bd232;
				_t113 =  *(0xa58e5cf0 + (r8b - 0x20 + _t193 * 8) * 2) & 0x000000ff;
				 *(_t191 + 0x24) = _t113;
				if (_t113 - 8 >= 0) goto 0xa58bd4b2;
				_t149 = _t113;
				if (_t149 == 0) goto 0xa58bd36c;
				if (_t149 == 0) goto 0xa58bd355;
				if (_t149 == 0) goto 0xa58bd306;
				if (_t149 == 0) goto 0xa58bd2cf;
				if (_t149 == 0) goto 0xa58bd2c7;
				if (_t149 == 0) goto 0xa58bd29d;
				if (_t149 == 0) goto 0xa58bd293;
				if (_t113 - 0xfffffffffffffffc != 1) goto 0xa58bd4de;
				E00007FF77FF7A58BD668(_t138, _t191, _t191, r8b - 0x20 + _t193 * 8, _t208, _t210, _t216);
				goto 0xa58bd2f9;
				E00007FF77FF7A58BD4E4(_t191);
				goto 0xa58bd2f9;
				if (r8b == 0x2a) goto 0xa58bd2b1;
				E00007FF77FF7A58BCD40(_t191, _t191, _t191 + 0x30, _t210);
				goto 0xa58bd2f9;
				 *((long long*)(_t191 + 0x18)) =  *((long long*)(_t191 + 0x18)) + 8;
				_t132 =  *( *((intOrPtr*)(_t191 + 0x18)) - 8);
				_t133 =  <  ? _t140 : _t132;
				 *(_t191 + 0x30) =  <  ? _t140 : _t132;
				goto 0xa58bd2f7;
				 *(_t191 + 0x30) = 0;
				goto 0xa58bd43f;
				if (r8b == 0x2a) goto 0xa58bd2db;
				goto 0xa58bd2a7;
				 *((long long*)(_t191 + 0x18)) =  *((long long*)(_t191 + 0x18)) + 8;
				_t134 =  *( *((intOrPtr*)(_t191 + 0x18)) - 8);
				 *(_t191 + 0x2c) = _t134;
				if (_t134 >= 0) goto 0xa58bd2f7;
				 *(_t191 + 0x28) =  *(_t191 + 0x28) | 0x00000004;
				 *(_t191 + 0x2c) =  ~_t134;
				if (1 == 0) goto 0xa58bd4de;
				goto 0xa58bd43f;
				if (r8b == 0x20) goto 0xa58bd34c;
				if (r8b == 0x23) goto 0xa58bd343;
				if (r8b == 0x2b) goto 0xa58bd33a;
				if (r8b == 0x2d) goto 0xa58bd331;
				if (r8b != 0x30) goto 0xa58bd43f;
				 *(_t191 + 0x28) =  *(_t191 + 0x28) | 0x00000008;
				goto 0xa58bd43f;
				 *(_t191 + 0x28) =  *(_t191 + 0x28) | 0x00000004;
				goto 0xa58bd43f;
				 *(_t191 + 0x28) =  *(_t191 + 0x28) | 0x00000001;
				goto 0xa58bd43f;
				 *(_t191 + 0x28) =  *(_t191 + 0x28) | 0x00000020;
				goto 0xa58bd43f;
				 *(_t191 + 0x28) =  *(_t191 + 0x28) | 0x00000002;
				goto 0xa58bd43f;
				 *(_t191 + 0x28) = _t211;
				 *(_t191 + 0x38) = bpl;
				 *(_t191 + 0x30) = _t140;
				 *((intOrPtr*)(_t191 + 0x34)) = 0;
				 *(_t191 + 0x4c) = bpl;
				goto 0xa58bd43f;
				 *(_t191 + 0x4c) = bpl;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t191 + 8)) + 0x28)) != bpl) goto 0xa58bd389;
				0xa58bb7e0();
				r8b =  *((intOrPtr*)(_t191 + 0x39));
				r9b = r8b;
				_t162 = 1 - _t140;
				if (_t162 < 0) goto 0xa58bd400;
				if (_t162 == 0) goto 0xa58bd400;
				_t199 =  *((intOrPtr*)(_t191 + 0x460));
				if ( *((intOrPtr*)(_t199 + 0x10)) !=  *((intOrPtr*)(_t199 + 8))) goto 0xa58bd3c7;
				if ( *((intOrPtr*)(_t199 + 0x18)) == bpl) goto 0xa58bd3c2;
				 *(_t191 + 0x20) =  *(_t191 + 0x20) + 1;
				goto 0xa58bd3e5;
				 *(_t191 + 0x20) = _t140;
				goto 0xa58bd3e5;
				 *(_t191 + 0x20) =  *(_t191 + 0x20) + 1;
				 *((long long*)(_t199 + 0x10)) =  *((long long*)(_t199 + 0x10)) + 1;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x460)))))) = r8b;
				 *((long long*)( *((intOrPtr*)(_t191 + 0x460)))) =  *((long long*)( *((intOrPtr*)(_t191 + 0x460)))) + 1;
				_t183 =  *((intOrPtr*)(_t191 + 0x10));
				r9b =  *_t183;
				 *((long long*)(_t191 + 0x10)) = _t183 + 1;
				 *((intOrPtr*)(_t191 + 0x39)) = r9b;
				if (r9b == 0) goto 0xa58bd486;
				_t201 =  *((intOrPtr*)(_t191 + 0x460));
				if ( *((intOrPtr*)(_t201 + 0x10)) !=  *((intOrPtr*)(_t201 + 8))) goto 0xa58bd421;
				if ( *((intOrPtr*)(_t201 + 0x18)) == bpl) goto 0xa58bd41c;
				 *(_t191 + 0x20) =  *(_t191 + 0x20) + 1;
				goto 0xa58bd43f;
				 *(_t191 + 0x20) = _t140;
				goto 0xa58bd43f;
				 *(_t191 + 0x20) =  *(_t191 + 0x20) + 1;
				 *((long long*)(_t201 + 0x10)) =  *((long long*)(_t201 + 0x10)) + 1;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t191 + 0x460)))))) = r9b;
				 *((long long*)( *((intOrPtr*)(_t191 + 0x460)))) =  *((long long*)( *((intOrPtr*)(_t191 + 0x460)))) + 1;
				_t188 =  *((intOrPtr*)(_t191 + 0x10));
				r8b =  *_t188;
				 *((long long*)(_t191 + 0x10)) = _t188 + 1;
				r9b = r8b;
				 *((intOrPtr*)(_t191 + 0x39)) = r8b;
				if (r8b != 0) goto 0xa58bd20c;
				 *((intOrPtr*)(_t191 + 0x468)) =  *((intOrPtr*)(_t191 + 0x468)) + 1;
				if ( *((intOrPtr*)(_t191 + 0x468)) != 2) goto 0xa58bd1e7;
				return  *(_t191 + 0x20);
			}

0x7ff7a58bd160
0x7ff7a58bd160
0x7ff7a58bd160
0x7ff7a58bd160
0x7ff7a58bd165
0x7ff7a58bd172
0x7ff7a58bd176
0x7ff7a58bd17b
0x7ff7a58bd185
0x7ff7a58bd187
0x7ff7a58bd18b
0x7ff7a58bd192
0x7ff7a58bd19b
0x7ff7a58bd19d
0x7ff7a58bd1a1
0x7ff7a58bd1a4
0x7ff7a58bd1ab
0x7ff7a58bd1b4
0x7ff7a58bd1bb
0x7ff7a58bd1c0
0x7ff7a58bd1c8
0x7ff7a58bd1cd
0x7ff7a58bd1da
0x7ff7a58bd1e7
0x7ff7a58bd1eb
0x7ff7a58bd1ee
0x7ff7a58bd1f2
0x7ff7a58bd1f8
0x7ff7a58bd1fc
0x7ff7a58bd203
0x7ff7a58bd209
0x7ff7a58bd20f
0x7ff7a58bd21b
0x7ff7a58bd22d
0x7ff7a58bd240
0x7ff7a58bd245
0x7ff7a58bd24a
0x7ff7a58bd252
0x7ff7a58bd254
0x7ff7a58bd25d
0x7ff7a58bd266
0x7ff7a58bd26f
0x7ff7a58bd274
0x7ff7a58bd279
0x7ff7a58bd27e
0x7ff7a58bd283
0x7ff7a58bd28c
0x7ff7a58bd291
0x7ff7a58bd296
0x7ff7a58bd29b
0x7ff7a58bd2a1
0x7ff7a58bd2aa
0x7ff7a58bd2af
0x7ff7a58bd2b1
0x7ff7a58bd2ba
0x7ff7a58bd2bf
0x7ff7a58bd2c2
0x7ff7a58bd2c5
0x7ff7a58bd2c7
0x7ff7a58bd2ca
0x7ff7a58bd2d3
0x7ff7a58bd2d9
0x7ff7a58bd2db
0x7ff7a58bd2e4
0x7ff7a58bd2e7
0x7ff7a58bd2ec
0x7ff7a58bd2ee
0x7ff7a58bd2f4
0x7ff7a58bd2fb
0x7ff7a58bd301
0x7ff7a58bd30a
0x7ff7a58bd310
0x7ff7a58bd316
0x7ff7a58bd31c
0x7ff7a58bd322
0x7ff7a58bd328
0x7ff7a58bd32c
0x7ff7a58bd331
0x7ff7a58bd335
0x7ff7a58bd33a
0x7ff7a58bd33e
0x7ff7a58bd343
0x7ff7a58bd347
0x7ff7a58bd34c
0x7ff7a58bd350
0x7ff7a58bd355
0x7ff7a58bd359
0x7ff7a58bd35d
0x7ff7a58bd360
0x7ff7a58bd363
0x7ff7a58bd367
0x7ff7a58bd370
0x7ff7a58bd378
0x7ff7a58bd37d
0x7ff7a58bd382
0x7ff7a58bd386
0x7ff7a58bd38d
0x7ff7a58bd38f
0x7ff7a58bd3a4
0x7ff7a58bd3a6
0x7ff7a58bd3b5
0x7ff7a58bd3bb
0x7ff7a58bd3bd
0x7ff7a58bd3c0
0x7ff7a58bd3c2
0x7ff7a58bd3c5
0x7ff7a58bd3c7
0x7ff7a58bd3ca
0x7ff7a58bd3d8
0x7ff7a58bd3e2
0x7ff7a58bd3e5
0x7ff7a58bd3e9
0x7ff7a58bd3ef
0x7ff7a58bd3f3
0x7ff7a58bd3fa
0x7ff7a58bd400
0x7ff7a58bd40f
0x7ff7a58bd415
0x7ff7a58bd417
0x7ff7a58bd41a
0x7ff7a58bd41c
0x7ff7a58bd41f
0x7ff7a58bd421
0x7ff7a58bd424
0x7ff7a58bd432
0x7ff7a58bd43c
0x7ff7a58bd43f
0x7ff7a58bd443
0x7ff7a58bd449
0x7ff7a58bd44d
0x7ff7a58bd450
0x7ff7a58bd457
0x7ff7a58bd45d
0x7ff7a58bd46a
0x7ff7a58bd485

Strings

, xrefs: 00007FF7A58BD343

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: be79600c323e32bded9e4414b8c90cd99041a4dc94801acc5df077f2d805313c
Instruction ID: 5baae4852e41480469bee7ac234e607a0131cdbbda656d0218d50b11273dc4a4
Opcode Fuzzy Hash: be79600c323e32bded9e4414b8c90cd99041a4dc94801acc5df077f2d805313c
Instruction Fuzzy Hash: A4B1AF7290B78195E7649F29805433CBBA8E70AF48FA70179CB4D0B3A9CF39E461C765

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED9D68 Relevance: 1.4, Strings: 1, Instructions: 138
COMMONCrypto

Download Yara Rule

C-Code - Quality: 19%

			E00007FFA7FFA0AED9D68(long long __rbx, long long __rdi, long long __rsi, void* __r8, intOrPtr* __r9) {
				void* _t87;
				signed int _t101;
				long long _t124;
				intOrPtr _t126;
				void* _t129;
				void* _t131;
				void* _t139;
				long long _t141;
				void* _t142;

				_t124 = _t141;
				 *((long long*)(_t124 + 8)) = __rbx;
				 *((long long*)(_t124 + 0x10)) = __rsi;
				 *((long long*)(_t124 + 0x18)) = __rdi;
				_t139 = _t124 - 0x5f;
				_t142 = _t141 - 0xb0;
				E00007FFA7FFA0AEE3C78(_t87, _t129, _t131, __r8, __r9);
				 *((intOrPtr*)(_t139 + 0x1f)) = 0x1fe64;
				 *((long long*)(_t139 + 0x23)) = _t124;
				if (0x6fbe == 0x6fbe) goto 0xaed9fbb;
				if (0x6fbe == 0x527d2) goto 0xaed9f05;
				if (0x6fbe != 0xa55d6) goto 0xaed9fc0;
				 *(_t139 + 0xb) = 0x2d5184;
				 *(_t139 + 0xb) =  *(_t139 + 0xb) | 0xa7edfeff;
				 *(_t139 + 0xb) =  *(_t139 + 0xb) ^ 0x9441207b;
				 *(_t139 + 0xb) =  *(_t139 + 0xb) ^ 0x33acdf84;
				 *(_t139 + 0x17) = 0x55d4bb;
				 *(_t139 + 0x17) = 0x76b981db *  *(_t139 + 0x17) >> 0x20 >> 5;
				 *(_t139 + 0x17) =  *(_t139 + 0x17) ^ 0x000eeff1;
				 *(_t139 + 0xf) = 0xf3a9ff;
				 *(_t139 + 0xf) =  *(_t139 + 0xf) * 0x38;
				 *(_t139 + 0xf) = 0xba2e8ba3 *  *(_t139 + 0xf) >> 0x20 >> 5;
				 *(_t139 + 0xf) =  *(_t139 + 0xf) ^ 0x013d6c21;
				 *(_t139 + 7) = 0x4b85a6;
				 *(_t139 + 7) =  *(_t139 + 7) << 0xa;
				 *(_t139 + 7) =  *(_t139 + 7) + 0xffff22df;
				 *(_t139 + 7) =  *(_t139 + 7) >> 7;
				 *(_t139 + 7) =  *(_t139 + 7) ^ 0x005e78a5;
				 *(_t139 + 0x1b) = 0x8eb0ed;
				 *(_t139 + 0x1b) =  *(_t139 + 0x1b) + 0x2deb;
				 *(_t139 + 0x1b) =  *(_t139 + 0x1b) ^ 0x00818f1a;
				 *(_t139 + 0x13) = 0x3e8eaa;
				 *(_t139 + 0x13) =  *(_t139 + 0x13) * 0x2f;
				 *(_t139 + 0x13) =  *(_t139 + 0x13) ^ 0x0b7a0630;
				 *(_t142 + 0x58) =  *(_t139 + 0x13);
				 *((long long*)(_t142 + 0x50)) =  *((intOrPtr*)(__r9));
				 *(_t142 + 0x48) =  *(_t139 + 0x1b);
				 *((intOrPtr*)(_t142 + 0x40)) =  *((intOrPtr*)(__r9 + 8));
				_t126 =  *0xaee8210; // 0x0
				 *((long long*)(_t142 + 0x38)) =  *((intOrPtr*)(_t126 + 0x48));
				 *(_t142 + 0x28) =  *(_t139 + 7);
				_t101 =  *(_t139 + 0xf);
				r8d =  *(_t139 + 0xb);
				 *(_t142 + 0x20) = _t101;
				E00007FFA7FFA0AEE0A90();
				 *(_t139 + 7) = 0x5b417e;
				 *(_t139 + 7) =  *(_t139 + 7) >> 0xc;
				r8d = _t101;
				 *(_t139 + 7) = 0xca4587e7 *  *(_t139 + 7) >> 0x20 >> 6;
				 *(_t139 + 7) =  *(_t139 + 7) >> 0xb;
				_t106 =  ==  ? 1 : 0;
				_t104 =  ==  ? 1 : 0;
				return  ==  ? 1 : 0;
			}

0x7ffa0aed9d68
0x7ffa0aed9d6b
0x7ffa0aed9d6f
0x7ffa0aed9d73
0x7ffa0aed9d78
0x7ffa0aed9d7c
0x7ffa0aed9d89
0x7ffa0aed9d90
0x7ffa0aed9d99
0x7ffa0aed9da7
0x7ffa0aed9db2
0x7ffa0aed9dbd
0x7ffa0aed9dc3
0x7ffa0aed9dd3
0x7ffa0aed9dda
0x7ffa0aed9de1
0x7ffa0aed9de8
0x7ffa0aed9df7
0x7ffa0aed9dfa
0x7ffa0aed9e01
0x7ffa0aed9e0c
0x7ffa0aed9e1c
0x7ffa0aed9e1f
0x7ffa0aed9e26
0x7ffa0aed9e2d
0x7ffa0aed9e31
0x7ffa0aed9e38
0x7ffa0aed9e3c
0x7ffa0aed9e43
0x7ffa0aed9e4a
0x7ffa0aed9e51
0x7ffa0aed9e58
0x7ffa0aed9e63
0x7ffa0aed9e66
0x7ffa0aed9e70
0x7ffa0aed9e77
0x7ffa0aed9e7f
0x7ffa0aed9e86
0x7ffa0aed9e8a
0x7ffa0aed9e98
0x7ffa0aed9e9d
0x7ffa0aed9ea1
0x7ffa0aed9ea4
0x7ffa0aed9eab
0x7ffa0aed9eaf
0x7ffa0aed9eb4
0x7ffa0aed9ebb
0x7ffa0aed9ebf
0x7ffa0aed9ecf
0x7ffa0aed9ed7
0x7ffa0aed9ee7
0x7ffa0aed9ef2
0x7ffa0aed9f04

Strings

~A[, xrefs: 00007FFA0AED9EB4

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: ~A[
API String ID: 0-3035982448
Opcode ID: 39afa7c33908e4f269d6ff0a9b3930eab7e6ed2e559944be6b9ba1798679513a
Instruction ID: ef7a0f631dc55b26f80576a7f2f8bf9e6f2753ee248c6d32e29c64d04fda65db
Opcode Fuzzy Hash: 39afa7c33908e4f269d6ff0a9b3930eab7e6ed2e559944be6b9ba1798679513a
Instruction Fuzzy Hash: 9D61F073610680EFC368CF39D4895993BA1F34875CB40C42AEA098BF5CDB78DA69CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDB134 Relevance: 1.4, Strings: 1, Instructions: 118
COMMONCrypto

Download Yara Rule

C-Code - Quality: 35%

			E00007FFA7FFA0AEDB134(void* __eflags, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long _a8, unsigned int _a16, signed int _a24, signed int _a32) {
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v56;
				unsigned int _v72;
				void* __rdi;
				void* __rsi;
				intOrPtr _t117;
				void* _t129;
				long long _t153;
				intOrPtr _t154;
				long long _t158;
				intOrPtr _t162;
				void* _t164;
				void* _t165;

				_t153 = __rax;
				_a8 = __rbx;
				_v48 = 0xa9c11;
				_v44 = 0xe224d;
				_t164 = __rcx;
				_v40 = 0;
				_a32 = 0x25148a;
				_a32 = _a32 << 0xf;
				_a32 = _a32 >> 0xf;
				_a32 = _a32 ^ 0x00080a6e;
				_a24 = 0xbf677c;
				_a24 = _a24 << 0xb;
				_a24 = _a24 | 0x9f2af68f;
				_a24 = _a24 ^ 0xff345c71;
				_v56 = 0xc8da81;
				_v56 = _v56 + 0x2b93;
				_v56 = _v56 ^ 0x00c22475;
				_a16 = 0xb52550;
				_a16 = _a16 ^ 0x1510c8e7;
				_a16 = (_a16 - (0xaf286bcb * _a16 >> 0x20) >> 1) + (0xaf286bcb * _a16 >> 0x20) >> 4;
				_a16 = _a16 | 0x27a7e9a7;
				_a16 = _a16 ^ 0x27a468b6;
				r8d = _v56;
				_v72 = _a16;
				_t117 = E00007FFA7FFA0AED7410(__rcx);
				E00007FFA7FFA0AEDB008(_t117, __rbx, __rcx, _t165);
				if (_t153 != 0) goto 0xaedb332;
				_a24 = 0x727d8f;
				_a24 = _a24 | 0x52a1d469;
				_a24 = _a24 * 0x47;
				_a24 = _a24 * 0x63;
				_a24 = _a24 ^ 0xa549a883;
				_a16 = 0x256a12;
				_a16 = _a16 + 0x22b5;
				_a16 = (_a16 - (0x24924925 * _a16 >> 0x20) >> 1) + (0x24924925 * _a16 >> 0x20) >> 2;
				_a16 = _a16 | 0x49f646c8;
				_a16 = _a16 ^ 0x49fcb7de;
				_a32 = 0xd1cd87;
				_a32 = _a32 + 0x7048;
				_a32 = _a32 | 0xd9eee15b;
				_a32 = _a32 ^ 0xd9faf5c3;
				E00007FFA7FFA0AEDDE9C(0x88, 0x24924925 * _a16 >> 0x20, _t153);
				_t158 = _t153;
				if (_t153 == 0) goto 0xaedb332;
				_v56 = 0x1135f8;
				_v56 = _v56 + 0xffff4c7e;
				_v56 = _v56 ^ 0x0017aecc;
				_a16 = 0x280168;
				_a16 = _a16 << 1;
				_a16 = _a16 * 0x46;
				_a16 = _a16 >> 7;
				_a16 = _a16 ^ 0x002a4977;
				_a32 = 0x3e248c;
				_a32 = _a32 >> 0x10;
				_a32 = _a32 ^ 0x000841dd;
				_a24 = 0x16f506;
				_a24 = _a24 + 0xffff5a14;
				_a24 = _a24 + 0xffff4af3;
				_a24 = _a24 ^ 0x001da2db;
				r9d = _a32;
				_v72 = _a24;
				_t129 = E00007FFA7FFA0AED49E4(_t153, _t158, _t164, _t164);
				_t162 =  *0xaee8220; // 0x22823270990
				 *((intOrPtr*)(_t158 + 8)) = _t117;
				 *((long long*)(_t158 + 0x80)) = _t153;
				_t154 =  *((intOrPtr*)(_t162 + 0x10));
				if (_t154 == 0) goto 0xaedb323;
				 *((long long*)(_t154 + 0x28)) = _t158;
				 *((long long*)(_t158 + 0x58)) =  *((intOrPtr*)(_t162 + 0x10));
				 *((long long*)(_t162 + 0x10)) = _t158;
				return _t129;
			}

0x7ffa0aedb134
0x7ffa0aedb134
0x7ffa0aedb143
0x7ffa0aedb14a
0x7ffa0aedb151
0x7ffa0aedb159
0x7ffa0aedb15c
0x7ffa0aedb168
0x7ffa0aedb16c
0x7ffa0aedb170
0x7ffa0aedb177
0x7ffa0aedb17e
0x7ffa0aedb182
0x7ffa0aedb189
0x7ffa0aedb190
0x7ffa0aedb197
0x7ffa0aedb19e
0x7ffa0aedb1a5
0x7ffa0aedb1ac
0x7ffa0aedb1c1
0x7ffa0aedb1c4
0x7ffa0aedb1cb
0x7ffa0aedb1d5
0x7ffa0aedb1df
0x7ffa0aedb1e3
0x7ffa0aedb1ef
0x7ffa0aedb1f7
0x7ffa0aedb1fd
0x7ffa0aedb204
0x7ffa0aedb20f
0x7ffa0aedb216
0x7ffa0aedb21e
0x7ffa0aedb225
0x7ffa0aedb22c
0x7ffa0aedb241
0x7ffa0aedb249
0x7ffa0aedb250
0x7ffa0aedb257
0x7ffa0aedb25e
0x7ffa0aedb265
0x7ffa0aedb26c
0x7ffa0aedb27c
0x7ffa0aedb281
0x7ffa0aedb287
0x7ffa0aedb28d
0x7ffa0aedb297
0x7ffa0aedb29e
0x7ffa0aedb2a5
0x7ffa0aedb2ac
0x7ffa0aedb2b3
0x7ffa0aedb2b6
0x7ffa0aedb2ba
0x7ffa0aedb2c1
0x7ffa0aedb2c8
0x7ffa0aedb2cc
0x7ffa0aedb2d3
0x7ffa0aedb2da
0x7ffa0aedb2e1
0x7ffa0aedb2e8
0x7ffa0aedb2f2
0x7ffa0aedb2fc
0x7ffa0aedb300
0x7ffa0aedb305
0x7ffa0aedb30c
0x7ffa0aedb30f
0x7ffa0aedb316
0x7ffa0aedb31d
0x7ffa0aedb31f
0x7ffa0aedb327
0x7ffa0aedb32b
0x7ffa0aedb33e

Strings

wI*, xrefs: 00007FFA0AEDB2BA

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: wI*
API String ID: 0-1426037341
Opcode ID: c84def12f2e6f48bf9cf16e38a1344b507deefa27baba6fd4a8a9f2fb4dcfec6
Instruction ID: 1f5b310610dfcf6ce8ec9d2f5e8b8853c930fb985c956fddf2ccb28d3d55831b
Opcode Fuzzy Hash: c84def12f2e6f48bf9cf16e38a1344b507deefa27baba6fd4a8a9f2fb4dcfec6
Instruction Fuzzy Hash: 47510273A107608FDB98DF34D88949D3BB0F3087AC7156228FA0A9BB58D778D485CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDE090 Relevance: 1.4, Strings: 1, Instructions: 106
COMMONCrypto

Download Yara Rule

C-Code - Quality: 65%

			E00007FFA7FFA0AEDE090(short* __rax, long long __rbx, unsigned long long __rcx, signed int* __rdx, long long __rbp, void* __r11, long long _a8, signed int _a16, long long _a24, intOrPtr _a40) {
				void* _v24;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				unsigned int _v52;
				signed int _v56;
				intOrPtr _v72;
				signed int _t84;
				signed short _t99;
				unsigned short _t100;
				signed int _t105;
				short* _t111;
				unsigned long long _t115;
				signed int* _t119;
				signed int* _t120;
				signed long long _t122;
				void* _t128;
				short* _t129;
				void* _t130;
				void* _t131;
				void* _t136;
				void* _t141;

				_t115 = __rcx;
				_t111 = __rax;
				_a8 = __rbx;
				_a24 = __rbp;
				_v72 = _a40;
				E00007FFA7FFA0AEE3C78(_a40, __rcx, __rdx, _t128, _t131);
				_t105 =  *__rdx;
				_v48 = 0xe5657;
				_v44 = 0x5aa93;
				_v40 = 0x1a47e;
				_t119 =  &(__rdx[1]);
				_v56 = 0x48d205;
				_t120 =  &(_t119[1]);
				_v56 = (_v56 - (0x4104105 * _v56 >> 0x20) >> 1) + (0x4104105 * _v56 >> 0x20) >> 5;
				_v56 = _v56 + 0xffffccb9;
				_v56 = _v56 ^ 0x0000f4a1;
				_a16 = 0xed6868;
				_t21 =  &_a16; // 0xed6868
				_a16 =  *_t21 * 0x58;
				_a16 = _a16 << 0xd;
				_a16 = _a16 ^ 0x7c780004;
				if ((_a16 - 0x00000001 & _v56 + ( *_t119 ^ _t105)) == 0) goto 0xaede14c;
				_v52 = 0xfc8145;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 ^ 0x000027b8;
				_v56 = 0x12e949;
				_v56 = _v56 ^ 0x941c63b8;
				_v56 = _v56 ^ 0x940cb2fd;
				_a16 = 0xc7450f;
				_a16 = _a16 * 0x19;
				_a16 = _a16 ^ 0x1376ff37;
				E00007FFA7FFA0AEDDE9C(__rbx + __rbx, 0x4104105 * _v56 >> 0x20, _t111);
				r14d = 0;
				if (_t111 == 0) goto 0xaede21b;
				_t129 = _t111;
				r11d = r14d;
				_t136 =  >  ? _t141 :  &(_t120[_t115 >> 2]) - _t120 + 3 >> 2;
				if (_t136 == 0) goto 0xaede216;
				_t99 =  *_t120 ^ _t105;
				 *_t129 = _t99 & 0x000000ff;
				_t100 = _t99 >> 0x10;
				_t130 = _t129 + 8;
				 *(_t130 - 6) = (_t99 & 0x0000ffff) >> 8;
				_t84 = _t100 & 0x000000ff;
				 *(_t130 - 4) = _t84;
				 *(_t130 - 2) = _t100 >> 8;
				if (__r11 + 1 - _t136 < 0) goto 0xaede1db;
				 *((intOrPtr*)(_t111 + _t122 * 2)) = r14w;
				return _t84;
			}

0x7ffa0aede090
0x7ffa0aede090
0x7ffa0aede090
0x7ffa0aede095
0x7ffa0aede0a9
0x7ffa0aede0ad
0x7ffa0aede0b2
0x7ffa0aede0b4
0x7ffa0aede0bc
0x7ffa0aede0c4
0x7ffa0aede0cc
0x7ffa0aede0d7
0x7ffa0aede0df
0x7ffa0aede0f4
0x7ffa0aede0f8
0x7ffa0aede100
0x7ffa0aede108
0x7ffa0aede110
0x7ffa0aede115
0x7ffa0aede119
0x7ffa0aede11e
0x7ffa0aede13a
0x7ffa0aede14c
0x7ffa0aede157
0x7ffa0aede15c
0x7ffa0aede164
0x7ffa0aede16c
0x7ffa0aede174
0x7ffa0aede17c
0x7ffa0aede189
0x7ffa0aede18d
0x7ffa0aede1a1
0x7ffa0aede1a6
0x7ffa0aede1af
0x7ffa0aede1b3
0x7ffa0aede1b6
0x7ffa0aede1d2
0x7ffa0aede1d9
0x7ffa0aede1e4
0x7ffa0aede1e9
0x7ffa0aede1f0
0x7ffa0aede1f7
0x7ffa0aede1fb
0x7ffa0aede200
0x7ffa0aede207
0x7ffa0aede20c
0x7ffa0aede214
0x7ffa0aede216
0x7ffa0aede232

Strings

hh, xrefs: 00007FFA0AEDE110

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: hh
API String ID: 0-3854696102
Opcode ID: 64f8cb1d1a59424b28f16a9a1d498aecbec3c2d3069bd08ded6a8b958dec4e96
Instruction ID: 5c94de9701a33a5bdb5279c1160a3ef6630086cdfe5f212d773cb1d23cbee393
Opcode Fuzzy Hash: 64f8cb1d1a59424b28f16a9a1d498aecbec3c2d3069bd08ded6a8b958dec4e96
Instruction Fuzzy Hash: DA41AD73229390CBE784DF68E58585EBBA0F784784B506129FB8A97B68D77CD845CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED8648 Relevance: 1.4, Strings: 1, Instructions: 101
COMMONCrypto

Download Yara Rule

C-Code - Quality: 65%

			E00007FFA7FFA0AED8648(intOrPtr __edx, signed long long __rax, long long __rbx, void* __rcx, void* __r9, signed int _a8, intOrPtr _a16, long long _a24, signed int _a40, intOrPtr _a48) {
				long long _v72;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				intOrPtr _v96;
				signed int _v104;
				signed long long _t109;
				intOrPtr* _t113;
				long long _t117;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t127;

				_t109 = __rax;
				_a24 = __rbx;
				_a16 = __edx;
				_v96 = _a48;
				_v104 = _a40;
				E00007FFA7FFA0AEE3C78(_a40, __rcx, _t120, _t127, __r9);
				r14d =  *((intOrPtr*)(__rcx + 0x3c));
				_a8 = 0xa9d80;
				_a8 = 0x9ce7c4;
				_a8 = _a8 * 0x6c;
				_a8 = _a8 ^ 0x4231c6b0;
				r15d = _a8;
				_t122 = _t121 + __rcx;
				r12d =  *((intOrPtr*)(_t122 + 0x1c));
				r13d =  *((intOrPtr*)(_t122 + 0x24));
				_a8 = 0xbac4b1;
				_t117 = __rcx + __rcx;
				_a8 = _a8 >> 0xe;
				_v72 = _t117;
				_a8 = _a8 >> 9;
				_a8 = _a8 ^ 0x209d54b7;
				_a8 = _a8 ^ 0x209d54b6;
				goto 0xaed87e2;
				r9d =  *((intOrPtr*)(_t117 + _t109 * 4));
				_v88 = 0xabef7a;
				_v88 = 0xb81702e1 * _v88 >> 0x20 >> 6;
				_v88 = _v88 * 0x23;
				_v88 = _v88 ^ 0x004e5791;
				_v80 = 0xffe5d1;
				_v80 = _v80 | 0x54d9006f;
				_v80 = _v80 ^ 0x54ffa829;
				_a8 = 0x508316;
				_a8 = _a8 ^ 0x05dfc6e7;
				_a8 = _a8 | 0xedfbae7d;
				_a8 = _a8 ^ 0xedfe2bbd;
				_v84 = 0x6c3708;
				_v84 = _v84 + 0xffff55d5;
				_v84 = _v84 ^ 0x006d45a2;
				r8d = _a8;
				_v104 = _v84;
				if ((E00007FFA7FFA0AED7410(__r9 + __rcx) ^ 0x1002c2ee) == _a16) goto 0xaed87ed;
				if (_a8 + 1 -  *((intOrPtr*)(_t122 + 0x18)) < 0) goto 0xaed8720;
				goto 0xaed881c;
				_t113 = __rbx + __rcx;
				if (_t113 - _t122 < 0) goto 0xaed881c;
				if (_t113 - _t109 + _t122 >= 0) goto 0xaed881c;
				return E00007FFA7FFA0AED525C(_t113, __r9 + __rcx);
			}

0x7ffa0aed8648
0x7ffa0aed8648
0x7ffa0aed864d
0x7ffa0aed866a
0x7ffa0aed8675
0x7ffa0aed8679
0x7ffa0aed867e
0x7ffa0aed8682
0x7ffa0aed868d
0x7ffa0aed86a3
0x7ffa0aed86ac
0x7ffa0aed86b7
0x7ffa0aed86c7
0x7ffa0aed86cd
0x7ffa0aed86d1
0x7ffa0aed86d5
0x7ffa0aed86e0
0x7ffa0aed86e6
0x7ffa0aed86f1
0x7ffa0aed86f6
0x7ffa0aed86fe
0x7ffa0aed8709
0x7ffa0aed871b
0x7ffa0aed8722
0x7ffa0aed8726
0x7ffa0aed873f
0x7ffa0aed8748
0x7ffa0aed874c
0x7ffa0aed8754
0x7ffa0aed875c
0x7ffa0aed8764
0x7ffa0aed876c
0x7ffa0aed8777
0x7ffa0aed8782
0x7ffa0aed878d
0x7ffa0aed8798
0x7ffa0aed87a0
0x7ffa0aed87a8
0x7ffa0aed87b4
0x7ffa0aed87c4
0x7ffa0aed87d9
0x7ffa0aed87e5
0x7ffa0aed87eb
0x7ffa0aed87f9
0x7ffa0aed87ff
0x7ffa0aed880f
0x7ffa0aed8836

Strings

o, xrefs: 00007FFA0AED875C

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: o
API String ID: 0-252678980
Opcode ID: a0b78fc7cb17e6e467507a3fc5e4d26f97eb08b258e40bddc7e4f8724b9ce181
Instruction ID: fc1eddbcca497ae2ecb74975a6b0d4b5c0adf0bd557fd7068267fa542e8032f6
Opcode Fuzzy Hash: a0b78fc7cb17e6e467507a3fc5e4d26f97eb08b258e40bddc7e4f8724b9ce181
Instruction Fuzzy Hash: B5411777A192808FC364DF25F44676ABBA1F784B44F048229EB8A87B59DB7CE441CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE0D2C Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

2Z, xrefs: 00007FFA0AEE0DBF

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: 2Z
API String ID: 0-844495339
Opcode ID: 16fc70ed8f30a99b06536b9afa521f5bac83f3a709562dc901ef5f55885145a5
Instruction ID: ae67f9ede1ac3a6f6fb911f0a563b2c11ad02a80f6371c1bbb0725cc55a938bc
Opcode Fuzzy Hash: 16fc70ed8f30a99b06536b9afa521f5bac83f3a709562dc901ef5f55885145a5
Instruction Fuzzy Hash: 51414A73A046418FD768DF38D88A49D3FA0F32439C7114629F64E86E68E778D5A9CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED17A0 Relevance: 1.3, Strings: 1, Instructions: 96
COMMONCrypto

Download Yara Rule

C-Code - Quality: 65%

			E00007FFA7FFA0AED17A0(signed short* __rax, long long __rbx, unsigned long long __rcx, long long __rbp, void* __r11, signed int _a8, long long _a16, long long _a24, signed int _a32) {
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v56;
				void* _t60;
				unsigned short _t75;
				signed short _t85;
				unsigned short _t86;
				void* _t88;
				signed int _t91;
				signed short* _t97;
				unsigned long long _t101;
				void* _t103;
				void* _t105;
				signed int* _t106;
				signed int* _t107;
				void* _t114;
				signed short* _t115;
				signed short* _t116;
				void* _t117;
				void* _t123;
				void* _t126;

				_t101 = __rcx;
				_t97 = __rax;
				_a16 = __rbx;
				_a24 = __rbp;
				E00007FFA7FFA0AEE3C78(_t60, __rcx, _t103, _t114, _t117);
				_t91 =  *__rcx;
				_v48 = 0x38e89;
				_v44 = 0xf60a9;
				_t106 = __rcx + 4;
				_v40 = 0;
				_a8 = 0x59d501;
				_a8 = _a8 | 0xa41a9a8e;
				_t90 =  *_t106 ^ _t91;
				_t107 =  &(_t106[1]);
				_a8 = _a8 + 0x4acf;
				_a8 = _a8 ^ 0xa45c2a5f;
				_a32 = 0x9d4d85;
				_a32 = _a32 << 6;
				_a32 = _a32 ^ 0x27536144;
				_t20 =  &_a32; // 0x27536144
				if (( *_t20 - 0x00000001 & _a8 + ( *_t106 ^ _t91)) == 0) goto 0xaed1836;
				_t24 =  &_a32; // 0x27536144
				_t25 =  &_a32; // 0x27536144
				_a32 = 0xb2c2ed;
				_a32 = _a32 | 0x7f690a65;
				_a32 = _a32 * 0x44;
				_a32 = _a32 ^ 0xfee22647;
				_v56 = 0xde503a;
				_v56 = _v56 | 0x15c44615;
				_v56 = _v56 ^ 0x15d017b1;
				_a8 = 0xf941c0;
				_a8 = _a8 << 0xa;
				_a8 = _a8 | 0x3aa1a10c;
				_a8 = _a8 << 2;
				_a8 = _a8 ^ 0xfe9412dd;
				E00007FFA7FFA0AEDDE9C((_a8 + _t90 &  !( *_t24 - 1)) +  *_t25, _t88, _t97);
				r14d = 0;
				if (_t97 == 0) goto 0xaed190e;
				_t115 = _t97;
				r11d = r14d;
				_t123 =  >  ? _t126 :  &(_t107[_t101 >> 2]) - _t107 + 3 >> 2;
				if (_t123 == 0) goto 0xaed190a;
				_t85 =  *_t107 ^ _t91;
				 *_t115 = _t85;
				_t86 = _t85 >> 0x10;
				_t75 = (_t85 & 0x0000ffff) >> 8;
				_t116 =  &(_t115[2]);
				 *(_t116 - 3) = _t75;
				 *(_t116 - 2) = _t86;
				 *((char*)(_t116 - 1)) = _t86 >> 8;
				if (__r11 + 1 - _t123 < 0) goto 0xaed18d9;
				 *((intOrPtr*)(_t105 + _t97)) = r14b;
				return _t75;
			}

0x7ffa0aed17a0
0x7ffa0aed17a0
0x7ffa0aed17a0
0x7ffa0aed17a5
0x7ffa0aed17b2
0x7ffa0aed17b7
0x7ffa0aed17b9
0x7ffa0aed17c1
0x7ffa0aed17c9
0x7ffa0aed17d1
0x7ffa0aed17d5
0x7ffa0aed17dd
0x7ffa0aed17e5
0x7ffa0aed17e7
0x7ffa0aed17eb
0x7ffa0aed17f3
0x7ffa0aed17fb
0x7ffa0aed1803
0x7ffa0aed1808
0x7ffa0aed1814
0x7ffa0aed1824
0x7ffa0aed1826
0x7ffa0aed1830
0x7ffa0aed1836
0x7ffa0aed1840
0x7ffa0aed184d
0x7ffa0aed1851
0x7ffa0aed1859
0x7ffa0aed1861
0x7ffa0aed1869
0x7ffa0aed1871
0x7ffa0aed1879
0x7ffa0aed187e
0x7ffa0aed1886
0x7ffa0aed188b
0x7ffa0aed189f
0x7ffa0aed18a4
0x7ffa0aed18ad
0x7ffa0aed18b1
0x7ffa0aed18b4
0x7ffa0aed18d0
0x7ffa0aed18d7
0x7ffa0aed18e2
0x7ffa0aed18e4
0x7ffa0aed18ea
0x7ffa0aed18ed
0x7ffa0aed18f1
0x7ffa0aed18f5
0x7ffa0aed18f9
0x7ffa0aed1901
0x7ffa0aed1908
0x7ffa0aed190a
0x7ffa0aed1923

Strings

DaS', xrefs: 00007FFA0AED1814

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: DaS'
API String ID: 0-1220217501
Opcode ID: 9640bd955fd7aab8c92f02bad156a38b1335e4d7512a39cc8b5fd22c80212d7e
Instruction ID: 0809e922674920520d16314266ff59c116f64a8bd43717f6e9ea36966a104d98
Opcode Fuzzy Hash: 9640bd955fd7aab8c92f02bad156a38b1335e4d7512a39cc8b5fd22c80212d7e
Instruction Fuzzy Hash: 9E4168336093848BE765DF2AF48145ABBE1F785784F244229E78A93B29C73CE546CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED4604 Relevance: 1.3, Strings: 1, Instructions: 88
COMMONCrypto

Download Yara Rule

C-Code - Quality: 80%

			E00007FFA7FFA0AED4604(signed long long __rax, intOrPtr* __rdx, void* __r9, signed int _a24) {
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t77;
				intOrPtr _t81;
				unsigned int _t90;
				signed short _t91;
				signed int _t92;
				signed int _t93;
				void* _t102;
				signed long long _t107;
				void* _t108;
				signed short* _t110;
				void* _t112;
				intOrPtr* _t115;

				_t107 = __rax;
				r10d = r8d;
				_t115 = __rdx;
				E00007FFA7FFA0AEE3C78(_t77, _t108, __rdx, _t112, __r9);
				_v24 = 0x11bcb;
				_v20 = 0xb1d9e;
				_v16 = 0x8c208;
				_a24 = 0xa746b2;
				_a24 = _a24 | 0x9e944a63;
				_a24 = _a24 ^ 0x9eb74ef7;
				_a24 = 0x6dedeb;
				_a24 = _a24 + 0xffff625f;
				_a24 = _a24 ^ 0x006d504a;
				_t93 = r8d / _a24;
				_t19 =  &_a24; // 0x6d504a
				_t81 =  *_t19;
				_t102 = _t81 - _t93;
				if (_t102 >= 0) goto 0xaed46b2;
				r9d = _t93;
				r9d = r9d - _t81;
				_a24 = 0xbf1a90;
				_a24 = _a24 ^ 0x8388c66d;
				_a24 = _a24 << 0xa;
				_a24 = _a24 + 0xffffaac0;
				_a24 = _a24 ^ 0xdf720404;
				 *_t115 = E00007FFA7FFA0AEDF21C(_a24, _t107, _t108);
				_t116 = _t115 + 4;
				if (_t102 != 0) goto 0xaed4678;
				_a24 = 0xf47f04;
				_a24 = _a24 ^ 0x13b14786;
				_a24 = _a24 << 0x10;
				_a24 = _a24 + 0xb5d4;
				_a24 = _a24 ^ 0x3882b5d0;
				_a24 = 0x94576e;
				r10d = r10d - _a24 * _t93;
				_a24 = _t107 + _t107 * 4 << 3;
				_a24 = _a24 + 0xe6f;
				_a24 = _a24 ^ 0x172db79f;
				if (r10d - _a24 <= 0) goto 0xaed47b6;
				_a24 = 0x9ffd6;
				_a24 = _a24 + 0x8adc;
				_a24 = _a24 ^ 0x421e2264;
				_a24 = _a24 * 0x38;
				_a24 = _a24 ^ 0x74843ec9;
				_t90 = E00007FFA7FFA0AEDF21C(_t107 + _t107 * 4 << 3, _t107, _t108);
				_t60 = _t116 + 1; // 0x33d54
				_t110 = _t60;
				r9d = _t90;
				_t91 = _t90 >> 0x10;
				 *((char*)(_t115 + 4)) = (_t91 & 0x0000ffff) >> 8;
				_a24 = 0x167c05;
				_a24 = _a24 ^ 0x4f469405;
				_a24 = _a24 | 0x6a23036e;
				_a24 = _a24 + 0xde1b;
				_a24 = _a24 ^ 0x6f74c988;
				if (r10d - _a24 <= 0) goto 0xaed4790;
				 *_t110 = _t91;
				_a24 = 0xe28a78;
				_a24 = _a24 >> 0xc;
				_a24 = _a24 ^ 0x00000e2a;
				_t92 = _a24;
				if (r10d - _t92 <= 0) goto 0xaed47b6;
				r9w = r9w >> 8;
				_t110[0] = r9b;
				return _t92;
			}

0x7ffa0aed4604
0x7ffa0aed460a
0x7ffa0aed460d
0x7ffa0aed4610
0x7ffa0aed4615
0x7ffa0aed461d
0x7ffa0aed4625
0x7ffa0aed462d
0x7ffa0aed463a
0x7ffa0aed4642
0x7ffa0aed464e
0x7ffa0aed4656
0x7ffa0aed4660
0x7ffa0aed4668
0x7ffa0aed466a
0x7ffa0aed466a
0x7ffa0aed466e
0x7ffa0aed4670
0x7ffa0aed4672
0x7ffa0aed4675
0x7ffa0aed4678
0x7ffa0aed4680
0x7ffa0aed4688
0x7ffa0aed468d
0x7ffa0aed4695
0x7ffa0aed46a6
0x7ffa0aed46a9
0x7ffa0aed46b0
0x7ffa0aed46b2
0x7ffa0aed46ba
0x7ffa0aed46c2
0x7ffa0aed46c7
0x7ffa0aed46cf
0x7ffa0aed46db
0x7ffa0aed46e6
0x7ffa0aed46f3
0x7ffa0aed46f7
0x7ffa0aed46ff
0x7ffa0aed470e
0x7ffa0aed4714
0x7ffa0aed471c
0x7ffa0aed4724
0x7ffa0aed4731
0x7ffa0aed4735
0x7ffa0aed4741
0x7ffa0aed4746
0x7ffa0aed4746
0x7ffa0aed474a
0x7ffa0aed474d
0x7ffa0aed4757
0x7ffa0aed475a
0x7ffa0aed4762
0x7ffa0aed476a
0x7ffa0aed4772
0x7ffa0aed477a
0x7ffa0aed4789
0x7ffa0aed478b
0x7ffa0aed4790
0x7ffa0aed4798
0x7ffa0aed479d
0x7ffa0aed47a5
0x7ffa0aed47ac
0x7ffa0aed47ae
0x7ffa0aed47b3
0x7ffa0aed47bb

Strings

JPm, xrefs: 00007FFA0AED466A

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: JPm
API String ID: 0-200577461
Opcode ID: 1a080edf1111a6359dc5388cd923dfe7d4d54dc0afeb34bc0a4990ae1ab92d1d
Instruction ID: 55f924cfa2a46cd29bc29844f6d6d0c94e4072e2a0b4c1356eeaba67a31bb8bd
Opcode Fuzzy Hash: 1a080edf1111a6359dc5388cd923dfe7d4d54dc0afeb34bc0a4990ae1ab92d1d
Instruction Fuzzy Hash: 1E41E27351C2C18BD359DFA4F04941EFBA1F391768B404228E2868AE98E7FCD949CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDDDA0 Relevance: 1.3, Strings: 1, Instructions: 58
COMMONCrypto

Download Yara Rule

C-Code - Quality: 64%

			E00007FFA7FFA0AEDDDA0(long long __rax, void* __rdx, signed int _a32) {
				intOrPtr _v12;
				long long _v20;
				intOrPtr _v24;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v48;
				signed int _v56;
				void* _t56;
				long long _t91;
				void* _t92;
				void* _t94;
				void* _t96;
				intOrPtr _t97;

				_t91 = __rax;
				E00007FFA7FFA0AEE3C78(_t56, _t92, __rdx, _t94, _t96);
				_v24 = 0xe3b0a;
				_v20 = _t91;
				_v12 = 0;
				_v36 = 0x31876;
				_v36 = 0xc0c0c0c1 * _v36 >> 0x20 >> 6;
				_v36 = (_v36 - (0x2f684bdb * _v36 >> 0x20) >> 1) + (0x2f684bdb * _v36 >> 0x20) >> 5;
				_v36 = _v36 ^ 0x0000006c;
				_v40 = 0xfa310a;
				_v40 = _v40 >> 0xc;
				_v40 = _v40 << 0xf;
				_v40 = _v40 ^ 0x6fc0d596;
				_v40 = _v40 ^ 0x681875f6;
				_a32 = 0xb14c53;
				_a32 = _a32 << 0xe;
				_a32 = _a32 << 0x10;
				_a32 = 0xba2e8ba3 * _a32 >> 0x20 >> 4;
				_a32 = _a32 ^ 0x08b8cc94;
				_v32 = 0x250cd6;
				_v32 = (_v32 - (0x4104105 * _v32 >> 0x20) >> 1) + (0x4104105 * _v32 >> 0x20) >> 5;
				_v32 = _v32 ^ 0x000ef030;
				_t97 =  *0xaee8210; // 0x0
				_v48 = _v32;
				_v56 = _a32;
				return E00007FFA7FFA0AEE5544(_v36, _t92, __rdx, __rdx, _t97 + 0x50);
			}

0x7ffa0aeddda0
0x7ffa0aeddda7
0x7ffa0aedddac
0x7ffa0aedddb9
0x7ffa0aedddbe
0x7ffa0aedddc2
0x7ffa0aeddddd
0x7ffa0aedddf5
0x7ffa0aedddf9
0x7ffa0aedddfe
0x7ffa0aedde06
0x7ffa0aedde0b
0x7ffa0aedde10
0x7ffa0aedde18
0x7ffa0aedde20
0x7ffa0aedde28
0x7ffa0aedde2d
0x7ffa0aedde40
0x7ffa0aedde44
0x7ffa0aedde4c
0x7ffa0aedde63
0x7ffa0aedde67
0x7ffa0aedde6f
0x7ffa0aedde7e
0x7ffa0aedde8e
0x7ffa0aedde9b

Strings

l, xrefs: 00007FFA0AEDDDF9

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: l
API String ID: 0-2517025534
Opcode ID: 9230c1f45585aad95792c98663229ca6b9f3c8cf85403267743c322c40e967f4
Instruction ID: ea0570f39b32e8457dbfe82342ddbf8b54e58a86c92ce3b32749ff9f59400760
Opcode Fuzzy Hash: 9230c1f45585aad95792c98663229ca6b9f3c8cf85403267743c322c40e967f4
Instruction Fuzzy Hash: D921C5735296408BD788DF28E19651EBBA1E3C5744B50512CFB878BB68D778D844CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED89D0 Relevance: 1.3, Strings: 1, Instructions: 45
COMMONCrypto

Download Yara Rule

C-Code - Quality: 31%

			E00007FFA7FFA0AED89D0(long long __rax, void* __rdx, signed int _a32) {
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				long long _v56;
				void* _t53;
				long long _t61;
				void* _t63;
				void* _t65;
				void* _t66;

				_t61 = __rax;
				E00007FFA7FFA0AEE3C78(_t53, _t63, __rdx, _t65, _t66);
				_v32 = 0x14a2;
				_v28 = 0x15c79;
				_v24 = 0x1349c;
				_a32 = 0x441126;
				_a32 = _a32 << 8;
				_a32 = _a32 + 0xffff13e7;
				_a32 = _a32 ^ 0xf1ea9ea2;
				_a32 = _a32 ^ 0xb5f02a31;
				E00007FFA7FFA0AEDBDC0();
				_a32 = 0x9ee8d6;
				_a32 = _a32 + 0xffffd69c;
				_v56 = _t61;
				_a32 = _a32 * 0x77;
				_a32 = _a32 ^ 0x49c00d95;
				_a32 = 0xee4e9e;
				_a32 = _a32 >> 0xe;
				_a32 = _a32 << 7;
				_a32 = _a32 + 0xffff1e82;
				_a32 = _a32 ^ 0x000aa4c1;
				_v40 = 0x7468b4;
				_v40 = _v40 >> 0xf;
				_v40 = _v40 * 0x4d;
				_v40 = _v40 ^ 0x000045c8;
				_v36 = 0x1ba7b9;
				_v36 = _v36 + 0xffff35f4;
				_v36 = _v36 ^ 0x001b8cc1;
				_a32 = 0x4b534d;
				_a32 = _a32 ^ 0x1680e3c9;
				_a32 = _a32 ^ 0x5aa3f769;
				_a32 = _a32 ^ 0x4c646739;
				_t50 =  &_a32; // 0x4c646739
				r8d =  *_t50;
				E00007FFA7FFA0AED7360();
				return _a32;
			}

0x7ffa0aed89d0
0x7ffa0aed89d9
0x7ffa0aed89de
0x7ffa0aed89e6
0x7ffa0aed89ee
0x7ffa0aed89f6
0x7ffa0aed89fe
0x7ffa0aed8a03
0x7ffa0aed8a0b
0x7ffa0aed8a13
0x7ffa0aed8a1f
0x7ffa0aed8a24
0x7ffa0aed8a2c
0x7ffa0aed8a37
0x7ffa0aed8a41
0x7ffa0aed8a45
0x7ffa0aed8a4d
0x7ffa0aed8a55
0x7ffa0aed8a5a
0x7ffa0aed8a5f
0x7ffa0aed8a67
0x7ffa0aed8a6f
0x7ffa0aed8a77
0x7ffa0aed8a81
0x7ffa0aed8a85
0x7ffa0aed8a8d
0x7ffa0aed8a95
0x7ffa0aed8a9d
0x7ffa0aed8aa5
0x7ffa0aed8aad
0x7ffa0aed8ab5
0x7ffa0aed8abd
0x7ffa0aed8ac5
0x7ffa0aed8ac5
0x7ffa0aed8ad2
0x7ffa0aed8adc

Strings

9gdL, xrefs: 00007FFA0AED8AC5

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID: 9gdL
API String ID: 0-2667845258
Opcode ID: a104b8b4d3d3a78d633997cfe13aecab0a1b4db5831e62eb55cd0b83fb7af438
Instruction ID: 7fe1f5fa5d2cc0a48d00344da9014306b7a27ae781cd74222954fda78663b67c
Opcode Fuzzy Hash: a104b8b4d3d3a78d633997cfe13aecab0a1b4db5831e62eb55cd0b83fb7af438
Instruction Fuzzy Hash: F7219BB34282408BF3889F38E48A44BBAA0F791788B605118F7864AA78D778D484CF04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58CC854 Relevance: .3, Instructions: 322
COMMONCrypto

Download Yara Rule

C-Code - Quality: 97%

			E00007FF77FF7A58CC854(void* __eflags, long long __rbx, void* __rdx, long long __rsi) {
				void* _t165;
				void* _t262;
				signed long long _t263;
				signed long long _t265;
				signed long long _t267;
				signed long long _t269;
				signed long long _t271;
				intOrPtr* _t273;
				intOrPtr* _t275;
				intOrPtr* _t277;
				void* _t279;
				signed long long _t281;
				signed long long _t283;
				signed long long _t285;
				signed long long _t287;
				signed long long _t289;
				signed long long _t291;
				signed long long _t293;
				signed long long _t295;
				signed long long _t297;
				signed long long _t299;
				signed long long _t303;
				signed long long _t307;
				signed long long _t311;
				long long _t317;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t329;
				void* _t331;
				unsigned long long _t334;
				unsigned long long _t337;
				unsigned long long _t340;
				unsigned long long _t343;
				unsigned long long _t346;
				unsigned long long _t349;
				unsigned long long _t352;
				unsigned long long _t355;
				unsigned long long _t419;
				unsigned long long _t422;
				unsigned long long _t425;
				unsigned long long _t428;
				void* _t444;
				intOrPtr* _t445;
				intOrPtr* _t447;
				intOrPtr* _t449;
				intOrPtr* _t451;
				intOrPtr* _t453;
				intOrPtr* _t455;
				intOrPtr* _t457;
				intOrPtr* _t459;
				intOrPtr* _t461;
				intOrPtr* _t463;
				void* _t468;
				void* _t469;
				void* _t470;
				void* _t471;
				signed long long _t472;
				signed long long _t473;
				signed long long _t483;
				signed long long _t484;
				long long _t486;
				intOrPtr* _t487;
				void* _t489;
				void* _t490;
				void* _t510;
				void* _t514;
				long long _t517;
				signed long long _t520;
				void* _t522;

				_t317 = __rbx;
				_t262 = _t489;
				 *((long long*)(_t262 + 8)) = __rbx;
				 *((long long*)(_t262 + 0x10)) = _t486;
				 *((long long*)(_t262 + 0x18)) = __rsi;
				_push(_t444);
				_t490 = _t489 - 0x50;
				E00007FF77FF7A58C430C(_t262, __rbx, _t262 - 0x48, __rdx, __rsi, _t522);
				_t263 =  *((intOrPtr*)(_t490 + 0x38));
				r13d = 0;
				r14d = 0;
				r15d = 0;
				_t487 =  *((intOrPtr*)(_t263 + 0x120));
				if (r15d != 1) goto 0xa58cc8c6;
				E00007FF77FF7A58CE104(_t263, _t317, _t510);
				_t520 = _t263;
				if (_t263 == 0) goto 0xa58ccef8;
				E00007FF77FF7A58B68A0();
				_t517 = _t317;
				_t514 = _t520 - _t487;
				_t445 = _t487;
				if (r15d != 1) goto 0xa58cc8f6;
				 *((long long*)(_t514 + _t445)) = _t520 + _t317;
				if (E00007FF77FF7A58CD560(_t263, _t520 + _t317, _t517 - _t317,  *_t445) != 0) goto 0xa58ccefd;
				_t265 = (_t263 | 0xffffffff) + 1;
				if ( *((char*)( *_t445 + _t265)) != 0) goto 0xa58cc8fd;
				_t468 = _t444 + 1;
				_t319 = _t317 + 1 + _t265;
				if (_t468 - 7 < 0) goto 0xa58cc8d2;
				_t447 = _t487 + 0x38;
				if (r15d != 1) goto 0xa58cc943;
				 *((long long*)(_t447 + _t514)) = _t520 + _t319;
				if (E00007FF77FF7A58CD560(_t265, _t520 + _t319, _t517 - _t319,  *_t447) != 0) goto 0xa58ccefd;
				_t267 = (_t265 | 0xffffffff) + 1;
				if ( *((char*)( *_t447 + _t267)) != 0) goto 0xa58cc94a;
				_t469 = _t468 + 1;
				_t321 = _t319 + 1 + _t267;
				if (_t469 - 7 < 0) goto 0xa58cc91f;
				_t449 = _t487 + 0x70;
				if (r15d != 1) goto 0xa58cc990;
				 *((long long*)(_t449 + _t514)) = _t520 + _t321;
				if (E00007FF77FF7A58CD560(_t267, _t520 + _t321, _t517 - _t321,  *_t449) != 0) goto 0xa58ccefd;
				_t269 = (_t267 | 0xffffffff) + 1;
				if ( *((char*)( *_t449 + _t269)) != 0) goto 0xa58cc997;
				_t470 = _t469 + 1;
				_t323 = _t321 + 1 + _t269;
				if (_t470 - 0xc < 0) goto 0xa58cc96c;
				_t451 = _t487 + 0xd0;
				if (r15d != 1) goto 0xa58cc9e0;
				 *((long long*)(_t451 + _t514)) = _t520 + _t323;
				if (E00007FF77FF7A58CD560(_t269, _t520 + _t323, _t517 - _t323,  *_t451) != 0) goto 0xa58ccefd;
				_t271 = (_t269 | 0xffffffff) + 1;
				if ( *((char*)( *_t451 + _t271)) != 0) goto 0xa58cc9e7;
				_t471 = _t470 + 1;
				_t325 = _t323 + 1 + _t271;
				if (_t471 - 0xc < 0) goto 0xa58cc9bc;
				_t453 = _t487 + 0x130;
				if (r15d != 1) goto 0xa58cca30;
				 *((long long*)(_t453 + _t514)) = _t520 + _t325;
				if (E00007FF77FF7A58CD560(_t271, _t520 + _t325, _t517 - _t325,  *_t453) != 0) goto 0xa58ccefd;
				_t273 = (_t271 | 0xffffffff) + 1;
				if ( *((char*)( *_t453 + _t273)) != 0) goto 0xa58cca37;
				_t472 = _t471 + 1;
				_t327 = _t325 + 1 + _t273;
				if (_t472 - 2 < 0) goto 0xa58cca0c;
				if (r15d != 1) goto 0xa58cca82;
				 *((long long*)(_t520 + 0x140)) = _t520 + _t327;
				if (E00007FF77FF7A58CD560(_t273, _t520 + _t327, _t517 - _t327,  *((intOrPtr*)(_t487 + 0x140))) != 0) goto 0xa58cceff;
				goto 0xa58cca84;
				_t473 = _t472 | 0xffffffff;
				_t275 = _t473 + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t487 + 0x140)) + _t275)) != dil) goto 0xa58cca92;
				_t329 = _t327 + 1 + _t275;
				if (r15d != 1) goto 0xa58ccacc;
				 *((long long*)(_t520 + 0x148)) = _t520 + _t329;
				if (E00007FF77FF7A58CD560(_t275, _t520 + _t329, _t517 - _t329,  *((intOrPtr*)(_t487 + 0x148))) != 0) goto 0xa58cceff;
				_t277 = _t473 + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t487 + 0x148)) + _t277)) != dil) goto 0xa58ccad6;
				_t331 = _t329 + 1 + _t277;
				if (r15d != 1) goto 0xa58ccb10;
				 *((long long*)(_t520 + 0x150)) = _t520 + _t331;
				if (E00007FF77FF7A58CD560(_t277, _t520 + _t331, _t517 - _t331,  *((intOrPtr*)(_t487 + 0x150))) != 0) goto 0xa58cceff;
				_t279 = _t473 + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t487 + 0x150)) + _t279)) != dil) goto 0xa58ccb1a;
				if (r15d != 1) goto 0xa58ccb43;
				 *((intOrPtr*)(_t520 + 0x158)) =  *((intOrPtr*)(_t487 + 0x158));
				 *((intOrPtr*)(_t520 + 0x15c)) = 0;
				_t455 = _t487 + 0x160;
				goto 0xa58ccb54;
				_t334 = _t331 + 1 + _t279 + 1;
				if (0 != 0) goto 0xa58ccb51;
				if (r15d != 1) goto 0xa58ccb88;
				_t281 = _t334 >> 1;
				_t419 = _t517 - _t334 >> 1;
				 *((long long*)(_t455 + _t514)) = _t520 + _t281 * 2;
				if (E00007FF77FF7A58D1A24(_t281, _t520 + _t281 * 2, _t419,  *_t455) != 0) goto 0xa58ccefd;
				_t283 = (_t281 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *_t455 + _t283 * 2)) != 0) goto 0xa58ccb8f;
				if (_t453 + 9 - 7 < 0) goto 0xa58ccb54;
				_t457 = _t487 + 0x198;
				goto 0xa58ccbbc;
				_t337 = _t334 + _t283 * 2 + 3;
				if (0 != 0) goto 0xa58ccbb9;
				if (r15d != 1) goto 0xa58ccbf0;
				_t285 = _t337 >> 1;
				_t422 = _t517 - _t337 >> 1;
				 *((long long*)(_t457 + _t514)) = _t520 + _t285 * 2;
				if (E00007FF77FF7A58D1A24(_t285, _t520 + _t285 * 2, _t422,  *_t457) != 0) goto 0xa58ccefd;
				_t287 = (_t285 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *_t457 + _t287 * 2)) != 0) goto 0xa58ccbf7;
				if (_t419 + 1 - 7 < 0) goto 0xa58ccbbc;
				_t459 = _t487 + 0x1d0;
				goto 0xa58ccc24;
				_t340 = _t337 + _t287 * 2 + 3;
				if (0 != 0) goto 0xa58ccc21;
				if (r15d != 1) goto 0xa58ccc58;
				_t289 = _t340 >> 1;
				_t425 = _t517 - _t340 >> 1;
				 *((long long*)(_t459 + _t514)) = _t520 + _t289 * 2;
				if (E00007FF77FF7A58D1A24(_t289, _t520 + _t289 * 2, _t425,  *_t459) != 0) goto 0xa58ccefd;
				_t291 = (_t289 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *_t459 + _t291 * 2)) != 0) goto 0xa58ccc5f;
				if (_t422 + 1 - 0xc < 0) goto 0xa58ccc24;
				_t461 = _t487 + 0x230;
				goto 0xa58ccc8c;
				_t343 = _t340 + _t291 * 2 + 3;
				if (0 != 0) goto 0xa58ccc89;
				if (r15d != 1) goto 0xa58cccc0;
				_t293 = _t343 >> 1;
				_t428 = _t517 - _t343 >> 1;
				 *((long long*)(_t461 + _t514)) = _t520 + _t293 * 2;
				if (E00007FF77FF7A58D1A24(_t293, _t520 + _t293 * 2, _t428,  *_t461) != 0) goto 0xa58ccefd;
				_t295 = (_t293 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *_t461 + _t295 * 2)) != 0) goto 0xa58cccc7;
				if (_t425 + 1 - 0xc < 0) goto 0xa58ccc8c;
				_t463 = _t487 + 0x290;
				goto 0xa58cccf4;
				_t346 = _t343 + _t295 * 2 + 3;
				if (0 != 0) goto 0xa58cccf1;
				if (r15d != 1) goto 0xa58ccd28;
				_t297 = _t346 >> 1;
				 *((long long*)(_t463 + _t514)) = _t520 + _t297 * 2;
				if (E00007FF77FF7A58D1A24(_t297, _t520 + _t297 * 2, _t517 - _t346 >> 1,  *_t463) != 0) goto 0xa58ccefd;
				_t299 = (_t297 | 0xffffffff) + 1;
				if ( *((intOrPtr*)( *_t463 + _t299 * 2)) != 0) goto 0xa58ccd2f;
				_t483 = _t428 + 1;
				if (_t483 - 2 < 0) goto 0xa58cccf4;
				goto 0xa58ccd52;
				_t349 = _t346 + _t299 * 2 + 3;
				if (0 != 0) goto 0xa58ccd4f;
				if (r15d != 1) goto 0xa58ccd8f;
				 *((long long*)(_t520 + 0x2a0)) = _t520 + (_t349 >> 1) * 2;
				if (E00007FF77FF7A58D1A24(_t349 >> 1, _t520 + (_t349 >> 1) * 2, _t517 - _t349 >> 1,  *((intOrPtr*)(_t487 + 0x2a0))) != 0) goto 0xa58cceff;
				goto 0xa58ccd91;
				_t484 = _t483 | 0xffffffff;
				_t303 = _t484 + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t487 + 0x2a0)) + _t303 * 2)) != 0) goto 0xa58ccd9f;
				goto 0xa58ccdb5;
				_t352 = _t349 + _t303 * 2 + 3;
				if (0 != 0) goto 0xa58ccdb2;
				if (r15d != 1) goto 0xa58ccdee;
				 *((long long*)(_t520 + 0x2a8)) = _t520 + (_t352 >> 1) * 2;
				if (E00007FF77FF7A58D1A24(_t352 >> 1, _t520 + (_t352 >> 1) * 2, _t517 - _t352 >> 1,  *((intOrPtr*)(_t487 + 0x2a8))) != 0) goto 0xa58cceff;
				_t307 = _t484 + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t487 + 0x2a8)) + _t307 * 2)) != 0) goto 0xa58ccdf8;
				goto 0xa58cce0e;
				_t355 = _t352 + _t307 * 2 + 3;
				if (0 != 0) goto 0xa58cce0b;
				if (r15d != 1) goto 0xa58cce47;
				 *((long long*)(_t520 + 0x2b0)) = _t520 + (_t355 >> 1) * 2;
				if (E00007FF77FF7A58D1A24(_t355 >> 1, _t520 + (_t355 >> 1) * 2, _t517 - _t355 >> 1,  *((intOrPtr*)(_t487 + 0x2b0))) != 0) goto 0xa58cceff;
				_t311 = _t484 + 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t487 + 0x2b0)) + _t311 * 2)) != 0) goto 0xa58cce51;
				goto 0xa58cce67;
				if (0 != 0) goto 0xa58cce64;
				if (r15d != 1) goto 0xa58cce9c;
				 *((long long*)(_t520 + 0x2b8)) = _t520 + (_t355 + _t311 * 2 + 3 >> 1) * 2;
				_t165 = E00007FF77FF7A58D1A24(_t355 + _t311 * 2 + 3 >> 1, _t520 + (_t355 + _t311 * 2 + 3 >> 1) * 2, _t517 - _t355 + _t311 * 2 + 3 >> 1,  *((intOrPtr*)(_t487 + 0x2b8)));
				if (_t165 != 0) goto 0xa58cceff;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t487 + 0x2b8)) + (_t484 + 1) * 2)) != 0) goto 0xa58ccea6;
				r15d = r15d + 1;
				if (r15d - 2 < 0) goto 0xa58cc897;
				if ( *((intOrPtr*)(_t490 + 0x48)) == dil) goto 0xa58cced7;
				 *( *((intOrPtr*)(_t490 + 0x30)) + 0x3a8) =  *( *((intOrPtr*)(_t490 + 0x30)) + 0x3a8) & 0xfffffffd;
				return _t165;
			}

0x7ff7a58cc854
0x7ff7a58cc854
0x7ff7a58cc857
0x7ff7a58cc85b
0x7ff7a58cc85f
0x7ff7a58cc863
0x7ff7a58cc86c
0x7ff7a58cc876
0x7ff7a58cc87b
0x7ff7a58cc882
0x7ff7a58cc88a
0x7ff7a58cc88d
0x7ff7a58cc890
0x7ff7a58cc89b
0x7ff7a58cc8a0
0x7ff7a58cc8a5
0x7ff7a58cc8ab
0x7ff7a58cc8b9
0x7ff7a58cc8be
0x7ff7a58cc8cc
0x7ff7a58cc8cf
0x7ff7a58cc8d6
0x7ff7a58cc8df
0x7ff7a58cc8f0
0x7ff7a58cc8fd
0x7ff7a58cc904
0x7ff7a58cc909
0x7ff7a58cc90c
0x7ff7a58cc917
0x7ff7a58cc91b
0x7ff7a58cc923
0x7ff7a58cc92c
0x7ff7a58cc93d
0x7ff7a58cc94a
0x7ff7a58cc951
0x7ff7a58cc956
0x7ff7a58cc959
0x7ff7a58cc964
0x7ff7a58cc968
0x7ff7a58cc970
0x7ff7a58cc979
0x7ff7a58cc98a
0x7ff7a58cc997
0x7ff7a58cc99e
0x7ff7a58cc9a3
0x7ff7a58cc9a6
0x7ff7a58cc9b1
0x7ff7a58cc9b5
0x7ff7a58cc9c0
0x7ff7a58cc9c9
0x7ff7a58cc9da
0x7ff7a58cc9e7
0x7ff7a58cc9ee
0x7ff7a58cc9f3
0x7ff7a58cc9f6
0x7ff7a58cca01
0x7ff7a58cca05
0x7ff7a58cca10
0x7ff7a58cca19
0x7ff7a58cca2a
0x7ff7a58cca37
0x7ff7a58cca3e
0x7ff7a58cca43
0x7ff7a58cca46
0x7ff7a58cca51
0x7ff7a58cca57
0x7ff7a58cca60
0x7ff7a58cca7a
0x7ff7a58cca80
0x7ff7a58cca8b
0x7ff7a58cca92
0x7ff7a58cca99
0x7ff7a58cca9e
0x7ff7a58ccaa5
0x7ff7a58ccaae
0x7ff7a58ccac6
0x7ff7a58ccad6
0x7ff7a58ccadd
0x7ff7a58ccae2
0x7ff7a58ccae9
0x7ff7a58ccaf2
0x7ff7a58ccb0a
0x7ff7a58ccb1a
0x7ff7a58ccb21
0x7ff7a58ccb2d
0x7ff7a58ccb35
0x7ff7a58ccb3c
0x7ff7a58ccb48
0x7ff7a58ccb4f
0x7ff7a58ccb51
0x7ff7a58ccb57
0x7ff7a58ccb5d
0x7ff7a58ccb65
0x7ff7a58ccb6b
0x7ff7a58ccb72
0x7ff7a58ccb82
0x7ff7a58ccb8f
0x7ff7a58ccb96
0x7ff7a58ccbab
0x7ff7a58ccbb0
0x7ff7a58ccbb7
0x7ff7a58ccbb9
0x7ff7a58ccbbf
0x7ff7a58ccbc5
0x7ff7a58ccbcd
0x7ff7a58ccbd3
0x7ff7a58ccbda
0x7ff7a58ccbea
0x7ff7a58ccbf7
0x7ff7a58ccbfe
0x7ff7a58ccc13
0x7ff7a58ccc18
0x7ff7a58ccc1f
0x7ff7a58ccc21
0x7ff7a58ccc27
0x7ff7a58ccc2d
0x7ff7a58ccc35
0x7ff7a58ccc3b
0x7ff7a58ccc42
0x7ff7a58ccc52
0x7ff7a58ccc5f
0x7ff7a58ccc66
0x7ff7a58ccc7b
0x7ff7a58ccc80
0x7ff7a58ccc87
0x7ff7a58ccc89
0x7ff7a58ccc8f
0x7ff7a58ccc95
0x7ff7a58ccc9d
0x7ff7a58ccca3
0x7ff7a58cccaa
0x7ff7a58cccba
0x7ff7a58cccc7
0x7ff7a58cccce
0x7ff7a58ccce3
0x7ff7a58ccce8
0x7ff7a58cccef
0x7ff7a58cccf1
0x7ff7a58cccf7
0x7ff7a58cccfd
0x7ff7a58ccd05
0x7ff7a58ccd12
0x7ff7a58ccd22
0x7ff7a58ccd2f
0x7ff7a58ccd36
0x7ff7a58ccd3c
0x7ff7a58ccd4b
0x7ff7a58ccd4d
0x7ff7a58ccd4f
0x7ff7a58ccd55
0x7ff7a58ccd5b
0x7ff7a58ccd70
0x7ff7a58ccd87
0x7ff7a58ccd8d
0x7ff7a58ccd98
0x7ff7a58ccd9f
0x7ff7a58ccda6
0x7ff7a58ccdb0
0x7ff7a58ccdb2
0x7ff7a58ccdb8
0x7ff7a58ccdbe
0x7ff7a58ccdd3
0x7ff7a58ccde8
0x7ff7a58ccdf8
0x7ff7a58ccdff
0x7ff7a58cce09
0x7ff7a58cce0b
0x7ff7a58cce11
0x7ff7a58cce17
0x7ff7a58cce2c
0x7ff7a58cce41
0x7ff7a58cce51
0x7ff7a58cce58
0x7ff7a58cce62
0x7ff7a58cce6a
0x7ff7a58cce70
0x7ff7a58cce85
0x7ff7a58cce93
0x7ff7a58cce9a
0x7ff7a58ccead
0x7ff7a58cceb3
0x7ff7a58ccebe
0x7ff7a58ccec9
0x7ff7a58cced0
0x7ff7a58ccef7

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd09c551d28add4fb28971463840c144a3bc81961caebd4fca2ac43b637cfa3e
Instruction ID: a4aa68634215e934778646b9224ea8bee926146ee2bc83cfae32d86eee1fcce1
Opcode Fuzzy Hash: cd09c551d28add4fb28971463840c144a3bc81961caebd4fca2ac43b637cfa3e
Instruction Fuzzy Hash: 04C1F471F46B6541EB60EA19C5402B9A390EB52FB4F991771CA7F073F5CE6CE8638210

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58BD668 Relevance: .3, Instructions: 317
COMMONCrypto

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A58BD668(void* __edi, long long __rbx, long long __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, long long _a16, long long _a24, long long _a32) {
				void* _v40;
				signed int _v56;
				char _v68;
				char _v70;
				signed int _v72;
				long long _v88;
				void* __rbp;
				intOrPtr _t108;
				void* _t111;
				void* _t140;
				unsigned int _t147;
				signed char _t148;
				unsigned int _t153;
				signed int _t159;
				void* _t169;
				void* _t172;
				void* _t173;
				signed long long _t231;
				long long _t247;
				intOrPtr* _t252;
				intOrPtr* _t256;
				void* _t261;
				intOrPtr _t264;
				intOrPtr _t268;
				signed int* _t270;
				void* _t274;
				void* _t275;
				intOrPtr _t279;
				void* _t286;
				intOrPtr* _t287;

				_t272 = __rsi;
				_t169 = __edi;
				_a16 = __rbx;
				_a24 = __rsi;
				_a32 = __rdi;
				_t274 = _t275;
				_t276 = _t275 - 0x50;
				_t231 =  *0xa58fb008; // 0x485f0d1bb70c
				_v56 = _t231 ^ _t275 - 0x00000050;
				_t108 =  *((intOrPtr*)(__rcx + 0x39));
				_t247 = __rcx;
				r13d = 1;
				dil = 0x78;
				sil = 0x58;
				r14b = 0x41;
				_t173 = _t108 - 0x64;
				if (_t173 > 0) goto 0xa58bd70b;
				if (_t173 == 0) goto 0xa58bd76e;
				if (_t108 == r14b) goto 0xa58bd77b;
				if (_t108 == 0x43) goto 0xa58bd6ee;
				if (_t108 - 0x44 <= 0) goto 0xa58bd784;
				if (_t108 - 0x47 <= 0) goto 0xa58bd77b;
				if (_t108 == 0x53) goto 0xa58bd730;
				if (_t108 == sil) goto 0xa58bd701;
				if (_t108 == 0x5a) goto 0xa58bd6fa;
				if (_t108 == 0x61) goto 0xa58bd77b;
				if (_t108 != 0x63) goto 0xa58bd784;
				E00007FF77FF7A58BDCF8(_t108, _t108 - 0x63, __rcx);
				goto 0xa58bd780;
				E00007FF77FF7A58BDA34(__rcx);
				goto 0xa58bd780;
				_t111 = E00007FF77FF7A58BC788(r13b, __rcx, __rcx, __rsi, _t274);
				goto 0xa58bd780;
				if (_t111 - 0x67 <= 0) goto 0xa58bd77b;
				if (_t111 == 0x69) goto 0xa58bd76e;
				if (_t111 == 0x6e) goto 0xa58bd767;
				if (_t111 == 0x6f) goto 0xa58bd747;
				if (_t111 == 0x70) goto 0xa58bd737;
				if (_t111 == 0x73) goto 0xa58bd730;
				if (_t111 == 0x75) goto 0xa58bd772;
				if (_t111 != dil) goto 0xa58bd784;
				goto 0xa58bd704;
				E00007FF77FF7A58BDE70(__rcx);
				goto 0xa58bd780;
				 *((intOrPtr*)(__rcx + 0x30)) = 0x10;
				 *((intOrPtr*)(__rcx + 0x34)) = 0xb;
				goto 0xa58bd701;
				_t147 =  *(__rcx + 0x28);
				if ((r13b & _t147 >> 0x00000005) == 0) goto 0xa58bd75b;
				asm("bts ecx, 0x7");
				 *(__rcx + 0x28) = _t147;
				E00007FF77FF7A58BC3B8(0, __rcx, __rcx, _t272, _t274);
				goto 0xa58bd780;
				E00007FF77FF7A58BDDBC(__rcx, __rcx);
				goto 0xa58bd780;
				 *(__rcx + 0x28) =  *(__rcx + 0x28) | 0x00000010;
				E00007FF77FF7A58BC5A0(0, __rcx, __rcx, _t272, _t274);
				goto 0xa58bd780;
				if (E00007FF77FF7A58BDAAC(0, _t169, __rcx, __rcx, _t272, _t274) != 0) goto 0xa58bd78b;
				goto 0xa58bda0a;
				if ( *((char*)(__rcx + 0x38)) != 0) goto 0xa58bda07;
				_t148 =  *(__rcx + 0x28);
				_v72 = 0;
				_v70 = 0;
				if ((r13b & 0) == 0) goto 0xa58bd7d8;
				if ((r13b & 0) == 0) goto 0xa58bd7bd;
				_v72 = 0x2d;
				goto 0xa58bd7d5;
				if ((r13b & _t148) == 0) goto 0xa58bd7c8;
				_v72 = 0x2b;
				goto 0xa58bd7d5;
				if ((r13b & 0) == 0) goto 0xa58bd7d8;
				_v72 = 0x20;
				_t261 = _t286;
				r8b =  *((intOrPtr*)(__rcx + 0x39));
				if ((r8b - sil & 0x000000df) != 0) goto 0xa58bd7f5;
				if ((r13b & _t148 >> 0x00000005) == 0) goto 0xa58bd7f5;
				r9b = r13b;
				goto 0xa58bd7f8;
				r9b = 0;
				_t132 = r8b - r14b;
				if (r9b != 0) goto 0xa58bd80c;
				if ((r8b - r14b & 0xffffff00 | (_t132 & 0x000000df) == 0x00000000) == 0) goto 0xa58bd827;
				 *((char*)(_t274 + _t261 - 0x20)) = 0x30;
				if (r8b == sil) goto 0xa58bd81b;
				if (r8b != r14b) goto 0xa58bd81e;
				dil = sil;
				 *((intOrPtr*)(_t274 + _t261 - 0x1f)) = dil;
				_t172 =  *((intOrPtr*)(__rcx + 0x2c)) -  *((intOrPtr*)(__rcx + 0x48));
				if ((_t148 & 0x0000000c) != 0) goto 0xa58bd893;
				r9d = 0;
				if (_t172 <= 0) goto 0xa58bd893;
				_t279 =  *((intOrPtr*)(__rcx + 0x460));
				if ( *((intOrPtr*)(_t279 + 0x10)) !=  *((intOrPtr*)(_t279 + 8))) goto 0xa58bd862;
				if ( *((char*)(_t279 + 0x18)) == 0) goto 0xa58bd85a;
				goto 0xa58bd85d;
				 *(__rcx + 0x20) =  *(__rcx + 0x20) + 0x00000001 | 0xffffffff;
				goto 0xa58bd886;
				 *(__rcx + 0x20) = __rcx + 1;
				 *((intOrPtr*)(_t279 + 0x10)) =  *((intOrPtr*)(_t279 + 0x10)) + _t286;
				 *((char*)( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))))) = 0x20;
				 *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x460)))) + _t286;
				if ( *(__rcx + 0x20) == 0xffffffff) goto 0xa58bd893;
				r9d = r9d + r13d;
				if (r9d - _t172 < 0) goto 0xa58bd83e;
				_t60 = _t247 + 0x20; // 0x98
				_t270 = _t60;
				r8d = 0;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				_t62 = _t247 + 0x460; // 0x4d8
				_t287 = _t62;
				_t252 = _t287;
				E00007FF77FF7A58BDF08(__rcx + 1, _t169, _t172, __rcx, _t252, _t270, _t272, _t274, _t270);
				_t153 =  *(__rcx + 0x28);
				if ((r13b & _t153 >> 0x00000003) == 0) goto 0xa58bd91c;
				if ((r13b & _t153 >> 0x00000002) != 0) goto 0xa58bd91c;
				r8d = 0;
				if (_t172 <= 0) goto 0xa58bd91c;
				_t264 =  *_t287;
				if ( *((intOrPtr*)(_t264 + 0x10)) !=  *((intOrPtr*)(_t264 + 8))) goto 0xa58bd8f5;
				if ( *((char*)(_t264 + 0x18)) == 0) goto 0xa58bd8ee;
				goto 0xa58bd8f1;
				 *_t270 =  *_t270 + 0x00000001 | 0xffffffff;
				goto 0xa58bd90f;
				 *_t270 = _t252 + 1;
				 *((intOrPtr*)(_t264 + 0x10)) =  *((intOrPtr*)(_t264 + 0x10)) + _t286;
				 *((char*)( *((intOrPtr*)( *_t287)))) = 0x30;
				 *((intOrPtr*)( *_t287)) =  *((intOrPtr*)( *_t287)) + _t286;
				if ( *_t270 == 0xffffffff) goto 0xa58bd91c;
				r8d = r8d + r13d;
				if (r8d - _t172 < 0) goto 0xa58bd8d7;
				if ( *((char*)(__rcx + 0x4c)) == 0) goto 0xa58bd98e;
				if ( *((intOrPtr*)(__rcx + 0x48)) <= 0) goto 0xa58bd98e;
				r14d = 0;
				_t79 =  &_v68; // -27
				r9d =  *( *(__rcx + 0x40)) & 0x0000ffff;
				_t80 =  &_v72; // -31
				_v72 = _v72 & 0x00000000;
				r8d = 6;
				_v88 =  *((intOrPtr*)(__rcx + 8));
				if (E00007FF77FF7A58CEF7C(__rcx, _t80, _t79, _t274, _t279) != 0) goto 0xa58bd989;
				r8d = _v72;
				if (r8d == 0) goto 0xa58bd989;
				_v88 =  *((intOrPtr*)(_t247 + 8));
				_t140 = E00007FF77FF7A58BDF08(_t139, _t169, _t172, _t247, _t287, _t270, _t272, _t274, _t270);
				r14d = r14d + r13d;
				if (r14d !=  *(_t247 + 0x48)) goto 0xa58bd92f;
				goto 0xa58bd9aa;
				 *_t270 =  *_t270 | 0xffffffff;
				goto 0xa58bd9aa;
				r8d =  *(_t247 + 0x48);
				_t256 = _t287;
				_v88 =  *((intOrPtr*)(_t247 + 8));
				E00007FF77FF7A58BDF08(_t140, _t169, _t172, _t247, _t256, _t270, _t272, _t274, _t270);
				_t159 =  *_t270;
				if (_t159 < 0) goto 0xa58bda07;
				if ((r13b &  *(_t247 + 0x28) >> 0x00000002) == 0) goto 0xa58bda07;
				r8d = 0;
				if (_t172 <= 0) goto 0xa58bda07;
				_t268 =  *_t287;
				if ( *((intOrPtr*)(_t268 + 0x10)) !=  *((intOrPtr*)(_t268 + 8))) goto 0xa58bd9e0;
				if ( *((char*)(_t268 + 0x18)) == 0) goto 0xa58bd9d9;
				goto 0xa58bd9dc;
				 *_t270 = _t159 + 0x00000001 | 0xffffffff;
				goto 0xa58bd9fa;
				 *_t270 = _t256 + 1;
				 *((intOrPtr*)(_t268 + 0x10)) =  *((intOrPtr*)(_t268 + 0x10)) + _t286;
				 *((char*)( *((intOrPtr*)( *_t287)))) = 0x20;
				 *((intOrPtr*)( *_t287)) =  *((intOrPtr*)( *_t287)) + _t286;
				if ( *_t270 == 0xffffffff) goto 0xa58bda07;
				r8d = r8d + r13d;
				if (r8d - _t172 < 0) goto 0xa58bd9c2;
				return E00007FF77FF7A588AAD0(r13b,  *_t270, _v56 ^ _t276);
			}

0x7ff7a58bd668
0x7ff7a58bd668
0x7ff7a58bd668
0x7ff7a58bd66d
0x7ff7a58bd672
0x7ff7a58bd680
0x7ff7a58bd683
0x7ff7a58bd687
0x7ff7a58bd691
0x7ff7a58bd695
0x7ff7a58bd698
0x7ff7a58bd69b
0x7ff7a58bd6a1
0x7ff7a58bd6a4
0x7ff7a58bd6a7
0x7ff7a58bd6aa
0x7ff7a58bd6ac
0x7ff7a58bd6ae
0x7ff7a58bd6b7
0x7ff7a58bd6bf
0x7ff7a58bd6c3
0x7ff7a58bd6cb
0x7ff7a58bd6d3
0x7ff7a58bd6d8
0x7ff7a58bd6dc
0x7ff7a58bd6e0
0x7ff7a58bd6e8
0x7ff7a58bd6f0
0x7ff7a58bd6f5
0x7ff7a58bd6fa
0x7ff7a58bd6ff
0x7ff7a58bd704
0x7ff7a58bd709
0x7ff7a58bd70d
0x7ff7a58bd711
0x7ff7a58bd715
0x7ff7a58bd719
0x7ff7a58bd71d
0x7ff7a58bd721
0x7ff7a58bd725
0x7ff7a58bd72a
0x7ff7a58bd72e
0x7ff7a58bd730
0x7ff7a58bd735
0x7ff7a58bd737
0x7ff7a58bd73e
0x7ff7a58bd745
0x7ff7a58bd747
0x7ff7a58bd752
0x7ff7a58bd754
0x7ff7a58bd758
0x7ff7a58bd760
0x7ff7a58bd765
0x7ff7a58bd767
0x7ff7a58bd76c
0x7ff7a58bd76e
0x7ff7a58bd774
0x7ff7a58bd779
0x7ff7a58bd782
0x7ff7a58bd786
0x7ff7a58bd78f
0x7ff7a58bd795
0x7ff7a58bd79a
0x7ff7a58bd7a0
0x7ff7a58bd7ab
0x7ff7a58bd7b5
0x7ff7a58bd7b7
0x7ff7a58bd7bb
0x7ff7a58bd7c0
0x7ff7a58bd7c2
0x7ff7a58bd7c6
0x7ff7a58bd7cf
0x7ff7a58bd7d1
0x7ff7a58bd7d5
0x7ff7a58bd7d8
0x7ff7a58bd7e4
0x7ff7a58bd7ee
0x7ff7a58bd7f0
0x7ff7a58bd7f3
0x7ff7a58bd7f5
0x7ff7a58bd7fb
0x7ff7a58bd806
0x7ff7a58bd80a
0x7ff7a58bd80c
0x7ff7a58bd814
0x7ff7a58bd819
0x7ff7a58bd81b
0x7ff7a58bd81e
0x7ff7a58bd82c
0x7ff7a58bd832
0x7ff7a58bd834
0x7ff7a58bd839
0x7ff7a58bd83e
0x7ff7a58bd84d
0x7ff7a58bd854
0x7ff7a58bd858
0x7ff7a58bd85d
0x7ff7a58bd860
0x7ff7a58bd865
0x7ff7a58bd868
0x7ff7a58bd876
0x7ff7a58bd880
0x7ff7a58bd889
0x7ff7a58bd88b
0x7ff7a58bd891
0x7ff7a58bd897
0x7ff7a58bd897
0x7ff7a58bd89b
0x7ff7a58bd89e
0x7ff7a58bd8a3
0x7ff7a58bd8a3
0x7ff7a58bd8ad
0x7ff7a58bd8b4
0x7ff7a58bd8b9
0x7ff7a58bd8c4
0x7ff7a58bd8cc
0x7ff7a58bd8ce
0x7ff7a58bd8d3
0x7ff7a58bd8d7
0x7ff7a58bd8e2
0x7ff7a58bd8e8
0x7ff7a58bd8ec
0x7ff7a58bd8f1
0x7ff7a58bd8f3
0x7ff7a58bd8f8
0x7ff7a58bd8fa
0x7ff7a58bd904
0x7ff7a58bd90a
0x7ff7a58bd912
0x7ff7a58bd914
0x7ff7a58bd91a
0x7ff7a58bd920
0x7ff7a58bd926
0x7ff7a58bd92c
0x7ff7a58bd933
0x7ff7a58bd937
0x7ff7a58bd93c
0x7ff7a58bd940
0x7ff7a58bd949
0x7ff7a58bd94f
0x7ff7a58bd95b
0x7ff7a58bd95d
0x7ff7a58bd964
0x7ff7a58bd971
0x7ff7a58bd979
0x7ff7a58bd97e
0x7ff7a58bd985
0x7ff7a58bd987
0x7ff7a58bd989
0x7ff7a58bd98c
0x7ff7a58bd995
0x7ff7a58bd999
0x7ff7a58bd9a0
0x7ff7a58bd9a5
0x7ff7a58bd9aa
0x7ff7a58bd9ae
0x7ff7a58bd9b9
0x7ff7a58bd9bb
0x7ff7a58bd9c0
0x7ff7a58bd9c2
0x7ff7a58bd9cd
0x7ff7a58bd9d3
0x7ff7a58bd9d7
0x7ff7a58bd9dc
0x7ff7a58bd9de
0x7ff7a58bd9e3
0x7ff7a58bd9e5
0x7ff7a58bd9ef
0x7ff7a58bd9f5
0x7ff7a58bd9fd
0x7ff7a58bd9ff
0x7ff7a58bda05
0x7ff7a58bda33

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a4cd132ad3ced0484ae7b455484b9e7cb1c7173a829b313e52df574d94a2df1
Instruction ID: 3ed41fc3c2795ae7fd4961da86274f3fd5824721979f3ebfc368a4b73d0e077e
Opcode Fuzzy Hash: 0a4cd132ad3ced0484ae7b455484b9e7cb1c7173a829b313e52df574d94a2df1
Instruction Fuzzy Hash: 81D1E862A0B64696E724AF2580003BDA7A5EB06F48F974175CD4D0B7FDCF39E461C3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58C053C Relevance: .3, Instructions: 309
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF7A58C053C(void* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* _t12;
				signed long long _t15;
				void* _t25;
				void* _t26;
				signed long long _t27;

				_t25 = _t26 - 0x168;
				_t27 = _t26 - 0x268;
				_t15 =  *0xa58fb008; // 0x485f0d1bb70c
				 *(_t25 + 0x150) = _t15 ^ _t27;
				r15d = 0;
				 *((long long*)(_t27 + 0x70)) = __r8;
				 *((long long*)(_t27 + 0x78)) = __rdx;
				 *((long long*)(_t27 + 0x30)) =  *((intOrPtr*)(_t25 + 0x1d0));
				 *((long long*)(_t27 + 0x68)) =  *((intOrPtr*)(_t25 + 0x1d8));
				if (__rcx != 0) goto 0xa58c05c4;
				return E00007FF77FF7A588AAD0(0, _t12,  *(_t25 + 0x150) ^ _t27);
			}

0x7ff7a58c0549
0x7ff7a58c0551
0x7ff7a58c0558
0x7ff7a58c0562
0x7ff7a58c0570
0x7ff7a58c057d
0x7ff7a58c0585
0x7ff7a58c058d
0x7ff7a58c0595
0x7ff7a58c059d
0x7ff7a58c05c3

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 4023145424-0
Opcode ID: 3eb8e0f11b9086eb3a29e83c72b65b3ae464d3db3670a6099564d1a1676049a4
Instruction ID: 674a9726b5bc9be284233808f9dfbb3291be1a1db3f29814eeb898367b566b6b
Opcode Fuzzy Hash: 3eb8e0f11b9086eb3a29e83c72b65b3ae464d3db3670a6099564d1a1676049a4
Instruction Fuzzy Hash: C0C1DA22A0A782C5FB60EB5294107BEA3A0FB86FC8F814075DE8D577A5DF3CD5258710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58CEC94 Relevance: .2, Instructions: 198
COMMONCrypto

Download Yara Rule

C-Code - Quality: 47%

			E00007FF77FF7A58CEC94(void* __rax, long long __rbx, unsigned int* __rcx, void* __rdx, void* __rdi, long long __rsi, void* __r8, void* __r9, long long _a8, long long _a16, intOrPtr _a40, intOrPtr _a48, void* _a64, long long _a80) {
				long long _v48;
				signed long long _v56;
				long long _t37;
				long long _t44;
				unsigned int* _t49;
				void* _t51;
				void* _t58;

				_a8 = __rbx;
				_a16 = __rsi;
				_t58 = __r8;
				_t49 = __rcx;
				if (__rdx != 0) goto 0xa58cece4;
				_t44 = _a80;
				_v48 = _t44;
				 *((char*)(_t44 + 0x30)) = 1;
				 *((intOrPtr*)(_t44 + 0x2c)) = __rdx + 0x16;
				_v56 = _v56 & 0x00000000;
				r9d = 0;
				r8d = 0;
				E00007FF77FF7A58BE70C(__rax, __rbx, _t44, __rdx, __rsi, _t51, __r8);
				goto 0xa58cef53;
				if (_t58 != 0) goto 0xa58ced04;
				_t37 = _a80;
				_v48 = _t37;
				 *((char*)(_t37 + 0x30)) = 1;
				 *((intOrPtr*)(_t37 + 0x2c)) = 0x16;
				goto 0xa58cecc8;
				if (__r9 == 0) goto 0xa58cece9;
				if (_a40 == 0) goto 0xa58cece9;
				if (_a48 == 0x41) goto 0xa58ced2f;
				if (_t44 - 0x45 - 2 <= 0) goto 0xa58ced2f;
				sil = 0;
				goto 0xa58ced32;
				sil = 1;
				if (0 != 0) goto 0xa58cee29;
				if ( *_t49 >> 0x34 != 0x7ff) goto 0xa58cee29;
				r8d = 0xc;
			}

0x7ff7a58cec94
0x7ff7a58cec99
0x7ff7a58ceca3
0x7ff7a58ceca9
0x7ff7a58cecaf
0x7ff7a58cecb1
0x7ff7a58cecbc
0x7ff7a58cecc1
0x7ff7a58cecc5
0x7ff7a58cecc8
0x7ff7a58cecce
0x7ff7a58cecd1
0x7ff7a58cecd8
0x7ff7a58cecdf
0x7ff7a58cece7
0x7ff7a58cece9
0x7ff7a58cecf6
0x7ff7a58cecfb
0x7ff7a58cecff
0x7ff7a58ced02
0x7ff7a58ced07
0x7ff7a58ced14
0x7ff7a58ced20
0x7ff7a58ced28
0x7ff7a58ced2a
0x7ff7a58ced2d
0x7ff7a58ced2f
0x7ff7a58ced3d
0x7ff7a58ced58
0x7ff7a58ced6b

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed3b94e0b044f6cd9285ed012664174cbdd80ccbaad531698c37ea4e2502505c
Instruction ID: 7d076b5e923ab01bf53807569bcdbd143133bf8c1391085c962d6a9064dc5a72
Opcode Fuzzy Hash: ed3b94e0b044f6cd9285ed012664174cbdd80ccbaad531698c37ea4e2502505c
Instruction Fuzzy Hash: 38811672A1E78186E775DF19944037AA690FB87BD4F814275EB8D43BA9CF3CE4108B10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58BC5A0 Relevance: .1, Instructions: 137
COMMONCrypto

Download Yara Rule

C-Code - Quality: 71%

			E00007FF77FF7A58BC5A0(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t140;
				void* _t143;
				intOrPtr _t149;
				void* _t156;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0xa58bc687;
				if (_t110 == 0) goto 0xa58bc5f0;
				_t111 = _t86;
				if (_t111 == 0) goto 0xa58bc6db;
				if (_t111 == 0) goto 0xa58bc65f;
				if (_t111 == 0) goto 0xa58bc638;
				if (_t111 == 0) goto 0xa58bc6db;
				if (_t86 - 0xffffffffffffffff != 1) goto 0xa58bc6a7;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t143;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0xa58bc622;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0xa58bc622;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0xa58bc706;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0xa58bc71d;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0xa58bc659;
				goto 0xa58bc60b;
				goto 0xa58bc60b;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0xa58bc681;
				goto 0xa58bc60b;
				goto 0xa58bc60b;
				if (_t118 == 0) goto 0xa58bc5f0;
				if (_t118 == 0) goto 0xa58bc5f0;
				if (_t118 == 0) goto 0xa58bc5f0;
				goto 0xa58bc5de;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF7A58BE70C( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t140,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t156);
				goto 0xa58bc770;
				 *((long long*)(_t133 + 0x18)) =  *((long long*)(_t133 + 0x18)) + 8;
				if (0 == 0) goto 0xa58bc6fe;
				_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8));
				goto 0xa58bc60b;
				goto 0xa58bc60b;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xfffffff7;
				E00007FF77FF7A58BC060(_t133, _t133 + 0x50,  *((intOrPtr*)(_t133 + 0x30)), _t149,  *((intOrPtr*)(_t133 + 8)));
				if (_t149 != 0) goto 0xa58bc726;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 0;
				r8b = bpl;
				if (_t143 != 8) goto 0xa58bc740;
				E00007FF77FF7A58BCB9C(_t133, _t149);
				goto 0xa58bc747;
				E00007FF77FF7A58BC9EC( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8)), _t133, _t149);
				if (0 == 0) goto 0xa58bc76e;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0xa58bc760;
				if ( *((char*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0xa58bc76e;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}

0x7ff7a58bc5a0
0x7ff7a58bc5a5
0x7ff7a58bc5aa
0x7ff7a58bc5b4
0x7ff7a58bc5b7
0x7ff7a58bc5ba
0x7ff7a58bc5bd
0x7ff7a58bc5c0
0x7ff7a58bc5c6
0x7ff7a58bc5c8
0x7ff7a58bc5ca
0x7ff7a58bc5d3
0x7ff7a58bc5dc
0x7ff7a58bc5e1
0x7ff7a58bc5ea
0x7ff7a58bc5f0
0x7ff7a58bc5f8
0x7ff7a58bc612
0x7ff7a58bc617
0x7ff7a58bc61f
0x7ff7a58bc626
0x7ff7a58bc62c
0x7ff7a58bc633
0x7ff7a58bc640
0x7ff7a58bc650
0x7ff7a58bc657
0x7ff7a58bc65d
0x7ff7a58bc667
0x7ff7a58bc671
0x7ff7a58bc678
0x7ff7a58bc67f
0x7ff7a58bc685
0x7ff7a58bc68a
0x7ff7a58bc693
0x7ff7a58bc69c
0x7ff7a58bc6a2
0x7ff7a58bc6a7
0x7ff7a58bc6ab
0x7ff7a58bc6ae
0x7ff7a58bc6b5
0x7ff7a58bc6b9
0x7ff7a58bc6c4
0x7ff7a58bc6c9
0x7ff7a58bc6cf
0x7ff7a58bc6d6
0x7ff7a58bc6e3
0x7ff7a58bc6f3
0x7ff7a58bc6f5
0x7ff7a58bc6f9
0x7ff7a58bc701
0x7ff7a58bc711
0x7ff7a58bc718
0x7ff7a58bc720
0x7ff7a58bc722
0x7ff7a58bc726
0x7ff7a58bc72a
0x7ff7a58bc734
0x7ff7a58bc739
0x7ff7a58bc73e
0x7ff7a58bc742
0x7ff7a58bc74f
0x7ff7a58bc755
0x7ff7a58bc75e
0x7ff7a58bc760
0x7ff7a58bc768
0x7ff7a58bc76b
0x7ff7a58bc784

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09a4a0272fcb28be4f4c2347f47eb615663c13edcd1074745415d1c72bb9a049
Instruction ID: e5812f3ebd4ca3596ca4c2fa95486c7a063e827b2f156e11330bf252ab8ca891
Opcode Fuzzy Hash: 09a4a0272fcb28be4f4c2347f47eb615663c13edcd1074745415d1c72bb9a049
Instruction Fuzzy Hash: 7F51C472A0960382E7289F28C15463CA7A4EB57F58F571179CE4D177BACB28EC61C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58BC788 Relevance: .1, Instructions: 137
COMMONCrypto

Download Yara Rule

C-Code - Quality: 71%

			E00007FF77FF7A58BC788(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t140;
				void* _t143;
				intOrPtr _t149;
				void* _t156;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0xa58bc86f;
				if (_t110 == 0) goto 0xa58bc7d8;
				_t111 = _t86;
				if (_t111 == 0) goto 0xa58bc8c3;
				if (_t111 == 0) goto 0xa58bc847;
				if (_t111 == 0) goto 0xa58bc820;
				if (_t111 == 0) goto 0xa58bc8c3;
				if (_t86 - 0xffffffffffffffff != 1) goto 0xa58bc88f;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t143;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0xa58bc80a;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0xa58bc80a;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0xa58bc8ee;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0xa58bc905;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0xa58bc841;
				goto 0xa58bc7f3;
				goto 0xa58bc7f3;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0xa58bc869;
				goto 0xa58bc7f3;
				goto 0xa58bc7f3;
				if (_t118 == 0) goto 0xa58bc7d8;
				if (_t118 == 0) goto 0xa58bc7d8;
				if (_t118 == 0) goto 0xa58bc7d8;
				goto 0xa58bc7c6;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF7A58BE70C( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t140,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t156);
				goto 0xa58bc958;
				 *((long long*)(_t133 + 0x18)) =  *((long long*)(_t133 + 0x18)) + 8;
				if (0 == 0) goto 0xa58bc8e6;
				_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8));
				goto 0xa58bc7f3;
				goto 0xa58bc7f3;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xfffffff7;
				E00007FF77FF7A58BC060(_t133, _t133 + 0x50,  *((intOrPtr*)(_t133 + 0x30)), _t149,  *((intOrPtr*)(_t133 + 8)));
				if (_t149 != 0) goto 0xa58bc90e;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 0;
				r8b = bpl;
				if (_t143 != 8) goto 0xa58bc928;
				E00007FF77FF7A58BCC48(_t133, _t149);
				goto 0xa58bc92f;
				E00007FF77FF7A58BCA94( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8)), _t133, _t149);
				if (0 == 0) goto 0xa58bc956;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0xa58bc948;
				if ( *((char*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0xa58bc956;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}

0x7ff7a58bc788
0x7ff7a58bc78d
0x7ff7a58bc792
0x7ff7a58bc79c
0x7ff7a58bc79f
0x7ff7a58bc7a2
0x7ff7a58bc7a5
0x7ff7a58bc7a8
0x7ff7a58bc7ae
0x7ff7a58bc7b0
0x7ff7a58bc7b2
0x7ff7a58bc7bb
0x7ff7a58bc7c4
0x7ff7a58bc7c9
0x7ff7a58bc7d2
0x7ff7a58bc7d8
0x7ff7a58bc7e0
0x7ff7a58bc7fa
0x7ff7a58bc7ff
0x7ff7a58bc807
0x7ff7a58bc80e
0x7ff7a58bc814
0x7ff7a58bc81b
0x7ff7a58bc828
0x7ff7a58bc838
0x7ff7a58bc83f
0x7ff7a58bc845
0x7ff7a58bc84f
0x7ff7a58bc859
0x7ff7a58bc860
0x7ff7a58bc867
0x7ff7a58bc86d
0x7ff7a58bc872
0x7ff7a58bc87b
0x7ff7a58bc884
0x7ff7a58bc88a
0x7ff7a58bc88f
0x7ff7a58bc893
0x7ff7a58bc896
0x7ff7a58bc89d
0x7ff7a58bc8a1
0x7ff7a58bc8ac
0x7ff7a58bc8b1
0x7ff7a58bc8b7
0x7ff7a58bc8be
0x7ff7a58bc8cb
0x7ff7a58bc8db
0x7ff7a58bc8dd
0x7ff7a58bc8e1
0x7ff7a58bc8e9
0x7ff7a58bc8f9
0x7ff7a58bc900
0x7ff7a58bc908
0x7ff7a58bc90a
0x7ff7a58bc90e
0x7ff7a58bc912
0x7ff7a58bc91c
0x7ff7a58bc921
0x7ff7a58bc926
0x7ff7a58bc92a
0x7ff7a58bc937
0x7ff7a58bc93d
0x7ff7a58bc946
0x7ff7a58bc948
0x7ff7a58bc950
0x7ff7a58bc953
0x7ff7a58bc96c

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65988544bd8c51d46c1f2ecd44d2c2020be5c6c9d2ff497e3ff94f9df2993759
Instruction ID: a69d8ff6dfcbbabb9b03be21191b4ea40fd581a90e3b5f0ba4dc9dbe6606a61b
Opcode Fuzzy Hash: 65988544bd8c51d46c1f2ecd44d2c2020be5c6c9d2ff497e3ff94f9df2993759
Instruction Fuzzy Hash: B651D377E0965382E7289E28C05533CA7A4EB42F58F570174CE4D177AACF28EC61C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58BC3B8 Relevance: .1, Instructions: 137
COMMONCrypto

Download Yara Rule

C-Code - Quality: 71%

			E00007FF77FF7A58BC3B8(void* __edx, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v16;
				signed long long _v24;
				intOrPtr _t86;
				signed int _t90;
				void* _t110;
				intOrPtr _t111;
				signed int _t118;
				intOrPtr _t129;
				void* _t133;
				void* _t140;
				void* _t143;
				intOrPtr _t149;
				void* _t156;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t133 = __rcx;
				bpl = __edx;
				_t86 =  *((intOrPtr*)(__rcx + 0x34));
				_t110 = _t86 - 5;
				if (_t110 > 0) goto 0xa58bc49f;
				if (_t110 == 0) goto 0xa58bc408;
				_t111 = _t86;
				if (_t111 == 0) goto 0xa58bc4f3;
				if (_t111 == 0) goto 0xa58bc477;
				if (_t111 == 0) goto 0xa58bc450;
				if (_t111 == 0) goto 0xa58bc4f3;
				if (_t86 - 0xffffffffffffffff != 1) goto 0xa58bc4bf;
				_t90 =  *(__rcx + 0x28);
				 *((intOrPtr*)(__rcx + 0x18)) =  *((intOrPtr*)(__rcx + 0x18)) + _t143;
				if ((_t90 >> 0x00000004 & 0x00000001) == 0) goto 0xa58bc43a;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x18)) - 8)) >= 0) goto 0xa58bc43a;
				 *(__rcx + 0x28) = _t90 | 0x00000040;
				if ( *((intOrPtr*)(__rcx + 0x30)) >= 0) goto 0xa58bc51e;
				 *((intOrPtr*)(__rcx + 0x30)) = 1;
				goto 0xa58bc535;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				if (( *(__rcx + 0x28) >> 0x00000004 & 0x00000001) == 0) goto 0xa58bc471;
				goto 0xa58bc423;
				goto 0xa58bc423;
				 *((long long*)(__rcx + 0x18)) =  *((long long*)(__rcx + 0x18)) + 8;
				_t118 = dil &  *(__rcx + 0x28) >> 0x00000004;
				if (_t118 == 0) goto 0xa58bc499;
				goto 0xa58bc423;
				goto 0xa58bc423;
				if (_t118 == 0) goto 0xa58bc408;
				if (_t118 == 0) goto 0xa58bc408;
				if (_t118 == 0) goto 0xa58bc408;
				goto 0xa58bc3f6;
				_t129 =  *((intOrPtr*)(__rcx + 8));
				r9d = 0;
				r8d = 0;
				 *((char*)(_t129 + 0x30)) = 1;
				 *((intOrPtr*)(_t129 + 0x2c)) = 0x16;
				_v16 =  *((intOrPtr*)(__rcx + 8));
				_v24 = _v24 & 0x00000000;
				E00007FF77FF7A58BE70C( *((intOrPtr*)(__rcx + 8)), __rcx, __rcx, _t140,  *((char*)( *((intOrPtr*)(__rcx + 0x18)) - 8)), __rbp, _t156);
				goto 0xa58bc588;
				 *((long long*)(_t133 + 0x18)) =  *((long long*)(_t133 + 0x18)) + 8;
				if (0 == 0) goto 0xa58bc516;
				_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8));
				goto 0xa58bc423;
				goto 0xa58bc423;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xfffffff7;
				_t51 = _t133 + 0x50; // 0xc8
				E00007FF77FF7A58BC060(_t133, _t51,  *((intOrPtr*)(_t133 + 0x30)), _t149,  *((intOrPtr*)(_t133 + 8)));
				if (_t149 != 0) goto 0xa58bc53e;
				 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0xffffffdf;
				 *((char*)(_t133 + 0x4c)) = 0;
				r8b = bpl;
				if (_t143 != 8) goto 0xa58bc558;
				E00007FF77FF7A58BCB20(0, _t133, _t149);
				goto 0xa58bc55f;
				E00007FF77FF7A58BC970( *((intOrPtr*)( *((intOrPtr*)(_t133 + 0x18)) - 8)), _t133);
				if (0 == 0) goto 0xa58bc586;
				if ( *((intOrPtr*)(_t133 + 0x48)) == 0) goto 0xa58bc578;
				if ( *((char*)( *((intOrPtr*)(_t133 + 0x40)))) == 0x30) goto 0xa58bc586;
				 *((long long*)(_t133 + 0x40)) =  *((long long*)(_t133 + 0x40)) - 1;
				 *((char*)( *((intOrPtr*)(_t133 + 0x40)))) = 0x30;
				 *((intOrPtr*)(_t133 + 0x48)) =  *((intOrPtr*)(_t133 + 0x48)) + 1;
				return 1;
			}

0x7ff7a58bc3b8
0x7ff7a58bc3bd
0x7ff7a58bc3c2
0x7ff7a58bc3cc
0x7ff7a58bc3cf
0x7ff7a58bc3d2
0x7ff7a58bc3d5
0x7ff7a58bc3d8
0x7ff7a58bc3de
0x7ff7a58bc3e0
0x7ff7a58bc3e2
0x7ff7a58bc3eb
0x7ff7a58bc3f4
0x7ff7a58bc3f9
0x7ff7a58bc402
0x7ff7a58bc408
0x7ff7a58bc410
0x7ff7a58bc42a
0x7ff7a58bc42f
0x7ff7a58bc437
0x7ff7a58bc43e
0x7ff7a58bc444
0x7ff7a58bc44b
0x7ff7a58bc458
0x7ff7a58bc468
0x7ff7a58bc46f
0x7ff7a58bc475
0x7ff7a58bc47f
0x7ff7a58bc489
0x7ff7a58bc490
0x7ff7a58bc497
0x7ff7a58bc49d
0x7ff7a58bc4a2
0x7ff7a58bc4ab
0x7ff7a58bc4b4
0x7ff7a58bc4ba
0x7ff7a58bc4bf
0x7ff7a58bc4c3
0x7ff7a58bc4c6
0x7ff7a58bc4cd
0x7ff7a58bc4d1
0x7ff7a58bc4dc
0x7ff7a58bc4e1
0x7ff7a58bc4e7
0x7ff7a58bc4ee
0x7ff7a58bc4fb
0x7ff7a58bc50b
0x7ff7a58bc50d
0x7ff7a58bc511
0x7ff7a58bc519
0x7ff7a58bc529
0x7ff7a58bc52c
0x7ff7a58bc530
0x7ff7a58bc538
0x7ff7a58bc53a
0x7ff7a58bc53e
0x7ff7a58bc542
0x7ff7a58bc54c
0x7ff7a58bc551
0x7ff7a58bc556
0x7ff7a58bc55a
0x7ff7a58bc567
0x7ff7a58bc56d
0x7ff7a58bc576
0x7ff7a58bc578
0x7ff7a58bc580
0x7ff7a58bc583
0x7ff7a58bc59c

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15eac905c6263da8fcd042729b4cf6c2eac0663125a33ca76778ac8e5de10585
Instruction ID: 54c01e3ef9331abd6671cf143d14f4b81d4682b21ddb59d85e9194b7fbd90f01
Opcode Fuzzy Hash: 15eac905c6263da8fcd042729b4cf6c2eac0663125a33ca76778ac8e5de10585
Instruction Fuzzy Hash: E351C372A0961282E7289E28C05433CA7A4EB46F58F970175CF4D173A6CF28ED61C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58BF7F4 Relevance: .1, Instructions: 126
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 56%

			E00007FF77FF7A58BF7F4(signed int __edx, void* __edi, void* __esp, long long __rbx, signed long long*** __rcx, long long __rsi) {
				void* _t24;
				int _t26;
				signed int _t51;
				void* _t52;
				signed long long _t66;
				signed int* _t73;
				signed long long _t75;
				signed long long _t77;
				signed long long _t78;
				signed long long _t95;
				signed long long _t96;
				signed long long _t98;
				signed long long _t104;
				long long _t115;
				void* _t117;
				void* _t120;
				signed long long* _t123;
				signed long long _t124;
				signed long long _t126;
				signed long long _t129;
				signed long long*** _t132;

				_t52 = __edi;
				_t51 = __edx;
				 *((long long*)(_t117 + 0x10)) = __rbx;
				 *((long long*)(_t117 + 0x18)) = _t115;
				 *((long long*)(_t117 + 0x20)) = __rsi;
				_t66 =  *((intOrPtr*)(__rcx));
				_t132 = __rcx;
				_t73 =  *_t66;
				if (_t73 == 0) goto 0xa58bf988;
				_t124 =  *0xa58fb008; // 0x485f0d1bb70c
				_t111 =  *_t73 ^ _t124;
				asm("dec eax");
				_t75 = _t73[4] ^ _t124;
				asm("dec ecx");
				asm("dec eax");
				if ((_t73[2] ^ _t124) != _t75) goto 0xa58bf8fa;
				_t77 = _t75 - ( *_t73 ^ _t124) >> 3;
				_t101 =  >  ? _t66 : _t77;
				_t6 = _t115 + 0x20; // 0x20
				_t102 = ( >  ? _t66 : _t77) + _t77;
				_t103 =  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77;
				if (( ==  ? _t66 : ( >  ? _t66 : _t77) + _t77) - _t77 < 0) goto 0xa58bf896;
				_t7 = _t115 + 8; // 0x8
				r8d = _t7;
				E00007FF77FF7A58D25E8(_t6, _t77, _t111,  ==  ? _t66 : ( >  ? _t66 : _t77) + _t77, _t111, _t115, _t120);
				_t24 = E00007FF77FF7A58CE0C8(_t66, _t111);
				if (_t66 != 0) goto 0xa58bf8be;
				_t104 = _t77 + 4;
				r8d = 8;
				E00007FF77FF7A58D25E8(_t24, _t77, _t111, _t104, _t111, _t115, _t120);
				_t129 = _t66;
				_t26 = E00007FF77FF7A58CE0C8(_t66, _t111);
				if (_t129 == 0) goto 0xa58bf988;
				_t123 = _t129 + _t77 * 8;
				_t78 = _t129 + _t104 * 8;
				_t88 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				_t64 =  >  ? _t115 : _t78 - _t123 + 7 >> 3;
				if (( >  ? _t115 : _t78 - _t123 + 7 >> 3) == 0) goto 0xa58bf8fa;
				memset(_t52, _t26, 0 << 0);
				_t126 =  *0xa58fb008; // 0x485f0d1bb70c
				r8d = 0x40;
				asm("dec eax");
				 *_t123 =  *(_t132[1]) ^ _t126;
				_t95 =  *0xa58fb008; // 0x485f0d1bb70c
				asm("dec eax");
				 *( *( *_t132)) = _t129 ^ _t95;
				_t96 =  *0xa58fb008; // 0x485f0d1bb70c
				asm("dec eax");
				( *( *_t132))[1] =  &(_t123[1]) ^ _t96;
				_t98 =  *0xa58fb008; // 0x485f0d1bb70c
				r8d = r8d - (_t51 & 0x0000003f);
				asm("dec eax");
				( *( *_t132))[2] = _t78 ^ _t98;
				goto 0xa58bf98b;
				return 0xffffffff;
			}

0x7ff7a58bf7f4
0x7ff7a58bf7f4
0x7ff7a58bf7f4
0x7ff7a58bf7f9
0x7ff7a58bf7fe
0x7ff7a58bf80c
0x7ff7a58bf811
0x7ff7a58bf814
0x7ff7a58bf81a
0x7ff7a58bf820
0x7ff7a58bf838
0x7ff7a58bf83e
0x7ff7a58bf841
0x7ff7a58bf844
0x7ff7a58bf847
0x7ff7a58bf84d
0x7ff7a58bf85b
0x7ff7a58bf865
0x7ff7a58bf869
0x7ff7a58bf86c
0x7ff7a58bf86f
0x7ff7a58bf876
0x7ff7a58bf878
0x7ff7a58bf878
0x7ff7a58bf882
0x7ff7a58bf88c
0x7ff7a58bf894
0x7ff7a58bf896
0x7ff7a58bf89a
0x7ff7a58bf8a6
0x7ff7a58bf8ad
0x7ff7a58bf8b0
0x7ff7a58bf8b8
0x7ff7a58bf8c5
0x7ff7a58bf8c9
0x7ff7a58bf8e1
0x7ff7a58bf8e5
0x7ff7a58bf8e8
0x7ff7a58bf8f0
0x7ff7a58bf8f3
0x7ff7a58bf8fa
0x7ff7a58bf919
0x7ff7a58bf91f
0x7ff7a58bf922
0x7ff7a58bf935
0x7ff7a58bf93e
0x7ff7a58bf944
0x7ff7a58bf955
0x7ff7a58bf95e
0x7ff7a58bf962
0x7ff7a58bf96e
0x7ff7a58bf977
0x7ff7a58bf982
0x7ff7a58bf986
0x7ff7a58bf9a3

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 3ef3fcf24a92a2e8e961e5df60439cbd2230a09cc4eb994ac7b405b84086ae04
Instruction ID: 9f9b7936c436f5117a01a68673b45b29173a593d97043d1d71a92b7470a81831
Opcode Fuzzy Hash: 3ef3fcf24a92a2e8e961e5df60439cbd2230a09cc4eb994ac7b405b84086ae04
Instruction Fuzzy Hash: 97410223715A5482FF48DF2AD925569F3A1BB4DFD4B8A9032EE4D87B68DE3CD0568300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED7908 Relevance: .1, Instructions: 124
COMMONCrypto

Download Yara Rule

C-Code - Quality: 84%

			E00007FFA7FFA0AED7908(void* __edx, signed long long __rax, long long __rbx, signed int __rcx, signed long long __rdx, long long __rsi, void* __r9, signed int __r11) {
				signed int _t135;
				short _t136;
				void* _t167;
				signed long long _t170;
				signed long long _t175;
				void* _t184;
				void* _t186;
				void* _t189;
				void* _t193;

				_t175 = __rdx;
				_t170 = __rax;
				 *((long long*)(_t186 + 8)) = __rbx;
				 *((long long*)(_t186 + 0x18)) = __rsi;
				_push(_t193);
				_t184 = _t186 - 0x3f;
				r10d = r8d;
				 *((intOrPtr*)(_t186 - 0xc0 + 0x20)) =  *((intOrPtr*)(_t184 + 0x7f));
				r11d = __edx;
				E00007FFA7FFA0AEE3C78( *((intOrPtr*)(_t184 + 0x7f)), __rcx, __rdx, _t189, __r9);
				 *((intOrPtr*)(_t184 - 0x51)) = 0xb7539;
				r14d = 1;
				 *((intOrPtr*)(_t184 - 0x4d)) = 0;
				 *(_t184 + 0x67) = 0xb0fd7e;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) + 0x67e8;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) ^ 0x00b16566;
				r9d =  *(_t184 + 0x67);
				 *(_t184 + 0x67) = 0x5bcef4;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) >> 0xa;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) >> 0xc;
				if ((r8d &  *(_t184 + 0x67)) == 0) goto 0xaed7998;
				_t136 = _t193 + 0x60;
				r9d = r9d + r14d;
				 *((short*)(_t184 + _t170 * 2 - 0x41)) = _t136;
				if (_t136 + r14w - 0x7a <= 0) goto 0xaed7983;
				 *(_t184 + 0x67) = 0x86594f;
				 *(_t184 + 0x67) = 0xba2e8ba3 *  *(_t184 + 0x67) >> 0x20 >> 3;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) + 0xe1d;
				 *(_t184 + 0x67) = 0xa57eb503 *  *(_t184 + 0x67) >> 0x20 >> 6;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) ^ 0x00001fbb;
				if ((r8d &  *(_t184 + 0x67)) == 0) goto 0xaed79ef;
				r9d = r9d + r14d;
				 *((short*)(_t184 + _t170 * 2 - 0x41)) = 0x41;
				if (0x41 + r14w - 0x5a <= 0) goto 0xaed79da;
				 *(_t184 + 0x67) = 0xc2ea7e;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) * 0x78;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) | 0xd9c101a8;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) ^ 0xdbddebbc;
				if ((r8d &  *(_t184 + 0x67)) == 0) goto 0xaed7a2d;
				r9d = r9d + r14d;
				 *((short*)(_t184 + _t170 * 2 - 0x41)) = 0x30;
				if (0x30 + r14w - 0x39 <= 0) goto 0xaed7a18;
				 *(_t184 + 0x67) = 0xd51490;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) >> 4;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) | 0x4d93e37f;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) + 0xffffd27b;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) ^ 0x4d9fc5fa;
				_t167 =  *(_t184 + 0x67) - r11d;
				if (_t167 >= 0) goto 0xaed7aab;
				 *(_t184 + 0x67) = 0xce5641;
				 *(_t184 + 0x67) = ( *(_t184 + 0x67) - (0x8421085 *  *(_t184 + 0x67) >> 0x20) >> 1) + (0x8421085 *  *(_t184 + 0x67) >> 0x20) >> 4;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) << 5;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) | 0x3b8a87b1;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) ^ 0x3bd3936f;
				E00007FFA7FFA0AEDF21C(( *(_t184 + 0x67) - (0x8421085 *  *(_t184 + 0x67) >> 0x20) >> 1) + (0x8421085 *  *(_t184 + 0x67) >> 0x20) >> 4, _t170, __rcx);
				 *((short*)(__r9 + __rcx * 2)) =  *(_t184 + _t175 * 2 - 0x41) & 0x0000ffff;
				if (_t167 != 0) goto 0xaed7a5e;
				 *(_t184 + 0x67) = 0x8551c;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) * 0x17;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) + 0xe62;
				 *(_t184 + 0x67) =  *(_t184 + 0x67) ^ 0x00bfb3ee;
				_t135 =  *(_t184 + 0x67);
				if ((r10d & _t135) == 0) goto 0xaed7ad6;
				 *((short*)(__r9 + __r11 * 2)) = 0;
				return _t135;
			}

0x7ffa0aed7908
0x7ffa0aed7908
0x7ffa0aed7908
0x7ffa0aed790d
0x7ffa0aed7914
0x7ffa0aed7916
0x7ffa0aed7928
0x7ffa0aed792b
0x7ffa0aed792f
0x7ffa0aed7932
0x7ffa0aed7937
0x7ffa0aed7940
0x7ffa0aed7946
0x7ffa0aed7949
0x7ffa0aed7950
0x7ffa0aed7957
0x7ffa0aed795e
0x7ffa0aed7962
0x7ffa0aed7969
0x7ffa0aed796d
0x7ffa0aed797d
0x7ffa0aed797f
0x7ffa0aed7986
0x7ffa0aed7989
0x7ffa0aed7996
0x7ffa0aed7998
0x7ffa0aed79b1
0x7ffa0aed79b4
0x7ffa0aed79c3
0x7ffa0aed79c6
0x7ffa0aed79d3
0x7ffa0aed79dd
0x7ffa0aed79e0
0x7ffa0aed79ed
0x7ffa0aed79ef
0x7ffa0aed79fa
0x7ffa0aed79fd
0x7ffa0aed7a04
0x7ffa0aed7a11
0x7ffa0aed7a1b
0x7ffa0aed7a1e
0x7ffa0aed7a2b
0x7ffa0aed7a2d
0x7ffa0aed7a34
0x7ffa0aed7a38
0x7ffa0aed7a3f
0x7ffa0aed7a46
0x7ffa0aed7a50
0x7ffa0aed7a53
0x7ffa0aed7a5e
0x7ffa0aed7a78
0x7ffa0aed7a7b
0x7ffa0aed7a7f
0x7ffa0aed7a86
0x7ffa0aed7a90
0x7ffa0aed7a9f
0x7ffa0aed7aa9
0x7ffa0aed7aab
0x7ffa0aed7ab6
0x7ffa0aed7ab9
0x7ffa0aed7ac0
0x7ffa0aed7ac7
0x7ffa0aed7acd
0x7ffa0aed7ad1
0x7ffa0aed7aed

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b516e3cd57773f42bb28a15eb43abe6253a302af0ffb12630370575cc2f05e2c
Instruction ID: 70faaf04498c913d81c7c060dbd22e596a45002b13db17620dfe2df03db0b173
Opcode Fuzzy Hash: b516e3cd57773f42bb28a15eb43abe6253a302af0ffb12630370575cc2f05e2c
Instruction Fuzzy Hash: 18510373A047518FD758DF38E045AAD3BA9F344748B4041B9EE0EABA98E778F805CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE415C Relevance: .1, Instructions: 123
COMMONCrypto

Download Yara Rule

C-Code - Quality: 72%

			E00007FFA7FFA0AEE415C(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9) {
				void* _t150;
				long long _t160;
				void* _t163;
				void* _t165;
				void* _t166;
				void* _t168;
				void* _t169;

				_t150 = _t168;
				 *((long long*)(_t150 + 8)) = __rbx;
				 *((long long*)(_t150 + 0x10)) = __rsi;
				 *((long long*)(_t150 + 0x18)) = __rdi;
				_t166 = _t150 - 0x4f;
				_t169 = _t168 - 0xa0;
				_t160 =  *((intOrPtr*)(_t166 + 0x77));
				_t163 = __rdx;
				 *((intOrPtr*)(_t169 + 0x28)) =  *((intOrPtr*)(_t166 + 0x7f));
				 *((long long*)(_t169 + 0x20)) = _t160;
				E00007FFA7FFA0AEE3C78( *((intOrPtr*)(_t166 + 0x7f)), __rcx, __rdx, __r8, __r9);
				 *((intOrPtr*)(_t166 - 0x19)) = 0x951d5;
				 *((intOrPtr*)(_t166 - 0x15)) = 0x2e21b;
				 *((intOrPtr*)(_t166 - 0xd)) = 0;
				 *((intOrPtr*)(_t166 - 0x11)) = 0x7f4cb;
				if (0xd3faa == 0x335b7) goto 0xaee42f0;
				if (0xd3faa == 0x7fcde) goto 0xaee4269;
				if (0xd3faa == 0xd3faa) goto 0xaee425f;
				if (0xd3faa != 0xf711d) goto 0xaee436e;
				 *(_t166 - 0x25) = 0x1341be;
				 *(_t166 - 0x25) =  *(_t166 - 0x25) ^ 0x8c941e03;
				 *(_t166 - 0x25) =  *(_t166 - 0x25) ^ 0x8c8f1467;
				 *(_t166 - 0x29) = 0xcf98;
				 *(_t166 - 0x29) =  *(_t166 - 0x29) + 0x9cc0;
				_t128 =  *(_t166 - 0x29);
				 *((long long*)(_t169 + 0x20)) = _t160 + 0x10;
				 *(_t166 - 0x29) = ( *(_t166 - 0x29) - (0x446f8657 * _t128 >> 0x20) >> 1) + (0x446f8657 * _t128 >> 0x20) >> 6;
				 *(_t166 - 0x29) =  *(_t166 - 0x29) ^ 0x0001b47f;
				 *(_t166 - 0x21) = 0x3babb;
				 *(_t166 - 0x21) =  *(_t166 - 0x21) | 0x220d836b;
				 *(_t166 - 0x21) =  *(_t166 - 0x21) ^ 0x2208c6b1;
				r8d =  *(_t166 - 0x21);
				if (E00007FFA7FFA0AEDFE5C(0xd3faa - 0xf711d, __rcx, _t166 - 9, _t165) == 0) goto 0xaee4379;
				goto 0xaee41b0;
				goto 0xaee41b0;
				 *(_t166 - 0x29) = 0x8f2738;
				 *(_t166 - 0x29) =  *(_t166 - 0x29) << 3;
				 *(_t166 - 0x29) =  *(_t166 - 0x29) + 0xffffdca5;
				 *(_t166 - 0x29) =  *(_t166 - 0x29) | 0x959f15e3;
				 *(_t166 - 0x29) =  *(_t166 - 0x29) ^ 0x95f954fb;
				 *(_t166 - 0x25) = 0xd49418;
				 *((long long*)(_t169 + 0x20)) = _t166 - 9;
				 *(_t166 - 0x25) = 0xaaaaaaab *  *(_t166 - 0x25) >> 0x20 >> 1;
				 *(_t166 - 0x25) =  *(_t166 - 0x25) << 2;
				 *(_t166 - 0x25) =  *(_t166 - 0x25) + 0x1bb2;
				 *(_t166 - 0x25) =  *(_t166 - 0x25) ^ 0x011fa0bc;
				 *(_t166 - 0x21) = 0x290811;
				 *(_t166 - 0x21) =  *(_t166 - 0x21) << 2;
				 *(_t166 - 0x21) =  *(_t166 - 0x21) + 0x7642;
				 *(_t166 - 0x21) =  *(_t166 - 0x21) ^ 0x00a0e0a7;
				r9d =  *(_t166 - 0x21);
				r8d =  *(_t166 - 0x25);
				E00007FFA7FFA0AEDDBDC(_t166 - 9, _t163);
				goto 0xaee41b0;
				 *(_t166 - 0x25) = 0x73379a;
				 *(_t166 - 0x25) =  *(_t166 - 0x25) * 0x37;
				 *(_t166 - 0x25) =  *(_t166 - 0x25) + 0xffffe541;
				 *(_t166 - 0x25) =  *(_t166 - 0x25) ^ 0x18c5c5f7;
				 *(_t166 - 0x29) = 0x1ade65;
				 *(_t166 - 0x29) =  *(_t166 - 0x29) * 0x33;
				 *(_t166 - 0x29) =  *(_t166 - 0x29) << 0xf;
				 *(_t166 - 0x29) =  *(_t166 - 0x29) ^ 0x270feed4;
				 *(_t166 - 0x21) = 0x828075;
				 *(_t166 - 0x21) =  *(_t166 - 0x21) * 0x3e;
				 *(_t166 - 0x21) =  *(_t166 - 0x21) << 7;
				 *(_t166 - 0x21) =  *(_t166 - 0x21) ^ 0xcd80a10a;
				 *((long long*)(_t169 + 0x20)) = _t160 + 0x50;
				r8d =  *(_t166 - 0x21);
				E00007FFA7FFA0AEDFE5C(E00007FFA7FFA0AEDFE5C(0xd3faa - 0xf711d, __rcx, _t166 - 9, _t165), _t163, _t166 - 9);
				_t126 =  !=  ? 1 : 0;
				if (0xd3385 != 0xd3385) goto 0xaee41b0;
				_t124 =  !=  ? 1 : 0;
				return  !=  ? 1 : 0;
			}

0x7ffa0aee415c
0x7ffa0aee415f
0x7ffa0aee4163
0x7ffa0aee4167
0x7ffa0aee416c
0x7ffa0aee4170
0x7ffa0aee417a
0x7ffa0aee417e
0x7ffa0aee4181
0x7ffa0aee4185
0x7ffa0aee418a
0x7ffa0aee418f
0x7ffa0aee419a
0x7ffa0aee41a1
0x7ffa0aee41a9
0x7ffa0aee41b5
0x7ffa0aee41c0
0x7ffa0aee41cb
0x7ffa0aee41d6
0x7ffa0aee41dc
0x7ffa0aee41ec
0x7ffa0aee41f3
0x7ffa0aee41fa
0x7ffa0aee4201
0x7ffa0aee4208
0x7ffa0aee4213
0x7ffa0aee421f
0x7ffa0aee4222
0x7ffa0aee4229
0x7ffa0aee4230
0x7ffa0aee4237
0x7ffa0aee423e
0x7ffa0aee424f
0x7ffa0aee425a
0x7ffa0aee4264
0x7ffa0aee4269
0x7ffa0aee4275
0x7ffa0aee4279
0x7ffa0aee4280
0x7ffa0aee4287
0x7ffa0aee428e
0x7ffa0aee42a3
0x7ffa0aee42a8
0x7ffa0aee42ab
0x7ffa0aee42af
0x7ffa0aee42b6
0x7ffa0aee42bd
0x7ffa0aee42c4
0x7ffa0aee42c8
0x7ffa0aee42cf
0x7ffa0aee42d6
0x7ffa0aee42da
0x7ffa0aee42e1
0x7ffa0aee42eb
0x7ffa0aee42f0
0x7ffa0aee42ff
0x7ffa0aee4302
0x7ffa0aee4309
0x7ffa0aee4310
0x7ffa0aee431b
0x7ffa0aee431e
0x7ffa0aee4322
0x7ffa0aee4329
0x7ffa0aee4334
0x7ffa0aee433d
0x7ffa0aee4344
0x7ffa0aee434b
0x7ffa0aee4350
0x7ffa0aee435a
0x7ffa0aee436b
0x7ffa0aee4373
0x7ffa0aee4381
0x7ffa0aee4393

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fad9d33a30dd06c0df9b2c2775a7cfef24a9efea177a4b9259e227e0b3a8fd5
Instruction ID: 9b9f6dc1729226fa8f4c170cb3acc51c51c174ae9b5fcb959325c41171d1c005
Opcode Fuzzy Hash: 3fad9d33a30dd06c0df9b2c2775a7cfef24a9efea177a4b9259e227e0b3a8fd5
Instruction Fuzzy Hash: 62511473B247048FE718DFB8D15589D3BF1F348388B404169DE0AA7B58DB789919CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEE03D8 Relevance: .1, Instructions: 121
COMMONCrypto

Download Yara Rule

C-Code - Quality: 64%

			E00007FFA7FFA0AEE03D8(void* __ebx, void* __edi, char* __rax, long long __rbx, void* __rcx, intOrPtr* __rdx, long long __rsi, long long _a8, signed int _a16, long long _a24, signed int _a32) {
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				void* _t79;
				intOrPtr _t93;
				char _t99;
				void* _t100;
				void* _t117;
				char* _t119;
				void* _t120;
				void* _t121;
				intOrPtr* _t125;
				void* _t126;
				char* _t128;
				long long _t129;
				intOrPtr _t136;
				void* _t143;
				void* _t145;

				_t119 = __rax;
				_a8 = __rbx;
				_a24 = __rsi;
				E00007FFA7FFA0AEE3C78(_t79, __rcx, __rdx, _t143, _t145);
				_t125 =  *((intOrPtr*)(__rdx + 0x10));
				_t136 =  *__rdx;
				_v48 = 0x1a921;
				_v44 = 0xa56da;
				_v36 = 0;
				_v40 = 0x8a41c;
				if (_t125 - _t136 >= 0) goto 0xaee05b1;
				_v52 = 0xd2737f;
				_v52 = _v52 | 0xbf7f2fee;
				_v52 = _v52 >> 5;
				_v52 = _v52 ^ 0x05fffbfe;
				_v56 = 0xcc15b2;
				_v56 = _v56 >> 2;
				_v56 = _v56 ^ 0xfd783681;
				_v56 = _v56 * 0x2c;
				_v56 = _v56 ^ 0x88e1c6dd;
				_a32 = 0xcd83aa;
				_a32 = _a32 | 0xbdfbbfbe;
				_a32 = _a32 + 0x2ff1;
				_a32 = _a32 ^ 0xbdf9ced9;
				_a16 = 0xdf800f;
				_a16 = _a16 << 7;
				_a16 = _a16 + 0xffff3601;
				_a16 = _a16 + 0x5560;
				_a16 = _a16 ^ 0x6fbffd93;
				E00007FFA7FFA0AEDDE9C(__edi - __ebx + _v52, _t100, _t119);
				if (_t119 == 0) goto 0xaee05b1;
				_t99 =  *_t125;
				if (_t99 != 0x22) goto 0xaee04cc;
				if (_t99 != 0x2c) goto 0xaee04d9;
				if (0xbadbad == 0) goto 0xaee05a5;
				if (_t99 != 0xd) goto 0xaee0576;
				_a16 = 0xc0227d;
				_a16 = _a16 + 0xffffaacd;
				_a16 = _a16 ^ 0xb8836b16;
				_a16 = _a16 ^ 0xb83ca65d;
				_t120 = _t119 + _t125;
				if (_t120 - _t136 >= 0) goto 0xaee057b;
				if ( *((char*)(_t125 + 1)) != 0xa) goto 0xaee057b;
				_a16 = 0x24380e;
				_a16 = _a16 << 5;
				_a16 = _a16 ^ 0x048701c1;
				_a16 = 0xd457d3;
				_a16 = _a16 ^ 0xbcefd77d;
				_t126 = _t125 + _t120;
				_a16 = _a16 ^ 0xc9af8060;
				_a16 = _a16 ^ 0x759400cf;
				_t121 = _t120 + _t126;
				if (_t121 - _t136 >= 0) goto 0xaee057b;
				_t93 =  *((intOrPtr*)(_t126 + 1));
				if (_t93 == 0x20) goto 0xaee0559;
				if (_t93 != 9) goto 0xaee057b;
				_a16 = 0x80e804;
				_a16 = _a16 | 0xe7f1c3f5;
				_a16 = _a16 ^ 0xe7f1ebf4;
				goto 0xaee057b;
				 *_t119 = _t99;
				_t128 = _t126 + _t121 + 1;
				if (_t128 - _t136 < 0) goto 0xaee04bc;
				goto 0xaee05a5;
				_t117 =  *_t128 - 0x2c;
				if (_t117 > 0) goto 0xaee05aa;
				asm("dec eax");
				if (_t117 >= 0) goto 0xaee05aa;
				_t129 = _t128 + 1;
				if (_t129 - _t136 < 0) goto 0xaee0589;
				 *((long long*)(__rdx + 0x10)) = _t129;
				return _a16;
			}

0x7ffa0aee03d8
0x7ffa0aee03d8
0x7ffa0aee03dd
0x7ffa0aee03f0
0x7ffa0aee03f5
0x7ffa0aee03f9
0x7ffa0aee03fe
0x7ffa0aee0407
0x7ffa0aee040e
0x7ffa0aee0411
0x7ffa0aee041b
0x7ffa0aee0421
0x7ffa0aee042a
0x7ffa0aee0433
0x7ffa0aee0437
0x7ffa0aee043e
0x7ffa0aee0445
0x7ffa0aee0449
0x7ffa0aee0454
0x7ffa0aee0457
0x7ffa0aee045e
0x7ffa0aee0465
0x7ffa0aee046c
0x7ffa0aee0473
0x7ffa0aee047a
0x7ffa0aee0481
0x7ffa0aee0485
0x7ffa0aee048c
0x7ffa0aee0493
0x7ffa0aee04a8
0x7ffa0aee04b3
0x7ffa0aee04bc
0x7ffa0aee04c1
0x7ffa0aee04cf
0x7ffa0aee04d3
0x7ffa0aee04dc
0x7ffa0aee04e2
0x7ffa0aee04e9
0x7ffa0aee04f0
0x7ffa0aee04f7
0x7ffa0aee0501
0x7ffa0aee0507
0x7ffa0aee050d
0x7ffa0aee050f
0x7ffa0aee0516
0x7ffa0aee051a
0x7ffa0aee0524
0x7ffa0aee052b
0x7ffa0aee0532
0x7ffa0aee0535
0x7ffa0aee053c
0x7ffa0aee0546
0x7ffa0aee054c
0x7ffa0aee054e
0x7ffa0aee0553
0x7ffa0aee0557
0x7ffa0aee0559
0x7ffa0aee0560
0x7ffa0aee0567
0x7ffa0aee0574
0x7ffa0aee0576
0x7ffa0aee057b
0x7ffa0aee0581
0x7ffa0aee0587
0x7ffa0aee0589
0x7ffa0aee058c
0x7ffa0aee059c
0x7ffa0aee05a0
0x7ffa0aee05a2
0x7ffa0aee05a8
0x7ffa0aee05aa
0x7ffa0aee05c3

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48fd9d97b415cacae29e02dfafb04fecd33d8ed85f01688b124c59b0c0f3ba56
Instruction ID: ee8eecc4457a6750fc45f66f308f8ebda3338315c564f7cc3e6f630406863aed
Opcode Fuzzy Hash: 48fd9d97b415cacae29e02dfafb04fecd33d8ed85f01688b124c59b0c0f3ba56
Instruction Fuzzy Hash: 9E51E473A043208FEB65EF34D0952AD3FB0F7097ACB199528EB0E46A48D778D485CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AEDCD9C Relevance: .1, Instructions: 92
COMMONCrypto

Download Yara Rule

C-Code - Quality: 84%

			E00007FFA7FFA0AEDCD9C(long long __rbx, void* __rdx, long long __rdi, void* __r8) {
				void* _t50;
				void* _t74;
				void* _t79;
				void* _t80;
				void* _t82;
				void* _t83;
				void* _t87;

				 *((long long*)(_t82 + 8)) = __rbx;
				 *((long long*)(_t82 + 0x10)) = __rdi;
				_t80 = _t82 - 0x57;
				_t83 = _t82 - 0xa0;
				E00007FFA7FFA0AEE3C78(_t50, _t74, __rdx, __r8, _t87);
				 *((intOrPtr*)(_t80 - 9)) = 0x83946;
				r11d = 0;
				 *((intOrPtr*)(_t80 - 5)) = 0;
				if (0x64d02 == 0x64d02) goto 0xaedcf3f;
				if (0x64d02 == 0x6ef44) goto 0xaedceb1;
				if (0x64d02 != 0x81f1e) goto 0xaedcf44;
				 *(_t80 - 0xd) = 0x41c7fa;
				 *(_t80 - 0xd) =  *(_t80 - 0xd) | 0xeefec8a6;
				 *(_t80 - 0xd) =  *(_t80 - 0xd) << 1;
				 *(_t80 - 0xd) =  *(_t80 - 0xd) ^ 0xddfd290e;
				 *(_t80 - 0x19) = 0xb8091a;
				 *(_t80 - 0x19) =  *(_t80 - 0x19) * 0x3c;
				 *(_t80 - 0x19) =  *(_t80 - 0x19) + 0xfa2;
				 *(_t80 - 0x19) =  *(_t80 - 0x19) ^ 0xf764f8fd;
				 *(_t80 - 0x19) =  *(_t80 - 0x19) ^ 0xdc4f2fcc;
				 *(_t80 - 0x15) = 0x441be8;
				 *(_t80 - 0x15) =  *(_t80 - 0x15) + 0x9ff1;
				 *(_t80 - 0x15) =  *(_t80 - 0x15) ^ 0x13d19525;
				 *(_t80 - 0x15) =  *(_t80 - 0x15) ^ 0x139750c9;
				 *(_t80 - 0x11) = 0xdec409;
				 *(_t80 - 0x11) =  *(_t80 - 0x11) >> 0xe;
				 *(_t80 - 0x11) = 0xaaaaaaab *  *(_t80 - 0x11) >> 0x20 >> 4;
				 *(_t80 - 0x11) =  *(_t80 - 0x11) ^ 0x000694d4;
				r9d =  *(_t80 - 0x15);
				 *(_t83 + 0x28) =  *(_t80 - 0x11);
				 *((long long*)(_t83 + 0x20)) = _t80 + 7;
				E00007FFA7FFA0AEDBCA4(__rdx, _t79);
				r11d =  !=  ? 1 : r11d;
				return r11d;
			}

0x7ffa0aedcd9c
0x7ffa0aedcda1
0x7ffa0aedcda7
0x7ffa0aedcdac
0x7ffa0aedcdb9
0x7ffa0aedcdc0
0x7ffa0aedcdc7
0x7ffa0aedcdca
0x7ffa0aedcdd7
0x7ffa0aedcde2
0x7ffa0aedcded
0x7ffa0aedcdf3
0x7ffa0aedcdfd
0x7ffa0aedce04
0x7ffa0aedce07
0x7ffa0aedce0e
0x7ffa0aedce19
0x7ffa0aedce21
0x7ffa0aedce28
0x7ffa0aedce2f
0x7ffa0aedce36
0x7ffa0aedce3d
0x7ffa0aedce44
0x7ffa0aedce4b
0x7ffa0aedce52
0x7ffa0aedce59
0x7ffa0aedce65
0x7ffa0aedce68
0x7ffa0aedce72
0x7ffa0aedce7c
0x7ffa0aedce84
0x7ffa0aedce89
0x7ffa0aedce95
0x7ffa0aedceb0

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 395e648f6890fde6d3af51871a220c460cd31d29e77393e31b084a71f729a33d
Instruction ID: 9a721a632ab319077f39ac80da81a336ae780da9b1575357d60b667fc9120041
Opcode Fuzzy Hash: 395e648f6890fde6d3af51871a220c460cd31d29e77393e31b084a71f729a33d
Instruction Fuzzy Hash: EE411573B043408FE368DFB4D4569EE3BB2E34478CB008869DE49A7A58DB789615CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFA0AED6548 Relevance: .1, Instructions: 78
COMMONCrypto

Download Yara Rule

C-Code - Quality: 37%

			E00007FFA7FFA0AED6548(void* __ebx, void* __rax, intOrPtr* __rcx, long long __rdx, long long* __r8, signed int _a8, signed int _a16, signed int _a32) {
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				unsigned int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v72;
				void* _t69;
				intOrPtr _t72;
				void* _t93;
				void* _t94;
				long long* _t95;
				void* _t98;

				_v40 = 0x9d42d;
				_v36 = 0x215;
				_t94 = _t93 +  *__rcx;
				_v32 = 0;
				_a16 = 0x7c8893;
				_a16 = _a16 + 0x9935;
				_t95 = __r8;
				_a16 = _a16 | 0x2fff776f;
				_a16 = _a16 ^ 0x2f7f77ef;
				_v52 = 0xad44be;
				_v52 = _v52 + 0xb504;
				_v52 = _v52 * 0x5b;
				_v52 = _v52 ^ 0x3d97c7f6;
				_v48 = 0xfb9113;
				_v48 = _v48 >> 5;
				_v48 = _v48 ^ 0x000bb913;
				_a8 = 0xf0756a;
				_a8 = _a8 >> 7;
				_a8 = _a8 << 0xd;
				_a8 = _a8 ^ 0x2aecb949;
				_a8 = _a8 ^ 0x16f467f4;
				_v56 = 0x9e340c;
				_v56 = _v56 >> 6;
				_v56 = 0x22b63cbf * _v56 >> 0x20 >> 4;
				_v56 = _v56 ^ 0x0009a49d;
				_a32 = 0x7f858;
				_a32 = _a32 | 0x9a862637;
				_a32 = _a32 * 0x25;
				_a32 = _a32 ^ 0x55aee416;
				_v72 = _v52;
				_t69 = E00007FFA7FFA0AEE5608(_a16, __rdx);
				if (__rdx - _t94 < 0) goto 0xaed6674;
				goto 0xaed66a2;
				_t98 = __rdx + 1;
				if ( *((intOrPtr*)(__rdx)) == 0xa) goto 0xaed6683;
				if (_t98 - _t94 < 0) goto 0xaed6674;
				if (_t98 - _t94 >= 0) goto 0xaed6693;
				if (_t98 - __rdx - _t69 < 0) goto 0xaed6674;
				r11d = r11d - __ebx;
				 *_t95 = __rdx;
				_t72 = r11d;
				 *((intOrPtr*)(_t95 + 8)) = _t72;
				return _t72;
			}

0x7ffa0aed6553
0x7ffa0aed655b
0x7ffa0aed6563
0x7ffa0aed656b
0x7ffa0aed656f
0x7ffa0aed657a
0x7ffa0aed6582
0x7ffa0aed6585
0x7ffa0aed658d
0x7ffa0aed6595
0x7ffa0aed659d
0x7ffa0aed65aa
0x7ffa0aed65b3
0x7ffa0aed65bb
0x7ffa0aed65c3
0x7ffa0aed65c8
0x7ffa0aed65d0
0x7ffa0aed65d8
0x7ffa0aed65dd
0x7ffa0aed65e2
0x7ffa0aed65ea
0x7ffa0aed65f2
0x7ffa0aed65fa
0x7ffa0aed6608
0x7ffa0aed660c
0x7ffa0aed6614
0x7ffa0aed661f
0x7ffa0aed6632
0x7ffa0aed6639
0x7ffa0aed665f
0x7ffa0aed6663
0x7ffa0aed666e
0x7ffa0aed6672
0x7ffa0aed6677
0x7ffa0aed667c
0x7ffa0aed6681
0x7ffa0aed6686
0x7ffa0aed6691
0x7ffa0aed6693
0x7ffa0aed6696
0x7ffa0aed6699
0x7ffa0aed669c
0x7ffa0aed66a9

Memory Dump Source

Source File: 00000000.00000002.562441647.00007FFA0AED1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFA0AED0000, based on PE: true

Associated: 00000000.00000002.562436553.00007FFA0AED0000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562467709.00007FFA0AEE7000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562473290.00007FFA0AEE8000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000000.00000002.562480066.00007FFA0AEEA000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffa0aed0000_ts.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3846613b12acdc12fe9e916f574d4db4510b9711b531412ea5e3d9fdde54c08a
Instruction ID: c844cc3136eb8adaac2293555219f2cc509cfcdf550e2511ba0562005f18bafe
Opcode Fuzzy Hash: 3846613b12acdc12fe9e916f574d4db4510b9711b531412ea5e3d9fdde54c08a
Instruction Fuzzy Hash: AC312E735292908BD795DF38F18955ABBA1F384B44F209128F79A87E68EB7CD845CF00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588B710 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5697ca220b2d8f716c16800f42de1ef82c21560ccc3459d127ba4ac34867995d
Instruction ID: 114979d6594b4d143b4ce3fc7bda35171842982002faf3251cf347ac50c67968
Opcode Fuzzy Hash: 5697ca220b2d8f716c16800f42de1ef82c21560ccc3459d127ba4ac34867995d
Instruction Fuzzy Hash: 95A0022290ED06D1EA45BB40EC50034A370FBAAB82BC201B5F54F510B0AF7CF520D330

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588A020 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 151
COMMON

Download Yara Rule

C-Code - Quality: 26%

			E00007FF77FF7A588A020(long long __rax, long long* __rcx, void* __rdx) {
				void* __rbx;
				void* __rsi;
				intOrPtr _t58;
				char _t60;
				void* _t68;
				intOrPtr _t94;
				long long _t96;
				long long* _t118;
				void* _t119;
				void* _t120;
				void* _t121;
				void* _t123;
				long long _t124;

				_t119 = _t120 - 0x37;
				_t121 = _t120 - 0xf0;
				_t118 = __rcx;
				r14d = 0;
				 *((intOrPtr*)(_t119 + 0x67)) = r14d;
				if (__rcx == 0) goto 0xa588a22d;
				if ( *((intOrPtr*)(__rcx)) != _t124) goto 0xa588a22d;
				E00007FF77FF7A588AD90(__rax, __rcx);
				_t96 = __rax;
				 *((long long*)(_t119 + 0x77)) = __rax;
				asm("xorps xmm0, xmm0");
				asm("movups [eax], xmm0");
				asm("movups [eax+0x10], xmm0");
				asm("movups [eax+0x20], xmm0");
				_t94 =  *((intOrPtr*)(__rdx + 8));
				if (_t94 == 0) goto 0xa588a088;
				if ( *((intOrPtr*)(_t94 + 0x28)) != 0) goto 0xa588a08f;
				goto 0xa588a08f;
				E00007FF77FF7A588BCE0(0, _t121 + 0x20);
				 *((long long*)(_t121 + 0x28)) = _t124;
				 *((char*)(_t121 + 0x30)) = 0;
				 *((long long*)(_t121 + 0x38)) = _t124;
				 *((char*)(_t119 - 0x79)) = 0;
				 *((long long*)(_t119 - 0x71)) = _t124;
				 *((intOrPtr*)(_t119 - 0x69)) = r14w;
				 *((long long*)(_t119 - 0x61)) = _t124;
				 *((intOrPtr*)(_t119 - 0x59)) = r14w;
				 *((long long*)(_t119 - 0x51)) = _t124;
				 *((char*)(_t119 - 0x49)) = 0;
				 *((long long*)(_t119 - 0x41)) = _t124;
				 *((char*)(_t119 - 0x39)) = 0;
				if (0xa58f1aab == 0) goto 0xa588a246;
				E00007FF77FF7A5892240(_t94, _t96, _t121 + 0x20, 0xa58f1aab);
				 *((intOrPtr*)(_t119 + 0x67)) = 1;
				 *((intOrPtr*)(_t96 + 8)) = r14d;
				 *_t96 = 0xa58e29f0;
				E00007FF77FF7A58BE314(0xa58e29f0);
				E00007FF77FF7A5893EF8(0xa58e29f0, _t96, _t119 - 0x31, _t123);
				 *((long long*)(_t96 + 0x10)) = _t124;
				 *((long long*)(_t96 + 0x20)) = _t124;
				 *((long long*)(_t96 + 0x28)) = _t124;
				 *((long long*)(_t119 + 0x7f)) = _t96;
				E00007FF77FF7A5893EF8(0xa58e29f0, _t96, _t119 - 1, _t123);
				0xa58bac48();
				if (0xa58e29f0 == 0) goto 0xa588a253;
				 *0xa58e29f0 = 0;
				 *((long long*)(_t96 + 0x10)) = 0xa58e29f0;
				0xa58bac48();
				if (0xa58e29f0 == 0) goto 0xa588a259;
				_t58 =  *((intOrPtr*)("false")); // 0x736c6166
				 *0xa58e29f0 = _t58;
				 *((short*)(0x7ff7a58e29f4)) =  *0xa58f1ae4 & 0x0000ffff;
				 *((long long*)(_t96 + 0x20)) = 0xa58e29f0;
				0xa58bac48();
				if (0xa58e29f0 == 0) goto 0xa588a240;
				_t60 = "true"; // 0x65757274
				 *0xa58e29f0 = _t60;
				 *((char*)(0x7ff7a58e29f4)) =  *0xa58f1aec & 0x000000ff;
				 *((long long*)(_t96 + 0x28)) = 0xa58e29f0;
				 *((short*)(_t96 + 0x18)) = 0x2c2e;
				 *_t118 = _t96;
				E00007FF77FF7A58922AC(_t121 + 0x20);
				if ( *((intOrPtr*)(_t119 - 0x41)) == 0) goto 0xa588a1c0;
				E00007FF77FF7A58BE348(_t96, 0xa58f1aab, _t118);
				 *((long long*)(_t119 - 0x41)) = _t124;
				if ( *((intOrPtr*)(_t119 - 0x51)) == 0) goto 0xa588a1d2;
				E00007FF77FF7A58BE348(_t96, 0xa58f1aab, _t118);
				 *((long long*)(_t119 - 0x51)) = _t124;
				if ( *((intOrPtr*)(_t119 - 0x61)) == 0) goto 0xa588a1e4;
				E00007FF77FF7A58BE348(_t96, 0xa58f1aab, _t118);
				 *((long long*)(_t119 - 0x61)) = _t124;
				if ( *((intOrPtr*)(_t119 - 0x71)) == 0) goto 0xa588a1f6;
				E00007FF77FF7A58BE348(_t96, 0xa58f1aab, _t118);
				 *((long long*)(_t119 - 0x71)) = _t124;
				if ( *((intOrPtr*)(_t121 + 0x38)) == 0) goto 0xa588a209;
				E00007FF77FF7A58BE348(_t96, 0xa58f1aab, _t118);
				 *((long long*)(_t121 + 0x38)) = _t124;
				if ( *((intOrPtr*)(_t121 + 0x28)) == 0) goto 0xa588a21d;
				_t68 = E00007FF77FF7A58BE348(_t96, 0xa58f1aab, _t118);
				 *((long long*)(_t121 + 0x28)) = _t124;
				E00007FF77FF7A588BD58(_t68, _t121 + 0x20);
				return 4;
			}

0x7ff7a588a027
0x7ff7a588a02c
0x7ff7a588a036
0x7ff7a588a039
0x7ff7a588a03c
0x7ff7a588a043
0x7ff7a588a04c
0x7ff7a588a056
0x7ff7a588a05b
0x7ff7a588a05e
0x7ff7a588a062
0x7ff7a588a065
0x7ff7a588a068
0x7ff7a588a06c
0x7ff7a588a070
0x7ff7a588a077
0x7ff7a588a080
0x7ff7a588a086
0x7ff7a588a096
0x7ff7a588a09c
0x7ff7a588a0a1
0x7ff7a588a0a6
0x7ff7a588a0ab
0x7ff7a588a0af
0x7ff7a588a0b3
0x7ff7a588a0b8
0x7ff7a588a0bc
0x7ff7a588a0c1
0x7ff7a588a0c5
0x7ff7a588a0c9
0x7ff7a588a0cd
0x7ff7a588a0d4
0x7ff7a588a0e2
0x7ff7a588a0e8
0x7ff7a588a0ef
0x7ff7a588a0fa
0x7ff7a588a0fd
0x7ff7a588a106
0x7ff7a588a10b
0x7ff7a588a10f
0x7ff7a588a113
0x7ff7a588a117
0x7ff7a588a11f
0x7ff7a588a12b
0x7ff7a588a133
0x7ff7a588a139
0x7ff7a588a13c
0x7ff7a588a148
0x7ff7a588a153
0x7ff7a588a159
0x7ff7a588a15f
0x7ff7a588a168
0x7ff7a588a16c
0x7ff7a588a178
0x7ff7a588a183
0x7ff7a588a189
0x7ff7a588a18f
0x7ff7a588a198
0x7ff7a588a19b
0x7ff7a588a19f
0x7ff7a588a1a5
0x7ff7a588a1ad
0x7ff7a588a1b9
0x7ff7a588a1bb
0x7ff7a588a1c0
0x7ff7a588a1cb
0x7ff7a588a1cd
0x7ff7a588a1d2
0x7ff7a588a1dd
0x7ff7a588a1df
0x7ff7a588a1e4
0x7ff7a588a1ef
0x7ff7a588a1f1
0x7ff7a588a1f6
0x7ff7a588a202
0x7ff7a588a204
0x7ff7a588a209
0x7ff7a588a216
0x7ff7a588a218
0x7ff7a588a21d
0x7ff7a588a227
0x7ff7a588a23f

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A588A096
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF7A588A0E2
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A588A227
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A588A240
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A588A253
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A588A259

Strings

bad locale name, xrefs: 00007FF7A588A246
true, xrefs: 00007FF7A588A189
false, xrefs: 00007FF7A588A159

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name$false$true
API String ID: 4121308752-1062449267
Opcode ID: 1a936021f06e9486ec798e1954c26fd510f098eaff07f49ea81f35014d57dcc1
Instruction ID: 71ed64c3b6b1e286e3c42e56288493cf01c6126ac9104c89a76ce446e458f40a
Opcode Fuzzy Hash: 1a936021f06e9486ec798e1954c26fd510f098eaff07f49ea81f35014d57dcc1
Instruction Fuzzy Hash: CB618132A0B7428AE715EB60D4502BCB3A4EF46B84F864174EA4D27AB5DF3CE465D324

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58950B4 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E00007FF77FF7A58950B4(long long __rbx, void* __rcx, long long __rsi, void* __r8) {
				void* _t25;
				void* _t26;
				long long _t31;
				long long* _t33;
				void* _t34;
				void* _t47;
				void* _t55;
				long long _t57;
				void* _t58;
				long long _t60;
				void* _t64;

				_t63 = __r8;
				_t32 = __rbx;
				_t31 = _t60;
				 *((long long*)(_t31 + 8)) = __rbx;
				 *((long long*)(_t31 + 0x10)) = _t57;
				 *((long long*)(_t31 + 0x18)) = __rsi;
				_t55 = __rcx;
				_t58 = __r8;
				E00007FF77FF7A5893EF8(_t31, __rbx, _t31 - 0x38, _t64);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x2c], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [esi+0x3c], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [esi+0x4c], xmm0");
				 *((intOrPtr*)(__rcx + 0x54)) =  *((intOrPtr*)(_t31 + 0x28));
				E00007FF77FF7A58CC53C(_t26, _t32, _t47, __rcx, __r8);
				_t7 = _t58 + 0x28; // 0x28
				_t33 = _t7;
				if (_t31 == 0) goto 0xa589511a;
				E00007FF77FF7A589767C(_t31, _t33, _t33, _t31, _t55, _t58);
				E00007FF77FF7A58BE348(_t33, _t31, _t55);
				_t41 =  !=  ?  *_t33 : L":Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday";
				E00007FF77FF7A58A5390(_t31, _t33,  !=  ?  *_t33 : L":Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday", _t55, _t58);
				 *((long long*)(_t55 + 0x10)) = _t31;
				E00007FF77FF7A58CC6C8( *_t33, _t33, _t31, _t55, _t63);
				_t9 = _t58 + 0x38; // 0x38
				_t34 = _t9;
				if (_t31 == 0) goto 0xa5895156;
				E00007FF77FF7A589767C(_t31, _t34, _t34, _t31, _t55, _t58);
				E00007FF77FF7A58BE348(_t34, _t31, _t55);
				_t45 =  !=  ?  *_t34 : L":Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December";
				E00007FF77FF7A58A5390(_t31, _t34,  !=  ?  *_t34 : L":Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December", _t55, _t58);
				 *((long long*)(_t55 + 0x18)) = _t31;
				_t25 = E00007FF77FF7A58A5390(_t31, _t34, L":AM:am:PM:pm", _t55, _t58);
				 *((long long*)(_t55 + 0x20)) = _t31;
				return _t25;
			}

0x7ff7a58950b4
0x7ff7a58950b4
0x7ff7a58950b4
0x7ff7a58950b7
0x7ff7a58950bb
0x7ff7a58950bf
0x7ff7a58950c8
0x7ff7a58950cb
0x7ff7a58950d2
0x7ff7a58950d7
0x7ff7a58950da
0x7ff7a58950de
0x7ff7a58950e2
0x7ff7a58950e6
0x7ff7a58950eb
0x7ff7a58950f3
0x7ff7a58950f6
0x7ff7a58950fb
0x7ff7a58950fb
0x7ff7a5895105
0x7ff7a589510d
0x7ff7a5895115
0x7ff7a5895125
0x7ff7a5895129
0x7ff7a589512e
0x7ff7a5895132
0x7ff7a5895137
0x7ff7a5895137
0x7ff7a5895141
0x7ff7a5895149
0x7ff7a5895151
0x7ff7a5895161
0x7ff7a5895165
0x7ff7a5895171
0x7ff7a5895175
0x7ff7a5895184
0x7ff7a5895192

APIs

_Yarn.LIBCPMT ref: 00007FF7A589510D
std::_Maklocwcs.LIBCPMT ref: 00007FF7A5895129
_Yarn.LIBCPMT ref: 00007FF7A5895149
std::_Maklocwcs.LIBCPMT ref: 00007FF7A5895165
std::_Maklocwcs.LIBCPMT ref: 00007FF7A5895175

Strings

:AM:am:PM:pm, xrefs: 00007FF7A589516A
:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FF7A589515A
:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF7A589511E

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Maklocwcsstd::_$Yarn
String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
API String ID: 1194159078-3743323925
Opcode ID: 719fff1c3af77dbff4d66fc84996cca404a48a63e87086933a3c957a3137530a
Instruction ID: 1e8fb921feb3f05d1a9f868ca0e4358efa72b155a790662aac12788f8f6b0f75
Opcode Fuzzy Hash: 719fff1c3af77dbff4d66fc84996cca404a48a63e87086933a3c957a3137530a
Instruction Fuzzy Hash: 35216562A06B45C5EA10EB25E51126DB3B0EF9AF80F8A4175EB4D43762DF3CF490C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58BAFE4 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 40%

			E00007FF77FF7A58BAFE4(signed short* __rax, long long __rbx, long long __rcx, signed short** __rdx, void* __r8, long long _a8, intOrPtr _a16, long long _a24) {
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				long long _v160;
				long long _v168;
				void* __rsi;
				void* __rbp;
				void* _t155;
				void* _t185;
				signed short _t199;
				signed short _t200;
				signed int _t201;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed short* _t380;
				signed short* _t381;
				signed short* _t382;
				signed short* _t384;
				signed short** _t385;
				long long _t386;
				long long* _t389;
				signed short* _t390;
				long long* _t394;
				long long* _t395;
				long long* _t396;
				signed short** _t397;
				void* _t398;
				void* _t399;
				signed short* _t404;
				signed short* _t405;
				long long _t406;
				signed short* _t407;
				long long _t408;
				intOrPtr _t409;

				_t394 = __rdx;
				_t386 = __rbx;
				_a24 = __rbx;
				_a8 = __rcx;
				_t406 =  *((intOrPtr*)(__rdx));
				r13d = 0;
				_t255 = r9b & 0xffffffff;
				r14d = r8d;
				_v64 = _t406;
				_t397 = __rdx;
				if (_t406 != 0) goto 0xa58bb02f;
				E00007FF77FF7A58C189C(__rax);
				 *__rax = 0x16;
				E00007FF77FF7A58BE7DC();
				goto 0xa58bb061;
				if (r14d == 0) goto 0xa58bb079;
				if (__r8 - 2 - 0x22 <= 0) goto 0xa58bb079;
				_v160 = __rcx;
				r9d = 0;
				 *((char*)(__rcx + 0x30)) = 1;
				r8d = 0;
				 *(__rcx + 0x2c) = 0x16;
				_v168 = _t408;
				E00007FF77FF7A58BE70C(__rax, __rbx, __rcx, __rdx, _t398, _t399, __r8);
				_t389 = _t397[1];
				if (_t389 == 0) goto 0xa58bb6c5;
				 *_t389 =  *_t397;
				goto 0xa58bb6c5;
				_t10 = _t406 + 2; // 0x2
				 *_t394 = _t10;
				_t260 = r13d;
				if ( *((intOrPtr*)(_t389 + 0x28)) != r13b) goto 0xa58bb0a3;
				0xa58bb7e0();
				goto 0xa58bb0a3;
				_t378 =  *_t397;
				 *_t397 =  &(( *_t397)[1]);
				if (E00007FF77FF7A58CDE7C( *_t378 & 0xffff, 8, _t386, _t389) != 0) goto 0xa58bb096;
				_t257 =  !=  ? _t255 : _t255 | 0x00000002;
				if ((0x0000fffd & _t386 - 0x0000002b) != 0) goto 0xa58bb0da;
				_t380 =  *_t397;
				_t199 =  *_t380 & 0x0000ffff;
				_t381 =  &(_t380[1]);
				 *_t397 = _t381;
				_a16 = 0xa70;
				_v152 = 0xae6;
				_v148 = 0xaf0;
				_v144 = 0xb66;
				r8d = 0x660;
				_v140 = 0xb70;
				_t20 = _t381 - 0x80; // 0x5e0
				r9d = _t20;
				_v136 = 0xc66;
				r10d = 0x6f0;
				_v132 = 0xc70;
				r11d = 0x966;
				_v128 = 0xce6;
				_v124 = 0xcf0;
				_v120 = 0xd66;
				_v116 = 0xd70;
				_v112 = 0xe50;
				_v108 = 0xe5a;
				_v104 = 0xed0;
				_v100 = 0xeda;
				_v96 = 0xf20;
				_v92 = 0xf2a;
				_v88 = 0x1040;
				_v84 = 0x104a;
				_v80 = 0x17e0;
				_v76 = 0x17ea;
				_v72 = 0x1810;
				_v68 = 0xff1a;
				if ((r14d & 0xffffffef) != 0) goto 0xa58bb448;
				if (_t199 - 0x30 < 0) goto 0xa58bb397;
				if (_t199 - 0x3a >= 0) goto 0xa58bb1e6;
				goto 0xa58bb392;
				if (_t199 - 0xff10 >= 0) goto 0xa58bb383;
				if (_t199 - r8w < 0) goto 0xa58bb397;
				if (_t199 - 0x66a >= 0) goto 0xa58bb20e;
				goto 0xa58bb392;
				if (_t199 - r10w < 0) goto 0xa58bb397;
				if (_t199 - 0x6fa >= 0) goto 0xa58bb22d;
				goto 0xa58bb392;
				if (_t199 - r11w < 0) goto 0xa58bb397;
				if (_t199 - 0x970 >= 0) goto 0xa58bb24c;
				goto 0xa58bb392;
				if (_t199 - r9w < 0) goto 0xa58bb397;
				if (_t199 - 0x9f0 >= 0) goto 0xa58bb26b;
				goto 0xa58bb392;
				if (_t199 - (_t199 & 0x0000ffff) - r9d < 0) goto 0xa58bb397;
				if (_t199 - _a16 >= 0) goto 0xa58bb28b;
				goto 0xa58bb392;
				if (_t199 - _v152 < 0) goto 0xa58bb397;
				if (_t199 - _v148 < 0) goto 0xa58bb1dc;
				if (_t199 - _v144 < 0) goto 0xa58bb397;
				if (_t199 - _v140 < 0) goto 0xa58bb1dc;
				if (_t199 - _v136 < 0) goto 0xa58bb397;
				if (_t199 - _v132 < 0) goto 0xa58bb1dc;
				if (_t199 - _v128 < 0) goto 0xa58bb397;
				if (_t199 - _v124 < 0) goto 0xa58bb1dc;
				if (_t199 - _v120 < 0) goto 0xa58bb397;
				if (_t199 - _v116 < 0) goto 0xa58bb1dc;
				if (_t199 - _v112 < 0) goto 0xa58bb397;
				if (_t199 - _v108 < 0) goto 0xa58bb1dc;
				if (_t199 - _v104 < 0) goto 0xa58bb397;
				if (_t199 - _v100 < 0) goto 0xa58bb1dc;
				if (_t199 - _v96 < 0) goto 0xa58bb397;
				if (_t199 - _v92 < 0) goto 0xa58bb1dc;
				if (_t199 - _v88 < 0) goto 0xa58bb397;
				if (_t199 - _v84 < 0) goto 0xa58bb1dc;
				if (_t199 - _v80 < 0) goto 0xa58bb397;
				if (_t199 - _v76 < 0) goto 0xa58bb1dc;
				if ((_t199 & 0x0000ffff) - _v72 - 9 > 0) goto 0xa58bb397;
				goto 0xa58bb1dc;
				if (_t199 - _v68 >= 0) goto 0xa58bb397;
				if ((_t199 & 0x0000ffff) - 0xff10 != 0xffffffff) goto 0xa58bb3b9;
				_t64 = _t389 - 0x41; // -17
				_t65 = _t389 - 0x61; // -49
				_t155 = _t65;
				if (_t64 - 0x19 <= 0) goto 0xa58bb3ae;
				if (_t155 - 0x19 > 0) goto 0xa58bb439;
				if (_t155 - 0x19 > 0) goto 0xa58bb3b6;
				_t66 = _t389 - 0x37; // -231
				if (_t66 != 0) goto 0xa58bb439;
				_t390 =  *_t397;
				r9d = 0xffdf;
				_t250 =  *_t390 & 0x0000ffff;
				_t67 =  &(_t390[1]); // 0xffe1
				_t404 = _t67;
				 *_t397 = _t404;
				_t68 = _t394 - 0x58; // 0x698
				if ((r9w & _t68) == 0) goto 0xa58bb421;
				 *_t397 = _t390;
				_t159 =  !=  ? r14d : 8;
				r14d =  !=  ? r14d : 8;
				if (_t250 == 0) goto 0xa58bb419;
				if ( *_t390 == _t250) goto 0xa58bb419;
				E00007FF77FF7A58C189C(_t381);
				 *_t381 = 0x16;
				E00007FF77FF7A58BE7DC();
				r8d = 0x660;
				r10d = 0x6f0;
				r11d = 0x966;
				goto 0xa58bb448;
				r8d = 0x660;
				goto 0xa58bb448;
				_t200 =  *_t404 & 0x0000ffff;
				_t71 =  &(_t404[1]); // 0xffe3
				_t382 = _t71;
				 *_t397 = _t382;
				r8d = 0x660;
				goto 0xa58bb43e;
				_t164 =  !=  ? r14d : 0xa;
				r14d = 0xa;
				_t165 = ( !=  ? r14d : 0xa) | 0xffffffff;
				_t73 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				_t252 = (( !=  ? r14d : 0xa) | 0xffffffff) % r14d;
				r12d = 0x30;
				r15d = 0xff10;
				r9d = 0xa / r14d;
				if (_t200 - r12w < 0) goto 0xa58bb618;
				if (_t200 - 0x3a >= 0) goto 0xa58bb47a;
				goto 0xa58bb613;
				if (_t200 - r15w >= 0) goto 0xa58bb603;
				if (_t200 - r8w < 0) goto 0xa58bb618;
				if (_t200 - 0x66a >= 0) goto 0xa58bb4a3;
				goto 0xa58bb613;
				if (_t200 - r10w < 0) goto 0xa58bb618;
				if (_t200 - 0x6fa >= 0) goto 0xa58bb4c2;
				goto 0xa58bb613;
				if (_t200 - r11w < 0) goto 0xa58bb618;
				if (_t200 - 0x970 >= 0) goto 0xa58bb4e1;
				goto 0xa58bb613;
				if (_t200 - 0x9e6 < 0) goto 0xa58bb618;
				_t76 =  &(_t382[5]); // 0x9f0
				if (_t200 - _t76 >= 0) goto 0xa58bb501;
				goto 0xa58bb613;
				if (_t200 - 0xa66 < 0) goto 0xa58bb618;
				if (_t200 - _a16 < 0) goto 0xa58bb4f7;
				if (_t200 - _v152 < 0) goto 0xa58bb618;
				if (_t200 - _v148 < 0) goto 0xa58bb4f7;
				if (_t200 - _v144 < 0) goto 0xa58bb618;
				if (_t200 - _v140 < 0) goto 0xa58bb4f7;
				if (_t200 - _v136 < 0) goto 0xa58bb618;
				if (_t200 - _v132 < 0) goto 0xa58bb4f7;
				if (_t200 - _v128 < 0) goto 0xa58bb618;
				if (_t200 - _v124 < 0) goto 0xa58bb4f7;
				if (_t200 - _v120 < 0) goto 0xa58bb618;
				if (_t200 - _v116 < 0) goto 0xa58bb4f7;
				if (_t200 - _v112 < 0) goto 0xa58bb618;
				if (_t200 - _v108 < 0) goto 0xa58bb4f7;
				if (_t200 - _v104 < 0) goto 0xa58bb618;
				if (_t200 - _v100 < 0) goto 0xa58bb4f7;
				if (_t200 - _v96 < 0) goto 0xa58bb618;
				if (_t200 - _v92 < 0) goto 0xa58bb4f7;
				if (_t200 - _v88 < 0) goto 0xa58bb618;
				if (_t200 - _v84 < 0) goto 0xa58bb4f7;
				if (_t200 - _v80 < 0) goto 0xa58bb618;
				if (_t200 - _v76 < 0) goto 0xa58bb4f7;
				if ((_t200 & 0x0000ffff) - _v72 - 9 > 0) goto 0xa58bb618;
				goto 0xa58bb613;
				if (_t200 - _v68 >= 0) goto 0xa58bb618;
				if ((_t200 & 0x0000ffff) - r15d != 0xffffffff) goto 0xa58bb63b;
				_t100 = _t390 - 0x41; // -65
				_t101 = _t390 - 0x61; // -97
				_t185 = _t101;
				if (_t100 - 0x19 <= 0) goto 0xa58bb62b;
				if (_t185 - 0x19 > 0) goto 0xa58bb638;
				if (_t185 - 0x19 > 0) goto 0xa58bb633;
				goto 0xa58bb63b;
				_t405 =  *_t397;
				if (((_t200 & 0x0000ffff) + 0x1ffffffa9 | 0xffffffff) - r14d >= 0) goto 0xa58bb67f;
				_t201 =  *_t405 & 0x0000ffff;
				_t254 = _t382 + _t390;
				_t261 = _t254;
				r8d = 0x660;
				 *_t397 =  &(_t405[1]);
				_t258 = ( !=  ? _t255 : _t255 | 0x00000002) | (r13d & 0xffffff00 | _t254 - r13d * r14d > 0x00000000 | r13d & 0xffffff00 | _t260 - r9d > 0x00000000) << 0x00000002 | 0x00000008;
				goto 0xa58bb45f;
				_t409 = _a8;
				_t384 = _t405 - 2;
				_t407 = _v64;
				 *_t397 = _t384;
				if (_t201 == 0) goto 0xa58bb6b0;
				if ( *_t384 == _t201) goto 0xa58bb6b0;
				E00007FF77FF7A58C189C(_t384);
				 *_t384 = 0x16;
				E00007FF77FF7A58BE7DC();
				if ((sil & 0x00000008) != 0) goto 0xa58bb6cc;
				_t385 = _t397[1];
				 *_t397 = _t407;
				if (_t385 == 0) goto 0xa58bb6c5;
				 *_t385 = _t407;
				goto 0xa58bb750;
				r8d = 0x80000000;
				r9d = _t405 - 1;
				if ((sil & 0x00000004) != 0) goto 0xa58bb6f4;
				if ((sil & 0x00000001) == 0) goto 0xa58bb737;
				if ((sil & 0x00000002) == 0) goto 0xa58bb6ef;
				if (_t261 - r8d <= 0) goto 0xa58bb73d;
				goto 0xa58bb6f4;
				if (_t261 - r9d <= 0) goto 0xa58bb73f;
				 *((char*)(_t409 + 0x30)) = 1;
				 *((intOrPtr*)(_t409 + 0x2c)) = 0x22;
				if ((_t258 & 0x00000001) != 0) goto 0xa58bb70f;
				goto 0xa58bb73f;
				_t395 = _t397[1];
				if ((_t258 & 0x00000002) == 0) goto 0xa58bb727;
				if (_t395 == 0) goto 0xa58bb722;
				 *_t395 =  *_t397;
				goto 0xa58bb750;
				if (_t395 == 0) goto 0xa58bb732;
				 *_t395 =  *_t397;
				goto 0xa58bb750;
				if ((sil & 0x00000002) == 0) goto 0xa58bb73f;
				_t396 = _t397[1];
				if (_t396 == 0) goto 0xa58bb74e;
				 *_t396 =  *_t397;
				return  ~(_t261 | 0xffffffff);
			}

0x7ff7a58bafe4
0x7ff7a58bafe4
0x7ff7a58bafe4
0x7ff7a58bafe9
0x7ff7a58bb000
0x7ff7a58bb003
0x7ff7a58bb006
0x7ff7a58bb00a
0x7ff7a58bb00d
0x7ff7a58bb015
0x7ff7a58bb01b
0x7ff7a58bb01d
0x7ff7a58bb022
0x7ff7a58bb028
0x7ff7a58bb02d
0x7ff7a58bb032
0x7ff7a58bb03b
0x7ff7a58bb03d
0x7ff7a58bb042
0x7ff7a58bb045
0x7ff7a58bb049
0x7ff7a58bb04c
0x7ff7a58bb057
0x7ff7a58bb05c
0x7ff7a58bb061
0x7ff7a58bb068
0x7ff7a58bb071
0x7ff7a58bb074
0x7ff7a58bb07e
0x7ff7a58bb083
0x7ff7a58bb086
0x7ff7a58bb08d
0x7ff7a58bb08f
0x7ff7a58bb094
0x7ff7a58bb096
0x7ff7a58bb0a0
0x7ff7a58bb0b2
0x7ff7a58bb0c2
0x7ff7a58bb0cb
0x7ff7a58bb0cd
0x7ff7a58bb0d0
0x7ff7a58bb0d3
0x7ff7a58bb0d7
0x7ff7a58bb0da
0x7ff7a58bb0ea
0x7ff7a58bb0f7
0x7ff7a58bb104
0x7ff7a58bb10c
0x7ff7a58bb112
0x7ff7a58bb11a
0x7ff7a58bb11a
0x7ff7a58bb11e
0x7ff7a58bb126
0x7ff7a58bb12c
0x7ff7a58bb134
0x7ff7a58bb13a
0x7ff7a58bb142
0x7ff7a58bb14a
0x7ff7a58bb152
0x7ff7a58bb15a
0x7ff7a58bb162
0x7ff7a58bb16a
0x7ff7a58bb172
0x7ff7a58bb17a
0x7ff7a58bb182
0x7ff7a58bb18a
0x7ff7a58bb192
0x7ff7a58bb19a
0x7ff7a58bb1a2
0x7ff7a58bb1aa
0x7ff7a58bb1b5
0x7ff7a58bb1c7
0x7ff7a58bb1d0
0x7ff7a58bb1da
0x7ff7a58bb1e1
0x7ff7a58bb1e9
0x7ff7a58bb1f3
0x7ff7a58bb201
0x7ff7a58bb209
0x7ff7a58bb212
0x7ff7a58bb220
0x7ff7a58bb228
0x7ff7a58bb231
0x7ff7a58bb23f
0x7ff7a58bb247
0x7ff7a58bb250
0x7ff7a58bb25e
0x7ff7a58bb266
0x7ff7a58bb26e
0x7ff7a58bb27c
0x7ff7a58bb286
0x7ff7a58bb292
0x7ff7a58bb29d
0x7ff7a58bb2aa
0x7ff7a58bb2b5
0x7ff7a58bb2c2
0x7ff7a58bb2cd
0x7ff7a58bb2da
0x7ff7a58bb2e5
0x7ff7a58bb2f2
0x7ff7a58bb2fd
0x7ff7a58bb30a
0x7ff7a58bb315
0x7ff7a58bb322
0x7ff7a58bb329
0x7ff7a58bb336
0x7ff7a58bb33d
0x7ff7a58bb34a
0x7ff7a58bb351
0x7ff7a58bb35e
0x7ff7a58bb365
0x7ff7a58bb37c
0x7ff7a58bb37e
0x7ff7a58bb38b
0x7ff7a58bb395
0x7ff7a58bb39a
0x7ff7a58bb3a0
0x7ff7a58bb3a0
0x7ff7a58bb3a3
0x7ff7a58bb3a8
0x7ff7a58bb3b1
0x7ff7a58bb3b6
0x7ff7a58bb3bb
0x7ff7a58bb3bd
0x7ff7a58bb3c0
0x7ff7a58bb3c6
0x7ff7a58bb3c9
0x7ff7a58bb3c9
0x7ff7a58bb3cd
0x7ff7a58bb3d0
0x7ff7a58bb3d7
0x7ff7a58bb3dc
0x7ff7a58bb3e4
0x7ff7a58bb3e8
0x7ff7a58bb3ee
0x7ff7a58bb3f3
0x7ff7a58bb3f5
0x7ff7a58bb3fa
0x7ff7a58bb400
0x7ff7a58bb405
0x7ff7a58bb40b
0x7ff7a58bb411
0x7ff7a58bb417
0x7ff7a58bb419
0x7ff7a58bb41f
0x7ff7a58bb421
0x7ff7a58bb425
0x7ff7a58bb425
0x7ff7a58bb429
0x7ff7a58bb42c
0x7ff7a58bb437
0x7ff7a58bb441
0x7ff7a58bb445
0x7ff7a58bb44a
0x7ff7a58bb44d
0x7ff7a58bb44d
0x7ff7a58bb450
0x7ff7a58bb456
0x7ff7a58bb45c
0x7ff7a58bb463
0x7ff7a58bb46d
0x7ff7a58bb475
0x7ff7a58bb47e
0x7ff7a58bb488
0x7ff7a58bb496
0x7ff7a58bb49e
0x7ff7a58bb4a7
0x7ff7a58bb4b5
0x7ff7a58bb4bd
0x7ff7a58bb4c6
0x7ff7a58bb4d4
0x7ff7a58bb4dc
0x7ff7a58bb4e9
0x7ff7a58bb4ef
0x7ff7a58bb4f5
0x7ff7a58bb4fc
0x7ff7a58bb509
0x7ff7a58bb517
0x7ff7a58bb520
0x7ff7a58bb52b
0x7ff7a58bb534
0x7ff7a58bb53f
0x7ff7a58bb548
0x7ff7a58bb553
0x7ff7a58bb55c
0x7ff7a58bb567
0x7ff7a58bb570
0x7ff7a58bb57b
0x7ff7a58bb588
0x7ff7a58bb593
0x7ff7a58bb5a0
0x7ff7a58bb5a7
0x7ff7a58bb5b4
0x7ff7a58bb5bb
0x7ff7a58bb5c8
0x7ff7a58bb5cf
0x7ff7a58bb5dc
0x7ff7a58bb5e3
0x7ff7a58bb5fa
0x7ff7a58bb601
0x7ff7a58bb60b
0x7ff7a58bb616
0x7ff7a58bb61b
0x7ff7a58bb621
0x7ff7a58bb621
0x7ff7a58bb624
0x7ff7a58bb629
0x7ff7a58bb62e
0x7ff7a58bb636
0x7ff7a58bb63b
0x7ff7a58bb641
0x7ff7a58bb643
0x7ff7a58bb64d
0x7ff7a58bb65e
0x7ff7a58bb66c
0x7ff7a58bb675
0x7ff7a58bb678
0x7ff7a58bb67a
0x7ff7a58bb67f
0x7ff7a58bb687
0x7ff7a58bb68b
0x7ff7a58bb693
0x7ff7a58bb699
0x7ff7a58bb69e
0x7ff7a58bb6a0
0x7ff7a58bb6a5
0x7ff7a58bb6ab
0x7ff7a58bb6b4
0x7ff7a58bb6b6
0x7ff7a58bb6ba
0x7ff7a58bb6c0
0x7ff7a58bb6c2
0x7ff7a58bb6c7
0x7ff7a58bb6cc
0x7ff7a58bb6d2
0x7ff7a58bb6da
0x7ff7a58bb6e0
0x7ff7a58bb6e6
0x7ff7a58bb6eb
0x7ff7a58bb6ed
0x7ff7a58bb6f2
0x7ff7a58bb6f6
0x7ff7a58bb6fe
0x7ff7a58bb708
0x7ff7a58bb70d
0x7ff7a58bb70f
0x7ff7a58bb715
0x7ff7a58bb71a
0x7ff7a58bb71f
0x7ff7a58bb725
0x7ff7a58bb72a
0x7ff7a58bb72f
0x7ff7a58bb735
0x7ff7a58bb73b
0x7ff7a58bb73f
0x7ff7a58bb746
0x7ff7a58bb74b
0x7ff7a58bb76a

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7A58BB028
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7A58BB400
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7A58BB6AB

Strings

p, xrefs: 00007FF7A58BB0DA
p, xrefs: 00007FF7A58BB152
0, xrefs: 00007FF7A58BB450
f, xrefs: 00007FF7A58BB14A

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0$f$p$p
API String ID: 3215553584-1202675169
Opcode ID: 0a58320019635a961c150351c0bc5df1efec55b3135690f773dd93fee4e49374
Instruction ID: 5e925ec447d0a4157135fb80dd88618358d0a4df4a55b826e1e24a83e191259a
Opcode Fuzzy Hash: 0a58320019635a961c150351c0bc5df1efec55b3135690f773dd93fee4e49374
Instruction Fuzzy Hash: E812BE21E0A24387FB207A15904467EF699FB42F56FC74171E6CA476E4CF3CE8A08B25

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D2730 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 77%

			E00007FF77FF7A58D2730(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				void* _t37;
				signed long long _t57;
				intOrPtr _t61;
				signed long long _t72;
				void* _t75;
				signed long long _t76;
				long long _t82;
				void* _t86;
				signed long long _t90;
				signed long long _t91;
				WCHAR* _t93;
				long _t96;
				void* _t99;
				WCHAR* _t104;

				 *((long long*)(_t86 + 8)) = __rbx;
				 *((long long*)(_t86 + 0x10)) = _t82;
				 *((long long*)(_t86 + 0x18)) = __rsi;
				r15d = __ecx;
				_t90 =  *0xa58fb008; // 0x485f0d1bb70c
				_t76 = _t75 | 0xffffffff;
				_t72 = _t90 ^  *(0x7ff7a5880000 + 0x9c220 + _t104 * 8);
				asm("dec eax");
				if (_t72 == _t76) goto 0xa58d2876;
				if (_t72 == 0) goto 0xa58d2799;
				_t57 = _t72;
				goto 0xa58d2878;
				if (__r8 == __r9) goto 0xa58d285b;
				_t61 =  *((intOrPtr*)(0x7ff7a5880000 + 0x9c180 + __rsi * 8));
				if (_t61 == 0) goto 0xa58d27c0;
				if (_t61 != _t76) goto 0xa58d28b5;
				goto 0xa58d2847;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t99, _t96);
				if (_t57 != 0) goto 0xa58d2895;
				if (GetLastError() != 0x57) goto 0xa58d2835;
				_t14 = _t57 - 0x50; // -80
				_t37 = _t14;
				r8d = _t37;
				if (E00007FF77FF7A58CD700(_t90) == 0) goto 0xa58d2835;
				r8d = _t37;
				if (E00007FF77FF7A58CD700(_t90) == 0) goto 0xa58d2835;
				r8d = 0;
				LoadLibraryExW(_t93, _t75);
				if (_t57 != 0) goto 0xa58d2895;
				 *((intOrPtr*)(0x7ff7a5880000 + 0x9c180 + __rsi * 8)) = _t76;
				if (__r8 + 4 != __r9) goto 0xa58d27a2;
				_t91 =  *0xa58fb008; // 0x485f0d1bb70c
				asm("dec eax");
				 *(0x7ff7a5880000 + 0x9c220 + _t104 * 8) = _t76 ^ _t91;
				return 0;
			}

0x7ff7a58d2730
0x7ff7a58d2735
0x7ff7a58d273a
0x7ff7a58d274c
0x7ff7a58d2767
0x7ff7a58d276e
0x7ff7a58d2778
0x7ff7a58d2780
0x7ff7a58d2786
0x7ff7a58d278f
0x7ff7a58d2791
0x7ff7a58d2794
0x7ff7a58d279c
0x7ff7a58d27a5
0x7ff7a58d27b0
0x7ff7a58d27b5
0x7ff7a58d27bb
0x7ff7a58d27cd
0x7ff7a58d27d3
0x7ff7a58d27df
0x7ff7a58d27ee
0x7ff7a58d27f0
0x7ff7a58d27f0
0x7ff7a58d27f6
0x7ff7a58d2807
0x7ff7a58d2809
0x7ff7a58d281d
0x7ff7a58d281f
0x7ff7a58d2827
0x7ff7a58d2833
0x7ff7a58d283f
0x7ff7a58d284e
0x7ff7a58d2854
0x7ff7a58d2868
0x7ff7a58d286e
0x7ff7a58d2894

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF7A58D309C,?,?,?,?,00007FF7A58C197D,?,?,?,?,00007FF7A588BCF4), ref: 00007FF7A58D28AF
GetProcAddress.KERNEL32(?,?,?,00007FF7A58D309C,?,?,?,?,00007FF7A58C197D,?,?,?,?,00007FF7A588BCF4), ref: 00007FF7A58D28BB

Strings

api-ms-, xrefs: 00007FF7A58D27F9
ext-ms-, xrefs: 00007FF7A58D280C

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 5626c5984f0ae1bb21cd2fd80ab5c4da9eb1195bb71ae225ce30eaeb2728921d
Instruction ID: d16e334d10045e53234d84d4053b3627fa58edea96080ec892f0bb189224465b
Opcode Fuzzy Hash: 5626c5984f0ae1bb21cd2fd80ab5c4da9eb1195bb71ae225ce30eaeb2728921d
Instruction Fuzzy Hash: 39412822B1B60281FA55FB16A8445B5A3D1BF4AFE0FCA4175ED1E477A4EE3CE065C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58BA85C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00007FF77FF7A58BA85C(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				struct HINSTANCE__* _t81;
				long long _t85;
				void* _t89;
				struct HINSTANCE__* _t94;
				long _t97;
				void* _t100;
				signed long long _t101;
				WCHAR* _t104;

				 *((long long*)(_t89 + 8)) = __rbx;
				 *((long long*)(_t89 + 0x10)) = _t85;
				 *((long long*)(_t89 + 0x18)) = __rsi;
				_t101 = _t100 | 0xffffffff;
				_t61 =  *((intOrPtr*)(0x7ff7a5880000 + 0x9b8c8 + _t81 * 8));
				if (_t61 == _t101) goto 0xa58ba98b;
				if (_t61 != 0) goto 0xa58ba98d;
				if (__r8 == __r9) goto 0xa58ba983;
				_t67 =  *((intOrPtr*)(0x7ff7a5880000 + 0x9b8b0 + __rsi * 8));
				if (_t67 == 0) goto 0xa58ba8ce;
				if (_t67 != _t101) goto 0xa58ba965;
				goto 0xa58ba939;
				r8d = 0x800;
				LoadLibraryExW(_t104, _t100, _t97);
				_t68 = _t61;
				if (_t61 != 0) goto 0xa58ba945;
				if (GetLastError() != 0x57) goto 0xa58ba927;
				_t14 = _t68 + 7; // 0x7
				r8d = _t14;
				if (E00007FF77FF7A58CD700(__r8) == 0) goto 0xa58ba927;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				if (_t61 != 0) goto 0xa58ba945;
				 *((intOrPtr*)(0x7ff7a5880000 + 0x9b8b0 + __rsi * 8)) = _t101;
				goto 0xa58ba8ac;
				_t21 = 0x7ff7a5880000 + 0x9b8b0 + __rsi * 8;
				_t65 =  *_t21;
				 *_t21 = _t61;
				if (_t65 == 0) goto 0xa58ba965;
				FreeLibrary(_t94);
				GetProcAddress(_t81);
				if (_t65 == 0) goto 0xa58ba983;
				 *((intOrPtr*)(0x7ff7a5880000 + 0x9b8c8 + _t81 * 8)) = _t65;
				goto 0xa58ba98d;
				 *((intOrPtr*)(0x7ff7a5880000 + 0x9b8c8 + _t81 * 8)) = _t101;
				return 0;
			}

0x7ff7a58ba85c
0x7ff7a58ba861
0x7ff7a58ba866
0x7ff7a58ba881
0x7ff7a58ba88e
0x7ff7a58ba89a
0x7ff7a58ba8a3
0x7ff7a58ba8ac
0x7ff7a58ba8b5
0x7ff7a58ba8c1
0x7ff7a58ba8c6
0x7ff7a58ba8cc
0x7ff7a58ba8db
0x7ff7a58ba8e1
0x7ff7a58ba8e7
0x7ff7a58ba8ed
0x7ff7a58ba8f8
0x7ff7a58ba8fa
0x7ff7a58ba8fa
0x7ff7a58ba90f
0x7ff7a58ba911
0x7ff7a58ba919
0x7ff7a58ba925
0x7ff7a58ba931
0x7ff7a58ba940
0x7ff7a58ba94f
0x7ff7a58ba94f
0x7ff7a58ba94f
0x7ff7a58ba95a
0x7ff7a58ba95f
0x7ff7a58ba96b
0x7ff7a58ba974
0x7ff7a58ba979
0x7ff7a58ba981
0x7ff7a58ba983
0x7ff7a58ba9a9

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF7A58BAB0E,?,?,?,00007FF7A58BA800,?,?,00000001,00007FF7A58B682D), ref: 00007FF7A58BA8E1
GetLastError.KERNEL32(?,?,?,00007FF7A58BAB0E,?,?,?,00007FF7A58BA800,?,?,00000001,00007FF7A58B682D), ref: 00007FF7A58BA8EF
LoadLibraryExW.KERNEL32(?,?,?,00007FF7A58BAB0E,?,?,?,00007FF7A58BA800,?,?,00000001,00007FF7A58B682D), ref: 00007FF7A58BA919
FreeLibrary.KERNEL32(?,?,?,00007FF7A58BAB0E,?,?,?,00007FF7A58BA800,?,?,00000001,00007FF7A58B682D), ref: 00007FF7A58BA95F
GetProcAddress.KERNEL32(?,?,?,00007FF7A58BAB0E,?,?,?,00007FF7A58BA800,?,?,00000001,00007FF7A58B682D), ref: 00007FF7A58BA96B

Strings

api-ms-, xrefs: 00007FF7A58BA901

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 2f96252bbaa5383fa7e64a46bffcbadfad3f8f69fea94b41880dceedc88e7bf2
Instruction ID: 99fe9a5e450e4543c60f4aa68edbac4fddbab46325dc0147b87b12de06cc1e6e
Opcode Fuzzy Hash: 2f96252bbaa5383fa7e64a46bffcbadfad3f8f69fea94b41880dceedc88e7bf2
Instruction Fuzzy Hash: 2D319221A1B64291EE11BB12A84057DE3A8FF4AFA0F9B0575DD6D063A1EF3CE465C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5894FB4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E00007FF77FF7A5894FB4(long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __r8, void* __r10) {
				void* _t27;
				long long _t36;
				void* _t38;
				void* _t39;
				void* _t59;
				long long _t61;
				long long _t64;
				void* _t72;
				void* _t73;

				_t36 = _t64;
				 *((long long*)(_t36 + 8)) = __rbx;
				 *((long long*)(_t36 + 0x10)) = _t61;
				 *((long long*)(_t36 + 0x18)) = __rsi;
				 *((long long*)(_t36 + 0x20)) = __rdi;
				_t73 = __rcx;
				_t59 = __r8;
				E00007FF77FF7A5893EF8(_t36, __rbx, _t36 - 0x38, __r10);
				_t6 = _t73 + 0x2c; // 0x2c
				_t62 = _t6;
				asm("movups xmm0, [eax]");
				asm("movups [ebp], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp+0x10], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [ebp+0x20], xmm0");
				 *((intOrPtr*)(_t6 + 0x28)) =  *((intOrPtr*)(_t36 + 0x28));
				0xa58caa54();
				_t9 = _t59 + 8; // 0x8
				_t38 = _t9;
				if (_t36 == 0) goto 0xa5895023;
				E00007FF77FF7A5885B80(_t36, _t38, _t38, _t36, __r8, _t72);
				E00007FF77FF7A58BE348(_t38, _t36, _t59);
				_t46 =  !=  ?  *_t38 : ":Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday";
				E00007FF77FF7A589523C(0, _t38,  !=  ?  *_t38 : ":Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday", _t62, _t62);
				 *((long long*)(_t73 + 0x10)) = _t36;
				E00007FF77FF7A58CABA0( *_t38, _t38,  !=  ?  *_t38 : ":Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday", _t59, _t62);
				_t11 = _t59 + 0x18; // 0x18
				_t39 = _t11;
				if (_t36 == 0) goto 0xa5895064;
				E00007FF77FF7A5885B80(_t36, _t39, _t39, _t36, _t59);
				E00007FF77FF7A58BE348(_t39, _t36, _t59);
				_t50 =  !=  ?  *_t39 : ":Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December";
				E00007FF77FF7A589523C(0, _t39,  !=  ?  *_t39 : ":Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December", _t62, _t62);
				 *((long long*)(_t73 + 0x18)) = _t36;
				_t27 = E00007FF77FF7A589523C(0, _t39, ":AM:am:PM:pm", _t62, _t62);
				 *((long long*)(_t73 + 0x20)) = _t36;
				return _t27;
			}

0x7ff7a5894fb4
0x7ff7a5894fb7
0x7ff7a5894fbb
0x7ff7a5894fbf
0x7ff7a5894fc3
0x7ff7a5894fcd
0x7ff7a5894fd0
0x7ff7a5894fd7
0x7ff7a5894fdc
0x7ff7a5894fdc
0x7ff7a5894fe0
0x7ff7a5894fe3
0x7ff7a5894fe7
0x7ff7a5894feb
0x7ff7a5894fef
0x7ff7a5894ff4
0x7ff7a5894ffc
0x7ff7a5894fff
0x7ff7a5895004
0x7ff7a5895004
0x7ff7a589500e
0x7ff7a5895016
0x7ff7a589501e
0x7ff7a5895031
0x7ff7a5895037
0x7ff7a589503c
0x7ff7a5895040
0x7ff7a5895045
0x7ff7a5895045
0x7ff7a589504f
0x7ff7a5895057
0x7ff7a589505f
0x7ff7a5895072
0x7ff7a5895078
0x7ff7a5895080
0x7ff7a589508d
0x7ff7a58950a6
0x7ff7a58950b0

APIs

_Maklocstr.LIBCPMT ref: 00007FF7A5895037
_Maklocstr.LIBCPMT ref: 00007FF7A5895078
_Maklocstr.LIBCPMT ref: 00007FF7A589508D

Strings

:AM:am:PM:pm, xrefs: 00007FF7A5895086
:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FF7A5895068
:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF7A5895027

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Maklocstr
String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
API String ID: 2987148671-35662545
Opcode ID: 74ff3190db7da8999bf8f87f2a2290b1f6bb46750ec68aff1dcd3caa8fe7f109
Instruction ID: fac5af62097d1134dd385ed59b1f880cd6b3950a5e6c2e9d1767ef1ab2df5ba7
Opcode Fuzzy Hash: 74ff3190db7da8999bf8f87f2a2290b1f6bb46750ec68aff1dcd3caa8fe7f109
Instruction Fuzzy Hash: C7215C22A06B81C5E610EF21D8402ADB7A5EF9AFC0F8A8275EA4D03766DF3CE1518350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58CDB1C Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7A58CDB2B
FlsGetValue.KERNEL32 ref: 00007FF7A58CDB40
FlsSetValue.KERNEL32 ref: 00007FF7A58CDB61
FlsSetValue.KERNEL32 ref: 00007FF7A58CDB8E
FlsSetValue.KERNEL32 ref: 00007FF7A58CDB9F
FlsSetValue.KERNEL32 ref: 00007FF7A58CDBB0
SetLastError.KERNEL32 ref: 00007FF7A58CDBCB

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 394e9c83fa5bf90ffaa9925bb36bdf527204b6b52a13f00c4f86e99f5d63c7a4
Instruction ID: 46231c3f5673ee37a748ed326c589381017204d8ac7db5da0b7d2f597c076eae
Opcode Fuzzy Hash: 394e9c83fa5bf90ffaa9925bb36bdf527204b6b52a13f00c4f86e99f5d63c7a4
Instruction Fuzzy Hash: F5215021B0F78281FA597721595113DD2926F86FB0F860BB4E92E076FADE6CB4314320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58DF27C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF7A58DF2AD
GetLastError.KERNEL32 ref: 00007FF7A58DF2B9
CloseHandle.KERNEL32 ref: 00007FF7A58DF2D1
CreateFileW.KERNEL32 ref: 00007FF7A58DF2FC
WriteConsoleW.KERNEL32 ref: 00007FF7A58DF31B

Strings

CONOUT$, xrefs: 00007FF7A58DF2DD

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 6021994bea9bded303f591ac0f5cef3a1d53852439a6244d0e1fbe49a658e4f3
Instruction ID: 178c6ce8339b86ce692897e06936ef41bf23cb9d8dc999c358d1c26cf329deac
Opcode Fuzzy Hash: 6021994bea9bded303f591ac0f5cef3a1d53852439a6244d0e1fbe49a658e4f3
Instruction Fuzzy Hash: 71118422B19A41C6E750AB12E844329A3A0FB99FE4F860274EE5E477B4CF7CD924C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5895464 Relevance: 9.3, APIs: 6, Instructions: 313
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00007FF77FF7A5895464(int __ecx, void* __edx, void* __edi, void* __esp, long long __rbx, long long* __rcx, signed int __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r9, void* _a4, void* _a12, void* _a20) {
				void* _v4;
				int _t22;
				void* _t24;
				void* _t43;
				long long* _t53;
				void* _t59;
				void* _t60;
				signed long long _t66;
				long long _t72;
				long long _t78;
				void* _t83;
				long long _t87;
				signed long long _t90;

				_t43 = _t83;
				 *((long long*)(_t43 + 8)) = __rbx;
				 *((long long*)(_t43 + 0x10)) = __rbp;
				 *((long long*)(_t43 + 0x18)) = __rsi;
				 *((long long*)(_t43 + 0x20)) = __rdi;
				_push(_t87);
				r15d = r9w & 0xffffffff;
				_t53 = __rcx;
				if (__rdx - 0xfffffffe > 0) goto 0xa589559f;
				_t90 =  *((intOrPtr*)(__rcx + 0x18));
				_t66 = __rdx | 0x00000007;
				r12d = 0;
				if (_t66 - 0xfffffffe > 0) goto 0xa58954bf;
				if (_t90 - 0xfffffffe - (_t90 >> 1) <= 0) goto 0xa58954cf;
				goto 0xa5895500;
				_t72 =  <  ? 0xfffffffffffffffe + _t90 : _t66;
				_t59 = _t72 + 1;
				if (_t59 - 0xffffffff > 0) goto 0xa5895593;
				_t60 = _t59 + _t59;
				if (_t60 - 0x1000 < 0) goto 0xa589550a;
				E00007FF77FF7A588AA80(_t60);
				goto 0xa5895519;
				if (_t60 == 0) goto 0xa5895516;
				_t22 = E00007FF77FF7A588AD90(0xffffffff, _t60);
				goto 0xa5895505;
				_t78 = _t87;
				 *((long long*)(_t53 + 0x10)) = __rdx;
				 *((long long*)(_t53 + 0x18)) = _t72;
				if (__rdx == 0) goto 0xa5895532;
				memset(__edi, _t22, __ecx);
				 *((intOrPtr*)(_t78 + __rdx * 2)) = r12w;
				if (_t90 - 8 < 0) goto 0xa589556e;
				if (2 + _t90 * 2 - 0x1000 < 0) goto 0xa5895569;
				if ( *_t53 -  *((intOrPtr*)( *_t53 - 8)) - 8 - 0x1f > 0) goto 0xa5895599;
				_t24 = E00007FF77FF7A588AAF0( *_t53 -  *((intOrPtr*)( *_t53 - 8)) - 8, _t53, __r9);
				 *_t53 = _t78;
				return _t24;
			}

0x7ff7a5895464
0x7ff7a5895467
0x7ff7a589546b
0x7ff7a589546f
0x7ff7a5895473
0x7ff7a5895477
0x7ff7a589548b
0x7ff7a5895492
0x7ff7a5895498
0x7ff7a589549e
0x7ff7a58954a2
0x7ff7a58954a6
0x7ff7a58954ac
0x7ff7a58954bd
0x7ff7a58954cd
0x7ff7a58954d9
0x7ff7a58954e7
0x7ff7a58954ee
0x7ff7a58954f4
0x7ff7a58954fe
0x7ff7a5895500
0x7ff7a5895508
0x7ff7a589550d
0x7ff7a589550f
0x7ff7a5895514
0x7ff7a5895516
0x7ff7a5895519
0x7ff7a589551d
0x7ff7a5895524
0x7ff7a589552f
0x7ff7a5895532
0x7ff7a589553b
0x7ff7a589554f
0x7ff7a5895564
0x7ff7a5895569
0x7ff7a589556e
0x7ff7a5895592

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5895593
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5895599
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A589572A
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5895736
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A58958B6
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A58958C2

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 69f7509225d0bb3ce972814924ce563ed9fc29a777a6792da8a070b0999b22b3
Instruction ID: e7c4de7ace192e2c06a277717b65d4f2996deba40263c9abb745b7565ea72548
Opcode Fuzzy Hash: 69f7509225d0bb3ce972814924ce563ed9fc29a777a6792da8a070b0999b22b3
Instruction Fuzzy Hash: 6FB1F162B06646D1EA04AB16E50427DB356EF15FE0F9A0671EE7D07BE5EE3CE061C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58B4B40 Relevance: 9.2, APIs: 6, Instructions: 200COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF7A58B4BB2
MultiByteToWideChar.KERNEL32 ref: 00007FF7A58B4C5A
LCMapStringEx.KERNEL32 ref: 00007FF7A58B4C91
LCMapStringEx.KERNEL32 ref: 00007FF7A58B4CEA
LCMapStringEx.KERNEL32 ref: 00007FF7A58B4D97
WideCharToMultiByte.KERNEL32 ref: 00007FF7A58B4DD9

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: fc70c2e97769de5dc4c0e94a89ab0a973aa15b03dd42bd2846db766ce040f42b
Instruction ID: 8f24d6e7e5151214e6b52138cdd45c6e88f86da95384294270381615258e5ca5
Opcode Fuzzy Hash: fc70c2e97769de5dc4c0e94a89ab0a973aa15b03dd42bd2846db766ce040f42b
Instruction Fuzzy Hash: 5781B532A0678186EB209F15D44137DA6A6FF46FA8F8A0275EA5E07BF4DF3CD8558310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58974C4 Relevance: 9.1, APIs: 6, Instructions: 97
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00007FF77FF7A58974C4(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t34;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				long long _t50;
				long long _t55;
				intOrPtr _t62;
				signed long long _t63;
				long long _t64;
				void* _t65;
				signed int _t66;

				_t42 = __rax;
				_t65 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t64 =  *0xa591b690; // 0x0
				_a24 = _t64;
				_t62 =  *0xa591b590; // 0x19
				if (_t62 != 0) goto 0xa5897534;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t34 =  *0xa591b590 - _t62; // 0x19
				if (_t34 != 0) goto 0xa5897523;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b590 = _t42;
				_t24 = E00007FF77FF7A588BD58(_t42,  &_a8);
				_t63 =  *0xa591b590; // 0x19
				_t55 = _a8;
				_t66 = _t63 * 8;
				if (_t63 -  *((intOrPtr*)(_t55 + 0x18)) >= 0) goto 0xa5897555;
				_t43 =  *((intOrPtr*)(_t55 + 0x10));
				if ( *((intOrPtr*)(_t66 + _t43)) != 0) goto 0xa58975bb;
				goto 0xa5897557;
				if ( *((char*)(_t55 + 0x24)) == 0) goto 0xa5897570;
				E00007FF77FF7A58920C4(_t24);
				if (_t63 -  *((intOrPtr*)(_t43 + 0x18)) >= 0) goto 0xa5897575;
				_t44 =  *((intOrPtr*)(_t43 + 0x10));
				if ( *((intOrPtr*)(_t66 + _t44)) != 0) goto 0xa58975bb;
				if (_t64 == 0) goto 0xa589757f;
				goto 0xa58975bb;
				E00007FF77FF7A58999CC(0, _t44, _t64,  &_a24, _t65, _t65);
				if (_t44 == 0xffffffff) goto 0xa58975d3;
				_t50 = _a24;
				_a8 = _t50;
				E00007FF77FF7A589208C(_t44, _t50);
				_t28 =  *0xa58e2390();
				 *0xa591b690 = _t50;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a58974c4
0x7ff7a58974cf
0x7ff7a58974d9
0x7ff7a58974df
0x7ff7a58974e6
0x7ff7a58974eb
0x7ff7a58974f5
0x7ff7a58974fe
0x7ff7a5897503
0x7ff7a589750a
0x7ff7a589750c
0x7ff7a5897514
0x7ff7a589751c
0x7ff7a5897528
0x7ff7a589752d
0x7ff7a5897534
0x7ff7a5897538
0x7ff7a5897544
0x7ff7a5897546
0x7ff7a5897551
0x7ff7a5897553
0x7ff7a589755b
0x7ff7a589755d
0x7ff7a5897566
0x7ff7a5897568
0x7ff7a5897573
0x7ff7a5897578
0x7ff7a589757d
0x7ff7a5897587
0x7ff7a5897590
0x7ff7a5897592
0x7ff7a5897597
0x7ff7a589759f
0x7ff7a58975ae
0x7ff7a58975b4
0x7ff7a58975d2

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58974D9
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58974FE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5897528
std::_Facet_Register.LIBCPMT ref: 00007FF7A589759F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58975C0
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A58975D3

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 15e6e0dc7184057c50f9a9bd5a12e86073a536bfb19dd4d02628ab63579da947
Instruction ID: 1074bb8a4d87d1e9a59687b4a091c87e9ecc91e8256bbe6b30cb101d9232cf05
Opcode Fuzzy Hash: 15e6e0dc7184057c50f9a9bd5a12e86073a536bfb19dd4d02628ab63579da947
Instruction Fuzzy Hash: 97418122A0BA4685EB45BB15D440178B321FF9BF90F8A0171EA1D4B6B5DF3CF4618360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5889210 Relevance: 9.1, APIs: 6, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00007FF77FF7A5889210(long long __rbx, void* __rcx, long long __rbp, long long _a16, long long _a24) {
				signed int _v40;
				long long _v48;
				char _v52;
				char _v56;
				void* __rsi;
				intOrPtr _t27;
				void* _t30;
				void* _t34;
				void* _t38;
				void* _t42;
				signed long long _t51;
				signed long long _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				long long _t60;
				intOrPtr _t66;
				signed long long _t75;
				signed long long _t76;
				signed int _t77;
				long long _t79;
				void* _t81;
				void* _t84;

				_a16 = __rbx;
				_a24 = __rbp;
				_t82 = _t81 - 0x40;
				_t51 =  *0xa58fb008; // 0x485f0d1bb70c
				_t52 = _t51 ^ _t81 - 0x00000040;
				_v40 = _t52;
				_t84 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_v52);
				_t79 =  *0xa591c458; // 0x2282325fdc0
				_v48 = _t79;
				_t75 =  *0xa591c470; // 0x3
				if (_t75 != 0) goto 0xa5889296;
				E00007FF77FF7A588BCE0(0,  &_v56);
				_t42 =  *0xa591c470 - _t75; // 0x3
				if (_t42 != 0) goto 0xa5889285;
				_t27 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t27 + 1;
				 *0xa591c470 = _t52;
				_t30 = E00007FF77FF7A588BD58(_t52,  &_v56);
				_t76 =  *0xa591c470; // 0x3
				_t66 =  *((intOrPtr*)(_t84 + 8));
				_t77 = _t76 * 8;
				if (_t76 -  *((intOrPtr*)(_t66 + 0x18)) >= 0) goto 0xa58892b7;
				_t53 =  *((intOrPtr*)(_t66 + 0x10));
				if ( *((intOrPtr*)(_t77 + _t53)) != 0) goto 0xa5889316;
				goto 0xa58892b9;
				if ( *((char*)(_t66 + 0x24)) == 0) goto 0xa58892d2;
				E00007FF77FF7A58920C4(_t30);
				if (_t76 -  *((intOrPtr*)(_t53 + 0x18)) >= 0) goto 0xa58892d7;
				_t54 =  *((intOrPtr*)(_t53 + 0x10));
				if ( *((intOrPtr*)(_t77 + _t54)) != 0) goto 0xa5889316;
				if (_t79 == 0) goto 0xa58892e1;
				goto 0xa5889316;
				E00007FF77FF7A588A260(_t54, _t79,  &_v48, _t84, _t77);
				if (_t54 == 0xffffffff) goto 0xa5889343;
				_t60 = _v48;
				_v48 = _t60;
				E00007FF77FF7A589208C(_t54, _t60);
				_t34 =  *((intOrPtr*)( *_t60 + 8))();
				 *0xa591c458 = _t60;
				return E00007FF77FF7A588AAD0(E00007FF77FF7A588BD58(_t34,  &_v52), _t38, _v40 ^ _t82);
			}

0x7ff7a5889210
0x7ff7a5889215
0x7ff7a588921e
0x7ff7a5889222
0x7ff7a5889229
0x7ff7a588922c
0x7ff7a5889231
0x7ff7a588923b
0x7ff7a5889241
0x7ff7a5889248
0x7ff7a588924d
0x7ff7a5889257
0x7ff7a5889260
0x7ff7a5889265
0x7ff7a588926c
0x7ff7a588926e
0x7ff7a5889276
0x7ff7a588927e
0x7ff7a588928a
0x7ff7a588928f
0x7ff7a5889296
0x7ff7a588929a
0x7ff7a58892a6
0x7ff7a58892a8
0x7ff7a58892b3
0x7ff7a58892b5
0x7ff7a58892bd
0x7ff7a58892bf
0x7ff7a58892c8
0x7ff7a58892ca
0x7ff7a58892d5
0x7ff7a58892da
0x7ff7a58892df
0x7ff7a58892e9
0x7ff7a58892f2
0x7ff7a58892f4
0x7ff7a58892f9
0x7ff7a5889301
0x7ff7a588930c
0x7ff7a588930f
0x7ff7a5889342

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A588923B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5889260
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A588928A
std::_Facet_Register.LIBCPMT ref: 00007FF7A5889301
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A588931B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5889343

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: fa5e5cb856707691b2f622d0e03cb6b9e72890a4c533d2f478709790ba3098a1
Instruction ID: 8204c083c4404dc409e647b7f607d86bea8a2dab45bacf7bca15a170e2a5272a
Opcode Fuzzy Hash: fa5e5cb856707691b2f622d0e03cb6b9e72890a4c533d2f478709790ba3098a1
Instruction Fuzzy Hash: 0031B362A0EA0184EA61FB15E440179B361FB96FD5F8A1171EA9D073F6DF3CE4618320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5888C10 Relevance: 9.1, APIs: 6, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00007FF77FF7A5888C10(long long __rbx, void* __rcx, long long __rbp, long long _a16, long long _a24) {
				signed int _v40;
				long long _v48;
				char _v52;
				char _v56;
				void* __rsi;
				intOrPtr _t27;
				void* _t30;
				void* _t34;
				void* _t38;
				void* _t42;
				signed long long _t51;
				signed long long _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				long long _t60;
				intOrPtr _t66;
				signed long long _t75;
				signed long long _t76;
				signed int _t77;
				long long _t79;
				void* _t81;
				void* _t84;

				_a16 = __rbx;
				_a24 = __rbp;
				_t82 = _t81 - 0x40;
				_t51 =  *0xa58fb008; // 0x485f0d1bb70c
				_t52 = _t51 ^ _t81 - 0x00000040;
				_v40 = _t52;
				_t84 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_v52);
				_t79 =  *0xa591c460; // 0x22823259550
				_v48 = _t79;
				_t75 =  *0xa591b2f8; // 0x1
				if (_t75 != 0) goto 0xa5888c96;
				E00007FF77FF7A588BCE0(0,  &_v56);
				_t42 =  *0xa591b2f8 - _t75; // 0x1
				if (_t42 != 0) goto 0xa5888c85;
				_t27 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t27 + 1;
				 *0xa591b2f8 = _t52;
				_t30 = E00007FF77FF7A588BD58(_t52,  &_v56);
				_t76 =  *0xa591b2f8; // 0x1
				_t66 =  *((intOrPtr*)(_t84 + 8));
				_t77 = _t76 * 8;
				if (_t76 -  *((intOrPtr*)(_t66 + 0x18)) >= 0) goto 0xa5888cb7;
				_t53 =  *((intOrPtr*)(_t66 + 0x10));
				if ( *((intOrPtr*)(_t77 + _t53)) != 0) goto 0xa5888d16;
				goto 0xa5888cb9;
				if ( *((char*)(_t66 + 0x24)) == 0) goto 0xa5888cd2;
				E00007FF77FF7A58920C4(_t30);
				if (_t76 -  *((intOrPtr*)(_t53 + 0x18)) >= 0) goto 0xa5888cd7;
				_t54 =  *((intOrPtr*)(_t53 + 0x10));
				if ( *((intOrPtr*)(_t77 + _t54)) != 0) goto 0xa5888d16;
				if (_t79 == 0) goto 0xa5888ce1;
				goto 0xa5888d16;
				E00007FF77FF7A5882020(_t54, _t79,  &_v48, _t84, _t77);
				if (_t54 == 0xffffffff) goto 0xa5888d43;
				_t60 = _v48;
				_v48 = _t60;
				E00007FF77FF7A589208C(_t54, _t60);
				_t34 =  *((intOrPtr*)( *_t60 + 8))();
				 *0xa591c460 = _t60;
				return E00007FF77FF7A588AAD0(E00007FF77FF7A588BD58(_t34,  &_v52), _t38, _v40 ^ _t82);
			}

0x7ff7a5888c10
0x7ff7a5888c15
0x7ff7a5888c1e
0x7ff7a5888c22
0x7ff7a5888c29
0x7ff7a5888c2c
0x7ff7a5888c31
0x7ff7a5888c3b
0x7ff7a5888c41
0x7ff7a5888c48
0x7ff7a5888c4d
0x7ff7a5888c57
0x7ff7a5888c60
0x7ff7a5888c65
0x7ff7a5888c6c
0x7ff7a5888c6e
0x7ff7a5888c76
0x7ff7a5888c7e
0x7ff7a5888c8a
0x7ff7a5888c8f
0x7ff7a5888c96
0x7ff7a5888c9a
0x7ff7a5888ca6
0x7ff7a5888ca8
0x7ff7a5888cb3
0x7ff7a5888cb5
0x7ff7a5888cbd
0x7ff7a5888cbf
0x7ff7a5888cc8
0x7ff7a5888cca
0x7ff7a5888cd5
0x7ff7a5888cda
0x7ff7a5888cdf
0x7ff7a5888ce9
0x7ff7a5888cf2
0x7ff7a5888cf4
0x7ff7a5888cf9
0x7ff7a5888d01
0x7ff7a5888d0c
0x7ff7a5888d0f
0x7ff7a5888d42

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5888C3B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5888C60
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5888C8A
std::_Facet_Register.LIBCPMT ref: 00007FF7A5888D01
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5888D1B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5888D43

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 86ff4ccb90e0434cd3f51223c37946108704d49d03d5bd3bf599c3a417ecb0cd
Instruction ID: b64509c40fb5da53b82810a129e728eedb894d26d23b4ca8d8168b3898c98bb7
Opcode Fuzzy Hash: 86ff4ccb90e0434cd3f51223c37946108704d49d03d5bd3bf599c3a417ecb0cd
Instruction Fuzzy Hash: 5F31D622A0AA0284EA61FB11E440179F361FB56FD5F8A0571DA5D0B3B5CF3CE451C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5889350 Relevance: 9.1, APIs: 6, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00007FF77FF7A5889350(long long __rbx, void* __rcx, long long __rbp, long long _a16, long long _a24) {
				signed int _v40;
				long long _v48;
				char _v52;
				char _v56;
				intOrPtr _t27;
				void* _t30;
				void* _t34;
				void* _t38;
				void* _t42;
				signed long long _t51;
				signed long long _t52;
				intOrPtr _t53;
				long long _t54;
				long long _t60;
				intOrPtr _t66;
				signed long long _t75;
				signed long long _t76;
				signed int _t77;
				long long _t79;
				void* _t81;
				void* _t84;

				_a16 = __rbx;
				_a24 = __rbp;
				_t82 = _t81 - 0x40;
				_t51 =  *0xa58fb008; // 0x485f0d1bb70c
				_t52 = _t51 ^ _t81 - 0x00000040;
				_v40 = _t52;
				_t84 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_v52);
				_t79 =  *0xa591c450; // 0x22823261220
				_v48 = _t79;
				_t75 =  *0xa591c4a0; // 0x4
				if (_t75 != 0) goto 0xa58893d6;
				E00007FF77FF7A588BCE0(0,  &_v56);
				_t42 =  *0xa591c4a0 - _t75; // 0x4
				if (_t42 != 0) goto 0xa58893c5;
				_t27 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t27 + 1;
				 *0xa591c4a0 = _t52;
				_t30 = E00007FF77FF7A588BD58(_t52,  &_v56);
				_t76 =  *0xa591c4a0; // 0x4
				_t66 =  *((intOrPtr*)(_t84 + 8));
				_t77 = _t76 * 8;
				if (_t76 -  *((intOrPtr*)(_t66 + 0x18)) >= 0) goto 0xa58893f7;
				_t53 =  *((intOrPtr*)(_t66 + 0x10));
				if ( *((intOrPtr*)(_t77 + _t53)) != 0) goto 0xa5889456;
				goto 0xa58893f9;
				if ( *((char*)(_t66 + 0x24)) == 0) goto 0xa5889412;
				E00007FF77FF7A58920C4(_t30);
				if (_t76 -  *((intOrPtr*)(_t53 + 0x18)) >= 0) goto 0xa5889417;
				_t54 =  *((intOrPtr*)(_t53 + 0x10));
				if ( *((intOrPtr*)(_t77 + _t54)) != 0) goto 0xa5889456;
				if (_t79 == 0) goto 0xa5889421;
				goto 0xa5889456;
				E00007FF77FF7A588A020(_t54,  &_v48, _t84);
				if (_t54 == 0xffffffff) goto 0xa5889483;
				_t60 = _v48;
				_v48 = _t60;
				E00007FF77FF7A589208C(_t54, _t60);
				_t34 =  *((intOrPtr*)( *_t60 + 8))();
				 *0xa591c450 = _t60;
				return E00007FF77FF7A588AAD0(E00007FF77FF7A588BD58(_t34,  &_v52), _t38, _v40 ^ _t82);
			}

0x7ff7a5889350
0x7ff7a5889355
0x7ff7a588935e
0x7ff7a5889362
0x7ff7a5889369
0x7ff7a588936c
0x7ff7a5889371
0x7ff7a588937b
0x7ff7a5889381
0x7ff7a5889388
0x7ff7a588938d
0x7ff7a5889397
0x7ff7a58893a0
0x7ff7a58893a5
0x7ff7a58893ac
0x7ff7a58893ae
0x7ff7a58893b6
0x7ff7a58893be
0x7ff7a58893ca
0x7ff7a58893cf
0x7ff7a58893d6
0x7ff7a58893da
0x7ff7a58893e6
0x7ff7a58893e8
0x7ff7a58893f3
0x7ff7a58893f5
0x7ff7a58893fd
0x7ff7a58893ff
0x7ff7a5889408
0x7ff7a588940a
0x7ff7a5889415
0x7ff7a588941a
0x7ff7a588941f
0x7ff7a5889429
0x7ff7a5889432
0x7ff7a5889434
0x7ff7a5889439
0x7ff7a5889441
0x7ff7a588944c
0x7ff7a588944f
0x7ff7a5889482

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A588937B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58893A0
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58893CA
std::_Facet_Register.LIBCPMT ref: 00007FF7A5889441
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A588945B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5889483

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: ccf968d3aaac2a1bfc36caa2bd550767fd4fa4cdca8c998acda122f67d0137dc
Instruction ID: fcbcf320d6f7db83dfdba554d01d30c373fdc9ac53c2940566b6c43e07a7067e
Opcode Fuzzy Hash: ccf968d3aaac2a1bfc36caa2bd550767fd4fa4cdca8c998acda122f67d0137dc
Instruction Fuzzy Hash: A6319262A0EA4285EA50AF15E44017AB360FB9AFD5F8A1171EA5E073F6DF3CE451C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5895EE4 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00007FF77FF7A5895EE4(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				void* _t67;
				void* _t68;
				signed int _t69;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b698; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b308; // 0x1b
				if (_t63 != 0) goto 0xa5895f54;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b308 - _t63; // 0x1b
				if (_t35 != 0) goto 0xa5895f43;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b308 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b308; // 0x1b
				_t56 = _a8;
				_t69 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5895f75;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t69 + _t44)) != 0) goto 0xa5895fdb;
				goto 0xa5895f77;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5895f90;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5895f95;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t69 + _t45)) != 0) goto 0xa5895fdb;
				if (_t65 == 0) goto 0xa5895f9f;
				goto 0xa5895fdb;
				E00007FF77FF7A58989BC(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66, _t67, _t68);
				if (_t45 == 0xffffffff) goto 0xa5895ff3;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b698 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5895ee4
0x7ff7a5895eef
0x7ff7a5895ef9
0x7ff7a5895eff
0x7ff7a5895f06
0x7ff7a5895f0b
0x7ff7a5895f15
0x7ff7a5895f1e
0x7ff7a5895f23
0x7ff7a5895f2a
0x7ff7a5895f2c
0x7ff7a5895f34
0x7ff7a5895f3c
0x7ff7a5895f48
0x7ff7a5895f4d
0x7ff7a5895f54
0x7ff7a5895f58
0x7ff7a5895f64
0x7ff7a5895f66
0x7ff7a5895f71
0x7ff7a5895f73
0x7ff7a5895f7b
0x7ff7a5895f7d
0x7ff7a5895f86
0x7ff7a5895f88
0x7ff7a5895f93
0x7ff7a5895f98
0x7ff7a5895f9d
0x7ff7a5895fa7
0x7ff7a5895fb0
0x7ff7a5895fb2
0x7ff7a5895fb7
0x7ff7a5895fbf
0x7ff7a5895fce
0x7ff7a5895fd4
0x7ff7a5895ff2

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5895EF9
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5895F1E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5895F48
std::_Facet_Register.LIBCPMT ref: 00007FF7A5895FBF
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5895FE0
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5895FF3

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 9ecf1524ad9f23ea5b36cce2976de06d585df165cb4f50bbf05c5ce41d08da14
Instruction ID: b11f0d053f74b883e2079c33924e547fe61827c6f8b05891212aed611211bd8c
Opcode Fuzzy Hash: 9ecf1524ad9f23ea5b36cce2976de06d585df165cb4f50bbf05c5ce41d08da14
Instruction Fuzzy Hash: 68319E21A0BA46C4EA05BB15D440179F362FF96FE0F8A0171EA1D0B6B5DF3CF4668320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5896E34 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A5896E34(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b648; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b5a0; // 0x10
				if (_t63 != 0) goto 0xa5896ea4;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b5a0 - _t63; // 0x10
				if (_t35 != 0) goto 0xa5896e93;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b5a0 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b5a0; // 0x10
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5896ec5;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa5896f2b;
				goto 0xa5896ec7;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5896ee0;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5896ee5;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa5896f2b;
				if (_t65 == 0) goto 0xa5896eef;
				goto 0xa5896f2b;
				E00007FF77FF7A58994C0(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66);
				if (_t45 == 0xffffffff) goto 0xa5896f43;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b648 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5896e34
0x7ff7a5896e3f
0x7ff7a5896e49
0x7ff7a5896e4f
0x7ff7a5896e56
0x7ff7a5896e5b
0x7ff7a5896e65
0x7ff7a5896e6e
0x7ff7a5896e73
0x7ff7a5896e7a
0x7ff7a5896e7c
0x7ff7a5896e84
0x7ff7a5896e8c
0x7ff7a5896e98
0x7ff7a5896e9d
0x7ff7a5896ea4
0x7ff7a5896ea8
0x7ff7a5896eb4
0x7ff7a5896eb6
0x7ff7a5896ec1
0x7ff7a5896ec3
0x7ff7a5896ecb
0x7ff7a5896ecd
0x7ff7a5896ed6
0x7ff7a5896ed8
0x7ff7a5896ee3
0x7ff7a5896ee8
0x7ff7a5896eed
0x7ff7a5896ef7
0x7ff7a5896f00
0x7ff7a5896f02
0x7ff7a5896f07
0x7ff7a5896f0f
0x7ff7a5896f1e
0x7ff7a5896f24
0x7ff7a5896f42

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896E49
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896E6E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896E98
std::_Facet_Register.LIBCPMT ref: 00007FF7A5896F0F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896F30
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5896F43

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 7593f44a7e8efc2f1c9f8fad3a3b842267c33ca84167b192b7cc02eb5333d544
Instruction ID: ff0dbada49a442cdec32cdd171568e3f8ababc80c5c8d785d335c980ce0e6038
Opcode Fuzzy Hash: 7593f44a7e8efc2f1c9f8fad3a3b842267c33ca84167b192b7cc02eb5333d544
Instruction Fuzzy Hash: 6531AF21A0BA46C4EA05BB56E400179B362FF46FE0F9A0175EA5D4B2B5DF3CF452C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A589668C Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FF77FF7A589668C(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b6e0; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b628; // 0x24
				if (_t63 != 0) goto 0xa58966fc;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b628 - _t63; // 0x24
				if (_t35 != 0) goto 0xa58966eb;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b628 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b628; // 0x24
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa589671d;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa5896783;
				goto 0xa589671f;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5896738;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa589673d;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa5896783;
				if (_t65 == 0) goto 0xa5896747;
				goto 0xa5896783;
				E00007FF77FF7A5898F2C(0, _t33, _t65,  &_a24, _t66);
				if (_t45 == 0xffffffff) goto 0xa589679b;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b6e0 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a589668c
0x7ff7a5896697
0x7ff7a58966a1
0x7ff7a58966a7
0x7ff7a58966ae
0x7ff7a58966b3
0x7ff7a58966bd
0x7ff7a58966c6
0x7ff7a58966cb
0x7ff7a58966d2
0x7ff7a58966d4
0x7ff7a58966dc
0x7ff7a58966e4
0x7ff7a58966f0
0x7ff7a58966f5
0x7ff7a58966fc
0x7ff7a5896700
0x7ff7a589670c
0x7ff7a589670e
0x7ff7a5896719
0x7ff7a589671b
0x7ff7a5896723
0x7ff7a5896725
0x7ff7a589672e
0x7ff7a5896730
0x7ff7a589673b
0x7ff7a5896740
0x7ff7a5896745
0x7ff7a589674f
0x7ff7a5896758
0x7ff7a589675a
0x7ff7a589675f
0x7ff7a5896767
0x7ff7a5896776
0x7ff7a589677c
0x7ff7a589679a

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58966A1
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58966C6
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58966F0
std::_Facet_Register.LIBCPMT ref: 00007FF7A5896767
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896788
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A589679B

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: d3550a4db6a0707c5d87a7e6d9763c17273402c13099a04b82da4dd641d95f59
Instruction ID: aa4a1632ab9ec53e878ea96533038f3535236e983102165ed299e50487876bc5
Opcode Fuzzy Hash: d3550a4db6a0707c5d87a7e6d9763c17273402c13099a04b82da4dd641d95f59
Instruction Fuzzy Hash: 44319425A0BA46D4EA05BB56D440179F362FF56FE0F8A0271EA5D076B5DF3CF4528320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5895DCC Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00007FF77FF7A5895DCC(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t34;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				long long _t50;
				long long _t55;
				intOrPtr _t62;
				signed long long _t63;
				long long _t64;
				void* _t65;
				void* _t66;
				signed int _t67;

				_t42 = __rax;
				_t65 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t64 =  *0xa591b658; // 0x0
				_a24 = _t64;
				_t62 =  *0xa591b5b0; // 0x12
				if (_t62 != 0) goto 0xa5895e3c;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t34 =  *0xa591b5b0 - _t62; // 0x12
				if (_t34 != 0) goto 0xa5895e2b;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b5b0 = _t42;
				_t24 = E00007FF77FF7A588BD58(_t42,  &_a8);
				_t63 =  *0xa591b5b0; // 0x12
				_t55 = _a8;
				_t67 = _t63 * 8;
				if (_t63 -  *((intOrPtr*)(_t55 + 0x18)) >= 0) goto 0xa5895e5d;
				_t43 =  *((intOrPtr*)(_t55 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t43)) != 0) goto 0xa5895ec3;
				goto 0xa5895e5f;
				if ( *((char*)(_t55 + 0x24)) == 0) goto 0xa5895e78;
				E00007FF77FF7A58920C4(_t24);
				if (_t63 -  *((intOrPtr*)(_t43 + 0x18)) >= 0) goto 0xa5895e7d;
				_t44 =  *((intOrPtr*)(_t43 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa5895ec3;
				if (_t64 == 0) goto 0xa5895e87;
				goto 0xa5895ec3;
				E00007FF77FF7A5898884(0, _t64,  &_a24, _t65, _t66);
				if (_t44 == 0xffffffff) goto 0xa5895edb;
				_t50 = _a24;
				_a8 = _t50;
				E00007FF77FF7A589208C(_t44, _t50);
				_t28 =  *0xa58e2390();
				 *0xa591b658 = _t50;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5895dcc
0x7ff7a5895dd7
0x7ff7a5895de1
0x7ff7a5895de7
0x7ff7a5895dee
0x7ff7a5895df3
0x7ff7a5895dfd
0x7ff7a5895e06
0x7ff7a5895e0b
0x7ff7a5895e12
0x7ff7a5895e14
0x7ff7a5895e1c
0x7ff7a5895e24
0x7ff7a5895e30
0x7ff7a5895e35
0x7ff7a5895e3c
0x7ff7a5895e40
0x7ff7a5895e4c
0x7ff7a5895e4e
0x7ff7a5895e59
0x7ff7a5895e5b
0x7ff7a5895e63
0x7ff7a5895e65
0x7ff7a5895e6e
0x7ff7a5895e70
0x7ff7a5895e7b
0x7ff7a5895e80
0x7ff7a5895e85
0x7ff7a5895e8f
0x7ff7a5895e98
0x7ff7a5895e9a
0x7ff7a5895e9f
0x7ff7a5895ea7
0x7ff7a5895eb6
0x7ff7a5895ebc
0x7ff7a5895eda

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5895DE1
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5895E06
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5895E30
std::_Facet_Register.LIBCPMT ref: 00007FF7A5895EA7
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5895EC8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5895EDB

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: fbb17fa4b31ace2fbd041bc8d0cb8898ad0a6869c00f66b2ba9405c46bcfb01a
Instruction ID: 936929bf034863c1d582fc6012f315c3454ff05998aad10746e18f69265c1283
Opcode Fuzzy Hash: fbb17fa4b31ace2fbd041bc8d0cb8898ad0a6869c00f66b2ba9405c46bcfb01a
Instruction Fuzzy Hash: 7831AF31A0AA4684EA25BB15D440178F322FF66FA0F8A0171EA5D4B6B5DF3DF4528320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5896D1C Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A5896D1C(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b6a8; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b5f0; // 0x1d
				if (_t63 != 0) goto 0xa5896d8c;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b5f0 - _t63; // 0x1d
				if (_t35 != 0) goto 0xa5896d7b;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b5f0 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b5f0; // 0x1d
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5896dad;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa5896e13;
				goto 0xa5896daf;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5896dc8;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5896dcd;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa5896e13;
				if (_t65 == 0) goto 0xa5896dd7;
				goto 0xa5896e13;
				E00007FF77FF7A5899404(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66);
				if (_t45 == 0xffffffff) goto 0xa5896e2b;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b6a8 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5896d1c
0x7ff7a5896d27
0x7ff7a5896d31
0x7ff7a5896d37
0x7ff7a5896d3e
0x7ff7a5896d43
0x7ff7a5896d4d
0x7ff7a5896d56
0x7ff7a5896d5b
0x7ff7a5896d62
0x7ff7a5896d64
0x7ff7a5896d6c
0x7ff7a5896d74
0x7ff7a5896d80
0x7ff7a5896d85
0x7ff7a5896d8c
0x7ff7a5896d90
0x7ff7a5896d9c
0x7ff7a5896d9e
0x7ff7a5896da9
0x7ff7a5896dab
0x7ff7a5896db3
0x7ff7a5896db5
0x7ff7a5896dbe
0x7ff7a5896dc0
0x7ff7a5896dcb
0x7ff7a5896dd0
0x7ff7a5896dd5
0x7ff7a5896ddf
0x7ff7a5896de8
0x7ff7a5896dea
0x7ff7a5896def
0x7ff7a5896df7
0x7ff7a5896e06
0x7ff7a5896e0c
0x7ff7a5896e2a

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896D31
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896D56
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896D80
std::_Facet_Register.LIBCPMT ref: 00007FF7A5896DF7
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896E18
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5896E2B

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 0c101b7ab20a9547417468610f47398d150180fc1abe3b130814aca0bf6f8559
Instruction ID: 12ec68894eda97aa36311b820b69c5e71492044c40ea98deadd82bcdc9403905
Opcode Fuzzy Hash: 0c101b7ab20a9547417468610f47398d150180fc1abe3b130814aca0bf6f8559
Instruction Fuzzy Hash: 5F31B221A0BA56C4EA55BB16D440178F322FB86FA0F8A0171EA6D4B6B5DF3CF4528320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5896574 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A5896574(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b670; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b5c8; // 0x15
				if (_t63 != 0) goto 0xa58965e4;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b5c8 - _t63; // 0x15
				if (_t35 != 0) goto 0xa58965d3;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b5c8 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b5c8; // 0x15
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5896605;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa589666b;
				goto 0xa5896607;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5896620;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5896625;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa589666b;
				if (_t65 == 0) goto 0xa589662f;
				goto 0xa589666b;
				E00007FF77FF7A5898E70(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66);
				if (_t45 == 0xffffffff) goto 0xa5896683;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b670 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5896574
0x7ff7a589657f
0x7ff7a5896589
0x7ff7a589658f
0x7ff7a5896596
0x7ff7a589659b
0x7ff7a58965a5
0x7ff7a58965ae
0x7ff7a58965b3
0x7ff7a58965ba
0x7ff7a58965bc
0x7ff7a58965c4
0x7ff7a58965cc
0x7ff7a58965d8
0x7ff7a58965dd
0x7ff7a58965e4
0x7ff7a58965e8
0x7ff7a58965f4
0x7ff7a58965f6
0x7ff7a5896601
0x7ff7a5896603
0x7ff7a589660b
0x7ff7a589660d
0x7ff7a5896616
0x7ff7a5896618
0x7ff7a5896623
0x7ff7a5896628
0x7ff7a589662d
0x7ff7a5896637
0x7ff7a5896640
0x7ff7a5896642
0x7ff7a5896647
0x7ff7a589664f
0x7ff7a589665e
0x7ff7a5896664
0x7ff7a5896682

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896589
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58965AE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58965D8
std::_Facet_Register.LIBCPMT ref: 00007FF7A589664F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896670
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5896683

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: ffb1ddd4d88bcaddf58bac97e7b9e95f39433b1263610152baa7b51ceefc0604
Instruction ID: 44b66f3aa4ffb273b5c85976a221ccce75bfc4d929ed38631bfe9cbb2f09dd99
Opcode Fuzzy Hash: ffb1ddd4d88bcaddf58bac97e7b9e95f39433b1263610152baa7b51ceefc0604
Instruction Fuzzy Hash: A631A721A0AA46C4EB05BB16D440179F362FF46FA4F8A0171EA2D472F5DF3CF4528320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58968BC Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FF77FF7A58968BC(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b680; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b5d8; // 0x17
				if (_t63 != 0) goto 0xa589692c;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b5d8 - _t63; // 0x17
				if (_t35 != 0) goto 0xa589691b;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b5d8 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b5d8; // 0x17
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa589694d;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa58969b3;
				goto 0xa589694f;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5896968;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa589696d;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa58969b3;
				if (_t65 == 0) goto 0xa5896977;
				goto 0xa58969b3;
				E00007FF77FF7A58990DC(0, _t33, _t65,  &_a24, _t66);
				if (_t45 == 0xffffffff) goto 0xa58969cb;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b680 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a58968bc
0x7ff7a58968c7
0x7ff7a58968d1
0x7ff7a58968d7
0x7ff7a58968de
0x7ff7a58968e3
0x7ff7a58968ed
0x7ff7a58968f6
0x7ff7a58968fb
0x7ff7a5896902
0x7ff7a5896904
0x7ff7a589690c
0x7ff7a5896914
0x7ff7a5896920
0x7ff7a5896925
0x7ff7a589692c
0x7ff7a5896930
0x7ff7a589693c
0x7ff7a589693e
0x7ff7a5896949
0x7ff7a589694b
0x7ff7a5896953
0x7ff7a5896955
0x7ff7a589695e
0x7ff7a5896960
0x7ff7a589696b
0x7ff7a5896970
0x7ff7a5896975
0x7ff7a589697f
0x7ff7a5896988
0x7ff7a589698a
0x7ff7a589698f
0x7ff7a5896997
0x7ff7a58969a6
0x7ff7a58969ac
0x7ff7a58969ca

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58968D1
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58968F6
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896920
std::_Facet_Register.LIBCPMT ref: 00007FF7A5896997
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58969B8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A58969CB

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 4ce7337265c0cd3d178e9e8d459601aa73d8873e919be2de9efb6b9c84d95ee2
Instruction ID: e83f34d98485d338761751cf7193277f26e6c9533ca0b277447e969b58fb8d02
Opcode Fuzzy Hash: 4ce7337265c0cd3d178e9e8d459601aa73d8873e919be2de9efb6b9c84d95ee2
Instruction Fuzzy Hash: 05318421A0AA46C5EA05BB16D440179F362FB96FA4F8A0171EA6D0B6B5DF3CF456C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5896114 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A5896114(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b660; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b5b8; // 0x13
				if (_t63 != 0) goto 0xa5896184;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b5b8 - _t63; // 0x13
				if (_t35 != 0) goto 0xa5896173;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b5b8 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b5b8; // 0x13
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa58961a5;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa589620b;
				goto 0xa58961a7;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa58961c0;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa58961c5;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa589620b;
				if (_t65 == 0) goto 0xa58961cf;
				goto 0xa589620b;
				E00007FF77FF7A5898B80(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66);
				if (_t45 == 0xffffffff) goto 0xa5896223;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b660 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5896114
0x7ff7a589611f
0x7ff7a5896129
0x7ff7a589612f
0x7ff7a5896136
0x7ff7a589613b
0x7ff7a5896145
0x7ff7a589614e
0x7ff7a5896153
0x7ff7a589615a
0x7ff7a589615c
0x7ff7a5896164
0x7ff7a589616c
0x7ff7a5896178
0x7ff7a589617d
0x7ff7a5896184
0x7ff7a5896188
0x7ff7a5896194
0x7ff7a5896196
0x7ff7a58961a1
0x7ff7a58961a3
0x7ff7a58961ab
0x7ff7a58961ad
0x7ff7a58961b6
0x7ff7a58961b8
0x7ff7a58961c3
0x7ff7a58961c8
0x7ff7a58961cd
0x7ff7a58961d7
0x7ff7a58961e0
0x7ff7a58961e2
0x7ff7a58961e7
0x7ff7a58961ef
0x7ff7a58961fe
0x7ff7a5896204
0x7ff7a5896222

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896129
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A589614E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896178
std::_Facet_Register.LIBCPMT ref: 00007FF7A58961EF
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896210
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5896223

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 7dd850a324f9ddd770def085d96d4407b1ecb909393a0c6fb40e1d2c47968987
Instruction ID: a9661ef49d625eac61cea92423fbcb77d3ef3318c81c99d20e32f46b924cc079
Opcode Fuzzy Hash: 7dd850a324f9ddd770def085d96d4407b1ecb909393a0c6fb40e1d2c47968987
Instruction Fuzzy Hash: BE31A421A0AA46C4FA55BB56D840178F362FB46FE0F8A0171EA2D072B5DF3CF456C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5897064 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FF77FF7A5897064(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b650; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b5a8; // 0x11
				if (_t63 != 0) goto 0xa58970d4;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b5a8 - _t63; // 0x11
				if (_t35 != 0) goto 0xa58970c3;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b5a8 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b5a8; // 0x11
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa58970f5;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa589715b;
				goto 0xa58970f7;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5897110;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5897115;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa589715b;
				if (_t65 == 0) goto 0xa589711f;
				goto 0xa589715b;
				E00007FF77FF7A5899644(0, 0, _t33, _t65,  &_a24, _t66);
				if (_t45 == 0xffffffff) goto 0xa5897173;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b650 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5897064
0x7ff7a589706f
0x7ff7a5897079
0x7ff7a589707f
0x7ff7a5897086
0x7ff7a589708b
0x7ff7a5897095
0x7ff7a589709e
0x7ff7a58970a3
0x7ff7a58970aa
0x7ff7a58970ac
0x7ff7a58970b4
0x7ff7a58970bc
0x7ff7a58970c8
0x7ff7a58970cd
0x7ff7a58970d4
0x7ff7a58970d8
0x7ff7a58970e4
0x7ff7a58970e6
0x7ff7a58970f1
0x7ff7a58970f3
0x7ff7a58970fb
0x7ff7a58970fd
0x7ff7a5897106
0x7ff7a5897108
0x7ff7a5897113
0x7ff7a5897118
0x7ff7a589711d
0x7ff7a5897127
0x7ff7a5897130
0x7ff7a5897132
0x7ff7a5897137
0x7ff7a589713f
0x7ff7a589714e
0x7ff7a5897154
0x7ff7a5897172

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5897079
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A589709E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58970C8
std::_Facet_Register.LIBCPMT ref: 00007FF7A589713F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5897160
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5897173

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: f50b2fc268c11f61ae25dca4454e46a694a5103a3c915c05be71601d4d6c02f0
Instruction ID: d7797c8d793bb3edd56186b587ea815a6448d1d0e189e522d0a278ae13f66f6d
Opcode Fuzzy Hash: f50b2fc268c11f61ae25dca4454e46a694a5103a3c915c05be71601d4d6c02f0
Instruction Fuzzy Hash: 5231A221A0AA46C5EA15BB15D840179F362FB57FE0F8A0571EA1E4B7B5DF3CF4528320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58967A4 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FF77FF7A58967A4(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b6d8; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b620; // 0x23
				if (_t63 != 0) goto 0xa5896814;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b620 - _t63; // 0x23
				if (_t35 != 0) goto 0xa5896803;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b620 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b620; // 0x23
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5896835;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa589689b;
				goto 0xa5896837;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5896850;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5896855;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa589689b;
				if (_t65 == 0) goto 0xa589685f;
				goto 0xa589689b;
				E00007FF77FF7A5899004(0, _t33, _t65,  &_a24, _t66);
				if (_t45 == 0xffffffff) goto 0xa58968b3;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b6d8 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a58967a4
0x7ff7a58967af
0x7ff7a58967b9
0x7ff7a58967bf
0x7ff7a58967c6
0x7ff7a58967cb
0x7ff7a58967d5
0x7ff7a58967de
0x7ff7a58967e3
0x7ff7a58967ea
0x7ff7a58967ec
0x7ff7a58967f4
0x7ff7a58967fc
0x7ff7a5896808
0x7ff7a589680d
0x7ff7a5896814
0x7ff7a5896818
0x7ff7a5896824
0x7ff7a5896826
0x7ff7a5896831
0x7ff7a5896833
0x7ff7a589683b
0x7ff7a589683d
0x7ff7a5896846
0x7ff7a5896848
0x7ff7a5896853
0x7ff7a5896858
0x7ff7a589685d
0x7ff7a5896867
0x7ff7a5896870
0x7ff7a5896872
0x7ff7a5896877
0x7ff7a589687f
0x7ff7a589688e
0x7ff7a5896894
0x7ff7a58968b2

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58967B9
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58967DE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896808
std::_Facet_Register.LIBCPMT ref: 00007FF7A589687F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58968A0
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A58968B3

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: a36051daccbe72d6339af574d6a3afd4434bca25ae4b43bc6398abfea152798b
Instruction ID: 9c67374f30211f1a8649e34849dc5dfbf7a3615e4b09c2415b8fa2cc6b1df822
Opcode Fuzzy Hash: a36051daccbe72d6339af574d6a3afd4434bca25ae4b43bc6398abfea152798b
Instruction Fuzzy Hash: 78317421A0AA46C5FA05BB16D4411B9F362FB56FE0F8A01B1EA6D172B5DF3CF452C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5895FFC Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A5895FFC(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b6c0; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b608; // 0x20
				if (_t63 != 0) goto 0xa589606c;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b608 - _t63; // 0x20
				if (_t35 != 0) goto 0xa589605b;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b608 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b608; // 0x20
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa589608d;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa58960f3;
				goto 0xa589608f;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa58960a8;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa58960ad;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa58960f3;
				if (_t65 == 0) goto 0xa58960b7;
				goto 0xa58960f3;
				E00007FF77FF7A5898AC4(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66);
				if (_t45 == 0xffffffff) goto 0xa589610b;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b6c0 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5895ffc
0x7ff7a5896007
0x7ff7a5896011
0x7ff7a5896017
0x7ff7a589601e
0x7ff7a5896023
0x7ff7a589602d
0x7ff7a5896036
0x7ff7a589603b
0x7ff7a5896042
0x7ff7a5896044
0x7ff7a589604c
0x7ff7a5896054
0x7ff7a5896060
0x7ff7a5896065
0x7ff7a589606c
0x7ff7a5896070
0x7ff7a589607c
0x7ff7a589607e
0x7ff7a5896089
0x7ff7a589608b
0x7ff7a5896093
0x7ff7a5896095
0x7ff7a589609e
0x7ff7a58960a0
0x7ff7a58960ab
0x7ff7a58960b0
0x7ff7a58960b5
0x7ff7a58960bf
0x7ff7a58960c8
0x7ff7a58960ca
0x7ff7a58960cf
0x7ff7a58960d7
0x7ff7a58960e6
0x7ff7a58960ec
0x7ff7a589610a

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896011
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896036
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896060
std::_Facet_Register.LIBCPMT ref: 00007FF7A58960D7
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58960F8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A589610B

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 6f67e72b41ac878e32479330c8e19416b3974d92f24a9f0729a4292a2836b116
Instruction ID: 9c4a5a96a0edd007d773833085ac3711f64855424f28bf3c0971483883ab8e8a
Opcode Fuzzy Hash: 6f67e72b41ac878e32479330c8e19416b3974d92f24a9f0729a4292a2836b116
Instruction Fuzzy Hash: 8A316121A0BA46C5EA05FB16D480179B362FB96FE0F8A0171EA6D076F5DF3DF4528320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5896F4C Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FF77FF7A5896F4C(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b6b0; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b5f8; // 0x1e
				if (_t63 != 0) goto 0xa5896fbc;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b5f8 - _t63; // 0x1e
				if (_t35 != 0) goto 0xa5896fab;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b5f8 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b5f8; // 0x1e
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5896fdd;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa5897043;
				goto 0xa5896fdf;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5896ff8;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5896ffd;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa5897043;
				if (_t65 == 0) goto 0xa5897007;
				goto 0xa5897043;
				E00007FF77FF7A589957C(0, 0, _t33, _t65,  &_a24, _t66);
				if (_t45 == 0xffffffff) goto 0xa589705b;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b6b0 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5896f4c
0x7ff7a5896f57
0x7ff7a5896f61
0x7ff7a5896f67
0x7ff7a5896f6e
0x7ff7a5896f73
0x7ff7a5896f7d
0x7ff7a5896f86
0x7ff7a5896f8b
0x7ff7a5896f92
0x7ff7a5896f94
0x7ff7a5896f9c
0x7ff7a5896fa4
0x7ff7a5896fb0
0x7ff7a5896fb5
0x7ff7a5896fbc
0x7ff7a5896fc0
0x7ff7a5896fcc
0x7ff7a5896fce
0x7ff7a5896fd9
0x7ff7a5896fdb
0x7ff7a5896fe3
0x7ff7a5896fe5
0x7ff7a5896fee
0x7ff7a5896ff0
0x7ff7a5896ffb
0x7ff7a5897000
0x7ff7a5897005
0x7ff7a589700f
0x7ff7a5897018
0x7ff7a589701a
0x7ff7a589701f
0x7ff7a5897027
0x7ff7a5897036
0x7ff7a589703c
0x7ff7a589705a

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896F61
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896F86
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896FB0
std::_Facet_Register.LIBCPMT ref: 00007FF7A5897027
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5897048
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A589705B

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 24585241d4b5701e1e9f6e218b928e2f2b38cf02069e7846adae3d4c541ad29c
Instruction ID: b40a0b8bcf10c5ff5feffa1f37129ae211450fbb33b309e1be93dbf379d9b020
Opcode Fuzzy Hash: 24585241d4b5701e1e9f6e218b928e2f2b38cf02069e7846adae3d4c541ad29c
Instruction Fuzzy Hash: 41318021A0BA56C4FA15BB16D440179F362FB96FE0F8A0171EA2D4B6B5DF3CF4528320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5896AEC Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A5896AEC(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b6a0; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b5e8; // 0x1c
				if (_t63 != 0) goto 0xa5896b5c;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b5e8 - _t63; // 0x1c
				if (_t35 != 0) goto 0xa5896b4b;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b5e8 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b5e8; // 0x1c
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5896b7d;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa5896be3;
				goto 0xa5896b7f;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5896b98;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5896b9d;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa5896be3;
				if (_t65 == 0) goto 0xa5896ba7;
				goto 0xa5896be3;
				E00007FF77FF7A589928C(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66);
				if (_t45 == 0xffffffff) goto 0xa5896bfb;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b6a0 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5896aec
0x7ff7a5896af7
0x7ff7a5896b01
0x7ff7a5896b07
0x7ff7a5896b0e
0x7ff7a5896b13
0x7ff7a5896b1d
0x7ff7a5896b26
0x7ff7a5896b2b
0x7ff7a5896b32
0x7ff7a5896b34
0x7ff7a5896b3c
0x7ff7a5896b44
0x7ff7a5896b50
0x7ff7a5896b55
0x7ff7a5896b5c
0x7ff7a5896b60
0x7ff7a5896b6c
0x7ff7a5896b6e
0x7ff7a5896b79
0x7ff7a5896b7b
0x7ff7a5896b83
0x7ff7a5896b85
0x7ff7a5896b8e
0x7ff7a5896b90
0x7ff7a5896b9b
0x7ff7a5896ba0
0x7ff7a5896ba5
0x7ff7a5896baf
0x7ff7a5896bb8
0x7ff7a5896bba
0x7ff7a5896bbf
0x7ff7a5896bc7
0x7ff7a5896bd6
0x7ff7a5896bdc
0x7ff7a5896bfa

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896B01
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896B26
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896B50
std::_Facet_Register.LIBCPMT ref: 00007FF7A5896BC7
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896BE8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5896BFB

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: c87d39838543c85c1e89beebdaba72e84e98bcde11486dfb222cb4b7fb6cc79b
Instruction ID: 7fdd1ff551469f034bff960bfce179c0d5274be642cca52f82c09bd1510ea9c0
Opcode Fuzzy Hash: c87d39838543c85c1e89beebdaba72e84e98bcde11486dfb222cb4b7fb6cc79b
Instruction Fuzzy Hash: F0318421A0AA46C4FA15BB16D440179F362FB96FE4F8A0171EA6D476B5EF3CF452C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A589622C Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A589622C(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b6c8; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b610; // 0x21
				if (_t63 != 0) goto 0xa589629c;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b610 - _t63; // 0x21
				if (_t35 != 0) goto 0xa589628b;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b610 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b610; // 0x21
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa58962bd;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa5896323;
				goto 0xa58962bf;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa58962d8;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa58962dd;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa5896323;
				if (_t65 == 0) goto 0xa58962e7;
				goto 0xa5896323;
				E00007FF77FF7A5898C3C(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66);
				if (_t45 == 0xffffffff) goto 0xa589633b;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b6c8 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a589622c
0x7ff7a5896237
0x7ff7a5896241
0x7ff7a5896247
0x7ff7a589624e
0x7ff7a5896253
0x7ff7a589625d
0x7ff7a5896266
0x7ff7a589626b
0x7ff7a5896272
0x7ff7a5896274
0x7ff7a589627c
0x7ff7a5896284
0x7ff7a5896290
0x7ff7a5896295
0x7ff7a589629c
0x7ff7a58962a0
0x7ff7a58962ac
0x7ff7a58962ae
0x7ff7a58962b9
0x7ff7a58962bb
0x7ff7a58962c3
0x7ff7a58962c5
0x7ff7a58962ce
0x7ff7a58962d0
0x7ff7a58962db
0x7ff7a58962e0
0x7ff7a58962e5
0x7ff7a58962ef
0x7ff7a58962f8
0x7ff7a58962fa
0x7ff7a58962ff
0x7ff7a5896307
0x7ff7a5896316
0x7ff7a589631c
0x7ff7a589633a

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896241
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896266
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896290
std::_Facet_Register.LIBCPMT ref: 00007FF7A5896307
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896328
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A589633B

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 16d3a98670e9cd708b9b0ac5babadb4e422271f25836e9a5cdd2fdd68d1f7590
Instruction ID: 9b2ab3b12bec2488d6d4695a83b96ed474794c847e6405c68367017e1e6e8d17
Opcode Fuzzy Hash: 16d3a98670e9cd708b9b0ac5babadb4e422271f25836e9a5cdd2fdd68d1f7590
Instruction Fuzzy Hash: 0B31B221A0BA46C4FA05AB56D440178F362FB96FE0F8A0571EA6D076B5DF3CF4528320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5897294 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FF77FF7A5897294(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b688; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b5e0; // 0x18
				if (_t63 != 0) goto 0xa5897304;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b5e0 - _t63; // 0x18
				if (_t35 != 0) goto 0xa58972f3;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b5e0 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b5e0; // 0x18
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5897325;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa589738b;
				goto 0xa5897327;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5897340;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5897345;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa589738b;
				if (_t65 == 0) goto 0xa589734f;
				goto 0xa589738b;
				E00007FF77FF7A58997F4(0, _t33, _t65,  &_a24, _t66);
				if (_t45 == 0xffffffff) goto 0xa58973a3;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b688 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5897294
0x7ff7a589729f
0x7ff7a58972a9
0x7ff7a58972af
0x7ff7a58972b6
0x7ff7a58972bb
0x7ff7a58972c5
0x7ff7a58972ce
0x7ff7a58972d3
0x7ff7a58972da
0x7ff7a58972dc
0x7ff7a58972e4
0x7ff7a58972ec
0x7ff7a58972f8
0x7ff7a58972fd
0x7ff7a5897304
0x7ff7a5897308
0x7ff7a5897314
0x7ff7a5897316
0x7ff7a5897321
0x7ff7a5897323
0x7ff7a589732b
0x7ff7a589732d
0x7ff7a5897336
0x7ff7a5897338
0x7ff7a5897343
0x7ff7a5897348
0x7ff7a589734d
0x7ff7a5897357
0x7ff7a5897360
0x7ff7a5897362
0x7ff7a5897367
0x7ff7a589736f
0x7ff7a589737e
0x7ff7a5897384
0x7ff7a58973a2

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58972A9
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58972CE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58972F8
std::_Facet_Register.LIBCPMT ref: 00007FF7A589736F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5897390
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A58973A3

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 7dac5e831b8712f3005d960d4ecca08007acdf56f4e59e5c304c50586b348b0d
Instruction ID: 796d8475eab2b5d4877ae1409b01d136d2ad411cbf338aad7c95f1328070335f
Opcode Fuzzy Hash: 7dac5e831b8712f3005d960d4ecca08007acdf56f4e59e5c304c50586b348b0d
Instruction Fuzzy Hash: DF318F21A0AA46C5EA05AB15D4401B8F362FB87FE0FCA0171EE1D8B6B5DF3CF4528320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58969D4 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FF77FF7A58969D4(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b678; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b5d0; // 0x16
				if (_t63 != 0) goto 0xa5896a44;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b5d0 - _t63; // 0x16
				if (_t35 != 0) goto 0xa5896a33;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b5d0 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b5d0; // 0x16
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5896a65;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa5896acb;
				goto 0xa5896a67;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5896a80;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5896a85;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa5896acb;
				if (_t65 == 0) goto 0xa5896a8f;
				goto 0xa5896acb;
				E00007FF77FF7A58991B4(0, _t33, _t65,  &_a24, _t66);
				if (_t45 == 0xffffffff) goto 0xa5896ae3;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b678 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a58969d4
0x7ff7a58969df
0x7ff7a58969e9
0x7ff7a58969ef
0x7ff7a58969f6
0x7ff7a58969fb
0x7ff7a5896a05
0x7ff7a5896a0e
0x7ff7a5896a13
0x7ff7a5896a1a
0x7ff7a5896a1c
0x7ff7a5896a24
0x7ff7a5896a2c
0x7ff7a5896a38
0x7ff7a5896a3d
0x7ff7a5896a44
0x7ff7a5896a48
0x7ff7a5896a54
0x7ff7a5896a56
0x7ff7a5896a61
0x7ff7a5896a63
0x7ff7a5896a6b
0x7ff7a5896a6d
0x7ff7a5896a76
0x7ff7a5896a78
0x7ff7a5896a83
0x7ff7a5896a88
0x7ff7a5896a8d
0x7ff7a5896a97
0x7ff7a5896aa0
0x7ff7a5896aa2
0x7ff7a5896aa7
0x7ff7a5896aaf
0x7ff7a5896abe
0x7ff7a5896ac4
0x7ff7a5896ae2

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58969E9
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896A0E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896A38
std::_Facet_Register.LIBCPMT ref: 00007FF7A5896AAF
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896AD0
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5896AE3

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 3c25152e531d1c3ed1c60d85094ddfb6bda29e6c71073744432321c9dd5599c2
Instruction ID: 9f20e1b20434641c36847e6f55de063656c2d7664e067b22d811f61f67d96acd
Opcode Fuzzy Hash: 3c25152e531d1c3ed1c60d85094ddfb6bda29e6c71073744432321c9dd5599c2
Instruction Fuzzy Hash: BF318421B0BA46C4EA05BB16D840179F362FB56FE0F9A8171EA5D472B5DF3CF4568320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A589717C Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00007FF77FF7A589717C(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				void* _t67;
				signed int _t68;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b6e8; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b630; // 0x25
				if (_t63 != 0) goto 0xa58971ec;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b630 - _t63; // 0x25
				if (_t35 != 0) goto 0xa58971db;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b630 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b630; // 0x25
				_t56 = _a8;
				_t68 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa589720d;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t68 + _t44)) != 0) goto 0xa5897273;
				goto 0xa589720f;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5897228;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa589722d;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t68 + _t45)) != 0) goto 0xa5897273;
				if (_t65 == 0) goto 0xa5897237;
				goto 0xa5897273;
				E00007FF77FF7A589970C(0, _t33, _t65,  &_a24, _t66, _t67);
				if (_t45 == 0xffffffff) goto 0xa589728b;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b6e8 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a589717c
0x7ff7a5897187
0x7ff7a5897191
0x7ff7a5897197
0x7ff7a589719e
0x7ff7a58971a3
0x7ff7a58971ad
0x7ff7a58971b6
0x7ff7a58971bb
0x7ff7a58971c2
0x7ff7a58971c4
0x7ff7a58971cc
0x7ff7a58971d4
0x7ff7a58971e0
0x7ff7a58971e5
0x7ff7a58971ec
0x7ff7a58971f0
0x7ff7a58971fc
0x7ff7a58971fe
0x7ff7a5897209
0x7ff7a589720b
0x7ff7a5897213
0x7ff7a5897215
0x7ff7a589721e
0x7ff7a5897220
0x7ff7a589722b
0x7ff7a5897230
0x7ff7a5897235
0x7ff7a589723f
0x7ff7a5897248
0x7ff7a589724a
0x7ff7a589724f
0x7ff7a5897257
0x7ff7a5897266
0x7ff7a589726c
0x7ff7a589728a

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5897191
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58971B6
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58971E0
std::_Facet_Register.LIBCPMT ref: 00007FF7A5897257
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5897278
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A589728B

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: bf68cc3ce809adf2f84851de8e767b846911e1504bebea54620543192ddc3c06
Instruction ID: 5408da3570ec06172850b94f24b4bfa1e1a57b1bc1ea1489b02e6146f9759c39
Opcode Fuzzy Hash: bf68cc3ce809adf2f84851de8e767b846911e1504bebea54620543192ddc3c06
Instruction Fuzzy Hash: 3531AF21A1BA4685EA05BB55D440178F322FB97FE0F8A0171FA5E4B6B5DF3CF4568320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5895CB4 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00007FF77FF7A5895CB4(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t34;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				long long _t50;
				long long _t55;
				intOrPtr _t62;
				signed long long _t63;
				long long _t64;
				void* _t65;
				void* _t66;
				signed int _t67;

				_t42 = __rax;
				_t65 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t64 =  *0xa591b6b8; // 0x0
				_a24 = _t64;
				_t62 =  *0xa591b600; // 0x1f
				if (_t62 != 0) goto 0xa5895d24;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t34 =  *0xa591b600 - _t62; // 0x1f
				if (_t34 != 0) goto 0xa5895d13;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b600 = _t42;
				_t24 = E00007FF77FF7A588BD58(_t42,  &_a8);
				_t63 =  *0xa591b600; // 0x1f
				_t55 = _a8;
				_t67 = _t63 * 8;
				if (_t63 -  *((intOrPtr*)(_t55 + 0x18)) >= 0) goto 0xa5895d45;
				_t43 =  *((intOrPtr*)(_t55 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t43)) != 0) goto 0xa5895dab;
				goto 0xa5895d47;
				if ( *((char*)(_t55 + 0x24)) == 0) goto 0xa5895d60;
				E00007FF77FF7A58920C4(_t24);
				if (_t63 -  *((intOrPtr*)(_t43 + 0x18)) >= 0) goto 0xa5895d65;
				_t44 =  *((intOrPtr*)(_t43 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa5895dab;
				if (_t64 == 0) goto 0xa5895d6f;
				goto 0xa5895dab;
				E00007FF77FF7A589874C(0, _t64,  &_a24, _t65, _t66);
				if (_t44 == 0xffffffff) goto 0xa5895dc3;
				_t50 = _a24;
				_a8 = _t50;
				E00007FF77FF7A589208C(_t44, _t50);
				_t28 =  *0xa58e2390();
				 *0xa591b6b8 = _t50;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5895cb4
0x7ff7a5895cbf
0x7ff7a5895cc9
0x7ff7a5895ccf
0x7ff7a5895cd6
0x7ff7a5895cdb
0x7ff7a5895ce5
0x7ff7a5895cee
0x7ff7a5895cf3
0x7ff7a5895cfa
0x7ff7a5895cfc
0x7ff7a5895d04
0x7ff7a5895d0c
0x7ff7a5895d18
0x7ff7a5895d1d
0x7ff7a5895d24
0x7ff7a5895d28
0x7ff7a5895d34
0x7ff7a5895d36
0x7ff7a5895d41
0x7ff7a5895d43
0x7ff7a5895d4b
0x7ff7a5895d4d
0x7ff7a5895d56
0x7ff7a5895d58
0x7ff7a5895d63
0x7ff7a5895d68
0x7ff7a5895d6d
0x7ff7a5895d77
0x7ff7a5895d80
0x7ff7a5895d82
0x7ff7a5895d87
0x7ff7a5895d8f
0x7ff7a5895d9e
0x7ff7a5895da4
0x7ff7a5895dc2

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5895CC9
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5895CEE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5895D18
std::_Facet_Register.LIBCPMT ref: 00007FF7A5895D8F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5895DB0
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5895DC3

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 18d2485d5e947f02bcc5bb288c9238fc530f5d5f4bd92a70182764cfd21d1cf5
Instruction ID: e456297f722a6129d27f83099935964fbf1c23f1e9db3edf1d3c3b716bdf25e9
Opcode Fuzzy Hash: 18d2485d5e947f02bcc5bb288c9238fc530f5d5f4bd92a70182764cfd21d1cf5
Instruction Fuzzy Hash: E7317221A0BA4684EA55BB15D444179F362FFA6FE0F8A0171EA5D0B2B9DF3CF4528320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A589645C Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A589645C(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b6d0; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b618; // 0x22
				if (_t63 != 0) goto 0xa58964cc;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b618 - _t63; // 0x22
				if (_t35 != 0) goto 0xa58964bb;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b618 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b618; // 0x22
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa58964ed;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa5896553;
				goto 0xa58964ef;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5896508;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa589650d;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa5896553;
				if (_t65 == 0) goto 0xa5896517;
				goto 0xa5896553;
				E00007FF77FF7A5898DB4(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66);
				if (_t45 == 0xffffffff) goto 0xa589656b;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b6d0 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a589645c
0x7ff7a5896467
0x7ff7a5896471
0x7ff7a5896477
0x7ff7a589647e
0x7ff7a5896483
0x7ff7a589648d
0x7ff7a5896496
0x7ff7a589649b
0x7ff7a58964a2
0x7ff7a58964a4
0x7ff7a58964ac
0x7ff7a58964b4
0x7ff7a58964c0
0x7ff7a58964c5
0x7ff7a58964cc
0x7ff7a58964d0
0x7ff7a58964dc
0x7ff7a58964de
0x7ff7a58964e9
0x7ff7a58964eb
0x7ff7a58964f3
0x7ff7a58964f5
0x7ff7a58964fe
0x7ff7a5896500
0x7ff7a589650b
0x7ff7a5896510
0x7ff7a5896515
0x7ff7a589651f
0x7ff7a5896528
0x7ff7a589652a
0x7ff7a589652f
0x7ff7a5896537
0x7ff7a5896546
0x7ff7a589654c
0x7ff7a589656a

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896471
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896496
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58964C0
std::_Facet_Register.LIBCPMT ref: 00007FF7A5896537
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896558
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A589656B

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: bc4d53418cfb1780c47379b8584d14902f66f3e180057e52327aafb3a73dad42
Instruction ID: a2e51cd7180fa06960b3ece6aea4b2d58f91441a51dbe4d90754a1b90ccb4765
Opcode Fuzzy Hash: bc4d53418cfb1780c47379b8584d14902f66f3e180057e52327aafb3a73dad42
Instruction Fuzzy Hash: 67319421A0BA46C5EB15BB56D440178F362FB96FE0F8A0171EA6E072B5DF3CF4528320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58973AC Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00007FF77FF7A58973AC(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t34;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t44;
				long long _t50;
				long long _t55;
				intOrPtr _t62;
				signed long long _t63;
				long long _t64;
				void* _t65;
				signed int _t66;

				_t42 = __rax;
				_t65 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t64 =  *0xa591b6f0; // 0x0
				_a24 = _t64;
				_t62 =  *0xa591b638; // 0x26
				if (_t62 != 0) goto 0xa589741c;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t34 =  *0xa591b638 - _t62; // 0x26
				if (_t34 != 0) goto 0xa589740b;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b638 = _t42;
				_t24 = E00007FF77FF7A588BD58(_t42,  &_a8);
				_t63 =  *0xa591b638; // 0x26
				_t55 = _a8;
				_t66 = _t63 * 8;
				if (_t63 -  *((intOrPtr*)(_t55 + 0x18)) >= 0) goto 0xa589743d;
				_t43 =  *((intOrPtr*)(_t55 + 0x10));
				if ( *((intOrPtr*)(_t66 + _t43)) != 0) goto 0xa58974a3;
				goto 0xa589743f;
				if ( *((char*)(_t55 + 0x24)) == 0) goto 0xa5897458;
				E00007FF77FF7A58920C4(_t24);
				if (_t63 -  *((intOrPtr*)(_t43 + 0x18)) >= 0) goto 0xa589745d;
				_t44 =  *((intOrPtr*)(_t43 + 0x10));
				if ( *((intOrPtr*)(_t66 + _t44)) != 0) goto 0xa58974a3;
				if (_t64 == 0) goto 0xa5897467;
				goto 0xa58974a3;
				E00007FF77FF7A58998DC(0, _t44, _t64,  &_a24, _t65, _t65);
				if (_t44 == 0xffffffff) goto 0xa58974bb;
				_t50 = _a24;
				_a8 = _t50;
				E00007FF77FF7A589208C(_t44, _t50);
				_t28 =  *0xa58e2390();
				 *0xa591b6f0 = _t50;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a58973ac
0x7ff7a58973b7
0x7ff7a58973c1
0x7ff7a58973c7
0x7ff7a58973ce
0x7ff7a58973d3
0x7ff7a58973dd
0x7ff7a58973e6
0x7ff7a58973eb
0x7ff7a58973f2
0x7ff7a58973f4
0x7ff7a58973fc
0x7ff7a5897404
0x7ff7a5897410
0x7ff7a5897415
0x7ff7a589741c
0x7ff7a5897420
0x7ff7a589742c
0x7ff7a589742e
0x7ff7a5897439
0x7ff7a589743b
0x7ff7a5897443
0x7ff7a5897445
0x7ff7a589744e
0x7ff7a5897450
0x7ff7a589745b
0x7ff7a5897460
0x7ff7a5897465
0x7ff7a589746f
0x7ff7a5897478
0x7ff7a589747a
0x7ff7a589747f
0x7ff7a5897487
0x7ff7a5897496
0x7ff7a589749c
0x7ff7a58974ba

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58973C1
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58973E6
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5897410
std::_Facet_Register.LIBCPMT ref: 00007FF7A5897487
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58974A8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A58974BB

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 0906faf4b68351dbcbaf5d5ace1e3b80cfb62bc57956a4c00c4a9bf8770e9479
Instruction ID: dca1e451627040e734bf16b5391779d8c1b8711e1e3829bc2c887b259ca5169a
Opcode Fuzzy Hash: 0906faf4b68351dbcbaf5d5ace1e3b80cfb62bc57956a4c00c4a9bf8770e9479
Instruction Fuzzy Hash: D3318161A0BA4684EE05BB15D8401B8B762FB97FA0F8A0171EA5D476B6DE3CF4528720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5895B9C Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E00007FF77FF7A5895B9C(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				void* _t67;
				signed int _t68;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b6f8; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b300; // 0x27
				if (_t63 != 0) goto 0xa5895c0c;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b300 - _t63; // 0x27
				if (_t35 != 0) goto 0xa5895bfb;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b300 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b300; // 0x27
				_t56 = _a8;
				_t68 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5895c2d;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t68 + _t44)) != 0) goto 0xa5895c93;
				goto 0xa5895c2f;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5895c48;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5895c4d;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t68 + _t45)) != 0) goto 0xa5895c93;
				if (_t65 == 0) goto 0xa5895c57;
				goto 0xa5895c93;
				E00007FF77FF7A5898660(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66, _t67);
				if (_t45 == 0xffffffff) goto 0xa5895cab;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b6f8 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5895b9c
0x7ff7a5895ba7
0x7ff7a5895bb1
0x7ff7a5895bb7
0x7ff7a5895bbe
0x7ff7a5895bc3
0x7ff7a5895bcd
0x7ff7a5895bd6
0x7ff7a5895bdb
0x7ff7a5895be2
0x7ff7a5895be4
0x7ff7a5895bec
0x7ff7a5895bf4
0x7ff7a5895c00
0x7ff7a5895c05
0x7ff7a5895c0c
0x7ff7a5895c10
0x7ff7a5895c1c
0x7ff7a5895c1e
0x7ff7a5895c29
0x7ff7a5895c2b
0x7ff7a5895c33
0x7ff7a5895c35
0x7ff7a5895c3e
0x7ff7a5895c40
0x7ff7a5895c4b
0x7ff7a5895c50
0x7ff7a5895c55
0x7ff7a5895c5f
0x7ff7a5895c68
0x7ff7a5895c6a
0x7ff7a5895c6f
0x7ff7a5895c77
0x7ff7a5895c86
0x7ff7a5895c8c
0x7ff7a5895caa

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5895BB1
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5895BD6
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5895C00
std::_Facet_Register.LIBCPMT ref: 00007FF7A5895C77
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5895C98
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5895CAB

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 225ad32f895ea121f6c593befa51e5d0db6dfbf91dce318195503177882d37dc
Instruction ID: 7a9c3f070d6395e20e08b31bd2378b23009f6efd26019be80332c5cef412d86f
Opcode Fuzzy Hash: 225ad32f895ea121f6c593befa51e5d0db6dfbf91dce318195503177882d37dc
Instruction Fuzzy Hash: 6C318021A0BA46C4EA05BB15D440179F362FFA6FA4F8A0171EA5D4B6B5DF3CF4628360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58923D8 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A58923D8(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b470; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b320; // 0x1a
				if (_t63 != 0) goto 0xa5892448;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b320 - _t63; // 0x1a
				if (_t35 != 0) goto 0xa5892437;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b320 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b320; // 0x1a
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5892469;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa58924cf;
				goto 0xa589246b;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5892484;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5892489;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa58924cf;
				if (_t65 == 0) goto 0xa5892493;
				goto 0xa58924cf;
				E00007FF77FF7A5892AC8(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66);
				if (_t45 == 0xffffffff) goto 0xa58924e7;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b470 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a58923d8
0x7ff7a58923e3
0x7ff7a58923ed
0x7ff7a58923f3
0x7ff7a58923fa
0x7ff7a58923ff
0x7ff7a5892409
0x7ff7a5892412
0x7ff7a5892417
0x7ff7a589241e
0x7ff7a5892420
0x7ff7a5892428
0x7ff7a5892430
0x7ff7a589243c
0x7ff7a5892441
0x7ff7a5892448
0x7ff7a589244c
0x7ff7a5892458
0x7ff7a589245a
0x7ff7a5892465
0x7ff7a5892467
0x7ff7a589246f
0x7ff7a5892471
0x7ff7a589247a
0x7ff7a589247c
0x7ff7a5892487
0x7ff7a589248c
0x7ff7a5892491
0x7ff7a589249b
0x7ff7a58924a4
0x7ff7a58924a6
0x7ff7a58924ab
0x7ff7a58924b3
0x7ff7a58924c2
0x7ff7a58924c8
0x7ff7a58924e6

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A58923ED
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5892412
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A589243C
std::_Facet_Register.LIBCPMT ref: 00007FF7A58924B3
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58924D4
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A58924E7

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: d98699243bfbf46ff8adf6f58f4abf02c326650249293a727edd45dc464341f0
Instruction ID: 7d33dd72b7aae43e1fa6902cedd24064a9774cf93d146e24514f487eeac11c71
Opcode Fuzzy Hash: d98699243bfbf46ff8adf6f58f4abf02c326650249293a727edd45dc464341f0
Instruction Fuzzy Hash: AB315061A0BA46C4EA15AB55D800179F362FB46FA4F8A0172FA5E076B5DF2CF4668320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588DC14 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A588DC14(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b2d8; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b2d0; // 0x5
				if (_t63 != 0) goto 0xa588dc84;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b2d0 - _t63; // 0x5
				if (_t35 != 0) goto 0xa588dc73;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b2d0 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b2d0; // 0x5
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa588dca5;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa588dd0b;
				goto 0xa588dca7;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa588dcc0;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa588dcc5;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa588dd0b;
				if (_t65 == 0) goto 0xa588dccf;
				goto 0xa588dd0b;
				E00007FF77FF7A588DD2C(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66);
				if (_t45 == 0xffffffff) goto 0xa588dd23;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b2d8 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a588dc14
0x7ff7a588dc1f
0x7ff7a588dc29
0x7ff7a588dc2f
0x7ff7a588dc36
0x7ff7a588dc3b
0x7ff7a588dc45
0x7ff7a588dc4e
0x7ff7a588dc53
0x7ff7a588dc5a
0x7ff7a588dc5c
0x7ff7a588dc64
0x7ff7a588dc6c
0x7ff7a588dc78
0x7ff7a588dc7d
0x7ff7a588dc84
0x7ff7a588dc88
0x7ff7a588dc94
0x7ff7a588dc96
0x7ff7a588dca1
0x7ff7a588dca3
0x7ff7a588dcab
0x7ff7a588dcad
0x7ff7a588dcb6
0x7ff7a588dcb8
0x7ff7a588dcc3
0x7ff7a588dcc8
0x7ff7a588dccd
0x7ff7a588dcd7
0x7ff7a588dce0
0x7ff7a588dce2
0x7ff7a588dce7
0x7ff7a588dcef
0x7ff7a588dcfe
0x7ff7a588dd04
0x7ff7a588dd22

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A588DC29
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A588DC4E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A588DC78
std::_Facet_Register.LIBCPMT ref: 00007FF7A588DCEF
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A588DD10
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A588DD23

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 6459005f0bbea6b3ad378cabdb4c7f315e9fa2c1f428f92a64cc48b75485b060
Instruction ID: 9f7b7f714e3aaf674aa8bc281a53283f31db3f234fba403f6a1b06397df972b4
Opcode Fuzzy Hash: 6459005f0bbea6b3ad378cabdb4c7f315e9fa2c1f428f92a64cc48b75485b060
Instruction Fuzzy Hash: 33318321A0BA4685EA05BB15D440179E3A2FB96FE1F8A0571DE1D0B3B9DF7CE456C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5896C04 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A5896C04(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b640; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b598; // 0xf
				if (_t63 != 0) goto 0xa5896c74;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b598 - _t63; // 0xf
				if (_t35 != 0) goto 0xa5896c63;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b598 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b598; // 0xf
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa5896c95;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa5896cfb;
				goto 0xa5896c97;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa5896cb0;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa5896cb5;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa5896cfb;
				if (_t65 == 0) goto 0xa5896cbf;
				goto 0xa5896cfb;
				E00007FF77FF7A5899348(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66);
				if (_t45 == 0xffffffff) goto 0xa5896d13;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b640 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5896c04
0x7ff7a5896c0f
0x7ff7a5896c19
0x7ff7a5896c1f
0x7ff7a5896c26
0x7ff7a5896c2b
0x7ff7a5896c35
0x7ff7a5896c3e
0x7ff7a5896c43
0x7ff7a5896c4a
0x7ff7a5896c4c
0x7ff7a5896c54
0x7ff7a5896c5c
0x7ff7a5896c68
0x7ff7a5896c6d
0x7ff7a5896c74
0x7ff7a5896c78
0x7ff7a5896c84
0x7ff7a5896c86
0x7ff7a5896c91
0x7ff7a5896c93
0x7ff7a5896c9b
0x7ff7a5896c9d
0x7ff7a5896ca6
0x7ff7a5896ca8
0x7ff7a5896cb3
0x7ff7a5896cb8
0x7ff7a5896cbd
0x7ff7a5896cc7
0x7ff7a5896cd0
0x7ff7a5896cd2
0x7ff7a5896cd7
0x7ff7a5896cdf
0x7ff7a5896cee
0x7ff7a5896cf4
0x7ff7a5896d12

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896C19
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896C3E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896C68
std::_Facet_Register.LIBCPMT ref: 00007FF7A5896CDF
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896D00
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5896D13

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 9f87098008f78e631d6993847b2652e4bdd66bafcd7683ef1f74234e45fa22d1
Instruction ID: 746c9efd13c81a128a36181a3fcef5422299a6e60008bc12a2989cfc159adb8d
Opcode Fuzzy Hash: 9f87098008f78e631d6993847b2652e4bdd66bafcd7683ef1f74234e45fa22d1
Instruction Fuzzy Hash: E3316D21A0AA46C5EA15AB16D440179B362FB96FE4F8A0171FA6D0B2B5DF3CF4528360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5896344 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF77FF7A5896344(intOrPtr __rax, void* __rcx, long long _a8, char _a16, void* _a24) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				intOrPtr _t21;
				void* _t24;
				void* _t28;
				void* _t33;
				void* _t35;
				intOrPtr _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				long long _t51;
				long long _t56;
				intOrPtr _t63;
				signed long long _t64;
				long long _t65;
				void* _t66;
				signed int _t67;

				_t43 = __rax;
				_t66 = __rcx;
				E00007FF77FF7A588BCE0(0,  &_a16);
				_t65 =  *0xa591b668; // 0x0
				_a24 = _t65;
				_t63 =  *0xa591b5c0; // 0x14
				if (_t63 != 0) goto 0xa58963b4;
				E00007FF77FF7A588BCE0(0,  &_a8);
				_t35 =  *0xa591b5c0 - _t63; // 0x14
				if (_t35 != 0) goto 0xa58963a3;
				_t21 =  *0xa591b2e0; // 0x27
				 *0xa591b2e0 = _t21 + 1;
				 *0xa591b5c0 = _t43;
				_t24 = E00007FF77FF7A588BD58(_t43,  &_a8);
				_t64 =  *0xa591b5c0; // 0x14
				_t56 = _a8;
				_t67 = _t64 * 8;
				if (_t64 -  *((intOrPtr*)(_t56 + 0x18)) >= 0) goto 0xa58963d5;
				_t44 =  *((intOrPtr*)(_t56 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t44)) != 0) goto 0xa589643b;
				goto 0xa58963d7;
				if ( *((char*)(_t56 + 0x24)) == 0) goto 0xa58963f0;
				E00007FF77FF7A58920C4(_t24);
				if (_t64 -  *((intOrPtr*)(_t44 + 0x18)) >= 0) goto 0xa58963f5;
				_t45 =  *((intOrPtr*)(_t44 + 0x10));
				if ( *((intOrPtr*)(_t67 + _t45)) != 0) goto 0xa589643b;
				if (_t65 == 0) goto 0xa58963ff;
				goto 0xa589643b;
				E00007FF77FF7A5898CF8(0, _t33, _t45, _t65,  &_a24, _t66, _t65, _t66);
				if (_t45 == 0xffffffff) goto 0xa5896453;
				_t51 = _a24;
				_a8 = _t51;
				E00007FF77FF7A589208C(_t45, _t51);
				_t28 =  *0xa58e2390();
				 *0xa591b668 = _t51;
				return E00007FF77FF7A588BD58(_t28,  &_a16);
			}

0x7ff7a5896344
0x7ff7a589634f
0x7ff7a5896359
0x7ff7a589635f
0x7ff7a5896366
0x7ff7a589636b
0x7ff7a5896375
0x7ff7a589637e
0x7ff7a5896383
0x7ff7a589638a
0x7ff7a589638c
0x7ff7a5896394
0x7ff7a589639c
0x7ff7a58963a8
0x7ff7a58963ad
0x7ff7a58963b4
0x7ff7a58963b8
0x7ff7a58963c4
0x7ff7a58963c6
0x7ff7a58963d1
0x7ff7a58963d3
0x7ff7a58963db
0x7ff7a58963dd
0x7ff7a58963e6
0x7ff7a58963e8
0x7ff7a58963f3
0x7ff7a58963f8
0x7ff7a58963fd
0x7ff7a5896407
0x7ff7a5896410
0x7ff7a5896412
0x7ff7a5896417
0x7ff7a589641f
0x7ff7a589642e
0x7ff7a5896434
0x7ff7a5896452

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A5896359
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A589637E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A58963A8
std::_Facet_Register.LIBCPMT ref: 00007FF7A589641F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A5896440
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5896453

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: ac653af9b8bdb87d71a18bcadccc4fedcae61c71c8458fc42c0441d9c8ea31ca
Instruction ID: 7ab123da31427f5f1e8b42aa4a1c9cc52ee7d7a89bfa6ba12ce39677742bfce1
Opcode Fuzzy Hash: ac653af9b8bdb87d71a18bcadccc4fedcae61c71c8458fc42c0441d9c8ea31ca
Instruction Fuzzy Hash: 29318121A0BA46C5FA05AB56D440179B362FF56FA0F8A0171EA2D476B5DF3CF4528320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58CDC94 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF7A58C18A5,?,?,?,?,00007FF7A58D9086,?,?,00000000,00007FF7A58D2647,?,?,?), ref: 00007FF7A58CDCA3
FlsSetValue.KERNEL32(?,?,?,00007FF7A58C18A5,?,?,?,?,00007FF7A58D9086,?,?,00000000,00007FF7A58D2647,?,?,?), ref: 00007FF7A58CDCD9
FlsSetValue.KERNEL32(?,?,?,00007FF7A58C18A5,?,?,?,?,00007FF7A58D9086,?,?,00000000,00007FF7A58D2647,?,?,?), ref: 00007FF7A58CDD06
FlsSetValue.KERNEL32(?,?,?,00007FF7A58C18A5,?,?,?,?,00007FF7A58D9086,?,?,00000000,00007FF7A58D2647,?,?,?), ref: 00007FF7A58CDD17
FlsSetValue.KERNEL32(?,?,?,00007FF7A58C18A5,?,?,?,?,00007FF7A58D9086,?,?,00000000,00007FF7A58D2647,?,?,?), ref: 00007FF7A58CDD28
SetLastError.KERNEL32(?,?,?,00007FF7A58C18A5,?,?,?,?,00007FF7A58D9086,?,?,00000000,00007FF7A58D2647,?,?,?), ref: 00007FF7A58CDD43

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 6c23994c0b04f7c5f98b28fe8e7fa4fb06792aea6a663df09d88ed702cfab66f
Instruction ID: 66676dbcfc9fc5192b1ccb411d4fb8607c1d562c8282f285352d59a86764451e
Opcode Fuzzy Hash: 6c23994c0b04f7c5f98b28fe8e7fa4fb06792aea6a663df09d88ed702cfab66f
Instruction Fuzzy Hash: 3A114F21E0B78282F6547721595113DD2916F86FB0F9607B5E96E077FADD6CB4314320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58AE038 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E00007FF77FF7A58AE038(void* __ecx, void* __edx, long long __rbx, void* __rcx, long long __rdx, void* __r9, long long _a24) {
				signed int _v40;
				long long _v48;
				signed long long _v56;
				signed int _v72;
				long long _v80;
				signed long long _v88;
				signed int _v104;
				long long _v112;
				signed int _v120;
				signed int _t44;
				void* _t46;
				signed long long _t62;
				intOrPtr _t64;
				char* _t66;
				intOrPtr _t87;
				intOrPtr _t90;
				long long _t94;
				void* _t96;

				_t74 = __rbx;
				_t46 = __ecx;
				_a24 = __rbx;
				_t97 = _t96 - 0x80;
				_t62 =  *0xa58fb008; // 0x485f0d1bb70c
				_v40 = _t62 ^ _t96 - 0x00000080;
				_v112 = __rdx;
				_v120 = _v120 & 0x00000000;
				_t64 =  *((intOrPtr*)(__rcx + 8));
				if (_t64 == 0) goto 0xa58ae09e;
				if ( *((intOrPtr*)(_t64 + 0x28)) != 0) goto 0xa58ae079;
				_v104 = _v104 & 0x00000000;
				_v88 = _v88 & 0x00000000;
				_v80 = _t94;
				E00007FF77FF7A5887410( &_v104, _t64 + 0x30);
				goto 0xa58ae0b8;
				_v72 = _v72 & 0x00000000;
				_v56 = _v56 & 0x00000000;
				_v48 = _t94;
				_t66 =  &_v72;
				_t23 = _t94 - 9; // 0x6
				_t44 = _t23;
				asm("movups xmm0, [eax]");
				asm("movups [edi], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [edi+0x10], xmm1");
				 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
				 *((long long*)(_t66 + 0x18)) = _t94;
				 *_t66 = 0;
				if ((_t44 & 0x00000002) == 0) goto 0xa58ae112;
				_t87 = _v48;
				if (_t87 - 0x10 < 0) goto 0xa58ae112;
				_t78 = _v72;
				if (_t87 + 1 - _t94 < 0) goto 0xa58ae10d;
				if (_v72 -  *((intOrPtr*)(_t78 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa58ae16c;
				E00007FF77FF7A588AAF0(_v72 -  *((intOrPtr*)(_t78 - 8)) + 0xfffffff8, __rbx, __r9);
				if ((_t44 & 1) == 0) goto 0xa58ae14a;
				_t90 = _v80;
				if (_t90 - 0x10 < 0) goto 0xa58ae14a;
				_t80 = _v104;
				if (_t90 + 1 - _t94 < 0) goto 0xa58ae145;
				if (_v104 -  *((intOrPtr*)(_t80 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa58ae16c;
				return E00007FF77FF7A588AAD0(E00007FF77FF7A588AAF0(_v104 -  *((intOrPtr*)(_t80 - 8)) + 0xfffffff8, _t74, __r9), _t46, _v40 ^ _t97);
			}

0x7ff7a58ae038
0x7ff7a58ae038
0x7ff7a58ae038
0x7ff7a58ae043
0x7ff7a58ae04a
0x7ff7a58ae054
0x7ff7a58ae05b
0x7ff7a58ae05f
0x7ff7a58ae063
0x7ff7a58ae06a
0x7ff7a58ae073
0x7ff7a58ae079
0x7ff7a58ae07e
0x7ff7a58ae088
0x7ff7a58ae090
0x7ff7a58ae09c
0x7ff7a58ae09e
0x7ff7a58ae0a3
0x7ff7a58ae0ad
0x7ff7a58ae0b1
0x7ff7a58ae0b5
0x7ff7a58ae0b5
0x7ff7a58ae0b8
0x7ff7a58ae0bb
0x7ff7a58ae0be
0x7ff7a58ae0c2
0x7ff7a58ae0c6
0x7ff7a58ae0cb
0x7ff7a58ae0cf
0x7ff7a58ae0da
0x7ff7a58ae0df
0x7ff7a58ae0e7
0x7ff7a58ae0ec
0x7ff7a58ae0f6
0x7ff7a58ae10b
0x7ff7a58ae10d
0x7ff7a58ae115
0x7ff7a58ae117
0x7ff7a58ae11f
0x7ff7a58ae124
0x7ff7a58ae12e
0x7ff7a58ae143
0x7ff7a58ae16b

APIs

SimpleString::operator=.MSOBJ140-MSVCRT ref: 00007FF7A58AE090
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A58AE16C

Strings

ios_base::badbit set, xrefs: 00007FF7A58AE193
ios_base::failbit set, xrefs: 00007FF7A58AE19F
ios_base::eofbit set, xrefs: 00007FF7A58AE1A6

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: SimpleString::operator=_invalid_parameter_noinfo_noreturn
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2534270638-1866435925
Opcode ID: e47f03c60c32dc19e8fda963f2cab3a1fb89b512d55444fe4c95e801f0ba35eb
Instruction ID: e4470254283204cd49eb94b58626d16ca7481314450940723f2fbdd7e54313fc
Opcode Fuzzy Hash: e47f03c60c32dc19e8fda963f2cab3a1fb89b512d55444fe4c95e801f0ba35eb
Instruction Fuzzy Hash: D361E022B06B5586FB00AB64D4803ADA361FB45FA4F864670DB5C0BBE5EF3CE4A5C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588A3E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A588A522

Part of subcall function 00007FF7A588B7A0: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7A588B7A9

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A588A528
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A588A52E

Strings

true, xrefs: 00007FF7A588A4D3
false, xrefs: 00007FF7A588A4A7

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID: false$true
API String ID: 1173176844-2658103896
Opcode ID: 1c306df8b4da8aa20d96e9cc9924ef76e871346a16a9271e228119b5cf30f844
Instruction ID: b38a9eeeb1efcc8fa5e3ea9de3b163b34777db89cef74190f68e238e6ad5b467
Opcode Fuzzy Hash: 1c306df8b4da8aa20d96e9cc9924ef76e871346a16a9271e228119b5cf30f844
Instruction Fuzzy Hash: 8141E32260A78286EB21AF21E0401BDB7A0EF5AF90F9A4571DE5C037A5DF3CE461C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5882020 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00007FF77FF7A5882020(long long __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t52;
				intOrPtr _t77;
				long long* _t92;
				long long _t95;
				void* _t98;
				void* _t100;
				void* _t103;
				long long _t105;

				_t68 = __rax;
				 *((long long*)(_t100 + 0x10)) = __rbx;
				 *((long long*)(_t100 + 0x18)) = __rsi;
				_push(_t105);
				_t98 = _t100 - 0x47;
				_t92 = __rcx;
				r14d = 0;
				if (__rcx == 0) goto 0xa5882180;
				if ( *((intOrPtr*)(__rcx)) != _t105) goto 0xa5882180;
				E00007FF77FF7A588AD90(__rax, __rcx);
				_t95 = __rax;
				 *((long long*)(_t98 + 0x67)) = __rax;
				_t77 =  *((intOrPtr*)(__rdx + 8));
				if (_t77 == 0) goto 0xa588207d;
				if ( *((intOrPtr*)(_t77 + 0x28)) != 0) goto 0xa5882084;
				goto 0xa5882084;
				E00007FF77FF7A588BCE0(0, _t98 - 0x49);
				 *((long long*)(_t98 - 0x41)) = _t105;
				 *((char*)(_t98 - 0x39)) = 0;
				 *((long long*)(_t98 - 0x31)) = _t105;
				 *((char*)(_t98 - 0x29)) = 0;
				 *((long long*)(_t98 - 0x21)) = _t105;
				 *((intOrPtr*)(_t98 - 0x19)) = r14w;
				 *((long long*)(_t98 - 0x11)) = _t105;
				 *((intOrPtr*)(_t98 - 9)) = r14w;
				 *((long long*)(_t98 - 1)) = _t105;
				 *((char*)(_t98 + 7)) = 0;
				 *((long long*)(_t98 + 0xf)) = _t105;
				 *((char*)(_t98 + 0x17)) = 0;
				if (0xa58f1aab == 0) goto 0xa588219d;
				E00007FF77FF7A5892240(_t68, 0xa58f1aab, _t98 - 0x49, 0xa58f1aab);
				 *((intOrPtr*)(_t95 + 8)) = r14d;
				 *_t95 = 0xa58e2710;
				E00007FF77FF7A5893D04(0xa58e2710, _t98 + 0x1f, 0xa58f1aab, _t103);
				asm("movups xmm0, [eax]");
				asm("movups [esi+0x10], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [esi+0x20], xmm1");
				 *_t92 = _t95;
				E00007FF77FF7A58922AC(_t98 - 0x49);
				if ( *((intOrPtr*)(_t98 + 0xf)) == 0) goto 0xa5882118;
				E00007FF77FF7A58BE348(0xa58f1aab, 0xa58f1aab, _t95);
				 *((long long*)(_t98 + 0xf)) = _t105;
				if ( *((intOrPtr*)(_t98 - 1)) == 0) goto 0xa588212a;
				E00007FF77FF7A58BE348(0xa58f1aab, 0xa58f1aab, _t95);
				 *((long long*)(_t98 - 1)) = _t105;
				if ( *((intOrPtr*)(_t98 - 0x11)) == 0) goto 0xa588213c;
				E00007FF77FF7A58BE348(0xa58f1aab, 0xa58f1aab, _t95);
				 *((long long*)(_t98 - 0x11)) = _t105;
				if ( *((intOrPtr*)(_t98 - 0x21)) == 0) goto 0xa588214e;
				E00007FF77FF7A58BE348(0xa58f1aab, 0xa58f1aab, _t95);
				 *((long long*)(_t98 - 0x21)) = _t105;
				if ( *((intOrPtr*)(_t98 - 0x31)) == 0) goto 0xa5882160;
				E00007FF77FF7A58BE348(0xa58f1aab, 0xa58f1aab, _t95);
				 *((long long*)(_t98 - 0x31)) = _t105;
				if ( *((intOrPtr*)(_t98 - 0x41)) == 0) goto 0xa5882172;
				_t52 = E00007FF77FF7A58BE348(0xa58f1aab, 0xa58f1aab, _t95);
				 *((long long*)(_t98 - 0x41)) = _t105;
				E00007FF77FF7A588BD58(_t52, _t98 - 0x49);
				return 2;
			}

0x7ff7a5882020
0x7ff7a5882020
0x7ff7a5882025
0x7ff7a588202c
0x7ff7a588202e
0x7ff7a588203d
0x7ff7a5882040
0x7ff7a5882046
0x7ff7a588204f
0x7ff7a5882059
0x7ff7a588205e
0x7ff7a5882061
0x7ff7a5882065
0x7ff7a588206c
0x7ff7a5882075
0x7ff7a588207b
0x7ff7a588208a
0x7ff7a5882090
0x7ff7a5882094
0x7ff7a5882098
0x7ff7a588209c
0x7ff7a58820a0
0x7ff7a58820a4
0x7ff7a58820a9
0x7ff7a58820ad
0x7ff7a58820b2
0x7ff7a58820b6
0x7ff7a58820ba
0x7ff7a58820be
0x7ff7a58820c5
0x7ff7a58820d2
0x7ff7a58820d8
0x7ff7a58820e3
0x7ff7a58820ea
0x7ff7a58820ef
0x7ff7a58820f2
0x7ff7a58820f6
0x7ff7a58820fa
0x7ff7a58820fe
0x7ff7a5882105
0x7ff7a5882111
0x7ff7a5882113
0x7ff7a5882118
0x7ff7a5882123
0x7ff7a5882125
0x7ff7a588212a
0x7ff7a5882135
0x7ff7a5882137
0x7ff7a588213c
0x7ff7a5882147
0x7ff7a5882149
0x7ff7a588214e
0x7ff7a5882159
0x7ff7a588215b
0x7ff7a5882160
0x7ff7a588216b
0x7ff7a588216d
0x7ff7a5882172
0x7ff7a588217a
0x7ff7a588219c

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A588208A
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF7A58820D2
_Getctype.LIBCPMT ref: 00007FF7A58820EA
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A588217A

Strings

bad locale name, xrefs: 00007FF7A588219D

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 2967684691-1405518554
Opcode ID: 262e6c417ed47edd748e3b31e1a344ca2d84750031dd323471e6ad5c336ca470
Instruction ID: f4f43694cce3ce71ce803d987e1257e795b015486be136673bf1ffcb9106dc66
Opcode Fuzzy Hash: 262e6c417ed47edd748e3b31e1a344ca2d84750031dd323471e6ad5c336ca470
Instruction Fuzzy Hash: 5C418F22B0AB4189FB15EF70D4502BCB3B4EF55B84F854474EE4E26AA5DF38E526D320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58A2EE4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00007FF77FF7A58A2EE4(long long __rbx, signed long long __rcx, void* __rdx, long long __rsi, void* __r9, void* __r10) {
				void* __rbp;
				signed long long _t69;
				signed long long _t70;
				signed long long _t74;
				void* _t91;
				void* _t96;
				void* _t97;
				void* _t99;
				signed long long _t100;
				signed long long _t112;

				_t94 = __rsi;
				 *((long long*)(_t99 + 0x10)) = __rbx;
				 *((long long*)(_t99 + 0x18)) = __rsi;
				_t97 = _t99 - 0x47;
				_t100 = _t99 - 0xc0;
				_t69 =  *0xa58fb008; // 0x485f0d1bb70c
				_t70 = _t69 ^ _t100;
				 *(_t97 + 0x37) = _t70;
				sil = r8b;
				_t74 = __rcx;
				E00007FF77FF7A58BE314(_t70);
				E00007FF77FF7A5893EF8(_t70, _t74, _t97 + 7, __r10);
				asm("movups xmm0, [eax]");
				asm("movups [ebp-0x31], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp-0x21], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [ebp-0x11], xmm0");
				 *((intOrPtr*)(_t97 - 9)) =  *((intOrPtr*)(_t70 + 0x28));
				r14d = 0;
				 *(_t74 + 0x10) = _t112;
				 *(_t74 + 0x20) = _t112;
				 *(_t74 + 0x28) = _t112;
				 *(_t97 - 0x39) = _t74;
				E00007FF77FF7A5893EF8(_t70, _t74, _t97 + 7, __r10);
				if (sil != 0) goto 0xa58a2f6e;
				E00007FF77FF7A588A580(_t74,  *((intOrPtr*)(_t70 + 0x10)), __rsi, _t112);
				 *(_t74 + 0x10) = _t70;
				E00007FF77FF7A589523C(0, _t74, "false", _t97, _t97 - 0x31, _t91);
				 *(_t74 + 0x20) = _t70;
				E00007FF77FF7A589523C(0, _t74, "true", _t97, _t97 - 0x31, _t96);
				 *(_t74 + 0x28) = _t70;
				if (sil == 0) goto 0xa58a3019;
				 *((char*)(_t97 - 0x49)) = 0x2e;
				 *(_t97 - 0x41) = r14w;
				 *(_t97 - 0x39) = _t112;
				 *((long long*)(_t100 + 0x20)) = _t97 - 0x31;
				r8d = 1;
				E00007FF77FF7A588BB00(_t74, _t97 - 0x41, _t97 - 0x49, _t94, _t97 - 0x31);
				 *((short*)(_t74 + 0x18)) =  *(_t97 - 0x41) & 0x0000ffff;
				 *((char*)(_t97 - 0x49)) = 0x2c;
				 *(_t97 - 0x41) = r14w;
				 *(_t97 - 0x39) = _t112;
				 *((long long*)(_t100 + 0x20)) = _t97 - 0x31;
				r8d = 1;
				E00007FF77FF7A588BB00(_t74, _t97 - 0x41, _t97 - 0x49, _t94, _t97 - 0x31);
				 *((short*)(_t74 + 0x1a)) =  *(_t97 - 0x41) & 0x0000ffff;
				goto 0xa58a304b;
				asm("movups xmm0, [ebp-0x31]");
				asm("movaps [ebp+0x7], xmm0");
				asm("movups xmm1, [ebp-0x21]");
				asm("movaps [ebp+0x17], xmm1");
				asm("movsd xmm0, [ebp-0x11]");
				asm("movsd [ebp+0x27], xmm0");
				 *((intOrPtr*)(_t97 + 0x2f)) =  *((intOrPtr*)(_t97 - 9));
				return E00007FF77FF7A588AAD0(E00007FF77FF7A5894F28( *((intOrPtr*)(_t70 + 0x28)), _t74, _t70, _t97 + 7),  *((intOrPtr*)(_t70 + 0x28)),  *(_t97 + 0x37) ^ _t100);
			}

0x7ff7a58a2ee4
0x7ff7a58a2ee4
0x7ff7a58a2ee9
0x7ff7a58a2ef2
0x7ff7a58a2ef7
0x7ff7a58a2efe
0x7ff7a58a2f05
0x7ff7a58a2f08
0x7ff7a58a2f0c
0x7ff7a58a2f0f
0x7ff7a58a2f12
0x7ff7a58a2f1e
0x7ff7a58a2f23
0x7ff7a58a2f26
0x7ff7a58a2f2a
0x7ff7a58a2f2e
0x7ff7a58a2f32
0x7ff7a58a2f37
0x7ff7a58a2f3f
0x7ff7a58a2f42
0x7ff7a58a2f45
0x7ff7a58a2f49
0x7ff7a58a2f4d
0x7ff7a58a2f51
0x7ff7a58a2f59
0x7ff7a58a2f68
0x7ff7a58a2f74
0x7ff7a58a2f79
0x7ff7a58a2f8a
0x7ff7a58a2f8f
0x7ff7a58a2fa0
0x7ff7a58a2fa5
0x7ff7a58a2fac
0x7ff7a58a2fae
0x7ff7a58a2fb2
0x7ff7a58a2fb7
0x7ff7a58a2fbf
0x7ff7a58a2fcd
0x7ff7a58a2fd8
0x7ff7a58a2fe1
0x7ff7a58a2fe5
0x7ff7a58a2fe9
0x7ff7a58a2fee
0x7ff7a58a2ff6
0x7ff7a58a2fff
0x7ff7a58a300a
0x7ff7a58a3013
0x7ff7a58a3017
0x7ff7a58a3019
0x7ff7a58a301d
0x7ff7a58a3021
0x7ff7a58a3025
0x7ff7a58a3029
0x7ff7a58a302e
0x7ff7a58a3036
0x7ff7a58a306e

APIs

_Maklocstr.LIBCPMT ref: 00007FF7A58A2F8A
_Maklocstr.LIBCPMT ref: 00007FF7A58A2FA0
_Getvals.LIBCPMT ref: 00007FF7A58A3045

Strings

true, xrefs: 00007FF7A58A2F99
false, xrefs: 00007FF7A58A2F83

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Maklocstr$Getvals
String ID: false$true
API String ID: 3025811523-2658103896
Opcode ID: b31421968735826be1af570762acedeefec2fc3f32f0c450c9f680a9c82a8690
Instruction ID: 76c9a6b9996113864081cc49fabe8b88f7cd78a182ca0361a4096eee8791489d
Opcode Fuzzy Hash: b31421968735826be1af570762acedeefec2fc3f32f0c450c9f680a9c82a8690
Instruction Fuzzy Hash: 45416C23B09B8199E710DF70E4401ED73B0FB59B48B855226EE4D27A69EF38D566C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5886DF0 Relevance: 7.8, APIs: 5, Instructions: 319
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00007FF77FF7A5886DF0(void* __rcx, long long __rdx, long long __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* __r13;
				void* __r15;
				void* _t106;
				void* _t114;
				void* _t120;
				void* _t124;
				signed long long _t148;
				signed long long _t153;
				void* _t162;
				void* _t180;
				void* _t185;
				signed long long _t189;
				signed long long _t207;
				signed long long _t213;
				long long _t216;
				signed long long _t219;
				intOrPtr _t221;
				signed long long _t223;
				void* _t225;
				void* _t226;
				signed long long _t227;
				signed char* _t231;
				long long _t233;
				intOrPtr _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				long long _t245;

				_t180 = __rcx;
				_t225 = _t226 - 0x1f;
				_t227 = _t226 - 0xb8;
				_t148 =  *0xa58fb008; // 0x485f0d1bb70c
				 *(_t225 + 0xf) = _t148 ^ _t227;
				 *((long long*)(_t225 - 0x49)) = __r8;
				 *((long long*)(_t225 - 0x59)) = __rdx;
				_t242 = __rcx;
				 *((long long*)(_t225 - 0x39)) = __rdx;
				 *((long long*)(_t225 - 0x41)) = __r8;
				r12d = 0;
				 *(_t225 - 0x11) = _t240;
				 *(_t225 - 1) = _t240;
				 *((long long*)(_t225 + 7)) = _t216;
				 *(_t225 - 0x11) = r12w;
				 *(_t225 - 0x31) = _t240;
				 *(_t225 - 0x21) = _t240;
				 *((long long*)(_t225 - 0x19)) = _t216;
				 *(_t225 - 0x31) = r12w;
				_t15 = _t180 + 0x60; // 0x60
				if ( *((intOrPtr*)(__rcx + 0x68)) != r12b) goto 0xa5886e6a;
				 *_t15 = _t240;
				 *(_t227 + 0x20) = r12w;
				r9d = 8;
				E00007FF77FF7A5889AC0(_t114, 7, _t120, __rdx, _t225 - 0x11, __rdx, _t15, _t225, __r9, __rcx);
				 *(__rcx + 0x70) = _t240;
				if ( *((intOrPtr*)(_t225 - 0x41)) == __r9) goto 0xa5887049;
				_t245 =  >=  ?  *(_t225 - 0x11) : _t225 - 0x11;
				 *((long long*)(_t227 + 0x38)) = _t225 - 0x39;
				 *((long long*)(_t227 + 0x30)) = _t245 +  *(_t225 - 1) * 2;
				 *((long long*)(_t227 + 0x28)) = _t245;
				 *(_t227 + 0x20) = _t225 - 0x41;
				_t106 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__rcx + 8)))) + 0x30))();
				_t124 = _t106;
				if (_t124 == 0) goto 0xa5886f51;
				if (_t124 == 0) goto 0xa5886f51;
				if (_t106 - 1 != 2) goto 0xa58870a0;
				_t231 =  *((intOrPtr*)(_t225 - 0x41));
				if (_t231 == __r9) goto 0xa5887031;
				asm("o16 nop [eax+eax]");
				r9d =  *_t231 & 0x000000ff;
				_t153 =  *(_t225 - 0x21);
				if (_t153 - _t216 >= 0) goto 0xa5886f2f;
				 *(_t225 - 0x21) = _t153 + 1;
				_t185 =  >=  ?  *(_t225 - 0x31) : _t225 - 0x31;
				 *((intOrPtr*)(_t185 + _t153 * 2)) = r9w;
				 *(_t185 + 2 + _t153 * 2) = r12w;
				goto 0xa5886f38;
				E00007FF77FF7A5889920(_t225 - 0x31, _t216, _t225, _t240, __rcx);
				_t233 =  *((intOrPtr*)(_t225 - 0x41)) + 1;
				 *((long long*)(_t225 - 0x41)) = _t233;
				if (_t233 != __r9) goto 0xa5886f00;
				goto 0xa5887031;
				_t221 =  *((intOrPtr*)(_t225 - 0x39));
				if (_t245 - _t221 >= 0) goto 0xa5886fc6;
				_t223 = _t221 - _t245 >> 1;
				_t241 =  *(_t225 - 0x21);
				if (_t223 -  *((intOrPtr*)(_t225 - 0x19)) - _t241 > 0) goto 0xa5886fa9;
				 *(_t225 - 0x21) = _t223 + _t241;
				_t177 =  >=  ?  *(_t225 - 0x31) : _t225 - 0x31;
				E00007FF77FF7A58B6D20();
				r12d = 0;
				 *(( >=  ?  *(_t225 - 0x31) : _t225 - 0x31) + (_t241 + _t223) * 2) = r12w;
				goto 0xa5887029;
				 *(_t227 + 0x20) = _t223;
				E00007FF77FF7A5889C80( >=  ?  *(_t225 - 0x31) : _t225 - 0x31, _t225 - 0x31, _t223, _t225, _t245, _t241, _t245);
				_t219 =  *((intOrPtr*)(_t225 - 0x19));
				r12d = 0;
				goto 0xa5887029;
				_t189 =  *(_t225 - 1);
				if (_t189 - 0x10 >= 0) goto 0xa588715c;
				if ( *((intOrPtr*)(_t225 + 7)) - _t189 - 8 < 0) goto 0xa5887012;
				 *(_t225 - 1) = _t189 + 8;
				_t162 =  >=  ?  *(_t225 - 0x11) : _t225 - 0x11;
				 *((long long*)(_t162 + _t189 * 2)) = 0;
				 *((long long*)(_t162 + 8 + _t189 * 2)) = 0;
				 *(_t162 + 0x10 + _t189 * 2) = r12w;
				goto 0xa5887029;
				 *(_t227 + 0x20) = r12w;
				r9d = 8;
				E00007FF77FF7A5889AC0(_t106 - 1, 7, _t120,  >=  ?  *(_t225 - 0x31) : _t225 - 0x31, _t225 - 0x11,  *((intOrPtr*)(_t225 + 7)), _t223, _t225, _t245, _t242);
				_t82 = _t242 + 0x60; // 0x60
				_t235 =  *((intOrPtr*)(_t225 - 0x41));
				 *((long long*)(_t242 + 0x70)) = _t235 -  *((intOrPtr*)(_t225 - 0x49));
				if (_t235 != __r9) goto 0xa5886e92;
				asm("movups xmm0, [ebp-0x31]");
				asm("movups [ebx], xmm0");
				asm("movups xmm1, [ebp-0x21]");
				asm("movups [ebx+0x10], xmm1");
				_t207 =  *((intOrPtr*)(_t225 + 7));
				if (_t207 - 8 < 0) goto 0xa5887139;
				if (2 + _t207 * 2 - 0x1000 < 0) goto 0xa5887134;
				if ( *(_t225 - 0x11) -  *((intOrPtr*)( *(_t225 - 0x11) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa58871fb;
				goto 0xa5887134;
				if ( *((char*)(_t242 + 0x6a)) == 0) goto 0xa588720d;
				_t93 = _t242 + 0x40; // 0x40
				E00007FF77FF7A5888870( *(_t225 - 0x11) -  *((intOrPtr*)( *(_t225 - 0x11) - 8)) + 0xfffffff8,  *((intOrPtr*)(_t225 - 0x59)),  *((intOrPtr*)(_t225 - 0x59)), _t93, _t82, _t225);
				if (_t219 - 8 < 0) goto 0xa58870f9;
				if (2 + _t219 * 2 - 0x1000 < 0) goto 0xa58870f3;
				if ( *(_t225 - 0x31) -  *((intOrPtr*)( *(_t225 - 0x31) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa58871f5;
				E00007FF77FF7A588AAF0( *(_t225 - 0x31) -  *((intOrPtr*)( *(_t225 - 0x31) - 8)) + 0xfffffff8,  *((intOrPtr*)(_t225 - 0x59)), _t245);
				_t213 =  *((intOrPtr*)(_t225 + 7));
				if (_t213 - 8 < 0) goto 0xa5887139;
				if (2 + _t213 * 2 - 0x1000 < 0) goto 0xa5887134;
				if ( *(_t225 - 0x11) -  *((intOrPtr*)( *(_t225 - 0x11) - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa5887201;
				return E00007FF77FF7A588AAD0(E00007FF77FF7A588AAF0( *(_t225 - 0x11) -  *((intOrPtr*)( *(_t225 - 0x11) - 8)) + 0xfffffff8,  *((intOrPtr*)(_t225 - 0x59)), _t245), _t106 - 1,  *(_t225 + 0xf) ^ _t227);
			}

0x7ff7a5886df0
0x7ff7a5886dfd
0x7ff7a5886e02
0x7ff7a5886e09
0x7ff7a5886e13
0x7ff7a5886e1d
0x7ff7a5886e24
0x7ff7a5886e28
0x7ff7a5886e2b
0x7ff7a5886e2f
0x7ff7a5886e33
0x7ff7a5886e36
0x7ff7a5886e3a
0x7ff7a5886e43
0x7ff7a5886e47
0x7ff7a5886e4c
0x7ff7a5886e50
0x7ff7a5886e54
0x7ff7a5886e58
0x7ff7a5886e5d
0x7ff7a5886e65
0x7ff7a5886e67
0x7ff7a5886e6a
0x7ff7a5886e75
0x7ff7a5886e7c
0x7ff7a5886e81
0x7ff7a5886e8c
0x7ff7a5886e9b
0x7ff7a5886eb3
0x7ff7a5886eb8
0x7ff7a5886ebd
0x7ff7a5886ec6
0x7ff7a5886ed1
0x7ff7a5886ed6
0x7ff7a5886ed8
0x7ff7a5886edd
0x7ff7a5886ee2
0x7ff7a5886ee8
0x7ff7a5886eef
0x7ff7a5886ef5
0x7ff7a5886f00
0x7ff7a5886f04
0x7ff7a5886f0b
0x7ff7a5886f11
0x7ff7a5886f1d
0x7ff7a5886f22
0x7ff7a5886f27
0x7ff7a5886f2d
0x7ff7a5886f33
0x7ff7a5886f3c
0x7ff7a5886f3f
0x7ff7a5886f4a
0x7ff7a5886f4c
0x7ff7a5886f51
0x7ff7a5886f58
0x7ff7a5886f5d
0x7ff7a5886f60
0x7ff7a5886f6d
0x7ff7a5886f73
0x7ff7a5886f7f
0x7ff7a5886f8f
0x7ff7a5886f98
0x7ff7a5886f9b
0x7ff7a5886fa4
0x7ff7a5886fa9
0x7ff7a5886fb8
0x7ff7a5886fbd
0x7ff7a5886fc1
0x7ff7a5886fc4
0x7ff7a5886fc6
0x7ff7a5886fce
0x7ff7a5886fe2
0x7ff7a5886fe8
0x7ff7a5886ff4
0x7ff7a5886ff9
0x7ff7a5887001
0x7ff7a588700a
0x7ff7a5887010
0x7ff7a5887012
0x7ff7a588701d
0x7ff7a5887024
0x7ff7a5887029
0x7ff7a588702d
0x7ff7a5887038
0x7ff7a588703f
0x7ff7a5887049
0x7ff7a588704d
0x7ff7a5887050
0x7ff7a5887054
0x7ff7a5887058
0x7ff7a5887060
0x7ff7a588707c
0x7ff7a5887095
0x7ff7a588709b
0x7ff7a58870a5
0x7ff7a58870ab
0x7ff7a58870b6
0x7ff7a58870c0
0x7ff7a58870d8
0x7ff7a58870ed
0x7ff7a58870f3
0x7ff7a58870f9
0x7ff7a5887101
0x7ff7a5887119
0x7ff7a588712e
0x7ff7a588715b

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A58871F5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A58871FB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5887201
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5887207
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A588720D

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID:
API String ID: 3936042273-0
Opcode ID: f976dc6aad880df6c798c9d677016bcada9331efe1d2d2f17af71ed9f02b36c9
Instruction ID: ac26c15b61b2529ce55381e81db9b14401d918192915d40183ea674476158797
Opcode Fuzzy Hash: f976dc6aad880df6c798c9d677016bcada9331efe1d2d2f17af71ed9f02b36c9
Instruction Fuzzy Hash: B6D1F162B1AB8184EB00EBA9D4442AC7375EB49BD9F814271DE5E53BE8DF3CD466C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58CFA34 Relevance: 7.7, APIs: 5, Instructions: 196
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00007FF77FF7A58CFA34(signed int __ecx, long long __rbx, signed int __rcx, void* __rdx, signed int __r8, signed int _a8, long long _a16, signed int _a32) {
				signed short _v90;
				unsigned int _v92;
				signed int _v96;
				signed int _v100;
				char _v104;
				void* __rsi;
				void* __rbp;
				void* _t43;
				signed short _t44;
				unsigned int _t48;
				unsigned int _t49;
				void* _t51;
				signed int _t62;
				signed int _t63;
				void* _t71;
				unsigned int _t72;
				signed int _t81;
				signed int _t82;
				void* _t85;
				signed int _t86;
				void* _t87;
				void* _t88;
				signed int _t90;
				void* _t91;
				signed int _t102;
				signed long long _t106;
				void* _t116;
				void* _t117;
				void* _t123;
				void* _t125;

				_t122 = __r8;
				_a16 = __rbx;
				asm("movaps [esp+0x40], xmm6");
				asm("movaps [esp+0x30], xmm7");
				_t56 = __ecx & 0x0000001f;
				_v100 = __ecx & 0x0000001f;
				_t3 = _t116 + 0x10; // 0x10
				r15d = _t3;
				r12d = __ecx;
				if ((__ecx & 0x00000008) == 0) goto 0xa58cfa84;
				if (r13b >= 0) goto 0xa58cfa84;
				E00007FF77FF7A58D0410(_t56, __rcx);
				goto 0xa58cfce6;
				_t81 = 0x00000004 & r12b;
				if (_t81 == 0) goto 0xa58cfaa2;
				asm("dec ecx");
				if (_t81 >= 0) goto 0xa58cfaa2;
				E00007FF77FF7A58D0410(_t56 & 0xfffffff7, __rcx);
				goto 0xa58cfce6;
				_t82 = sil & r12b;
				if (_t82 == 0) goto 0xa58cfb65;
				asm("dec ecx");
				if (_t82 >= 0) goto 0xa58cfb65;
				_t43 = E00007FF77FF7A58D0410(_t56 & 0xfffffff3, __rcx);
				_t106 = __r8 & __rcx;
				if (_t82 == 0) goto 0xa58cfb30;
				if (_t106 == 0x2000) goto 0xa58cfb17;
				if (_t106 == 0x4000) goto 0xa58cfafe;
				_t85 = _t106 - __rcx;
				if (_t85 != 0) goto 0xa58cfb5d;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x16416]");
				asm("movsd xmm0, [0x1a46e]");
				if (_t85 > 0) goto 0xa58cfb58;
				goto 0xa58cfb51;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x163fd]");
				if (_t85 > 0) goto 0xa58cfb3f;
				asm("movsd xmm0, [0x1a453]");
				goto 0xa58cfb51;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x163e4]");
				if (_t85 <= 0) goto 0xa58cfb49;
				asm("movsd xmm0, [0x1a43a]");
				goto 0xa58cfb58;
				asm("movsd xmm0, [ebp]");
				asm("comisd xmm0, [0x163cb]");
				if (_t85 <= 0) goto 0xa58cfb49;
				asm("movsd xmm0, [0x1a419]");
				goto 0xa58cfb58;
				asm("movsd xmm0, [0x1a40f]");
				asm("xorps xmm0, [0x14c98]");
				asm("movsd [ebp], xmm0");
				goto 0xa58cfce6;
				_t86 = r12b & 0x00000002;
				if (_t86 == 0) goto 0xa58cfce6;
				asm("dec ecx");
				if (_t86 >= 0) goto 0xa58cfce6;
				asm("movsd xmm0, [edx]");
				r14d = r12d;
				r14d = r14d >> 4;
				asm("xorps xmm7, xmm7");
				r14d = r14d & 0x00000001;
				asm("ucomisd xmm0, xmm7");
				if (_t86 != 0) goto 0xa58cfb97;
				if (_t86 == 0) goto 0xa58cfcdb;
				_t44 = E00007FF77FF7A58D0198(_t43, _t86,  &_v104);
				_t71 = _v104 + 0xfffffa00;
				asm("movsd [esp+0x28], xmm0");
				_t87 = _t71 - 0xfffffbce;
				if (_t87 >= 0) goto 0xa58cfbc8;
				asm("mulsd xmm0, xmm7");
				r14d = 1;
				asm("movaps xmm6, xmm0");
				goto 0xa58cfcd1;
				r9d = 0;
				asm("comisd xmm7, xmm0");
				r8b = dil;
				_a8 = dil;
				r9b = _t87 > 0;
				_v90 = _t44 & 0x0000000f | r15w;
				_a32 = dil;
				_t88 = _t71 - 0xfffffc03;
				if (_t88 >= 0) goto 0xa58cfc5d;
				_t48 = _v96;
				_t72 = _v92;
				_a32 = _t48 & 0x00000001;
				if (_t88 == 0) goto 0xa58cfc2c;
				r8b = sil;
				r14d =  ==  ? 1 : r14d;
				_t49 = _t48 >> 1;
				_v96 = _t49;
				_t90 = sil & _t72;
				if (_t90 == 0) goto 0xa58cfc3f;
				asm("bts eax, 0x1f");
				_v96 = _t49;
				if (_t90 != 0) goto 0xa58cfc15;
				_t62 = _v100;
				_v92 = _t72 >> 1;
				_a8 = r8b;
				asm("movsd xmm6, [esp+0x28]");
				_t91 = r9d;
				if (_t91 == 0) goto 0xa58cfc75;
				asm("xorps xmm6, [0x14b81]");
				asm("movsd [esp+0x28], xmm6");
				asm("comisd xmm7, xmm0");
				r15b = _t91 > 0;
				if (_a32 != 0) goto 0xa58cfc86;
				if (r8b == 0) goto 0xa58cfccb;
				_t51 = E00007FF77FF7A58D90CC(__rbx, __rcx,  &_v104 - _t117, _t117, __rdx, _t122, _t123);
				if (_t51 == 0) goto 0xa58cfca5;
				if (_t51 == 0x100) goto 0xa58cfca0;
				if (_t51 != 0x200) goto 0xa58cfccb;
				r15b = r15b ^ sil;
				goto 0xa58cfcbe;
				if (_a32 == dil) goto 0xa58cfccb;
				if (_a8 != dil) goto 0xa58cfcc0;
				if ((_v96 & sil) == 0) goto 0xa58cfccb;
				_v96 = _v96 + _t117;
				asm("movsd xmm6, [esp+0x28]");
				r15d = 0x10;
				asm("movsd [ebp], xmm6");
				if (r14d == 0) goto 0xa58cfce3;
				E00007FF77FF7A58D0410(_t62, _t125);
				_t63 = _t62 & 0xfffffffd;
				_t102 = r15b & r12b;
				if (_t102 == 0) goto 0xa58cfcff;
				asm("dec ecx");
				if (_t102 >= 0) goto 0xa58cfcff;
				E00007FF77FF7A58D0410(_t63, _t125);
				asm("movaps xmm6, [esp+0x40]");
				asm("movaps xmm7, [esp+0x30]");
				dil = (_t63 & 0xffffffef) == 0;
				return 0;
			}

0x7ff7a58cfa34
0x7ff7a58cfa34
0x7ff7a58cfa4a
0x7ff7a58cfa51
0x7ff7a58cfa56
0x7ff7a58cfa5c
0x7ff7a58cfa63
0x7ff7a58cfa63
0x7ff7a58cfa67
0x7ff7a58cfa6d
0x7ff7a58cfa72
0x7ff7a58cfa77
0x7ff7a58cfa7f
0x7ff7a58cfa89
0x7ff7a58cfa8c
0x7ff7a58cfa8e
0x7ff7a58cfa93
0x7ff7a58cfa95
0x7ff7a58cfa9d
0x7ff7a58cfaa7
0x7ff7a58cfaaa
0x7ff7a58cfab0
0x7ff7a58cfab5
0x7ff7a58cfabe
0x7ff7a58cfacb
0x7ff7a58cface
0x7ff7a58cfad6
0x7ff7a58cfade
0x7ff7a58cfae0
0x7ff7a58cfae3
0x7ff7a58cfae5
0x7ff7a58cfaea
0x7ff7a58cfaf2
0x7ff7a58cfafa
0x7ff7a58cfafc
0x7ff7a58cfafe
0x7ff7a58cfb03
0x7ff7a58cfb0b
0x7ff7a58cfb0d
0x7ff7a58cfb15
0x7ff7a58cfb17
0x7ff7a58cfb1c
0x7ff7a58cfb24
0x7ff7a58cfb26
0x7ff7a58cfb2e
0x7ff7a58cfb30
0x7ff7a58cfb35
0x7ff7a58cfb3d
0x7ff7a58cfb3f
0x7ff7a58cfb47
0x7ff7a58cfb49
0x7ff7a58cfb51
0x7ff7a58cfb58
0x7ff7a58cfb60
0x7ff7a58cfb65
0x7ff7a58cfb69
0x7ff7a58cfb6f
0x7ff7a58cfb74
0x7ff7a58cfb7a
0x7ff7a58cfb7e
0x7ff7a58cfb81
0x7ff7a58cfb85
0x7ff7a58cfb88
0x7ff7a58cfb8b
0x7ff7a58cfb8f
0x7ff7a58cfb91
0x7ff7a58cfb9c
0x7ff7a58cfba5
0x7ff7a58cfbab
0x7ff7a58cfbb1
0x7ff7a58cfbb7
0x7ff7a58cfbb9
0x7ff7a58cfbbd
0x7ff7a58cfbc0
0x7ff7a58cfbc3
0x7ff7a58cfbcd
0x7ff7a58cfbd0
0x7ff7a58cfbd4
0x7ff7a58cfbd7
0x7ff7a58cfbdf
0x7ff7a58cfbef
0x7ff7a58cfbf7
0x7ff7a58cfbfe
0x7ff7a58cfc04
0x7ff7a58cfc06
0x7ff7a58cfc11
0x7ff7a58cfc19
0x7ff7a58cfc20
0x7ff7a58cfc25
0x7ff7a58cfc28
0x7ff7a58cfc2c
0x7ff7a58cfc2e
0x7ff7a58cfc32
0x7ff7a58cfc35
0x7ff7a58cfc37
0x7ff7a58cfc3b
0x7ff7a58cfc44
0x7ff7a58cfc46
0x7ff7a58cfc51
0x7ff7a58cfc55
0x7ff7a58cfc5d
0x7ff7a58cfc63
0x7ff7a58cfc66
0x7ff7a58cfc68
0x7ff7a58cfc6f
0x7ff7a58cfc75
0x7ff7a58cfc79
0x7ff7a58cfc7f
0x7ff7a58cfc84
0x7ff7a58cfc86
0x7ff7a58cfc8d
0x7ff7a58cfc94
0x7ff7a58cfc9b
0x7ff7a58cfc9d
0x7ff7a58cfca3
0x7ff7a58cfcad
0x7ff7a58cfcb7
0x7ff7a58cfcbe
0x7ff7a58cfcc0
0x7ff7a58cfcc5
0x7ff7a58cfccb
0x7ff7a58cfcd1
0x7ff7a58cfcd9
0x7ff7a58cfcde
0x7ff7a58cfce3
0x7ff7a58cfce6
0x7ff7a58cfce9
0x7ff7a58cfceb
0x7ff7a58cfcf0
0x7ff7a58cfcf7
0x7ff7a58cfcff
0x7ff7a58cfd0e
0x7ff7a58cfd13
0x7ff7a58cfd28

APIs

_set_statfp.LIBCMT ref: 00007FF7A58CFA77
_set_statfp.LIBCMT ref: 00007FF7A58CFA95
_set_statfp.LIBCMT ref: 00007FF7A58CFABE
_set_statfp.LIBCMT ref: 00007FF7A58CFCF7

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: d59fa77f913d2a49ce99fde0cbe8e65c7ae98bb101b172603dfb02029fb270f4
Instruction ID: 0b70e96449d0aa84f5392dfbf32bf5d96d4f33578ea038d1712aa6245d27a0af
Opcode Fuzzy Hash: d59fa77f913d2a49ce99fde0cbe8e65c7ae98bb101b172603dfb02029fb270f4
Instruction Fuzzy Hash: A1811922A1EB4685F232AB34A45037AE260BF57B9CF864371ED5D126F5DF3CE4A1C610

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58CDD5C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF7A58BE49B,?,?,00000000,00007FF7A58BE736,?,?,?,?,?,00007FF7A58BE6C2), ref: 00007FF7A58CDD7B
FlsSetValue.KERNEL32(?,?,?,00007FF7A58BE49B,?,?,00000000,00007FF7A58BE736,?,?,?,?,?,00007FF7A58BE6C2), ref: 00007FF7A58CDD9A
FlsSetValue.KERNEL32(?,?,?,00007FF7A58BE49B,?,?,00000000,00007FF7A58BE736,?,?,?,?,?,00007FF7A58BE6C2), ref: 00007FF7A58CDDC2
FlsSetValue.KERNEL32(?,?,?,00007FF7A58BE49B,?,?,00000000,00007FF7A58BE736,?,?,?,?,?,00007FF7A58BE6C2), ref: 00007FF7A58CDDD3
FlsSetValue.KERNEL32(?,?,?,00007FF7A58BE49B,?,?,00000000,00007FF7A58BE736,?,?,?,?,?,00007FF7A58BE6C2), ref: 00007FF7A58CDDE4

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: bcad26469af75748879b7d64736f0c63131b114707534bd0669b9257f186346c
Instruction ID: c7a6f71f6f9e4282bc9b774fec55f45f4c6039c052208ebd019bc7cfb4642a5c
Opcode Fuzzy Hash: bcad26469af75748879b7d64736f0c63131b114707534bd0669b9257f186346c
Instruction Fuzzy Hash: BF117221E0B38242FA587725A95113DD2815F96FB0FC647B4E57E066F9DE2CF4318320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58CDBF0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF7A58CDC01
FlsSetValue.KERNEL32 ref: 00007FF7A58CDC20
FlsSetValue.KERNEL32 ref: 00007FF7A58CDC48
FlsSetValue.KERNEL32 ref: 00007FF7A58CDC59
FlsSetValue.KERNEL32 ref: 00007FF7A58CDC6A

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 0326472bda37d660d097f39d979ec5eff7f009b9ec546e2a77c7cb5557685c15
Instruction ID: b3f2fbf52dd3613588cf215cdbaeeb05dd2dd6604d4b81b0815ae7f9f96cbc2c
Opcode Fuzzy Hash: 0326472bda37d660d097f39d979ec5eff7f009b9ec546e2a77c7cb5557685c15
Instruction Fuzzy Hash: BA114821A0B34741F9987721181217E92815F87B60FC65BB8E93E0A3F6DD6CB4714270

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A588A260 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E00007FF77FF7A588A260(long long __rax, long long __rbx, long long* __rcx, void* __rdx, long long __rsi) {
				void* _t50;
				intOrPtr _t75;
				long long* _t89;
				long long _t92;
				void* _t95;
				void* _t97;
				long long _t101;

				_t66 = __rax;
				 *((long long*)(_t97 + 0x10)) = __rbx;
				 *((long long*)(_t97 + 0x18)) = __rsi;
				_push(_t101);
				_t95 = _t97 - 0x47;
				_t89 = __rcx;
				r14d = 0;
				if (__rcx == 0) goto 0xa588a3a8;
				if ( *((intOrPtr*)(__rcx)) != _t101) goto 0xa588a3a8;
				E00007FF77FF7A588AD90(__rax, __rcx);
				_t92 = __rax;
				 *((long long*)(_t95 + 0x67)) = __rax;
				_t75 =  *((intOrPtr*)(__rdx + 8));
				if (_t75 == 0) goto 0xa588a2bd;
				if ( *((intOrPtr*)(_t75 + 0x28)) != 0) goto 0xa588a2c4;
				goto 0xa588a2c4;
				E00007FF77FF7A588BCE0(0, _t95 - 0x29);
				 *((long long*)(_t95 - 0x21)) = _t101;
				 *((char*)(_t95 - 0x19)) = 0;
				 *((long long*)(_t95 - 0x11)) = _t101;
				 *((char*)(_t95 - 9)) = 0;
				 *((long long*)(_t95 - 1)) = _t101;
				 *((intOrPtr*)(_t95 + 7)) = r14w;
				 *((long long*)(_t95 + 0xf)) = _t101;
				 *((intOrPtr*)(_t95 + 0x17)) = r14w;
				 *((long long*)(_t95 + 0x1f)) = _t101;
				 *((char*)(_t95 + 0x27)) = 0;
				 *((long long*)(_t95 + 0x2f)) = _t101;
				 *((char*)(_t95 + 0x37)) = 0;
				if (0xa58f1aab == 0) goto 0xa588a3c5;
				E00007FF77FF7A5892240(_t66, 0xa58f1aab, _t95 - 0x29, 0xa58f1aab);
				 *((intOrPtr*)(_t92 + 8)) = r14d;
				 *_t92 = 0xa58e2990;
				 *_t89 = _t92;
				E00007FF77FF7A58922AC(_t95 - 0x29);
				if ( *((intOrPtr*)(_t95 + 0x2f)) == 0) goto 0xa588a340;
				E00007FF77FF7A58BE348(0xa58f1aab, 0xa58f1aab, _t92);
				 *((long long*)(_t95 + 0x2f)) = _t101;
				if ( *((intOrPtr*)(_t95 + 0x1f)) == 0) goto 0xa588a352;
				E00007FF77FF7A58BE348(0xa58f1aab, 0xa58f1aab, _t92);
				 *((long long*)(_t95 + 0x1f)) = _t101;
				if ( *((intOrPtr*)(_t95 + 0xf)) == 0) goto 0xa588a364;
				E00007FF77FF7A58BE348(0xa58f1aab, 0xa58f1aab, _t92);
				 *((long long*)(_t95 + 0xf)) = _t101;
				if ( *((intOrPtr*)(_t95 - 1)) == 0) goto 0xa588a376;
				E00007FF77FF7A58BE348(0xa58f1aab, 0xa58f1aab, _t92);
				 *((long long*)(_t95 - 1)) = _t101;
				if ( *((intOrPtr*)(_t95 - 0x11)) == 0) goto 0xa588a388;
				E00007FF77FF7A58BE348(0xa58f1aab, 0xa58f1aab, _t92);
				 *((long long*)(_t95 - 0x11)) = _t101;
				if ( *((intOrPtr*)(_t95 - 0x21)) == 0) goto 0xa588a39a;
				_t50 = E00007FF77FF7A58BE348(0xa58f1aab, 0xa58f1aab, _t92);
				 *((long long*)(_t95 - 0x21)) = _t101;
				E00007FF77FF7A588BD58(_t50, _t95 - 0x29);
				return 4;
			}

0x7ff7a588a260
0x7ff7a588a260
0x7ff7a588a265
0x7ff7a588a26c
0x7ff7a588a26e
0x7ff7a588a27d
0x7ff7a588a280
0x7ff7a588a286
0x7ff7a588a28f
0x7ff7a588a299
0x7ff7a588a29e
0x7ff7a588a2a1
0x7ff7a588a2a5
0x7ff7a588a2ac
0x7ff7a588a2b5
0x7ff7a588a2bb
0x7ff7a588a2ca
0x7ff7a588a2d0
0x7ff7a588a2d4
0x7ff7a588a2d8
0x7ff7a588a2dc
0x7ff7a588a2e0
0x7ff7a588a2e4
0x7ff7a588a2e9
0x7ff7a588a2ed
0x7ff7a588a2f2
0x7ff7a588a2f6
0x7ff7a588a2fa
0x7ff7a588a2fe
0x7ff7a588a305
0x7ff7a588a312
0x7ff7a588a318
0x7ff7a588a323
0x7ff7a588a326
0x7ff7a588a32d
0x7ff7a588a339
0x7ff7a588a33b
0x7ff7a588a340
0x7ff7a588a34b
0x7ff7a588a34d
0x7ff7a588a352
0x7ff7a588a35d
0x7ff7a588a35f
0x7ff7a588a364
0x7ff7a588a36f
0x7ff7a588a371
0x7ff7a588a376
0x7ff7a588a381
0x7ff7a588a383
0x7ff7a588a388
0x7ff7a588a393
0x7ff7a588a395
0x7ff7a588a39a
0x7ff7a588a3a2
0x7ff7a588a3c4

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7A588A2CA
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF7A588A312
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7A588A3A2

Strings

bad locale name, xrefs: 00007FF7A588A3C5

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 2775327233-1405518554
Opcode ID: a140a4e3b2cc9c774e02ee8cc989011ae9ea3ef4c66616339bbc4e4f29d9e641
Instruction ID: 0385d00de87756d2f5c7e8d45456ad70a8b0cee32f8ad9f18a813e2bfbc62c8d
Opcode Fuzzy Hash: a140a4e3b2cc9c774e02ee8cc989011ae9ea3ef4c66616339bbc4e4f29d9e641
Instruction Fuzzy Hash: F4414D22B0BB41C9FB15EF70D4502BCB364EF45B88F894474EA4D26EA5CF38D5259324

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58A2D9C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00007FF77FF7A58A2D9C(long long __rax, long long __rbx, long long __rcx, void* __rdx, long long __rbp, void* __r10, long long _a8, long long _a16, long long _a24) {
				void* _v24;
				char _v72;
				void* __rsi;
				intOrPtr _t56;
				long long _t77;
				intOrPtr* _t87;
				long long _t89;
				long long _t90;
				long long _t101;

				_t80 = __rbx;
				_t77 = __rax;
				_a16 = __rbx;
				_a24 = __rbp;
				bpl = r8b;
				_t89 = __rcx;
				E00007FF77FF7A5893EF8(__rax, __rbx,  &_v72, __r10);
				asm("movups xmm0, [eax]");
				asm("movups [edi+0x48], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [edi+0x58], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [edi+0x68], xmm0");
				 *((intOrPtr*)(__rcx + 0x70)) =  *((intOrPtr*)(_t77 + 0x28));
				E00007FF77FF7A58BE314(_t77);
				_t90 = _t77;
				r14d = 0;
				 *((long long*)(_t89 + 0x10)) = _t101;
				 *((long long*)(_t89 + 0x20)) = _t101;
				 *((long long*)(_t89 + 0x28)) = _t101;
				 *((long long*)(_t89 + 0x30)) = _t101;
				_a8 = _t89;
				E00007FF77FF7A588A580(_t80,  *((intOrPtr*)(_t77 + 0x38)), _t90);
				 *((long long*)(_t89 + 0x10)) = _t77;
				E00007FF77FF7A58A2B64(_t77, _t80, _t89, _t90);
				r9b =  *((intOrPtr*)(_t89 + 0x44));
				if (r9b == 0) goto 0xa58a2e2b;
				goto 0xa58a2e2e;
				_t56 =  *((intOrPtr*)(_t90 + 0x51));
				_t47 =  >  ? r14d : _t56;
				 *((intOrPtr*)(_t89 + 0x38)) =  >  ? r14d : _t56;
				r8d =  *((char*)(_t90 + 0x53));
				_t87 = "$+xv";
				if (r9b != 0) goto 0xa58a2e7e;
				if (r8d - 2 > 0) goto 0xa58a2e7e;
				if ( *((char*)(_t90 + 0x52)) - 1 > 0) goto 0xa58a2e7e;
				if ( *((char*)(_t90 + 0x56)) - 4 > 0) goto 0xa58a2e7e;
				goto 0xa58a2e81;
				 *((intOrPtr*)(_t89 + 0x3c)) =  *_t87;
				r8d =  *((char*)(_t90 + 0x55));
				if (r9b != 0) goto 0xa58a2eb7;
				if (r8d - 2 > 0) goto 0xa58a2eb7;
				if ( *((char*)(_t90 + 0x54)) - 1 > 0) goto 0xa58a2eb7;
				if ( *((char*)(_t90 + 0x57)) - 4 > 0) goto 0xa58a2eb7;
				 *((intOrPtr*)(_t89 + 0x40)) =  *((intOrPtr*)(_t87 + "+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v"));
				if (bpl == 0) goto 0xa58a2ecc;
				 *((intOrPtr*)(_t89 + 0x3c)) = 0x76782b24;
				 *((intOrPtr*)(_t89 + 0x40)) = 0x76782b24;
				return 0x76782b24;
			}

0x7ff7a58a2d9c
0x7ff7a58a2d9c
0x7ff7a58a2d9c
0x7ff7a58a2da1
0x7ff7a58a2dae
0x7ff7a58a2db1
0x7ff7a58a2db9
0x7ff7a58a2dbe
0x7ff7a58a2dc1
0x7ff7a58a2dc5
0x7ff7a58a2dc9
0x7ff7a58a2dcd
0x7ff7a58a2dd2
0x7ff7a58a2dda
0x7ff7a58a2ddd
0x7ff7a58a2de2
0x7ff7a58a2de5
0x7ff7a58a2de8
0x7ff7a58a2dec
0x7ff7a58a2df0
0x7ff7a58a2df4
0x7ff7a58a2df8
0x7ff7a58a2e07
0x7ff7a58a2e0c
0x7ff7a58a2e18
0x7ff7a58a2e1d
0x7ff7a58a2e24
0x7ff7a58a2e29
0x7ff7a58a2e2e
0x7ff7a58a2e36
0x7ff7a58a2e3a
0x7ff7a58a2e45
0x7ff7a58a2e4a
0x7ff7a58a2e5b
0x7ff7a58a2e61
0x7ff7a58a2e66
0x7ff7a58a2e6b
0x7ff7a58a2e7c
0x7ff7a58a2e83
0x7ff7a58a2e8e
0x7ff7a58a2e96
0x7ff7a58a2e9c
0x7ff7a58a2ea1
0x7ff7a58a2ea6
0x7ff7a58a2eb9
0x7ff7a58a2ebf
0x7ff7a58a2ec6
0x7ff7a58a2ec9
0x7ff7a58a2ee0

APIs

_Getvals.LIBCPMT ref: 00007FF7A58A2E18

Part of subcall function 00007FF7A58A2B64: std::_Maklocwcs.LIBCPMT ref: 00007FF7A58A2B84
Part of subcall function 00007FF7A58A2B64: std::_Maklocwcs.LIBCPMT ref: 00007FF7A58A2BA1
Part of subcall function 00007FF7A58A2B64: std::_Maklocwcs.LIBCPMT ref: 00007FF7A58A2BBE

Strings

$+xv, xrefs: 00007FF7A58A2EC1
$+xv, xrefs: 00007FF7A58A2E4A
+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v, xrefs: 00007FF7A58A2E51

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Maklocwcsstd::_$Getvals
String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
API String ID: 1848906033-3573081731
Opcode ID: b9d5554b08e966fc8c0507ad920baa87b71aa8596ac213ebc74d079a6c08bc33
Instruction ID: 0d78bc89cc196b8eb37817ee11f4f8274a4dc358d3b6c5939a7c4711f22a430f
Opcode Fuzzy Hash: b9d5554b08e966fc8c0507ad920baa87b71aa8596ac213ebc74d079a6c08bc33
Instruction Fuzzy Hash: 0341E532A09B9197E734EF21918016DBBA0FB56B807464275EB8A53E22DF38F5B1C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58A3070 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E00007FF77FF7A58A3070(long long __rbx, signed long long __rcx, void* __rdx, long long __rsi, void* __r9, void* __r10) {
				void* __rbp;
				signed long long _t69;
				signed long long _t70;
				signed long long _t76;
				void* _t92;
				signed long long _t93;
				void* _t97;
				void* _t98;
				void* _t100;
				signed long long _t101;
				signed long long _t111;

				_t95 = __rsi;
				 *((long long*)(_t100 + 0x10)) = __rbx;
				 *((long long*)(_t100 + 0x18)) = __rsi;
				_t98 = _t100 - 0x47;
				_t101 = _t100 - 0xb0;
				_t69 =  *0xa58fb008; // 0x485f0d1bb70c
				_t70 = _t69 ^ _t101;
				 *(_t98 + 0x3f) = _t70;
				sil = r8b;
				_t76 = __rcx;
				E00007FF77FF7A58BE314(_t70);
				_t93 = _t70;
				E00007FF77FF7A5893EF8(_t70, _t76, _t98 + 0xf, __r10);
				asm("movups xmm0, [eax]");
				asm("movups [ebp-0x21], xmm0");
				asm("movups xmm1, [eax+0x10]");
				asm("movups [ebp-0x11], xmm1");
				asm("movsd xmm0, [eax+0x20]");
				asm("movsd [ebp-0x1], xmm0");
				 *((intOrPtr*)(_t98 + 7)) =  *((intOrPtr*)(_t70 + 0x28));
				r14d = 0;
				 *(_t76 + 0x10) = _t111;
				 *(_t76 + 0x20) = _t111;
				 *(_t76 + 0x28) = _t111;
				 *(_t98 - 0x29) = _t76;
				E00007FF77FF7A5893EF8(_t70, _t76, _t98 + 0xf, __r10);
				if (sil != 0) goto 0xa58a30fa;
				E00007FF77FF7A588A580(_t76,  *((intOrPtr*)(_t93 + 0x10)), __rsi, _t111);
				 *(_t76 + 0x10) = _t70;
				E00007FF77FF7A589523C(0, _t76, "false", _t98, _t98 - 0x21, _t92);
				 *(_t76 + 0x20) = _t70;
				E00007FF77FF7A589523C(0, _t76, "true", _t98, _t98 - 0x21, _t97);
				 *(_t76 + 0x28) = _t70;
				if (sil == 0) goto 0xa58a31a5;
				 *((char*)(_t98 - 0x39)) = 0x2e;
				 *(_t98 - 0x31) = r14w;
				 *(_t98 - 0x29) = _t111;
				 *((long long*)(_t101 + 0x20)) = _t98 - 0x21;
				r8d = 1;
				E00007FF77FF7A588BB00(_t76, _t98 - 0x31, _t98 - 0x39, _t95, _t98 - 0x21);
				 *((short*)(_t76 + 0x18)) =  *(_t98 - 0x31) & 0x0000ffff;
				 *((char*)(_t98 - 0x39)) = 0x2c;
				 *(_t98 - 0x31) = r14w;
				 *(_t98 - 0x29) = _t111;
				 *((long long*)(_t101 + 0x20)) = _t98 - 0x21;
				r8d = 1;
				E00007FF77FF7A588BB00(_t76, _t98 - 0x31, _t98 - 0x39, _t95, _t98 - 0x21);
				 *((short*)(_t76 + 0x1a)) =  *(_t98 - 0x31) & 0x0000ffff;
				goto 0xa58a31bb;
				 *((short*)(_t76 + 0x18)) =  *( *(_t93 + 0x58)) & 0x0000ffff;
				 *((short*)(_t76 + 0x1a)) =  *( *(_t93 + 0x60)) & 0x0000ffff;
				return E00007FF77FF7A588AAD0( *(_t98 - 0x31) & 0x0000ffff,  *( *(_t93 + 0x60)) & 0x0000ffff,  *(_t98 + 0x3f) ^ _t101);
			}

0x7ff7a58a3070
0x7ff7a58a3070
0x7ff7a58a3075
0x7ff7a58a307e
0x7ff7a58a3083
0x7ff7a58a308a
0x7ff7a58a3091
0x7ff7a58a3094
0x7ff7a58a3098
0x7ff7a58a309b
0x7ff7a58a309e
0x7ff7a58a30a3
0x7ff7a58a30aa
0x7ff7a58a30af
0x7ff7a58a30b2
0x7ff7a58a30b6
0x7ff7a58a30ba
0x7ff7a58a30be
0x7ff7a58a30c3
0x7ff7a58a30cb
0x7ff7a58a30ce
0x7ff7a58a30d1
0x7ff7a58a30d5
0x7ff7a58a30d9
0x7ff7a58a30dd
0x7ff7a58a30e5
0x7ff7a58a30f4
0x7ff7a58a3100
0x7ff7a58a3105
0x7ff7a58a3116
0x7ff7a58a311b
0x7ff7a58a312c
0x7ff7a58a3131
0x7ff7a58a3138
0x7ff7a58a313a
0x7ff7a58a313e
0x7ff7a58a3143
0x7ff7a58a314b
0x7ff7a58a3159
0x7ff7a58a3164
0x7ff7a58a316d
0x7ff7a58a3171
0x7ff7a58a3175
0x7ff7a58a317a
0x7ff7a58a3182
0x7ff7a58a318b
0x7ff7a58a3196
0x7ff7a58a319f
0x7ff7a58a31a3
0x7ff7a58a31ac
0x7ff7a58a31b7
0x7ff7a58a31de

APIs

_Maklocstr.LIBCPMT ref: 00007FF7A58A3116
_Maklocstr.LIBCPMT ref: 00007FF7A58A312C

Strings

true, xrefs: 00007FF7A58A3125
false, xrefs: 00007FF7A58A310F

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Maklocstr
String ID: false$true
API String ID: 2987148671-2658103896
Opcode ID: 4a5083ad06bd07d67d94a7e5332500a84abdade9eabbfa6630d92d3df40bd0ee
Instruction ID: f982ad31737a509d6a50a9467b026ac6d2d70fc9bc20981e8877eb5d94de1828
Opcode Fuzzy Hash: 4a5083ad06bd07d67d94a7e5332500a84abdade9eabbfa6630d92d3df40bd0ee
Instruction Fuzzy Hash: 50418E23B19B4599E710DFB0E4401ED33B0FB59B88B814126EE4E27B69DF38D5A5C364

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58823F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF77FF7A58823F0(void* __eax, signed int __edx, void* __eflags, void* __rcx) {

				 *(__rcx + 0x10) = __edx & 0x00000017;
				if (__eflags == 0) goto 0xa5882406;
				if (r8b == 0) goto 0xa5882415;
				goto 0xa588240b;
				return __eax;
			}

0x7ff7a58823f7
0x7ff7a58823fd
0x7ff7a5882402
0x7ff7a5882404
0x7ff7a588240a

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF7A58824A8

Part of subcall function 00007FF7A58B6C28: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7A588BEF2), ref: 00007FF7A58B6C6C
Part of subcall function 00007FF7A58B6C28: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7A588BEF2), ref: 00007FF7A58B6CB2

Strings

ios_base::badbit set, xrefs: 00007FF7A588241F
ios_base::failbit set, xrefs: 00007FF7A588242B
ios_base::eofbit set, xrefs: 00007FF7A5882432

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ExceptionFileHeaderRaise__std_exception_copy
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3973727643-1866435925
Opcode ID: 2fcbe32eaf307b57ad959ecfd4f2c3b8787eb66d4f991dd35c0c13c0e6937908
Instruction ID: 6d4c819186f741d51074eb4fb39fff44275d7e5c042612535b15ab2ef44e9a77
Opcode Fuzzy Hash: 2fcbe32eaf307b57ad959ecfd4f2c3b8787eb66d4f991dd35c0c13c0e6937908
Instruction Fuzzy Hash: C921C422E1AB42D1EB00EF11E5811A9A321FB65B84FDA8171EA4D02775EF3CE5B5C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D6988 Relevance: 6.3, APIs: 4, Instructions: 305
fileCOMMON

Download Yara Rule

C-Code - Quality: 42%

			E00007FF77FF7A58D6988(void* __ecx, signed int __edx, void* __esi, void* __ebp, long long __rbx, intOrPtr* __rcx, long long __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t181;
				signed int _t185;
				signed int _t192;
				signed int _t197;
				void* _t211;
				signed char _t212;
				void* _t261;
				signed long long _t262;
				signed long long _t265;
				long long _t267;
				signed long long _t269;
				long long _t274;
				long long _t276;
				long long _t278;
				intOrPtr* _t287;
				intOrPtr _t292;
				long long _t293;
				long long _t316;
				void* _t324;
				long long _t325;
				void* _t326;
				long long _t327;
				long long _t329;
				signed char* _t330;
				signed char* _t331;
				signed char* _t332;
				intOrPtr* _t333;
				void* _t334;
				void* _t335;
				signed long long _t336;
				intOrPtr _t339;
				signed long long _t341;
				void* _t343;
				intOrPtr* _t345;
				intOrPtr _t349;
				signed long long _t354;
				signed long long _t357;
				signed long long _t359;
				void* _t362;
				long long _t363;
				long long _t365;
				char _t366;
				void* _t370;
				signed char* _t371;
				signed long long _t373;

				_t261 = _t335;
				_t334 = _t261 - 0x57;
				_t336 = _t335 - 0xe0;
				 *((long long*)(_t334 - 9)) = 0xfffffffe;
				 *((long long*)(_t261 + 8)) = __rbx;
				_t262 =  *0xa58fb008; // 0x485f0d1bb70c
				 *(_t334 + 0x17) = _t262 ^ _t336;
				 *((long long*)(_t334 - 0x49)) = __r8;
				_t287 = __rcx;
				_t365 =  *((intOrPtr*)(_t334 + 0x7f));
				 *((long long*)(_t334 - 0x51)) = _t365;
				 *(_t334 - 0x19) = __edx;
				_t265 = __edx >> 6;
				 *(_t334 - 0x59) = _t265;
				 *(_t334 - 0x11) = __edx;
				_t373 = __edx + __edx * 8;
				_t267 =  *((intOrPtr*)( *((intOrPtr*)(0x7ff7a5880000 + 0x9bd50 + _t265 * 8)) + 0x28 + _t373 * 8));
				 *((long long*)(_t334 - 0x29)) = _t267;
				r12d = r9d;
				_t363 = _t362 + __r8;
				 *((long long*)(_t334 - 0x71)) = _t363;
				 *((intOrPtr*)(_t334 - 0x61)) = GetConsoleOutputCP();
				if ( *((intOrPtr*)(_t365 + 0x28)) != dil) goto 0xa58d6a28;
				0xa58bb7e0();
				_t292 =  *((intOrPtr*)(_t365 + 0x18));
				r8d =  *(_t292 + 0xc);
				 *(_t334 - 0x5d) = r8d;
				 *((long long*)(__rcx)) = _t267;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if ( *((intOrPtr*)(_t334 - 0x49)) - _t363 >= 0) goto 0xa58d6de8;
				_t269 = __edx >> 6;
				 *(_t334 - 0x21) = _t269;
				 *((char*)(_t336 + 0x40)) =  *((intOrPtr*)(__r8));
				 *((intOrPtr*)(_t334 - 0x7d)) = 0;
				r12d = 1;
				if (r8d != 0xfde9) goto 0xa58d6bf0;
				_t345 = 0x3e + _t373 * 8 +  *((intOrPtr*)(0x7ff7a5880000 + 0x9bd50 + _t269 * 8));
				if ( *_t345 == dil) goto 0xa58d6aa4;
				_t370 = _t327 + 1;
				if (_t370 - 5 < 0) goto 0xa58d6a91;
				if (_t370 == 0) goto 0xa58d6b82;
				r12d =  *((char*)(_t292 + 0x7ff7a58fb970));
				r12d = r12d + 1;
				_t181 = r12d - 1;
				 *((intOrPtr*)(_t334 - 0x69)) = _t181;
				_t339 = _t181;
				if (_t339 -  *((intOrPtr*)(_t334 - 0x71)) - __r8 > 0) goto 0xa58d6d57;
				_t293 = _t327;
				 *((char*)(_t334 + _t293 - 1)) =  *_t345;
				if (_t293 + 1 - _t370 < 0) goto 0xa58d6ae9;
				if (_t339 <= 0) goto 0xa58d6b1a;
				E00007FF77FF7A58B6D20();
				_t316 = _t327;
				 *((intOrPtr*)( *((intOrPtr*)(0x7ff7a5880000 + 0x9bd50 +  *(_t334 - 0x59) * 8)) + _t316 + 0x3e + _t373 * 8)) = dil;
				if (_t316 + 1 - _t370 < 0) goto 0xa58d6b1d;
				 *((long long*)(_t334 - 0x41)) = _t327;
				_t274 = _t334 - 1;
				 *((long long*)(_t334 - 0x39)) = _t274;
				_t185 = (0 | r12d == 0x00000004) + 1;
				r12d = _t185;
				r8d = _t185;
				 *((long long*)(_t336 + 0x20)) = _t365;
				E00007FF77FF7A58DC1D8(_t274, __rcx, _t334 - 0x7d, _t334 - 0x39, _t339, _t334 - 0x41);
				if (_t274 == 0xffffffff) goto 0xa58d6de8;
				_t329 = __r8 +  *((intOrPtr*)(_t334 - 0x69)) - 1;
				goto 0xa58d6c85;
				_t366 =  *((char*)(_t274 + 0x7ff7a58fb970));
				_t211 = _t366 + 1;
				_t341 =  *((intOrPtr*)(_t334 - 0x71)) - _t329;
				if (_t211 - _t341 > 0) goto 0xa58d6d85;
				 *((long long*)(_t334 - 0x69)) = _t327;
				 *((long long*)(_t334 - 0x31)) = _t329;
				_t192 = (0 | _t211 == 0x00000004) + 1;
				r14d = _t192;
				r8d = _t192;
				_t276 =  *((intOrPtr*)(_t334 - 0x51));
				 *((long long*)(_t336 + 0x20)) = _t276;
				E00007FF77FF7A58DC1D8(_t276, _t287, _t334 - 0x7d, _t334 - 0x31, _t341, _t334 - 0x69);
				if (_t276 == 0xffffffff) goto 0xa58d6de8;
				_t330 = _t329 + _t366;
				r12d = r14d;
				goto 0xa58d6c85;
				_t357 =  *(_t334 - 0x59);
				_t349 =  *((intOrPtr*)(0x7ff7a5880000 + 0x9bd50 + _t357 * 8));
				_t212 =  *(_t349 + 0x3d + _t373 * 8);
				if ((_t212 & 0x00000004) == 0) goto 0xa58d6c27;
				 *((char*)(_t334 + 7)) =  *((intOrPtr*)(_t349 + 0x3e + _t373 * 8));
				 *((char*)(_t334 + 8)) =  *_t330;
				 *(_t349 + 0x3d + _t373 * 8) = _t212 & 0x000000fb;
				r8d = 2;
				goto 0xa58d6c70;
				r8d =  *_t330 & 0x000000ff;
				if ( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t334 - 0x51)) + 0x18)))) + _t341 * 2)) >= 0) goto 0xa58d6c6a;
				_t371 =  &(_t330[1]);
				if (_t371 -  *((intOrPtr*)(_t334 - 0x71)) >= 0) goto 0xa58d6dc3;
				r8d = 2;
				if (E00007FF77FF7A58CF1CC(_t212 & 0x000000fb, __ebp, _t287, _t334 - 0x7d, _t330, _t327, _t330, _t334, _t341,  *((intOrPtr*)(_t334 - 0x51))) == 0xffffffff) goto 0xa58d6de8;
				_t331 = _t371;
				goto 0xa58d6c85;
				_t197 = E00007FF77FF7A58CF1CC(_t212 & 0x000000fb, __ebp, _t287, _t334 - 0x7d, _t331, _t327, _t331, _t334, _t363,  *((intOrPtr*)(_t334 - 0x51)));
				if (_t197 == 0xffffffff) goto 0xa58d6de8;
				_t332 =  &(_t331[1]);
				 *((long long*)(_t336 + 0x38)) = _t327;
				 *((long long*)(_t336 + 0x30)) = _t327;
				 *((intOrPtr*)(_t336 + 0x28)) = 5;
				_t278 = _t334 + 0xf;
				 *((long long*)(_t336 + 0x20)) = _t278;
				r9d = r12d;
				_t343 = _t334 - 0x7d;
				E00007FF77FF7A58D1AE8();
				r14d = _t197;
				if (_t197 == 0) goto 0xa58d6de8;
				 *((long long*)(_t336 + 0x20)) = _t327;
				r8d = _t197;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xa58d6de0;
				 *((intOrPtr*)(_t287 + 4)) = __esi -  *((intOrPtr*)(_t334 - 0x49)) +  *((intOrPtr*)(_t287 + 8));
				if ( *((intOrPtr*)(_t334 - 0x79)) - r14d < 0) goto 0xa58d6de8;
				if ( *((char*)(_t336 + 0x40)) != 0xa) goto 0xa58d6d40;
				 *((short*)(_t336 + 0x40)) = 0xd;
				 *((long long*)(_t336 + 0x20)) = _t327;
				_t128 = _t278 - 0xc; // 0x1
				r8d = _t128;
				_t324 = _t336 + 0x40;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xa58d6de0;
				if ( *((intOrPtr*)(_t334 - 0x79)) - 1 < 0) goto 0xa58d6de8;
				 *((intOrPtr*)(_t287 + 8)) =  *((intOrPtr*)(_t287 + 8)) + 1;
				 *((intOrPtr*)(_t287 + 4)) =  *((intOrPtr*)(_t287 + 4)) + 1;
				if (_t332 -  *((intOrPtr*)(_t334 - 0x71)) >= 0) goto 0xa58d6de8;
				r8d =  *(_t334 - 0x5d);
				goto 0xa58d6a53;
				if (_t324 <= 0) goto 0xa58d6d80;
				_t333 = _t332 - _t371;
				 *((char*)( *((intOrPtr*)(0x7ff7a5880000 + 0x9bd50 + _t357 * 8)) + _t371 + 0x3e + _t373 * 8)) =  *((intOrPtr*)(_t333 + _t371));
				if (1 - _t324 < 0) goto 0xa58d6d5f;
				 *((intOrPtr*)(_t287 + 4)) =  *((intOrPtr*)(_t287 + 4)) +  *((intOrPtr*)(_t287 + 4));
				goto 0xa58d6de8;
				if (_t343 <= 0) goto 0xa58d6dbd;
				_t325 = _t327;
				_t359 =  *(_t334 - 0x19) >> 6;
				_t354 =  *(_t334 - 0x11) +  *(_t334 - 0x11) * 8;
				 *((char*)( *((intOrPtr*)(0x7ff7a5880000 + 0x9bd50 + _t359 * 8)) + _t354 * 8 + _t325 + 0x3e)) =  *((intOrPtr*)(_t325 + _t333));
				_t326 = _t325 + 1;
				if (2 - _t343 < 0) goto 0xa58d6d9d;
				 *((intOrPtr*)(_t287 + 4)) =  *((intOrPtr*)(_t287 + 4)) + r8d;
				goto 0xa58d6de8;
				 *((char*)(_t354 + 0x3e + _t373 * 8)) =  *_t333;
				 *( *((intOrPtr*)(0x7ff7a5880000 + 0x9bd50 + _t359 * 8)) + 0x3d + _t373 * 8) =  *( *((intOrPtr*)(0x7ff7a5880000 + 0x9bd50 + _t359 * 8)) + 0x3d + _t373 * 8) | 0x00000004;
				_t174 = _t326 + 1; // 0x1
				 *((intOrPtr*)(_t287 + 4)) = _t174;
				goto 0xa58d6de8;
				 *_t287 = GetLastError();
				return E00007FF77FF7A588AAD0(_t205,  *((intOrPtr*)(_t334 - 0x61)),  *(_t334 + 0x17) ^ _t336);
			}

0x7ff7a58d6988
0x7ff7a58d6996
0x7ff7a58d699a
0x7ff7a58d69a1
0x7ff7a58d69a9
0x7ff7a58d69ad
0x7ff7a58d69b7
0x7ff7a58d69be
0x7ff7a58d69c5
0x7ff7a58d69c8
0x7ff7a58d69cc
0x7ff7a58d69d3
0x7ff7a58d69da
0x7ff7a58d69de
0x7ff7a58d69ec
0x7ff7a58d69f0
0x7ff7a58d69fc
0x7ff7a58d6a01
0x7ff7a58d6a05
0x7ff7a58d6a08
0x7ff7a58d6a0b
0x7ff7a58d6a15
0x7ff7a58d6a1e
0x7ff7a58d6a23
0x7ff7a58d6a28
0x7ff7a58d6a2c
0x7ff7a58d6a30
0x7ff7a58d6a36
0x7ff7a58d6a39
0x7ff7a58d6a40
0x7ff7a58d6a49
0x7ff7a58d6a4d
0x7ff7a58d6a55
0x7ff7a58d6a59
0x7ff7a58d6a5c
0x7ff7a58d6a70
0x7ff7a58d6a8b
0x7ff7a58d6a94
0x7ff7a58d6a98
0x7ff7a58d6aa2
0x7ff7a58d6aa7
0x7ff7a58d6abf
0x7ff7a58d6ac8
0x7ff7a58d6ace
0x7ff7a58d6ad0
0x7ff7a58d6ada
0x7ff7a58d6ae0
0x7ff7a58d6ae6
0x7ff7a58d6aec
0x7ff7a58d6af9
0x7ff7a58d6afe
0x7ff7a58d6b0a
0x7ff7a58d6b1a
0x7ff7a58d6b28
0x7ff7a58d6b33
0x7ff7a58d6b35
0x7ff7a58d6b39
0x7ff7a58d6b3d
0x7ff7a58d6b4a
0x7ff7a58d6b4c
0x7ff7a58d6b4f
0x7ff7a58d6b52
0x7ff7a58d6b63
0x7ff7a58d6b6c
0x7ff7a58d6b7a
0x7ff7a58d6b7d
0x7ff7a58d6b85
0x7ff7a58d6b8e
0x7ff7a58d6b96
0x7ff7a58d6b9f
0x7ff7a58d6ba5
0x7ff7a58d6ba9
0x7ff7a58d6bb5
0x7ff7a58d6bb7
0x7ff7a58d6bba
0x7ff7a58d6bbd
0x7ff7a58d6bc1
0x7ff7a58d6bd2
0x7ff7a58d6bdb
0x7ff7a58d6be1
0x7ff7a58d6be4
0x7ff7a58d6beb
0x7ff7a58d6bf0
0x7ff7a58d6bf4
0x7ff7a58d6bfc
0x7ff7a58d6c04
0x7ff7a58d6c0b
0x7ff7a58d6c10
0x7ff7a58d6c16
0x7ff7a58d6c1b
0x7ff7a58d6c25
0x7ff7a58d6c27
0x7ff7a58d6c37
0x7ff7a58d6c39
0x7ff7a58d6c41
0x7ff7a58d6c4a
0x7ff7a58d6c5f
0x7ff7a58d6c65
0x7ff7a58d6c68
0x7ff7a58d6c77
0x7ff7a58d6c7f
0x7ff7a58d6c85
0x7ff7a58d6c88
0x7ff7a58d6c8d
0x7ff7a58d6c92
0x7ff7a58d6c9a
0x7ff7a58d6c9e
0x7ff7a58d6ca3
0x7ff7a58d6ca6
0x7ff7a58d6caf
0x7ff7a58d6cb4
0x7ff7a58d6cb9
0x7ff7a58d6cbf
0x7ff7a58d6cc8
0x7ff7a58d6cde
0x7ff7a58d6cec
0x7ff7a58d6cf3
0x7ff7a58d6cfe
0x7ff7a58d6d05
0x7ff7a58d6d0a
0x7ff7a58d6d13
0x7ff7a58d6d13
0x7ff7a58d6d17
0x7ff7a58d6d27
0x7ff7a58d6d31
0x7ff7a58d6d37
0x7ff7a58d6d3a
0x7ff7a58d6d44
0x7ff7a58d6d4e
0x7ff7a58d6d52
0x7ff7a58d6d5a
0x7ff7a58d6d5c
0x7ff7a58d6d6e
0x7ff7a58d6d7e
0x7ff7a58d6d80
0x7ff7a58d6d83
0x7ff7a58d6d88
0x7ff7a58d6d8a
0x7ff7a58d6d91
0x7ff7a58d6d99
0x7ff7a58d6dac
0x7ff7a58d6db2
0x7ff7a58d6dbb
0x7ff7a58d6dbd
0x7ff7a58d6dc1
0x7ff7a58d6dc5
0x7ff7a58d6dd2
0x7ff7a58d6dd8
0x7ff7a58d6ddb
0x7ff7a58d6dde
0x7ff7a58d6de6
0x7ff7a58d6e11

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF7A58D6A0F
WriteFile.KERNEL32 ref: 00007FF7A58D6CD6
WriteFile.KERNEL32 ref: 00007FF7A58D6D1F
GetLastError.KERNEL32 ref: 00007FF7A58D6DE0

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 9631086993b063e6d4a2341b08d3866607a099ef42e28d47cad81d66c3c1d7dd
Instruction ID: 3a64161f1ec1f1074c2c034b68e830670b2b335e07c1082a68f5b9ec078d546a
Opcode Fuzzy Hash: 9631086993b063e6d4a2341b08d3866607a099ef42e28d47cad81d66c3c1d7dd
Instruction Fuzzy Hash: 97D14733B0AA8589EB10DF75D4401BC77B1FB06B98B914272CE9D97BA9DE38D416C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58958C8 Relevance: 6.2, APIs: 4, Instructions: 200
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E00007FF77FF7A58958C8(void* __ecx, void* __edx, long long __rbx, long long* __rcx, void* __rdx, long long __rbp, long long __r9, long long _a8, long long _a16, void* _a24, long long _a40, signed short _a48) {
				short _v56;
				long long _v64;
				long long _v72;
				void* __rsi;
				void* __r14;
				void* __r15;
				void* _t28;
				void* _t31;
				void* _t33;
				void* _t49;
				long long _t58;
				void* _t66;
				void* _t67;
				signed long long _t73;
				long long* _t77;
				signed long long _t80;
				signed long long _t89;
				intOrPtr _t90;

				_t30 = __edx;
				_t29 = __ecx;
				_a8 = __rbx;
				_a16 = __rbp;
				_t90 =  *((intOrPtr*)(__rcx + 0x10));
				_t77 = __rcx;
				if (0xfffffffe - _t90 - __rdx < 0) goto 0xa5895a21;
				_t80 =  *((intOrPtr*)(__rcx + 0x18));
				_t89 = _t90 + __rdx;
				_t73 = _t89 | 0x00000007;
				if (_t73 - 0xfffffffe > 0) goto 0xa5895926;
				if (_t80 - 0xfffffffe - (_t80 >> 1) <= 0) goto 0xa5895936;
				goto 0xa5895967;
				_t49 = 0xfffffffffffffffe + _t80;
				_t8 = ( <  ? _t49 : _t73) + 1; // 0x1
				_t66 = _t8;
				if (_t66 - 0xffffffff > 0) goto 0xa5895a27;
				_t67 = _t66 + _t66;
				if (_t67 - 0x1000 < 0) goto 0xa589596e;
				E00007FF77FF7A588AA80(_t67);
				goto 0xa589597a;
				if (_t67 == 0) goto 0xa589597d;
				E00007FF77FF7A588AD90(0xffffffff, _t67);
				_v56 = _a48 & 0x0000ffff;
				_v64 = _a40;
				_v72 = __r9;
				 *(_t77 + 0x10) = _t89;
				 *((long long*)(_t77 + 0x18)) =  <  ? _t49 : _t73;
				if (_t80 - 8 < 0) goto 0xa58959f6;
				_t58 =  *_t77;
				E00007FF77FF7A5897708(__ecx, __edx, _t31, _t33, _t58, 0xffffffff, 0xffffffff, _t80, _t58, _t90, _t90, __r9);
				if (2 + _t80 * 2 - 0x1000 < 0) goto 0xa58959ec;
				_t69 =  *((intOrPtr*)(_t58 - 8));
				_t20 = _t58 -  *((intOrPtr*)(_t58 - 8)) - 8; // -8
				if (_t20 - 0x1f > 0) goto 0xa5895a1b;
				E00007FF77FF7A588AAF0(_t20, _t69, _t90);
				goto 0xa58959fe;
				_t28 = E00007FF77FF7A5897708(_t29, _t30, _t31, _t33, _t69, 2 + _t80 * 2 + 0x27, 0xffffffff, _t80, _t77, _t90, _t90, __r9);
				 *_t77 = 0xffffffff;
				return _t28;
			}

0x7ff7a58958c8
0x7ff7a58958c8
0x7ff7a58958c8
0x7ff7a58958cd
0x7ff7a58958de
0x7ff7a58958f5
0x7ff7a58958fb
0x7ff7a5895901
0x7ff7a5895905
0x7ff7a589590c
0x7ff7a5895913
0x7ff7a5895924
0x7ff7a5895934
0x7ff7a5895936
0x7ff7a589594e
0x7ff7a589594e
0x7ff7a5895955
0x7ff7a589595b
0x7ff7a5895965
0x7ff7a5895967
0x7ff7a589596c
0x7ff7a5895973
0x7ff7a5895975
0x7ff7a5895988
0x7ff7a58959a0
0x7ff7a58959a5
0x7ff7a58959aa
0x7ff7a58959ae
0x7ff7a58959b6
0x7ff7a58959b8
0x7ff7a58959be
0x7ff7a58959d2
0x7ff7a58959d4
0x7ff7a58959df
0x7ff7a58959e7
0x7ff7a58959ef
0x7ff7a58959f4
0x7ff7a58959f9
0x7ff7a58959fe
0x7ff7a5895a1a

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5895A1B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5895A27
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5895B88
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5895B94

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: ee815808249fb68d7bc86fba281f33b1ea60e131f4d07480235515ab8878d4c7
Instruction ID: 25fa8820412f1677aea12ce38946fa5ec1dd2716f5eb02b792252c9bcdf2e9f4
Opcode Fuzzy Hash: ee815808249fb68d7bc86fba281f33b1ea60e131f4d07480235515ab8878d4c7
Instruction Fuzzy Hash: B3710E21B0A64685E914AB12A54427DF391EF16FF0F960671EE7D07BE5EF3CE0A28314

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58816FA Relevance: 6.1, APIs: 4, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E00007FF77FF7A58816FA(long long __rax, long long* __rbx, long long __r14) {
				void* _t36;
				void* _t38;
				long long* _t62;
				void* _t78;
				intOrPtr _t79;
				intOrPtr _t83;
				char* _t86;
				void* _t88;
				void* _t90;
				signed long long _t92;
				void* _t94;
				void* _t96;

				_t62 = __rbx;
				_t86 = __rax;
				 *((long long*)(_t90 - 0x49)) = __rax;
				asm("movups xmm0, [esi]");
				asm("movaps [ebp+0x7], xmm0");
				if ( *((intOrPtr*)(__rax + 0x10)) == __r14) goto 0xa5881721;
				r8d = __r14 + 2;
				E00007FF77FF7A5887620(__rbx, __rax, _t88, _t94);
				r8d =  *((intOrPtr*)(_t90 + 7));
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t90 + 0xf)))) + 0x10))();
				_t78 =  >=  ?  *((void*)(_t90 + 7)) : _t90 + 7;
				E00007FF77FF7A5887620(_t62, _t86, _t88,  *((intOrPtr*)(_t90 + 0x17)));
				_t79 =  *((intOrPtr*)(_t90 + 0x1f));
				if (_t79 - 0x10 < 0) goto 0xa588178a;
				_t67 =  *((intOrPtr*)(_t90 + 7));
				if (_t79 + 1 - 0x1000 < 0) goto 0xa5881785;
				if ( *((intOrPtr*)(_t90 + 7)) -  *((intOrPtr*)(_t67 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa588185c;
				E00007FF77FF7A588AAF0( *((intOrPtr*)(_t90 + 7)) -  *((intOrPtr*)(_t67 - 8)) + 0xfffffff8, _t62, _t96);
				 *((long long*)(_t90 - 0x41)) = __r14;
				 *((long long*)(_t90 - 0x31)) = __r14;
				 *((long long*)(_t90 - 0x29)) = __r14;
				asm("movups xmm0, [edi]");
				asm("movups [ebp-0x41], xmm0");
				asm("movups xmm1, [edi+0x10]");
				asm("movups [ebp-0x31], xmm1");
				 *((long long*)(_t86 + 0x10)) = __r14;
				 *((long long*)(_t86 + 0x18)) = 0xf;
				 *_t86 = 0;
				_t55 =  >=  ?  *((void*)(_t90 - 0x41)) : _t90 - 0x41;
				 *_t62 = 0xa58e25b8;
				asm("xorps xmm0, xmm0");
				asm("movups [edx], xmm0");
				 *((long long*)(_t90 + 7)) =  >=  ?  *((void*)(_t90 - 0x41)) : _t90 - 0x41;
				 *((char*)(_t90 + 0xf)) = 1;
				E00007FF77FF7A58B65E0(_t62, _t90 + 7, _t62 + 8, _t86, _t88);
				 *_t62 = 0xa58e2658;
				_t83 =  *((intOrPtr*)(_t90 - 0x29));
				if (_t83 - 0x10 < 0) goto 0xa5881828;
				_t71 =  *((intOrPtr*)(_t90 - 0x41));
				if (_t83 + 1 - 0x1000 < 0) goto 0xa5881823;
				if ( *((intOrPtr*)(_t90 - 0x41)) -  *((intOrPtr*)(_t71 - 8)) + 0xfffffff8 - 0x1f > 0) goto 0xa5881856;
				_t36 = E00007FF77FF7A588AAF0( *((intOrPtr*)(_t90 - 0x41)) -  *((intOrPtr*)(_t71 - 8)) + 0xfffffff8, _t62, _t96);
				 *_t62 = 0xa58e2670;
				asm("movups xmm0, [esi]");
				asm("movups [ebx+0x18], xmm0");
				return E00007FF77FF7A588AAD0(_t36, _t38,  *(_t90 + 0x27) ^ _t92);
			}

0x7ff7a58816fa
0x7ff7a58816fa
0x7ff7a58816fd
0x7ff7a5881701
0x7ff7a5881704
0x7ff7a588170c
0x7ff7a588170e
0x7ff7a588171c
0x7ff7a5881728
0x7ff7a5881730
0x7ff7a588173d
0x7ff7a5881749
0x7ff7a588174f
0x7ff7a5881757
0x7ff7a588175c
0x7ff7a588176a
0x7ff7a588177f
0x7ff7a5881785
0x7ff7a588178a
0x7ff7a588178e
0x7ff7a5881792
0x7ff7a5881796
0x7ff7a5881799
0x7ff7a588179d
0x7ff7a58817a1
0x7ff7a58817a5
0x7ff7a58817a9
0x7ff7a58817b1
0x7ff7a58817bd
0x7ff7a58817c9
0x7ff7a58817d0
0x7ff7a58817d3
0x7ff7a58817d6
0x7ff7a58817da
0x7ff7a58817e2
0x7ff7a58817ee
0x7ff7a58817f1
0x7ff7a58817f9
0x7ff7a58817fe
0x7ff7a588180c
0x7ff7a5881821
0x7ff7a5881823
0x7ff7a588182f
0x7ff7a5881832
0x7ff7a5881835
0x7ff7a5881855

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF7A58817E2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5881856
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A588185C
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF7A588188D

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy__std_exception_destroy
String ID:
API String ID: 2138705365-0
Opcode ID: 95a9212086305b8b7a0ae9744d75c9eeabc7193e98d7ab9b38a4fafa615b2885
Instruction ID: 74f7244ae46d607337c0610fa6dd88086511c46560479cc90d5cb0b887c38c02
Opcode Fuzzy Hash: 95a9212086305b8b7a0ae9744d75c9eeabc7193e98d7ab9b38a4fafa615b2885
Instruction Fuzzy Hash: 6851A422B15B8589EB00EF78D1413AC6361EB46B98F819271DE5D03BA9DF78D1E5C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5889AC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00007FF77FF7A5889AC0(int __ecx, void* __edi, void* __esp, long long __rbx, long long* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r9, long long __r13, long long _a24, signed short _a28, signed short _a40) {
				void* _v0;
				long long _v40;
				long long _v48;
				long long _v56;
				void* _v64;
				void* _v72;
				void* _v80;
				void* _t39;
				void* _t44;
				void* _t70;
				long long _t71;
				unsigned long long _t83;
				void* _t86;
				long long _t87;
				signed long long _t96;
				long long _t103;
				signed long long _t106;
				signed long long _t112;
				intOrPtr _t117;
				long long* _t120;

				_t117 =  *((intOrPtr*)(__rcx + 0x10));
				_t120 = __rcx;
				if (0xfffffffe - _t117 - __rdx < 0) goto 0xa5889c72;
				_v40 = __rbp;
				_t112 =  *((intOrPtr*)(__rcx + 0x18));
				_v48 = __rsi;
				_t106 = __rdx + _t117;
				_t96 = _t106 | 0x00000007;
				if (_t96 - 0xfffffffe > 0) goto 0xa5889b2c;
				_t83 = _t112 >> 1;
				if (_t112 - 0xfffffffe - _t83 > 0) goto 0xa5889b2c;
				_t103 =  <  ? _t83 + _t112 : _t96;
				_a24 = __rbx;
				_v56 = __r13;
				_t70 =  <  ? 0xffffffff : _t103 + 1;
				if (_t70 - 0xffffffff > 0) goto 0xa5889c6c;
				_t86 = _t70 + _t70;
				r13d = 0;
				if (_t86 - 0x1000 < 0) goto 0xa5889b97;
				_t10 = _t86 + 0x27; // 0x8000000000000026
				_t71 = _t10;
				if (_t71 - _t86 <= 0) goto 0xa5889c6c;
				_t87 = _t71;
				E00007FF77FF7A588AD90(_t71, _t87);
				if (_t71 == 0) goto 0xa5889c66;
				_t11 = _t71 + 0x27; // 0x27
				 *((long long*)((_t11 & 0xffffffe0) - 8)) = _t71;
				goto 0xa5889ba9;
				if (_t87 == 0) goto 0xa5889ba6;
				E00007FF77FF7A588AD90(_t71, _t87);
				goto 0xa5889ba9;
				 *((long long*)(_t120 + 0x18)) = _t103;
				 *(_t120 + 0x10) = _t106;
				if (_t112 - 8 < 0) goto 0xa5889c1c;
				E00007FF77FF7A58B6D20();
				if (__r9 == 0) goto 0xa5889be0;
				memset(__edi, _a40 & 0x0000ffff, __ecx);
				_t44 = __edi + __ecx;
				 *((intOrPtr*)(__r13 + (__r9 + _t117) * 2)) = r13w;
				if (2 + _t112 * 2 - 0x1000 < 0) goto 0xa5889c12;
				if ( *_t120 -  *((intOrPtr*)( *_t120 - 8)) - 8 - 0x1f > 0) goto 0xa5889c66;
				E00007FF77FF7A588AAF0( *_t120 -  *((intOrPtr*)( *_t120 - 8)) - 8, __r13, __r9);
				goto 0xa5889c40;
				E00007FF77FF7A58B6D20();
				if (__r9 == 0) goto 0xa5889c37;
				_t39 = memset(_t44, _a28 & 0x0000ffff, 0);
				 *((intOrPtr*)(__r13 + (__r9 + _t117) * 2)) = r13w;
				 *_t120 = __r13;
				return _t39;
			}

0x7ff7a5889acc
0x7ff7a5889ae3
0x7ff7a5889ae9
0x7ff7a5889aef
0x7ff7a5889af4
0x7ff7a5889af8
0x7ff7a5889afd
0x7ff7a5889b04
0x7ff7a5889b0b
0x7ff7a5889b13
0x7ff7a5889b1c
0x7ff7a5889b28
0x7ff7a5889b33
0x7ff7a5889b3b
0x7ff7a5889b44
0x7ff7a5889b55
0x7ff7a5889b5b
0x7ff7a5889b5f
0x7ff7a5889b69
0x7ff7a5889b6b
0x7ff7a5889b6b
0x7ff7a5889b72
0x7ff7a5889b78
0x7ff7a5889b7b
0x7ff7a5889b83
0x7ff7a5889b89
0x7ff7a5889b91
0x7ff7a5889b95
0x7ff7a5889b9a
0x7ff7a5889b9c
0x7ff7a5889ba4
0x7ff7a5889ba9
0x7ff7a5889bb1
0x7ff7a5889bc0
0x7ff7a5889bc8
0x7ff7a5889bd0
0x7ff7a5889bdd
0x7ff7a5889bdd
0x7ff7a5889bec
0x7ff7a5889bf8
0x7ff7a5889c0d
0x7ff7a5889c15
0x7ff7a5889c1a
0x7ff7a5889c1f
0x7ff7a5889c27
0x7ff7a5889c34
0x7ff7a5889c3b
0x7ff7a5889c40
0x7ff7a5889c65

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5889C66
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5889C6C

Strings

ios_base::failbit set, xrefs: 00007FF7A5889AC6

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: ios_base::failbit set
API String ID: 73155330-3924258884
Opcode ID: 9986ba4ee39ff399c00f3c468f401f0358c88ec1db4e7c4d0687966aff918909
Instruction ID: 73c6efb42ca6dd9524f150b752bf0c3101b985b86cf337c5f4cf50c56f834187
Opcode Fuzzy Hash: 9986ba4ee39ff399c00f3c468f401f0358c88ec1db4e7c4d0687966aff918909
Instruction Fuzzy Hash: 6141E1A170AA5190EE10AB12E50427DA295FB49FE5FDA0771EE6D07BE4EE3CE061C314

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A5889920 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00007FF77FF7A5889920(long long* __rcx, long long __rdi, long long __rbp, long long __r12, long long __r13, long long _a16, long long _a24, long long _a32) {
				long long _v40;
				void* __rbx;
				void* _t31;
				void* _t51;
				long long _t52;
				long long _t57;
				long long _t58;
				unsigned long long _t63;
				void* _t66;
				long long _t67;
				signed long long _t72;
				long long* _t83;
				signed long long _t85;
				void* _t89;
				signed long long _t91;
				intOrPtr _t95;
				void* _t96;

				_t95 =  *((intOrPtr*)(__rcx + 0x10));
				r15d = r9w & 0xffffffff;
				_t83 = __rcx;
				if (0xfffffffe - _t95 - 1 < 0) goto 0xa5889aae;
				_a16 = __rbp;
				_t85 =  *((intOrPtr*)(__rcx + 0x18));
				_a32 = __r12;
				_t91 = _t95 + 1;
				_t72 = _t91 | 0x00000007;
				if (_t72 - 0xfffffffe > 0) goto 0xa588998d;
				_t63 = _t85 >> 1;
				if (_t85 - 0xfffffffe - _t63 > 0) goto 0xa588998d;
				_t57 =  <  ? _t63 + _t85 : _t72;
				_a24 = __rdi;
				_v40 = __r13;
				_t51 =  <  ? 0xffffffff : _t57 + 1;
				if (_t51 - 0xffffffff > 0) goto 0xa5889aa8;
				_t66 = _t51 + _t51;
				r13d = 0;
				if (_t66 - 0x1000 < 0) goto 0xa58899f8;
				_t10 = _t66 + 0x27; // 0x8000000000000026
				_t52 = _t10;
				if (_t52 - _t66 <= 0) goto 0xa5889aa8;
				_t67 = _t52;
				E00007FF77FF7A588AD90(_t52, _t67);
				if (_t52 == 0) goto 0xa5889aa2;
				_t11 = _t52 + 0x27; // 0x27
				 *((long long*)((_t11 & 0xffffffe0) - 8)) = _t52;
				goto 0xa5889a0a;
				if (_t67 == 0) goto 0xa5889a07;
				E00007FF77FF7A588AD90(_t52, _t67);
				goto 0xa5889a0a;
				_t96 = _t95 + _t95;
				 *(_t83 + 0x10) = _t91;
				 *((long long*)(_t83 + 0x18)) = _t57;
				if (_t85 - 8 < 0) goto 0xa5889a6a;
				_t58 =  *_t83;
				E00007FF77FF7A58B6D20();
				 *((intOrPtr*)(_t96 + __r13)) = r15w;
				 *((intOrPtr*)(_t96 + __r13 + 2)) = r13w;
				if (2 + _t85 * 2 - 0x1000 < 0) goto 0xa5889a60;
				_t69 =  *((intOrPtr*)(_t58 - 8));
				_t21 = _t58 -  *((intOrPtr*)(_t58 - 8)) - 8; // 0x7ffffffffffffff6
				if (_t21 - 0x1f > 0) goto 0xa5889aa2;
				_t31 = E00007FF77FF7A588AAF0(_t21, _t69, _t89);
				goto 0xa5889a7d;
				E00007FF77FF7A58B6D20();
				 *((intOrPtr*)(_t96 + __r13)) = r15w;
				 *((intOrPtr*)(_t96 + __r13 + 2)) = r13w;
				 *_t83 = __r13;
				return _t31;
			}

0x7ff7a588992b
0x7ff7a588993c
0x7ff7a5889943
0x7ff7a588994a
0x7ff7a5889950
0x7ff7a5889955
0x7ff7a5889959
0x7ff7a588995e
0x7ff7a5889965
0x7ff7a588996c
0x7ff7a5889974
0x7ff7a588997d
0x7ff7a5889989
0x7ff7a5889994
0x7ff7a588999c
0x7ff7a58899a5
0x7ff7a58899b6
0x7ff7a58899bc
0x7ff7a58899c0
0x7ff7a58899ca
0x7ff7a58899cc
0x7ff7a58899cc
0x7ff7a58899d3
0x7ff7a58899d9
0x7ff7a58899dc
0x7ff7a58899e4
0x7ff7a58899ea
0x7ff7a58899f2
0x7ff7a58899f6
0x7ff7a58899fb
0x7ff7a58899fd
0x7ff7a5889a05
0x7ff7a5889a0a
0x7ff7a5889a0d
0x7ff7a5889a11
0x7ff7a5889a1f
0x7ff7a5889a21
0x7ff7a5889a27
0x7ff7a5889a34
0x7ff7a5889a39
0x7ff7a5889a46
0x7ff7a5889a48
0x7ff7a5889a53
0x7ff7a5889a5b
0x7ff7a5889a63
0x7ff7a5889a68
0x7ff7a5889a6d
0x7ff7a5889a72
0x7ff7a5889a77
0x7ff7a5889a7d
0x7ff7a5889aa1

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7A5889AA2
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7A5889AA8

Strings

ios_base::failbit set, xrefs: 00007FF7A5889925

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: ios_base::failbit set
API String ID: 73155330-3924258884
Opcode ID: 6dfac14178b089ed879c05bcdfcc2148b205ea3f921198291a4442637c9fcc94
Instruction ID: 08cd997c547906ddd0224c6e0dba9e06b728c45e0efa05dd53d8e2e1132d4976
Opcode Fuzzy Hash: 6dfac14178b089ed879c05bcdfcc2148b205ea3f921198291a4442637c9fcc94
Instruction Fuzzy Hash: 0941E17170A74185ED10AB12A54416DE395EB4AFF5F9607B0DE7D07BE5DE3CE0A18310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D7034 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100
fileCOMMON

Download Yara Rule

C-Code - Quality: 29%

			E00007FF77FF7A58D7034(signed int __edx, void* __edi, void* __rax, signed long long __rbx, intOrPtr* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed int _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				signed int _t41;
				signed long long _t62;
				short* _t67;
				signed int* _t68;
				void* _t91;
				void* _t97;
				void* _t99;
				void* _t102;
				void* _t103;

				_a8 = __rbx;
				_a24 = __rbp;
				E00007FF77FF7A58DF970(0x1470, __rax, _t97, _t99);
				_t62 =  *0xa58fb008; // 0x485f0d1bb70c
				_a5176 = _t62 ^ _t91 - __rax;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t103 = _t102 + __r8;
				 *((long long*)(__rcx)) =  *((intOrPtr*)(0xa591bd50 + (__edx >> 6) * 8));
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t103 >= 0) goto 0xa58d7175;
				_t67 =  &_a40;
				if (__r8 - _t103 >= 0) goto 0xa58d70de;
				_t41 =  *__r8 & 0x0000ffff;
				if (_t41 != 0xa) goto 0xa58d70ca;
				 *_t67 = 0xd;
				_t68 = _t67 + 2;
				 *_t68 = _t41;
				if ( &(_t68[0]) -  &_a1744 < 0) goto 0xa58d70ac;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				E00007FF77FF7A58D1AE8();
				if (0 == 0) goto 0xa58d716d;
				if (0 == 0) goto 0xa58d715d;
				_v8 = _v8 & 0x00000000;
				r8d = 0;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0xa58d716d;
				if (0 + _a24 < 0) goto 0xa58d712a;
				 *((intOrPtr*)(__rcx + 4)) = __edi - r15d;
				goto 0xa58d70a1;
				 *((intOrPtr*)(__rcx)) = GetLastError();
				return E00007FF77FF7A588AAD0(_t39, 0, _a5176 ^ _t91 - __rax);
			}

0x7ff7a58d7034
0x7ff7a58d7039
0x7ff7a58d704b
0x7ff7a58d7053
0x7ff7a58d705d
0x7ff7a58d706e
0x7ff7a58d707c
0x7ff7a58d7080
0x7ff7a58d7098
0x7ff7a58d709e
0x7ff7a58d70a1
0x7ff7a58d70a7
0x7ff7a58d70af
0x7ff7a58d70b1
0x7ff7a58d70bc
0x7ff7a58d70c3
0x7ff7a58d70c6
0x7ff7a58d70ca
0x7ff7a58d70dc
0x7ff7a58d70de
0x7ff7a58d70e9
0x7ff7a58d70f7
0x7ff7a58d710a
0x7ff7a58d710f
0x7ff7a58d7119
0x7ff7a58d7122
0x7ff7a58d7128
0x7ff7a58d712a
0x7ff7a58d713f
0x7ff7a58d7148
0x7ff7a58d7153
0x7ff7a58d715b
0x7ff7a58d7162
0x7ff7a58d7168
0x7ff7a58d7173
0x7ff7a58d71a3

APIs

WriteFile.KERNEL32 ref: 00007FF7A58D714B
GetLastError.KERNEL32 ref: 00007FF7A58D716D

Strings

U, xrefs: 00007FF7A58D70F7

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: f6b13792a914740c676de78235e975ef13ddf3d1cf41dbc0198b856bd3ecedb0
Instruction ID: 2e52c4e0ddfab78db33ff5014f0de83f1ad211ced69a836ce08589c720bb93db
Opcode Fuzzy Hash: f6b13792a914740c676de78235e975ef13ddf3d1cf41dbc0198b856bd3ecedb0
Instruction Fuzzy Hash: 7041E523B1AA4181DB10AF25E8443AAA7A0FB89BC0F824131EE4E877A4EF3CD451C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58D00C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 32%

			E00007FF77FF7A58D00C8(void* __ecx, void* __edx, long long __rbx, long long _a8, intOrPtr _a48) {
				signed long long _v48;
				void* _t7;
				void* _t8;
				void* _t13;
				void* _t23;
				void* _t24;

				_a8 = __rbx;
				asm("movsd [esp+0x20], xmm3");
				asm("movsd [esp+0x18], xmm2");
				_t8 = __ecx;
				r8d = 0;
				if ( *0xa58e9cc0 == __edx) goto 0xa58d0131;
				r8d = r8d + 1;
				if (0x7ff7a58e9cd0 - 0xa58e9e90 < 0) goto 0xa58d00f0;
				_v48 = _v48 & 0x00000000;
				E00007FF77FF7A58D0394(__ecx, _t13, __rbx, _a48, _t23, _t24);
				_t7 = E00007FF77FF7A58D0098(_t8, 0x7ff7a58e9cd0, _a48);
				asm("movsd xmm0, [ebp+0x30]");
				return _t7;
			}

0x7ff7a58d00c8
0x7ff7a58d00cd
0x7ff7a58d00d3
0x7ff7a58d00e8
0x7ff7a58d00ed
0x7ff7a58d00f2
0x7ff7a58d00f4
0x7ff7a58d0105
0x7ff7a58d0107
0x7ff7a58d0115
0x7ff7a58d011c
0x7ff7a58d0121
0x7ff7a58d0130

APIs

_set_errno_from_matherr.LIBCMT ref: 00007FF7A58D011C
_set_errno_from_matherr.LIBCMT ref: 00007FF7A58D0189

Strings

exp, xrefs: 00007FF7A58D00F7

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: _set_errno_from_matherr
String ID: exp
API String ID: 1187470696-113136155
Opcode ID: 899747dba40efc49c27c57afc19f7802207e2527f376fe4b1e7f7209db950abc
Instruction ID: 13006e8df8cc95eda3b04c535d1421c26cf24aa3a7150fe2732bfcef62347c1f
Opcode Fuzzy Hash: 899747dba40efc49c27c57afc19f7802207e2527f376fe4b1e7f7209db950abc
Instruction Fuzzy Hash: 94214836F06615CEEB40EF78D4406AC77F0FB4AB08F811579EA0D92B5AEE38E4508B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7A58B6C28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7A588BEF2), ref: 00007FF7A58B6C6C
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7A588BEF2), ref: 00007FF7A58B6CB2

Strings

csm, xrefs: 00007FF7A58B6C9F

Memory Dump Source

Source File: 00000000.00000002.562334255.00007FF7A5881000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A5880000, based on PE: true

Associated: 00000000.00000002.562329714.00007FF7A5880000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562380338.00007FF7A58E2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562394375.00007FF7A58FB000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562399154.00007FF7A58FC000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562416399.00007FF7A591A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.562422198.00007FF7A591D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7a5880000_ts.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 7a37a33b084fada72df3595dc071b5c0c9d582d13ba614ddb44ee07f5f606db6
Instruction ID: 122700ab6afc116b8cfe5d2a0acef9d3b8fa897cda7a047ed6c82957efc81ed3
Opcode Fuzzy Hash: 7a37a33b084fada72df3595dc071b5c0c9d582d13ba614ddb44ee07f5f606db6
Instruction Fuzzy Hash: BD114F32609B4182EB20AF15E44026DB7A5FB89F84F5A8271EF8D07769DF3CD561CB00

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ts.exe_

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Desktop\06B049A8.dll

C:\Users\user\Desktop\62366813.dll

\Device\ConDrv

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: ts.exePID: 3664, Parent PID: 3324

Windows Analysis Report
ts.exe_

Function 00007FF7A58A46E8 Relevance: 81.8, APIs: 54, Instructions: 808
COMMONCrypto

Function 00007FF7A58A3A40 Relevance: 81.8, APIs: 54, Instructions: 808
COMMONCrypto

Function 00007FF7A5883DF0 Relevance: 70.6, APIs: 15, Strings: 25, Instructions: 563
libraryCOMMONCrypto

Function 00007FF7A5890B06 Relevance: 31.8, APIs: 21, Instructions: 306
COMMONCrypto

Function 00007FF7A58828F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 128
encryptionCOMMON

Function 00007FFA0AED66AC Relevance: 9.3, Strings: 7, Instructions: 584
COMMONCrypto

Function 00007FFA0AEDF51C Relevance: 6.6, Strings: 5, Instructions: 395
COMMONCrypto

Function 00007FFA0AED3750 Relevance: 4.3, Strings: 3, Instructions: 562
COMMONCrypto

Function 00007FFA0AEE5F68 Relevance: 4.1, Strings: 3, Instructions: 337
COMMONCrypto

Function 00007FF7A588B110 Relevance: 3.0, APIs: 2, Instructions: 18
COMMON

Function 00007FFA0AED765C Relevance: 2.6, Strings: 2, Instructions: 90
COMMONCrypto

Function 00007FFA0AED3518 Relevance: 1.4, Strings: 1, Instructions: 101
COMMONCrypto

Function 00007FFA0AED61F4 Relevance: 1.3, Strings: 1, Instructions: 62
COMMONCrypto

Function 00007FF7A58C6D94 Relevance: .2, Instructions: 207
COMMONLIBRARYCODECrypto

Function 00007FF7A5884C00 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 299
COMMON

Function 00007FF7A588AAF8 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61
libraryloaderCOMMON

Function 00007FF7A58824E0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 120
filememoryCOMMON

Function 00007FF7A58858A0 Relevance: 9.2, APIs: 6, Instructions: 199
COMMON

Function 00007FF7A58924F0 Relevance: 9.1, APIs: 6, Instructions: 81
COMMON

Function 00007FF7A5884760 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 178
COMMON

Function 00007FF7A58D72CC Relevance: 6.2, APIs: 4, Instructions: 218
COMMON

Function 00007FF7A5881AF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45
COMMON

Function 00007FF7A58856E8 Relevance: 4.6, APIs: 3, Instructions: 119
COMMON

Function 00007FF7A58855A0 Relevance: 4.6, APIs: 3, Instructions: 110
COMMON

Function 00007FF7A5890908 Relevance: 4.6, APIs: 3, Instructions: 95
COMMON

Function 00007FFA0AEE0060 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69
fileCOMMON

Function 00007FF7A58878D0 Relevance: 3.5, APIs: 2, Instructions: 494
COMMON

Function 00007FF7A58D6E14 Relevance: 3.1, APIs: 2, Instructions: 74
fileCOMMON

Function 00007FF7A588AD90 Relevance: 3.0, APIs: 2, Instructions: 21
COMMONLIBRARYCODE

Function 00007FF7A58C22DC Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Function 00007FF7A588B16F Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Function 00007FF7A5892BB4 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 00007FF7A58C0A24 Relevance: 1.5, APIs: 1, Instructions: 41
COMMONLIBRARYCODE

Function 00007FF7A58CD72C Relevance: 1.5, APIs: 1, Instructions: 36
memoryCOMMONLIBRARYCODE

Function 00007FF7A58CE104 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMONLIBRARYCODE

Function 00007FF7A5882F80 Relevance: 42.5, APIs: 15, Strings: 9, Instructions: 523
memoryCOMMONCrypto

Function 00007FF7A58DAEB0 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203
COMMONCrypto

Function 00007FFA0AED1924 Relevance: 13.1, Strings: 10, Instructions: 649
COMMONCrypto

Function 00007FF7A58D8848 Relevance: 10.8, APIs: 7, Instructions: 286
COMMONLIBRARYCODECrypto

Function 00007FFA0AEDE234 Relevance: 10.7, Strings: 8, Instructions: 738
COMMONCrypto

Function 00007FF7A58D5898 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222
COMMONLIBRARYCODE

Function 00007FF7A58D62CC Relevance: 10.7, APIs: 7, Instructions: 171
COMMONLIBRARYCODE